resmo closed pull request #2068: systemvm: fix pep8 errors URL: https://github.com/apache/cloudstack/pull/2068
This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/baremetal-vr.py b/systemvm/patches/debian/config/opt/cloud/bin/baremetal-vr.py index 51ab5822353..3ee49cfb742 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/baremetal-vr.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/baremetal-vr.py @@ -1,161 +1,184 @@ -#Licensed to the Apache Software Foundation (ASF) under one -#or more contributor license agreements. See the NOTICE file -#distributed with this work for additional information -#regarding copyright ownership. The ASF licenses this file -#to you under the Apache License, Version 2.0 (the -#"License"); you may not use this file except in compliance -#with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -#Unless required by applicable law or agreed to in writing, -#software distributed under the License is distributed on an -#"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -#KIND, either express or implied. See the License for the -#specific language governing permissions and limitations -#under the License. - -__author__ = 'frank' - -import subprocess -import urllib -import hmac -import hashlib -import base64 -import traceback -import logging - -from flask import Flask - -app = Flask(__name__) - -logger = logging.getLogger('baremetal-vr') -hdlr = logging.FileHandler('/var/log/baremetal-vr.log') -formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s') -hdlr.setFormatter(formatter) -logger.addHandler(hdlr) -logger.setLevel(logging.WARNING) - -class ShellCmd(object): - ''' - classdocs - ''' - def __init__(self, cmd, workdir=None, pipe=True): - ''' - Constructor - ''' - self.cmd = cmd - if pipe: - self.process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE, executable='/bin/sh', cwd=workdir) - else: - self.process = subprocess.Popen(cmd, shell=True, executable='/bin/sh', cwd=workdir) - - self.stdout = None - self.stderr = None - self.return_code = None - - def __call__(self, is_exception=True): - (self.stdout, self.stderr) = self.process.communicate() - if is_exception and self.process.returncode != 0: - err = [] - err.append('failed to execute shell command: %s' % self.cmd) - err.append('return code: %s' % self.process.returncode) - err.append('stdout: %s' % self.stdout) - err.append('stderr: %s' % self.stderr) - raise Exception('\n'.join(err)) - - self.return_code = self.process.returncode - return self.stdout - -def shell(cmd): - return ShellCmd(cmd)() - - -class Server(object): - CMDLINE = '/var/cache/cloud/cmdline' - def __init__(self): - self.apikey = None - self.secretkey = None - self.mgmtIp = None - self.mgmtPort = None - - def _get_credentials(self): - if not self.apikey or not self.secretkey: - with open(self.CMDLINE, 'r') as fd: - cmdline = fd.read() - for p in cmdline.split(): - if 'baremetalnotificationsecuritykey' in p: - self.secretkey = p.split("=")[1] - if 'baremetalnotificationapikey' in p: - self.apikey = p.split("=")[1] - - if not self.apikey: - raise Exception('cannot find baremetalnotificationapikey in %s' % Server.CMDLINE) - if not self.secretkey: - raise Exception('cannot find baremetalnotificationsecuritykey in %s' % Server.CMDLINE) - - return self.apikey, self.secretkey - - def _get_mgmt_ip(self): - if not self.mgmtIp: - with open(self.CMDLINE, 'r') as fd: - cmdline = fd.read() - for p in cmdline.split(): - if 'host' in p: - self.mgmtIp = p.split("=")[1] - break - - if not self.mgmtIp: - raise Exception('cannot find host in %s' % Server.CMDLINE) - - return self.mgmtIp - - def _get_mgmt_port(self): - if not self.mgmtPort: - with open(self.CMDLINE, 'r') as fd: - cmdline = fd.read() - for p in cmdline.split(): - if 'port' in p: - self.mgmtPort = p.split("=")[1] - break - - if not self.mgmtIp: - raise Exception('cannot find port in %s' % Server.CMDLINE) - - return self.mgmtPort - - def _make_sign(self, mac): - apikey, secretkey = self._get_credentials() - reqs = { - "apiKey": apikey, - "command": 'notifyBaremetalProvisionDone', - "mac": mac - } - - request = zip(reqs.keys(), reqs.values()) - request.sort(key=lambda x: str.lower(x[0])) - hashStr = "&".join(["=".join([str.lower(r[0]), str.lower(urllib.quote_plus(str(r[1]))).replace("+", "%20").replace('=', '%3d')]) for r in request]) - sig = urllib.quote_plus(base64.encodestring(hmac.new(secretkey, hashStr, hashlib.sha1).digest()).strip()) - return sig - - def notify_provisioning_done(self, mac): - sig = self._make_sign(mac) - cmd = 'http://%s:%s/client/api?command=notifyBaremetalProvisionDone&mac=%s&apiKey=%s&signature=%s' % (self._get_mgmt_ip(), self._get_mgmt_port(), mac, self.apikey, sig) - shell("curl -X GET '%s'" % cmd) - return '' - -server = None - [email protected]('/baremetal/provisiondone/<mac>', methods=['GET']) -def notify_provisioning_done(mac): - try: - return server.notify_provisioning_done(mac) - except: - logger.warn(traceback.format_exc()) - return '' - - -if __name__ == '__main__': - server = Server() - shell("iptables-save | grep -- '-A INPUT -i eth0 -p tcp -m tcp --dport 10086 -j ACCEPT' > /dev/null || iptables -I INPUT -i eth0 -p tcp -m tcp --dport 10086 -j ACCEPT") - app.run(host='0.0.0.0', port=10086, debug=True) +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +__author__ = 'frank' + +import subprocess +import urllib +import hmac +import hashlib +import base64 +import traceback +import logging + +from flask import Flask + +app = Flask(__name__) + +logger = logging.getLogger('baremetal-vr') +hdlr = logging.FileHandler('/var/log/baremetal-vr.log') +formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s') +hdlr.setFormatter(formatter) +logger.addHandler(hdlr) +logger.setLevel(logging.WARNING) + + +class ShellCmd(object): + ''' + classdocs + ''' + def __init__(self, cmd, workdir=None, pipe=True): + ''' + Constructor + ''' + self.cmd = cmd + if pipe: + self.process = subprocess.Popen( + cmd, + shell=True, + stdout=subprocess.PIPE, + stdin=subprocess.PIPE, + stderr=subprocess.PIPE, + executable='/bin/sh', + cwd=workdir + ) + else: + self.process = subprocess.Popen(cmd, shell=True, executable='/bin/sh', cwd=workdir) + + self.stdout = None + self.stderr = None + self.return_code = None + + def __call__(self, is_exception=True): + (self.stdout, self.stderr) = self.process.communicate() + if is_exception and self.process.returncode != 0: + err = [] + err.append('failed to execute shell command: %s' % self.cmd) + err.append('return code: %s' % self.process.returncode) + err.append('stdout: %s' % self.stdout) + err.append('stderr: %s' % self.stderr) + raise Exception('\n'.join(err)) + + self.return_code = self.process.returncode + return self.stdout + + +def shell(cmd): + return ShellCmd(cmd)() + + +class Server(object): + + CMDLINE = '/var/cache/cloud/cmdline' + + def __init__(self): + self.apikey = None + self.secretkey = None + self.mgmtIp = None + self.mgmtPort = None + + def _get_credentials(self): + if not self.apikey or not self.secretkey: + with open(self.CMDLINE, 'r') as fd: + cmdline = fd.read() + for p in cmdline.split(): + if 'baremetalnotificationsecuritykey' in p: + self.secretkey = p.split("=")[1] + if 'baremetalnotificationapikey' in p: + self.apikey = p.split("=")[1] + + if not self.apikey: + raise Exception('cannot find baremetalnotificationapikey in %s' % Server.CMDLINE) + if not self.secretkey: + raise Exception('cannot find baremetalnotificationsecuritykey in %s' % Server.CMDLINE) + + return self.apikey, self.secretkey + + def _get_mgmt_ip(self): + if not self.mgmtIp: + with open(self.CMDLINE, 'r') as fd: + cmdline = fd.read() + for p in cmdline.split(): + if 'host' in p: + self.mgmtIp = p.split("=")[1] + break + + if not self.mgmtIp: + raise Exception('cannot find host in %s' % Server.CMDLINE) + + return self.mgmtIp + + def _get_mgmt_port(self): + if not self.mgmtPort: + with open(self.CMDLINE, 'r') as fd: + cmdline = fd.read() + for p in cmdline.split(): + if 'port' in p: + self.mgmtPort = p.split("=")[1] + break + + if not self.mgmtIp: + raise Exception('cannot find port in %s' % Server.CMDLINE) + + return self.mgmtPort + + def _make_sign(self, mac): + apikey, secretkey = self._get_credentials() + reqs = { + "apiKey": apikey, + "command": 'notifyBaremetalProvisionDone', + "mac": mac + } + + request = zip(reqs.keys(), reqs.values()) + request.sort(key=lambda x: str.lower(x[0])) + hashStr = "&".join(["=".join([str.lower(r[0]), str.lower(urllib.quote_plus(str(r[1]))).replace("+", "%20").replace('=', '%3d')]) for r in request]) + sig = urllib.quote_plus(base64.encodestring(hmac.new(secretkey, hashStr, hashlib.sha1).digest()).strip()) + return sig + + def notify_provisioning_done(self, mac): + sig = self._make_sign(mac) + cmd = 'http://%s:%s/client/api?command=notifyBaremetalProvisionDone&mac=%s&apiKey=%s&signature=%s' % ( + self._get_mgmt_ip(), + self._get_mgmt_port(), + mac, + self.apikey, + sig + ) + shell("curl -X GET '%s'" % cmd) + return '' + + +server = None + + [email protected]('/baremetal/provisiondone/<mac>', methods=['GET']) +def notify_provisioning_done(mac): + try: + return server.notify_provisioning_done(mac) + except: + logger.warn(traceback.format_exc()) + return '' + + +if __name__ == '__main__': + server = Server() + shell( + "iptables-save | grep -- '-A INPUT -i eth0 -p tcp -m tcp --dport 10086 -j ACCEPT' > /dev/null || " + + "iptables -I INPUT -i eth0 -p tcp -m tcp --dport 10086 -j ACCEPT" + ) + app.run(host='0.0.0.0', port=10086, debug=True) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index e77d24f66c3..748e30a0ed7 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -20,34 +20,28 @@ import os import base64 -from merge import DataBag -from pprint import pprint -import subprocess import logging import re -import time -import shutil import os.path import os from fcntl import flock, LOCK_EX, LOCK_UN -from cs.CsDatabag import CsDataBag, CsCmdLine -import cs.CsHelper +from cs.CsDatabag import CsDataBag from cs.CsNetfilter import CsNetfilters from cs.CsDhcp import CsDhcp -from cs.CsRedundant import * from cs.CsFile import CsFile -from cs.CsApp import CsApache, CsDnsmasq from cs.CsMonitor import CsMonitor from cs.CsLoadBalancer import CsLoadBalancer from cs.CsConfig import CsConfig from cs.CsProcess import CsProcess from cs.CsStaticRoutes import CsStaticRoutes +from cs.CsHelper import CsHelper +from cs.CsRedundant import CsRedundant class CsPassword(CsDataBag): - TOKEN_FILE="/tmp/passwdsrvrtoken" + TOKEN_FILE = "/tmp/passwdsrvrtoken" def process(self): for item in self.dbag: @@ -70,7 +64,7 @@ def __update(self, vm_ip, password): proc = CsProcess(['/opt/cloud/bin/passwd_server_ip.py', server_ip]) if proc.find(): update_command = 'curl --header "DomU_Request: save_password" "http://{SERVER_IP}:8080/"; -F "ip={VM_IP}" -F "password={PASSWORD}" ' \ - '-F "token={TOKEN}" >/dev/null 2>/dev/null &'.format(SERVER_IP=server_ip, VM_IP=vm_ip, PASSWORD=password, TOKEN=token) + '-F "token={TOKEN}" >/dev/null 2>/dev/null &'.format(SERVER_IP=server_ip, VM_IP=vm_ip, PASSWORD=password, TOKEN=token) result = CsHelper.execute(update_command) logging.debug("Update password server result ==> %s" % result) @@ -122,7 +116,7 @@ def add_rule(self, cidr): rnge = '' if "first_port" in self.rule.keys() and \ self.rule['first_port'] == self.rule['last_port']: - rnge = " --dport %s " %self.rule['first_port'] + rnge = " --dport %s " % self.rule['first_port'] if "first_port" in self.rule.keys() and \ self.rule['first_port'] != self.rule['last_port']: rnge = " --dport %s:%s" % (rule['first_port'], rule['last_port']) @@ -167,14 +161,14 @@ def add_rule(self, cidr): if rule['protocol'] == "icmp": fwr += " -s %s " % cidr + \ - " -p %s " % rule['protocol'] + \ - " -m %s " % rule['protocol'] + \ - " --icmp-type %s" % icmp_type + " -p %s " % rule['protocol'] + \ + " -m %s " % rule['protocol'] + \ + " --icmp-type %s" % icmp_type elif rule['protocol'] != "all": fwr += " -s %s " % cidr + \ - " -p %s " % rule['protocol'] + \ - " -m %s " % rule['protocol'] + \ - " %s" % rnge + " -p %s " % rule['protocol'] + \ + " -m %s " % rule['protocol'] + \ + " %s" % rnge elif rule['protocol'] == "all": fwr += " -s %s " % cidr @@ -320,7 +314,7 @@ def __createfile(self, ip, folder, file, data): if data is not None: # need to pad data if it is not valid base 64 if len(data) % 4 != 0: - data += (4-(len(data) % 4)) * "=" + data += (4 - (len(data) % 4)) * "=" data = base64.b64decode(data) fh = open(dest, "w") @@ -382,7 +376,7 @@ def __htaccess(self, ip, folder, file): entry = "Options -Indexes\nOrder Deny,Allow\nDeny from all\nAllow from " + ip htaccessFolder = "/var/www/html/" + folder + "/" + ip - htaccessFile = htaccessFolder+"/.htaccess" + htaccessFile = htaccessFolder + "/.htaccess" try: os.makedirs(htaccessFolder, 0755) @@ -427,7 +421,7 @@ def __exflock(self, file): def __unflock(self, file): try: flock(file, LOCK_UN) - except IOError: + except IOError as e: print "failed to unlock file" + file.name + " due to : " + e.strerror sys.exit(1) # FIXME return True @@ -500,12 +494,12 @@ def configure_ipsec(self, obj): peerlist = obj['peer_guest_cidr_list'].replace(' ', '') vpnconffile = "%s/ipsec.vpn-%s.conf" % (self.VPNCONFDIR, rightpeer) vpnsecretsfile = "%s/ipsec.vpn-%s.secrets" % (self.VPNCONFDIR, rightpeer) - ikepolicy=obj['ike_policy'].replace(';','-') - esppolicy=obj['esp_policy'].replace(';','-') + ikepolicy = obj['ike_policy'].replace(';', '-') + esppolicy = obj['esp_policy'].replace(';', '-') - pfs='no' + pfs = 'no' if 'modp' in esppolicy: - pfs='yes' + pfs = 'yes' if rightpeer in self.confips: self.confips.remove(rightpeer) @@ -528,7 +522,7 @@ def