]>
Commit | Line | Data |
---|---|---|
8465de90 RP |
1 | #!/usr/bin/python |
2 | # | |
3 | # Copyright 2014 Cumulus Networks, Inc. All rights reserved. | |
4 | # Author: Roopa Prabhu, roopa@cumulusnetworks.com | |
5 | # | |
6 | ||
7 | import os | |
5c5a7b93 N |
8 | import signal |
9 | import subprocess | |
8465de90 RP |
10 | import atexit |
11 | from ifupdown.iface import * | |
54616d3f | 12 | import ifupdown.policymanager as policymanager |
8465de90 | 13 | import ifupdownaddons |
768b4ec5 | 14 | import ifupdown.rtnetlink_api as rtnetlink_api |
8465de90 RP |
15 | from ifupdownaddons.modulebase import moduleBase |
16 | from ifupdownaddons.bondutil import bondutil | |
17 | from ifupdownaddons.iproute2 import iproute2 | |
122ef35b | 18 | from ifupdownaddons.dhclient import dhclient |
8465de90 | 19 | |
8ad5c767 RP |
20 | class vrfPrivFlags: |
21 | PROCESSED = 0x1 | |
22 | ||
8465de90 RP |
23 | class vrf(moduleBase): |
24 | """ ifupdown2 addon module to configure vrfs """ | |
25 | _modinfo = { 'mhelp' : 'vrf configuration module', | |
26 | 'attrs' : { | |
27 | 'vrf-table': | |
28 | {'help' : 'vrf device table id. key to ' + | |
29 | 'creating a vrf device', | |
30 | 'example': ['vrf-table-id 1']}, | |
54616d3f N |
31 | 'vrf-default-route': |
32 | {'help' : 'vrf device default route ' + | |
33 | 'to avoid communication outside the vrf device', | |
34 | 'example': ['vrf-default-route yes/no']}, | |
8465de90 RP |
35 | 'vrf': |
36 | {'help' : 'vrf the interface is part of.', | |
37 | 'example': ['vrf blue']}}} | |
38 | ||
a1c23686 | 39 | iproute2_vrf_filename = '/etc/iproute2/rt_tables.d/ifupdown2_vrf_map.conf' |
8465de90 RP |
40 | iproute2_vrf_filehdr = '# This file is autogenerated by ifupdown2.\n' + \ |
41 | '# It contains the vrf name to table mapping.\n' + \ | |
6f2890fc RP |
42 | '# Reserved table range %s %s\n' |
43 | VRF_TABLE_START = 1001 | |
44 | VRF_TABLE_END = 5000 | |
8465de90 RP |
45 | |
46 | def __init__(self, *args, **kargs): | |
47 | ifupdownaddons.modulebase.moduleBase.__init__(self, *args, **kargs) | |
48 | self.ipcmd = None | |
49 | self.bondcmd = None | |
122ef35b | 50 | self.dhclientcmd = None |
8ad5c767 | 51 | self.name = self.__class__.__name__ |
122ef35b RP |
52 | if self.PERFMODE: |
53 | # if perf mode is set, remove vrf map file. | |
54 | # start afresh. PERFMODE is set at boot | |
55 | if os.path.exists(self.iproute2_vrf_filename): | |
56 | try: | |
57 | self.logger.info('vrf: removing file %s' | |
58 | %self.iproute2_vrf_filename) | |
59 | os.remove(self.iproute2_vrf_filename) | |
60 | except Exception, e: | |
61 | self.logger.debug('vrf: removing file failed (%s)' | |
62 | %str(e)) | |
8465de90 RP |
63 | try: |
64 | ip_rules = self.exec_command('/sbin/ip rule show').splitlines() | |
65 | self.ip_rule_cache = [' '.join(r.split()) for r in ip_rules] | |
66 | except Exception, e: | |
67 | self.ip_rule_cache = [] | |
68 | self.logger.warn('%s' %str(e)) | |
69 | ||
70 | try: | |
71 | ip_rules = self.exec_command('/sbin/ip -6 rule show').splitlines() | |
72 | self.ip6_rule_cache = [' '.join(r.split()) for r in ip_rules] | |
73 | except Exception, e: | |
74 | self.ip6_rule_cache = [] | |
75 | self.logger.warn('%s' %str(e)) | |
76 | ||
77 | #self.logger.debug("vrf: ip rule cache") | |
78 | #self.logger.info(self.ip_rule_cache) | |
79 | ||
80 | #self.logger.info("vrf: ip -6 rule cache") | |
81 | #self.logger.info(self.ip6_rule_cache) | |
82 | ||
83 | # XXX: check for vrf reserved overlap in /etc/iproute2/rt_tables | |
84 | self.iproute2_vrf_map = {} | |
85 | # read or create /etc/iproute2/rt_tables.d/ifupdown2.vrf_map | |
86 | if os.path.exists(self.iproute2_vrf_filename): | |
87 | self.vrf_map_fd = open(self.iproute2_vrf_filename, 'a+') | |
88 | lines = self.vrf_map_fd.readlines() | |
89 | for l in lines: | |
90 | l = l.strip() | |
91 | if l[0] == '#': | |
92 | continue | |
93 | try: | |
94 | (table, vrf_name) = l.strip().split() | |
95 | self.iproute2_vrf_map[table] = vrf_name | |
96 | except Exception, e: | |
97 | self.logger.info('vrf: iproute2_vrf_map: unable to parse %s' | |
98 | %l) | |
99 | pass | |
100 | #self.logger.info("vrf: dumping iproute2_vrf_map") | |
