Move final bridge commands to privsep.

A small number of remaining stragglers. Change-Id: I13a12c66cd3380ca2753df985e005f6c0d097667
2019-02-26 09:50:59 +00:00 · 2019-02-26 09:50:59 +00:00 · 7c82342d57
commit 7c82342d57
parent d45be94fdf
6 changed files with 102 additions and 45 deletions
--- a/nova/network/linux_net.py
+++ b/nova/network/linux_net.py
@ -1356,16 +1356,15 @@ class LinuxBridgeInterfaceDriver(LinuxNetInterfaceDriver):
                msg = _('Failed to add bridge: %s') % err
                raise exception.NovaException(msg)

-            _execute('brctl', 'setfd', bridge, 0, run_as_root=True)
-            # _execute('brctl setageing %s 10' % bridge, run_as_root=True)
-            _execute('brctl', 'stp', bridge, 'off', run_as_root=True)
+            nova.privsep.linux_net.bridge_setfd(bridge)
+            nova.privsep.linux_net.bridge_disable_stp(bridge)
            nova.privsep.linux_net.set_device_enabled(bridge)

        if interface:
            LOG.debug('Adding interface %(interface)s to bridge %(bridge)s',
                      {'interface': interface, 'bridge': bridge})
-            out, err = _execute('brctl', 'addif', bridge, interface,
-                                check_exit_code=False, run_as_root=True)
+            out, err = nova.privsep.linux_net.bridge_add_interface(
+                           bridge, interface)
            if (err and err != "device %s is already a member of a bridge; "
                     "can't enslave it to bridge %s.\n" % (interface, bridge)):
                msg = _('Failed to add interface: %s') % err
--- a/nova/privsep/linux_net.py
+++ b/nova/privsep/linux_net.py
@ -32,21 +32,37 @@ LOG = logging.getLogger(__name__)


@nova.privsep.sys_admin_pctxt.entrypoint
-def add_bridge(interface):
+def add_bridge(bridge):
    """Add a bridge.

-    :param interface: the name of the bridge
+    :param bridge: the name of the bridge
    """
-    processutils.execute('brctl', 'addbr', interface)
+    processutils.execute('brctl', 'addbr', bridge)


@nova.privsep.sys_admin_pctxt.entrypoint
-def delete_bridge(interface):
+def delete_bridge(bridge):
    """Delete a bridge.

-    :param interface: the name of the bridge
+    :param bridge: the name of the bridge
    """
-    processutils.execute('brctl', 'delbr', interface)
+    processutils.execute('brctl', 'delbr', bridge)
+
+
+@nova.privsep.sys_admin_pctxt.entrypoint
+def bridge_setfd(bridge):
+    processutils.execute('brctl', 'setfd', bridge, 0)
+
+
+@nova.privsep.sys_admin_pctxt.entrypoint
+def bridge_disable_stp(bridge):
+    processutils.execute('brctl', 'stp', bridge, 'off')
+
+
+@nova.privsep.sys_admin_pctxt.entrypoint
+def bridge_add_interface(bridge, interface):
+    return processutils.execute('brctl', 'addif', bridge, interface,
+                                check_exit_code=False)


 def device_exists(device):
--- a/nova/tests/functional/api_sample_tests/api_sample_base.py
+++ b/nova/tests/functional/api_sample_tests/api_sample_base.py
@ -144,6 +144,9 @@ class ApiSampleTestBaseV21(testscenarios.WithScenarios,
        self.stub_out('nova.privsep.linux_net._enable_ipv4_forwarding_inner',
                      fake_noop)
        self.stub_out('nova.privsep.linux_net.add_vlan', fake_noop)
+        self.stub_out('nova.privsep.linux_net.bridge_setfd', fake_noop)
+        self.stub_out('nova.privsep.linux_net.bridge_disable_stp', fake_noop)
+        self.stub_out('nova.privsep.linux_net.bridge_add_interface', fake_noop)

