def delete_vdom(obj, context, **kwargs):
cls = fortinet_db.Fortinet_ML2_Namespace
namespace = fortinet_db.query_record(context, cls, **kwargs)
if namespace:
tenant_id = namespace.tenant_id
if not fortinet_db.query_count(context, l3_db.Router,
tenant_id=tenant_id) and \
not fortinet_db.query_count(context, models_v2.Network,
tenant_id=tenant_id) and \
not fortinet_db.query_count(context, l3_db.FloatingIP,
tenant_id=tenant_id):
try:
op(obj, context, resources.Vdom.get, name=namespace.vdom)
op(obj, context, resources.Vdom.delete, name=namespace.vdom)
except Exception as e:
resources.Exinfo(e)
fortinet_db.delete_record(context, cls, **kwargs)
else:
db_routers = fortinet_db.query_records(context,
l3_db.Router,
tenant_id=tenant_id)
db_networks = fortinet_db.query_records(context,
models_v2.Network,
tenant_id=tenant_id)
db_fips = fortinet_db.query_records(context,
l3_db.FloatingIP,
tenant_id=tenant_id)
LOG.debug(
"Keeping vdom, because existing db_routers: %(routers)s,"
"db_networks: %(networks)s, db_fips: %(fips)s", {
'routers': db_routers,
'networks': db_networks,
'fips': db_fips
})
return namespace
def delete_vlink(obj, context, tenant_id):
if fortinet_db.query_count(context, l3_db.Router,
tenant_id=tenant_id) or \
fortinet_db.query_count(context, l3_db.FloatingIP,
tenant_id=tenant_id):
db_routers = fortinet_db.query_records(context,
l3_db.Router,
tenant_id=tenant_id)
db_fips = fortinet_db.query_records(context,
l3_db.FloatingIP,
tenant_id=tenant_id)
LOG.debug(
"Keeping vlink, because existing data "
"db_routers: %(routers)s, db_fips: %(fips)s", {
'routers': db_routers,
'fips': db_fips
})
return False
vdom = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id).vdom
vlink_vlan = fortinet_db.query_record(
context,
fortinet_db.Fortinet_Vlink_Vlan_Allocation,
vdom=vdom,
allocated=True)
if not vlink_vlan:
return False
vlink_ip = fortinet_db.query_record(
context,
fortinet_db.Fortinet_Vlink_IP_Allocation,
vdom=vdom,
vlink_id=vlink_vlan.id,
allocated=True)
if not vlink_ip:
return False
"""
delete_fwpolicy(obj, context,
vdom=const.EXT_VDOM,
srcintf=vlink_vlan.inf_name_ext_vdom,
dstintf=obj._fortigate['ext_interface'],
nat='enable')"""
gateway_ip = get_ipaddr(netaddr.IPNetwork(vlink_ip.vlink_ip_subnet), 1)
delete_routerstatic(obj,
context,
vdom=vdom,
dst=const.EXT_DEF_DST,
device=vlink_vlan.inf_name_int_vdom,
gateway=gateway_ip)
delete_vlink_intf(obj, context, vlink_vlan)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Vlink_IP_Allocation,
vdom=vdom,
vlink_id=vlink_vlan.id)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Vlink_Vlan_Allocation,
id=vlink_vlan.id)
return True
def sync_conf_to_db(self, param):
cls = getattr(fortinet_db, const.FORTINET_PARAMS[param]['cls'])
conf_list = self.get_range(param)
session = db_api.get_session()
records = fortinet_db.query_records(session, cls)
for record in records:
kwargs = {}
for key in const.FORTINET_PARAMS[param]['keys']:
_element = const.FORTINET_PARAMS[param]['type'](record[key])
if _element not in conf_list and not record.allocated:
kwargs.setdefault(key, record[key])
fortinet_db.delete_record(session, cls, **kwargs)
try:
for i in range(0, len(conf_list),
len(const.FORTINET_PARAMS[param]['keys'])):
kwargs = {}
for key in const.FORTINET_PARAMS[param]['keys']:
kwargs.setdefault(key, str(conf_list[i]))
i += 1
cls.init_records(session, **kwargs)
except IndexError:
LOG.error(_LE("The number of the configure range is not even,"
"the last one of %(param)s can not be used"),
{'param': param})
raise IndexError
def router_migration(context, l3_driver):
"""
# table routers, router_extra_attributes
router={
u'router': {
'external_gateway_info': None,
u'name': u'adm_router',
u'admin_state_up': True,
u'tenant_id': u'01c2468ab38b4d4490a39765bb87cb00',
