Skip to content

Commit

Permalink
Send networkpolicy data from operator to daemon (#338)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Hong-Chang
Hong-Chang authored Jan 1, 2021
1 parent 5d485d5 commit 8104b3b
Show file tree
Hide file tree
Showing 3 changed files with 347 additions and 5 deletions.
216 changes: 216 additions & 0 deletions mizar/common/rpc.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,18 @@ def __init__(self, ip, mac, itf='eth0', benchmark=False):
self.trn_cli_update_port = f'''{self.trn_cli} update-port -i {self.phy_itf} -j'''
self.trn_cli_load_pipeline_stage = f'''{self.trn_cli} load-pipeline-stage -i {self.phy_itf} -j'''
self.trn_cli_unload_pipeline_stage = f'''{self.trn_cli} unload-pipeline-stage -i {self.phy_itf} -j'''
self.trn_cli_update_network_policy_ingress = f'''{self.trn_cli} update-network-policy-ingress -i {self.phy_itf} -j'''
self.trn_cli_update_network_policy_egress = f'''{self.trn_cli} update-network-policy-egress -j'''
self.trn_cli_update_network_policy_protocol_port_ingress = f'''{self.trn_cli} update-network-policy-protocol-port-ingress -i {self.phy_itf} -j'''
self.trn_cli_update_network_policy_protocol_port_egress = f'''{self.trn_cli} update-network-policy-protocol-port-egress -j'''
self.trn_cli_delete_network_policy_ingress = f'''{self.trn_cli} delete-network-policy-ingress -i {self.phy_itf} -j'''
self.trn_cli_delete_network_policy_egress = f'''{self.trn_cli} delete-network-policy-egress -j'''
self.trn_cli_delete_network_policy_protocol_port_ingress = f'''{self.trn_cli} delete-network-policy-protocol-port-ingress -i {self.phy_itf} -j'''
self.trn_cli_delete_network_policy_protocol_port_egress = f'''{self.trn_cli} delete-network-policy-protocol-port-egress -j'''
self.trn_cli_update_network_policy_enforcement_map_ingress = f'''{self.trn_cli} update-network-policy-enforcement-map-ingress -i {self.phy_itf} -j'''
self.trn_cli_update_network_policy_enforcement_map_egress = f'''{self.trn_cli} update-network-policy-enforcement-map-egress -i {self.phy_itf} -j'''
self.trn_cli_delete_network_policy_enforcement_map_ingress = f'''{self.trn_cli} delete-network-policy-enforcement-map-ingress -i {self.phy_itf} -j'''
self.trn_cli_delete_network_policy_enforcement_map_egress = f'''{self.trn_cli} delete-network-policy-enforcement-map-egress -i {self.phy_itf} -j'''

self.trn_cli_load_transit_agent_xdp = f'''{self.trn_cli} load-agent-xdp'''
self.trn_cli_unload_transit_agent_xdp = f'''{self.trn_cli} unload-agent-xdp'''
Expand Down Expand Up @@ -301,3 +313,207 @@ def delete_net(self, net):
logger.info("delete_net: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("delete_net returns {} {}".format(returncode, text))

def update_network_policy_ingress(self, cidr_networkpolicy_list):
if len(cidr_networkpolicy_list) == 0:
return
conf_list = []
for cidr_networkpolicy in cidr_networkpolicy_list:
conf = {
"tunnel_id": cidr_networkpolicy.vni,
"local_ip": cidr_networkpolicy.local_ip,
"cidr_prefixlen": str(cidr_networkpolicy.cidr_length),
"cidr_ip": cidr_networkpolicy.cidr,
"cidr_type": cidr_networkpolicy.get_cidr_type_int(),
"bit_value": str(cidr_networkpolicy.policy_bit_value),
}
conf_list.append(conf)
jsonconf = json.dumps(conf_list)
cmd = f'''{self.trn_cli_update_network_policy_ingress} \'{jsonconf}\''''
logger.info("update_network_policy_ingress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("update_network_policy_ingress returns {} {}".format(returncode, text))

def update_network_policy_egress(self, ep, cidr_networkpolicy_list):
if len(cidr_networkpolicy_list) == 0:
return
itf = ep.get_veth_peer()
conf_list = []
for cidr_networkpolicy in cidr_networkpolicy_list:
conf = {
"tunnel_id": cidr_networkpolicy.vni,
"local_ip": cidr_networkpolicy.local_ip,
"cidr_prefixlen": str(cidr_networkpolicy.cidr_length),
"cidr_ip": cidr_networkpolicy.cidr,
"cidr_type": cidr_networkpolicy.get_cidr_type_int(),
"bit_value": str(cidr_networkpolicy.policy_bit_value),
}
conf_list.append(conf)
jsonconf = json.dumps(conf_list)
cmd = f'''{self.trn_cli_update_network_policy_egress} \'{jsonconf}\' -i \'{itf}\''''
logger.info("update_network_policy_egress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("update_network_policy_egress returns {} {}".format(returncode, text))

