Example #1
0
// podDownHandler cleans up after pod deleted.
func (a *Agent) podDownHandler(input interface{}, ctx common.RestContext) (interface{}, error) {
	log.Trace(trace.Private, "Agent: Entering podDownHandler()")
	netReq := input.(*NetworkRequest)
	netif := netReq.NetIf

	// We need new firewall instance here to use its Cleanup()
	// to uninstall firewall rules related to the endpoint.
	fw, err := firewall.NewFirewall(a.getFirewallType())
	if err != nil {
		return nil, err
	}

	err = fw.Init(a.Helper.Executor, a.store, a.networkConfig)
	if err != nil {
		return nil, err
	}

	err = fw.Cleanup(netif)
	if err != nil {
		return nil, err
	}

	// Spawn new thread to process the request
	log.Infof("Agent: Got request for pod teardown %v\n", netReq)

	return "OK", nil
}
Example #2
0
// vmDownHandler handles HTTP requests for endpoints teardown.
func (a *Agent) vmDownHandler(input interface{}, ctx common.RestContext) (interface{}, error) {
	log.Tracef(trace.Private, "In vmDownHandler() with %T %v", input, input)
	netif := input.(*NetIf)
	if netif.Name == "" {
		// This is a request from OpenStack Mech driver who does not have a name,
		// let's find it by mac.
		err := a.store.findNetIf(netif)
		if err != nil {
			return nil, err
		}
	}
	log.Infof("Agent: Provisioning DHCP for %s, IP %s Mac %s\n", netif.Name, netif.IP, netif.Mac)

	if err := a.leaseFile.provisionLease(netif, leaseRemove); err != nil {
		log.Error(agentError(err))
		return "Error removing DHCP lease", agentError(err)
	}

	// We need new firewall instance here to use it's Cleanup()
	// to uninstall firewall rules related to the endpoint.
	fw, err := firewall.NewFirewall(a.getFirewallType())
	if err != nil {
		return nil, err
	}

	err = fw.Init(a.Helper.Executor, a.store, a.networkConfig)
	if err != nil {
		return nil, err
	}

	err = fw.Cleanup(netif)
	if err != nil {
		return nil, err
	}
	err = a.store.deleteNetIf(netif)
	if err != nil {
		return nil, err
	}
	return "OK", nil
}
Example #3
0
// statusHandler reports operational statistics.
func (a *Agent) statusHandler(input interface{}, ctx common.RestContext) (interface{}, error) {
	log.Trace(trace.Private, "Agent: Entering statusHandler()")
	fw, err := firewall.NewFirewall(a.getFirewallType())
	if err != nil {
		return nil, err
	}

	err = fw.Init(a.Helper.Executor, a.store, a.networkConfig)
	if err != nil {
		return nil, err
	}

	rules, err := fw.ListRules()
	if err != nil {
		return nil, err
	}
	ifaces, err := a.store.listNetIfs()
	if err != nil {
		return nil, err
	}
	status := Status{Rules: rules, Interfaces: ifaces}
	return status, nil
}
Example #4
0
// vmUpHandlerAsync does a number of operations on given endpoint to ensure
// it's connected:
// 1. Ensures interface is ready
// 2. Checks if DHCP is running
// 3. Creates ip route pointing new interface
// 4. Provisions static DHCP lease for new interface
// 5. Provisions firewall rules
func (a *Agent) vmUpHandlerAsync(netif NetIf) error {
	log.Trace(trace.Private, "Agent: Entering interfaceHandle()")
	currentProvider := a.getFirewallType()

	if !a.Helper.waitForIface(netif.Name) {
		// TODO should we resubmit failed interface in queue for later
		// retry ? ... considering oenstack will give up as well after
		// timeout
		return agentErrorString(fmt.Sprintf("Requested interface not available in time - %s", netif.Name))
	}

