Exemple #1
0
 def check_command(self, cmd, error_text, skip_msg, run_as_root=False):
     try:
         utils.execute(cmd, run_as_root=run_as_root)
     except RuntimeError as e:
         if error_text in str(e) and not self.fail_on_missing_deps:
             self.skipTest(skip_msg)
         raise
Exemple #2
0
 def add_root_qdisc(device, namespace, root_helper=None):
     """Add the root htb qdisc for device."""
     cmd = ['tc', 'qdisc', 'add', 'dev', device, 'root', 'handle',
            '1:0', 'htb', 'default', 'fffe']
     if namespace:
         cmd = ['ip', 'netns', 'exec', namespace] + cmd
     linux_utils.execute(cmd, root_helper=root_helper)
Exemple #3
0
 def destroy_root_qdisc(device, namespace, root_helper=None):
     """Delete the root htb qdisc for device."""
     cmd = ['tc', 'qdisc', 'del', 'dev', device, 'root']
     if namespace:
         cmd = ['ip', 'netns', 'exec', namespace] + cmd
     linux_utils.execute(cmd, root_helper=root_helper,
                         check_exit_code=False)
Exemple #4
0
 def device_exists(self, device):
     """Check if ethernet device exists."""
     try:
         utils.execute(["ip", "link", "show", "dev", device], root_helper=self.root_helper)
     except RuntimeError:
         return False
     return True
def _is_pingable(ip):
    """Checks whether an IP address is reachable by pinging.

    Use linux utils to execute the ping (ICMP ECHO) command.
    Sends 5 packets with an interval of 0.2 seconds and timeout of 1
    seconds. Runtime error implies unreachability else IP is pingable.
    :param ip: IP to check
    :return: bool - True or False depending on pingability.
    """
    if not ip:
       LOG.warning("inputing ip adress is None")
       return False

    #ip = '10.0.88.138'
    ping_cmd = ['ping',
                '-c', '5',
                '-W', '1',
                '-i', '0.2',
                ip]
    try:
        linux_utils.execute(ping_cmd, check_exit_code=True)
        return True
    except RuntimeError:
        LOG.warning("Cannot ping ip address: %s", ip)
        return False
    def del_flow(self,nsname = None,devname=None, classid=None,src_ip=None):
        """

        :param nsname:
        :param devname:
        :param classid: "1:10"
        :param src_ip: "192.168.10.100"
        :return:
        """
        LOG.debug(_('del_flow classid %s,src_ip %s'%(classid,src_ip)))
        cmd=nscmd=[]
        if nsname is not None:
            nscmd=["ip","netns","exec",nsname]
            cmd.extend(nscmd)
        cmd.extend(["tc","filter","show","dev",devname])
        output=utils.execute(cmd,self.root_helper)
        res=self._re_match_src_ip_filter(output,class_id=classid,src_ip=src_ip)
        if res:
            filter_perf_info=res[:res.index(" fh")]
            rule_set=filter_perf_info.split(" ")
            del_cmd=nscmd
            del_cmd.extend(["tc","filter","del","dev",devname])
            del_cmd.extend(rule_set)
            #print rule_set
            output=utils.execute(del_cmd,self.root_helper)
Exemple #7
0
    def setup_physical_bridges(self, bridge_mappings):
        """Setup the physical network bridges.

        Creates physical network bridges and links them to the
        integration bridge using veths.

        :param bridge_mappings: map physical network names to bridge names.
        """
        self.phys_brs = {}
        self.int_ofports = {}
        self.phys_ofports = {}
        ip_wrapper = ip_lib.IPWrapper(self.root_helper)
        for physical_network, bridge in bridge_mappings.iteritems():
            LOG.info(
                _("Mapping physical network %(physical_network)s to " "bridge %(bridge)s"),
                {"physical_network": physical_network, "bridge": bridge},
            )
            # setup physical bridge
            if not ip_lib.device_exists(bridge, self.root_helper):
                LOG.error(
                    _(
                        "Bridge %(bridge)s for physical network "
                        "%(physical_network)s does not exist. Agent "
                        "terminated!"
                    ),
                    {"physical_network": physical_network, "bridge": bridge},
                )
                sys.exit(1)
            br = ovs_lib.OVSBridge(bridge, self.root_helper)
            br.remove_all_flows()
            br.add_flow(priority=1, actions="normal")
            self.phys_brs[physical_network] = br

            # create veth to patch physical bridge with integration bridge
            int_veth_name = constants.VETH_INTEGRATION_PREFIX + bridge
            self.int_br.delete_port(int_veth_name)
            phys_veth_name = constants.VETH_PHYSICAL_PREFIX + bridge
            br.delete_port(phys_veth_name)
            if ip_lib.device_exists(int_veth_name, self.root_helper):
                ip_lib.IPDevice(int_veth_name, self.root_helper).link.delete()
                # Give udev a chance to process its rules here, to avoid
                # race conditions between commands launched by udev rules
                # and the subsequent call to ip_wrapper.add_veth
                utils.execute(["/sbin/udevadm", "settle", "--timeout=10"])
            int_veth, phys_veth = ip_wrapper.add_veth(int_veth_name, phys_veth_name)
            self.int_ofports[physical_network] = self.int_br.add_port(int_veth)
            self.phys_ofports[physical_network] = br.add_port(phys_veth)

            # block all untranslated traffic over veth between bridges
            self.int_br.add_flow(priority=2, in_port=self.int_ofports[physical_network], actions="drop")
            br.add_flow(priority=2, in_port=self.phys_ofports[physical_network], actions="drop")

