def __init__(self, stdin=sys.stdin, foreground=True):
self.bridge = None # default bridge
self.ipt = IPtables()
if foreground:
output('EasyOVS %s, type help for information\n' % VERSION)
self.prompt = color_str(PROMPT_KW, 'g')
self.stdin = stdin
self.in_poller = poll()
self.in_poller.register(stdin)
Cmd.__init__(self)
output("***\n Welcome to EasyOVS,"
"type help to see available commands.\n***\n")
info('*** Starting CLI:\n')
debug("==Loading credentials==\n")
debug("auth_url = %s\n" % os.getenv('OS_AUTH_URL')
or cfg.CONF.OS.auth_url)
debug("username = %s\n" % os.getenv('OS_USERNAME')
or cfg.CONF.OS.username)
passwd = os.getenv('OS_PASSWORD') or cfg.CONF.OS.password
passwd = passwd[:len(passwd) / 4] + "****" + passwd[-len(passwd) /
4:]
debug("password = %s\n" % passwd)
debug("tenant_name = %s\n" % os.getenv('OS_TENANT_NAME')
or cfg.CONF.OS.tenant_name)
while True:
try:
#if self.isatty():
#quietRun( 'stty sane' )
self.cmdloop()
break
except KeyboardInterrupt:
info('\nInterrupt\n')
def _check_compute_node_nat_table(self, ns_q, ns_fip):
"""
Check the snat rules in the given ns
:param ns_q:
:param ns_fip:
:return:
"""
ipt = IPtables(ns_q)
nat = ipt.get_table(table='nat')
chains = [
'neutron-postrouting-bottom',
'neutron-l3-agent-OUTPUT',
'POSTROUTING',
'neutron-l3-agent-PREROUTING',
'PREROUTING',
'neutron-l3-agent-float-snat',
'OUTPUT',
'INPUT',
'neutron-l3-agent-POSTROUTING',
'neutron-l3-agent-snat',
]
for c_name in chains:
c = nat.get_chain(c_name)
if not c:
warn(r("Not found chain %s\n" % c_name))
return False
if c.get_policy() != 'ACCEPT':
warn(r("Chain %s's policy is not ACCEPT\n" % c.name))
for c_name in [
'neutron-postrouting-bottom', 'OUTPUT', 'neutron-l3-agent-snat'
]:
if not self._check_chain_rule_num(nat, c_name, 1):
return False
c_name = 'neutron-postrouting-bottom'
rule = {
'in': '*',
'source': '*',
'out': '*',
'destination': '*',
'target': 'neutron-l3-agent-snat',
'prot': '*'
}
if not self._check_chain_has_rule(nat, c_name, rule):
return False
c_name = 'PREROUTING'
rule = {
'in': '*',
'source': '*',
'out': '*',
'destination': '*',
'target': 'neutron-l3-agent-PREROUTING',
'prot': '*'
}
if not self._check_chain_has_rule(nat, c_name, rule):
return False
c_name = 'OUTPUT'
rule = {
'in': '*',
'source': '*',
'out': '*',
'destination': '*',
'target': 'neutron-l3-agent-OUTPUT',
'prot': '*'
}
if not self._check_chain_has_rule(nat, c_name, rule):
return False
c_name = 'POSTROUTING'
rule = {
'in': '*',
'source': '*',
'out': '*',
'destination': '*',
'target': 'neutron-l3-agent-POSTROUTING',
'prot': '*'
}
if not self._check_chain_has_rule(nat, c_name, rule):
return False
rule = {
'in': '*',
'source': '*',
'out': '*',
'destination': '*',
'target': 'neutron-postrouting-bottom',
'prot': '*'
}
if not self._check_chain_has_rule(nat, c_name, rule):
return False
c_name = 'neutron-l3-agent-POSTROUTING'
rfp_intfs = NameSpace(ns_q).find_intfs('rfp-')
for intf in rfp_intfs:
rule = {
'in': '!' + intf['intf'],
'source': '*',
'out': '!' + intf['intf'],
'destination': '*',
'target': 'ACCEPT',
'prot': '*',
'flags': '! ctstate DNAT'
}
if not self._check_chain_has_rule(nat, c_name, rule):
return False
qr_intfs = NameSpace(ns_q).find_intfs('qr-')
if not self._check_compute_node_nat_rules(qr_intfs, rfp_intfs, nat,
ns_fip):
return False
return True
