From 685bea1846032057cf5407e791a266c435dca15a Mon Sep 17 00:00:00 2001 From: Hisaharu Ishii Date: Tue, 18 Jan 2011 11:41:05 +0900 Subject: Fixed error message in get_my_linklocal --- nova/utils.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/nova/utils.py b/nova/utils.py index 6d3ddd092..5ceb0ec44 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -212,13 +212,11 @@ def get_my_linklocal(interface): if address[0] is not None: return address[0] else: + LOG.warn(_("Link Local address is not found.:%s") % if_str) return 'fe00::' - except IndexError as ex: + except Exception as ex: LOG.warn(_("Couldn't get Link Local IP of %s :%s"), interface, ex) - except ProcessExecutionError as ex: - LOG.warn(_("Couldn't get Link Local IP of %s :%s"), interface, ex) - except: - return 'fe00::' + return 'fe00::' def to_global_ipv6(prefix, mac): -- cgit From ba73128770b49998a26652ff9446e927a8e8e13d Mon Sep 17 00:00:00 2001 From: Nachi Ueno Date: Tue, 18 Jan 2011 20:04:16 +0900 Subject: Fixed apply_instance_filter is not implemented in NWFilterFirewall --- nova/virt/libvirt_conn.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index f38af5ed8..afe2284e7 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -98,7 +98,7 @@ flags.DEFINE_string('ajaxterm_portrange', '10000-12000', 'Range of ports that ajaxterm should randomly try to bind') flags.DEFINE_string('firewall_driver', - 'nova.virt.libvirt_conn.IptablesFirewallDriver', + None, 'Firewall driver (defaults to iptables)') @@ -936,6 +936,10 @@ class NWFilterFirewall(FirewallDriver): self.static_filters_configured = False self.handle_security_groups = False + def apply_instance_filter(self, instance): + """No-op. Everything is done in prepare_instance_filter""" + pass + def _get_connection(self): return self._libvirt_get_connection() _conn = property(_get_connection) -- cgit From 4190d539315c50c50edcb8f7866274fe3d95d9a1 Mon Sep 17 00:00:00 2001 From: Nachi Ueno Date: Wed, 19 Jan 2011 11:13:33 +0900 Subject: get_my_linklocal raises exception --- nova/utils.py | 10 +++++----- nova/virt/libvirt.xml.template | 6 ++++-- nova/virt/libvirt_conn.py | 26 ++++++++++++++++---------- 3 files changed, 25 insertions(+), 17 deletions(-) diff --git a/nova/utils.py b/nova/utils.py index 5ceb0ec44..108824143 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -206,17 +206,17 @@ def last_octet(address): def get_my_linklocal(interface): try: if_str = execute("ip -f inet6 -o addr show %s" % interface) - condition = "\s+inet6\s+([0-9a-f:]+/\d+)\s+scope\s+link" + condition = "\s+inet6\s+([0-9a-f:]+)/\d+\s+scope\s+link" links = [re.search(condition, x) for x in if_str[0].split('\n')] address = [w.group(1) for w in links if w is not None] if address[0] is not None: return address[0] else: - LOG.warn(_("Link Local address is not found.:%s") % if_str) - return 'fe00::' + raise exception.Error(_("Link Local address is not found.:%s") + % if_str) except Exception as ex: - LOG.warn(_("Couldn't get Link Local IP of %s :%s"), interface, ex) - return 'fe00::' + raise exception.Error(_("Couldn't get Link Local IP of %s :%s") + % (interface, ex)) def to_global_ipv6(prefix, mac): diff --git a/nova/virt/libvirt.xml.template b/nova/virt/libvirt.xml.template index de06a1eb0..3ec82e403 100644 --- a/nova/virt/libvirt.xml.template +++ b/nova/virt/libvirt.xml.template @@ -75,10 +75,12 @@ - - + #if $getVar('extra_params', False) ${extra_params} +#end if +#if $getVar('ra_server', False) + #end if diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index afe2284e7..4036d4f07 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -658,8 +658,7 @@ class LibvirtConnection(object): # Assume that the gateway also acts as the dhcp server. dhcp_server = network['gateway'] ra_server = network['ra_server'] - if not ra_server: - ra_server = 'fd00::' + if FLAGS.allow_project_net_traffic: if FLAGS.use_ipv6: net, mask = _get_net_and_mask(network['cidr']) @@ -698,11 +697,13 @@ class LibvirtConnection(object): 'mac_address': instance['mac_address'], 'ip_address': ip_address, 'dhcp_server': dhcp_server, - 