def main(args):
"""
"""
if args.action == "create":
# validate vrf does not already exist
vrf_exists = True
try:
with IPDB() as ipdb:
ipdb.interfaces[args.vrf_name].index
except KeyError:
vrf_exists = False
if vrf_exists:
logger.error(f"{args.vrf_name} already exists")
sys.exit()
# validate vrf table passed
if args.vrf_table == None:
logger.error("missing vrf_table")
sys.exit()
create_vrf(args.vrf_name, args.vrf_table)
if args.action == "delete":
delete_vrf(args)
if "interface" in args.action:
# check if interface exists
with IPDB() as ipdb:
try:
ipdb.interfaces[args.interface]
except KeyError:
logger.error(f"{args.interface} is invalid")
sys.exit()
manage_vrf_interfaces(args)
def test_create_peer_attrs(self):
foo = str(uuid4())
bar = str(uuid4())
ifA = uifname()
ifB = uifname()
netnsmod.create(foo)
netnsmod.create(bar)
with IPDB(nl=NetNS(foo)) as ip:
ip.create(ifname=ifA,
kind='veth',
peer={
'ifname': ifB,
'net_ns_fd': bar
}).commit()
assert ifA in ip.interfaces.keys()
assert ifB not in ip.interfaces.keys()
with IPDB(nl=NetNS(bar)) as ip:
assert ifA not in ip.interfaces.keys()
assert ifB in ip.interfaces.keys()
ip.interfaces[ifB].remove().commit()
assert ifA not in ip.interfaces.keys()
assert ifB not in ip.interfaces.keys()
with IPDB(nl=NetNS(foo)) as ip:
assert ifA not in ip.interfaces.keys()
assert ifB not in ip.interfaces.keys()
netnsmod.remove(foo)
netnsmod.remove(bar)
def test_move_ns_pid(self):
foo = str(uuid4())
bar = str(uuid4())
ifA = uifname()
netnsmod.create(foo)
netnsmod.create(bar)
ns_foo = IPDB(nl=NetNS(foo))
ns_bar = IPDB(nl=NetNS(bar))
try:
ns_foo.create(ifname=ifA, kind='dummy').commit()
with ns_foo.interfaces[ifA] as iface:
iface.net_ns_pid = ns_bar.nl.server.pid
assert ifA in ns_bar.interfaces.keys()
assert ifA not in ns_foo.interfaces.keys()
with ns_bar.interfaces[ifA] as iface:
iface.net_ns_pid = ns_foo.nl.server.pid
assert ifA not in ns_bar.interfaces.keys()
assert ifA in ns_foo.interfaces.keys()
finally:
ns_foo.release()
ns_bar.release()
netnsmod.remove(foo)
netnsmod.remove(bar)
def test_move_ns_fd(self):
foo = str(uuid4())
bar = str(uuid4())
ifA = uifname()
ifB = uifname()
netnsmod.create(foo)
netnsmod.create(bar)
with IPDB(nl=NetNS(foo)) as ip:
ip.create(ifname=ifA, kind='veth', peer=ifB).commit()
assert ifA in ip.interfaces.keys()
assert ifB in ip.interfaces.keys()
with ip.interfaces[ifB] as intf:
intf.net_ns_fd = bar
assert ifA in ip.interfaces.keys()
assert ifB not in ip.interfaces.keys()
with IPDB(nl=NetNS(bar)) as ip:
assert ifA not in ip.interfaces.keys()
assert ifB in ip.interfaces.keys()
ip.interfaces[ifB].remove().commit()
assert ifA not in ip.interfaces.keys()
assert ifB not in ip.interfaces.keys()
with IPDB(nl=NetNS(foo)) as ip:
assert ifA not in ip.interfaces.keys()
assert ifB not in ip.interfaces.keys()
netnsmod.remove(foo)
netnsmod.remove(bar)
def test_commit_barrier(self):
require_user('root')
ifname = uifname()
# barrier 0
try:
ip = IPDB()
config.commit_barrier = 0
ts1 = time.time()
ip.create(ifname=ifname, kind='dummy').commit()
ts2 = time.time()
assert 0 < (ts2 - ts1) < 1
except:
raise
finally:
config.commit_barrier = 0.2
ip.interfaces[ifname].remove().commit()
ip.release()
# barrier 5
try:
ip = IPDB()
config.commit_barrier = 5
ts1 = time.time()
ip.create(ifname=ifname, kind='dummy').commit()
ts2 = time.time()
assert 5 < (ts2 - ts1) < 6
except:
raise
finally:
config.commit_barrier = 0.2
ip.interfaces[ifname].remove().commit()
ip.release()
def createEndpoint(name, svcName, endpointtype):
if endpointtype == 'ns':
