def update_implicit_subnetpool(self, context, subnetpool):
is_implicit = False
if validators.is_attr_set(subnetpool.get('is_implicit')):
is_implicit = subnetpool['is_implicit']
with context.session.begin(subtransactions=True):
if is_implicit:
# Verify feasibility. Only one implicit SP must exist per
# tenant (or global)
msg = _('There can be at most one implicit '
'subnetpool per address family per tenant.')
self._validate_implicit_subnetpool(
context,
subnetpool['id'],
tenant=subnetpool['tenant_id'],
msg=msg,
ip_version=subnetpool['ip_version'])
if subnetpool['shared']:
# Check globally too
msg = _('There can be at most one global implicit '
'subnetpool per address family.')
self._validate_implicit_subnetpool(
context,
subnetpool['id'],
tenant=None,
msg=msg,
ip_version=subnetpool['ip_version'])
db_obj = self._get_implicit_subnetpool(context, subnetpool['id'])
if db_obj:
db_obj.is_implicit = is_implicit
db_obj = db_obj or ImplicitSubnetpool(
subnetpool_id=subnetpool['id'], is_implicit=is_implicit)
context.session.add(db_obj)
return is_implicit
def _http_request(self, url, method_type, headers=None, body=None):
try:
h = httplib2.Http()
resp, content = h.request(url,
method=method_type,
headers=headers,
body=body,
connection_type=UnixHTTPConnection)
return resp, content
except httplib2.ServerNotFoundError:
raise RestClientException(_("Server Not Found"))
except exceptions.Exception as e:
raise RestClientException(_("httplib response error %s") % (e))
def _validate_str_list(data, valid_values=None):
if not isinstance(data, list):
msg = _("'%s' is not a list") % data
LOG.debug(msg)
return msg
for item in data:
msg = valid.validate_string(item)
if msg:
LOG.debug(msg)
return msg
if len(set(data)) != len(data):
msg = _("Duplicate items in the list: '%s'") % ', '.join(data)
LOG.debug(msg)
return msg
def _validate_str_list(data, valid_values=None):
if not isinstance(data, list):
msg = _("'%s' is not a list") % data
LOG.debug(msg)
return msg
for item in data:
msg = valid.validate_string(item)
if msg:
LOG.debug(msg)
return msg
if len(set(data)) != len(data):
msg = _("Duplicate items in the list: '%s'") % ', '.join(data)
LOG.debug(msg)
return msg
def _unmap(self, session, name, type_tag, prefix, enforce):
pos = len(prefix) + len(type_tag) + 1
if self._map(session, "", type_tag, prefix) == name[:pos]:
return name[pos:]
elif enforce:
msg = _("Attempted to reverse-map invalid APIC name '%s'") % name
raise exceptions.InternalError(details=msg)
def _http_request(self, url, method_type, headers=None, body=None):
try:
h = httplib2.Http()
resp, content = h.request(
url,
method=method_type,
headers=headers,
body=body,
connection_type=UnixHTTPConnection)
return resp, content
except httplib2.ServerNotFoundError:
raise RestClientException(_("Server Not Found"))
except exceptions.Exception as e:
raise RestClientException(_("httplib response error %s") % (e))
class InvalidNetworkServiceParameters(GroupPolicyBadRequest):
message = _("Resource Mapping Driver currently supports Network Service "
"Parameters with the following types and values: "
"type: 'ip_single' value: 'self_subnet'; "
"type: 'ip_pool' value: 'nat_pool'; "
"type: 'ip_single' value: 'nat_pool'; "
"type: 'qos_maxrate' value: numerical of intended Kbps; "
"type: 'qos_burstrate' value: numerical of intended Kbps.")
class NFPException(Exception):
"""Base NFP Exception
To correctly use this class, inherit from it and define
a 'message' property. That message will get printf'd
with the keyword arguments provided to the constructor.
