Exemplo n.º 1
0
 def check_public_floating_ranges_intersection(self):
     """1. Check intersection of networks address spaces inside
     Public and Floating network
     2. Check that Public Gateway is in Public CIDR
     3. Check that Public IP ranges are in Public CIDR
     (nova-net)
     """
     ng = [ng for ng in self.networks
           if ng['name'] == 'public'][0]
     pub_gw = netaddr.IPAddress(ng['gateway'])
     pub_cidr = NetworkManager.calc_cidr_from_gw_mask(ng)
     if not pub_cidr:
         self.err_msgs.append(
             u"Invalid gateway or netmask for public network")
         self.result.append({"ids": [int(ng["id"])],
                             "errors": ["gateway", "netmask"]})
         self.expose_error_messages()
     ng['cidr'] = pub_cidr
     # Check intersection of networks address spaces inside
     # Public and Floating network
     pub_ranges_err = False
     for ng in self.networks:
         if ng['name'] in ['public', 'floating']:
             nets = [netaddr.IPRange(v[0], v[1])
                     for v in ng['ip_ranges']]
             for npair in combinations(nets, 2):
                 if self.net_man.is_range_intersection(npair[0], npair[1]):
                     self.err_msgs.append(
                         u"Address space intersection between ranges "
                         "of {0} network.".format(ng['name'])
                     )
                     self.result.append({"ids": [int(ng["id"])],
                                         "errors": ["ip_ranges"]})
             for net in nets:
                 # Check intersection of public GW and pub/float IP ranges
                 if pub_gw in net:
                     self.err_msgs.append(
                         u"Address intersection between "
                         u"public gateway and IP range "
                         u"of {0} network.".format(ng['name'])
                     )
                     self.result.append({"ids": [int(ng["id"])],
                                         "errors": ["gateway",
                                                    "ip_ranges"]})
                 # Check that public IP ranges are in public CIDR
                 if ng['name'] == 'public':
                     if net not in pub_cidr and not pub_ranges_err:
                         pub_ranges_err = True
                         self.err_msgs.append(
                             u"Public gateway and public ranges "
                             u"are not in one CIDR."
                         )
                         self.result.append({"ids": [int(ng["id"])],
                                             "errors": ["gateway",
                                                        "ip_ranges"]})
     self.expose_error_messages()
Exemplo n.º 2
0
    def neutron_check_network_address_spaces_intersection(self):
        """Check intersection between address spaces of all networks
        including admin (neutron)
        """
        # calculate and check public CIDR
        public = filter(lambda ng: ng['name'] == 'public', self.networks)[0]
        public_cidr = NetworkManager.calc_cidr_from_gw_mask(public)
        if not public_cidr:
            self.err_msgs.append(
                u"Invalid gateway or netmask for public network")
            self.result.append({"ids": [int(public["id"])],
                                "errors": ["gateway", "netmask"]})
            self.expose_error_messages()
        public['cidr'] = str(public_cidr)

        # check intersection of address ranges
        # between all networks
        for ngs in combinations(self.networks, 2):
            if ngs[0].get('cidr') and ngs[1].get('cidr'):
                cidr1 = netaddr.IPNetwork(ngs[0]['cidr'])
                cidr2 = netaddr.IPNetwork(ngs[1]['cidr'])
                if self.net_man.is_cidr_intersection(cidr1, cidr2):
                    self.err_msgs.append(
                        u"Address space intersection "
                        u"between networks:\n{0}".format(
                            ", ".join([ngs[0]['name'], ngs[1]['name']])
                        )
                    )
                    self.result.append({
                        "ids": [int(ngs[0]["id"]), int(ngs[1]["id"])],
                        "errors": ["cidr"]
                    })
        self.expose_error_messages()

        # check Floating Start and Stop IPs belong to Public CIDR
        if 'neutron_parameters' in self.data:
            pre_net = self.data['neutron_parameters']['predefined_networks']
        else:
            pre_net = self.task.cluster.neutron_config.predefined_networks
        fl_range = pre_net['net04_ext']['L3']['floating']
        fl_ip_range = netaddr.IPRange(fl_range[0], fl_range[1])
        if fl_ip_range not in public_cidr:
            self.err_msgs.append(
                u"Floating address range {0}:{1} is not in public "
                u"address space {2}.".format(
                    netaddr.IPAddress(fl_range[0]),
                    netaddr.IPAddress(fl_range[1]),
                    public['cidr']
                )
            )
            self.result = [{"ids": [int(public["id"])],
                            "errors": ["cidr", "ip_ranges"]}]
        self.expose_error_messages()

        # Check intersection of networks address spaces inside
        # Public network
        ranges = [netaddr.IPRange(v[0], v[1])
                  for v in public['ip_ranges']] + [fl_ip_range]
        public_gw = netaddr.IPAddress(public['gateway'])
        for npair in combinations(ranges, 2):
            if self.net_man.is_range_intersection(npair[0], npair[1]):
                if fl_ip_range in npair:
                    self.err_msgs.append(
                        u"Address space intersection between ranges "
                        u"of public and external network."
                    )
                else:
                    self.err_msgs.append(
                        u"Address space intersection between ranges "
                        u"of public network."
                    )
                self.result.append({"ids": [int(public["id"])],
                                    "errors": ["ip_ranges"]})
        for net in ranges:
            # Check intersection of public GW and public IP ranges
            if public_gw in net:
                self.err_msgs.append(
                    u"Address intersection between public gateway "
                    u"and IP range of public network."
                )
                self.result.append({"ids": [int(public["id"])],
                                    "errors": ["gateway", "ip_ranges"]})
            # Check that public IP ranges are in public CIDR
            if net not in public_cidr:
                self.err_msgs.append(
                    u"Public gateway and public ranges "
                    u"are not in one CIDR."
                )
                self.result.append({"ids": [int(public["id"])],
                                    "errors": ["gateway", "ip_ranges"]})
        self.expose_error_messages()

        # check internal Gateway is in Internal CIDR
        internal = pre_net['net04']['L3']
        if internal.get('cidr') and internal.get('gateway'):
            cidr = netaddr.IPNetwork(internal['cidr'])
            if netaddr.IPAddress(internal['gateway']) not in cidr:
                self.result.append({"ids": [],
                                    "name": ["internal"],
                                    "errors": ["gateway"]})
                self.err_msgs.append(
                    u"Internal gateway {0} is not in internal "
                    u"address space {1}.".format(
                        internal['gateway'], internal['cidr']
                    )
                )
            if self.net_man.is_range_intersection(fl_ip_range, cidr):
                self.result.append({"ids": [],
                                    "name": ["internal", "external"],
                                    "errors": ["cidr", "ip_ranges"]})
                self.err_msgs.append(
                    u"Intersection between internal CIDR and floating range."
                )
        else:
            self.result.append({"ids": [],
                                "name": ["internal"],
                                "errors": ["cidr", "gateway"]})
            self.err_msgs.append(
                u"Internal gateway or CIDR specification is invalid."
            )
        self.expose_error_messages()