OpenStack Networking (Neutron)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1024 lines
39KB

  1. # Copyright 2012 OpenStack Foundation
  2. # All Rights Reserved.
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  5. # not use this file except in compliance with the License. You may obtain
  6. # a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13. # License for the specific language governing permissions and limitations
  14. # under the License.
  15. import abc
  16. import collections
  17. import os
  18. import re
  19. import shutil
  20. import socket
  21. import sys
  22. import netaddr
  23. from oslo.config import cfg
  24. import six
  25. from neutron.agent.linux import ip_lib
  26. from neutron.agent.linux import utils
  27. from neutron.common import constants
  28. from neutron.common import exceptions
  29. from neutron.common import utils as commonutils
  30. from neutron.openstack.common import importutils
  31. from neutron.openstack.common import jsonutils
  32. from neutron.openstack.common import log as logging
  33. from neutron.openstack.common import uuidutils
  34. LOG = logging.getLogger(__name__)
  35. OPTS = [
  36. cfg.StrOpt('dhcp_confs',
  37. default='$state_path/dhcp',
  38. help=_('Location to store DHCP server config files')),
  39. cfg.StrOpt('dhcp_domain',
  40. default='openstacklocal',
  41. help=_('Domain to use for building the hostnames')),
  42. cfg.StrOpt('dnsmasq_config_file',
  43. default='',
  44. help=_('Override the default dnsmasq settings with this file')),
  45. cfg.ListOpt('dnsmasq_dns_servers',
  46. help=_('Comma-separated list of the DNS servers which will be '
  47. 'used as forwarders.'),
  48. deprecated_name='dnsmasq_dns_server'),
  49. cfg.BoolOpt('dhcp_delete_namespaces', default=False,
  50. help=_("Delete namespace after removing a dhcp server.")),
  51. cfg.IntOpt(
  52. 'dnsmasq_lease_max',
  53. default=(2 ** 24),
  54. help=_('Limit number of leases to prevent a denial-of-service.')),
  55. ]
  56. IPV4 = 4
  57. IPV6 = 6
  58. UDP = 'udp'
  59. TCP = 'tcp'
  60. DNS_PORT = 53
  61. DHCPV4_PORT = 67
  62. DHCPV6_PORT = 547
  63. METADATA_DEFAULT_PREFIX = 16
  64. METADATA_DEFAULT_IP = '169.254.169.254'
  65. METADATA_DEFAULT_CIDR = '%s/%d' % (METADATA_DEFAULT_IP,
  66. METADATA_DEFAULT_PREFIX)
  67. METADATA_PORT = 80
  68. WIN2k3_STATIC_DNS = 249
  69. NS_PREFIX = 'qdhcp-'
  70. class DictModel(dict):
  71. """Convert dict into an object that provides attribute access to values."""
  72. def __init__(self, *args, **kwargs):
  73. """Convert dict values to DictModel values."""
  74. super(DictModel, self).__init__(*args, **kwargs)
  75. def needs_upgrade(item):
  76. """Check if `item` is a dict and needs to be changed to DictModel.
  77. """
  78. return isinstance(item, dict) and not isinstance(item, DictModel)
  79. def upgrade(item):
  80. """Upgrade item if it needs to be upgraded."""
  81. if needs_upgrade(item):
  82. return DictModel(item)
  83. else:
  84. return item
  85. for key, value in self.iteritems():
  86. if isinstance(value, (list, tuple)):
  87. # Keep the same type but convert dicts to DictModels
  88. self[key] = type(value)(
  89. (upgrade(item) for item in value)
  90. )
  91. elif needs_upgrade(value):
  92. # Change dict instance values to DictModel instance values
  93. self[key] = DictModel(value)
  94. def __getattr__(self, name):
  95. try:
  96. return self[name]
  97. except KeyError as e:
  98. raise AttributeError(e)
  99. def __setattr__(self, name, value):
  100. self[name] = value
  101. def __delattr__(self, name):
  102. del self[name]
  103. class NetModel(DictModel):
  104. def __init__(self, use_namespaces, d):
  105. super(NetModel, self).__init__(d)
  106. self._ns_name = (use_namespaces and
  107. "%s%s" % (NS_PREFIX, self.id) or None)
  108. @property
  109. def namespace(self):
  110. return self._ns_name
  111. @six.add_metaclass(abc.ABCMeta)
  112. class DhcpBase(object):
  113. def __init__(self, conf, network, root_helper='sudo',
  114. version=None, plugin=None):
  115. self.conf = conf
  116. self.network = network
  117. self.root_helper = root_helper
  118. self.device_manager = DeviceManager(self.conf,
  119. self.root_helper, plugin)
  120. self.version = version
  121. @abc.abstractmethod
  122. def enable(self):
  123. """Enables DHCP for this network."""
  124. @abc.abstractmethod
  125. def disable(self, retain_port=False):
  126. """Disable dhcp for this network."""
  127. def restart(self):
  128. """Restart the dhcp service for the network."""
