]>
Commit | Line | Data |
---|---|---|
8465de90 RP |
1 | #!/usr/bin/python |
2 | # | |
3 | # Copyright 2014 Cumulus Networks, Inc. All rights reserved. | |
4 | # Author: Roopa Prabhu, roopa@cumulusnetworks.com | |
5 | # | |
6 | ||
7 | import os | |
5c5a7b93 | 8 | import signal |
32f6e6ca | 9 | import errno |
5c5a7b93 | 10 | import subprocess |
8465de90 RP |
11 | import atexit |
12 | from ifupdown.iface import * | |
54616d3f | 13 | import ifupdown.policymanager as policymanager |
8465de90 | 14 | import ifupdownaddons |
768b4ec5 | 15 | import ifupdown.rtnetlink_api as rtnetlink_api |
8465de90 RP |
16 | from ifupdownaddons.modulebase import moduleBase |
17 | from ifupdownaddons.bondutil import bondutil | |
18 | from ifupdownaddons.iproute2 import iproute2 | |
122ef35b | 19 | from ifupdownaddons.dhclient import dhclient |
8465de90 | 20 | |
8ad5c767 RP |
21 | class vrfPrivFlags: |
22 | PROCESSED = 0x1 | |
23 | ||
8465de90 RP |
24 | class vrf(moduleBase): |
25 | """ ifupdown2 addon module to configure vrfs """ | |
26 | _modinfo = { 'mhelp' : 'vrf configuration module', | |
27 | 'attrs' : { | |
28 | 'vrf-table': | |
29 | {'help' : 'vrf device table id. key to ' + | |
30 | 'creating a vrf device', | |
31 | 'example': ['vrf-table-id 1']}, | |
54616d3f N |
32 | 'vrf-default-route': |
33 | {'help' : 'vrf device default route ' + | |
34 | 'to avoid communication outside the vrf device', | |
35 | 'example': ['vrf-default-route yes/no']}, | |
8465de90 RP |
36 | 'vrf': |
37 | {'help' : 'vrf the interface is part of.', | |
38 | 'example': ['vrf blue']}}} | |
39 | ||
a1c23686 | 40 | iproute2_vrf_filename = '/etc/iproute2/rt_tables.d/ifupdown2_vrf_map.conf' |
8465de90 RP |
41 | iproute2_vrf_filehdr = '# This file is autogenerated by ifupdown2.\n' + \ |
42 | '# It contains the vrf name to table mapping.\n' + \ | |
6f2890fc RP |
43 | '# Reserved table range %s %s\n' |
44 | VRF_TABLE_START = 1001 | |
45 | VRF_TABLE_END = 5000 | |
8465de90 RP |
46 | |
47 | def __init__(self, *args, **kargs): | |
48 | ifupdownaddons.modulebase.moduleBase.__init__(self, *args, **kargs) | |
49 | self.ipcmd = None | |
50 | self.bondcmd = None | |
122ef35b | 51 | self.dhclientcmd = None |
8ad5c767 | 52 | self.name = self.__class__.__name__ |
122ef35b RP |
53 | if self.PERFMODE: |
54 | # if perf mode is set, remove vrf map file. | |
55 | # start afresh. PERFMODE is set at boot | |
56 | if os.path.exists(self.iproute2_vrf_filename): | |
57 | try: | |
58 | self.logger.info('vrf: removing file %s' | |
59 | %self.iproute2_vrf_filename) | |
60 | os.remove(self.iproute2_vrf_filename) | |
61 | except Exception, e: | |
62 | self.logger.debug('vrf: removing file failed (%s)' | |
63 | %str(e)) | |
8465de90 RP |
64 | try: |
65 | ip_rules = self.exec_command('/sbin/ip rule show').splitlines() | |
66 | self.ip_rule_cache = [' '.join(r.split()) for r in ip_rules] | |
67 | except Exception, e: | |
68 | self.ip_rule_cache = [] | |
69 | self.logger.warn('%s' %str(e)) | |
70 | ||
71 | try: | |
72 | ip_rules = self.exec_command('/sbin/ip -6 rule show').splitlines() | |
73 | self.ip6_rule_cache = [' '.join(r.split()) for r in ip_rules] | |
74 | except Exception, e: | |
75 | self.ip6_rule_cache = [] | |
76 | self.logger.warn('%s' %str(e)) | |
77 | ||
78 | #self.logger.debug("vrf: ip rule cache") | |
79 | #self.logger.info(self.ip_rule_cache) | |
80 | ||
81 | #self.logger.info("vrf: ip -6 rule cache") | |
82 | #self.logger.info(self.ip6_rule_cache) | |
83 | ||
84 | # XXX: check for vrf reserved overlap in /etc/iproute2/rt_tables | |
85 | self.iproute2_vrf_map = {} | |
86 | # read or create /etc/iproute2/rt_tables.d/ifupdown2.vrf_map | |
87 | if os.path.exists(self.iproute2_vrf_filename): | |
88 | self.vrf_map_fd = open(self.iproute2_vrf_filename, 'a+') | |
89 | lines = self.vrf_map_fd.readlines() | |
90 | for l in lines: | |
91 | l = l.strip() | |
92 | if l[0] == '#': | |
93 | continue | |
94 | try: | |
95 | (table, vrf_name) = l.strip().split() | |
96 | self.iproute2_vrf_map[table] = vrf_name | |
97 | except Exception, e: | |
98 | self.logger.info('vrf: iproute2_vrf_map: unable to parse %s' | |
99 | %l) | |
100 | pass | |
101 | #self.logger.info("vrf: dumping iproute2_vrf_map") | |
102 | #self.logger.info(self.iproute2_vrf_map) | |
103 | ||
104 | # purge vrf table entries that are not around | |
105 | iproute2_vrf_map_pruned = {} | |