	// dhcpPid is only needed here for fail fast check
	// will try to poll the pid again in provisionLease
	log.Trace(trace.Inside, "Agent: Checking if DHCP is running")
	_, err := a.Helper.DhcpPid()
	if err != nil {
		log.Error(agentError(err))
		return agentError(err)
	}
	err = a.store.addNetIf(&netif)
	if err != nil {
		return agentError(err)
	}
	log.Infof("Agent: Creating endpoint routes - %s", netif.Name)
	if err := a.Helper.ensureRouteToEndpoint(&netif); err != nil {
		log.Error(agentError(err))
		return agentError(err)
	}
	log.Infof("Agent: Provisioning DHCP - %s", netif.Name)
	if err := a.leaseFile.provisionLease(&netif, leaseAdd); err != nil {
		log.Error(agentError(err))
		return agentError(err)
	}

	log.Infof("Agent: Provisioning firewall - %s", netif.Name)
	fw, err := firewall.NewFirewall(currentProvider)
	if err != nil {
		return err
	}

	err = fw.Init(a.Helper.Executor, a.store, a.networkConfig)
	if err != nil {
		log.Error(agentError(err))
		return agentError(err)
	}

	if err1 := fw.SetEndpoint(netif); err1 != nil {
		log.Error(agentError(err1))
		return agentError(err1)
	}

	var rules RuleSet
	switch currentProvider {
	case firewall.ShellexProvider:
		rules = OpenStackShellRules
	case firewall.IPTsaveProvider:
		rules = OpenStackSaveRestoreRules
	default:
		err := fmt.Errorf("Unkown firewall provider in vmUpHandler")
		log.Error(agentError(err))
		return agentError(err)
	}

	if err := prepareFirewallRules(fw, a.networkConfig, rules, currentProvider); err != nil {
		log.Error(agentError(err))
		return agentError(err)
	}

	if err := fw.ProvisionEndpoint(); err != nil {
		log.Error(agentError(err))
		return agentError(err)
	}

	log.Trace(trace.Inside, "All good", netif)
	return nil
}
Example #5
0
// podUpHandlerAsync does a number of operations on given endpoint to ensure
// it's connected:
// 1. Ensures interface is ready
// 2. Creates ip route pointing new interface
// 3. Provisions firewall rules
func (a *Agent) podUpHandlerAsync(netReq NetworkRequest) error {
	log.Trace(trace.Private, "Agent: Entering podUpHandlerAsync()")
	currentProvider := a.getFirewallType()

	netif := netReq.NetIf
	if netif.Name == "" {
		return agentErrorString("Agent: Interface name required")
	}
	if !a.Helper.waitForIface(netif.Name) {
		// TODO should we resubmit failed interface in queue for later
		// retry ? ... considering openstack will give up as well after
		// timeout
		msg := fmt.Sprintf("Requested interface not available in time - %s", netif.Name)
		log.Warn("Agent: ", msg)
		return agentErrorString(msg)
	}
	log.Infof("Agent: Creating endpoint routes - %s", netif.Name)
	if err := a.Helper.ensureRouteToEndpoint(&netif); err != nil {
		log.Error(agentError(err))
		return agentError(err)
	}

	log.Infof("Agent: Provisioning firewall - %s", netif.Name)
	fw, err := firewall.NewFirewall(currentProvider)
	if err != nil {
		return err
	}

	err = fw.Init(a.Helper.Executor, a.store, a.networkConfig)
	if err != nil {
		return err
	}

	if err1 := fw.SetEndpoint(netif); err1 != nil {
		log.Error(agentError(err))
		return agentError(err)
	}

	var rules RuleSet
	switch currentProvider {
	case firewall.ShellexProvider:
		rules = KubeShellXRules
	case firewall.IPTsaveProvider:
		rules = KubeSaveRestoreRules
	default:
		err := fmt.Errorf("Unkown firewall provider in podUpHandler")
		log.Error(agentError(err))
		return agentError(err)
	}

	if err := prepareFirewallRules(fw, a.networkConfig, rules, currentProvider); err != nil {
		log.Error(agentError(err))
		return agentError(err)
	}

	if err := fw.ProvisionEndpoint(); err != nil {
		log.Error(agentError(err))
		return agentError(err)
	}

	log.Trace(trace.Inside, "Agent: All good", netif)
	return nil
}