← Back to branch summary

~gandelman-a/ubuntu/precise/nova/UCA_2012.2.1

« back to all changes in this revision

Viewing changes to nova/network/linux_net.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short
  • Date: 2012-05-24 13:12:53 UTC
  • mfrom: (1.1.55)
  • Revision ID: package-import@ubuntu.com-20120524131253-ommql08fg1en06ut
Tags: 2012.2~f1-0ubuntu1
https://launchpad.net/bugs/907197
* New upstream release.
* Prepare for quantal:
  - Dropped debian/patches/upstream/0006-Use-project_id-in-ec2.cloud._format_image.patch
  - Dropped debian/patches/upstream/0005-Populate-image-properties-with-project_id-again.patch
  - Dropped debian/patches/upstream/0004-Fixed-bug-962840-added-a-test-case.patch
  - Dropped debian/patches/upstream/0003-Allow-unprivileged-RADOS-users-to-access-rbd-volumes.patch
  - Dropped debian/patches/upstream/0002-Stop-libvirt-test-from-deleting-instances-dir.patch
  - Dropped debian/patches/upstream/0001-fix-bug-where-nova-ignores-glance-host-in-imageref.patch 
  - Dropped debian/patches/0001-fix-useexisting-deprecation-warnings.patch
* debian/control: Add python-keystone as a dependency. (LP: #907197)
* debian/patches/kombu_tests_timeout.patch: Refreshed.
* debian/nova.conf, debian/nova-common.postinst: Convert to new ini
  file configuration
* debian/patches/nova-manage_flagfile_location.patch: Refreshed

Show diffs side-by-side

added added

removed removed

Lines of Context:
nova/network/linux_net.py
29
29
from nova import flags
30
30
from nova import log as logging
31
31
from nova.openstack.common import cfg
 
32
from nova.openstack.common import importutils
32
33
from nova import utils
33
34
 
34
35
 
60
61
    cfg.StrOpt('dns_server',
61
62
               default=None,
62
63
               help='if set, uses specific dns server for dnsmasq'),
63
 
    cfg.StrOpt('dmz_cidr',
64
 
               default='10.128.0.0/24',
65
 
               help='dmz range that should be accepted'),
 
64
    cfg.ListOpt('dmz_cidr',
 
65
               default=[],
 
66
               help='A list of dmz range that should be accepted'),
66
67
    cfg.StrOpt('dnsmasq_config_file',
67
 
               default="",
 
68
               default='',
68
69
               help='Override the default dnsmasq settings with this file'),
69
70
    cfg.StrOpt('linuxnet_interface_driver',
70
71
               default='nova.network.linux_net.LinuxBridgeInterfaceDriver',
163
164
            chain_set = self.unwrapped_chains
164
165
 
165
166
        if name not in chain_set:
166
 
            LOG.debug(_('Attempted to remove chain %s which does not exist'),
167
 
                      name)
 
167
            LOG.warn(_('Attempted to remove chain %s which does not exist'),
 
168
                     name)
168
169
            return
169
170
 
170
171
        chain_set.remove(name)
212
213
        try:
213
214
            self.rules.remove(IptablesRule(chain, rule, wrap, top))
214
215
        except ValueError:
215
 
            LOG.debug(_('Tried to remove rule that was not there:'
216
 
                        ' %(chain)r %(rule)r %(wrap)r %(top)r'),
217
 
                      {'chain': chain, 'rule': rule,
218
 
                       'top': top, 'wrap': wrap})
 
216
            LOG.warn(_('Tried to remove rule that was not there:'
 
217
                       ' %(chain)r %(rule)r %(wrap)r %(top)r'),
 
218
                     {'chain': chain, 'rule': rule,
 
219
                      'top': top, 'wrap': wrap})
219
220
 
220
221
    def empty_chain(self, chain, wrap=True):
221
222
        """Remove all rules from a chain."""
445
446
                                          '-s %s -d %s/32 -j ACCEPT' %
446
447
                                          (ip_range, FLAGS.metadata_host))
447
448
 
448
 
    iptables_manager.ipv4['nat'].add_rule('POSTROUTING',
449
 
                                          '-s %s -d %s -j ACCEPT' %
450
 
                                          (ip_range, FLAGS.dmz_cidr))
 
449
    for dmz in FLAGS.dmz_cidr:
 
