openstack
/
nova
Code Issues Proposed changes

Merge "Move interface enabling to privsep."

This commit is contained in:
Zuul 2019-01-25 12:32:49 +00:00 committed by Gerrit Code Review
parent 9419c3e054 07403a490b
commit 0a50198158
9 changed files with 59 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nova/network/linux_net.py
View File

@ -1236,8 +1236,7 @@ def create_fp_dev(dev, sockpath, sockmode):
utils.execute('fp-vdev', 'add', dev, '--sockpath', sockpath,
'--sockmode', sockmode, run_as_root=True)
nova.privsep.linux_net.set_device_mtu(dev)
utils.execute('ip', 'link', 'set', dev, 'up', run_as_root=True,
check_exit_code=[0, 2, 254])
nova.privsep.linux_net.set_device_enabled(dev)
def delete_fp_dev(dev):
@ -1386,8 +1385,7 @@ class LinuxBridgeInterfaceDriver(LinuxNetInterfaceDriver):
_execute('ip', 'link', 'set', interface, 'address',
mac_address, run_as_root=True,
check_exit_code=[0, 2, 254])
_execute('ip', 'link', 'set', interface, 'up', run_as_root=True,
check_exit_code=[0, 2, 254])
nova.privsep.linux_net.set_device_enabled(interface)
# NOTE(vish): set mtu every time to ensure that changes to mtu get
# propagated
nova.privsep.linux_net.set_device_mtu(interface, mtu)
@ -1430,7 +1428,7 @@ class LinuxBridgeInterfaceDriver(LinuxNetInterfaceDriver):
_execute('brctl', 'setfd', bridge, 0, run_as_root=True)
# _execute('brctl setageing %s 10' % bridge, run_as_root=True)
_execute('brctl', 'stp', bridge, 'off', run_as_root=True)
_execute('ip', 'link', 'set', bridge, 'up', run_as_root=True)
nova.privsep.linux_net.set_device_enabled(bridge)
if interface:
LOG.debug('Adding interface %(interface)s to bridge %(bridge)s',
@ -1454,8 +1452,7 @@ class LinuxBridgeInterfaceDriver(LinuxNetInterfaceDriver):
_execute('ip', 'link', 'set', bridge, 'address', interface_mac,
run_as_root=True)
out, err = _execute('ip', 'link', 'set', interface, 'up',
check_exit_code=False, run_as_root=True)
nova.privsep.linux_net.set_device_enabled(interface)
# NOTE(vish): This will break if there is already an ip on the
# interface, so we move any ips to the bridge
@ -1671,7 +1668,7 @@ class LinuxOVSInterfaceDriver(LinuxNetInterfaceDriver):
_execute('ip', 'link', 'set', dev, 'address', mac_address,
run_as_root=True)
nova.privsep.linux_net.set_device_mtu(dev, network.get('mtu'))
_execute('ip', 'link', 'set', dev, 'up', run_as_root=True)
nova.privsep.linux_net.set_device_enabled(dev)
if not gateway:
# If we weren't instructed to act as a gateway then add the
# appropriate flows to block all non-dhcp traffic.

3
nova/network/linux_utils.py
View File

@ -49,8 +49,7 @@ def create_tap_dev(dev, mac_address=None, multiqueue=False):
if mac_address:
utils.execute('ip', 'link', 'set', dev, 'address', mac_address,
run_as_root=True, check_exit_code=[0, 2, 254])
utils.execute('ip', 'link', 'set', dev, 'up', run_as_root=True,
check_exit_code=[0, 2, 254])
nova.privsep.linux_net.set_device_enabled(dev)
def set_vf_interface_vlan(pci_addr, mac_addr, vlan=0):

6
nova/privsep/linux_net.py
View File

@ -85,6 +85,12 @@ def _set_device_mtu_inner(dev, mtu):
mtu, check_exit_code=[0, 2, 254])
@nova.privsep.sys_admin_pctxt.entrypoint
def set_device_enabled(dev):
processutils.execute('ip', 'link', 'set', dev, 'up',
check_exit_code=[0, 2, 254])
@nova.privsep.sys_admin_pctxt.entrypoint
def create_veth_pair(dev1_name, dev2_name, mtu=None):
"""Create a pair of veth devices with the specified names,

