Merge "Refactor configuring of floating ips on a router."
This commit is contained in:
commit
3e82d12d15
@ -95,7 +95,6 @@ class RouterInfo(object):
|
|||||||
self._snat_enabled = None
|
self._snat_enabled = None
|
||||||
self._snat_action = None
|
self._snat_action = None
|
||||||
self.internal_ports = []
|
self.internal_ports = []
|
||||||
self.floating_ips = []
|
|
||||||
self.root_helper = root_helper
|
self.root_helper = root_helper
|
||||||
self.use_namespaces = use_namespaces
|
self.use_namespaces = use_namespaces
|
||||||
# Invoke the setter for establishing initial SNAT action
|
# Invoke the setter for establishing initial SNAT action
|
||||||
@ -410,45 +409,47 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
|
|||||||
ri.iptables_manager.apply()
|
ri.iptables_manager.apply()
|
||||||
|
|
||||||
def process_router_floating_ips(self, ri, ex_gw_port):
|
def process_router_floating_ips(self, ri, ex_gw_port):
|
||||||
floating_ips = ri.router.get(l3_constants.FLOATINGIP_KEY, [])
|
"""Configure the router's floating IPs
|
||||||
existing_floating_ip_ids = set([fip['id'] for fip in ri.floating_ips])
|
Configures floating ips in iptables and on the router's gateway device.
|
||||||
cur_floating_ip_ids = set([fip['id'] for fip in floating_ips])
|
|
||||||
|
|
||||||
id_to_fip_map = {}
|
Cleans up floating ips that should not longer be configured.
|
||||||
|
"""
|
||||||
|
cidr_suffix = '/32'
|
||||||
|
interface_name = self.get_external_device_name(ex_gw_port['id'])
|
||||||
|
device = ip_lib.IPDevice(interface_name, self.root_helper,
|
||||||
|
namespace=ri.ns_name())
|
||||||
|
|
||||||
for fip in floating_ips:
|
# Clear out all iptables rules for these chains.
|
||||||
if fip['port_id']:
|
for chain, rule in self.floating_forward_rules(None, None):
|
||||||
if fip['id'] not in existing_floating_ip_ids:
|
ri.iptables_manager.ipv4['nat'].empty_chain(chain)
|
||||||
ri.floating_ips.append(fip)
|
|
||||||
self.floating_ip_added(ri, ex_gw_port,
|
|
||||||
fip['floating_ip_address'],
|
|
||||||
fip['fixed_ip_address'])
|
|
||||||
|
|
||||||
# store to see if floatingip was remapped
|
existing_cidrs = set([addr['cidr'] for addr in device.addr.list()])
|
||||||
id_to_fip_map[fip['id']] = fip
|
new_cidrs = set()
|
||||||
|
|
||||||
floating_ip_ids_to_remove = (existing_floating_ip_ids -
|
# Loop once to ensure that floating ips are configured.
|
||||||
cur_floating_ip_ids)
|
for fip in ri.router.get(l3_constants.FLOATINGIP_KEY, []):
|
||||||
for fip in ri.floating_ips:
|
fip_ip = fip['floating_ip_address']
|
||||||
if fip['id'] in floating_ip_ids_to_remove:
|
ip_cidr = str(fip_ip) + cidr_suffix
|
||||||
ri.floating_ips.remove(fip)
|
|
||||||
self.floating_ip_removed(ri, ri.ex_gw_port,
|
new_cidrs.add(ip_cidr)
|
||||||
fip['floating_ip_address'],
|
|
||||||
fip['fixed_ip_address'])
|
if ip_cidr not in existing_cidrs:
|
||||||
else:
|
net = netaddr.IPNetwork(ip_cidr)
|
||||||
# handle remapping of a floating IP
|
device.addr.add(net.version, ip_cidr, str(net.broadcast))
|
||||||
new_fip = id_to_fip_map[fip['id']]
|
self._send_gratuitous_arp_packet(ri, interface_name, fip_ip)
|
||||||
new_fixed_ip = new_fip['fixed_ip_address']
|
|
||||||
existing_fixed_ip = fip['fixed_ip_address']
