def login(self):
        """Get session based login"""
        login_obj = {"username": self.username, "password": self.password}

        msg = "NetScaler driver login:"******"login", NITRO_LOGIN_URI,
                                                   "login", login_obj)
        LOG.info(_LI("Response: status : %(status)s %result(result)s"), {
                 "status": resp_status, "result": result['body']})
        result_body = jsonutils.loads(result['body'])

        session_id = None
        if result_body and "login" in result_body:
            logins = result_body["login"]
            if isinstance(logins, list):
                login = logins[0]
            else:
                login = logins
            if login and "sessionid" in login:
                session_id = login["sessionid"]

        if session_id:
            LOG.info(_LI("Response: %(result)s"), {"result": result['body']})
            LOG.info(
                _LI("Session_id = %(session_id)s") %
                {"session_id": session_id})
            # Update sessin_id in auth
            self.auth = "SessId=%s" % session_id
        else:
            raise NCCException(NCCException.RESPONSE_ERROR)
Beispiel #2
0
    def login(self):
        """Get session based login"""
        login_obj = {"username": self.username, "password": self.password}

        msg = "NetScaler driver login:"******"login", NITRO_LOGIN_URI,
                                                   "login", login_obj)
        LOG.info(_LI("Response: status : %(status)s %result(result)s"), {
                 "status": resp_status, "result": result['body']})
        result_body = jsonutils.loads(result['body'])

        session_id = None
        if result_body and "login" in result_body:
            logins = result_body["login"]
            if isinstance(logins, list):
                login = logins[0]
            else:
                login = logins
            if login and "sessionid" in login:
                session_id = login["sessionid"]

        if session_id:
            LOG.info(_LI("Response: %(result)s"), {"result": result['body']})
            LOG.info(
                _LI("Session_id = %(session_id)s") %
                {"session_id": session_id})
            # Update sessin_id in auth
            self.auth = "SessId=%s" % session_id
        else:
            raise NCCException(NCCException.RESPONSE_ERROR)
 def stop(self, graceful=False):
     if self.server:
         LOG.info(_LI('Stopping consumer...'))
         self.server.stop()
         if graceful:
             LOG.info(
                 _LI('Consumer successfully stopped.  Waiting for final '
                     'messages to be processed...'))
             self.server.wait()
     super(OctaviaConsumer, self).stop(graceful=graceful)
Beispiel #4
0
 def stop(self, graceful=False):
     if self.server:
         LOG.info(_LI('Stopping consumer...'))
         self.server.stop()
         if graceful:
             LOG.info(
                 _LI('Consumer successfully stopped.  Waiting for final '
                     'messages to be processed...'))
             self.server.wait()
     super(OctaviaConsumer, self).stop(graceful=graceful)
 def agent_updated(self, context, payload):
     """Handle the agent_updated notification event."""
     if payload['admin_state_up'] != self.admin_state_up:
         self.admin_state_up = payload['admin_state_up']
         if self.admin_state_up:
             self.needs_resync = True
         else:
             for pool_id in self.instance_mapping.keys():
                 LOG.info(_LI("Destroying pool %s due to agent disabling"),
                          pool_id)
                 self._destroy_pool(pool_id)
         LOG.info(_LI("Agent_updated by server side %s!"), payload)
 def agent_updated(self, context, payload):
     """Handle the agent_updated notification event."""
     if payload["admin_state_up"] != self.admin_state_up:
         self.admin_state_up = payload["admin_state_up"]
         if self.admin_state_up:
             self.needs_resync = True
         else:
             # Copy keys since the dictionary is modified in the loop body
             for loadbalancer_id in list(self.instance_mapping.keys()):
                 LOG.info(_LI("Destroying loadbalancer %s due to agent " "disabling"), loadbalancer_id)
                 self._destroy_loadbalancer(loadbalancer_id)
         LOG.info(_LI("Agent_updated by server side %s!"), payload)
 def agent_updated(self, context, payload):
     """Handle the agent_updated notification event."""
     if payload['admin_state_up'] != self.admin_state_up:
         self.admin_state_up = payload['admin_state_up']
         if self.admin_state_up:
             self.needs_resync = True
         else:
             for loadbalancer_id in self.instance_mapping.keys():
                 LOG.info(_LI("Destroying loadbalancer %s due to agent "
                              "disabling"), loadbalancer_id)
                 self._destroy_loadbalancer(loadbalancer_id)
         LOG.info(_LI("Agent_updated by server side %s!"), payload)
 def _create_snatport_for_subnet_if_not_exists(self, context, tenant_id,
                                               subnet_id, network_info):
     port = self._get_snatport_for_subnet(context, tenant_id, subnet_id)
     if not port:
         LOG.info(_LI("No SNAT port found for subnet %s. Creating one..."),
                  subnet_id)
         port = self._create_snatport_for_subnet(context, tenant_id,
                                                 subnet_id,
                                                 ip_address=None)
     network_info['port_id'] = port['id']
     network_info['snat_ip'] = port['fixed_ips'][0]['ip_address']
     LOG.info(_LI("SNAT port: %r"), port)
 def _create_snatport_for_subnet_if_not_exists(self, context, tenant_id,
                                               subnet_id, network_info):
     port = self._get_snatport_for_subnet(context, tenant_id, subnet_id)
     if not port:
         LOG.info(_LI("No SNAT port found for subnet %s. Creating one..."),
                  subnet_id)
         port = self._create_snatport_for_subnet(context, tenant_id,
                                                 subnet_id,
                                                 ip_address=None)
     network_info['port_id'] = port['id']
     network_info['snat_ip'] = port['fixed_ips'][0]['ip_address']
     LOG.info(_LI("SNAT port: %r"), port)
 def agent_updated(self, context, payload):
     """Handle the agent_updated notification event."""
     if payload['admin_state_up'] != self.admin_state_up:
         self.admin_state_up = payload['admin_state_up']
         if self.admin_state_up:
             self.needs_resync = True
         else:
             # Copy keys because the dict is modified in the loop body
             for pool_id in list(self.instance_mapping.keys()):
                 LOG.info(_LI("Destroying pool %s due to agent disabling"),
                          pool_id)
                 self._destroy_pool(pool_id)
         LOG.info(_LI("Agent_updated by server side %s!"), payload)
Beispiel #11
0
 def agent_updated(self, context, payload):
     """Handle the agent_updated notification event."""
     if payload['admin_state_up'] != self.admin_state_up:
         self.admin_state_up = payload['admin_state_up']
         if self.admin_state_up:
             self.needs_resync = True
         else:
             # Copy keys since the dictionary is modified in the loop body
             for loadbalancer_id in list(self.instance_mapping.keys()):
                 LOG.info(
                     _LI("Destroying loadbalancer %s due to agent "
                         "disabling"), loadbalancer_id)
                 self._destroy_loadbalancer(loadbalancer_id)
         LOG.info(_LI("Agent_updated by server side %s!"), payload)
    def get_cert(self, project_id, cert_ref, resource_ref,
                 check_only=False, service_name='lbaas'):
        """Retrieves the specified cert and registers as a consumer.

