def check_public_floating_ranges_intersection(self): """1. Check intersection of networks address spaces inside Public and Floating network 2. Check that Public Gateway is in Public CIDR 3. Check that Public IP ranges are in Public CIDR (nova-net) """ ng = [ng for ng in self.networks if ng['name'] == 'public'][0] pub_gw = netaddr.IPAddress(ng['gateway']) pub_cidr = NetworkManager.calc_cidr_from_gw_mask(ng) if not pub_cidr: self.err_msgs.append( u"Invalid gateway or netmask for public network") self.result.append({"ids": [int(ng["id"])], "errors": ["gateway", "netmask"]}) self.expose_error_messages() ng['cidr'] = pub_cidr # Check intersection of networks address spaces inside # Public and Floating network pub_ranges_err = False for ng in self.networks: if ng['name'] in ['public', 'floating']: nets = [netaddr.IPRange(v[0], v[1]) for v in ng['ip_ranges']] for npair in combinations(nets, 2): if self.net_man.is_range_intersection(npair[0], npair[1]): self.err_msgs.append( u"Address space intersection between ranges " "of {0} network.".format(ng['name']) ) self.result.append({"ids": [int(ng["id"])], "errors": ["ip_ranges"]}) for net in nets: # Check intersection of public GW and pub/float IP ranges if pub_gw in net: self.err_msgs.append( u"Address intersection between " u"public gateway and IP range " u"of {0} network.".format(ng['name']) ) self.result.append({"ids": [int(ng["id"])], "errors": ["gateway", "ip_ranges"]}) # Check that public IP ranges are in public CIDR if ng['name'] == 'public': if net not in pub_cidr and not pub_ranges_err: pub_ranges_err = True self.err_msgs.append( u"Public gateway and public ranges " u"are not in one CIDR." ) self.result.append({"ids": [int(ng["id"])], "errors": ["gateway", "ip_ranges"]}) self.expose_error_messages()
def neutron_check_network_address_spaces_intersection(self): """Check intersection between address spaces of all networks including admin (neutron) """ # calculate and check public CIDR public = filter(lambda ng: ng['name'] == 'public', self.networks)[0] public_cidr = NetworkManager.calc_cidr_from_gw_mask(public) if not public_cidr: self.err_msgs.append( u"Invalid gateway or netmask for public network") self.result.append({"ids": [int(public["id"])], "errors": ["gateway", "netmask"]}) self.expose_error_messages() public['cidr'] = str(public_cidr) # check intersection of address ranges # between all networks for ngs in combinations(self.networks, 2): if ngs[0].get('cidr') and ngs[1].get('cidr'): cidr1 = netaddr.IPNetwork(ngs[0]['cidr']) cidr2 = netaddr.IPNetwork(ngs[1]['cidr']) if self.net_man.is_cidr_intersection(cidr1, cidr2): self.err_msgs.append( u"Address space intersection " u"between networks:\n{0}".format( ", ".join([ngs[0]['name'], ngs[1]['name']]) ) ) self.result.append({ "ids": [int(ngs[0]["id"]), int(ngs[1]["id"])], "errors": ["cidr"] }) self.expose_error_messages() # check Floating Start and Stop IPs belong to Public CIDR if 'neutron_parameters' in self.data: pre_net = self.data['neutron_parameters']['predefined_networks'] else: pre_net = self.task.cluster.neutron_config.predefined_networks fl_range = pre_net['net04_ext']['L3']['floating'] fl_ip_range = netaddr.IPRange(fl_range[0], fl_range[1]) if fl_ip_range not in public_cidr: self.err_msgs.append( u"Floating address range {0}:{1} is not in public " u"address space {2}.".format( netaddr.IPAddress(fl_range[0]), netaddr.IPAddress(fl_range[1]), public['cidr'] ) ) self.result = [{"ids": [int(public["id"])], "errors": ["cidr", "ip_ranges"]}] self.expose_error_messages() # Check intersection of networks address spaces inside # Public network ranges = [netaddr.IPRange(v[0], v[1]) for v in public['ip_ranges']] + [fl_ip_range] public_gw = netaddr.IPAddress(public['gateway']) for npair in combinations(ranges, 2): if self.net_man.is_range_intersection(npair[0], npair[1]): if fl_ip_range in npair: self.err_msgs.append( u"Address space intersection between ranges " u"of public and external network." ) else: self.err_msgs.append( u"Address space intersection between ranges " u"of public network." ) self.result.append({"ids": [int(public["id"])], "errors": ["ip_ranges"]}) for net in ranges: # Check intersection of public GW and public IP ranges if public_gw in net: self.err_msgs.append( u"Address intersection between public gateway " u"and IP range of public network." ) self.result.append({"ids": [int(public["id"])], "errors": ["gateway", "ip_ranges"]}) # Check that public IP ranges are in public CIDR if net not in public_cidr: self.err_msgs.append( u"Public gateway and public ranges " u"are not in one CIDR." ) self.result.append({"ids": [int(public["id"])], "errors": ["gateway", "ip_ranges"]}) self.expose_error_messages() # check internal Gateway is in Internal CIDR internal = pre_net['net04']['L3'] if internal.get('cidr') and internal.get('gateway'): cidr = netaddr.IPNetwork(internal['cidr']) if netaddr.IPAddress(internal['gateway']) not in cidr: self.result.append({"ids": [], "name": ["internal"], "errors": ["gateway"]}) self.err_msgs.append( u"Internal gateway {0} is not in internal " u"address space {1}.".format( internal['gateway'], internal['cidr'] ) ) if self.net_man.is_range_intersection(fl_ip_range, cidr): self.result.append({"ids": [], "name": ["internal", "external"], "errors": ["cidr", "ip_ranges"]}) self.err_msgs.append( u"Intersection between internal CIDR and floating range." ) else: self.result.append({"ids": [], "name": ["internal"], "errors": ["cidr", "gateway"]}) self.err_msgs.append( u"Internal gateway or CIDR specification is invalid." ) self.expose_error_messages()