def restart(self):
"""Restart the process."""
should_be_restart = False
if self._config_changed() or not cfg.CONF.pluto.restart_check_config:
should_be_restart = True
if not should_be_restart:
return
# stop() followed immediately by a start() runs the risk that the
# current pluto daemon has not had a chance to shutdown. We check
# the current process information to see if the daemon is still
# running and if so, wait a short interval and retry.
self.stop()
wait_interval = cfg.CONF.pluto.shutdown_check_timeout
for i in range(cfg.CONF.pluto.shutdown_check_retries):
if not self._process_running():
self._cleanup_control_files()
break
eventlet.sleep(wait_interval)
wait_interval *= cfg.CONF.pluto.shutdown_check_back_off
else:
LOG.warning(_LW('Server appears to still be running, restart '
'of router %s may fail'), self.id)
self.start()
return
def restart(self):
"""Restart the process."""
should_be_restart = False
if self._config_changed() or not cfg.CONF.pluto.restart_check_config:
should_be_restart = True
if not should_be_restart:
return
# stop() followed immediately by a start() runs the risk that the
# current pluto daemon has not had a chance to shutdown. We check
# the current process information to see if the daemon is still
# running and if so, wait a short interval and retry.
self.stop()
wait_interval = cfg.CONF.pluto.shutdown_check_timeout
for i in range(cfg.CONF.pluto.shutdown_check_retries):
if not self._process_running():
self._cleanup_control_files()
break
eventlet.sleep(wait_interval)
wait_interval *= cfg.CONF.pluto.shutdown_check_back_off
else:
LOG.warning(
_LW('Server appears to still be running, restart '
'of router %s may fail'), self.id)
self.start()
return
def _request(self, method, url, **kwargs):
"""Perform REST request and save response info."""
try:
LOG.debug(
"%(method)s: Request for %(resource)s payload: "
"%(payload)s", {
'method': method.upper(),
'resource': url,
'payload': kwargs.get('data')
})
start_time = time.time()
response = self.session.request(method,
url,
verify=False,
timeout=self.timeout,
**kwargs)
LOG.debug("%(method)s Took %(time).2f seconds to process", {
'method': method.upper(),
'time': time.time() - start_time
})
except (r_exc.Timeout, r_exc.SSLError) as te:
# Should never see SSLError, unless requests package is old (<2.0)
timeout_val = 0.0 if self.timeout is None else self.timeout
LOG.warning(
_LW("%(method)s: Request timeout%(ssl)s "
"(%(timeout).3f sec) for CSR(%(host)s)"), {
'method': method,
'timeout': timeout_val,
'ssl':
'(SSLError)' if isinstance(te, r_exc.SSLError) else '',
'host': self.host
})
self.status = requests.codes.REQUEST_TIMEOUT
except r_exc.ConnectionError:
LOG.exception(
_LE("%(method)s: Unable to connect to "
"CSR(%(host)s)"), {
'method': method,
'host': self.host
})
self.status = requests.codes.NOT_FOUND
except Exception as e:
LOG.error(
_LE("%(method)s: Unexpected error for CSR (%(host)s): "
"%(error)s"), {
'method': method,
'host': self.host,
'error': e
})
self.status = requests.codes.INTERNAL_SERVER_ERROR
else:
self.status = response.status_code
LOG.debug("%(method)s: Completed [%(status)s]", {
'method': method,
'status': self.status
})
return self._response_info_for(response, method)
def _verify_deleted(self, status, resource, which):
"""Determine if REST delete request was successful."""
if status in (requests.codes.NO_CONTENT, requests.codes.NOT_FOUND):
LOG.debug("%(resource)s configuration %(which)s was removed",
{'resource': resource, 'which': which})
else:
LOG.warning(_LW("Unable to delete %(resource)s %(which)s: "
"%(status)d"), {'resource': resource,
'which': which,
'status': status})
def delete_ipsec_site_connection(self, context, conn_id):
"""Delete the site-to-site IPSec connection.
This will be best effort and will continue, if there are any
failures.