'ra_server': ra_server, 'extra_params': extra_params, 'rescue': rescue, 'local': instance_type['local_gb'], 'driver_type': driver_type} + + if ra_server: + xml_info['ra_server'] = ra_server + "/128" if not rescue: if instance['kernel_id']: xml_info['kernel'] = xml_info['basepath'] + "/kernel" @@ -884,6 +885,11 @@ class FirewallDriver(object): the security group.""" raise NotImplementedError() + def _ra_server_for_instance(self, instance): + network = db.project_get_network(context.get_admin_context(), + instance['project_id']) + return network['ra_server'] + class NWFilterFirewall(FirewallDriver): """ @@ -1098,7 +1104,9 @@ class NWFilterFirewall(FirewallDriver): 'nova-base-ipv6', 'nova-allow-dhcp-server'] if FLAGS.use_ipv6: - instance_secgroup_filter_children += ['nova-allow-ra-server'] + ra_server = self._ra_server_for_instance(instance) + if ra_server: + instance_secgroup_filter_children += ['nova-allow-ra-server'] ctxt = context.get_admin_context() @@ -1275,8 +1283,9 @@ class IptablesFirewallDriver(FirewallDriver): elif(ip_version == 6): # Allow RA responses ra_server = self._ra_server_for_instance(instance) - our_rules += ['-A %s -s %s -p icmpv6' % - (chain_name, ra_server)] + if ra_server: + our_rules += ['-A %s -s %s -p icmpv6' % + (chain_name, ra_server + "/128")] # If nothing matches, jump to the fallback chain our_rules += ['-A %s -j nova-fallback' % (chain_name,)] @@ -1367,7 +1376,4 @@ class IptablesFirewallDriver(FirewallDriver): instance['project_id']) return network['gateway'] - def _ra_server_for_instance(self, instance): - network = db.project_get_network(context.get_admin_context(), - instance['project_id']) - return network['ra_server'] + -- cgit From 30ec3b18dbb24fe1a1cfa0e733c373edee49ca84 Mon Sep 17 00:00:00 2001 From: Nachi Ueno Date: Wed, 19 Jan 2011 12:45:07 +0900 Subject: Revert Firewalldriver --- nova/virt/libvirt_conn.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index 4036d4f07..55c193e20 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -98,7 +98,7 @@ flags.DEFINE_string('ajaxterm_portrange', '10000-12000', 'Range of ports that ajaxterm should randomly try to bind') flags.DEFINE_string('firewall_driver', - None, + 'nova.virt.libvirt_conn.IptablesFirewallDriver', 'Firewall driver (defaults to iptables)') -- cgit From 3294d3f98cb78b169656711c73547e1cf0527432 Mon Sep 17 00:00:00 2001 From: Hisaharu Ishii Date: Thu, 20 Jan 2011 19:54:05 +0900 Subject: When radvd is already running, not to hup, but to restart --- nova/network/linux_net.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py index d29e17603..c55fb66f4 100644 --- a/nova/network/linux_net.py +++ b/nova/network/linux_net.py @@ -298,10 +298,9 @@ interface %s % pid, check_exit_code=False) if conffile in out: try: - _execute('sudo kill -HUP %d' % pid) - return + _execute('sudo kill %d' % pid) except Exception as exc: # pylint: disable-msg=W0703 - LOG.debug(_("Hupping radvd threw %s"), exc) + LOG.debug(_("killing radvd threw %s"), exc) else: LOG.debug(_("Pid %d is stale, relaunching radvd"), pid) command = _ra_cmd(network_ref) -- cgit From a9bf56c7e4613c83646c109ce9e6452e0cd25d2d Mon Sep 17 00:00:00 2001 From: Hisaharu Ishii Date: Fri, 21 Jan 2011 20:30:29 +0900 Subject: Fixed for pep8 --- nova/virt/libvirt_conn.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index 8ad83731f..73291f7f5 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -1380,5 +1380,3 @@ class IptablesFirewallDriver(FirewallDriver): network = db.project_get_network(context.get_admin_context(), instance['project_id']) return network['gateway'] - - -- cgit From 0c77697789079cc1971c27cc4952d07c34e30ac7 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Tue, 25 Jan 2011 00:15:23 -0800 Subject: add ip and network to nwfilter test --- nova/tests/test_virt.