  129. self.disable(retain_port=True)
  130. self.enable()
  131. @abc.abstractproperty
  132. def active(self):
  133. """Boolean representing the running state of the DHCP server."""
  134. @abc.abstractmethod
  135. def reload_allocations(self):
  136. """Force the DHCP server to reload the assignment database."""
  137. @classmethod
  138. def existing_dhcp_networks(cls, conf, root_helper):
  139. """Return a list of existing networks ids that we have configs for."""
  140. raise NotImplementedError()
  141. @classmethod
  142. def check_version(cls):
  143. """Execute version checks on DHCP server."""
  144. raise NotImplementedError()
  145. @classmethod
  146. def get_isolated_subnets(cls, network):
  147. """Returns a dict indicating whether or not a subnet is isolated"""
  148. raise NotImplementedError()
  149. @classmethod
  150. def should_enable_metadata(cls, conf, network):
  151. """True if the metadata-proxy should be enabled for the network."""
  152. raise NotImplementedError()
  153. class DhcpLocalProcess(DhcpBase):
  154. PORTS = []
  155. def _enable_dhcp(self):
  156. """check if there is a subnet within the network with dhcp enabled."""
  157. for subnet in self.network.subnets:
  158. if subnet.enable_dhcp:
  159. return True
  160. return False
  161. def enable(self):
  162. """Enables DHCP for this network by spawning a local process."""
  163. if self.active:
  164. self.restart()
  165. elif self._enable_dhcp():
  166. interface_name = self.device_manager.setup(self.network)
  167. self.interface_name = interface_name
  168. self.spawn_process()
  169. def disable(self, retain_port=False):
  170. """Disable DHCP for this network by killing the local process."""
  171. pid = self.pid
  172. if pid:
  173. if self.active:
  174. cmd = ['kill', '-9', pid]
  175. utils.execute(cmd, self.root_helper)
  176. else:
  177. LOG.debug(_('DHCP for %(net_id)s is stale, pid %(pid)d '
  178. 'does not exist, performing cleanup'),
  179. {'net_id': self.network.id, 'pid': pid})
  180. if not retain_port:
  181. self.device_manager.destroy(self.network,
  182. self.interface_name)
  183. else:
  184. LOG.debug(_('No DHCP started for %s'), self.network.id)
  185. self._remove_config_files()
  186. if not retain_port:
  187. if self.conf.dhcp_delete_namespaces and self.network.namespace:
  188. ns_ip = ip_lib.IPWrapper(self.root_helper,
  189. self.network.namespace)
  190. try:
  191. ns_ip.netns.delete(self.network.namespace)
  192. except RuntimeError:
  193. msg = _('Failed trying to delete namespace: %s')
  194. LOG.exception(msg, self.network.namespace)
  195. def _remove_config_files(self):
  196. confs_dir = os.path.abspath(os.path.normpath(self.conf.dhcp_confs))
  197. conf_dir = os.path.join(confs_dir, self.network.id)
  198. shutil.rmtree(conf_dir, ignore_errors=True)
  199. def get_conf_file_name(self, kind, ensure_conf_dir=False):
  200. """Returns the file name for a given kind of config file."""
  201. confs_dir = os.path.abspath(os.path.normpath(self.conf.dhcp_confs))
  202. conf_dir = os.path.join(confs_dir, self.network.id)
  203. if ensure_conf_dir:
  204. if not os.path.isdir(conf_dir):
  205. os.makedirs(conf_dir, 0o755)
  206. return os.path.join(conf_dir, kind)
  207. def _get_value_from_conf_file(self, kind, converter=None):
  208. """A helper function to read a value from one of the state files."""
  209. file_name = self.get_conf_file_name(kind)
  210. msg = _('Error while reading %s')
  211. try:
  212. with open(file_name, 'r') as f:
  213. try:
  214. return converter and converter(f.read()) or f.read()
  215. except ValueError:
  216. msg = _('Unable to convert value in %s')
  217. except IOError:
  218. msg = _('Unable to access %s')
  219. LOG.debug(msg % file_name)
  220. return None
  221. @property
  222. def pid(self):
  223. """Last known pid for the DHCP process spawned for this network."""
  224. return self._get_value_from_conf_file('pid', int)
  225. @property
  226. def active(self):
  227. pid = self.pid
  228. if pid is None:
  229. return False
  230. cmdline = '/proc/%s/cmdline' % pid
  231. try:
  232. with open(cmdline, "r") as f:
  233. return self.network.id in f.readline()
  234. except IOError:
  235. return False
  236. @property
  237. def interface_name(self):
  238. return self._get_value_from_conf_file('interface')
  239. @interface_name.setter
  240. def interface_name(self, value):
  241. interface_file_path = self.get_conf_file_name('interface',
  242. ensure_conf_dir=True)
  243. utils.replace_file(interface_file_path, value)
  244. @abc.abstractmethod
  245. def spawn_process(self):
  246. pass
  247. class Dnsmasq(DhcpLocalProcess):
  248. # The ports that need to be opened when security policies are active
  249. # on the Neutron port used for DHCP. These are provided as a convenience
  250. # for users of this class.
