Beispiel #1
0
    def _disassociate_floatingip(self, context, id):
        l3db_fip = self._get_floatingip(context, id)
        db_namespace = fortinet_db.query_record(context,
                                    fortinet_db.Fortinet_ML2_Namespace,
                                    tenant_id=l3db_fip.tenant_id)
        db_fip = fortinet_db.query_record(context,
                            fortinet_db.Fortinet_FloatingIP_Allocation,
                            floating_ip_address=l3db_fip.floating_ip_address,
                            allocated=True)
        int_intf, ext_intf = utils.get_vlink_intf(self, context,
                                               vdom=db_namespace.vdom)
        db_ip = fortinet_db.query_record(context, models_v2.IPAllocation,
                                         port_id=l3db_fip.fixed_port_id)
        vlan_inf = utils.get_intf(context, db_ip.network_id)
        mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
        utils.delete_fwpolicy(self, context,
                              vdom=db_namespace.vdom,
                              srcintf=vlan_inf,
                              srcaddr=l3db_fip.fixed_ip_address,
                              dstintf=int_intf,
                              poolname=mappedip)

        utils.delete_fwaddress(self, context,
                               name=l3db_fip.fixed_ip_address,
                               vdom=db_namespace.vdom)

        utils.delete_fwpolicy(self, context,
                              vdom=db_namespace.vdom,
                              dstaddr=db_fip.floating_ip_address)

        utils.delete_vip(self, context,
                         vdom=db_namespace.vdom,
                         name=db_fip.floating_ip_address)
Beispiel #2
0
def clr_ext_gw(obj, context, port):
    ip_address = port['fixed_ips'][0]['ip_address']
    subnetv2_db = fortinet_db.query_record(
        context, models_v2.Subnet, id=port['fixed_ips'][0]['subnet_id'])
    netmask = netaddr.IPNetwork(subnetv2_db.cidr).netmask
    ip = "%s %s" % (ip_address, netmask)
    delete_interface_ip(obj,
                        context,
                        name=obj._fortigate['ext_interface'],
                        vdom=const.EXT_VDOM,
                        ip=ip)
    delete_fwpolicy(obj, context, vdom=const.EXT_VDOM, poolname=ip_address)
    delete_fwippool(obj, context, vdom=const.EXT_VDOM, name=ip_address)
    router_db = fortinet_db.query_record(context,
                                         l3_db.Router,
                                         id=port['device_id'])
    tenant_id = router_db.get('tenant_id', None)
    if tenant_id:
        delete_vlink(obj, context, tenant_id=tenant_id)
        if not [ getattr(record, 'gw_port_id', None) for record in
                 fortinet_db.query_records(context, l3_db.Router,
                                           tenant_id=tenant_id)
                         if getattr(record, 'gw_port_id', None)] and \
           not fortinet_db.query_count(context, models_v2.Network,
                                       tenant_id=tenant_id):
            delete_vdom(obj, context, tenant_id=tenant_id)
Beispiel #3
0
 def delete_network_precommit(self, mech_context):
     """Delete Network from the plugin specific database table."""
     network = mech_context.current
     network_id = network['id']
     context = mech_context._plugin_context
     if fortinet_db.query_record(context,
                                 ExternalNetwork,
                                 network_id=network_id):
         # return when the network is external network
         # TODO: may check external network before delete namespace
         return
     tenant_id = network['tenant_id']
     namespace = fortinet_db.query_record(
         context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id)
     if not namespace:
         return
     # TODO: type driver support vlan only, need to check later
     vlanid = network['provider:segmentation_id']
     inf_name = const.PREFIX['inf'] + str(vlanid)
     try:
         utils.delete_vlanintf(self,
                               context,
                               name=inf_name,
                               vdom=namespace.vdom)
     except Exception as e:
         resources.Exinfo(e)
         raise ml2_exc.MechanismDriverError(
             method=sys._getframe().f_code.co_name)
Beispiel #4
0
def delete_reservedip(obj, context, **kwargs):
    cls = fortinet_db.Fortinet_ML2_ReservedIP
    reserved_ip = fortinet_db.query_record(context, cls, **kwargs)

    if reserved_ip:
        db_reservedips = fortinet_db.query_records(
            context, cls, subnet_id=reserved_ip.subnet_id)
        db_reservedips.remove(reserved_ip)
        reserved_addresses = []
        for rsrvdip in db_reservedips:
            reserved_addresses.append({
                'id': rsrvdip.edit_id,
                'ip': rsrvdip.ip,
                'mac': rsrvdip.mac
            })
        db_subnet = fortinet_db.query_record(context,
                                             fortinet_db.Fortinet_ML2_Subnet,
                                             subnet_id=reserved_ip.subnet_id)
        if db_subnet:
            op(obj,
               context,
               resources.DhcpServerRsvAddr.set,
               id=db_subnet.edit_id,
               vdom=reserved_ip.vdom,
               reserved_address=json.dumps(reserved_addresses))
        fortinet_db.delete_record(context, cls, **kwargs)
Beispiel #5
0
    def create_port_precommit(self, mech_context):
        """Create logical port on the fortigate (db update)."""
        port = mech_context.current
        LOG.debug(_("create_port_precommit mech_context = %s" % mech_context))
        context = mech_context._plugin_context
        namespace = fortinet_db.query_record(
            context,
            fortinet_db.Fortinet_ML2_Namespace,
            tenant_id=port['tenant_id'])
        port_id = port['id']
        subnet_id = port['fixed_ips'][0]['subnet_id']
        ip_address = port['fixed_ips'][0]['ip_address']
        mac = port['mac_address']
        db_subnetv2 = fortinet_db.query_record(context,
                                               models_v2.Subnet,
                                               id=subnet_id)
        if port['device_owner'] in ['network:router_gateway']:
            if fortinet_db.query_record(context,
                                        ExternalNetwork,
                                        network_id=port['network_id']):
                utils.set_ext_gw(self, context, port)
        elif port['device_owner'] in ['compute:nova', 'compute:None', '']:
            # add dhcp related functions
            # '': create port before associate the port with a vm
            utils.add_reservedip(self,
                                 context,
                                 port_id=port_id,
                                 subnet_id=subnet_id,
                                 mac=mac,
                                 ip=ip_address,
                                 vdom=namespace.vdom)

        elif port['device_owner'] in ['network:router_interface']:
            if db_subnetv2.cidr:
                cidr = netaddr.IPNetwork(db_subnetv2.cidr)
                subnet = ' '.join([str(cidr.network), str(cidr.netmask)])
                utils.add_fwaddress(self,
                                    context,
                                    vdom=namespace.vdom,
                                    name=str(cidr.network),
                                    subnet=subnet)
                addrgrp_name = const.PREFIX['addrgrp'] + namespace.vdom
                utils.add_addrgrp(self,
                                  context,
                                  name=addrgrp_name,
                                  vdom=namespace.vdom,
                                  members=[
                                      str(cidr.network),
                                  ])

                utils.add_fwpolicy(self,
                                   context,
                                   vdom=namespace.vdom,
                                   srcintf='any',
                                   srcaddr=addrgrp_name,
                                   dstintf='any',
                                   dstaddr=addrgrp_name,
                                   nat='disable')
        return
Beispiel #6
0
def set_ext_gw(obj, context, port):
    """
    :param context:
    :param port: example format
     port = {
        'status': 'DOWN',
        'binding:host_id': '',
        'allowed_address_pairs': [],
        'device_owner': 'network:router_gateway',
        'binding:profile': {},
        'fixed_ips': [{
            'subnet_id': u'09855a84-edfd-474d-b641-38a2bc63466a',
            'ip_address': u'10.160.37.111'
        }],
        'id': '6e68efc0-c0ca-40a2-a502-c2bf19304317',
        'security_groups': [],
        'device_id': u'8312d7a2-cae5-4e87-9c04-782c4a34bb8c',
        'name': '',
        'admin_state_up': True,
        'network_id': u'95eb736c-dd3b-4bf5-940a-8fa8e707a376',
        'tenant_id': '',
        'binding:vif_details': {},
        'binding:vnic_type': 'normal',
        'binding:vif_type': 'unbound',
        'mac_address': 'fa:16:3e:95:02:ab'
    }
    :return:
    """
    router_db = fortinet_db.query_record(context, l3_db.Router,
                                         id=port['device_id'])
    tenant_id = router_db.get('tenant_id', None)
    if not tenant_id:
        raise ValueError

    namespace = add_vdom(obj, context, tenant_id=tenant_id)
    add_vlink(obj, context, namespace.vdom)
    vlink_db = fortinet_db.query_record(context,
                                fortinet_db.Fortinet_Vlink_Vlan_Allocation,
                                vdom=namespace.vdom)

    ip_address = port['fixed_ips'][0]['ip_address']

    add_fwippool(obj, context, vdom=const.EXT_VDOM,
                 name=ip_address, startip=ip_address)

    add_fwpolicy(obj, context,
                 vdom=const.EXT_VDOM,
                 srcintf=vlink_db.inf_name_ext_vdom,
                 dstintf=obj._fortigate['ext_interface'],
                 poolname=ip_address)
    subnet_db = fortinet_db.query_record(context, models_v2.Subnet,
                                id=port['fixed_ips'][0]['subnet_id'])
    if subnet_db:
        netmask = netaddr.IPNetwork(subnet_db.cidr).netmask
        add_interface_ip(obj, context,
                         name=obj._fortigate['ext_interface'],
                         vdom=const.EXT_VDOM,
                         ip="%s %s" % (ip_address, netmask))
Beispiel #7
0
    def create_subnet_postcommit(self, mech_context):
        """Noop now, it is left here for future."""
        # LOG.debug(_("create_subnetwork_postcommit: called"))
        gateway = mech_context.current["gateway_ip"]
        network_id = mech_context.current["network_id"]
        subnet_id = mech_context.current["id"]
        tenant_id = mech_context.current["tenant_id"]
        context = mech_context._plugin_context
        try:
            if fortinet_db.query_record(context, ExternalNetwork, network_id=network_id):
                utils.add_routerstatic(
                    self,
                    context,
                    subnet_id=subnet_id,
                    vdom=const.EXT_VDOM,
                    dst=const.EXT_DEF_DST,
                    device=self._fortigate["ext_interface"],
                    gateway=gateway,
                )
            else:
                namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id)
                interface = utils.get_intf(context, mech_context.current["network_id"])
                netmask = str(netaddr.IPNetwork(mech_context.current["cidr"]).netmask)
                start_ip = mech_context.current["allocation_pools"][0]["start"]
                end_ip = mech_context.current["allocation_pools"][0]["end"]

                utils.add_dhcpserver(
                    self,
                    context,
                    subnet_id=subnet_id,
                    vdom=namespace.vdom,
                    interface=interface,
                    gateway=gateway,
                    netmask=netmask,
                    start_ip=start_ip,
                    end_ip=end_ip,
                )

