def security_group_delete_task(firewall):
rc = create_rc_by_security(firewall)
start = datetime.datetime.now()
try:
LOG.info(u"Firewall delete task start, [%s].", firewall)
network.security_group_delete(rc, firewall.firewall_id)
except Exception:
end = datetime.datetime.now()
LOG.exception(u"Firewall delete api call failed, [%s], "
"apply [%s] seconds.",
firewall, (end - start).seconds)
return False
else:
for rule in firewall.firewallrules_set.all():
rule.firewall_rules_id = None
rule.deleted = True
rule.delete()
firewall.firewall_id = None
firewall.deleted = True
firewall.save()
end = datetime.datetime.now()
LOG.info(u"Firewall delete task succeed, [%s], "
"apply [%s] seconds.",
firewall, (end - start).seconds)
return True
def security_group_rule_create_task(firewall_rule=None):
assert firewall_rule
rc = create_rc_by_security(firewall_rule)
start = datetime.datetime.now()
try:
LOG.info(u"Firewall rule create task start, [%s].", firewall_rule)
rule = network.security_group_rule_create(rc,
parent_group_id=firewall_rule.firewall.firewall_id,
direction=firewall_rule.direction,
ethertype=firewall_rule.ether_type,
ip_protocol=firewall_rule.protocol,
from_port=firewall_rule.port_range_min,
to_port=firewall_rule.port_range_max,
cidr=firewall_rule.remote_ip_prefix,
group_id=firewall_rule.remote_group_id)
except Exception as e:
firewall_rule.delete()
end = datetime.datetime.now()
LOG.exception(u"Firewall rule create api call failed, [%s], "
"apply [%s] seconds.",
firewall_rule, (end-start).seconds)
return False
else:
firewall_rule.firewall_rules_id = rule.id
firewall_rule.save()
end = datetime.datetime.now()
LOG.info(u"Firewall rule create task succeed, [%s], "
"apply [%s] seconds.",
firewall_rule, (end-start).seconds)
return True
def security_group_create_task(firewall=None):
if not firewall:
return
rc = create_rc_by_security(firewall)
security_group = network.security_group_create(rc, firewall.name, firewall.desc)
firewall.firewall_id = security_group.id
firewall.save()
def security_group_create_task(firewall=None):
if not firewall:
return
rc = create_rc_by_security(firewall)
security_group = network.security_group_create(rc, firewall.name,
firewall.desc)
firewall.firewall_id = security_group.id
firewall.save()
def server_update_security_groups_task(instance, firewall=None):
if not firewall:
return
rc = create_rc_by_security(firewall)
try:
LOG.info("Update server security group ,server_id[%s],security_group[%s]" % (instance.uuid, firewall.firewall_id))
network.server_update_security_groups(rc, instance.uuid, [firewall.firewall_id])
except Exception as e:
LOG.error("Update server security group error, msg: %s" % e)
raise e
def security_group_rule_delete_task(firewall_rule=None):
if not firewall_rule:
return
rc = create_rc_by_security(firewall_rule)
try:
network.security_group_rule_delete(rc, firewall_rule.firewall_rules_id)
firewall_rule.firewall_rules_id = ''
firewall_rule.deleted = True
firewall_rule.save()
except Exception as e:
LOG.info("Delete firewall rule error %s" % e)
raise e
def server_update_security_groups_task(instance, firewall=None):
if not firewall:
return
rc = create_rc_by_security(firewall)
try:
LOG.info(
"Update server security group ,server_id[%s],security_group[%s]" %
(instance.uuid, firewall.firewall_id))
network.server_update_security_groups(rc, instance.uuid,
[firewall.firewall_id])
except Exception as e:
LOG.error("Update server security group error, msg: %s" % e)
raise e
def security_group_rule_delete_task(firewall_rule=None):
if not firewall_rule:
return
rc = create_rc_by_security(firewall_rule)
try:
network.security_group_rule_delete(rc, firewall_rule.firewall_rules_id)
firewall_rule.firewall_rules_id = ''
firewall_rule.deleted = True
firewall_rule.save()
except Exception as e:
LOG.info("Delete firewall rule error %s" % e)
raise e
def security_group_rule_create_task(firewall_rule=None):
if not firewall_rule:
return
rc = create_rc_by_security(firewall_rule)
try:
rule = network.security_group_rule_create(rc, parent_group_id=firewall_rule.firewall.firewall_id,
direction=firewall_rule.direction,