'distributed': 'fakedistributed',
'ha': 'fakeha'
}
}
"""
router_obj = {
'name': 'adm_router',
'admin_state_up': True,
'tenant_id': u'01c2468ab38b4d4490a39765bb87cb00'
}
router = {'router': router_obj}
records = fortinet_db.query_records(context, l3_db.Router)
with Progress(len(records), 'router_migration') as p:
for record in records:
reset(router_obj)
cls2dict(record, router_obj)
l3_driver.create_router(context, router)
p.update()
def delete_secondaryip(obj, context, **kwargs):
"""
:param obj:
:param context:
:param kwargs:
'name': vl_ext_xx,
'vdom': const.EXT_VDOM,
'ip': 'x.x.x.x x.x.x.x'
:return:
"""
records = fortinet_db.query_records(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=kwargs['vdom'],
allocated=True)
secondaryips = []
for record in records:
secondaryip = getip(record.ip_subnet, 1)
if secondaryip == kwargs.get('ip'):
continue
secondaryips.append(secondaryip)
op(obj,
context,
resources.VlanInterface.set,
name=kwargs['name'],
vdom=kwargs['vdom'],
secondaryips=secondaryips)
def delete_reservedip(obj, context, **kwargs):
cls = fortinet_db.Fortinet_ML2_ReservedIP
reserved_ip = fortinet_db.query_record(context, cls, **kwargs)
if reserved_ip:
db_reservedips = fortinet_db.query_records(
context, cls, subnet_id=reserved_ip.subnet_id)
db_reservedips.remove(reserved_ip)
reserved_addresses = []
for rsrvdip in db_reservedips:
reserved_addresses.append({
'id': rsrvdip.edit_id,
'ip': rsrvdip.ip,
'mac': rsrvdip.mac
})
db_subnet = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Subnet,
subnet_id=reserved_ip.subnet_id)
if db_subnet:
op(obj,
context,
resources.DhcpServerRsvAddr.set,
id=db_subnet.edit_id,
vdom=reserved_ip.vdom,
reserved_address=jsonutils.dumps(reserved_addresses))
fortinet_db.delete_record(context, cls, **kwargs)
def network_migration(context, mech_driver):
"""
# networks, ml2_network_segments
network = {
#'status': 'ACTIVE',
#'subnets': [],
'name': u'test-net',
#'provider: physical_network': u'physnet1',
#'admin_state_up': True,
'tenant_id': u'11513667f4ee4a14acb0985659459988',
'provider: network_type': u'vlan',
'router:external': False,
#'shared': False,
'id': 'ff0a1d64-ce30-4ed0-ba37-597eaf8976f0',
#'provider: segmentation_id': 1200L
}
# ml2_network_segments
segments = [{
'segmentation_id': 1200L,
'physical_network': u'physnet1',
'id': u'e7dfa4fb-038a-4aad-b6fa-73afba788888',
'network_type': u'vlan'
}]
"""
net = {
'name': '',
'tenant_id': '',
'provider: network_type': '',
'router:external': False,
'id': '',
}
segment = {
'segmentation_id': 0,
'physical_network': '',
'id': '',
'network_type': ''
}
records = fortinet_db.query_records(context, models_v2.Network)
with Progress(len(records), 'network_migration') as p:
for record in records:
reset(net)
reset(segment)
db_seg = fortinet_db.query_record(context,
ml2_db.NetworkSegment,
network_id=record.id)
cls2dict(record, net)
db_extnet = fortinet_db.query_record(context,
ExternalNetwork,
network_id=record.id)
if db_extnet:
net['router:external'] = True
cls2dict(db_seg, segment)
net['provider: network_type'] = db_seg.network_type
mech_context = Fake_mech_context(_plugin_context=context,
current=net,
network_segments=[segment])
mech_driver.create_network_postcommit(mech_context)
p.update()
def add_interface_ip(obj, context, **kwargs):
"""
:param context:
:param kwargs: example format as below
{
"ip": "10.160.37.20 255.255.255.0",
"name": "port37",
"vdom": "root"
}
:return:
"""
inf_db = fortinet_db.query_record(context,
fortinet_db.Fortinet_Interface,
name=kwargs.get('name'))
if const.EXT_DEF_DST in getattr(inf_db, 'ip'):
inf_db.update_record(context, inf_db, **kwargs)
op(obj, context, resources.VlanInterface.set, **kwargs)
else:
records = fortinet_db.query_records(
context,
