def _finish_update(self, final=False):
"""
Config has been completely read. Called twice - once after reading from
environment and config file (so we should be able to access etcd), and
once after reading from etcd (so we have all the config ready to go).
Responsible for :
- storing the parameters in the relevant fields in the structure
- validating the configuration is valid (for this stage in the process)
- updating logging parameters
Note that we complete the logging even before etcd configuration
changes are read. Hence, for example, if logging to file is turned on
after reading environment variables and config file, then the log file
is created and logging to it starts - even if later on etcd
configuration turns the file off. That's because we must log if etcd
configuration load fails, and not having the log file early enough is
worse.
:param final: Have we completed (rather than just read env and config
file)
"""
self.HOSTNAME = self.parameters["FelixHostname"].value
self.ETCD_SCHEME = self.parameters["EtcdScheme"].value
self.ETCD_ENDPOINTS = self.parameters["EtcdEndpoints"].value
self.ETCD_KEY_FILE = self.parameters["EtcdKeyFile"].value
self.ETCD_CERT_FILE = self.parameters["EtcdCertFile"].value
self.ETCD_CA_FILE = self.parameters["EtcdCaFile"].value
self.STARTUP_CLEANUP_DELAY = \
self.parameters["StartupCleanupDelay"].value
self.RESYNC_INTERVAL = self.parameters["PeriodicResyncInterval"].value
self.REFRESH_INTERVAL = \
self.parameters["IptablesRefreshInterval"].value
self.HOST_IF_POLL_INTERVAL_SECS = \
self.parameters["HostInterfacePollInterval"].value
self.METADATA_IP = self.parameters["MetadataAddr"].value
self.METADATA_PORT = self.parameters["MetadataPort"].value
self.IFACE_PREFIX = self.parameters["InterfacePrefix"].value
self.DEFAULT_INPUT_CHAIN_ACTION = \
self.parameters["DefaultEndpointToHostAction"].value
self.LOGFILE = self.parameters["LogFilePath"].value
self.DRIVERLOGFILE = self.parameters["EtcdDriverLogFilePath"].value
self.LOGLEVFILE = self.parameters["LogSeverityFile"].value
self.LOGLEVSYS = self.parameters["LogSeveritySys"].value
self.LOGLEVSCR = self.parameters["LogSeverityScreen"].value
self.IP_IN_IP_ENABLED = self.parameters["IpInIpEnabled"].value
self.IP_IN_IP_MTU = self.parameters["IpInIpMtu"].value
self.IP_IN_IP_ADDR = self.parameters["IpInIpTunnelAddr"].value
self.REPORTING_INTERVAL_SECS = \
self.parameters["ReportingIntervalSecs"].value
self.REPORTING_TTL_SECS = self.parameters["ReportingTTLSecs"].value
self.REPORT_ENDPOINT_STATUS = \
self.parameters["EndpointReportingEnabled"].value
self.ENDPOINT_REPORT_DELAY = \
self.parameters["EndpointReportingDelaySecs"].value
self.MAX_IPSET_SIZE = self.parameters["MaxIpsetSize"].value
self.IPTABLES_GENERATOR_PLUGIN = \
self.parameters["IptablesGeneratorPlugin"].value
self.IPTABLES_MARK_MASK =\
self.parameters["IptablesMarkMask"].value
self.PROM_METRICS_ENABLED = \
self.parameters["PrometheusMetricsEnabled"].value
self.PROM_METRICS_PORT = \
self.parameters["PrometheusMetricsPort"].value
self.PROM_METRICS_DRIVER_PORT = \
self.parameters["EtcdDriverPrometheusMetricsPort"].value
self.FAILSAFE_INBOUND_PORTS = \
self.parameters["FailsafeInboundHostPorts"].value
self.FAILSAFE_OUTBOUND_PORTS = \
self.parameters["FailsafeOutboundHostPorts"].value
self._validate_cfg(final=final)
