| author | Danek Duvall <danek.duvall@oracle.com> |
| Tue, 07 Apr 2015 13:31:20 -0700 | |
| branch | s11-update |
| changeset 4072 | db0cec748ec0 |
| parent 3435 | 25a421888935 |
| child 4430 | 5858809d8d01 |
| permissions | -rw-r--r-- |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
1 |
# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
2 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
3 |
# Copyright 2012 VMware, Inc. All rights reserved. |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
4 |
# |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
5 |
# Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
6 |
# |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
7 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
8 |
# not use this file except in compliance with the License. You may obtain |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
9 |
# a copy of the License at |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
10 |
# |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
11 |
# http://www.apache.org/licenses/LICENSE-2.0 |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
12 |
# |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
13 |
# Unless required by applicable law or agreed to in writing, software |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
14 |
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
15 |
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
16 |
# License for the specific language governing permissions and limitations |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
17 |
# under the License. |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
18 |
# |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
19 |
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
20 |
""" |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
21 |
Based off generic l3_agent (neutron/agent/l3_agent) code |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
22 |
""" |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
23 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
24 |
import errno |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
25 |
import netaddr |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
26 |
|
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
27 |
from oslo.config import cfg |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
28 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
29 |
from neutron.agent.common import config |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
30 |
from neutron.agent import l3_agent |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
31 |
from neutron.agent.linux import utils |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
32 |
from neutron.agent.solaris import interface |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
33 |
from neutron.agent.solaris import net_lib |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
34 |
from neutron.agent.solaris import ra |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
35 |
from neutron.common import constants as l3_constants |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
36 |
from neutron.common import utils as common_utils |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
37 |
from neutron.openstack.common import log as logging |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
38 |
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
39 |
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
40 |
LOG = logging.getLogger(__name__) |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
41 |
INTERNAL_DEV_PREFIX = 'l3i' |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
42 |
EXTERNAL_DEV_PREFIX = 'l3e' |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
43 |
FLOATING_IP_CIDR_SUFFIX = '/32' |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
44 |
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
45 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
46 |
class EVSL3NATAgent(l3_agent.L3NATAgentWithStateReport): |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
47 |
OPTS = [ |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
48 |
cfg.StrOpt('external_network_datalink', default='net0',
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
49 |
help=_("Name of the datalink that connects to "
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
50 |
"an external network.")), |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
51 |
cfg.BoolOpt('allow_forwarding_between_networks', default=False,
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
52 |
help=_("Allow forwarding of packets between tenant's "
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
53 |
"networks")), |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
54 |
] |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
55 |
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
56 |
def __init__(self, host, conf=None): |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
57 |
cfg.CONF.register_opts(self.OPTS) |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
58 |
cfg.CONF.register_opts(interface.OPTS) |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
59 |
super(EVSL3NATAgent, self).__init__(host=host, conf=conf) |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
60 |
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
61 |
def _router_added(self, router_id, router): |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
62 |
ri = l3_agent.RouterInfo(router_id, None, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
63 |
self.conf.use_namespaces, router) |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
64 |
self.router_info[router_id] = ri |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
65 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
66 |
if self.conf.enable_metadata_proxy: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
67 |
self._spawn_metadata_proxy(ri.router_id, ri.ns_name) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
68 |
|
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
69 |
def _router_removed(self, router_id): |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
70 |
ri = self.router_info.get(router_id) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
71 |
if ri is None: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
72 |
LOG.warn(_("Info for router %s were not found. "
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
73 |
"Skipping router removal"), router_id) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
74 |
return |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
75 |
ri.router['gw_port'] = None |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
76 |
ri.router[l3_constants.INTERFACE_KEY] = [] |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
77 |
ri.router[l3_constants.FLOATINGIP_KEY] = [] |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
78 |
self.process_router(ri) |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
79 |
if self.conf.enable_metadata_proxy: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
80 |
self._destroy_metadata_proxy(ri.router_id, ri.ns_name) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
81 |
|
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
82 |
del self.router_info[router_id] |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