101 | #self.logger.info(self.iproute2_vrf_map) | |
102 | ||
103 | # purge vrf table entries that are not around | |
104 | iproute2_vrf_map_pruned = {} | |
105 | for t, v in self.iproute2_vrf_map.iteritems(): | |
106 | if os.path.exists('/sys/class/net/%s' %v): | |
09753350 | 107 | iproute2_vrf_map_pruned[int(t)] = v |
8465de90 RP |
108 | else: |
109 | try: | |
110 | # cleanup rules | |
111 | self._del_vrf_rules(v, t) | |
112 | except Exception: | |
113 | pass | |
114 | self.iproute2_vrf_map = iproute2_vrf_map_pruned | |
115 | ||
6f2890fc RP |
116 | self.vrf_table_id_start = policymanager.policymanager_api.get_module_globals(module_name=self.__class__.__name__, attr='vrf-table-id-start') |
117 | if not self.vrf_table_id_start: | |
118 | self.vrf_table_id_start = self.VRF_TABLE_START | |
119 | self.vrf_table_id_end = policymanager.policymanager_api.get_module_globals(module_name=self.__class__.__name__, attr='vrf-table-id-end') | |
120 | if not self.vrf_table_id_end: | |
121 | self.vrf_table_id_end = self.VRF_TABLE_END | |
4a95c92f | 122 | self.vrf_max_count = policymanager.policymanager_api.get_module_globals(module_name=self.__class__.__name__, attr='vrf-max-count') |
6f2890fc RP |
123 | |
124 | last_used_vrf_table = None | |
125 | for t in range(self.vrf_table_id_start, | |
126 | self.vrf_table_id_end): | |
8465de90 RP |
127 | if not self.iproute2_vrf_map.get(t): |
128 | break | |
6f2890fc | 129 | last_used_vrf_table = t |
8465de90 | 130 | self.last_used_vrf_table = last_used_vrf_table |
09753350 | 131 | |
8465de90 RP |
132 | self.iproute2_write_vrf_map = False |
133 | atexit.register(self.iproute2_vrf_map_write) | |
3fcb15fe | 134 | self.vrf_fix_local_table = True |
6f2890fc | 135 | self.vrf_count = 0 |
83841a51 | 136 | self.vrf_cgroup_create = policymanager.policymanager_api.get_module_globals(module_name=self.__class__.__name__, attr='vrf-cgroup-create') |
6f2890fc RP |
137 | if not self.vrf_cgroup_create: |
138 | self.vrf_cgroup_create = False | |
139 | elif self.vrf_cgroup_create == 'yes': | |
140 | self.vrf_cgroup_create = True | |
141 | else: | |
142 | self.vrf_cgroup_create = False | |
8465de90 RP |
143 | |
144 | def iproute2_vrf_map_write(self): | |
145 | if not self.iproute2_write_vrf_map: | |
146 | return | |
147 | self.logger.info('vrf: writing table map to %s' | |
148 | %self.iproute2_vrf_filename) | |
149 | with open(self.iproute2_vrf_filename, 'w') as f: | |
6f2890fc RP |
150 | f.write(self.iproute2_vrf_filehdr %(self.vrf_table_id_start, |
151 | self.vrf_table_id_end)) | |
8465de90 RP |
152 | for t, v in self.iproute2_vrf_map.iteritems(): |
153 | f.write('%s %s\n' %(t, v)) | |
154 | ||
155 | def _is_vrf(self, ifaceobj): | |
156 | if ifaceobj.get_attr_value_first('vrf-table'): | |
157 | return True | |
158 | return False | |
159 | ||
768b4ec5 | 160 | def get_upper_ifacenames(self, ifaceobj, ifacenames_all=None): |
8465de90 RP |
161 | """ Returns list of interfaces dependent on ifaceobj """ |
162 | ||
768b4ec5 RP |
163 | vrf_table = ifaceobj.get_attr_value_first('vrf-table') |
164 | if vrf_table: | |
165 | ifaceobj.link_type = ifaceLinkType.LINK_MASTER | |
166 | ifaceobj.link_kind |= ifaceLinkKind.VRF | |
8465de90 RP |
167 | vrf_iface_name = ifaceobj.get_attr_value_first('vrf') |
168 | if not vrf_iface_name: | |
169 | return None | |
768b4ec5 | 170 | ifaceobj.link_type = ifaceLinkType.LINK_SLAVE |
8ad5c767 RP |
171 | ifaceobj.link_kind |= ifaceLinkKind.VRF_SLAVE |
172 | ||
8465de90 RP |
173 | return [vrf_iface_name] |
174 | ||
768b4ec5 | 175 | def get_upper_ifacenames_running(self, ifaceobj): |
8465de90 RP |
176 | return None |
177 | ||
178 | def _get_iproute2_vrf_table(self, vrf_dev_name): | |
179 | for t, v in self.iproute2_vrf_map.iteritems(): | |
180 | if v == vrf_dev_name: | |
09753350 | 181 | return str(t) |
8465de90 RP |
182 | return None |
183 | ||
184 | def _get_avail_vrf_table_id(self): | |
6f2890fc RP |
185 | if self.last_used_vrf_table == None: |
186 | table_id_start = self.vrf_table_id_start | |
187 | else: | |
188 | table_id_start = self.last_used_vrf_table + 1 | |
189 | for t in range(table_id_start, | |
190 | self.vrf_table_id_end): | |
8465de90 RP |
191 | if not self.iproute2_vrf_map.get(t): |
