Exit Firewall Agent if config is invalid

When fwaas config file is not provided to the agent,
but the service is enabled in neutron.conf file the
agent should exit with an error message and should
not proceed further. This patch adds the necessary fix.

Change-Id: Iaced777e3a34e9405050252b17a203689e1c1fc0
Closes-Bug: #1310857

diff --git a/neutron/agent/l3_agent.py b/neutron/agent/l3_agent.py
index cf66df7b1b7e401493d1c0b35a8b7930652c30c5..5c2a4070e4e8816cee608fd6e3056efdc323d76b 100644 (file)
--- a/neutron/agent/l3_agent.py
+++ b/neutron/agent/l3_agent.py
@@ -82,6 +82,7 @@ class L3PluginApi(n_rpc.RpcProxy):
               - get_ports_by_subnet
               - get_agent_gateway_port
               Needed by the agent when operating in DVR/DVR_SNAT mode
+        1.3 - Get the list of activated services
 
     """
 
@@ -136,6 +137,13 @@ class L3PluginApi(n_rpc.RpcProxy):
                          topic=self.topic,
                          version='1.2')
 
+    def get_service_plugin_list(self, context):
+        """Make a call to get the list of activated services."""
+        return self.call(context,
+                         self.make_msg('get_service_plugin_list'),
+                         topic=self.topic,
+                         version='1.3')
+
 
 class RouterInfo(object):
 
@@ -420,6 +428,9 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
         self.removed_routers = set()
         self.sync_progress = False
 
+        # Get the list of service plugins from Neutron Server
+        self.neutron_service_plugins = (
+            self.plugin_rpc.get_service_plugin_list(self.context))
         self._clean_stale_namespaces = self.conf.use_namespaces
 
         # dvr data

diff --git a/neutron/db/l3_rpc_base.py b/neutron/db/l3_rpc_base.py
index d0d8287f15a53853b492c19bb991d08d97930c4e..209c7b4587fa4c71abf8c131b23f284de0f4b17d 100644 (file)
--- a/neutron/db/l3_rpc_base.py
+++ b/neutron/db/l3_rpc_base.py
@@ -124,6 +124,10 @@ class L3RpcCallbackMixin(object):
                   net_id)
         return net_id
 
+    def get_service_plugin_list(self, context, **kwargs):
+        plugins = manager.NeutronManager.get_service_plugins()
+        return plugins.keys()
+
     def update_floatingip_statuses(self, context, router_id, fip_statuses):
         """Update operational status for a floating IP."""
         l3_plugin = manager.NeutronManager.get_service_plugins()[

diff --git a/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py b/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py
index fbe8c132a5c4c915b50004aa894d4297d73acb16..15b2423882c88f63da961a8edadafd04442fad7e 100644 (file)
--- a/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py
+++ b/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py
@@ -64,7 +64,16 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
         LOG.debug(_("Initializing firewall agent"))
         self.conf = conf
         fwaas_driver_class_path = cfg.CONF.fwaas.driver
-        self.fwaas_enabled = cfg.CONF.fwaas.enabled
+        fwaas_enabled = cfg.CONF.fwaas.enabled
+        fwaas_plugin_configured = (constants.FIREWALL
+                                   in self.neutron_service_plugins)
+        if fwaas_plugin_configured and not fwaas_enabled:
+            msg = _("FWaaS plugin is configured in the server side, but "
+                    "FWaaS is disabled in L3-agent.")
+            LOG.error(msg)
+            raise SystemExit(1)
+
+        self.fwaas_enabled = fwaas_enabled and fwaas_plugin_configured
         if self.fwaas_enabled:
             try:
                 self.fwaas_driver = importutils.import_object(

diff --git a/neutron/services/l3_router/l3_router_plugin.py b/neutron/services/l3_router/l3_router_plugin.py
index 61614d684a06d1f8445575effabafc6fb1c15354..0faa54e4e2e1cb039c345b3b3aa71abc9f6a07fc 100644 (file)
--- a/neutron/services/l3_router/l3_router_plugin.py
+++ b/neutron/services/l3_router/l3_router_plugin.py
@@ -36,9 +36,10 @@ from neutron.plugins.common import constants
 class L3RouterPluginRpcCallbacks(n_rpc.RpcCallback,
                                  l3_rpc_base.L3RpcCallbackMixin):
 
-    RPC_API_VERSION = '1.2'
+    RPC_API_VERSION = '1.3'
     # history
     #   1.2 Added methods for DVR support
+    #   1.3 Added a method that returns the list of activated services
 
 
 class L3RouterPlugin(common_db_mixin.CommonDbMixin,

diff --git a/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py b/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py
index 0edc64647db7bfc955f1edd23b41f80c546742b5..8bb43582917b1f19db4823bbcfccef5035c8eb0a 100644 (file)
--- a/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py
+++ b/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py
@@ -39,10 +39,18 @@ class FWaasHelper(object):
 
 
 class FWaasAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, FWaasHelper):
+    neutron_service_plugins = []
+
     def __init__(self, conf=None):
         super(FWaasAgent, self).__init__(conf)
 