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/nova/tests/test_virt.py b/nova/tests/test_virt.py index f6800e3d9..12fb01596 100644 --- a/nova/tests/test_virt.py +++ b/nova/tests/test_virt.py @@ -474,6 +474,19 @@ class NWFilterTestCase(test.TestCase): 'project_id': 'fake'}) inst_id = instance_ref['id'] + ip = '10.11.12.13' + + network_ref = db.project_get_network(self.context, + 'fake') + + fixed_ip = {'address': ip, + 'network_id': network_ref['id']} + + admin_ctxt = context.get_admin_context() + db.fixed_ip_create(admin_ctxt, fixed_ip) + db.fixed_ip_update(admin_ctxt, ip, {'allocated': True, + 'instance_id': instance_ref['id']}) + def _ensure_all_called(): instance_filter = 'nova-instance-%s' % instance_ref['name'] secgroup_filter = 'nova-secgroup-%s' % self.security_group['id'] -- cgit From d139d81d3facb440f5f9b040d05e5b380ebf2c68 Mon Sep 17 00:00:00 2001 From: Nachi Ueno Date: Wed, 26 Jan 2011 16:58:24 -0500 Subject: Changed method signature of create_network --- bin/nova-manage | 4 ++-- nova/network/manager.py | 6 +++++- nova/test.py | 3 ++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/bin/nova-manage b/bin/nova-manage index 1b70ebf17..7835ca551 100755 --- a/bin/nova-manage +++ b/bin/nova-manage @@ -495,9 +495,9 @@ class NetworkCommands(object): cidr=fixed_range, num_networks=int(num_networks), network_size=int(network_size), + cidr_v6=fixed_range_v6, vlan_start=int(vlan_start), - vpn_start=int(vpn_start), - cidr_v6=fixed_range_v6) + vpn_start=int(vpn_start)) class ServiceCommands(object): diff --git a/nova/network/manager.py b/nova/network/manager.py index fe99f2612..fbcbea131 100644 --- a/nova/network/manager.py +++ b/nova/network/manager.py @@ -428,6 +428,10 @@ class FlatDHCPManager(FlatManager): self.driver.ensure_bridge(network_ref['bridge'], FLAGS.flat_interface, network_ref) + if not FLAGS.fake_network: + self.driver.update_dhcp(context, network_id) + if(FLAGS.use_ipv6): + self.driver.update_ra(context, network_id) class VlanManager(NetworkManager): @@ -497,7 +501,7 @@ class VlanManager(NetworkManager): network_ref['bridge']) def create_networks(self, context, cidr, num_networks, network_size, - vlan_start, vpn_start, cidr_v6): + cidr_v6, vlan_start, vpn_start): """Create networks based on parameters.""" fixed_net = IPy.IP(cidr) fixed_net_v6 = IPy.IP(cidr_v6) diff --git a/nova/test.py b/nova/test.py index 881baccd5..a12cf9d32 100644 --- a/nova/test.py +++ b/nova/test.py @@ -69,9 +69,10 @@ class TestCase(unittest.TestCase): network_manager.VlanManager().create_networks(ctxt, FLAGS.fixed_range, 5, 16, + FLAGS.fixed_range_v6, FLAGS.vlan_start, FLAGS.vpn_start, - FLAGS.fixed_range_v6) + ) # emulate some of the mox stuff, we can't use the metaclass # because it screws with our generators -- cgit From 2d97fa1fc2d2e98188e0ebab4e67d3d74ab7b146 Mon Sep 17 00:00:00 2001 From: Hisaharu Ishii Date: Wed, 26 Jan 2011 19:44:13 +0900 Subject: Fix merge miss --- nova/virt/libvirt_conn.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index 0a0bbfb59..3562fbd6b 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -1310,8 +1310,8 @@ class IptablesFirewallDriver(FirewallDriver): # Allow RA responses ra_server = self._ra_server_for_instance(instance) if ra_server: - our_rules += ['-A %s -s %s -p icmpv6' % - (chain_name, ra_server + "/128")] + our_rules += ['-A %s -s %s -p icmpv6 -j ACCEPT' % + (chain_name, ra_server + "/128")] #Allow project network traffic if (FLAGS.allow_project_net_traffic): cidrv6 = self._project_cidrv6_for_instance(instance) -- cgit From 6273b2f95a905d98c217e98c1dbfc46b097b7533 Mon Sep 17 00:00:00 2001 From: Hisaharu Ishii Date: Wed, 26 Jan 2011 21:10:51 +0900 Subject: use 'ip addr change' --- nova/network/linux_net.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py index c55fb66f4..cdd1f666a 100644 --- a/nova/network/linux_net.py +++ b/nova/network/linux_net.py @@ -198,9 +198,9 @@ def ensure_bridge(bridge, interface, net_attrs=None): net_attrs['broadcast'], net_attrs['netmask'])) if(FLAGS.use_ipv6): - _execute("sudo ifconfig %s add %s up" % \ - (bridge, - net_attrs['cidr_v6'])) + _execute("sudo ip -f inet6 addr change %s dev %s" % + (net_attrs['cidr_v6'], bridge)) + _execute("sudo ifconfig %s up" % bridge) else: _execute("sudo ifconfig %s up" % bridge) if FLAGS.use_nova_chains: -- cgit