upstream/oracle/userland-gate: components/openstack/neutron/files/neutron-l3-agent@87196737f09f (annotated)

1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	1	#!/usr/bin/python2.6
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	2
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	3	# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	4	#
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	5	# Licensed under the Apache License, Version 2.0 (the "License"); you may
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	6	# not use this file except in compliance with the License. You may obtain
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	7	# a copy of the License at
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	8	#
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	9	# http://www.apache.org/licenses/LICENSE-2.0
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	10	#
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	11	# Unless required by applicable law or agreed to in writing, software
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	12	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	13	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	14	# License for the specific language governing permissions and limitations
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	15	# under the License.
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	16
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	17	import os
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	18	import re
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	19	import sys
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	20
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	21	import netaddr
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	22	import smf_include
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	23
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	24	from subprocess import CalledProcessError, Popen, PIPE, check_call
1792 5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	25
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	26
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	27	def start():
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	28	# verify paths are valid
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	29	for f in sys.argv[2:4]:
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	30	if not os.path.exists(f) or not os.access(f, os.R_OK):
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	31	print '%s does not exist or is not readable' % f
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	32	return smf_include.SMF_EXIT_ERR_CONFIG
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	33
1792 5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	34	# System-wide forwarding (either ipv4 or ipv6 or both) must be enabled
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	35	# before neutron-l3-agent can be started.
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	36	cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	37	"-o", "current", "ipv4"]
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	38	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	39	output, error = p.communicate()
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	40	if p.returncode != 0:
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	41	print "failed to determine if IPv4 forwarding is enabled or not"
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	42	return smf_include.SMF_EXIT_ERR_FATAL
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	43	v4fwding = "on" in output
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	44
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	45	cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	46	"-o", "current", "ipv6"]
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	47	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	48	output, error = p.communicate()
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	49	if p.returncode != 0:
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	50	print "failed to determine if IPv6 forwarding is enabled or not"
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	51	return smf_include.SMF_EXIT_ERR_FATAL
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	52	v6fwding = "on" in output
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	53
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	54	if not any((v4fwding, v6fwding)):
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	55	print "System-wide IPv4 or IPv6 (or both) forwarding must be " \
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	56	"enabled before enabling neutron-l3-agent"
1792 5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	57	return smf_include.SMF_EXIT_ERR_CONFIG
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	58
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	59	cmd = "/usr/lib/neutron/neutron-l3-agent --config-file %s " \
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	60	"--config-file %s" % tuple(sys.argv[2:4])
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	61	smf_include.smf_subprocess(cmd)
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	62
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	63
1977 12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	64	def remove_ipfilter_rules(version):
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	65	# remove IP Filter rules added by neutron-l3-agent
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	66	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipfstat", "-io"]
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	67	if version == 6:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	68	cmd.insert(2, "-6")
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	69	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	70	output, error = p.communicate()
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	71	if p.returncode != 0:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	72	print "failed to retrieve IP Filter rules"
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	73	return smf_include.SMF_EXIT_ERR_FATAL
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	74
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	75	ipfilters = output.splitlines()
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	76	# L3 agent IP Filter rules are of the form
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	77	# block in quick on l3i64cbb496_a_0 from ... to pool/15417332
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	78	prog = re.compile('on l3i[0-9A-Fa-f\_]{10}_0')
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	79	ippool_names = []
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	80	for ipf in ipfilters:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	81	if not prog.search(ipf):
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	82	continue
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	83	# capture the IP pool name
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	84	if 'pool/' in ipf:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	85	ippool_names.append(ipf.split('pool/')[1])
1977 12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	86
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	87	try:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	88	# remove the IP Filter rule
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	89	p = Popen(["echo", ipf], stdout=PIPE)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	90	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipf", "-r", "-f", "-"]
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	91	if version == 6:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	92	cmd.insert(2, "-6")
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	93	check_call(cmd, stdin=p.stdout)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	94	except CalledProcessError as err:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	95	print "failed to remove IP Filter rule %s: %s" % (ipf, err)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	96	return smf_include.SMF_EXIT_ERR_FATAL
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	97
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	98	# remove IP Pools added by neutron-l3-agent
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	99	for ippool_name in ippool_names:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	100	try:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	101	check_call(["/usr/bin/pfexec", "/usr/sbin/ippool", "-R",
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	102	"-m", ippool_name, "-t", "tree"])
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	103	except CalledProcessError as err:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	104	print "failed to remove IP Pool %s: %s" % (ippool_name, err)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	105	return smf_include.SMF_EXIT_ERR_FATAL
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	106	return smf_include.SMF_EXIT_OK
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	107
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	108
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	109	def stop():
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	110	try:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	111	# first kill the SMF contract
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	112	check_call(["/usr/bin/pkill", "-c", sys.argv[2]])
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	113	except CalledProcessError as err:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	114	print "failed to kill the SMF contract: %s" % (err)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	115	return smf_include.SMF_EXIT_ERR_FATAL
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	116
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	117	# We need to first remove the IP filter rules and then remove
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	118	# the IP interfaces on which the rules were applied.