            # enable veth to pass traffic
            int_veth.link.set_up()
            phys_veth.link.set_up()

            if self.veth_mtu:
                # set up mtu size for veth interfaces
                int_veth.link.set_mtu(self.veth_mtu)
                phys_veth.link.set_mtu(self.veth_mtu)
Exemple #8
0
 def check_command(self, cmd, error_text, skip_msg):
     try:
         utils.execute(cmd)
     except RuntimeError as e:
         if error_text in str(e):
             self.skipTest(skip_msg)
         raise
    def _check_keepalived_process(self):
        cmd = ["service", "keepalived", "status"]
        try:
            status = utils.execute(cmd, root_helper=self.root_helper)
        except Exception:
            status = ''
        
        if 'running' not in status:
            LOG.debug(_('Keepalived is not running'))
            cmd = ['ps', '-ewwf', '|', 'grep', '/usr/sbin/keepalived', 
                   '|', 'grep', '-v', 'grep', '|', 'awk', '\'{print $2}\'']
            try:
                output = os.popen(' '.join(cmd))
                pids = output.read()
            except Exception:
                LOG.exception(_('Excute %s failed'), cmd)
                return

            pids = pids.split('\n')
            for pid in pids:
                if pid:
                    LOG.debug(_('Try to kill unactive keepalived process: %s'), pid)
                    try:
                        cmd = ['kill', '-9', pid]
                        utils.execute(cmd, root_helper=self.root_helper)
                    except Exception:
                        LOG.error(_('Kill keepalived process: %s failed'), pid)
            cmd = ["service", "keepalived", "restart"]
            utils.execute(cmd, root_helper=self.root_helper)
Exemple #10
0
 def check_command(self, cmd, error_text, skip_msg, root_helper=None):
     try:
         utils.execute(cmd, root_helper=root_helper)
     except RuntimeError as e:
         if error_text in str(e) and not self.fail_on_missing_deps:
             self.skipTest(skip_msg)
         raise
    def delete_vlan_bridge(self, bridge_name):
        if ip_lib.device_exists(bridge_name):
            interfaces_on_bridge = self.get_interfaces_on_bridge(bridge_name)
            for interface in interfaces_on_bridge:
                self.remove_interface(bridge_name, interface)

                if interface.startswith(VXLAN_INTERFACE_PREFIX):
                    self.delete_vxlan(interface)
                    continue

                for physical_interface in self.interface_mappings.values():
                    if (interface.startswith(physical_interface)):
                        ips, gateway = self.get_interface_details(bridge_name)
                        if ips:
                            # This is a flat network or a VLAN interface that
                            # was setup outside of neutron => return IP's from
                            # bridge to interface
                            self.update_interface_ip_details(interface,
                                                             bridge_name,
                                                             ips, gateway)
                        elif physical_interface != interface:
                            self.delete_vlan(interface)

            LOG.debug("Deleting bridge %s", bridge_name)
            if utils.execute(['ip', 'link', 'set', bridge_name, 'down'],
                             run_as_root=True):
                return
            if utils.execute(['brctl', 'delbr', bridge_name],
                             run_as_root=True):
                return
            LOG.debug("Done deleting bridge %s", bridge_name)

        else:
            LOG.error(_LE("Cannot delete bridge %s, does not exist"),
                      bridge_name)
Exemple #12
0
    def external_gateway_added(self, ri, ex_gw_port,
                               interface_name, internal_cidrs):

        if not ip_lib.device_exists(interface_name,
                                    root_helper=self.root_helper,
                                    namespace=ri.ns_name()):
            self.driver.plug(ex_gw_port['network_id'],
                             ex_gw_port['id'], interface_name,
                             ex_gw_port['mac_address'],
                             bridge=self.conf.external_network_bridge,
                             namespace=ri.ns_name(),
                             prefix=EXTERNAL_DEV_PREFIX)
        self.driver.init_l3(interface_name, [ex_gw_port['ip_cidr']],
                            namespace=ri.ns_name())
        ip_address = ex_gw_port['ip_cidr'].split('/')[0]
        self._send_gratuitous_arp_packet(ri, interface_name, ip_address)

        gw_ip = ex_gw_port['subnet']['gateway_ip']
        if ex_gw_port['subnet']['gateway_ip']:
            cmd = ['route', 'add', 'default', 'gw', gw_ip]
            if self.conf.use_namespaces:
                ip_wrapper = ip_lib.IPWrapper(self.root_helper,
                                              namespace=ri.ns_name())
                ip_wrapper.netns.execute(cmd, check_exit_code=False)
            else:
                utils.execute(cmd, check_exit_code=False,
                              root_helper=self.root_helper)
Exemple #13
0
    def disable(self, retain_port=False):
        """Disable DHCP for this network by killing the local process."""
        pid = self.pid

        if self.active:
            cmd = ['kill', '-9', pid]
            utils.execute(cmd, self.root_helper)
            if not retain_port:
                self.device_manager.destroy(self.network, self.interface_name)

        elif pid:
            LOG.debug(_('DHCP for %(net_id)s pid %(pid)d is stale, ignoring '
                        'command'), {'net_id': self.network.id, 'pid': pid})
        else:
            LOG.debug(_('No DHCP started for %s'), self.network.id)

        self._remove_config_files()

        if not retain_port:
            if self.conf.dhcp_delete_namespaces and self.network.namespace:
                ns_ip = ip_lib.IPWrapper(self.root_helper,
                                         self.network.namespace)
                try:
                    ns_ip.netns.delete(self.network.namespace)
                except RuntimeError:
                    msg = _('Failed trying to delete namespace: %s')
                    LOG.exception(msg, self.network.namespace)
Exemple #14
0
    def plug(self, network_id, port_id, device_name, mac_address,
             bridge=None, namespace=None, prefix=None):
        """This method is called by the Dhcp agent or by the L3 agent
        when a new network is created
        """
        if not ip_lib.device_exists(device_name,
                                    self.root_helper,
                                    namespace=namespace):
            ip = ip_lib.IPWrapper(self.root_helper)
            tap_name = device_name.replace(prefix or n_const.TAP_DEVICE_PREFIX,
                                           n_const.TAP_DEVICE_PREFIX)

            # Create ns_dev in a namespace if one is configured.
            root_dev, ns_dev = ip.add_veth(tap_name, device_name,
                                           namespace2=namespace)

            ns_dev.link.set_address(mac_address)

