本文整理匯總了Python中calico.felix.refcount.RefHelper.replace_all方法的典型用法代碼示例。如果您正苦於以下問題:Python RefHelper.replace_all方法的具體用法?Python RefHelper.replace_all怎麽用?Python RefHelper.replace_all使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類calico.felix.refcount.RefHelper
的用法示例。
在下文中一共展示了RefHelper.replace_all方法的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: LocalEndpoint
# 需要導入模塊: from calico.felix.refcount import RefHelper [as 別名]
# 或者: from calico.felix.refcount.RefHelper import replace_all [as 別名]
#.........這裏部分代碼省略.........
_log.debug("Learned interface name, checking if device " "is up.")
self._device_is_up = devices.interface_exists(self._iface_name) and devices.interface_up(
self._iface_name
)
# Check if the profile ID or IP addresses have changed, requiring
# a refresh of the dataplane.
profile_ids = set(pending_endpoint.get("profile_ids", []))
if profile_ids != self.rules_ref_helper.required_refs:
# Profile ID update required iptables update but not device
# update.
_log.debug("Profile IDs changed, need to update iptables")
self._iptables_in_sync = False
# Check for changes to values that require a device update.
if self.endpoint:
if self.endpoint.get("state") != pending_endpoint.get("state"):
_log.debug("Desired interface state updated.")
self._device_in_sync = False
self._iptables_in_sync = False
if self.endpoint[self.nets_key] != pending_endpoint[self.nets_key]:
# IP addresses have changed, need to update the routing
# table.
_log.debug("IP addresses changed, need to update routing")
self._device_in_sync = False
else:
# Delete of the endpoint. Need to resync everything.
profile_ids = set()
self._iptables_in_sync = False
self._device_in_sync = False
# Note: we don't actually need to wait for the activation to finish
# due to the dependency management in the iptables layer.
self.rules_ref_helper.replace_all(profile_ids)
self.endpoint = pending_endpoint
self._endpoint_update_pending = False
self._pending_endpoint = None
def _update_chains(self):
updates, deps = self.iptables_generator.endpoint_updates(
IP_TYPE_TO_VERSION[self.ip_type],
self.combined_id.endpoint,
self._suffix,
self._mac,
self.endpoint["profile_ids"],
)
try:
self.iptables_updater.rewrite_chains(updates, deps, async=False)
except FailedSystemCall:
_log.exception("Failed to program chains for %s. Removing.", self)
try:
self.iptables_updater.delete_chains(
self.iptables_generator.endpoint_chain_names(self._suffix), async=False
)
except FailedSystemCall:
_log.exception("Failed to remove chains after original " "failure")
else:
self._iptables_in_sync = True
self._chains_programmed = True
def _remove_chains(self):
try:
self.iptables_updater.delete_chains(self.iptables_generator.endpoint_chain_names(self._suffix), async=False)
except FailedSystemCall:
_log.exception("Failed to delete chains for %s", self)
示例2: LocalEndpoint
# 需要導入模塊: from calico.felix.refcount import RefHelper [as 別名]
# 或者: from calico.felix.refcount.RefHelper import replace_all [as 別名]
#.........這裏部分代碼省略.........
# This is the first time we have seen the endpoint, so extract
# the interface name and endpoint ID.
self._iface_name = pending_endpoint["name"]
self._suffix = interface_to_suffix(self.config,
self._iface_name)
_log.debug("Learned interface name/suffix: %s/%s",
self._iface_name, self._suffix)
# First time through, need to program everything.
self._iptables_in_sync = False
self._device_in_sync = False
# Check if the profile ID or IP addresses have changed, requiring
# a refresh of the dataplane.
profile_ids = set(pending_endpoint.get("profile_ids", []))
if profile_ids != self.rules_ref_helper.required_refs:
# Profile ID update required iptables update but not device
# update.
_log.debug("Profile IDs changed, need to update iptables")
self._iptables_in_sync = False
if (self.endpoint and
(self.endpoint[self.nets_key] !=
pending_endpoint[self.nets_key])):
# IP addresses have changed, need to update the routing table.
_log.debug("IP addresses changed, need to update routing")
self._device_in_sync = False
else:
# Delete of the endpoint. Need to resync everything.
profile_ids = set()
self._iptables_in_sync = False
self._device_in_sync = False
# Note: we don't actually need to wait for the activation to finish
# due to the dependency management in the iptables layer.
self.rules_ref_helper.replace_all(profile_ids)
self.endpoint = pending_endpoint
self._endpoint_update_pending = False
self._pending_endpoint = None
def _calculate_missing_deps(self):
"""
Returns a list of missing dependencies.
"""
missing_deps = []
if not self.endpoint:
missing_deps.append("endpoint")
elif self.endpoint.get("state", "active") != "active":
missing_deps.append("endpoint active")
elif not self.endpoint.get("profile_ids"):
missing_deps.append("profile")
return missing_deps
def _maybe_update_iptables(self):
"""
Update the relevant programming for this endpoint.