# Now calculate config options that rely on parameter validation.
# Determine the ETCD addresses to use.
endpoints = [x.strip() for x in self.ETCD_ENDPOINTS.split(",")]
if len(endpoints[0]) > 0:
self.ETCD_SCHEME = endpoints[0].split("://")[0]
self.ETCD_ADDRS = [e.split("://")[1] for e in endpoints]
else:
self.ETCD_SCHEME = self.parameters["EtcdScheme"].value
self.ETCD_ADDRS = [self.parameters["EtcdAddr"].value]
# Generate the IPTables mark masks we'll actually use internally.
# From least to most significant bits of the mask we use them for:
# - signalling that a profile accepted a packet
# - signalling that a packet should move to the next policy tier.
mark_mask = self.IPTABLES_MARK_MASK
set_bits = find_set_bits(mark_mask)
self.IPTABLES_MARK_ACCEPT = "0x%x" % next(set_bits)
self.IPTABLES_MARK_NEXT_TIER = "0x%x" % next(set_bits)
for plugin in self.plugins.itervalues():
# Plugins don't get loaded and registered until we've read config
# from the environment and file. This means that they don't get
# passed config until the final time through this function.
assert final, "Plugins should only be loaded on the final " \
"config pass"
plugin.store_and_validate_config(self)
# Update logging.
common.complete_logging(self.LOGFILE,
self.LOGLEVFILE,
self.LOGLEVSYS,
self.LOGLEVSCR,
gevent_in_use=True)
if final:
# Log configuration - the whole lot of it.
for name, parameter in self.parameters.iteritems():
log.info("Parameter %s (%s) has value %r read from %s",
name,
parameter.description,
parameter.value,
parameter.active_source)
def _finish_update(self, final=False):
"""
Config has been completely read. Called twice - once after reading from
environment and config file (so we should be able to access etcd), and
once after reading from etcd (so we have all the config ready to go).
Responsible for :
- storing the parameters in the relevant fields in the structure
- validating the configuration is valid (for this stage in the process)
- updating logging parameters
Note that we complete the logging even before etcd configuration
changes are read. Hence, for example, if logging to file is turned on
after reading environment variables and config file, then the log file
is created and logging to it starts - even if later on etcd
configuration turns the file off. That's because we must log if etcd
configuration load fails, and not having the log file early enough is
worse.
:param final: Have we completed (rather than just read env and config
file)
"""
self.HOSTNAME = self.parameters["FelixHostname"].value
self.ETCD_SCHEME = self.parameters["EtcdScheme"].value
self.ETCD_ENDPOINTS = self.parameters["EtcdEndpoints"].value
self.ETCD_KEY_FILE = self.parameters["EtcdKeyFile"].value
self.ETCD_CERT_FILE = self.parameters["EtcdCertFile"].value
self.ETCD_CA_FILE = self.parameters["EtcdCaFile"].value
self.STARTUP_CLEANUP_DELAY = \
self.parameters["StartupCleanupDelay"].value
self.RESYNC_INTERVAL = self.parameters["PeriodicResyncInterval"].value
self.REFRESH_INTERVAL = \
self.parameters["IptablesRefreshInterval"].value
self.HOST_IF_POLL_INTERVAL_SECS = \
self.parameters["HostInterfacePollInterval"].value
self.METADATA_IP = self.parameters["MetadataAddr"].value
self.METADATA_PORT = self.parameters["MetadataPort"].value
self.IFACE_PREFIX = self.parameters["InterfacePrefix"].value
self.DEFAULT_INPUT_CHAIN_ACTION = \
self.parameters["DefaultEndpointToHostAction"].value
