def check_public_floating_ranges_intersection(self):
"""1. Check intersection of networks address spaces inside
Public and Floating network
2. Check that Public Gateway is in Public CIDR
3. Check that Public IP ranges are in Public CIDR
(nova-net)
"""
ng = [ng for ng in self.networks
if ng['name'] == 'public'][0]
pub_gw = netaddr.IPAddress(ng['gateway'])
pub_cidr = NetworkManager.calc_cidr_from_gw_mask(ng)
if not pub_cidr:
self.err_msgs.append(
u"Invalid gateway or netmask for public network")
self.result.append({"ids": [int(ng["id"])],
"errors": ["gateway", "netmask"]})
self.expose_error_messages()
ng['cidr'] = pub_cidr
# Check intersection of networks address spaces inside
# Public and Floating network
pub_ranges_err = False
for ng in self.networks:
if ng['name'] in ['public', 'floating']:
nets = [netaddr.IPRange(v[0], v[1])
for v in ng['ip_ranges']]
for npair in combinations(nets, 2):
if self.net_man.is_range_intersection(npair[0], npair[1]):
self.err_msgs.append(
u"Address space intersection between ranges "
"of {0} network.".format(ng['name'])
)
self.result.append({"ids": [int(ng["id"])],
"errors": ["ip_ranges"]})
for net in nets:
# Check intersection of public GW and pub/float IP ranges
if pub_gw in net:
self.err_msgs.append(
u"Address intersection between "
u"public gateway and IP range "
u"of {0} network.".format(ng['name'])
)
self.result.append({"ids": [int(ng["id"])],
"errors": ["gateway",
"ip_ranges"]})
# Check that public IP ranges are in public CIDR
if ng['name'] == 'public':
if net not in pub_cidr and not pub_ranges_err:
pub_ranges_err = True
self.err_msgs.append(
u"Public gateway and public ranges "
u"are not in one CIDR."
)
self.result.append({"ids": [int(ng["id"])],
"errors": ["gateway",
"ip_ranges"]})
self.expose_error_messages()
def neutron_check_network_address_spaces_intersection(self):
"""Check intersection between address spaces of all networks
including admin (neutron)
"""
# calculate and check public CIDR
public = filter(lambda ng: ng['name'] == 'public', self.networks)[0]
public_cidr = NetworkManager.calc_cidr_from_gw_mask(public)
if not public_cidr:
self.err_msgs.append(
u"Invalid gateway or netmask for public network")
self.result.append({"ids": [int(public["id"])],
"errors": ["gateway", "netmask"]})
self.expose_error_messages()
public['cidr'] = str(public_cidr)
# check intersection of address ranges
# between all networks
for ngs in combinations(self.networks, 2):
if ngs[0].get('cidr') and ngs[1].get('cidr'):
cidr1 = netaddr.IPNetwork(ngs[0]['cidr'])
cidr2 = netaddr.IPNetwork(ngs[1]['cidr'])
if self.net_man.is_cidr_intersection(cidr1, cidr2):
self.err_msgs.append(
u"Address space intersection "
u"between networks:\n{0}".format(
", ".join([ngs[0]['name'], ngs[1]['name']])
)
)
self.result.append({
"ids": [int(ngs[0]["id"]), int(ngs[1]["id"])],
"errors": ["cidr"]
})
self.expose_error_messages()
# check Floating Start and Stop IPs belong to Public CIDR
if 'neutron_parameters' in self.data:
pre_net = self.data['neutron_parameters']['predefined_networks']
else:
pre_net = self.task.cluster.neutron_config.predefined_networks
fl_range = pre_net['net04_ext']['L3']['floating']
fl_ip_range = netaddr.IPRange(fl_range[0], fl_range[1])
if fl_ip_range not in public_cidr:
self.err_msgs.append(
u"Floating address range {0}:{1} is not in public "
u"address space {2}.".format(
netaddr.IPAddress(fl_range[0]),
netaddr.IPAddress(fl_range[1]),
public['cidr']
)
)
self.result = [{"ids": [int(public["id"])],
"errors": ["cidr", "ip_ranges"]}]
self.expose_error_messages()
# Check intersection of networks address spaces inside
# Public network
ranges = [netaddr.IPRange(v[0], v[1])
for v in public['ip_ranges']] + [fl_ip_range]
public_gw = netaddr.IPAddress(public['gateway'])
for npair in combinations(ranges, 2):
if self.net_man.is_range_intersection(npair[0], npair[1]):
if fl_ip_range in npair:
self.err_msgs.append(
u"Address space intersection between ranges "
u"of public and external network."
)
else:
self.err_msgs.append(
u"Address space intersection between ranges "
u"of public network."
)
self.result.append({"ids": [int(public["id"])],
"errors": ["ip_ranges"]})
for net in ranges:
# Check intersection of public GW and public IP ranges
if public_gw in net:
self.err_msgs.append(
u"Address intersection between public gateway "
u"and IP range of public network."
)
self.result.append({"ids": [int(public["id"])],
"errors": ["gateway", "ip_ranges"]})
# Check that public IP ranges are in public CIDR
if net not in public_cidr:
self.err_msgs.append(
u"Public gateway and public ranges "
u"are not in one CIDR."
)
self.result.append({"ids": [int(public["id"])],
"errors": ["gateway", "ip_ranges"]})
self.expose_error_messages()
# check internal Gateway is in Internal CIDR
internal = pre_net['net04']['L3']
if internal.get('cidr') and internal.get('gateway'):
cidr = netaddr.IPNetwork(internal['cidr'])
if netaddr.IPAddress(internal['gateway']) not in cidr:
self.result.append({"ids": [],
"name": ["internal"],
"errors": ["gateway"]})
self.err_msgs.append(
u"Internal gateway {0} is not in internal "
u"address space {1}.".format(
internal['gateway'], internal['cidr']
)
)
if self.net_man.is_range_intersection(fl_ip_range, cidr):
self.result.append({"ids": [],
"name": ["internal", "external"],
"errors": ["cidr", "ip_ranges"]})
self.err_msgs.append(
u"Intersection between internal CIDR and floating range."
)
else:
self.result.append({"ids": [],
"name": ["internal"],
"errors": ["cidr", "gateway"]})
self.err_msgs.append(
u"Internal gateway or CIDR specification is invalid."
)
self.expose_error_messages()