83 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
84 |
def _get_metadata_proxy_callback(self, router_id): |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
85 |
"""Need to override this since we need to pass the absolute |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
86 |
path to neutron-ns-metadata-proxy binary. |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
87 |
""" |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
88 |
def callback(pid_file): |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
89 |
metadata_proxy_socket = cfg.CONF.metadata_proxy_socket |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
90 |
proxy_cmd = ['/usr/lib/neutron/neutron-ns-metadata-proxy', |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
91 |
'--pid_file=%s' % pid_file, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
92 |
'--metadata_proxy_socket=%s' % metadata_proxy_socket, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
93 |
'--router_id=%s' % router_id, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
94 |
'--state_path=%s' % self.conf.state_path, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
95 |
'--metadata_port=%s' % self.conf.metadata_port] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
96 |
proxy_cmd.extend(config.get_log_args( |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
97 |
cfg.CONF, 'neutron-ns-metadata-proxy-%s.log' % |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
98 |
router_id)) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
99 |
return proxy_cmd |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
100 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
101 |
return callback |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
102 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
103 |
def external_gateway_snat_rules(self, ex_gw_ip, internal_cidrs, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
104 |
interface_name): |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
105 |
rules = [] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
106 |
for cidr in internal_cidrs: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
107 |
rules.append('map %s %s -> %s/32' %
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
108 |
(interface_name, cidr, ex_gw_ip)) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
109 |
return rules |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
110 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
111 |
def _handle_router_snat_rules(self, ri, ex_gw_port, internal_cidrs, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
112 |
interface_name, action): |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
113 |
assert not ri.router['distributed'] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
114 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
115 |
# Remove all the old SNAT rules |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
116 |
# This is safe because if use_namespaces is set as False |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
117 |
# then the agent can only configure one router, otherwise |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
118 |
# each router's SNAT rules will be in their own namespace |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
119 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
120 |
# get only the SNAT rules |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
121 |
old_snat_rules = [rule for rule in ri.ipfilters_manager.ipv4['nat'] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
122 |
if rule.startswith('map')]
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
123 |
ri.ipfilters_manager.remove_nat_rules(old_snat_rules) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
124 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
125 |
# And add them back if the action is add_rules |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
126 |
if action == 'add_rules' and ex_gw_port: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
127 |
# NAT rules are added only if ex_gw_port has an IPv4 address |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
128 |
for ip_addr in ex_gw_port['fixed_ips']: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
129 |
ex_gw_ip = ip_addr['ip_address'] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
130 |
if netaddr.IPAddress(ex_gw_ip).version == 4: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
131 |
rules = self.external_gateway_snat_rules(ex_gw_ip, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
132 |
internal_cidrs, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
133 |
interface_name) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
134 |
ri.ipfilters_manager.add_nat_rules(rules) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
135 |
break |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
136 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
137 |
@common_utils.exception_logger() |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
138 |
def process_router(self, ri): |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
139 |
# TODO(mrsmith) - we shouldn't need to check here |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
140 |
if 'distributed' not in ri.router: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
141 |
ri.router['distributed'] = False |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
142 |
ex_gw_port = self._get_ex_gw_port(ri) |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
143 |
internal_ports = ri.router.get(l3_constants.INTERFACE_KEY, []) |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
144 |
existing_port_ids = set([p['id'] for p in ri.internal_ports]) |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
145 |
current_port_ids = set([p['id'] for p in internal_ports |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
146 |
if p['admin_state_up']]) |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
147 |
new_ports = [p for p in internal_ports if |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
148 |
p['id'] in current_port_ids and |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
149 |
p['id'] not in existing_port_ids] |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
150 |
old_ports = [p for p in ri.internal_ports if |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
151 |
p['id'] not in current_port_ids] |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
152 |
new_ipv6_port = False |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
153 |
old_ipv6_port = False |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
154 |
for p in new_ports: |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
155 |
self._set_subnet_info(p) |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
156 |
self.internal_network_added(ri, p) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
157 |
ri.internal_ports.append(p) |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
158 |
if (not new_ipv6_port and |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
159 |
netaddr.IPNetwork(p['subnet']['cidr']).version == 6): |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
160 |
new_ipv6_port = True |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