450
        iptables_manager.ipv4['nat'].add_rule('POSTROUTING',
 
451
                                              '-s %s -d %s -j ACCEPT' %
 
452
                                              (ip_range, dmz))
451
453
 
452
454
    iptables_manager.ipv4['nat'].add_rule('POSTROUTING',
453
455
                                          '-s %(range)s -d %(range)s '
492
494
                                          '-d %s -p udp '
493
495
                                          '--dport %s -j DNAT --to %s:1194' %
494
496
                                          (public_ip, port, private_ip))
495
 
    iptables_manager.ipv4['nat'].add_rule("OUTPUT",
496
 
                                          "-d %s -p udp "
497
 
                                          "--dport %s -j DNAT --to %s:1194" %
 
497
    iptables_manager.ipv4['nat'].add_rule('OUTPUT',
 
498
                                          '-d %s -p udp '
 
499
                                          '--dport %s -j DNAT --to %s:1194' %
498
500
                                          (public_ip, port, private_ip))
499
501
    iptables_manager.apply()
500
502
 
524
526
    if not network_ref:
525
527
        return
526
528
 
 
529
    _execute('sysctl', '-w', 'net.ipv4.ip_forward=1', run_as_root=True)
 
530
 
527
531
    # NOTE(vish): The ip for dnsmasq has to be the first address on the
528
532
    #             bridge for it to respond to reqests properly
529
533
    full_ip = '%s/%s' % (network_ref['dhcp_server'],
551
555
                         check_exit_code=[0, 7])
552
556
        for ip_params in old_ip_params:
553
557
            _execute(*_ip_bridge_cmd('del', ip_params, dev),
554
 
                        run_as_root=True, check_exit_code=[0, 2, 254])
 
558
                     run_as_root=True, check_exit_code=[0, 2, 254])
555
559
        for ip_params in new_ip_params:
556
560
            _execute(*_ip_bridge_cmd('add', ip_params, dev),
557
 
                        run_as_root=True, check_exit_code=[0, 2, 254])
 
561
                     run_as_root=True, check_exit_code=[0, 2, 254])
558
562
        if gateway:
559
563
            _execute('route', 'add', 'default', 'gw', gateway,
560
564
                     run_as_root=True, check_exit_code=[0, 7])
561
565
        if FLAGS.send_arp_for_ha:
562
566
            _execute('arping', '-U', network_ref['dhcp_server'],
563
 
                      '-A', '-I', dev,
564
 
                      '-c', 1, run_as_root=True, check_exit_code=False)
 
567
                     '-A', '-I', dev,
 
568
                     '-c', 1, run_as_root=True, check_exit_code=False)
565
569
    if(FLAGS.use_ipv6):
566
570
        _execute('ip', '-f', 'inet6', 'addr',
567
 
                     'change', network_ref['cidr_v6'],
568
 
                     'dev', dev, run_as_root=True)
 
571
                 'change', network_ref['cidr_v6'],
 
572
                 'dev', dev, run_as_root=True)
569
573
 
570
574
 
571
575
def get_dhcp_leases(context, network_ref):
686
690
                             check_exit_code=False)
687
691
        # Using symlinks can cause problems here so just compare the name
688
692
        # of the file itself
689
 
        if conffile.split("/")[-1] in out:
 
693
        if conffile.split('/')[-1] in out:
690
694
            try:
691
695
                _execute('kill', '-HUP', pid, run_as_root=True)
692
696
                return
753
757
            try:
754
758
                _execute('kill', pid, run_as_root=True)
755
759
            except Exception as exc:  # pylint: disable=W0703
756
 
                LOG.debug(_('killing radvd threw %s'), exc)
 
760
                LOG.error(_('killing radvd threw %s'), exc)
757
761
        else:
758
762
            LOG.debug(_('Pid %d is stale, relaunching radvd'), pid)
759
763
 
790
794
                               data['instance_hostname'],
791
795
                               FLAGS.dhcp_domain,
792
796
                               data['address'],
793
 
                               "net:" + _host_dhcp_network(data))
 
797
                               'net:' + _host_dhcp_network(data))
794
798
    else:
795
799
        return '%s,%s.%s,%s' % (data['vif_address'],
796
800
                               data['instance_hostname'],
815
819
def _device_exists(device):
816
820
    """Check if ethernet device exists."""
817
821
    (_out, err) = _execute('ip', 'link', 'show', 'dev', device,
818
 
                           check_exit_code=False)
 
822
                           check_exit_code=False, run_as_root=True)
819
823
    return not err
820
824
 
821
825
 
887
891
def _get_interface_driver():
888
892
    global interface_driver
889
893
    if not interface_driver:
890
 
        interface_driver = utils.import_object(FLAGS.linuxnet_interface_driver)
 