                # TODO: need to add rollback for the update and set
                cls = fortinet_db.Fortinet_Interface
                record = fortinet_db.query_record(context, cls, name=interface, vdom=namespace.vdom)
                if gateway:
                    cls.update_record(context, record, ip="%s %s" % (gateway, netmask))
                    utils.op(
                        self,
                        context,
                        resources.VlanInterface.set,
                        name=interface,
                        vdom=namespace.vdom,
                        ip="%s %s" % (gateway, netmask),
                    )
        except Exception as e:
            utils._rollback_on_err(self, context, e)
            raise ml2_exc.MechanismDriverError(method=sys._getframe().f_code.co_name)
        utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
Beispiel #8
0
    def _associate_floatingip(self, context, id, floatingip):
        try:
            l3db_fip = self._get_floatingip(context, id)
            db_namespace = fortinet_db.query_record(context,
                                    fortinet_db.Fortinet_ML2_Namespace,
                                    tenant_id=l3db_fip.tenant_id)

            db_fip = fortinet_db.query_record(context,
                            fortinet_db.Fortinet_FloatingIP_Allocation,
                            floating_ip_address=l3db_fip.floating_ip_address,
                            allocated=True)
            int_intf, ext_intf = utils.get_vlink_intf(self, context,
                                                      vdom=db_namespace.vdom)
            mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
            fixed_ip_address = floatingip['floatingip']['fixed_ip_address']
            utils.add_vip(self, context,
                          vdom=db_namespace.vdom,
                          name=db_fip.floating_ip_address,
                          extip=mappedip,
                          extintf=int_intf,
                          mappedip=fixed_ip_address)

            db_ip = fortinet_db.query_record(context, models_v2.IPAllocation,
                                port_id=floatingip['floatingip']['port_id'])
            vlan_inf = utils.get_intf(context, db_ip.network_id)
            utils.add_fwpolicy(self, context,
                               vdom=db_namespace.vdom,
                               srcintf=int_intf,
                               dstintf=vlan_inf,
                               dstaddr=db_fip.floating_ip_address,
                               nat='enable')

            utils.add_fwaddress(self, context,
                                name=fixed_ip_address,
                                vdom=db_namespace.vdom,
                                subnet="%s 255.255.255.255" % fixed_ip_address,
                                associated_interface=vlan_inf)

            db_fwpolicy = utils.add_fwpolicy(self, context,
                               vdom=db_namespace.vdom,
                               srcintf=vlan_inf,
                               srcaddr=fixed_ip_address,
                               dstintf=int_intf,
                               poolname=mappedip)
            utils.head_firewall_policy(self, context,
                                       vdom=db_namespace.vdom,
                                       id=db_fwpolicy.edit_id)
        except Exception as e:
            utils._rollback_on_err(self, context, e)
            raise e
        utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
Beispiel #9
0
    def add_router_interface(self, context, router_id, interface_info):
        """creates vlnk on the fortinet device."""
        LOG.debug("FortinetL3ServicePlugin.add_router_interface: "
                  "router_id=%(router_id)s "
                  "interface_info=%(interface_info)r",
                  {'router_id': router_id, 'interface_info': interface_info})
        with context.session.begin(subtransactions=True):
            info = super(FortinetL3ServicePlugin, self).add_router_interface(
                context, router_id, interface_info)
            port = db.get_port(context.session, info['port_id'])
            port['admin_state_up'] = True
            port['port'] = port
            LOG.debug("FortinetL3ServicePlugin: "
                  "context=%(context)s"
                  "port=%(port)s "
                  "info=%(info)r",
                  {'context': context, 'port': port, 'info': info})

            #self._core_plugin.update_port(context, info["port_id"], port)

            interface_info = info
            subnet = self._core_plugin._get_subnet(context,
                                                   interface_info['subnet_id'])
            network_id = subnet['network_id']
            tenant_id = port['tenant_id']
            port_filters = {'network_id': [network_id],
                            'device_owner': [DEVICE_OWNER_ROUTER_INTF]}
            port_count = self._core_plugin.get_ports_count(context,
                                                           port_filters)
            # port count is checked against 2 since the current port is already
            # added to db
            if port_count == 2:
                # This subnet is already part of some router
                LOG.error(_("FortinetL3ServicePlugin: adding redundant router "
                            "interface is not supported"))
                raise Exception(_("FortinetL3ServicePlugin:adding redundant "
                                  "router interface is not supported"))
            try:
                db_namespace = fortinet_db.query_record(context,
                                        fortinet_db.Fortinet_ML2_Namespace,
                                        tenant_id=tenant_id)
                vlan_inf = utils.get_intf(context, network_id)
                int_intf, ext_intf = utils.get_vlink_intf(self, context,
                                               vdom=db_namespace.vdom)
                utils.add_fwpolicy(self, context,
                                   vdom=db_namespace.vdom,
                                   srcintf=vlan_inf,
                                   dstintf=int_intf,
                                   nat='enable')

            except Exception as e:
                LOG.error(_("Failed to create Fortinet resources to add router "
                            "interface. info=%(info)s, router_id=%(router_id)s"),
                          {"info": info, "router_id": router_id})
                resources.Exinfo(e)
                with excutils.save_and_reraise_exception():
                    self.remove_router_interface(context, router_id,
                                                     interface_info)
        utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
        return info
Beispiel #10
0
def add_addrgrp(obj, context, **kwargs):
    """
    :param context:
    :param kwargs:
     {
        "name": "addrgrp_osvdm1",
        "vdom": "osvdm1",
        "members": ["192.168.33.0"]
     }
    :return:
    """
    cls = fortinet_db.Fortinet_Firewall_Address
    records = fortinet_db.query_records(context, cls, group=kwargs['name'])
    for name in kwargs['members']:
        record = fortinet_db.query_record(context, cls,
                                          name=name, vdom=kwargs['vdom'])
        if not record.group:
            cls.update_record(context, record, group=kwargs['name'])
            # TODO: need to add a rollback action to taskmanager
        else:
            LOG.debug(_("The member %(record)s already joined a group"),
                      {"record": record})
    for record in records:
        kwargs['members'].append(record.name)
    try:
        op(obj, context, resources.FirewallAddrgrp.get,
           name=kwargs['name'], vdom=kwargs['vdom'])
        # TODO: need to add a rollback action to taskmanager
        op(obj, context, resources.FirewallAddrgrp.set, **kwargs)
    except exception.ResourceNotFound:
        op(obj, context, resources.FirewallAddrgrp.add, **kwargs)
Beispiel #11
0
def add_interface_ip(obj, context, **kwargs):
    """
    :param context:
    :param kwargs: example format as below
        {
            "ip": "10.160.37.20 255.255.255.0",
            "name": "port37",
            "vdom": "root"
        }
    :return:
    """
    inf_db = fortinet_db.query_record(context,
                            fortinet_db.Fortinet_Interface,
                            name=kwargs.get('name'))
    if const.EXT_DEF_DST in getattr(inf_db, 'ip'):
        inf_db.update_record(context, inf_db, **kwargs)
        op(obj, context, resources.VlanInterface.set, **kwargs)
    else:
        records = fortinet_db.query_records(context,
                                  fortinet_db.Fortinet_Interface_subip,
                                  name=kwargs.get('name'))
        org_subips = [getattr(record, 'ip') for record in records]

        if kwargs.get('ip') in org_subips:
            return
        add_record(obj, context,
                   fortinet_db.Fortinet_Interface_subip, **kwargs)

        org_subips.append(kwargs.get('ip'))
        op(obj, context, resources.VlanInterface.set,
           name=kwargs.get('name'),
           vdom=kwargs.get('vdom'),
           secondaryips=org_subips)
Beispiel #12
0
def get_vlink_intf(obj, context, **kwargs):
    vlink_vlan = fortinet_db.query_record(context,
                        fortinet_db.Fortinet_Vlink_Vlan_Allocation,
                        **kwargs)
    if not vlink_vlan and kwargs.get('vdom', None):
        return add_vlink(obj, context, kwargs['vdom'])
    return (vlink_vlan.inf_name_int_vdom, vlink_vlan.inf_name_ext_vdom)
Beispiel #13
0
    def remove_router_interface(self, context, router_id, interface_info):
        """Deletes vlink, default router from Fortinet device."""
        LOG.debug("FortinetL3ServicePlugin.remove_router_interface called: "
                  "router_id=%(router_id)s "
                  "interface_info=%(interface_info)r",
                  {'router_id': router_id, 'interface_info': interface_info})

