matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[caclmgrd] Inherit DaemonBase class from sonic-py-common package (#5373)

Browse Source 
Eliminate duplicate logging code by inheriting from DaemonBase class in sonic-py-common package.
This commit is contained in:
Joe LeVeque 2020-09-15 13:34:41 -07:00 committed by GitHub
parent 12c94a7431
commit 1ac146dd97
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 34 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
files/image_config/caclmgrd/caclmgrd
View File

@ -15,9 +15,8 @@ try:
import os import os
import subprocess import subprocess
import sys import sys
import syslog
from sonic_py_common import device_info from sonic_py_common import daemon_base, device_info
from swsscommon import swsscommon from swsscommon import swsscommon
from swsssdk import SonicDBConfig, ConfigDBConnector from swsssdk import SonicDBConfig, ConfigDBConnector
except ImportError as err: except ImportError as err:
@ -28,25 +27,6 @@ VERSION = "1.0"
SYSLOG_IDENTIFIER = "caclmgrd" SYSLOG_IDENTIFIER = "caclmgrd"
# ========================== Syslog wrappers ==========================
def log_info(msg):
syslog.openlog(SYSLOG_IDENTIFIER)
syslog.syslog(syslog.LOG_INFO, msg)
syslog.closelog()
def log_warning(msg):
syslog.openlog(SYSLOG_IDENTIFIER)
syslog.syslog(syslog.LOG_WARNING, msg)
syslog.closelog()
def log_error(msg):
syslog.openlog(SYSLOG_IDENTIFIER)
syslog.syslog(syslog.LOG_ERR, msg)
syslog.closelog()
# ========================== Helper Functions ========================= # ========================== Helper Functions =========================
@ -61,7 +41,7 @@ def _ip_prefix_in_key(key):
# ============================== Classes ============================== # ============================== Classes ==============================
class ControlPlaneAclManager(object): class ControlPlaneAclManager(daemon_base.DaemonBase):
""" """
Class which reads control plane ACL tables and rules from Config DB, Class which reads control plane ACL tables and rules from Config DB,
translates them into equivalent iptables commands and runs those translates them into equivalent iptables commands and runs those
@ -91,7 +71,9 @@ class ControlPlaneAclManager(object):
} }
} }
def __init__(self): def __init__(self, log_identifier):
super(ControlPlaneAclManager, self).__init__(log_identifier)
SonicDBConfig.load_sonic_global_db_config() SonicDBConfig.load_sonic_global_db_config()
self.config_db_map = {} self.config_db_map = {}
self.iptables_cmd_ns_prefix = {} self.iptables_cmd_ns_prefix = {}
@ -131,7 +113,7 @@ class ControlPlaneAclManager(object):
(stdout, stderr) = proc.communicate() (stdout, stderr) = proc.communicate()
if proc.returncode != 0: if proc.returncode != 0:
log_error("Error running command '{}'".format(cmd)) self.log_error("Error running command '{}'".format(cmd))
elif stdout: elif stdout:
return stdout.rstrip('\n') return stdout.rstrip('\n')
@ -192,7 +174,7 @@ class ControlPlaneAclManager(object):
elif isinstance(ip_ntwrk, ipaddress.IPv6Network): elif isinstance(ip_ntwrk, ipaddress.IPv6Network):
block_ip2me_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "ip6tables -A INPUT -d {}/{} -j DROP".format(ip_addr, ip_ntwrk.max_prefixlen)) block_ip2me_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "ip6tables -A INPUT -d {}/{} -j DROP".format(ip_addr, ip_ntwrk.max_prefixlen))
else: else:
log_warning("Unrecognized IP address type on interface '{}': {}".format(iface_name, ip_ntwrk)) self.log_warning("Unrecognized IP address type on interface '{}': {}".format(iface_name, ip_ntwrk))
return block_ip2me_cmds return block_ip2me_cmds
@ -327,12 +309,12 @@ class ControlPlaneAclManager(object):
for acl_service in acl_services: for acl_service in acl_services:
if acl_service not in self.ACL_SERVICES: if acl_service not in self.ACL_SERVICES:
log_warning("Ignoring control plane ACL '{}' with unrecognized service '{}'" self.log_warning("Ignoring control plane ACL '{}' with unrecognized service '{}'"
.format(table_name, acl_service)) .format(table_name, acl_service))
continue continue
log_info("Translating ACL rules for control plane ACL '{}' (service: '{}')" self.log_info("Translating ACL rules for control plane ACL '{}' (service: '{}')"
.format(table_name, acl_service)) .format(table_name, acl_service))
# Obtain default IP protocol(s) and destination port(s) for this service # Obtain default IP protocol(s) and destination port(s) for this service
ip_protocols = self.ACL_SERVICES[acl_service]["ip_protocols"] ip_protocols = self.ACL_SERVICES[acl_service]["ip_protocols"]
@ -343,13 +325,13 @@ class ControlPlaneAclManager(object):
for ((rule_table_name, rule_id), rule_props) in self._rules_db_info.iteritems(): for ((rule_table_name, rule_id), rule_props) in self._rules_db_info.iteritems():
if rule_table_name == table_name: if rule_table_name == table_name:
if not rule_props: if not rule_props:
log_warning("rule_props for rule_id {} empty or null!".format(rule_id)) self.log_warning("rule_props for rule_id {} empty or null!".format(rule_id))
continue continue
try: try:
acl_rules[rule_props["PRIORITY"]] = rule_props acl_rules[rule_props["PRIORITY"]] = rule_props
except KeyError: except KeyError:
log_error("rule_props for rule_id {} does not have key 'PRIORITY'!".format(rule_id)) self.log_error("rule_props for rule_id {} does not have key 'PRIORITY'!".format(rule_id))
continue continue
# If we haven't determined the IP version for this ACL table yet, # If we haven't determined the IP version for this ACL table yet,
@ -362,19 +344,19 @@ class ControlPlaneAclManager(object):
table_ip_version = 4 table_ip_version = 4
if (self.is_rule_ipv6(rule_props) and (table_ip_version == 4)): if (self.is_rule_ipv6(rule_props) and (table_ip_version == 4)):
log_error("CtrlPlane ACL table {} is a IPv4 based table and rule {} is a IPV6 rule! Ignoring rule." self.log_error("CtrlPlane ACL table {} is a IPv4 based table and rule {} is a IPV6 rule! Ignoring rule."