"""
message = _("An unknown exception occurred.")
code = 500
headers = {}
safe = False
def __init__(self, message=None, **kwargs):
self.kwargs = kwargs
self.kwargs['message'] = message
if 'code' not in self.kwargs:
try:
self.kwargs['code'] = self.code
except AttributeError:
pass
for k, v in self.kwargs.items():
if isinstance(v, Exception):
self.kwargs[k] = six.text_type(v)
if self._should_format():
try:
message = self.message % kwargs
except Exception:
exc_info = sys.exc_info()
# kwargs doesn't match a variable in the message
# log the issue and the kwargs
LOG.exception('Exception in string format operation')
for name, value in kwargs.items():
LOG.error("%(name)s: %(value)s", {
'name': name,
'value': value
})
if CONF.fatal_exception_format_errors:
six.reraise(*exc_info)
# at least get the core message out if something happened
message = self.message
elif isinstance(message, Exception):
message = six.text_type(message)
self.msg = message
super(NFPException, self).__init__(message)
def _should_format(self):
return self.kwargs['message'] is None or '%(message)' in self.message
def __unicode__(self):
return six.text_type(self.msg)
def connect(self):
"""Method used to connect socket server."""
self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
if self.timeout:
self.sock.settimeout(self.timeout)
try:
self.sock.connect(self.socket_path)
except socket.error as exc:
raise RestClientException(
_("Caught exception socket.error : %s") % exc)
def connect(self):
"""Method used to connect socket server."""
self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
if self.timeout:
self.sock.settimeout(self.timeout)
try:
self.sock.connect(self.socket_path)
except socket.error as exc:
raise RestClientException(
_("Caught exception socket.error : %s") % exc)
def _timedout(self):
if self._idle_count > self._idle_count_max:
self._end_time = time.time()
raise ConnectionIdleTimeOut(
_("Connection (%(conn)d) - "
"stime (%(start_time)s) - etime (%(end_time)s) - "
"idle_count (%(idle)d) idle_count_max(%(idle_max)d)") %
{'conn': self.identify(),
'start_time': self._start_time,
'end_time': self._end_time,
'idle': self._idle_count,
'idle_max': self._idle_count_max})
def _timedout(self):
if self._idle_count > self._idle_count_max:
self._end_time = time.time()
raise ConnectionIdleTimeOut(
_("Connection (%(conn)d) - "
"stime (%(start_time)s) - etime (%(end_time)s) - "
"idle_count (%(idle)d) idle_count_max(%(idle_max)d)") % {
'conn': self.identify(),
'start_time': self._start_time,
'end_time': self._end_time,
'idle': self._idle_count,
'idle_max': self._idle_count_max
})
def load_plugin(namespace, plugin):
try:
# Try to resolve plugin by name
mgr = driver.DriverManager(namespace, plugin)
plugin_class = mgr.driver
except RuntimeError as e1:
# fallback to class name
try:
plugin_class = importutils.import_class(plugin)
except ImportError as e2:
LOG.exception("Error loading plugin by name, %s", e1)
LOG.exception("Error loading plugin by class, %s", e2)
raise ImportError(_("Plugin not found."))
return plugin_class()
def load_plugin(namespace, plugin):
try:
# Try to resolve plugin by name
mgr = driver.DriverManager(namespace, plugin)
plugin_class = mgr.driver
except RuntimeError as e1:
# fallback to class name
try:
plugin_class = importutils.import_class(plugin)
except ImportError as e2:
LOG.exception("Error loading plugin by name, %s", e1)
LOG.exception("Error loading plugin by class, %s", e2)
raise ImportError(_("Plugin not found."))
