Provide in framework utility code to control the creation of a bridge, in order to provide TAP functionality for autotest users without relying on previous setup made by the user. This is a reimplementation of Amos's code, the differences are: * Implemented as a setup class, taking advantage of object internal state to use in different places of the code * Split up the operations to make it easier to understand the steps and why we are doing them * Use of autotest API instead of commands Changes from v2: * Changed firewall rules to match libvirt rules, made the rules to be added with -I, which will place them before exclusion rules * Safer cleanup, always try to cleanup when something wrong happens during setup. Signed-off-by: Cleber Rosa <crosa@xxxxxxxxxx> Signed-off-by: Lucas Meneghel Rodrigues <lmr@xxxxxxxxxx> Signed-off-by: Amos Kong <akong@xxxxxxxxxx> --- client/virt/virt_test_setup.py | 172 ++++++++++++++++++++++++++++++++++++++++ 1 files changed, 172 insertions(+), 0 deletions(-) diff --git a/client/virt/virt_test_setup.py b/client/virt/virt_test_setup.py index f915c1b..8e69b01 100644 --- a/client/virt/virt_test_setup.py +++ b/client/virt/virt_test_setup.py @@ -105,3 +105,175 @@ class HugePageConfig(object): return utils.system("echo 0 > %s" % self.kernel_hp_file) logging.debug("Hugepage memory successfuly dealocated") + + +class PrivateBridgeError(Exception): + def __init__(self, brname): + self.brname = brname + + def __str__(self): + return "Bridge %s not available after setup" % self.brname + + +class PrivateBridgeConfig(object): + __shared_state = {} + def __init__(self, params=None): + self.__dict__ = self.__shared_state + if params is not None: + self.brname = params.get("priv_brname", 'atbr0') + self.subnet = params.get("priv_subnet", '192.168.58') + self.ip_version = params.get("bridge_ip_version", "ipv4") + self.dhcp_server_pid = None + self.iptables_rules = [ + "INPUT 1 -i %s -p udp -m udp --dport 53 -j ACCEPT" % self.brname, + "INPUT 2 -i %s -p tcp -m tcp --dport 53 -j ACCEPT" % self.brname, + "INPUT 3 -i %s -p udp -m udp --dport 67 -j ACCEPT" % self.brname, + "INPUT 4 -i %s -p tcp -m tcp --dport 67 -j ACCEPT" % self.brname, + "INPUT 5 -i %s -p tcp -m tcp --dport 12323 -j ACCEPT" % self.brname, + "FORWARD 1 -m physdev --physdev-is-bridged -j ACCEPT", + "FORWARD 2 -d %s.0/24 -o %s -m state --state RELATED,ESTABLISHED " + "-j ACCEPT" % (self.subnet, self.brname), + "FORWARD 3 -s %s.0/24 -i %s -j ACCEPT" % (self.subnet, self.brname), + "FORWARD 4 -i %s -o %s -j ACCEPT" % (self.brname, self.brname), + ("FORWARD 5 -o %s -j REJECT --reject-with icmp-port-unreachable" % + self.brname), + ("FORWARD 6 -i %s -j REJECT --reject-with icmp-port-unreachable" % + self.brname)] + + + def _add_bridge(self): + utils.system("brctl addbr %s" % self.brname) + ip_fwd_path = "/proc/sys/net/%s/ip_forward" % self.ip_version + ip_fwd = open(ip_fwd_path, "w") + ip_fwd.write("1\n") + utils.system("brctl stp %s on" % self.brname) + utils.system("brctl setfd %s 0" % self.brname) + + + def _bring_bridge_up(self): + utils.system("ifconfig %s %s.1 up" % (self.brname, self.subnet)) + + + def _iptables_add(self, cmd): + return utils.system("iptables -I %s" % cmd) + + + def _iptables_del(self, cmd): + return utils.system("iptables -D %s" % cmd) + + + def _enable_nat(self): + for rule in self.iptables_rules: + self._iptables_add(rule) + + + def _start_dhcp_server(self): + utils.system("service dnsmasq stop") + utils.system("dnsmasq --strict-order --bind-interfaces " + "--listen-address %s.1 --dhcp-range %s.2,%s.254 " + "--dhcp-lease-max=253 " + "--dhcp-no-override " + "--pid-file=/tmp/dnsmasq.pid " + "--log-facility=/tmp/dnsmasq.log" % + (self.subnet, self.subnet, self.subnet)) + self.dhcp_server_pid = None + try: + self.dhcp_server_pid = int(open('/tmp/dnsmasq.pid', 'r').read()) + except ValueError: + raise PrivateBridgeError(self.brname) + logging.debug("Started internal DHCP server with PID %s", + self.dhcp_server_pid) + + + def _verify_bridge(self): + brctl_output = utils.system_output("brctl show") + if self.brname not in brctl_output: + raise PrivateBridgeError(self.brname) + + + def setup(self): + brctl_output = utils.system_output("brctl show") + for line in brctl_output: + if line.startswith(self.brname): + logging.critical("%s", len(line.split())) + if self.brname not in brctl_output: + logging.info("Configuring KVM test private bridge %s", self.brname) + try: + self._add_bridge() + except: + self._remove_bridge() + raise + try: + self._bring_bridge_up() + except: + self._bring_bridge_down() + self._remove_bridge() + raise + try: + self._enable_nat() + except: + self._disable_nat() + self._bring_bridge_down() + self._remove_bridge() + raise + try: + self._start_dhcp_server() + except: + self._stop_dhcp_server() + self._disable_nat() + self._bring_bridge_down() + self._remove_bridge() + raise + self._verify_bridge() + + + def _stop_dhcp_server(self): + if self.dhcp_server_pid is not None: + try: + os.kill(self.dhcp_server_pid, 15) + except OSError: + pass + else: + try: + dhcp_server_pid = int(open('/tmp/dnsmasq.pid', 'r').read()) + except ValueError: + return + try: + os.kill(dhcp_server_pid, 15) + except OSError: + pass + + + def _bring_bridge_down(self): + utils.system("ifconfig %s down" % self.brname, ignore_status=True) + + + def _disable_nat(self): + for rule in self.iptables_rules: + split_list = rule.split(' ') + # We need to remove numbering here + split_list.pop(1) + rule = " ".join(split_list) + self._iptables_del(rule) + + + def _remove_bridge(self): + utils.system("brctl delbr %s" % self.brname, ignore_status=True) + + + def cleanup(self): + brctl_output = utils.system_output("brctl show") + cleanup = False + for line in brctl_output.split("\n"): + if line.startswith(self.brname): + # len == 4 means there is a TAP using the bridge + # so don't try to clean it up + if len(line.split()) < 4: + cleanup = True + break + if cleanup: + logging.debug("Cleaning up KVM test private bridge %s", self.brname) + self._stop_dhcp_server() + self._disable_nat() + self._bring_bridge_down() + self._remove_bridge() -- 1.7.5.2 -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html