Create utility to clean-up netns.

Fixes bug 1035366 Adds namespace clean up utility called quantum-netns-cleanup which can be used to remove old namespaces. The --force option can be used to remove all Quantum namespaces and any remaining devices. The force option is should not be run on a live Quantum systems. It is intended for cleaning up devstack a after running unstack.sh (ideally this will be added to unstack.sh in the future). Example cmd line when cleaning up a devstack install: quantum-netns-cleanup --config-file /etc/quantum/quantum.conf \ --config-file /etc/quantum/dhcp_agent.ini --force Change-Id: I6cf153df21e83bff2cde816db12b22102d1ba698
openstack · Sep 4, 2012 · 8e34320 · 8e34320
1 parent d8160e0
commit 8e34320
Show file tree

Hide file tree

Showing 9 changed files with 541 additions and 4 deletions.
diff --git a/bin/quantum-netns-cleanup b/bin/quantum-netns-cleanup
@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 Openstack, LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from quantum.agent.netns_cleanup_util import main
+main()
diff --git a/quantum/agent/linux/interface.py b/quantum/agent/linux/interface.py
@@ -154,6 +154,10 @@ def unplug(self, device_name, bridge=None, namespace=None):
         bridge = ovs_lib.OVSBridge(bridge, self.conf.root_helper)
         bridge.delete_port(device_name)
 
+        if namespace:
+            ip = ip_lib.IPWrapper(self.conf.root_helper, namespace)
+            ip.garbage_collect_namespace()
+
 
 class BridgeInterfaceDriver(LinuxInterfaceDriver):
     """Driver for creating bridge interfaces."""
@@ -196,6 +200,10 @@ def unplug(self, device_name, bridge=None, namespace=None):
             LOG.error(_("Failed unplugging interface '%s'") %
                       device_name)
 
+        if namespace:
+            ip = ip_lib.IPWrapper(self.conf.root_helper, namespace)
+            ip.garbage_collect_namespace()
+
 
 class RyuInterfaceDriver(OVSInterfaceDriver):
     """Driver for creating a Ryu OVS interface."""

diff --git a/quantum/agent/linux/ip_lib.py b/quantum/agent/linux/ip_lib.py
@@ -18,6 +18,9 @@
 from quantum.common import exceptions
 
 
+LOOPBACK_DEVNAME = 'lo'
+
+
 class SubProcessBase(object):
     def __init__(self, root_helper=None, namespace=None):
         self.root_helper = root_helper
@@ -62,7 +65,7 @@ def __init__(self, root_helper=None, namespace=None):
     def device(self, name):
         return IPDevice(name, self.root_helper, self.namespace)
 
-    def get_devices(self):
+    def get_devices(self, exclude_loopback=False):
         retval = []
         output = self._execute('o', 'link', ('list',),
                                self.root_helper, self.namespace)
@@ -71,7 +74,12 @@ def get_devices(self):
                 continue
             tokens = line.split(':', 2)
             if len(tokens) >= 3:
-                retval.append(IPDevice(tokens[1].strip(),
+                name = tokens[1].strip()
+
+                if exclude_loopback and name == LOOPBACK_DEVNAME:
+                    continue
+
+                retval.append(IPDevice(name,
                                        self.root_helper,
                                        self.namespace))
         return retval
@@ -90,12 +98,23 @@ def add_veth(self, name1, name2):
     def ensure_namespace(self, name):
         if not self.netns.exists(name):
             ip = self.netns.add(name)
-            lo = ip.device('lo')
+            lo = ip.device(LOOPBACK_DEVNAME)
             lo.link.set_up()
         else:
             ip = IPWrapper(self.root_helper, name)
         return ip
 