configure_ipsec(self, obj): file.addeq(" keyingtries=2") file.addeq(" auto=start") if 'encap' not in obj: - obj['encap']=False + obj['encap'] = False file.addeq(" forceencaps=%s" % CsHelper.bool_to_yn(obj['encap'])) if obj['dpd']: file.addeq(" dpddelay=30") @@ -552,15 +546,16 @@ def convert_sec_to_h(self, val): hrs = int(val) / 3600 return "%sh" % hrs + class CsVpnUser(CsDataBag): - PPP_CHAP='/etc/ppp/chap-secrets' + PPP_CHAP = '/etc/ppp/chap-secrets' def process(self): for user in self.dbag: if user == 'id': continue - userconfig=self.dbag[user] + userconfig = self.dbag[user] if userconfig['add']: self.add_l2tp_ipsec_user(user, userconfig) else: @@ -570,9 +565,9 @@ def add_l2tp_ipsec_user(self, user, obj): userfound = False password = obj['password'] - userSearchEntry = "%s \* %s \*"%(user,password) - userAddEntry = "%s * %s *" %(user,password) - logging.debug("Adding vpn user %s" %userSearchEntry) + userSearchEntry = "%s \* %s \*" % (user, password) + userAddEntry = "%s * %s *" % (user, password) + logging.debug("Adding vpn user %s" % userSearchEntry) file = CsFile(self.PPP_CHAP) userfound = file.searchString(userSearchEntry, '#') @@ -582,11 +577,9 @@ def add_l2tp_ipsec_user(self, user, obj): file.add(userAddEntry) file.commit() - def del_l2tp_ipsec_user(self, user, obj): - userfound = False password = obj['password'] - userentry = "%s \* %s \*"%(user,password) + userentry = "%s \* %s \*" % (user, password) logging.debug("Deleting the user %s " % user) file = CsFile(self.PPP_CHAP) @@ -605,16 +598,15 @@ def del_l2tp_ipsec_user(self, user, obj): if user in line: contentlist = line.split(';') for str in contentlist: - print 'in del_l2tp str = '+ str + print 'in del_l2tp str = ' + str pppd = str.split('=')[0] if pppd == 'PPPD_PID': pid = str.split('=')[1] if pid: - logging.debug("killing process %s" %pid) + logging.debug("killing process %s" % pid) CsHelper.execute('kill -9 %s' % pid) - class CsRemoteAccessVpn(CsDataBag): VPNCONFDIR = "/etc/ipsec.d" @@ -625,14 +617,14 @@ def process(self): for public_ip in self.dbag: if public_ip == "id": continue - vpnconfig=self.dbag[public_ip] + vpnconfig = self.dbag[public_ip] - #Enable remote access vpn + # Enable remote access vpn if vpnconfig['create']: - logging.debug("Enabling remote access vpn on "+ public_ip) + logging.debug("Enabling remote access vpn on " + public_ip) CsHelper.start_if_stopped("ipsec") self.configure_l2tpIpsec(public_ip, self.dbag[public_ip]) - logging.debug("Remote accessvpn data bag %s", self.dbag) + logging.debug("Remote accessvpn data bag %s" % self.dbag) self.remoteaccessvpn_iptables(public_ip, self.dbag[public_ip]) CsHelper.execute("ipsec down L2TP-PSK") @@ -642,48 +634,46 @@ def process(self): CsHelper.execute("ipsec rereadsecrets") else: logging.debug("Disabling remote access vpn .....") - #disable remote access vpn + # Disable remote access vpn CsHelper.execute("ipsec down L2TP-PSK") CsHelper.execute("service xl2tpd stop") - - def configure_l2tpIpsec(self, left, obj): - l2tpconffile="%s/l2tp.conf" % (self.VPNCONFDIR) - vpnsecretfilte="%s/ipsec.any.secrets" % (self.VPNCONFDIR) - xl2tpdconffile="/etc/xl2tpd/xl2tpd.conf" - xl2tpoptionsfile='/etc/ppp/options.xl2tpd' + def configure_l2tpIpsec(self, left, obj): + l2tpconffile = "%s/l2tp.conf" % (self.VPNCONFDIR) + vpnsecretfilte = "%s/ipsec.any.secrets" % (self.VPNCONFDIR) + xl2tpdconffile = "/etc/xl2tpd/xl2tpd.conf" + xl2tpoptionsfile = '/etc/ppp/options.xl2tpd' file = CsFile(l2tpconffile) - localip=obj['local_ip'] - localcidr=obj['local_cidr'] - publicIface=obj['public_interface'] - iprange=obj['ip_range'] - psk=obj['preshared_key'] - - #left + localip = obj['local_ip'] + # Unused vars + # localcidr = obj['local_cidr'] + # publicIface = obj['public_interface'] + iprange = obj['ip_range'] + psk = obj['preshared_key'] + + # left file.addeq(" left=%s" % left) file.commit() - secret = CsFile(vpnsecretfilte) secret.empty() - secret.addeq(": PSK \"%s\"" %psk) + secret.addeq(": PSK \"%s\"" % psk) secret.commit() xl2tpdconf = CsFile(xl2tpdconffile) - xl2tpdconf.addeq("ip range = %s" %iprange) - xl2tpdconf.addeq("local ip = %s" %localip) + xl2tpdconf.addeq("ip range = %s" % iprange) + xl2tpdconf.addeq("local ip = %s" % localip) xl2tpdconf.commit() - xl2tpoptions=CsFile(xl2tpoptionsfile) - xl2tpoptions.search("ms-dns ", "ms-dns %s" %localip) + xl2tpoptions = CsFile(xl2tpoptionsfile) + xl2tpoptions.search("ms-dns ", "ms-dns %s" % localip) xl2tpoptions.commit() def remoteaccessvpn_iptables(self, publicip, obj): - publicdev=obj['public_interface'] - localcidr=obj['local_cidr'] - local_ip=obj['local_ip'] - + publicdev = obj['public_interface'] + localcidr = obj['local_cidr'] + local_ip = obj['local_ip'] self.fw.append(["", "", "-A INPUT -i %s --dst %s -p udp -m udp --dport 500 -j ACCEPT" % (publicdev, publicip)]) self.fw.append(["", "", "-A INPUT -i %s --dst %s -p udp -m udp --dport 4500 -j ACCEPT" % (publicdev, publicip)]) @@ -692,31 +682,30 @@ def remoteaccessvpn_iptables(self, publicip, obj): self.fw.append(["", "", "-A INPUT -i %s -p esp -j ACCEPT" % publicdev]) if self.config.is_vpc(): - self.fw.append(["", ""," -N VPN_FORWARD"]) - self.fw.append(["", "","-I FORWARD -i ppp+ -j VPN_FORWARD"]) - self.fw.append(["", "","-I FORWARD -o ppp+ -j VPN_FORWARD"]) - self.fw.append(["", "","-I FORWARD -o ppp+ -j VPN_FORWARD"]) - self.fw.append(["", "","-A VPN_FORWARD -s %s -j RETURN" %localcidr]) - self.fw.append(["", "","-A VPN_FORWARD -i ppp+ -d %s -j RETURN" %localcidr]) - self.fw.append(["", "","-A VPN_FORWARD -i ppp+ -o ppp+ -j RETURN"]) + self.fw.append(["", "", " -N VPN_FORWARD"]) + self.fw.append(["", "", "-I FORWARD -i ppp+ -j VPN_FORWARD"]) + self.fw.append(["", "", "-I FORWARD -o ppp+ -j VPN_FORWARD"]) + self.fw.append(["", "", "-I FORWARD -o ppp+ -j VPN_FORWARD"]) + self.fw.append(["", "", "-A VPN_FORWARD -s %s -j RETURN" % localcidr]) + self.fw.append(["", "", "-A VPN_FORWARD -i ppp+ -d %s -j RETURN" % localcidr]) + self.fw.append(["", "", "-A VPN_FORWARD -i ppp+ -o ppp+ -j RETURN"]) else: - self.fw.append(["", "","-A FORWARD -i ppp+ -o ppp+ -j ACCEPT"]) - self.fw.append(["", "","-A FORWARD -s %s -o ppp+ -j ACCEPT" % localcidr]) - self.fw.append(["", "","-A FORWARD -i ppp+ -d %s -j ACCEPT" % localcidr]) + self.fw.append(["", "", "-A FORWARD -i ppp+ -o ppp+ -j ACCEPT"]) + self.fw.append(["", "", "-A FORWARD -s %s -o ppp+ -j ACCEPT" % localcidr]) + self.fw.append(["", "", "-A FORWARD -i ppp+ -d %s -j ACCEPT" % localcidr]) - - self.fw.append(["", "","-A INPUT -i ppp+ -m udp -p udp --dport 53 -j ACCEPT"]) - self.fw.append(["", "","-A INPUT -i ppp+ -m tcp -p tcp --dport 53 -j ACCEPT"]) - self.fw.append(["nat", "","-I PREROUTING -i ppp+ -m tcp --dport 53 -j DNAT --to-destination %s" % local_ip]) + self.fw.append(["", "", "-A INPUT -i ppp+ -m udp -p udp --dport 53 -j ACCEPT"]) + self.fw.append(["", "", "-A