161 |
|
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
162 |
for p in old_ports: |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
163 |
self.internal_network_removed(ri, p) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
164 |
ri.internal_ports.remove(p) |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
165 |
if (not old_ipv6_port and |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
166 |
netaddr.IPNetwork(p['subnet']['cidr']).version == 6): |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
167 |
old_ipv6_port = True |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
168 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
169 |
if new_ipv6_port or old_ipv6_port: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
170 |
# refresh ndpd daemon after filling in ndpd.conf |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
171 |
# with the right entries |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
172 |
ra.enable_ipv6_ra(ri.router_id, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
173 |
internal_ports, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
174 |
self.get_internal_device_name) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
175 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
176 |
# remove any internal stale router interfaces (i.e., l3i.. VNICs) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
177 |
existing_devices = net_lib.Datalink.show_vnic() |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
178 |
current_internal_devs = set([n for n in existing_devices |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
179 |
if n.startswith(INTERNAL_DEV_PREFIX)]) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
180 |
current_port_devs = set([self.get_internal_device_name(id) for |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
181 |
id in current_port_ids]) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
182 |
stale_devs = current_internal_devs - current_port_devs |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
183 |
for stale_dev in stale_devs: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
184 |
LOG.debug(_('Deleting stale internal router device: %s'),
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
185 |
stale_dev) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
186 |
self.driver.fini_l3(stale_dev) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
187 |
self.driver.unplug(stale_dev) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
188 |
|
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
189 |
# TODO(salv-orlando): RouterInfo would be a better place for |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
190 |
# this logic too |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
191 |
ex_gw_port_id = (ex_gw_port and ex_gw_port['id'] or |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
192 |
ri.ex_gw_port and ri.ex_gw_port['id']) |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
193 |
|
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
194 |
interface_name = None |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
195 |
if ex_gw_port_id: |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
196 |
interface_name = self.get_external_device_name(ex_gw_port_id) |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
197 |
if ex_gw_port: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
198 |
def _gateway_ports_equal(port1, port2): |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
199 |
def _get_filtered_dict(d, ignore): |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
200 |
return dict((k, v) for k, v in d.iteritems() |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
201 |
if k not in ignore) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
202 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
203 |
keys_to_ignore = set(['binding:host_id']) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
204 |
port1_filtered = _get_filtered_dict(port1, keys_to_ignore) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
205 |
port2_filtered = _get_filtered_dict(port2, keys_to_ignore) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
206 |
return port1_filtered == port2_filtered |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
207 |
|
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
208 |
self._set_subnet_info(ex_gw_port) |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
209 |
if not ri.ex_gw_port: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
210 |
self.external_gateway_added(ri, ex_gw_port, interface_name) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
211 |
elif not _gateway_ports_equal(ex_gw_port, ri.ex_gw_port): |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
212 |
self.external_gateway_updated(ri, ex_gw_port, interface_name) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
213 |
elif not ex_gw_port and ri.ex_gw_port: |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
214 |
self.external_gateway_removed(ri, ri.ex_gw_port, interface_name) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
215 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
216 |
# Remove any external stale router interfaces (i.e., l3e.. VNICs) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
217 |
stale_devs = [dev for dev in existing_devices |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
218 |
if dev.startswith(EXTERNAL_DEV_PREFIX) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
219 |
and dev != interface_name] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
220 |
for stale_dev in stale_devs: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
221 |
LOG.debug(_('Deleting stale external router device: %s'),
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
222 |
stale_dev) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
223 |
self.driver.fini_l3(stale_dev) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
224 |
self.driver.unplug(stale_dev) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
225 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
226 |
# Process static routes for router |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
227 |
self.routes_updated(ri) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
228 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
229 |
# Process SNAT rules for external gateway |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
230 |
if (not ri.router['distributed'] or |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
231 |
ex_gw_port and self.get_gw_port_host(ri.router) == self.host): |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
232 |
# Get IPv4 only internal CIDRs |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
233 |
internal_cidrs = [p['ip_cidr'] for p in ri.internal_ports |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
234 |
if netaddr.IPNetwork(p['ip_cidr']).version == 4] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
235 |
ri.perform_snat_action(self._handle_router_snat_rules, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
236 |
internal_cidrs, interface_name) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
237 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
238 |
# Process SNAT/DNAT rules for floating IPs |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
239 |