192 | self.last_used_vrf_table = t | |
6f2890fc | 193 | return str(t) |
8465de90 RP |
194 | return None |
195 | ||
196 | def _iproute2_vrf_table_entry_add(self, vrf_dev_name, table_id): | |
09753350 | 197 | self.iproute2_vrf_map[int(table_id)] = vrf_dev_name |
8465de90 RP |
198 | self.iproute2_write_vrf_map = True |
199 | ||
200 | def _iproute2_vrf_table_entry_del(self, table_id): | |
201 | try: | |
09753350 | 202 | del self.iproute2_vrf_map[int(table_id)] |
8465de90 RP |
203 | self.iproute2_write_vrf_map = True |
204 | except Exception, e: | |
205 | self.logger.info('vrf: iproute2 vrf map del failed for %d (%s)' | |
206 | %(table_id, str(e))) | |
207 | pass | |
208 | ||
122ef35b RP |
209 | def _is_dhcp_slave(self, ifaceobj): |
210 | if (not ifaceobj.addr_method or | |
211 | (ifaceobj.addr_method != 'dhcp' and | |
212 | ifaceobj.addr_method != 'dhcp6')): | |
213 | return False | |
214 | return True | |
215 | ||
8ad5c767 RP |
216 | def _handle_dhcp_slaves(self, ifacename, vrfname, ifaceobj, |
217 | ifaceobj_getfunc): | |
218 | """ If we have a vrf slave that has dhcp configured, bring up the | |
219 | vrf master now. This is needed because vrf has special handling | |
220 | in dhclient hook which requires the vrf master to be present """ | |
122ef35b RP |
221 | if not self._is_dhcp_slave(ifaceobj): |
222 | return False | |
8ad5c767 RP |
223 | vrf_master = ifaceobj.upperifaces[0] |
224 | if not vrf_master: | |
225 | self.logger.warn('%s: vrf master not found' %ifacename) | |
226 | return | |
227 | if os.path.exists('/sys/class/net/%s' %vrf_master): | |
228 | self.logger.info('%s: vrf master %s exists returning' | |
229 | %(ifacename, vrf_master)) | |
230 | return | |
231 | vrf_master_objs = ifaceobj_getfunc(vrf_master) | |
232 | if not vrf_master_objs: | |
233 | self.logger.warn('%s: vrf master ifaceobj not found' %ifacename) | |
234 | return | |
235 | self.logger.info('%s: bringing up vrf master %s' | |
236 | %(ifacename, vrf_master)) | |
237 | for mobj in vrf_master_objs: | |
238 | vrf_table = mobj.get_attr_value_first('vrf-table') | |
239 | if vrf_table: | |
df53966d RP |
240 | if vrf_table == 'auto': |
241 | vrf_table = self._get_avail_vrf_table_id() | |
242 | if not vrf_table: | |
243 | self.log_error('%s: unable to get an auto table id' | |
244 | %mobj.name) | |
245 | self.logger.info('%s: table id auto: selected table id %s\n' | |
246 | %(mobj.name, vrf_table)) | |
8ad5c767 | 247 | self._up_vrf_dev(mobj, vrf_table, False) |
df53966d | 248 | break |
5c5a7b93 N |
249 | if vrfname == 'mgmt': |
250 | self._kill_ssh(ifaceobj.name) | |
122ef35b | 251 | self._down_dhcp_slave(ifaceobj) |
8ad5c767 RP |
252 | self.ipcmd.link_set(ifacename, 'master', vrfname) |
253 | return | |
254 | ||
122ef35b RP |
255 | def _down_dhcp_slave(self, ifaceobj): |
256 | try: | |
257 | self.dhclientcmd.release(ifaceobj.name) | |
258 | except: | |
259 | # ignore any dhclient release errors | |
260 | pass | |
261 | ||
8ad5c767 | 262 | def _up_vrf_slave(self, ifacename, vrfname, ifaceobj=None, |
09753350 | 263 | ifaceobj_getfunc=None, vrf_exists=False): |
5c5a7b93 | 264 | self.logger.info("Roopa: ifacename = %s, vrfname = %s\n" %(ifacename, vrfname)) |
8465de90 | 265 | try: |
09753350 RP |
266 | if vrf_exists or self.ipcmd.link_exists(vrfname): |
267 | upper = self.ipcmd.link_get_upper(ifacename) | |
4d2c9798 | 268 | if not upper or upper != vrfname: |
5c5a7b93 N |
269 | self.logger.info("Roopa: vrfname = %s\n" %vrfname) |
270 | if ifaceobj and vrfname == 'mgmt': | |
271 | self._kill_ssh(ifaceobj.name) | |
09753350 | 272 | if ifaceobj and self._is_dhcp_slave(ifaceobj): |
122ef35b RP |
273 | self._down_dhcp_slave(ifaceobj) |
274 | self.ipcmd.link_set(ifacename, 'master', vrfname) | |
8ad5c767 RP |
275 | elif ifaceobj: |
276 | self._handle_dhcp_slaves(ifacename, vrfname, ifaceobj, | |
277 | ifaceobj_getfunc) | |
8465de90 | 278 | except Exception, e: |
d54baa22 | 279 | self.log_error('%s: %s' %(ifacename, str(e))) |
8465de90 RP |
280 | |
281 | def _del_vrf_rules(self, vrf_dev_name, vrf_table): | |
282 | pref = 200 | |
283 | ip_rule_out_format = '%s: from all %s %s lookup %s' | |