894
        interface_driver = importutils.import_object(
 
895
                FLAGS.linuxnet_interface_driver)
891
896
    return interface_driver
892
897
 
893
898
 
971
976
            # (danwent) the bridge will inherit this address, so we want to
972
977
            # make sure it is the value set from the NetworkManager
973
978
            if mac_address:
974
 
                _execute('ip', 'link', 'set', interface, "address",
975
 
                            mac_address, run_as_root=True)
 
979
                _execute('ip', 'link', 'set', interface, 'address',
 
980
                         mac_address, run_as_root=True)
976
981
            _execute('ip', 'link', 'set', interface, 'up', run_as_root=True)
977
982
            if FLAGS.network_device_mtu:
978
983
                _execute('ip', 'link', 'set', interface, 'mtu',
1009
1014
 
1010
1015
        if interface:
1011
1016
            out, err = _execute('brctl', 'addif', bridge, interface,
1012
 
                            check_exit_code=False, run_as_root=True)
 
1017
                                check_exit_code=False, run_as_root=True)
1013
1018
 
1014
1019
            # NOTE(vish): This will break if there is already an ip on the
1015
1020
            #             interface, so we move any ips to the bridge
1030
1035
                if fields and fields[0] == 'inet':
1031
1036
                    params = fields[1:-1]
1032
1037
                    _execute(*_ip_bridge_cmd('del', params, fields[-1]),
1033
 
                                run_as_root=True, check_exit_code=[0, 2, 254])
 
1038
                             run_as_root=True, check_exit_code=[0, 2, 254])
1034
1039
                    _execute(*_ip_bridge_cmd('add', params, bridge),
1035
 
                                run_as_root=True, check_exit_code=[0, 2, 254])
 
1040
                             run_as_root=True, check_exit_code=[0, 2, 254])
1036
1041
            if old_gateway:
1037
1042
                _execute('route', 'add', 'default', 'gw', old_gateway,
1038
1043
                         run_as_root=True, check_exit_code=[0, 7])
1039
1044
 
1040
1045
            if (err and err != "device %s is already a member of a bridge;"
1041
1046
                     "can't enslave it to bridge %s.\n" % (interface, bridge)):
1042
 
                raise exception.Error('Failed to add interface: %s' % err)
 
1047
                msg = _('Failed to add interface: %s') % err
 
1048
                raise exception.NovaException(msg)
1043
1049
 
1044
1050
        # Don't forward traffic unless we were told to be a gateway
1045
1051
        ipv4_filter = iptables_manager.ipv4['filter']
1063
1069
        if not _device_exists(dev):
1064
1070
            bridge = FLAGS.linuxnet_ovs_integration_bridge
1065
1071
            _execute('ovs-vsctl',
1066
 
                        '--', '--may-exist', 'add-port', bridge, dev,
1067
 
                        '--', 'set', 'Interface', dev, "type=internal",
1068
 
                        '--', 'set', 'Interface', dev,
1069
 
                                "external-ids:iface-id=%s" % dev,
1070
 
                        '--', 'set', 'Interface', dev,
1071
 
                                "external-ids:iface-status=active",
1072
 
                        '--', 'set', 'Interface', dev,
1073
 
                                "external-ids:attached-mac=%s" % mac_address,
1074
 
                        run_as_root=True)
1075
 
            _execute('ip', 'link', 'set', dev, "address", mac_address,
1076
 
                        run_as_root=True)
 
1072
                     '--', '--may-exist', 'add-port', bridge, dev,
 
1073
                     '--', 'set', 'Interface', dev, 'type=internal',
 
1074
                     '--', 'set', 'Interface', dev,
 
1075
                     'external-ids:iface-id=%s' % dev,
 
1076
                     '--', 'set', 'Interface', dev,
 
1077
                     'external-ids:iface-status=active',
 
1078
                     '--', 'set', 'Interface', dev,
 
1079
                     'external-ids:attached-mac=%s' % mac_address,
 
1080
                     run_as_root=True)
 
1081
            _execute('ip', 'link', 'set', dev, 'address', mac_address,
 
1082
                     run_as_root=True)
1077
1083
            if FLAGS.network_device_mtu:
1078
1084
                _execute('ip', 'link', 'set', dev, 'mtu',
1079
1085
                         FLAGS.network_device_mtu, run_as_root=True)
1082
1088
                # If we weren't instructed to act as a gateway then add the
1083
1089
                # appropriate flows to block all non-dhcp traffic.
1084
1090
                _execute('ovs-ofctl',
1085
 
                    'add-flow', bridge, "priority=1,actions=drop",
1086
 
                     run_as_root=True)
 
1091
                         'add-flow', bridge, 'priority=1,actions=drop',
 
1092
                         run_as_root=True)
1087
1093
                _execute('ovs-ofctl', 'add-flow', bridge,
1088
 