return plugin_class()
def _create_implicit_l3_policy(self, context):
tenant_id = context.current['tenant_id']
filter = {'tenant_id': [tenant_id], 'name': [self._default_l3p_name]}
l3ps = self._get_l3_policies(context._plugin_context, filter)
l3p = l3ps and l3ps[0]
if not l3p:
attrs = {
'tenant_id': tenant_id,
'name': self._default_l3p_name,
'description': _("Implicitly created L3 policy"),
'ip_version': self._default_ip_version,
'ip_pool': self._default_ip_pool,
'shared': context.current.get('shared', False),
'subnet_prefix_length': self._default_subnet_prefix_length
}
if self._proxy_group_enabled:
attrs['proxy_ip_pool'] = (self._default_proxy_ip_pool)
attrs['proxy_subnet_prefix_length'] = (
self._default_proxy_subnet_prefix_length)
try:
l3p = self._create_l3_policy(context._plugin_context, attrs)
self._mark_l3_policy_owned(context._plugin_context.session,
l3p['id'])
except exc.DefaultL3PolicyAlreadyExists:
with excutils.save_and_reraise_exception(
reraise=False) as ctxt:
LOG.debug(
"Possible concurrent creation of default L3 "
"policy for tenant %s", tenant_id)
l3ps = self._get_l3_policies(context._plugin_context,
filter)
l3p = l3ps and l3ps[0]
if not l3p:
LOG.warning(
"Caught DefaultL3PolicyAlreadyExists, "
"but default L3 policy not concurrently "
"created for tenant %s", tenant_id)
ctxt.reraise = True
except exc.OverlappingIPPoolsInSameTenantNotAllowed:
with excutils.save_and_reraise_exception():
LOG.info(
"Caught "
"OverlappingIPPoolsinSameTenantNotAllowed "
"during creation of default L3 policy for "
"tenant %s", tenant_id)
context.current['l3_policy_id'] = l3p['id']
def _create_implicit_l3_policy(self, context):
tenant_id = context.current['tenant_id']
filter = {'tenant_id': [tenant_id],
'name': [self._default_l3p_name]}
l3ps = self._get_l3_policies(context._plugin_context, filter)
l3p = l3ps and l3ps[0]
if not l3p:
attrs = {'tenant_id': tenant_id,
'name': self._default_l3p_name,
'description': _("Implicitly created L3 policy"),
'ip_version': self._default_ip_version,
'ip_pool': self._default_ip_pool,
'shared': context.current.get('shared', False),
'subnet_prefix_length':
self._default_subnet_prefix_length}
if self._proxy_group_enabled:
attrs['proxy_ip_pool'] = (
self._default_proxy_ip_pool)
attrs['proxy_subnet_prefix_length'] = (
self._default_proxy_subnet_prefix_length)
try:
l3p = self._create_l3_policy(context._plugin_context, attrs)
self._mark_l3_policy_owned(context._plugin_context.session,
l3p['id'])
except exc.DefaultL3PolicyAlreadyExists:
with excutils.save_and_reraise_exception(
reraise=False) as ctxt:
LOG.debug("Possible concurrent creation of default L3 "
"policy for tenant %s", tenant_id)
l3ps = self._get_l3_policies(context._plugin_context,
filter)
l3p = l3ps and l3ps[0]
if not l3p:
LOG.warning(
"Caught DefaultL3PolicyAlreadyExists, "
"but default L3 policy not concurrently "
"created for tenant %s", tenant_id)
ctxt.reraise = True
except exc.OverlappingIPPoolsInSameTenantNotAllowed:
with excutils.save_and_reraise_exception():
LOG.info("Caught "
"OverlappingIPPoolsinSameTenantNotAllowed "
"during creation of default L3 policy for "
"tenant %s", tenant_id)
context.current['l3_policy_id'] = l3p['id']
def _create_implicit_l2_policy(self, context):
attrs = {'tenant_id': context.current['tenant_id'],
'name': context.current['name'],
'description': _("Implicitly created L2 policy"),
'l3_policy_id': None,
'shared': context.current.get('shared', False),
'network_id': None}
if context.current.get('proxied_group_id'):
# The L3P has to be the same as the proxied group
group = context._plugin.get_policy_target_group(
context._plugin_context, context.current['proxied_group_id'])
l2p = context._plugin.get_l2_policy(
context._plugin_context, group['l2_policy_id'])
attrs['l3_policy_id'] = l2p['l3_policy_id']
l2p = self._create_l2_policy(context._plugin_context, attrs)
context.current['l2_policy_id'] = l2p['id']
self._mark_l2_policy_owned(context._plugin_context.session, l2p['id'])
def _create_domain(self, context):
project_id = context.current['project_id']
tenant_name = context._plugin_context.tenant_name
domain_name = generate_nsx_name(project_id, tenant_name)