284 | ip_rule_cmd = 'ip %s rule del pref %s %s %s table %s' | |
285 | ||
4ce47ce4 | 286 | rule = ip_rule_out_format %(pref, 'oif', vrf_dev_name, vrf_dev_name) |
8465de90 RP |
287 | if rule in self.ip_rule_cache: |
288 | rule_cmd = ip_rule_cmd %('', pref, 'oif', vrf_dev_name, vrf_table) | |
289 | self.exec_command(rule_cmd) | |
290 | ||
4ce47ce4 | 291 | rule = ip_rule_out_format %(pref, 'iif', vrf_dev_name, vrf_dev_name) |
8465de90 RP |
292 | if rule in self.ip_rule_cache: |
293 | rule_cmd = ip_rule_cmd %('', pref, 'iif', vrf_dev_name, vrf_table) | |
294 | self.exec_command(rule_cmd) | |
295 | ||
4ce47ce4 | 296 | rule = ip_rule_out_format %(pref, 'oif', vrf_dev_name, vrf_dev_name) |
e6072769 | 297 | if rule in self.ip6_rule_cache: |
8465de90 RP |
298 | rule_cmd = ip_rule_cmd %('-6', pref, 'oif', vrf_dev_name, |
299 | vrf_table) | |
300 | self.exec_command(rule_cmd) | |
301 | ||
4ce47ce4 | 302 | rule = ip_rule_out_format %(pref, 'iif', vrf_dev_name, vrf_dev_name) |
e6072769 | 303 | if rule in self.ip6_rule_cache: |
8465de90 RP |
304 | rule_cmd = ip_rule_cmd %('-6', pref, 'iif', vrf_dev_name, |
305 | vrf_table) | |
306 | self.exec_command(rule_cmd) | |
307 | ||
308 | def _add_vrf_rules(self, vrf_dev_name, vrf_table): | |
309 | pref = 200 | |
310 | ip_rule_out_format = '%s: from all %s %s lookup %s' | |
311 | ip_rule_cmd = 'ip %s rule add pref %s %s %s table %s' | |
659097a0 N |
312 | if self.vrf_fix_local_table: |
313 | self.vrf_fix_local_table = False | |
314 | rule = '0: from all lookup local' | |
315 | if rule in self.ip_rule_cache: | |
316 | try: | |
3fcb15fe N |
317 | self.exec_command('ip rule del pref 0') |
318 | self.exec_command('ip rule add pref 32765 table local') | |
659097a0 N |
319 | except Exception, e: |
320 | self.logger.info('%s' %str(e)) | |
321 | pass | |
c61672da N |
322 | if rule in self.ip6_rule_cache: |
323 | try: | |
324 | self.exec_command('ip -6 rule del pref 0') | |
325 | self.exec_command('ip -6 rule add pref 32765 table local') | |
326 | except Exception, e: | |
327 | self.logger.info('%s' %str(e)) | |
328 | pass | |
8465de90 | 329 | |
3fcb15fe N |
330 | #Example ip rule |
331 | #200: from all oif blue lookup blue | |
332 | #200: from all iif blue lookup blue | |
333 | ||
334 | rule = ip_rule_out_format %(pref, 'oif', vrf_dev_name, vrf_dev_name) | |
8465de90 RP |
335 | if rule not in self.ip_rule_cache: |
336 | rule_cmd = ip_rule_cmd %('', pref, 'oif', vrf_dev_name, vrf_table) | |
337 | self.exec_command(rule_cmd) | |
338 | ||
3fcb15fe | 339 | rule = ip_rule_out_format %(pref, 'iif', vrf_dev_name, vrf_dev_name) |
8465de90 RP |
340 | if rule not in self.ip_rule_cache: |
341 | rule_cmd = ip_rule_cmd %('', pref, 'iif', vrf_dev_name, vrf_table) | |
342 | self.exec_command(rule_cmd) | |
343 | ||
3fcb15fe | 344 | rule = ip_rule_out_format %(pref, 'oif', vrf_dev_name, vrf_dev_name) |
e6072769 | 345 | if rule not in self.ip6_rule_cache: |
3fcb15fe | 346 | rule_cmd = ip_rule_cmd %('-6', pref, 'oif', vrf_dev_name, vrf_table) |
8465de90 RP |
347 | self.exec_command(rule_cmd) |
348 | ||
3fcb15fe | 349 | rule = ip_rule_out_format %(pref, 'iif', vrf_dev_name, vrf_dev_name) |
e6072769 | 350 | if rule not in self.ip6_rule_cache: |
8465de90 RP |
351 | rule_cmd = ip_rule_cmd %('-6', pref, 'iif', vrf_dev_name, |
352 | vrf_table) | |
353 | self.exec_command(rule_cmd) | |
354 | ||
4d2c9798 | 355 | def _add_vrf_slaves(self, ifaceobj, ifaceobj_getfunc=None): |
768b4ec5 RP |
356 | running_slaves = self.ipcmd.link_get_lowers(ifaceobj.name) |
357 | config_slaves = ifaceobj.lowerifaces | |
b94e4d24 | 358 | if not config_slaves and not running_slaves: |
867e11a2 | 359 | return |
4d2c9798 RP |
360 | |
361 | if not config_slaves: config_slaves = [] | |
362 | if not running_slaves: running_slaves = [] | |
768b4ec5 RP |
363 | add_slaves = set(config_slaves).difference(set(running_slaves)) |
364 | del_slaves = set(running_slaves).difference(set(config_slaves)) | |
365 | if add_slaves: | |
366 | for s in add_slaves: | |
367 | try: | |
09753350 RP |
368 | sobj = None |
369 | if ifaceobj_getfunc: | |
370 | sobj = ifaceobj_getfunc(s) | |
371 | self._up_vrf_slave(s, ifaceobj.name, | |
372 | sobj[0] if sobj else None, | |
