def delete_listener(self, listener_id): self._check_listener_exists(listener_id) # check if that haproxy is still running and if stop it if os.path.exists(util.pid_path(listener_id)) and os.path.exists( os.path.join('/proc', util.get_haproxy_pid(listener_id))): cmd = "/usr/sbin/service haproxy-{0} stop".format(listener_id) try: subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.error("Failed to stop HAProxy service: %s", e) return webob.Response(json=dict( message="Error stopping haproxy", details=e.output), status=500) # parse config and delete stats socket try: cfg = self._parse_haproxy_file(listener_id) os.remove(cfg['stats_socket']) except Exception: pass # delete the ssl files try: shutil.rmtree(self._cert_dir(listener_id)) except Exception: pass # disable the service init_system = util.get_os_init_system() init_path = util.init_path(listener_id, init_system) if init_system == consts.INIT_SYSTEMD: init_disable_cmd = "systemctl disable haproxy-{list}".format( list=listener_id) elif init_system == consts.INIT_SYSVINIT: init_disable_cmd = "insserv -r {file}".format(file=init_path) elif init_system != consts.INIT_UPSTART: raise util.UnknownInitError() if init_system != consts.INIT_UPSTART: try: subprocess.check_output(init_disable_cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.error("Failed to disable haproxy-%(list)s service: " "%(err)s", {'list': listener_id, 'err': e}) return webob.Response(json=dict( message="Error disabling haproxy-{0} service".format( listener_id), details=e.output), status=500) # delete the directory + init script for that listener shutil.rmtree(util.haproxy_dir(listener_id)) if os.path.exists(init_path): os.remove(init_path) return webob.Response(json={'message': 'OK'})
def upload_lvs_listener_config(self, listener_id): stream = loadbalancer.Wrapped(flask.request.stream) NEED_CHECK = True if not os.path.exists(util.keepalived_lvs_dir()): os.makedirs(util.keepalived_lvs_dir()) if not os.path.exists(util.keepalived_backend_check_script_dir()): current_file_dir, _ = os.path.split(os.path.abspath(__file__)) try: script_dir = os.path.join( os.path.abspath(os.path.join(current_file_dir, '../..')), 'utils') assert True is os.path.exists(script_dir) assert True is os.path.exists( os.path.join(script_dir, CHECK_SCRIPT_NAME)) except Exception as e: raise exceptions.Conflict( description='%(file_name)s not Found for ' 'UDP Listener %(listener_id)s' % { 'file_name': CHECK_SCRIPT_NAME, 'listener_id': listener_id }) from e os.makedirs(util.keepalived_backend_check_script_dir()) shutil.copy2(os.path.join(script_dir, CHECK_SCRIPT_NAME), util.keepalived_backend_check_script_path()) os.chmod(util.keepalived_backend_check_script_path(), stat.S_IEXEC) # Based on current topology setting, only the amphora instances in # Active-Standby topology will create the directory below. So for # Single topology, it should not create the directory and the check # scripts for status change. if (CONF.controller_worker.loadbalancer_topology != consts.TOPOLOGY_ACTIVE_STANDBY): NEED_CHECK = False conf_file = util.keepalived_lvs_cfg_path(listener_id) flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC # mode 00644 mode = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH with os.fdopen(os.open(conf_file, flags, mode), 'wb') as f: b = stream.read(BUFFER) while b: f.write(b) b = stream.read(BUFFER) init_system = util.get_os_init_system() file_path = util.keepalived_lvs_init_path(init_system, listener_id) if init_system == consts.INIT_SYSTEMD: template = SYSTEMD_TEMPLATE # Render and install the network namespace systemd service util.install_netns_systemd_service() util.run_systemctl_command(consts.ENABLE, consts.AMP_NETNS_SVC_PREFIX) elif init_system == consts.INIT_UPSTART: template = UPSTART_TEMPLATE elif init_system == consts.INIT_SYSVINIT: template = SYSVINIT_TEMPLATE else: raise util.UnknownInitError() # Render and install the keepalivedlvs init script if init_system == consts.INIT_SYSTEMD: # mode 00644 mode = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH else: # mode 00755 mode = (stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH) keepalived_pid, vrrp_pid, check_pid = util.keepalived_lvs_pids_path( listener_id) if