LOG.info('Creating domain %(domain)s for project %(project)s',
{'domain': domain_name,
'project': project_id})
self.nsx_policy.domain.create_or_overwrite(
name=domain_name,
domain_id=project_id,
description=_('Domain for tenant %s') % tenant_name)
self.nsx_policy.deployment_map.create_or_overwrite(
name=domain_name,
map_id=project_id,
domain_id=project_id,
ep_id=SINGLE_ENTRY_ID)
def _create_implicit_l2_policy(self, context):
attrs = {
'tenant_id': context.current['tenant_id'],
'name': context.current['name'],
'description': _("Implicitly created L2 policy"),
'l3_policy_id': None,
'shared': context.current.get('shared', False),
'network_id': None
}
if context.current.get('proxied_group_id'):
# The L3P has to be the same as the proxied group
group = context._plugin.get_policy_target_group(
context._plugin_context, context.current['proxied_group_id'])
l2p = context._plugin.get_l2_policy(context._plugin_context,
group['l2_policy_id'])
attrs['l3_policy_id'] = l2p['l3_policy_id']
l2p = self._create_l2_policy(context._plugin_context, attrs)
context.current['l2_policy_id'] = l2p['id']
self._mark_l2_policy_owned(context._plugin_context.session, l2p['id'])
def _create_domain(self, context):
project_id = context.current['project_id']
tenant_name = context._plugin_context.tenant_name
domain_name = generate_nsx_name(project_id, tenant_name)
LOG.info('Creating domain %(domain)s for project %(project)s', {
'domain': domain_name,
'project': project_id
})
self.nsx_policy.domain.create_or_overwrite(
name=domain_name,
domain_id=project_id,
description=_('Domain for tenant %s') % tenant_name)
self.nsx_policy.deployment_map.create_or_overwrite(
name=domain_name,
map_id=project_id,
domain_id=project_id,
ep_id=SINGLE_ENTRY_ID)
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from gbpservice._i18n import _
# REVISIT: Auto-PTG is currently config driven to align with the
# config driven behavior of the older driver but is slated for
# removal.
opts = [
cfg.BoolOpt('create_auto_ptg',
default=True,
help=_("Automatically create a PTG when a L2 Policy "
"gets created. This is currently an aim_mapping "
"policy driver specific feature.")),
cfg.BoolOpt('create_per_l3p_implicit_contracts',
default=True,
help=_("This configuration is set to True to migrate a "
"deployment that has l3_policies without implicit "
"AIM contracts (these are deployments which have "
"AIM implicit contracts per tenant). A Neutron server "
"restart is required for this configuration to take "
"effect. The creation of the implicit contracts "
"happens at the time of the AIM policy driver "
"initialization. The configuration can be set to "
"False to avoid recreating the implicit contracts "
"on subsequent Neutron server restarts. This "
"option will be removed in the O release")),
cfg.BoolOpt('advertise_mtu', # REVISIT: Move to apic_aim MD.
class NonIsomorphicNetworkRoutingUnsupported(exceptions.BadRequest):
message = _("All router interfaces for a network must utilize the same "
"VRF.")
def get_description(cls):
return _("Extension exposing mapping of GBP resources to Cisco "
"APIC constructs")
def get_description(cls):
return _("Adds test attributes to group policy resources.")
def __init__(self, **kwargs):
kwargs['reason'] = _('Subnet has SNAT IP addresses allocated')
super(SnatPortsInUse, self).__init__(**kwargs)
def send_request(self, path, method_type, request_method='http',
server_addr='127.0.0.1',
headers=None, body=None):
"""Implementation for common interface for all unix crud requests.
Return:Http Response
"""
# prepares path, body, url for sending unix request.
if method_type.upper() != 'GET':
body = jsonutils.dumps(body)
body = zlib.compress(body)
path = '/v1/nfp/' + path
url = urlparse.urlunsplit((
request_method,
server_addr,
path,
None,
''))
try:
resp, content = self._http_request(url, method_type,
headers=headers, body=body)
if content != '':
content = zlib.decompress(content)
message = "%s:%s" % (resp, content)
LOG.info(message)
except RestClientException as rce:
message = "ERROR : %s" % (rce)
LOG.error(message)
raise rce
success_code = [200, 201, 202, 204]