+    def namespace_is_empty(self):
+        return not self.get_devices(exclude_loopback=True)
+
+    def garbage_collect_namespace(self):
+        """Conditionally destroy the namespace if it is empty."""
+        if self.namespace and self.netns.exists(self.namespace):
+            if self.namespace_is_empty():
+                self.netns.delete(self.namespace)
+                return True
+        return False
+
     def add_device_to_namespace(self, device):
         if self.namespace:
             device.link.set_netns(self.namespace)

diff --git a/quantum/agent/linux/ovs_lib.py b/quantum/agent/linux/ovs_lib.py
@@ -269,3 +269,12 @@ def get_vif_port_by_id(self, port_id):
         except Exception, e:
             LOG.info("Unable to parse regex results. Exception: %s", e)
             return
+
+
+def get_bridge_for_iface(root_helper, iface):
+    args = ["ovs-vsctl", "--timeout=2", "iface-to-br", iface]
+    try:
+        return utils.execute(args, root_helper=root_helper).strip()
+    except Exception, e:
+        LOG.error(_("iface %s not found. Exception: %s"), iface, e)
+        return None
diff --git a/quantum/agent/netns_cleanup_util.py b/quantum/agent/netns_cleanup_util.py
@@ -0,0 +1,162 @@
+import logging
+import os
+import re
+import sys
+import traceback
+
+import eventlet
+
+from quantum.agent import dhcp_agent
+from quantum.agent import l3_agent
+from quantum.agent.linux import dhcp
+from quantum.agent.linux import ip_lib
+from quantum.agent.linux import ovs_lib
+from quantum.api.v2 import attributes
+from quantum.common import config
+from quantum.openstack.common import cfg
+from quantum.openstack.common import importutils
+
+LOG = logging.getLogger(__name__)
+NS_MANGLING_PATTERN = ('(%s|%s)' % (dhcp_agent.NS_PREFIX, l3_agent.NS_PREFIX) +
+                       attributes.UUID_PATTERN)
+
+
+class NullDelegate(object):
+    def __getattribute__(self, name):
+        def noop(*args, **kwargs):
+            pass
+        return noop
+
+
+class FakeNetwork(object):
+    def __init__(self, id):
+        self.id = id
+
+
+def setup_conf():
+    """Setup the cfg for the clean up utility.
+
+    Use separate setup_conf for the utility because there are many options
+    from the main config that do not apply during clean-up.
+    """
+
+    opts = [
+        cfg.StrOpt('root_helper', default='sudo'),
+        cfg.StrOpt('dhcp_driver',
+                   default='quantum.agent.linux.dhcp.Dnsmasq',
+                   help="The driver used to manage the DHCP server."),
+        cfg.StrOpt('state_path',
+                   default='.',
+                   help='Top-level directory for maintaining dhcp state'),
+        cfg.BoolOpt('force',
+                    default=False,
+                    help='Delete the namespace by removing all devices.'),
+    ]
+    conf = cfg.CommonConfigOpts()
+    conf.register_opts(opts)
+    conf.register_opts(dhcp.OPTS)
+    config.setup_logging(conf)
+    return conf
+
+
+def kill_dhcp(conf, namespace):
+    """Disable DHCP for a network if DHCP is still active."""
+    network_id = namespace.replace(dhcp_agent.NS_PREFIX, '')
+
+    null_delegate = NullDelegate()
+    dhcp_driver = importutils.import_object(
+        conf.dhcp_driver,
+        conf,
+        FakeNetwork(network_id),
+        conf.root_helper,
+        null_delegate)
+
+    if dhcp_driver.active:
+        dhcp_driver.disable()
+
+
+def eligible_for_deletion(conf, namespace, force=False):
+    """Determine whether a namespace is eligible for deletion.
+
+    Eligibility is determined by having only the lo device or if force
+    is passed as a parameter.
+    """
+
+    # filter out namespaces without UUID as the name
+    if not re.match(NS_MANGLING_PATTERN, namespace):
+        return False
+
+    ip = ip_lib.IPWrapper(conf.root_helper, namespace)
+    return force or ip.namespace_is_empty()
+
+
+def unplug_device(conf, device):
+    try:
+        device.link.delete()
+    except RuntimeError:
+        # Maybe the device is OVS port, so try to delete
+        bridge_name = ovs_lib.get_bridge_for_iface(conf.root_helper,
+                                                   device.name)
+        if bridge_name:
+            bridge = ovs_lib.OVSBridge(bridge_name,
+                                       conf.root_helper)
+            bridge.delete_port(device.name)
+        else:
+            LOG.debug(_('Unable to find bridge for device: %s') % device.name)
+
+
+def destroy_namespace(conf, namespace, force=False):
+    """Destroy a given namespace.
+
+    If force is True, then dhcp (if it exists) will be disabled and all
+    devices will be forcibly removed.
+    """
+
+    try:
+        ip = ip_lib.IPWrapper(conf.root_helper, namespace)
+
+        if force:
+            kill_dhcp(conf, namespace)
+            # NOTE: The dhcp driver will remove the namespace if is it empty,
+            # so a second check is required here.
+            if ip.netns.exists(namespace):
+                for device in ip.get_devices(exclude_loopback=True):
+                    unplug_device(conf, device)
+
+        ip.garbage_collect_namespace()
+    except Exception, e:
+        LOG.exception(_('Error unable to destroy namespace: %s') % namespace)
+
+
+def main():
+    """Main method for cleaning up network namespaces.
+
+    This method will make two passes checking for namespaces to delete. The
+    process will identify candidates, sleep, and call garbage collect. The
+    garbage collection will re-verify that the namespace meets the criteria for
+    deletion (ie it is empty). The period of sleep and the 2nd pass allow
+    time for the namespace state to settle, so that the check prior deletion
+    will re-confirm the namespace is empty.
+
+    The utility is designed to clean-up after the forced or unexpected
+    termination of Quantum agents.
+
+    The --force flag should only be used as part of the cleanup of a devstack
+    installation as it will blindly purge namespaces and their devices. This
+    option also kills any lingering DHCP instances.
+    """
+    eventlet.monkey_patch()
+
+    conf = setup_conf()
+    conf(sys.argv)
+
+    # Identify namespaces that are candidates for deletion.
+    candidates = [ns for ns in
+                  ip_lib.IPWrapper.get_namespaces(conf.root_helper)
+                  if eligible_for_deletion(conf, ns, conf.force)]
+
+    if candidates:
+        eventlet.sleep(2)
+
+        for namespace in candidates:
+            destroy_namespace(conf, namespace, conf.force)
diff --git a/quantum/tests/unit/openvswitch/test_ovs_lib.py b/quantum/tests/unit/openvswitch/test_ovs_lib.py
@@ -15,10 +15,10 @@
 #    under the License.
 # @author: Dan Wendlandt, Nicira, Inc.
 