not os.path.exists(file_path): with os.fdopen(os.open(file_path, flags, mode), 'w') as text_file: text = template.render( keepalived_pid=keepalived_pid, vrrp_pid=vrrp_pid, check_pid=check_pid, keepalived_cmd=consts.KEEPALIVED_CMD, keepalived_cfg=util.keepalived_lvs_cfg_path(listener_id), amphora_nsname=consts.AMPHORA_NAMESPACE, amphora_netns=consts.AMP_NETNS_SVC_PREFIX, administrative_log_facility=( CONF.amphora_agent.administrative_log_facility), ) text_file.write(text) # Make sure the keepalivedlvs service is enabled on boot if init_system == consts.INIT_SYSTEMD: util.run_systemctl_command( consts.ENABLE, "octavia-keepalivedlvs-%s" % str(listener_id)) elif init_system == consts.INIT_SYSVINIT: init_enable_cmd = "insserv {file}".format(file=file_path) try: subprocess.check_output(init_enable_cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.debug( 'Failed to enable ' 'octavia-keepalivedlvs service: ' '%(err)s', {'err': str(e)}) return webob.Response(json=dict( message="Error enabling " "octavia-keepalivedlvs service", details=e.output), status=500) if NEED_CHECK: # inject the check script for keepalived process script_path = os.path.join(util.keepalived_check_scripts_dir(), KEEPALIVED_CHECK_SCRIPT_NAME) if not os.path.exists(script_path): if not os.path.exists(util.keepalived_check_scripts_dir()): os.makedirs(util.keepalived_check_scripts_dir()) with os.fdopen(os.open(script_path, flags, stat.S_IEXEC), 'w') as script_file: text = check_script_file_template.render( consts=consts, init_system=init_system, keepalived_lvs_pid_dir=util.keepalived_lvs_dir()) script_file.write(text) util.vrrp_check_script_update(None, consts.AMP_ACTION_START) res = webob.Response(json={'message': 'OK'}, status=200) res.headers['ETag'] = stream.get_md5() return res
def delete_lvs_listener(self, listener_id): try: self._check_lvs_listener_exists(listener_id) except exceptions.HTTPException: return webob.Response(json={'message': 'OK'}) # check if that keepalived is still running and if stop it keepalived_pid, vrrp_pid, check_pid = util.keepalived_lvs_pids_path( listener_id) if os.path.exists(keepalived_pid) and os.path.exists( os.path.join('/proc', util.get_keepalivedlvs_pid(listener_id))): cmd = ("/usr/sbin/service " "octavia-keepalivedlvs-{0} stop".format(listener_id)) try: subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.error("Failed to stop keepalivedlvs service: %s", str(e)) return webob.Response(json=dict( message="Error stopping keepalivedlvs", details=e.output), status=500) # Since the lvs check script based on the keepalived pid file for # checking whether it is alived. So here, we had stop the keepalived # process by the previous step, must make sure the pid files are not # exist. if (os.path.exists(keepalived_pid) or os.path.exists(vrrp_pid) or os.path.exists(check_pid)): for pid in [keepalived_pid, vrrp_pid, check_pid]: os.remove(pid) # disable the service init_system = util.get_os_init_system() init_path = util.keepalived_lvs_init_path(init_system, listener_id) if init_system == consts.INIT_SYSTEMD: util.run_systemctl_command( consts.DISABLE, "octavia-keepalivedlvs-%s" % str(listener_id)) elif init_system == consts.INIT_SYSVINIT: init_disable_cmd = "insserv -r {file}".format(file=init_path) elif init_system != consts.INIT_UPSTART: raise util.UnknownInitError() if init_system == consts.INIT_SYSVINIT: try: subprocess.check_output(init_disable_cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.error( "Failed to disable " "octavia-keepalivedlvs-%(list)s service: " "%(err)s", { 'list': listener_id, 'err': str(e) }) return webob.Response(json=dict( message=("Error disabling octavia-keepalivedlvs-" "{0} service".format(listener_id)), details=e.output), status=500) # delete init script ,config file and log file for that listener if os.path.exists(init_path): os.remove(init_path) if os.path.exists(util.keepalived_lvs_cfg_path(listener_id)): os.remove(util.keepalived_lvs_cfg_path(listener_id)) return webob.Response(json={'message': 'OK'})