        :param cert_ref: the UUID of the cert to retrieve
        :param resource_ref: Full HATEOAS reference to the consuming resource
        :param check_only: Read Certificate data without registering
        :param service_name: Friendly name for the consuming service

        :returns: octavia.certificates.common.Cert representation of the
                 certificate data
        :raises Exception: if certificate retrieval fails
        """
        connection = self.auth.get_barbican_client(project_id)

        LOG.info(_LI(
            "Loading certificate container {0} from Barbican."
        ).format(cert_ref))
        try:
            if check_only:
                cert_container = connection.containers.get(
                    container_ref=cert_ref
                )
            else:
                cert_container = connection.containers.register_consumer(
                    container_ref=cert_ref,
                    name=service_name,
                    url=resource_ref
                )
            return Cert(cert_container)
        except Exception:
            with excutils.save_and_reraise_exception():
                LOG.exception(_LE("Error getting {0}").format(cert_ref))
 def start(self):
     super(OctaviaConsumer, self).start()
     LOG.info(_LI("Starting octavia consumer..."))
     self.server = messaging.get_rpc_server(self.transport, self.target,
                                            self.endpoints,
                                            executor='eventlet')
     self.server.start()
    def delete_cert(self,
                    project_id,
                    cert_ref,
                    resource_ref,
                    service_name='lbaas'):
        """Deregister as a consumer for the specified cert.

        :param cert_ref: the UUID of the cert to retrieve
        :param service_name: Friendly name for the consuming service
        :param lb_id: Loadbalancer id for building resource consumer URL

        :raises Exception: if deregistration fails
        """
        connection = self.auth.get_barbican_client(project_id)

        LOG.info(
            _LI("Deregistering as a consumer of {0} in Barbican.").format(
                cert_ref))
        try:
            connection.containers.remove_consumer(container_ref=cert_ref,
                                                  name=service_name,
                                                  url=resource_ref)
        except Exception:
            with excutils.save_and_reraise_exception():
                LOG.exception(
                    _LE("Error deregistering as a consumer of {0}").format(
                        cert_ref))
    def get_cert(self,
                 project_id,
                 cert_ref,
                 resource_ref,
                 check_only=False,
                 service_name='lbaas'):
        """Retrieves the specified cert and registers as a consumer.

        :param cert_ref: the UUID of the cert to retrieve
        :param resource_ref: Full HATEOAS reference to the consuming resource
        :param check_only: Read Certificate data without registering
        :param service_name: Friendly name for the consuming service

        :returns: octavia.certificates.common.Cert representation of the
                 certificate data
        :raises Exception: if certificate retrieval fails
        """
        connection = self.auth.get_barbican_client(project_id)

        LOG.info(
            _LI("Loading certificate container {0} from Barbican.").format(
                cert_ref))
        try:
            if check_only:
                cert_container = connection.containers.get(
                    container_ref=cert_ref)
            else:
                cert_container = connection.containers.register_consumer(
                    container_ref=cert_ref,
                    name=service_name,
                    url=resource_ref)
            return Cert(cert_container)
        except Exception:
            with excutils.save_and_reraise_exception():
                LOG.exception(_LE("Error getting {0}").format(cert_ref))
    def delete_cert(self, project_id, cert_ref, resource_ref, **kwargs):
        """Deletes the specified cert.

        :param project_id: Project ID for the owner of the certificate
        :param cert_ref: the UUID of the cert to delete
        :param resource_ref: Full HATEOAS reference to the consuming resource

        :raises CertificateStorageException: if certificate deletion fails
        """
        LOG.info(
            _LI("Deleting certificate {0} from the local filesystem.").format(
                cert_ref))

        filename_base = os.path.join(CONF.certificates.storage_path, cert_ref)

        filename_certificate = "{0}.crt".format(filename_base)
        filename_private_key = "{0}.key".format(filename_base)
        filename_intermediates = "{0}.int".format(filename_base)
        filename_pkp = "{0}.pass".format(filename_base)

        try:
            os.remove(filename_certificate)
            os.remove(filename_private_key)
            os.remove(filename_intermediates)
            os.remove(filename_pkp)
        except IOError as ioe:
            LOG.error(
                _LE("Failed to delete certificate {0}.").format(cert_ref))
            raise exceptions.CertificateStorageException(message=ioe.message)
    def delete_cert(cert_ref, lb_id, service_name='lbaas', **kwargs):
        """Deregister as a consumer for the specified cert.

        :param cert_ref: the UUID of the cert to retrieve
        :param service_name: Friendly name for the consuming service
        :param lb_id: Loadbalancer id for building resource consumer URL

        :raises Exception: if deregistration fails
        """
        connection = BarbicanKeystoneAuth.get_barbican_client()

        LOG.info(_LI(
            "Deregistering as a consumer of {0} in Barbican."
        ).format(cert_ref))
        try:
            connection.containers.remove_consumer(
                container_ref=cert_ref,
                name=service_name,
                url=CertManager._get_service_url(lb_id)
            )
        except Exception:
            with excutils.save_and_reraise_exception():
                LOG.exception(_LE(
                    "Error deregistering as a consumer of {0}"
                ).format(cert_ref))
Beispiel #18
0
 def start(self):
     super(OctaviaConsumer, self).start()
     LOG.info(_LI("Starting octavia consumer..."))
     self.server = messaging.get_rpc_server(self.transport, self.target,
                                            self.endpoints,
                                            executor='eventlet')
     self.server.start()
    def delete_cert(self, project_id, cert_ref, resource_ref, **kwargs):
        """Deletes the specified cert.