        with context.session.begin(subtransactions=True):
            info = super(FortinetL3ServicePlugin, self).\
                remove_router_interface(context, router_id, interface_info)
            try:
                subnet = self._core_plugin._get_subnet(context,
                                                       info['subnet_id'])
                tenant_id = subnet['tenant_id']
                network_id = subnet['network_id']
                vlan_inf = utils.get_intf(context, network_id)
                db_namespace = fortinet_db.query_record(context,
                                        fortinet_db.Fortinet_ML2_Namespace,
                                        tenant_id=tenant_id)
                utils.delete_fwpolicy(self, context,
                                      vdom=db_namespace.vdom,
                                      srcintf=vlan_inf)
            except Exception:
                LOG.error(_("Fail remove of interface from Fortinet router "
                                "interface. info=%(info)s, "
                                "router_id=%(router_id)s") %
                              ({"info": info, "router_id": router_id}))
                raise Exception
        return info
Beispiel #14
0
 def delete_network_postcommit(self, mech_context):
     """Delete network which translates to remove vlan interface
     and related vdom from the fortigate.
     """
     LOG.debug(_("delete_network_postcommit: called"))
     network = mech_context.current
     context = mech_context._plugin_context
     tenant_id = network["tenant_id"]
     if not fortinet_db.query_count(context, models_v2.Network, tenant_id=tenant_id):
         try:
             namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id)
             if not namespace:
                 return
             if not [
                 getattr(record, "gw_port_id", None)
                 for record in fortinet_db.query_records(context, l3_db.Router, tenant_id=namespace.tenant_id)
                 if getattr(record, "gw_port_id", None)
             ]:
                 utils.delete_vlink(self, context, tenant_id=tenant_id)
                 utils.delete_vdom(self, context, vdom=namespace.vdom)
             LOG.info(
                 _("delete network postcommit: tenant= %(tenant_id)s" " vdom= %(vdom)s"),
                 {"tenant_id": tenant_id, "vdom": namespace.vdom},
             )
         except Exception as e:
             resources.Exinfo(e)
             raise ml2_exc.MechanismDriverError(method=sys._getframe().f_code.co_name)
Beispiel #15
0
    def delete_port_postcommit(self, mech_context):
        port = mech_context.current
        context = mech_context._plugin_context
        try:
            port_id = port['id']
            subnet_id = port['fixed_ips'][0]['subnet_id']
            db_subnet = fortinet_db.query_record(
                context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=subnet_id)
            db_subnetv2 = fortinet_db.query_record(context,
                                                   models_v2.Subnet,
                                                   id=subnet_id)
            if port['device_owner'] in ['network:router_gateway']:
                if fortinet_db.query_record(context,
                                            ExternalNetwork,
                                            network_id=port['network_id']):
                    #delete ippool and its related firewall policy
                    utils.clr_ext_gw(self, context, port)

            elif port['device_owner'] in ['compute:nova', 'compute:None', '']:
                # delete dhcp related functions
                utils.delete_reservedip(self, context, port_id=port_id)

            elif port['device_owner'] in ['network:router_interface']:
                # add firewall address and address group
                name = const.PREFIX['addrgrp'] + db_subnet.vdom
                member = str(netaddr.IPNetwork(db_subnetv2.cidr).network)
                utils.delete_fwpolicy(self,
                                      context,
                                      vdom=db_subnet.vdom,
                                      srcintf='any',
                                      srcaddr=name,
                                      dstintf='any',
                                      dstaddr=name,
                                      nat='disable')
                utils.delete_addrgrp(self,
                                     context,
                                     name=name,
                                     vdom=db_subnet.vdom,
                                     members=member.split(' '))
                utils.delete_fwaddress(self,
                                       context,
                                       vdom=db_subnet.vdom,
                                       name=member)
        except Exception as e:
            resources.Exinfo(e)
            raise ml2_exc.MechanismDriverError(
                method=sys._getframe().f_code.co_name)
Beispiel #16
0
 def delete_floatingip(self, context, id):
     LOG.debug(_("delete_floatingip: id=%s" % id))
     fip = fortinet_db.query_record(context, l3_db.FloatingIP, id=id)
     if fip and getattr(fip, 'fixed_port_id', None):
         self._disassociate_floatingip(context, id)
         super(FortinetL3ServicePlugin,
               self).disassociate_floatingips(context, fip['fixed_port_id'])
     self._release_floatingip(context, id)
     super(FortinetL3ServicePlugin, self).delete_floatingip(context, id)
Beispiel #17
0
 def delete_floatingip(self, context, id):
     LOG.debug(_("delete_floatingip: id=%s" % id))
     fip = fortinet_db.query_record(context, l3_db.FloatingIP, id=id)
     if fip and getattr(fip, 'fixed_port_id', None):
         self._disassociate_floatingip(context, id)
         super(FortinetL3ServicePlugin, self).disassociate_floatingips(
             context, fip['fixed_port_id'])
     self._release_floatingip(context, id)
     super(FortinetL3ServicePlugin, self).delete_floatingip(context, id)
Beispiel #18
0
 def disassociate_floatingips(self, context, port_id, do_notify=True):
     fip = fortinet_db.query_record(context, l3_db.FloatingIP,
                                    fixed_port_id=port_id)
     if fip and getattr(fip, 'id', None):
         self._disassociate_floatingip(context, fip.id)
     return super(FortinetL3ServicePlugin,
                  self).disassociate_floatingips(context,
                                                 port_id,
                                                 do_notify=do_notify)
Beispiel #19
0
 def disassociate_floatingips(self, context, port_id, do_notify=True):
     fip = fortinet_db.query_record(context,
                                    l3_db.FloatingIP,
                                    fixed_port_id=port_id)
     if fip and getattr(fip, 'id', None):
         self._disassociate_floatingip(context, fip.id)
     return super(FortinetL3ServicePlugin,
                  self).disassociate_floatingips(context,
                                                 port_id,
                                                 do_notify=do_notify)
Beispiel #20
0
def delete_vdom(obj, context, **kwargs):
    cls = fortinet_db.Fortinet_ML2_Namespace
    namespace = fortinet_db.query_record(context, cls, **kwargs)
    if namespace:
        try:
            op(obj, context, resources.Vdom.get, name=namespace.vdom)
            op(obj, context, resources.Vdom.delete, name=namespace.vdom)
        except Exception as e:
            resources.Exinfo(e)
        fortinet_db.delete_record(context, cls, **kwargs)
    return namespace
Beispiel #21
0
def delete_vdom(obj, context, **kwargs):
    cls = fortinet_db.Fortinet_ML2_Namespace
    namespace = fortinet_db.query_record(context, cls, **kwargs)
    if namespace:
        try:
            op(obj, context, resources.Vdom.get, name=namespace.vdom)
            op(obj, context, resources.Vdom.delete, name=namespace.vdom)
        except Exception as e:
            resources.Exinfo(e)
        fortinet_db.delete_record(context, cls, **kwargs)
    return namespace
Beispiel #22
0
    def _disassociate_floatingip(self, context, id):
        l3db_fip = self._get_floatingip(context, id)
        db_namespace = fortinet_db.query_record(
            context,
            fortinet_db.Fortinet_ML2_Namespace,
            tenant_id=l3db_fip.tenant_id)
        db_fip = fortinet_db.query_record(
            context,
            fortinet_db.Fortinet_FloatingIP_Allocation,
            floating_ip_address=l3db_fip.floating_ip_address,
            allocated=True)
        int_intf, ext_intf = utils.get_vlink_intf(self,
                                                  context,
                                                  vdom=db_namespace.vdom)
        db_ip = fortinet_db.query_record(context,
                                         models_v2.IPAllocation,
                                         port_id=l3db_fip.fixed_port_id)
        vlan_inf = utils.get_intf(context, db_ip.network_id)
        mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
        utils.delete_fwpolicy(self,
                              context,
                              vdom=db_namespace.vdom,
                              srcintf=vlan_inf,
                              srcaddr=l3db_fip.fixed_ip_address,
                              dstintf=int_intf,
                              poolname=mappedip)

        utils.delete_fwaddress(self,
                               context,
                               name=l3db_fip.fixed_ip_address,
                               vdom=db_namespace.vdom)

        utils.delete_fwpolicy(self,
                              context,
                              vdom=db_namespace.vdom,
                              dstaddr=db_fip.floating_ip_address)

        utils.delete_vip(self,
                         context,
                         vdom=db_namespace.vdom,
                         name=db_fip.floating_ip_address)
Beispiel #23
0
 def delete_network_precommit(self, mech_context):
     """Delete Network from the plugin specific database table."""
     network = mech_context.current
     network_id = network["id"]
     context = mech_context._plugin_context
     if fortinet_db.query_record(context, ExternalNetwork, network_id=network_id):
         # return when the network is external network
         # TODO: may check external network before delete namespace
         return
     tenant_id = network["tenant_id"]
     namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id)
     if not namespace:
         return
     # TODO: type driver support vlan only, need to check later
     vlanid = network["provider:segmentation_id"]
     inf_name = const.PREFIX["inf"] + str(vlanid)
     try:
         utils.delete_vlanintf(self, context, name=inf_name, vdom=namespace.vdom)
     except Exception as e:
         resources.Exinfo(e)
         raise ml2_exc.MechanismDriverError(method=sys._getframe().f_code.co_name)
Beispiel #24
0
def delete_vlink(obj, context, tenant_id):
    vdom = fortinet_db.query_record(context,
                                    fortinet_db.Fortinet_ML2_Namespace,
                                    tenant_id=tenant_id).vdom
    vlink_vlan = fortinet_db.query_record(
        context,
        fortinet_db.Fortinet_Vlink_Vlan_Allocation,
        vdom=vdom,
        allocated=True)
    if not vlink_vlan:
        return False
    vlink_ip = fortinet_db.query_record(
        context,
        fortinet_db.Fortinet_Vlink_IP_Allocation,
        vdom=vdom,
        vlink_id=vlink_vlan.id,
        allocated=True)
    if not vlink_ip:
        return False
    """
    delete_fwpolicy(obj, context,
                    vdom=const.EXT_VDOM,
                    srcintf=vlink_vlan.inf_name_ext_vdom,
                    dstintf=obj._fortigate['ext_interface'],
                    nat='enable')"""
    delete_routerstatic(obj,
                        context,
                        vdom=vdom,
                        dst=const.EXT_DEF_DST,
                        device=vlink_vlan.inf_name_int_vdom,
                        gateway=const.DEF_GW)
    delete_vlink_intf(obj, context, vlink_vlan)
    fortinet_db.delete_record(context,
                              fortinet_db.Fortinet_Vlink_IP_Allocation,
                              vdom=vdom,
                              vlink_id=vlink_vlan.id)
    fortinet_db.delete_record(context,
                              fortinet_db.Fortinet_Vlink_Vlan_Allocation,
                              id=vlink_vlan.id)
    return True
Beispiel #25
0
    def create_port_precommit(self, mech_context):
        """Create logical port on the fortigate (db update)."""
        port = mech_context.current
        LOG.debug(_("create_port_precommit mech_context = %s" % mech_context))
        context = mech_context._plugin_context
        namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=port["tenant_id"])
        port_id = port["id"]
        subnet_id = port["fixed_ips"][0]["subnet_id"]
        ip_address = port["fixed_ips"][0]["ip_address"]
        mac = port["mac_address"]
        db_subnetv2 = fortinet_db.query_record(context, models_v2.Subnet, id=subnet_id)
        if port["device_owner"] in ["network:router_gateway"]:
            if fortinet_db.query_record(context, ExternalNetwork, network_id=port["network_id"]):
                utils.set_ext_gw(self, context, port)
        elif port["device_owner"] in ["compute:nova", "compute:None", ""]:
            # add dhcp related functions
            # '': create port before associate the port with a vm
            utils.add_reservedip(
                self, context, port_id=port_id, subnet_id=subnet_id, mac=mac, ip=ip_address, vdom=namespace.vdom
            )

