validators/src/NetworkProfilesValidation.py

   1 #! /usr/bin/python
   2 # Copyright 2019 Nokia
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #    http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 import json
  17 import re
  18
  19 from cmdatahandlers.api import validation
  20 from cmframework.apis import cmvalidator
  21 from cmdatahandlers.api import utils
  22
  23
  24 class NetworkProfilesValidation(cmvalidator.CMValidator):
  25     SUBSCRIPTION = r'^cloud\.network_profiles|cloud\.networking$'
  26     DOMAIN = 'cloud.network_profiles'
  27     NETWORKING = 'cloud.networking'
  28
  29     MAX_IFACE_NAME_LEN = 15
  30     IFACE_NAME_MATCH = r'^[a-z][\da-z]+$'
  31     BOND_NAME_MATCH = r'^bond[\d]+$'
  32
  33     INTERFACE_NET_MAPPING = 'interface_net_mapping'
  34     PROVIDER_NETWORK_INTERFACES = 'provider_network_interfaces'
  35     PROVIDER_NETWORKS = 'provider_networks'
  36     SRIOV_PROVIDER_NETWORKS = 'sriov_provider_networks'
  37     INTERFACES = 'interfaces'
  38     TRUSTED = 'trusted'
  39     VF_COUNT = 'vf_count'
  40     TYPE = 'type'
  41     DPDK_MAX_RX_QUEUES = 'dpdk_max_rx_queues'
  42     BONDING_INTERFACES = 'bonding_interfaces'
  43     LINUX_BONDING_OPTIONS = 'linux_bonding_options'
  44     OVS_BONDING_OPTIONS = 'ovs_bonding_options'
  45
  46     TYPE_CAAS = 'caas'
  47     TYPE_OPENSTACK = 'openstack'
  48     TYPE_OVS = 'ovs'
  49     TYPE_OVS_DPDK = 'ovs-dpdk'
  50     TYPE_OVS_OFFLOAD_SRIOV = "ovs-offload-sriov"
  51     TYPE_OVS_OFFLOAD_VIRTIO = "ovs-offload-virtio"
  52     VALID_PROVIDER_TYPES = [TYPE_CAAS,
  53                             TYPE_OVS,
  54                             TYPE_OVS_DPDK,
  55                             TYPE_OVS_OFFLOAD_SRIOV,
  56                             TYPE_OVS_OFFLOAD_VIRTIO]
  57     SINGLE_NIC_UNSUPPORTED_TYPES = [TYPE_CAAS, TYPE_OVS_DPDK]
  58     VALID_SRIOV_TYPES = [TYPE_CAAS, TYPE_OPENSTACK]
  59
  60     MODE_LACP = 'mode=lacp'
  61     MODE_LACP_LAYER34 = 'mode=lacp-layer34'
  62     MODE_AB = 'mode=active-backup'
  63     VALID_BONDING_OPTIONS = [MODE_LACP, MODE_LACP_LAYER34, MODE_AB]
  64
  65     VLAN_RANGES = 'vlan_ranges'
  66     VLAN = 'vlan'
  67     MTU = 'mtu'
  68     DEFAULT_MTU = 1500
  69     NETWORK_DOMAINS = 'network_domains'
  70
  71     UNTAGGED = 'untagged'
  72
  73     INPUT_ERR_CONTEXT = 'validate_set() input'
  74     ERR_INPUT_NOT_DICT = 'Invalid %s, not a dictionary' % INPUT_ERR_CONTEXT
  75
  76     ERR_MISSING = 'Missing {1} configuration in {0}'
  77     ERR_NOT_DICT = 'Invalid {1} value in {0}: Empty or not a dictionary'
  78     ERR_NOT_LIST = 'Invalid {1} value in {0}: Empty, contains duplicates or not a list'
  79     ERR_NOT_STR = 'Invalid {1} value in {0}: Not a string'
  80     ERR_NOT_INT = 'Invalid {1} value in {0}: Not an integer'
  81     ERR_NOT_BOOL = 'Invalid {1} value in {0}: Not a boolean value'
  82
  83     ERR_INVALID_IFACE_NAME = 'Invalid interface name in {}'
  84     ERR_IFACE_NAME_LEN = 'Too long interface name in {}, max %s chars' % MAX_IFACE_NAME_LEN
  85     ERR_IFACE_VLAN = 'Interface in {0} cannot be vlan interface: {1}'
  86     ERR_IFACE_BOND = 'Interface in {0} cannot be bond interface: {1}'
  87     ERR_IFACE_NOT_BOND = 'Invalid bonding interface name {1} in {0}'
  88     ERR_NET_MAPPING_CONFLICT = 'Network {1} mapped to multiple interfaces in {0}'
  89     ERR_UNTAGGED_INFRA_CONFLICT = 'Multiple untagged networks on interface {1} in {0}'
  90     ERR_UNTAGGED_MTU_SIZE = 'Untagged network {1} in {0} has too small MTU, ' + \
  91                             'VLAN tagged networks with bigger MTU exists on the same interface'
  92
  93     ERR_INVALID_PROVIDER_TYPE = \
  94         'Invalid provider network type for interface {}, valid types: %s' % \
  95         VALID_PROVIDER_TYPES
  96     ERR_INVALID_SRIOV_TYPE = \
  97         'Invalid sr-iov network type for network {}, valid types: %s' % \
  98         VALID_SRIOV_TYPES
  99
 100     ERR_DPDK_MAX_RX_QUEUES = 'Invalid %s value {}, must be positive integer' % DPDK_MAX_RX_QUEUES
 101     ERR_MISSPLACED_MTU = 'Missplaced MTU inside %s interface {}' % PROVIDER_NETWORK_INTERFACES
 102     ERR_OVS_TYPE_CONFLICT = 'Cannot have both %s and %s types of provider networks in {}' % \
 103         (TYPE_OVS, TYPE_OVS_DPDK)
 104     ERR_DPDK_SRIOV_CONFLICT = 'Cannot have both %s and sr-iov on same interface in {}' % \
 105         TYPE_OVS_DPDK
 106     ERR_OFFLOAD_SRIOV_CONFLICT = 'Cannot have both %s and sr-iov on same profile in {}' % \
 107         TYPE_OVS_OFFLOAD_SRIOV
 108     ERR_OFFLOAD_DPDK_CONFLICT = 'Cannot have both %s and %s types of provider networks in {}' % \
 109         (TYPE_OVS_OFFLOAD_SRIOV, TYPE_OVS_DPDK)
 110
 111     ERR_INVALID_BONDING_OPTIONS = 'Invalid {1} in {0}, valid options: %s' % VALID_BONDING_OPTIONS
 112     ERR_MISSING_BOND = 'Missing bonding interface definition for {1} in {0}'
 113     ERR_LACP_SLAVE_COUNT = 'Invalid bonding slave interface count for {1} in {0} ' + \
 114         'at least two interfaces required with %s' % MODE_LACP
 115     ERR_AB_SLAVE_COUNT = 'Invalid bonding slave interface count for {1} in {0}, ' + \
 116         'exactly two interfaces required with %s' % MODE_AB
 117     ERR_SLAVE_CONFLICT = 'Same interface mapped to multiple bond interfaces in {}'