        :param project_id: Project ID for the owner of the certificate
        :param cert_ref: the UUID of the cert to delete
        :param resource_ref: Full HATEOAS reference to the consuming resource

        :raises CertificateStorageException: if certificate deletion fails
        """
        LOG.info(_LI(
            "Deleting certificate {0} from the local filesystem."
        ).format(cert_ref))

        filename_base = os.path.join(CONF.certificates.storage_path, cert_ref)

        filename_certificate = "{0}.crt".format(filename_base)
        filename_private_key = "{0}.key".format(filename_base)
        filename_intermediates = "{0}.int".format(filename_base)
        filename_pkp = "{0}.pass".format(filename_base)

        try:
            os.remove(filename_certificate)
            os.remove(filename_private_key)
            os.remove(filename_intermediates)
            os.remove(filename_pkp)
        except IOError as ioe:
            LOG.error(_LE(
                "Failed to delete certificate {0}."
            ).format(cert_ref))
            raise exceptions.CertificateStorageException(message=ioe.message)
    def _actually_delete_cert(cert_ref):
        """Deletes the specified cert. Very dangerous. Do not recommend.

        :param cert_ref: the UUID of the cert to delete
        :raises Exception: if certificate deletion fails
        """
        connection = BarbicanKeystoneAuth.get_barbican_client()

        LOG.info(_LI(
            "Recursively deleting certificate container {0} from Barbican."
        ).format(cert_ref))
        try:
            certificate_container = connection.containers.get(cert_ref)
            certificate_container.certificate.delete()
            if certificate_container.intermediates:
                certificate_container.intermediates.delete()
            if certificate_container.private_key_passphrase:
                certificate_container.private_key_passphrase.delete()
            certificate_container.private_key.delete()
            certificate_container.delete()
        except Exception:
            with excutils.save_and_reraise_exception():
                LOG.exception(_LE(
                    "Error recursively deleting certificate container {0}"
                ).format(cert_ref))
    def get_cert(cert_ref, service_name='lbaas',
                 lb_id=None,
                 check_only=False, **kwargs):
        """Retrieves the specified cert and registers as a consumer.

        :param cert_ref: the UUID of the cert to retrieve
        :param service_name: Friendly name for the consuming service
        :param lb_id: Loadbalancer id for building resource consumer URL
        :param check_only: Read Certificate data without registering

        :returns: octavia.certificates.common.Cert representation of the
                 certificate data
        :raises Exception: if certificate retrieval fails
        """
        connection = BarbicanKeystoneAuth.get_barbican_client()

        LOG.info(_LI(
            "Loading certificate container {0} from Barbican."
        ).format(cert_ref))
        try:
            if check_only:
                cert_container = connection.containers.get(
                    container_ref=cert_ref
                )
            else:
                cert_container = connection.containers.register_consumer(
                    container_ref=cert_ref,
                    name=service_name,
                    url=CertManager._get_service_url(lb_id)
                )
            return Cert(cert_container)
        except Exception:
            with excutils.save_and_reraise_exception():
                LOG.exception(_LE("Error getting {0}").format(cert_ref))
    def get_cert(self, project_id, cert_ref, resource_ref, **kwargs):
        """Retrieves the specified cert.

        :param project_id: Project ID for the owner of the certificate
        :param cert_ref: the UUID of the cert to retrieve
        :param resource_ref: Full HATEOAS reference to the consuming resource

        :returns: neutron_lbaas.common.cert_manager.cert_manager.Cert
                 representation of the certificate data
        :raises CertificateStorageException: if certificate retrieval fails
        """
        LOG.info(_LI(
            "Loading certificate {0} from the local filesystem."
        ).format(cert_ref))

        filename_base = os.path.join(CONF.certificates.storage_path, cert_ref)

        filename_certificate = "{0}.crt".format(filename_base)
        filename_private_key = "{0}.key".format(filename_base)
        filename_intermediates = "{0}.int".format(filename_base)
        filename_pkp = "{0}.pass".format(filename_base)

        cert_data = dict()

        try:
            with open(filename_certificate, 'r') as cert_file:
                cert_data['certificate'] = cert_file.read()
        except IOError:
            LOG.error(_LE(
                "Failed to read certificate for {0}."
            ).format(cert_ref))
            raise exceptions.CertificateStorageException(
                msg="Certificate could not be read."
            )
        try:
            with open(filename_private_key, 'r') as key_file:
                cert_data['private_key'] = key_file.read()
        except IOError:
            LOG.error(_LE(
                "Failed to read private key for {0}."
            ).format(cert_ref))
            raise exceptions.CertificateStorageException(
                msg="Private Key could not be read."
            )

        try:
            with open(filename_intermediates, 'r') as int_file:
                cert_data['intermediates'] = int_file.read()
        except IOError:
            pass

        try:
            with open(filename_pkp, 'r') as pass_file:
                cert_data['private_key_passphrase'] = pass_file.read()
        except IOError:
            pass

        return Cert(**cert_data)
Beispiel #23
0
    def _create_proxy_port(self, ctx, lb, proxy_port_subnet_id):
        """Check if proxy port was created earlier.
        If not, create a new port on proxy subnet and return its ip address.
        Returns port IP address
        """
        proxy_port = self._get_proxy_port(ctx, lb)
        if proxy_port:
            LOG.info(
                _LI('LB %(lb_id)s proxy port exists on subnet \
                     %(subnet_id)s with ip address %(ip_address)s') % {
                    'lb_id': lb.id,
                    'subnet_id': proxy_port['subnet_id'],
                    'ip_address': proxy_port['ip_address']
                })
            return proxy_port

        proxy_port_name = 'proxy_' + lb.id
        proxy_port_subnet = self.plugin.db._core_plugin.get_subnet(
            ctx, proxy_port_subnet_id)
        proxy_port_data = {
            'tenant_id': lb.tenant_id,
            'name': proxy_port_name,
            'network_id': proxy_port_subnet['network_id'],
            'mac_address': n_constants.ATTR_NOT_SPECIFIED,
            'admin_state_up': False,
            'device_id': '',
            'device_owner': 'neutron:' + constants.LOADBALANCERV2,
            'fixed_ips': [{
                'subnet_id': proxy_port_subnet_id
            }]
        }
        proxy_port = self.plugin.db._core_plugin.create_port(
            ctx, {'port': proxy_port_data})
        proxy_port_ip_data = proxy_port['fixed_ips'][0]