fortinet_db.Fortinet_Interface_subip,
name=kwargs.get('name'))
org_subips = [getattr(record, 'ip') for record in records]
if kwargs.get('ip') in org_subips:
return
add_record(obj, context, fortinet_db.Fortinet_Interface_subip,
**kwargs)
def delete_routerstatics(obj, context, **kwargs):
records = fortinet_db.query_records(context,
fortinet_db.Fortinet_Static_Router,
**kwargs)
for record in records:
delete_routerstatic(obj,
context,
vdom=record.vdom,
edit_id=record.edit_id)
def subnet_migration(context, mech_driver):
# table subnets
subnet = {
'allocation_pools': [{
'start': '172.20.21.2',
'end': '172.20.21.254'
}],
'cidr': '172.20.21.0/24',
'id': 'ee1506dc-d1a9-45b3-840e-137bdaebce52',
'enable_dhcp': True,
'network_id': u'ad47f7b8-4bb7-4591-b8ed-f720237dd24f',
'tenant_id': u'11513667f4ee4a14acb0985659456f24',
'dns_nameservers': [],
'gateway_ip': u'172.20.21.1',
'shared': False
}
ipallocation_pool = {'start': '172.20.21.2', 'end': '172.20.21.254'}
records = fortinet_db.query_records(context, models_v2.Subnet)
with Progress(len(records), 'subnet_migration') as p:
for record in records:
dns_nameservers = []
reset(subnet)
reset(ipallocation_pool)
db_ipallocation = fortinet_db.query_record(
context, models_v2.IPAllocationPool, subnet_id=record.id)
cls2dict(db_ipallocation,
ipallocation_pool,
first_ip='start',
last_ip='end')
db_dnssrvs = fortinet_db.query_records(context,
models_v2.DNSNameServer,
subnet_id=record.id)
for dns in db_dnssrvs:
dns_nameservers.append(dns.address)
cls2dict(record, subnet)
subnet['dns_nameservers'] = dns_nameservers
subnet['allocation_pools'] = [ipallocation_pool]
mech_context = Fake_mech_context(_plugin_context=context,
current=subnet)
mech_driver.create_subnet_postcommit(mech_context)
p.update()
def delete_interface_ip(obj, context, **kwargs):
"""
:param context:
:param kwargs: example format as below
{
"ip": "10.160.37.20 255.255.255.0",
"name": "port37",
"vdom": "root"
}
:return:
"""
records = fortinet_db.query_records(context,
fortinet_db.Fortinet_Interface_subip,
name=kwargs.get('name'))
org_subips = [getattr(record, 'ip') for record in records]
if kwargs.get('ip') in org_subips:
org_subips.remove(kwargs["ip"])
#op(obj, context, resources.VlanInterface.set,
# name=kwargs.get('name'),
# vdom=kwargs.get('vdom'),
# secondaryips=org_subips)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Interface_subip,
**kwargs)
else:
inf_db = fortinet_db.query_record(context,
fortinet_db.Fortinet_Interface,
**kwargs)
if not inf_db:
return
if org_subips:
kwargs['ip'] = org_subips.pop()
op(obj,
context,
resources.VlanInterface.set,
name=kwargs.get('name'),
vdom=kwargs.get('vdom'),
secondaryips=org_subips)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Interface_subip,
**kwargs)
else:
kwargs['ip'] = const.EXT_DEF_DST
op(obj, context, resources.VlanInterface.set, **kwargs)
inf_db.update_record(context, inf_db, ip=kwargs['ip'])
def _get_fips_in_fw(self, context, tenant_id, fw_net):
fw_fips = []
if not fw_net:
return fw_fips
namespace = fortinet_db.Fortinet_ML2_Namespace.query_one(
context, tenant_id=tenant_id)
if not namespace:
return fw_fips
db_fips = fortinet_db.query_records(
context,
l3_db.FloatingIP,
tenant_id=tenant_id,
status=n_consts.FLOATINGIP_STATUS_ACTIVE)
for fip in db_fips:
if getattr(fip, 'fixed_ip_address', None) and \
IPAddress(fip.fixed_ip_address) in IPNetwork(fw_net):
fw_fips.append((fip.id, fip.floating_ip_address))
return fw_fips
def delete_addrgrp(obj, context, **kwargs):
"""
:param context: for database
:param kwargs:
example format
{
"name": "addrgrp_osvdm1",
"vdom": "osvdm1",
"members": ["192.168.10.0", "192.168.33.0"]
}
each member of members is the address name to be deleted in
the specific firewall address group in FGT.
