def main(args): """ """ if args.action == "create": # validate vrf does not already exist vrf_exists = True try: with IPDB() as ipdb: ipdb.interfaces[args.vrf_name].index except KeyError: vrf_exists = False if vrf_exists: logger.error(f"{args.vrf_name} already exists") sys.exit() # validate vrf table passed if args.vrf_table == None: logger.error("missing vrf_table") sys.exit() create_vrf(args.vrf_name, args.vrf_table) if args.action == "delete": delete_vrf(args) if "interface" in args.action: # check if interface exists with IPDB() as ipdb: try: ipdb.interfaces[args.interface] except KeyError: logger.error(f"{args.interface} is invalid") sys.exit() manage_vrf_interfaces(args)
def test_create_peer_attrs(self): foo = str(uuid4()) bar = str(uuid4()) ifA = uifname() ifB = uifname() netnsmod.create(foo) netnsmod.create(bar) with IPDB(nl=NetNS(foo)) as ip: ip.create(ifname=ifA, kind='veth', peer={ 'ifname': ifB, 'net_ns_fd': bar }).commit() assert ifA in ip.interfaces.keys() assert ifB not in ip.interfaces.keys() with IPDB(nl=NetNS(bar)) as ip: assert ifA not in ip.interfaces.keys() assert ifB in ip.interfaces.keys() ip.interfaces[ifB].remove().commit() assert ifA not in ip.interfaces.keys() assert ifB not in ip.interfaces.keys() with IPDB(nl=NetNS(foo)) as ip: assert ifA not in ip.interfaces.keys() assert ifB not in ip.interfaces.keys() netnsmod.remove(foo) netnsmod.remove(bar)
def test_move_ns_pid(self): foo = str(uuid4()) bar = str(uuid4()) ifA = uifname() netnsmod.create(foo) netnsmod.create(bar) ns_foo = IPDB(nl=NetNS(foo)) ns_bar = IPDB(nl=NetNS(bar)) try: ns_foo.create(ifname=ifA, kind='dummy').commit() with ns_foo.interfaces[ifA] as iface: iface.net_ns_pid = ns_bar.nl.server.pid assert ifA in ns_bar.interfaces.keys() assert ifA not in ns_foo.interfaces.keys() with ns_bar.interfaces[ifA] as iface: iface.net_ns_pid = ns_foo.nl.server.pid assert ifA not in ns_bar.interfaces.keys() assert ifA in ns_foo.interfaces.keys() finally: ns_foo.release() ns_bar.release() netnsmod.remove(foo) netnsmod.remove(bar)
def test_move_ns_fd(self): foo = str(uuid4()) bar = str(uuid4()) ifA = uifname() ifB = uifname() netnsmod.create(foo) netnsmod.create(bar) with IPDB(nl=NetNS(foo)) as ip: ip.create(ifname=ifA, kind='veth', peer=ifB).commit() assert ifA in ip.interfaces.keys() assert ifB in ip.interfaces.keys() with ip.interfaces[ifB] as intf: intf.net_ns_fd = bar assert ifA in ip.interfaces.keys() assert ifB not in ip.interfaces.keys() with IPDB(nl=NetNS(bar)) as ip: assert ifA not in ip.interfaces.keys() assert ifB in ip.interfaces.keys() ip.interfaces[ifB].remove().commit() assert ifA not in ip.interfaces.keys() assert ifB not in ip.interfaces.keys() with IPDB(nl=NetNS(foo)) as ip: assert ifA not in ip.interfaces.keys() assert ifB not in ip.interfaces.keys() netnsmod.remove(foo) netnsmod.remove(bar)
def test_commit_barrier(self): require_user('root') ifname = uifname() # barrier 0 try: ip = IPDB() config.commit_barrier = 0 ts1 = time.time() ip.create(ifname=ifname, kind='dummy').commit() ts2 = time.time() assert 0 < (ts2 - ts1) < 1 except: raise finally: config.commit_barrier = 0.2 ip.interfaces[ifname].remove().commit() ip.release() # barrier 5 try: ip = IPDB() config.commit_barrier = 5 ts1 = time.time() ip.create(ifname=ifname, kind='dummy').commit() ts2 = time.time() assert 5 < (ts2 - ts1) < 6 except: raise finally: config.commit_barrier = 0.2 ip.interfaces[ifname].remove().commit() ip.release()