        if self.availability_zones:
            self.useFixture(
--- a/nova/tests/unit/network/test_linux_net.py
+++ b/nova/tests/unit/network/test_linux_net.py
@ -621,10 +621,15 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
                return_value=('', ''))
    @mock.patch('nova.privsep.linux_net.iptables_set_rules',
                return_value=('', ''))
+    @mock.patch('nova.privsep.linux_net.bridge_setfd')
+    @mock.patch('nova.privsep.linux_net.bridge_disable_stp')
+    @mock.patch('nova.privsep.linux_net.bridge_add_interface',
+                return_value=('', ''))
    def test_linux_bridge_driver_plug(
-            self, mock_iptables_set_rules, mock_iptables_get_rules,
-            mock_lookup_ip, mock_routes_show, mock_enabled, mock_add_bridge,
-            mock_add_rule):
+            self, mock_bridge_add_interface, mock_bridge_disable_stp,
+            mock_bridge_setfd, mock_iptables_set_rules,
+            mock_iptables_get_rules, mock_lookup_ip, mock_routes_show,
+            mock_enabled, mock_add_bridge, mock_add_rule):
        """Makes sure plug doesn't drop FORWARD by default.

        Ensures bug 890195 doesn't reappear.
@ -1225,13 +1230,6 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
        fake_ifaces = {
            netifaces.AF_LINK: [{'addr': fake_mac}]
        }
-        calls = {
-            'device_exists': [mock.call('bridge')],
-            '_execute': [
-                mock.call('brctl', 'addif', 'bridge', 'eth0',
-                          run_as_root=True, check_exit_code=False),
-                ]
-            }
        with test.nested(
            mock.patch('nova.privsep.linux_net.lookup_ip',
                       return_value=('', '')),
@ -1241,15 +1239,18 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
            mock.patch('nova.privsep.linux_net.set_device_macaddr'),
            mock.patch('nova.privsep.linux_net.routes_show',
                       return_value=('fake', '')),
-            mock.patch.object(linux_net, '_execute', return_value=('', '')),
+            mock.patch('nova.privsep.linux_net.bridge_add_interface',
+                       return_value=('', '')),
            mock.patch.object(netifaces, 'ifaddresses')
        ) as (lookup_ip, device_exists, device_enabled, set_device_macaddr,
-              routes_show, _execute, ifaddresses):
+              routes_show, add_interface, ifaddresses):
            ifaddresses.return_value = fake_ifaces
            driver = linux_net.LinuxBridgeInterfaceDriver()
            driver.ensure_bridge('bridge', 'eth0')
-            device_exists.assert_has_calls(calls['device_exists'])
-            _execute.assert_has_calls(calls['_execute'])
+            device_exists.assert_has_calls(
+                [mock.call('bridge')])
+            add_interface.assert_has_calls(
+                [mock.call('bridge', 'eth0')])
            ifaddresses.assert_called_once_with('eth0')
            device_enabled.assert_called_once_with('eth0')
            set_device_macaddr.assert_called_once_with('bridge', fake_mac)
@ -1265,15 +1266,20 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
        with test.nested(
            mock.patch('nova.privsep.linux_net.device_exists',
                       return_value=True),
+            mock.patch('nova.privsep.linux_net.bridge_add_interface',
+                       return_value=('', 'some error happens')),
            mock.patch.object(linux_net, '_execute', fake_execute)
-        ) as (device_exists, _):
+        ) as (device_exists, _, _):
            driver = linux_net.LinuxBridgeInterfaceDriver()
            self.assertRaises(exception.NovaException,
                              driver.ensure_bridge, 'bridge', 'eth0')
            device_exists.assert_called_once_with('bridge')