            # Add an interface created by ovs to the namespace.
            namespace_obj = ip.ensure_namespace(namespace)
            namespace_obj.add_device_to_namespace(ns_dev)

            ns_dev.link.set_up()
            root_dev.link.set_up()

            cmd = ['mm-ctl', '--bind-port', port_id, device_name]
            utils.execute(cmd, self.root_helper)

        else:
            LOG.info(_LI("Device %s already exists"), device_name)
    def update_device_link(self, port_id, dom_id, hw_addr, owner, state, device):
        """Set link state of interface based on admin state in libvirt/kvm"""
        if not hw_addr or not dom_id:
            return False
        # For compatibility, treat all without owner starting with virl- as lxcs
        is_lxc = owner == 'virl:lxc' or not owner and dom_id.startswith('virl-')
        if not (is_lxc or (owner and owner.startswith('compute:'))):
            return None

        state = 'up' if state else 'down'
        if is_lxc:
            instance_dir = LXC_INSTANCE_DIR
            cmd = ['ip', 'link', 'set', 'dev', device, state]
        else:
            instance_dir = NOVA_INSTANCE_DIR
            cmd = ['virsh', 'domif-setlink', '--domain', dom_id,
                   '--interface', hw_addr, '--state', state]

        if not os.path.isdir(instance_dir % dom_id):
            LOG.warning('Cannot update device %s link %s on missing domain %s',
                        port_id, hw_addr, dom_id)
            return None

        LOG.debug('Bringing port %s with %s of domain %s %s',
                  port_id, hw_addr, dom_id, state)
        try:
            utils.execute(cmd, run_as_root=True)
            return True
        except RuntimeError:
            LOG.exception('Failed to update port %s of domain %s mac %s to %s',
                          port_id, dom_id, hw_addr, state)
            return False
    def delete_vlan_bridge(self, bridge_name):
        if self.device_exists(bridge_name):
            interfaces_on_bridge = self.get_interfaces_on_bridge(bridge_name)
            for interface in interfaces_on_bridge:
                self.remove_interface(bridge_name, interface)

                if interface.startswith(VXLAN_INTERFACE_PREFIX):
                    self.delete_vxlan(interface)
                    continue

                for physical_interface in self.interface_mappings.itervalues():
                    if physical_interface == interface:
                        # This is a flat network => return IP's from bridge to
                        # interface
                        ips, gateway = self.get_interface_details(bridge_name)
                        self.update_interface_ip_details(interface,
                                                         bridge_name,
                                                         ips, gateway)
                    elif interface.startswith(physical_interface):
                        self.delete_vlan(interface)

            LOG.debug(_("Deleting bridge %s"), bridge_name)
            if utils.execute(['ip', 'link', 'set', bridge_name, 'down'],
                             root_helper=self.root_helper):
                return
            if utils.execute(['brctl', 'delbr', bridge_name],
                             root_helper=self.root_helper):
                return
            LOG.debug(_("Done deleting bridge %s"), bridge_name)

        else:
            LOG.error(_("Cannot delete bridge %s, does not exist"),
                      bridge_name)
    def plug_new(self, network_id, port_id, device_name, mac_address,
                 bridge=None, namespace=None, prefix=None, mtu=None):
        """This method is called by the Dhcp agent or by the L3 agent
        when a new network is created
        """
        ip = ip_lib.IPWrapper()
        tap_name = device_name.replace(prefix or n_const.TAP_DEVICE_PREFIX,
                                       n_const.TAP_DEVICE_PREFIX)

        # Create ns_dev in a namespace if one is configured.
        root_dev, ns_dev = ip.add_veth(tap_name, device_name,
                                       namespace2=namespace)
        root_dev.disable_ipv6()
        ns_dev.link.set_address(mac_address)

        mtu = self.conf.network_device_mtu or mtu
        if mtu:
            ns_dev.link.set_mtu(mtu)
            root_dev.link.set_mtu(mtu)
        else:
            LOG.warning(_LW("No MTU configured for port %s"), port_id)

        ns_dev.link.set_up()
        root_dev.link.set_up()

        cmd = ['mm-ctl', '--bind-port', port_id, device_name]
        utils.execute(cmd, run_as_root=True)
Exemple #18
0
    def spawn_process(self):
        """Spawns a Dnsmasq process for the network."""
        env = {self.NEUTRON_NETWORK_ID_KEY: self.network.id}

        cmd = [
            "dnsmasq",
            "--no-hosts",
            "--no-resolv",
            "--strict-order",
            "--bind-interfaces",
            "--interface=%s" % self.interface_name,
            "--except-interface=lo",
            "--pid-file=%s" % self.get_conf_file_name("pid", ensure_conf_dir=True),
            "--dhcp-hostsfile=%s" % self._output_hosts_file(),
            "--dhcp-optsfile=%s" % self._output_opts_file(),
            "--leasefile-ro",
        ]

        possible_leases = 0
        for i, subnet in enumerate(self.network.subnets):
            # if a subnet is specified to have dhcp disabled
            if not subnet.enable_dhcp:
                continue
            if subnet.ip_version == 4:
                mode = "static"
            else:
                # TODO(mark): how do we indicate other options
                # ra-only, slaac, ra-nameservers, and ra-stateless.
                mode = "static"
            if self.version >= self.MINIMUM_VERSION:
                set_tag = "set:"
            else:
                set_tag = ""

            cidr = netaddr.IPNetwork(subnet.cidr)

            cmd.append(
                "--dhcp-range=%s%s,%s,%s,%ss"
                % (set_tag, self._TAG_PREFIX % i, cidr.network, mode, self.conf.dhcp_lease_duration)
            )
            possible_leases += cidr.size