"""
old_missing_deps = self._missing_deps
self._missing_deps = self._calculate_missing_deps()
if not self._missing_deps:
# We have all the dependencies we need to do the programming and
# the caller has already worked out that iptables needs refreshing.
_log.info("%s became ready to program.", self)
self._update_chains()
elif not old_missing_deps and self._missing_deps:
# We were active but now we're not, withdraw the dispatch rule
示例3: ProfileRules
# 需要導入模塊: from calico.felix.refcount import RefHelper [as 別名]
# 或者: from calico.felix.refcount.RefHelper import replace_all [as 別名]
#.........這裏部分代碼省略.........
self._profile = None
self._pending_profile = None
finally:
self._cleaned_up = True
self._notify_cleanup_complete()
else:
if self._pending_profile != self._profile:
_log.debug("Profile data changed, updating ipset references.")
# Make sure that all the new tags and selectors are active.
# We can't discard unneeded ones until we've updated iptables.
new_tags_and_sels = extract_tags_and_selectors_from_profile(
self._pending_profile
)
for tag_or_sel in new_tags_and_sels:
_log.debug("Requesting ipset for tag %s", tag_or_sel)
# Note: acquire_ref() is a no-op if already acquired.
self._ipset_refs.acquire_ref(tag_or_sel)
self._dirty = True
self._profile = self._pending_profile
self._required_ipsets = new_tags_and_sels
if (self._dirty and
self._ipset_refs.ready and
self._pending_profile is not None):
_log.info("Ready to program rules for %s", self.id)
try:
self._update_chains()
except FailedSystemCall as e:
_log.error("Failed to program profile chain %s; error: %r",
self, e)
else:
# Now we've updated iptables, we can tell the RefHelper
# to discard the tags we no longer need.
self._ipset_refs.replace_all(self._required_ipsets)
self._dirty = False
elif not self._dirty:
_log.debug("No changes to program.")
elif self._pending_profile is None:
_log.info("Profile is None, removing our chains")
try:
self._delete_chains()
except FailedSystemCall:
_log.exception("Failed to delete chains for profile %s",
self.id)
else:
self._ipset_refs.discard_all()
self._dirty = False
else:
assert not self._ipset_refs.ready
_log.info("Can't program rules %s yet, waiting on ipsets",
self.id)
def _delete_chains(self):
"""
Removes our chains from the dataplane, blocks until complete.
"""
# Need to block here: have to wait for chains to be deleted
# before we can decref our ipsets.
self._iptables_updater.delete_chains(
self.iptables_generator.profile_chain_names(self.id),
async=False)
def _update_chains(self):
"""
Updates the chains in the dataplane.
Blocks until the update is complete.
On entry, self._pending_profile must not be None.
:raises FailedSystemCall: if the update fails.
"""
_log.info("%s Programming iptables with our chains.", self)
assert self._pending_profile is not None, \
"_update_chains called with no _pending_profile"
tag_to_ip_set_name = {}
sel_to_ip_set_name = {}
for tag_or_sel, ipset in self._ipset_refs.iteritems():
if isinstance(tag_or_sel, SelectorExpression):
sel_to_ip_set_name[tag_or_sel] = ipset.ipset_name
else:
tag_to_ip_set_name[tag_or_sel] = ipset.ipset_name
_log.info("Updating chains for profile %s", self.id)
_log.debug("Profile %s: %s", self.id, self._profile)
updates, deps = self.iptables_generator.profile_updates(
self.id,
self._pending_profile,
self.ip_version,
tag_to_ipset=tag_to_ip_set_name,
selector_to_ipset=sel_to_ip_set_name,
on_allow="RETURN",
comment_tag=self.id)
_log.debug("Queueing programming for rules %s: %s", self.id,
updates)
self._iptables_updater.rewrite_chains(updates, deps, async=False)
示例4: LocalEndpoint
# 需要導入模塊: from calico.felix.refcount import RefHelper [as 別名]
# 或者: from calico.felix.refcount.RefHelper import replace_all [as 別名]
class LocalEndpoint(RefCountedActor):
def __init__(self, config, combined_id, ip_type, iptables_updater, dispatch_chains, rules_manager):
"""
Controls a single local endpoint.
:param combined_id: EndpointId for this endpoint.
