Python execute Examples, novalib.execute Python Examples

Example #1

0

Show file

File: ovs_configure_base_flows.py Project: A7Zulu/nova

def main(command, phys_dev_name):
    ovs_ofctl = lambda *rule: novalib.execute('/usr/bin/ovs-ofctl', *rule)

    bridge_name = novalib.execute_get_output('/usr/bin/ovs-vsctl',
                                             'iface-to-br', phys_dev_name)

    # always clear all flows first
    ovs_ofctl('del-flows', bridge_name)

    if command in ('online', 'reset'):
        pnic_ofport = novalib.execute_get_output('/usr/bin/ovs-vsctl', 'get',
                                         'Interface', phys_dev_name, 'ofport')

        # these flows are lower priority than all VM-specific flows.

        # allow all traffic from the physical NIC, as it is trusted (i.e.,
        # from a filtered vif, or from the physical infrastructure)
        ovs_ofctl('add-flow', bridge_name,
                  "priority=2,in_port=%s,actions=normal" % pnic_ofport)

        # Allow traffic from dom0 if there is a management interface
        # present (its IP address is on the bridge itself)
        bridge_addr = novalib.execute_get_output('/sbin/ip', '-o', '-f',
                                                 'inet', 'addr', 'show',
                                                 bridge_name)
        if bridge_addr != '':
            ovs_ofctl('add-flow', bridge_name,
                      "priority=2,in_port=LOCAL,actions=normal")

        # default drop
        ovs_ofctl('add-flow', bridge_name, 'priority=1,actions=drop')

Example #2

0

Show file

def main(command, phys_dev_name):
    ovs_ofctl = lambda *rule: novalib.execute('/usr/bin/ovs-ofctl', *rule)

    bridge_name = novalib.execute_get_output('/usr/bin/ovs-vsctl',
                                             'iface-to-br', phys_dev_name)

    # always clear all flows first
    ovs_ofctl('del-flows', bridge_name)

    if command in ('online', 'reset'):
        pnic_ofport = novalib.execute_get_output('/usr/bin/ovs-vsctl', 'get',
                                                 'Interface', phys_dev_name,
                                                 'ofport')

        # these flows are lower priority than all VM-specific flows.

        # allow all traffic from the physical NIC, as it is trusted (i.e.,
        # from a filtered vif, or from the physical infrastructure)
        ovs_ofctl('add-flow', bridge_name,
                  "priority=2,in_port=%s,actions=normal" % pnic_ofport)

        # Allow traffic from dom0 if there is a management interface
        # present (its IP address is on the bridge itself)
        bridge_addr = novalib.execute_get_output('/sbin/ip', '-o', '-f',
                                                 'inet', 'addr', 'show',
                                                 bridge_name)
        if bridge_addr != '':
            ovs_ofctl('add-flow', bridge_name,
                      "priority=2,in_port=LOCAL,actions=normal")

        # default drop
        ovs_ofctl('add-flow', bridge_name, 'priority=1,actions=drop')

Example #3

0

Show file

def apply_iptables_rules(command, params):
    iptables = lambda *rule: novalib.execute('/sbin/iptables', *rule)

    iptables('-D', 'FORWARD', '-m', 'physdev', '--physdev-in', params['VIF'],
             '-s', params['IP'], '-j', 'ACCEPT')
    if command == 'online':
        iptables('-A', 'FORWARD', '-m', 'physdev', '--physdev-in',
                 params['VIF'], '-s', params['IP'], '-j', 'ACCEPT')

Example #4

0

Show file

File: vif_rules.py Project: pacharya-pf9/nova

def apply_arptables_rules(command, params):
    arptables = lambda *rule: novalib.execute("/sbin/arptables", *rule)

    arptables(
        "-D",
        "FORWARD",
        "--opcode",
        "Request",
        "--in-interface",
        params["VIF"],
        "--source-ip",
        params["IP"],
        "--source-mac",
        params["MAC"],
        "-j",
        "ACCEPT",
    )
    arptables(
        "-D",
        "FORWARD",
        "--opcode",
        "Reply",
        "--in-interface",
        params["VIF"],
        "--source-ip",
        params["IP"],
        "--source-mac",
        params["MAC"],
        "-j",
        "ACCEPT",
    )
    if command == "online":
        arptables(
            "-A",
            "FORWARD",
            "--opcode",
            "Request",
            "--in-interface",
            params["VIF"],
            "--source-mac",
            params["MAC"],
            "-j",
            "ACCEPT",
        )
        arptables(
            "-A",
            "FORWARD",
            "--opcode",
            "Reply",
            "--in-interface",
            params["VIF"],
            "--source-ip",
            params["IP"],
            "--source-mac",
            params["MAC"],
            "-j",
            "ACCEPT",
        )