        # Cap the limit because creating lots of subnets can inflate
        # this possible lease cap.
        cmd.append("--dhcp-lease-max=%d" % min(possible_leases, self.conf.dnsmasq_lease_max))

        cmd.append("--conf-file=%s" % self.conf.dnsmasq_config_file)
        if self.conf.dnsmasq_dns_server:
            cmd.append("--server=%s" % self.conf.dnsmasq_dns_server)

        if self.conf.dhcp_domain:
            cmd.append("--domain=%s" % self.conf.dhcp_domain)

        if self.network.namespace:
            ip_wrapper = ip_lib.IPWrapper(self.root_helper, self.network.namespace)
            ip_wrapper.netns.execute(cmd, addl_env=env)
        else:
            # For normal sudo prepend the env vars before command
            cmd = ["%s=%s" % pair for pair in env.items()] + cmd
            utils.execute(cmd, self.root_helper)
Exemple #19
0
    def spawn_process(self):
        """Spawns a Dnsmasq process for the network."""
        env = {
            self.NEUTRON_NETWORK_ID_KEY: self.network.id,
            self.NEUTRON_RELAY_SOCKET_PATH_KEY:
            self.conf.dhcp_lease_relay_socket
        }

        cmd = [
            'dnsmasq',
            '--no-hosts',
            '--no-resolv',
            '--strict-order',
            '--bind-interfaces',
            '--interface=%s' % self.interface_name,
            '--except-interface=lo',
            '--pid-file=%s' % self.get_conf_file_name(
                'pid', ensure_conf_dir=True),
            #TODO (mark): calculate value from cidr (defaults to 150)
            #'--dhcp-lease-max=%s' % ?,
            '--dhcp-hostsfile=%s' % self._output_hosts_file(),
            '--dhcp-optsfile=%s' % self._output_opts_file(),
            '--dhcp-script=%s' % self._lease_relay_script_path(),
            '--leasefile-ro',
        ]

        for i, subnet in enumerate(self.network.subnets):
            # if a subnet is specified to have dhcp disabled
            if not subnet.enable_dhcp:
                continue
            if subnet.ip_version == 4:
                mode = 'static'
            else:
                # TODO(mark): how do we indicate other options
                # ra-only, slaac, ra-nameservers, and ra-stateless.
                mode = 'static'
            if self.version >= self.MINIMUM_VERSION:
                set_tag = 'set:'
            else:
                set_tag = ''
            cmd.append('--dhcp-range=%s%s,%s,%s,%ss' %
                       (set_tag, self._TAG_PREFIX % i,
                        netaddr.IPNetwork(subnet.cidr).network,
                        mode,
                        self.conf.dhcp_lease_duration))

        cmd.append('--conf-file=%s' % self.conf.dnsmasq_config_file)
        if self.conf.dnsmasq_dns_server:
            cmd.append('--server=%s' % self.conf.dnsmasq_dns_server)

        if self.conf.dhcp_domain:
            cmd.append('--domain=%s' % self.conf.dhcp_domain)

        if self.namespace:
            ip_wrapper = ip_lib.IPWrapper(self.root_helper, self.namespace)
            ip_wrapper.netns.execute(cmd, addl_env=env)
        else:
            # For normal sudo prepend the env vars before command
            cmd = ['%s=%s' % pair for pair in env.items()] + cmd
            utils.execute(cmd, self.root_helper)
    def vxlan_ucast_supported(self):
        if not cfg.CONF.VXLAN.l2_population:
            return False
        if not ip_lib.iproute_arg_supported(["bridge", "fdb"], "append"):
            LOG.warning(
                _LW('Option "%(option)s" must be supported by command ' '"%(command)s" to enable %(mode)s mode'),
                {"option": "append", "command": "bridge fdb", "mode": "VXLAN UCAST"},
            )
            return False

        test_iface = None
        for seg_id in moves.range(1, p_const.MAX_VXLAN_VNI + 1):
            if ip_lib.device_exists(self.get_vxlan_device_name(seg_id)) or ip_lib.vxlan_in_use(seg_id):
                continue
            test_iface = self.ensure_vxlan(seg_id)
            break
        else:
            LOG.error(_LE("No valid Segmentation ID to perform UCAST test."))
            return False

        try:
            utils.execute(
                cmd=["bridge", "fdb", "append", constants.FLOODING_ENTRY[0], "dev", test_iface, "dst", "1.1.1.1"],
                run_as_root=True,
                log_fail_as_error=False,
            )
            return True
        except RuntimeError:
            return False
        finally:
            self.delete_interface(test_iface)
Exemple #21
0
    def gen_client_ca(self, id):
        file_prefix = get_file_name(id, server = False)
        file_key = file_prefix + '.key'
        file_csr = file_prefix + '.csr'
        remove_file(file_key)
        remove_file(file_csr)
        cmd = ['openssl',
               'req',
               '-batch',
               '-nodes',
               '-new',
               '-newkey', 'rsa:' + str(vpn_connstants.KEY_SIZE),
               '-keyout', file_key,
               '-out', file_csr,
               '-config', cfg.CONF.openvpn.openssl_conf]

        result = utils.execute(cmd, root_helper=self.root_helper)
        LOG.info("openvpn generate key of client, result:%s" % result)

        file_crt = file_prefix + '.crt'
        remove_file(file_crt)
        cmd = ['openssl',
               'ca',
               '-batch',
               '-days', vpn_connstants.KEY_EXPIRE,
               '-out', file_crt,
               '-in', file_csr,
               '-config', cfg.CONF.openvpn.openssl_conf]

        result = utils.execute(cmd, root_helper=self.root_helper)
        LOG.info("openvpn generate crt of cient, result:%s" % result)
        remove_file(file_csr)
    def _enable_netfilter_for_bridges(self):
        # we only need to set these values once, but it has to be when
        # we create a bridge; before that the bridge module might not
        # be loaded and the proc values aren't there.
        if self._enabled_netfilter_for_bridges:
            return
        else:
            self._enabled_netfilter_for_bridges = True