ethertype=firewall_rule.ether_type,
ip_protocol=firewall_rule.protocol,
from_port=firewall_rule.port_range_min,
to_port=firewall_rule.port_range_max,
cidr=firewall_rule.remote_ip_prefix,
group_id=firewall_rule.remote_group_id)
firewall_rule.firewall_rules_id = rule.id
firewall_rule.save()
except Exception as e:
firewall_rule.delete()
raise e
def security_group_delete_task(firewall=None):
if not firewall:
return
rc = create_rc_by_security(firewall)
try:
security_group = network.security_group_delete(rc, firewall.firewall_id)
firewall.firewall_id = ""
firewall.deleted = True
firewall.save()
firewall_rule_set = FirewallRules.objects.filter(firewall=firewall.id)
if not firewall_rule_set:
return
for rule in firewall_rule_set:
rule.firewall_rules_id = ''
rule.deleted = True
rule.save()
except Exception as e:
LOG.error("Firewall delete error, msg: %s" % e)
raise e
def security_group_create_task(firewall):
assert firewall
rc = create_rc_by_security(firewall)
start = datetime.datetime.now()
try:
LOG.info(u"Firewall create task start, [%s]." % firewall)
security_group = network.security_group_create(rc,
firewall.name, firewall.desc)
except Exception as ex:
end = datetime.datetime.now()
LOG.exception(u"Firewall create api call failed, [%s], "
"apply [%s] seconds." % (firewall, (end-start).seconds))
return False
else:
end = datetime.datetime.now()
LOG.info(u"Firewall create task succeed, [%s], "
"apply [%s] seconds." % (firewall, (end-start).seconds))
firewall.firewall_id = security_group.id
firewall.save()
return True
def security_group_delete_task(firewall=None):
if not firewall:
return
rc = create_rc_by_security(firewall)
try:
security_group = network.security_group_delete(rc,
firewall.firewall_id)
firewall.firewall_id = ""
firewall.deleted = True
firewall.save()
firewall_rule_set = FirewallRules.objects.filter(firewall=firewall.id)
if not firewall_rule_set:
return
for rule in firewall_rule_set:
rule.firewall_rules_id = ''
rule.deleted = True
rule.save()
except Exception as e:
LOG.error("Firewall delete error, msg: %s" % e)
raise e
def security_group_rule_create_task(firewall_rule=None):
if not firewall_rule:
return
rc = create_rc_by_security(firewall_rule)
try:
rule = network.security_group_rule_create(
rc,
parent_group_id=firewall_rule.firewall.firewall_id,
direction=firewall_rule.direction,
ethertype=firewall_rule.ether_type,
ip_protocol=firewall_rule.protocol,
from_port=firewall_rule.port_range_min,
to_port=firewall_rule.port_range_max,
cidr=firewall_rule.remote_ip_prefix,
group_id=firewall_rule.remote_group_id)
firewall_rule.firewall_rules_id = rule.id
firewall_rule.save()
except Exception as e:
firewall_rule.delete()
raise e
def server_update_security_groups_task(instance, firewall=None):
assert firewall
rc = create_rc_by_security(firewall)
start = datetime.datetime.now()
try:
LOG.info(u"Instance change firewall task start, [%s][%s]." % (
instance, firewall))
network.server_update_security_groups(rc, instance.uuid, [firewall.firewall_id])
except Exception as e:
end = datetime.datetime.now()
LOG.exception(u"Instance change firewall api call failed, "
"[%s][%s], apply [%s] seconds." % (
instance, firewall, (end-start).seconds))
return False
else:
end = datetime.datetime.now()
LOG.info(u"Instance change firewall task succeed, [%s][%s], "
"apply [%s] seconds." % (
instance, firewall, (end-start).seconds))
instance.firewall_group = firewall
instance.save()
return True
def security_group_rule_delete_task(firewall_rule):
assert firewall_rule
rc = create_rc_by_security(firewall_rule)
start = datetime.datetime.now()
try:
LOG.info(u"Firewall rule delete task start, [%s].", firewall_rule)
if firewall_rule.firewall_rules_id:
network.security_group_rule_delete(rc,
firewall_rule.firewall_rules_id)
except Exception as e:
end = datetime.datetime.now()
LOG.exception(u"Firewall rule delete api call failed, [%s], "
"apply [%s] seconds.",
firewall_rule, (end-start).seconds)
return False
else:
firewall_rule.delete()
end = datetime.datetime.now()
LOG.info(u"Firewall rule delete task succeed, [%s], "
"apply [%s] seconds.",
firewall_rule, (end-start).seconds)
return True