def _finish_update(self, final=False): """ Config has been completely read. Called twice - once after reading from environment and config file (so we should be able to access etcd), and once after reading from etcd (so we have all the config ready to go). Responsible for : - storing the parameters in the relevant fields in the structure - validating the configuration is valid (for this stage in the process) - updating logging parameters Note that we complete the logging even before etcd configuration changes are read. Hence, for example, if logging to file is turned on after reading environment variables and config file, then the log file is created and logging to it starts - even if later on etcd configuration turns the file off. That's because we must log if etcd configuration load fails, and not having the log file early enough is worse. :param final: Have we completed (rather than just read env and config file) """ self.HOSTNAME = self.parameters["FelixHostname"].value self.ETCD_SCHEME = self.parameters["EtcdScheme"].value self.ETCD_ENDPOINTS = self.parameters["EtcdEndpoints"].value self.ETCD_KEY_FILE = self.parameters["EtcdKeyFile"].value self.ETCD_CERT_FILE = self.parameters["EtcdCertFile"].value self.ETCD_CA_FILE = self.parameters["EtcdCaFile"].value self.STARTUP_CLEANUP_DELAY = \ self.parameters["StartupCleanupDelay"].value self.RESYNC_INTERVAL = self.parameters["PeriodicResyncInterval"].value self.REFRESH_INTERVAL = \ self.parameters["IptablesRefreshInterval"].value self.HOST_IF_POLL_INTERVAL_SECS = \ self.parameters["HostInterfacePollInterval"].value self.METADATA_IP = self.parameters["MetadataAddr"].value self.METADATA_PORT = self.parameters["MetadataPort"].value self.IFACE_PREFIX = self.parameters["InterfacePrefix"].value self.DEFAULT_INPUT_CHAIN_ACTION = \ self.parameters["DefaultEndpointToHostAction"].value self.LOGFILE = self.parameters["LogFilePath"].value self.DRIVERLOGFILE = self.parameters["EtcdDriverLogFilePath"].value self.LOGLEVFILE = self.parameters["LogSeverityFile"].value self.LOGLEVSYS = self.parameters["LogSeveritySys"].value self.LOGLEVSCR = self.parameters["LogSeverityScreen"].value self.IP_IN_IP_ENABLED = self.parameters["IpInIpEnabled"].value self.IP_IN_IP_MTU = self.parameters["IpInIpMtu"].value self.IP_IN_IP_ADDR = self.parameters["IpInIpTunnelAddr"].value self.REPORTING_INTERVAL_SECS = \ self.parameters["ReportingIntervalSecs"].value self.REPORTING_TTL_SECS = self.parameters["ReportingTTLSecs"].value self.REPORT_ENDPOINT_STATUS = \ self.parameters["EndpointReportingEnabled"].value self.ENDPOINT_REPORT_DELAY = \ self.parameters["EndpointReportingDelaySecs"].value self.MAX_IPSET_SIZE = self.parameters["MaxIpsetSize"].value self.IPTABLES_GENERATOR_PLUGIN = \ self.parameters["IptablesGeneratorPlugin"].value self.IPTABLES_MARK_MASK =\ self.parameters["IptablesMarkMask"].value self.PROM_METRICS_ENABLED = \ self.parameters["PrometheusMetricsEnabled"].value self.PROM_METRICS_PORT = \ self.parameters["PrometheusMetricsPort"].value self.PROM_METRICS_DRIVER_PORT = \ self.parameters["EtcdDriverPrometheusMetricsPort"].value self.FAILSAFE_INBOUND_PORTS = \ self.parameters["FailsafeInboundHostPorts"].value self.FAILSAFE_OUTBOUND_PORTS = \ self.parameters["FailsafeOutboundHostPorts"].value self._validate_cfg(final=final) # Now calculate config options that rely on parameter validation. # Determine the ETCD addresses to use. endpoints = [x.strip() for x in self.ETCD_ENDPOINTS.split(",")] if len(endpoints[0]) > 0: self.ETCD_SCHEME = endpoints[0].split("://")[0] self.ETCD_ADDRS = [e.split("://")[1] for e in endpoints] else: self.ETCD_SCHEME = self.parameters["EtcdScheme"].value self.ETCD_ADDRS = [self.parameters["EtcdAddr"].value] # Generate the IPTables mark masks we'll actually use internally. # From least to most significant bits of the mask we use them for: # - signalling that a profile accepted a packet # - signalling that a packet should move to the next policy tier. mark_mask = self.IPTABLES_MARK_MASK set_bits = find_set_bits(mark_mask) self.IPTABLES_MARK_ACCEPT = "0x%x" % next(set_bits) self.IPTABLES_MARK_NEXT_TIER = "0x%x" % next(set_bits) for plugin in self.plugins.itervalues(): # Plugins don't get loaded and registered until we've read config # from the environment and file. This means that they don't get # passed config until the final time through this function. assert final, "Plugins should only be loaded on the final " \ "config pass" plugin.store_and_validate_config(self) # Update logging. common.complete_logging(self.LOGFILE, self.LOGLEVFILE, self.LOGLEVSYS, self.LOGLEVSCR, gevent_in_use=True) if final: # Log configuration - the whole lot of it. for name, parameter in self.parameters.iteritems(): log.info("Parameter %s (%s) has value %r read from %s", name, parameter.description, parameter.value, parameter.active_source)