106 | for t, v in self.iproute2_vrf_map.iteritems(): | |
107 | if os.path.exists('/sys/class/net/%s' %v): | |
09753350 | 108 | iproute2_vrf_map_pruned[int(t)] = v |
8465de90 RP |
109 | else: |
110 | try: | |
111 | # cleanup rules | |
112 | self._del_vrf_rules(v, t) | |
113 | except Exception: | |
114 | pass | |
115 | self.iproute2_vrf_map = iproute2_vrf_map_pruned | |
116 | ||
6f2890fc RP |
117 | self.vrf_table_id_start = policymanager.policymanager_api.get_module_globals(module_name=self.__class__.__name__, attr='vrf-table-id-start') |
118 | if not self.vrf_table_id_start: | |
119 | self.vrf_table_id_start = self.VRF_TABLE_START | |
120 | self.vrf_table_id_end = policymanager.policymanager_api.get_module_globals(module_name=self.__class__.__name__, attr='vrf-table-id-end') | |
121 | if not self.vrf_table_id_end: | |
122 | self.vrf_table_id_end = self.VRF_TABLE_END | |
4a95c92f | 123 | self.vrf_max_count = policymanager.policymanager_api.get_module_globals(module_name=self.__class__.__name__, attr='vrf-max-count') |
6f2890fc RP |
124 | |
125 | last_used_vrf_table = None | |
126 | for t in range(self.vrf_table_id_start, | |
127 | self.vrf_table_id_end): | |
8465de90 RP |
128 | if not self.iproute2_vrf_map.get(t): |
129 | break | |
6f2890fc | 130 | last_used_vrf_table = t |
8465de90 | 131 | self.last_used_vrf_table = last_used_vrf_table |
09753350 | 132 | |
8465de90 RP |
133 | self.iproute2_write_vrf_map = False |
134 | atexit.register(self.iproute2_vrf_map_write) | |
3fcb15fe | 135 | self.vrf_fix_local_table = True |
6f2890fc | 136 | self.vrf_count = 0 |
83841a51 | 137 | self.vrf_cgroup_create = policymanager.policymanager_api.get_module_globals(module_name=self.__class__.__name__, attr='vrf-cgroup-create') |
6f2890fc RP |
138 | if not self.vrf_cgroup_create: |
139 | self.vrf_cgroup_create = False | |
140 | elif self.vrf_cgroup_create == 'yes': | |
141 | self.vrf_cgroup_create = True | |
142 | else: | |
143 | self.vrf_cgroup_create = False | |
8465de90 RP |
144 | |
145 | def iproute2_vrf_map_write(self): | |
146 | if not self.iproute2_write_vrf_map: | |
147 | return | |
148 | self.logger.info('vrf: writing table map to %s' | |
149 | %self.iproute2_vrf_filename) | |
150 | with open(self.iproute2_vrf_filename, 'w') as f: | |
6f2890fc RP |
151 | f.write(self.iproute2_vrf_filehdr %(self.vrf_table_id_start, |
152 | self.vrf_table_id_end)) | |
8465de90 RP |
153 | for t, v in self.iproute2_vrf_map.iteritems(): |
154 | f.write('%s %s\n' %(t, v)) | |
155 | ||
156 | def _is_vrf(self, ifaceobj): | |
157 | if ifaceobj.get_attr_value_first('vrf-table'): | |
158 | return True | |
159 | return False | |
160 | ||
768b4ec5 | 161 | def get_upper_ifacenames(self, ifaceobj, ifacenames_all=None): |
8465de90 RP |
162 | """ Returns list of interfaces dependent on ifaceobj """ |
163 | ||
768b4ec5 RP |
164 | vrf_table = ifaceobj.get_attr_value_first('vrf-table') |
165 | if vrf_table: | |
166 | ifaceobj.link_type = ifaceLinkType.LINK_MASTER | |
167 | ifaceobj.link_kind |= ifaceLinkKind.VRF | |
8465de90 RP |
168 | vrf_iface_name = ifaceobj.get_attr_value_first('vrf') |
169 | if not vrf_iface_name: | |
170 | return None | |
768b4ec5 | 171 | ifaceobj.link_type = ifaceLinkType.LINK_SLAVE |
8ad5c767 RP |
172 | ifaceobj.link_kind |= ifaceLinkKind.VRF_SLAVE |
173 | ||
8465de90 RP |
174 | return [vrf_iface_name] |
175 | ||
768b4ec5 | 176 | def get_upper_ifacenames_running(self, ifaceobj): |
8465de90 RP |
177 | return None |
178 | ||
179 | def _get_iproute2_vrf_table(self, vrf_dev_name): | |
180 | for t, v in self.iproute2_vrf_map.iteritems(): | |
181 | if v == vrf_dev_name: | |
09753350 | 182 | return str(t) |
8465de90 RP |
183 | return None |
184 | ||
185 | def _get_avail_vrf_table_id(self): | |
6f2890fc RP |
186 | if self.last_used_vrf_table == None: |
187 | table_id_start = self.vrf_table_id_start | |
188 | else: | |
189 | table_id_start = self.last_used_vrf_table + 1 | |
190 | for t in range(table_id_start, | |
191 | self.vrf_table_id_end): | |
8465de90 RP |
192 | if not self.iproute2_vrf_map.get(t): |
193 | self.last_used_vrf_table = t | |
6f2890fc | 194 | return str(t) |
8465de90 RP |
195 | return None |
196 | ||
197 | def _iproute2_vrf_table_entry_add(self, vrf_dev_name, table_id): | |
09753350 | 198 | self.iproute2_vrf_map[int(table_id)] = vrf_dev_name |
8465de90 RP |
199 | self.iproute2_write_vrf_map = True |