 118     ERR_SLAVE_IN_NET = 'Network physical interface {1} mapped also as part of bond in {0}'
 119
 120     ERR_SRIOV_MTU_SIZE = 'SR-IOV network {0} MTU {1} cannot be greater than interface {2} MTU {3}'
 121     ERR_SRIOV_INFRA_VLAN_CONFLICT = \
 122         'SR-IOV network {} vlan range is conflicting with infra network vlan'
 123     ERR_SRIOV_PROVIDER_VLAN_CONFLICT = \
 124         'SR-IOV network {} vlan range is conflicting with other provider network vlan'
 125     ERR_SINGLE_NIC_VIOLATION = \
 126         'Provider and infra networks on the same interface in {}: ' + \
 127         'Supported only if all networks on the same interface'
 128     ERR_SINGLE_NIC_PROVIDER_TYPE = \
 129         'Provider and infra networks on the same interface in {0}: ' + \
 130         'Not supported for {1} type of provider networks'
 131     ERR_INFRA_PROVIDER_VLAN_CONFLICT = \
 132         'Provider network {} vlan range is conflicting with infra network vlan'
 133     ERR_INFRA_PROVIDER_UNTAGGED_CONFLICT = \
 134         'Sharing untagged infra and provider network {} not supported'
 135     ERR_SRIOV_LACP_CONFLICT = 'Bonding mode %s not supported with SR-IOV networks' % MODE_LACP
 136     ERR_SRIOV_IFACE_CONFLICT = 'Same interface mapped to multiple SR-IOV networks in {}'
 137     ERR_VF_COUNT = 'SR-IOV network {} %s must be positive integer' % VF_COUNT
 138
 139     ERR_PROVIDER_VLAN_CONFLICT = 'Provider network vlan ranges conflicting on interface {}'
 140
 141     @staticmethod
 142     def err_input_not_dict():
 143         err = NetworkProfilesValidation.ERR_INPUT_NOT_DICT
 144         raise validation.ValidationError(err)
 145
 146     @staticmethod
 147     def err_missing(context, key):
 148         err = NetworkProfilesValidation.ERR_MISSING.format(context, key)
 149         raise validation.ValidationError(err)
 150
 151     @staticmethod
 152     def err_not_dict(context, key):
 153         err = NetworkProfilesValidation.ERR_NOT_DICT.format(context, key)
 154         raise validation.ValidationError(err)
 155
 156     @staticmethod
 157     def err_not_list(context, key):
 158         err = NetworkProfilesValidation.ERR_NOT_LIST.format(context, key)
 159         raise validation.ValidationError(err)
 160
 161     @staticmethod
 162     def err_not_str(context, key):
 163         raise validation.ValidationError(NetworkProfilesValidation.ERR_NOT_STR.format(context, key))
 164
 165     @staticmethod
 166     def err_not_int(context, key):
 167         raise validation.ValidationError(NetworkProfilesValidation.ERR_NOT_INT.format(context, key))
 168
 169     @staticmethod
 170     def err_not_bool(context, key):
 171         err = NetworkProfilesValidation.ERR_NOT_BOOL.format(context, key)
 172         raise validation.ValidationError(err)
 173
 174     @staticmethod
 175     def err_invalid_iface_name(context):
 176         err = NetworkProfilesValidation.ERR_INVALID_IFACE_NAME.format(context)
 177         raise validation.ValidationError(err)
 178
 179     @staticmethod
 180     def err_iface_name_len(context):
 181         err = NetworkProfilesValidation.ERR_IFACE_NAME_LEN.format(context)
 182         raise validation.ValidationError(err)
 183
 184     @staticmethod
 185     def err_iface_vlan(context, iface):
 186         err = NetworkProfilesValidation.ERR_IFACE_VLAN.format(context, iface)
 187         raise validation.ValidationError(err)
 188
 189     @staticmethod
 190     def err_iface_bond(context, iface):
 191         err = NetworkProfilesValidation.ERR_IFACE_BOND.format(context, iface)
 192         raise validation.ValidationError(err)
 193
 194     @staticmethod
 195     def err_provnet_type(iface):
 196         err = NetworkProfilesValidation.ERR_INVALID_PROVIDER_TYPE.format(iface)
 197         raise validation.ValidationError(err)
 198
 199     @staticmethod
 200     def err_sriov_type(network):
 201         err = NetworkProfilesValidation.ERR_INVALID_SRIOV_TYPE.format(network)
 202         raise validation.ValidationError(err)
 203
 204     @staticmethod
 205     def err_dpdk_max_rx_queues(value):
 206         err = NetworkProfilesValidation.ERR_DPDK_MAX_RX_QUEUES.format(value)
 207         raise validation.ValidationError(err)
 208
 209     @staticmethod
 210     def err_missplaced_mtu(iface):
 211         err = NetworkProfilesValidation.ERR_MISSPLACED_MTU.format(iface)
 212         raise validation.ValidationError(err)
 213
 214     @staticmethod
 215     def err_iface_not_bond(context, iface):
 216         err = NetworkProfilesValidation.ERR_IFACE_NOT_BOND.format(context, iface)
 217         raise validation.ValidationError(err)
 218
 219     @staticmethod
 220     def err_bonding_options(profile, options_type):
 221         err = NetworkProfilesValidation.ERR_INVALID_BONDING_OPTIONS.format(profile, options_type)
 222         raise validation.ValidationError(err)
 223
 224     @staticmethod
 225     def err_missing_bond_def(profile, iface):
 226         err = NetworkProfilesValidation.ERR_MISSING_BOND.format(profile, iface)
 227         raise validation.ValidationError(err)
 228
 229     @staticmethod
 230     def err_lacp_slave_count(profile, iface):
 231         err = NetworkProfilesValidation.ERR_LACP_SLAVE_COUNT.format(profile, iface)
 232         raise validation.ValidationError(err)
 233
 234     @staticmethod
