+
+
+def attach_instance_to_ext_br(instance, compute_node):
+ libvirt_instance_name = getattr(instance, "OS-EXT-SRV-ATTR:instance_name")
+ installer_type = str(os.environ['INSTALLER_TYPE'].lower())
+ if installer_type == "fuel":
+ bridge = "br-ex"
+ elif installer_type == "apex":
+ # In Apex, br-ex is an ovs bridge and virsh attach-interface
+ # won't just work. We work around it by creating a linux
+ # bridge, attaching that to br-ex with a veth pair
+ # and virsh-attaching the instance to the linux-bridge
+ bridge = "br-quagga"
+ cmd = """
+ set -e
+ if ! sudo brctl show |grep -q ^{bridge};then
+ sudo brctl addbr {bridge}
+ sudo ip link set {bridge} up
+ sudo ip link add quagga-tap type veth peer name ovs-quagga-tap
+ sudo ip link set dev ovs-quagga-tap up
+ sudo ip link set dev quagga-tap up
+ sudo ovs-vsctl add-port br-ex ovs-quagga-tap
+ sudo brctl addif {bridge} quagga-tap
+ fi
+ """
+ compute_node.run_cmd(cmd.format(bridge=bridge))
+
+ compute_node.run_cmd("sudo virsh attach-interface %s"
+ " bridge %s" % (libvirt_instance_name, bridge))
+
+
+def detach_instance_from_ext_br(instance, compute_node):
+ libvirt_instance_name = getattr(instance, "OS-EXT-SRV-ATTR:instance_name")
+ mac = compute_node.run_cmd("for vm in $(sudo virsh list | "
+ "grep running | awk '{print $2}'); "
+ "do echo -n ; sudo virsh dumpxml $vm| "
+ "grep -oP '52:54:[\da-f:]+' ;done")
+ compute_node.run_cmd("sudo virsh detach-interface --domain %s"
+ " --type bridge --mac %s"
+ % (libvirt_instance_name, mac))
+
+ installer_type = str(os.environ['INSTALLER_TYPE'].lower())
+ if installer_type == "fuel":
+ bridge = "br-ex"
+ elif installer_type == "apex":
+ # In Apex, br-ex is an ovs bridge and virsh attach-interface
+ # won't just work. We work around it by creating a linux
+ # bridge, attaching that to br-ex with a veth pair
+ # and virsh-attaching the instance to the linux-bridge
+ bridge = "br-quagga"
+ cmd = """
+ sudo brctl delif {bridge} quagga-tap &&
+ sudo ovs-vsctl del-port br-ex ovs-quagga-tap &&
+ sudo ip link set dev quagga-tap down &&
+ sudo ip link set dev ovs-quagga-tap down &&
+ sudo ip link del quagga-tap type veth peer name ovs-quagga-tap &&
+ sudo ip link set {bridge} down &&
+ sudo brctl delbr {bridge}
+ """
+ compute_node.run_cmd(cmd.format(bridge=bridge))
+
+
+def cleanup_neutron(neutron_client, floatingip_ids, bgpvpn_ids, interfaces,
+ subnet_ids, router_ids, network_ids):
+
+ if len(floatingip_ids) != 0:
+ for floatingip_id in floatingip_ids:
+ if not os_utils.delete_floating_ip(neutron_client, floatingip_id):
+ logging.error('Fail to delete all floating ips. '
+ 'Floating ip with id {} was not deleted.'.
+ format(floatingip_id))
+ return False
+
+ if len(bgpvpn_ids) != 0:
+ for bgpvpn_id in bgpvpn_ids:
+ delete_bgpvpn(neutron_client, bgpvpn_id)
+
+ if len(interfaces) != 0:
+ for router_id, subnet_id in interfaces:
+ if not os_utils.remove_interface_router(neutron_client,
+ router_id, subnet_id):
+ logging.error('Fail to delete all interface routers. '
+ 'Interface router with id {} was not deleted.'.
+ format(router_id))
+
+ if len(router_ids) != 0:
+ for router_id in router_ids:
+ if not os_utils.remove_gateway_router(neutron_client, router_id):
+ logging.error('Fail to delete all gateway routers. '
+ 'Gateway router with id {} was not deleted.'.
