ifstate 1.13.7__py3-none-any.whl → 2.0.0__py3-none-any.whl

libifstate/hook/__init__.py

@@ -0,0 +1,195 @@
+from libifstate.util import get_netns_run_dir, dump_yaml_file, slurp_yaml_file, RUN_BASE_DIR
+from libifstate.util import logger
+
+import logging
+from pathlib import Path
+import os
+import pkgutil
+from shlex import quote
+import shutil
+from string import Template
+import subprocess
+import tempfile
+
+
+HOOK_DIR = '/etc/ifstate/hooks'
+HOOK_WRAPPER = Template(pkgutil.get_data("libifstate", "hook/wrapper.sh").decode("utf-8"))
+
+RC_OK = 0
+RC_ERROR = 1
+RC_STARTED = 2
+# it is the same value, but there are two constants to make it more convinient
+RC_STOPPED = RC_STARTED
+RC_CHANGED = 3
+
+def _open_perm(path, flags):
+    return os.open(path, flags, 0o600)
+
+class Hook():
+    def __init__(self, name, script, provides=[], after=[]):
+        self.name = name
+
+        if script[0] == '/':
+            self.script = Path(script).as_posix()
+        else:
+            self.script = Path(HOOK_DIR, script).as_posix()
+
+        self.provides = provides
+        self.after = after
+
+    def start(self, link, args, run_dir, do_apply):
+        wrapper_fn = f"{run_dir}/wrapper.sh"
+
+        with open(wrapper_fn, "w", opener=_open_perm) as fh:
+            template_vars = {
+                    'verbose': 1 if logger.getEffectiveLevel() == logging.DEBUG else '',
+                    'script': self.script,
+                    'ifname': link.settings.get('ifname'),
+                    'index': link.idx,
+                    'netns': link.netns.netns or '',
+                    'vrf': '',
+                    'rundir': run_dir,
+                    'rc_ok': RC_OK,
+                    'rc_error': RC_ERROR,
+                    'rc_started': RC_STARTED,
+                    'rc_stopped': RC_STOPPED,
+                    'rc_changed': RC_CHANGED,
+                }
+
+            if link.get_if_attr('IFLA_INFO_SLAVE_KIND') == 'vrf':
+                template_vars['vrf'] = link.settings.get('master')
+
+            args_list = []
+            for k, v in args.items():
+                args_list.append(f'export IFS_ARG_{k.upper()}={quote(v)}')
+            template_vars['args'] = "\n".join(args_list)
+
+            try:
+                fh.write(HOOK_WRAPPER.substitute(template_vars))
+            except KeyError as ex:
+                logger.error("Failed to prepare wrapper for hook {}: variable {} unknown".format(self.name, str(ex)))
+                return
+            except ValueError as ex:
+                logger.error("Failed to prepare wrapper for hook {}: {}".format(self.name, str(ex)))
+                return
+
+        try:
+            if do_apply:
+                subprocess.run(['/bin/sh', wrapper_fn, "start"], timeout=3, check=True)
+            else:
+                subprocess.run(['/bin/sh', wrapper_fn, "check-start"], timeout=3, check=True)
+
+            return RC_OK
+        except (FileNotFoundError, PermissionError) as ex:
+            logger.error("Failed executing hook {}: {}".format(self.name, str(ex)))
+            return RC_ERROR
+        except subprocess.TimeoutExpired as ex:
+            logger.error("Running hook {} has timed out.".format(self.name))
+            return RC_ERROR
+        except subprocess.CalledProcessError as ex:
+            if ex.returncode < 0:
+                logger.warning("Hook {} got signal {}".format(hook_name, -1 * ex.returncode))
+                return RC_ERROR
+
+            return ex.returncode
+
+    @staticmethod
+    def stop(link, hook_name, run_dir, do_apply):
+        wrapper_fn = f"{run_dir}/wrapper.sh"
+
+        try:
+            if do_apply:
+                subprocess.run(['/bin/sh', wrapper_fn, "stop"], timeout=3, check=True)
+            else:
+                subprocess.run(['/bin/sh', wrapper_fn, "check-stop"], timeout=3, check=True)
+
+            return RC_OK
+        except (FileNotFoundError, PermissionError) as ex:
+            logger.error("Failed executing hook {}: {}".format(hook_name, str(ex)))
+            return RC_ERROR
+        except subprocess.TimeoutExpired as ex:
+            logger.error("Running hook {} has timed out.".format(hook_name))
+            return RC_ERROR
+        except subprocess.CalledProcessError as ex:
+            if ex.returncode < 0:
+                logger.warning("Hook {} got signal {}".format(hook_name, -1 * ex.returncode))
+                return RC_ERROR
+
+            assert(run_dir.startswith(RUN_BASE_DIR))
+
+            try:
+                shutil.rmtree(run_dir)
+            except FileNotFoundError:
+                pass
+            except OSError as err:
+                logger.error("Failed cleanup hook rundir {}: {}".format(run_dir, str(err)))
+
+            return ex.returncode
+
+class Hooks():
+    def __init__(self, ifstate):
+        self.hooks = {}
+        for hook, opts in ifstate.items():
+            if 'script' in opts:
+                self.hooks[hook] = Hook(hook, **opts)
+            else:
+                self.hooks[hook] = Hook(hook, script=hook, **opts)
+
+    def apply(self, link, do_apply):
+        run_dir = get_netns_run_dir('hooks', link.netns, str(link.idx))
+
+        state_fn = f"{run_dir}/state"
+        old_state = slurp_yaml_file(state_fn, default=[])
+        run_state = []
+
+        # Stop any running hooks which should not run any more or have other
+        # parameters - hooks are identified by all of their settings. Keep
+        # the rundir for any hook already running.
+        for entry in old_state:
+            if not entry.get('hook') in link.hooks:
+                rc = Hook.stop(link, entry["hook"]["name"], entry["rundir"], do_apply)
+                if rc == RC_OK:
+                    pass
+                elif rc == RC_STOPPED:
+                    logger.log_del('hooks', '- {}'.format(entry["hook"]["name"]))
+                else:
+                    run_state.append(entry)
+                    logger.log_err('hooks', '! {}'.format(entry["hook"]["name"]))
+            else:
+                hook = next((hook for hook in link.hooks if hook == entry["hook"]), None)
+                # tepmorary keep mapping between running and configured hook dict
+                hook["__rundir"] = entry["rundir"]
+
+        try:
+            if not link.hooks:
+                return
+
+            for hook in link.hooks:
+                if not hook["name"] in self.hooks:
+                    logger.warning("Hook {} for {} is unknown!".format(link.settings.get('ifname'), hook))
+                    continue
+
+                hook_run_dir = hook.get("__rundir")
+                # hook is not running, yet
+                if hook_run_dir is None:
+                    hook_run_dir = tempfile.mkdtemp(prefix="hook_", dir=run_dir)
+                # hook was already running
+                else:
+                    del(hook["__rundir"])
+                rc = self.hooks[hook["name"]].start(link, hook.get('args', {}), hook_run_dir, do_apply)
+
+                if rc == RC_OK:
+                    logger.log_ok('hooks', '= {}'.format(hook["name"]))
+                elif rc == RC_STARTED:
+                    logger.log_add('hooks', '+ {}'.format(hook["name"]))
+                elif rc == RC_CHANGED:
+                    logger.log_change('hooks', '~ {}'.format(hook["name"]))
+                else:
+                    logger.log_err('hooks', '! {}'.format(hook["name"]))
+
+                run_state.append({
+                    "hook": hook,
+                    "rundir": hook_run_dir,
+                })
+        finally:
+            dump_yaml_file(state_fn, run_state)

