« back to all changes in this revision
Viewing changes to nova/virt/libvirt_conn.py
- browse files at revision 462.1.1
- compare with another revision
- download diff
- download tarball
- view history from revision 462.1.1
- Committer: NTT PF Lab.
- Date: 2010-12-24 11:38:49 UTC
- mto: This revision was merged to the branch mainline in revision 564.
- Revision ID: openstack@lab.ntt.co.jp-20101224113849-z9nemzmki17bxnvw
SupportĀ IPv6
- files added:
- contrib/boto_v6
- contrib/boto_v6/ec2
- files modified:
- bin/nova-manage
added
removed
nova/virt/libvirt_conn.py
514
514
instance['id'])
515
515
# Assume that the gateway also acts as the dhcp server.
516
516
dhcp_server = network['gateway']
517
#TODO ipv6
518
ra_server = network['ra_server']
517
519
xml_info = {'type': FLAGS.libvirt_type,
518
520
'name': instance['name'],
519
521
'basepath': os.path.join(FLAGS.instances_path,
523
525
'bridge_name': network['bridge'],
524
526
'mac_address': instance['mac_address'],
525
527
'ip_address': ip_address,
526
'dhcp_server': dhcp_server}
528
'dhcp_server': dhcp_server,
529
'ra_server': ra_server}
527
530
if rescue:
528
531
libvirt_xml = self.rescue_xml % xml_info
529
532
else:
530
533
libvirt_xml = self.libvirt_xml % xml_info
534
531
535
logging.debug('instance %s: finished toXML method', instance['name'])
532
536
533
537
return libvirt_xml
701
705
<filterref filter='no-arp-spoofing'/>
702
706
<filterref filter='allow-dhcp-server'/>
703
707
<filterref filter='nova-allow-dhcp-server'/>
708
<filterref filter='nova-allow-ra-server'/>
704
709
<filterref filter='nova-base-ipv4'/>
705
710
<filterref filter='nova-base-ipv6'/>
706
711
</filter>'''
722
727
</rule>
723
728
</filter>'''
724
729
730
nova_ra_filter = '''<filter name='nova-allow-ra-server' chain='root'>
731
<uuid>d707fa71-4fb5-4b27-9ab7-ba5ca19c8804</uuid>
732
<rule action='accept' direction='inout'
733
priority='100'>
734
<icmpv6 srcipaddr='$RASERVER'/>
735
</rule>
736
</filter>'''
737
725
738
def nova_base_ipv4_filter(self):
726
739
retval = "<filter name='nova-base-ipv4' chain='ipv4'>"
727
740
for protocol in ['tcp', 'udp', 'icmp']:
736
749
737
750
def nova_base_ipv6_filter(self):
738
751
retval = "<filter name='nova-base-ipv6' chain='ipv6'>"
739
for protocol in ['tcp', 'udp', 'icmp']:
752
for protocol in ['tcp-ipv6', 'udp-ipv6', 'icmpv6']:
740
753
for direction, action, priority in [('out', 'accept', 399),
741
754
('inout', 'drop', 400)]:
742
755
retval += """<rule action='%s' direction='%s' priority='%d'>
743
<%s-ipv6 />
756
<%s />
744
757
</rule>""" % (action, direction,
745
priority, protocol)
758
priority, protocol)
746
759
retval += '</filter>'
747
760
return retval
748
761
755
768
retval += '</filter>'
756
769
return retval
757
770
771
def nova_project_filter_v6(self, project, net, mask):
772
retval = "<filter name='nova-project-%s-v6' chain='ipv6'>" % project
773
for protocol in ['tcp-ipv6', 'udp-ipv6', 'icmpv6']:
774
retval += """<rule action='accept' direction='inout' priority='200'>
775
<%s srcipaddr='%s' srcipmask='%s' />
776
</rule>""" % (protocol, net, mask)
777
retval += '</filter>'
778
return retval
779
758
780
def _define_filter(self, xml):
759
781
if callable(xml):
760
782
xml = xml()
766
788
net = IPy.IP(cidr)
767
789
return str(net.net()), str(net.netmask())
768
790
791
@staticmethod
792
def _get_ip_version(cidr):
793
net = IPy.IP(cidr)
794
return int(net.version())
795
769
796
@defer.inlineCallbacks
770
797
def setup_nwfilters_for_instance(self, instance):
771
798
"""
777
804
yield self._define_filter(self.nova_base_ipv4_filter)
778
805
yield self._define_filter(self.nova_base_ipv6_filter)
779
806
yield self._define_filter(self.nova_dhcp_filter)
807
yield self._define_filter(self.nova_ra_filter)
780
808
yield self._define_filter(self.nova_base_filter)
781
809
782
810
nwfilter_xml = "<filter name='nova-instance-%s' chain='root'>\n" \
787
815
network_ref = db.project_get_network(context.get_admin_context(),
788
816
instance['project_id'])
789
817
net, mask = self._get_net_and_mask(network_ref['cidr'])
818
if(FLAGS.use_ipv6):
819
net_v6, mask_v6 = self._get_net_and_mask(
820
network_ref['cidr_v6'])
790
821
project_filter = self.nova_project_filter(instance['project_id'],
791
822
net, mask)
792
823
yield self._define_filter(project_filter)
793
794
824
nwfilter_xml += " <filterref filter='nova-project-%s' />\n" % \
795
825
instance['project_id']
826
if(FLAGS.use_ipv6):
827
project_filter_v6 = self.nova_project_filter_v6(
828
instance['project_id'],
829
net_v6, mask_v6)
830
yield self._define_filter(project_filter_v6)
831
nwfilter_xml += \
832
" <filterref filter='nova-project-%s-v6' />\n" % \
833
instance['project_id']
796
834
797
835
for security_group in instance.security_groups:
798
836
yield self.ensure_security_group_filter(security_group['id'])
812
850
security_group = db.security_group_get(context.get_admin_context(),
813
851
security_group_id)
814
852
rule_xml = ""
853
version = 4
854
v6protocol = {'tcp':'tcp-ipv6', 'udp':'udp-ipv6', 'icmp':'icmpv6'}
815
855
for rule in security_group.rules:
816
856
rule_xml += "<rule action='accept' direction='in' priority='300'>"
817
857
if rule.cidr:
858
version = self._get_ip_version(rule.cidr)
818
859
net, mask = self._get_net_and_mask(rule.cidr)
819
rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % \
820
(rule.protocol, net, mask)
860
if(FLAGS.use_ipv6 and version == 6):
861
rule_xml += "<%s " % v6protocol[rule.protocol]
862
rule_xml += "srcipaddr='%s' " % net
863
rule_xml += "srcipmask='%s' " % mask
864
else:
865
rule_xml += "<%s " % rule.protocol
866
rule_xml += "srcipaddr='%s' " % net
867
rule_xml += "srcipmask='%s' " % mask
821
868
if rule.protocol in ['tcp', 'udp']:
822
869
rule_xml += "dstportstart='%s' dstportend='%s' " % \
823
870
(rule.from_port, rule.to_port)
832
879
833
880
rule_xml += '/>\n'
834
881
rule_xml += "</rule>\n"
835
xml = "<filter name='nova-secgroup-%s' chain='ipv4'>%s</filter>" % \
836
(security_group_id, rule_xml,)
882
xml = "<filter name='nova-secgroup-%s' " % security_group_id
883
if(FLAGS.use_ipv6):
884
xml += "chain='root'>%s</filter>" % rule_xml
885
else:
886
xml += "chain='ipv4'>%s</filter>" % rule_xml
837
887
return xml
Loggerhead is a web-based interface for Breezy
Version: 2.0.1