From 34d4a6a78b288f87bd2f122a18916f940cc2b5fc Mon Sep 17 00:00:00 2001 From: Dongcan Ye Date: Wed, 30 Dec 2015 19:16:22 +0800 Subject: [PATCH] Check missed ip6tables utility In some scenario, like in OpenStack Kolla, system may lack iptables-ipv6 package. This may cause command ip6tables-save or ip6tables-restore invalid and ovs-agent error. This patch allows checking ip6tables support from CLI: neutron-sanity-check --ip6tables_installed Or using configuration options, for example: neutron-sanity-check --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini Change-Id: Ia6cf1ed6b5033442f03eac61d2d0d783c146d797 Closes-Bug: #1530042 --- neutron/cmd/sanity/checks.py | 11 +++++++++++ neutron/cmd/sanity_check.py | 11 +++++++++++ neutron/tests/functional/sanity/test_sanity.py | 3 +++ 3 files changed, 25 insertions(+) diff --git a/neutron/cmd/sanity/checks.py b/neutron/cmd/sanity/checks.py index cbb9a2657..87e17dace 100644 --- a/neutron/cmd/sanity/checks.py +++ b/neutron/cmd/sanity/checks.py @@ -354,6 +354,17 @@ def ipset_supported(): return False +def ip6tables_supported(): + try: + cmd = ['ip6tables', '--version'] + agent_utils.execute(cmd) + return True + except (OSError, RuntimeError, IndexError, ValueError) as e: + LOG.debug("Exception while checking for installed ip6tables. " + "Exception: %s", e) + return False + + def get_minimal_dibbler_version_supported(): return MINIMUM_DIBBLER_VERSION diff --git a/neutron/cmd/sanity_check.py b/neutron/cmd/sanity_check.py index 833a74d49..c5d8b1281 100644 --- a/neutron/cmd/sanity_check.py +++ b/neutron/cmd/sanity_check.py @@ -209,6 +209,13 @@ def check_ipset(): return result +def check_ip6tables(): + result = checks.ip6tables_supported() + if not result: + LOG.error(_LE('Cannot run ip6tables. Please ensure that it ' + 'is installed.')) + return result + # Define CLI opts to test specific features, with a callback for the test OPTS = [ BoolOptCallback('ovs_vxlan', check_ovs_vxlan, default=False, @@ -243,6 +250,8 @@ OPTS = [ help=_('Check minimal dibbler version')), BoolOptCallback('ipset_installed', check_ipset, help=_('Check ipset installation')), + BoolOptCallback('ip6tables_installed', check_ip6tables, + help=_('Check ip6tables installation')), ] @@ -282,6 +291,8 @@ def enable_tests_from_config(): cfg.CONF.set_override('keepalived_ipv6_support', True) if cfg.CONF.SECURITYGROUP.enable_ipset: cfg.CONF.set_override('ipset_installed', True) + if cfg.CONF.SECURITYGROUP.enable_security_group: + cfg.CONF.set_override('ip6tables_installed', True) def all_tests_passed(): diff --git a/neutron/tests/functional/sanity/test_sanity.py b/neutron/tests/functional/sanity/test_sanity.py index 37e81d5fa..b6aec474b 100644 --- a/neutron/tests/functional/sanity/test_sanity.py +++ b/neutron/tests/functional/sanity/test_sanity.py @@ -41,6 +41,9 @@ class SanityTestCase(base.BaseTestCase): def test_ipset_support(self): checks.ipset_supported() + def test_ip6tables_support(self): + checks.ip6tables_supported() + class SanityTestCaseRoot(functional_base.BaseSudoTestCase): """Sanity checks that require root access. -- 2.45.2