0ade06453c
implements blueprint lbaas-namespace-agent This a reference implemention of the Quantum load balancing service using HAProxy. The implemention is designed for vendors, developers, and deployers to become familiar with the API and service workflow. This change also adds some constraint checks for data integrity. Change-Id: I10a67da11840477ccf063b98149f4f77248802a1
404 lines
14 KiB
Python
404 lines
14 KiB
Python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright 2012 OpenStack LLC
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import abc
|
|
import os
|
|
import re
|
|
import socket
|
|
import StringIO
|
|
import sys
|
|
|
|
import netaddr
|
|
from oslo.config import cfg
|
|
|
|
from quantum.agent.linux import ip_lib
|
|
from quantum.agent.linux import utils
|
|
from quantum.openstack.common import jsonutils
|
|
from quantum.openstack.common import log as logging
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
OPTS = [
|
|
cfg.StrOpt('dhcp_confs',
|
|
default='$state_path/dhcp',
|
|
help=_('Location to store DHCP server config files')),
|
|
cfg.IntOpt('dhcp_lease_time',
|
|
default=120,
|
|
help=_('Lifetime of a DHCP lease in seconds')),
|
|
cfg.StrOpt('dhcp_domain',
|
|
default='openstacklocal',
|
|
help=_('Domain to use for building the hostnames')),
|
|
cfg.StrOpt('dnsmasq_config_file',
|
|
default='',
|
|
help=_('Override the default dnsmasq settings with this file')),
|
|
cfg.StrOpt('dnsmasq_dns_server',
|
|
help=_('Use another DNS server before any in '
|
|
'/etc/resolv.conf.')),
|
|
]
|
|
|
|
IPV4 = 4
|
|
IPV6 = 6
|
|
UDP = 'udp'
|
|
TCP = 'tcp'
|
|
DNS_PORT = 53
|
|
DHCPV4_PORT = 67
|
|
DHCPV6_PORT = 467
|
|
METADATA_DEFAULT_IP = '169.254.169.254'
|
|
|
|
|
|
class DhcpBase(object):
|
|
__metaclass__ = abc.ABCMeta
|
|
|
|
def __init__(self, conf, network, root_helper='sudo',
|
|
device_delegate=None, namespace=None):
|
|
self.conf = conf
|
|
self.network = network
|
|
self.root_helper = root_helper
|
|
self.device_delegate = device_delegate
|
|
self.namespace = namespace
|
|
|
|
@abc.abstractmethod
|
|
def enable(self):
|
|
"""Enables DHCP for this network."""
|
|
|
|
@abc.abstractmethod
|
|
def disable(self, retain_port=False):
|
|
"""Disable dhcp for this network."""
|
|
|
|
def restart(self):
|
|
"""Restart the dhcp service for the network."""
|
|
self.disable(retain_port=True)
|
|
self.enable()
|
|
|
|
@abc.abstractproperty
|
|
def active(self):
|
|
"""Boolean representing the running state of the DHCP server."""
|
|
|
|
@abc.abstractmethod
|
|
def reload_allocations(self):
|
|
"""Force the DHCP server to reload the assignment database."""
|
|
|
|
|
|
class DhcpLocalProcess(DhcpBase):
|
|
PORTS = []
|
|
|
|
def _enable_dhcp(self):
|
|
"""check if there is a subnet within the network with dhcp enabled."""
|
|
for subnet in self.network.subnets:
|
|
if subnet.enable_dhcp:
|
|
return True
|
|
return False
|
|
|
|
def enable(self):
|
|
"""Enables DHCP for this network by spawning a local process."""
|
|
interface_name = self.device_delegate.setup(self.network,
|
|
reuse_existing=True)
|
|
if self.active:
|
|
self.restart()
|
|
elif self._enable_dhcp():
|
|
self.interface_name = interface_name
|
|
self.spawn_process()
|
|
|
|
def disable(self, retain_port=False):
|
|
"""Disable DHCP for this network by killing the local process."""