INPUT -i ppp+ -m tcp -p tcp --dport 53 -j ACCEPT"]) + self.fw.append(["nat", "", "-I PREROUTING -i ppp+ -m tcp --dport 53 -j DNAT --to-destination %s" % local_ip]) if self.config.is_vpc(): return - self.fw.append(["mangle", "","-N VPN_%s " %publicip]) - self.fw.append(["mangle", "","-A VPN_%s -j RETURN " % publicip]) - self.fw.append(["mangle", "","-I VPN_%s -p ah -j ACCEPT " % publicip]) - self.fw.append(["mangle", "","-I VPN_%s -p esp -j ACCEPT " % publicip]) - self.fw.append(["mangle", "","-I PREROUTING -d %s -j VPN_%s " % (publicip, publicip)]) + self.fw.append(["mangle", "", "-N VPN_%s " % publicip]) + self.fw.append(["mangle", "", "-A VPN_%s -j RETURN " % publicip]) + self.fw.append(["mangle", "", "-I VPN_%s -p ah -j ACCEPT " % publicip]) + self.fw.append(["mangle", "", "-I VPN_%s -p esp -j ACCEPT " % publicip]) + self.fw.append(["mangle", "", "-I PREROUTING -d %s -j VPN_%s " % (publicip, publicip)]) class CsForwardingRules(CsDataBag): @@ -731,7 +720,7 @@ def process(self): elif rule["type"] == "staticnat": self.processStaticNatRule(rule) - #return the VR guest interface ip + # Return the VR guest interface ip def getGuestIp(self): interfaces = [] ipAddr = None @@ -777,13 +766,13 @@ def processForwardRule(self, rule): self.forward_vr(rule) def forward_vr(self, rule): - #prefetch iptables variables + # Prefetch iptables variables public_fwinterface = self.getDeviceByIp(rule['public_ip']) internal_fwinterface = self.getDeviceByIp(rule['internal_ip']) public_fwports = self.portsToString(rule['public_ports'], ':') internal_fwports = self.portsToString(rule['internal_ports'], '-') fw1 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ - ( + ( rule['public_ip'], public_fwinterface, rule['protocol'], @@ -791,9 +780,9 @@ def forward_vr(self, rule): public_fwports, rule['internal_ip'], internal_fwports - ) + ) fw2 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ - ( + ( rule['public_ip'], internal_fwinterface, rule['protocol'], @@ -801,18 +790,18 @@ def forward_vr(self, rule): public_fwports, rule['internal_ip'], internal_fwports - ) + ) fw3 = "-A OUTPUT -d %s/32 -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ - ( + ( rule['public_ip'], rule['protocol'], rule['protocol'], public_fwports, rule['internal_ip'], internal_fwports - ) + ) fw4 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \ - ( + ( self.getGuestIp(), self.getNetworkByIp(rule['internal_ip']), rule['internal_ip'], @@ -820,32 +809,32 @@ def forward_vr(self, rule): rule['protocol'], rule['protocol'], self.portsToString(rule['internal_ports'], ':') - ) + ) fw5 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j MARK --set-xmark %s/0xffffffff" % \ - ( + ( rule['public_ip'], public_fwinterface, rule['protocol'], rule['protocol'], public_fwports, hex(int(public_fwinterface[3:])) - ) + ) fw6 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \ - ( + ( rule['public_ip'], public_fwinterface, rule['protocol'], rule['protocol'], public_fwports, - ) + ) fw7 = "-A FORWARD -i %s -o %s -p %s -m %s --dport %s -m state --state NEW,ESTABLISHED -j ACCEPT" % \ - ( + ( public_fwinterface, internal_fwinterface, rule['protocol'], rule['protocol'], self.portsToString(rule['internal_ports'], ':') - ) + ) self.fw.append(["nat", "", fw1]) self.fw.append(["nat", "", fw2]) self.fw.append(["nat", "", fw3]) @@ -892,11 +881,9 @@ def processStaticNatRule(self, rule): if device is None: raise Exception("Ip address %s has no device in the ips databag" % rule["public_ip"]) self.fw.append(["mangle", "", - "-A PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark 0x%s/0xffffffff" % \ - (rule["internal_ip"], device[len("eth"):])]) + "-A PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark 0x%s/0xffffffff" % (rule["internal_ip"], device[len("eth"):])]) self.fw.append(["mangle", "", - "-A PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \ - rule["internal_ip"]]) + "-A PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % rule["internal_ip"]]) self.fw.append(["nat", "front", "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])]) self.fw.append(["nat", "front", @@ -906,11 +893,13 @@ def processStaticNatRule(self, rule): self.fw.append(["filter", "", "-A FORWARD -i %s -o eth0 -d %s -m state --state NEW -j ACCEPT " % (device, rule["internal_ip"])]) - #configure the hairpin nat + # Configure the hairpin nat self.fw.append(["nat", "front", "-A PREROUTING -d %s -i eth0 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])]) - self.fw.append(["nat", "front", "-A POSTROUTING -s %s -d %s -j SNAT -o eth0 --to-source %s" % (self.getNetworkByIp(rule['internal_ip']),rule["internal_ip"], self.getGuestIp())]) + self.fw.append(["nat", "front", + "-A POSTROUTING -s %s -d %s -j SNAT -o eth0 --to-source %s" % + (self.getNetworkByIp(rule['internal_ip']), rule["internal_ip"], self.getGuestIp())]) def main(argv): @@ -1032,5 +1021,6 @@ def main(argv): except Exception: logging.exception("Exception while configuring router") + if __name__ == "__main__": main(sys.argv) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py index d72b5800167..d738d230d3f 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py @@ -27,6 +27,7 @@ VRRP_TYPES = ['guest'] + class CsAddress(CsDataBag): def compare(self): @@ -359,7 +360,6 @@ def setup_router_control(self): self.fw.append(["filter", "", "-P INPUT DROP"]) self.fw.append(["filter", "", "-P FORWARD DROP"]) - def fw_router(self): if self.config.is_vpc(): return @@ -441,7 +441,7 @@ def fw_vpcrouter(self): if self.get_type() in ["guest"]: self.fw.append(["mangle", "front", "-A PREROUTING " + - " -i %s -m state --state RELATED,ESTABLISHED " % self.dev + + " -i %s -m state --state RELATED,ESTABLISHED " % self.dev + "-j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff"]) guestNetworkCidr = self.address['network'] self.fw.append(["filter", "", "-A FORWARD -d %s -o %s -j ACL_INBOUND_%s" % @@ -573,7 +573,7 @@ def post_config_change(self, method): cmdline = self.config.cmdline() # If redundant then this is dealt with by the master backup functions if self.get_type() in ["guest"] and not cmdline.is_redundant(): - pwdsvc = CsPasswdSvc(self.address['public_ip']).start() + CsPasswdSvc(self.address['public_ip']).start() if self.get_type() == "public" and self.config.is_vpc() and method == "add": if self.address["source_nat"]: @@ -723,4 +723,3 @@ def cpus(self): if count < 2: logging.debug("Single CPU machine") return count - diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py index 9762e04875a..235decb2df5 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py @@ -19,7 +19,6 @@ import CsHelper from CsFile import CsFile from CsProcess import CsProcess -import CsHelper class CsApp: diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py index e3b900912fd..fba0fd6abf5 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py @@ -18,7 +18,6 @@ from CsDatabag import CsCmdLine from CsAddress import CsAddress -import logging class CsConfig(object): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py index 9ccb768d14c..adb9a1aae74 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py @@ -136,8 +136,8 @@ def get_router_password(self): This is slightly difficult to happen, but if it does, destroy the router with the password generated with the code below and restart the VPC with out the clean up option. ''' - if(self.get_type()=='router'): - passwd="%s-%s" % (self.get_eth2_ip(), self.get_router_id()) + if self.get_type() == 'router': + passwd = "%s-%s" % (self.get_eth2_ip(), self.get_router_id()) else: passwd = "%s-%s" % (self.get_vpccidr(), self.get_router_id()) md5 = hashlib.md5() diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py index 23b74995364..932003f6754 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py @@ -16,7 +16,7 @@ # under the License. import CsHelper import logging -from netaddr import * +from netaddr import IPAddress from random import randint from CsGuestNetwork import CsGuestNetwork from cs.CsDatabag import CsDataBag @@ -134,13 +134,13 @@ def add(self, entry): # with a splay of 60 hours to prevent storms lease = randint(700, 760) - if entry['default_entry'] == True: + if entry['default_entry'] is True: self.cloud.add("%s,%s,%s,%sh" % (entry['mac_address'], entry['ipv4_adress'], entry['host_name'], lease)) else: - tag = entry['ipv4_adress'].replace(".","_") + tag = entry['ipv4_adress'].replace(".", "_") self.cloud.add("%s,set:%s,%s,%s,%sh" % (entry['mac_address'], tag, entry['ipv4_adress'], @@ -158,6 +158,5 @@ def add(self, entry): # Virtual Router v['gateway'] = entry['default_gateway'] - def add_host(self, ip, hosts): self.hosts[ip] = hosts diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsFile.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsFile.py index 334e6314bbe..65d2967db50 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsFile.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsFile.py @@ -17,7 +17,6 @@ # under the License. import logging import re -import copy class CsFile: @@ -67,7 +66,6 @@ def commit(self): self.config = list(self.new_config) logging.info("Updated file in-cache configuration") - def dump(self): for line in self.new_config: print line @@ -134,13 +132,12 @@ def search(self, search, replace): return True return False - def searchString(self, search, ignoreLinesStartWith): found = False logging.debug("Searching for %s string " % search) for index, line in enumerate(self.new_config): - print ' line = ' +line + print ' line = ' + line if line.lstrip().startswith(ignoreLinesStartWith): continue if search in line: @@ -149,9 +146,7 @@ def searchString(self, search, ignoreLinesStartWith): return found - def deleteLine(self, search): - found = False logging.debug("Searching for %s to remove the line " % search) temp_config = [] for index, line in enumerate(self.new_config): @@ -162,7 +157,6 @@ def deleteLine(self, search): self.new_config = list(temp_config) - def compare(self, o): result = (isinstance(o, self.__class__) and set(self.config) == set(o.config)) logging.debug("Comparison of CsFiles content is ==> %s" % result) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py index d23a870af69..61643d98228 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py @@ -15,7 +15,6 @@ # specific language governing permissions and limitations # under the License. from merge import DataBag -import CsHelper class CsGuestNetwork: diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py index 1d6baff99e3..6e271c3eb2a 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py @@ -24,13 +24,16 @@ import os.path import re import shutil -from netaddr import * -from pprint import pprint +import sys +from netaddr import IPNetwork -PUBLIC_INTERFACES = {"router" : "eth2", "vpcrouter" : "eth1"} +PUBLIC_INTERFACES = {"router": "eth2", "vpcrouter": "eth1"} + +STATE_COMMANDS = { + "router": "ip addr | grep eth0 | grep inet | wc -l | xargs bash -c 'if [ $0 == 2 ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'", + "vpcrouter": "ip addr | grep eth1 | grep state | awk '{print $9;}' | xargs bash -c 'if [ $0 == \"UP\" ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'" +} -STATE_COMMANDS = {"router" : "ip addr | grep eth0 | grep inet | wc -l | xargs bash -c 'if [ $0 == 2 ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'", - "vpcrouter" : "ip addr | grep eth1 | grep state | awk '{print $9;}' | xargs bash -c 'if [ $0 == \"UP\" ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'"} def reconfigure_interfaces(router_config, interfaces): for interface in interfaces: @@ -52,6 +55,7 @@ def reconfigure_interfaces(router_config, interfaces): else: execute(cmd) + def is_mounted(name): for i in execute("mount"): vals = i.lstrip().split() @@ -239,6 +243,7 @@ def copy_if_needed(src, dest): return copy(src, dest) + def copy(src, dest): """ copy source to destination. diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py index d8f39dcd24a..475c3868991 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py @@ -15,8 +15,6 @@ # specific language governing permissions and limitations # under the License. import logging -import os.path -import re from cs.CsDatabag import CsDataBag from CsProcess import CsProcess from CsFile import CsFile diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py index 6b194238b1a..61fa982a7cb 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py @@ -14,7 +14,6 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. -import logging from cs.CsDatabag import CsDataBag from CsFile import CsFile diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py index 3ee5174459c..ed03e7f041d 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py @@ -16,8 +16,7 @@ # specific language governing permissions and limitations # under the License. import CsHelper -from pprint import pprint -from CsDatabag import CsDataBag, CsCmdLine +from CsDatabag import CsCmdLine import logging @@ -144,7 +143,7 @@ def compare(self, list): # PASS 2: Create rules for fw in list: tupledFw = tuple(fw) - if tupledFw in ruleSet : + if tupledFw in ruleSet: logging.debug("Already processed : %s", tupledFw) continue diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py index 6155f3031d1..a500292b188 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py @@ -42,7 +42,7 @@ def find_pid(self): self.pid = [] for i in CsHelper.execute("ps aux"): items = len(self.search) - proc = re.split("\s+", i)[items*-1:] + proc = re.split("\s+", i)[items * -1:] matches = len([m for m in proc if m in self.search]) if matches == items: self.pid.append(re.split("\s+", i)[1]) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py index f8d2bc25665..c463714596a 