fip_statuses = {}
|
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
240 |
if ex_gw_port: |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
241 |
existing_floating_ips = ri.floating_ips |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
242 |
fip_statuses = self.process_router_floating_ips(ri, ex_gw_port) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
243 |
# Identify floating IPs which were disabled |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
244 |
ri.floating_ips = set(fip_statuses.keys()) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
245 |
for fip_id in existing_floating_ips - ri.floating_ips: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
246 |
fip_statuses[fip_id] = l3_constants.FLOATINGIP_STATUS_DOWN |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
247 |
# Update floating IP status on the neutron server |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
248 |
self.plugin_rpc.update_floatingip_statuses( |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
249 |
self.context, ri.router_id, fip_statuses) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
250 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
251 |
# Update ex_gw_port and enable_snat on the router info cache |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
252 |
ri.ex_gw_port = ex_gw_port |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
253 |
ri.enable_snat = ri.router.get('enable_snat')
|
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
254 |
|
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
255 |
def process_router_floating_ips(self, ri, ex_gw_port): |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
256 |
"""Configure the router's floating IPs |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
257 |
Configures floating ips using ipnat(1m) on the router's gateway device. |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
258 |
|
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
259 |
Cleans up floating ips that should not longer be configured. |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
260 |
""" |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
261 |
ifname = self.get_external_device_name(ex_gw_port['id']) |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
262 |
ipintf = net_lib.IPInterface(ifname) |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
263 |
ipaddr_list = ipintf.ipaddr_list()['static'] |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
264 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
265 |
existing_cidrs = set(ipaddr_list) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
266 |
new_cidrs = set() |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
267 |
|
|
3200
16d08ab96b7f
18686478 kstat warning every minute in nova-compute log on SPARC
david.comay@oracle.com
parents:
3196
diff
changeset
|
268 |
existing_nat_rules = [nat_rule for nat_rule in |
|
16d08ab96b7f
18686478 kstat warning every minute in nova-compute log on SPARC
david.comay@oracle.com
parents:
3196
diff
changeset
|
269 |
ri.ipfilters_manager.ipv4['nat']] |
|
16d08ab96b7f
18686478 kstat warning every minute in nova-compute log on SPARC
david.comay@oracle.com
parents:
3196
diff
changeset
|
270 |
new_nat_rules = [] |
|
16d08ab96b7f
18686478 kstat warning every minute in nova-compute log on SPARC
david.comay@oracle.com
parents:
3196
diff
changeset
|
271 |
|
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
272 |
# Loop once to ensure that floating ips are configured. |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
273 |
fip_statuses = {}
|
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
274 |
for fip in ri.router.get(l3_constants.FLOATINGIP_KEY, []): |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
275 |
fip_ip = fip['floating_ip_address'] |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
276 |
fip_cidr = str(fip_ip) + FLOATING_IP_CIDR_SUFFIX |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
277 |
new_cidrs.add(fip_cidr) |
|
3200
16d08ab96b7f
18686478 kstat warning every minute in nova-compute log on SPARC
david.comay@oracle.com
parents:
3196
diff
changeset
|
278 |
fixed_cidr = str(fip['fixed_ip_address']) + '/32' |
|
16d08ab96b7f
18686478 kstat warning every minute in nova-compute log on SPARC
david.comay@oracle.com
parents:
3196
diff
changeset
|
279 |
nat_rule = 'bimap %s %s -> %s' % (ifname, fixed_cidr, fip_cidr) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
280 |
|
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
281 |
if fip_cidr not in existing_cidrs: |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
282 |
try: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
283 |
ipintf.create_address(fip_cidr) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
284 |
ri.ipfilters_manager.add_nat_rules([nat_rule]) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
285 |
except Exception as err: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
286 |
# TODO(gmoodalb): If we fail in add_nat_rules(), then |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
287 |
# we need to remove the fip_cidr address |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
288 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
289 |
# any exception occurred here should cause the floating IP |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
290 |
# to be set in error state |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
291 |
fip_statuses[fip['id']] = ( |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
292 |
l3_constants.FLOATINGIP_STATUS_ERROR) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
293 |
LOG.warn(_("Unable to configure IP address for "
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
294 |
"floating IP: %s: %s") % (fip['id'], err)) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
295 |
continue |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
296 |
fip_statuses[fip['id']] = ( |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
297 |
l3_constants.FLOATINGIP_STATUS_ACTIVE) |
|
3200
16d08ab96b7f
18686478 kstat warning every minute in nova-compute log on SPARC
david.comay@oracle.com
parents:
3196
diff
changeset
|
298 |
new_nat_rules.append(nat_rule) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
299 |
|
|
3200
16d08ab96b7f
18686478 kstat warning every minute in nova-compute log on SPARC
david.comay@oracle.com
parents:
3196
diff
changeset
|
300 |
# remove all the old NAT rules |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
301 |
old_nat_rules = list(set(existing_nat_rules) - set(new_nat_rules)) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
302 |
# Filter out 'bimap' NAT rules as we don't want to remove NAT rules |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
303 |
# that were added for Metadata server |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
304 |
old_nat_rules = [rule for rule in old_nat_rules if "bimap" in rule] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
305 |
ri.ipfilters_manager.remove_nat_rules(old_nat_rules) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
306 |
|
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
307 |
# Clean up addresses that no longer belong on the gateway interface. |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
308 |