        LOG.info(
            _LI('LB %(lb_id)s proxy port created on subnet %(subnet_id)s \
                 with ip address %(ip_address)s') % {
                'lb_id': lb.id,
                'subnet_id': proxy_port_ip_data['subnet_id'],
                'ip_address': proxy_port_ip_data['ip_address']
            })

        return proxy_port_ip_data
 def _remove_snatport_for_subnet_if_not_used(self, context, tenant_id,
                                             subnet_id):
     pools = self._get_pools_on_subnet(context, tenant_id, subnet_id)
     if not pools:
         #No pools left on the old subnet.
         #We can remove the SNAT port/ipaddress
         self._remove_snatport_for_subnet(context, tenant_id, subnet_id)
         LOG.info(_LI("Removing SNAT port for subnet %s "
                      "as this is the last pool using it..."),
                  subnet_id)
Beispiel #25
0
 def start(self):
     super(OctaviaConsumer, self).start()
     LOG.info(_LI("Starting octavia consumer..."))
     access_policy = dispatcher.DefaultRPCAccessPolicy
     self.server = messaging.get_rpc_server(self.transport,
                                            self.target,
                                            self.endpoints,
                                            executor='eventlet',
                                            access_policy=access_policy)
     self.server.start()
 def _remove_snatport_for_subnet_if_not_used(self, context, tenant_id,
                                             subnet_id):
     pools = self._get_pools_on_subnet(context, tenant_id, subnet_id)
     if not pools:
         #No pools left on the old subnet.
         #We can remove the SNAT port/ipaddress
         self._remove_snatport_for_subnet(context, tenant_id, subnet_id)
         LOG.info(_LI("Removing SNAT port for subnet %s "
                      "as this is the last pool using it..."),
                  subnet_id)
    def get_cert(self, project_id, cert_ref, resource_ref, **kwargs):
        """Retrieves the specified cert.

        :param project_id: Project ID for the owner of the certificate
        :param cert_ref: the UUID of the cert to retrieve
        :param resource_ref: Full HATEOAS reference to the consuming resource

        :returns: neutron_lbaas.common.cert_manager.cert_manager.Cert
                 representation of the certificate data
        :raises CertificateStorageException: if certificate retrieval fails
        """
        LOG.info(
            _LI("Loading certificate {0} from the local filesystem.").format(
                cert_ref))

        filename_base = os.path.join(CONF.certificates.storage_path, cert_ref)

        filename_certificate = "{0}.crt".format(filename_base)
        filename_private_key = "{0}.key".format(filename_base)
        filename_intermediates = "{0}.int".format(filename_base)
        filename_pkp = "{0}.pass".format(filename_base)

        cert_data = dict()

        try:
            with open(filename_certificate, 'r') as cert_file:
                cert_data['certificate'] = cert_file.read()
        except IOError:
            LOG.error(
                _LE("Failed to read certificate for {0}.").format(cert_ref))
            raise exceptions.CertificateStorageException(
                msg="Certificate could not be read.")
        try:
            with open(filename_private_key, 'r') as key_file:
                cert_data['private_key'] = key_file.read()
        except IOError:
            LOG.error(
                _LE("Failed to read private key for {0}.").format(cert_ref))
            raise exceptions.CertificateStorageException(
                msg="Private Key could not be read.")

        try:
            with open(filename_intermediates, 'r') as int_file:
                cert_data['intermediates'] = int_file.read()
        except IOError:
            pass

        try:
            with open(filename_pkp, 'r') as pass_file:
                cert_data['private_key_passphrase'] = pass_file.read()
        except IOError:
            pass

        return Cert(**cert_data)
 def _get_snatport_for_subnet(self, context, tenant_id, subnet_id):
     device_id = '_lb-snatport-' + subnet_id
     subnet = self.plugin._core_plugin.get_subnet(context, subnet_id)
     network_id = subnet['network_id']
     LOG.debug("Filtering ports based on network_id=%(network_id)s, "
               "tenant_id=%(tenant_id)s, device_id=%(device_id)s",
               {'network_id': network_id,
                'tenant_id': tenant_id,
                'device_id': device_id})
     filter_dict = {
         'network_id': [network_id],
         'tenant_id': [tenant_id],
         'device_id': [device_id],
         'device-owner': [DRIVER_NAME]
     }
     ports = self.plugin._core_plugin.get_ports(context,
                                                filters=filter_dict)
     if ports:
         LOG.info(_LI("Found an existing SNAT port for subnet %s"),
                  subnet_id)
         return ports[0]
     LOG.info(_LI("Found no SNAT ports for subnet %s"), subnet_id)
Beispiel #29
0
 def create_member(self, context, member):
     """Create a pool member on a NetScaler device."""
     ncc_member = self._prepare_member_for_creation(member)
     LOG.info(_LI("NetScaler driver poolmember creation: %r"), ncc_member)
     status = constants.ACTIVE
     try:
         self.client.create_resource(context.tenant_id,
                                     POOLMEMBERS_RESOURCE,
                                     POOLMEMBER_RESOURCE, ncc_member)
     except ncc_client.NCCException:
         status = constants.ERROR
     self.plugin.update_status(context, loadbalancer_db.Member,
                               member["id"], status)
 def _get_snatport_for_subnet(self, context, tenant_id, subnet_id):
     device_id = '_lb-snatport-' + subnet_id
     subnet = self.plugin._core_plugin.get_subnet(context, subnet_id)
     network_id = subnet['network_id']
     LOG.debug("Filtering ports based on network_id=%(network_id)s, "
               "tenant_id=%(tenant_id)s, device_id=%(device_id)s",
               {'network_id': network_id,
                'tenant_id': tenant_id,
                'device_id': device_id})
     filter_dict = {
         'network_id': [network_id],
         'tenant_id': [tenant_id],
         'device_id': [device_id],
         'device-owner': [DRIVER_NAME]
     }
     ports = self.plugin._core_plugin.get_ports(context,
                                                filters=filter_dict)
     if ports:
         LOG.info(_LI("Found an existing SNAT port for subnet %s"),
                  subnet_id)
         return ports[0]
     LOG.info(_LI("Found no SNAT ports for subnet %s"), subnet_id)
    def deploy_instance(self, loadbalancer):
        """Deploys loadbalancer if necessary