200 | ||
201 | def _iproute2_vrf_table_entry_del(self, table_id): | |
202 | try: | |
09753350 | 203 | del self.iproute2_vrf_map[int(table_id)] |
8465de90 RP |
204 | self.iproute2_write_vrf_map = True |
205 | except Exception, e: | |
206 | self.logger.info('vrf: iproute2 vrf map del failed for %d (%s)' | |
207 | %(table_id, str(e))) | |
208 | pass | |
209 | ||
aa36221f RP |
210 | def _is_vrf_dev(self, ifacename): |
211 | # Look at iproute2 map for now. | |
212 | # If it was a master we knew about, | |
213 | # it is definately there | |
214 | if ifacename in self.iproute2_vrf_map.values(): | |
215 | return True | |
216 | return False | |
217 | ||
122ef35b RP |
218 | def _is_dhcp_slave(self, ifaceobj): |
219 | if (not ifaceobj.addr_method or | |
220 | (ifaceobj.addr_method != 'dhcp' and | |
221 | ifaceobj.addr_method != 'dhcp6')): | |
222 | return False | |
223 | return True | |
224 | ||
8ad5c767 RP |
225 | def _handle_dhcp_slaves(self, ifacename, vrfname, ifaceobj, |
226 | ifaceobj_getfunc): | |
227 | """ If we have a vrf slave that has dhcp configured, bring up the | |
228 | vrf master now. This is needed because vrf has special handling | |
229 | in dhclient hook which requires the vrf master to be present """ | |
122ef35b RP |
230 | if not self._is_dhcp_slave(ifaceobj): |
231 | return False | |
8ad5c767 RP |
232 | vrf_master = ifaceobj.upperifaces[0] |
233 | if not vrf_master: | |
234 | self.logger.warn('%s: vrf master not found' %ifacename) | |
235 | return | |
236 | if os.path.exists('/sys/class/net/%s' %vrf_master): | |
237 | self.logger.info('%s: vrf master %s exists returning' | |
238 | %(ifacename, vrf_master)) | |
239 | return | |
240 | vrf_master_objs = ifaceobj_getfunc(vrf_master) | |
241 | if not vrf_master_objs: | |
242 | self.logger.warn('%s: vrf master ifaceobj not found' %ifacename) | |
243 | return | |
244 | self.logger.info('%s: bringing up vrf master %s' | |
245 | %(ifacename, vrf_master)) | |
246 | for mobj in vrf_master_objs: | |
247 | vrf_table = mobj.get_attr_value_first('vrf-table') | |
248 | if vrf_table: | |
df53966d RP |
249 | if vrf_table == 'auto': |
250 | vrf_table = self._get_avail_vrf_table_id() | |
251 | if not vrf_table: | |
252 | self.log_error('%s: unable to get an auto table id' | |
253 | %mobj.name) | |
254 | self.logger.info('%s: table id auto: selected table id %s\n' | |
255 | %(mobj.name, vrf_table)) | |
8ad5c767 | 256 | self._up_vrf_dev(mobj, vrf_table, False) |
df53966d | 257 | break |
5c5a7b93 N |
258 | if vrfname == 'mgmt': |
259 | self._kill_ssh(ifaceobj.name) | |
122ef35b | 260 | self._down_dhcp_slave(ifaceobj) |
8ad5c767 RP |
261 | self.ipcmd.link_set(ifacename, 'master', vrfname) |
262 | return | |
263 | ||
122ef35b RP |
264 | def _down_dhcp_slave(self, ifaceobj): |
265 | try: | |
266 | self.dhclientcmd.release(ifaceobj.name) | |
267 | except: | |
268 | # ignore any dhclient release errors | |
269 | pass | |
270 | ||
8ad5c767 | 271 | def _up_vrf_slave(self, ifacename, vrfname, ifaceobj=None, |
09753350 | 272 | ifaceobj_getfunc=None, vrf_exists=False): |
8465de90 | 273 | try: |
09753350 RP |
274 | if vrf_exists or self.ipcmd.link_exists(vrfname): |
275 | upper = self.ipcmd.link_get_upper(ifacename) | |
4d2c9798 | 276 | if not upper or upper != vrfname: |
5c5a7b93 N |
277 | if ifaceobj and vrfname == 'mgmt': |
278 | self._kill_ssh(ifaceobj.name) | |
09753350 | 279 | if ifaceobj and self._is_dhcp_slave(ifaceobj): |
122ef35b RP |
280 | self._down_dhcp_slave(ifaceobj) |
281 | self.ipcmd.link_set(ifacename, 'master', vrfname) | |
8ad5c767 RP |
282 | elif ifaceobj: |
283 | self._handle_dhcp_slaves(ifacename, vrfname, ifaceobj, | |
284 | ifaceobj_getfunc) | |
8465de90 | 285 | except Exception, e: |
d54baa22 | 286 | self.log_error('%s: %s' %(ifacename, str(e))) |
8465de90 RP |
287 | |
288 | def _del_vrf_rules(self, vrf_dev_name, vrf_table): | |
289 | pref = 200 | |
290 | ip_rule_out_format = '%s: from all %s %s lookup %s' | |
291 | ip_rule_cmd = 'ip %s rule del pref %s %s %s table %s' | |
292 | ||
4ce47ce4 | 293 | rule = ip_rule_out_format %(pref, 'oif', vrf_dev_name, vrf_dev_name) |
8465de90 RP |
294 | if rule in self.ip_rule_cache: |
295 | rule_cmd = ip_rule_cmd %('', pref, 'oif', vrf_dev_name, vrf_table) | |
296 | self.exec_command(rule_cmd) | |
297 | ||
4ce47ce4 | 298 | rule = ip_rule_out_format %(pref, 'iif', vrf_dev_name, vrf_dev_name) |