  251. PORTS = {IPV4: [(UDP, DNS_PORT), (TCP, DNS_PORT), (UDP, DHCPV4_PORT)],
  252. IPV6: [(UDP, DNS_PORT), (TCP, DNS_PORT), (UDP, DHCPV6_PORT)],
  253. }
  254. _TAG_PREFIX = 'tag%d'
  255. NEUTRON_NETWORK_ID_KEY = 'NEUTRON_NETWORK_ID'
  256. NEUTRON_RELAY_SOCKET_PATH_KEY = 'NEUTRON_RELAY_SOCKET_PATH'
  257. MINIMUM_VERSION = 2.63
  258. MINIMUM_IPV6_VERSION = 2.67
  259. @classmethod
  260. def check_version(cls):
  261. ver = 0
  262. try:
  263. cmd = ['dnsmasq', '--version']
  264. out = utils.execute(cmd)
  265. ver = re.findall("\d+.\d+", out)[0]
  266. is_valid_version = float(ver) >= cls.MINIMUM_VERSION
  267. if not is_valid_version:
  268. LOG.error(_('FAILED VERSION REQUIREMENT FOR DNSMASQ. '
  269. 'DHCP AGENT MAY NOT RUN CORRECTLY! '
  270. 'Please ensure that its version is %s '
  271. 'or above!'), cls.MINIMUM_VERSION)
  272. raise SystemExit(1)
  273. is_valid_version = float(ver) >= cls.MINIMUM_IPV6_VERSION
  274. if not is_valid_version:
  275. LOG.warning(_('FAILED VERSION REQUIREMENT FOR DNSMASQ. '
  276. 'DHCP AGENT MAY NOT RUN CORRECTLY WHEN '
  277. 'SERVING IPV6 STATEFUL SUBNETS! '
  278. 'Please ensure that its version is %s '
  279. 'or above!'), cls.MINIMUM_IPV6_VERSION)
  280. except (OSError, RuntimeError, IndexError, ValueError):
  281. LOG.error(_('Unable to determine dnsmasq version. '
  282. 'Please ensure that its version is %s '
  283. 'or above!'), cls.MINIMUM_VERSION)
  284. raise SystemExit(1)
  285. return float(ver)
  286. @classmethod
  287. def existing_dhcp_networks(cls, conf, root_helper):
  288. """Return a list of existing networks ids that we have configs for."""
  289. confs_dir = os.path.abspath(os.path.normpath(conf.dhcp_confs))
  290. return [
  291. c for c in os.listdir(confs_dir)
  292. if uuidutils.is_uuid_like(c)
  293. ]
  294. def spawn_process(self):
  295. """Spawns a Dnsmasq process for the network."""
  296. env = {
  297. self.NEUTRON_NETWORK_ID_KEY: self.network.id,
  298. }
  299. cmd = [
  300. 'dnsmasq',
  301. '--no-hosts',
  302. '--no-resolv',
  303. '--strict-order',
  304. '--bind-interfaces',
  305. '--interface=%s' % self.interface_name,
  306. '--except-interface=lo',
  307. '--pid-file=%s' % self.get_conf_file_name(
  308. 'pid', ensure_conf_dir=True),
  309. '--dhcp-hostsfile=%s' % self._output_hosts_file(),
  310. '--addn-hosts=%s' % self._output_addn_hosts_file(),
  311. '--dhcp-optsfile=%s' % self._output_opts_file(),
  312. '--leasefile-ro',
  313. '--dhcp-authoritative',
  314. ]
  315. possible_leases = 0
  316. for i, subnet in enumerate(self.network.subnets):
  317. mode = None
  318. # if a subnet is specified to have dhcp disabled
  319. if not subnet.enable_dhcp:
  320. continue
  321. if subnet.ip_version == 4:
  322. mode = 'static'
  323. else:
  324. # Note(scollins) If the IPv6 attributes are not set, set it as
  325. # static to preserve previous behavior
  326. addr_mode = getattr(subnet, 'ipv6_address_mode', None)
  327. ra_mode = getattr(subnet, 'ipv6_ra_mode', None)
  328. if (addr_mode in [constants.DHCPV6_STATEFUL,
  329. constants.DHCPV6_STATELESS] or
  330. not addr_mode and not ra_mode):
  331. mode = 'static'
  332. cidr = netaddr.IPNetwork(subnet.cidr)
  333. if self.conf.dhcp_lease_duration == -1:
  334. lease = 'infinite'
  335. else:
  336. lease = '%ss' % self.conf.dhcp_lease_duration
  337. # mode is optional and is not set - skip it
  338. if mode:
  339. if subnet.ip_version == 4:
  340. cmd.append('--dhcp-range=%s%s,%s,%s,%s' %
  341. ('set:', self._TAG_PREFIX % i,
  342. cidr.network, mode, lease))
  343. else:
  344. cmd.append('--dhcp-range=%s%s,%s,%s,%d,%s' %
  345. ('set:', self._TAG_PREFIX % i,
  346. cidr.network, mode,
  347. cidr.prefixlen, lease))
  348. possible_leases += cidr.size
  349. # Cap the limit because creating lots of subnets can inflate
  350. # this possible lease cap.