        :returns: True if loadbalancer was deployed, False otherwise
        """
        if not self.deployable(loadbalancer):
            LOG.info(_LI("Loadbalancer %s is not deployable.") % loadbalancer.id)
            return False

        if self.exists(loadbalancer.id):
            self.update(loadbalancer)
        else:
            self.create(loadbalancer)
        return True
Beispiel #32
0
    def _create_proxy_port(self,
        ctx, lb, proxy_port_subnet_id):
        """Check if proxy port was created earlier.
        If not, create a new port on proxy subnet and return its ip address.
        Returns port IP address
        """
        proxy_port = self._get_proxy_port(ctx, lb)
        if proxy_port:
            LOG.info(_LI('LB %(lb_id)s proxy port exists on subnet \
                     %(subnet_id)s with ip address %(ip_address)s') %
                     {'lb_id': lb.id, 'subnet_id': proxy_port['subnet_id'],
                      'ip_address': proxy_port['ip_address']})
            return proxy_port

        proxy_port_name = 'proxy_' + lb.id
        proxy_port_subnet = self.plugin.db._core_plugin.get_subnet(
            ctx, proxy_port_subnet_id)
        proxy_port_data = {
            'tenant_id': lb.tenant_id,
            'name': proxy_port_name,
            'network_id': proxy_port_subnet['network_id'],
            'mac_address': attributes.ATTR_NOT_SPECIFIED,
            'admin_state_up': False,
            'device_id': '',
            'device_owner': 'neutron:' + constants.LOADBALANCERV2,
            'fixed_ips': [{'subnet_id': proxy_port_subnet_id}]
        }
        proxy_port = self.plugin.db._core_plugin.create_port(
            ctx, {'port': proxy_port_data})
        proxy_port_ip_data = proxy_port['fixed_ips'][0]

        LOG.info(_LI('LB %(lb_id)s proxy port created on subnet %(subnet_id)s \
                 with ip address %(ip_address)s') %
                 {'lb_id': lb.id, 'subnet_id': proxy_port_ip_data['subnet_id'],
                  'ip_address': proxy_port_ip_data['ip_address']})

        return proxy_port_ip_data
Beispiel #33
0
    def deploy_instance(self, loadbalancer):
        """Deploys loadbalancer if necessary

        :returns: True if loadbalancer was deployed, False otherwise
        """
        if not self.deployable(loadbalancer):
            LOG.info(
                _LI("Loadbalancer %s is not deployable.") % loadbalancer.id)
            return False

        if self.exists(loadbalancer.id):
            self.update(loadbalancer)
        else:
            self.create(loadbalancer)
        return True
 def create_member(self, context, member):
     """Create a pool member on a NetScaler device."""
     ncc_member = self._prepare_member_for_creation(member)
     LOG.info(_LI("NetScaler driver poolmember creation: %r"),
              ncc_member)
     status = constants.ACTIVE
     try:
         self.client.create_resource(context.tenant_id,
                                     POOLMEMBERS_RESOURCE,
                                     POOLMEMBER_RESOURCE,
                                     ncc_member)
     except ncc_client.NCCException:
         status = constants.ERROR
     self.plugin.update_status(context, loadbalancer_db.Member,
                               member["id"], status)
    def store_cert(self,
                   project_id,
                   certificate,
                   private_key,
                   intermediates=None,
                   private_key_passphrase=None,
                   **kwargs):
        """Stores (i.e., registers) a cert with the cert manager.

        This method stores the specified cert to the filesystem and returns
        a UUID that can be used to retrieve it.

        :param project_id: Project ID for the owner of the certificate
        :param certificate: PEM encoded TLS certificate
        :param private_key: private key for the supplied certificate
        :param intermediates: ordered and concatenated intermediate certs
        :param private_key_passphrase: optional passphrase for the supplied key

        :returns: the UUID of the stored cert
        :raises CertificateStorageException: if certificate storage fails
        """
        cert_ref = str(uuid.uuid4())
        filename_base = os.path.join(CONF.certificates.storage_path, cert_ref)

        LOG.info(_LI("Storing certificate data on the local filesystem."))
        try:
            filename_certificate = "{0}.crt".format(filename_base)
            with open(filename_certificate, 'w') as cert_file:
                cert_file.write(certificate)

            filename_private_key = "{0}.key".format(filename_base)
            with open(filename_private_key, 'w') as key_file:
                key_file.write(private_key)

            if intermediates:
                filename_intermediates = "{0}.int".format(filename_base)
                with open(filename_intermediates, 'w') as int_file:
                    int_file.write(intermediates)

            if private_key_passphrase:
                filename_pkp = "{0}.pass".format(filename_base)
                with open(filename_pkp, 'w') as pass_file:
                    pass_file.write(private_key_passphrase)
        except IOError as ioe:
            LOG.error(_LE("Failed to store certificate."))
            raise exceptions.CertificateStorageException(message=ioe.message)

        return cert_ref
    def store_cert(self, project_id, certificate, private_key,
                   intermediates=None, private_key_passphrase=None, **kwargs):
        """Stores (i.e., registers) a cert with the cert manager.

        This method stores the specified cert to the filesystem and returns
        a UUID that can be used to retrieve it.