libifstate/hook/wrapper.sh

@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# ifstate: wrapper to run hooks
+
+# debugging
+export IFS_VERBOSE=${verbose}
+if [ "$$IFS_VERBOSE" = 1 ]; then
+    set -x
+fi
+
+# return codes
+export IFS_RC_OK="${rc_ok}"
+export IFS_RC_ERROR="${rc_error}"
+export IFS_RC_STARTED="${rc_started}"
+export IFS_RC_STOPPED="${rc_stopped}"
+export IFS_RC_CHANGED="${rc_changed}"
+
+# generic environment variables
+export IFS_SCRIPT="${script}"
+export IFS_RUNDIR="${rundir}"
+
+export IFS_IFNAME="${ifname}"
+export IFS_INDEX="${index}"
+export IFS_NETNS="${netns}"
+export IFS_VRF="${vrf}"
+
+# hook arguments
+${args}
+
+# run hook NetNS and VRF aware
+if [ -z "$$IFS_NETNS" ]; then
+    if [ -z "$$IFS_VRF" ]; then
+        # just exec the script
+        exec "$$IFS_SCRIPT" "$$@"
+    else
+        # exec in VRF
+        exec ip vrf exec "$$IFS_VRF" "$$IFS_SCRIPT" "$$@"
+    fi
+else
+    if [ -z "$$IFS_VRF" ]; then
+        # exec in NetNS
+        exec ip netns exec "$$IFS_NETNS" "$$IFS_SCRIPT" "$$@"
+    else
+        # exec in NetNS->VRF
+        exec ip -n "$$IFS_NETNS" vrf exec "$$IFS_VRF" "$$IFS_SCRIPT" "$$@"
+    fi
+fi
+
+# somthing gone wrong
+return $$IFS_RC_ERROR

libifstate/link/base.py

@@ -1,4 +1,4 @@
-from libifstate.util import logger, IfStateLogging, LinkDependency
+from libifstate.util import logger, format_ether_address, IfStateLogging, LinkDependency, IDENTIFY_LOOKUPS
 from libifstate.exception import ExceptionCollector, LinkTypeUnknown, NetnsUnknown, netlinkerror_classes
 from libifstate.brport import BRPort
 from libifstate.routing import RTLookups
@@ -129,7 +129,7 @@ class Link(ABC):
         return super().__new__(GenericLink)
         #raise LinkTypeUnknown()
 
-    def __init__(self, ifstate, netns, name, link, ethtool, vrrp, brport):
+    def __init__(self, ifstate, netns, name, link, identify, ethtool, hooks, vrrp, brport):
         self.ifstate = ifstate
         self.netns = netns
         self.cap_create = True
@@ -139,6 +139,7 @@ class Link(ABC):
         }
         self.settings.update(link)
         self.ethtool = None
+        self.hooks = hooks
         self.vrrp = vrrp
         if brport:
             self.brport = BRPort(netns, name, brport)
@@ -154,22 +155,17 @@ class Link(ABC):
         self.link_ref = LinkDependency(name, self.netns.netns)
 
         # prepare link registry search filters
-        if 'businfo' in self.settings:
-            self.settings['businfo'] = self.settings['businfo'].lower()
-            self.link_registry_search_args.append({
-                'kind': self.settings['kind'],
-                'businfo': self.settings['businfo'],
-            })
-
-        if 'permaddr' in self.settings:
-            self.settings['permaddr'] = self.settings['permaddr'].lower()
-            self.link_registry_search_args.append({
-                'kind': self.settings['kind'],
-                'permaddr': self.settings['permaddr'],
-            })
+        if identify:
+            search_args = {}
+            for attr in IDENTIFY_LOOKUPS.keys():
+                if attr in identify:
+                    search_args[attr] = identify[attr]
+            if search_args:
+                search_args['kind'] = self.settings['kind']
+                self.link_registry_search_args.append(search_args)
 
         if 'address' in self.settings and self.settings['kind'] == 'physical':
-            self.settings['address'] = self.settings['address'].lower()
+            self.settings['address'] = format_ether_address(self.settings['address'])
             self.link_registry_search_args.append({
                 'kind': self.settings['kind'],
                 'address': self.settings['address'],
@@ -249,11 +245,8 @@ class Link(ABC):
             return None
 
     def get_if_attr(self, key):
-        if key in ["state", "permaddr", "businfo"]:
-            if key in self.iface:
-                return self.iface[key]
-            else:
-                return None
+        if key == "state":
+            return self.iface.get(key)
 
         if key in self.attr_map:
             return self._drill_attr(self.iface, self.attr_map[key])
@@ -443,7 +436,7 @@ class Link(ABC):
         return self.match_vrrp_select(vrrp_type, vrrp_name) and (vrrp_state in self.vrrp['states'])
 
     def apply(self, do_apply, sysctl):
-        excpts = ExceptionCollector(self.settings['ifname'])
+        excpts = ExceptionCollector(self.settings['ifname'], self.netns)
         osettings = copy.deepcopy(self.settings)
 