Example #5

0

Show file

File: vif_rules.py Project: KarimAllah/nova

def apply_iptables_rules(command, params):
    iptables = lambda *rule: execute('/sbin/iptables', *rule)

    iptables('-D', 'FORWARD', '-m', 'physdev',
             '--physdev-in', params['VIF'],
             '-s', params['IP'],
             '-j', 'ACCEPT')
    if command == 'online':
        iptables('-A', 'FORWARD', '-m', 'physdev',
                 '--physdev-in', params['VIF'],
                 '-s', params['IP'],
                 '-j', 'ACCEPT')

Example #6

0

Show file

File: vif_rules.py Project: pacharya-pf9/nova

def apply_ebtables_rules(command, params):
    ebtables = lambda *rule: novalib.execute("/sbin/ebtables", *rule)

    ebtables("-D", "FORWARD", "-p", "0806", "-o", params["VIF"], "--arp-ip-dst", params["IP"], "-j", "ACCEPT")
    ebtables("-D", "FORWARD", "-p", "0800", "-o", params["VIF"], "--ip-dst", params["IP"], "-j", "ACCEPT")
    if command == "online":
        ebtables("-A", "FORWARD", "-p", "0806", "-o", params["VIF"], "--arp-ip-dst", params["IP"], "-j", "ACCEPT")
        ebtables("-A", "FORWARD", "-p", "0800", "-o", params["VIF"], "--ip-dst", params["IP"], "-j", "ACCEPT")

    ebtables("-D", "FORWARD", "-s", "!", params["MAC"], "-i", params["VIF"], "-j", "DROP")
    if command == "online":
        ebtables("-I", "FORWARD", "1", "-s", "!", params["MAC"], "-i", params["VIF"], "-j", "DROP")

Example #7

0

Show file

def apply_arptables_rules(command, params):
    arptables = lambda *rule: novalib.execute('/sbin/arptables', *rule)

    arptables('-D', 'FORWARD', '--opcode', 'Request', '--in-interface',
              params['VIF'], '--source-ip', params['IP'], '--source-mac',
              params['MAC'], '-j', 'ACCEPT')
    arptables('-D', 'FORWARD', '--opcode', 'Reply', '--in-interface',
              params['VIF'], '--source-ip', params['IP'], '--source-mac',
              params['MAC'], '-j', 'ACCEPT')
    if command == 'online':
        arptables('-A', 'FORWARD', '--opcode', 'Request', '--in-interface',
                  params['VIF'], '--source-mac', params['MAC'], '-j', 'ACCEPT')
        arptables('-A', 'FORWARD', '--opcode', 'Reply', '--in-interface',
                  params['VIF'], '--source-ip', params['IP'], '--source-mac',
                  params['MAC'], '-j', 'ACCEPT')

Example #8

0

Show file

def apply_ebtables_rules(command, params):
    ebtables = lambda *rule: novalib.execute("/sbin/ebtables", *rule)

    ebtables('-D', 'FORWARD', '-p', '0806', '-o', params['VIF'],
             '--arp-ip-dst', params['IP'], '-j', 'ACCEPT')
    ebtables('-D', 'FORWARD', '-p', '0800', '-o', params['VIF'], '--ip-dst',
             params['IP'], '-j', 'ACCEPT')
    if command == 'online':
        ebtables('-A', 'FORWARD', '-p', '0806', '-o', params['VIF'],
                 '--arp-ip-dst', params['IP'], '-j', 'ACCEPT')
        ebtables('-A', 'FORWARD', '-p', '0800', '-o', params['VIF'],
                 '--ip-dst', params['IP'], '-j', 'ACCEPT')

    ebtables('-D', 'FORWARD', '-s', '!', params['MAC'], '-i', params['VIF'],
             '-j', 'DROP')
    if command == 'online':
        ebtables('-I', 'FORWARD', '1', '-s', '!', params['MAC'], '-i',
                 params['VIF'], '-j', 'DROP')

Example #9

0

Show file

File: ovs_configure_base_flows.py Project: AsherBond/dodai-compute

def main(command, phys_dev_name, bridge_name):
    ovs_ofctl = lambda *rule: execute('/usr/bin/ovs-ofctl', *rule)

    # always clear all flows first
    ovs_ofctl('del-flows', bridge_name)

    if command in ('online', 'reset'):
        pnic_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get',
                                         'Interface', phys_dev_name, 'ofport')

        # these flows are lower priority than all VM-specific flows.

        # allow all traffic from the physical NIC, as it is trusted (i.e.,
        # from a filtered vif, or from the physical infrastructure)
        ovs_ofctl('add-flow', bridge_name,
                  "priority=2,in_port=%s,actions=normal" % pnic_ofport)

        # default drop
        ovs_ofctl('add-flow', bridge_name, 'priority=1,actions=drop')

Example #10

0

Show file

File: ovs_configure_base_flows.py Project: lerner/osc-robot-nova

def main(command, phys_dev_name, bridge_name):
    ovs_ofctl = lambda *rule: execute('/usr/bin/ovs-ofctl', *rule)

    # always clear all flows first
    ovs_ofctl('del-flows', bridge_name)

    if command in ('online', 'reset'):
        pnic_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get',
                                         'Interface', phys_dev_name, 'ofport')