.format(table_name, rule_id)) .format(table_name, rule_id))
acl_rules.pop(rule_props["PRIORITY"]) acl_rules.pop(rule_props["PRIORITY"])
elif (self.is_rule_ipv4(rule_props) and (table_ip_version == 6)): elif (self.is_rule_ipv4(rule_props) and (table_ip_version == 6)):
log_error("CtrlPlane ACL table {} is a IPv6 based table and rule {} is a IPV4 rule! Ignroing rule." self.log_error("CtrlPlane ACL table {} is a IPv6 based table and rule {} is a IPV4 rule! Ignroing rule."
.format(table_name, rule_id)) .format(table_name, rule_id))
acl_rules.pop(rule_props["PRIORITY"]) acl_rules.pop(rule_props["PRIORITY"])
# If we were unable to determine whether this ACL table contains # If we were unable to determine whether this ACL table contains
# IPv4 or IPv6 rules, log a message and skip processing this table. # IPv4 or IPv6 rules, log a message and skip processing this table.
if not table_ip_version: if not table_ip_version:
log_warning("Unable to determine if ACL table '{}' contains IPv4 or IPv6 rules. Skipping table..." self.log_warning("Unable to determine if ACL table '{}' contains IPv4 or IPv6 rules. Skipping table..."
.format(table_name)) .format(table_name))
continue continue
# For each ACL rule in this table (in descending order of priority) # For each ACL rule in this table (in descending order of priority)
@ -382,7 +364,7 @@ class ControlPlaneAclManager(object):
rule_props = acl_rules[priority] rule_props = acl_rules[priority]
if "PACKET_ACTION" not in rule_props: if "PACKET_ACTION" not in rule_props:
log_error("ACL rule does not contain PACKET_ACTION property") self.log_error("ACL rule does not contain PACKET_ACTION property")
continue continue
# Apply the rule to the default protocol(s) for this ACL service # Apply the rule to the default protocol(s) for this ACL service
@ -437,9 +419,9 @@ class ControlPlaneAclManager(object):
commands and runs them. commands and runs them.
""" """
iptables_cmds = self.get_acl_rules_and_translate_to_iptables_commands(namespace) iptables_cmds = self.get_acl_rules_and_translate_to_iptables_commands(namespace)
log_info("Issuing the following iptables commands:") self.log_info("Issuing the following iptables commands:")
for cmd in iptables_cmds: for cmd in iptables_cmds:
log_info(" " + cmd) self.log_info(" " + cmd)
self.run_commands(iptables_cmds) self.run_commands(iptables_cmds)
@ -447,6 +429,13 @@ class ControlPlaneAclManager(object):
# Select Time-out for 10 Seconds # Select Time-out for 10 Seconds
SELECT_TIMEOUT_MS = 1000 * 10 SELECT_TIMEOUT_MS = 1000 * 10
self.log_info("Starting up ...")
if not os.geteuid() == 0:
self.log_error("Must be root to run this daemon")
print("Error: Must be root to run this daemon")
sys.exit(1)
# Initlaize Global config that loads all database*.json # Initlaize Global config that loads all database*.json
if device_info.is_multi_npu(): if device_info.is_multi_npu():
swsscommon.SonicDBConfig.initializeGlobalConfig() swsscommon.SonicDBConfig.initializeGlobalConfig()
@ -494,15 +483,12 @@ class ControlPlaneAclManager(object):
def main(): def main():
log_info("Starting up...")
if not os.geteuid() == 0:
log_error("Must be root to run this daemon")
print "Error: Must be root to run this daemon"
sys.exit(1)
# Instantiate a ControlPlaneAclManager object # Instantiate a ControlPlaneAclManager object
caclmgr = ControlPlaneAclManager() caclmgr = ControlPlaneAclManager(SYSLOG_IDENTIFIER)
# Log all messages from INFO level and higher
caclmgr.set_min_log_priority_info()
caclmgr.run() caclmgr.run()