         # lookup for attributes requiring a interface index
@@ -455,8 +448,11 @@ class Link(ABC):
                     # ignore *_netns settings if the netns is the same as the interface's one
                     # (there is no IFLA_LINK_NETNSID attribute in such cases)
                     if self.settings[netns_attr] != self.netns.netns:
-                        # ToDo: throw exception for unknown netns
-                        (peer_ipr, peer_nsid) = self.netns.get_netnsid(self.settings[netns_attr])
+                        try:
+                            (peer_ipr, peer_nsid) = self.netns.get_netnsid(self.settings[netns_attr])
+                        except NetnsUnknown as ex:
+                            excpts.add('apply', ex)
+                            return excpts
                         self.settings[netnsid_attr] = peer_nsid
                         idx = next(iter(peer_ipr.link_lookup(
                             ifname=self.settings[attr])), None)
@@ -522,13 +518,6 @@ class Link(ABC):
         if self.idx is not None:
             self.iface = item.netns.ipr.get_link(self.idx)
         if self.idx is not None and self.iface is not None:
-            permaddr = item.netns.ipr.get_permaddr(self.iface.get_attr('IFLA_IFNAME'))
-            if not permaddr is None:
-                self.iface['permaddr'] = permaddr
-            businfo = item.netns.ipr.get_businfo(self.iface.get_attr('IFLA_IFNAME'))
-            if not businfo is None:
-                self.iface['businfo'] = businfo
-
             # check for ifname collisions
             idx = next(iter(self.netns.ipr.link_lookup(
                 ifname=self.settings['ifname'])), None)
@@ -631,6 +620,9 @@ class Link(ABC):
                                 if not isinstance(err, netlinkerror_classes):
                                     raise
                                 excpts.add('set', err, state=state)
+
+                    # get kernel state
+                    self.iface = self.netns.ipr.get_link(self.idx)
             except Exception as err:
                 if not isinstance(err, netlinkerror_classes):
                     raise
@@ -743,7 +735,7 @@ class Link(ABC):
             if do_apply:
                 # temp. remove special settings
                 skipped_settings = {}
-                for setting in ['state', 'peer', 'kind', 'businfo', 'permaddr']:
+                for setting in ['state', 'peer', 'kind']:
                     if setting in self.settings:
                         skipped_settings[setting] = self.settings.pop(setting)
 
@@ -838,6 +830,9 @@ class Link(ABC):
             else:
                 logger.log_ok('link')
 
+            # update kernel state
+            self.iface = self.netns.ipr.get_link(self.idx)
+
     def depends(self):
         deps = []
 
@@ -900,5 +895,5 @@ class Link(ABC):
 
 
 class GenericLink(Link):
-    def __init__(self, ifstate, netns, name, link, ethtool, vrrp, brport):
-        super().__init__(ifstate, netns, name, link, ethtool, vrrp, brport)
+    def __init__(self, ifstate, netns, name, link, identify, ethtool, hooks, vrrp, brport):
+        super().__init__(ifstate, netns, name, link, identify, ethtool, hooks, vrrp, brport)

libifstate/link/dsa.py

@@ -4,7 +4,7 @@ from libifstate.link.physical import PhysicalLink
 class DsaLink(PhysicalLink):
     """
     Distributed Switch Architecture (DSA) user interface
-    
+
     https://docs.kernel.org/networking/dsa/configuration.html
     """
     pass

libifstate/link/physical.py

@@ -3,11 +3,11 @@ from libifstate.link.base import Link
 from libifstate.exception import LinkCannotAdd
 