def upload_haproxy_config(self, amphora_id, listener_id): """Upload the haproxy config :param amphora_id: The id of the amphora to update :param listener_id: The id of the listener """ stream = Wrapped(flask.request.stream) # We have to hash here because HAProxy has a string length limitation # in the configuration file "peer <peername>" lines peer_name = octavia_utils.base64_sha1_string(amphora_id).rstrip('=') if not os.path.exists(util.haproxy_dir(listener_id)): os.makedirs(util.haproxy_dir(listener_id)) name = os.path.join(util.haproxy_dir(listener_id), 'haproxy.cfg.new') flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC # mode 00600 mode = stat.S_IRUSR | stat.S_IWUSR b = stream.read(BUFFER) s_io = io.StringIO() while b: # Write haproxy configuration to StringIO s_io.write(b.decode('utf8')) b = stream.read(BUFFER) # Since haproxy user_group is now auto-detected by the amphora agent, # remove it from haproxy configuration in case it was provided # by an older Octavia controller. This is needed in order to prevent # a duplicate entry for 'group' in haproxy configuration, which will # result an error when haproxy starts. new_config = re.sub(r"\s+group\s.+", "", s_io.getvalue()) # Handle any haproxy version compatibility issues new_config = haproxy_compatibility.process_cfg_for_version_compat( new_config) with os.fdopen(os.open(name, flags, mode), 'w') as file: file.write(new_config) # use haproxy to check the config cmd = "haproxy -c -L {peer} -f {config_file} -f {haproxy_ug}".format( config_file=name, peer=peer_name, haproxy_ug=consts.HAPROXY_USER_GROUP_CFG) try: subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.error("Failed to verify haproxy file: %s %s", e, e.output) # Save the last config that failed validation for debugging os.rename(name, ''.join([name, '-failed'])) return webob.Response(json=dict(message="Invalid request", details=e.output), status=400) # file ok - move it os.rename(name, util.config_path(listener_id)) try: init_system = util.get_os_init_system() LOG.debug('Found init system: %s', init_system) init_path = util.init_path(listener_id, init_system) if init_system == consts.INIT_SYSTEMD: template = SYSTEMD_TEMPLATE # Render and install the network namespace systemd service util.install_netns_systemd_service() util.run_systemctl_command( consts.ENABLE, consts.AMP_NETNS_SVC_PREFIX + '.service') elif init_system == consts.INIT_UPSTART: template = UPSTART_TEMPLATE elif init_system == consts.INIT_SYSVINIT: template = SYSVINIT_TEMPLATE init_enable_cmd = "insserv {file}".format(file=init_path) else: raise util.UnknownInitError() except util.UnknownInitError: LOG.error("Unknown init system found.") return webob.Response(json=dict( message="Unknown init system in amphora", details="The amphora image is running an unknown init " "system. We can't create the init configuration " "file for the load balancing process."), status=500) if init_system == consts.INIT_SYSTEMD: # mode 00644 mode = (stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) else: # mode 00755 mode = (stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH) hap_major, hap_minor = haproxy_compatibility.get_haproxy_versions() if not os.path.exists(init_path): with os.fdopen(os.open(init_path, flags, mode), 'w') as text_file: text = template.render( peer_name=peer_name, haproxy_pid=util.pid_path(listener_id), haproxy_cmd=util.CONF.haproxy_amphora.haproxy_cmd, haproxy_cfg=util.config_path(listener_id), haproxy_user_group_cfg=consts.HAPROXY_USER_GROUP_CFG, respawn_count=util.CONF.haproxy_amphora.respawn_count, respawn_interval=( util.CONF.haproxy_amphora.respawn_interval), amphora_netns=consts.AMP_NETNS_SVC_PREFIX, amphora_nsname=consts.AMPHORA_NAMESPACE, HasIFUPAll=self._osutils.has_ifup_all(), haproxy_major_version=hap_major, haproxy_minor_version=hap_minor) text_file.write(text) # Make sure the new service is enabled on boot if init_system == consts.INIT_SYSTEMD: util.run_systemctl_command( consts.ENABLE, "haproxy-{list}".format(list=listener_id)) elif init_system == consts.INIT_SYSVINIT: try: subprocess.check_output(init_enable_cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.error( "Failed to enable haproxy-%(list)s service: " "%(err)s %(out)s", { 'list': listener_id, 'err': e, 'out': e.output }) return webob.Response(json=dict( message="Error enabling haproxy-{0} service".format( listener_id), details=e.output), status=500) res = webob.Response(json={'message': 'OK'}, status=202) res.headers['ETag'] = stream.get_md5() return res