        # These proc values ensure that netfilter is enabled on
        # bridges; essential for enforcing security groups rules with
        # OVS Hybrid.  Distributions can differ on whether this is
        # enabled by default or not (Ubuntu - yes, Redhat - no, for
        # example).
        LOG.debug("Enabling netfilter for bridges")
        entries = utils.execute(['sysctl', '-N', 'net.bridge'],
                                run_as_root=True).splitlines()
        for proto in ('arp', 'ip', 'ip6'):
            knob = 'net.bridge.bridge-nf-call-%stables' % proto
            if 'net.bridge.bridge-nf-call-%stables' % proto not in entries:
                raise SystemExit(
                    _("sysctl value %s not present on this system.") % knob)
            enabled = utils.execute(['sysctl', '-b', knob])
            if enabled != '1':
                versionutils.report_deprecated_feature(
                    LOG,
                    _LW('Bridge firewalling is disabled; enabling to make '
                        'iptables firewall work. This may not work in future '
                        'releases.'))
                utils.execute(
                    ['sysctl', '-w', '%s=1' % knob], run_as_root=True)
Exemple #23
0
    def _test_get_vif_port_set(self, is_xen):
        utils.execute(["ovs-vsctl", self.TO, "list-ports", self.BR_NAME],
                      root_helper=self.root_helper).AndReturn('tap99\ntun22')

        if is_xen:
            id_key = 'xs-vif-uuid'
        else:
            id_key = 'iface-id'

        headings = ['name', 'external_ids']
        data = [
            # A vif port on this bridge:
            ['tap99', {id_key: 'tap99id', 'attached-mac': 'tap99mac'}],
            # A vif port on another bridge:
            ['tap88', {id_key: 'tap88id', 'attached-mac': 'tap88id'}],
            # Non-vif port on this bridge:
            ['tun22', {}],
        ]

        utils.execute(["ovs-vsctl", self.TO, "--format=json",
                       "--", "--columns=name,external_ids",
                       "list", "Interface"],
                      root_helper=self.root_helper).AndReturn(
                          self._encode_ovs_json(headings, data))

        if is_xen:
            self.mox.StubOutWithMock(self.br, 'get_xapi_iface_id')
            self.br.get_xapi_iface_id('tap99id').AndReturn('tap99id')

        self.mox.ReplayAll()

        port_set = self.br.get_vif_port_set()
        self.assertEqual(set(['tap99id']), port_set)
        self.mox.VerifyAll()
 def copy_and_overwrite(self, from_path, to_path):
     # NOTE(toabctl): the agent may run as non-root user, so rm/copy as root
     if os.path.exists(to_path):
         utils.execute(
             cmd=["rm", "-rf", to_path], run_as_root=True)
     utils.execute(
         cmd=["cp", "-a", from_path, to_path], run_as_root=True)
    def vxlan_ucast_supported(self):
        if not cfg.CONF.VXLAN.l2_population:
            return False
        if not ip_lib.iproute_arg_supported(
                ['bridge', 'fdb'], 'append'):
            LOG.warning(_LW('Option "%(option)s" must be supported by command '
                            '"%(command)s" to enable %(mode)s mode'),
                        {'option': 'append',
                         'command': 'bridge fdb',
                         'mode': 'VXLAN UCAST'})
            return False

        test_iface = None
        for seg_id in moves.range(1, p_const.MAX_VXLAN_VNI + 1):
            if not ip_lib.device_exists(
                    self.get_vxlan_device_name(seg_id)):
                test_iface = self.ensure_vxlan(seg_id)
                break
        else:
            LOG.error(_LE('No valid Segmentation ID to perform UCAST test.'))
            return False

        try:
            utils.execute(
                cmd=['bridge', 'fdb', 'append', constants.FLOODING_ENTRY[0],
                     'dev', test_iface, 'dst', '1.1.1.1'],
                run_as_root=True, log_fail_as_error=False)
            return True
        except RuntimeError:
            return False
        finally:
            self.delete_vxlan(test_iface)
Exemple #26
0
    def _test_get_vif_port_set(self, is_xen):
        utils.execute(["ovs-vsctl", self.TO, "list-ports", self.BR_NAME], root_helper=self.root_helper).AndReturn(
            "tap99\ntun22"
        )

        if is_xen:
            id_key = "xs-vif-uuid"
        else:
            id_key = "iface-id"

        headings = ["name", "external_ids"]
        data = [
            # A vif port on this bridge:
            ["tap99", {id_key: "tap99id", "attached-mac": "tap99mac"}],
            # A vif port on another bridge:
            ["tap88", {id_key: "tap88id", "attached-mac": "tap88id"}],
            # Non-vif port on this bridge:
            ["tun22", {}],
        ]

        utils.execute(
            ["ovs-vsctl", self.TO, "--format=json", "--", "--columns=name,external_ids", "list", "Interface"],
            root_helper=self.root_helper,
        ).AndReturn(self._encode_ovs_json(headings, data))

        if is_xen:
            self.mox.StubOutWithMock(self.br, "get_xapi_iface_id")
            self.br.get_xapi_iface_id("tap99id").AndReturn("tap99id")

        self.mox.ReplayAll()

        port_set = self.br.get_vif_port_set()
        self.assertEqual(set(["tap99id"]), port_set)
        self.mox.VerifyAll()
Exemple #27
0
    def test_reset_bridge(self):
        utils.execute(["ovs-vsctl", self.TO, "--", "--if-exists", "del-br", self.BR_NAME], root_helper=self.root_helper)
        utils.execute(["ovs-vsctl", self.TO, "add-br", self.BR_NAME], root_helper=self.root_helper)
        self.mox.ReplayAll()

        self.br.reset_bridge()
        self.mox.VerifyAll()
Exemple #28
0
 def test_clear_db_attribute(self):
     pname = "tap77"
     utils.execute(["ovs-vsctl", self.TO, "clear", "Port",
                    pname, "tag"], root_helper=self.root_helper)
     self.mox.ReplayAll()
     self.br.clear_db_attribute("Port", pname, "tag")
     self.mox.VerifyAll()
    def add_or_update_class(self,nsname=None,devname=None,parent_classid=None,curent_classid=None,rate=None,ceil=None ):
        """
        add or update class  qos  bandwidth
        :param nsname:
        :param devname:
        :param parent_classid: "1:1"
        :param curent_classid: "1:10"
        :param rate: 10000Kbit
        :param ceil:10000Kbit
        :return:0 :class sfq not exist
        """