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	119
1977 12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	120	# remove IPv4 Filter rules added by neutron-l3-agent
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	121	rv = remove_ipfilter_rules(4)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	122	if rv != smf_include.SMF_EXIT_OK:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	123	return rv
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	124
1977 12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	125	# remove IPv6 Filter rules added by neutron-l3-agent
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	126	rv = remove_ipfilter_rules(6)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	127	if rv != smf_include.SMF_EXIT_OK:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	128	return rv
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	129
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	130	# remove IP NAT rules added by neutron-l3-agent
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	131	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipnat", "-lR"]
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	132	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	133	output, error = p.communicate()
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	134	if p.returncode != 0:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	135	print "failed to retrieve IP NAT rules"
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	136	return smf_include.SMF_EXIT_ERR_FATAL
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	137
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	138	ipnat_rules = output.splitlines()
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	139	# L3 agent IP NAT rules are of the form
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	140	# bimap l3e64ccc496_a_0 192.168.1.3/32 -> 172.16.10.3/32
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	141	prog = re.compile('l3e[0-9A-Fa-f\_]{10}_0')
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	142	for ipnat_rule in ipnat_rules:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	143	if not prog.search(ipnat_rule):
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	144	continue
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	145	# remove the IP NAT rule
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	146	try:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	147	p = Popen(["echo", ipnat_rule], stdout=PIPE)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	148	check_call(["/usr/bin/pfexec", "/usr/sbin/ipnat", "-r", "-f", "-"],
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	149	stdin=p.stdout)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	150	except CalledProcessError as err:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	151	print "failed to remove IP NAT rule %s: %s" % (ipnat_rule, err)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	152	return smf_include.SMF_EXIT_ERR_FATAL
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	153
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	154	# remove VNICs associated with L3 agent
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	155	cmd = ["/usr/sbin/ipadm", "show-if", "-p", "-o", "ifname"]
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	156	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	157	output, error = p.communicate()
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	158	if p.returncode != 0:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	159	print "failed to retrieve IP interface names"
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	160	return smf_include.SMF_EXIT_ERR_CONFIG
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	161
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	162	ifnames = output.splitlines()
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	163	# L3 agent datalinks are always 15 characters in length. They start
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	164	# with either 'l3i' or 'l3e', end with '_0', and in between they are
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	165	# hexadecimal digits.
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	166	prog = re.compile('l3[ie][0-9A-Fa-f\_]{10}_0')
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	167	for ifname in ifnames:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	168	if not prog.search(ifname):
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	169	continue
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	170	try:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	171	# first remove the IP
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	172	check_call(["/usr/bin/pfexec", "/usr/sbin/ipadm", "delete-ip",
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	173	ifname])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	174	# next remove the VNIC
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	175	check_call(["/usr/bin/pfexec", "/usr/sbin/dladm", "delete-vnic",
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	176	ifname])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	177	except CalledProcessError as err:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	178	print "failed to remove datalinks used by L3 agent: %s" % (err)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	179	return smf_include.SMF_EXIT_ERR_FATAL
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	180
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	181	return smf_include.SMF_EXIT_OK
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	182
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	183	if __name__ == "__main__":
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	184	os.putenv("LC_ALL", "C")
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	185	smf_include.smf_main()

author	Girish Moodalbail <Girish.Moodalbail@oracle.COM>
	Fri, 12 Sep 2014 16:45:03 -0700
changeset 2083	87196737f09f
parent 1977	12e9c20eef5a
child 3998	5bd484384122
permissions	-rw-r--r--