当前位置: 首页>>代码示例>>Python>>正文


Python RefHelper.replace_all方法代码示例

本文整理汇总了Python中calico.felix.refcount.RefHelper.replace_all方法的典型用法代码示例。如果您正苦于以下问题:Python RefHelper.replace_all方法的具体用法?Python RefHelper.replace_all怎么用?Python RefHelper.replace_all使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在calico.felix.refcount.RefHelper的用法示例。


在下文中一共展示了RefHelper.replace_all方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: LocalEndpoint

# 需要导入模块: from calico.felix.refcount import RefHelper [as 别名]
# 或者: from calico.felix.refcount.RefHelper import replace_all [as 别名]

#.........这里部分代码省略.........
                    _log.debug("Learned interface name, checking if device " "is up.")
                    self._device_is_up = devices.interface_exists(self._iface_name) and devices.interface_up(
                        self._iface_name
                    )

            # Check if the profile ID or IP addresses have changed, requiring
            # a refresh of the dataplane.
            profile_ids = set(pending_endpoint.get("profile_ids", []))
            if profile_ids != self.rules_ref_helper.required_refs:
                # Profile ID update required iptables update but not device
                # update.
                _log.debug("Profile IDs changed, need to update iptables")
                self._iptables_in_sync = False

            # Check for changes to values that require a device update.
            if self.endpoint:
                if self.endpoint.get("state") != pending_endpoint.get("state"):
                    _log.debug("Desired interface state updated.")
                    self._device_in_sync = False
                    self._iptables_in_sync = False
                if self.endpoint[self.nets_key] != pending_endpoint[self.nets_key]:
                    # IP addresses have changed, need to update the routing
                    # table.
                    _log.debug("IP addresses changed, need to update routing")
                    self._device_in_sync = False
        else:
            # Delete of the endpoint.  Need to resync everything.
            profile_ids = set()
            self._iptables_in_sync = False
            self._device_in_sync = False

        # Note: we don't actually need to wait for the activation to finish
        # due to the dependency management in the iptables layer.
        self.rules_ref_helper.replace_all(profile_ids)

        self.endpoint = pending_endpoint
        self._endpoint_update_pending = False
        self._pending_endpoint = None

    def _update_chains(self):
        updates, deps = self.iptables_generator.endpoint_updates(
            IP_TYPE_TO_VERSION[self.ip_type],
            self.combined_id.endpoint,
            self._suffix,
            self._mac,
            self.endpoint["profile_ids"],
        )
        try:
            self.iptables_updater.rewrite_chains(updates, deps, async=False)
        except FailedSystemCall:
            _log.exception("Failed to program chains for %s. Removing.", self)
            try:
                self.iptables_updater.delete_chains(
                    self.iptables_generator.endpoint_chain_names(self._suffix), async=False
                )
            except FailedSystemCall:
                _log.exception("Failed to remove chains after original " "failure")
        else:
            self._iptables_in_sync = True
            self._chains_programmed = True

    def _remove_chains(self):
        try:
            self.iptables_updater.delete_chains(self.iptables_generator.endpoint_chain_names(self._suffix), async=False)
        except FailedSystemCall:
            _log.exception("Failed to delete chains for %s", self)
开发者ID:ndonegan,项目名称:calico,代码行数:70,代码来源:endpoint.py

示例2: LocalEndpoint

# 需要导入模块: from calico.felix.refcount import RefHelper [as 别名]
# 或者: from calico.felix.refcount.RefHelper import replace_all [as 别名]

#.........这里部分代码省略.........
                # This is the first time we have seen the endpoint, so extract
                # the interface name and endpoint ID.
                self._iface_name = pending_endpoint["name"]
                self._suffix = interface_to_suffix(self.config,
                                                   self._iface_name)
                _log.debug("Learned interface name/suffix: %s/%s",
                           self._iface_name, self._suffix)
                # First time through, need to program everything.
                self._iptables_in_sync = False
                self._device_in_sync = False

