davidjumani commented on a change in pull request #5110:
URL: https://github.com/apache/cloudstack/pull/5110#discussion_r660435645
##########
File path: scripts/vm/network/security_group.py
##########
@@ -185,7 +185,9 @@ def destroy_network_rules_for_nic(vm_name, vm_ip, vm_mac,
vif, sec_ips):
logging.debug("Ignoring failure to delete ebtable rules for vm: " +
vm_name)
def get_bridge_physdev(brname):
- physdev = execute("bridge -o link show | awk '/master %s / && !/^[0-9]+:
vnet/ {print $2}' | head -1 | cut -d ':' -f1" % brname)
+ # eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master
breth1-50 state forwarding priority 32 cost 4 |
+ # eth1.50@eth1: | eth1.50@eth1 | eth1.50
+ physdev = execute("bridge -o link show | awk '/master %s / && !/^[0-9]+:
vnet/ {print $2}' | head -1 | cut -d ':' -f1 | cut -d '@' -f1" % brname)
Review comment:
Tested, on c7, ubuntu, no issues
##########
File path: python/lib/cloud_utils.py
##########
@@ -352,533 +356,6 @@ def preflight_checks(do_check_kvm=True):
return preflight_checks
-# ========================== CONFIGURATION TASKS
================================
-
-# A Task is a function that runs within the context of its run() function that
runs the function execute(), which does several things, reporting back to the
caller as it goes with the use of yield
-# the done() method ought to return true if the task has run in the past
-# the execute() method must implement the configuration act itself
-# run() wraps the output of execute() within a Starting taskname and a
Completed taskname message
-# tasks have a name
-
-class TaskFailed(Exception): pass
- #def __init__(self,code,msg):
- #Exception.__init__(self,msg)
- #self.code = code
-
-class ConfigTask:
- name = "generic config task"
- autoMode=False
- def __init__(self): pass
- def done(self):
- """Returns true if the config task has already been done in the
past, false if it hasn't"""
- return False
- def execute(self):
- """Executes the configuration task. Must not be run if test()
returned true.
- Must yield strings that describe the steps in the task.
- Raises TaskFailed if the task failed at some step.
- """
- def run (self):
- stderr("Starting %s"%self.name)
- it = self.execute()
- if not it:
- pass # not a yielding iterable
- else:
- for msg in it: stderr(msg)
- stderr("Completed %s"%self.name)
- def setAutoMode(self, autoMode):
- self.autoMode = autoMode
- def isAutoMode(self):
- return self.autoMode
-
-
-# ============== these are some configuration tasks ==================
-
-class SetupNetworking(ConfigTask):
- name = "network setup"
- def __init__(self,brname, pubNic, prvNic):
- ConfigTask.__init__(self)
- self.brname = brname
- self.pubNic = pubNic
- self.prvNic = prvNic
- self.runtime_state_changed = False
- self.was_nm_service_running = None
- self.was_net_service_running = None
- if distro in (Fedora, CentOS, RHEL6):
- self.nmservice = 'NetworkManager'
- self.netservice = 'network'
- else:
- self.nmservice = 'network-manager'
- self.netservice = 'networking'
-
-
- def done(self):
- try:
- alreadysetup = False
- if distro in (Fedora,CentOS, RHEL6):
- if self.pubNic != None:
- alreadysetup = alreadysetup or
augtool._print("/files/etc/sysconfig/network-scripts/ifcfg-%s"%self.pubNic).stdout.strip()
- if self.prvNic != None:
- alreadysetup = alreadysetup or
augtool._print("/files/etc/sysconfig/network-scripts/ifcfg-%s"%self.prvNic).stdout.strip()