def createEndpoint(name, svcName, endpointtype): if endpointtype == 'ns': ip_host = IPDB() ip_host.create(ifname=name, kind='veth', peer=name + '_' + svcName).commit() ip_ns = IPDB(nl=NetNS(name)) with ip_host.interfaces[name] as veth: veth.net_ns_fd = name veth.up() with ip_host.interfaces[name + '_' + svcName] as veth: veth.up() subprocess.call( ["ovs-vsctl", "add-port", "vs-" + svcName, name + '_' + svcName]) ip_host.release() ip_ns.release() nsp = NSPopen(name, ['dhclient', '-lf', '/tmp/' + name + '.lease', name], stdout=subprocess.PIPE) nsp.wait() nsp.release() if endpointtype == 'lxc': subprocess.call(['/usr/bin/lxc-clone', 'template', name]) lxcUpOvsScript = '#!/bin/bash\n' lxcUpOvsScript += 'BRIDGE="vs-' + svcName + '"\n' lxcUpOvsScript += 'ovs-vsctl --if-exists del-port $BRIDGE $5\n' lxcUpOvsScript += 'ovs-vsctl add-port $BRIDGE $5\n' f = open('/var/lib/lxc/' + name + '/ovsup.sh', 'w+') f.write(lxcUpOvsScript) f.close() lxcDownOvsScript = '#!/bin/bash\n' lxcDownOvsScript += 'BRIDGE="vs-' + svcName + '"\n' lxcDownOvsScript += 'ovs-vsctl --if-exists del-port $BRIDGE $5\n' f = open('/var/lib/lxc/' + name + '/ovsdown.sh', 'w+') f.write(lxcDownOvsScript) f.close() os.chmod('/var/lib/lxc/' + name + '/ovsup.sh', stat.S_IRWXU) os.chmod('/var/lib/lxc/' + name + '/ovsdown.sh', stat.S_IRWXU) lxcConfig = 'lxc.include = /usr/share/lxc/config/ubuntu.common.conf\n' lxcConfig += 'lxc.arch = x86_64\n' lxcConfig += 'lxc.rootfs = /var/lib/lxc/' + name + '/rootfs\n' lxcConfig += 'lxc.utsname = ' + name + '\n' lxcConfig += 'lxc.network.type = veth\n' lxcConfig += 'lxc.network.veth.pair = ' + name + '\n' lxcConfig += 'lxc.network.script.up = /var/lib/lxc/' + name + '/ovsup.sh\n' lxcConfig += 'lxc.network.script.down = /var/lib/lxc/' + name + '/ovsdown.sh\n' lxcConfig += 'lxc.network.flags = up\n' f = open('/var/lib/lxc/' + name + '/config', 'w+') f.write(lxcConfig) f.close() subprocess.call(['/usr/bin/lxc-start', '-d', '-n', name]) pass return json.dumps({'status': 'created endpoint'})
def test_bridge_fd_leaks(self): ifs = [] for _ in range(RESPAWNS): ifs.append(uifname()) with IPDB() as ipdb: for name in ifs: ipdb.create(ifname=name, kind="bridge").commit() with IPDB() as ipdb: for name in ifs: ipdb.interfaces[name].remove().commit()
def create_veth_path(fd): ip = IPDB() # create interface pair ip.create(ifname='pycoz0', kind='veth', peer='pycoz1').commit() ip.release() setup_ip('pycoz0', '10.0.0.1/24') # move peer to netns ip = IPDB() with ip.interfaces.pycoz1 as veth: veth.net_ns_fd = os.open(fd, os.O_RDONLY) # don't forget to release before exit return ip
def test_create(self): require_user('root') nsid = str(uuid4()) ipdb_main = IPDB() ipdb_test = IPDB(nl=NetNS(nsid)) if1 = uifname() if2 = uifname() # create VETH pair ipdb_main.create(ifname=if1, kind='veth', peer=if2).commit() # move the peer to netns with ipdb_main.interfaces[if2] as veth: veth.net_ns_fd = nsid # assign addresses with ipdb_main.interfaces[if1] as veth: veth.add_ip('172.16.200.1/24') veth.up() with ipdb_test.interfaces[if2] as veth: veth.add_ip('172.16.200.2/24') veth.up() # ping peer try: with open('/dev/null', 'w') as fnull: subprocess.check_call(['ping', '-c', '1', '172.16.200.2'], stdout=fnull, stderr=fnull) ret_ping = True except Exception: ret_ping = False # check ARP time.sleep(0.5) ret_arp = '172.16.200.1' in list(ipdb_test.interfaces[if2].neighbours) # ret_arp = list(ipdb_test.interfaces.v0p1.neighbours) # cleanup ipdb_main.interfaces[if1].remove().commit() ipdb_main.release() ipdb_test.release() netnsmod.remove(nsid) assert ret_ping assert ret_arp assert nsid not in netnsmod.listnetns()