        :param project_id: Project ID for the owner of the certificate
        :param certificate: PEM encoded TLS certificate
        :param private_key: private key for the supplied certificate
        :param intermediates: ordered and concatenated intermediate certs
        :param private_key_passphrase: optional passphrase for the supplied key

        :returns: the UUID of the stored cert
        :raises CertificateStorageException: if certificate storage fails
        """
        cert_ref = str(uuid.uuid4())
        filename_base = os.path.join(CONF.certificates.storage_path, cert_ref)

        LOG.info(_LI(
            "Storing certificate data on the local filesystem."
        ))
        try:
            filename_certificate = "{0}.crt".format(filename_base)
            with open(filename_certificate, 'w') as cert_file:
                cert_file.write(certificate)

            filename_private_key = "{0}.key".format(filename_base)
            with open(filename_private_key, 'w') as key_file:
                key_file.write(private_key)

            if intermediates:
                filename_intermediates = "{0}.int".format(filename_base)
                with open(filename_intermediates, 'w') as int_file:
                    int_file.write(intermediates)

            if private_key_passphrase:
                filename_pkp = "{0}.pass".format(filename_base)
                with open(filename_pkp, 'w') as pass_file:
                    pass_file.write(private_key_passphrase)
        except IOError as ioe:
            LOG.error(_LE("Failed to store certificate."))
            raise exceptions.CertificateStorageException(message=ioe.message)

        return cert_ref
Beispiel #37
0
 def _call_driver_operation(self, context, driver_method, db_entity,
                            old_db_entity=None):
     manager_method = "%s.%s" % (driver_method.__self__.__class__.__name__,
                                 driver_method.__name__)
     LOG.info(_LI("Calling driver operation %s") % manager_method)
     try:
         if old_db_entity:
             driver_method(context, old_db_entity, db_entity)
         else:
             driver_method(context, db_entity)
     # catching and reraising agent issues
     except (lbaas_agentschedulerv2.NoEligibleLbaasAgent,
             lbaas_agentschedulerv2.NoActiveLbaasAgent) as no_agent:
         raise no_agent
     except Exception:
         LOG.exception(_LE("There was an error in the driver"))
         self._handle_driver_error(context, db_entity)
         raise loadbalancerv2.DriverError()
 def _create_snatport_for_subnet(self, context, tenant_id, subnet_id,
                                 ip_address):
     subnet = self.plugin._core_plugin.get_subnet(context, subnet_id)
     fixed_ip = {'subnet_id': subnet['id']}
     if ip_address and ip_address != attributes.ATTR_NOT_SPECIFIED:
         fixed_ip['ip_address'] = ip_address
     port_data = {
         'tenant_id': tenant_id,
         'name': '_lb-snatport-' + subnet_id,
         'network_id': subnet['network_id'],
         'mac_address': attributes.ATTR_NOT_SPECIFIED,
         'admin_state_up': False,
         'device_id': '_lb-snatport-' + subnet_id,
         'device_owner': DRIVER_NAME,
         'fixed_ips': [fixed_ip],
     }
     port = self.plugin._core_plugin.create_port(context,
                                                 {'port': port_data})
     LOG.info(_LI("Created SNAT port: %r"), port)
     return port
 def _create_snatport_for_subnet(self, context, tenant_id, subnet_id,
                                 ip_address):
     subnet = self.plugin._core_plugin.get_subnet(context, subnet_id)
     fixed_ip = {'subnet_id': subnet['id']}
     if ip_address and ip_address != attributes.ATTR_NOT_SPECIFIED:
         fixed_ip['ip_address'] = ip_address
     port_data = {
         'tenant_id': tenant_id,
         'name': '_lb-snatport-' + subnet_id,
         'network_id': subnet['network_id'],
         'mac_address': attributes.ATTR_NOT_SPECIFIED,
         'admin_state_up': False,
         'device_id': '_lb-snatport-' + subnet_id,
         'device_owner': DRIVER_NAME,
         'fixed_ips': [fixed_ip],
     }
     port = self.plugin._core_plugin.create_port(context,
                                                 {'port': port_data})
     LOG.info(_LI("Created SNAT port: %r"), port)
     return port
Beispiel #40
0
    def _delete_proxy_port(self, ctx, lb):
        port_filter = {
            'name': ['proxy_' + lb.id],
        }
        ports = self.plugin.db._core_plugin.get_ports(ctx, filters=port_filter)
        if ports:
            proxy_port = ports[0]
            proxy_port_ip_data = proxy_port['fixed_ips'][0]
            try:
                LOG.info(
                    _LI('Deleting LB %(lb_id)s proxy port on subnet  \
                             %(subnet_id)s with ip address %(ip_address)s') % {
                        'lb_id': lb.id,
                        'subnet_id': proxy_port_ip_data['subnet_id'],
                        'ip_address': proxy_port_ip_data['ip_address']
                    })
                self.plugin.db._core_plugin.delete_port(ctx, proxy_port['id'])

            except Exception as exception:
                # stop exception propagation, nport may have
                # been deleted by other means
                LOG.warning(_LW('Proxy port deletion failed: %r'), exception)
Beispiel #41
0
    def _delete_proxy_port(self, ctx, lb):
        port_filter = {
            'name': ['proxy_' + lb.id],
        }
        ports = self.plugin.db._core_plugin.get_ports(
            ctx, filters=port_filter)
        if ports:
            proxy_port = ports[0]
            proxy_port_ip_data = proxy_port['fixed_ips'][0]
            try:
                LOG.info(_LI('Deleting LB %(lb_id)s proxy port on subnet  \
                             %(subnet_id)s with ip address %(ip_address)s') %
                         {'lb_id': lb.id,
                          'subnet_id': proxy_port_ip_data['subnet_id'],
                          'ip_address': proxy_port_ip_data['ip_address']})
                self.plugin.db._core_plugin.delete_port(
                    ctx, proxy_port['id'])

            except Exception as exception:
                # stop exception propagation, nport may have
                # been deleted by other means
                LOG.warning(_LW('Proxy port deletion failed: %r'),
                            exception)
Beispiel #42
0
    def _execute_request(self, method, resource_uri, headers, body=None):
        service_uri_dict = {"service_uri": self.service_uri}
        try:
            response = requests.request(method, url=resource_uri,
                                        headers=headers, data=body)
        except requests.exceptions.SSLError:
            LOG.exception(_LE("SSL error occurred while connecting "
                              "to %(service_uri)s"),
                          service_uri_dict)
            raise NCCException(NCCException.CONNECTION_ERROR)
        except requests.exceptions.ConnectionError:
            LOG.exception(_LE("Connection error occurred while connecting"
                              "to %(service_uri)s"), service_uri_dict)
            raise NCCException(NCCException.CONNECTION_ERROR)

