author | Girish Moodalbail <Girish.Moodalbail@oracle.COM> |
Tue, 23 Sep 2014 10:12:34 -0700 | |
branch | s11-update |
changeset 3323 | b4b74d363c31 |
parent 3196 | 4c06db2d9388 |
child 3998 | 5bd484384122 |
permissions | -rw-r--r-- |
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
1 |
#!/usr/bin/python2.6 |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
2 |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
3 |
# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
4 |
# |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
5 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
6 |
# not use this file except in compliance with the License. You may obtain |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
7 |
# a copy of the License at |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
8 |
# |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
9 |
# http://www.apache.org/licenses/LICENSE-2.0 |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
10 |
# |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
11 |
# Unless required by applicable law or agreed to in writing, software |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
12 |
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
13 |
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
14 |
# License for the specific language governing permissions and limitations |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
15 |
# under the License. |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
16 |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
17 |
import os |
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
18 |
import re |
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
19 |
import sys |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
20 |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
21 |
import netaddr |
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
22 |
import smf_include |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
23 |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
24 |
from subprocess import CalledProcessError, Popen, PIPE, check_call |
3077
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
25 |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
26 |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
27 |
def start(): |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
28 |
# verify paths are valid |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
29 |
for f in sys.argv[2:4]: |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
30 |
if not os.path.exists(f) or not os.access(f, os.R_OK): |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
31 |
print '%s does not exist or is not readable' % f |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
32 |
return smf_include.SMF_EXIT_ERR_CONFIG |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
33 |
|
3077
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
34 |
# System-wide forwarding (either ipv4 or ipv6 or both) must be enabled |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
35 |
# before neutron-l3-agent can be started. |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
36 |
cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding", |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
37 |
"-o", "current", "ipv4"] |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
38 |
p = Popen(cmd, stdout=PIPE, stderr=PIPE) |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
39 |
output, error = p.communicate() |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
40 |
if p.returncode != 0: |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
41 |
print "failed to determine if IPv4 forwarding is enabled or not" |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
42 |
return smf_include.SMF_EXIT_ERR_FATAL |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
43 |
v4fwding = "on" in output |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
44 |
|
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
45 |
cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding", |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
46 |
"-o", "current", "ipv6"] |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
47 |
p = Popen(cmd, stdout=PIPE, stderr=PIPE) |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
48 |
output, error = p.communicate() |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
49 |
if p.returncode != 0: |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
50 |
print "failed to determine if IPv6 forwarding is enabled or not" |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
51 |
return smf_include.SMF_EXIT_ERR_FATAL |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
52 |
v6fwding = "on" in output |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
53 |
|
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
54 |
if not any((v4fwding, v6fwding)): |
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
55 |
print "System-wide IPv4 or IPv6 (or both) forwarding must be " \ |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
56 |
"enabled before enabling neutron-l3-agent" |
3077
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
57 |
return smf_include.SMF_EXIT_ERR_CONFIG |
3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
58 |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
59 |
cmd = "/usr/lib/neutron/neutron-l3-agent --config-file %s " \ |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
60 |
"--config-file %s" % tuple(sys.argv[2:4]) |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
61 |
smf_include.smf_subprocess(cmd) |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
62 |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
63 |
|
3196
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
64 |
def remove_ipfilter_rules(version): |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
65 |
# remove IP Filter rules added by neutron-l3-agent |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
66 |
cmd = ["/usr/bin/pfexec", "/usr/sbin/ipfstat", "-io"] |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
67 |
if version == 6: |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
68 |
cmd.insert(2, "-6") |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
69 |
p = Popen(cmd, stdout=PIPE, stderr=PIPE) |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
70 |
output, error = p.communicate() |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
71 |
if p.returncode != 0: |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
72 |
print "failed to retrieve IP Filter rules" |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
73 |
return smf_include.SMF_EXIT_ERR_FATAL |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
74 |
|
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
75 |
ipfilters = output.splitlines() |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
76 |
# L3 agent IP Filter rules are of the form |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
77 |
# block in quick on l3i64cbb496_a_0 from ... to pool/15417332 |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
78 |
prog = re.compile('on l3i[0-9A-Fa-f\_]{10}_0') |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
79 |
ippool_names = [] |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
80 |
for ipf in ipfilters: |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
81 |
if not prog.search(ipf): |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
82 |
continue |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
83 |
# capture the IP pool name |
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
84 |
if 'pool/' in ipf: |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
85 |
ippool_names.append(ipf.split('pool/')[1]) |
3196
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
86 |
|
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
87 |
try: |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
88 |
# remove the IP Filter rule |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
89 |
p = Popen(["echo", ipf], stdout=PIPE) |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
90 |
cmd = ["/usr/bin/pfexec", "/usr/sbin/ipf", "-r", "-f", "-"] |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
91 |
if version == 6: |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
92 |
cmd.insert(2, "-6") |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
93 |
check_call(cmd, stdin=p.stdout) |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
