1 #!/usr/bin/python2.7 |
1 #!/usr/bin/python2.7 |
2 |
2 |
3 # Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. |
3 # Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. |
4 # |
4 # |
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may |
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may |
6 # not use this file except in compliance with the License. You may obtain |
6 # not use this file except in compliance with the License. You may obtain |
7 # a copy of the License at |
7 # a copy of the License at |
8 # |
8 # |
20 |
20 |
21 import netaddr |
21 import netaddr |
22 import smf_include |
22 import smf_include |
23 |
23 |
24 from subprocess import CalledProcessError, Popen, PIPE, check_call |
24 from subprocess import CalledProcessError, Popen, PIPE, check_call |
|
25 from neutron_vpnaas.services.vpn.device_drivers.solaris_ipsec import \ |
|
26 get_vpn_interfaces |
|
27 from neutron_vpnaas.services.vpn.device_drivers.solaris_ipsec import \ |
|
28 shutdown_vpn |
25 |
29 |
26 |
30 |
27 def set_hostmodel(value): |
31 def set_hostmodel(value): |
28 cmd = ["/usr/sbin/ipadm", "show-prop", "-p", "hostmodel", |
32 cmd = ["/usr/sbin/ipadm", "show-prop", "-p", "hostmodel", |
29 "-co", "current", "ipv4"] |
33 "-co", "current", "ipv4"] |
44 return True |
48 return True |
45 |
49 |
46 |
50 |
47 def start(): |
51 def start(): |
48 # verify paths are valid |
52 # verify paths are valid |
49 for f in sys.argv[2:4]: |
53 for f in sys.argv[2:5]: |
50 if not os.path.exists(f) or not os.access(f, os.R_OK): |
54 if not os.path.exists(f) or not os.access(f, os.R_OK): |
51 print '%s does not exist or is not readable' % f |
55 print '%s does not exist or is not readable' % f |
52 return smf_include.SMF_EXIT_ERR_CONFIG |
56 return smf_include.SMF_EXIT_ERR_CONFIG |
53 |
57 |
54 # System-wide forwarding (either ipv4 or ipv6 or both) must be enabled |
58 # System-wide forwarding (either ipv4 or ipv6 or both) must be enabled |
74 if not any((v4fwding, v6fwding)): |
78 if not any((v4fwding, v6fwding)): |
75 print "System-wide IPv4 or IPv6 (or both) forwarding must be " \ |
79 print "System-wide IPv4 or IPv6 (or both) forwarding must be " \ |
76 "enabled before enabling neutron-l3-agent" |
80 "enabled before enabling neutron-l3-agent" |
77 return smf_include.SMF_EXIT_ERR_CONFIG |
81 return smf_include.SMF_EXIT_ERR_CONFIG |
78 |
82 |
|
83 cmd = "/usr/lib/neutron/neutron-l3-agent --config-file %s " \ |
|
84 "--config-file %s --config-file %s" % tuple(sys.argv[2:5]) |
|
85 |
|
86 # The VPNaaS shutdown should unplumb all IP tunnels it created. But |
|
87 # be paranoid and check for lingering tunnels created by OpenStack |
|
88 # that may have been left behind if the OpenStack device driver exits |
|
89 # unexpectedly. OpenStack VPN configuration is created when the service |
|
90 # starts. Errors will occur if old IP tunnels still exist. |
|
91 |
|
92 vpn_ifs = get_vpn_interfaces() |
|
93 if vpn_ifs: |
|
94 print "Error: Found existing IP tunnel interface(s)." |
|
95 print "Use ipadm(1M) and dladm(1M) to remove it/them." |
|
96 print "Then use svcadm(1M) to clear the service." |
|
97 print "Use the following commands to remove:" |
|
98 for interface in vpn_ifs: |
|
99 ifn = interface.group(0) |
|
100 print "\t# ipadm delete-ip %s; dladm delete-iptun %s" % (ifn, ifn) |
|
101 |
|
102 return smf_include.SMF_EXIT_ERR_CONFIG |
|
103 |
79 # set the hostmodel property if necessary |
104 # set the hostmodel property if necessary |
80 if not set_hostmodel("src-priority"): |
105 if not set_hostmodel("src-priority"): |
81 return smf_include.SMF_EXIT_ERR_FATAL |
106 return smf_include.SMF_EXIT_ERR_FATAL |
82 |
107 |
83 cmd = "/usr/lib/neutron/neutron-l3-agent --config-file %s " \ |
108 return smf_include.smf_subprocess(cmd) |
84 "--config-file %s" % tuple(sys.argv[2:4]) |
|
85 smf_include.smf_subprocess(cmd) |
|
86 |
109 |
87 |
110 |
88 def remove_ipfilter_rules(version): |
111 def remove_ipfilter_rules(version): |
89 # remove IP Filter rules added by neutron-l3-agent |
112 # remove IP Filter rules added by neutron-l3-agent |
90 cmd = ["/usr/bin/pfexec", "/usr/sbin/ipfstat", "-io"] |
113 cmd = ["/usr/bin/pfexec", "/usr/sbin/ipfstat", "-io"] |
129 return smf_include.SMF_EXIT_ERR_FATAL |
152 return smf_include.SMF_EXIT_ERR_FATAL |
130 return smf_include.SMF_EXIT_OK |
153 return smf_include.SMF_EXIT_OK |
131 |
154 |
132 |
155 |
133 def stop(): |
156 def stop(): |
|
157 shutdown_vpn() |
134 try: |
158 try: |
135 # first kill the SMF contract |
159 # first kill the SMF contract |
136 check_call(["/usr/bin/pkill", "-c", sys.argv[2]]) |
160 check_call(["/usr/bin/pkill", "-c", sys.argv[2]]) |
137 except CalledProcessError as err: |
161 except CalledProcessError as err: |
138 print "failed to kill the SMF contract: %s" % (err) |
162 print "failed to kill the SMF contract: %s" % (err) |
139 return smf_include.SMF_EXIT_ERR_FATAL |
|
140 |
163 |
141 # We need to first remove the IP filter rules and then remove |
164 # We need to first remove the IP filter rules and then remove |
142 # the IP interfaces on which the rules were applied. |
165 # the IP interfaces on which the rules were applied. |
143 |
166 |
144 # remove IPv4 Filter rules added by neutron-l3-agent |
167 # remove IPv4 Filter rules added by neutron-l3-agent |