 235     def err_ab_slave_count(profile, iface):
 236         err = NetworkProfilesValidation.ERR_AB_SLAVE_COUNT.format(profile, iface)
 237         raise validation.ValidationError(err)
 238
 239     @staticmethod
 240     def err_slave_conflict(profile):
 241         err = NetworkProfilesValidation.ERR_SLAVE_CONFLICT.format(profile)
 242         raise validation.ValidationError(err)
 243
 244     @staticmethod
 245     def err_slave_in_net(profile, iface):
 246         err = NetworkProfilesValidation.ERR_SLAVE_IN_NET.format(profile, iface)
 247         raise validation.ValidationError(err)
 248
 249     @staticmethod
 250     def err_ovs_type_conflict(profile):
 251         err = NetworkProfilesValidation.ERR_OVS_TYPE_CONFLICT.format(profile)
 252         raise validation.ValidationError(err)
 253
 254     @staticmethod
 255     def err_offload_dpdk_conflict(profile):
 256         err = NetworkProfilesValidation.ERR_OFFLOAD_DPDK_CONFLICT.format(profile)
 257         raise validation.ValidationError(err)
 258
 259     @staticmethod
 260     def err_dpdk_sriov_conflict(profile):
 261         err = NetworkProfilesValidation.ERR_DPDK_SRIOV_CONFLICT.format(profile)
 262         raise validation.ValidationError(err)
 263
 264     @staticmethod
 265     def err_offload_sriov_conflict(profile):
 266         err = NetworkProfilesValidation.ERR_OFFLOAD_SRIOV_CONFLICT.format(profile)
 267         raise validation.ValidationError(err)
 268
 269     @staticmethod
 270     def err_net_mapping_conflict(profile, network):
 271         err = NetworkProfilesValidation.ERR_NET_MAPPING_CONFLICT.format(profile, network)
 272         raise validation.ValidationError(err)
 273
 274     @staticmethod
 275     def err_untagged_infra_conflict(profile, iface):
 276         err = NetworkProfilesValidation.ERR_UNTAGGED_INFRA_CONFLICT.format(profile, iface)
 277         raise validation.ValidationError(err)
 278
 279     @staticmethod
 280     def err_untagged_mtu_size(context, network):
 281         err = NetworkProfilesValidation.ERR_UNTAGGED_MTU_SIZE.format(context, network)
 282         raise validation.ValidationError(err)
 283
 284     @staticmethod
 285     def err_sriov_mtu_size(sriov_net, sriov_mtu, phys_iface, iface_mtu):
 286         err = NetworkProfilesValidation.ERR_SRIOV_MTU_SIZE.format(sriov_net, sriov_mtu,
 287                                                                   phys_iface, iface_mtu)
 288         raise validation.ValidationError(err)
 289
 290     @staticmethod
 291     def err_sriov_infra_vlan_conflict(network):
 292         err = NetworkProfilesValidation.ERR_SRIOV_INFRA_VLAN_CONFLICT.format(network)
 293         raise validation.ValidationError(err)
 294
 295     @staticmethod
 296     def err_sriov_provider_vlan_conflict(network):
 297         err = NetworkProfilesValidation.ERR_SRIOV_PROVIDER_VLAN_CONFLICT.format(network)
 298         raise validation.ValidationError(err)
 299
 300     @staticmethod
 301     def err_single_nic_violation(profile):
 302         err = NetworkProfilesValidation.ERR_SINGLE_NIC_VIOLATION.format(profile)
 303         raise validation.ValidationError(err)
 304
 305     @staticmethod
 306     def err_single_nic_provider_type(profile, provider_type):
 307         err = NetworkProfilesValidation.ERR_SINGLE_NIC_PROVIDER_TYPE.format(profile, provider_type)
 308         raise validation.ValidationError(err)
 309
 310     @staticmethod
 311     def err_infra_provider_vlan_conflict(network):
 312         err = NetworkProfilesValidation.ERR_INFRA_PROVIDER_VLAN_CONFLICT.format(network)
 313         raise validation.ValidationError(err)
 314
 315     @staticmethod
 316     def err_infra_provider_untagged_conflict(network):
 317         err = NetworkProfilesValidation.ERR_INFRA_PROVIDER_UNTAGGED_CONFLICT.format(network)
 318         raise validation.ValidationError(err)
 319
 320     @staticmethod
 321     def err_sriov_lacp_conflict():
 322         err = NetworkProfilesValidation.ERR_SRIOV_LACP_CONFLICT
 323         raise validation.ValidationError(err)
 324
 325     @staticmethod
 326     def err_sriov_iface_conflict():
 327         err = NetworkProfilesValidation.ERR_SRIOV_IFACE_CONFLICT
 328         raise validation.ValidationError(err)
 329
 330     @staticmethod
 331     def err_vf_count(network):
 332         err = NetworkProfilesValidation.ERR_VF_COUNT.format(network)
 333         raise validation.ValidationError(err)
 334
 335     @staticmethod
 336     def err_provider_vlan_conflict(iface):
 337         err = NetworkProfilesValidation.ERR_PROVIDER_VLAN_CONFLICT.format(iface)
 338         raise validation.ValidationError(err)
 339
 340     @staticmethod
 341     def is_dict(conf):
 342         return isinstance(conf, dict)
 343
 344     @staticmethod
 345     def is_bond_iface(iface):
 346         return re.match(NetworkProfilesValidation.BOND_NAME_MATCH, iface)
 347
 348     @staticmethod
 349     def is_non_empty_dict(conf):
 350         return isinstance(conf, dict) and len(conf) > 0
 351
 352     @staticmethod
 353     def key_exists(conf_dict, key):
 354         return key in conf_dict
 355
 356     @staticmethod
 357     def val_is_int(conf_dict, key):
 358         return isinstance(conf_dict[key], (int, long))
 359
 360     @staticmethod
 361     def val_is_bool(conf_dict, key):
 362         return isinstance(conf_dict[key], bool)