8465de90 RP |
299 | if rule in self.ip_rule_cache: |
300 | rule_cmd = ip_rule_cmd %('', pref, 'iif', vrf_dev_name, vrf_table) | |
301 | self.exec_command(rule_cmd) | |
302 | ||
4ce47ce4 | 303 | rule = ip_rule_out_format %(pref, 'oif', vrf_dev_name, vrf_dev_name) |
e6072769 | 304 | if rule in self.ip6_rule_cache: |
8465de90 RP |
305 | rule_cmd = ip_rule_cmd %('-6', pref, 'oif', vrf_dev_name, |
306 | vrf_table) | |
307 | self.exec_command(rule_cmd) | |
308 | ||
4ce47ce4 | 309 | rule = ip_rule_out_format %(pref, 'iif', vrf_dev_name, vrf_dev_name) |
e6072769 | 310 | if rule in self.ip6_rule_cache: |
8465de90 RP |
311 | rule_cmd = ip_rule_cmd %('-6', pref, 'iif', vrf_dev_name, |
312 | vrf_table) | |
313 | self.exec_command(rule_cmd) | |
314 | ||
315 | def _add_vrf_rules(self, vrf_dev_name, vrf_table): | |
316 | pref = 200 | |
317 | ip_rule_out_format = '%s: from all %s %s lookup %s' | |
318 | ip_rule_cmd = 'ip %s rule add pref %s %s %s table %s' | |
659097a0 N |
319 | if self.vrf_fix_local_table: |
320 | self.vrf_fix_local_table = False | |
321 | rule = '0: from all lookup local' | |
322 | if rule in self.ip_rule_cache: | |
323 | try: | |
3fcb15fe N |
324 | self.exec_command('ip rule del pref 0') |
325 | self.exec_command('ip rule add pref 32765 table local') | |
659097a0 N |
326 | except Exception, e: |
327 | self.logger.info('%s' %str(e)) | |
328 | pass | |
c61672da N |
329 | if rule in self.ip6_rule_cache: |
330 | try: | |
331 | self.exec_command('ip -6 rule del pref 0') | |
332 | self.exec_command('ip -6 rule add pref 32765 table local') | |
333 | except Exception, e: | |
334 | self.logger.info('%s' %str(e)) | |
335 | pass | |
8465de90 | 336 | |
3fcb15fe N |
337 | #Example ip rule |
338 | #200: from all oif blue lookup blue | |
339 | #200: from all iif blue lookup blue | |
340 | ||
341 | rule = ip_rule_out_format %(pref, 'oif', vrf_dev_name, vrf_dev_name) | |
8465de90 RP |
342 | if rule not in self.ip_rule_cache: |
343 | rule_cmd = ip_rule_cmd %('', pref, 'oif', vrf_dev_name, vrf_table) | |
344 | self.exec_command(rule_cmd) | |
345 | ||
3fcb15fe | 346 | rule = ip_rule_out_format %(pref, 'iif', vrf_dev_name, vrf_dev_name) |
8465de90 RP |
347 | if rule not in self.ip_rule_cache: |
348 | rule_cmd = ip_rule_cmd %('', pref, 'iif', vrf_dev_name, vrf_table) | |
349 | self.exec_command(rule_cmd) | |
350 | ||
3fcb15fe | 351 | rule = ip_rule_out_format %(pref, 'oif', vrf_dev_name, vrf_dev_name) |
e6072769 | 352 | if rule not in self.ip6_rule_cache: |
3fcb15fe | 353 | rule_cmd = ip_rule_cmd %('-6', pref, 'oif', vrf_dev_name, vrf_table) |
8465de90 RP |
354 | self.exec_command(rule_cmd) |
355 | ||
3fcb15fe | 356 | rule = ip_rule_out_format %(pref, 'iif', vrf_dev_name, vrf_dev_name) |
e6072769 | 357 | if rule not in self.ip6_rule_cache: |
8465de90 RP |
358 | rule_cmd = ip_rule_cmd %('-6', pref, 'iif', vrf_dev_name, |
359 | vrf_table) | |
360 | self.exec_command(rule_cmd) | |
361 | ||
4d2c9798 | 362 | def _add_vrf_slaves(self, ifaceobj, ifaceobj_getfunc=None): |
768b4ec5 RP |
363 | running_slaves = self.ipcmd.link_get_lowers(ifaceobj.name) |
364 | config_slaves = ifaceobj.lowerifaces | |
b94e4d24 | 365 | if not config_slaves and not running_slaves: |
867e11a2 | 366 | return |
4d2c9798 RP |
367 | |
368 | if not config_slaves: config_slaves = [] | |
369 | if not running_slaves: running_slaves = [] | |
768b4ec5 RP |
370 | add_slaves = set(config_slaves).difference(set(running_slaves)) |
371 | del_slaves = set(running_slaves).difference(set(config_slaves)) | |
372 | if add_slaves: | |
373 | for s in add_slaves: | |
374 | try: | |
09753350 RP |
375 | sobj = None |
376 | if ifaceobj_getfunc: | |
377 | sobj = ifaceobj_getfunc(s) | |
378 | self._up_vrf_slave(s, ifaceobj.name, | |
379 | sobj[0] if sobj else None, | |
380 | ifaceobj_getfunc, True) | |
768b4ec5 RP |
381 | except Exception, e: |
382 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) | |
383 | ||
384 | if del_slaves: | |
385 | for s in del_slaves: | |
386 | try: | |
aa36221f | 387 | sobj = None |
4d2c9798 RP |
388 | if ifaceobj_getfunc: |
389 | sobj = ifaceobj_getfunc(s) | |
390 | # if dhcp slave, release the dhcp lease | |
5c5a7b93 N |
391 | if sobj and ifaceobj.name == 'mgmt': |
392 | self._kill_ssh(sobj[0].name) | |
aa36221f | 393 | self._down_vrf_slave(s, sobj[0] if sobj else None) |
768b4ec5 RP |
