Add IPset cleanup script
This will aid in removing stale IPsets when we change the prefix used in creating IPset names. Change-Id: Ia9ff79c34bd4c9124ec8663a8f616ded4f389f62 Partial-Bug: #1444201
This commit is contained in:
parent
3c6ab9e360
commit
c384b13ae6
|
@ -0,0 +1,112 @@
|
|||
# Copyright (c) 2015 OpenStack Foundation.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
|
||||
from neutron.agent.linux import ipset_manager
|
||||
from neutron.agent.linux import utils
|
||||
from neutron.common import config
|
||||
from neutron.i18n import _LE, _LI
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def setup_conf():
|
||||
"""Setup the cfg for the clean up utility.
|
||||
|
||||
Use separate setup_conf for the utility because there are many options
|
||||
from the main config that do not apply during clean-up.
|
||||
"""
|
||||
|
||||
cli_opts = [
|
||||
cfg.BoolOpt('allsets',
|
||||
default=False,
|
||||
help=_('Destroy all IPsets.')),
|
||||
cfg.BoolOpt('force',
|
||||
default=False,
|
||||
help=_('Destroy IPsets even if there is an iptables '
|
||||
'reference.')),
|
||||
cfg.StrOpt('prefix',
|
||||
default=ipset_manager.NET_PREFIX,
|
||||
help=_('String prefix used to match IPset names.')),
|
||||
]
|
||||
|
||||
conf = cfg.CONF
|
||||
conf.register_cli_opts(cli_opts)
|
||||
return conf
|
||||
|
||||
|
||||
def remove_iptables_reference(ipset):
|
||||
# Remove any iptables reference to this IPset
|
||||
cmd = ['iptables-save'] if 'IPv4' in ipset else ['ip6tables-save']
|
||||
iptables_save = utils.execute(cmd, run_as_root=True)
|
||||
|
||||
if ipset in iptables_save:
|
||||
cmd = ['iptables'] if 'IPv4' in ipset else ['ip6tables']
|
||||
LOG.info(_LI("Removing iptables rule for IPset: %s"), ipset)
|
||||
for rule in iptables_save.splitlines():
|
||||
if '--match-set %s ' % ipset in rule and rule.startswith('-A'):
|
||||
# change to delete
|
||||
params = rule.split()
|
||||
params[0] = '-D'
|
||||
try:
|
||||
utils.execute(cmd + params, run_as_root=True)
|
||||
except Exception:
|
||||
LOG.exception(_LE('Error, unable to remove iptables rule '
|
||||
'for IPset: %s'), ipset)
|
||||
|
||||
|
||||
def destroy_ipset(conf, ipset):
|
||||
# If there is an iptables reference and we don't remove it, the
|
||||
# IPset removal will fail below
|
||||
if conf.force:
|
||||
remove_iptables_reference(ipset)
|
||||
|
||||
LOG.info(_LI("Destroying IPset: %s"), ipset)
|
||||
cmd = ['ipset', 'destroy', ipset]
|
||||
try:
|
||||
utils.execute(cmd, run_as_root=True)
|
||||
except Exception:
|
||||
LOG.exception(_LE('Error, unable to destroy IPset: %s'), ipset)
|
||||
|
||||
|
||||
def cleanup_ipsets(conf):
|
||||
# Identify ipsets for destruction.
|
||||
LOG.info(_LI("Destroying IPsets with prefix: %s"), conf.prefix)
|
||||
|
||||
cmd = ['ipset', '-L', '-n']
|
||||
ipsets = utils.execute(cmd, run_as_root=True)
|
||||
for ipset in ipsets.split('\n'):
|
||||
if conf.allsets or ipset.startswith(conf.prefix):
|
||||
destroy_ipset(conf, ipset)
|
||||
|
||||
LOG.info(_LI("IPset cleanup completed successfully"))
|
||||
|
||||
|
||||
def main():
|
||||
"""Main method for cleaning up IPsets.
|
||||
|
||||
The utility is designed to clean-up after the forced or unexpected
|
||||
termination of Neutron agents.
|
||||
|
||||
The --allsets flag should only be used as part of the cleanup of a devstack
|
||||
installation as it will blindly destroy all IPsets.
|
||||
"""
|
||||
conf = setup_conf()
|
||||
conf()
|
||||
config.setup_logging()
|
||||
cleanup_ipsets(conf)
|
|
@ -92,6 +92,7 @@ console_scripts =
|
|||
neutron-hyperv-agent = neutron.cmd.eventlet.plugins.hyperv_neutron_agent:main
|
||||
neutron-keepalived-state-change = neutron.cmd.keepalived_state_change:main
|
||||
neutron-ibm-agent = neutron.plugins.ibm.agent.sdnve_neutron_agent:main
|
||||
neutron-ipset-cleanup = neutron.cmd.ipset_cleanup:main
|
||||
neutron-l3-agent = neutron.cmd.eventlet.agents.l3:main
|
||||
neutron-linuxbridge-agent = neutron.plugins.linuxbridge.agent.linuxbridge_neutron_agent:main
|
||||
neutron-metadata-agent = neutron.cmd.eventlet.agents.metadata:main
|
||||
|
|
Loading…
Reference in New Issue