for ip_cidr in existing_cidrs - new_cidrs: |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
309 |
if ip_cidr.endswith(FLOATING_IP_CIDR_SUFFIX): |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
310 |
ipintf.delete_address(ip_cidr) |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
311 |
return fip_statuses |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
312 |
|
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
313 |
def get_internal_device_name(self, port_id): |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
314 |
# Because of the way how dnsmasq works on Solaris, the length |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
315 |
# of datalink name cannot exceed 16 (includes terminating nul |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
316 |
# character). So, the linkname can only have 15 characters and |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
317 |
# the last two characters are set aside for '_0'. So, we only |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
318 |
# have 13 characters left. |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
319 |
dname = (INTERNAL_DEV_PREFIX + port_id)[:13] |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
320 |
dname += '_0' |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
321 |
return dname.replace('-', '_')
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
322 |
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
323 |
def get_external_device_name(self, port_id): |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
324 |
# please see the comment above |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
325 |
dname = (EXTERNAL_DEV_PREFIX + port_id)[:13] |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
326 |
dname += '_0' |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
327 |
return dname.replace('-', '_')
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
328 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
329 |
def external_gateway_added(self, ri, ex_gw_port, external_dlname): |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
330 |
|
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
331 |
if not net_lib.Datalink.datalink_exists(external_dlname): |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
332 |
dl = net_lib.Datalink(external_dlname) |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
333 |
# determine the network type of the external network |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
334 |
evsname = ex_gw_port['network_id'] |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
335 |
cmd = ['/usr/sbin/evsadm', 'show-evs', '-co', 'l2type,vid', |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
336 |
'-f', 'evs=%s' % evsname] |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
337 |
try: |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
338 |
stdout = utils.execute(cmd) |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
339 |
except Exception as err: |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
340 |
LOG.error(_("Failed to retrieve the network type for "
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
341 |
"the external network, and it is required " |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
342 |
"to create an external gateway port: %s") % err) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
343 |
return |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
344 |
output = stdout.splitlines()[0].strip() |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
345 |
l2type, vid = output.split(':')
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
346 |
if l2type != 'flat' and l2type != 'vlan': |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
347 |
LOG.error(_("External network should be either Flat or "
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
348 |
"VLAN based, and it is required to " |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
349 |
"create an external gateway port")) |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
350 |
return |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
351 |
elif (l2type == 'vlan' and |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
352 |
self.conf.get("external_network_datalink", None)):
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
353 |
LOG.warning(_("external_network_datalink is deprecated in "
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
354 |
"Juno and will be removed in the next release of " |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
355 |
"Solaris OpenStack. Please use the evsadm " |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
356 |
"set-controlprop subcommand to setup the " |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
357 |
"uplink-port for an external network")) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
358 |
# proceed with the old-style of doing things |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
359 |
mac_address = ex_gw_port['mac_address'] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
360 |
dl.create_vnic(self.conf.external_network_datalink, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
361 |
mac_address=mac_address, vid=vid) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
362 |
else: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
363 |
# This is to handle HA by Solaris Cluster and is similar to |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
364 |
# the code we already have for the DHCP Agent. So, when |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
365 |
# the 1st L3 agent is down and the second L3 agent tries to |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
366 |
# connect its VNIC to EVS, we will end up in "vport in use" |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
367 |
# error. So, we need to reset the vport before we connect |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
368 |
# the VNIC to EVS. |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
369 |
cmd = ['/usr/sbin/evsadm', 'show-vport', '-f', |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
370 |
'vport=%s' % ex_gw_port['id'], '-co', |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
371 |
'evs,vport,status'] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
372 |
stdout = utils.execute(cmd) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
373 |
evsname, vportname, status = stdout.strip().split(':')
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
374 |
tenant_id = ex_gw_port['tenant_id'] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
375 |
if status == 'used': |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
376 |
cmd = ['/usr/sbin/evsadm', 'reset-vport', '-T', tenant_id, |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
377 |
'%s/%s' % (evsname, vportname)] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
378 |
utils.execute(cmd) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
379 |
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
380 |
# next remove protection setting on the VPort to allow |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
381 |
# multiple floating IPs to be configured on the l3e* |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
382 |