  351. cmd.append('--dhcp-lease-max=%d' %
  352. min(possible_leases, self.conf.dnsmasq_lease_max))
  353. cmd.append('--conf-file=%s' % self.conf.dnsmasq_config_file)
  354. if self.conf.dnsmasq_dns_servers:
  355. cmd.extend(
  356. '--server=%s' % server
  357. for server in self.conf.dnsmasq_dns_servers)
  358. if self.conf.dhcp_domain:
  359. cmd.append('--domain=%s' % self.conf.dhcp_domain)
  360. ip_wrapper = ip_lib.IPWrapper(self.root_helper,
  361. self.network.namespace)
  362. ip_wrapper.netns.execute(cmd, addl_env=env)
  363. def _release_lease(self, mac_address, ip):
  364. """Release a DHCP lease."""
  365. cmd = ['dhcp_release', self.interface_name, ip, mac_address]
  366. ip_wrapper = ip_lib.IPWrapper(self.root_helper,
  367. self.network.namespace)
  368. ip_wrapper.netns.execute(cmd)
  369. def reload_allocations(self):
  370. """Rebuild the dnsmasq config and signal the dnsmasq to reload."""
  371. # If all subnets turn off dhcp, kill the process.
  372. if not self._enable_dhcp():
  373. self.disable()
  374. LOG.debug(_('Killing dhcpmasq for network since all subnets have '
  375. 'turned off DHCP: %s'), self.network.id)
  376. return
  377. self._release_unused_leases()
  378. self._output_hosts_file()
  379. self._output_addn_hosts_file()
  380. self._output_opts_file()
  381. if self.active:
  382. cmd = ['kill', '-HUP', self.pid]
  383. utils.execute(cmd, self.root_helper)
  384. else:
  385. LOG.debug(_('Pid %d is stale, relaunching dnsmasq'), self.pid)
  386. LOG.debug(_('Reloading allocations for network: %s'), self.network.id)
  387. self.device_manager.update(self.network, self.interface_name)
  388. def _iter_hosts(self):
  389. """Iterate over hosts.
  390. For each host on the network we yield a tuple containing:
  391. (
  392. port, # a DictModel instance representing the port.
  393. alloc, # a DictModel instance of the allocated ip and subnet.
  394. # if alloc is None, it means there is no need to allocate
  395. # an IPv6 address because of stateless DHCPv6 network.
  396. host_name, # Host name.
  397. name, # Canonical hostname in the format 'hostname[.domain]'.
  398. )
  399. """
  400. v6_nets = dict((subnet.id, subnet) for subnet in
  401. self.network.subnets if subnet.ip_version == 6)
  402. for port in self.network.ports:
  403. for alloc in port.fixed_ips:
  404. # Note(scollins) Only create entries that are
  405. # associated with the subnet being managed by this
  406. # dhcp agent
  407. if alloc.subnet_id in v6_nets:
  408. addr_mode = v6_nets[alloc.subnet_id].ipv6_address_mode
  409. if addr_mode == constants.IPV6_SLAAC:
  410. continue
  411. elif addr_mode == constants.DHCPV6_STATELESS:
  412. alloc = hostname = fqdn = None
  413. yield (port, alloc, hostname, fqdn)
  414. continue
  415. hostname = 'host-%s' % alloc.ip_address.replace(
  416. '.', '-').replace(':', '-')
  417. fqdn = hostname
  418. if self.conf.dhcp_domain:
  419. fqdn = '%s.%s' % (fqdn, self.conf.dhcp_domain)
  420. yield (port, alloc, hostname, fqdn)
  421. def _output_hosts_file(self):
  422. """Writes a dnsmasq compatible dhcp hosts file.
  423. The generated file is sent to the --dhcp-hostsfile option of dnsmasq,
  424. and lists the hosts on the network which should receive a dhcp lease.
  425. Each line in this file is in the form::
  426. 'mac_address,FQDN,ip_address'
  427. IMPORTANT NOTE: a dnsmasq instance does not resolve hosts defined in
  428. this file if it did not give a lease to a host listed in it (e.g.:
  429. multiple dnsmasq instances on the same network if this network is on
  430. multiple network nodes). This file is only defining hosts which
  431. should receive a dhcp lease, the hosts resolution in itself is
  432. defined by the `_output_addn_hosts_file` method.
