def _redirect_params(self, conn, headers, allow_release_conn=False):
"""Process redirect response, create new connection if necessary.
Args:
conn: connection that returned the redirect response
headers: response headers of the redirect response
allow_release_conn: if redirecting to a different server,
release existing connection back to connection pool.
Returns: Return tuple(conn, url) where conn is a connection object
to the redirect target and url is the path of the API request
"""
url = None
for name, value in headers:
if name.lower() == "location":
url = value
break
if not url:
LOG.warning(_LW("[%d] Received redirect status without location "
"header field"), self._rid())
return (conn, None)
# Accept location with the following format:
# 1. /path, redirect to same node
# 2. scheme://hostname:[port]/path where scheme is https or http
# Reject others
# 3. e.g. relative paths, unsupported scheme, unspecified host
result = urlparse.urlparse(url)
if not result.scheme and not result.hostname and result.path:
if result.path[0] == "/":
if result.query:
url = "%s?%s" % (result.path, result.query)
else:
url = result.path
return (conn, url) # case 1
else:
LOG.warning(_LW("[%(rid)d] Received invalid redirect location:"
"'%(url)s'"), {'rid': self._rid(), 'url': url})
return (conn, None) # case 3
elif result.scheme not in ["http", "https"] or not result.hostname:
LOG.warning(_LW("[%(rid)d] Received malformed redirect "
"location: %(url)s"),
{'rid': self._rid(), 'url': url})
return (conn, None) # case 3
# case 2, redirect location includes a scheme
# so setup a new connection and authenticate
if allow_release_conn:
self._api_client.release_connection(conn)
conn_params = (result.hostname, result.port, result.scheme == "https")
conn = self._api_client.acquire_redirect_connection(conn_params, True,
self._headers)
if result.query:
url = "%s?%s" % (result.path, result.query)
else:
url = result.path
return (conn, url)
def get_traffic_counters(self, chain, wrap=True, zero=False):
"""Return the sum of the traffic counters of all rules of a chain."""
cmd_tables = self._get_traffic_counters_cmd_tables(chain, wrap)
if not cmd_tables:
LOG.warning(
_LW('Attempted to get traffic counters of chain %s '
'which does not exist'), chain)
return
name = get_chain_name(chain, wrap)
acc = {'pkts': 0, 'bytes': 0}
for cmd, table in cmd_tables:
args = [cmd, '-t', table, '-L', name, '-n', '-v', '-x']
if zero:
args.append('-Z')
if self.namespace:
args = ['ip', 'netns', 'exec', self.namespace] + args
current_table = self.execute(args, run_as_root=True)
current_lines = current_table.split('\n')
for line in current_lines[2:]:
if not line:
break
data = line.split()
if (len(data) < 2 or not data[0].isdigit()
or not data[1].isdigit()):
break
acc['pkts'] += int(data[0])
acc['bytes'] += int(data[1])
return acc
def get_traffic_counters(self, chain, wrap=True, zero=False):
"""Return the sum of the traffic counters of all rules of a chain."""
cmd_tables = self._get_traffic_counters_cmd_tables(chain, wrap)
if not cmd_tables:
LOG.warning(_LW('Attempted to get traffic counters of chain %s '
'which does not exist'), chain)
return
name = get_chain_name(chain, wrap)
acc = {'pkts': 0, 'bytes': 0}
for cmd, table in cmd_tables:
args = [cmd, '-t', table, '-L', name, '-n', '-v', '-x']
if zero:
args.append('-Z')
if self.namespace:
args = ['ip', 'netns', 'exec', self.namespace] + args
current_table = self.execute(args, run_as_root=True)
current_lines = current_table.split('\n')
for line in current_lines[2:]:
if not line:
break
data = line.split()
if (len(data) < 2 or
not data[0].isdigit() or
not data[1].isdigit()):
break
acc['pkts'] += int(data[0])
acc['bytes'] += int(data[1])
return acc
def plug_new(self, network_id, port_id, device_name, mac_address,
bridge=None, namespace=None, prefix=None, mtu=None):
"""Plug in the interface."""