ip_host = IPDB()
ip_host.create(ifname=name, kind='veth',
peer=name + '_' + svcName).commit()
ip_ns = IPDB(nl=NetNS(name))
with ip_host.interfaces[name] as veth:
veth.net_ns_fd = name
veth.up()
with ip_host.interfaces[name + '_' + svcName] as veth:
veth.up()
subprocess.call(
["ovs-vsctl", "add-port", "vs-" + svcName, name + '_' + svcName])
ip_host.release()
ip_ns.release()
nsp = NSPopen(name,
['dhclient', '-lf', '/tmp/' + name + '.lease', name],
stdout=subprocess.PIPE)
nsp.wait()
nsp.release()
if endpointtype == 'lxc':
subprocess.call(['/usr/bin/lxc-clone', 'template', name])
lxcUpOvsScript = '#!/bin/bash\n'
lxcUpOvsScript += 'BRIDGE="vs-' + svcName + '"\n'
lxcUpOvsScript += 'ovs-vsctl --if-exists del-port $BRIDGE $5\n'
lxcUpOvsScript += 'ovs-vsctl add-port $BRIDGE $5\n'
f = open('/var/lib/lxc/' + name + '/ovsup.sh', 'w+')
f.write(lxcUpOvsScript)
f.close()
lxcDownOvsScript = '#!/bin/bash\n'
lxcDownOvsScript += 'BRIDGE="vs-' + svcName + '"\n'
lxcDownOvsScript += 'ovs-vsctl --if-exists del-port $BRIDGE $5\n'
f = open('/var/lib/lxc/' + name + '/ovsdown.sh', 'w+')
f.write(lxcDownOvsScript)
f.close()
os.chmod('/var/lib/lxc/' + name + '/ovsup.sh', stat.S_IRWXU)
os.chmod('/var/lib/lxc/' + name + '/ovsdown.sh', stat.S_IRWXU)
lxcConfig = 'lxc.include = /usr/share/lxc/config/ubuntu.common.conf\n'
lxcConfig += 'lxc.arch = x86_64\n'
lxcConfig += 'lxc.rootfs = /var/lib/lxc/' + name + '/rootfs\n'
lxcConfig += 'lxc.utsname = ' + name + '\n'
lxcConfig += 'lxc.network.type = veth\n'
lxcConfig += 'lxc.network.veth.pair = ' + name + '\n'
lxcConfig += 'lxc.network.script.up = /var/lib/lxc/' + name + '/ovsup.sh\n'
lxcConfig += 'lxc.network.script.down = /var/lib/lxc/' + name + '/ovsdown.sh\n'
lxcConfig += 'lxc.network.flags = up\n'
f = open('/var/lib/lxc/' + name + '/config', 'w+')
f.write(lxcConfig)
f.close()
subprocess.call(['/usr/bin/lxc-start', '-d', '-n', name])
pass
return json.dumps({'status': 'created endpoint'})
def test_bridge_fd_leaks(self):
ifs = []
for _ in range(RESPAWNS):
ifs.append(uifname())
with IPDB() as ipdb:
for name in ifs:
ipdb.create(ifname=name, kind="bridge").commit()
with IPDB() as ipdb:
for name in ifs:
ipdb.interfaces[name].remove().commit()
def create_veth_path(fd):
ip = IPDB()
# create interface pair
ip.create(ifname='pycoz0', kind='veth', peer='pycoz1').commit()
ip.release()
setup_ip('pycoz0', '10.0.0.1/24')
# move peer to netns
ip = IPDB()
with ip.interfaces.pycoz1 as veth:
veth.net_ns_fd = os.open(fd, os.O_RDONLY)
# don't forget to release before exit
return ip
def test_create(self):
require_user('root')
nsid = str(uuid4())
ipdb_main = IPDB()
ipdb_test = IPDB(nl=NetNS(nsid))
if1 = uifname()
if2 = uifname()
# create VETH pair
ipdb_main.create(ifname=if1, kind='veth', peer=if2).commit()
# move the peer to netns
with ipdb_main.interfaces[if2] as veth:
veth.net_ns_fd = nsid
# assign addresses
with ipdb_main.interfaces[if1] as veth:
veth.add_ip('172.16.200.1/24')
veth.up()
with ipdb_test.interfaces[if2] as veth:
veth.add_ip('172.16.200.2/24')
veth.up()
# ping peer
try:
with open('/dev/null', 'w') as fnull:
subprocess.check_call(['ping', '-c', '1', '172.16.200.2'],
stdout=fnull,
stderr=fnull)
ret_ping = True
except Exception:
ret_ping = False
# check ARP
time.sleep(0.5)
ret_arp = '172.16.200.1' in list(ipdb_test.interfaces[if2].neighbours)
# ret_arp = list(ipdb_test.interfaces.v0p1.neighbours)
# cleanup
ipdb_main.interfaces[if1].remove().commit()
ipdb_main.release()
ipdb_test.release()
netnsmod.remove(nsid)
assert ret_ping
assert ret_arp
