From: sridhargaddam Date: Sun, 27 Apr 2014 00:55:28 +0000 (+0530) Subject: Exit Firewall Agent if config is invalid X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=d6f014d;p=openstack-build%2Fneutron-build.git Exit Firewall Agent if config is invalid When fwaas config file is not provided to the agent, but the service is enabled in neutron.conf file the agent should exit with an error message and should not proceed further. This patch adds the necessary fix. Change-Id: Iaced777e3a34e9405050252b17a203689e1c1fc0 Closes-Bug: #1310857 --- diff --git a/neutron/agent/l3_agent.py b/neutron/agent/l3_agent.py index cf66df7b1..5c2a4070e 100644 --- a/neutron/agent/l3_agent.py +++ b/neutron/agent/l3_agent.py @@ -82,6 +82,7 @@ class L3PluginApi(n_rpc.RpcProxy): - get_ports_by_subnet - get_agent_gateway_port Needed by the agent when operating in DVR/DVR_SNAT mode + 1.3 - Get the list of activated services """ @@ -136,6 +137,13 @@ class L3PluginApi(n_rpc.RpcProxy): topic=self.topic, version='1.2') + def get_service_plugin_list(self, context): + """Make a call to get the list of activated services.""" + return self.call(context, + self.make_msg('get_service_plugin_list'), + topic=self.topic, + version='1.3') + class RouterInfo(object): @@ -420,6 +428,9 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager): self.removed_routers = set() self.sync_progress = False + # Get the list of service plugins from Neutron Server + self.neutron_service_plugins = ( + self.plugin_rpc.get_service_plugin_list(self.context)) self._clean_stale_namespaces = self.conf.use_namespaces # dvr data diff --git a/neutron/db/l3_rpc_base.py b/neutron/db/l3_rpc_base.py index d0d8287f1..209c7b458 100644 --- a/neutron/db/l3_rpc_base.py +++ b/neutron/db/l3_rpc_base.py @@ -124,6 +124,10 @@ class L3RpcCallbackMixin(object): net_id) return net_id + def get_service_plugin_list(self, context, **kwargs): + plugins = manager.NeutronManager.get_service_plugins() + return plugins.keys() + def update_floatingip_statuses(self, context, router_id, fip_statuses): """Update operational status for a floating IP.""" l3_plugin = manager.NeutronManager.get_service_plugins()[ diff --git a/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py b/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py index fbe8c132a..15b242388 100644 --- a/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py +++ b/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py @@ -64,7 +64,16 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin): LOG.debug(_("Initializing firewall agent")) self.conf = conf fwaas_driver_class_path = cfg.CONF.fwaas.driver - self.fwaas_enabled = cfg.CONF.fwaas.enabled + fwaas_enabled = cfg.CONF.fwaas.enabled + fwaas_plugin_configured = (constants.FIREWALL + in self.neutron_service_plugins) + if fwaas_plugin_configured and not fwaas_enabled: + msg = _("FWaaS plugin is configured in the server side, but " + "FWaaS is disabled in L3-agent.") + LOG.error(msg) + raise SystemExit(1) + + self.fwaas_enabled = fwaas_enabled and fwaas_plugin_configured if self.fwaas_enabled: try: self.fwaas_driver = importutils.import_object( diff --git a/neutron/services/l3_router/l3_router_plugin.py b/neutron/services/l3_router/l3_router_plugin.py index 61614d684..0faa54e4e 100644 --- a/neutron/services/l3_router/l3_router_plugin.py +++ b/neutron/services/l3_router/l3_router_plugin.py @@ -36,9 +36,10 @@ from neutron.plugins.common import constants class L3RouterPluginRpcCallbacks(n_rpc.RpcCallback, l3_rpc_base.L3RpcCallbackMixin): - RPC_API_VERSION = '1.2' + RPC_API_VERSION = '1.3' # history # 1.2 Added methods for DVR support + # 1.3 Added a method that returns the list of activated services class L3RouterPlugin(common_db_mixin.CommonDbMixin, diff --git a/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py b/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py index 0edc64647..8bb435829 100644 --- a/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py +++ b/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py @@ -39,10 +39,18 @@ class FWaasHelper(object): class FWaasAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, FWaasHelper): + neutron_service_plugins = [] + def __init__(self, conf=None): super(FWaasAgent, self).