            # Check if the profile ID or IP addresses have changed, requiring
            # a refresh of the dataplane.
            profile_ids = set(pending_endpoint.get("profile_ids", []))
            if profile_ids != self.rules_ref_helper.required_refs:
                # Profile ID update required iptables update but not device
                # update.
                _log.debug("Profile IDs changed, need to update iptables")
                self._iptables_in_sync = False
            if (self.endpoint and
                    (self.endpoint[self.nets_key] !=
                     pending_endpoint[self.nets_key])):
                # IP addresses have changed, need to update the routing table.
                _log.debug("IP addresses changed, need to update routing")
                self._device_in_sync = False
        else:
            # Delete of the endpoint.  Need to resync everything.
            profile_ids = set()
            self._iptables_in_sync = False
            self._device_in_sync = False

        # Note: we don't actually need to wait for the activation to finish
        # due to the dependency management in the iptables layer.
        self.rules_ref_helper.replace_all(profile_ids)

        self.endpoint = pending_endpoint
        self._endpoint_update_pending = False
        self._pending_endpoint = None

    def _calculate_missing_deps(self):
        """
        Returns a list of missing dependencies.
        """
        missing_deps = []
        if not self.endpoint:
            missing_deps.append("endpoint")
        elif self.endpoint.get("state", "active") != "active":
            missing_deps.append("endpoint active")
        elif not self.endpoint.get("profile_ids"):
            missing_deps.append("profile")
        return missing_deps

    def _maybe_update_iptables(self):
        """
        Update the relevant programming for this endpoint.
        """
        old_missing_deps = self._missing_deps
        self._missing_deps = self._calculate_missing_deps()

        if not self._missing_deps:
            # We have all the dependencies we need to do the programming and
            # the caller has already worked out that iptables needs refreshing.
            _log.info("%s became ready to program.", self)
            self._update_chains()
        elif not old_missing_deps and self._missing_deps:
            # We were active but now we're not, withdraw the dispatch rule
开发者ID:vi4m,项目名称:calico,代码行数:70,代码来源:endpoint.py

示例3: ProfileRules

# 需要导入模块: from calico.felix.refcount import RefHelper [as 别名]
# 或者: from calico.felix.refcount.RefHelper import replace_all [as 别名]

#.........这里部分代码省略.........
                    self._profile = None
                    self._pending_profile = None
                finally:
                    self._cleaned_up = True
                    self._notify_cleanup_complete()
        else:
            if self._pending_profile != self._profile:
                _log.debug("Profile data changed, updating ipset references.")
                # Make sure that all the new tags and selectors are active.
                # We can't discard unneeded ones until we've updated iptables.
                new_tags_and_sels = extract_tags_and_selectors_from_profile(
                    self._pending_profile
                )
                for tag_or_sel in new_tags_and_sels:
                    _log.debug("Requesting ipset for tag %s", tag_or_sel)
                    # Note: acquire_ref() is a no-op if already acquired.
                    self._ipset_refs.acquire_ref(tag_or_sel)

                self._dirty = True
                self._profile = self._pending_profile
                self._required_ipsets = new_tags_and_sels

            if (self._dirty and
                    self._ipset_refs.ready and
                    self._pending_profile is not None):
                _log.info("Ready to program rules for %s", self.id)
                try:
                    self._update_chains()
                except FailedSystemCall as e:
                    _log.error("Failed to program profile chain %s; error: %r",
                               self, e)
                else:
                    # Now we've updated iptables, we can tell the RefHelper
                    # to discard the tags we no longer need.
                    self._ipset_refs.replace_all(self._required_ipsets)
                    self._dirty = False
            elif not self._dirty:
                _log.debug("No changes to program.")
            elif self._pending_profile is None:
                _log.info("Profile is None, removing our chains")
                try:
                    self._delete_chains()
                except FailedSystemCall:
                    _log.exception("Failed to delete chains for profile %s",
                                   self.id)
                else:
                    self._ipset_refs.discard_all()
                    self._dirty = False
            else:
                assert not self._ipset_refs.ready
                _log.info("Can't program rules %s yet, waiting on ipsets",
                          self.id)

    def _delete_chains(self):
        """
        Removes our chains from the dataplane, blocks until complete.
        """
        # Need to block here: have to wait for chains to be deleted
        # before we can decref our ipsets.
        self._iptables_updater.delete_chains(
            self.iptables_generator.profile_chain_names(self.id),
            async=False)

    def _update_chains(self):
        """
        Updates the chains in the dataplane.