# interface |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
383 |
evsvport = "%s/%s" % (ex_gw_port['network_id'], |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
384 |
ex_gw_port['id']) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
385 |
cmd = ['/usr/sbin/evsadm', 'set-vportprop', '-T', |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
386 |
tenant_id, '-p', 'protection=none', evsvport] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
387 |
utils.execute(cmd) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
388 |
dl.connect_vnic(evsvport, tenant_id) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
389 |
|
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
390 |
self.driver.init_l3(external_dlname, [ex_gw_port['ip_cidr']]) |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
391 |
|
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
392 |
# TODO(gmoodalb): wrap route(1m) command within a class in net_lib.py |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
393 |
gw_ip = ex_gw_port['subnet']['gateway_ip'] |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
394 |
if gw_ip: |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
395 |
cmd = ['/usr/bin/pfexec', '/usr/sbin/route', 'add', 'default', |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
396 |
gw_ip] |
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
397 |
stdout = utils.execute(cmd, extra_ok_codes=[errno.EEXIST]) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
398 |
ri.remove_route = True |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
399 |
if 'entry exists' in stdout: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
400 |
ri.remove_route = False |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
401 |
|
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
402 |
# for each of the internal ports, add Policy Based |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
403 |
# Routing (PBR) rule |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
404 |
for port in ri.internal_ports: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
405 |
internal_dlname = self.get_internal_device_name(port['id']) |
|
3435
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
406 |
rules = ['pass in on %s to %s:%s from any to !%s' % |
|
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
407 |
(internal_dlname, external_dlname, gw_ip, |
|
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
408 |
port['subnet']['cidr'])] |
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
409 |
ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
410 |
ri.ipfilters_manager.add_ipf_rules(rules, ipversion) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
411 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
412 |
def external_gateway_updated(self, ri, ex_gw_port, external_dlname): |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
413 |
# There is nothing to do on Solaris |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
414 |
pass |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
415 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
416 |
def external_gateway_removed(self, ri, ex_gw_port, external_dlname): |
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
417 |
gw_ip = ex_gw_port['subnet']['gateway_ip'] |
|
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
418 |
if gw_ip: |
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
419 |
# remove PBR rules |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
420 |
for port in ri.internal_ports: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
421 |
internal_dlname = self.get_internal_device_name(port['id']) |
|
3435
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
422 |
rules = ['pass in on %s to %s:%s from any to !%s' % |
|
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
423 |
(internal_dlname, external_dlname, gw_ip, |
|
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
424 |
port['subnet']['cidr'])] |
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
425 |
ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
426 |
ri.ipfilters_manager.remove_ipf_rules(rules, ipversion) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
427 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
428 |
if ri.remove_route: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
429 |
cmd = ['/usr/bin/pfexec', '/usr/sbin/route', 'delete', |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
430 |
'default', gw_ip] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
431 |
utils.execute(cmd, check_exit_code=False) |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
432 |
|
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
433 |
if net_lib.Datalink.datalink_exists(external_dlname): |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
434 |
self.driver.fini_l3(external_dlname) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
435 |
self.driver.unplug(external_dlname) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
436 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
437 |
# remove the EVS VPort associated with external network |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
438 |
cmd = ['/usr/sbin/evsadm', 'remove-vport', |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
439 |
'-T', ex_gw_port['tenant_id'], |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
440 |
'%s/%s' % (ex_gw_port['network_id'], ex_gw_port['id'])] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
441 |
try: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
442 |
utils.execute(cmd) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
443 |
except Exception as err: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
444 |
LOG.error(_("Failed to delete the EVS VPort associated with "
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
445 |
"external network: %s") % err) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
446 |
|
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
447 |
def _get_ippool_name(self, mac_address, suffix=None): |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
448 |
# Generate a unique-name for ippool(1m) from that last 3 |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
449 |
# bytes of mac-address. It is called pool name, but it is |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
450 |
# actually a 32 bit integer |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
451 |
name = mac_address.split(':')[3:]
|
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
452 |
if suffix: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
453 |
name.append(suffix) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
454 |
return int("".join(name), 16)
|
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
455 |
|
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
456 |
def internal_network_added(self, ri, port): |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
457 |
internal_dlname = self.get_internal_device_name(port['id']) |
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
458 |
# driver just returns if datalink and IP interface already exists |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
459 |
self.driver.plug(port['tenant_id'], port['network_id'], port['id'], |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