 class PhysicalLink(Link):
-    def __init__(self, ifstate, netns, name, link, ethtool, vrrp, brport):
-        super().__init__(ifstate, netns, name, link, ethtool, vrrp, brport)
+    def __init__(self, ifstate, netns, name, link, identify, ethtool, hooks, vrrp, brport):
+        super().__init__(ifstate, netns, name, link, identify, ethtool, hooks, vrrp, brport)
         self.cap_create = False
         self.cap_ethtool = True
         self.ethtool = ethtool
  
     def create(self, do_apply, sysctl, excpts, oper="add"):
-        logger.warning('Unable to create missing physical link: {}'.format(self.settings.get('ifname')))
+        logger.warning('unable to create physical link', extra={'iface': self.settings.get('ifname'), 'netns': self.netns})

libifstate/link/tun.py

@@ -6,18 +6,18 @@ from pwd import getpwnam
 from grp import getgrnam
 
 class TunLink(Link):
-    def __init__(self, ifstate, netns, name, link, ethtool, vrrp, brport):
+    def __init__(self, ifstate, netns, name, link, identify, ethtool, hooks, vrrp, brport):
         if 'tun_owner' in link and isinstance(link['tun_owner'], str):
             link['tun_owner'] = getpwnam(link['tun_owner'])[2]
 
         if 'tun_group' in link and isinstance(link['tun_group'], str):
             link['tun_group'] = getgrnam(link['tun_group'])[2]
 
-        super().__init__(ifstate, netns, name, link, ethtool, vrrp, brport)
+        super().__init__(ifstate, netns, name, link, identify, ethtool, hooks, vrrp, brport)
         self.cap_create = bool(link.get('tun_persist'))
  
     def create(self, do_apply, sysctl, excpts, oper="add"):
         if not self.cap_create:
-            logger.warning('Unable to create missing non-persistent tuntap link: {}'.format(self.settings.get('ifname')))
+            logger.warning('unable to create non-persistent tuntap link', extra={'iface': self.settings.get('ifname'), 'netns': self.netns})
         else:
             super().create(do_apply, sysctl, excpts, oper)

libifstate/link/veth.py

@@ -3,14 +3,14 @@ from libifstate.link.base import Link
 from libifstate.exception import LinkCannotAdd, NetnsUnknown
 
 class VethLink(Link):
-    def __init__(self, ifstate, netns, name, link, ethtool, vrrp, brport):
+    def __init__(self, ifstate, netns, name, link, identify, ethtool, hooks, vrrp, brport):
         # use the bind_netns implementation to create the peer in the
         # target netns
         if 'peer_netns' in link:
             link['bind_netns'] = link['peer_netns']
             del(link['peer_netns'])
 
-        super().__init__(ifstate, netns, name, link, ethtool, vrrp, brport)
+        super().__init__(ifstate, netns, name, link, identify, ethtool, hooks, vrrp, brport)
 
     def create(self, do_apply, sysctl, excpts, oper="add"):
         '''

libifstate/log.py

@@ -73,13 +73,16 @@ class IfStateLogging:
             return IfStateLogging.ANSI_YELLOW
         return ""
 
-    def __init__(self, level, handlers=[], action=None, log_stderr=True):
+    def __init__(self, level, global_level, handlers=[], action=None, log_stderr=True):
         if level != logging.DEBUG:
             sys.tracebacklimit = 0
 
-        logging.basicConfig(
-            level=level,
-        )
+        if global_level:
+            logging.basicConfig(
+                level=level,
+            )
+        else:
+            logger.level = level
 
         if log_stderr:
             has_stderr = sys.stderr is not None

libifstate/netns/__init__.py

@@ -1,10 +1,12 @@
-from libifstate.util import logger, IfStateLogging, IPRouteExt, NetNSExt, root_ipr
+from libifstate.exception import NetnsUnknown
+from libifstate.util import logger, IfStateLogging, IPRouteExt, NetNSExt, root_ipr, root_iw, IDENTIFY_LOOKUPS
 from libifstate.sysctl import Sysctl
 
 import atexit
 from copy import deepcopy
 import logging
 import pyroute2
+from pyroute2 import NetlinkError
 import re
 import secrets
 import shutil
@@ -13,6 +15,7 @@ import subprocess
 netns_name_map = {}
 netns_name_root = None
 netns_nsid_map = {}
+iw_ifindex_phy_map = {}
 