        LOG.debug(_('add_or_update_class in call,nsname %s,devname %s,curent_class %s,rate %s' %(nsname,devname,curent_classid,rate)))
        cmd=[]
        nscmd=[]
        if nsname is not None:
            nscmd=["ip","netns","exec",nsname]
            cmd.extend(nscmd)
        is_exist=self.check_class(nsname,devname,"class htb "+curent_classid)
        #print "add_class"
        #print is_exist
        if is_exist==-1 :#class not exist
           cmd.extend(["tc","class","add","dev",devname,"parent",parent_classid,"classid",curent_classid,"htb","rate",rate,"ceil",ceil])
           utils.execute(cmd,self.root_helper)
           return 0
        else:#class is exist ,update class rate
           cmd.extend(["tc","class","replace","dev",devname,"parent",parent_classid,"classid",curent_classid,"htb","rate",rate,"ceil",ceil])
           utils.execute(cmd,self.root_helper)
        return 1
    def remove_static_route(self, tap_device_name, fixed_ips, mac_address):
        # We don't use the mac_address parameter right now, but it's kept for
        # symmetry.
        LOG.debug('CalicoManager::remove_static_route')
        for ip_data in fixed_ips:
            ip_address = ip_data['ip_address']
            LOG.info(_("Removing static route for %s via %s"),
                     ip_address, tap_device_name)

            route_out, route_err = utils.execute(
                ['ip', 'route', 'del', ip_address,
                 'dev', tap_device_name, 'proto', 'static'],
                root_helper=self.root_helper,
                check_exit_code=False,
                return_stderr=True,
            )
            if route_err:
                LOG.warning(_("Unable to remove route for %s via %s"),
                          ip_address, tap_device_name)
            utils.execute(['neutron-disable-proxy-arp', tap_device_name],
                          root_helper=self.root_helper)
            arp_out, arp_err = utils.execute(
                ['arp', '-d', ip_address, '-i', tap_device_name],
                root_helper=self.root_helper,
                check_exit_code=False,
                return_stderr=True
            )
            if arp_err:
                LOG.warning(_("ARP entry missing for %s"), ip_address)

        return True
Exemple #31
0
 def _execute(self, *args):
     cmd = ['rabbitmqctl']
     cmd.extend(args)
     utils.execute(cmd, run_as_root=True)
Exemple #32
0
 def _ivs_add_port(self, device_name, port_id, mac_address):
     cmd = ['ivs-ctl', 'add-port', device_name]
     utils.execute(cmd, run_as_root=True)
Exemple #33
0
    def spawn_process(self):
        """Spawns a Dnsmasq process for the network."""
        env = {
            self.NEUTRON_NETWORK_ID_KEY: self.network.id,
        }

        cmd = [
            'dnsmasq',
            '--no-hosts',
            '--no-resolv',
            '--strict-order',
            '--bind-interfaces',
            '--interface=%s' % self.interface_name,
            '--except-interface=lo',
            '--pid-file=%s' % self.get_conf_file_name(
                'pid', ensure_conf_dir=True),
            '--dhcp-hostsfile=%s' % self._output_hosts_file(),
            '--dhcp-optsfile=%s' % self._output_opts_file(),
            '--leasefile-ro',
        ]

        possible_leases = 0
        for i, subnet in enumerate(self.network.subnets):
            # if a subnet is specified to have dhcp disabled
            if not subnet.enable_dhcp:
                continue
            if subnet.ip_version == 4:
                mode = 'static'
            else:
                # TODO(mark): how do we indicate other options
                # ra-only, slaac, ra-nameservers, and ra-stateless.
                mode = 'static'
            if self.version >= self.MINIMUM_VERSION:
                set_tag = 'set:'
            else:
                set_tag = ''

            cidr = netaddr.IPNetwork(subnet.cidr)

            cmd.append('--dhcp-range=%s%s,%s,%s,%ss' %
                       (set_tag, self._TAG_PREFIX % i,
                        cidr.network,
                        mode,
                        self.conf.dhcp_lease_duration))
            possible_leases += cidr.size

        # Cap the limit because creating lots of subnets can inflate
        # this possible lease cap.
        cmd.append('--dhcp-lease-max=%d' %
                   min(possible_leases, self.conf.dnsmasq_lease_max))

        cmd.append('--conf-file=%s' % self.conf.dnsmasq_config_file)
        if self.conf.dnsmasq_dns_server:
            cmd.append('--server=%s' % self.conf.dnsmasq_dns_server)

        if self.conf.dhcp_domain:
            cmd.append('--domain=%s' % self.conf.dhcp_domain)

        if self.network.namespace:
            ip_wrapper = ip_lib.IPWrapper(self.root_helper,
                                          self.network.namespace)
            ip_wrapper.netns.execute(cmd, addl_env=env)
        else:
            # For normal sudo prepend the env vars before command
            cmd = ['%s=%s' % pair for pair in env.items()] + cmd
            utils.execute(cmd, self.root_helper)
Exemple #34
0
 def remove_fdb_bridge_entry(self, mac, agent_ip, interface):
     utils.execute(
         ['bridge', 'fdb', 'del', mac, 'dev', interface, 'dst', agent_ip],
         run_as_root=True,
         check_exit_code=False)
 def fdb_ip_entry_exists(self, mac, ip, interface):
     entries = utils.execute(['ip', 'neigh', 'show', 'to', ip,
                              'dev', interface],
                             run_as_root=True)
     return mac in entries
 def fdb_ip_entry_exists(self, mac, ip, interface):
     entries = utils.execute(
         ['ip', 'neigh', 'show', 'to', ip, 'dev', interface],
         root_helper=self.root_helper)
     return mac in entries
    def ensure_bridge(self,
                      bridge_name,
                      interface=None,
                      ips=None,
                      gateway=None):
        """Create a bridge unless it already exists."""
        # _bridge_exists_and_ensure_up instead of device_exists is used here
        # because there are cases where the bridge exists but it's not UP,
        # for example:
        # 1) A greenthread was executing this function and had not yet executed
        # "ip link set bridge_name up" before eventlet switched to this
        # thread running the same function
        # 2) The Nova VIF driver was running concurrently and had just created
        #    the bridge, but had not yet put it UP
        if not self._bridge_exists_and_ensure_up(bridge_name):
            LOG.debug(
                "Starting bridge %(bridge_name)s for subinterface "
                "%(interface)s", {
                    'bridge_name': bridge_name,
                    'interface': interface
                })
            if utils.execute(['brctl', 'addbr', bridge_name],
                             root_helper=self.root_helper):
                return
            if utils.execute(['brctl', 'setfd', bridge_name,
                              str(0)],
                             root_helper=self.root_helper):
                return
            if utils.execute(['brctl', 'stp', bridge_name, 'off'],
                             root_helper=self.root_helper):
                return
            if utils.execute(['ip', 'link', 'set', bridge_name, 'up'],
                             root_helper=self.root_helper):
                return
            LOG.debug(
                "Done starting bridge %(bridge_name)s for "
                "subinterface %(interface)s", {
                    'bridge_name': bridge_name,
                    'interface': interface
                })