"""
LOG.debug('Deleting IPSec connection %s', conn_id)
if not self.steps:
LOG.warning(_LW('Unable to find connection %s'), conn_id)
else:
self.do_rollback()
LOG.info(_LI("SUCCESS: Deleted IPSec site-to-site connection %s"),
conn_id)
def delete_ipsec_site_connection(self, context, conn_id):
"""Delete the site-to-site IPSec connection.
This will be best effort and will continue, if there are any
failures.
"""
LOG.debug('Deleting IPSec connection %s', conn_id)
if not self.steps:
LOG.warning(_LW('Unable to find connection %s'), conn_id)
else:
self.do_rollback()
LOG.info(_LI("SUCCESS: Deleted IPSec site-to-site connection %s"),
conn_id)
def _verify_deleted(self, status, resource, which):
"""Determine if REST delete request was successful."""
if status in (requests.codes.NO_CONTENT, requests.codes.NOT_FOUND):
LOG.debug("%(resource)s configuration %(which)s was removed", {
'resource': resource,
'which': which
})
else:
LOG.warning(
_LW("Unable to delete %(resource)s %(which)s: "
"%(status)d"), {
'resource': resource,
'which': which,
'status': status
})
def grab_vpn_status(self, ctx):
LOG.debug('VPN device driver periodic task: grab_vpn_status.')
svc_by_vrouter = collections.defaultdict(list)
for svc in self.driver.get_active_services():
svc_by_vrouter[svc['router_id']].append(svc)
status = list()
for router_id, svc_set in svc_by_vrouter.items():
vrouter = self.driver.vpn_service.get_router_client(router_id)
resources = self.driver.get_router_resources(router_id)
try:
ipsec_sa = vrouter.get_vpn_ipsec_sa()
except v_exc.VRouterOperationError as e:
LOG.warning(
_LW('Failed to fetch tunnel stats from router '
'{0}: {1}').format(router_id, unicode(e)))
continue
conn_ok = vyatta_vpn_config.parse_vpn_connections(
ipsec_sa, resources)
for svc in svc_set:
svc_ok = True
conn_stat = dict()
for conn in svc[_KEY_CONNECTIONS]:
ok = conn['id'] in conn_ok
svc_ok = svc_ok and ok
conn_stat[conn['id']] = {
'status': 'ACTIVE' if ok else 'DOWN',
'updated_pending_status': True
}
status.append({
'id': svc['id'],
'status': 'ACTIVE' if svc_ok else 'DOWN',
'updated_pending_status': True,
'ipsec_site_connections': conn_stat
})
self.driver.update_status(ctx, status)
def grab_vpn_status(self, ctx):
LOG.debug('VPN device driver periodic task: grab_vpn_status.')
svc_by_vrouter = collections.defaultdict(list)
for svc in self.driver.get_active_services():
svc_by_vrouter[svc['router_id']].append(svc)
status = list()
for router_id, svc_set in six.iteritems(svc_by_vrouter):
vrouter = self.driver.vpn_service.get_router_client(router_id)
resources = self.driver.get_router_resources(router_id)
try:
ipsec_sa = vrouter.get_vpn_ipsec_sa()
except v_exc.VRouterOperationError as e:
LOG.warning(_LW('Failed to fetch tunnel stats from router '
'{0}: {1}').format(router_id, unicode(e)))
continue
conn_ok = vyatta_vpn_config.parse_vpn_connections(
ipsec_sa, resources)
for svc in svc_set:
svc_ok = True
conn_stat = dict()
for conn in svc[_KEY_CONNECTIONS]:
ok = conn['id'] in conn_ok
svc_ok = svc_ok and ok
conn_stat[conn['id']] = {
'status': 'ACTIVE' if ok else 'DOWN',
'updated_pending_status': True
}
status.append({
'id': svc['id'],
'status': 'ACTIVE' if svc_ok else 'DOWN',
'updated_pending_status': True,
'ipsec_site_connections': conn_stat
})
self.driver.update_status(ctx, status)
def _request(self, method, url, **kwargs):
"""Perform REST request and save response info."""
