From 02c80d8e82970922f1f1b1462f8435aed8280a71 Mon Sep 17 00:00:00 2001 From: venkata anil Date: Mon, 10 Aug 2015 06:48:52 +0000 Subject: [PATCH] Validate local_ip for OVS tunnel When tunneling is enabled in OVS, validate if the IP address in local_ip belongs to the host. Closes-bug: #1408603 Change-Id: I4b4527c28d0738890e33b343c9e17941e780bc24 --- .../openvswitch/agent/ovs_neutron_agent.py | 10 ++++++++++ .../openvswitch/agent/test_ovs_neutron_agent.py | 17 +++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py b/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py index b0d0ef3d3..45db0a274 100644 --- a/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py +++ b/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py @@ -1717,6 +1717,15 @@ def create_agent_config_map(config): return kwargs +def validate_local_ip(local_ip): + """Verify if the ip exists on the agent's host.""" + if not ip_lib.IPWrapper().get_device_by_ip(local_ip): + LOG.error(_LE("Tunneling can't be enabled with invalid local_ip '%s'." + " IP couldn't be found on this host's interfaces."), + local_ip) + raise SystemExit(1) + + def prepare_xen_compute(): is_xen_compute_host = 'rootwrap-xen-dom0' in cfg.CONF.AGENT.root_helper if is_xen_compute_host: @@ -1733,6 +1742,7 @@ def main(bridge_classes): LOG.exception(_LE("Agent failed to create agent config map")) raise SystemExit(1) prepare_xen_compute() + validate_local_ip(agent_config['local_ip']) try: agent = OVSNeutronAgent(bridge_classes, **agent_config) except (RuntimeError, ValueError) as e: diff --git a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py index 527f8ab39..35ba4f80e 100644 --- a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py +++ b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py @@ -31,6 +31,7 @@ from neutron.plugins.ml2.drivers.l2pop import rpc as l2pop_rpc from neutron.plugins.ml2.drivers.openvswitch.agent.common import constants from neutron.plugins.ml2.drivers.openvswitch.agent import ovs_neutron_agent \ as ovs_agent +from neutron.tests import base from neutron.tests.unit.plugins.ml2.drivers.openvswitch.agent \ import ovs_test_base @@ -2178,3 +2179,19 @@ class TestOvsDvrNeutronAgent(object): class TestOvsDvrNeutronAgentOFCtl(TestOvsDvrNeutronAgent, ovs_test_base.OVSOFCtlTestBase): pass + + +class TestValidateTunnelLocalIP(base.BaseTestCase): + def test_validate_local_ip_with_valid_ip(self): + mock_get_device_by_ip = mock.patch.object( + ip_lib.IPWrapper, 'get_device_by_ip').start() + ovs_agent.validate_local_ip(FAKE_IP1) + mock_get_device_by_ip.assert_called_once_with(FAKE_IP1) + + def test_validate_local_ip_with_invalid_ip(self): + mock_get_device_by_ip = mock.patch.object( + ip_lib.IPWrapper, 'get_device_by_ip').start() + mock_get_device_by_ip.return_value = None + with testtools.ExpectedException(SystemExit): + ovs_agent.validate_local_ip(FAKE_IP1) + mock_get_device_by_ip.assert_called_once_with(FAKE_IP1) -- 2.45.2