:param ip_type: IP type for this endpoint (IPv4 or IPv6)
:param iptables_updater: IptablesUpdater to use
:param dispatch_chains: DispatchChains to use
:param rules_manager: RulesManager to use
"""
super(LocalEndpoint, self).__init__(qualifier="%s(%s)" % (combined_id.endpoint, ip_type))
assert isinstance(dispatch_chains, DispatchChains)
assert isinstance(rules_manager, RulesManager)
self.combined_id = combined_id
self.config = config
self.ip_type = ip_type
self.ip_version = futils.IP_TYPE_TO_VERSION[ip_type]
if self.ip_type == IPV4:
self.nets_key = "ipv4_nets"
else:
self.nets_key = "ipv6_nets"
self.iptables_updater = iptables_updater
self.dispatch_chains = dispatch_chains
self.rules_mgr = rules_manager
self.rules_ref_helper = RefHelper(self, rules_manager, self._on_profiles_ready)
# Will be filled in as we learn about the OS interface and the
# endpoint config.
self.endpoint = None
self._mac = None
self._iface_name = None
self._suffix = None
# Track whether the last attempt to program the dataplane succeeded.
# We'll force a reprogram next time we get a kick.
self._failed = False
# And whether we've received an update since last time we programmed.
self._dirty = False
@actor_message()
def on_endpoint_update(self, endpoint, force_reprogram=False):
"""
Called when this endpoint has received an update.
:param dict[str] endpoint: endpoint parameter dictionary.
"""
_log.info("%s updated: %s", self, endpoint)
mac_changed = False
if not endpoint and not self.endpoint:
# First time we have been called, but it's a delete! Maybe some
# odd timing window, but we have nothing to tidy up.
return
if endpoint and endpoint["mac"] != self._mac:
# Either we have not seen this MAC before, or it has changed.
self._mac = endpoint["mac"]
mac_changed = True
if endpoint and not self.endpoint:
# This is the first time we have seen the endpoint, so extract the
# interface name and endpoint ID.
self._iface_name = endpoint["name"]
self._suffix = interface_to_suffix(self.config, self._iface_name)
was_ready = self._ready
# Activate the required profile IDs (and deactivate any that we no
# longer need).
if endpoint:
new_profile_ids = set(endpoint["profile_ids"])
else:
new_profile_ids = set()
# Note: we don't actually need to wait for the activation to finish
# due to the dependency management in the iptables layer.
self.rules_ref_helper.replace_all(new_profile_ids)
if endpoint != self.endpoint or force_reprogram:
self._dirty = True
# Store off the endpoint we were passed.
self.endpoint = endpoint
if endpoint:
# Configure the network interface; may fail if not there yet (in
# which case we'll just do it when the interface comes up).
self._configure_interface(mac_changed)
else:
# Remove the network programming.
self._deconfigure_interface()
self._maybe_update(was_ready)
_log.debug("%s finished processing update", self)
@actor_message()
def on_unreferenced(self):
"""
Overrides RefCountedActor:on_unreferenced.
#.........這裏部分代碼省略.........
示例5: LocalEndpoint
# 需要導入模塊: from calico.felix.refcount import RefHelper [as 別名]
# 或者: from calico.felix.refcount.RefHelper import replace_all [as 別名]
#.........這裏部分代碼省略.........
self._device_in_sync = False
self._iptables_in_sync = False
all_new_ips = new_ips | set([n["ext_ip"] for n in
new_nat_mappings])
if all_old_ips != all_new_ips:
# Ensure we clean up any conntrack entries for IPs that
# have been removed.
_log.debug("Set of all IPs changed from %s to %s",
all_old_ips, all_new_ips)
self._removed_ips |= all_old_ips
self._removed_ips -= all_new_ips
else:
# Delete of the endpoint. Need to resync everything.
self._profile_ids_dirty = True
self._iptables_in_sync = False
self._device_in_sync = False
self._removed_ips |= all_old_ips
self.endpoint = pending_endpoint
self._endpoint_update_pending = False
self._pending_endpoint = None
def _update_profile_references(self):
if self.endpoint:
# Combine the explicit profile IDs with the set of policy IDs
# for our matching selectors.
profile_ids = set(self._explicit_profile_ids)
for pol_ids in self._pol_ids_by_tier.itervalues():
profile_ids.update(pol_ids)
else:
profile_ids = set()
# Note: we don't actually need to wait for the activation to finish
# due to the dependency management in the iptables layer.
self._rules_ref_helper.replace_all(profile_ids)
self._profile_ids_dirty = False
def _update_chains(self):
updates, deps = self._endpoint_updates()
try:
self.iptables_updater.rewrite_chains(updates, deps, async=False)
self.fip_manager.update_endpoint(
self.combined_id,
self.endpoint.get(self.nat_key, None),
async=True
)
except FailedSystemCall:
_log.exception("Failed to program chains for %s. Removing.", self)
try:
self.iptables_updater.delete_chains(
self.iptables_generator.endpoint_chain_names(self._suffix),
async=False)
self.fip_manager.update_endpoint(self.combined_id, None,
async=True)
except FailedSystemCall:
_log.exception("Failed to remove chains after original "
"failure")
else:
self._iptables_in_sync = True
self._chains_programmed = True
def _endpoint_updates(self):
raise NotImplementedError() # pragma: no cover
def _remove_chains(self):
try:
self.iptables_updater.delete_chains(