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py @@ -42,6 +42,7 @@ import socket from time import sleep + class CsRedundant(object): CS_RAMDISK_DIR = "/ramdisk" @@ -103,7 +104,7 @@ def _redundant_on(self): if devUp: logging.info("Device %s is present, let's start keepalive now." % dev) isDeviceReady = True - + if not isDeviceReady: logging.info("Guest network not configured yet, let's stop router redundancy for now.") CsHelper.service("conntrackd", "stop") @@ -150,18 +151,19 @@ def _redundant_on(self): # conntrackd configuration conntrackd_template_conf = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ") conntrackd_temp_bkp = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ.bkp") - + CsHelper.copy(conntrackd_template_conf, conntrackd_temp_bkp) conntrackd_tmpl = CsFile(conntrackd_template_conf) conntrackd_tmpl.section("Multicast {", "}", [ - "IPv4_address 225.0.0.50\n", - "Group 3780\n", - "IPv4_interface %s\n" % guest.get_ip(), - "Interface %s\n" % guest.get_device(), - "SndSocketBuffer 1249280\n", - "RcvSocketBuffer 1249280\n", - "Checksum on\n"]) + "IPv4_address 225.0.0.50\n", + "Group 3780\n", + "IPv4_interface %s\n" % guest.get_ip(), + "Interface %s\n" % guest.get_device(), + "SndSocketBuffer 1249280\n", + "RcvSocketBuffer 1249280\n", + "Checksum on\n" + ]) conntrackd_tmpl.section("Address Ignore {", "}", self._collect_ignore_ips()) conntrackd_tmpl.commit() @@ -371,10 +373,10 @@ def _collect_ips(self): lines = [] for interface in self.address.get_interfaces(): if interface.needs_vrrp(): - cmdline=self.config.get_cmdline_instance() + cmdline = self.config.get_cmdline_instance() if not interface.is_added(): continue - if(cmdline.get_type()=='router'): + if cmdline.get_type() == 'router': str = " %s brd %s dev %s\n" % (cmdline.get_guest_gw(), interface.get_broadcast(), interface.get_device()) else: str = " %s brd %s dev %s\n" % (interface.get_gateway_cidr(), interface.get_broadcast(), interface.get_device()) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py index 927c2ae0d74..700ce9b1550 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py @@ -37,11 +37,11 @@ def add_table(self, devicename): logging.info( "Adding route table: " + str + " to " + filename + " if not present ") if not CsHelper.definedinfile(filename, str): - CsHelper.execute("sudo echo " + str + " >> /etc/iproute2/rt_tables") + CsHelper.execute("sudo echo " + str + " >> /etc/iproute2/rt_tables") # remove "from all table tablename" if exists, else it will interfer with # routing of unintended traffic if self.findRule("from all lookup " + tablename): - CsHelper.execute("sudo ip rule delete from all table " + tablename) + CsHelper.execute("sudo ip rule delete from all table " + tablename) def flush_table(self, tablename): CsHelper.execute("ip route flush table %s" % (tablename)) @@ -115,4 +115,4 @@ def findRule(self, rule): for i in CsHelper.execute("ip rule show"): if rule in i.strip(): return True - return False \ No newline at end of file + return False diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRule.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRule.py index 9c48768b35a..85953fe6561 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRule.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRule.py @@ -49,7 +49,7 @@ def addMark(self): logging.info("Added fwmark rule for %s" % (self.table)) def delMark(self): - if self.findMark(): + if self.findMark(): cmd = "ip rule delete fwmark %s table %s" % (self.tableNo, self.table) CsHelper.execute(cmd) logging.info("Deleting fwmark rule for %s" % (self.table)) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py index 57b259aabc4..d00d068a6ee 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py @@ -18,7 +18,8 @@ # under the License. from CsDatabag import CsDataBag -from CsRedundant import * +import logging +import CsHelper class CsStaticRoutes(CsDataBag): @@ -39,4 +40,4 @@ def __update(self, route): result = CsHelper.execute(command) if not result: route_command = "ip route add %s via %s" % (route['network'], route['gateway']) - CsHelper.execute(route_command) \ No newline at end of file + CsHelper.execute(route_command) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_cmdline.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_cmdline.py index bbe76c693b4..4315dde2e33 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_cmdline.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_cmdline.py @@ -15,8 +15,6 @@ # specific language governing permissions and limitations # under the License. -from pprint import pprint - def merge(dbag, cmdline): if 'redundant_router' in cmdline['cmd_line']: diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_dhcp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_dhcp.py index d9f30e5ab49..ac4a59c1565 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_dhcp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_dhcp.py @@ -15,9 +15,6 @@ # specific language governing permissions and limitations # under the License. -from pprint import pprint -from netaddr import * - def merge(dbag, data): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_firewallrules.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_firewallrules.py index c0ccedd96db..78b6b899d94 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_firewallrules.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_firewallrules.py @@ -14,8 +14,6 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. - -from pprint import pprint import copy diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_forwardingrules.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_forwardingrules.py index e30c012f10d..974c468e8dc 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_forwardingrules.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_forwardingrules.py @@ -15,8 +15,6 @@ # specific language governing permissions and limitations # under the License. -from pprint import pprint - def merge(dbag, rules): for rule in rules["rules"]: diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_guestnetwork.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_guestnetwork.py index 31c07960c20..599a3ea375b 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_guestnetwork.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_guestnetwork.py @@ -15,8 +15,6 @@ # specific language governing permissions and limitations # under the License. -from pprint import pprint - keys = ['eth1', 'eth2', 'eth3', 'eth4', 'eth5', 'eth6', 'eth7', 'eth8', 'eth9'] @@ -29,7 +27,7 @@ def merge(dbag, gn): device_to_die = dbag[device][0] try: dbag[device].remove(device_to_die) - except ValueError, e: + except ValueError: print "[WARN] cs_guestnetwork.py :: Error occurred removing item from databag. => %s" % device_to_die del(dbag[device]) else: diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_ip.