 363
 364     @staticmethod
 365     def val_is_str(conf_dict, key):
 366         return isinstance(conf_dict[key], basestring)
 367
 368     @staticmethod
 369     def val_is_non_empty_list(conf_dict, key):
 370         return (isinstance(conf_dict[key], list) and
 371                 len(conf_dict[key]) > 0 and
 372                 len(conf_dict[key]) == len(set(conf_dict[key])))
 373
 374     @staticmethod
 375     def val_is_non_empty_dict(conf_dict, key):
 376         return NetworkProfilesValidation.is_non_empty_dict(conf_dict[key])
 377
 378     @staticmethod
 379     def key_must_exist(conf_dict, entry, key):
 380         if not NetworkProfilesValidation.key_exists(conf_dict[entry], key):
 381             NetworkProfilesValidation.err_missing(entry, key)
 382
 383     @staticmethod
 384     def must_be_str(conf_dict, entry, key):
 385         NetworkProfilesValidation.key_must_exist(conf_dict, entry, key)
 386         if not NetworkProfilesValidation.val_is_str(conf_dict[entry], key):
 387             NetworkProfilesValidation.err_not_str(entry, key)
 388
 389     @staticmethod
 390     def must_be_list(conf_dict, entry, key):
 391         NetworkProfilesValidation.key_must_exist(conf_dict, entry, key)
 392         if not NetworkProfilesValidation.val_is_non_empty_list(conf_dict[entry], key):
 393             NetworkProfilesValidation.err_not_list(entry, key)
 394
 395     @staticmethod
 396     def must_be_dict(conf_dict, entry, key):
 397         NetworkProfilesValidation.key_must_exist(conf_dict, entry, key)
 398         if not NetworkProfilesValidation.val_is_non_empty_dict(conf_dict[entry], key):
 399             NetworkProfilesValidation.err_not_dict(entry, key)
 400
 401     @staticmethod
 402     def exists_as_dict(conf_dict, entry, key):
 403         if not NetworkProfilesValidation.key_exists(conf_dict[entry], key):
 404             return False
 405         if not NetworkProfilesValidation.val_is_non_empty_dict(conf_dict[entry], key):
 406             NetworkProfilesValidation.err_not_dict(entry, key)
 407         return True
 408
 409     @staticmethod
 410     def exists_as_int(conf_dict, entry, key):
 411         if not NetworkProfilesValidation.key_exists(conf_dict[entry], key):
 412             return False
 413         if not NetworkProfilesValidation.val_is_int(conf_dict[entry], key):
 414             NetworkProfilesValidation.err_not_int(entry, key)
 415         return True
 416
 417     @staticmethod
 418     def are_overlapping(ranges1, ranges2):
 419         for range1 in ranges1:
 420             for range2 in ranges2:
 421                 if not (range1[0] > range2[1] or range1[1] < range2[0]):
 422                     return True
 423         return False
 424
 425     def __init__(self):
 426         cmvalidator.CMValidator.__init__(self)
 427         self.conf = None
 428         self.networking = None
 429
 430     def get_subscription_info(self):
 431         return self.SUBSCRIPTION
 432
 433     def validate_set(self, props):
 434         if not self.is_dict(props):
 435             self.err_input_not_dict()
 436
 437         if not (self.key_exists(props, self.DOMAIN) or
 438                 self.key_exists(props, self.NETWORKING)):
 439             self.err_missing(self.INPUT_ERR_CONTEXT,
 440                              '{} or {}'.format(self.DOMAIN, self.NETWORKING))
 441
 442         if self.key_exists(props, self.DOMAIN):
 443             if not props[self.DOMAIN]:
 444                 self.err_not_dict(self.INPUT_ERR_CONTEXT, self.DOMAIN)
 445             self.conf = json.loads(props[self.DOMAIN])
 446         else:
 447             self.conf = json.loads(self.get_plugin_client().get_property(self.DOMAIN))
 448
 449         if not self.is_non_empty_dict(self.conf):
 450             self.err_not_dict(self.INPUT_ERR_CONTEXT, self.DOMAIN)
 451
 452         if self.key_exists(props, self.NETWORKING):
 453             if not props[self.NETWORKING]:
 454                 self.err_not_dict(self.INPUT_ERR_CONTEXT, self.NETWORKING)
 455             self.networking = json.loads(props[self.NETWORKING])
 456         else:
 457             self.networking = json.loads(self.get_plugin_client().get_property(self.NETWORKING))
 458
 459         if not self.is_non_empty_dict(self.networking):
 460             self.err_not_dict(self.INPUT_ERR_CONTEXT, self.NETWORKING)
 461
 462         self.validate()
 463
 464     def validate(self):
 465         for profile_name in self.conf:
 466             if not self.val_is_non_empty_dict(self.conf, profile_name):
 467                 self.err_not_dict(self.DOMAIN, profile_name)
 468             self.validate_network_profile(profile_name)
 469
 470     def validate_network_profile(self, profile_name):
 471         self.validate_interface_net_mapping(profile_name)
 472         self.validate_bonding_interfaces(profile_name)
 473         self.validate_bonding_options(profile_name)
 474         self.validate_provider_net_ifaces(profile_name)
 475         self.validate_network_integrity(profile_name)
 476         self.validate_sriov_provider_networks(profile_name)
 477         self.validate_provider_networks(profile_name)
 478
 479     def validate_interface_net_mapping(self, profile_name):
 480         self.must_be_dict(self.conf, profile_name, self.INTERFACE_NET_MAPPING)