# Evaluate responses into success and failures.
# Raise exception for failure cases which needs
# to be handled by caller.
if success_code.__contains__(resp.status):
return resp, content
elif resp.status == 400:
raise RestClientException(_("HTTPBadRequest: %s") % resp.reason)
elif resp.status == 401:
raise RestClientException(_("HTTPUnauthorized: %s") % resp.reason)
elif resp.status == 403:
raise RestClientException(_("HTTPForbidden: %s") % resp.reason)
elif resp.status == 404:
raise RestClientException(_("HttpNotFound: %s") % resp.reason)
elif resp.status == 405:
raise RestClientException(
_("HTTPMethodNotAllowed: %s") % resp.reason)
elif resp.status == 406:
raise RestClientException(_("HTTPNotAcceptable: %s") % resp.reason)
elif resp.status == 408:
raise RestClientException(
_("HTTPRequestTimeout: %s") % resp.reason)
elif resp.status == 409:
raise RestClientException(_("HTTPConflict: %s") % resp.reason)
elif resp.status == 415:
raise RestClientException(
_("HTTPUnsupportedMediaType: %s") % resp.reason)
elif resp.status == 417:
raise RestClientException(
_("HTTPExpectationFailed: %s") % resp.reason)
elif resp.status == 500:
raise RestClientException(_("HTTPServerError: %s") % resp.reason)
else:
raise Exception(_('Unhandled Exception code: %(st)s %(reason)s') %
{'st': resp.status, 'reason': resp.reason})
class SubnetOverlapInRoutedVRF(exceptions.BadRequest):
message = _("Subnets %(id1)s (%(cidr1)s) and %(id2)s (%(cidr2)s) mapped "
"to %(vrf)s overlap.")
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from gbpservice._i18n import _
# REVISIT: Auto-PTG is currently config driven to align with the
# config driven behavior of the older driver but is slated for
# removal.
opts = [
cfg.BoolOpt('create_auto_ptg',
default=True,
help=_("Automatically create a PTG when a L2 Policy "
"gets created. This is currently an aim_mapping "
"policy driver specific feature.")),
cfg.BoolOpt('create_per_l3p_implicit_contracts',
default=True,
help=_("This configuration is set to True to migrate a "
"deployment that has l3_policies without implicit "
"AIM contracts (these are deployments which have "
"AIM implicit contracts per tenant). A Neutron server "
"restart is required for this configuration to take "
"effect. The creation of the implicit contracts "
"happens at the time of the AIM policy driver "
"initialization. The configuration can be set to "
"False to avoid recreating the implicit contracts "
"on subsequent Neutron server restarts. This "
"option will be removed in the O release")),
cfg.BoolOpt(
from oslo_serialization import jsonutils
import sqlalchemy as sa
from gbpservice._i18n import _
from gbpservice.neutron.services.servicechain.plugins.ncp import (
exceptions as exc)
from gbpservice.neutron.services.servicechain.plugins.ncp import driver_base
from gbpservice.neutron.services.servicechain.plugins.ncp.node_drivers import (
openstack_heat_api_client as heat_api_client)
LOG = logging.getLogger(__name__)
service_chain_opts = [
cfg.IntOpt('stack_action_wait_time',
default=15,
help=_("Seconds to wait for pending stack operation "
"to complete")),
cfg.IntOpt('delete_vip_port_retries',
default=10,
help=_("Retries to check if LB VIP port is deleted")),
cfg.StrOpt('heat_uri',
default='http://localhost:8004/v1',
help=_("Heat API server address to instantiate services "
"specified in the service chain.")),
cfg.StrOpt('exclude_pool_member_tag',
default='ExcludePoolMember',
help=_("Policy Targets created for the LB Pool Members should "
"have this tag in their description")),
]
cfg.CONF.register_opts(service_chain_opts, "heat_node_driver")
EXCLUDE_POOL_MEMBER_TAG = cfg.CONF.heat_node_driver.exclude_pool_member_tag
def post(self, **body):
"""Method of REST server to handle all the post requests.
This method sends an RPC cast to configurator according to the
HTTP request.
:param body: This method excepts dictionary as a parameter in HTTP
request and send this dictionary to configurator with RPC cast.