        if not interface:
            return bridge_name

        # Update IP info if necessary
        self.update_interface_ip_details(bridge_name, interface, ips, gateway)

        # Check if the interface is part of the bridge
        if not self.interface_exists_on_bridge(bridge_name, interface):
            try:
                # Check if the interface is not enslaved in another bridge
                if self.is_device_on_bridge(interface):
                    bridge = self.get_bridge_for_tap_device(interface)
                    utils.execute(['brctl', 'delif', bridge, interface],
                                  root_helper=self.root_helper)

                utils.execute(['brctl', 'addif', bridge_name, interface],
                              root_helper=self.root_helper)
            except Exception as e:
                LOG.error(
                    _LE("Unable to add %(interface)s to %(bridge_name)s"
                        "! Exception: %(e)s"), {
                            'interface': interface,
                            'bridge_name': bridge_name,
                            'e': e
                        })
                return
        return bridge_name
    def execute_sysfs_command(self, command, ts_port_params,
                              src_port_params,
                              common_vlans_ranges_str,
                              vf_to_vf_all_vlans, direction):
        """Execute the SRIOV NIC Switch Driver's SysFs command.

        # Mirror traffic from VF0 to VF3 on interface p2p1, ex.
        echo add 3 > /sys/class/net/p2p1/device/sriov/0/ingress_mirror
        echo add 3 > /sys/class/net/p2p1/device/sriov/0/egress_mirror

        # Remove traffic mirroring from VF0 to VF3 on interface p2p1, ex.
        echo rem 3 > /sys/class/net/p2p1/device/sriov/0/ingress_mirror
        echo rem 3 > /sys/class/net/p2p1/device/sriov/0/egress_mirror

        # Add VLANs 2,6,18-22 to Mirror traffic to VF3 (port p2p1), ex.
        echo add 2,6,18-22 > /sys/class/net/p2p1/device/sriov/3/vlan_mirror

        # Remove VLANs 2,6,18-22 to Mirror traffic to VF3 (port p2p1), ex.
        echo rem 2,6,18-22 > /sys/class/net/p2p1/device/sriov/3/vlan_mirror

        # Remove all VLANs from mirroring at VF3, ex.
        echo rem 0-4095 > /sys/class/net/p1p1/device/sriov/3/vlan_mirror
        """
        if vf_to_vf_all_vlans:
            if direction in ['OUT', 'BOTH']:
                sysfs_kobject_path = \
                    '/sys/class/net/' + ts_port_params['pf_device'] + \
                    '/device/sriov/' + src_port_params['vf_index'] + \
                    '/egress_mirror/'
                commit_cmd = ['echo', command, ts_port_params['vf_index'],
                              '>', sysfs_kobject_path]

                if not os.path.exists(sysfs_kobject_path):
                    raise n_exc.Invalid("Invalid PF (%s) and/or "
                                        "Source VF (%s) combination" %
                                        (ts_port_params['pf_device'],
                                         src_port_params['vf_index']))

                try:
                    utils.execute(commit_cmd, run_as_root=True)
                except (OSError, RuntimeError, IndexError, ValueError) as e:
                    LOG.error("Exception while executing Sysfs command "
                              "Exception: %s", e)
                    return

            if direction in ['IN', 'BOTH']:
                sysfs_kobject_path = \
                    '/sys/class/net/' + ts_port_params['pf_device'] + \
                    '/device/sriov/' + src_port_params['vf_index'] + \
                    '/ingress_mirror/'
                commit_cmd = ['echo', command, ts_port_params['vf_index'],
                              '>', sysfs_kobject_path]

                if not os.path.exists(sysfs_kobject_path):
                    raise n_exc.Invalid("Invalid PF (%s) and/or "
                                        "Source VF (%s) combination" %
                                        (ts_port_params['pf_device'],
                                         src_port_params['vf_index']))

                try:
                    utils.execute(commit_cmd, run_as_root=True)
                except (OSError, RuntimeError, IndexError, ValueError) as e:
                    LOG.error("Exception while executing Sysfs command "
                              "Exception: %s", e)
                    return
        else:
            if direction != 'BOTH':
                LOG.warning("SRIOV NIC Switch driver only supports"
                            "direction=BOTH for specific VLANs' mirroring")

            sysfs_kobject_path = '/sys/class/net/' + \
                                 ts_port_params['pf_device'] + \
                                 '/device/sriov/' + \
                                 ts_port_params['vf_index'] + '/'
            commit_cmd = ['echo', command, common_vlans_ranges_str, '>',
                          sysfs_kobject_path]

            if not os.path.exists(sysfs_kobject_path):
                raise n_exc.Invalid("Invalid PF (%s) or Tap-service VF (%s) "
                                    "combination" %
                                    (ts_port_params['pf_device'],
                                     ts_port_params['vf_index']))