373 | ifaceobj_getfunc, True) | |
768b4ec5 RP |
374 | except Exception, e: |
375 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) | |
376 | ||
377 | if del_slaves: | |
378 | for s in del_slaves: | |
379 | try: | |
4d2c9798 RP |
380 | if ifaceobj_getfunc: |
381 | sobj = ifaceobj_getfunc(s) | |
382 | # if dhcp slave, release the dhcp lease | |
5c5a7b93 N |
383 | if sobj and ifaceobj.name == 'mgmt': |
384 | self._kill_ssh(sobj[0].name) | |
4d2c9798 RP |
385 | if sobj and self._is_dhcp_slave(sobj[0]): |
386 | self._down_dhcp_slave(sobj[0]) | |
768b4ec5 RP |
387 | self._down_vrf_slave(s, ifaceobj.name) |
388 | except Exception, e: | |
389 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) | |
390 | ||
391 | if ifaceobj.link_type == ifaceLinkType.LINK_MASTER: | |
392 | for s in config_slaves: | |
393 | try: | |
394 | rtnetlink_api.rtnl_api.link_set(s, "up") | |
395 | except Exception, e: | |
396 | self.logger.debug('%s: %s: link set up (%s)' | |
397 | %(ifaceobj.name, s, str(e))) | |
398 | pass | |
8465de90 | 399 | |
2df6a60f | 400 | def _create_cgroup(self, ifaceobj): |
6f2890fc RP |
401 | if not self.vrf_cgroup_create: |
402 | return | |
2df6a60f | 403 | try: |
d1e1c43b | 404 | if not os.path.exists('/sys/fs/cgroup/l3mdev/%s' %ifaceobj.name): |
40103cf7 | 405 | self.exec_command('/usr/bin/cgcreate -g l3mdev:%s' %ifaceobj.name) |
8ad5c767 RP |
406 | except Exception, e: |
407 | self.log_error('%s: cgroup create failed (%s)\n' | |
408 | %(ifaceobj.name, str(e)), ifaceobj) | |
409 | try: | |
40103cf7 | 410 | self.exec_command('/usr/bin/cgset -r l3mdev.master-device=%s %s' |
2df6a60f RP |
411 | %(ifaceobj.name, ifaceobj.name)) |
412 | except Exception, e: | |
8ad5c767 | 413 | self.log_warn('%s: cgset failed (%s)\n' |
2df6a60f RP |
414 | %(ifaceobj.name, str(e)), ifaceobj) |
415 | ||
8ad5c767 RP |
416 | def _set_vrf_dev_processed_flag(self, ifaceobj): |
417 | ifaceobj.module_flags[self.name] = \ | |
418 | ifaceobj.module_flags.setdefault(self.name, 0) | \ | |
419 | vrfPrivFlags.PROCESSED | |
420 | ||
421 | def _check_vrf_dev_processed_flag(self, ifaceobj): | |
422 | if (ifaceobj.module_flags.get(self.name, 0x0) & vrfPrivFlags.PROCESSED): | |
423 | return True | |
424 | return False | |
8465de90 | 425 | |
8ad5c767 | 426 | def _create_vrf_dev(self, ifaceobj, vrf_table): |
2df6a60f | 427 | if not self.ipcmd.link_exists(ifaceobj.name): |
6f2890fc RP |
428 | if vrf_table == 'auto': |
429 | vrf_table = self._get_avail_vrf_table_id() | |
430 | if not vrf_table: | |
431 | self.log_error('%s: unable to get an auto table id' | |
432 | %ifaceobj.name) | |
433 | self.logger.info('%s: table id auto: selected table id %s\n' | |
434 | %(ifaceobj.name, vrf_table)) | |
d54baa22 RP |
435 | |
436 | if not vrf_table.isdigit(): | |
437 | self.log_error('%s: vrf-table must be an integer or \'auto\'' | |
438 | %(ifaceobj.name), ifaceobj) | |
439 | ||
6f2890fc RP |
440 | # XXX: If we decide to not allow vrf id usages out of |
441 | # the reserved ifupdown range, then uncomment this code. | |
fd8c6caf RP |
442 | else: |
443 | if (int(vrf_table) < self.vrf_table_id_start or | |
444 | int(vrf_table) > self.vrf_table_id_end): | |
445 | self.log_error('%s: vrf table id %s out of reserved range [%d,%d]' | |
446 | %(ifaceobj.name, vrf_table, | |
447 | self.vrf_table_id_start, | |
448 | self.vrf_table_id_end)) | |
2df6a60f | 449 | try: |
8465de90 RP |
450 | self.ipcmd.link_create(ifaceobj.name, 'vrf', |
451 | {'table' : '%s' %vrf_table}) | |
2df6a60f RP |
452 | except Exception, e: |
453 | self.log_error('%s: create failed (%s)\n' | |
454 | %(ifaceobj.name, str(e))) | |
455 | else: | |
4d2c9798 RP |
456 | if vrf_table == 'auto': |
457 | vrf_table = self._get_iproute2_vrf_table(ifaceobj.name) | |
458 | if not vrf_table: | |
459 | self.log_error('%s: unable to get vrf table id' | |
460 | %ifaceobj.name) | |
6f2890fc | 461 | |
2df6a60f RP |
462 | # if the device exists, check if table id is same |
463 | vrfdev_attrs = self.ipcmd.link_get_linkinfo_attrs(ifaceobj.name) | |
464 | if vrfdev_attrs: | |
465 | running_table = vrfdev_attrs.get('table', None) | |
466 | if vrf_table != running_table: | |
6f2890fc RP |