Returns: None
"""
try:
global cache_ips
global notifications
body = None
if pecan.request.is_body_readable:
body = pecan.request.json_body
# Assuming config list will have only one element
config_data = body['config'][0]
info_data = body['info']
context = info_data['context']
service_type = info_data['service_type']
resource = config_data['resource']
operation = context['operation']
msg1 = ("Request recieved :: %s" % body)
LOG.info(msg1)
if 'device_ip' in context:
msg3 = ("POSTING DATA TO VM :: %s" % body)
LOG.info(msg3)
device_ip = context['device_ip']
ip = str(device_ip)
if operation == 'delete':
return
msg5 = ("Verifying vm reachability on ip: %s, port: %s" % (
ip, self.vm_port))
LOG.info(msg5)
is_vm_reachable = self._verify_vm_reachability(ip,
self.vm_port)
if is_vm_reachable:
requests.post(
'http://' + ip + ':' + self.vm_port + '/v1/nfp/' +
self.method_name, data=jsonutils.dumps(body))
msg4 = ("requests successfull for data: %s" % body)
LOG.info(msg4)
else:
raise Exception(_('VM is not reachable'))
cache_ips.add(device_ip)
else:
if (resource in NFP_SERVICE_LIST):
result = "unhandled"
self._push_notification(context,
result, config_data, service_type)
else:
result = "Unsupported resource type"
self._push_notification(context,
result, config_data, service_type)
except Exception as err:
pecan.response.status = 400
msg = ("Failed to serve HTTP post request %s %s."
% (self.method_name, str(err).capitalize()))
LOG.error(msg)
error_data = self._format_description(msg)
return jsonutils.dumps(error_data)
def get_description(cls):
return _("This extension enables creating L2 policy objects that "
"use the same BridgeDomain on APIC")
class UnsupportedRoutingTopology(exceptions.BadRequest):
message = _("All router interfaces for a network must share either the "
"same router or the same subnet.")
class InternalError(exceptions.NeutronException):
message = _("Internal mechanism driver error - %(details)s.")
def __init__(self, **kwargs):
kwargs.setdefault('details', _("See error log for details"))
super(InternalError, self).__init__(**kwargs)
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from gbpservice._i18n import _
service_chain_opts = [
cfg.ListOpt('node_drivers',
default=['node_dummy'],
help=_("An ordered list of service chain node drivers "
"entrypoints to be loaded from the "
"gbpservice.neutron.servicechain.ncp_drivers "
"namespace.")),
cfg.StrOpt('node_plumber',
default='dummy_plumber',
help=_("The plumber used by the Node Composition Plugin "
"for service plumbing. Entrypoint loaded from the "
"gbpservice.neutron.servicechain.ncp_plumbers "
"namespace."))
]
cfg.CONF.register_opts(service_chain_opts, "node_composition_plugin")
def get_description(cls):
return _("This extension supports a list of allowed VM name regexes "
"that can be applied to the L3 policy resource.")
def __init__(self, **kwargs):
kwargs['reason'] = _('Subnet has SNAT IP addresses allocated')
super(SnatPortsInUse, self).__init__(**kwargs)
from gbpservice._i18n import _
from gbpservice.network.neutronv2 import local_api
from gbpservice.neutron.extensions import driver_proxy_group as pg_ext
from gbpservice.neutron.extensions import group_policy as gbp_ext
from gbpservice.neutron.services.grouppolicy import (
group_policy_driver_api as api)
from gbpservice.neutron.services.grouppolicy.common import exceptions as exc
LOG = logging.getLogger(__name__)
GBP_CONF = cfg.CONF.group_policy_group
opts = [
cfg.StrOpt('default_l3_policy_name',
default='default',
help=_("Name of each tenant's default L3 policy.")),
cfg.IntOpt('default_ip_version',
default=4,
help=_("IP version (4, 6 or 46) for implicitly created default "
"L3 policies.")),
cfg.StrOpt('default_ip_pool',
default=GBP_CONF.default_ip_pool,
help=_("IP pool for implicitly created default L3 policies, "