            try:
                utils.execute(commit_cmd, run_as_root=True)
            except (OSError, RuntimeError, IndexError, ValueError) as e:
                LOG.error("Exception while executing Sysfs command "
                          "Exception: %s", e)
                return
Exemple #39
0
 def enabled(self):
     cmd = ['/usr/bin/svcs', '-H', '-o', 'state', NDP_SMF_FMRI]
     stdout = utils.execute(cmd)
     return 'online' in stdout
 def _get_num_spawned_procs():
     cmd = ['ps', '-f', '-u', 'root']
     out = utils.execute(cmd, run_as_root=True)
     return sum([1 for line in out.splitlines() if 'process_spawn' in line])
 def kill(self, sig=signal.SIGKILL):
     pid = self.child_pid or str(self.pid)
     utils.execute(['kill', '-%d' % sig, pid], run_as_root=True)
 def show(cls, dev=None, **kwargs):
     cmd = ['bridge', 'fdb', 'show']
     if dev:
         cmd += ['dev', dev]
     return utils.execute(cmd, run_as_root=True, **kwargs)
Exemple #43
0
def gre_conntrack_supported():
    cmd = ['modinfo', CONNTRACK_GRE_MODULE]
    try:
        return agent_utils.execute(cmd, log_fail_as_error=False)
    except exceptions.ProcessExecutionError:
        return False
Exemple #44
0
#!/usr/bin/python

import time
from oslo_config import cfg
from neutron.agent.linux import utils as linux_utils

CONF = cfg.CONF

ROOT_HELPER_OPTS = [
    cfg.StrOpt('root_helper', default='sudo'),
    cfg.StrOpt('root_helper_daemon')
]
CONF.register_opts(ROOT_HELPER_OPTS, 'AGENT')

cmd = [
    'conntrack', '-D', '-f', 'ipv4', '-s', '192.168.100.1', '-w', '1', '-d',
    '192.168.100.2'
]
start = time.time()
linux_utils.execute(list(cmd),
                    run_as_root=True,
                    check_exit_code=True,
                    extra_ok_codes=[1])
elapsed = (time.time() - start)
print "Elapsed %s seconds" % elapsed
Exemple #45
0
 def test_with_addl_env(self):
     expected = "%s\n" % self.test_file
     self.mock_popen.return_value = [expected, ""]
     result = utils.execute(["ls", self.test_file], addl_env={'foo': 'bar'})
     self.assertEqual(result, expected)
Exemple #46
0
 def test_return_code_log_error_no_raise_runtime(self):
     self.mock_popen.return_value = ('', '')
     self.process.return_value.returncode = 1
     with mock.patch.object(utils, 'LOG') as log:
         utils.execute(['ls'], check_exit_code=False)
         self.assertTrue(log.error.called)
Exemple #47
0
 def test_check_exit_code(self):
     self.mock_popen.return_value = ["", ""]
     stdout = utils.execute(["ls", self.test_file[:-1]],
                            check_exit_code=False)
     self.assertEqual("", stdout)
Exemple #48
0
 def test_process_input(self):
     expected = "%s\n" % self.test_file[:-1]
     self.mock_popen.return_value = [expected, ""]
     result = utils.execute(["cat"],
                            process_input="%s\n" % self.test_file[:-1])
     self.assertEqual(result, expected)
Exemple #49
0
 def test_with_helper(self):
     expected = "ls %s\n" % self.test_file
     self.mock_popen.return_value = [expected, ""]
     self.config(group='AGENT', root_helper='echo')
     result = utils.execute(["ls", self.test_file], run_as_root=True)
     self.assertEqual(result, expected)
Exemple #50
0
 def test_stderr_true(self):
     expected = "%s\n" % self.test_file
     self.mock_popen.return_value = [expected, ""]
     out = utils.execute(["ls", self.test_file], return_stderr=True)
     self.assertIsInstance(out, tuple)
     self.assertEqual(out, (expected, ""))
Exemple #51
0
 def test_decode_return_data(self):
     str_data = "%s\n" % self.test_file
     result = utils.execute(['ls', self.test_file], return_stderr=True)
     self.assertEqual((str_data, ''), result)
Exemple #52
0
 def test_without_helper(self):
     expected = "%s\n" % self.test_file
     self.mock_popen.return_value = [expected, ""]
     result = utils.execute(["ls", self.test_file])
     self.assertEqual(result, expected)
Exemple #53
0
 def test_return_code_log_debug(self):
     self.mock_popen.return_value = ('', '')
     with mock.patch.object(utils, 'LOG') as log:
         utils.execute(['ls'])
         self.assertTrue(log.debug.called)
Exemple #54
0
 def test_return_str_data(self):
     str_data = "%s\n" % self.test_file
     self.mock_popen.return_value = [str_data, '']
     result = utils.execute(['ls', self.test_file], return_stderr=True)
     self.assertEqual((str_data, ''), result)
 def remove_fdb_ip_entry(self, mac, ip, interface):
     utils.execute(
         ['ip', 'neigh', 'del', ip, 'lladdr', mac, 'dev', interface],
         root_helper=self.root_helper,
         check_exit_code=False)
Exemple #56
0
 def add_fdb_ip_entry(self, mac, ip, interface):
     utils.execute(['ip', 'neigh', 'add', ip, 'lladdr', mac,
                    'dev', interface, 'nud', 'permanent'],
                   root_helper=self.root_helper,
                   check_exit_code=False)
 def add_fdb_bridge_entry(self, mac, agent_ip, interface, operation="add"):
     utils.execute([
         'bridge', 'fdb', operation, mac, 'dev', interface, 'dst', agent_ip
     ],
                   root_helper=self.root_helper,
                   check_exit_code=False)
 def remove_fdb_bridge_entry(self, mac, agent_ip, interface):
     utils.execute(
         ['bridge', 'fdb', 'del', mac, 'dev', interface, 'dst', agent_ip],
         root_helper=self.root_helper,
         check_exit_code=False)
 def vxlan_module_supported(self):
     try:
         utils.execute(cmd=['modinfo', 'vxlan'], log_fail_as_error=False)
         return True
     except RuntimeError:
         return False
 def _execute(cls, op, mac, dev, ip_dst, **kwargs):
     cmd = ['bridge', 'fdb', op, mac, 'dev', dev]
     if ip_dst is not None:
         cmd += ['dst', ip_dst]
     return utils.execute(cmd, run_as_root=True, **kwargs)