394 | except Exception, e: |
395 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) | |
396 | ||
397 | if ifaceobj.link_type == ifaceLinkType.LINK_MASTER: | |
398 | for s in config_slaves: | |
399 | try: | |
400 | rtnetlink_api.rtnl_api.link_set(s, "up") | |
401 | except Exception, e: | |
402 | self.logger.debug('%s: %s: link set up (%s)' | |
403 | %(ifaceobj.name, s, str(e))) | |
404 | pass | |
8465de90 | 405 | |
2df6a60f | 406 | def _create_cgroup(self, ifaceobj): |
6f2890fc RP |
407 | if not self.vrf_cgroup_create: |
408 | return | |
2df6a60f | 409 | try: |
d1e1c43b | 410 | if not os.path.exists('/sys/fs/cgroup/l3mdev/%s' %ifaceobj.name): |
40103cf7 | 411 | self.exec_command('/usr/bin/cgcreate -g l3mdev:%s' %ifaceobj.name) |
8ad5c767 RP |
412 | except Exception, e: |
413 | self.log_error('%s: cgroup create failed (%s)\n' | |
414 | %(ifaceobj.name, str(e)), ifaceobj) | |
415 | try: | |
40103cf7 | 416 | self.exec_command('/usr/bin/cgset -r l3mdev.master-device=%s %s' |
2df6a60f RP |
417 | %(ifaceobj.name, ifaceobj.name)) |
418 | except Exception, e: | |
8ad5c767 | 419 | self.log_warn('%s: cgset failed (%s)\n' |
2df6a60f RP |
420 | %(ifaceobj.name, str(e)), ifaceobj) |
421 | ||
8ad5c767 RP |
422 | def _set_vrf_dev_processed_flag(self, ifaceobj): |
423 | ifaceobj.module_flags[self.name] = \ | |
424 | ifaceobj.module_flags.setdefault(self.name, 0) | \ | |
425 | vrfPrivFlags.PROCESSED | |
426 | ||
427 | def _check_vrf_dev_processed_flag(self, ifaceobj): | |
428 | if (ifaceobj.module_flags.get(self.name, 0x0) & vrfPrivFlags.PROCESSED): | |
429 | return True | |
430 | return False | |
8465de90 | 431 | |
8ad5c767 | 432 | def _create_vrf_dev(self, ifaceobj, vrf_table): |
2df6a60f | 433 | if not self.ipcmd.link_exists(ifaceobj.name): |
6f2890fc RP |
434 | if vrf_table == 'auto': |
435 | vrf_table = self._get_avail_vrf_table_id() | |
436 | if not vrf_table: | |
437 | self.log_error('%s: unable to get an auto table id' | |
438 | %ifaceobj.name) | |
439 | self.logger.info('%s: table id auto: selected table id %s\n' | |
440 | %(ifaceobj.name, vrf_table)) | |
d54baa22 RP |
441 | |
442 | if not vrf_table.isdigit(): | |
443 | self.log_error('%s: vrf-table must be an integer or \'auto\'' | |
444 | %(ifaceobj.name), ifaceobj) | |
445 | ||
6f2890fc RP |
446 | # XXX: If we decide to not allow vrf id usages out of |
447 | # the reserved ifupdown range, then uncomment this code. | |
fd8c6caf RP |
448 | else: |
449 | if (int(vrf_table) < self.vrf_table_id_start or | |
450 | int(vrf_table) > self.vrf_table_id_end): | |
451 | self.log_error('%s: vrf table id %s out of reserved range [%d,%d]' | |
452 | %(ifaceobj.name, vrf_table, | |
453 | self.vrf_table_id_start, | |
454 | self.vrf_table_id_end)) | |
2df6a60f | 455 | try: |
8465de90 RP |
456 | self.ipcmd.link_create(ifaceobj.name, 'vrf', |
457 | {'table' : '%s' %vrf_table}) | |
2df6a60f RP |
458 | except Exception, e: |
459 | self.log_error('%s: create failed (%s)\n' | |
460 | %(ifaceobj.name, str(e))) | |
461 | else: | |
4d2c9798 RP |
462 | if vrf_table == 'auto': |
463 | vrf_table = self._get_iproute2_vrf_table(ifaceobj.name) | |
464 | if not vrf_table: | |
465 | self.log_error('%s: unable to get vrf table id' | |
466 | %ifaceobj.name) | |
6f2890fc | 467 | |
2df6a60f RP |
468 | # if the device exists, check if table id is same |
469 | vrfdev_attrs = self.ipcmd.link_get_linkinfo_attrs(ifaceobj.name) | |
470 | if vrfdev_attrs: | |
471 | running_table = vrfdev_attrs.get('table', None) | |
472 | if vrf_table != running_table: | |
6f2890fc RP |
473 | self.log_error('%s: cannot change vrf table id,running table id %s is different from config id %s' %(ifaceobj.name, |
474 | running_table, vrf_table)) | |
d54baa22 RP |
475 | if vrf_table != 'auto': |
476 | self._iproute2_vrf_table_entry_add(ifaceobj.name, vrf_table) | |
2df6a60f | 477 | |
4d2c9798 RP |
478 | return vrf_table |
479 | ||
8ad5c767 | 480 | def _add_vrf_default_route(self, ifaceobj, vrf_table): |
54616d3f N |
481 | vrf_default_route = ifaceobj.get_attr_value_first('vrf-default-route') |
482 | if not vrf_default_route: | |
483 | vrf_default_route = policymanager.policymanager_api.get_attr_default( | |
8ad5c767 RP |
484 | module_name=self.__class__.__name__, |
485 | attr='vrf-default-route') | |
54616d3f N |
486 | if not vrf_default_route: |
487 | return | |