ip = ip_lib.IPWrapper()
tap_name = self._get_tap_name(device_name, prefix)
root_dev, ns_dev = ip.add_veth(tap_name, device_name)
root_dev.disable_ipv6()
self._ivs_add_port(tap_name, port_id, mac_address)
ns_dev = ip.device(device_name)
ns_dev.link.set_address(mac_address)
mtu = self.conf.network_device_mtu or mtu
if mtu:
ns_dev.link.set_mtu(mtu)
root_dev.link.set_mtu(mtu)
else:
LOG.warning(_LW("No MTU configured for port %s"), port_id)
if namespace:
namespace_obj = ip.ensure_namespace(namespace)
namespace_obj.add_device_to_namespace(ns_dev)
ns_dev.link.set_up()
root_dev.link.set_up()
def remove_rule(self, chain, rule, wrap=True, top=False, comment=None):
"""Remove a rule from a chain.
Note: The rule must be exactly identical to the one that was added.
You cannot switch arguments around like you can with the iptables
CLI tool.
"""
chain = get_chain_name(chain, wrap)
try:
if '$' in rule:
rule = ' '.join(
self._wrap_target_chain(e, wrap) for e in rule.split(' '))
self.rules.remove(IptablesRule(chain, rule, wrap, top,
self.wrap_name,
comment=comment))
if not wrap:
self.remove_rules.append(str(IptablesRule(chain, rule, wrap,
top, self.wrap_name,
comment=comment)))
except ValueError:
LOG.warning(_LW('Tried to remove rule that was not there:'
' %(chain)r %(rule)r %(wrap)r %(top)r'),
{'chain': chain, 'rule': rule,
'top': top, 'wrap': wrap})
def api_providers(self):
"""Parse api_providers from response.
Returns: api_providers in [(host, port, is_ssl), ...] format
"""
def _provider_from_listen_addr(addr):
# (pssl|ptcp):<ip>:<port> => (host, port, is_ssl)
parts = addr.split(':')
return (parts[1], int(parts[2]), parts[0] == 'pssl')
try:
if self.successful():
ret = []
body = jsonutils.loads(self.value.body)
for node in body.get('results', []):
for role in node.get('roles', []):
if role.get('role') == 'api_provider':
addr = role.get('listen_addr')
if addr:
ret.append(_provider_from_listen_addr(addr))
return ret
except Exception as e:
LOG.warning(_LW("[%(rid)d] Failed to parse API provider: %(e)s"), {
'rid': self._rid(),
'e': e
})
# intentionally fall through
return None
def _weed_out_duplicates(line):
if line in seen_lines:
thing = 'chain' if line.startswith(':') else 'rule'
LOG.warning(_LW("Duplicate iptables %(thing)s detected. This "
"may indicate a bug in the the iptables "
"%(thing)s generation code. Line: %(line)s"),
{'thing': thing, 'line': line})
return False
seen_lines.add(line)
# Leave it alone
return True
def _weed_out_duplicates(line):
if line in seen_lines:
thing = 'chain' if line.startswith(':') else 'rule'
LOG.warning(
_LW("Duplicate iptables %(thing)s detected. This "
"may indicate a bug in the the iptables "
"%(thing)s generation code. Line: %(line)s"), {
'thing': thing,
'line': line
})
return False
seen_lines.add(line)
# Leave it alone
return True
def plug(self, network_id, port_id, device_name, mac_address,
bridge=None, namespace=None, prefix=None, mtu=None):
if not ip_lib.device_exists(device_name,
namespace=namespace):
try:
self.plug_new(network_id, port_id, device_name, mac_address,
bridge, namespace, prefix, mtu)
except TypeError:
versionutils.report_deprecated_feature(
LOG,
_LW('Interface driver does not support MTU parameter. '
'This may not work in future releases.'))
self.plug_new(network_id, port_id, device_name, mac_address,
bridge, namespace, prefix)
else:
LOG.info(_LI("Device %s already exists"), device_name)
def request_response(self, method, url, response):
"""
response is a modified HTTPResponse object or None.
response.read() will not work on response as the underlying library
request_eventlet.ApiRequestEventlet has already called this
method in order to extract the body and headers for processing.
