From d9b4c7bd2412a117ce7ed33e65a4426cfd117870 Mon Sep 17 00:00:00 2001 From: "wu.chunyang" Date: Tue, 26 Dec 2023 11:41:43 +0800 Subject: [PATCH] Fix potential network conflict when both the management and business network have a gateway. The guest vm may generate an unexpected default gateway which is the businees gateway as opposed to the management one. In this case, trove guest VM may failed to connect with the openstack control plane such as swift service while doing the backup restore action. In addition, if the mgmt port and the business port have the same IP address. This also may cause network conflict This change disable the user defined port once the guest-agent starts when the network isolation is enabled. Change-Id: I7a96952f34ce5f4aead837b94daedd83c0a871d8 --- trove/cmd/guest.py | 11 +++++++++++ trove/guestagent/common/guestagent_utils.py | 17 +++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/trove/cmd/guest.py b/trove/cmd/guest.py index d3938a535b..556cab830e 100644 --- a/trove/cmd/guest.py +++ b/trove/cmd/guest.py @@ -22,6 +22,7 @@ from trove.common import cfg from trove.common import debug_utils from trove.common.i18n import _ from trove.guestagent import api as guest_api +from trove.guestagent.common import guestagent_utils from trove.guestagent.common import operating_system from trove.guestagent import volume @@ -62,6 +63,16 @@ def main(): msg = (_("The guest_id parameter is not set. guest_info.conf " "was not injected into the guest or not read by guestagent")) raise RuntimeError(msg) + if CONF.network_isolation: + # disable user-defined port to avoid potential default gateway + # conflict + try: + guestagent_utils.disable_user_defined_port() + except Exception as e: + LOG.warn("failed to down the user defined port when " + "network_isolation is set to true due to: %s." + "pass...", str(e)) + pass # Create user and group for running docker container. LOG.info('Creating user and group for database service') diff --git a/trove/guestagent/common/guestagent_utils.py b/trove/guestagent/common/guestagent_utils.py index ee452d6883..d13adf1ef3 100644 --- a/trove/guestagent/common/guestagent_utils.py +++ b/trove/guestagent/common/guestagent_utils.py @@ -14,10 +14,14 @@ # under the License. from collections import abc +import json import os import re +from pyroute2 import IPRoute + from trove.common import cfg +from trove.common import constants from trove.common import pagination from trove.common import utils from trove.guestagent.common import operating_system @@ -179,3 +183,16 @@ def get_conf_dir(): operating_system.ensure_directory(conf_dir, as_root=True) return conf_dir + + +def disable_user_defined_port(): + with open(constants.ETH1_CONFIG_PATH) as fd: + eth1_config = json.load(fd) + ipr = IPRoute() + ifaces = ipr.get_links(address=eth1_config.get("mac_address")) + if not ifaces: + return + ifname = ifaces[0].get_attr('IFLA_IFNAME') + operating_system.execute_shell_cmd(f"ip link set {ifname} down", [], + shell=True, + as_root=True)