488 | if str(vrf_default_route).lower() == "yes": | |
489 | try: | |
8ad5c767 | 490 | self.exec_command('ip route add table %s unreachable default' |
05ca6f01 | 491 | ' metric %d' %(vrf_table, 240)) |
54616d3f N |
492 | except OSError, e: |
493 | if e.errno != 17: | |
494 | raise | |
495 | pass | |
496 | ||
0ba9abeb | 497 | try: |
05ca6f01 RP |
498 | self.exec_command('ip -6 route add table %s unreachable ' |
499 | 'default metric %d' %(vrf_table, 240)) | |
0ba9abeb N |
500 | except OSError, e: |
501 | if e.errno != 17: | |
502 | raise | |
503 | pass | |
504 | ||
4d2c9798 RP |
505 | def _up_vrf_dev(self, ifaceobj, vrf_table, add_slaves=True, |
506 | ifaceobj_getfunc=None): | |
8ad5c767 RP |
507 | |
508 | # if vrf dev is already processed return. This can happen | |
509 | # if we had a dhcp slave. See self._handle_dhcp_slaves | |
510 | if self._check_vrf_dev_processed_flag(ifaceobj): | |
511 | return True | |
512 | ||
4d2c9798 | 513 | vrf_table = self._create_vrf_dev(ifaceobj, vrf_table) |
8ad5c767 | 514 | try: |
8ad5c767 RP |
515 | self._add_vrf_rules(ifaceobj.name, vrf_table) |
516 | self._create_cgroup(ifaceobj) | |
517 | if add_slaves: | |
4d2c9798 | 518 | self._add_vrf_slaves(ifaceobj, ifaceobj_getfunc) |
8ad5c767 RP |
519 | self._add_vrf_default_route(ifaceobj, vrf_table) |
520 | self._set_vrf_dev_processed_flag(ifaceobj) | |
521 | except Exception, e: | |
522 | self.log_error('%s: %s' %(ifaceobj.name, str(e))) | |
523 | ||
5c5a7b93 N |
524 | def _kill_ssh(self, ifacename): |
525 | # Fix this in the next version | |
526 | # runningaddrsdict = self.ipcmd.addr_get(ifacename) | |
527 | ||
60fa9203 RP |
528 | # XXX: Roopa: it is currently killing ifupdown2. |
529 | # so, until we fix it, lets not do anything | |
530 | return | |
531 | ||
5c5a7b93 N |
532 | try: |
533 | ip=[] | |
534 | ip6=[] | |
535 | proc=[] | |
536 | #Example output: | |
537 | #2: eth0 inet 10.0.1.84/22 brd 10.0.3.255 scope global eth0\ | |
538 | #valid_lft forever preferred_lft forever | |
539 | for line in self.ipcmd.addr_show(ifacename=ifacename).splitlines(): | |
540 | citems = line.split() | |
541 | if any(word in citems for word in ['inet','inet6']): | |
542 | if 'inet' in citems: | |
543 | ip.append(citems[citems.index('inet')+1].split('/')[0]) | |
544 | else: | |
545 | ip6.append(citems[citems.index('inet6')+1].split('/')[0]) | |
aa36221f | 546 | |
5c5a7b93 N |
547 | if not ip and not ip6: |
548 | return | |
549 | ||
550 | #Example output: | |
551 | #ESTAB 0 0 10.0.1.84:ssh 10.0.1.228:45186 | |
552 | #users:(("sshd",pid=2528,fd=3)) | |
553 | cmdl = ['ss', '-t', '-p'] | |
554 | for line in subprocess.check_output(cmdl, stderr=subprocess.STDOUT, | |
555 | shell=False).splitlines(): | |
556 | citems = line.split() | |
557 | addr = None | |
558 | if '%' in citems[3]: | |
559 | addr = citems[3].split('%')[0] | |
560 | elif ':ssh' in citems[3]: | |
561 | addr = citems[3].split(':')[0] | |
562 | if not addr: | |
563 | continue | |
564 | if (addr in ip) or (addr in ip6): | |
565 | if len(citems) == 6: | |
566 | proc.append(citems[5].split(',')[1].split('=')[1]) | |
567 | ||
568 | if not proc: | |
569 | return | |
570 | pid = subprocess.check_output(['ps', '--no-headers', | |
571 | '-fp', str(os.getppid())], | |
572 | stderr=subprocess.STDOUT, | |
573 | shell=False).split()[2] | |
aa36221f RP |
574 | self.logger.info("%s: killing active ssh sessions: %s" |
575 | %(ifacename, str(proc))) | |
5c5a7b93 N |
576 | for id in proc: |
577 | if id != pid: | |
578 | try: | |
aa36221f | 579 | os.kill(int(id), signal.SIGINT) |
5c5a7b93 N |
580 | except OSError as e: |
581 | continue | |
582 | if pid in proc: | |
32f6e6ca N |
583 | try: |
584 | os.setsid() | |
585 | except OSError, (err_no, err_message): | |
586 | self.logger.info("os.setsid failed: errno=%d: %s" % (err_no, err_message)) | |
587 | self.logger.info("pid=%d pgid=%d" % (os.getpid(), os.getpgid(0))) | |
5c5a7b93 | 588 | try: |
aa36221f RP |
589 | self.logger.info("%s: killing our session: %s" |
590 | %(ifacename, str(proc))) | |
591 | os.kill(int(pid), signal.SIGINT) | |
5c5a7b93 N |
592 | return |
593 | except OSError as e: | |
594 | return | |
595 | except Exception, e: | |
596 | self.logger.info('%s: %s' %(ifacename, str(e))) | |
597 | ||
8ad5c767 | 598 | def _up(self, ifaceobj, ifaceobj_getfunc=None): |
8465de90 RP |
599 | try: |
600 | vrf_table = ifaceobj.get_attr_value_first('vrf-table') | |