ApiRequestEventlet derived classes call .read() and
.getheaders() on the HTTPResponse objects and store the results in
the response object's .body and .headers data members for future
access.
"""
if response is None:
# Timeout.
LOG.error(_LE('Request timed out: %(method)s to %(url)s'),
{'method': method, 'url': url})
raise exceptions.RequestTimeout()
status = response.status
LOG.debug("response.status = %(status)s", {'status': status})
if status == 401:
raise exceptions.UnAuthorizedRequest()
# Fail-fast: Check for exception conditions and raise the
# appropriate exceptions for known error codes.
if status in [404]:
LOG.warning(_LW("Resource not found. Response status: %(status)s, "
"response body: %(response.body)s"),
{'status': status, 'response.body': response.body})
exceptions.ERROR_MAPPINGS[status](response)
elif status in exceptions.ERROR_MAPPINGS:
LOG.error(_LE("Received error code: %s"), status)
LOG.error(_LE("Server Error Message: %s"), response.body)
exceptions.ERROR_MAPPINGS[status](response)
# Continue processing for non-error condition.
if status != 200 and status != 201 and status != 204:
LOG.error(_LE("%(method)s to %(url)s, unexpected response code: "
"%(status)d (content = '%(body)s')"),
{'method': method, 'url': url,
'status': response.status, 'body': response.body})
return None
return self.request_response_body(response)
def remove_rule(self, chain, rule, wrap=True, top=False, comment=None):
"""Remove a rule from a chain.
Note: The rule must be exactly identical to the one that was added.
You cannot switch arguments around like you can with the iptables
CLI tool.
"""
chain = get_chain_name(chain, wrap)
try:
if '$' in rule:
rule = ' '.join(
self._wrap_target_chain(e, wrap) for e in rule.split(' '))
self.rules.remove(
IptablesRule(chain,
rule,
wrap,
top,
self.wrap_name,
comment=comment))
if not wrap:
self.remove_rules.append(
str(
IptablesRule(chain,
rule,
wrap,
top,
self.wrap_name,
comment=comment)))
except ValueError:
LOG.warning(
_LW('Tried to remove rule that was not there:'
' %(chain)r %(rule)r %(wrap)r %(top)r'), {
'chain': chain,
'rule': rule,
'top': top,
'wrap': wrap
})
def plug_new(self, network_id, port_id, device_name, mac_address,
bridge=None, namespace=None, prefix=None, mtu=None):
"""Plugin the interface."""
ip = ip_lib.IPWrapper()
# Enable agent to define the prefix
tap_name = device_name.replace(prefix or self.DEV_NAME_PREFIX,
common.TAP_DEVICE_PREFIX)
# Create ns_veth in a namespace if one is configured.
root_veth, ns_veth = ip.add_veth(tap_name, device_name,
namespace2=namespace)
root_veth.disable_ipv6()
ns_veth.link.set_address(mac_address)
mtu = self.conf.network_device_mtu or mtu
if mtu:
root_veth.link.set_mtu(mtu)
ns_veth.link.set_mtu(mtu)
else:
LOG.warning(_LW("No MTU configured for port %s"), port_id)
root_veth.link.set_up()
ns_veth.link.set_up()
def release_connection(self, http_conn, bad_state=False,
service_unavail=False, rid=-1):
'''Mark HTTPConnection instance as available for check-out.
:param http_conn: An HTTPConnection instance obtained from this
instance.
:param bad_state: True if http_conn is known to be in a bad state
(e.g. connection fault.)
:service_unavail: True if http_conn returned 503 response.
:param rid: request id passed in from request eventlet.