|
|
pid = self.pid
|
|
|
|
if self.active:
|
|
cmd = ['kill', '-9', pid]
|
|
if self.namespace:
|
|
ip_wrapper = ip_lib.IPWrapper(self.root_helper, self.namespace)
|
|
ip_wrapper.netns.execute(cmd)
|
|
else:
|
|
utils.execute(cmd, self.root_helper)
|
|
|
|
if not retain_port:
|
|
self.device_delegate.destroy(self.network, self.interface_name)
|
|
|
|
elif pid:
|
|
LOG.debug(_('DHCP for %(net_id)s pid %(pid)d is stale, ignoring '
|
|
'command'), {'net_id': self.network.id, 'pid': pid})
|
|
else:
|
|
LOG.debug(_('No DHCP started for %s'), self.network.id)
|
|
|
|
def get_conf_file_name(self, kind, ensure_conf_dir=False):
|
|
"""Returns the file name for a given kind of config file."""
|
|
confs_dir = os.path.abspath(os.path.normpath(self.conf.dhcp_confs))
|
|
conf_dir = os.path.join(confs_dir, self.network.id)
|
|
if ensure_conf_dir:
|
|
if not os.path.isdir(conf_dir):
|
|
os.makedirs(conf_dir, 0755)
|
|
|
|
return os.path.join(conf_dir, kind)
|
|
|
|
def _get_value_from_conf_file(self, kind, converter=None):
|
|
"""A helper function to read a value from one of the state files."""
|
|
file_name = self.get_conf_file_name(kind)
|
|
msg = _('Error while reading %s')
|
|
|
|
try:
|
|
with open(file_name, 'r') as f:
|
|
try:
|
|
return converter and converter(f.read()) or f.read()
|
|
except ValueError, e:
|
|
msg = _('Unable to convert value in %s')
|
|
except IOError, e:
|
|
msg = _('Unable to access %s')
|
|
|
|
LOG.debug(msg % file_name)
|
|
return None
|
|
|
|
@property
|
|
def pid(self):
|
|
"""Last known pid for the DHCP process spawned for this network."""
|
|
return self._get_value_from_conf_file('pid', int)
|
|
|
|
@property
|
|
def active(self):
|
|
pid = self.pid
|
|
if pid is None:
|
|
return False
|
|
|
|
cmd = ['cat', '/proc/%s/cmdline' % pid]
|
|
try:
|
|
return self.network.id in utils.execute(cmd, self.root_helper)
|
|
except RuntimeError, e:
|
|
return False
|
|
|
|
@property
|
|
def interface_name(self):
|
|
return self._get_value_from_conf_file('interface')
|
|
|
|
@interface_name.setter
|
|
def interface_name(self, value):
|
|
interface_file_path = self.get_conf_file_name('interface',
|
|
ensure_conf_dir=True)
|
|
utils.replace_file(interface_file_path, value)
|
|
|
|
@abc.abstractmethod
|
|
def spawn_process(self):
|
|
pass
|
|
|
|
|
|
class Dnsmasq(DhcpLocalProcess):
|
|
# The ports that need to be opened when security policies are active
|
|
# on the Quantum port used for DHCP. These are provided as a convenience
|
|
# for users of this class.
|
|
PORTS = {IPV4: [(UDP, DNS_PORT), (TCP, DNS_PORT), (UDP, DHCPV4_PORT)],
|
|
IPV6: [(UDP, DNS_PORT), (TCP, DNS_PORT), (UDP, DHCPV6_PORT)],
|
|
}
|
|
|
|
_TAG_PREFIX = 'tag%d'
|
|
|
|
QUANTUM_NETWORK_ID_KEY = 'QUANTUM_NETWORK_ID'
|
|
QUANTUM_RELAY_SOCKET_PATH_KEY = 'QUANTUM_RELAY_SOCKET_PATH'
|
|
|
|
def spawn_process(self):
|
|
"""Spawns a Dnsmasq process for the network."""
