def is_ipv6_ok(soft_fail=False): """ Check if IPv6 support is present and ip6tables functional :param soft_fail: If set to True and IPv6 support is broken, then reports that the host doesn't have IPv6 support, otherwise a UFWIPv6Error exception is raised. :returns: True if IPv6 is working, False otherwise """ # do we have IPv6 in the machine? if os.path.isdir('/proc/sys/net/ipv6'): # is ip6tables kernel module loaded? if not is_module_loaded('ip6_tables'): # ip6tables support isn't complete, let's try to load it try: modprobe('ip6_tables') # great, we can load the module return True except subprocess.CalledProcessError as ex: hookenv.log("Couldn't load ip6_tables module: %s" % ex.output, level="WARN") # we are in a world where ip6tables isn't working if soft_fail: # so we inform that the machine doesn't have IPv6 return False else: raise UFWIPv6Error("IPv6 firewall support broken") else: # the module is present :) return True else: # the system doesn't have IPv6 return False
def install_dpdk(): modprobe(config["dpdk-driver"]) try: modprobe("vfio-pci") except: pass dkms_autoinstall() pages = get_hugepages() if pages: hugepage_support("root", group="root", nr_hugepages=pages, mnt_point="/hugepages") service_restart("libvirt-bin") configure_vrouter_interface() set_dpdk_coremask() write_configs() if not init_is_systemd(): os.remove("/etc/init/supervisor-vrouter.override") service_start("supervisor-vrouter") service_restart("contrail-vrouter-agent") else: service("enable", "contrail-vrouter-dpdk") service_start("contrail-vrouter-dpdk") service("enable", "contrail-vrouter-agent") service_start("contrail-vrouter-agent") fix_libvirt()
def install_dpdk(): modprobe(config["dpdk-driver"]) try: modprobe("vfio-pci") except: pass dkms_autoinstall() pages = get_hugepages() if pages: hugepage_support("root", group="root", nr_hugepages=pages, mnt_point="/hugepages") service_restart("libvirt-bin") configure_vrouter_interface() set_dpdk_options() if not init_is_systemd(): os.remove("/etc/init/supervisor-vrouter.override") service_start("supervisor-vrouter") service_restart("contrail-vrouter-agent") else: # unmask them first for srv in ("contrail-vrouter-agent", "contrail-vrouter-dpdk"): try: os.remove("/etc/systemd/system/{}.service".format(srv)) except OSError: pass service("enable", "contrail-vrouter-dpdk") service_start("contrail-vrouter-dpdk") service("enable", "contrail-vrouter-agent") service_start("contrail-vrouter-agent") fix_libvirt()
def configure_lxd_host(): ubuntu_release = lsb_release()['DISTRIB_CODENAME'].lower() if ubuntu_release > "vivid": log('>= Wily deployment - configuring LXD trust password and address', level=INFO) cmd = ['lxc', 'config', 'set', 'core.trust_password', lxd_trust_password()] check_call(cmd) cmd = ['lxc', 'config', 'set', 'core.https_address', '[::]'] check_call(cmd) if ubuntu_release == 'xenial': apt_install('linux-image-extra-%s' % os.uname()[2], fatal=True) if ubuntu_release >= 'xenial': modprobe('netlink_diag') elif ubuntu_release == "vivid": log('Vivid deployment - loading overlay kernel module', level=INFO) cmd = ['modprobe', 'overlay'] check_call(cmd) with open('/etc/modules', 'r+') as modules: if 'overlay' not in modules.read(): modules.write('overlay')
def config_changed(): configure_deferred_restarts(deferrable_services()) if not config('action-managed-upgrade'): if openstack_upgrade_available(NEUTRON_COMMON): status_set('maintenance', 'Running openstack upgrade') do_openstack_upgrade(CONFIGS) update_nrpe_config() module_settings = config('kernel-modules') if module_settings: if is_container(): log("Cannot load modules inside of a container", level=WARNING) else: for module in module_settings.split(): try: modprobe(module) except Exception: message = "Failed to load kernel module '%s'" % module log(message, level=WARNING) sysctl_settings = config('sysctl') if sysctl_settings: if is_container(): log("Cannot create sysctls inside of a container", level=WARNING) else: create_sysctl(sysctl_settings, '/etc/sysctl.d/50-quantum-gateway.conf') # Re-run joined hooks as config might have changed for r_id in relation_ids('amqp'): amqp_joined(relation_id=r_id) for r_id in relation_ids('amqp-nova'): amqp_nova_joined(relation_id=r_id) if valid_plugin(): CONFIGS.write_all() configure_ovs() configure_apparmor() else: message = 'Please provide a valid plugin config' log(message, level=ERROR) status_set('blocked', message) sys.exit(1) if config('plugin') == 'n1kv': if config('enable-l3-agent'): status_set('maintenance', 'Installing apt packages') apt_install(filter_installed_packages('neutron-l3-agent')) else: apt_purge('neutron-l3-agent') # Setup legacy ha configurations update_legacy_ha_files() # Disable nova metadata if possible, if disable_nova_metadata(): remove_legacy_nova_metadata() if disable_neutron_lbaas(): remove_legacy_neutron_lbaas()