- if not alreadysetup:
- alreadysetup =
augtool._print("/files/etc/sysconfig/network-scripts/ifcfg-%s"%self.brname).stdout.strip()
-
- else:
- if self.pubNic != None:
- alreadysetup = alreadysetup or
augtool._print("/files/etc/network/interfaces/iface",self.pubNic).stdout.strip()
- if self.prvNic != None:
- alreadysetup = alreadysetup or
augtool._print("/files/etc/network/interfaces/iface",self.prvNic).stdout.strip()
- if not alreadysetup:
- alreadysetup =
augtool.match("/files/etc/network/interfaces/iface",self.brname).stdout.strip()
- return alreadysetup
- except OSError as e:
- if e.errno == 2: raise TaskFailed("augtool has not been
properly installed on this system")
- raise
-
- def restore_state(self):
- if not self.runtime_state_changed: return
-
- try:
- o = ifconfig(self.brname)
- bridge_exists = True
- except CalledProcessError as e:
- print(e.stdout + e.stderr)
- bridge_exists = False
-
- if bridge_exists:
- ifconfig(self.brname,"0.0.0.0")
- if hasattr(self,"old_net_device"):
- ifdown(self.old_net_device)
- ifup(self.old_net_device)
- try: ifdown(self.brname)
- except CalledProcessError: pass
- try: ifconfig(self.brname,"down")
- except CalledProcessError: pass
- try: ip("link del",self.brname)
- except CalledProcessError: pass
- try: ifdown("--force",self.brname)
- except CalledProcessError: pass
-
-
- if self.was_net_service_running is None:
- # we do nothing
- pass
- elif self.was_net_service_running == False:
- stop_service(self.netservice,force=True)
- time.sleep(1)
- else:
- # we altered service configuration
- stop_service(self.netservice,force=True)
- time.sleep(1)
- try: start_service(self.netservice,force=True)
- except CalledProcessError as e:
- if e.returncode == 1: pass
- else: raise
- time.sleep(1)
-
- if self.was_nm_service_running is None:
- # we do nothing
- pass
- elif self.was_nm_service_running == False:
- stop_service(self.nmservice,force=True)
- time.sleep(1)
- else:
- # we altered service configuration
- stop_service(self.nmservice,force=True)
- time.sleep(1)
- start_service(self.nmservice,force=True)
- time.sleep(1)
-
- self.runtime_state_changed = False
-
- def execute(self):
- yield "Determining default route"
- routes = ip.route().stdout.splitlines()
- defaultroute = [ x for x in routes if x.startswith("default") ]
- if not defaultroute: raise TaskFailed("Your network
configuration does not have a default route")
-
- dev = defaultroute[0].split()[4]
- yield "Default route assigned to device %s"%dev
-
- self.old_net_device = dev
-
- if distro in (Fedora, CentOS, RHEL6):
- inconfigfile =
"/".join(augtool.match("/files/etc/sysconfig/network-scripts/*/DEVICE",dev).stdout.strip().split("/")[:-1])
- if not inconfigfile: raise TaskFailed("Device %s has
not been set up in /etc/sysconfig/network-scripts"%dev)
- pathtoconfigfile = inconfigfile[6:]
-
- if distro in (Fedora, CentOS, RHEL6):
- automatic =
augtool.match("%s/ONBOOT"%inconfigfile,"yes").stdout.strip()
- else:
- automatic =
augtool.match("/files/etc/network/interfaces/auto/*/",dev).stdout.strip()
- if not automatic:
- if distro is Fedora: raise TaskFailed("Device %s has
not been set up in %s as automatic on boot"%dev,pathtoconfigfile)
- else: raise TaskFailed("Device %s has not been set up
in /etc/network/interfaces as automatic on boot"%dev)
-
- if distro not in (Fedora , CentOS, RHEL6):
- inconfigfile =