|
# Rebuild iptables rules for the floating ip.
|
||||||
if (new_fixed_ip and existing_fixed_ip and
|
fixed = fip['fixed_ip_address']
|
||||||
new_fixed_ip != existing_fixed_ip):
|
for chain, rule in self.floating_forward_rules(fip_ip, fixed):
|
||||||
floating_ip = fip['floating_ip_address']
|
ri.iptables_manager.ipv4['nat'].add_rule(chain, rule)
|
||||||
self.floating_ip_removed(ri, ri.ex_gw_port,
|
|
||||||
floating_ip, existing_fixed_ip)
|
ri.iptables_manager.apply()
|
||||||
self.floating_ip_added(ri, ri.ex_gw_port,
|
|
||||||
floating_ip, new_fixed_ip)
|
# Clean up addresses that no longer belong on the gateway interface.
|
||||||
ri.floating_ips.remove(fip)
|
for ip_cidr in existing_cidrs - new_cidrs:
|
||||||
ri.floating_ips.append(new_fip)
|
if ip_cidr.endswith(cidr_suffix):
|
||||||
|
net = netaddr.IPNetwork(ip_cidr)
|
||||||
|
device.addr.delete(net.version, ip_cidr)
|
||||||
|
|
||||||
def _get_ex_gw_port(self, ri):
|
def _get_ex_gw_port(self, ri):
|
||||||
return ri.router.get('gw_port')
|
return ri.router.get('gw_port')
|
||||||
@ -567,34 +568,6 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
|
|||||||
(internal_cidr, ex_gw_ip))]
|
(internal_cidr, ex_gw_ip))]
|
||||||
return rules
|
return rules
|
||||||
|
|
||||||
def floating_ip_added(self, ri, ex_gw_port, floating_ip, fixed_ip):
|
|
||||||
ip_cidr = str(floating_ip) + '/32'
|
|
||||||
interface_name = self.get_external_device_name(ex_gw_port['id'])
|
|
||||||
device = ip_lib.IPDevice(interface_name, self.root_helper,
|
|
||||||
namespace=ri.ns_name())
|
|
||||||
|
|
||||||
if ip_cidr not in [addr['cidr'] for addr in device.addr.list()]:
|
|
||||||
net = netaddr.IPNetwork(ip_cidr)
|
|
||||||
device.addr.add(net.version, ip_cidr, str(net.broadcast))
|
|
||||||
self._send_gratuitous_arp_packet(ri, interface_name, floating_ip)
|
|
||||||
|
|
||||||
for chain, rule in self.floating_forward_rules(floating_ip, fixed_ip):
|
|
||||||
ri.iptables_manager.ipv4['nat'].add_rule(chain, rule)
|
|
||||||
ri.iptables_manager.apply()
|
|
||||||
|
|
||||||
def floating_ip_removed(self, ri, ex_gw_port, floating_ip, fixed_ip):
|
|
||||||
ip_cidr = str(floating_ip) + '/32'
|
|
||||||
net = netaddr.IPNetwork(ip_cidr)
|
|
||||||
interface_name = self.get_external_device_name(ex_gw_port['id'])
|
|
||||||
|
|
||||||
device = ip_lib.IPDevice(interface_name, self.root_helper,
|
|
||||||
namespace=ri.ns_name())
|
|
||||||
device.addr.delete(net.version, ip_cidr)
|
|
||||||
|
|
||||||
for chain, rule in self.floating_forward_rules(floating_ip, fixed_ip):
|
|
||||||
ri.iptables_manager.ipv4['nat'].remove_rule(chain, rule)
|
|
||||||
ri.iptables_manager.apply()
|
|
||||||
|
|
||||||
def floating_forward_rules(self, floating_ip, fixed_ip):
|
def floating_forward_rules(self, floating_ip, fixed_ip):
|
||||||
return [('PREROUTING', '-d %s -j DNAT --to %s' %
|
return [('PREROUTING', '-d %s -j DNAT --to %s' %
|
||||||
(floating_ip, fixed_ip)),
|
(floating_ip, fixed_ip)),
|
||||||
|
@ -186,47 +186,6 @@ class TestBasicRouterOperations(base.BaseTestCase):
|
|||||||
def testAgentRemoveExternalGateway(self):
|
def testAgentRemoveExternalGateway(self):
|
||||||
self._test_external_gateway_action('remove')
|
self._test_external_gateway_action('remove')
|
||||||
|
|
||||||