467 | self.log_error('%s: cannot change vrf table id,running table id %s is different from config id %s' %(ifaceobj.name, |
468 | running_table, vrf_table)) | |
d54baa22 RP |
469 | if vrf_table != 'auto': |
470 | self._iproute2_vrf_table_entry_add(ifaceobj.name, vrf_table) | |
2df6a60f | 471 | |
4d2c9798 RP |
472 | return vrf_table |
473 | ||
8ad5c767 | 474 | def _add_vrf_default_route(self, ifaceobj, vrf_table): |
54616d3f N |
475 | vrf_default_route = ifaceobj.get_attr_value_first('vrf-default-route') |
476 | if not vrf_default_route: | |
477 | vrf_default_route = policymanager.policymanager_api.get_attr_default( | |
8ad5c767 RP |
478 | module_name=self.__class__.__name__, |
479 | attr='vrf-default-route') | |
54616d3f N |
480 | if not vrf_default_route: |
481 | return | |
482 | if str(vrf_default_route).lower() == "yes": | |
483 | try: | |
8ad5c767 | 484 | self.exec_command('ip route add table %s unreachable default' |
05ca6f01 | 485 | ' metric %d' %(vrf_table, 240)) |
54616d3f N |
486 | except OSError, e: |
487 | if e.errno != 17: | |
488 | raise | |
489 | pass | |
490 | ||
0ba9abeb | 491 | try: |
05ca6f01 RP |
492 | self.exec_command('ip -6 route add table %s unreachable ' |
493 | 'default metric %d' %(vrf_table, 240)) | |
0ba9abeb N |
494 | except OSError, e: |
495 | if e.errno != 17: | |
496 | raise | |
497 | pass | |
498 | ||
4d2c9798 RP |
499 | def _up_vrf_dev(self, ifaceobj, vrf_table, add_slaves=True, |
500 | ifaceobj_getfunc=None): | |
8ad5c767 RP |
501 | |
502 | # if vrf dev is already processed return. This can happen | |
503 | # if we had a dhcp slave. See self._handle_dhcp_slaves | |
504 | if self._check_vrf_dev_processed_flag(ifaceobj): | |
505 | return True | |
506 | ||
4d2c9798 | 507 | vrf_table = self._create_vrf_dev(ifaceobj, vrf_table) |
8ad5c767 | 508 | try: |
8ad5c767 RP |
509 | self._add_vrf_rules(ifaceobj.name, vrf_table) |
510 | self._create_cgroup(ifaceobj) | |
511 | if add_slaves: | |
4d2c9798 | 512 | self._add_vrf_slaves(ifaceobj, ifaceobj_getfunc) |
8ad5c767 RP |
513 | self._add_vrf_default_route(ifaceobj, vrf_table) |
514 | self._set_vrf_dev_processed_flag(ifaceobj) | |
515 | except Exception, e: | |
516 | self.log_error('%s: %s' %(ifaceobj.name, str(e))) | |
517 | ||
5c5a7b93 N |
518 | def _kill_ssh(self, ifacename): |
519 | # Fix this in the next version | |
520 | # runningaddrsdict = self.ipcmd.addr_get(ifacename) | |
521 | ||
522 | try: | |
523 | ip=[] | |
524 | ip6=[] | |
525 | proc=[] | |
526 | #Example output: | |
527 | #2: eth0 inet 10.0.1.84/22 brd 10.0.3.255 scope global eth0\ | |
528 | #valid_lft forever preferred_lft forever | |
529 | for line in self.ipcmd.addr_show(ifacename=ifacename).splitlines(): | |
530 | citems = line.split() | |
531 | if any(word in citems for word in ['inet','inet6']): | |
532 | if 'inet' in citems: | |
533 | ip.append(citems[citems.index('inet')+1].split('/')[0]) | |
534 | else: | |
535 | ip6.append(citems[citems.index('inet6')+1].split('/')[0]) | |
536 | if not ip and not ip6: | |
537 | return | |
538 | ||
539 | #Example output: | |
540 | #ESTAB 0 0 10.0.1.84:ssh 10.0.1.228:45186 | |
541 | #users:(("sshd",pid=2528,fd=3)) | |
542 | cmdl = ['ss', '-t', '-p'] | |
543 | for line in subprocess.check_output(cmdl, stderr=subprocess.STDOUT, | |
544 | shell=False).splitlines(): | |
545 | citems = line.split() | |
546 | addr = None | |
547 | if '%' in citems[3]: | |
548 | addr = citems[3].split('%')[0] | |
549 | elif ':ssh' in citems[3]: | |
550 | addr = citems[3].split(':')[0] | |
551 | if not addr: | |
552 | continue | |
553 | if (addr in ip) or (addr in ip6): | |
554 | if len(citems) == 6: | |
555 | proc.append(citems[5].split(',')[1].split('=')[1]) | |
556 | ||
557 | if not proc: | |
558 | return | |
559 | pid = subprocess.check_output(['ps', '--no-headers', | |
560 | '-fp', str(os.getppid())], | |
561 | stderr=subprocess.STDOUT, | |
562 | shell=False).split()[2] | |
563 | ||
564 | for id in proc: | |
565 | if id != pid: | |
566 | try: | |
567 | os.kill(int(id), signal.SIGTERM) | |
568 | except OSError as e: | |
569 | continue | |
570 | if pid in proc: | |
571 | os.setsid() | |
572 | try: | |
573 | os.kill(int(pid), signal.SIGTERM) | |
574 | return | |