 481         networks = []
 482         for iface in self.conf[profile_name][self.INTERFACE_NET_MAPPING]:
 483             self.validate_iface_name(self.INTERFACE_NET_MAPPING, iface)
 484             self.validate_not_vlan(self.INTERFACE_NET_MAPPING, iface)
 485             self.must_be_list(self.conf[profile_name], self.INTERFACE_NET_MAPPING, iface)
 486             iface_nets = self.conf[profile_name][self.INTERFACE_NET_MAPPING][iface]
 487             self.validate_used_infra_networks_defined(iface_nets)
 488             for domain in self.get_network_domains(iface_nets):
 489                 self.validate_untagged_infra_integrity(iface_nets, iface, profile_name, domain)
 490             networks.extend(iface_nets)
 491         self.validate_networks_mapped_only_once(profile_name, networks)
 492
 493     def validate_used_infra_networks_defined(self, networks):
 494         for net in networks:
 495             if not self.key_exists(self.networking, net):
 496                 self.err_missing(self.NETWORKING, net)
 497             self.must_be_dict(self.networking, net, self.NETWORK_DOMAINS)
 498             for domain in self.networking[net][self.NETWORK_DOMAINS]:
 499                 self.must_be_dict(self.networking[net], self.NETWORK_DOMAINS, domain)
 500
 501     def get_network_domains(self, networks):
 502         domains = set()
 503         for net in networks:
 504             domains.update(self.networking[net][self.NETWORK_DOMAINS].keys())
 505         return domains
 506
 507     def validate_untagged_infra_integrity(self, iface_nets, iface, profile_name, network_domain):
 508         untagged_infras = []
 509         untagged_mtu = None
 510         max_vlan_mtu = 0
 511         default_mtu = self.get_default_mtu()
 512
 513         for net in iface_nets:
 514             if self.key_exists(self.networking[net][self.NETWORK_DOMAINS], network_domain):
 515                 if not self.key_exists(self.networking[net][self.NETWORK_DOMAINS][network_domain],
 516                                        self.VLAN):
 517                     untagged_infras.append(net)
 518                     if self.exists_as_int(self.networking, net, self.MTU):
 519                         untagged_mtu = self.networking[net][self.MTU]
 520                     else:
 521                         untagged_mtu = default_mtu
 522                 else:
 523                     if self.exists_as_int(self.networking, net, self.MTU):
 524                         mtu = self.networking[net][self.MTU]
 525                     else:
 526                         mtu = default_mtu
 527                     if mtu > max_vlan_mtu:
 528                         max_vlan_mtu = mtu
 529
 530         if not utils.is_virtualized():
 531             if len(untagged_infras) > 1:
 532                 self.err_untagged_infra_conflict(profile_name, iface)
 533
 534         if untagged_mtu and untagged_mtu < max_vlan_mtu:
 535             self.err_untagged_mtu_size(self.NETWORKING, untagged_infras[0])
 536
 537     def validate_bonding_interfaces(self, profile_name):
 538         slaves = []
 539         if self.exists_as_dict(self.conf, profile_name, self.BONDING_INTERFACES):
 540             for iface in self.conf[profile_name][self.BONDING_INTERFACES]:
 541                 self.validate_iface_name(self.BONDING_INTERFACES, iface)
 542                 if not self.is_bond_iface(iface):
 543                     self.err_iface_not_bond(self.BONDING_INTERFACES, iface)
 544                 self.must_be_list(self.conf[profile_name], self.BONDING_INTERFACES, iface)
 545                 for slave in self.conf[profile_name][self.BONDING_INTERFACES][iface]:
 546                     self.validate_bond_slave(iface, slave)
 547                     slaves.append(slave)
 548             if len(slaves) != len(set(slaves)):
 549                 self.err_slave_conflict(profile_name)
 550
 551     def validate_bond_slave(self, iface, slave):
 552         self.validate_iface_name(iface, slave)
 553         self.validate_not_vlan(iface, slave)
 554         self.validate_not_bond(iface, slave)
 555
 556     def validate_not_bond(self, context, iface):
 557         if 'bond' in iface:
 558             self.err_iface_bond(context, iface)
 559
 560     def validate_bonding_options(self, profile_name):
 561         self.validate_bonding_option(profile_name, self.LINUX_BONDING_OPTIONS)
 562         self.validate_bonding_option(profile_name, self.OVS_BONDING_OPTIONS)
 563
 564     def validate_bonding_option(self, profile_name, options_type):
 565         if self.key_exists(self.conf[profile_name], options_type):
 566             if self.conf[profile_name][options_type] not in self.VALID_BONDING_OPTIONS:
 567                 self.err_bonding_options(profile_name, options_type)
 568
 569     def validate_provider_net_ifaces(self, profile_name):
 570         if self.exists_as_dict(self.conf, profile_name, self.PROVIDER_NETWORK_INTERFACES):
 571             types = set()
 572             networks = []
 573             for iface in self.conf[profile_name][self.PROVIDER_NETWORK_INTERFACES]:
 574                 self.validate_iface_name(self.PROVIDER_NETWORK_INTERFACES, iface)
 575                 self.validate_not_vlan(self.PROVIDER_NETWORK_INTERFACES, iface)