                    "udp,tp_dst=67,dl_dst=%s,priority=2,actions=normal" %
1089
 
                    mac_address, run_as_root=True)
 
1094
                         'udp,tp_dst=67,dl_dst=%s,priority=2,actions=normal' %
 
1095
                         mac_address, run_as_root=True)
1090
1096
                # .. and make sure iptbles won't forward it as well.
1091
1097
                iptables_manager.ipv4['filter'].add_rule('FORWARD',
1092
1098
                        '--in-interface %s -j DROP' % bridge)
1104
1110
        dev = self.get_dev(network)
1105
1111
        bridge = FLAGS.linuxnet_ovs_integration_bridge
1106
1112
        _execute('ovs-vsctl', '--', '--if-exists', 'del-port',
1107
 
                               bridge, dev, run_as_root=True)
 
1113
                 bridge, dev, run_as_root=True)
1108
1114
        return dev
1109
1115
 
1110
1116
    def get_dev(self, network):
1111
 
        dev = "gw-" + str(network['uuid'][0:11])
 
1117
        dev = 'gw-' + str(network['uuid'][0:11])
1112
1118
        return dev
1113
1119
 
1114
1120
 
1115
1121
# plugs interfaces using Linux Bridge when using QuantumManager
1116
1122
class QuantumLinuxBridgeInterfaceDriver(LinuxNetInterfaceDriver):
1117
1123
 
1118
 
    BRIDGE_NAME_PREFIX = "brq"
1119
 
    GATEWAY_INTERFACE_PREFIX = "gw-"
 
1124
    BRIDGE_NAME_PREFIX = 'brq'
 
1125
    GATEWAY_INTERFACE_PREFIX = 'gw-'
1120
1126
 
1121
1127
    def plug(self, network, mac_address, gateway=True):
1122
1128
        dev = self.get_dev(network)
1143
1149
            utils.execute('brctl', 'addbr', bridge, run_as_root=True)
1144
1150
            utils.execute('brctl', 'setfd', bridge, str(0), run_as_root=True)
1145
1151
            utils.execute('brctl', 'stp', bridge, 'off', run_as_root=True)
1146
 
            utils.execute('ip', 'link', 'set', bridge, "address", mac_address,
 
1152
            utils.execute('ip', 'link', 'set', bridge, 'address', mac_address,
1147
1153
                          run_as_root=True)
1148
1154
            utils.execute('ip', 'link', 'set', bridge, 'up', run_as_root=True)
1149
1155
            LOG.debug(_("Done starting bridge %s"), bridge)
1150
1156
 
1151
 
        full_ip = '%s/%s' % (network['dhcp_server'],
1152
 
                             network['cidr'].rpartition('/')[2])
1153
 
        utils.execute('ip', 'address', 'add', full_ip, 'dev', bridge,
1154
 
                run_as_root=True)
 
1157
            full_ip = '%s/%s' % (network['dhcp_server'],
 
1158
                                 network['cidr'].rpartition('/')[2])
 
1159
            utils.execute('ip', 'address', 'add', full_ip, 'dev', bridge,
 
1160
                          run_as_root=True)
1155
1161
 
1156
1162
        return dev
1157
1163
 
1164
1170
            try:
1165
1171
                utils.execute('ip', 'link', 'delete', dev, run_as_root=True)
1166
1172
            except exception.ProcessExecutionError:
1167
 
                LOG.warning(_("Failed unplugging gateway interface '%s'"),
1168
 
                            dev)
 
1173
                LOG.error(_("Failed unplugging gateway interface '%s'"), dev)
1169
1174
                raise
1170
1175
            LOG.debug(_("Unplugged gateway interface '%s'"), dev)
1171
1176
            return dev
1176
1181
            try:
1177
1182
                # First, try with 'ip'
1178
1183
                utils.execute('ip', 'tuntap', 'add', dev, 'mode', 'tap',
1179
 
                          run_as_root=True)
 
1184
                              run_as_root=True)
1180
1185
            except exception.ProcessExecutionError:
1181
1186
                # Second option: tunctl
1182
1187
                utils.execute('tunctl', '-b', '-t', dev, run_as_root=True)
1183
1188
            if mac_address:
1184
 
                utils.execute('ip', 'link', 'set', dev, "address", mac_address,
 
1189
                utils.execute('ip', 'link', 'set', dev, 'address', mac_address,
1185
1190
                              run_as_root=True)
1186
1191
            utils.execute('ip', 'link', 'set', dev, 'up', run_as_root=True)
1187
1192