def _test_floating_ip_action(self, action):
|
|
||||||
router_id = _uuid()
|
|
||||||
ri = l3_agent.RouterInfo(router_id, self.conf.root_helper,
|
|
||||||
self.conf.use_namespaces, None)
|
|
||||||
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
|
|
||||||
floating_ip = '20.0.0.100'
|
|
||||||
fixed_ip = '10.0.0.23'
|
|
||||||
ex_gw_port = {'fixed_ips': [{'ip_address': '20.0.0.30',
|
|
||||||
'subnet_id': _uuid()}],
|
|
||||||
'subnet': {'gateway_ip': '20.0.0.1'},
|
|
||||||
'id': _uuid(),
|
|
||||||
'mac_address': 'ca:fe:de:ad:be:ef',
|
|
||||||
'ip_cidr': '20.0.0.30/24'}
|
|
||||||
interface_name = agent.get_external_device_name(ex_gw_port['id'])
|
|
||||||
|
|
||||||
if action == 'add':
|
|
||||||
self.device_exists.return_value = False
|
|
||||||
agent.floating_ip_added(ri, ex_gw_port, floating_ip, fixed_ip)
|
|
||||||
arping_cmd = ['arping', '-A', '-U',
|
|
||||||
'-I', interface_name,
|
|
||||||
'-c', self.conf.send_arp_for_ha,
|
|
||||||
floating_ip]
|
|
||||||
if self.conf.use_namespaces:
|
|
||||||
self.mock_ip.netns.execute.assert_any_call(
|
|
||||||
arping_cmd, check_exit_code=True)
|
|
||||||
else:
|
|
||||||
self.utils_exec.assert_any_call(
|
|
||||||
check_exit_code=True, root_helper=self.conf.root_helper)
|
|
||||||
|
|
||||||
elif action == 'remove':
|
|
||||||
self.device_exists.return_value = True
|
|
||||||
agent.floating_ip_removed(ri, ex_gw_port, floating_ip, fixed_ip)
|
|
||||||
else:
|
|
||||||
raise Exception("Invalid action %s" % action)
|
|
||||||
|
|
||||||
def testAgentAddFloatingIP(self):
|
|
||||||
self._test_floating_ip_action('add')
|
|
||||||
|
|
||||||
def testAgentRemoveFloatingIP(self):
|
|
||||||
self._test_floating_ip_action('remove')
|
|
||||||
|
|
||||||
def _check_agent_method_called(self, agent, calls, namespace):
|
def _check_agent_method_called(self, agent, calls, namespace):
|
||||||
if namespace:
|
if namespace:
|
||||||
self.mock_ip.netns.execute.assert_has_calls(
|
self.mock_ip.netns.execute.assert_has_calls(
|
||||||
@ -381,6 +340,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
|
|||||||
|
|
||||||
def testProcessRouter(self):
|
def testProcessRouter(self):
|
||||||
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
|
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
|
||||||
|
agent.process_router_floating_ips = mock.Mock()
|
||||||
router = self._prepare_router_data()
|
router = self._prepare_router_data()
|
||||||
fake_floatingips1 = {'floatingips': [
|
fake_floatingips1 = {'floatingips': [
|
||||||
{'id': _uuid(),
|
{'id': _uuid(),
|
||||||
@ -407,6 +367,87 @@ class TestBasicRouterOperations(base.BaseTestCase):
|
|||||||
del router['gw_port']
|
del router['gw_port']
|
||||||
agent.process_router(ri)
|
agent.process_router(ri)
|
||||||
|
|
||||||
|
agent.process_router_floating_ips.assert_called_with(ri, None)
|
||||||
|
|
||||||
|
@mock.patch('neutron.agent.linux.ip_lib.IPDevice')
|
||||||
|
def test_process_router_floating_ip_add(self, IPDevice):
|
||||||
|
fip = {
|
||||||
|
'id': _uuid(), 'port_id': _uuid(),
|
||||||
|
'floating_ip_address': '15.1.2.3',
|
||||||
|
'fixed_ip_address': '192.168.0.1'
|
||||||
|
}
|
||||||
|
|
||||||
|
IPDevice.return_value = device = mock.Mock()
|
||||||
|
device.addr.list.return_value = []
|
||||||
|
|
||||||
|
ri = mock.MagicMock()