+ format(router_id))
+
+ if len(subnet_ids) != 0:
+ for subnet_id in subnet_ids:
+ if not os_utils.delete_neutron_subnet(neutron_client, subnet_id):
+ logging.error('Fail to delete all subnets. '
+ 'Subnet with id {} was not deleted.'.
+ format(subnet_id))
+ return False
+
+ if len(router_ids) != 0:
+ for router_id in router_ids:
+ if not os_utils.delete_neutron_router(neutron_client, router_id):
+ logging.error('Fail to delete all routers. '
+ 'Router with id {} was not deleted.'.
+ format(router_id))
+ return False
+
+ if len(network_ids) != 0:
+ for network_id in network_ids:
+ if not os_utils.delete_neutron_net(neutron_client, network_id):
+ logging.error('Fail to delete all networks. '
+ 'Network with id {} was not deleted.'.
+ format(network_id))
+ return False
+ return True
+
+
+def cleanup_nova(nova_client, instance_ids, image_ids):
+ if len(instance_ids) != 0:
+ for instance_id in instance_ids:
+ if not os_utils.delete_instance(nova_client, instance_id):
+ logging.error('Fail to delete all instances. '
+ 'Instance with id {} was not deleted.'.
+ format(instance_id))
+ return False
+
+ if len(image_ids) != 0:
+ for image_id in image_ids:
+ if not os_utils.delete_glance_image(nova_client, image_id):
+ logging.error('Fail to delete all images. '
+ 'Image with id {} was not deleted.'.
+ format(image_id))
+ return False
+ return True
+
+
+def create_bgpvpn(neutron_client, **kwargs):
+ # route_distinguishers
+ # route_targets
+ json_body = {"bgpvpn": kwargs}
+ return neutron_client.create_bgpvpn(json_body)
+
+
+def update_bgpvpn(neutron_client, bgpvpn_id, **kwargs):
+ json_body = {"bgpvpn": kwargs}
+ return neutron_client.update_bgpvpn(bgpvpn_id, json_body)
+
+
+def delete_bgpvpn(neutron_client, bgpvpn_id):
+ return neutron_client.delete_bgpvpn(bgpvpn_id)
+
+
+def get_bgpvpn(neutron_client, bgpvpn_id):
+ return neutron_client.show_bgpvpn(bgpvpn_id)
+
+
+def get_bgpvpn_routers(neutron_client, bgpvpn_id):
+ return get_bgpvpn(neutron_client, bgpvpn_id)['bgpvpn']['routers']
+
+
+def get_bgpvpn_networks(neutron_client, bgpvpn_id):
+ return get_bgpvpn(neutron_client, bgpvpn_id)['bgpvpn']['networks']
+
+
+def create_router_association(neutron_client, bgpvpn_id, router_id):
+ json_body = {"router_association": {"router_id": router_id}}
+ return neutron_client.create_router_association(bgpvpn_id, json_body)
+
+
+def create_network_association(neutron_client, bgpvpn_id, neutron_network_id):
+ json_body = {"network_association": {"network_id": neutron_network_id}}
+ return neutron_client.create_network_association(bgpvpn_id, json_body)
+
+
+def is_fail_mode_secure():
+ """
+ Checks the value of the attribute fail_mode,
+ if it is set to secure. This check is performed
+ on all OVS br-int interfaces, for all OpenStack nodes.
+ """
+ is_secure = {}
+ openstack_nodes = get_nodes()
+ get_ovs_int_cmd = ("sudo ovs-vsctl show | "
+ "grep -i bridge | "
+ "awk '{print $2}'")
+ # Define OVS get fail_mode command
+ get_ovs_fail_mode_cmd = ("sudo ovs-vsctl get-fail-mode br-int")
+ for openstack_node in openstack_nodes:
+ if not openstack_node.is_active():
+ continue
+
+ ovs_int_list = (openstack_node.run_cmd(get_ovs_int_cmd).
+ strip().split('\n'))
+ if 'br-int' in ovs_int_list:
+ # Execute get fail_mode command
+ br_int_fail_mode = (openstack_node.
+ run_cmd(get_ovs_fail_mode_cmd).strip())
+ if br_int_fail_mode == 'secure':
+ # success
+ is_secure[openstack_node.name] = True
+ else:
+ # failure
+ logging.error('The fail_mode for br-int was not secure '
+ 'in {} node'.format(openstack_node.name))
+ is_secure[openstack_node.name] = False
+ return is_secure