  433. """
  434. buf = six.StringIO()
  435. filename = self.get_conf_file_name('host')
  436. LOG.debug(_('Building host file: %s'), filename)
  437. # NOTE(ihrachyshka): the loop should not log anything inside it, to
  438. # avoid potential performance drop when lots of hosts are dumped
  439. for (port, alloc, hostname, name) in self._iter_hosts():
  440. if not alloc:
  441. if getattr(port, 'extra_dhcp_opts', False):
  442. buf.write('%s,%s%s\n' %
  443. (port.mac_address, 'set:', port.id))
  444. continue
  445. # (dzyu) Check if it is legal ipv6 address, if so, need wrap
  446. # it with '[]' to let dnsmasq to distinguish MAC address from
  447. # IPv6 address.
  448. ip_address = alloc.ip_address
  449. if netaddr.valid_ipv6(ip_address):
  450. ip_address = '[%s]' % ip_address
  451. if getattr(port, 'extra_dhcp_opts', False):
  452. buf.write('%s,%s,%s,%s%s\n' %
  453. (port.mac_address, name, ip_address,
  454. 'set:', port.id))
  455. else:
  456. buf.write('%s,%s,%s\n' %
  457. (port.mac_address, name, ip_address))
  458. utils.replace_file(filename, buf.getvalue())
  459. LOG.debug('Done building host file %s with contents:\n%s', filename,
  460. buf.getvalue())
  461. return filename
  462. def _read_hosts_file_leases(self, filename):
  463. leases = set()
  464. if os.path.exists(filename):
  465. with open(filename) as f:
  466. for l in f.readlines():
  467. host = l.strip().split(',')
  468. leases.add((host[2], host[0]))
  469. return leases
  470. def _release_unused_leases(self):
  471. filename = self.get_conf_file_name('host')
  472. old_leases = self._read_hosts_file_leases(filename)
  473. new_leases = set()
  474. for port in self.network.ports:
  475. for alloc in port.fixed_ips:
  476. new_leases.add((alloc.ip_address, port.mac_address))
  477. for ip, mac in old_leases - new_leases:
  478. self._release_lease(mac, ip)
  479. def _output_addn_hosts_file(self):
  480. """Writes a dnsmasq compatible additional hosts file.
  481. The generated file is sent to the --addn-hosts option of dnsmasq,
  482. and lists the hosts on the network which should be resolved even if
  483. the dnsmaq instance did not give a lease to the host (see the
  484. `_output_hosts_file` method).
  485. Each line in this file is in the same form as a standard /etc/hosts
  486. file.
  487. """
  488. buf = six.StringIO()
  489. for (port, alloc, hostname, fqdn) in self._iter_hosts():
  490. # It is compulsory to write the `fqdn` before the `hostname` in
  491. # order to obtain it in PTR responses.
  492. if alloc:
  493. buf.write('%s\t%s %s\n' % (alloc.ip_address, fqdn, hostname))
  494. addn_hosts = self.get_conf_file_name('addn_hosts')
  495. utils.replace_file(addn_hosts, buf.getvalue())
  496. return addn_hosts
  497. def _output_opts_file(self):
  498. """Write a dnsmasq compatible options file."""
  499. if self.conf.enable_isolated_metadata:
  500. subnet_to_interface_ip = self._make_subnet_interface_ip_map()
  501. options = []
  502. isolated_subnets = self.get_isolated_subnets(self.network)
  503. dhcp_ips = collections.defaultdict(list)
  504. subnet_idx_map = {}
  505. for i, subnet in enumerate(self.network.subnets):
  506. if (not subnet.enable_dhcp or
  507. (subnet.ip_version == 6 and
  508. getattr(subnet, 'ipv6_address_mode', None)
  509. in [None, constants.IPV6_SLAAC])):
  510. continue
  511. if subnet.dns_nameservers:
  512. options.append(
  513. self._format_option(
  514. subnet.ip_version, i, 'dns-server',
  515. ','.join(
  516. Dnsmasq._convert_to_literal_addrs(
  517. subnet.ip_version, subnet.dns_nameservers))))
  518. else:
  519. # use the dnsmasq ip as nameservers only if there is no
  520. # dns-server submitted by the server
  521. subnet_idx_map[subnet.id] = i
  522. if self.conf.dhcp_domain and subnet.ip_version == 6:
  523. options.append('tag:tag%s,option6:domain-search,%s' %
  524. (i, ''.join(self.conf.dhcp_domain)))
  525. gateway = subnet.gateway_ip
  526. host_routes = []
  527. for hr in subnet.host_routes:
  528. if hr.destination == "0.0.0.0/0":
  529. if not gateway:
  530. gateway = hr.nexthop
  531. else:
  532. host_routes.append("%s,%s" % (hr.destination, hr.nexthop))
  533. # Add host routes for isolated network segments
  534. if (isolated_subnets[subnet.id] and
  535. self.conf.enable_isolated_metadata and
  536. subnet.ip_version == 4):
  537. subnet_dhcp_ip = subnet_to_interface_ip[subnet.id]
  538. host_routes.append(
  539. '%s/32,%s' % (METADATA_DEFAULT_IP, subnet_dhcp_ip)
  540. )
  541. if subnet.ip_version == 4:
  542. if host_routes:
  543. if gateway:
  544. host_routes.append("%s,%s" % ("0.0.0.0/0", gateway))
  545. options.append(
  546. self._format_option(subnet.ip_version, i,
  547. 'classless-static-route',
  548. ','.join(host_routes)))
  549. options.append(
  550. self._format_option(subnet.ip_version, i,
  551. WIN2k3_STATIC_DNS,
  552. ','.join(host_routes)))
  553. if gateway:
  554. options.append(self._format_option(subnet.ip_version,
  555. i, 'router',
  556. gateway))
  557. else:
  558. options.append(self._format_option(subnet.ip_version,
  559. i, 'router'))
  560. for port in self.network.ports:
  561. if getattr(port, 'extra_dhcp_opts', False):
  562. for ip_version in (4, 6):
  563. if any(
  564. netaddr.IPAddress(ip.ip_address).version == ip_version
  565. for ip in port.fixed_ips):
  566. options.extend(
  567. # TODO(xuhanp):Instead of applying extra_dhcp_opts
  568. # to both DHCPv4 and DHCPv6, we need to find a new
  569. # way to specify options for v4 and v6
  570. # respectively. We also need to validate the option
  571. # before applying it.