-import unittest
 import uuid
 
 import mox
+import unittest2 as unittest
 
 from quantum.agent.linux import ovs_lib, utils
 
@@ -292,3 +292,25 @@ def test_port_id_regex(self):
         self.assertEqual(vif_id, '5c1321a7-c73f-4a77-95e6-9f86402e5c8f')
         self.assertEqual(port_name, 'dhc5c1321a7-c7')
         self.assertEqual(ofport, 2)
+
+    def test_iface_to_br(self):
+        iface = 'tap0'
+        br = 'br-int'
+        root_helper = 'sudo'
+        utils.execute(["ovs-vsctl", self.TO, "iface-to-br", iface],
+                      root_helper=root_helper).AndReturn('br-int')
+
+        self.mox.ReplayAll()
+        self.assertEqual(ovs_lib.get_bridge_for_iface(root_helper, iface), br)
+        self.mox.VerifyAll()
+
+    def test_iface_to_br(self):
+        iface = 'tap0'
+        br = 'br-int'
+        root_helper = 'sudo'
+        utils.execute(["ovs-vsctl", self.TO, "iface-to-br", iface],
+                      root_helper=root_helper).AndRaise(Exception)
+
+        self.mox.ReplayAll()
+        self.assertIsNone(ovs_lib.get_bridge_for_iface(root_helper, iface))
+        self.mox.VerifyAll()