        elif port["device_owner"] in ["network:router_interface"]:
            if db_subnetv2.cidr:
                cidr = netaddr.IPNetwork(db_subnetv2.cidr)
                subnet = " ".join([str(cidr.network), str(cidr.netmask)])
                utils.add_fwaddress(self, context, vdom=namespace.vdom, name=str(cidr.network), subnet=subnet)
                addrgrp_name = const.PREFIX["addrgrp"] + namespace.vdom
                utils.add_addrgrp(self, context, name=addrgrp_name, vdom=namespace.vdom, members=[str(cidr.network)])

                utils.add_fwpolicy(
                    self,
                    context,
                    vdom=namespace.vdom,
                    srcintf="any",
                    srcaddr=addrgrp_name,
                    dstintf="any",
                    dstaddr=addrgrp_name,
                    nat="disable",
                )
        return
Beispiel #26
0
def delete_reservedip(obj, context, **kwargs):
    cls = fortinet_db.Fortinet_ML2_ReservedIP
    reserved_ip = fortinet_db.query_record(context, cls, **kwargs)

    if reserved_ip:
        db_reservedips = fortinet_db.query_records(context, cls,
                                        subnet_id=reserved_ip.subnet_id)
        db_reservedips.remove(reserved_ip)
        reserved_addresses = []
        for rsrvdip in db_reservedips:
            reserved_addresses.append({ 'id': rsrvdip.edit_id,
                                        'ip': rsrvdip.ip,
                                        'mac': rsrvdip.mac })
        db_subnet = fortinet_db.query_record(context,
                                             fortinet_db.Fortinet_ML2_Subnet,
                                             subnet_id=reserved_ip.subnet_id)
        if db_subnet:
            op(obj, context, resources.DhcpServerRsvAddr.set,
               id=db_subnet.edit_id,
               vdom=reserved_ip.vdom,
               reserved_address=json.dumps(reserved_addresses))
        fortinet_db.delete_record(context, cls, **kwargs)
Beispiel #27
0
    def Fortinet_init(self):
        """Fortinet specific initialization for this class."""
        LOG.debug(_("FortinetMechanismDriver_init"))
        self._fortigate = {
            'address': cfg.CONF.ml2_fortinet.address,
            'port': cfg.CONF.ml2_fortinet.port,
            'protocol': cfg.CONF.ml2_fortinet.protocol,
            'username': cfg.CONF.ml2_fortinet.username,
            'password': cfg.CONF.ml2_fortinet.password,
            'int_interface': cfg.CONF.ml2_fortinet.int_interface,
            'ext_interface': cfg.CONF.ml2_fortinet.ext_interface,
            'tenant_network_type': cfg.CONF.ml2_fortinet.tenant_network_type,
            'vlink_vlan_id_range': cfg.CONF.ml2_fortinet.vlink_vlan_id_range,
            'vlink_ip_range': cfg.CONF.ml2_fortinet.vlink_ip_range,
            'vip_mappedip_range': cfg.CONF.ml2_fortinet.vip_mappedip_range,
            'npu_available': cfg.CONF.ml2_fortinet.npu_available
        }

        api_server = [(self._fortigate['address'], self._fortigate['port'],
                       'https' == self._fortigate['protocol'])]
        self._driver = client.FortiosApiClient(api_server,
                                               self._fortigate['username'],
                                               self._fortigate['password'])

        for key in const.FORTINET_PARAMS:
            self.sync_conf_to_db(key)

        session = db_api.get_session()
        cls = fortinet_db.Fortinet_Interface
        ext_inf = {
            "name": self._fortigate['ext_interface'],
            "vdom": const.EXT_VDOM
        }
        record = fortinet_db.query_record(session, cls, **ext_inf)
        if not record:
            fortinet_db.add_record(session, cls, **ext_inf)
            """create a vdom for external network if it doesn't exist"""
            try:
                message = {
                    "name": const.EXT_VDOM,
                }
                self._driver.request("GET_VDOM", **message)
            except exception.ResourceNotFound:
                LOG.info(_("external vdom doesn't exist, creating one"))
                self._driver.request("ADD_VDOM", **message)
                message = {
                    "name": self._fortigate['ext_interface'],
                    "vdom": const.EXT_VDOM
                }
                self._driver.request("SET_VLAN_INTERFACE", **message)
Beispiel #28
0
def delete_vlink(obj, context, tenant_id):
    vdom = fortinet_db.query_record(context,
                                    fortinet_db.Fortinet_ML2_Namespace,
                                   tenant_id=tenant_id).vdom
    vlink_vlan = fortinet_db.query_record(context,
                            fortinet_db.Fortinet_Vlink_Vlan_Allocation,
                            vdom=vdom,
                            allocated=True)
    if not vlink_vlan:
        return False
    vlink_ip = fortinet_db.query_record(context,
                              fortinet_db.Fortinet_Vlink_IP_Allocation,
                              vdom=vdom,
                              vlink_id=vlink_vlan.id,
                              allocated=True)
    if not vlink_ip:
        return False
    """
    delete_fwpolicy(obj, context,
                    vdom=const.EXT_VDOM,
                    srcintf=vlink_vlan.inf_name_ext_vdom,
                    dstintf=obj._fortigate['ext_interface'],
                    nat='enable')"""
    delete_routerstatic(obj, context,
                        vdom=vdom,
                        dst=const.EXT_DEF_DST,
                        device=vlink_vlan.inf_name_int_vdom,
                        gateway=const.DEF_GW)
    delete_vlink_intf(obj, context, vlink_vlan)
    fortinet_db.delete_record(context,
                        fortinet_db.Fortinet_Vlink_IP_Allocation,
                        vdom=vdom,
                        vlink_id=vlink_vlan.id)
    fortinet_db.delete_record(context,
                        fortinet_db.Fortinet_Vlink_Vlan_Allocation,
                        id=vlink_vlan.id)
    return True
Beispiel #29
0
    def delete_port_postcommit(self, mech_context):
        port = mech_context.current
        context = mech_context._plugin_context
        try:
            port_id = port["id"]
            subnet_id = port["fixed_ips"][0]["subnet_id"]
            db_subnet = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=subnet_id)
            db_subnetv2 = fortinet_db.query_record(context, models_v2.Subnet, id=subnet_id)
            if port["device_owner"] in ["network:router_gateway"]:
                if fortinet_db.query_record(context, ExternalNetwork, network_id=port["network_id"]):
                    # delete ippool and its related firewall policy
                    utils.clr_ext_gw(self, context, port)

            elif port["device_owner"] in ["compute:nova", "compute:None", ""]:
                # delete dhcp related functions
                utils.delete_reservedip(self, context, port_id=port_id)