augtool.match("/files/etc/network/interfaces/iface",dev).stdout.strip()
- if not inconfigfile: raise TaskFailed("Device %s has
not been set up in /etc/network/interfaces"%dev)
-
- if distro in (Fedora, CentOS, RHEL6):
- isstatic = augtool.match(inconfigfile +
"/BOOTPROTO","none").stdout.strip()
- if not isstatic: isstatic = augtool.match(inconfigfile
+ "/BOOTPROTO","static").stdout.strip()
- else:
- isstatic = augtool.match(inconfigfile +
"/method","static").stdout.strip()
- if not isstatic:
- if distro in (Fedora, CentOS, RHEL6): raise
TaskFailed("Device %s has not been set up as a static device in
%s"%(dev,pathtoconfigfile))
- else: raise TaskFailed("Device %s has not been set up
as a static device in /etc/network/interfaces"%dev)
-
- if is_service_running(self.nmservice):
- self.was_nm_service_running = True
- yield "Stopping NetworkManager to avoid automatic
network reconfiguration"
- disable_service(self.nmservice)
- else:
- self.was_nm_service_running = False
-
- if is_service_running(self.netservice):
- self.was_net_service_running = True
- else:
- self.was_net_service_running = False
-
- yield "Creating Cloud bridging device and making device %s
member of this bridge"%dev
-
- if distro in (Fedora, CentOS, RHEL6):
- ifcfgtext = open(pathtoconfigfile).read()
- newf =
"/etc/sysconfig/network-scripts/ifcfg-%s"%self.brname
- #def restore():
- #try: os.unlink(newf)
- #except OSError,e:
- #if errno == 2: pass
- #raise
- #try:
open(pathtoconfigfile,"w").write(ifcfgtext)
- #except OSError,e: raise
-
- f = open(newf,"w") ; f.write(ifcfgtext) ; f.flush() ;
f.close()
- innewconfigfile = "/files" + newf
-
- script = """set %s/DEVICE %s
-set %s/NAME %s
-set %s/BRIDGE_PORTS %s
-set %s/TYPE Bridge
-rm %s/HWADDR
-rm %s/UUID
-rm %s/HWADDR
-rm %s/IPADDR
-rm %s/DEFROUTE
-rm %s/NETMASK
-rm %s/GATEWAY
-rm %s/BROADCAST
-rm %s/NETWORK
-set %s/BRIDGE %s
-save"""%(innewconfigfile,self.brname,innewconfigfile,self.brname,innewconfigfile,dev,
-
innewconfigfile,innewconfigfile,innewconfigfile,innewconfigfile,
-
inconfigfile,inconfigfile,inconfigfile,inconfigfile,inconfigfile,inconfigfile,
- inconfigfile,self.brname)
-
- yield "Executing the following reconfiguration
script:\n%s"%script
-
- try:
- returned = augtool < script
- if "Saved 2 file" not in returned.stdout:
- print(returned.stdout + returned.stderr)
- #restore()
- raise TaskFailed("Network
reconfiguration failed.")
- else:
- yield "Network reconfiguration complete"
- except CalledProcessError as e:
- #restore()
- print(e.stdout + e.stderr)
- raise TaskFailed("Network reconfiguration
failed")
- else: # Not fedora
- backup = open("/etc/network/interfaces").read(-1)
- #restore = lambda:
open("/etc/network/interfaces","w").write(backup)
-
- script = """set %s %s
-set %s %s
-set %s/bridge_ports %s
-save"""%(automatic,self.brname,inconfigfile,self.brname,inconfigfile,dev)
-
- yield "Executing the following reconfiguration
script:\n%s"%script
-
- try:
- returned = augtool < script
- if "Saved 1 file" not in returned.stdout:
- #restore()
- raise TaskFailed("Network
reconfiguration failed.")
- else:
- yield "Network reconfiguration complete"
- except CalledProcessError as e:
- #restore()
- print(e.stdout + e.stderr)
- raise TaskFailed("Network reconfiguration
failed")
-
- yield "We are going to restart network services now, to make
the network changes take effect. Hit ENTER when you are ready."