    @mock.patch('nova.privsep.linux_net.set_device_enabled')
-    def test_ensure_bridge_brclt_addbr_neutron_race(self, mock_enabled):
+    @mock.patch('nova.privsep.linux_net.bridge_setfd')
+    @mock.patch('nova.privsep.linux_net.bridge_disable_stp')
+    def test_ensure_bridge_brclt_addbr_neutron_race(
+            self, mock_bridge_disable_stp, mock_bridge_setfd, mock_enabled):
        def fake_execute(*cmd, **kwargs):
            if ('brctl', 'addbr', 'brq1234567-89') == cmd:
                return ('', "device brq1234567-89 already exists; "
--- a/nova/tests/unit/network/test_manager.py
+++ b/nova/tests/unit/network/test_manager.py
@ -951,11 +951,16 @@ class VlanNetworkTestCase(test.TestCase):
                return_value=('', ''))
    @mock.patch('nova.privsep.linux_net.iptables_set_rules',
                return_value=('', ''))
+    @mock.patch('nova.privsep.linux_net.bridge_setfd')
+    @mock.patch('nova.privsep.linux_net.bridge_disable_stp')
+    @mock.patch('nova.privsep.linux_net.bridge_add_interface',
+                return_value=('', ''))
    def test_vpn_allocate_fixed_ip(
-            self, mock_iptables_set_rules, mock_iptables_get_rules,
-            mock_forwarding_enable, mock_forwarding_check,
-            mock_address_command, mock_change_ip, mock_lookup_ip,
-            mock_routes_show, mock_enabled, mock_add_bridge):
+            self, mock_bridge_add_interface, mock_bridge_disable_stp,
+            mock_bridge_setfd, mock_iptables_set_rules,
+            mock_iptables_get_rules, mock_forwarding_enable,
+            mock_forwarding_check, mock_address_command, mock_change_ip,
+            mock_lookup_ip, mock_routes_show, mock_enabled, mock_add_bridge):
        self.mox.StubOutWithMock(db, 'fixed_ip_associate')
        self.mox.StubOutWithMock(db, 'fixed_ip_update')
        self.mox.StubOutWithMock(db,
@ -1001,11 +1006,16 @@ class VlanNetworkTestCase(test.TestCase):
                return_value=('', ''))
    @mock.patch('nova.privsep.linux_net.iptables_set_rules',
                return_value=('', ''))
+    @mock.patch('nova.privsep.linux_net.bridge_setfd')
+    @mock.patch('nova.privsep.linux_net.bridge_disable_stp')
+    @mock.patch('nova.privsep.linux_net.bridge_add_interface',
+                return_value=('', ''))
    def test_allocate_fixed_ip(
-            self, mock_iptables_set_rules, mock_iptables_get_rules,
-            mock_forwarding_enable, mock_forwarding_check,
-            mock_address_command, mock_change_ip, mock_lookup_ip,
-            mock_routes_show, mock_enabled, mock_add_bridge):
+            self, mock_bridge_add_interface, mock_bridge_disable_stp,
+            mock_bridge_setfd, mock_iptables_set_rules,
+            mock_iptables_get_rules, mock_forwarding_enable,
+            mock_forwarding_check, mock_address_command, mock_change_ip,
+            mock_lookup_ip, mock_routes_show, mock_enabled, mock_add_bridge):
        self.stubs.Set(self.network,
                '_do_trigger_security_group_members_refresh_for_instance',
                lambda *a, **kw: None)
@ -1736,11 +1746,16 @@ class VlanNetworkTestCase(test.TestCase):
                return_value=('', ''))
    @mock.patch('nova.privsep.linux_net.iptables_set_rules',
                return_value=('', ''))
+    @mock.patch('nova.privsep.linux_net.bridge_setfd')
+    @mock.patch('nova.privsep.linux_net.bridge_disable_stp')
+    @mock.patch('nova.privsep.linux_net.bridge_add_interface',
+                return_value=('', ''))
    def test_add_fixed_ip_instance_without_vpn_requested_networks(
-            self, mock_iptables_set_rules, mock_iptables_get_rules,
-            mock_forwarding_enable, mock_forwarding_check,
-            mock_address_command, mock_change_ip, mock_lookup_ip,