1
nova/tests/functional/api_sample_tests/api_sample_base.py
View File

@ -125,6 +125,7 @@ class ApiSampleTestBaseV21(testscenarios.WithScenarios,
return '', ''
self.stub_out('nova.privsep.linux_net.add_bridge', fake_noop)
self.stub_out('nova.privsep.linux_net.set_device_mtu', fake_noop)
self.stub_out('nova.privsep.linux_net.set_device_enabled', fake_noop)
def _setup_services(self):
pass

24
nova/tests/unit/network/test_linux_net.py
View File

@ -591,7 +591,9 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
@mock.patch.object(linux_net.iptables_manager.ipv4['filter'], 'add_rule')
@mock.patch('nova.privsep.linux_net.add_bridge',
return_value=('', ''))
def test_linux_bridge_driver_plug(self, mock_add_bridge, mock_add_rule):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_linux_bridge_driver_plug(self, mock_enabled, mock_add_bridge,
mock_add_rule):
"""Makes sure plug doesn't drop FORWARD by default.
Ensures bug 890195 doesn't reappear.
@ -1131,8 +1133,6 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
run_as_root=True, check_exit_code=False),
mock.call('ip', 'link', 'set', 'bridge', 'address', fake_mac,
run_as_root=True),
mock.call('ip', 'link', 'set', 'eth0', 'up',
run_as_root=True, check_exit_code=False),
mock.call('ip', 'route', 'show', 'dev', 'eth0'),
mock.call('ip', 'addr', 'show', 'dev', 'eth0', 'scope',
'global'),
@ -1141,15 +1141,17 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
with test.nested(
mock.patch('nova.privsep.linux_net.device_exists',
return_value=True),
mock.patch('nova.privsep.linux_net.set_device_enabled'),
mock.patch.object(linux_net, '_execute', return_value=('', '')),
mock.patch.object(netifaces, 'ifaddresses')
) as (device_exists, _execute, ifaddresses):
) as (device_exists, device_enabled, _execute, ifaddresses):
ifaddresses.return_value = fake_ifaces
driver = linux_net.LinuxBridgeInterfaceDriver()
driver.ensure_bridge('bridge', 'eth0')
device_exists.assert_has_calls(calls['device_exists'])
_execute.assert_has_calls(calls['_execute'])
ifaddresses.assert_called_once_with('eth0')
device_enabled.assert_called_once_with('eth0')
def test_ensure_bridge_brclt_addif_exception(self):
def fake_execute(*cmd, **kwargs):
@ -1168,7 +1170,8 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
driver.ensure_bridge, 'bridge', 'eth0')
device_exists.assert_called_once_with('bridge')
def test_ensure_bridge_brclt_addbr_neutron_race(self):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_ensure_bridge_brclt_addbr_neutron_race(self, mock_enabled):
def fake_execute(*cmd, **kwargs):
if ('brctl', 'addbr', 'brq1234567-89') == cmd:
return ('', "device brq1234567-89 already exists; "
@ -1281,8 +1284,9 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
@mock.patch.object(linux_net, '_execute')
@mock.patch('nova.privsep.linux_net.device_exists', return_value=False)
@mock.patch('nova.privsep.linux_net.set_device_mtu')
def test_ensure_vlan(self, mock_set_device_mtu, mock_device_exists,
mock_execute):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_ensure_vlan(self, mock_set_enabled, mock_set_device_mtu,
mock_device_exists, mock_execute):
interface = linux_net.LinuxBridgeInterfaceDriver.ensure_vlan(
1, 'eth0', 'MAC', 'MTU', "vlan_name")
self.assertEqual("vlan_name", interface)
@ -1293,11 +1297,11 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
'type', 'vlan', 'id', 1, check_exit_code=[0, 2, 254],
run_as_root=True),
mock.call('ip', 'link', 'set', 'vlan_name', 'address', 'MAC',
check_exit_code=[0, 2, 254], run_as_root=True),
mock.call('ip', 'link', 'set', 'vlan_name', 'up',
check_exit_code=[0, 2, 254], run_as_root=True)]
check_exit_code=[0, 2, 254], run_as_root=True)
]
self.assertEqual(expected_execute_args, mock_execute.mock_calls)
mock_set_device_mtu.assert_called_once_with('vlan_name', 'MTU')
mock_set_enabled.assert_called_once_with('vlan_name')
@mock.patch.object(linux_net, '_execute')
@mock.patch('nova.privsep.linux_net.device_exists', return_value=True)