        Blocks until the update is complete.

        On entry, self._pending_profile must not be None.

        :raises FailedSystemCall: if the update fails.
        """
        _log.info("%s Programming iptables with our chains.", self)
        assert self._pending_profile is not None, \
            "_update_chains called with no _pending_profile"
        tag_to_ip_set_name = {}
        sel_to_ip_set_name = {}
        for tag_or_sel, ipset in self._ipset_refs.iteritems():
            if isinstance(tag_or_sel, SelectorExpression):
                sel_to_ip_set_name[tag_or_sel] = ipset.ipset_name
            else:
                tag_to_ip_set_name[tag_or_sel] = ipset.ipset_name

        _log.info("Updating chains for profile %s", self.id)
        _log.debug("Profile %s: %s", self.id, self._profile)

        updates, deps = self.iptables_generator.profile_updates(
            self.id,
            self._pending_profile,
            self.ip_version,
            tag_to_ipset=tag_to_ip_set_name,
            selector_to_ipset=sel_to_ip_set_name,
            on_allow="RETURN",
            comment_tag=self.id)

        _log.debug("Queueing programming for rules %s: %s", self.id,
                   updates)

        self._iptables_updater.rewrite_chains(updates, deps, async=False)
开发者ID:huainansto,项目名称:calico,代码行数:104,代码来源:profilerules.py

示例4: LocalEndpoint

# 需要导入模块: from calico.felix.refcount import RefHelper [as 别名]
# 或者: from calico.felix.refcount.RefHelper import replace_all [as 别名]
class LocalEndpoint(RefCountedActor):
    def __init__(self, config, combined_id, ip_type, iptables_updater, dispatch_chains, rules_manager):
        """
        Controls a single local endpoint.

        :param combined_id: EndpointId for this endpoint.
        :param ip_type: IP type for this endpoint (IPv4 or IPv6)
        :param iptables_updater: IptablesUpdater to use
        :param dispatch_chains: DispatchChains to use
        :param rules_manager: RulesManager to use
        """
        super(LocalEndpoint, self).__init__(qualifier="%s(%s)" % (combined_id.endpoint, ip_type))
        assert isinstance(dispatch_chains, DispatchChains)
        assert isinstance(rules_manager, RulesManager)

        self.combined_id = combined_id

        self.config = config
        self.ip_type = ip_type
        self.ip_version = futils.IP_TYPE_TO_VERSION[ip_type]
        if self.ip_type == IPV4:
            self.nets_key = "ipv4_nets"
        else:
            self.nets_key = "ipv6_nets"
        self.iptables_updater = iptables_updater
        self.dispatch_chains = dispatch_chains
        self.rules_mgr = rules_manager
        self.rules_ref_helper = RefHelper(self, rules_manager, self._on_profiles_ready)

        # Will be filled in as we learn about the OS interface and the
        # endpoint config.
        self.endpoint = None
        self._mac = None
        self._iface_name = None
        self._suffix = None

        # Track whether the last attempt to program the dataplane succeeded.
        # We'll force a reprogram next time we get a kick.
        self._failed = False
        # And whether we've received an update since last time we programmed.
        self._dirty = False

    @actor_message()
    def on_endpoint_update(self, endpoint, force_reprogram=False):
        """
        Called when this endpoint has received an update.
        :param dict[str] endpoint: endpoint parameter dictionary.
        """
        _log.info("%s updated: %s", self, endpoint)
        mac_changed = False

        if not endpoint and not self.endpoint:
            # First time we have been called, but it's a delete! Maybe some
            # odd timing window, but we have nothing to tidy up.
            return

        if endpoint and endpoint["mac"] != self._mac:
            # Either we have not seen this MAC before, or it has changed.
            self._mac = endpoint["mac"]
            mac_changed = True