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_ip.py index f83bf298c4d..61204af567a 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_ip.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_ip.py @@ -15,8 +15,8 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. +from netaddr import IPNetwork -from netaddr import * def merge(dbag, ip): nic_dev_id = None @@ -31,7 +31,7 @@ def merge(dbag, ip): ipo = IPNetwork(ip['public_ip'] + '/' + ip['netmask']) if 'nic_dev_id' in ip: - nic_dev_id = ip['nic_dev_id'] + nic_dev_id = ip['nic_dev_id'] ip['device'] = 'eth' + str(nic_dev_id) ip['broadcast'] = str(ipo.broadcast) ip['cidr'] = str(ipo.ip) + '/' + str(ipo.prefixlen) @@ -45,7 +45,7 @@ def merge(dbag, ip): dbag[ip['device']] = [ip] else: if 'source_nat' in ip and ip['source_nat'] and ip['device'] in dbag and len(dbag[ip['device']]) > 0: - dbag[ip['device']].insert(0, ip) # make sure the source_nat ip is first (primary) on the device + dbag[ip['device']].insert(0, ip) # make sure the source_nat ip is first (primary) on the device else: dbag.setdefault(ip['device'], []).append(ip) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_loadbalancer.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_loadbalancer.py index 14b2732caa4..3702ee5495e 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_loadbalancer.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_loadbalancer.py @@ -15,9 +15,6 @@ # specific language governing permissions and limitations # under the License. -from pprint import pprint -import copy - def merge(dbag, data): """ Simply overwrite the existsing bag as, the whole configuration is sent every time """ diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py index c8b63265c85..4566450dc5b 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py @@ -15,12 +15,8 @@ # specific language governing permissions and limitations # under the License. -from pprint import pprint -from netaddr import * - def merge(dbag, data): - if "config" in data: dbag['config'] = data["config"] return dbag diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_network_acl.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_network_acl.py index 46219beb6b4..7b24e8bc3b3 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_network_acl.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_network_acl.py @@ -15,9 +15,6 @@ # specific language governing permissions and limitations # under the License. -from pprint import pprint -from netaddr import * - def merge(dbag, data): dbag[data['device']] = data diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_remoteaccessvpn.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_remoteaccessvpn.py index 4ae79c172f9..dff05bd2814 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_remoteaccessvpn.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_remoteaccessvpn.py @@ -15,7 +15,6 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. -from pprint import pprint def merge(dbag, vpn): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_site2sitevpn.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_site2sitevpn.py index 972c09a23d7..3fa8414a7ab 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_site2sitevpn.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_site2sitevpn.py @@ -15,7 +15,6 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. -from pprint import pprint def merge(dbag, vpn): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_staticroutes.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_staticroutes.py index 209eefe41fc..16c3b81df70 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_staticroutes.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_staticroutes.py @@ -15,7 +15,6 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. -from pprint import pprint def merge(dbag, staticroutes): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_vmdata.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_vmdata.py index 4150221e774..d171e549c24 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_vmdata.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_vmdata.py @@ -15,8 +15,6 @@ # specific language governing permissions and limitations # under the License. -from pprint import pprint - def merge(dbag, metadata): dbag[metadata["vm_ip_address"]] = metadata["vm_metadata"] diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py index 3a8e06ed719..4d0f9db7f8a 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py @@ -15,9 +15,6 @@ # specific language governing permissions and limitations # under the License. -from pprint import pprint -from netaddr import * - def merge(dbag, data): """ diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_vpnusers.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_vpnusers.py index 316fabc07d3..960e8472b4f 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_vpnusers.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_vpnusers.py @@ -15,8 +15,6 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. -from pprint import pprint - import copy @@ -38,8 +36,8 @@ def merge(dbag, data): del(dbagc[user]) for user in data['vpn_users']: - username=user['user'] - add=user['add'] + username = user['user'] + add = user['add'] if username not in dbagc.keys(): dbagc[username] = user elif username in dbagc.keys() and not add: diff --git a/systemvm/patches/debian/config/opt/cloud/bin/line_edit.py b/systemvm/patches/debian/config/opt/cloud/bin/line_edit.py index 5918883ea96..ee6d818431e 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/line_edit.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/line_edit.py @@ -193,6 +193,7 @@ def commit(self): os.unlink(changed_filename) return changes + if __name__ == "__main__": logging.basicConfig(level=logging.DEBUG) import doctest diff --git a/systemvm/patches/debian/config/opt/cloud/bin/master.py b/systemvm/patches/debian/config/opt/cloud/bin/master.py index 3d1dcd7ef9a..bf782403eb6 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/master.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/master.py @@ -19,7 +19,6 @@ from cs.CsRedundant import CsRedundant from cs.CsDatabag import CsCmdLine -from cs.CsAddress import CsAddress from cs.CsConfig import CsConfig import logging from optparse import OptionParser @@ -42,7 +41,7 @@ format=config.get_format()) config.cmdline() cl = CsCmdLine("cmdline", config) -#Update the configuration to set state as backup and let keepalived decide who the real Master is! +# Update the configuration to set state as backup and let keepalived decide who the real Master is! cl.set_master_state(False) cl.save() diff --git a/systemvm/patches/debian/config/opt/cloud/bin/merge.py b/systemvm/patches/debian/config/opt/cloud/bin/merge.py index 50d9ee9aae8..646f48b8ed7 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/merge.