16
nova/tests/unit/network/test_manager.py
View File

@ -936,7 +936,8 @@ class VlanNetworkTestCase(test.TestCase):
self.network.quotas_cls)
@mock.patch('nova.privsep.linux_net.add_bridge', return_value=('', ''))
def test_vpn_allocate_fixed_ip(self, mock_add_bridge):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_vpn_allocate_fixed_ip(self, mock_enabled, mock_add_bridge):
self.mox.StubOutWithMock(db, 'fixed_ip_associate')
self.mox.StubOutWithMock(db, 'fixed_ip_update')
self.mox.StubOutWithMock(db,
@ -970,7 +971,8 @@ class VlanNetworkTestCase(test.TestCase):
vpn=True)
@mock.patch('nova.privsep.linux_net.add_bridge', return_value=('', ''))
def test_allocate_fixed_ip(self, mock_add_bridge):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_allocate_fixed_ip(self, mock_enabled, mock_add_bridge):
self.stubs.Set(self.network,
'_do_trigger_security_group_members_refresh_for_instance',
lambda *a, **kw: None)
@ -1688,8 +1690,9 @@ class VlanNetworkTestCase(test.TestCase):
mox.IgnoreArg())
@mock.patch('nova.privsep.linux_net.add_bridge', return_value=('', ''))
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_add_fixed_ip_instance_without_vpn_requested_networks(
self, mock_add_bridge):
self, mock_enabled, mock_add_bridge):
self.stubs.Set(self.network,
'_do_trigger_security_group_members_refresh_for_instance',
lambda *a, **kw: None)
@ -2835,7 +2838,9 @@ class AllocateTestCase(test.TestCase):
@mock.patch('nova.privsep.linux_net.add_bridge', return_value=('', ''))
@mock.patch('nova.privsep.linux_net.set_device_mtu')
def test_allocate_for_instance(self, mock_set_mtu, mock_add_bridge):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_allocate_for_instance(self, mock_set_enabeld, mock_set_mtu,
mock_add_bridge):
address = "10.10.10.10"
self.flags(auto_assign_floating_ip=True)
@ -2901,7 +2906,8 @@ class AllocateTestCase(test.TestCase):
@mock.patch('nova.privsep.linux_net.add_bridge', return_value=('', ''))
@mock.patch('nova.privsep.linux_net.set_device_mtu')
def test_allocate_for_instance_with_mac(self, mock_set_mtu,
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_allocate_for_instance_with_mac(self, mock_enabled, mock_set_mtu,
mock_add_bridge):
available_macs = set(['ca:fe:de:ad:be:ef'])
inst = db.instance_create(self.context, {'host': HOST,