"from which subnets are allocated for policy target "
"groups.")),
cfg.IntOpt('default_subnet_prefix_length',
default=24,
help=_("Subnet prefix length for implicitly created default L3 "
"polices, controlling size of subnets allocated for "
"policy target groups.")),
cfg.StrOpt('default_external_segment_name',
from oslo_config import cfg
from gbpservice._i18n import _
from gbpservice.neutron.extensions import group_policy as gp
from gbpservice.neutron.services.grouppolicy.common import exceptions as gp_exc
PROXY_TYPE_L2 = 'l2'
PROXY_TYPE_L3 = 'l3'
DEFAULT_PROXY_TYPE = PROXY_TYPE_L3
PROXY_GROUP = 'proxy_group'
opts = [
cfg.StrOpt('default_proxy_ip_pool',
default='192.168.0.0/16',
help=_("Proxy IP pool for implicitly created default "
"L3 policies, from which subnets are allocated for "
"policy target groups with proxy_group_id set to a "
"valid value.")),
cfg.IntOpt('default_proxy_subnet_prefix_length',
default=28,
help=_("Proxy Subnet prefix length for implicitly created "
"default L3 polices, controlling size of subnets "
"allocated for policy target groups with proxy_group_id "
"set to a valid value.")),
]
cfg.CONF.register_opts(opts, "group_policy_proxy_group")
PROXY_CONF = cfg.CONF.group_policy_proxy_group
class ProxyGroupBadRequest(gp_exc.GroupPolicyBadRequest):
message = _("Invalid input for Proxy Group extension, reason: %(msg)s")
from gbpservice.neutron.services.grouppolicy.common import constants as g_const
from gbpservice.neutron.services.grouppolicy.common import exceptions as gpexc
from gbpservice.neutron.services.grouppolicy.drivers import (
resource_mapping as api)
LOG = logging.getLogger(__name__)
SINGLE_ENTRY_ID = 'GBP'
DRIVER_NAME = 'NSX Policy driver'
DRIVER_OPT_GROUP = 'NSX_POLICY'
NSX_V3_GROUP = 'nsx_v3'
policy_opts = [
cfg.StrOpt('nsx_policy_manager',
help=_("Nsx Policy manager IP address or host.")),
cfg.StrOpt('nsx_policy_username',
help=_("Nsx Policy username.")),
cfg.StrOpt('nsx_policy_password',
help=_("Nsx Policy password.")),
cfg.StrOpt('nsx_manager_thumbprint',
help=_("Thumbprint of nsx manager"))
]
cfg.CONF.register_opts(policy_opts, DRIVER_OPT_GROUP)
class HierarchicalContractsNotSupported(gpexc.GroupPolicyBadRequest):
message = ("Hierarchy in rule sets is not supported with %s." %
DRIVER_NAME)
class InvalidPreexistingBdForNetwork(exceptions.BadRequest):
message = _("The Bridge Domain specified in apic:distinguished_names "
"either does not exist in ACI or belongs to another network "
"in this OpenStack instance.")
def get_description(cls):
return _("Add proxy_group_id attribute to policy target groups.")
def __init__(self, **kwargs):
kwargs.setdefault('details', _("See error log for details"))
super(InternalError, self).__init__(**kwargs)
class PreExistingSVICannotBeConnectedToRouter(exceptions.BadRequest):
message = _("A SVI network with pre-existing l3out is not allowed to "
"be connected to a router.")
class UnscopedSharedNetworkProjectConflict(exceptions.BadRequest):
message = _("Shared network %(net1)s from project %(proj1)s and shared "
"network %(net2)s from project %(proj2)s cannot be combined "
"in the same topology.")
class OnlyOneSubnetPerAddressFamilyInSVINetwork(exceptions.BadRequest):
message = _("Only one subnet per address family is allowed in "
"SVI network.")
class ScopeUpdateNotSupported(exceptions.BadRequest):
message = _("Updating the address_scope of a subnetpool that is "
"associated with routers is not currently supported.")
class ExhaustedApicRouterIdPool(exceptions.IpAddressGenerationFailure):
message = _("All the IPs in the APIC router ID pool %(pool)s "
"have been taken.")
class SnatPoolCannotBeUsedForFloatingIp(exceptions.InvalidInput):
message = _("Floating IP cannot be allocated in SNAT host pool subnet.")