  572. self._format_option(ip_version, port.id,
  573. opt.opt_name, opt.opt_value)
  574. for opt in port.extra_dhcp_opts)
  575. # provides all dnsmasq ip as dns-server if there is more than
  576. # one dnsmasq for a subnet and there is no dns-server submitted
  577. # by the server
  578. if port.device_owner == constants.DEVICE_OWNER_DHCP:
  579. for ip in port.fixed_ips:
  580. i = subnet_idx_map.get(ip.subnet_id)
  581. if i is None:
  582. continue
  583. dhcp_ips[i].append(ip.ip_address)
  584. for i, ips in dhcp_ips.items():
  585. for ip_version in (4, 6):
  586. vx_ips = [ip for ip in ips
  587. if netaddr.IPAddress(ip).version == ip_version]
  588. if vx_ips:
  589. options.append(
  590. self._format_option(
  591. ip_version, i, 'dns-server',
  592. ','.join(
  593. Dnsmasq._convert_to_literal_addrs(ip_version,
  594. vx_ips))))
  595. name = self.get_conf_file_name('opts')
  596. utils.replace_file(name, '\n'.join(options))
  597. return name
  598. def _make_subnet_interface_ip_map(self):
  599. ip_dev = ip_lib.IPDevice(
  600. self.interface_name,
  601. self.root_helper,
  602. self.network.namespace
  603. )
  604. subnet_lookup = dict(
  605. (netaddr.IPNetwork(subnet.cidr), subnet.id)
  606. for subnet in self.network.subnets
  607. )
  608. retval = {}
  609. for addr in ip_dev.addr.list():
  610. ip_net = netaddr.IPNetwork(addr['cidr'])
  611. if ip_net in subnet_lookup:
  612. retval[subnet_lookup[ip_net]] = addr['cidr'].split('/')[0]
  613. return retval
  614. def _format_option(self, ip_version, tag, option, *args):
  615. """Format DHCP option by option name or code."""
  616. option = str(option)
  617. if isinstance(tag, int):
  618. tag = self._TAG_PREFIX % tag
  619. if not option.isdigit():
  620. if ip_version == 4:
  621. option = 'option:%s' % option
  622. else:
  623. option = 'option6:%s' % option
  624. return ','.join(('tag:' + tag, '%s' % option) + args)
  625. @staticmethod
  626. def _convert_to_literal_addrs(ip_version, ips):
  627. if ip_version == 4:
  628. return ips
  629. return ['[' + ip + ']' for ip in ips]
  630. @classmethod
  631. def get_isolated_subnets(cls, network):
  632. """Returns a dict indicating whether or not a subnet is isolated
  633. A subnet is considered non-isolated if there is a port connected to
  634. the subnet, and the port's ip address matches that of the subnet's
  635. gateway. The port must be owned by a nuetron router.
  636. """
  637. isolated_subnets = collections.defaultdict(lambda: True)
  638. subnets = dict((subnet.id, subnet) for subnet in network.subnets)
  639. for port in network.ports:
  640. if port.device_owner not in (constants.DEVICE_OWNER_ROUTER_INTF,
  641. constants.DEVICE_OWNER_DVR_INTERFACE):
  642. continue
  643. for alloc in port.fixed_ips:
  644. if subnets[alloc.subnet_id].gateway_ip == alloc.ip_address:
  645. isolated_subnets[alloc.subnet_id] = False
  646. return isolated_subnets
  647. @classmethod
  648. def should_enable_metadata(cls, conf, network):
  649. """Determine whether the metadata proxy is needed for a network
  650. This method returns True for truly isolated networks (ie: not attached
  651. to a router), when the enable_isolated_metadata flag is True.