def delete_network_policy_ingress(self, cidr_networkpolicy_list):
if len(cidr_networkpolicy_list) == 0:
return
conf_list = []
for cidr_networkpolicy in cidr_networkpolicy_list:
conf = {
"tunnel_id": cidr_networkpolicy.vni,
"local_ip": cidr_networkpolicy.local_ip,
"cidr_prefixlen": str(cidr_networkpolicy.cidr_length),
"cidr_ip": cidr_networkpolicy.cidr,
"cidr_type": cidr_networkpolicy.get_cidr_type_int(),
"bit_value": str(cidr_networkpolicy.policy_bit_value),
}
conf_list.append(conf)
jsonconf = json.dumps(conf_list)
cmd = f'''{self.trn_cli_delete_network_policy_ingress} \'{jsonconf}\''''
logger.info("delete_network_policy_ingress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("delete_network_policy_ingress returns {} {}".format(returncode, text))

def delete_network_policy_egress(self, ep, cidr_networkpolicy_list):
if len(cidr_networkpolicy_list) == 0:
return
itf = ep.get_veth_peer()
conf_list = []
for cidr_networkpolicy in cidr_networkpolicy_list:
conf = {
"tunnel_id": cidr_networkpolicy.vni,
"local_ip": cidr_networkpolicy.local_ip,
"cidr_prefixlen": str(cidr_networkpolicy.cidr_length),
"cidr_ip": cidr_networkpolicy.cidr,
"cidr_type": cidr_networkpolicy.get_cidr_type_int(),
"bit_value": str(cidr_networkpolicy.policy_bit_value),
}
conf_list.append(conf)
jsonconf = json.dumps(conf_list)
cmd = f'''{self.trn_cli_delete_network_policy_egress} \'{jsonconf}\' -i \'{itf}\''''
logger.info("delete_network_policy_egress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("delete_network_policy_egress returns {} {}".format(returncode, text))

def update_network_policy_protocol_port_ingress(self, port_networkpolicy_list):
if len(port_networkpolicy_list) == 0:
return
conf_list = []
for port_networkpolicy in port_networkpolicy_list:
conf = {
"tunnel_id": port_networkpolicy.vni,
"local_ip": port_networkpolicy.local_ip,
"protocol": port_networkpolicy.get_protocol_int(),
"port": port_networkpolicy.port,
"bit_value": str(port_networkpolicy.policy_bit_value),
}
conf_list.append(conf)
jsonconf = json.dumps(conf_list)
cmd = f'''{self.trn_cli_update_network_policy_protocol_port_ingress} \'{jsonconf}\''''
logger.info("update_network_policy_protocol_port_ingress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("update_network_policy_protocol_port_ingress returns {} {}".format(returncode, text))

def update_network_policy_protocol_port_egress(self, ep, port_networkpolicy_list):
if len(port_networkpolicy_list) == 0:
return
itf = ep.get_veth_peer()
conf_list = []
for port_networkpolicy in port_networkpolicy_list:
conf = {
"tunnel_id": port_networkpolicy.vni,
"local_ip": port_networkpolicy.local_ip,
"protocol": port_networkpolicy.get_protocol_int(),
"port": port_networkpolicy.port,
"bit_value": str(port_networkpolicy.policy_bit_value),
}
conf_list.append(conf)
jsonconf = json.dumps(conf_list)
cmd = f'''{self.trn_cli_update_network_policy_protocol_port_egress} \'{jsonconf}\' -i \'{itf}\''''
logger.info("update_network_policy_protocol_port_egress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("update_network_policy_protocol_port_egress returns {} {}".format(returncode, text))

def delete_network_policy_protocol_port_ingress(self, port_networkpolicy_list):
if len(port_networkpolicy_list) == 0:
return
conf_list = []
for port_networkpolicy in port_networkpolicy_list:
conf = {
"tunnel_id": port_networkpolicy.vni,
"local_ip": port_networkpolicy.local_ip,
"protocol": port_networkpolicy.get_protocol_int(),
"port": port_networkpolicy.port,
"bit_value": str(port_networkpolicy.policy_bit_value),
}
conf_list.append(conf)
jsonconf = json.dumps(conf_list)
cmd = f'''{self.trn_cli_delete_network_policy_protocol_port_ingress} \'{jsonconf}\''''
logger.info("delete_network_policy_protocol_port_ingress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("delete_network_policy_protocol_port_ingress returns {} {}".format(returncode, text))