 576                 provnet_ifaces_conf = self.conf[profile_name][self.PROVIDER_NETWORK_INTERFACES]
 577                 self.validate_provider_net_type(provnet_ifaces_conf, iface)
 578                 self.validate_provider_net_vf_count(provnet_ifaces_conf, iface)
 579                 self.validate_dpdk_max_rx_queues(provnet_ifaces_conf, iface)
 580                 self.validate_no_mtu(provnet_ifaces_conf, iface)
 581                 self.must_be_list(provnet_ifaces_conf, iface, self.PROVIDER_NETWORKS)
 582                 types.add(provnet_ifaces_conf[iface][self.TYPE])
 583                 networks.extend(provnet_ifaces_conf[iface][self.PROVIDER_NETWORKS])
 584             if self.TYPE_OVS_DPDK in types and self.TYPE_OVS in types:
 585                 self.err_ovs_type_conflict(profile_name)
 586             if self.TYPE_OVS_DPDK in types and self.TYPE_OVS_OFFLOAD_SRIOV in types:
 587                 self.err_offload_dpdk_conflict(profile_name)
 588             self.validate_networks_mapped_only_once(profile_name, networks)
 589             self.validate_used_provider_networks_defined(networks)
 590
 591     def validate_sriov_provider_networks(self, profile_name):
 592         if self.exists_as_dict(self.conf, profile_name, self.SRIOV_PROVIDER_NETWORKS):
 593             networks = self.conf[profile_name][self.SRIOV_PROVIDER_NETWORKS]
 594             self.validate_used_provider_networks_defined(networks)
 595             sriov_ifaces = []
 596             for network in networks:
 597                 if (self.exists_as_int(networks, network, self.VF_COUNT) and
 598                         networks[network][self.VF_COUNT] < 1):
 599                     self.err_vf_count(network)
 600                 if (self.key_exists(networks[network], self.TRUSTED) and
 601                         not self.val_is_bool(networks[network], self.TRUSTED)):
 602                     self.err_not_bool(network, self.TRUSTED)
 603                 if (self.key_exists(networks[network], self.TYPE) and
 604                         networks[network][self.TYPE] not in self.VALID_SRIOV_TYPES):
 605                     self.err_sriov_type(network)
 606                 self.must_be_list(networks, network, self.INTERFACES)
 607                 for iface in networks[network][self.INTERFACES]:
 608                     sriov_ifaces.append(iface)
 609                     self.validate_iface_name(network, iface)
 610                     self.validate_not_vlan(network, iface)
 611                     self.validate_not_bond(network, iface)
 612                     self.validate_not_part_of_lacp(self.conf[profile_name], iface)
 613                     infra_info = self.get_iface_infra_info(self.conf[profile_name], iface)
 614                     if infra_info is not None:
 615                         self.validate_shared_sriov_infra(network, iface, infra_info)
 616                     provider_info = self.get_iface_provider_info(self.conf[profile_name], iface)
 617                     if provider_info[self.TYPE] == self.TYPE_OVS_DPDK:
 618                         self.err_dpdk_sriov_conflict(profile_name)
 619                     if provider_info[self.TYPE] == self.TYPE_OVS_OFFLOAD_SRIOV:
 620                         self.err_offload_sriov_conflict(profile_name)
 621                     if provider_info[self.VLAN_RANGES]:
 622                         self.validate_shared_sriov_provider(network,
 623                                                             provider_info[self.VLAN_RANGES])
 624             if len(sriov_ifaces) != len(set(sriov_ifaces)):
 625                 self.err_sriov_iface_conflict()
 626
 627     def validate_provider_networks(self, profile_name):
 628         if self.key_exists(self.conf[profile_name], self.PROVIDER_NETWORK_INTERFACES):
 629             for iface in self.conf[profile_name][self.PROVIDER_NETWORK_INTERFACES]:
 630                 iface_info = self.conf[profile_name][self.PROVIDER_NETWORK_INTERFACES][iface]
 631                 vlan_ranges_list = []
 632                 for network in iface_info[self.PROVIDER_NETWORKS]:
 633                     vlan_ranges = self.get_vlan_ranges(network)
 634                     vlan_ranges_list.append(vlan_ranges)
 635                     infra_info = self.get_iface_infra_info(self.conf[profile_name], iface)
 636                     if infra_info is not None:
 637                         if (len(self.conf[profile_name][self.PROVIDER_NETWORK_INTERFACES]) > 1 or
 638                                 len(self.conf[profile_name][self.INTERFACE_NET_MAPPING]) > 1):
 639                             self.err_single_nic_violation(profile_name)
 640                         if iface_info[self.TYPE] in self.SINGLE_NIC_UNSUPPORTED_TYPES:
 641                             self.err_single_nic_provider_type(profile_name, iface_info[self.TYPE])
 642                         self.validate_shared_infra_provider(network, infra_info, vlan_ranges)
 643                 for idx, ranges1 in enumerate(vlan_ranges_list):
 644                     for ranges2 in vlan_ranges_list[(idx+1):]:
 645                         if self.are_overlapping(ranges1, ranges2):
 646                             self.err_provider_vlan_conflict(iface)
 647
 648     def validate_not_part_of_lacp(self, profile_conf, iface):
 649         if self.key_exists(profile_conf, self.PROVIDER_NETWORK_INTERFACES):