460 |
internal_dlname) |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
461 |
self.driver.init_l3(internal_dlname, [port['ip_cidr']]) |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
462 |
|
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
463 |
# Since we support shared router model, we need to block the new |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
464 |
# internal port from reaching other tenant's ports |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
465 |
block_pname = self._get_ippool_name(port['mac_address']) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
466 |
ri.ipfilters_manager.add_ippool(block_pname, None) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
467 |
if self.conf.allow_forwarding_between_networks: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
468 |
# If allow_forwarding_between_networks is set, then we need to |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
469 |
# allow forwarding of packets between same tenant's ports. |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
470 |
allow_pname = self._get_ippool_name(port['mac_address'], '0') |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
471 |
ri.ipfilters_manager.add_ippool(allow_pname, None) |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
472 |
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
473 |
# walk through the other internal ports and retrieve their |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
474 |
# cidrs and at the same time add the new internal port's |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
475 |
# cidr to them |
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
476 |
port_subnet = port['subnet']['cidr'] |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
477 |
block_subnets = [] |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
478 |
allow_subnets = [] |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
479 |
for internal_port in ri.internal_ports: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
480 |
if internal_port['mac_address'] == port['mac_address']: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
481 |
continue |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
482 |
if (self.conf.allow_forwarding_between_networks and |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
483 |
internal_port['tenant_id'] == port['tenant_id']): |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
484 |
allow_subnets.append(internal_port['subnet']['cidr']) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
485 |
# we need to add the port's subnet to this internal_port's |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
486 |
# allowed_subnet_pool |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
487 |
iport_allow_pname = \ |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
488 |
self._get_ippool_name(internal_port['mac_address'], '0') |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
489 |
ri.ipfilters_manager.add_ippool(iport_allow_pname, |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
490 |
[port_subnet]) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
491 |
else: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
492 |
block_subnets.append(internal_port['subnet']['cidr']) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
493 |
iport_block_pname = \ |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
494 |
self._get_ippool_name(internal_port['mac_address']) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
495 |
ri.ipfilters_manager.add_ippool(iport_block_pname, |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
496 |
[port_subnet]) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
497 |
# update the new port's pool with other ports' subnet |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
498 |
ri.ipfilters_manager.add_ippool(block_pname, block_subnets) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
499 |
if self.conf.allow_forwarding_between_networks: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
500 |
ri.ipfilters_manager.add_ippool(allow_pname, allow_subnets) |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
501 |
|
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
502 |
# now setup the IPF rules |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
503 |
rules = ['block in quick on %s from %s to pool/%d' % |
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
504 |
(internal_dlname, port_subnet, block_pname)] |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
505 |
# pass in packets between networks that belong to same tenant |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
506 |
if self.conf.allow_forwarding_between_networks: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
507 |
rules.append('pass in quick on %s from %s to pool/%d' %
|
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
508 |
(internal_dlname, port_subnet, allow_pname)) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
509 |
# if the external gateway is already setup for the shared router, |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
510 |
# then we need to add Policy Based Routing (PBR) for this internal |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
511 |
# network |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
512 |
ex_gw_port = ri.ex_gw_port |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
513 |
ex_gw_ip = (ex_gw_port['subnet']['gateway_ip'] if ex_gw_port else None) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
514 |
if ex_gw_ip: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
515 |
external_dlname = self.get_external_device_name(ex_gw_port['id']) |
|
3435
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
516 |
rules.append('pass in on %s to %s:%s from any to !%s' %
|
|
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
517 |
(internal_dlname, external_dlname, ex_gw_ip, |
|
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
518 |
port_subnet)) |
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
519 |
|
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
520 |
ipversion = netaddr.IPNetwork(port_subnet).version |
|
3196
4c06db2d9388
19073547 editing built-in flavors fails with name too long
Drew Fisher <drew.fisher@oracle.com>
parents:
3178
diff
changeset
|
521 |
ri.ipfilters_manager.add_ipf_rules(rules, ipversion) |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
522 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
523 |
# if metadata proxy is enabled, then add the necessary |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
524 |
# IP NAT rules to forward the metadata requests to the |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
525 |
# metadata proxy server |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
526 |
if self.conf.enable_metadata_proxy and ipversion == 4: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
527 |
# TODO(gmoodalb): when IP Filter allows redirection of packets |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
528 |
# to loopback IP address, then we need to add an IPF rule allowing |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
529 |
# only packets destined to 127.0.0.1:9697 to |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
530 |