- if self.isAutoMode(): pass
- else:
- input()
-
- # if we reach here, then if something goes wrong we should
attempt to revert the runinng state
- # if not, then no point
- self.runtime_state_changed = True
-
- yield "Enabling and restarting non-NetworkManager networking"
- if distro is Ubuntu: ifup(self.brname,stdout=None,stderr=None)
- stop_service(self.netservice)
- try: enable_service(self.netservice,forcestart=True)
- except CalledProcessError as e:
- if e.returncode == 1: pass
- else: raise
-
- yield "Verifying that the bridge is up"
- try:
- o = ifconfig(self.brname)
- except CalledProcessError as e:
- print(e.stdout + e.stderr)
- raise TaskFailed("The bridge could not be set up
properly")
-
- yield "Networking restart done"
-
-
-class SetupCgConfig(ConfigTask):
- name = "control groups configuration"
-
- def done(self):
-
- try:
- return "group virt" in
open("/etc/cgconfig.conf","r").read(-1)
- except IOError as e:
- if e.errno == 2: raise TaskFailed("cgconfig has not
been properly installed on this system")
- raise
-
- def execute(self):
- cgconfig = open("/etc/cgconfig.conf","r").read(-1)
- cgconfig = cgconfig + """
-group virt {
- cpu {
- cpu.shares = 9216;
- }
-}
-"""
- open("/etc/cgconfig.conf","w").write(cgconfig)
-
- stop_service("cgconfig")
- enable_service("cgconfig",forcestart=True)
-
-
-class SetupCgRules(ConfigTask):
- name = "control group rules setup"
- cfgline = "root:/usr/sbin/libvirtd cpu virt/"
-
- def done(self):
- try:
- return self.cfgline in
open("/etc/cgrules.conf","r").read(-1)
- except IOError as e:
- if e.errno == 2: raise TaskFailed("cgrulesd has not
been properly installed on this system")
- raise
-
- def execute(self):
- cgrules = open("/etc/cgrules.conf","r").read(-1)
- cgrules = cgrules + "\n" + self.cfgline + "\n"
- open("/etc/cgrules.conf","w").write(cgrules)
-
- stop_service("cgred")
- enable_service("cgred")
-
-
-class SetupSecurityDriver(ConfigTask):
- name = "security driver setup"
- cfgline = "security_driver = \"none\""
- filename = "/etc/libvirt/qemu.conf"
-
- def done(self):
- try:
- return self.cfgline in open(self.filename,"r").read(-1)
- except IOError as e:
- if e.errno == 2: raise TaskFailed("qemu has not been
properly installed on this system")
- raise
-
- def execute(self):
- libvirtqemu = open(self.filename,"r").read(-1)
- libvirtqemu = libvirtqemu + "\n" + self.cfgline + "\n"
- open("/etc/libvirt/qemu.conf","w").write(libvirtqemu)
-
-
-class SetupLibvirt(ConfigTask):
- name = "libvirt setup"
- cfgline = "export CGROUP_DAEMON='cpu:/virt'"
- def done(self):
- try:
- if distro in (Fedora,CentOS, RHEL6): libvirtfile =
"/etc/sysconfig/libvirtd"
- elif distro is Ubuntu: libvirtfile =
"/etc/default/libvirt-bin"
- else: raise AssertionError("We should not reach this")
- return self.cfgline in open(libvirtfile,"r").read(-1)
- except IOError as e:
- if e.errno == 2: raise TaskFailed("libvirt has not been
properly installed on this system")
- raise
-
- def execute(self):
- if distro in (Fedora,CentOS, RHEL6): libvirtfile =
"/etc/sysconfig/libvirtd"
- elif distro is Ubuntu: libvirtfile =
"/etc/default/libvirt-bin"
- else: raise AssertionError("We should not reach this")
- libvirtbin = open(libvirtfile,"r").read(-1)
- libvirtbin = libvirtbin + "\n" + self.cfgline + "\n"
- open(libvirtfile,"w").write(libvirtbin)
-
- if distro in (CentOS, Fedora, RHEL6): svc = "libvirtd"
- else: svc = "libvirt-bin"
- stop_service(svc)
- enable_service(svc)
-
-class SetupLiveMigration(ConfigTask):
- name = "live migration setup"
- stanzas = (
- "listen_tcp=1",
- 'tcp_port="16509"',
- 'auth_tcp="none"',
- "listen_tls=0",
- )
-
- def done(self):
- try:
- lines = [ s.strip() for s in
open("/etc/libvirt/libvirtd.conf").readlines() ]
- if all( [ stanza in lines for stanza in self.stanzas ]
): return True
- except IOError as e:
- if e.errno == 2: raise TaskFailed("libvirt has not been
properly installed on this system")