 650             for prov_iface, prov in profile_conf[self.PROVIDER_NETWORK_INTERFACES].iteritems():
 651                 if self.is_bond_iface(prov_iface):
 652                     if iface in profile_conf[self.BONDING_INTERFACES][prov_iface]:
 653                         bonding_type = self.OVS_BONDING_OPTIONS \
 654                             if prov[self.TYPE] != self.TYPE_CAAS else self.LINUX_BONDING_OPTIONS
 655                         if profile_conf[bonding_type] == self.MODE_LACP:
 656                             self.err_sriov_lacp_conflict()
 657                         # part of ovs bonding
 658                         # do not check linux bonding options even if shared with infra networks
 659                         return
 660         for infra_iface in profile_conf[self.INTERFACE_NET_MAPPING]:
 661             if self.is_bond_iface(infra_iface):
 662                 if iface in profile_conf[self.BONDING_INTERFACES][infra_iface]:
 663                     if profile_conf[self.LINUX_BONDING_OPTIONS] == self.MODE_LACP:
 664                         self.err_sriov_lacp_conflict()
 665                     break
 666
 667     def validate_shared_sriov_infra(self, sriov_net, iface, infra_info):
 668         sriov_info = self.get_sriov_info(sriov_net)
 669         if sriov_info[self.MTU] > infra_info[self.MTU]:
 670             self.err_sriov_mtu_size(sriov_net, sriov_info[self.MTU], iface, infra_info[self.MTU])
 671         for vlan_range in sriov_info[self.VLAN_RANGES]:
 672             for infra_vlan in infra_info[self.VLAN]:
 673                 if not (infra_vlan < vlan_range[0] or infra_vlan > vlan_range[1]):
 674                     self.err_sriov_infra_vlan_conflict(sriov_net)
 675
 676     def validate_shared_sriov_provider(self, sriov_net, ovs_vlan_ranges):
 677         sriov_vlan_ranges = self.get_vlan_ranges(sriov_net)
 678         if self.are_overlapping(sriov_vlan_ranges, ovs_vlan_ranges):
 679             self.err_sriov_provider_vlan_conflict(sriov_net)
 680
 681     def validate_shared_infra_provider(self, provider_net, infra_info, vlan_ranges):
 682         if infra_info[self.UNTAGGED]:
 683             self.err_infra_provider_untagged_conflict(provider_net)
 684         for vlan in infra_info[self.VLAN]:
 685             for vlan_range in vlan_ranges:
 686                 if not (vlan_range[0] > vlan or vlan_range[1] < vlan):
 687                     self.err_infra_provider_vlan_conflict(provider_net)
 688
 689     def get_iface_infra_info(self, profile_conf, iface):
 690         infra_info = {self.VLAN: [], self.MTU: 0, self.UNTAGGED: False}
 691         default_mtu = self.get_default_mtu()
 692         infra_iface = self.get_master_iface(profile_conf, iface)
 693
 694         if self.key_exists(profile_conf[self.INTERFACE_NET_MAPPING], infra_iface):
 695             for infra in profile_conf[self.INTERFACE_NET_MAPPING][infra_iface]:
 696                 for domain in self.networking[infra][self.NETWORK_DOMAINS].itervalues():
 697                     if self.key_exists(domain, self.VLAN):
 698                         infra_info[self.VLAN].append(domain[self.VLAN])
 699                     else:
 700                         infra_info[self.UNTAGGED] = True
 701                 if self.exists_as_int(self.networking, infra, self.MTU):
 702                     mtu = self.networking[infra][self.MTU]
 703                 else:
 704                     mtu = default_mtu
 705                 if mtu > infra_info[self.MTU]:
 706                     infra_info[self.MTU] = mtu
 707
 708         if infra_info[self.MTU] == 0:
 709             return None
 710
 711         return infra_info
 712
 713     def get_iface_provider_info(self, profile_conf, iface):
 714         provider_info = {self.TYPE: None, self.VLAN_RANGES: []}
 715         provider_iface = self.get_master_iface(profile_conf, iface)
 716
 717         if self.key_exists(profile_conf, self.PROVIDER_NETWORK_INTERFACES):
 718             if self.key_exists(profile_conf[self.PROVIDER_NETWORK_INTERFACES], provider_iface):
 719                 iface_info = profile_conf[self.PROVIDER_NETWORK_INTERFACES][provider_iface]
 720                 provider_info[self.TYPE] = iface_info[self.TYPE]
 721                 for network in iface_info[self.PROVIDER_NETWORKS]:
 722                     provider_info[self.VLAN_RANGES].extend(self.get_vlan_ranges(network))
 723
 724         return provider_info
 725
 726     def get_master_iface(self, profile_conf, slave_iface):
 727         if self.key_exists(profile_conf, self.BONDING_INTERFACES):
 728             for bond in profile_conf[self.BONDING_INTERFACES]:
 729                 if slave_iface in profile_conf[self.BONDING_INTERFACES][bond]:
 730                     return bond
 731         return slave_iface
 732
 733     def get_sriov_info(self, network):
 734         sriov_info = {self.VLAN_RANGES: []}
 735         if self.exists_as_int(self.networking[self.PROVIDER_NETWORKS], network, self.MTU):
 736             sriov_info[self.MTU] = self.networking[self.PROVIDER_NETWORKS][network][self.MTU]
 737         else:
 738             sriov_info[self.MTU] = self.get_default_mtu()
 739         sriov_info[self.VLAN_RANGES] = self.get_vlan_ranges(network)
 740         return sriov_info
 741