def test_modprobe_not_persistent_centos(self, platform, check_call): platform.return_value = 'centos' imp.reload(kernel) with patch_open() as (_open, _file): _file.read.return_value = 'anothermod\n' with patch("charmhelpers.core.kernel.log"): kernel.modprobe('mymod', persist=False) assert not _open.called check_call.assert_called_with(['modprobe', 'mymod'])
def configure(service, key, auth, use_syslog): """Perform basic configuration of Ceph.""" create_keyring(service, key) create_key_file(service, key) hosts = get_ceph_nodes() with open('/etc/ceph/ceph.conf', 'w') as ceph_conf: ceph_conf.write(CEPH_CONF.format(auth=auth, keyring=_keyring_path(service), mon_hosts=",".join(map(str, hosts)), use_syslog=use_syslog)) modprobe('rbd')
def install_dkms(): try: log("Loading kernel module vrouter") modprobe("vrouter") except CalledProcessError: log("vrouter kernel module failed to load," " clearing pagecache and retrying") drop_caches() modprobe("vrouter") dkms_autoinstall() configure_vrouter_interface()
def test_modprobe_persistent_ubuntu(self, platform, check_call): platform.return_value = 'ubuntu' imp.reload(kernel) with patch_open() as (_open, _file): _file.read.return_value = 'anothermod\n' with patch("charmhelpers.core.kernel.log"): kernel.modprobe('mymod') _open.assert_called_with('/etc/modules', 'r+') _file.read.assert_called_with() _file.write.assert_called_with('mymod\n') check_call.assert_called_with(['modprobe', 'mymod'])
def install_dkms(): try: log("Loading kernel module vrouter") modprobe("vrouter") except CalledProcessError: log("vrouter kernel module failed to load," " clearing pagecache and retrying") drop_caches() modprobe("vrouter") dkms_autoinstall() configure_vrouter_interface() config["vrouter-expected-provision-state"] = False status_set("blocked", "Missing relation to contrail-controller")
def enable_br_netfilter_module(): """ Enable br_netfilter to work around https://github.com/kubernetes/kubernetes/issues/21613. :return: None """ try: modprobe('br_netfilter', persist=True) except Exception: log(traceback.format_exc()) if host.is_container(): log('LXD detected, ignoring failure to load br_netfilter') else: log('LXD not detected, will retry loading br_netfilter') return set_state('containerd.br_netfilter.enabled')
def configure_lxd_host(): ubuntu_release = lsb_release()['DISTRIB_CODENAME'].lower() cmp_ubuntu_release = CompareHostReleases(ubuntu_release) if cmp_ubuntu_release > "vivid": log('>= Wily deployment - configuring LXD trust password and address', level=INFO) cmd = ['lxc', 'config', 'set', 'core.trust_password', lxd_trust_password()] check_call(cmd) cmd = ['lxc', 'config', 'set', 'core.https_address', '[::]'] check_call(cmd) if not is_container(): # NOTE(jamespage): None of the below is worth doing when running # within a container on an all-in-one install # Configure live migration if cmp_ubuntu_release == 'xenial': uname = os.uname()[2] if uname > '4.4.0-122-generic': pkg = "linux-modules-extra-{}" else: pkg = "linux-image-extra-{}" apt_install(pkg.format(uname), fatal=True) if cmp_ubuntu_release >= 'xenial': modprobe('netlink_diag') # Enable/disable use of ext4 within nova-lxd containers if os.path.exists(EXT4_USERNS_MOUNTS): with open(EXT4_USERNS_MOUNTS, 'w') as userns_mounts: userns_mounts.write( 'Y\n' if config('enable-ext4-userns') else 'N\n' ) configure_uid_mapping() elif cmp_ubuntu_release == "vivid": log('Vivid deployment - loading overlay kernel module', level=INFO) cmd = ['modprobe', 'overlay'] check_call(cmd) with open('/etc/modules', 'r+') as modules: if 'overlay' not in modules.read(): modules.write('overlay')
def configure_lxd_host(): ubuntu_release = lsb_release()['DISTRIB_CODENAME'].lower() cmp_ubuntu_release = CompareHostReleases(ubuntu_release) if cmp_ubuntu_release > "vivid": log('>= Wily deployment - configuring LXD trust password and address', level=INFO) cmd = [ 'lxc', 'config', 'set', 'core.trust_password', lxd_trust_password() ] check_call(cmd) cmd = ['lxc', 'config', 'set', 'core.https_address', '[::]'] check_call(cmd) if not is_container(): # NOTE(jamespage): None of the below is worth doing when running # within a container on an all-in-one install # Configure live migration if cmp_ubuntu_release == 'xenial': uname = os.uname()[2] if uname > '4.4.0-122-generic': pkg = "linux-modules-extra-{}" else: pkg = "linux-image-extra-{}" apt_install(pkg.format(uname), fatal=True) if cmp_ubuntu_release >= 'xenial': modprobe('netlink_diag') # Enable/disable use of ext4 within nova-lxd containers if os.path.exists(EXT4_USERNS_MOUNTS): with open(EXT4_USERNS_MOUNTS, 'w') as userns_mounts: userns_mounts.write( 'Y\n' if config('enable-ext4-userns') else 'N\n') configure_uid_mapping() elif cmp_ubuntu_release == "vivid": log('Vivid deployment - loading overlay kernel module', level=INFO) cmd = ['modprobe', 'overlay'] check_call(cmd) with open('/etc/modules', 'r+') as modules: if 'overlay' not in modules.read(): modules.write('overlay')