def connect(self, netnspath=None): """Initializa a IPDB object local or over remote netns Args: param1 (string): The netns path to connect for remote management """ try: if netnspath: self.ipdb_controller = IPDB(nl=NetNS(netnspath)) else: self.ipdb_controller = IPDB() except Exception: logging.error('Cannot connect to the namespace indicate') return
def __init__(self, client=None): self.wg_kernel = module_loaded('wireguard') self.wg = WireGuard() if self.wg_kernel else WireguardGo() self.ipdb = IPDB() self.routes = Routes() self.client = client
def ipv6_address(ifname): with IPDB() as ipdb: addrset = [x[0] for x in ipdb.interfaces[ifname].ipaddr if ':' in x[0] and not x[0].startswith('fe')] if len(addrset) > 0: # Should return the first IPv6 address of the interface...if there are any return addrset[0]
def main(): fields = { "ifname": {"required": True, "type": "str"}, "mcast_group": {"required": True, "type": "str"}, "vxlan_link": {"required": True, "type": "str"}, "vni": {"required": True, "type": "str"}, "state": { "default": "present", "choices": ['present', 'absent'], "type": 'str' }, } module = AnsibleModule(argument_spec=fields) #response = {"interface": " already exists"} #response = {"interface": module.params['ifname'] } #module.exit_json(changed=False, meta=response) ip = IPDB() if module.params['state'] == 'present': if module.params['ifname'] in ip.by_name.keys(): response = {"interface": module.params['ifname'] + " already exists"} module.exit_json(changed=False, meta=response) else: with ip.create(ifname=module.params['ifname'], kind='vxlan', vxlan_link=ip.interfaces[module.params['vxlan_link']], vxlan_id=int(module.params['vni']), vxlan_group=module.params['mcast_group'], vxlan_ttl=16) as i: i.up() response = {"interface": module.params['ifname'] + " created"} module.exit_json(changed=False, meta=response)
def main(ifnum): with IPDB() as ip: for i in range(ifnum): try: # create ports for k in range(30): with ip.create(kind='dummy', ifname='test-%ip%i' % (i, k)) as t: t.up() # create bridge, bring it up and add ports with ip.create(kind='bridge', ifname='test-%i' % i) as t: for k in range(30): t.add_port(ip.interfaces['test-%ip%i' % (i, k)]['index']) t.up() # add a network one ip by one for k in range(2, 254): with ip.interfaces['test-%i' % i] as t: t.add_ip('172.16.%i.%i/24' % (i, k)) # add a network at once (compare in line-profiler) with ip.interfaces['test-%i' % i] as t: for k in range(2, 254): t.add_ip('172.16.%i.%i/24' % (i + ifnum + 1, k)) except: pass for i in range(ifnum): try: for k in range(30): if 'test-%ip%i' % (i, k) in ip.interfaces: ip.interfaces['test-%ip%i' % (i, k)].remove().commit() if 'test-%i' % i in ip.interfaces: ip.interfaces['test-%i' % i].remove().commit() except: pass
def delete_vrf(self, vrf_id): """ """ with IPDB() as ipdb: with ipdb.interfaces[vrf_id] as i: i.down() i.remove()