601 | if vrf_table: | |
09753350 | 602 | # This is a vrf device |
6f2890fc RP |
603 | if self.vrf_count == self.vrf_max_count: |
604 | self.log_error('%s: max vrf count %d hit...not ' | |
605 | 'creating vrf' %(ifaceobj.name, | |
606 | self.vrf_count)) | |
4d2c9798 | 607 | self._up_vrf_dev(ifaceobj, vrf_table, True, ifaceobj_getfunc) |
8465de90 RP |
608 | else: |
609 | vrf = ifaceobj.get_attr_value_first('vrf') | |
610 | if vrf: | |
09753350 | 611 | # This is a vrf slave |
8ad5c767 RP |
612 | self._up_vrf_slave(ifaceobj.name, vrf, ifaceobj, |
613 | ifaceobj_getfunc) | |
aa36221f RP |
614 | else: |
615 | # check if we were a slave before | |
616 | master = self.ipcmd.link_get_master(ifaceobj.name) | |
617 | if master: | |
618 | if self._is_vrf_dev(master): | |
619 | self._down_vrf_slave(ifaceobj.name, ifaceobj) | |
8465de90 RP |
620 | except Exception, e: |
621 | self.log_error(str(e)) | |
622 | ||
2df6a60f RP |
623 | def _delete_cgroup(self, ifaceobj): |
624 | try: | |
d1e1c43b | 625 | if os.path.exists('/sys/fs/cgroup/l3mdev/%s' %ifaceobj.name): |
3f1811d9 | 626 | self.exec_command('/usr/bin/cgdelete -g l3mdev:%s' %ifaceobj.name) |
2df6a60f | 627 | except Exception, e: |
3f1811d9 | 628 | self.log_info('%s: cgroup delete failed (%s)\n' |
2df6a60f RP |
629 | %(ifaceobj.name, str(e)), ifaceobj) |
630 | ||
c4be5481 | 631 | def _down_vrf_dev(self, ifaceobj, vrf_table, ifaceobj_getfunc=None): |
5c5a7b93 | 632 | |
8465de90 RP |
633 | if vrf_table == 'auto': |
634 | vrf_table = self._get_iproute2_vrf_table(ifaceobj.name) | |
aa36221f RP |
635 | |
636 | try: | |
637 | self.exec_command('/usr/cumulus/bin/cl-vrf service disable %s' %ifaceobj.name) | |
638 | except Exception, e: | |
639 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) | |
640 | pass | |
641 | ||
8465de90 | 642 | try: |
c4be5481 RP |
643 | running_slaves = self.ipcmd.link_get_lowers(ifaceobj.name) |
644 | if running_slaves: | |
645 | for s in running_slaves: | |
646 | if ifaceobj_getfunc: | |
647 | sobj = ifaceobj_getfunc(s) | |
5c5a7b93 N |
648 | if sobj and self.ipcmd.link_get_master(sobj[0].name) == 'mgmt': |
649 | self._kill_ssh(sobj[0].name) | |
c4be5481 RP |
650 | # if dhcp slave, release the dhcp lease |
651 | if sobj and self._is_dhcp_slave(sobj[0]): | |
652 | self._down_dhcp_slave(sobj[0]) | |
768b4ec5 RP |
653 | except Exception, e: |
654 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) | |
655 | pass | |
656 | ||
657 | try: | |
f1c92482 | 658 | self._del_vrf_rules(ifaceobj.name, vrf_table) |
768b4ec5 RP |
659 | except Exception, e: |
660 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) | |
661 | pass | |
662 | ||
663 | try: | |
f1c92482 RP |
664 | self.ipcmd.link_delete(ifaceobj.name) |
665 | except Exception, e: | |
666 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) | |
667 | pass | |
668 | ||
669 | try: | |
670 | self._iproute2_vrf_table_entry_del(vrf_table) | |
671 | self._delete_cgroup(ifaceobj) | |
8465de90 | 672 | except Exception, e: |
768b4ec5 RP |
673 | self.logger.info('%s: %s' %(ifaceobj.name, str(e))) |
674 | pass | |
8465de90 | 675 | |
f1c92482 | 676 | |
aa36221f | 677 | def _down_vrf_slave(self, ifacename, ifaceobj=None): |
8465de90 | 678 | try: |
aa36221f RP |
679 | if ifaceobj and self._is_dhcp_slave(ifaceobj): |
680 | self._down_dhcp_slave(ifaceobj) | |
768b4ec5 | 681 | self.ipcmd.link_set(ifacename, 'nomaster') |
f825610e | 682 | rtnetlink_api.rtnl_api.link_set(ifacename, "down") |
8465de90 | 683 | except Exception, e: |
768b4ec5 | 684 | self.logger.warn('%s: %s' %(ifacename, str(e))) |
8465de90 | 685 | |
8ad5c767 | 686 | def _down(self, ifaceobj, ifaceobj_getfunc=None): |
8465de90 RP |
687 | try: |
688 | vrf_table = ifaceobj.get_attr_value_first('vrf-table') | |
689 | if vrf_table: | |
c4be5481 | 690 | self._down_vrf_dev(ifaceobj, vrf_table, ifaceobj_getfunc) |
8465de90 RP |
691 | else: |
692 | vrf = ifaceobj.get_attr_value_first('vrf') | |
693 | if vrf: | |
aa36221f | 694 | self._down_vrf_slave(ifaceobj.name, ifaceobj) |
8465de90 RP |
695 | except Exception, e: |
696 | self.log_warn(str(e)) | |
697 | ||
698 | def _query_check_vrf_slave(self, ifaceobj, ifaceobjcurr, vrf): | |
699 | try: | |
54616d3f | 700 | master = self.ipcmd.link_get_master(ifaceobj.name) |
8465de90 | 701 | if not master or master != vrf: |