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/merge.py @@ -36,8 +36,6 @@ import cs_vpnusers import cs_staticroutes -from pprint import pprint - class DataBag: @@ -57,7 +55,7 @@ def load(self): logging.debug("Creating data bag type %s", self.key) data.update({"id": self.key}) else: - logging.debug("Loading data bag type %s", self.key) + logging.debug("Loading data bag type %s", self.key) data = json.load(handle) handle.close() self.dbag = data @@ -270,6 +268,7 @@ def process_ipaliases(self, dbag): dbag = cs_ip.merge(dbag, ip) return dbag + class QueueFile: fileName = '' @@ -281,7 +280,7 @@ def load(self, data): if data is not None: self.data = data self.type = self.data["type"] - proc = updateDataBag(self) + updateDataBag(self) return fn = self.configCache + '/' + self.fileName try: @@ -296,7 +295,7 @@ def load(self, data): self.__moveFile(fn, self.configCache + "/processed") else: os.remove(fn) - proc = updateDataBag(self) + updateDataBag(self) def setFile(self, name): self.fileName = name @@ -319,7 +318,6 @@ def __moveFile(self, origPath, path): class PrivateGatewayHack: - @classmethod def update_network_type_for_privategateway(cls, dbag, data): ip = data['router_guest_ip'] if 'router_guest_ip' in data.keys() else data['public_ip'] @@ -332,15 +330,16 @@ def update_network_type_for_privategateway(cls, dbag, data): data['nw_type'] = "public" logging.debug("Updating nw_type for ip %s" % ip) else: - logging.debug("Not updating nw_type for ip %s because has_private_gw_ip = %s and private_gw_matches = %s " % (ip, has_private_gw_ip, private_gw_matches)) + logging.debug( + "Not updating nw_type for ip %s because has_private_gw_ip = %s and private_gw_matches = %s " % + (ip, has_private_gw_ip, private_gw_matches) + ) return data - @classmethod def if_config_has_privategateway(cls, dbag): return 'privategateway' in dbag['config'].keys() and dbag['config']['privategateway'] != "None" - @classmethod def ip_matches_private_gateway_ip(cls, ip, private_gateway_ip): new_ip_matches_private_gateway_ip = False @@ -348,7 +347,6 @@ def ip_matches_private_gateway_ip(cls, ip, private_gateway_ip): new_ip_matches_private_gateway_ip = True return new_ip_matches_private_gateway_ip - @classmethod def load_inital_data(cls): initial_data_bag = DataBag() diff --git a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip.py b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip.py index fc84910a117..788e156b82f 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip.py @@ -31,10 +31,9 @@ import sys import syslog import threading -import urlparse -from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer -from SocketServer import ThreadingMixIn #, ForkingMixIn +from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer +from SocketServer import ThreadingMixIn # ForkingMixIn passMap = {} @@ -42,12 +41,15 @@ listeningAddress = '127.0.0.1' lock = threading.RLock() + def getTokenFile(): return '/tmp/passwdsrvrtoken' + def getPasswordFile(): return '/var/cache/cloud/passwords-%s' % listeningAddress + def initToken(): global secureToken if os.path.exists(getTokenFile()): @@ -58,19 +60,23 @@ def initToken(): with open(getTokenFile(), 'w') as f: f.write(secureToken) + def checkToken(token): return token == secureToken + def loadPasswordFile(): try: with file(getPasswordFile()) as f: for line in f: - if '=' not in line: continue + if '=' not in line: + continue key, value = line.strip().split('=', 1) passMap[key] = value except IOError: pass + def savePasswordFile(): with lock: try: @@ -81,15 +87,18 @@ def savePasswordFile(): except IOError, e: syslog.syslog('serve_password: Unable to save to password file %s' % e) + def getPassword(ip): return passMap.get(ip, None) + def setPassword(ip, password): if not ip or not password: return with lock: passMap[ip] = password + def removePassword(ip): with lock: if ip in passMap: @@ -101,8 +110,10 @@ class ThreadedHTTPServer(ThreadingMixIn, HTTPServer): class PasswordRequestHandler(BaseHTTPRequestHandler): + server_version = 'CloudStack Password Server' sys_version = '4.x' + def do_GET(self): self.send_response(200) self.send_header('Content-type', 'text/plain') @@ -131,11 +142,12 @@ def do_GET(self): def do_POST(self): form = cgi.FieldStorage( - fp=self.rfile, - headers=self.headers, - environ={'REQUEST_METHOD':'POST', - 'CONTENT_TYPE':self.headers['Content-Type'], - }) + fp=self.rfile, + headers=self.headers, + environ={ + 'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': self.headers['Content-Type'], + }) self.send_response(200) self.end_headers() clientAddress = self.client_address[0] @@ -166,8 +178,8 @@ def log_message(self, format, *args): return -def serve(HandlerClass = PasswordRequestHandler, - ServerClass = ThreadedHTTPServer): +def serve(HandlerClass=PasswordRequestHandler, + ServerClass=ThreadedHTTPServer): global listeningAddress if len(sys.argv) > 1: diff --git a/systemvm/patches/debian/config/opt/cloud/bin/update_config.py b/systemvm/patches/debian/config/opt/cloud/bin/update_config.py index dddd0c8e3c0..3afe11dbf44 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/update_config.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/update_config.py @@ -19,8 +19,6 @@ import sys from merge import QueueFile import logging -import subprocess -from subprocess import PIPE, STDOUT import os import os.path import configure @@ -57,7 +55,6 @@ def process_file(): def is_guestnet_configured(guestnet_dict, keys): existing_keys = [] - new_eth_key = None for k1, v1 in guestnet_dict.iteritems(): if k1 in keys and len(v1) > 0: @@ -109,6 +106,7 @@ def is_guestnet_configured(guestnet_dict, keys): return exists + if not (os.path.isfile(jsonCmdConfigPath) and os.access(jsonCmdConfigPath, os.R_OK)): print "[ERROR] update_config.py :: You are telling me to process %s, but i can't access it" % jsonCmdConfigPath sys.exit(1) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vmdata.py b/systemvm/patches/debian/config/opt/cloud/bin/vmdata.py index b9127a1b998..f5a3ac1dbf1 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/vmdata.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/vmdata.py @@ -130,7 +130,7 @@ def createfile(ip, folder, file, data): def htaccess(ip, folder, file): entry = "Options -Indexes\nOrder Deny,Allow\nDeny from all\nAllow from " + ip htaccessFolder = "/var/www/html/" + folder + "/" + ip - htaccessFile = htaccessFolder+"/.htaccess" + htaccessFile = htaccessFolder + "/.htaccess" try: os.makedirs(htaccessFolder, 0755) @@ -159,10 +159,11 @@ def exflock(file): def unflock(file): try: flock(file, LOCK_UN) - except IOError: + except IOError as e: print "failed to unlock file" + file.name + " due to : " + e.strerror sys.exit(1) return True + if __name__ == "__main__": main(sys.argv[1:]) ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