  652. This method also returns True when enable_metadata_network is True,
  653. and the network passed as a parameter has a subnet in the link-local
  654. CIDR, thus characterizing it as a "metadata" network. The metadata
  655. network is used by solutions which do not leverage the l3 agent for
  656. providing access to the metadata service via logical routers built
  657. with 3rd party backends.
  658. """
  659. if conf.enable_metadata_network and conf.enable_isolated_metadata:
  660. # check if the network has a metadata subnet
  661. meta_cidr = netaddr.IPNetwork(METADATA_DEFAULT_CIDR)
  662. if any(netaddr.IPNetwork(s.cidr) in meta_cidr
  663. for s in network.subnets):
  664. return True
  665. if not conf.use_namespaces or not conf.enable_isolated_metadata:
  666. return False
  667. isolated_subnets = cls.get_isolated_subnets(network)
  668. return any(isolated_subnets[subnet.id] for subnet in network.subnets)
  669. @classmethod
  670. def lease_update(cls):
  671. network_id = os.environ.get(cls.NEUTRON_NETWORK_ID_KEY)
  672. dhcp_relay_socket = os.environ.get(cls.NEUTRON_RELAY_SOCKET_PATH_KEY)
  673. action = sys.argv[1]
  674. if action not in ('add', 'del', 'old'):
  675. sys.exit()
  676. mac_address = sys.argv[2]
  677. ip_address = sys.argv[3]
  678. if action == 'del':
  679. lease_remaining = 0
  680. else:
  681. lease_remaining = int(os.environ.get('DNSMASQ_TIME_REMAINING', 0))
  682. data = dict(network_id=network_id, mac_address=mac_address,
  683. ip_address=ip_address, lease_remaining=lease_remaining)
  684. if os.path.exists(dhcp_relay_socket):
  685. sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
  686. sock.connect(dhcp_relay_socket)
  687. sock.send(jsonutils.dumps(data))
  688. sock.close()
  689. class DeviceManager(object):
  690. def __init__(self, conf, root_helper, plugin):
  691. self.conf = conf
  692. self.root_helper = root_helper
  693. self.plugin = plugin
  694. if not conf.interface_driver:
  695. msg = _('An interface driver must be specified')
  696. LOG.error(msg)
  697. raise SystemExit(1)
  698. try:
  699. self.driver = importutils.import_object(
  700. conf.interface_driver, conf)
  701. except Exception as e:
  702. msg = (_("Error importing interface driver '%(driver)s': "
  703. "%(inner)s") % {'driver': conf.interface_driver,
  704. 'inner': e})
  705. LOG.error(msg)
  706. raise SystemExit(1)
  707. def get_interface_name(self, network, port):
  708. """Return interface(device) name for use by the DHCP process."""
  709. return self.driver.get_device_name(port)
  710. def get_device_id(self, network):
  711. """Return a unique DHCP device ID for this host on the network."""
  712. # There could be more than one dhcp server per network, so create
  713. # a device id that combines host and network ids
  714. return commonutils.get_dhcp_agent_device_id(network.id, self.conf.host)
  715. def _set_default_route(self, network, device_name):
  716. """Sets the default gateway for this dhcp namespace.
  717. This method is idempotent and will only adjust the route if adjusting
  718. it would change it from what it already is. This makes it safe to call
  719. and avoids unnecessary perturbation of the system.
  720. """
  721. device = ip_lib.IPDevice(device_name,
  722. self.root_helper,
  723. network.namespace)
  724. gateway = device.route.get_gateway()
  725. if gateway:
  726. gateway = gateway['gateway']
  727. for subnet in network.subnets:
  728. skip_subnet = (
  729. subnet.ip_version != 4
  730. or not subnet.enable_dhcp
  731. or subnet.gateway_ip is None)
  732. if skip_subnet:
  733. continue
  734. if gateway != subnet.gateway_ip:
  735. m = _('Setting gateway for dhcp netns on net %(n)s to %(ip)s')
  736. LOG.debug(m, {'n': network.id, 'ip': subnet.gateway_ip})
  737. device.route.add_gateway(subnet.gateway_ip)
  738. return
  739. # No subnets on the network have a valid gateway. Clean it up to avoid
  740. # confusion from seeing an invalid gateway here.
  741. if gateway is not None:
  742. msg = _('Removing gateway for dhcp netns on net %s')
  743. LOG.debug(msg, network.id)
  744. device.route.delete_gateway(gateway)
  745. def setup_dhcp_port(self, network):
  746. """Create/update DHCP port for the host if needed and return port."""
