def purge_orphans(self, dryrun=False): client = self._get_connection(use_master=not dryrun) ctx = neutron.context.get_admin_context() ports_with_groups = db_api.ports_with_security_groups_find(ctx).all() if dryrun: print() print("Purging orphans in dry run mode. Existing rules in Redis " "will be checked against those in the database. If any " "are found in Redis but lack matching database rules, " "they'll be deleted from the database.\n\nTo actually " "apply the groups, re-run with the --yarly flag.") print() print("Found %s ports with security groups" % len(ports_with_groups)) # Pre-spin the list of orphans vifs = {} for vif in client.vif_keys(): vifs[vif] = False if dryrun: print("Found %d VIFs in Redis" % len(vifs)) # Pop off the ones we find in the database for port in ports_with_groups: vif_key = client.vif_key(port["device_id"], port["mac_address"]) vifs.pop(vif_key, None) if dryrun: print("Found %d orphaned VIF rule sets" % len(vifs)) print('=' * 80) for orphan in vifs.keys(): if dryrun: print("VIF %s is orphaned" % orphan) else: for retry in xrange(self._retries): try: client.delete_key(orphan) break except q_exc.RedisConnectionFailure: time.sleep(self._retry_delay) client = self._get_connection(use_master=True, giveup=False) if dryrun: print('=' * 80) print() print("Re-run with --yarly to apply changes") print("Done!")
def write_groups(self, dryrun=False): client = self._get_connection(use_master=not dryrun) ctx = neutron.context.get_admin_context() ports_with_groups = db_api.ports_with_security_groups_find(ctx).all() if dryrun: print() print("Writing groups in dry run mode. Existing rules in Redis " "will be checked against those in the database, with a " "running report generated of all those that will be " "overwritten.\n\nTo actually apply the groups, re-run " "with the --yarly flag.") print() print("Found %s ports with security groups" % len(ports_with_groups)) if dryrun: vifs = len(client.vif_keys()) if vifs > 0: print("There are %d VIFs with rules in Redis, some of which " "may be overwritten!" % vifs) print() overwrite_count = 0 for port in ports_with_groups: mac = netaddr.EUI(port["mac_address"]) # Rather than loading everything in one giant chunk, we'll make # trips per port. group_ids = [g["id"] for g in port.security_groups] rules = db_api.security_group_rule_find(ctx, group_id=group_ids, scope=db_api.ALL) if dryrun: existing_rules = client.get_rules_for_port(port["device_id"], port["mac_address"]) if existing_rules: overwrite_count += 1 db_len = len(rules) existing_len = len(existing_rules["rules"]) print("== Port ID:%s - MAC:%s - Device ID:%s - " "Redis Rules:%d - DB Rules:%d" % (port["id"], mac, port["device_id"], existing_len, db_len)) if not dryrun: for retry in xrange(self._retries): try: payload = client.serialize_rules(rules) client.apply_rules( port["device_id"], port["mac_address"], payload) break except q_exc.RedisConnectionFailure: time.sleep(self._retry_delay) client = self._get_connection(use_master=True, giveup=False) if dryrun: print() print("Total number of VIFs to overwrite/were overwritten: %s" % overwrite_count) diff = vifs - overwrite_count if diff > 0: print("Orphaned VIFs in Redis:", diff) print("Run purge-orphans to clean then up") if dryrun: print("Total number of VIFs to write: %d" % len(ports_with_groups)) if dryrun: print('=' * 80) print("Re-run with --yarly to apply changes") print("Done!")
def write_groups(self, dryrun=False): client = self._get_connection(use_master=not dryrun) ctx = neutron.context.get_admin_context() ports_with_groups = db_api.ports_with_security_groups_find(ctx).all() if dryrun: print() print("Writing groups in dry run mode. Existing rules in Redis " "will be checked against those in the database, with a " "running report generated of all those that will be " "overwritten.\n\nTo actually apply the groups, re-run " "with the --yarly flag.") print() print("Found %s ports with security groups" % len(ports_with_groups)) if dryrun: vifs = len(client.vif_keys()) if vifs > 0: print("There are %d VIFs with rules in Redis, some of which " "may be overwritten!" % vifs) print() overwrite_count = 0 for port in ports_with_groups: mac = netaddr.EUI(port["mac_address"]) # Rather than loading everything in one giant chunk, we'll make # trips per port. group_ids = [g["id"] for g in port.security_groups] rules = db_api.security_group_rule_find(ctx, group_id=group_ids, scope=db_api.ALL) if dryrun: existing_rules = client.get_rules_for_port( port["device_id"], port["mac_address"]) if existing_rules: overwrite_count += 1 db_len = len(rules) existing_len = len(existing_rules["rules"]) print("== Port ID:%s - MAC:%s - Device ID:%s - " "Redis Rules:%d - DB Rules:%d" % (port["id"], mac, port["device_id"], existing_len, db_len)) if not dryrun: for retry in xrange(self._retries): try: payload = client.serialize_rules(rules) client.apply_rules(port["device_id"], port["mac_address"], payload) break except q_exc.RedisConnectionFailure: time.sleep(self._retry_delay) client = self._get_connection(use_master=True, giveup=False) if dryrun: print() print("Total number of VIFs to overwrite/were overwritten: %s" % overwrite_count) diff = vifs - overwrite_count if diff > 0: print("Orphaned VIFs in Redis:", diff) print("Run purge-orphans to clean then up") if dryrun: print("Total number of VIFs to write: %d" % len(ports_with_groups)) if dryrun: print('=' * 80) print("Re-run with --yarly to apply changes") print("Done!")