 @atexit.register
 def close_netns():
@@ -44,12 +47,27 @@ class NetNameSpace():
 
         if name is None:
             self.ipr = root_ipr
+            self.iw = root_iw
             self.mount = b''
         else:
             self.ipr = NetNSExt(name)
             netns_name_map[name] = self.ipr
+
+            # check for wireless phys
+            if root_iw:
+                pyroute2.netns.pushns(name)
+                self.iw = pyroute2.IW()
+                pyroute2.netns.popns()
+            else:
+                self.iw = None
+
             self.mount = name.encode("utf-8")
 
+        if self.iw is not None:
+            for ifname, ifdict in self.iw.get_interfaces_dict().items():
+                # ifIndex => phyIndex
+                iw_ifindex_phy_map[ifdict[0]] = ifdict[3]
+
     def __deepcopy__(self, memo):
         '''
         Add custom deepcopy implementation to keep single IPRoute and NetNS instances.
@@ -59,7 +77,10 @@ class NetNameSpace():
         memo[id(self)] = result
         for k, v in self.__dict__.items():
             if k == 'ipr':
-                setattr(result, k, v)
+                if self.netns is None:
+                    setattr(result, k, IPRouteExt())
+                else:
+                    setattr(result, k, NetNSExt(self.netns))
             else:
                 setattr(result, k, deepcopy(v, memo))
         return result
@@ -68,9 +89,11 @@ class NetNameSpace():
         if peer_netns_name is None:
             peer_ipr = root_ipr
             peer_pid = 1
-        else:
+        elif peer_netns_name in netns_name_map:
             peer_ipr = netns_name_map[peer_netns_name]
             peer_pid = peer_ipr.child
+        else:
+            raise NetnsUnknown(peer_netns_name)
 
         result = self.ipr.get_netnsid(pid=peer_pid)
         if result['nsid'] == 4294967295:
@@ -223,8 +246,16 @@ class LinkRegistryItem():
             self.attributes['kind'] = linkinfo.get_attr('IFLA_INFO_KIND')
         else:
             self.attributes['kind'] = "physical"
-            self.attributes['businfo'] = self.netns.ipr.get_businfo(self.attributes['ifname'])
-            self.attributes['permaddr'] = link.get_attr('IFLA_PERM_ADDRESS')
+
+        # add iw phy for wireless interfaces
+        if link['index'] in iw_ifindex_phy_map:
+            self.attributes['wiphy'] = iw_ifindex_phy_map[link['index']]
+
+        # add identify attributes
+        for attr, lookup in IDENTIFY_LOOKUPS.items():
+            value = lookup(netns, link)
+            if value is not None:
+                self.attributes[attr] = value
 
     def __ipr_link(self, command, **kwargs):
         logger.debug("ip link set netns={} {}".format(
@@ -271,7 +302,14 @@ class LinkRegistryItem():
             # ToDo
             self.update_ifname( self.registry.get_random_name('__netns__') )
 
-        self.__ipr_link('set', index=self.attributes['index'], net_ns_fd=netns_name)
+        if self.attributes.get('wiphy') is not None:
+            # move phy instead of iface for wireless devices
+            if netns.netns is None:
+                self.netns.iw.set_wiphy_netns_by_pid(self.attributes['wiphy'], 1)
+            else:
+                self.netns.iw.set_wiphy_netns_by_pid(self.attributes['wiphy'], netns.ipr.child)
+        else:
+            self.__ipr_link('set', index=self.attributes['index'], net_ns_fd=netns_name)
         self.netns = netns
         self.attributes['index'] = next(iter(self.netns.ipr.link_lookup(ifname=self.attributes['ifname'])), None)
 

libifstate/parser/__init__.py

@@ -1,2 +1,2 @@
-from libifstate.parser.base import Parser
+from libifstate.parser.base import Parser, get_available_hooks
 from libifstate.parser.yaml import YamlParser