        except requests.exceptions.Timeout:
            LOG.exception(
                _LE("Request to %(service_uri)s timed out"), service_uri_dict)
            raise NCCException(NCCException.CONNECTION_ERROR)
        except (requests.exceptions.URLRequired,
                requests.exceptions.InvalidURL,
                requests.exceptions.MissingSchema,
                requests.exceptions.InvalidSchema):
            LOG.exception(_LE("Request did not specify a valid URL"))
            raise NCCException(NCCException.REQUEST_ERROR)
        except requests.exceptions.TooManyRedirects:
            LOG.exception(_LE("Too many redirects occurred for request "))
            raise NCCException(NCCException.REQUEST_ERROR)
        except requests.exceptions.RequestException:
            LOG.exception(
                _LE("A request error while connecting to %(service_uri)s"),
                service_uri_dict)
            raise NCCException(NCCException.REQUEST_ERROR)
        except Exception:
            LOG.exception(
                _LE("A unknown error occurred during request to"
                    " %(service_uri)s"), service_uri_dict)
            raise NCCException(NCCException.UNKNOWN_ERROR)
        resp_dict = self._get_response_dict(response)
        resp_body = resp_dict['body']
        LOG.info(_LI("Response: %(resp_body)s"), {"resp_body": resp_body})
        response_status = resp_dict['status']
        if response_status == requests.codes.unauthorized:
            LOG.exception(_LE("Unable to login. Invalid credentials passed."
                              "for: %s"), self.service_uri)
            if not self.is_login(resource_uri):
                # Session expired, relogin and retry....
                self.login()
                # Retry the operation
                headers.update({AUTH_HEADER: self.auth})
                self._execute_request(method,
                                      resource_uri,
                                      headers,
                                      body)
            else:
                raise NCCException(NCCException.RESPONSE_ERROR)
        if not self._is_valid_response(response_status):
            response_msg = resp_body
            response_dict = {"method": method,
                             "url": resource_uri,
                             "response_status": response_status,
                             "response_msg": response_msg}
            LOG.exception(_LE("Failed %(method)s operation on %(url)s "
                              "status code: %(response_status)s "
                              "message: %(response_msg)s"), response_dict)
            raise NCCException(NCCException.RESPONSE_ERROR, response_status)
        return response_status, resp_dict
    def store_cert(self,
                   project_id,
                   certificate,
                   private_key,
                   intermediates=None,
                   private_key_passphrase=None,
                   expiration=None,
                   name='LBaaS TLS Cert'):
        """Stores a certificate in the certificate manager.

        :param certificate: PEM encoded TLS certificate
        :param private_key: private key for the supplied certificate
        :param intermediates: ordered and concatenated intermediate certs
        :param private_key_passphrase: optional passphrase for the supplied key
        :param expiration: the expiration time of the cert in ISO 8601 format
        :param name: a friendly name for the cert

        :returns: the container_ref of the stored cert
        :raises Exception: if certificate storage fails
        """

        connection = self.auth.get_barbican_client(project_id)

        LOG.info(
            _LI("Storing certificate container '{0}' in Barbican.").format(
                name))

        certificate_secret = None
        private_key_secret = None
        intermediates_secret = None
        pkp_secret = None

        try:
            certificate_secret = connection.secrets.create(
                payload=certificate, expiration=expiration, name="Certificate")
            private_key_secret = connection.secrets.create(
                payload=private_key, expiration=expiration, name="Private Key")
            certificate_container = connection.containers.create_certificate(
                name=name,
                certificate=certificate_secret,
                private_key=private_key_secret)
            if intermediates:
                intermediates_secret = connection.secrets.create(
                    payload=intermediates,
                    expiration=expiration,
                    name="Intermediates")
                certificate_container.intermediates = intermediates_secret
            if private_key_passphrase:
                pkp_secret = connection.secrets.create(
                    payload=private_key_passphrase,
                    expiration=expiration,
                    name="Private Key Passphrase")
                certificate_container.private_key_passphrase = pkp_secret

            certificate_container.store()
            return certificate_container.container_ref
        # Barbican (because of Keystone-middleware) sometimes masks
        #  exceptions strangely -- this will catch anything that it raises and
        #  reraise the original exception, while also providing useful
        #  feedback in the logs for debugging
        except Exception:
            for secret in [
                    certificate_secret, private_key_secret,
                    intermediates_secret, pkp_secret
            ]:
                if secret and secret.secret_ref:
                    old_ref = secret.secret_ref
                    try:
                        secret.delete()
                        LOG.info(
                            _LI("Deleted secret {0} ({1}) during rollback.").
                            format(secret.name, old_ref))
                    except Exception:
                        LOG.warning(
                            _LW("Failed to delete {0} ({1}) during rollback. This "
                                "is probably not a problem.").format(
                                    secret.name, old_ref))
            with excutils.save_and_reraise_exception():
                LOG.exception(_LE("Error storing certificate data"))
 def _remove_snatport_for_subnet(self, context, tenant_id, subnet_id):
     port = self._get_snatport_for_subnet(context, tenant_id, subnet_id)
     if port:
         self.plugin._core_plugin.delete_port(context, port['id'])
         LOG.info(_LI("Removed SNAT port: %r"), port)
    def store_cert(certificate, private_key, intermediates=None,
                   private_key_passphrase=None, expiration=None,
                   name='Octavia TLS Cert', **kwargs):
        """Stores a certificate in the certificate manager.

