59 cmd = "/usr/lib/neutron/neutron-l3-agent --config-file %s " \ |
59 cmd = "/usr/lib/neutron/neutron-l3-agent --config-file %s " \ |
60 "--config-file %s" % tuple(sys.argv[2:4]) |
60 "--config-file %s" % tuple(sys.argv[2:4]) |
61 smf_include.smf_subprocess(cmd) |
61 smf_include.smf_subprocess(cmd) |
62 |
62 |
63 |
63 |
|
64 def remove_ipfilter_rules(version): |
|
65 # remove IP Filter rules added by neutron-l3-agent |
|
66 cmd = ["/usr/bin/pfexec", "/usr/sbin/ipfstat", "-io"] |
|
67 if version == 6: |
|
68 cmd.insert(2, "-6") |
|
69 p = Popen(cmd, stdout=PIPE, stderr=PIPE) |
|
70 output, error = p.communicate() |
|
71 if p.returncode != 0: |
|
72 print "failed to retrieve IP Filter rules" |
|
73 return smf_include.SMF_EXIT_ERR_FATAL |
|
74 |
|
75 ipfilters = output.splitlines() |
|
76 # L3 agent IP Filter rules are of the form |
|
77 # block in quick on l3i64cbb496_a_0 from ... to pool/15417332 |
|
78 prog = re.compile('on l3i[0-9A-Fa-f\_]{10}_0') |
|
79 ippool_names = [] |
|
80 for ipf in ipfilters: |
|
81 if not prog.search(ipf): |
|
82 continue |
|
83 # capture the IP pool name |
|
84 ippool_names.append(ipf.split('pool/')[1]) |
|
85 |
|
86 try: |
|
87 # remove the IP Filter rule |
|
88 p = Popen(["echo", ipf], stdout=PIPE) |
|
89 cmd = ["/usr/bin/pfexec", "/usr/sbin/ipf", "-r", "-f", "-"] |
|
90 if version == 6: |
|
91 cmd.insert(2, "-6") |
|
92 check_call(cmd, stdin=p.stdout) |
|
93 except CalledProcessError as err: |
|
94 print "failed to remove IP Filter rule %s: %s" % (ipf, err) |
|
95 return smf_include.SMF_EXIT_ERR_FATAL |
|
96 |
|
97 # remove IP Pools added by neutron-l3-agent |
|
98 for ippool_name in ippool_names: |
|
99 try: |
|
100 check_call(["/usr/bin/pfexec", "/usr/sbin/ippool", "-R", |
|
101 "-m", ippool_name, "-t", "tree"]) |
|
102 except CalledProcessError as err: |
|
103 print "failed to remove IP Pool %s: %s" % (ippool_name, err) |
|
104 return smf_include.SMF_EXIT_ERR_FATAL |
|
105 return smf_include.SMF_EXIT_OK |
|
106 |
|
107 |
64 def stop(): |
108 def stop(): |
65 try: |
109 try: |
66 # first kill the SMF contract |
110 # first kill the SMF contract |
67 check_call(["/usr/bin/pkill", "-c", sys.argv[2]]) |
111 check_call(["/usr/bin/pkill", "-c", sys.argv[2]]) |
68 except CalledProcessError as err: |
112 except CalledProcessError as err: |
93 ifname]) |
137 ifname]) |
94 except CalledProcessError as err: |
138 except CalledProcessError as err: |
95 print "failed to remove datalinks used by L3 agent: %s" % (err) |
139 print "failed to remove datalinks used by L3 agent: %s" % (err) |
96 return smf_include.SMF_EXIT_ERR_FATAL |
140 return smf_include.SMF_EXIT_ERR_FATAL |
97 |
141 |
98 # remove IP Filter rules added by neutron-l3-agent |
142 # remove IPv4 Filter rules added by neutron-l3-agent |
99 cmd = ["/usr/bin/pfexec", "/usr/sbin/ipfstat", "-io"] |
143 rv = remove_ipfilter_rules(4) |
100 p = Popen(cmd, stdout=PIPE, stderr=PIPE) |
144 if rv != smf_include.SMF_EXIT_OK: |
101 output, error = p.communicate() |
145 return rv |
102 if p.returncode != 0: |
|
103 print "failed to retrieve IP Filter rules" |
|
104 return smf_include.SMF_EXIT_ERR_FATAL |
|
105 |
146 |
106 ipfilters = output.splitlines() |
147 # remove IPv6 Filter rules added by neutron-l3-agent |
107 # L3 agent IP Filter rules are of the form |
148 rv = remove_ipfilter_rules(6) |
108 # block in quick on l3i64cbb496_a_0 from ... to pool/15417332 |
149 if rv != smf_include.SMF_EXIT_OK: |
109 prog = re.compile('on l3i[0-9A-Fa-f\_]{10}_0') |
150 return rv |
110 ippool_names = [] |
|
111 for ipf in ipfilters: |
|
112 if not prog.search(ipf): |
|
113 continue |
|
114 # capture the IP pool name |
|
115 ippool_names.append(ipf.split('pool/')[1]) |
|
116 |
|
117 try: |
|
118 # remove the IP Filter rule |
|
119 p = Popen(["echo", ipf], stdout=PIPE) |
|
120 check_call(["/usr/bin/pfexec", "/usr/sbin/ipf", "-r", "-f", "-"], |
|
121 stdin=p.stdout) |
|
122 except CalledProcessError as err: |
|
123 print "failed to remove IP Filter rule %s: %s" % (ipf, err) |
|
124 return smf_include.SMF_EXIT_ERR_FATAL |
|
125 |
|
126 # remove IP Pools added by neutron-l3-agent |
|
127 for ippool_name in ippool_names: |
|
128 try: |
|
129 check_call(["/usr/bin/pfexec", "/usr/sbin/ippool", "-R", |
|
130 "-m", ippool_name, "-t", "tree"]) |
|
131 except CalledProcessError as err: |
|
132 print "failed to remove IP Pool %s: %s" % (ippool_name, err) |
|
133 return smf_include.SMF_EXIT_ERR_FATAL |
|
134 |
151 |
135 # remove IP NAT rules added by neutron-l3-agent |
152 # remove IP NAT rules added by neutron-l3-agent |
136 cmd = ["/usr/bin/pfexec", "/usr/sbin/ipnat", "-lR"] |
153 cmd = ["/usr/bin/pfexec", "/usr/sbin/ipnat", "-lR"] |
137 p = Popen(cmd, stdout=PIPE, stderr=PIPE) |
154 p = Popen(cmd, stdout=PIPE, stderr=PIPE) |
138 output, error = p.communicate() |
155 output, error = p.communicate() |