assert nsid not in netnsmod.listnetns()
def connect(self, netnspath=None):
"""Initializa a IPDB object local or over remote netns
Args:
param1 (string): The netns path to connect for remote management
"""
try:
if netnspath:
self.ipdb_controller = IPDB(nl=NetNS(netnspath))
else:
self.ipdb_controller = IPDB()
except Exception:
logging.error('Cannot connect to the namespace indicate')
return
def __init__(self, client=None):
self.wg_kernel = module_loaded('wireguard')
self.wg = WireGuard() if self.wg_kernel else WireguardGo()
self.ipdb = IPDB()
self.routes = Routes()
self.client = client
def ipv6_address(ifname):
with IPDB() as ipdb:
addrset = [x[0] for x in ipdb.interfaces[ifname].ipaddr
if ':' in x[0] and not x[0].startswith('fe')]
if len(addrset) > 0:
# Should return the first IPv6 address of the interface...if there are any
return addrset[0]
def main():
fields = {
"ifname": {"required": True, "type": "str"},
"mcast_group": {"required": True, "type": "str"},
"vxlan_link": {"required": True, "type": "str"},
"vni": {"required": True, "type": "str"},
"state": {
"default": "present",
"choices": ['present', 'absent'],
"type": 'str'
},
}
module = AnsibleModule(argument_spec=fields)
#response = {"interface": " already exists"}
#response = {"interface": module.params['ifname'] }
#module.exit_json(changed=False, meta=response)
ip = IPDB()
if module.params['state'] == 'present':
if module.params['ifname'] in ip.by_name.keys():
response = {"interface": module.params['ifname'] + " already exists"}
module.exit_json(changed=False, meta=response)
else:
with ip.create(ifname=module.params['ifname'],
kind='vxlan',
vxlan_link=ip.interfaces[module.params['vxlan_link']],
vxlan_id=int(module.params['vni']),
vxlan_group=module.params['mcast_group'],
vxlan_ttl=16) as i:
i.up()
response = {"interface": module.params['ifname'] + " created"}
module.exit_json(changed=False, meta=response)
def main(ifnum):
with IPDB() as ip:
for i in range(ifnum):
try:
# create ports
for k in range(30):
with ip.create(kind='dummy',
ifname='test-%ip%i' % (i, k)) as t:
t.up()
# create bridge, bring it up and add ports
with ip.create(kind='bridge', ifname='test-%i' % i) as t:
for k in range(30):
t.add_port(ip.interfaces['test-%ip%i' %
(i, k)]['index'])
t.up()
# add a network one ip by one
for k in range(2, 254):
with ip.interfaces['test-%i' % i] as t:
t.add_ip('172.16.%i.%i/24' % (i, k))
# add a network at once (compare in line-profiler)
with ip.interfaces['test-%i' % i] as t:
for k in range(2, 254):
t.add_ip('172.16.%i.%i/24' % (i + ifnum + 1, k))
except:
pass
for i in range(ifnum):
try:
for k in range(30):
if 'test-%ip%i' % (i, k) in ip.interfaces:
ip.interfaces['test-%ip%i' % (i, k)].remove().commit()
if 'test-%i' % i in ip.interfaces:
ip.interfaces['test-%i' % i].remove().commit()
except:
pass
def delete_vrf(self, vrf_id):
"""
"""
with IPDB() as ipdb:
with ipdb.interfaces[vrf_id] as i:
i.down()
i.remove()
def main():
global arpcache, neighborcache, modgatecnt, ipdb, event_callback, bess, ipr
# for holding unresolved ARP queries
arpcache = {}
# for holding list of registered neighbors
neighborcache = {}
# for holding gate count per route module
modgatecnt = {}
# for interacting with kernel
ipdb = IPDB()
ipr = IPRoute()
# for bess client
bess = BESS()
# connect to bessd
connect_bessd()
# program current routes
bootstrap_routes()
# listen for netlink events
print('Registering netlink event listener callback...'),
event_callback = ipdb.register_callback(netlink_event_listener)
print('Done.')