94 |
except CalledProcessError as err: |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
95 |
print "failed to remove IP Filter rule %s: %s" % (ipf, err) |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
96 |
return smf_include.SMF_EXIT_ERR_FATAL |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
97 |
|
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
98 |
# remove IP Pools added by neutron-l3-agent |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
99 |
for ippool_name in ippool_names: |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
100 |
try: |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
101 |
check_call(["/usr/bin/pfexec", "/usr/sbin/ippool", "-R", |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
102 |
"-m", ippool_name, "-t", "tree"]) |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
103 |
except CalledProcessError as err: |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
104 |
print "failed to remove IP Pool %s: %s" % (ippool_name, err) |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
105 |
return smf_include.SMF_EXIT_ERR_FATAL |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
106 |
return smf_include.SMF_EXIT_OK |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
107 |
|
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
108 |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
109 |
def stop(): |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
110 |
try: |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
111 |
# first kill the SMF contract |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
112 |
check_call(["/usr/bin/pkill", "-c", sys.argv[2]]) |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
113 |
except CalledProcessError as err: |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
114 |
print "failed to kill the SMF contract: %s" % (err) |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
115 |
return smf_include.SMF_EXIT_ERR_FATAL |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
116 |
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
117 |
# We need to first remove the IP filter rules and then remove |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
118 |
# the IP interfaces on which the rules were applied. |
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
119 |
|
3196
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
120 |
# remove IPv4 Filter rules added by neutron-l3-agent |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
121 |
rv = remove_ipfilter_rules(4) |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
122 |
if rv != smf_include.SMF_EXIT_OK: |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
123 |
return rv |
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
124 |
|
3196
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
125 |
# remove IPv6 Filter rules added by neutron-l3-agent |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
126 |
rv = remove_ipfilter_rules(6) |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
127 |
if rv != smf_include.SMF_EXIT_OK: |
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
128 |
return rv |
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
129 |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
130 |
# remove IP NAT rules added by neutron-l3-agent |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
131 |
cmd = ["/usr/bin/pfexec", "/usr/sbin/ipnat", "-lR"] |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
132 |
p = Popen(cmd, stdout=PIPE, stderr=PIPE) |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
133 |
output, error = p.communicate() |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
134 |
if p.returncode != 0: |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
135 |
print "failed to retrieve IP NAT rules" |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
136 |
return smf_include.SMF_EXIT_ERR_FATAL |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
137 |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
138 |
ipnat_rules = output.splitlines() |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
139 |
# L3 agent IP NAT rules are of the form |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
140 |
# bimap l3e64ccc496_a_0 192.168.1.3/32 -> 172.16.10.3/32 |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
141 |
prog = re.compile('l3e[0-9A-Fa-f\_]{10}_0') |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
142 |
for ipnat_rule in ipnat_rules: |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
143 |
if not prog.search(ipnat_rule): |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
144 |
continue |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
145 |
# remove the IP NAT rule |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
146 |
try: |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
147 |
p = Popen(["echo", ipnat_rule], stdout=PIPE) |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
148 |
check_call(["/usr/bin/pfexec", "/usr/sbin/ipnat", "-r", "-f", "-"], |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
149 |
stdin=p.stdout) |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
150 |
except CalledProcessError as err: |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
151 |
print "failed to remove IP NAT rule %s: %s" % (ipnat_rule, err) |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
152 |
return smf_include.SMF_EXIT_ERR_FATAL |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
153 |
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
154 |
# remove VNICs associated with L3 agent |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
155 |
cmd = ["/usr/sbin/ipadm", "show-if", "-p", "-o", "ifname"] |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
156 |
p = Popen(cmd, stdout=PIPE, stderr=PIPE) |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
157 |
output, error = p.communicate() |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
158 |
if p.returncode != 0: |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
159 |
print "failed to retrieve IP interface names" |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
160 |
return smf_include.SMF_EXIT_ERR_CONFIG |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
161 |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
162 |
ifnames = output.splitlines() |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
163 |
# L3 agent datalinks are always 15 characters in length. They start |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
164 |
# with either 'l3i' or 'l3e', end with '_0', and in between they are |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
165 |
# hexadecimal digits. |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
166 |
prog = re.compile('l3[ie][0-9A-Fa-f\_]{10}_0') |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
167 |
for ifname in ifnames: |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
168 |
if not prog.search(ifname): |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
169 |
continue |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
170 |
try: |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
171 |
# first remove the IP |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
172 |
check_call(["/usr/bin/pfexec", "/usr/sbin/ipadm", "delete-ip", |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
173 |
ifname]) |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
174 |
# next remove the VNIC |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
175 |
check_call(["/usr/bin/pfexec", "/usr/sbin/dladm", "delete-vnic", |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
176 |
ifname]) |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
177 |
except CalledProcessError as err: |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
178 |
print "failed to remove datalinks used by L3 agent: %s" % (err) |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
179 |
return smf_include.SMF_EXIT_ERR_FATAL |
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3196
diff
changeset
|
180 |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
181 |
return smf_include.SMF_EXIT_OK |
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3077
diff
changeset
|
182 |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
183 |
if __name__ == "__main__": |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
184 |
os.putenv("LC_ALL", "C") |
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
185 |
smf_include.smf_main() |