        if endpoint and not self.endpoint:
            # This is the first time we have seen the endpoint, so extract the
            # interface name and endpoint ID.
            self._iface_name = endpoint["name"]
            self._suffix = interface_to_suffix(self.config, self._iface_name)

        was_ready = self._ready

        # Activate the required profile IDs (and deactivate any that we no
        # longer need).
        if endpoint:
            new_profile_ids = set(endpoint["profile_ids"])
        else:
            new_profile_ids = set()
        # Note: we don't actually need to wait for the activation to finish
        # due to the dependency management in the iptables layer.
        self.rules_ref_helper.replace_all(new_profile_ids)

        if endpoint != self.endpoint or force_reprogram:
            self._dirty = True

        # Store off the endpoint we were passed.
        self.endpoint = endpoint

        if endpoint:
            # Configure the network interface; may fail if not there yet (in
            # which case we'll just do it when the interface comes up).
            self._configure_interface(mac_changed)
        else:
            # Remove the network programming.
            self._deconfigure_interface()

        self._maybe_update(was_ready)
        _log.debug("%s finished processing update", self)

    @actor_message()
    def on_unreferenced(self):
        """
        Overrides RefCountedActor:on_unreferenced.
#.........这里部分代码省略.........
开发者ID:kasisnu,项目名称:calico,代码行数:103,代码来源:endpoint.py

示例5: LocalEndpoint

# 需要导入模块: from calico.felix.refcount import RefHelper [as 别名]
# 或者: from calico.felix.refcount.RefHelper import replace_all [as 别名]

#.........这里部分代码省略.........
                    self._device_in_sync = False
                    self._iptables_in_sync = False
                all_new_ips = new_ips | set([n["ext_ip"] for n in
                                             new_nat_mappings])
                if all_old_ips != all_new_ips:
                    # Ensure we clean up any conntrack entries for IPs that
                    # have been removed.
                    _log.debug("Set of all IPs changed from %s to %s",
                               all_old_ips, all_new_ips)
                    self._removed_ips |= all_old_ips
                    self._removed_ips -= all_new_ips
        else:
            # Delete of the endpoint.  Need to resync everything.
            self._profile_ids_dirty = True
            self._iptables_in_sync = False
            self._device_in_sync = False
            self._removed_ips |= all_old_ips

        self.endpoint = pending_endpoint
        self._endpoint_update_pending = False
        self._pending_endpoint = None

    def _update_profile_references(self):
        if self.endpoint:
            # Combine the explicit profile IDs with the set of policy IDs
            # for our matching selectors.
            profile_ids = set(self._explicit_profile_ids)
            for pol_ids in self._pol_ids_by_tier.itervalues():
                profile_ids.update(pol_ids)
        else:
            profile_ids = set()
        # Note: we don't actually need to wait for the activation to finish
        # due to the dependency management in the iptables layer.
        self._rules_ref_helper.replace_all(profile_ids)
        self._profile_ids_dirty = False

    def _update_chains(self):
        updates, deps = self._endpoint_updates()
        try:
            self.iptables_updater.rewrite_chains(updates, deps, async=False)
            self.fip_manager.update_endpoint(
                self.combined_id,
                self.endpoint.get(self.nat_key, None),
                async=True
            )
        except FailedSystemCall:
            _log.exception("Failed to program chains for %s. Removing.", self)
            try:
                self.iptables_updater.delete_chains(
                    self.iptables_generator.endpoint_chain_names(self._suffix),
                    async=False)
                self.fip_manager.update_endpoint(self.combined_id, None,
                                                 async=True)
            except FailedSystemCall:
                _log.exception("Failed to remove chains after original "
                               "failure")
        else:
            self._iptables_in_sync = True
            self._chains_programmed = True

    def _endpoint_updates(self):
        raise NotImplementedError()  # pragma: no cover

    def _remove_chains(self):
        try:
            self.iptables_updater.delete_chains(
开发者ID:is00hcw,项目名称:calico,代码行数:70,代码来源:endpoint.py


注:本文中的calico.felix.refcount.RefHelper.replace_all方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。