- raise
-
- def execute(self):
-
- for stanza in self.stanzas:
- startswith = stanza.split("=")[0] + '='
-
replace_or_add_line("/etc/libvirt/libvirtd.conf",startswith,stanza)
-
- if distro in (Fedora, RHEL6):
-
replace_or_add_line("/etc/sysconfig/libvirtd","LIBVIRTD_ARGS=","LIBVIRTD_ARGS=-l")
-
- elif distro is Ubuntu:
- if os.path.exists("/etc/init/libvirt-bin.conf"):
- replace_line("/etc/init/libvirt-bin.conf",
"exec /usr/sbin/libvirtd","exec /usr/sbin/libvirtd -d -l")
- else:
-
replace_or_add_line("/etc/default/libvirt-bin","libvirtd_opts=","libvirtd_opts='-l'")
-
- else:
- raise AssertionError("Unsupported distribution")
-
- if distro in (CentOS, Fedora, RHEL6): svc = "libvirtd"
- else: svc =
"libvirt-bin"
- stop_service(svc)
- enable_service(svc)
-
-
-class SetupRequiredServices(ConfigTask):
- name = "required services setup"
-
- def done(self):
- if distro in (Fedora, RHEL6): nfsrelated = "rpcbind nfslock"
- elif distro is CentOS: nfsrelated = "portmap nfslock"
- else: return True
- return all( [ is_service_running(svc) for svc in
nfsrelated.split() ] )
-
- def execute(self):
-
- if distro in (Fedora, RHEL6): nfsrelated = "rpcbind nfslock"
- elif distro is CentOS: nfsrelated = "portmap nfslock"
- else: raise AssertionError("Unsupported distribution")
-
- for svc in nfsrelated.split(): enable_service(svc)
-
-
-class SetupFirewall(ConfigTask):
- name = "firewall setup"
-
- def done(self):
-
- if distro in (Fedora, CentOS,RHEL6):
- if not os.path.exists("/etc/sysconfig/iptables"):
return True
- if ":on" not in chkconfig("--list","iptables").stdout:
return True
- else:
- if "Status: active" not in ufw.status().stdout: return
True
- if not os.path.exists("/etc/ufw/before.rules"): return
True
- rule = "-p tcp -m tcp --dport 16509 -j ACCEPT"
- if rule in iptablessave().stdout: return True
- return False
-
- def execute(self):
- ports = "22 1798 16509 16514".split()
- if distro in (Fedora , CentOS, RHEL6):
- for p in ports:
iptables("-I","INPUT","1","-p","tcp","--dport",p,'-j','ACCEPT')
- o = service.iptables.save() ; print(o.stdout + o.stderr)
- else:
- for p in ports: ufw.allow(p)
-
-
-class SetupFirewall2(ConfigTask):
- # this closes bug 4371
- name = "additional firewall setup"
- def __init__(self,brname):
- ConfigTask.__init__(self)
- self.brname = brname
-
- def done(self):
-
- if distro in (Fedora, CentOS, RHEL6):
- if not os.path.exists("/etc/sysconfig/iptables"):
return True
- if ":on" not in chkconfig("--list","iptables").stdout:
return True
- return False
- else:
- if "Status: active" not in ufw.status().stdout: return
True
- if not os.path.exists("/etc/ufw/before.rules"): return
True
- return False
-
- def execute(self):
-
- yield "Permitting traffic in the bridge interface, migration
port and for VNC ports"
-
- if distro in (Fedora , CentOS, RHEL6):
-
- for rule in (
- "-I INPUT 1 -p tcp --dport 5900:6100 -j ACCEPT",
- "-I INPUT 1 -p tcp --dport 49152:49216 -j
ACCEPT",
- ):
- args = rule.split()
- o = iptables(*args)
- service.iptables.save(stdout=None,stderr=None)
-
- else:
-
-
ufw.allow.proto.tcp("from","any","to","any","port","5900:6100")
-
ufw.allow.proto.tcp("from","any","to","any","port","49152:49216")
-
- stop_service("ufw")
- start_service("ufw")
-
-
-# Tasks according to distribution -- at some point we will split them in
separate modules
-
-def config_tasks(brname, pubNic, prvNic):
Review comment:
Removed unused code
##########
File path: packaging/suse/cloud-ipallocator.rc
##########
@@ -0,0 +1,96 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# chkconfig: 35 99 10
+# description: Cloud Agent
Review comment:
Was used in c8 packaging :D
##########
File path: packaging/suse/cloudstack-agent.te
##########
@@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module cloudstack-agent 1.0;
Review comment:
Was used in c8 packaging :D
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