            elif port["device_owner"] in ["network:router_interface"]:
                # add firewall address and address group
                name = const.PREFIX["addrgrp"] + db_subnet.vdom
                member = str(netaddr.IPNetwork(db_subnetv2.cidr).network)
                utils.delete_fwpolicy(
                    self,
                    context,
                    vdom=db_subnet.vdom,
                    srcintf="any",
                    srcaddr=name,
                    dstintf="any",
                    dstaddr=name,
                    nat="disable",
                )
                utils.delete_addrgrp(self, context, name=name, vdom=db_subnet.vdom, members=member.split(" "))
                utils.delete_fwaddress(self, context, vdom=db_subnet.vdom, name=member)
        except Exception as e:
            resources.Exinfo(e)
            raise ml2_exc.MechanismDriverError(method=sys._getframe().f_code.co_name)
Beispiel #30
0
def check(obj, context, vdom, resource=resources.VlanInterface):
    vlink_vlan = fortinet_db.query_record(context,
                     fortinet_db.Fortinet_Vlink_Vlan_Allocation, vdom=vdom)
    if vlink_vlan:
        try:
            op(obj, context, resource.get,
               vdom=vdom, name=vlink_vlan.inf_name_int_vdom)
            op(obj, context, resource.get,
               vdom=const.EXT_VDOM, name=vlink_vlan.inf_name_ext_vdom)
        except exception.ResourceNotFound as e:
            import inspect
            caller = inspect.stack()[1][3]
            LOG.debug(_("#### Check vlink interface failed on the %(func)s."),
            {'func': caller})
            resources.Exinfo(e)
Beispiel #31
0
def clr_ext_gw(obj, context, port):
    ip_address = port['fixed_ips'][0]['ip_address']
    subnetv2_db = fortinet_db.query_record(context, models_v2.Subnet,
                                    id=port['fixed_ips'][0]['subnet_id'])
    netmask = netaddr.IPNetwork(subnetv2_db.cidr).netmask
    ip = "%s %s" % (ip_address, netmask)
    delete_interface_ip(obj, context,
                        name=obj._fortigate['ext_interface'],
                        vdom=const.EXT_VDOM,
                        ip=ip)
    delete_fwpolicy(obj, context, vdom=const.EXT_VDOM, poolname=ip_address)
    delete_fwippool(obj, context, vdom=const.EXT_VDOM, name=ip_address)
    router_db = fortinet_db.query_record(context, l3_db.Router,
                                         id=port['device_id'])
    tenant_id = router_db.get('tenant_id', None)
    if tenant_id:
        delete_vlink(obj, context, tenant_id=tenant_id)
        if not [ getattr(record, 'gw_port_id', None) for record in
                 fortinet_db.query_records(context, l3_db.Router,
                                           tenant_id=tenant_id)
                         if getattr(record, 'gw_port_id', None)] and \
           not fortinet_db.query_count(context, models_v2.Network,
                                       tenant_id=tenant_id):
            delete_vdom(obj, context, tenant_id=tenant_id)
Beispiel #32
0
def delete_interface_ip(obj, context, **kwargs):
    """
    :param context:
    :param kwargs: example format as below
        {
            "ip": "10.160.37.20 255.255.255.0",
            "name": "port37",
            "vdom": "root"
        }
    :return:
    """
    records = fortinet_db.query_records(context,
                                        fortinet_db.Fortinet_Interface_subip,
                                        name=kwargs.get('name'))
    org_subips = [getattr(record, 'ip') for record in records]
    if kwargs.get('ip') in org_subips:
        org_subips.remove(kwargs["ip"])
        op(obj,
           context,
           resources.VlanInterface.set,
           name=kwargs.get('name'),
           vdom=kwargs.get('vdom'),
           secondaryips=org_subips)
        fortinet_db.delete_record(context,
                                  fortinet_db.Fortinet_Interface_subip,
                                  **kwargs)
    else:
        inf_db = fortinet_db.query_record(context,
                                          fortinet_db.Fortinet_Interface,
                                          **kwargs)
        if not inf_db:
            return
        if org_subips:
            kwargs['ip'] = org_subips.pop()
            op(obj,
               context,
               resources.VlanInterface.set,
               name=kwargs.get('name'),
               vdom=kwargs.get('vdom'),
               secondaryips=org_subips)
            fortinet_db.delete_record(context,
                                      fortinet_db.Fortinet_Interface_subip,
                                      **kwargs)
        else:
            kwargs['ip'] = const.EXT_DEF_DST

        op(obj, context, resources.VlanInterface.set, **kwargs)
        inf_db.update_record(context, inf_db, ip=kwargs['ip'])
Beispiel #33
0
def delete_interface_ip(obj, context, **kwargs):
    """
    :param context:
    :param kwargs: example format as below
        {
            "ip": "10.160.37.20 255.255.255.0",
            "name": "port37",
            "vdom": "root"
        }
    :return:
    """
    records = fortinet_db.query_records(context,
                                        fortinet_db.Fortinet_Interface_subip,
                                        name=kwargs.get('name'))
    org_subips = [getattr(record, 'ip') for record in records]
    if kwargs.get('ip') in org_subips:
        org_subips.remove(kwargs["ip"])
        op(obj, context, resources.VlanInterface.set,
           name=kwargs.get('name'),
           vdom=kwargs.get('vdom'),
           secondaryips=org_subips)
        fortinet_db.delete_record(context,
                                  fortinet_db.Fortinet_Interface_subip,
                                  **kwargs)
    else:
        inf_db = fortinet_db.query_record(context,
                                          fortinet_db.Fortinet_Interface,
                                          **kwargs)
        if not inf_db:
            return
        if org_subips:
            kwargs['ip'] = org_subips.pop()
            op(obj, context, resources.VlanInterface.set,
               name=kwargs.get('name'),
               vdom=kwargs.get('vdom'),
               secondaryips=org_subips)
            fortinet_db.delete_record(context,
                                  fortinet_db.Fortinet_Interface_subip,
                                  **kwargs)
        else:
            kwargs['ip'] = const.EXT_DEF_DST

        op(obj, context, resources.VlanInterface.set, **kwargs)
        inf_db.update_record(context, inf_db, ip=kwargs['ip'])
Beispiel #34
0
def add_reservedip(obj, context, **kwargs):
    cls = fortinet_db.Fortinet_ML2_ReservedIP
    reserved_ip = add_record(obj, context, cls, **kwargs)
    db_reservedips = fortinet_db.query_records(context, cls,
                                        subnet_id=kwargs.get('subnet_id'))
    db_subnet = fortinet_db.query_record(context,
                                         fortinet_db.Fortinet_ML2_Subnet,
                                         subnet_id=kwargs.get('subnet_id'))
    if db_subnet:
        reserved_addresses = []
        for rsrvdip in db_reservedips:
            reserved_addresses.append({ 'id': rsrvdip.edit_id,
                                        'ip': rsrvdip.ip,
                                        'mac': rsrvdip.mac })

        op(obj, context, resources.DhcpServerRsvAddr.set,
           id=db_subnet.edit_id,
           vdom=kwargs.get('vdom'),
           reserved_address=json.dumps(reserved_addresses))
Beispiel #35
0
def check(obj, context, vdom, resource=resources.VlanInterface):
    vlink_vlan = fortinet_db.query_record(
        context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, vdom=vdom)
    if vlink_vlan:
        try:
            op(obj,
               context,
               resource.get,
               vdom=vdom,
               name=vlink_vlan.inf_name_int_vdom)
            op(obj,
               context,
               resource.get,
               vdom=const.EXT_VDOM,
               name=vlink_vlan.inf_name_ext_vdom)
        except exception.ResourceNotFound as e:
            import inspect
            caller = inspect.stack()[1][3]
            LOG.debug(_("#### Check vlink interface failed on the %(func)s."),
                      {'func': caller})
            resources.Exinfo(e)
Beispiel #36
0
    def Fortinet_init(self):
        """Fortinet specific initialization for this class."""
        LOG.debug(_("FortinetMechanismDriver_init"))
        self._fortigate = {
            "address": cfg.CONF.ml2_fortinet.address,
            "port": cfg.CONF.ml2_fortinet.port,
            "protocol": cfg.CONF.ml2_fortinet.protocol,
            "username": cfg.CONF.ml2_fortinet.username,
            "password": cfg.CONF.ml2_fortinet.password,
            "int_interface": cfg.CONF.ml2_fortinet.int_interface,
            "ext_interface": cfg.CONF.ml2_fortinet.ext_interface,
            "tenant_network_type": cfg.CONF.ml2_fortinet.tenant_network_type,
            "vlink_vlan_id_range": cfg.CONF.ml2_fortinet.vlink_vlan_id_range,
            "vlink_ip_range": cfg.CONF.ml2_fortinet.vlink_ip_range,
            "vip_mappedip_range": cfg.CONF.ml2_fortinet.vip_mappedip_range,
            "npu_available": cfg.CONF.ml2_fortinet.npu_available,
        }

        api_server = [(self._fortigate["address"], self._fortigate["port"], "https" == self._fortigate["protocol"])]
        self._driver = client.FortiosApiClient(api_server, self._fortigate["username"], self._fortigate["password"])

        for key in const.FORTINET_PARAMS:
            self.sync_conf_to_db(key)

        session = db_api.get_session()
        cls = fortinet_db.Fortinet_Interface
        ext_inf = {"name": self._fortigate["ext_interface"], "vdom": const.EXT_VDOM}
        record = fortinet_db.query_record(session, cls, **ext_inf)
        if not record:
            fortinet_db.add_record(session, cls, **ext_inf)
            """create a vdom for external network if it doesn't exist"""
            try:
                message = {"name": const.EXT_VDOM}
                self._driver.request("GET_VDOM", **message)
            except exception.ResourceNotFound:
                LOG.info(_("external vdom doesn't exist, creating one"))
                self._driver.request("ADD_VDOM", **message)
                message = {"name": self._fortigate["ext_interface"], "vdom": const.EXT_VDOM}
                self._driver.request("SET_VLAN_INTERFACE", **message)
Beispiel #37
0
def add_reservedip(obj, context, **kwargs):
    cls = fortinet_db.Fortinet_ML2_ReservedIP
    reserved_ip = add_record(obj, context, cls, **kwargs)
    db_reservedips = fortinet_db.query_records(
        context, cls, subnet_id=kwargs.get('subnet_id'))
    db_subnet = fortinet_db.query_record(context,
                                         fortinet_db.Fortinet_ML2_Subnet,
                                         subnet_id=kwargs.get('subnet_id'))
    if db_subnet:
        reserved_addresses = []
        for rsrvdip in db_reservedips:
            reserved_addresses.append({
                'id': rsrvdip.edit_id,
                'ip': rsrvdip.ip,
                'mac': rsrvdip.mac
            })

        op(obj,
           context,
           resources.DhcpServerRsvAddr.set,
           id=db_subnet.edit_id,
           vdom=kwargs.get('vdom'),
           reserved_address=json.dumps(reserved_addresses))
Beispiel #38
0
    def remove_router_interface(self, context, router_id, interface_info):
        """Deletes vlink, default router from Fortinet device."""
        LOG.debug(
            "FortinetL3ServicePlugin.remove_router_interface called: "
            "router_id=%(router_id)s "
            "interface_info=%(interface_info)r", {
                'router_id': router_id,
                'interface_info': interface_info
            })