signal.signal(signal.SIGHUP, reconfigure)
signal.signal(signal.SIGINT, cleanup)
signal.signal(signal.SIGTERM, cleanup)
signal.pause()
def setup(self):
self.ipdb = IPDB()
self.io = io.BytesIO()
self.con = subprocess.Popen(['python', '%s/bin/ipdb' % TMPDIR],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
def _add_namespace(self, name, address, netmaskLength):
"""
Creates a namespace with the given name, and creates a veth interface
with one endpoint inside the namespace which has the given address and
netmask length. The peer end of veth interface can be used to connect the
namespace to a bridge.
"""
self._remove_namespace_if_exists(name)
netns.create(name)
veth_name = "veth0"
_remove_interface_if_exists(self.vethPeer)
# Create the veth pair and set one endpoint to the namespace.
with IPRoute() as ipr:
ipr.link('add', ifname=veth_name, kind='veth', peer=self.vethPeer)
idx = ipr.link_lookup(ifname=veth_name)[0]
ipr.link('set', index=idx, net_ns_fd=name)
# Assign address to the veth interface and bring it up.
with IPDB(nl=NetNS(name)) as ipdb:
with ipdb.interfaces[veth_name] as veth:
veth.add_ip('%s/%d' % (
address,
netmaskLength,
))
veth.up()
# Bring the loopback interface up.
with ipdb.interfaces['lo'] as lo:
lo.up()
def setup(self):
require_user('root')
require_executable('busybox')
self.ip = IPDB()
# create internal network
self.if1 = 'dh1-%i' % os.getpid()
self.if2 = 'dh2-%i' % os.getpid()
self.ip.create(kind='veth', ifname=self.if1, peer=self.if2).commit()
# set interfaces up
with self.ip.interfaces[self.if1] as i:
i.add_ip('172.16.101.1/24')
i.up()
with self.ip.interfaces[self.if2] as i:
i.up()
# prepare configuration for udhcpd
with open('udhcpd.conf.in', 'r') as conf_in:
with open('udhcpd.conf', 'w') as conf_out:
conf_out.write('interface %s\n' % self.if1)
conf_out.write(conf_in.read())
# run busybox dhcp server on $if1
with open(os.devnull, 'w') as fnull:
subprocess.check_call(['busybox', 'udhcpd', 'udhcpd.conf'],
stdout=fnull,
stderr=fnull)
def setup(self):
self.ifname = uifname()
self.ip = IPDB(mode='direct')
try:
self.ip.create(ifname=self.ifname, kind='dummy')
except:
pass
def test_create_vxlan(self):
require_user('root')
ifL = self.get_ifname()
ifV = self.get_ifname()
ifdb = self.ip.interfaces
self.ip.create(kind='dummy', ifname=ifL).commit()
self.ip.create(kind='vxlan',
ifname=ifV,
vxlan_link=ifdb[ifL],
vxlan_id=101,
vxlan_group='239.1.1.1').commit()
ip2 = IPDB()
ifdb = ip2.interfaces
try:
assert ifdb[ifV].vxlan_link == ifdb[ifL].index
assert ifdb[ifV].vxlan_group == '239.1.1.1'
assert ifdb[ifV].vxlan_id == 101
except Exception:
raise
finally:
ip2.release()
def setup(self):
self.ap = AddrPool()
self.iftmp = 'pr2x{0}'
self.ifaces = []
self.ifd = self.get_ifname()
create_link(self.ifd, kind='dummy')
self.ip = IPDB(mode=self.mode)
def test_fail_released(self):
ip = IPDB()
ip.release()
try:
ip.interfaces.lo.up()
except RuntimeError:
pass
def apply(self, image_id, command, cpu_limit, memory_limit):
if not utils.can_chroot():
raise PermissionError('chroot requires root privileges')
image_volume = Volume.get_image(image_id)
container_volume = create(CONTAINER)
copy(image_volume, container_volume)
cmd_file_path = \
container_volume.path() / CONTAINER.properties['command']