934c4c49 | 702 | ifaceobjcurr.update_config_with_status('vrf', str(master), 1) |
8465de90 RP |
703 | else: |
704 | ifaceobjcurr.update_config_with_status('vrf', master, 0) | |
705 | except Exception, e: | |
706 | self.log_warn(str(e)) | |
707 | ||
708 | def _query_check_vrf_dev(self, ifaceobj, ifaceobjcurr, vrf_table): | |
709 | try: | |
710 | if not self.ipcmd.link_exists(ifaceobj.name): | |
711 | self.logger.info('%s: vrf: does not exist' %(ifaceobj.name)) | |
712 | return | |
713 | if vrf_table == 'auto': | |
714 | config_table = self._get_iproute2_vrf_table(ifaceobj.name) | |
715 | else: | |
716 | config_table = vrf_table | |
717 | vrfdev_attrs = self.ipcmd.link_get_linkinfo_attrs(ifaceobj.name) | |
718 | if not vrfdev_attrs: | |
719 | ifaceobjcurr.update_config_with_status('vrf-table', 'None', 1) | |
720 | return | |
721 | running_table = vrfdev_attrs.get('table') | |
722 | if not running_table: | |
723 | ifaceobjcurr.update_config_with_status('vrf-table', 'None', 1) | |
724 | return | |
725 | if config_table != running_table: | |
726 | ifaceobjcurr.update_config_with_status('vrf-table', | |
727 | running_table, 1) | |
728 | else: | |
729 | ifaceobjcurr.update_config_with_status('vrf-table', | |
730 | running_table, 0) | |
731 | except Exception, e: | |
732 | self.log_warn(str(e)) | |
733 | ||
734 | def _query_check(self, ifaceobj, ifaceobjcurr): | |
735 | try: | |
736 | vrf_table = ifaceobj.get_attr_value_first('vrf-table') | |
737 | if vrf_table: | |
738 | self._query_check_vrf_dev(ifaceobj, ifaceobjcurr, vrf_table) | |
739 | else: | |
740 | vrf = ifaceobj.get_attr_value_first('vrf') | |
741 | if vrf: | |
742 | self._query_check_vrf_slave(ifaceobj, ifaceobjcurr, vrf) | |
743 | except Exception, e: | |
744 | self.log_warn(str(e)) | |
745 | ||
8ad5c767 | 746 | def _query_running(self, ifaceobjrunning, ifaceobj_getfunc=None): |
8465de90 RP |
747 | try: |
748 | kind = self.ipcmd.link_get_kind(ifaceobjrunning.name) | |
749 | if kind == 'vrf': | |
54616d3f | 750 | vrfdev_attrs = self.ipcmd.link_get_linkinfo_attrs(ifaceobjrunning.name) |
8465de90 RP |
751 | if vrfdev_attrs: |
752 | running_table = vrfdev_attrs.get('table') | |
753 | if running_table: | |
754 | ifaceobjrunning.update_config('vrf-table', | |
755 | running_table) | |
756 | elif kind == 'vrf_slave': | |
54616d3f | 757 | vrf = self.ipcmd.link_get_master(ifaceobjrunning.name) |
8465de90 RP |
758 | if vrf: |
759 | ifaceobjrunning.update_config('vrf', vrf) | |
760 | except Exception, e: | |
761 | self.log_warn(str(e)) | |
762 | ||
763 | _run_ops = {'pre-up' : _up, | |
764 | 'post-down' : _down, | |
765 | 'query-running' : _query_running, | |
766 | 'query-checkcurr' : _query_check} | |
767 | ||
768 | def get_ops(self): | |
769 | """ returns list of ops supported by this module """ | |
770 | return self._run_ops.keys() | |
771 | ||
772 | def _init_command_handlers(self): | |
773 | flags = self.get_flags() | |
774 | if not self.ipcmd: | |
775 | self.ipcmd = iproute2(**flags) | |
776 | if not self.bondcmd: | |
777 | self.bondcmd = bondutil(**flags) | |
122ef35b RP |
778 | if not self.dhclientcmd: |
779 | self.dhclientcmd = dhclient(**flags) | |
8465de90 | 780 | |
8ad5c767 RP |
781 | def run(self, ifaceobj, operation, query_ifaceobj=None, |
782 | ifaceobj_getfunc=None, **extra_args): | |
8465de90 RP |
783 | """ run bond configuration on the interface object passed as argument |
784 | ||
785 | Args: | |
786 | **ifaceobj** (object): iface object | |
787 | ||
788 | **operation** (str): any of 'pre-up', 'post-down', 'query-checkcurr', | |
789 | 'query-running' | |
790 | ||
791 | Kwargs: | |
792 | **query_ifaceobj** (object): query check ifaceobject. This is only | |
793 | valid when op is 'query-checkcurr'. It is an object same as | |
794 | ifaceobj, but contains running attribute values and its config | |
795 | status. The modules can use it to return queried running state | |
796 | of interfaces. status is success if the running state is same | |
797 | as user required state in ifaceobj. error otherwise. | |
798 | """ | |
799 | op_handler = self._run_ops.get(operation) | |
800 | if not op_handler: | |
801 | return | |
802 | self._init_command_handlers() | |
803 | if operation == 'query-checkcurr': | |
804 | op_handler(self, ifaceobj, query_ifaceobj) | |
805 | else: | |
8ad5c767 | 806 | op_handler(self, ifaceobj, ifaceobj_getfunc=ifaceobj_getfunc) |