self.LOGFILE = self.parameters["LogFilePath"].value
self.DRIVERLOGFILE = self.parameters["EtcdDriverLogFilePath"].value
self.LOGLEVFILE = self.parameters["LogSeverityFile"].value
self.LOGLEVSYS = self.parameters["LogSeveritySys"].value
self.LOGLEVSCR = self.parameters["LogSeverityScreen"].value
self.IP_IN_IP_ENABLED = self.parameters["IpInIpEnabled"].value
self.IP_IN_IP_MTU = self.parameters["IpInIpMtu"].value
self.IP_IN_IP_ADDR = self.parameters["IpInIpTunnelAddr"].value
self.REPORTING_INTERVAL_SECS = \
self.parameters["ReportingIntervalSecs"].value
self.REPORTING_TTL_SECS = self.parameters["ReportingTTLSecs"].value
self.REPORT_ENDPOINT_STATUS = \
self.parameters["EndpointReportingEnabled"].value
self.ENDPOINT_REPORT_DELAY = \
self.parameters["EndpointReportingDelaySecs"].value
self.MAX_IPSET_SIZE = self.parameters["MaxIpsetSize"].value
self.IPTABLES_GENERATOR_PLUGIN = \
self.parameters["IptablesGeneratorPlugin"].value
self.IPTABLES_MARK_MASK =\
self.parameters["IptablesMarkMask"].value
self.PROM_METRICS_ENABLED = \
self.parameters["PrometheusMetricsEnabled"].value
self.PROM_METRICS_PORT = \
self.parameters["PrometheusMetricsPort"].value
self.PROM_METRICS_DRIVER_PORT = \
self.parameters["EtcdDriverPrometheusMetricsPort"].value
self.FAILSAFE_INBOUND_PORTS = \
self.parameters["FailsafeInboundHostPorts"].value
self.FAILSAFE_OUTBOUND_PORTS = \
self.parameters["FailsafeOutboundHostPorts"].value
self.ACTION_ON_DROP = self.parameters["DropActionOverride"].value
self.IGNORE_LOOSE_RPF = self.parameters["IgnoreLooseRPF"].value
self.CLUSTER_GUID = self.parameters["ClusterGUID"].value
self.USAGE_REPORT = self.parameters["UsageReportingEnabled"].value
self._validate_cfg(final=final)
# Now calculate config options that rely on parameter validation.
# Determine the ETCD addresses to use.
endpoints = [x.strip() for x in self.ETCD_ENDPOINTS.split(",")]
if len(endpoints[0]) > 0:
self.ETCD_SCHEME = endpoints[0].split("://")[0]
self.ETCD_ADDRS = [e.split("://")[1] for e in endpoints]
else:
self.ETCD_SCHEME = self.parameters["EtcdScheme"].value
self.ETCD_ADDRS = [self.parameters["EtcdAddr"].value]
# Generate the IPTables mark masks we'll actually use internally.
# From least to most significant bits of the mask we use them for:
# - signalling that a profile accepted a packet
# - signalling that a packet should move to the next policy tier.
mark_mask = self.IPTABLES_MARK_MASK
set_bits = find_set_bits(mark_mask)
self.IPTABLES_MARK_ACCEPT = "0x%x" % next(set_bits)
self.IPTABLES_MARK_NEXT_TIER = "0x%x" % next(set_bits)
for plugin in self.plugins.itervalues():
# Plugins don't get loaded and registered until we've read config
# from the environment and file. This means that they don't get
# passed config until the final time through this function.
assert final, "Plugins should only be loaded on the final " \
"config pass"
plugin.store_and_validate_config(self)
# Update logging.
common.complete_logging(self.LOGFILE,
self.LOGLEVFILE,
self.LOGLEVSYS,
self.LOGLEVSCR,
gevent_in_use=True)
if final:
# Log configuration - the whole lot of it.
for name, parameter in self.parameters.iteritems():
log.info("Parameter %s (%s) has value %r read from %s",
name,
parameter.description,
parameter.value,
parameter.active_source)
def _finish_update(self, final=False):
"""
Config has been completely read. Called twice so that plugins have
a chance to add their config parameters.