try:
LOG.debug("%(method)s: Request for %(resource)s payload: "
"%(payload)s",
{'method': method.upper(), 'resource': url,
'payload': kwargs.get('data')})
start_time = time.time()
response = self.session.request(method, url, verify=False,
timeout=self.timeout, **kwargs)
LOG.debug("%(method)s Took %(time).2f seconds to process",
{'method': method.upper(),
'time': time.time() - start_time})
except (r_exc.Timeout, r_exc.SSLError) as te:
# Should never see SSLError, unless requests package is old (<2.0)
timeout_val = 0.0 if self.timeout is None else self.timeout
LOG.warning(_LW("%(method)s: Request timeout%(ssl)s "
"(%(timeout).3f sec) for CSR(%(host)s)"),
{'method': method,
'timeout': timeout_val,
'ssl': '(SSLError)'
if isinstance(te, r_exc.SSLError) else '',
'host': self.host})
self.status = requests.codes.REQUEST_TIMEOUT
except r_exc.ConnectionError:
LOG.exception(_LE("%(method)s: Unable to connect to "
"CSR(%(host)s)"),
{'method': method, 'host': self.host})
self.status = requests.codes.NOT_FOUND
except Exception as e:
LOG.error(_LE("%(method)s: Unexpected error for CSR (%(host)s): "
"%(error)s"),
{'method': method, 'host': self.host, 'error': e})
self.status = requests.codes.INTERNAL_SERVER_ERROR
else:
self.status = response.status_code
LOG.debug("%(method)s: Completed [%(status)s]",
{'method': method, 'status': self.status})
return self._response_info_for(response, method)
def update_status_by_agent(self, context, service_status_info_list):
"""Updating vpnservice and vpnconnection status.
:param context: context variable
:param service_status_info_list: list of status
The structure is
[{id: vpnservice_id,
status: ACTIVE|DOWN|ERROR,
updated_pending_status: True|False
ipsec_site_connections: {
ipsec_site_connection_id: {
status: ACTIVE|DOWN|ERROR,
updated_pending_status: True|False
}
}]
The agent will set updated_pending_status as True,
when agent updates any pending status.
"""
with context.session.begin(subtransactions=True):
for vpnservice in service_status_info_list:
try:
vpnservice_db = self._get_vpnservice(
context, vpnservice['id'])
except vpnaas.VPNServiceNotFound:
LOG.warning(_LW('vpnservice %s in db is already deleted'),
vpnservice['id'])
continue
if (not utils.in_pending_status(vpnservice_db.status)
or vpnservice['updated_pending_status']):
vpnservice_db.status = vpnservice['status']
for conn_id, conn in vpnservice[
'ipsec_site_connections'].items():
self._update_connection_status(
context, conn_id, conn['status'],
conn['updated_pending_status'])
def update_status_by_agent(self, context, service_status_info_list):
"""Updating vpnservice and vpnconnection status.
:param context: context variable
:param service_status_info_list: list of status
The structure is
[{id: vpnservice_id,
status: ACTIVE|DOWN|ERROR,
updated_pending_status: True|False
ipsec_site_connections: {
ipsec_site_connection_id: {
status: ACTIVE|DOWN|ERROR,
updated_pending_status: True|False
}
}]
The agent will set updated_pending_status as True,
when agent updates any pending status.
"""
with context.session.begin(subtransactions=True):
for vpnservice in service_status_info_list:
try:
vpnservice_db = self._get_vpnservice(
context, vpnservice['id'])
except vpnaas.VPNServiceNotFound:
LOG.warning(_LW('vpnservice %s in db is already deleted'),
vpnservice['id'])
continue
if (not utils.in_pending_status(vpnservice_db.status)
or vpnservice['updated_pending_status']):
vpnservice_db.status = vpnservice['status']
for conn_id, conn in vpnservice[
'ipsec_site_connections'].items():
self._update_connection_status(
context, conn_id, conn['status'],
conn['updated_pending_status'])