diff options
| -rwxr-xr-x | nova/network/linux_net.py | 20 | ||||
| -rw-r--r-- | nova/network/quantum/manager.py | 32 | ||||
| -rw-r--r-- | nova/network/quantum/melange_ipam_lib.py | 28 | ||||
| -rw-r--r-- | nova/network/quantum/nova_ipam_lib.py | 10 |
4 files changed, 70 insertions, 20 deletions
diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py index 520948624..1577628df 100755 --- a/nova/network/linux_net.py +++ b/nova/network/linux_net.py @@ -393,23 +393,25 @@ def metadata_accept(): iptables_manager.apply() -def init_host(): +def init_host(ip_range=None): """Basic networking setup goes here.""" # NOTE(devcamcar): Cloud public SNAT entries and the default # SNAT rule for outbound traffic. + if not ip_range: + ip_range = FLAGS.fixed_range iptables_manager.ipv4['nat'].add_rule('snat', '-s %s -j SNAT --to-source %s' % \ - (FLAGS.fixed_range, + (ip_range, FLAGS.routing_source_ip)) iptables_manager.ipv4['nat'].add_rule('POSTROUTING', '-s %s -d %s -j ACCEPT' % \ - (FLAGS.fixed_range, FLAGS.dmz_cidr)) + (ip_range, FLAGS.dmz_cidr)) iptables_manager.ipv4['nat'].add_rule('POSTROUTING', '-s %(range)s -d %(range)s ' '-j ACCEPT' % \ - {'range': FLAGS.fixed_range}) + {'range': ip_range}) iptables_manager.apply() @@ -1039,6 +1041,16 @@ class LinuxOVSInterfaceDriver(LinuxNetInterfaceDriver): _execute('ovs-ofctl', 'add-flow', bridge, "udp,tp_dst=67,dl_dst=%s,priority=2,actions=normal" % mac_address) + # .. and make sure iptbles won't forward it as well. + iptables_manager.ipv4['filter'].add_rule('FORWARD', + '--in-interface %s -j DROP' % bridge) + iptables_manager.ipv4['filter'].add_rule('FORWARD', + '--out-interface %s -j DROP' % bridge) + else: + iptables_manager.ipv4['filter'].add_rule('FORWARD', + '--in-interface %s -j ACCEPT' % bridge) + iptables_manager.ipv4['filter'].add_rule('FORWARD', + '--out-interface %s -j ACCEPT' % bridge) return dev diff --git a/nova/network/quantum/manager.py b/nova/network/quantum/manager.py index 418b6de71..76a4b653e 100644 --- a/nova/network/quantum/manager.py +++ b/nova/network/quantum/manager.py @@ -19,6 +19,7 @@ import time from netaddr import IPNetwork, IPAddress +from nova import context from nova import db from nova import exception from nova import flags @@ -55,10 +56,8 @@ class QuantumManager(manager.FlatManager): For IP Address management, QuantumManager can be configured to use either Nova's local DB or the Melange IPAM service. - Currently, the QuantumManager does NOT support any of the 'gateway' - functionality implemented by the Nova VlanManager, including: + Currently, the QuantumManager does NOT support: * floating IPs - * NAT gateway Support for these capabilities are targted for future releases. """ @@ -79,11 +78,30 @@ class QuantumManager(manager.FlatManager): self.ipam = utils.import_object(ipam_lib).get_ipam_lib(self) super(QuantumManager, self).__init__(*args, **kwargs) + + # Initialize forwarding rules for anything specified in + # FLAGS.fixed_range() self.driver.init_host() - # TODO(bgh): We'll need to enable these when we implement the full L3 - # functionalities - # self.driver.ensure_metadata_ip() - # self.driver.metadata_forward() + # Set up all the forwarding rules for any network that has a + # gateway set. + networks = self.get_all_networks() + for net in networks: + LOG.debug("Initializing network: %s (cidr: %s, gw: %s)" % ( + net['label'], net['cidr'], net['gateway'])) + if net['gateway']: + self.driver.init_host(net['cidr']) + self.driver.ensure_metadata_ip() + self.driver.metadata_forward() + + def get_all_networks(self): + networks = [] + admin_context = context.get_admin_context() + networks.extend(self.ipam.get_global_networks(admin_context)) + projects = db.project_get_all(admin_context) + for p in projects: + networks.extend(self.ipam.get_project_networks(admin_context, + project_id)) + return networks def create_networks(self, context, label, cidr, multi_host, num_networks, network_size, cidr_v6, gateway, gateway_v6, bridge, diff --git a/nova/network/quantum/melange_ipam_lib.py b/nova/network/quantum/melange_ipam_lib.py index 155384b53..45d482a21 100644 --- a/nova/network/quantum/melange_ipam_lib.py +++ b/nova/network/quantum/melange_ipam_lib.py @@ -113,6 +113,23 @@ class QuantumMelangeIPAMLib(object): network = db.network_get_by_uuid(admin_context, net_id) db.network_delete_safe(context, network['id']) + def get_networks_by_tenant(self, context, tenant_id): + nets = [] + admin_context = context.get_admin_context() + blocks = self.m_conn.get_blocks(tenant_id) + for ip_block in blocks['ip_blocks']: + network_id = ip_block['network_id'] + network = db.network_get_by_uuid(admin_context, network_id) + nets.append(network) + return nets + + def get_global_networks(self, context): + return self.get_networks_by_tenant(context, + FLAGS.quantum_default_tenant_id) + + def get_project_networks(self, context, project_id): + return self.get_networks_by_tenant(context, project_id) + def get_project_and_global_net_ids(self, context, project_id): """Fetches all networks associated with this project, or that are "global" (i.e., have no project set). @@ -128,13 +145,10 @@ class QuantumMelangeIPAMLib(object): # Decorate with priority priority_nets = [] for tenant_id in (project_id, FLAGS.quantum_default_tenant_id): - blocks = self.m_conn.get_blocks(tenant_id) - for ip_block in blocks['ip_blocks']: - network_id = ip_block['network_id'] - network = db.network_get_by_uuid(admin_context, network_id) - if network: - priority = network['priority'] - priority_nets.append((priority, network_id, tenant_id)) + nets = self.get_networks_by_tenant(tenant_id) + for network in nets: + priority = network['priority'] + priority_nets.append((priority, network_id, tenant_id)) # Sort by priority priority_nets.sort() diff --git a/nova/network/quantum/nova_ipam_lib.py b/nova/network/quantum/nova_ipam_lib.py index ded5bef58..9d25191da 100644 --- a/nova/network/quantum/nova_ipam_lib.py +++ b/nova/network/quantum/nova_ipam_lib.py @@ -97,14 +97,20 @@ class QuantumNovaIPAMLib(object): network['uuid'], require_disassociated=False) + def get_global_networks(self, admin_context): + return db.project_get_networks(admin_context, None, False) + + def get_project_networks(self, admin_context, project_id): + return db.project_get_networks(admin_context, project_id, False) + def get_project_and_global_net_ids(self, context, project_id): """Fetches all networks associated with this project, or that are "global" (i.e., have no project set). Returns list sorted by 'priority'. """ admin_context = context.elevated() - networks = db.project_get_networks(admin_context, project_id, False) - networks.extend(db.project_get_networks(admin_context, None, False)) + networks = self.get_project_networks(admin_context, project_id) + networks.extend(self.get_global_networks(admin_context)) id_priority_map = {} net_list = [] for n in networks: |