def _finish_update(self, final=False): """ Config has been completely read. Called twice - once after reading from environment and config file (so we should be able to access etcd), and once after reading from etcd (so we have all the config ready to go). Responsible for : - storing the parameters in the relevant fields in the structure - validating the configuration is valid (for this stage in the process) - updating logging parameters Note that we complete the logging even before etcd configuration changes are read. Hence, for example, if logging to file is turned on after reading environment variables and config file, then the log file is created and logging to it starts - even if later on etcd configuration turns the file off. That's because we must log if etcd configuration load fails, and not having the log file early enough is worse. :param final: Have we completed (rather than just read env and config file) """ self.HOSTNAME = self.parameters["FelixHostname"].value self.ETCD_SCHEME = self.parameters["EtcdScheme"].value self.ETCD_ENDPOINTS = self.parameters["EtcdEndpoints"].value self.ETCD_KEY_FILE = self.parameters["EtcdKeyFile"].value self.ETCD_CERT_FILE = self.parameters["EtcdCertFile"].value self.ETCD_CA_FILE = self.parameters["EtcdCaFile"].value self.STARTUP_CLEANUP_DELAY = \ self.parameters["StartupCleanupDelay"].value self.RESYNC_INTERVAL = self.parameters["PeriodicResyncInterval"].value self.REFRESH_INTERVAL = \ self.parameters["IptablesRefreshInterval"].value self.HOST_IF_POLL_INTERVAL_SECS = \ self.parameters["HostInterfacePollInterval"].value self.METADATA_IP = self.parameters["MetadataAddr"].value self.METADATA_PORT = self.parameters["MetadataPort"].value self.IFACE_PREFIX = self.parameters["InterfacePrefix"].value self.DEFAULT_INPUT_CHAIN_ACTION = \ self.parameters["DefaultEndpointToHostAction"].value self.LOGFILE = self.parameters["LogFilePath"].value self.DRIVERLOGFILE = self.parameters["EtcdDriverLogFilePath"].value self.LOGLEVFILE = self.parameters["LogSeverityFile"].value self.LOGLEVSYS = self.parameters["LogSeveritySys"].value self.LOGLEVSCR = self.parameters["LogSeverityScreen"].value self.IP_IN_IP_ENABLED = self.parameters["IpInIpEnabled"].value self.IP_IN_IP_MTU = self.parameters["IpInIpMtu"].value self.IP_IN_IP_ADDR = self.parameters["IpInIpTunnelAddr"].value self.REPORTING_INTERVAL_SECS = \ self.parameters["ReportingIntervalSecs"].value self.REPORTING_TTL_SECS = self.parameters["ReportingTTLSecs"].value self.REPORT_ENDPOINT_STATUS = \ self.parameters["EndpointReportingEnabled"].value self.ENDPOINT_REPORT_DELAY = \ self.parameters["EndpointReportingDelaySecs"].value self.MAX_IPSET_SIZE = self.parameters["MaxIpsetSize"].value self.IPTABLES_GENERATOR_PLUGIN = \ self.parameters["IptablesGeneratorPlugin"].value self.IPTABLES_MARK_MASK =\ self.parameters["IptablesMarkMask"].value self.PROM_METRICS_ENABLED = \ self.parameters["PrometheusMetricsEnabled"].value self.PROM_METRICS_PORT = \ self.parameters["PrometheusMetricsPort"].value self.PROM_METRICS_DRIVER_PORT = \ self.parameters["EtcdDriverPrometheusMetricsPort"].value self.FAILSAFE_INBOUND_PORTS = \ self.parameters["FailsafeInboundHostPorts"].value self.FAILSAFE_OUTBOUND_PORTS = \ self.parameters["FailsafeOutboundHostPorts"].value self.ACTION_ON_DROP = self.parameters["DropActionOverride"].value self.IGNORE_LOOSE_RPF = self.parameters["IgnoreLooseRPF"].value self.CLUSTER_GUID = self.parameters["ClusterGUID"].value self.USAGE_REPORT = self.parameters["UsageReportingEnabled"].value self._validate_cfg(final=final) # Now calculate config options that rely on parameter validation. # Determine the ETCD addresses to use. endpoints = [x.strip() for x in self.ETCD_ENDPOINTS.split(",")] if len(endpoints[0]) > 0: self.ETCD_SCHEME = endpoints[0].split("://")[0] self.ETCD_ADDRS = [e.split("://")[1] for e in endpoints] else: self.ETCD_SCHEME = self.parameters["EtcdScheme"].value self.ETCD_ADDRS = [self.parameters["EtcdAddr"].value] # Generate the IPTables mark masks we'll actually use internally. # From least to most significant bits of the mask we use them for: # - signalling that a profile accepted a packet # - signalling that a packet should move to the next policy tier. mark_mask = self.IPTABLES_MARK_MASK set_bits = find_set_bits(mark_mask) self.IPTABLES_MARK_ACCEPT = "0x%x" % next(set_bits) self.IPTABLES_MARK_NEXT_TIER = "0x%x" % next(set_bits) for plugin in self.plugins.itervalues(): # Plugins don't get loaded and registered until we've read config # from the environment and file. This means that they don't get # passed config until the final time through this function. assert final, "Plugins should only be loaded on the final " \ "config pass" plugin.store_and_validate_config(self) # Update logging. common.complete_logging(self.LOGFILE, self.LOGLEVFILE, self.LOGLEVSYS, self.LOGLEVSCR, gevent_in_use=True) if final: # Log configuration - the whole lot of it. for name, parameter in self.parameters.iteritems(): log.info("Parameter %s (%s) has value %r read from %s", name, parameter.description, parameter.value, parameter.active_source)
def _finish_update(self, final=False): """ Config has been completely read. Called twice so that plugins have a chance to add their config parameters. Responsible for : - storing the parameters in the relevant fields in the structure - validating the configuration is valid (for this stage in the process) - updating logging parameters :param final: Have we completed (rather than just read env and config file) """ self.HOSTNAME = self.parameters["FelixHostname"].value self.STARTUP_CLEANUP_DELAY = \ self.parameters["StartupCleanupDelay"].value self.RESYNC_INTERVAL = self.parameters["PeriodicResyncInterval"].value self.REFRESH_INTERVAL = \ self.parameters["IptablesRefreshInterval"].value self.HOST_IF_POLL_INTERVAL_SECS = \ self.parameters["HostInterfacePollInterval"].value self.METADATA_IP = self.parameters["MetadataAddr"].value self.METADATA_PORT = self.parameters["MetadataPort"].value self.IFACE_PREFIX = self.parameters["InterfacePrefix"].value self.DEFAULT_INPUT_CHAIN_ACTION = \ self.parameters["DefaultEndpointToHostAction"].value self.LOGFILE = self.parameters["LogFilePath"].value self.LOGLEVFILE = self.parameters["LogSeverityFile"].value self.LOGLEVSYS = self.parameters["LogSeveritySys"].value self.LOGLEVSCR = self.parameters["LogSeverityScreen"].value self.IP_IN_IP_ENABLED = self.parameters["IpInIpEnabled"].value self.IP_IN_IP_MTU = self.parameters["IpInIpMtu"].value self.IP_IN_IP_ADDR = self.parameters["IpInIpTunnelAddr"].value self.REPORTING_INTERVAL_SECS = \ self.parameters["ReportingIntervalSecs"].value self.REPORT_ENDPOINT_STATUS = \ self.parameters["EndpointReportingEnabled"].value self.MAX_IPSET_SIZE = self.parameters["MaxIpsetSize"].value self.IPTABLES_GENERATOR_PLUGIN = \ self.parameters["IptablesGeneratorPlugin"].value self.IPTABLES_MARK_MASK =\ self.parameters["IptablesMarkMask"].value self.PROM_METRICS_ENABLED = \ self.parameters["PrometheusMetricsEnabled"].value self.PROM_METRICS_DRIVER_PORT = \ self.parameters["DataplaneDriverPrometheusMetricsPort"].value self.FAILSAFE_INBOUND_PORTS = \ self.parameters["FailsafeInboundHostPorts"].value self.FAILSAFE_OUTBOUND_PORTS = \ self.parameters["FailsafeOutboundHostPorts"].value self.ACTION_ON_DROP = self.parameters["DropActionOverride"].value self.LOG_PREFIX = self.parameters["LogPrefix"].value self.IGNORE_LOOSE_RPF = self.parameters["IgnoreLooseRPF"].value self.IPV6_SUPPORT = self.parameters["Ipv6Support"].value.lower() self.CHAIN_INSERT_MODE = self.parameters["ChainInsertMode"].value self._validate_cfg(final=final) # Now calculate config options that rely on parameter validation. # Generate the IPTables mark masks we'll actually use internally. # From least to most significant bits of the mask we use them for: # - signalling that a profile accepted a packet # - signalling that a packet should move to the next policy tier. mark_mask = self.IPTABLES_MARK_MASK set_bits = find_set_bits(mark_mask) self.IPTABLES_MARK_ACCEPT = "0x%x" % next(set_bits) self.IPTABLES_MARK_NEXT_TIER = "0x%x" % next(set_bits) self.IPTABLES_MARK_ENDPOINTS = "0x%x" % next(set_bits) for plugin in self.plugins.itervalues(): # Plugins don't get loaded and registered until we've read config # from the environment and file. This means that they don't get # passed config until the final time through this function. assert final, "Plugins should only be loaded on the final " \ "config pass" plugin.store_and_validate_config(self) # Update logging. common.complete_logging(self.LOGFILE, self.LOGLEVFILE, self.LOGLEVSYS, self.LOGLEVSCR, gevent_in_use=True) if final: # Log configuration - the whole lot of it. for name, parameter in self.parameters.iteritems(): log.info("Parameter %s (%s) has value %r", name, parameter.description, parameter.value)