Fix potential network conflict

when both the management and business network have a gateway. The guest vm may generate an unexpected default gateway which is the businees gateway as opposed to the management one. In this case, trove guest VM may failed to connect with the openstack control plane such as swift service while doing the backup restore action. In addition, if the mgmt port and the business port have the same IP address. This also may cause network conflict This change disable the user defined port once the guest-agent starts when the network isolation is enabled. Change-Id: I7a96952f34ce5f4aead837b94daedd83c0a871d8 (cherry picked from commit d9b4c7bd24)
2023-12-26 11:41:43 +08:00
parent 7a039ecb09
commit 2191f55b82
2 changed files with 28 additions and 0 deletions
--- a/trove/cmd/guest.py
+++ b/trove/cmd/guest.py
@@ -22,6 +22,7 @@ from trove.common import cfg
 from trove.common import debug_utils
 from trove.common.i18n import _
 from trove.guestagent import api as guest_api
+from trove.guestagent.common import guestagent_utils
 from trove.guestagent.common import operating_system
 from trove.guestagent import volume

@@ -62,6 +63,16 @@ def main():
        msg = (_("The guest_id parameter is not set. guest_info.conf "
               "was not injected into the guest or not read by guestagent"))
        raise RuntimeError(msg)
+    if CONF.network_isolation:
+        # disable user-defined port to avoid potential default gateway
+        # conflict
+        try:
+            guestagent_utils.disable_user_defined_port()
+        except Exception as e:
+            LOG.warn("failed to down the user defined port when "
+                     "network_isolation is set to true due to: %s."
+                     "pass...", str(e))
+            pass

    # Create user and group for running docker container.
    LOG.info('Creating user and group for database service')
--- a/trove/guestagent/common/guestagent_utils.py
+++ b/trove/guestagent/common/guestagent_utils.py
@@ -14,10 +14,14 @@
 #    under the License.

 from collections import abc
+import json
 import os
 import re

+from pyroute2 import IPRoute
+
 from trove.common import cfg
+from trove.common import constants
 from trove.common import pagination
 from trove.common import utils
 from trove.guestagent.common import operating_system
@@ -179,3 +183,16 @@ def get_conf_dir():
        operating_system.ensure_directory(conf_dir, as_root=True)

    return conf_dir
+
+
+def disable_user_defined_port():
+    with open(constants.ETH1_CONFIG_PATH) as fd:
+        eth1_config = json.load(fd)
+    ipr = IPRoute()
+    ifaces = ipr.get_links(address=eth1_config.get("mac_address"))
+    if not ifaces:
+        return
+    ifname = ifaces[0].get_attr('IFLA_IFNAME')
+    operating_system.execute_shell_cmd(f"ip link set {ifname} down", [],
+                                       shell=True,
+                                       as_root=True)