Cross Reference: /solaris-userland/components/openstack/neutron/files/neutron-l3-agent

	neutron-l3-agent revision 3162
0N/A#!/usr/bin/python2.6
0N/A
0N/A# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
0N/A#
0N/A#    Licensed under the Apache License, Version 2.0 (the "License"); you may
0N/A#    not use this file except in compliance with the License. You may obtain
0N/A#    a copy of the License at
0N/A#
0N/A#         http://www.apache.org/licenses/LICENSE-2.0
0N/A#
0N/A#    Unless required by applicable law or agreed to in writing, software
0N/A#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
0N/A#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
0N/A#    License for the specific language governing permissions and limitations
0N/A#    under the License.
0N/A
0N/Aimport os
0N/Aimport re
0N/Aimport sys
0N/A
0N/Aimport netaddr
0N/Aimport smf_include
0N/A
0N/Afrom subprocess import CalledProcessError, Popen, PIPE, check_call
0N/A
0N/A
0N/Adef start():
0N/A    # verify paths are valid
0N/A    for f in sys.argv[2:4]:
0N/A        if not os.path.exists(f) or not os.access(f, os.R_OK):
0N/A            print '%s does not exist or is not readable' % f
0N/A            return smf_include.SMF_EXIT_ERR_CONFIG
0N/A
0N/A    # System-wide forwarding (either ipv4 or ipv6 or both) must be enabled
0N/A    # before neutron-l3-agent can be started.
0N/A    cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
0N/A           "-o", "current", "ipv4"]
0N/A    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
0N/A    output, error = p.communicate()
0N/A    if p.returncode != 0:
0N/A        print "failed to determine if IPv4 forwarding is enabled or not"
0N/A        return smf_include.SMF_EXIT_ERR_FATAL
0N/A    v4fwding = "on" in output
0N/A
0N/A    cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
0N/A           "-o", "current", "ipv6"]
0N/A    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
0N/A    output, error = p.communicate()
0N/A    if p.returncode != 0:
0N/A        print "failed to determine if IPv6 forwarding is enabled or not"
0N/A        return smf_include.SMF_EXIT_ERR_FATAL
0N/A    v6fwding = "on" in output
0N/A
0N/A    if not any((v4fwding, v6fwding)):
0N/A        print "System-wide IPv4 or IPv6 (or both) forwarding must be " \
0N/A              "enabled before enabling neutron-l3-agent"
0N/A        return smf_include.SMF_EXIT_ERR_CONFIG
0N/A
0N/A    cmd = "/usr/lib/neutron/neutron-l3-agent --config-file %s " \
0N/A        "--config-file %s" % tuple(sys.argv[2:4])
0N/A    smf_include.smf_subprocess(cmd)
0N/A
0N/A
0N/Adef remove_ipfilter_rules(version):
0N/A    # remove IP Filter rules added by neutron-l3-agent
0N/A    cmd = ["/usr/bin/pfexec", "/usr/sbin/ipfstat", "-io"]
0N/A    if version == 6:
0N/A        cmd.insert(2, "-6")
0N/A    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
0N/A    output, error = p.communicate()
0N/A    if p.returncode != 0:
0N/A        print "failed to retrieve IP Filter rules"
0N/A        return smf_include.SMF_EXIT_ERR_FATAL
0N/A
0N/A    ipfilters = output.splitlines()
0N/A    # L3 agent IP Filter rules are of the form
0N/A    # block in quick on l3i64cbb496_a_0 from ... to pool/15417332
0N/A    prog = re.compile('on l3i[0-9A-Fa-f\_]{10}_0')
0N/A    ippool_names = []
0N/A    for ipf in ipfilters:
0N/A        if not prog.search(ipf):
0N/A            continue
0N/A        # capture the IP pool name
0N/A        if 'pool/' in ipf:
0N/A            ippool_names.append(ipf.split('pool/')[1])
0N/A
0N/A        try:
0N/A            # remove the IP Filter rule
0N/A            p = Popen(["echo", ipf], stdout=PIPE)
0N/A            cmd = ["/usr/bin/pfexec", "/usr/sbin/ipf", "-r", "-f", "-"]
0N/A            if version == 6:
0N/A                cmd.insert(2, "-6")
0N/A            check_call(cmd, stdin=p.stdout)
0N/A        except CalledProcessError as err:
0N/A            print "failed to remove IP Filter rule %s: %s" % (ipf, err)
0N/A            return smf_include.SMF_EXIT_ERR_FATAL
0N/A
0N/A    # remove IP Pools added by neutron-l3-agent
0N/A    for ippool_name in ippool_names:
0N/A        try:
0N/A            check_call(["/usr/bin/pfexec", "/usr/sbin/ippool", "-R",
0N/A                        "-m", ippool_name, "-t", "tree"])
0N/A        except CalledProcessError as err:
0N/A            print "failed to remove IP Pool %s: %s" % (ippool_name, err)
0N/A            return smf_include.SMF_EXIT_ERR_FATAL
0N/A    return smf_include.SMF_EXIT_OK
0N/A
0N/A
0N/Adef stop():
0N/A    try:
0N/A        # first kill the SMF contract
0N/A        check_call(["/usr/bin/pkill", "-c", sys.argv[2]])
0N/A    except CalledProcessError as err:
0N/A        print "failed to kill the SMF contract: %s" % (err)
0N/A        return smf_include.SMF_EXIT_ERR_FATAL
0N/A
0N/A    # We need to first remove the IP filter rules and then remove
0N/A    # the IP interfaces on which the rules were applied.
