def _create_vmi_obj(self, port_q, vn_obj):
project_id = self._project_id_neutron_to_vnc(port_q['tenant_id'])
try:
proj_obj = self._project_read(proj_id=project_id)
except vnc_exc.NoIdError:
self._raise_contrail_exception(
'ProjectNotFound',
projec_id=project_id, resource='port')
id_perms = vnc_api.IdPermsType(enable=True)
vmi_uuid = str(uuid.uuid4())
if port_q.get('name'):
vmi_name = port_q['name']
else:
vmi_name = vmi_uuid
vmi_obj = vnc_api.VirtualMachineInterface(vmi_name, proj_obj,
id_perms=id_perms)
vmi_obj.uuid = vmi_uuid
vmi_obj.set_virtual_network(vn_obj)
vmi_obj.set_security_group_list([])
if ('security_groups' not in port_q or
port_q['security_groups'].__class__ is object):
sg_obj = vnc_api.SecurityGroup("default", proj_obj)
uid = sg_handler.SecurityGroupHandler(
self._vnc_lib)._ensure_default_security_group_exists(
proj_obj.uuid)
sg_obj.uuid = uid
vmi_obj.add_security_group(sg_obj)
return vmi_obj
def _create_router(self, router_q):
project_id = self._project_id_neutron_to_vnc(router_q['tenant_id'])
project_obj = self._project_read(proj_id=project_id)
id_perms = vnc_api.IdPermsType(enable=True)
return vnc_api.LogicalRouter(router_q.get('name'),
project_obj,
id_perms=id_perms)
def create_vn_obj(self, network_q):
if 'tenant_id' not in network_q:
self._raise_contrail_exception(
'BadRequest', resource='network',
msg="'tenant_id' is mandatory")
net_name = network_q.get('name', None)
project_id = self._project_id_neutron_to_vnc(network_q['tenant_id'])
try:
proj_obj = self._project_read(proj_id=project_id)
except vnc_exc.NoIdError:
self._raise_contrail_exception(
'ProjectNotFound', project_id=project_id, resource='network')
id_perms = vnc_api.IdPermsType(enable=True)
vn_obj = vnc_api.VirtualNetwork(net_name, proj_obj,
id_perms=id_perms)
external_attr = network_q.get('router:external')
if external_attr is not None:
vn_obj.router_external = external_attr
else:
vn_obj.router_external = False
is_shared = network_q.get('shared')
if is_shared is not None:
vn_obj.is_shared = is_shared
else:
vn_obj.is_shared = False
return vn_obj
def vnf_instance_ip(vnc_vmi):
ip_name = 'vnf-instance-ip-name'
ip_uuid = 'vnf-instance-ip-uuid'
ip = vnc_api.InstanceIp(name=ip_uuid,
display_name=ip_name,
id_perms=vnc_api.IdPermsType(
creator='not-vcenter-manager', enable=True))
ip.set_instance_ip_address('0.255.255.239')
ip.set_uuid(ip_uuid)
ip.set_virtual_machine_interface(vnc_vmi)
return ip
def __init__(self, vnName, displayName=None):
super(OpenContrailVN, self).__init__()
if displayName:
self.vnName = displayName
self.networkId = vnName
idPerm = vnc_api.IdPermsType(description=vnName)
self.obj = vnc_api.VirtualNetwork(name=displayName,
parent_obj=self.tenant,
id_perms=idPerm)
else:
self.vnName = vnName
self.obj = vnc_api.VirtualNetwork(name=vnName,
parent_obj=self.tenant)
def _create_security_group(self, sg_q):
project_id = self._project_id_neutron_to_vnc(sg_q['tenant_id'])
try:
project_obj = self._project_read(proj_id=project_id)
except vnc_exc.NoIdError:
raise self._raise_contrail_exception('ProjectNotFound',
project_id=project_id,
resource='security_group')
id_perms = vnc_api.IdPermsType(enable=True,
description=sg_q.get('description'))
sg_vnc = vnc_api.SecurityGroup(name=sg_q['name'],
parent_obj=project_obj,
id_perms=id_perms)
return sg_vnc
def _create_no_rule_sg(self):
domain_obj = vnc_api.Domain(SG_NO_RULE_FQ_NAME[0])
proj_obj = vnc_api.Project(SG_NO_RULE_FQ_NAME[1], domain_obj)
sg_rules = vnc_api.PolicyEntriesType()