575 | except OSError as e: | |
576 | return | |
577 | except Exception, e: | |
578 | self.logger.info('%s: %s' %(ifacename, str(e))) | |
579 | ||
8ad5c767 | 580 | def _up(self, ifaceobj, ifaceobj_getfunc=None): |
8465de90 RP |
581 | try: |
582 | vrf_table = ifaceobj.get_attr_value_first('vrf-table') | |
583 | if vrf_table: | |
09753350 | 584 | # This is a vrf device |
6f2890fc RP |
585 | if self.vrf_count == self.vrf_max_count: |
586 | self.log_error('%s: max vrf count %d hit...not ' | |
587 | 'creating vrf' %(ifaceobj.name, | |
588 | self.vrf_count)) | |
4d2c9798 | 589 | self._up_vrf_dev(ifaceobj, vrf_table, True, ifaceobj_getfunc) |
8465de90 RP |
590 | else: |
591 | vrf = ifaceobj.get_attr_value_first('vrf') | |
592 | if vrf: | |
09753350 | 593 | # This is a vrf slave |
8ad5c767 RP |
594 | self._up_vrf_slave(ifaceobj.name, vrf, ifaceobj, |
595 | ifaceobj_getfunc) | |
8465de90 RP |
596 | except Exception, e: |
597 | self.log_error(str(e)) | |
598 | ||
2df6a60f RP |
599 | def _delete_cgroup(self, ifaceobj): |
600 | try: | |
d1e1c43b | 601 | if os.path.exists('/sys/fs/cgroup/l3mdev/%s' %ifaceobj.name): |
3f1811d9 | 602 | self.exec_command('/usr/bin/cgdelete -g l3mdev:%s' %ifaceobj.name) |
2df6a60f | 603 | except Exception, e: |
3f1811d9 | 604 | self.log_info('%s: cgroup delete failed (%s)\n' |
2df6a60f RP |
605 | %(ifaceobj.name, str(e)), ifaceobj) |
606 | ||
c4be5481 | 607 | def _down_vrf_dev(self, ifaceobj, vrf_table, ifaceobj_getfunc=None): |
5c5a7b93 | 608 | |
8465de90 RP |
609 | if vrf_table == 'auto': |
610 | vrf_table = self._get_iproute2_vrf_table(ifaceobj.name) | |
611 | try: | |
c4be5481 RP |
612 | running_slaves = self.ipcmd.link_get_lowers(ifaceobj.name) |
613 | if running_slaves: | |
614 | for s in running_slaves: | |
615 | if ifaceobj_getfunc: | |
616 | sobj = ifaceobj_getfunc(s) | |
5c5a7b93 N |
617 | if sobj and self.ipcmd.link_get_master(sobj[0].name) == 'mgmt': |
618 | self._kill_ssh(sobj[0].name) | |
c4be5481 RP |
619 | # if dhcp slave, release the dhcp lease |
620 | if sobj and self._is_dhcp_slave(sobj[0]): | |
621 | self._down_dhcp_slave(sobj[0]) | |
768b4ec5 RP |
622 | except Exception, e: |
623 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) | |
624 | pass | |
625 | ||
626 | try: | |
f1c92482 | 627 | self._del_vrf_rules(ifaceobj.name, vrf_table) |
768b4ec5 RP |
628 | except Exception, e: |
629 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) | |
630 | pass | |
631 | ||
632 | try: | |
f1c92482 RP |
633 | self.ipcmd.link_delete(ifaceobj.name) |
634 | except Exception, e: | |
635 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) | |
636 | pass | |
637 | ||
638 | try: | |
639 | self._iproute2_vrf_table_entry_del(vrf_table) | |
640 | self._delete_cgroup(ifaceobj) | |
8465de90 | 641 | except Exception, e: |
768b4ec5 RP |
642 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) |
643 | pass | |
8465de90 | 644 | |
f1c92482 | 645 | |
768b4ec5 | 646 | def _down_vrf_slave(self, ifacename, vrf): |
8465de90 | 647 | try: |
768b4ec5 | 648 | self.ipcmd.link_set(ifacename, 'nomaster') |
f825610e | 649 | rtnetlink_api.rtnl_api.link_set(ifacename, "down") |
8465de90 | 650 | except Exception, e: |
768b4ec5 | 651 | self.logger.warn('%s: %s' %(ifacename, str(e))) |
8465de90 | 652 | |
8ad5c767 | 653 | def _down(self, ifaceobj, ifaceobj_getfunc=None): |
8465de90 RP |
654 | try: |
655 | vrf_table = ifaceobj.get_attr_value_first('vrf-table') | |
656 | if vrf_table: | |
c4be5481 | 657 | self._down_vrf_dev(ifaceobj, vrf_table, ifaceobj_getfunc) |
8465de90 RP |
658 | else: |
659 | vrf = ifaceobj.get_attr_value_first('vrf') | |
660 | if vrf: | |
768b4ec5 | 661 | self._down_vrf_slave(ifaceobj.name, vrf) |
8465de90 RP |
662 | except Exception, e: |
663 | self.log_warn(str(e)) | |
664 | ||
665 | def _query_check_vrf_slave(self, ifaceobj, ifaceobjcurr, vrf): | |
666 | try: | |
54616d3f | 667 | master = self.ipcmd.link_get_master(ifaceobj.name) |
8465de90 RP |
668 | if not master or master != vrf: |
669 | ifaceobjcurr.update_config_with_status('vrf', master, 1) | |
670 | else: | |
671 | ifaceobjcurr.update_config_with_status('vrf', master, 0) | |
672 | except Exception, e: | |