'''
conn_params = self._conn_params(http_conn)
if self._conn_params(http_conn) not in self._api_providers:
LOG.debug("[%(rid)d] Released connection %(conn)s is not an "
"API provider for the cluster",
{'rid': rid,
'conn': utils.ctrl_conn_to_str(http_conn)})
return
elif hasattr(http_conn, "no_release"):
return
if bad_state:
# Reconnect to provider.
LOG.warning(_LW("[%(rid)d] Connection returned in bad state, "
"reconnecting to %(conn)s"),
{'rid': rid,
'conn': utils.ctrl_conn_to_str(http_conn)})
http_conn.close()
http_conn = self._create_connection(*self._conn_params(http_conn))
conns = []
while not self._conn_pool.empty():
priority, conn = self._conn_pool.get()
if self._conn_params(conn) == conn_params:
conn.close()
continue
conns.append((priority, conn))
for priority, conn in conns:
self._conn_pool.put((priority, conn))
priority = self._next_conn_priority
self._next_conn_priority += 1
elif service_unavail:
# http_conn returned a service unaviable response, put other
# connections to the same controller at end of priority queue,
conns = []
while not self._conn_pool.empty():
priority, conn = self._conn_pool.get()
if self._conn_params(conn) == conn_params:
priority = self._next_conn_priority
self._next_conn_priority += 1
conns.append((priority, conn))
for priority, conn in conns:
self._conn_pool.put((priority, conn))
priority = self._next_conn_priority
self._next_conn_priority += 1
else:
priority = http_conn.priority
self._conn_pool.put((priority, http_conn))
LOG.debug("[%(rid)d] Released connection %(conn)s. %(qsize)d "
"connection(s) available.",
{'rid': rid, 'conn': utils.ctrl_conn_to_str(http_conn),
'qsize': self._conn_pool.qsize()})
#
# These variables default to respectively:
#
# import oslo_log
# oslo_log._options.DEFAULT_LOG_LEVELS
# oslo_log._options.log_opts[0].default
#
extra_log_level_defaults = [
'dogpile=INFO',
'routes=INFO'
]
logging.set_defaults(
default_log_levels=logging.get_default_log_levels() +
extra_log_level_defaults)
# Required setup based on configuration and domain
logging.setup(CONF, DOMAIN)
if __name__ == '__main__':
prepare()
# NOTE: These examples use Oslo i18n marker functions
LOG.info(_LI("Welcome to Oslo Logging"))
LOG.debug("A debugging message") # Debug messages are not translated
LOG.warning(_LW("A warning occured"))
LOG.error(_LE("An error occured"))
LOG.exception(_("An Exception occured"))
def _respawn_action(self, service_id):
LOG.warning(_LW("Respawning %(service)s for uuid %(uuid)s"), {
'service': service_id.service,
'uuid': service_id.uuid
})
self._monitored_processes[service_id].enable()
#
# These variables default to respectively:
#
# import oslo_log
# oslo_log._options.DEFAULT_LOG_LEVELS
# oslo_log._options.log_opts[0].default
#
extra_log_level_defaults = [
'dogpile=INFO',
'routes=INFO'
]
logging.set_defaults(
default_log_levels=logging.get_default_log_levels() +
extra_log_level_defaults)
# Required setup based on configuration and domain
logging.setup(CONF, DOMAIN)
if __name__ == '__main__':
prepare()
# NOTE: These examples use Oslo i18n marker functions
LOG.info(_LI("Welcome to Oslo Logging"))
LOG.debug("A debugging message") # Debug messages are not translated
LOG.warning(_LW("A warning occurred"))
LOG.error(_LE("An error occurred"))
LOG.exception(_("An Exception occurred"))
def _issue_request(self):
'''Issue a request to a provider.'''