 742     def get_vlan_ranges(self, network):
 743         vlan_ranges = []
 744         networks = self.networking[self.PROVIDER_NETWORKS]
 745         self.must_be_str(networks, network, self.VLAN_RANGES)
 746         for vlan_range in networks[network][self.VLAN_RANGES].split(','):
 747             vids = vlan_range.split(':')
 748             if len(vids) != 2:
 749                 break
 750             try:
 751                 start = int(vids[0])
 752                 end = int(vids[1])
 753             except ValueError:
 754                 break
 755             if end >= start:
 756                 vlan_ranges.append([start, end])
 757         return vlan_ranges
 758
 759     def get_default_mtu(self):
 760         if (self.key_exists(self.networking, self.MTU) and
 761                 self.val_is_int(self.networking, self.MTU)):
 762             return self.networking[self.MTU]
 763         return self.DEFAULT_MTU
 764
 765     def validate_iface_name(self, context, iface):
 766         if not isinstance(iface, basestring) or not re.match(self.IFACE_NAME_MATCH, iface):
 767             self.err_invalid_iface_name(context)
 768         if len(iface) > self.MAX_IFACE_NAME_LEN:
 769             self.err_iface_name_len(context)
 770
 771     def validate_not_vlan(self, context, iface):
 772         if 'vlan' in iface:
 773             self.err_iface_vlan(context, iface)
 774
 775     def validate_provider_net_type(self, provnet_ifaces_conf, iface):
 776         self.must_be_str(provnet_ifaces_conf, iface, self.TYPE)
 777         if provnet_ifaces_conf[iface][self.TYPE] not in self.VALID_PROVIDER_TYPES:
 778             self.err_provnet_type(iface)
 779
 780     def validate_provider_net_vf_count(self, provnet_ifaces_conf, iface):
 781         if self.exists_as_int(provnet_ifaces_conf, iface, self.VF_COUNT):
 782             value = provnet_ifaces_conf[iface][self.VF_COUNT]
 783             if value < 1:
 784                 self.err_vf_count(iface)
 785
 786     def validate_dpdk_max_rx_queues(self, provnet_ifaces_conf, iface):
 787         if self.exists_as_int(provnet_ifaces_conf, iface, self.DPDK_MAX_RX_QUEUES):
 788             value = provnet_ifaces_conf[iface][self.DPDK_MAX_RX_QUEUES]
 789             if value < 1:
 790                 self.err_dpdk_max_rx_queues(value)
 791
 792     def validate_no_mtu(self, provnet_ifaces_conf, iface):
 793         if self.key_exists(provnet_ifaces_conf[iface], self.MTU):
 794             self.err_missplaced_mtu(iface)
 795
 796     def validate_networks_mapped_only_once(self, profile_name, networks):
 797         prev_net = None
 798         for net in sorted(networks):
 799             if net == prev_net:
 800                 self.err_net_mapping_conflict(profile_name, net)
 801             prev_net = net
 802
 803     def validate_used_provider_networks_defined(self, networks):
 804         for net in networks:
 805             self.key_must_exist(self.networking, self.PROVIDER_NETWORKS, net)
 806
 807     def validate_network_integrity(self, profile_name):
 808         provider_ifaces = []
 809         if self.key_exists(self.conf[profile_name], self.PROVIDER_NETWORK_INTERFACES):
 810             for iface in self.conf[profile_name][self.PROVIDER_NETWORK_INTERFACES]:
 811                 iface_data = self.conf[profile_name][self.PROVIDER_NETWORK_INTERFACES][iface]
 812                 bonding_type = self.OVS_BONDING_OPTIONS \
 813                     if iface_data[self.TYPE] != self.TYPE_CAAS else self.LINUX_BONDING_OPTIONS
 814                 self.validate_net_iface_integrity(profile_name, iface, bonding_type)
 815                 provider_ifaces.append(iface)
 816         for iface in self.conf[profile_name][self.INTERFACE_NET_MAPPING]:
 817             if iface not in provider_ifaces:
 818                 self.validate_net_iface_integrity(profile_name, iface, self.LINUX_BONDING_OPTIONS)
 819
 820     def validate_net_iface_integrity(self, profile_name, iface, bonding_type):
 821         if self.is_bond_iface(iface):
 822             if (not self.key_exists(self.conf[profile_name], self.BONDING_INTERFACES) or
 823                     iface not in self.conf[profile_name][self.BONDING_INTERFACES]):
 824                 self.err_missing_bond_def(profile_name, iface)
 825             self.key_must_exist(self.conf, profile_name, bonding_type)
 826             self.validate_bond_slave_count(profile_name, iface,
 827                                            self.conf[profile_name][bonding_type])
 828         elif self.key_exists(self.conf[profile_name], self.BONDING_INTERFACES):
 829             for bond in self.conf[profile_name][self.BONDING_INTERFACES]:
 830                 for slave in self.conf[profile_name][self.BONDING_INTERFACES][bond]:
 831                     if iface == slave:
 832                         self.err_slave_in_net(profile_name, iface)
 833
 834     def validate_bond_slave_count(self, profile_name, iface, bonding_mode):
 835         slave_count = len(self.conf[profile_name][self.BONDING_INTERFACES][iface])
 836         if bonding_mode == self.MODE_AB and slave_count != 2:
 837             self.err_ab_slave_count(profile_name, iface)
 838         elif bonding_mode == self.MODE_LACP and slave_count < 2:
 839             self.err_lacp_slave_count(profile_name, iface)