673 | self.log_warn(str(e)) | |
674 | ||
675 | def _query_check_vrf_dev(self, ifaceobj, ifaceobjcurr, vrf_table): | |
676 | try: | |
677 | if not self.ipcmd.link_exists(ifaceobj.name): | |
678 | self.logger.info('%s: vrf: does not exist' %(ifaceobj.name)) | |
679 | return | |
680 | if vrf_table == 'auto': | |
681 | config_table = self._get_iproute2_vrf_table(ifaceobj.name) | |
682 | else: | |
683 | config_table = vrf_table | |
684 | vrfdev_attrs = self.ipcmd.link_get_linkinfo_attrs(ifaceobj.name) | |
685 | if not vrfdev_attrs: | |
686 | ifaceobjcurr.update_config_with_status('vrf-table', 'None', 1) | |
687 | return | |
688 | running_table = vrfdev_attrs.get('table') | |
689 | if not running_table: | |
690 | ifaceobjcurr.update_config_with_status('vrf-table', 'None', 1) | |
691 | return | |
692 | if config_table != running_table: | |
693 | ifaceobjcurr.update_config_with_status('vrf-table', | |
694 | running_table, 1) | |
695 | else: | |
696 | ifaceobjcurr.update_config_with_status('vrf-table', | |
697 | running_table, 0) | |
698 | except Exception, e: | |
699 | self.log_warn(str(e)) | |
700 | ||
701 | def _query_check(self, ifaceobj, ifaceobjcurr): | |
702 | try: | |
703 | vrf_table = ifaceobj.get_attr_value_first('vrf-table') | |
704 | if vrf_table: | |
705 | self._query_check_vrf_dev(ifaceobj, ifaceobjcurr, vrf_table) | |
706 | else: | |
707 | vrf = ifaceobj.get_attr_value_first('vrf') | |
708 | if vrf: | |
709 | self._query_check_vrf_slave(ifaceobj, ifaceobjcurr, vrf) | |
710 | except Exception, e: | |
711 | self.log_warn(str(e)) | |
712 | ||
8ad5c767 | 713 | def _query_running(self, ifaceobjrunning, ifaceobj_getfunc=None): |
8465de90 RP |
714 | try: |
715 | kind = self.ipcmd.link_get_kind(ifaceobjrunning.name) | |
716 | if kind == 'vrf': | |
54616d3f | 717 | vrfdev_attrs = self.ipcmd.link_get_linkinfo_attrs(ifaceobjrunning.name) |
8465de90 RP |
718 | if vrfdev_attrs: |
719 | running_table = vrfdev_attrs.get('table') | |
720 | if running_table: | |
721 | ifaceobjrunning.update_config('vrf-table', | |
722 | running_table) | |
723 | elif kind == 'vrf_slave': | |
54616d3f | 724 | vrf = self.ipcmd.link_get_master(ifaceobjrunning.name) |
8465de90 RP |
725 | if vrf: |
726 | ifaceobjrunning.update_config('vrf', vrf) | |
727 | except Exception, e: | |
728 | self.log_warn(str(e)) | |
729 | ||
730 | _run_ops = {'pre-up' : _up, | |
731 | 'post-down' : _down, | |
732 | 'query-running' : _query_running, | |
733 | 'query-checkcurr' : _query_check} | |
734 | ||
735 | def get_ops(self): | |
736 | """ returns list of ops supported by this module """ | |
737 | return self._run_ops.keys() | |
738 | ||
739 | def _init_command_handlers(self): | |
740 | flags = self.get_flags() | |
741 | if not self.ipcmd: | |
742 | self.ipcmd = iproute2(**flags) | |
743 | if not self.bondcmd: | |
744 | self.bondcmd = bondutil(**flags) | |
122ef35b RP |
745 | if not self.dhclientcmd: |
746 | self.dhclientcmd = dhclient(**flags) | |
8465de90 | 747 | |
8ad5c767 RP |
748 | def run(self, ifaceobj, operation, query_ifaceobj=None, |
749 | ifaceobj_getfunc=None, **extra_args): | |
8465de90 RP |
750 | """ run bond configuration on the interface object passed as argument |
751 | ||
752 | Args: | |
753 | **ifaceobj** (object): iface object | |
754 | ||
755 | **operation** (str): any of 'pre-up', 'post-down', 'query-checkcurr', | |
756 | 'query-running' | |
757 | ||
758 | Kwargs: | |
759 | **query_ifaceobj** (object): query check ifaceobject. This is only | |
760 | valid when op is 'query-checkcurr'. It is an object same as | |
761 | ifaceobj, but contains running attribute values and its config | |
762 | status. The modules can use it to return queried running state | |
763 | of interfaces. status is success if the running state is same | |
764 | as user required state in ifaceobj. error otherwise. | |
765 | """ | |
766 | op_handler = self._run_ops.get(operation) | |
767 | if not op_handler: | |
768 | return | |
769 | self._init_command_handlers() | |
770 | if operation == 'query-checkcurr': | |
771 | op_handler(self, ifaceobj, query_ifaceobj) | |
772 | else: | |
8ad5c767 | 773 | op_handler(self, ifaceobj, ifaceobj_getfunc=ifaceobj_getfunc) |