Responsible for :
- storing the parameters in the relevant fields in the structure
- validating the configuration is valid (for this stage in the process)
- updating logging parameters
:param final: Have we completed (rather than just read env and config
file)
"""
self.HOSTNAME = self.parameters["FelixHostname"].value
self.STARTUP_CLEANUP_DELAY = \
self.parameters["StartupCleanupDelay"].value
self.RESYNC_INTERVAL = self.parameters["PeriodicResyncInterval"].value
self.REFRESH_INTERVAL = \
self.parameters["IptablesRefreshInterval"].value
self.HOST_IF_POLL_INTERVAL_SECS = \
self.parameters["HostInterfacePollInterval"].value
self.METADATA_IP = self.parameters["MetadataAddr"].value
self.METADATA_PORT = self.parameters["MetadataPort"].value
self.IFACE_PREFIX = self.parameters["InterfacePrefix"].value
self.DEFAULT_INPUT_CHAIN_ACTION = \
self.parameters["DefaultEndpointToHostAction"].value
self.LOGFILE = self.parameters["LogFilePath"].value
self.LOGLEVFILE = self.parameters["LogSeverityFile"].value
self.LOGLEVSYS = self.parameters["LogSeveritySys"].value
self.LOGLEVSCR = self.parameters["LogSeverityScreen"].value
self.IP_IN_IP_ENABLED = self.parameters["IpInIpEnabled"].value
self.IP_IN_IP_MTU = self.parameters["IpInIpMtu"].value
self.IP_IN_IP_ADDR = self.parameters["IpInIpTunnelAddr"].value
self.REPORTING_INTERVAL_SECS = \
self.parameters["ReportingIntervalSecs"].value
self.REPORT_ENDPOINT_STATUS = \
self.parameters["EndpointReportingEnabled"].value
self.MAX_IPSET_SIZE = self.parameters["MaxIpsetSize"].value
self.IPTABLES_GENERATOR_PLUGIN = \
self.parameters["IptablesGeneratorPlugin"].value
self.IPTABLES_MARK_MASK =\
self.parameters["IptablesMarkMask"].value
self.PROM_METRICS_ENABLED = \
self.parameters["PrometheusMetricsEnabled"].value
self.PROM_METRICS_DRIVER_PORT = \
self.parameters["DataplaneDriverPrometheusMetricsPort"].value
self.FAILSAFE_INBOUND_PORTS = \
self.parameters["FailsafeInboundHostPorts"].value
self.FAILSAFE_OUTBOUND_PORTS = \
self.parameters["FailsafeOutboundHostPorts"].value
self.ACTION_ON_DROP = self.parameters["DropActionOverride"].value
self.LOG_PREFIX = self.parameters["LogPrefix"].value
self.IGNORE_LOOSE_RPF = self.parameters["IgnoreLooseRPF"].value
self.IPV6_SUPPORT = self.parameters["Ipv6Support"].value.lower()
self.CHAIN_INSERT_MODE = self.parameters["ChainInsertMode"].value
self._validate_cfg(final=final)
# Now calculate config options that rely on parameter validation.
# Generate the IPTables mark masks we'll actually use internally.
# From least to most significant bits of the mask we use them for:
# - signalling that a profile accepted a packet
# - signalling that a packet should move to the next policy tier.
mark_mask = self.IPTABLES_MARK_MASK
set_bits = find_set_bits(mark_mask)
self.IPTABLES_MARK_ACCEPT = "0x%x" % next(set_bits)
self.IPTABLES_MARK_NEXT_TIER = "0x%x" % next(set_bits)
self.IPTABLES_MARK_ENDPOINTS = "0x%x" % next(set_bits)
for plugin in self.plugins.itervalues():
# Plugins don't get loaded and registered until we've read config
# from the environment and file. This means that they don't get
# passed config until the final time through this function.
assert final, "Plugins should only be loaded on the final " \
"config pass"
plugin.store_and_validate_config(self)
# Update logging.
common.complete_logging(self.LOGFILE,
self.LOGLEVFILE,
self.LOGLEVSYS,
self.LOGLEVSCR,
gevent_in_use=True)
if final:
# Log configuration - the whole lot of it.
for name, parameter in self.parameters.iteritems():
log.info("Parameter %s (%s) has value %r",
name,
parameter.description,
parameter.value)