        with context.session.begin(subtransactions=True):
            info = super(FortinetL3ServicePlugin, self).\
                remove_router_interface(context, router_id, interface_info)
            try:
                subnet = self._core_plugin._get_subnet(context,
                                                       info['subnet_id'])
                tenant_id = subnet['tenant_id']
                network_id = subnet['network_id']
                vlan_inf = utils.get_intf(context, network_id)
                db_namespace = fortinet_db.query_record(
                    context,
                    fortinet_db.Fortinet_ML2_Namespace,
                    tenant_id=tenant_id)
                utils.delete_fwpolicy(self,
                                      context,
                                      vdom=db_namespace.vdom,
                                      srcintf=vlan_inf)
            except Exception:
                LOG.error(
                    _("Fail remove of interface from Fortinet router "
                      "interface. info=%(info)s, "
                      "router_id=%(router_id)s") % ({
                          "info": info,
                          "router_id": router_id
                      }))
                raise Exception
        return info
Beispiel #39
0
 def delete_network_postcommit(self, mech_context):
     """Delete network which translates to remove vlan interface
     and related vdom from the fortigate.
     """
     LOG.debug(_("delete_network_postcommit: called"))
     network = mech_context.current
     context = mech_context._plugin_context
     tenant_id = network['tenant_id']
     if not fortinet_db.query_count(
             context, models_v2.Network, tenant_id=tenant_id):
         try:
             namespace = fortinet_db.query_record(
                 context,
                 fortinet_db.Fortinet_ML2_Namespace,
                 tenant_id=tenant_id)
             if not namespace:
                 return
             if not [
                     getattr(record, 'gw_port_id', None)
                     for record in fortinet_db.query_records(
                         context,
                         l3_db.Router,
                         tenant_id=namespace.tenant_id)
                     if getattr(record, 'gw_port_id', None)
             ]:
                 utils.delete_vlink(self, context, tenant_id=tenant_id)
                 utils.delete_vdom(self, context, vdom=namespace.vdom)
             LOG.info(
                 _("delete network postcommit: tenant= %(tenant_id)s"
                   " vdom= %(vdom)s"), {
                       'tenant_id': tenant_id,
                       'vdom': namespace.vdom
                   })
         except Exception as e:
             resources.Exinfo(e)
             raise ml2_exc.MechanismDriverError(
                 method=sys._getframe().f_code.co_name)
Beispiel #40
0
def add_interface_ip(obj, context, **kwargs):
    """
    :param context:
    :param kwargs: example format as below
        {
            "ip": "10.160.37.20 255.255.255.0",
            "name": "port37",
            "vdom": "root"
        }
    :return:
    """
    inf_db = fortinet_db.query_record(context,
                                      fortinet_db.Fortinet_Interface,
                                      name=kwargs.get('name'))
    if const.EXT_DEF_DST in getattr(inf_db, 'ip'):
        inf_db.update_record(context, inf_db, **kwargs)
        op(obj, context, resources.VlanInterface.set, **kwargs)
    else:
        records = fortinet_db.query_records(
            context,
            fortinet_db.Fortinet_Interface_subip,
            name=kwargs.get('name'))
        org_subips = [getattr(record, 'ip') for record in records]

        if kwargs.get('ip') in org_subips:
            return
        add_record(obj, context, fortinet_db.Fortinet_Interface_subip,
                   **kwargs)

        org_subips.append(kwargs.get('ip'))
        op(obj,
           context,
           resources.VlanInterface.set,
           name=kwargs.get('name'),
           vdom=kwargs.get('vdom'),
           secondaryips=org_subips)
Beispiel #41
0
def add_addrgrp(obj, context, **kwargs):
    """
    :param context:
    :param kwargs:
     {
        "name": "addrgrp_osvdm1",
        "vdom": "osvdm1",
        "members": ["192.168.33.0"]
     }
    :return:
    """
    cls = fortinet_db.Fortinet_Firewall_Address
    records = fortinet_db.query_records(context, cls, group=kwargs['name'])
    for name in kwargs['members']:
        record = fortinet_db.query_record(context,
                                          cls,
                                          name=name,
                                          vdom=kwargs['vdom'])
        if not record.group:
            cls.update_record(context, record, group=kwargs['name'])
            # TODO: need to add a rollback action to taskmanager
        else:
            LOG.debug(_("The member %(record)s already joined a group"),
                      {"record": record})
    for record in records:
        kwargs['members'].append(record.name)
    try:
        op(obj,
           context,
           resources.FirewallAddrgrp.get,
           name=kwargs['name'],
           vdom=kwargs['vdom'])
        # TODO: need to add a rollback action to taskmanager
        op(obj, context, resources.FirewallAddrgrp.set, **kwargs)
    except exception.ResourceNotFound:
        op(obj, context, resources.FirewallAddrgrp.add, **kwargs)
Beispiel #42
0
    def _allocate_floatingip(self, context, obj):
        """
        1. mapping floatingip to the one of a pair of internal ips based on
           the vip function.
        2. add another ip of the ip pair to the secondaryip list of
           the external interface.

        obj example:
        {
            'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
            'router_id': None,
            'fixed_ip_address': None,
            'floating_ip_address': u'10.160.37.113',
            'tenant_id': u'3998b33381fb48f694369689065a3760',
            'status': 'DOWN',
            'port_id': None,
            'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f'
        }

        The floatingip is a instance of neutron.db.l3_db.FloatingIP, example:
        {
            tenant_id=u'3998b33381fb48f694369689065a3760',
            id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
            floating_ip_address=u'10.160.37.111',
            floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
            floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
            fixed_port_id=None,
            fixed_ip_address=None,
            router_id=None,
            last_known_router_id=None,
            status=u'DOWN'
        }
        """
        try:
            db_namespace = fortinet_db.query_record(
                context,
                fortinet_db.Fortinet_ML2_Namespace,
                tenant_id=obj['tenant_id'])

            db_fip = utils.add_record(
                self,
                context,
                fortinet_db.Fortinet_FloatingIP_Allocation,
                vdom=db_namespace.vdom,
                floating_ip_address=obj['floating_ip_address'],
                vip_name=obj['floating_ip_address'])
            mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
            utils.add_vip(self,
                          context,
                          vdom=const.EXT_VDOM,
                          name=db_fip.vip_name,
                          extip=db_fip.floating_ip_address,
                          extintf='any',
                          mappedip=mappedip)

            int_intf, ext_intf = utils.get_vlink_intf(self,
                                                      context,
                                                      vdom=db_namespace.vdom)

            #utils.add_secondaryip(self, context,
            #                      name=ext_inf,
            #                      vdom=db_namespace.vdom,
            #                      ip=utils.getip(db_fip.ip_subnet, 1))

            utils.add_fwpolicy(self,
                               context,
                               vdom=const.EXT_VDOM,
                               srcintf=self._fortigate['ext_interface'],
                               dstintf=ext_intf,
                               dstaddr=db_fip.vip_name,
                               nat='enable')

            utils.add_routerstatic(self,
                                   context,
                                   vdom=const.EXT_VDOM,
                                   dst="%s 255.255.255.255" % mappedip,
                                   device=ext_intf,
                                   gateway=const.DEF_GW)

            utils.add_fwippool(self,
                               context,
                               name=db_fip.floating_ip_address,
                               vdom=const.EXT_VDOM,
                               startip=db_fip.floating_ip_address)

            #ipaddr = utils.get_ipaddr(db_fip.ip_subnet, 2)
            utils.add_fwaddress(self,
                                context,
                                name=mappedip,
                                vdom=const.EXT_VDOM,
                                subnet="%s 255.255.255.255" % mappedip)

            db_fwpolicy = utils.add_fwpolicy(
                self,
                context,
                vdom=const.EXT_VDOM,
                srcintf=ext_intf,
                srcaddr=mappedip,
                dstintf=self._fortigate['ext_interface'],
                poolname=db_fip.floating_ip_address)
            utils.head_firewall_policy(self,
                                       context,
                                       vdom=const.EXT_VDOM,
                                       id=db_fwpolicy.edit_id)

            utils.add_fwippool(self,
                               context,
                               name=mappedip,
                               vdom=db_namespace.vdom,
                               startip=mappedip)
        except Exception as e:
            utils._rollback_on_err(self, context, e)
            raise e
        utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
Beispiel #43
0
def set_vlanintf(obj, context, **kwargs):
    cls = fortinet_db.Fortinet_Interface
    record = fortinet_db.query_record(context, cls, **kwargs)
    rbkwargs = backup_fields(record, **kwargs)
    cls.update_record(context, record, **kwargs)
    pass
Beispiel #44
0
def get_vlink_intf(obj, context, **kwargs):
    vlink_vlan = fortinet_db.query_record(
        context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, **kwargs)
    if not vlink_vlan and kwargs.get('vdom', None):
        return add_vlink(obj, context, kwargs['vdom'])
    return (vlink_vlan.inf_name_int_vdom, vlink_vlan.inf_name_ext_vdom)
Beispiel #45
0
def delete_by_id(obj, context, cls, resource, **kwargs):
    record = fortinet_db.query_record(context, cls, **kwargs)
    delete_resource_with_id(obj, context, record, resource)
    fortinet_db.delete_record(context, cls, **kwargs)
Beispiel #46
0
def delete_by_keys(obj, context, cls, resource, *keys, **kwargs):
    record = fortinet_db.query_record(context, cls, **kwargs)
    delete_resource_with_keys(obj, context, record, resource, *keys)
    return fortinet_db.delete_record(context, cls, **kwargs)
Beispiel #47
0
 def update_floatingip_status(self, context, res, status, **kwargs):
     if res.get('status', None):
         res['status'] = status
     record = fortinet_db.query_record(context, l3_db.FloatingIP, **kwargs)
     fortinet_db.update_record(context, record, status=status)
Beispiel #48
0
    def _allocate_floatingip(self, context, obj):
        """
        1. mapping floatingip to the one of a pair of internal ips based on
           the vip function.
        2. add another ip of the ip pair to the secondaryip list of
           the external interface.

        obj example:
        {
            'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
            'router_id': None,
            'fixed_ip_address': None,
            'floating_ip_address': u'10.160.37.113',
            'tenant_id': u'3998b33381fb48f694369689065a3760',
            'status': 'DOWN',
            'port_id': None,
            'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f'
        }