  747. device_id = self.get_device_id(network)
  748. subnets = {}
  749. dhcp_enabled_subnet_ids = []
  750. for subnet in network.subnets:
  751. if subnet.enable_dhcp:
  752. dhcp_enabled_subnet_ids.append(subnet.id)
  753. subnets[subnet.id] = subnet
  754. dhcp_port = None
  755. for port in network.ports:
  756. port_device_id = getattr(port, 'device_id', None)
  757. if port_device_id == device_id:
  758. port_fixed_ips = []
  759. for fixed_ip in port.fixed_ips:
  760. port_fixed_ips.append({'subnet_id': fixed_ip.subnet_id,
  761. 'ip_address': fixed_ip.ip_address})
  762. if fixed_ip.subnet_id in dhcp_enabled_subnet_ids:
  763. dhcp_enabled_subnet_ids.remove(fixed_ip.subnet_id)
  764. # If there are dhcp_enabled_subnet_ids here that means that
  765. # we need to add those to the port and call update.
  766. if dhcp_enabled_subnet_ids:
  767. port_fixed_ips.extend(
  768. [dict(subnet_id=s) for s in dhcp_enabled_subnet_ids])
  769. dhcp_port = self.plugin.update_dhcp_port(
  770. port.id, {'port': {'network_id': network.id,
  771. 'fixed_ips': port_fixed_ips}})
  772. if not dhcp_port:
  773. raise exceptions.Conflict()
  774. else:
  775. dhcp_port = port
  776. # break since we found port that matches device_id
  777. break
  778. # check for a reserved DHCP port
  779. if dhcp_port is None:
  780. LOG.debug(_('DHCP port %(device_id)s on network %(network_id)s'
  781. ' does not yet exist. Checking for a reserved port.'),
  782. {'device_id': device_id, 'network_id': network.id})
  783. for port in network.ports:
  784. port_device_id = getattr(port, 'device_id', None)
  785. if port_device_id == constants.DEVICE_ID_RESERVED_DHCP_PORT:
  786. dhcp_port = self.plugin.update_dhcp_port(
  787. port.id, {'port': {'network_id': network.id,
  788. 'device_id': device_id}})
  789. if dhcp_port:
  790. break
  791. # DHCP port has not yet been created.
  792. if dhcp_port is None:
  793. LOG.debug(_('DHCP port %(device_id)s on network %(network_id)s'
  794. ' does not yet exist.'), {'device_id': device_id,
  795. 'network_id': network.id})
  796. port_dict = dict(
  797. name='',
  798. admin_state_up=True,
  799. device_id=device_id,
  800. network_id=network.id,
  801. tenant_id=network.tenant_id,
  802. fixed_ips=[dict(subnet_id=s) for s in dhcp_enabled_subnet_ids])
  803. dhcp_port = self.plugin.create_dhcp_port({'port': port_dict})
  804. if not dhcp_port:
  805. raise exceptions.Conflict()
  806. # Convert subnet_id to subnet dict
  807. fixed_ips = [dict(subnet_id=fixed_ip.subnet_id,
  808. ip_address=fixed_ip.ip_address,
  809. subnet=subnets[fixed_ip.subnet_id])
  810. for fixed_ip in dhcp_port.fixed_ips]
  811. ips = [DictModel(item) if isinstance(item, dict) else item
  812. for item in fixed_ips]
  813. dhcp_port.fixed_ips = ips
  814. return dhcp_port
  815. def setup(self, network):
  816. """Create and initialize a device for network's DHCP on this host."""
  817. port = self.setup_dhcp_port(network)
  818. interface_name = self.get_interface_name(network, port)
  819. if ip_lib.ensure_device_is_ready(interface_name,
  820. self.root_helper,
  821. network.namespace):
  822. LOG.debug(_('Reusing existing device: %s.'), interface_name)
  823. else:
  824. self.driver.plug(network.id,
  825. port.id,
  826. interface_name,
  827. port.mac_address,
  828. namespace=network.namespace)
  829. ip_cidrs = []
  830. for fixed_ip in port.fixed_ips:
  831. subnet = fixed_ip.subnet
  832. net = netaddr.IPNetwork(subnet.cidr)
  833. ip_cidr = '%s/%s' % (fixed_ip.ip_address, net.prefixlen)
  834. ip_cidrs.append(ip_cidr)
  835. if (self.conf.enable_isolated_metadata and
  836. self.conf.use_namespaces):
  837. ip_cidrs.append(METADATA_DEFAULT_CIDR)
  838. self.driver.init_l3(interface_name, ip_cidrs,
  839. namespace=network.namespace)
  840. # ensure that the dhcp interface is first in the list
  841. if network.namespace is None:
  842. device = ip_lib.IPDevice(interface_name,
  843. self.root_helper)
  844. device.route.pullup_route(interface_name)
  845. if self.conf.use_namespaces:
  846. self._set_default_route(network, interface_name)
  847. return interface_name
  848. def update(self, network, device_name):
  849. """Update device settings for the network's DHCP on this host."""
  850. if self.conf.use_namespaces:
  851. self._set_default_route(network, device_name)
  852. def destroy(self, network, device_name):
  853. """Destroy the device used for the network's DHCP on this host."""
  854. self.driver.unplug(device_name, namespace=network.namespace)
  855. self.plugin.release_dhcp_port(network.id,
  856. self.get_device_id(network))