        # these flows are lower priority than all VM-specific flows.

        # allow all traffic from the physical NIC, as it is trusted (i.e.,
        # from a filtered vif, or from the physical infrastructure)
        ovs_ofctl('add-flow', bridge_name,
                  "priority=2,in_port=%s,actions=normal" % pnic_ofport)

        # default drop
        ovs_ofctl('add-flow', bridge_name, 'priority=1,actions=drop')

Example #11

0

Show file

File: vif_rules.py Project: KarimAllah/nova

def apply_arptables_rules(command, params):
    arptables = lambda *rule: execute('/sbin/arptables', *rule)

    arptables('-D', 'FORWARD', '--opcode', 'Request',
              '--in-interface', params['VIF'],
              '--source-ip', params['IP'],
              '--source-mac', params['MAC'],
              '-j', 'ACCEPT')
    arptables('-D', 'FORWARD', '--opcode', 'Reply',
              '--in-interface', params['VIF'],
              '--source-ip', params['IP'],
              '--source-mac', params['MAC'],
              '-j', 'ACCEPT')
    if command == 'online':
        arptables('-A', 'FORWARD', '--opcode', 'Request',
                  '--in-interface', params['VIF'],
                  '--source-mac', params['MAC'],
                  '-j', 'ACCEPT')
        arptables('-A', 'FORWARD', '--opcode', 'Reply',
                  '--in-interface', params['VIF'],
                  '--source-ip', params['IP'],
                  '--source-mac', params['MAC'],
                  '-j', 'ACCEPT')

Example #12

0

Show file

File: vif_rules.py Project: KarimAllah/nova

def apply_ebtables_rules(command, params):
    ebtables = lambda *rule: execute("/sbin/ebtables", *rule)

    ebtables('-D', 'FORWARD', '-p', '0806', '-o', params['VIF'],
             '--arp-ip-dst', params['IP'],
             '-j', 'ACCEPT')
    ebtables('-D', 'FORWARD', '-p', '0800', '-o', params['VIF'],
             '--ip-dst', params['IP'],
             '-j', 'ACCEPT')
    if command == 'online':
        ebtables('-A', 'FORWARD', '-p', '0806',
                 '-o', params['VIF'],
                 '--arp-ip-dst', params['IP'],
                 '-j', 'ACCEPT')
        ebtables('-A', 'FORWARD', '-p', '0800',
                 '-o', params['VIF'],
                 '--ip-dst', params['IP'],
                 '-j', 'ACCEPT')

    ebtables('-D', 'FORWARD', '-s', '!', params['MAC'],
             '-i', params['VIF'], '-j', 'DROP')
    if command == 'online':
        ebtables('-I', 'FORWARD', '1', '-s', '!', params['MAC'],
                 '-i', params['VIF'], '-j', 'DROP')

Example #13

0

Show file

File: ovs_configure_vif_flows.py Project: rackerlabs/reddwarf

 def clear_flows(self, ofport):
     execute(OVS_OFCTL, "del-flows", self.bridge, "in_port=%s" % ofport)

Example #14

0

Show file

 def clear_flows(self, ofport):
     novalib.execute(OVS_OFCTL, 'del-flows',
                                     self.bridge, "in_port=%s" % ofport)

Example #15

0

Show file

 def add(self, rule):
     novalib.execute(OVS_OFCTL, 'add-flow', self.bridge, rule % self.params)

Example #16

0

Show file

File: ovs_configure_vif_flows.py Project: rackerlabs/reddwarf

 def add(self, rule):
     execute(OVS_OFCTL, "add-flow", self.bridge, rule % self.params)

Example #17

0

Show file

File: vif_rules.py Project: pacharya-pf9/nova

def apply_iptables_rules(command, params):
    iptables = lambda *rule: novalib.execute("/sbin/iptables", *rule)

    iptables("-D", "FORWARD", "-m", "physdev", "--physdev-in", params["VIF"], "-s", params["IP"], "-j", "ACCEPT")
    if command == "online":
        iptables("-A", "FORWARD", "-m", "physdev", "--physdev-in", params["VIF"], "-s", params["IP"], "-j", "ACCEPT")

Example #18

0

Show file

File: ovs_configure_vif_flows.py Project: runt18/nova

 def clear_flows(self, ofport):
     novalib.execute(OVS_OFCTL, 'del-flows',
                                     self.bridge, "in_port={0!s}".format(ofport))

Example #19

0

Show file

File: ovs_configure_vif_flows.py Project: runt18/nova

 def add(self, rule):
     novalib.execute(OVS_OFCTL, 'add-flow', self.bridge, rule % self.params)

Example #20

0

Show file

File: ovs_configure_vif_flows.py Project: 4everming/nova

 def clear_flows(self, ofport):
     novalib.execute(OVS_OFCTL, 'del-flows',
                                     self.bridge, "in_port=%s" % ofport)