|
|
env = {
|
|
self.QUANTUM_NETWORK_ID_KEY: self.network.id,
|
|
self.QUANTUM_RELAY_SOCKET_PATH_KEY:
|
|
self.conf.dhcp_lease_relay_socket
|
|
}
|
|
|
|
cmd = [
|
|
'dnsmasq',
|
|
'--no-hosts',
|
|
'--no-resolv',
|
|
'--strict-order',
|
|
'--bind-interfaces',
|
|
'--interface=%s' % self.interface_name,
|
|
'--except-interface=lo',
|
|
'--pid-file=%s' % self.get_conf_file_name(
|
|
'pid', ensure_conf_dir=True),
|
|
#TODO (mark): calculate value from cidr (defaults to 150)
|
|
#'--dhcp-lease-max=%s' % ?,
|
|
'--dhcp-hostsfile=%s' % self._output_hosts_file(),
|
|
'--dhcp-optsfile=%s' % self._output_opts_file(),
|
|
'--dhcp-script=%s' % self._lease_relay_script_path(),
|
|
'--leasefile-ro',
|
|
]
|
|
|
|
for i, subnet in enumerate(self.network.subnets):
|
|
# if a subnet is specified to have dhcp disabled
|
|
if not subnet.enable_dhcp:
|
|
continue
|
|
if subnet.ip_version == 4:
|
|
mode = 'static'
|
|
else:
|
|
# TODO (mark): how do we indicate other options
|
|
# ra-only, slaac, ra-nameservers, and ra-stateless.
|
|
mode = 'static'
|
|
cmd.append('--dhcp-range=set:%s,%s,%s,%ss' %
|
|
(self._TAG_PREFIX % i,
|
|
netaddr.IPNetwork(subnet.cidr).network,
|
|
mode,
|
|
self.conf.dhcp_lease_time))
|
|
|
|
cmd.append('--conf-file=%s' % self.conf.dnsmasq_config_file)
|
|
if self.conf.dnsmasq_dns_server:
|
|
cmd.append('--server=%s' % self.conf.dnsmasq_dns_server)
|
|
|
|
if self.conf.dhcp_domain:
|
|
cmd.append('--domain=%s' % self.conf.dhcp_domain)
|
|
|
|
if self.namespace:
|
|
ip_wrapper = ip_lib.IPWrapper(self.root_helper, self.namespace)
|
|
ip_wrapper.netns.execute(cmd, addl_env=env)
|
|
else:
|
|
# For normal sudo prepend the env vars before command
|
|
cmd = ['%s=%s' % pair for pair in env.items()] + cmd
|
|
utils.execute(cmd, self.root_helper)
|
|
|
|
def reload_allocations(self):
|
|
"""Rebuild the dnsmasq config and signal the dnsmasq to reload."""
|
|
|
|
# If all subnets turn off dhcp, kill the process.
|
|
if not self._enable_dhcp():
|
|
self.disable()
|
|
LOG.debug(_('Killing dhcpmasq for network since all subnets have '
|
|
'turned off DHCP: %s'), self.network.id)
|
|
return
|
|
|
|
self._output_hosts_file()
|
|
self._output_opts_file()
|
|
cmd = ['kill', '-HUP', self.pid]
|
|
|
|
if self.namespace:
|
|
ip_wrapper = ip_lib.IPWrapper(self.root_helper, self.namespace)
|
|
ip_wrapper.netns.execute(cmd)
|
|
else:
|
|
utils.execute(cmd, self.root_helper)
|
|
LOG.debug(_('Reloading allocations for network: %s'), self.network.id)
|
|
|
|
def _output_hosts_file(self):
|
|
"""Writes a dnsmasq compatible hosts file."""
|
|
r = re.compile('[:.]')
|
|
buf = StringIO.StringIO()
|
|
|
|
for port in self.network.ports:
|
|
for alloc in port.fixed_ips:
|
|
name = '%s.%s' % (r.sub('-', alloc.ip_address),
|
|
self.conf.dhcp_domain)
|
|
buf.write('%s,%s,%s\n' %
|
|
(port.mac_address, name, alloc.ip_address))
|
|
|
|
name = self.get_conf_file_name('host')
|
|
utils.replace_file(name, buf.getvalue())
|
|
return name
|
|
|
|
def _output_opts_file(self):
|
|
"""Write a dnsmasq compatible options file."""