        :param certificate: PEM encoded TLS certificate
        :param private_key: private key for the supplied certificate
        :param intermediates: ordered and concatenated intermediate certs
        :param private_key_passphrase: optional passphrase for the supplied key
        :param expiration: the expiration time of the cert in ISO 8601 format
        :param name: a friendly name for the cert

        :returns: the container_ref of the stored cert
        :raises Exception: if certificate storage fails
        """
        connection = BarbicanKeystoneAuth.get_barbican_client()

        LOG.info(_LI(
            "Storing certificate container '{0}' in Barbican."
        ).format(name))

        certificate_secret = None
        private_key_secret = None
        intermediates_secret = None
        pkp_secret = None

        try:
            certificate_secret = connection.secrets.create(
                payload=certificate,
                expiration=expiration,
                name="Certificate"
            )
            private_key_secret = connection.secrets.create(
                payload=private_key,
                expiration=expiration,
                name="Private Key"
            )
            certificate_container = connection.containers.create_certificate(
                name=name,
                certificate=certificate_secret,
                private_key=private_key_secret
            )
            if intermediates:
                intermediates_secret = connection.secrets.create(
                    payload=intermediates,
                    expiration=expiration,
                    name="Intermediates"
                )
                certificate_container.intermediates = intermediates_secret
            if private_key_passphrase:
                pkp_secret = connection.secrets.create(
                    payload=private_key_passphrase,
                    expiration=expiration,
                    name="Private Key Passphrase"
                )
                certificate_container.private_key_passphrase = pkp_secret

            certificate_container.store()
            return certificate_container.container_ref
        # Barbican (because of Keystone-middleware) sometimes masks
        #  exceptions strangely -- this will catch anything that it raises and
        #  reraise the original exception, while also providing useful
        #  feedback in the logs for debugging
        except Exception:
            for secret in [certificate_secret, private_key_secret,
                      intermediates_secret, pkp_secret]:
                if secret and secret.secret_ref:
                    old_ref = secret.secret_ref
                    try:
                        secret.delete()
                        LOG.info(_LI(
                            "Deleted secret {0} ({1}) during rollback."
                        ).format(secret.name, old_ref))
                    except Exception:
                        LOG.warning(_LW(
                            "Failed to delete {0} ({1}) during rollback. This "
                            "is probably not a problem."
                        ).format(secret.name, old_ref))
            with excutils.save_and_reraise_exception():
                LOG.exception(_LE("Error storing certificate data"))
    def _execute_request(self, method, resource_uri, headers, body=None):
        service_uri_dict = {"service_uri": self.service_uri}
        try:
            response = requests.request(method, url=resource_uri,
                                        headers=headers, data=body)
        except requests.exceptions.SSLError:
            LOG.exception(_LE("SSL error occurred while connecting "
                              "to %(service_uri)s"),
                          service_uri_dict)
            raise NCCException(NCCException.CONNECTION_ERROR)
        except requests.exceptions.ConnectionError:
            LOG.exception(_LE("Connection error occurred while connecting"
                              "to %(service_uri)s"), service_uri_dict)
            raise NCCException(NCCException.CONNECTION_ERROR)

        except requests.exceptions.Timeout:
            LOG.exception(
                _LE("Request to %(service_uri)s timed out"), service_uri_dict)
            raise NCCException(NCCException.CONNECTION_ERROR)
        except (requests.exceptions.URLRequired,
                requests.exceptions.InvalidURL,
                requests.exceptions.MissingSchema,
                requests.exceptions.InvalidSchema):
            LOG.exception(_LE("Request did not specify a valid URL"))
            raise NCCException(NCCException.REQUEST_ERROR)
        except requests.exceptions.TooManyRedirects:
            LOG.exception(_LE("Too many redirects occurred for request "))
            raise NCCException(NCCException.REQUEST_ERROR)
        except requests.exceptions.RequestException:
            LOG.exception(
                _LE("A request error while connecting to %(service_uri)s"),
                service_uri_dict)
            raise NCCException(NCCException.REQUEST_ERROR)
        except Exception:
            LOG.exception(
                _LE("A unknown error occurred during request to"
                    " %(service_uri)s"), service_uri_dict)
            raise NCCException(NCCException.UNKNOWN_ERROR)
        resp_dict = self._get_response_dict(response)
        resp_body = resp_dict['body']
        LOG.info(_LI("Response: %(resp_body)s"), {"resp_body": resp_body})
        response_status = resp_dict['status']
        if response_status == requests.codes.unauthorized:
            LOG.exception(_LE("Unable to login. Invalid credentials passed."
                              "for: %s"), self.service_uri)
            if not self.is_login(resource_uri):
                # Session expired, relogin and retry....
                self.login()
                # Retry the operation
                headers.update({AUTH_HEADER: self.auth})
                self._execute_request(method,
                                      resource_uri,
                                      headers,
                                      body)
            else:
                raise NCCException(NCCException.RESPONSE_ERROR)
        if not self._is_valid_response(response_status):
            response_msg = resp_body
            response_dict = {"method": method,
                             "url": resource_uri,
                             "response_status": response_status,
                             "response_msg": response_msg}
            LOG.exception(_LE("Failed %(method)s operation on %(url)s "
                              "status code: %(response_status)s "
                              "message: %(response_msg)s"), response_dict)
            raise NCCException(NCCException.RESPONSE_ERROR, response_status)
        return response_status, resp_dict
Beispiel #47
0
 def tearDown(cls):
     super(BaseTestCase, cls).tearDown()
     cls.LOG.info(_LI('Finished: {0}\n').format(cls._testMethodName))
Beispiel #48
0
 def _start_completion_handling_thread(self):
     if not self.completion_handler_started:
         LOG.info(_LI('Starting operation completion handling thread'))
         self.completion_handler.start()
         self.completion_handler_started = True
Beispiel #49
0
 def setUp(cls):
     cls.LOG.info(_LI("Starting: {0}").format(cls._testMethodName))
     super(BaseTestCase, cls).setUp()
Beispiel #50
0
 def _start_completion_handling_thread(self):
     if not self.completion_handler_started:
         LOG.info(_LI('Starting operation completion handling thread'))
         self.completion_handler.start()
         self.completion_handler_started = True
Beispiel #51
0
 def setUp(cls):
     cls.LOG.info(_LI('Starting: {0}').format(cls._testMethodName))
     super(BaseTestCase, cls).setUp()
 def _remove_snatport_for_subnet(self, context, tenant_id, subnet_id):
     port = self._get_snatport_for_subnet(context, tenant_id, subnet_id)
     if port:
         self.plugin._core_plugin.delete_port(context, port['id'])
         LOG.info(_LI("Removed SNAT port: %r"), port)
Beispiel #53
0
 def tearDown(cls):
     super(BaseTestCase, cls).tearDown()
     cls.LOG.info(_LI("Finished: {0}\n").format(cls._testMethodName))