cmd_file_path.write_text(' '.join(command) + '\n')
cgroup = utils.create_cgroup(container_volume.id, cpu_limit,
memory_limit)
with IPDB() as ipdb:
netns_names = utils.create_netns(container_volume.id, ipdb)
def preexec():
cgroup.add(os.getpid())
netns.setns(netns_names.netns)
try:
Run._run_process(container_volume, command, preexec)
finally:
utils.delete_netns(netns_names, ipdb)
def get_wg_interfaces():
with IPDB() as ipdb:
current_interfaces = [
k for k, v in ipdb.by_name.items()
if re.match(WG_NAME_PATTERN, k)
]
return current_interfaces
def __init__(self, vswitch_instance, ns_info):
self.__ns_info = ns_info
self.name = ns_info['name']
self.ip = IPRoute()
# self.ipdb = IPDB(nl=NetNS(self.name))
self.main_ipdb = IPDB()
self.__vswitch = vswitch_instance
def liveness_status(self):
data = 'ok'
no_limit = -1
try:
with IPDB() as a:
a.release()
except Exception:
error_message = 'IPDB not in working order.'
LOG.error(error_message)
return error_message, httplib.INTERNAL_SERVER_ERROR, self.headers
if CONF.cni_health_server.max_memory_usage != no_limit:
mem_usage = _get_memsw_usage(_get_cni_cgroup_path())
if mem_usage > CONF.cni_health_server.max_memory_usage:
err_message = 'CNI daemon exceeded maximum memory usage.'
LOG.error(err_message)
return err_message, httplib.INTERNAL_SERVER_ERROR, self.headers
with self._components_healthy.get_lock():
if not self._components_healthy.value:
err_message = 'Kuryr CNI components not healthy.'
LOG.error(err_message)
return err_message, httplib.INTERNAL_SERVER_ERROR, self.headers
LOG.debug('Kuryr CNI Liveness verified.')
return data, httplib.OK, self.headers
def manage_vrf_interfaces(args):
"""Add or removes interface from vrf
Paramters
---------
vrf_name : str
The vrf name.
interface : str
The interface name.
Returns
-------
None
"""
with IPDB() as ipdb:
with ipdb.interfaces[args.vrf_name] as vrf:
if args.action == "add_interface":
vrf.add_port(ipdb.interfaces[args.interface].index)
logger.info(f"{args.interface} added to vrf {args.vrf_name}")
if args.action == "remove_interface":
subprocess.run(f"ip link set dev {args.interface} nomaster",
shell=True)
logger.info(
f"{args.interface} removed from vrf {args.vrf_name}")
def test_create_gre(self):
require_user('root')
ifL = self.get_ifname()
ifV = self.get_ifname()
with self.ip.create(kind='dummy', ifname=ifL) as i:
i.add_ip('172.16.0.1/24')
i.up()
self.ip.create(kind='gre',
ifname=ifV,
gre_local='172.16.0.1',
gre_remote='172.16.0.2',
gre_ttl=16).commit()
ip2 = IPDB()
ifdb = ip2.interfaces
try:
assert ifdb[ifV].gre_local == '172.16.0.1'
assert ifdb[ifV].gre_remote == '172.16.0.2'
assert ifdb[ifV].gre_ttl == 16
except Exception:
raise
finally:
ip2.release()
def test_dummy0_unloaded(object):
require_user('root')
# firstly unload the dummy module
with open(os.devnull, 'w') as fnull:
subprocess.call(['modprobe', '-r', 'dummy'],
stdout=fnull,
stderr=fnull)
ip = None
try:
# now create the dummy0 -- it will cause the
# module autoload
ip = IPDB()
# that must succeed
ip.create(ifname='dummy0', kind='dummy').commit()
# just in case: the second attempt must fail on the
# create() stage, even w/o any commit()
try:
ip.create(ifname='dummy0', kind='dummy')
except CreateException:
pass
except Exception:
raise
finally:
if ip is not None:
ip.release()