def main(): global arpcache, neighborcache, modgatecnt, ipdb, event_callback, bess, ipr # for holding unresolved ARP queries arpcache = {} # for holding list of registered neighbors neighborcache = {} # for holding gate count per route module modgatecnt = {} # for interacting with kernel ipdb = IPDB() ipr = IPRoute() # for bess client bess = BESS() # connect to bessd connect_bessd() # program current routes bootstrap_routes() # listen for netlink events print('Registering netlink event listener callback...'), event_callback = ipdb.register_callback(netlink_event_listener) print('Done.') signal.signal(signal.SIGHUP, reconfigure) signal.signal(signal.SIGINT, cleanup) signal.signal(signal.SIGTERM, cleanup) signal.pause()
def setup(self): self.ipdb = IPDB() self.io = io.BytesIO() self.con = subprocess.Popen(['python', '%s/bin/ipdb' % TMPDIR], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
def _add_namespace(self, name, address, netmaskLength): """ Creates a namespace with the given name, and creates a veth interface with one endpoint inside the namespace which has the given address and netmask length. The peer end of veth interface can be used to connect the namespace to a bridge. """ self._remove_namespace_if_exists(name) netns.create(name) veth_name = "veth0" _remove_interface_if_exists(self.vethPeer) # Create the veth pair and set one endpoint to the namespace. with IPRoute() as ipr: ipr.link('add', ifname=veth_name, kind='veth', peer=self.vethPeer) idx = ipr.link_lookup(ifname=veth_name)[0] ipr.link('set', index=idx, net_ns_fd=name) # Assign address to the veth interface and bring it up. with IPDB(nl=NetNS(name)) as ipdb: with ipdb.interfaces[veth_name] as veth: veth.add_ip('%s/%d' % ( address, netmaskLength, )) veth.up() # Bring the loopback interface up. with ipdb.interfaces['lo'] as lo: lo.up()
def setup(self): require_user('root') require_executable('busybox') self.ip = IPDB() # create internal network self.if1 = 'dh1-%i' % os.getpid() self.if2 = 'dh2-%i' % os.getpid() self.ip.create(kind='veth', ifname=self.if1, peer=self.if2).commit() # set interfaces up with self.ip.interfaces[self.if1] as i: i.add_ip('172.16.101.1/24') i.up() with self.ip.interfaces[self.if2] as i: i.up() # prepare configuration for udhcpd with open('udhcpd.conf.in', 'r') as conf_in: with open('udhcpd.conf', 'w') as conf_out: conf_out.write('interface %s\n' % self.if1) conf_out.write(conf_in.read()) # run busybox dhcp server on $if1 with open(os.devnull, 'w') as fnull: subprocess.check_call(['busybox', 'udhcpd', 'udhcpd.conf'], stdout=fnull, stderr=fnull)
def setup(self): self.ifname = uifname() self.ip = IPDB(mode='direct') try: self.ip.create(ifname=self.ifname, kind='dummy') except: pass
def test_create_vxlan(self): require_user('root') ifL = self.get_ifname() ifV = self.get_ifname() ifdb = self.ip.interfaces self.ip.create(kind='dummy', ifname=ifL).commit() self.ip.create(kind='vxlan', ifname=ifV, vxlan_link=ifdb[ifL], vxlan_id=101, vxlan_group='239.1.1.1').commit() ip2 = IPDB() ifdb = ip2.interfaces try: assert ifdb[ifV].vxlan_link == ifdb[ifL].index assert ifdb[ifV].vxlan_group == '239.1.1.1' assert ifdb[ifV].vxlan_id == 101 except Exception: raise finally: ip2.release()
def setup(self): self.ap = AddrPool() self.iftmp = 'pr2x{0}' self.ifaces = [] self.ifd = self.get_ifname() create_link(self.ifd, kind='dummy') self.ip = IPDB(mode=self.mode)
def test_fail_released(self): ip = IPDB() ip.release() try: ip.interfaces.lo.up() except RuntimeError: pass