def delete_listener(self, listener_id): try: self._check_listener_exists(listener_id) except exceptions.HTTPException: return webob.Response(json={'message': 'OK'}) # check if that haproxy is still running and if stop it if os.path.exists(util.pid_path(listener_id)) and os.path.exists( os.path.join('/proc', util.get_haproxy_pid(listener_id))): cmd = "/usr/sbin/service haproxy-{0} stop".format(listener_id) try: subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.error("Failed to stop haproxy-%s service: %s %s", listener_id, e, e.output) return webob.Response(json=dict( message="Error stopping haproxy", details=e.output), status=500) # parse config and delete stats socket try: cfg = self._parse_haproxy_file(listener_id) os.remove(cfg['stats_socket']) except Exception: pass # Since this script should be deleted at LB delete time # we can check for this path to see if VRRP is enabled # on this amphora and not write the file if VRRP is not in use if os.path.exists(util.keepalived_check_script_path()): self.vrrp_check_script_update(listener_id, action=consts.AMP_ACTION_STOP) # delete the ssl files try: shutil.rmtree(self._cert_dir(listener_id)) except Exception: pass # disable the service init_system = util.get_os_init_system() init_path = util.init_path(listener_id, init_system) if init_system == consts.INIT_SYSTEMD: util.run_systemctl_command( consts.DISABLE, "haproxy-{list}".format(list=listener_id)) elif init_system == consts.INIT_SYSVINIT: init_disable_cmd = "insserv -r {file}".format(file=init_path) elif init_system != consts.INIT_UPSTART: raise util.UnknownInitError() if init_system == consts.INIT_SYSVINIT: try: subprocess.check_output(init_disable_cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.error( "Failed to disable haproxy-%(list)s service: " "%(err)s %(out)s", { 'list': listener_id, 'err': e, 'out': e.output }) return webob.Response(json=dict( message="Error disabling haproxy-{0} service".format( listener_id), details=e.output), status=500) # delete the directory + init script for that listener shutil.rmtree(util.haproxy_dir(listener_id)) if os.path.exists(init_path): os.remove(init_path) return webob.Response(json={'message': 'OK'})
def upload_keepalived_config(self): stream = listener.Wrapped(flask.request.stream) if not os.path.exists(util.keepalived_dir()): os.makedirs(util.keepalived_dir()) os.makedirs(util.keepalived_check_scripts_dir()) conf_file = util.keepalived_cfg_path() flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC # mode 00644 mode = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH with os.fdopen(os.open(conf_file, flags, mode), 'wb') as f: b = stream.read(BUFFER) while b: f.write(b) b = stream.read(BUFFER) init_system = util.get_os_init_system() file_path = util.keepalived_init_path(init_system) if init_system == consts.INIT_SYSTEMD: template = SYSTEMD_TEMPLATE init_enable_cmd = "systemctl enable octavia-keepalived" # Render and install the network namespace systemd service util.install_netns_systemd_service() util.run_systemctl_command(consts.ENABLE, consts.AMP_NETNS_SVC_PREFIX) elif init_system == consts.INIT_UPSTART: template = UPSTART_TEMPLATE elif init_system == consts.INIT_SYSVINIT: template = SYSVINIT_TEMPLATE init_enable_cmd = "insserv {file}".format(file=file_path) else: raise util.UnknownInitError() if init_system == consts.INIT_SYSTEMD: # mode 00644 mode = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH else: # mode 00755 mode = (stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH) if not os.path.exists(file_path): with os.fdopen(os.open(file_path, flags, mode), 'w') as text_file: text = template.render( keepalived_pid=util.keepalived_pid_path(), keepalived_cmd=consts.KEEPALIVED_CMD, keepalived_cfg=util.keepalived_cfg_path(), keepalived_log=util.keepalived_log_path(), amphora_nsname=consts.AMPHORA_NAMESPACE, amphora_netns=consts.AMP_NETNS_SVC_PREFIX, administrative_log_facility=( CONF.amphora_agent.administrative_log_facility), ) text_file.write(text) # Renders the Keepalived check script keepalived_path = util.keepalived_check_script_path() # mode 00755 mode = (stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH) open_obj = os.open(keepalived_path, flags, mode) with os.fdopen(open_obj, 'w') as text_file: text = check_script_template.render( check_scripts_dir=util.keepalived_check_scripts_dir()) text_file.write(text) # Make sure the new service is enabled on boot if init_system != consts.INIT_UPSTART: try: subprocess.check_output(init_enable_cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.debug( 'Failed to enable octavia-keepalived service: ' '%(err)s %(output)s', { 'err': e, 'output': e.output }) return webob.Response(json=dict( message="Error enabling octavia-keepalived service", details=e.output), status=500) res = webob.Response(json={'message': 'OK'}, status=200) res.headers['ETag'] = stream.get_md5() return res
def upload_haproxy_config(self, amphora_id, listener_id): """Upload the haproxy config :param amphora_id: The id of the amphora to update :param listener_id: The id of the listener """ stream = Wrapped(flask.request.stream) # We have to hash here because HAProxy has a string length limitation # in the configuration file "peer <peername>" lines peer_name = octavia_utils.base64_sha1_string(amphora_id).rstrip('=') if not os.path.exists(util.haproxy_dir(listener_id)): os.makedirs(util.haproxy_dir(listener_id)) name = os.path.join(util.haproxy_dir(listener_id), 'haproxy.cfg.new') flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC # mode 00600 mode = stat.S_IRUSR | stat.S_IWUSR with os.fdopen(os.open(name, flags, mode), 'wb') as file: b = stream.read(BUFFER) while (b): file.write(b) b = stream.read(BUFFER) # use haproxy to check the config cmd = "haproxy -c -L {peer} -f {config_file}".format(config_file=name, peer=peer_name) try: subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.error(_LE("Failed to verify haproxy file: %s"), e) os.remove(name) # delete file return flask.make_response( flask.jsonify(dict(message="Invalid request", details=e.output)), 400) # file ok - move it os.rename(name, util.config_path(listener_id)) try: init_system = util.get_os_init_system() LOG.debug('Found init system: {0}'.format(init_system)) init_path = util.init_path(listener_id, init_system) if init_system == consts.INIT_SYSTEMD: template = SYSTEMD_TEMPLATE init_enable_cmd = "systemctl enable haproxy-{list}".format( list=listener_id) elif init_system == consts.INIT_UPSTART: template = UPSTART_TEMPLATE elif init_system == consts.INIT_SYSVINIT: template = SYSVINIT_TEMPLATE init_enable_cmd = "insserv {file}".format(file=init_path) else: raise util.UnknownInitError() except util.UnknownInitError: LOG.error(_LE("Unknown init system found.")) return flask.make_response( flask.jsonify( dict( message="Unknown init system in amphora", details="The amphora image is running an unknown init " "system. We can't create the init configuration " "file for the load balancing process.")), 500) if init_system == consts.INIT_SYSTEMD: # mode 00644 mode = (stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) else: # mode 00755 mode = (stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH) if not os.path.exists(init_path): with os.fdopen(os.open(init_path, flags, mode), 'w') as text_file: text = template.render( peer_name=peer_name, haproxy_pid=util.pid_path(listener_id), haproxy_cmd=util.CONF.haproxy_amphora.haproxy_cmd, haproxy_cfg=util.config_path(listener_id), respawn_count=util.CONF.haproxy_amphora.respawn_count, respawn_interval=( util.CONF.haproxy_amphora.respawn_interval), amphora_nsname=consts.AMPHORA_NAMESPACE, HasIFUPAll=self._osutils.has_ifup_all()) text_file.write(text) # Make sure the new service is enabled on boot if init_system != consts.INIT_UPSTART: try: subprocess.check_output(init_enable_cmd.split(), stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: LOG.error( _LE("Failed to enable haproxy-%(list)s " "service: %(err)s"), { 'list': listener_id, 'err': e }) return flask.make_response( flask.jsonify( dict(message="Error enabling haproxy-{0} service". format(listener_id), details=e.output)), 500) res = flask.make_response(flask.jsonify({'message': 'OK'}), 202) res.headers['ETag'] = stream.get_md5() return res