-            mock_routes_show, mock_enabled, mock_add_bridge):
+            self, mock_bridge_add_interface, mock_bridge_disable_stp,
+            mock_bridge_setfd, mock_iptables_set_rules,
+            mock_iptables_get_rules, mock_forwarding_enable,
+            mock_forwarding_check, mock_address_command, mock_change_ip,
+            mock_lookup_ip, mock_routes_show, mock_enabled, mock_add_bridge):
        self.stubs.Set(self.network,
                '_do_trigger_security_group_members_refresh_for_instance',
                lambda *a, **kw: None)
@ -2916,10 +2931,16 @@ class AllocateTestCase(test.TestCase):
                return_value=('', ''))
    @mock.patch('nova.privsep.linux_net.iptables_set_rules',
                return_value=('', ''))
+    @mock.patch('nova.privsep.linux_net.bridge_setfd')
+    @mock.patch('nova.privsep.linux_net.bridge_disable_stp')
+    @mock.patch('nova.privsep.linux_net.bridge_add_interface',
+                return_value=('', ''))
    def test_allocate_for_instance(
-            self, mock_iptables_set_rules, mock_iptables_get_rules,
-            mock_add_vlan, mock_modify_ebtables, mock_forwarding_enable,
-            mock_forwarding_check, mock_clean_conntrack, mock_address_command,
+            self, mock_bridge_add_interface, mock_bridge_disable_stp,
+            mock_bridge_setfd, mock_iptables_set_rules,
+            mock_iptables_get_rules, mock_add_vlan, mock_modify_ebtables,
+            mock_forwarding_enable, mock_forwarding_check,
+            mock_clean_conntrack, mock_address_command,
            mock_change_ip, mock_lookup_ip, mock_routes_show, mock_unbind,
            mock_bind, mock_set_macaddr, mock_set_enabled, mock_set_mtu,
            mock_add_bridge):
@ -3002,9 +3023,14 @@ class AllocateTestCase(test.TestCase):
                return_value=('', ''))
    @mock.patch('nova.privsep.linux_net.iptables_set_rules',
                return_value=('', ''))
+    @mock.patch('nova.privsep.linux_net.bridge_setfd')
+    @mock.patch('nova.privsep.linux_net.bridge_disable_stp')
+    @mock.patch('nova.privsep.linux_net.bridge_add_interface',
+                return_value=('', ''))
    def test_allocate_for_instance_with_mac(
-            self, mock_iptables_set_rules, mock_iptables_get_rules,
-            mock_add_vlan, mock_forwarding_enable,
+            self, mock_bridge_add_interface, mock_bridge_disable_stp,
+            mock_bridge_setfd, mock_iptables_set_rules,
+            mock_iptables_get_rules, mock_add_vlan, mock_forwarding_enable,
            mock_forwarding_check, mock_address_command,
            mock_change_ip, mock_lookup_ip, mock_routes_show,
            mock_set_addr, mock_enabled, mock_set_mtu, mock_add_bridge):
--- a/nova/tests/unit/virt/xenapi/test_xenapi.py
+++ b/nova/tests/unit/virt/xenapi/test_xenapi.py
@ -1149,7 +1149,14 @@ class XenAPIVMTestCase(stubs.XenAPITestBase,
                return_value=('', ''))
    @mock.patch('nova.privsep.linux_net.iptables_set_rules',
                return_value=('', ''))
-    def test_spawn_vlanmanager(self, mock_iptables_set_rules,
+    @mock.patch('nova.privsep.linux_net.bridge_setfd')
+    @mock.patch('nova.privsep.linux_net.bridge_disable_stp')
+    @mock.patch('nova.privsep.linux_net.bridge_add_interface',
+                return_value=('', ''))
+    def test_spawn_vlanmanager(self, mock_bridge_add_interface,
+                               mock_bridge_disable_stp,
+                               mock_bridge_setfd,
+                               mock_iptables_set_rules,
                               mock_iptables_get_rules,
                               mock_add_vlan, mock_forwarding_enable,
                               mock_forwarding_check,