"""
cls = fortinet_db.Fortinet_Firewall_Address
records = fortinet_db.query_records(context, cls, group=kwargs['name'])
if not records:
LOG.debug("There is not any record in db")
return
members = [
record.name for record in records
if record.name not in kwargs['members']
]
if members:
kwargs['members'] = members
op(obj, context, resources.FirewallAddrgrp.set, **kwargs)
else:
delete_fwpolicy(obj,
context,
vdom=kwargs.get('vdom'),
srcintf='any',
srcaddr=kwargs['name'],
dstintf='any',
nat='disable')
try:
del kwargs['members']
op(obj, context, resources.FirewallAddrgrp.delete, **kwargs)
except Exception as e:
resources.Exinfo(e)
for record in records:
if record.name not in members:
record.update_record(context, record, group=None)
def floatingip_migration(context, l3_driver):
"""
# table floatingips, ipallocations
floatingip = {
u'floatingip': {
u'floating_network_id': u'2bdcaa63-22c5-4e58-8e2e-8f35bef7f513',
'tenant_id': u'11513667f4ee4a14acb0985659456f24',
'fixed_ip_address': None,
'port_id': None
}
}
returned_obj
{
'floating_network_id': u'2bdcaa63-22c5-4e58-8e2e-8f35bef7f513',
'router_id': None,
'fixed_ip_address': None,
'floating_ip_address': u'10.160.37.139',
'tenant_id': u'11513667f4ee4a14acb0985659456f24',
'status': 'DOWN',
'port_id': None,
'id': '78764016-da62-42fd-96a4-f2bd0510b5bc'
}
"""
returned_obj = {
'fixed_ip_address': None,
'floating_ip_address': u'10.160.37.139',
'tenant_id': u'11513667f4ee4a14acb0985659456f24',
'status': 'DOWN',
'port_id': None,
'id': '78764016-da62-42fd-96a4-f2bd0510b5bc'
}
floatingip = {'floatingip': returned_obj}
records = fortinet_db.query_records(context, l3_db.FloatingIP)
with Progress(len(records), 'floatingip_migration') as p:
for record in records:
reset(returned_obj)
cls2dict(record, returned_obj, fixed_port_id='port_id')
l3_driver.create_floatingip(context, floatingip, returned_obj)
p.update()
def add_reservedip(obj, context, **kwargs):
cls = fortinet_db.Fortinet_ML2_ReservedIP
add_record(obj, context, cls, **kwargs)
db_reservedips = fortinet_db.query_records(
context, cls, subnet_id=kwargs.get('subnet_id'))
db_subnet = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Subnet,
subnet_id=kwargs.get('subnet_id'))
if db_subnet:
reserved_addresses = []
for rsrvdip in db_reservedips:
reserved_addresses.append({
'id': rsrvdip.edit_id,
'ip': rsrvdip.ip,
'mac': rsrvdip.mac
})
op(obj,
context,
resources.DhcpServerRsvAddr.set,
id=db_subnet.edit_id,
vdom=kwargs.get('vdom'),
reserved_address=jsonutils.dumps(reserved_addresses))
def add_secondaryip(obj, context, **kwargs):
"""
:param obj:
:param context:
:param kwargs:
'name': vl_ext_xx,
'vdom': const.EXT_VDOM,
'ip': 'x.x.x.x x.x.x.x'
:return:
"""
records = fortinet_db.query_records(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=kwargs['vdom'],
allocated=True)
secondaryips = []
for record in records:
secondaryips.append(getip(record.ip_subnet, 1))
if op(obj,
context,
resources.VlanInterface.set,
name=kwargs['name'],
vdom=const.EXT_VDOM,
secondaryips=secondaryips):
secondaryips.remove(kwargs['ip'])
rollback = {
'params': (obj._driver, {
'name': kwargs['name'],
'vdom': const.EXT_VDOM,
'secondaryips': secondaryips
}),
'func':
resources.VlanInterface.set
}
obj.task_manager.add(getid(context), **rollback)
def add_addrgrp(obj, context, **kwargs):
"""