27
nova/tests/unit/network/test_utils.py
View File

@ -24,15 +24,15 @@ from nova import test
class NetUtilsTestCase(test.NoDBTestCase):
@mock.patch('nova.utils.execute')
def test_create_tap_dev(self, mock_execute):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_create_tap_dev(self, mock_enabled, mock_execute):
net_utils.create_tap_dev('tap42')
mock_execute.assert_has_calls([
mock.call('ip', 'tuntap', 'add', 'tap42', 'mode', 'tap',
run_as_root=True, check_exit_code=[0, 2, 254]),
mock.call('ip', 'link', 'set', 'tap42', 'up',
run_as_root=True, check_exit_code=[0, 2, 254])
])
mock_enabled.assert_called_once_with('tap42')
@mock.patch('os.path.exists', return_value=True)
@mock.patch('nova.utils.execute')
@ -43,7 +43,8 @@ class NetUtilsTestCase(test.NoDBTestCase):
mock_execute.assert_not_called()
@mock.patch('nova.utils.execute')
def test_create_tap_dev_mac(self, mock_execute):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_create_tap_dev_mac(self, mock_enabled, mock_execute):
net_utils.create_tap_dev('tap42', '00:11:22:33:44:55')
mock_execute.assert_has_calls([
@ -51,13 +52,14 @@ class NetUtilsTestCase(test.NoDBTestCase):
run_as_root=True, check_exit_code=[0, 2, 254]),
mock.call('ip', 'link', 'set', 'tap42',
'address', '00:11:22:33:44:55',
run_as_root=True, check_exit_code=[0, 2, 254]),
mock.call('ip', 'link', 'set', 'tap42', 'up',
run_as_root=True, check_exit_code=[0, 2, 254])
])
mock_enabled.assert_called_once_with('tap42')
@mock.patch('nova.utils.execute')
def test_create_tap_dev_fallback_to_tunctl(self, mock_execute):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_create_tap_dev_fallback_to_tunctl(self, mock_enabled,
mock_execute):
# ip failed, fall back to tunctl
mock_execute.side_effect = [processutils.ProcessExecutionError, 0, 0]
@ -67,22 +69,21 @@ class NetUtilsTestCase(test.NoDBTestCase):
mock.call('ip', 'tuntap', 'add', 'tap42', 'mode', 'tap',
run_as_root=True, check_exit_code=[0, 2, 254]),
mock.call('tunctl', '-b', '-t', 'tap42',
run_as_root=True),
mock.call('ip', 'link', 'set', 'tap42', 'up',
run_as_root=True, check_exit_code=[0, 2, 254])
run_as_root=True)
])
mock_enabled.assert_called_once_with('tap42')
@mock.patch('nova.utils.execute')
def test_create_tap_dev_multiqueue(self, mock_execute):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_create_tap_dev_multiqueue(self, mock_enabled, mock_execute):
net_utils.create_tap_dev('tap42', multiqueue=True)
mock_execute.assert_has_calls([
mock.call('ip', 'tuntap', 'add', 'tap42', 'mode', 'tap',
'multi_queue',
run_as_root=True, check_exit_code=[0, 2, 254]),
mock.call('ip', 'link', 'set', 'tap42', 'up',
run_as_root=True, check_exit_code=[0, 2, 254])
])
mock_enabled.assert_called_once_with('tap42')
@mock.patch('nova.utils.execute')
def test_create_tap_dev_multiqueue_tunctl_raises(self, mock_execute):

8
nova/tests/unit/virt/libvirt/test_vif.py
View File

@ -1019,7 +1019,8 @@ class LibvirtVifTestCase(test.NoDBTestCase):
mock_unplug_contrail.assert_called_once_with(self.vif_vrouter['id'])
@mock.patch('nova.privsep.libvirt.plug_contrail_vif')
def test_plug_vrouter_with_details(self, mock_plug_contrail):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_plug_vrouter_with_details(self, mock_enabled, mock_plug_contrail):
d = vif.LibvirtGenericVIFDriver()
instance = mock.Mock()
instance.name = 'instance-name'
@ -1031,14 +1032,13 @@ class LibvirtVifTestCase(test.NoDBTestCase):
d.plug(instance, self.vif_vrouter)
execute.assert_has_calls([
mock.call('ip', 'tuntap', 'add', 'tap-xxx-yyy-zzz', 'mode',
'tap', run_as_root=True, check_exit_code=[0, 2, 254]),
mock.call('ip', 'link', 'set', 'tap-xxx-yyy-zzz', 'up',
run_as_root=True, check_exit_code=[0, 2, 254])])
'tap', run_as_root=True, check_exit_code=[0, 2, 254])])
mock_plug_contrail.called_once_with(
instance.project_id, instance.uuid, instance.display_name,
self.vif_vrouter['id'], self.vif_vrouter['network']['id'],
'NovaVMPort', self.vif_vrouter['devname'],
self.vif_vrouter['address'], '0.0.0.0', None)
mock_enabled.assert_called_once_with('tap-xxx-yyy-zzz')
@mock.patch('nova.network.linux_utils.create_tap_dev')
@mock.patch('nova.privsep.libvirt.plug_contrail_vif')

5
nova/tests/unit/virt/xenapi/test_xenapi.py
View File

@ -1137,8 +1137,9 @@ class XenAPIVMTestCase(stubs.XenAPITestBase,
@mock.patch.object(vmops.VMOps, '_create_vifs')
@mock.patch('nova.privsep.linux_net.add_bridge', return_value=('', ''))
@mock.patch('nova.privsep.linux_net.set_device_mtu')
def test_spawn_vlanmanager(self, mock_set_mtu, mock_add_bridge,
mock_create_vifs):
@mock.patch('nova.privsep.linux_net.set_device_enabled')
def test_spawn_vlanmanager(self, mock_set_enabled, mock_set_mtu,
mock_add_bridge, mock_create_vifs):
self.flags(network_manager='nova.network.manager.VlanManager',
vlan_interface='fake0')
# Reset network table