        The floatingip is a instance of neutron.db.l3_db.FloatingIP, example:
        {
            tenant_id=u'3998b33381fb48f694369689065a3760',
            id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
            floating_ip_address=u'10.160.37.111',
            floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
            floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
            fixed_port_id=None,
            fixed_ip_address=None,
            router_id=None,
            last_known_router_id=None,
            status=u'DOWN'
        }
        """
        try:
            db_namespace = fortinet_db.query_record(context,
                                        fortinet_db.Fortinet_ML2_Namespace,
                                        tenant_id=obj['tenant_id'])

            db_fip = utils.add_record(self, context,
                            fortinet_db.Fortinet_FloatingIP_Allocation,
                            vdom=db_namespace.vdom,
                            floating_ip_address=obj['floating_ip_address'],
                            vip_name=obj['floating_ip_address'])
            mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
            utils.add_vip(self, context,
                          vdom=const.EXT_VDOM,
                          name=db_fip.vip_name,
                          extip=db_fip.floating_ip_address,
                          extintf='any',
                          mappedip=mappedip)

            int_intf, ext_intf = utils.get_vlink_intf(self, context,
                                                   vdom=db_namespace.vdom)

            #utils.add_secondaryip(self, context,
            #                      name=ext_inf,
            #                      vdom=db_namespace.vdom,
            #                      ip=utils.getip(db_fip.ip_subnet, 1))

            utils.add_fwpolicy(self, context,
                               vdom=const.EXT_VDOM,
                               srcintf=self._fortigate['ext_interface'],
                               dstintf=ext_intf,
                               dstaddr=db_fip.vip_name,
                               nat='enable')

            utils.add_routerstatic(self, context,
                                   vdom=const.EXT_VDOM,
                                   dst="%s 255.255.255.255" % mappedip,
                                   device=ext_intf,
                                   gateway=const.DEF_GW)

            utils.add_fwippool(self, context,
                               name=db_fip.floating_ip_address,
                               vdom=const.EXT_VDOM,
                               startip=db_fip.floating_ip_address)

            #ipaddr = utils.get_ipaddr(db_fip.ip_subnet, 2)
            utils.add_fwaddress(self, context,
                                name=mappedip,
                                vdom=const.EXT_VDOM,
                                subnet="%s 255.255.255.255" % mappedip)

            db_fwpolicy = utils.add_fwpolicy(self, context,
                               vdom=const.EXT_VDOM,
                               srcintf=ext_intf,
                               srcaddr=mappedip,
                               dstintf=self._fortigate['ext_interface'],
                               poolname=db_fip.floating_ip_address)
            utils.head_firewall_policy(self, context,
                                       vdom=const.EXT_VDOM,
                                       id=db_fwpolicy.edit_id)

            utils.add_fwippool(self, context,
                               name=mappedip,
                               vdom=db_namespace.vdom,
                               startip=mappedip)
        except Exception as e:
            utils._rollback_on_err(self, context, e)
            raise e
        utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
Beispiel #49
0
def set_vlanintf(obj, context, **kwargs):
    cls = fortinet_db.Fortinet_Interface
    record = fortinet_db.query_record(context, cls, **kwargs)
    rbkwargs = backup_fields(record, **kwargs)
    cls.update_record(context, record, **kwargs)
    pass
Beispiel #50
0
def delete_by_keys(obj, context, cls, resource, *keys, **kwargs):
    record = fortinet_db.query_record(context, cls, **kwargs)
    delete_resource_with_keys(obj, context, record, resource, *keys)
    return fortinet_db.delete_record(context, cls, **kwargs)
Beispiel #51
0
def delete_by_id(obj, context, cls, resource, **kwargs):
    record = fortinet_db.query_record(context, cls, **kwargs)
    delete_resource_with_id(obj, context, record, resource)
    fortinet_db.delete_record(context, cls, **kwargs)
Beispiel #52
0
def get_segmentation_id(context, network_id):
    ml2_net_seg = fortinet_db.query_record(context, ml2_db.NetworkSegment,
                                           network_id=network_id)
    return getattr(ml2_net_seg, 'segmentation_id', None)
Beispiel #53
0
    def create_subnet_postcommit(self, mech_context):
        """Noop now, it is left here for future."""
        #LOG.debug(_("create_subnetwork_postcommit: called"))
        gateway = mech_context.current['gateway_ip']
        network_id = mech_context.current['network_id']
        subnet_id = mech_context.current['id']
        tenant_id = mech_context.current['tenant_id']
        context = mech_context._plugin_context
        try:
            if fortinet_db.query_record(context,
                                        ExternalNetwork,
                                        network_id=network_id):
                utils.add_routerstatic(self,
                                       context,
                                       subnet_id=subnet_id,
                                       vdom=const.EXT_VDOM,
                                       dst=const.EXT_DEF_DST,
                                       device=self._fortigate['ext_interface'],
                                       gateway=gateway)
            else:
                namespace = fortinet_db.query_record(
                    context,
                    fortinet_db.Fortinet_ML2_Namespace,
                    tenant_id=tenant_id)
                interface = utils.get_intf(context,
                                           mech_context.current['network_id'])
                netmask = str(netaddr.\
                            IPNetwork(mech_context.current['cidr']).netmask)
                start_ip = mech_context.current['allocation_pools'][0]['start']
                end_ip = mech_context.current['allocation_pools'][0]['end']

                utils.add_dhcpserver(self,
                                     context,
                                     subnet_id=subnet_id,
                                     vdom=namespace.vdom,
                                     interface=interface,
                                     gateway=gateway,
                                     netmask=netmask,
                                     start_ip=start_ip,
                                     end_ip=end_ip)

                # TODO: need to add rollback for the update and set
                cls = fortinet_db.Fortinet_Interface
                record = fortinet_db.query_record(context,
                                                  cls,
                                                  name=interface,
                                                  vdom=namespace.vdom)
                if gateway:
                    cls.update_record(context,
                                      record,
                                      ip="%s %s" % (gateway, netmask))
                    utils.op(self,
                             context,
                             resources.VlanInterface.set,
                             name=interface,
                             vdom=namespace.vdom,
                             ip="%s %s" % (gateway, netmask))
        except Exception as e:
            utils._rollback_on_err(self, context, e)
            raise ml2_exc.MechanismDriverError(
                method=sys._getframe().f_code.co_name)
        utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
Beispiel #54
0
 def update_floatingip_status(self, context, res, status, **kwargs):
     if res.get('status', None):
         res['status'] = status
     record = fortinet_db.query_record(context, l3_db.FloatingIP, **kwargs)
     fortinet_db.update_record(context, record, status=status)
Beispiel #55
0
    def _release_floatingip(self, context, id):
        """
        :param context:
        :param id: the floatingip id in neutron.db.l3_db.FloatingIP.
        {
                tenant_id=u'3998b33381fb48f694369689065a3760',
                id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
                floating_ip_address=u'10.160.37.111',
                floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
                floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
                fixed_port_id=None,
                fixed_ip_address=None,
                router_id=None,
                last_known_router_id=None,
                status=u'DOWN'
        }
        :return:
        """
        l3db_fip = self._get_floatingip(context, id)
        db_namespace = fortinet_db.query_record(context,
                                fortinet_db.Fortinet_ML2_Namespace,
                                tenant_id=l3db_fip.tenant_id)

        db_fip = fortinet_db.query_record(context,
                            fortinet_db.Fortinet_FloatingIP_Allocation,
                            floating_ip_address=l3db_fip.floating_ip_address,
                            allocated=True)
        if not db_fip or not db_namespace:
            return

        int_intf, ext_intf = utils.get_vlink_intf(self, context,
                                                 vdom=db_namespace.vdom)
        mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)

        utils.delete_fwippool(self, context,
                              name=mappedip,
                              vdom=db_namespace.vdom,
                              startip=mappedip)

        utils.delete_fwpolicy(self, context,
                              vdom=const.EXT_VDOM,
                              srcintf=ext_intf,
                              srcaddr=mappedip,
                              dstintf=self._fortigate['ext_interface'],
                              poolname=db_fip.floating_ip_address)

        utils.delete_fwaddress(self, context,
                               name=mappedip,
                               vdom=const.EXT_VDOM,
                               subnet="%s 255.255.255.255" % mappedip)

        utils.delete_fwippool(self, context,
                              name=db_fip.floating_ip_address,
                              vdom=const.EXT_VDOM,
                              startip=db_fip.floating_ip_address)

        utils.delete_routerstatic(self, context,
                                  vdom=const.EXT_VDOM,
                                  dst="%s 255.255.255.255" % mappedip,
                                  device=ext_intf,
                                  gateway=const.DEF_GW)

        utils.delete_fwpolicy(self, context,
                              vdom=const.EXT_VDOM,
                              dstintf=ext_intf,
                              dstaddr=l3db_fip.floating_ip_address)

