neutron-l3-agent revision 6029
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User# Licensed under the Apache License, Version 2.0 (the "License"); you may
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User# not use this file except in compliance with the License. You may obtain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# a copy of the License at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# Unless required by applicable law or agreed to in writing, software
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# License for the specific language governing permissions and limitations
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# under the License.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfrom subprocess import CalledProcessError, Popen, PIPE, check_call
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfrom neutron_vpnaas.services.vpn.device_drivers.solaris_ipsec import \
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfrom neutron_vpnaas.services.vpn.device_drivers.solaris_ipsec import \
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User cmd = ["/usr/sbin/ipadm", "show-prop", "-p", "hostmodel",
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein print "failed to retrieve hostmodel ipadm property"
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User cmd = ["/usr/bin/pfexec", "/usr/sbin/ipadm", "set-prop", "-t", "-p",
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User print "failed to set ipadm hostmodel property to %s" % value
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein # verify paths are valid
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews if not os.path.exists(f) or not os.access(f, os.R_OK):
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein print '%s does not exist or is not readable' % f
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User # System-wide forwarding (either ipv4 or ipv6 or both) must be enabled
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User # before neutron-l3-agent can be started.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein print "failed to determine if IPv4 forwarding is enabled or not"
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein print "failed to determine if IPv6 forwarding is enabled or not"
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt print "System-wide IPv4 or IPv6 (or both) forwarding must be " \
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt "enabled before enabling neutron-l3-agent"
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User # remove any stale PF rules under _auto/neutron:l3:agent anchor
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt pf = packetfilter.PacketFilter('_auto/neutron:l3:agent')
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User cmd = "/usr/bin/pfexec /usr/lib/neutron/neutron-l3-agent " \
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User "--config-file %s --config-file %s --config-file %s" % \
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User # The VPNaaS shutdown should unplumb all IP tunnels it created. But
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt # be paranoid and check for lingering tunnels created by OpenStack
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein # that may have been left behind if the OpenStack device driver exits
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User # unexpectedly. OpenStack VPN configuration is created when the service
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User # starts. Errors will occur if old IP tunnels still exist.
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater print "Error: Found existing IP tunnel interface(s)."
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User print "Use ipadm(1M) and dladm(1M) to remove it/them."
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User print "Then use svcadm(1M) to clear the service."
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User print "Use the following commands to remove:"
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User print "\t# ipadm delete-ip %s; dladm delete-iptun %s" % (ifn, ifn)
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User # set the hostmodel property if necessary
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User # retrieve the right OVS bridge based on the interface name
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User config_file = '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini'
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User # first kill the SMF contract
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User check_call(["/usr/bin/pkill", "-c", sys.argv[2]])
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User print "failed to kill the SMF contract: %s" % (err)
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User # We need to first remove the PF rules added under _auto/neutron:l3:agent
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User # anchor and then remove the IP interfaces on which the rules were applied.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User pf = packetfilter.PacketFilter('_auto/neutron:l3:agent')
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User # remove VNICs associated with L3 agent
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User cmd = ["/usr/sbin/ipadm", "show-if", "-p", "-o", "ifname"]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein print "failed to retrieve IP interface names"
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews # L3 agent datalinks are always 15 characters in length. They start
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein # with either 'l3i' or 'l3e', end with '_0', and in between they are
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt # hexadecimal digits.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User # first remove the IP
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt check_call(["/usr/bin/pfexec", "/usr/sbin/ipadm", "delete-ip",
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User # next remove the VNIC
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt check_call(["/usr/bin/pfexec", "/usr/sbin/dladm", "delete-vnic",
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User # remove the OVS Port
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User check_call(["/usr/bin/pfexec", "/usr/sbin/ovs-vsctl", "--",
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User "--if-exists", "del-port", ovs_bridge, ifname])
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User print "failed to remove datalink '%s' used by L3 agent: %s" % \
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User # finally reset the hostmodel property