def install(): status_set("maintenance", "Installing...") configure_sources(True, "install-sources", "install-keys") apt_upgrade(fatal=True, dist=True) packages = list() packages.extend(PACKAGES) # TODO: support dpdk config option packages.extend(PACKAGES_DKMS_INIT) apt_install(packages, fatal=True) try: output = check_output([ "dpkg-query", "-f", "${Version}\\n", "-W", "contrail-vrouter-agent" ]) version = output.decode('UTF-8').rstrip() application_version_set(version) except CalledProcessError: return None status_set("maintenance", "Configuring...") os.chmod("/etc/contrail", 0o755) os.chown("/etc/contrail", 0, 0) # supervisord must be started after installation release = lsb_release()["DISTRIB_CODENAME"] if release == 'trusty': # supervisord service_restart("supervisor-vrouter") try: log("Loading kernel module vrouter") modprobe("vrouter") except CalledProcessError: log("vrouter kernel module failed to load," " clearing pagecache and retrying") drop_caches() modprobe("vrouter") dkms_autoinstall("vrouter") configure_vrouter_interface() config["vrouter-expected-provision-state"] = False status_set("blocked", "Missing relation to contrail-controller")
def install_packages(): apt_update() # NOTE(jamespage): install neutron-common package so we always # get a clear signal on which OS release is # being deployed apt_install(filter_installed_packages(['neutron-common']), fatal=True) # NOTE(jamespage): ensure early install of dkms related # dependencies for kernels which need # openvswitch via dkms (12.04). dkms_packages = determine_dkms_package() if dkms_packages: apt_install([headers_package()] + dkms_packages, fatal=True) missing_packages = filter_installed_packages(determine_packages()) if missing_packages: status_set('maintenance', 'Installing packages') apt_install(missing_packages, fatal=True) if use_dpdk(): enable_ovs_dpdk() # NOTE(tpsilva): if we're using openvswitch driver, we need to explicitly # load the nf_conntrack_ipv4/6 module, since it won't be # loaded automatically in some cases. LP#1834213 if not is_container() and config('firewall-driver') == 'openvswitch': try: modprobe('nf_conntrack_ipv4', True) modprobe('nf_conntrack_ipv6', True) except subprocess.CalledProcessError: # Newer kernel versions (4.19+) don't have two modules for that, so # only load nf_conntrack log("This kernel does not have nf_conntrack_ipv4/6. " "Loading nf_conntrack only.") modprobe('nf_conntrack', True)
def install_packages(): # NOTE(jamespage): install neutron-common package so we always # get a clear signal on which OS release is # being deployed apt_install(filter_installed_packages(['neutron-common']), fatal=True) # NOTE(jamespage): # networking-tools-source provides general tooling for configuration # of SR-IOV VF's and Mellanox ConnectX switchdev capable adapters # The default PPA published packages back to Xenial, which covers # all target series for this charm. if config('networking-tools-source') and \ (use_dpdk() or enable_sriov() or use_hw_offload()): add_source(config('networking-tools-source')) apt_update() # NOTE(jamespage): ensure early install of dkms related # dependencies for kernels which need # openvswitch via dkms (12.04). dkms_packages = determine_dkms_package() if dkms_packages: apt_install([headers_package()] + dkms_packages, fatal=True) missing_packages = filter_installed_packages(determine_packages()) if missing_packages: status_set('maintenance', 'Installing packages') apt_install(missing_packages, fatal=True) if use_dpdk(): enable_ovs_dpdk() if use_hw_offload(): enable_hw_offload() # NOTE(tpsilva): if we're using openvswitch driver, we need to explicitly # load the nf_conntrack_ipv4/6 module, since it won't be # loaded automatically in some cases. LP#1834213 if not is_container() and config('firewall-driver') == 'openvswitch': try: modprobe('nf_conntrack_ipv4', True) modprobe('nf_conntrack_ipv6', True) except subprocess.CalledProcessError: # Newer kernel versions (4.19+) don't have two modules for that, so # only load nf_conntrack log("This kernel does not have nf_conntrack_ipv4/6. " "Loading nf_conntrack only.") modprobe('nf_conntrack', True)
def load_modules(): for module in REQUIRED_MODULES: modprobe(module, persist=True)