conn = self.get_conn()
if conn is None:
error = Exception(_("No API connections available"))
self._request_error = error
return error
url = self._url
LOG.debug("[%(rid)d] Issuing - request url: %(conn)s, body: %(body)s",
{'rid': self._rid(), 'conn': self._request_str(conn, url),
'body': self._body})
issued_time = time.time()
is_conn_error = False
is_conn_service_unavail = False
response = None
try:
redirects = 0
while redirects <= self._redirects:
# Update connection with user specified request timeout,
# the connect timeout is usually smaller so we only set
# the request timeout after a connection is established
if conn.sock is None:
conn.connect()
conn.sock.settimeout(self._http_timeout)
elif conn.sock.gettimeout() != self._http_timeout:
conn.sock.settimeout(self._http_timeout)
headers = copy.copy(self._headers)
auth = self._api_client.auth_data(conn)
headers.update(auth)
try:
if self._body:
body = jsonutils.dumps(self._body)
else:
body = None
LOG.debug("Issuing request: self._method = [%(method)s], "
"url= %(url)s, body=%(body)s, "
"headers=%(headers)s",
{'method': self._method, "url": url,
"body": body, "headers": headers})
conn.request(self._method, url, body, headers)
except Exception as e:
with excutils.save_and_reraise_exception():
LOG.warning(
_LW("[%(rid)d] Exception issuing request: %(e)s"),
{'rid': self._rid(), 'e': e})
response = conn.getresponse()
response.body = response.read()
response.headers = response.getheaders()
elapsed_time = time.time() - issued_time
LOG.debug("@@@@@@ [ _issue_request ] [%(rid)d] "
"Completed request '%(conn)s': "
"%(status)s (%(elapsed)s seconds), "
"request.url: %(url)s, "
"request.method: %(method)s, "
"request.headers: %(headers)s, "
"request.body %(body)s,"
"response.headers: %(response.headers)s, "
"response.body: %(response.body)s",
{'rid': self._rid(),
'conn': self._request_str(conn, url),
'status': response.status,
'elapsed': elapsed_time,
'method': self._method, "url": url,
'headers': headers, 'body': body,
'response.headers': response.headers,
'response.body': response.body})
if response.status in (401, 302):
# if response.headers:
login_msg = self._api_client.login_msg()
if auth is None and login_msg:
# The connection still has no valid cookie despite
# attempts to authenticate and the request has failed
# with unauthorized status code. If this isn't a
# a request to authenticate, we should abort the
# request since there is no point in retrying.
if self._url != jsonutils.loads(login_msg)['path']:
self._abort = True
# If request is unauthorized, clear the session cookie
# for the current provider so that subsequent requests
# to the same provider triggers re-authentication.
self._api_client.set_auth_data(conn, None)
elif 503 == response.status:
is_conn_service_unavail = True
if response.status not in [301, 307]:
break
elif redirects >= self._redirects:
LOG.info(_LI("[%d] Maximum redirects exceeded, aborting "
"request"), self._rid())
break
redirects += 1
conn, url = self._redirect_params(conn, response.headers,
self._client_conn is None)
if url is None:
response.status = 500
break
LOG.info(_LI("[%(rid)d] Redirecting request to: %(conn)s"),
{'rid': self._rid(),
'conn': self._request_str(conn, url)})
# yield here, just in case we are not out of the loop yet
eventlet.greenthread.sleep(0)
# If we receive any of these responses, then
# our server did not process our request and may be in an
# errored state. Raise an exception, which will cause the
# the conn to be released with is_conn_error == True
# which puts the conn on the back of the client's priority
# queue.
if 500 == response.status or 501 < response.status:
LOG.warning(_LW("[%(rid)d] Request '%(method)s %(url)s' "
"received: %(status)s"),
{'rid': self._rid(), 'method': self._method,
'url': self._url, 'status': response.status})
raise Exception(_('Server error return: %s'), response.status)
return response
except Exception as e:
if isinstance(e, httpclient.BadStatusLine):
msg = "Invalid server response"
else:
msg = str(e)
if response is None:
elapsed_time = time.time() - issued_time
LOG.warning(_LW("[%(rid)d] Failed request '%(conn)s': '%(msg)s' "
"(%(elapsed)s seconds)"),
{'rid': self._rid(),
'conn': self._request_str(conn, url),
'msg': msg, 'elapsed': elapsed_time})
self._request_error = e
is_conn_error = True
return e
finally:
# Make sure we release the original connection provided by the
# acquire_connection() call above.
if self._client_conn is None:
self._api_client.release_connection(conn, is_conn_error,
is_conn_service_unavail,
rid=self._rid())
def _respawn_action(self, service_id):
LOG.warning(_LW("Respawning %(service)s for uuid %(uuid)s"),
{'service': service_id.service,
'uuid': service_id.uuid})
self._monitored_processes[service_id].enable()