def delete_network_policy_protocol_port_egress(self, ep, port_networkpolicy_list):
if len(port_networkpolicy_list) == 0:
return
itf = ep.get_veth_peer()
conf_list = []
for port_networkpolicy in port_networkpolicy_list:
conf = {
"tunnel_id": port_networkpolicy.vni,
"local_ip": port_networkpolicy.local_ip,
"protocol": port_networkpolicy.get_protocol_int(),
"port": port_networkpolicy.port,
"bit_value": str(port_networkpolicy.policy_bit_value),
}
conf_list.append(conf)
jsonconf = json.dumps(conf_list)
cmd = f'''{self.trn_cli_delete_network_policy_protocol_port_egress} \'{jsonconf}\' -i \'{itf}\''''
logger.info("delete_network_policy_protocol_port_egress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("delete_network_policy_protocol_port_egress returns {} {}".format(returncode, text))

def update_network_policy_enforcement_map_ingress(self, endpointEnforced):
jsonconf = {
"tunnel_id": endpointEnforced.vni,
"ip": endpointEnforced.ip,
}
jsonconf = json.dumps(jsonconf)
cmd = f'''{self.trn_cli_update_network_policy_enforcement_map_ingress} \'{jsonconf}\''''
logger.info("update_network_policy_enforcement_map_ingress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("update_network_policy_enforcement_map_ingress returns {} {}".format(returncode, text))

def update_network_policy_enforcement_map_egress(self, endpointEnforced):
jsonconf = {
"tunnel_id": endpointEnforced.vni,
"ip": endpointEnforced.ip,
}
jsonconf = json.dumps(jsonconf)
cmd = f'''{self.trn_cli_update_network_policy_enforcement_map_egress} \'{jsonconf}\''''
logger.info("update_network_policy_enforcement_map_egress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("update_network_policy_enforcement_map_egress returns {} {}".format(returncode, text))

def delete_network_policy_enforcement_map_ingress(self, endpointEnforced):
jsonconf = {
"tunnel_id": endpointEnforced.vni,
"ip": endpointEnforced.ip,
}
jsonconf = json.dumps(jsonconf)
cmd = f'''{self.trn_cli_delete_network_policy_enforcement_map_ingress} \'{jsonconf}\''''
logger.info("delete_network_policy_enforcement_map_ingress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("delete_network_policy_enforcement_map_ingress returns {} {}".format(returncode, text))

def delete_network_policy_enforcement_map_egress(self, endpointEnforced):
jsonconf = {
"tunnel_id": endpointEnforced.vni,
"ip": endpointEnforced.ip,
}
jsonconf = json.dumps(jsonconf)
cmd = f'''{self.trn_cli_delete_network_policy_enforcement_map_egress} \'{jsonconf}\''''
logger.info("delete_network_policy_enforcement_map_egress: {}".format(cmd))
returncode, text = run_cmd(cmd)
logger.info("delete_network_policy_enforcement_map_egress returns {} {}".format(returncode, text))
11 changes: 10 additions & 1 deletion mizar/networkpolicy/networkpolicy_util.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,16 @@ def handle_networkpolicy_create_update(self, name, pod_label_dict, policy_types)
"egress": data_for_networkpolicy_egress,
}
logger.info("data_for_networkpolicy: {}".format(data_for_networkpolicy))
#TODO Send data from operator to daemon
old_data_for_networkpolicy = ep.get_data_for_networkpolicy()
if len(old_data_for_networkpolicy) > 0:
if len(old_data_for_networkpolicy["old"]) > 0 and old_data_for_networkpolicy["old"]["ingress"] == data_for_networkpolicy_ingress and old_data_for_networkpolicy["old"]["egress"] == data_for_networkpolicy_egress:
continue

old_data_for_networkpolicy["old"] = {}
data_for_networkpolicy["old"] = old_data_for_networkpolicy

ep.set_data_for_networkpolicy(data_for_networkpolicy)
ep.update_networkpolicy_per_endpoint(data_for_networkpolicy)

def generate_data_for_networkpolicy_ingress(self, ep):
data = self.init_data_for_networkpolicy()
Expand Down
Loading

0 comments on commit 8104b3b

Please sign in to comment.