from gbpservice.neutron.services.grouppolicy import (
group_policy_driver_api as api)
from gbpservice.neutron.services.grouppolicy.common import constants as gconst
from gbpservice.neutron.services.grouppolicy.common import exceptions as exc
from gbpservice.neutron.services.grouppolicy.common import utils as gutils
from gbpservice.neutron.services.grouppolicy.drivers import nsp_manager
from gbpservice.neutron.services.grouppolicy import sc_notifications
LOG = logging.getLogger(__name__)
SCI_CONSUMER_NOT_AVAILABLE = 'N/A'
chain_mapping_opts = [
cfg.StrOpt('chain_owner_user',
help=_("Chain owner username. If set, will be used in "
"place of the Neutron service admin for retrieving "
"tenant owner information through Keystone."),
default=''),
cfg.StrOpt('chain_owner_password',
help=_("Chain owner password."), default='',
secret=True),
cfg.StrOpt('chain_owner_tenant_name',
help=_("Name of the Tenant that will own the service chain "
"instances for this driver. Leave empty for provider "
"owned chains."), default=''),
]
cfg.CONF.register_opts(chain_mapping_opts, "chain_mapping")
cfg.CONF.import_opt('policy_drivers',
'gbpservice.neutron.services.grouppolicy.config',
class PreExistingSVICannotUseSameL3out(exceptions.BadRequest):
message = _("Can not create a SVI network with pre-existing l3out "
"if that l3out has been used by another SVI network.")
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from gbpservice._i18n import _
group_policy_opts = [
cfg.ListOpt('policy_drivers',
default=['dummy'],
help=_("An ordered list of group policy driver "
"entrypoints to be loaded from the "
"gbpservice.neutron.group_policy.policy_drivers "
"namespace.")),
cfg.ListOpt('extension_drivers',
default=[],
help=_("An ordered list of extension driver "
"entrypoints to be loaded from the "
"gbpservice.neutron.group_policy.extension_drivers "
"namespace.")),
]
cfg.CONF.register_opts(group_policy_opts, "group_policy")
class ExternalSubnetOverlapInL3Out(exceptions.BadRequest):
message = _("External subnet CIDR %(cidr)s overlaps with existing "
"subnets in APIC L3Outside %(l3out)s.")
def get_description(cls):
return _("This extension supports a list of (micro)segmentation "
"labels that can be applied to the Policy Target resource.")
class ExternalSubnetNotAllowed(exceptions.BadRequest):
message = _("Connecting port or subnet which is on external network "
"%(network_id)s as a router interface is not allowed. "
"External networks can only be used as router gateways.")
def get_description(cls):
return _("Adds test attributes to ML2Plus resources.")
class ActiveActiveAAPSubnetConnectedToRouter(exceptions.BadRequest):
message = _("Subnet %(subnet_id)s can not be connected to a router "
"because its an active active AAP subnet.")
scc.VALID_INSERTION_MODES},
'is_visible': True, 'default': None},
'service_type': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': None},
'is_visible': True, 'required': True},
'service_flavor': {'allow_post': True, 'allow_put': True,
'validate': {'type:string_or_none': None},
'is_visible': True, 'default': None},
},
}
service_chain_quota_opts = [
cfg.IntOpt('quota_servicechain_node',
default=-1,
help=_('Number of Service Chain Nodes allowed per tenant. '
'A negative value means unlimited.')),
cfg.IntOpt('quota_servicechain_spec',
default=-1,
help=_('Number of Service Chain Specs allowed per tenant. '
'A negative value means unlimited.')),
cfg.IntOpt('quota_servicechain_instance',
default=-1,
help=_('Number of Service Chain Instances allowed per tenant. '
'A negative value means unlimited.')),
cfg.IntOpt('quota_service_profile',
default=-1,
help=_('Number of Service Profiles allowed per tenant. '
'A negative value means unlimited.')),
]
cfg.CONF.register_opts(service_chain_quota_opts, 'QUOTAS')
def get_plugin_description():
return _("L3 Router Service Plugin using the APIC via AIM")
def __init__(self, **kwargs):
kwargs.setdefault('details', _("See error log for details"))
super(InternalError, self).__init__(**kwargs)
