// podDownHandler cleans up after pod deleted.
func (a *Agent) podDownHandler(input interface{}, ctx common.RestContext) (interface{}, error) {
log.Trace(trace.Private, "Agent: Entering podDownHandler()")
netReq := input.(*NetworkRequest)
netif := netReq.NetIf
// We need new firewall instance here to use its Cleanup()
// to uninstall firewall rules related to the endpoint.
fw, err := firewall.NewFirewall(a.getFirewallType())
if err != nil {
return nil, err
}
err = fw.Init(a.Helper.Executor, a.store, a.networkConfig)
if err != nil {
return nil, err
}
err = fw.Cleanup(netif)
if err != nil {
return nil, err
}
// Spawn new thread to process the request
log.Infof("Agent: Got request for pod teardown %v\n", netReq)
return "OK", nil
}
// vmDownHandler handles HTTP requests for endpoints teardown.
func (a *Agent) vmDownHandler(input interface{}, ctx common.RestContext) (interface{}, error) {
log.Tracef(trace.Private, "In vmDownHandler() with %T %v", input, input)
netif := input.(*NetIf)
if netif.Name == "" {
// This is a request from OpenStack Mech driver who does not have a name,
// let's find it by mac.
err := a.store.findNetIf(netif)
if err != nil {
return nil, err
}
}
log.Infof("Agent: Provisioning DHCP for %s, IP %s Mac %s\n", netif.Name, netif.IP, netif.Mac)
if err := a.leaseFile.provisionLease(netif, leaseRemove); err != nil {
log.Error(agentError(err))
return "Error removing DHCP lease", agentError(err)
}
// We need new firewall instance here to use it's Cleanup()
// to uninstall firewall rules related to the endpoint.
fw, err := firewall.NewFirewall(a.getFirewallType())
if err != nil {
return nil, err
}
err = fw.Init(a.Helper.Executor, a.store, a.networkConfig)
if err != nil {
return nil, err
}
err = fw.Cleanup(netif)
if err != nil {
return nil, err
}
err = a.store.deleteNetIf(netif)
if err != nil {
return nil, err
}
return "OK", nil
}
// statusHandler reports operational statistics.
func (a *Agent) statusHandler(input interface{}, ctx common.RestContext) (interface{}, error) {
log.Trace(trace.Private, "Agent: Entering statusHandler()")
fw, err := firewall.NewFirewall(a.getFirewallType())
if err != nil {
return nil, err
}
err = fw.Init(a.Helper.Executor, a.store, a.networkConfig)
if err != nil {
return nil, err
}
rules, err := fw.ListRules()
if err != nil {
return nil, err
}
ifaces, err := a.store.listNetIfs()
if err != nil {
return nil, err
}
status := Status{Rules: rules, Interfaces: ifaces}
return status, nil
}
// vmUpHandlerAsync does a number of operations on given endpoint to ensure
// it's connected:
// 1. Ensures interface is ready
// 2. Checks if DHCP is running
// 3. Creates ip route pointing new interface
// 4. Provisions static DHCP lease for new interface
// 5. Provisions firewall rules
func (a *Agent) vmUpHandlerAsync(netif NetIf) error {
log.Trace(trace.Private, "Agent: Entering interfaceHandle()")
currentProvider := a.getFirewallType()
if !a.Helper.waitForIface(netif.Name) {
// TODO should we resubmit failed interface in queue for later
// retry ? ... considering oenstack will give up as well after
// timeout
return agentErrorString(fmt.Sprintf("Requested interface not available in time - %s", netif.Name))
}
// dhcpPid is only needed here for fail fast check
// will try to poll the pid again in provisionLease
log.Trace(trace.Inside, "Agent: Checking if DHCP is running")
_, err := a.Helper.DhcpPid()
if err != nil {
log.Error(agentError(err))
return agentError(err)
}
err = a.store.addNetIf(&netif)
if err != nil {
return agentError(err)
}
log.Infof("Agent: Creating endpoint routes - %s", netif.Name)
if err := a.Helper.ensureRouteToEndpoint(&netif); err != nil {
log.Error(agentError(err))
return agentError(err)
}
log.Infof("Agent: Provisioning DHCP - %s", netif.Name)
if err := a.leaseFile.provisionLease(&netif, leaseAdd); err != nil {
log.Error(agentError(err))
return agentError(err)
}
log.Infof("Agent: Provisioning firewall - %s", netif.Name)
fw, err := firewall.NewFirewall(currentProvider)
if err != nil {
return err
}
err = fw.Init(a.Helper.Executor, a.store, a.networkConfig)
if err != nil {
log.Error(agentError(err))
return agentError(err)
}
if err1 := fw.SetEndpoint(netif); err1 != nil {
log.Error(agentError(err1))
return agentError(err1)
}
var rules RuleSet
switch currentProvider {
case firewall.ShellexProvider:
rules = OpenStackShellRules
case firewall.IPTsaveProvider:
rules = OpenStackSaveRestoreRules
default:
err := fmt.Errorf("Unkown firewall provider in vmUpHandler")
log.Error(agentError(err))
return agentError(err)
}
if err := prepareFirewallRules(fw, a.networkConfig, rules, currentProvider); err != nil {
log.Error(agentError(err))
return agentError(err)
}
if err := fw.ProvisionEndpoint(); err != nil {
log.Error(agentError(err))
return agentError(err)
}
log.Trace(trace.Inside, "All good", netif)
return nil
}
// podUpHandlerAsync does a number of operations on given endpoint to ensure
// it's connected:
// 1. Ensures interface is ready
// 2. Creates ip route pointing new interface
// 3. Provisions firewall rules
func (a *Agent) podUpHandlerAsync(netReq NetworkRequest) error {
log.Trace(trace.Private, "Agent: Entering podUpHandlerAsync()")
currentProvider := a.getFirewallType()
netif := netReq.NetIf
if netif.Name == "" {
return agentErrorString("Agent: Interface name required")
}
if !a.Helper.waitForIface(netif.Name) {
// TODO should we resubmit failed interface in queue for later
// retry ? ... considering openstack will give up as well after
// timeout
msg := fmt.Sprintf("Requested interface not available in time - %s", netif.Name)
log.Warn("Agent: ", msg)
return agentErrorString(msg)
}
log.Infof("Agent: Creating endpoint routes - %s", netif.Name)
if err := a.Helper.ensureRouteToEndpoint(&netif); err != nil {
log.Error(agentError(err))
return agentError(err)
}
log.Infof("Agent: Provisioning firewall - %s", netif.Name)
fw, err := firewall.NewFirewall(currentProvider)
if err != nil {
return err
}
err = fw.Init(a.Helper.Executor, a.store, a.networkConfig)
if err != nil {
return err
}
if err1 := fw.SetEndpoint(netif); err1 != nil {
log.Error(agentError(err))
return agentError(err)
}
var rules RuleSet
switch currentProvider {
case firewall.ShellexProvider:
rules = KubeShellXRules
case firewall.IPTsaveProvider:
rules = KubeSaveRestoreRules
default:
err := fmt.Errorf("Unkown firewall provider in podUpHandler")
log.Error(agentError(err))
return agentError(err)
}
if err := prepareFirewallRules(fw, a.networkConfig, rules, currentProvider); err != nil {
log.Error(agentError(err))
return agentError(err)
}
if err := fw.ProvisionEndpoint(); err != nil {
log.Error(agentError(err))
return agentError(err)
}
log.Trace(trace.Inside, "Agent: All good", netif)
return nil
}