# neutron-ns-metadata-proxy server |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
531 |
rules = ['rdr %s 169.254.169.254/32 port 80 -> %s port %d tcp' % |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
532 |
(internal_dlname, port['fixed_ips'][0]['ip_address'], |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
533 |
self.conf.metadata_port)] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
534 |
ri.ipfilters_manager.add_nat_rules(rules) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
535 |
|
|
3178
77584387a894
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
3028
diff
changeset
|
536 |
def internal_network_removed(self, ri, port): |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
537 |
internal_dlname = self.get_internal_device_name(port['id']) |
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
538 |
port_subnet = port['subnet']['cidr'] |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
539 |
# remove all the IP filter rules that we added during |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
540 |
# internal network addition |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
541 |
block_pname = self._get_ippool_name(port['mac_address']) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
542 |
rules = ['block in quick on %s from %s to pool/%d' % |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
543 |
(internal_dlname, port_subnet, block_pname)] |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
544 |
if self.conf.allow_forwarding_between_networks: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
545 |
allow_pname = self._get_ippool_name(port['mac_address'], '0') |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
546 |
rules.append('pass in quick on %s from %s to pool/%d' %
|
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
547 |
(internal_dlname, port_subnet, allow_pname)) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
548 |
|
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
549 |
# remove all the IP filter rules that we added during |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
550 |
# external network addition |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
551 |
ex_gw_port = ri.ex_gw_port |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
552 |
ex_gw_ip = (ex_gw_port['subnet']['gateway_ip'] if ex_gw_port else None) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
553 |
if ex_gw_ip: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
554 |
external_dlname = self.get_external_device_name(ex_gw_port['id']) |
|
3435
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
555 |
rules.append('pass in on %s to %s:%s from any to !%s' %
|
|
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
556 |
(internal_dlname, external_dlname, ex_gw_ip, |
|
25a421888935
19898528 PBR rule must not forward packets addressed to internal default gateway
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3323
diff
changeset
|
557 |
port_subnet)) |
|
3323
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
558 |
ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
559 |
ri.ipfilters_manager.remove_ipf_rules(rules, ipversion) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
560 |
|
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
561 |
# remove the ippool |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
562 |
ri.ipfilters_manager.remove_ippool(block_pname, None) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
563 |
if self.conf.allow_forwarding_between_networks: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
564 |
ri.ipfilters_manager.remove_ippool(allow_pname, None) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
565 |
|
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
566 |
for internal_port in ri.internal_ports: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
567 |
if (self.conf.allow_forwarding_between_networks and |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
568 |
internal_port['tenant_id'] == port['tenant_id']): |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
569 |
iport_allow_pname = \ |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
570 |
self._get_ippool_name(internal_port['mac_address'], '0') |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
571 |
ri.ipfilters_manager.remove_ippool(iport_allow_pname, |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
572 |
[port_subnet]) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
573 |
else: |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
574 |
iport_block_pname = \ |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
575 |
self._get_ippool_name(internal_port['mac_address']) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
576 |
ri.ipfilters_manager.remove_ippool(iport_block_pname, |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
577 |
[port_subnet]) |
|
b4b74d363c31
19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c
Girish Moodalbail <Girish.Moodalbail@oracle.COM>
parents:
3200
diff
changeset
|
578 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
579 |
# if metadata proxy is enabled, then remove the IP NAT rules that |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
580 |
# were added while adding the internal network |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
581 |
if self.conf.enable_metadata_proxy and ipversion == 4: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
582 |
rules = ['rdr %s 169.254.169.254/32 port 80 -> %s port %d tcp' % |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
583 |
(internal_dlname, port['fixed_ips'][0]['ip_address'], |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
584 |
self.conf.metadata_port)] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
585 |
ri.ipfilters_manager.remove_nat_rules(rules) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
586 |
|
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
587 |
if net_lib.Datalink.datalink_exists(internal_dlname): |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
588 |
self.driver.fini_l3(internal_dlname) |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
589 |
self.driver.unplug(internal_dlname) |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
590 |
|
|
4072
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
591 |
# remove the EVS VPort associated with internal network |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
592 |
cmd = ['/usr/sbin/evsadm', 'remove-vport', '-T', port['tenant_id'], |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
593 |
'%s/%s' % (port['network_id'], port['id'])] |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
594 |
try: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
595 |
utils.execute(cmd) |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
596 |
except Exception as err: |
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
597 |
LOG.error(_("Failed to delete the EVS VPort associated with "
|
|
db0cec748ec0
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
3435
diff
changeset
|
598 |
"internal network: %s") % err) |
|
3028
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
599 |
|
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
600 |
def routes_updated(self, ri): |
|
5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
601 |
pass |