def apply(self, image_id, command, cpu_limit, memory_limit): if not utils.can_chroot(): raise PermissionError('chroot requires root privileges') image_volume = Volume.get_image(image_id) container_volume = create(CONTAINER) copy(image_volume, container_volume) cmd_file_path = \ container_volume.path() / CONTAINER.properties['command'] cmd_file_path.write_text(' '.join(command) + '\n') cgroup = utils.create_cgroup(container_volume.id, cpu_limit, memory_limit) with IPDB() as ipdb: netns_names = utils.create_netns(container_volume.id, ipdb) def preexec(): cgroup.add(os.getpid()) netns.setns(netns_names.netns) try: Run._run_process(container_volume, command, preexec) finally: utils.delete_netns(netns_names, ipdb)
def get_wg_interfaces(): with IPDB() as ipdb: current_interfaces = [ k for k, v in ipdb.by_name.items() if re.match(WG_NAME_PATTERN, k) ] return current_interfaces
def __init__(self, vswitch_instance, ns_info): self.__ns_info = ns_info self.name = ns_info['name'] self.ip = IPRoute() # self.ipdb = IPDB(nl=NetNS(self.name)) self.main_ipdb = IPDB() self.__vswitch = vswitch_instance
def liveness_status(self): data = 'ok' no_limit = -1 try: with IPDB() as a: a.release() except Exception: error_message = 'IPDB not in working order.' LOG.error(error_message) return error_message, httplib.INTERNAL_SERVER_ERROR, self.headers if CONF.cni_health_server.max_memory_usage != no_limit: mem_usage = _get_memsw_usage(_get_cni_cgroup_path()) if mem_usage > CONF.cni_health_server.max_memory_usage: err_message = 'CNI daemon exceeded maximum memory usage.' LOG.error(err_message) return err_message, httplib.INTERNAL_SERVER_ERROR, self.headers with self._components_healthy.get_lock(): if not self._components_healthy.value: err_message = 'Kuryr CNI components not healthy.' LOG.error(err_message) return err_message, httplib.INTERNAL_SERVER_ERROR, self.headers LOG.debug('Kuryr CNI Liveness verified.') return data, httplib.OK, self.headers
def manage_vrf_interfaces(args): """Add or removes interface from vrf Paramters --------- vrf_name : str The vrf name. interface : str The interface name. Returns ------- None """ with IPDB() as ipdb: with ipdb.interfaces[args.vrf_name] as vrf: if args.action == "add_interface": vrf.add_port(ipdb.interfaces[args.interface].index) logger.info(f"{args.interface} added to vrf {args.vrf_name}") if args.action == "remove_interface": subprocess.run(f"ip link set dev {args.interface} nomaster", shell=True) logger.info( f"{args.interface} removed from vrf {args.vrf_name}")
def test_create_gre(self): require_user('root') ifL = self.get_ifname() ifV = self.get_ifname() with self.ip.create(kind='dummy', ifname=ifL) as i: i.add_ip('172.16.0.1/24') i.up() self.ip.create(kind='gre', ifname=ifV, gre_local='172.16.0.1', gre_remote='172.16.0.2', gre_ttl=16).commit() ip2 = IPDB() ifdb = ip2.interfaces try: assert ifdb[ifV].gre_local == '172.16.0.1' assert ifdb[ifV].gre_remote == '172.16.0.2' assert ifdb[ifV].gre_ttl == 16 except Exception: raise finally: ip2.release()
def test_dummy0_unloaded(object): require_user('root') # firstly unload the dummy module with open(os.devnull, 'w') as fnull: subprocess.call(['modprobe', '-r', 'dummy'], stdout=fnull, stderr=fnull) ip = None try: # now create the dummy0 -- it will cause the # module autoload ip = IPDB() # that must succeed ip.create(ifname='dummy0', kind='dummy').commit() # just in case: the second attempt must fail on the # create() stage, even w/o any commit() try: ip.create(ifname='dummy0', kind='dummy') except CreateException: pass except Exception: raise finally: if ip is not None: ip.release()