|
||||||
|
ri.router.get.return_value = [fip]
|
||||||
|
|
||||||
|
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
|
||||||
|
agent._send_gratuitous_arp_packet = mock.Mock()
|
||||||
|
|
||||||
|
agent.process_router_floating_ips(ri, {'id': _uuid()})
|
||||||
|
|
||||||
|
device.addr.add.assert_called_once_with(4, '15.1.2.3/32', '15.1.2.3')
|
||||||
|
self.assertTrue(agent._send_gratuitous_arp_packet.called)
|
||||||
|
|
||||||
|
nat = ri.iptables_manager.ipv4['nat']
|
||||||
|
rules = agent.floating_forward_rules('15.1.2.3', '192.168.0.1')
|
||||||
|
for chain, rule in rules:
|
||||||
|
nat.empty_chain.assert_any_call(chain)
|
||||||
|
nat.add_rule.assert_any_call(chain, rule)
|
||||||
|
|
||||||
|
@mock.patch('neutron.agent.linux.ip_lib.IPDevice')
|
||||||
|
def test_process_router_floating_ip_remove(self, IPDevice):
|
||||||
|
IPDevice.return_value = device = mock.Mock()
|
||||||
|
device.addr.list.return_value = [{'cidr': '15.1.2.3/32'}]
|
||||||
|
|
||||||
|
ri = mock.MagicMock()
|
||||||
|
ri.router.get.return_value = []
|
||||||
|
|
||||||
|
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
|
||||||
|
agent._send_gratuitous_arp_packet = mock.Mock()
|
||||||
|
|
||||||
|
agent.process_router_floating_ips(ri, {'id': _uuid()})
|
||||||
|
|
||||||
|
device.addr.delete.assert_called_once_with(4, '15.1.2.3/32')
|
||||||
|
self.assertFalse(agent._send_gratuitous_arp_packet.called)
|
||||||
|
|
||||||
|
nat = ri.iptables_manager.ipv4['nat']
|
||||||
|
nat = ri.iptables_manager.ipv4['nat']
|
||||||
|
for chain, rule in agent.floating_forward_rules(None, None):
|
||||||
|
nat.empty_chain.assert_any_call(chain)
|
||||||
|
self.assertFalse(nat.add_rule.called)
|
||||||
|
|
||||||
|
@mock.patch('neutron.agent.linux.ip_lib.IPDevice')
|
||||||
|
def test_process_router_floating_ip_remap(self, IPDevice):
|
||||||
|
fip = {
|
||||||
|
'id': _uuid(), 'port_id': _uuid(),
|
||||||
|
'floating_ip_address': '15.1.2.3',
|
||||||
|
'fixed_ip_address': '192.168.0.2'
|
||||||
|
}
|
||||||
|
|
||||||
|
IPDevice.return_value = device = mock.Mock()
|
||||||
|
device.addr.list.return_value = [{'cidr': '15.1.2.3/32'}]
|
||||||
|
ri = mock.MagicMock()
|
||||||
|
|
||||||
|
ri.router.get.return_value = [fip]
|
||||||
|
|
||||||
|
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
|
||||||
|
agent._send_gratuitous_arp_packet = mock.Mock()
|
||||||
|
|
||||||
|
agent.process_router_floating_ips(ri, {'id': _uuid()})
|
||||||
|
|
||||||
|
self.assertFalse(device.addr.add.called)
|
||||||
|
self.assertFalse(device.addr.delete.called)
|
||||||
|
self.assertFalse(agent._send_gratuitous_arp_packet.called)
|
||||||
|
|
||||||
|
nat = ri.iptables_manager.ipv4['nat']
|
||||||
|
rules = agent.floating_forward_rules('15.1.2.3', '192.168.0.2')
|
||||||
|
for chain, rule in rules:
|
||||||
|
nat.empty_chain.assert_any_call(chain)
|
||||||
|
nat.add_rule.assert_any_call(chain, rule)
|
||||||
|
|
||||||
def test_process_router_snat_disabled(self):
|
def test_process_router_snat_disabled(self):
|
||||||
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
|
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
|
||||||
router = self._prepare_router_data()
|
router = self._prepare_router_data()
|
||||||
|
Loading…
x
Reference in New Issue
Block a user