 
+class FWaasTestAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, FWaasHelper):
+    def __init__(self, conf=None):
+        self.neutron_service_plugins = [constants.FIREWALL]
+        super(FWaasTestAgent, self).__init__(conf)
+
+
 class TestFwaasL3AgentRpcCallback(base.BaseTestCase):
     def setUp(self):
         super(TestFwaasL3AgentRpcCallback, self).setUp()
@@ -56,6 +64,10 @@ class TestFwaasL3AgentRpcCallback(base.BaseTestCase):
         self.api = FWaasAgent(self.conf)
         self.api.fwaas_driver = test_firewall_agent_api.NoopFwaasDriver()
 
+    def test_missing_fw_config(self):
+        self.conf.fwaas_enabled = False
+        self.assertRaises(SystemExit, FWaasTestAgent, self.conf)
+
     def test_create_firewall(self):
         fake_firewall = {'id': 0}
         with mock.patch.object(

diff --git a/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py b/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py
index d778321189c352182897e70cd3945599e58e4e04..735bcd118bd870971b6d891abcb76f91c86b53e3 100644 (file)
--- a/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py
+++ b/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py
@@ -74,6 +74,8 @@ class TestVarmourRouter(base.BaseTestCase):
         self.mock_ip = mock.MagicMock()
         ip_cls.return_value = self.mock_ip
 
+        mock.patch('neutron.agent.l3_agent.L3PluginApi').start()
+
         self.looping_call_p = mock.patch(
             'neutron.openstack.common.loopingcall.FixedIntervalLoopingCall')
         self.looping_call_p.start()

diff --git a/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py b/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py
index 46ced61637cdd561375fbf3b11cfd320b0b282ca..2cdfff34a3ef9aa0dd2315ae6e724223ee444067 100644 (file)
--- a/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py
+++ b/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py
@@ -75,6 +75,8 @@ class TestBasicRouterOperations(base.BaseTestCase):
         self.mock_ip = mock.MagicMock()
         ip_cls.return_value = self.mock_ip
 
+        mock.patch('neutron.agent.l3_agent.L3PluginApi').start()
+
         self.looping_call_p = mock.patch(
             'neutron.openstack.common.loopingcall.FixedIntervalLoopingCall')
         self.looping_call_p.start()

diff --git a/neutron/tests/unit/services/vpn/test_vpn_agent.py b/neutron/tests/unit/services/vpn/test_vpn_agent.py
index b998c948d328081ff5e7122a205fb0ab596d6ad1..0371cb26d4f330a2380c3040fa9d2e1c65d8b29e 100644 (file)
--- a/neutron/tests/unit/services/vpn/test_vpn_agent.py
+++ b/neutron/tests/unit/services/vpn/test_vpn_agent.py
@@ -71,7 +71,7 @@ class TestVPNAgent(base.BaseTestCase):
 
         l3pluginApi_cls = mock.patch(
             'neutron.agent.l3_agent.L3PluginApi').start()
-        self.plugin_api = mock.Mock()
+        self.plugin_api = mock.MagicMock()
         l3pluginApi_cls.return_value = self.plugin_api
 
         looping_call_p = mock.patch(

diff --git a/neutron/tests/unit/test_l3_agent.py b/neutron/tests/unit/test_l3_agent.py
index 3a8b87da2c2d5762a27cdbe1e67374c6e455ad9e..2905b9118595fa57f8ed8d27b813513c81a51a0e 100644 (file)
--- a/neutron/tests/unit/test_l3_agent.py
+++ b/neutron/tests/unit/test_l3_agent.py
@@ -247,7 +247,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
         self.l3pluginApi_cls_p = mock.patch(
             'neutron.agent.l3_agent.L3PluginApi')
         l3pluginApi_cls = self.l3pluginApi_cls_p.start()
-        self.plugin_api = mock.Mock()
+        self.plugin_api = mock.MagicMock()
         l3pluginApi_cls.return_value = self.plugin_api
 
         self.looping_call_p = mock.patch(
@@ -1864,7 +1864,7 @@ class TestL3AgentEventHandler(base.BaseTestCase):
         l3_plugin_p = mock.patch(
             'neutron.agent.l3_agent.L3PluginApi')
         l3_plugin_cls = l3_plugin_p.start()
-        l3_plugin_cls.return_value = mock.Mock()
+        l3_plugin_cls.return_value = mock.MagicMock()
 
         self.external_process_p = mock.patch(
             'neutron.agent.linux.external_process.ProcessManager'