|
|
|
|
if self.conf.enable_isolated_metadata:
|
|
subnet_to_interface_ip = self._make_subnet_interface_ip_map()
|
|
|
|
options = []
|
|
for i, subnet in enumerate(self.network.subnets):
|
|
if not subnet.enable_dhcp:
|
|
continue
|
|
if subnet.dns_nameservers:
|
|
options.append(
|
|
self._format_option(i, 'dns-server',
|
|
','.join(subnet.dns_nameservers)))
|
|
|
|
host_routes = ["%s,%s" % (hr.destination, hr.nexthop)
|
|
for hr in subnet.host_routes]
|
|
|
|
# Add host routes for isolated network segments
|
|
enable_metadata = (
|
|
self.conf.enable_isolated_metadata
|
|
and not subnet.gateway_ip
|
|
and subnet.ip_version == 4)
|
|
|
|
if enable_metadata:
|
|
subnet_dhcp_ip = subnet_to_interface_ip[subnet.id]
|
|
host_routes.append(
|
|
'%s/32,%s' % (METADATA_DEFAULT_IP, subnet_dhcp_ip)
|
|
)
|
|
|
|
if host_routes:
|
|
options.append(
|
|
self._format_option(i, 'classless-static-route',
|
|
','.join(host_routes)))
|
|
|
|
if subnet.ip_version == 4:
|
|
if subnet.gateway_ip:
|
|
options.append(self._format_option(i, 'router',
|
|
subnet.gateway_ip))
|
|
else:
|
|
options.append(self._format_option(i, 'router'))
|
|
|
|
name = self.get_conf_file_name('opts')
|
|
utils.replace_file(name, '\n'.join(options))
|
|
return name
|
|
|
|
def _make_subnet_interface_ip_map(self):
|
|
ip_dev = ip_lib.IPDevice(
|
|
self.interface_name,
|
|
self.root_helper,
|
|
self.namespace
|
|
)
|
|
|
|
subnet_lookup = dict(
|
|
(netaddr.IPNetwork(subnet.cidr), subnet.id)
|
|
for subnet in self.network.subnets
|
|
)
|
|
|
|
retval = {}
|
|
|
|
for addr in ip_dev.addr.list():
|
|
ip_net = netaddr.IPNetwork(addr['cidr'])
|
|
|
|
if ip_net in subnet_lookup:
|
|
retval[subnet_lookup[ip_net]] = addr['cidr'].split('/')[0]
|
|
|
|
return retval
|
|
|
|
def _lease_relay_script_path(self):
|
|
return os.path.join(os.path.dirname(sys.argv[0]),
|
|
'quantum-dhcp-agent-dnsmasq-lease-update')
|
|
|
|
def _format_option(self, index, option_name, *args):
|
|
return ','.join(('tag:' + self._TAG_PREFIX % index,
|
|
'option:%s' % option_name) + args)
|
|
|
|
@classmethod
|
|
def lease_update(cls):
|
|
network_id = os.environ.get(cls.QUANTUM_NETWORK_ID_KEY)
|
|
dhcp_relay_socket = os.environ.get(cls.QUANTUM_RELAY_SOCKET_PATH_KEY)
|
|
|
|
action = sys.argv[1]
|
|
if action not in ('add', 'del', 'old'):
|
|
sys.exit()
|
|
|
|
mac_address = sys.argv[2]
|
|
ip_address = sys.argv[3]
|
|
|
|
if action == 'del':
|
|
lease_remaining = 0
|
|
else:
|
|
lease_remaining = int(os.environ.get('DNSMASQ_TIME_REMAINING', 0))
|
|
|
|
data = dict(network_id=network_id, mac_address=mac_address,
|
|
ip_address=ip_address, lease_remaining=lease_remaining)
|
|
|
|
if os.path.exists(dhcp_relay_socket):
|
|
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
|
sock.connect(dhcp_relay_socket)
|
|
sock.send(jsonutils.dumps(data))
|
|
sock.close()
|