infra/check_providers
0
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

flush route cache between stop and start openvpn

Browse Source 
removed unused forced source_ip
This commit is contained in:
htouvet
2015-09-09 17:34:27 +02:00
parent 591badb383
commit ebf1c54eaf
1 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
check_providers.py
+13 -12
View File
@@ -144,7 +144,6 @@ class Provider(object):
self.device_type=None self.device_type=None
self.device_mac=None self.device_mac=None
self.last_ip=None self.last_ip=None
self.source_ip=None
self._gateway=gateway self._gateway=gateway
@@ -186,7 +185,7 @@ conntrack v1.2.1 (conntrack-tools): 1 flow entries have been shown.
def read_config(self,config_file): def read_config(self,config_file):
for attrib in ['target_ip','device','gateway','source_ip']: for attrib in ['target_ip','device','gateway']:
if config_file.has_option(self.provider_name,attrib): if config_file.has_option(self.provider_name,attrib):
if attrib == 'gateway': if attrib == 'gateway':
setattr(self,'_gateway',config_file.get(self.provider_name,attrib)) setattr(self,'_gateway',config_file.get(self.provider_name,attrib))
@@ -307,9 +306,7 @@ available == True if actual rtt and loss are below the max_rtt and max_loss
IPV4ADDR = re.compile(r'\sinet\s+(?P<ipv4>\d+.\d+.\d+.\d+)[/\s]') IPV4ADDR = re.compile(r'\sinet\s+(?P<ipv4>\d+.\d+.\d+.\d+)[/\s]')
MACADDR = re.compile(r'link/(?P<type>\S+)(\s(?P<mac>\S+))?') MACADDR = re.compile(r'link/(?P<type>\S+)(\s(?P<mac>\S+))?')
ipaddr = IPV4ADDR.search(output) ipaddr = IPV4ADDR.search(output)
if self.source_ip: if ipaddr:
self.last_ip = self.source_ip
elif ipaddr:
self.last_ip = ipaddr.groupdict()['ipv4'] self.last_ip = ipaddr.groupdict()['ipv4']
else: else:
self.last_ip = None self.last_ip = None
@@ -408,11 +405,12 @@ available == True if actual rtt and loss are below the max_rtt and max_loss
print run('/sbin/shorewall enable {}'.format(self.provider_name),dry_run=self.dry_run) print run('/sbin/shorewall enable {}'.format(self.provider_name),dry_run=self.dry_run)
if self.openvpn_master: if self.openvpn_master:
logger.info('Restarting openvpn') logger.info('Restarting openvpn')
print run('/usr/sbin/conntrack -F',dry_run=self.dry_run) print run('/etc/init.d/openvpn stop',dry_run=self.dry_run)
print run('ip route flush cache',dry_run=self.dry_run) print run('ip route flush cache',dry_run=self.dry_run)
print run('/etc/init.d/openvpn restart',dry_run=self.dry_run) print run('/etc/init.d/openvpn start',dry_run=self.dry_run)
# here check the connectivity.... else rollback # here check the connectivity.... else rollback
self.update_leds() self.update_leds()
print('Routes after enabling provider %s\n%s'%(self.provider_name,run('/sbin/shorewall show routing')))
else: else:
logger.debug('{} already enabled'.format(self.device)) logger.debug('{} already enabled'.format(self.device))
@@ -420,20 +418,24 @@ available == True if actual rtt and loss are below the max_rtt and max_loss
if self.enabled: if self.enabled:
openvpn = self.used_by_openvpn() openvpn = self.used_by_openvpn()
logger.debug('Disable {}'.format(self.provider_name)) logger.debug('Disable {}'.format(self.provider_name))
# restart openvpn if it was running on this provider
if openvpn:
logger.info('openvpn was running here, stopping openvpn')
print run('/etc/init.d/openvpn stop',dry_run=self.dry_run)
print run('/sbin/shorewall disable {}'.format(self.provider_name),dry_run=self.dry_run) print run('/sbin/shorewall disable {}'.format(self.provider_name),dry_run=self.dry_run)
# remove connections # remove connections
if self.last_ip: if self.last_ip:
logger.info('removing conntrack entries') logger.info('removing conntrack entries')
print run('/sbin/ip route flush cache',dry_run=self.dry_run) logger.info(run('/usr/sbin/conntrack -D -s {src}'.format(src=self.last_ip))[1],dry_run=self.dry_run)
#print run('/usr/sbin/conntrack -D -s {src}'.format(src=self.last_ip),dry_run=self.dry_run) logger.info(run('/usr/sbin/conntrack -D -q {src}'.format(src=self.last_ip))[1],dry_run=self.dry_run)
print run('/usr/sbin/conntrack -F',dry_run=self.dry_run)
# be sure there is no default gw in main table so that fallback provider can be reached # be sure there is no default gw in main table so that fallback provider can be reached
self.remove_default_gw() self.remove_default_gw()
# restart openvpn if it was running on this provider # restart openvpn if it was running on this provider
if openvpn: if openvpn:
logger.info('openvpn was running here, restarting openvpn') logger.info('openvpn was running here, restarting openvpn')
print run('/etc/init.d/openvpn restart',dry_run=self.dry_run) print run('/etc/init.d/openvpn start',dry_run=self.dry_run)
self.update_leds() self.update_leds()
print('Routes after provider %s disabling\n%s'%(self.provider_name,run('/sbin/shorewall show routing')))
def remove_default_gw(self): def remove_default_gw(self):
"""Remove default route which could have been added in main routing table and will prevent fallback interface from taking over""" """Remove default route which could have been added in main routing table and will prevent fallback interface from taking over"""
@@ -483,7 +485,6 @@ available == True if actual rtt and loss are below the max_rtt and max_loss
status = self.status, status = self.status,
last_check_time = self.last_check_time, last_check_time = self.last_check_time,
last_ip = self.last_ip, last_ip = self.last_ip,
source_ip = self.source_ip,
device_mac = self.device_mac, device_mac = self.device_mac,
device_type = self.device_type, device_type = self.device_type,
gateway_alive = self.gateway_alive, gateway_alive = self.gateway_alive,