        #utils.delete_secondaryip(self, context,
        #                         name=ext_inf,
        #                         vdom=const.EXT_VDOM,
        #                         ip=utils.getip(db_fip.ip_subnet, 1))


        utils.delete_vip(self, context,
                         vdom=const.EXT_VDOM,
                         name=db_fip.vip_name,
                         extip=db_fip.floating_ip_address,
                         extintf='any',
                         mappedip=mappedip)

        fortinet_db.delete_record(context,
                        fortinet_db.Fortinet_FloatingIP_Allocation,
                        vdom=db_namespace.vdom,
                        floating_ip_address=db_fip.floating_ip_address,
                        vip_name=db_fip.floating_ip_address)
Beispiel #56
0
    def _associate_floatingip(self, context, id, floatingip):
        try:
            l3db_fip = self._get_floatingip(context, id)
            db_namespace = fortinet_db.query_record(
                context,
                fortinet_db.Fortinet_ML2_Namespace,
                tenant_id=l3db_fip.tenant_id)

            db_fip = fortinet_db.query_record(
                context,
                fortinet_db.Fortinet_FloatingIP_Allocation,
                floating_ip_address=l3db_fip.floating_ip_address,
                allocated=True)
            int_intf, ext_intf = utils.get_vlink_intf(self,
                                                      context,
                                                      vdom=db_namespace.vdom)
            mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
            fixed_ip_address = floatingip['floatingip']['fixed_ip_address']
            utils.add_vip(self,
                          context,
                          vdom=db_namespace.vdom,
                          name=db_fip.floating_ip_address,
                          extip=mappedip,
                          extintf=int_intf,
                          mappedip=fixed_ip_address)

            db_ip = fortinet_db.query_record(
                context,
                models_v2.IPAllocation,
                port_id=floatingip['floatingip']['port_id'])
            vlan_inf = utils.get_intf(context, db_ip.network_id)
            utils.add_fwpolicy(self,
                               context,
                               vdom=db_namespace.vdom,
                               srcintf=int_intf,
                               dstintf=vlan_inf,
                               dstaddr=db_fip.floating_ip_address,
                               nat='enable')

            utils.add_fwaddress(self,
                                context,
                                name=fixed_ip_address,
                                vdom=db_namespace.vdom,
                                subnet="%s 255.255.255.255" % fixed_ip_address,
                                associated_interface=vlan_inf)

            db_fwpolicy = utils.add_fwpolicy(self,
                                             context,
                                             vdom=db_namespace.vdom,
                                             srcintf=vlan_inf,
                                             srcaddr=fixed_ip_address,
                                             dstintf=int_intf,
                                             poolname=mappedip)
            utils.head_firewall_policy(self,
                                       context,
                                       vdom=db_namespace.vdom,
                                       id=db_fwpolicy.edit_id)
        except Exception as e:
            utils._rollback_on_err(self, context, e)
            raise e
        utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
Beispiel #57
0
def set_ext_gw(obj, context, port):
    """
    :param context:
    :param port: example format
     port = {
        'status': 'DOWN',
        'binding:host_id': '',
        'allowed_address_pairs': [],
        'device_owner': 'network:router_gateway',
        'binding:profile': {},
        'fixed_ips': [{
            'subnet_id': u'09855a84-edfd-474d-b641-38a2bc63466a',
            'ip_address': u'10.160.37.111'
        }],
        'id': '6e68efc0-c0ca-40a2-a502-c2bf19304317',
        'security_groups': [],
        'device_id': u'8312d7a2-cae5-4e87-9c04-782c4a34bb8c',
        'name': '',
        'admin_state_up': True,
        'network_id': u'95eb736c-dd3b-4bf5-940a-8fa8e707a376',
        'tenant_id': '',
        'binding:vif_details': {},
        'binding:vnic_type': 'normal',
        'binding:vif_type': 'unbound',
        'mac_address': 'fa:16:3e:95:02:ab'
    }
    :return:
    """
    router_db = fortinet_db.query_record(context,
                                         l3_db.Router,
                                         id=port['device_id'])
    tenant_id = router_db.get('tenant_id', None)
    if not tenant_id:
        raise ValueError

    namespace = add_vdom(obj, context, tenant_id=tenant_id)
    add_vlink(obj, context, namespace.vdom)
    vlink_db = fortinet_db.query_record(
        context,
        fortinet_db.Fortinet_Vlink_Vlan_Allocation,
        vdom=namespace.vdom)

    ip_address = port['fixed_ips'][0]['ip_address']

    add_fwippool(obj,
                 context,
                 vdom=const.EXT_VDOM,
                 name=ip_address,
                 startip=ip_address)

    add_fwpolicy(obj,
                 context,
                 vdom=const.EXT_VDOM,
                 srcintf=vlink_db.inf_name_ext_vdom,
                 dstintf=obj._fortigate['ext_interface'],
                 poolname=ip_address)
    subnet_db = fortinet_db.query_record(context,
                                         models_v2.Subnet,
                                         id=port['fixed_ips'][0]['subnet_id'])
    if subnet_db:
        netmask = netaddr.IPNetwork(subnet_db.cidr).netmask
        add_interface_ip(obj,
                         context,
                         name=obj._fortigate['ext_interface'],
                         vdom=const.EXT_VDOM,
                         ip="%s %s" % (ip_address, netmask))
Beispiel #58
0
    def _release_floatingip(self, context, id):
        """
        :param context:
        :param id: the floatingip id in neutron.db.l3_db.FloatingIP.
        {
                tenant_id=u'3998b33381fb48f694369689065a3760',
                id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
                floating_ip_address=u'10.160.37.111',
                floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
                floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
                fixed_port_id=None,
                fixed_ip_address=None,
                router_id=None,
                last_known_router_id=None,
                status=u'DOWN'
        }
        :return:
        """
        l3db_fip = self._get_floatingip(context, id)
        db_namespace = fortinet_db.query_record(
            context,
            fortinet_db.Fortinet_ML2_Namespace,
            tenant_id=l3db_fip.tenant_id)

        db_fip = fortinet_db.query_record(
            context,
            fortinet_db.Fortinet_FloatingIP_Allocation,
            floating_ip_address=l3db_fip.floating_ip_address,
            allocated=True)
        if not db_fip or not db_namespace:
            return

        int_intf, ext_intf = utils.get_vlink_intf(self,
                                                  context,
                                                  vdom=db_namespace.vdom)
        mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)

        utils.delete_fwippool(self,
                              context,
                              name=mappedip,
                              vdom=db_namespace.vdom,
                              startip=mappedip)

        utils.delete_fwpolicy(self,
                              context,
                              vdom=const.EXT_VDOM,
                              srcintf=ext_intf,
                              srcaddr=mappedip,
                              dstintf=self._fortigate['ext_interface'],
                              poolname=db_fip.floating_ip_address)

        utils.delete_fwaddress(self,
                               context,
                               name=mappedip,
                               vdom=const.EXT_VDOM,
                               subnet="%s 255.255.255.255" % mappedip)

        utils.delete_fwippool(self,
                              context,
                              name=db_fip.floating_ip_address,
                              vdom=const.EXT_VDOM,
                              startip=db_fip.floating_ip_address)

        utils.delete_routerstatic(self,
                                  context,
                                  vdom=const.EXT_VDOM,
                                  dst="%s 255.255.255.255" % mappedip,
                                  device=ext_intf,
                                  gateway=const.DEF_GW)

        utils.delete_fwpolicy(self,
                              context,
                              vdom=const.EXT_VDOM,
                              dstintf=ext_intf,
                              dstaddr=l3db_fip.floating_ip_address)

        #utils.delete_secondaryip(self, context,
        #                         name=ext_inf,
        #                         vdom=const.EXT_VDOM,
        #                         ip=utils.getip(db_fip.ip_subnet, 1))

        utils.delete_vip(self,
                         context,
                         vdom=const.EXT_VDOM,
                         name=db_fip.vip_name,
                         extip=db_fip.floating_ip_address,
                         extintf='any',
                         mappedip=mappedip)

        fortinet_db.delete_record(
            context,
            fortinet_db.Fortinet_FloatingIP_Allocation,
            vdom=db_namespace.vdom,
            floating_ip_address=db_fip.floating_ip_address,
            vip_name=db_fip.floating_ip_address)
Beispiel #59
0
def get_segmentation_id(context, network_id):
    ml2_net_seg = fortinet_db.query_record(context,
                                           ml2_db.NetworkSegment,
                                           network_id=network_id)
    return getattr(ml2_net_seg, 'segmentation_id', None)
Beispiel #60
0
    def add_router_interface(self, context, router_id, interface_info):
        """creates vlnk on the fortinet device."""
        LOG.debug(
            "FortinetL3ServicePlugin.add_router_interface: "
            "router_id=%(router_id)s "
            "interface_info=%(interface_info)r", {
                'router_id': router_id,
                'interface_info': interface_info
            })
        with context.session.begin(subtransactions=True):
            info = super(FortinetL3ServicePlugin,
                         self).add_router_interface(context, router_id,
                                                    interface_info)
            port = db.get_port(context.session, info['port_id'])
            port['admin_state_up'] = True
            port['port'] = port
            LOG.debug(
                "FortinetL3ServicePlugin: "
                "context=%(context)s"
                "port=%(port)s "
                "info=%(info)r", {
                    'context': context,
                    'port': port,
                    'info': info
                })

            #self._core_plugin.update_port(context, info["port_id"], port)

            interface_info = info
            subnet = self._core_plugin._get_subnet(context,
                                                   interface_info['subnet_id'])
            network_id = subnet['network_id']
            tenant_id = port['tenant_id']
            port_filters = {
                'network_id': [network_id],
                'device_owner': [DEVICE_OWNER_ROUTER_INTF]
            }
            port_count = self._core_plugin.get_ports_count(
                context, port_filters)
            # port count is checked against 2 since the current port is already
            # added to db
            if port_count == 2:
                # This subnet is already part of some router
                LOG.error(
                    _("FortinetL3ServicePlugin: adding redundant router "
                      "interface is not supported"))
                raise Exception(
                    _("FortinetL3ServicePlugin:adding redundant "
                      "router interface is not supported"))
            try:
                db_namespace = fortinet_db.query_record(
                    context,
                    fortinet_db.Fortinet_ML2_Namespace,
                    tenant_id=tenant_id)
                vlan_inf = utils.get_intf(context, network_id)
                int_intf, ext_intf = utils.get_vlink_intf(
                    self, context, vdom=db_namespace.vdom)
                utils.add_fwpolicy(self,
                                   context,
                                   vdom=db_namespace.vdom,
                                   srcintf=vlan_inf,
                                   dstintf=int_intf,
                                   nat='enable')

            except Exception as e:
                LOG.error(
                    _("Failed to create Fortinet resources to add router "
                      "interface. info=%(info)s, router_id=%(router_id)s"), {
                          "info": info,
                          "router_id": router_id
                      })
                resources.Exinfo(e)
                with excutils.save_and_reraise_exception():
                    self.remove_router_interface(context, router_id,
                                                 interface_info)
        utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
        return info