__init__(conf) +class FWaasTestAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, FWaasHelper): + def __init__(self, conf=None): + self.neutron_service_plugins = [constants.FIREWALL] + super(FWaasTestAgent, self).__init__(conf) + + class TestFwaasL3AgentRpcCallback(base.BaseTestCase): def setUp(self): super(TestFwaasL3AgentRpcCallback, self).setUp() @@ -56,6 +64,10 @@ class TestFwaasL3AgentRpcCallback(base.BaseTestCase): self.api = FWaasAgent(self.conf) self.api.fwaas_driver = test_firewall_agent_api.NoopFwaasDriver() + def test_missing_fw_config(self): + self.conf.fwaas_enabled = False + self.assertRaises(SystemExit, FWaasTestAgent, self.conf) + def test_create_firewall(self): fake_firewall = {'id': 0} with mock.patch.object( diff --git a/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py b/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py index d77832118..735bcd118 100644 --- a/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py +++ b/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py @@ -74,6 +74,8 @@ class TestVarmourRouter(base.BaseTestCase): self.mock_ip = mock.MagicMock() ip_cls.return_value = self.mock_ip + mock.patch('neutron.agent.l3_agent.L3PluginApi').start() + self.looping_call_p = mock.patch( 'neutron.openstack.common.loopingcall.FixedIntervalLoopingCall') self.looping_call_p.start() diff --git a/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py b/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py index 46ced6163..2cdfff34a 100644 --- a/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py +++ b/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py @@ -75,6 +75,8 @@ class TestBasicRouterOperations(base.BaseTestCase): self.mock_ip = mock.MagicMock() ip_cls.return_value = self.mock_ip + mock.patch('neutron.agent.l3_agent.L3PluginApi').start() + self.looping_call_p = mock.patch( 'neutron.openstack.common.loopingcall.FixedIntervalLoopingCall') self.looping_call_p.start() diff --git a/neutron/tests/unit/services/vpn/test_vpn_agent.py b/neutron/tests/unit/services/vpn/test_vpn_agent.py index b998c948d..0371cb26d 100644 --- a/neutron/tests/unit/services/vpn/test_vpn_agent.py +++ b/neutron/tests/unit/services/vpn/test_vpn_agent.py @@ -71,7 +71,7 @@ class TestVPNAgent(base.BaseTestCase): l3pluginApi_cls = mock.patch( 'neutron.agent.l3_agent.L3PluginApi').start() - self.plugin_api = mock.Mock() + self.plugin_api = mock.MagicMock() l3pluginApi_cls.return_value = self.plugin_api looping_call_p = mock.patch( diff --git a/neutron/tests/unit/test_l3_agent.py b/neutron/tests/unit/test_l3_agent.py index 3a8b87da2..2905b9118 100644 --- a/neutron/tests/unit/test_l3_agent.py +++ b/neutron/tests/unit/test_l3_agent.py @@ -247,7 +247,7 @@ class TestBasicRouterOperations(base.BaseTestCase): self.l3pluginApi_cls_p = mock.patch( 'neutron.agent.l3_agent.L3PluginApi') l3pluginApi_cls = self.l3pluginApi_cls_p.start() - self.plugin_api = mock.Mock() + self.plugin_api = mock.MagicMock() l3pluginApi_cls.return_value = self.plugin_api self.looping_call_p = mock.patch( @@ -1864,7 +1864,7 @@ class TestL3AgentEventHandler(base.BaseTestCase): l3_plugin_p = mock.patch( 'neutron.agent.l3_agent.L3PluginApi') l3_plugin_cls = l3_plugin_p.start() - l3_plugin_cls.return_value = mock.Mock() + l3_plugin_cls.return_value = mock.MagicMock() self.external_process_p = mock.patch( 'neutron.agent.linux.external_process.ProcessManager'