0N/A
0N/A    # remove IPv4 Filter rules added by neutron-l3-agent
0N/A    rv = remove_ipfilter_rules(4)
0N/A    if rv != smf_include.SMF_EXIT_OK:
0N/A        return rv
0N/A
0N/A    # remove IPv6 Filter rules added by neutron-l3-agent
0N/A    rv = remove_ipfilter_rules(6)
0N/A    if rv != smf_include.SMF_EXIT_OK:
0N/A        return rv
0N/A
0N/A    # remove IP NAT rules added by neutron-l3-agent
0N/A    cmd = ["/usr/bin/pfexec", "/usr/sbin/ipnat", "-lR"]
0N/A    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
0N/A    output, error = p.communicate()
0N/A    if p.returncode != 0:
0N/A        print "failed to retrieve IP NAT rules"
0N/A        return smf_include.SMF_EXIT_ERR_FATAL
0N/A
0N/A    ipnat_rules = output.splitlines()
0N/A    # L3 agent IP NAT rules are of the form
0N/A    # bimap l3e64ccc496_a_0 192.168.1.3/32 -> 172.16.10.3/32
0N/A    prog = re.compile('l3e[0-9A-Fa-f\_]{10}_0')
0N/A    for ipnat_rule in ipnat_rules:
0N/A        if not prog.search(ipnat_rule):
0N/A            continue
0N/A        # remove the IP NAT rule
0N/A        try:
0N/A            p = Popen(["echo", ipnat_rule], stdout=PIPE)
0N/A            check_call(["/usr/bin/pfexec", "/usr/sbin/ipnat", "-r", "-f", "-"],
0N/A                       stdin=p.stdout)
0N/A        except CalledProcessError as err:
0N/A            print "failed to remove IP NAT rule %s: %s" % (ipnat_rule, err)
0N/A            return smf_include.SMF_EXIT_ERR_FATAL
0N/A
0N/A    # remove VNICs associated with L3 agent
0N/A    cmd = ["/usr/sbin/ipadm", "show-if", "-p", "-o", "ifname"]
0N/A    p = Popen(cmd, stdout=PIPE, stderr=PIPE)
0N/A    output, error = p.communicate()
0N/A    if p.returncode != 0:
0N/A        print "failed to retrieve IP interface names"
0N/A        return smf_include.SMF_EXIT_ERR_CONFIG
0N/A
0N/A    ifnames = output.splitlines()
0N/A    # L3 agent datalinks are always 15 characters in length. They start
0N/A    # with either 'l3i' or 'l3e', end with '_0', and in between they are
0N/A    # hexadecimal digits.
0N/A    prog = re.compile('l3[ie][0-9A-Fa-f\_]{10}_0')
0N/A    for ifname in ifnames:
0N/A        if not prog.search(ifname):
0N/A            continue
0N/A        try:
0N/A            # first remove the IP
0N/A            check_call(["/usr/bin/pfexec", "/usr/sbin/ipadm", "delete-ip",
0N/A                        ifname])
0N/A            # next remove the VNIC
0N/A            check_call(["/usr/bin/pfexec", "/usr/sbin/dladm", "delete-vnic",
0N/A                        ifname])
0N/A        except CalledProcessError as err:
0N/A            print "failed to remove datalinks used by L3 agent: %s" % (err)
0N/A            return smf_include.SMF_EXIT_ERR_FATAL
0N/A
0N/A    return smf_include.SMF_EXIT_OK
0N/A
0N/Aif __name__ == "__main__":
0N/A    os.putenv("LC_ALL", "C")
0N/A    smf_include.smf_main()
0N/A