def purge_orphans(self, dryrun=False):
client = self._get_connection(use_master=not dryrun)
ctx = neutron.context.get_admin_context()
ports_with_groups = db_api.ports_with_security_groups_find(ctx).all()
if dryrun:
print()
print("Purging orphans in dry run mode. Existing rules in Redis "
"will be checked against those in the database. If any "
"are found in Redis but lack matching database rules, "
"they'll be deleted from the database.\n\nTo actually "
"apply the groups, re-run with the --yarly flag.")
print()
print("Found %s ports with security groups" %
len(ports_with_groups))
# Pre-spin the list of orphans
vifs = {}
for vif in client.vif_keys():
vifs[vif] = False
if dryrun:
print("Found %d VIFs in Redis" % len(vifs))
# Pop off the ones we find in the database
for port in ports_with_groups:
vif_key = client.vif_key(port["device_id"], port["mac_address"])
vifs.pop(vif_key, None)
if dryrun:
print("Found %d orphaned VIF rule sets" % len(vifs))
print('=' * 80)
for orphan in vifs.keys():
if dryrun:
print("VIF %s is orphaned" % orphan)
else:
for retry in xrange(self._retries):
try:
client.delete_key(orphan)
break
except q_exc.RedisConnectionFailure:
time.sleep(self._retry_delay)
client = self._get_connection(use_master=True,
giveup=False)
if dryrun:
print('=' * 80)
print()
print("Re-run with --yarly to apply changes")
print("Done!")
def purge_orphans(self, dryrun=False):
client = self._get_connection(use_master=not dryrun)
ctx = neutron.context.get_admin_context()
ports_with_groups = db_api.ports_with_security_groups_find(ctx).all()
if dryrun:
print()
print("Purging orphans in dry run mode. Existing rules in Redis "
"will be checked against those in the database. If any "
"are found in Redis but lack matching database rules, "
"they'll be deleted from the database.\n\nTo actually "
"apply the groups, re-run with the --yarly flag.")
print()
print("Found %s ports with security groups" %
len(ports_with_groups))
# Pre-spin the list of orphans
vifs = {}
for vif in client.vif_keys():
vifs[vif] = False
if dryrun:
print("Found %d VIFs in Redis" % len(vifs))
# Pop off the ones we find in the database
for port in ports_with_groups:
vif_key = client.vif_key(port["device_id"], port["mac_address"])
vifs.pop(vif_key, None)
if dryrun:
print("Found %d orphaned VIF rule sets" % len(vifs))
print('=' * 80)
for orphan in vifs.keys():
if dryrun:
print("VIF %s is orphaned" % orphan)
else:
for retry in xrange(self._retries):
try:
client.delete_key(orphan)
break
except q_exc.RedisConnectionFailure:
time.sleep(self._retry_delay)
client = self._get_connection(use_master=True,
giveup=False)
if dryrun:
print('=' * 80)
print()
print("Re-run with --yarly to apply changes")
print("Done!")
def write_groups(self, dryrun=False):
client = self._get_connection(use_master=not dryrun)
ctx = neutron.context.get_admin_context()
ports_with_groups = db_api.ports_with_security_groups_find(ctx).all()
if dryrun:
print()
print("Writing groups in dry run mode. Existing rules in Redis "
"will be checked against those in the database, with a "
"running report generated of all those that will be "
"overwritten.\n\nTo actually apply the groups, re-run "
"with the --yarly flag.")
print()
print("Found %s ports with security groups" %
len(ports_with_groups))
if dryrun:
vifs = len(client.vif_keys())
if vifs > 0:
print("There are %d VIFs with rules in Redis, some of which "
"may be overwritten!" % vifs)
print()
overwrite_count = 0
for port in ports_with_groups:
mac = netaddr.EUI(port["mac_address"])
# Rather than loading everything in one giant chunk, we'll make
# trips per port.
group_ids = [g["id"] for g in port.security_groups]
rules = db_api.security_group_rule_find(ctx, group_id=group_ids,
scope=db_api.ALL)
if dryrun:
existing_rules = client.get_rules_for_port(port["device_id"],
port["mac_address"])
if existing_rules:
overwrite_count += 1
db_len = len(rules)
existing_len = len(existing_rules["rules"])
print("== Port ID:%s - MAC:%s - Device ID:%s - "
"Redis Rules:%d - DB Rules:%d" %
(port["id"], mac, port["device_id"], existing_len,
db_len))
if not dryrun:
for retry in xrange(self._retries):
try:
payload = client.serialize_rules(rules)
client.apply_rules(
port["device_id"], port["mac_address"], payload)
break
except q_exc.RedisConnectionFailure:
time.sleep(self._retry_delay)
client = self._get_connection(use_master=True,
giveup=False)
if dryrun:
print()
print("Total number of VIFs to overwrite/were overwritten: %s" %
overwrite_count)
diff = vifs - overwrite_count
if diff > 0:
print("Orphaned VIFs in Redis:", diff)
print("Run purge-orphans to clean then up")
if dryrun:
print("Total number of VIFs to write: %d" %
len(ports_with_groups))
if dryrun:
print('=' * 80)
print("Re-run with --yarly to apply changes")
print("Done!")
def write_groups(self, dryrun=False):
client = self._get_connection(use_master=not dryrun)
ctx = neutron.context.get_admin_context()
ports_with_groups = db_api.ports_with_security_groups_find(ctx).all()
if dryrun:
print()
print("Writing groups in dry run mode. Existing rules in Redis "
"will be checked against those in the database, with a "
"running report generated of all those that will be "
"overwritten.\n\nTo actually apply the groups, re-run "
"with the --yarly flag.")
print()
print("Found %s ports with security groups" %
len(ports_with_groups))
if dryrun:
vifs = len(client.vif_keys())
if vifs > 0:
print("There are %d VIFs with rules in Redis, some of which "
"may be overwritten!" % vifs)
print()
overwrite_count = 0
for port in ports_with_groups:
mac = netaddr.EUI(port["mac_address"])
# Rather than loading everything in one giant chunk, we'll make
# trips per port.
group_ids = [g["id"] for g in port.security_groups]
rules = db_api.security_group_rule_find(ctx,
group_id=group_ids,
scope=db_api.ALL)
if dryrun:
existing_rules = client.get_rules_for_port(
port["device_id"], port["mac_address"])
if existing_rules:
overwrite_count += 1
db_len = len(rules)
existing_len = len(existing_rules["rules"])
print("== Port ID:%s - MAC:%s - Device ID:%s - "
"Redis Rules:%d - DB Rules:%d" %
(port["id"], mac, port["device_id"], existing_len,
db_len))
if not dryrun:
for retry in xrange(self._retries):
try:
payload = client.serialize_rules(rules)
client.apply_rules(port["device_id"],
port["mac_address"], payload)
break
except q_exc.RedisConnectionFailure:
time.sleep(self._retry_delay)
client = self._get_connection(use_master=True,
giveup=False)
if dryrun:
print()
print("Total number of VIFs to overwrite/were overwritten: %s" %
overwrite_count)
diff = vifs - overwrite_count
if diff > 0:
print("Orphaned VIFs in Redis:", diff)
print("Run purge-orphans to clean then up")
if dryrun:
print("Total number of VIFs to write: %d" % len(ports_with_groups))
if dryrun:
print('=' * 80)
print("Re-run with --yarly to apply changes")
print("Done!")