:param context:
:param kwargs:
{
"name": "addrgrp_osvdm1",
"vdom": "osvdm1",
"members": ["192.168.33.0"]
}
:return:
"""
cls = fortinet_db.Fortinet_Firewall_Address
records = fortinet_db.query_records(context, cls, group=kwargs['name'])
for name in kwargs['members']:
record = fortinet_db.query_record(context,
cls,
name=name,
vdom=kwargs['vdom'])
if not record.group:
cls.update_record(context, record, group=kwargs['name'])
# TODO(samsu): need to add a rollback action to taskmanager
else:
LOG.debug("The member %(record)s already joined a group",
{"record": record})
for record in records:
kwargs['members'].append(record.name)
try:
op(obj,
context,
resources.FirewallAddrgrp.get,
name=kwargs['name'],
vdom=kwargs['vdom'])
# TODO(samsu): need to add a rollback action to taskmanager
op(obj, context, resources.FirewallAddrgrp.set, **kwargs)
except exception.ResourceNotFound:
op(obj, context, resources.FirewallAddrgrp.add, **kwargs)
def port_migration(context, mech_driver, l3_driver):
"""
:param mech_driver:
:param context:
:return:
# table ports
port
{
'status': 'DOWN',
'binding: host_id': '',
'allowed_address_pairs': [],
'device_owner': 'network: router_interface',
'binding: profile': {
},
# table ipallocations
'fixed_ips': [{
'subnet_id': u'f645b09c-a34a-42fb-9c14-b999e43a54c7',
'ip_address': u'172.20.21.1'
}],
'id': 'fb66def6-bd5e-44a0-a3f7-7c0e8e08d9ff',
'security_groups': [],
'device_id': u'e4020c65-7003-468b-a34d-31af297397a0',
'name': '',
'admin_state_up': True,
'network_id': u'f8e34426-ccf7-429c-b726-3809d54cabdc',
'tenant_id': u'11513667f4ee4a14acb0985659456f24',
'binding: vif_details': {
},
'binding: vnic_type': 'normal',
'binding: vif_type': 'unbound',
'mac_address': u'00: 0c: 29: d9: 18: 3f'
}
"""
port = {
'device_owner':
'network: router_interface',
'fixed_ips': [{
'subnet_id': u'f645b09c-a34a-42fb-9c14-b999e43a54c7',
'ip_address': u'172.20.21.1'
}],
'id':
'fb66def6-bd5e-44a0-a3f7-7c0e8e08d9ff',
'device_id':
u'e4020c65-7003-468b-a34d-31af297397a0',
'admin_state_up':
True,
'network_id':
u'f8e34426-ccf7-429c-b726-3809d54cabdc',
'tenant_id':
u'11513667f4ee4a14acb0985659456f24',
'mac_address':
u'00: 0c: 29: d9: 18: 3f'
}
ipallocation = {
'subnet_id': u'f645b09c-a34a-42fb-9c14-b999e43a54c7',
'ip_address': u'172.20.21.1'
}
MAC = utils.get_mac(mech_driver, context)
records = fortinet_db.query_records(context, models_v2.Port)
with Progress(len(records), 'port_migration') as p:
for record in records:
reset(port)
cls2dict(record, port)
if port['fixed_ips']:
fixed_ips = []
for fixed_ip in port['fixed_ips']:
cls2dict(fixed_ip, ipallocation)
fixed_ips.append(ipallocation)
port['fixed_ips'] = fixed_ips
if port['device_owner'] in [ROUTER_INTF, ROUTER_GW] and \
MAC not in port['mac_address']:
port['mac_address'] = MAC
if not fortinet_db.query_count(context,
models_v2.Port,
mac_address=MAC,
network_id=record.network_id):
fortinet_db.update_record(context, record, mac_address=MAC)
mech_context = Fake_mech_context(_plugin_context=context,
current=port)
mech_driver.create_port_precommit(mech_context)
mech_driver.create_port_postcommit(mech_context)
db_routerport = fortinet_db.query_record(context,
l3_db.RouterPort,
port_id=record.id)
if getattr(db_routerport, 'port_type', None) in [ROUTER_INTF]:
l3_driver.add_router_interface(context, port)
p.update()