id_perms = vnc_api.IdPermsType(
enable=True,
description="Security group with no rules",
user_visible=False)
sg_obj = vnc_api.SecurityGroup(name=SG_NO_RULE_NAME,
parent_obj=proj_obj,
security_group_entries=sg_rules,
id_perms=id_perms)
self._resource_create(sg_obj)
return sg_obj
def create_bgpvpn(self, context, bgpvpn):
LOG.debug("create_bgpvpn called with: %s" % bgpvpn)
# Does not support to set route distinguisher
if 'route_distinguishers' in bgpvpn and bgpvpn['route_distinguishers']:
raise bgpvpn_ext.BGPVPNRDNotSupported(
driver=CONTRAIL_BGPVPN_DRIVER_NAME)
project_obj = self._project_read(bgpvpn['tenant_id'])
id_perms_obj = vnc_api.IdPermsType(enable=True)
bgpvpn_obj = self._neutron_dict_to_bgpvpn(
vnc_api.Bgpvpn(bgpvpn['name'], project_obj, id_perms=id_perms_obj),
bgpvpn)
self._resource_create('bgpvpn', bgpvpn_obj)
return self._bgpvpn_to_neutron_dict(bgpvpn_obj)
def __init__(self, vnc_cfg):
vnc_cfg['api_server_host'] = vnc_cfg['api_server_host'].split(',')
random.shuffle(vnc_cfg['api_server_host'])
vnc_cfg['auth_host'] = vnc_cfg['auth_host'].split(',')
random.shuffle(vnc_cfg['auth_host'])
self.vnc_lib = vnc_api.VncApi(
username=vnc_cfg.get('username'),
password=vnc_cfg.get('password'),
tenant_name=vnc_cfg.get('tenant_name'),
api_server_host=vnc_cfg.get('api_server_host'),
api_server_port=vnc_cfg.get('api_server_port'),
auth_host=vnc_cfg.get('auth_host'),
auth_port=vnc_cfg.get('auth_port')
)
self.id_perms = vnc_api.IdPermsType()
self.id_perms.set_creator('vcenter-manager')
self.id_perms.set_enable(True)
def _create_default_security_group(self, proj_obj):
def _get_rule(ingress, sg, prefix, ethertype):
sgr_uuid = str(uuid.uuid4())
if sg:
addr = vnc_api.AddressType(
security_group=proj_obj.get_fq_name_str() + ':' + sg)
elif prefix:
addr = vnc_api.AddressType(
subnet=vnc_api.SubnetType(prefix, 0))
local_addr = vnc_api.AddressType(security_group='local')
if ingress:
src_addr = addr
dst_addr = local_addr
else:
src_addr = local_addr
dst_addr = addr
rule = vnc_api.PolicyRuleType(
rule_uuid=sgr_uuid,
direction='>',
protocol='any',
src_addresses=[src_addr],
src_ports=[vnc_api.PortType(0, 65535)],
dst_addresses=[dst_addr],
dst_ports=[vnc_api.PortType(0, 65535)],
ethertype=ethertype)
return rule
rules = [
_get_rule(True, 'default', None, 'IPv4'),
_get_rule(True, 'default', None, 'IPv6'),
_get_rule(False, None, '0.0.0.0', 'IPv4'),
_get_rule(False, None, '::', 'IPv6')
]
sg_rules = vnc_api.PolicyEntriesType(rules)
# create security group
id_perms = vnc_api.IdPermsType(enable=True,
description='Default security group')
sg_obj = vnc_api.SecurityGroup(name='default',
parent_obj=proj_obj,
id_perms=id_perms,
security_group_entries=sg_rules)
self._vnc_lib.security_group_create(sg_obj)
return sg_obj.uuid
class VncApiClient(object):
DEFAULT_GLOBAL_CONF = "default-global-system-config"
ID_PERMS = vnc_api.IdPermsType(creator="networking-opencontrail",
enable=True)
class vnc_connect(object):
"""Connect to VNC API on first use method that needs connection"""
def __init__(self, func):
functools.update_wrapper(self, func)
self._func = func
def __call__(self, obj, *args, **kwargs):
if not obj.vnc_lib:
obj.vnc_lib = vnc_api.VncApi(
api_server_host=cfg.CONF.APISERVER.api_server_ip,
api_server_port=cfg.CONF.APISERVER.api_server_port,
api_server_use_ssl=cfg.CONF.APISERVER.use_ssl,
apicertfile=cfg.CONF.APISERVER.certfile,
apikeyfile=cfg.CONF.APISERVER.keyfile,
apicafile=cfg.CONF.APISERVER.cafile,
apiinsecure=cfg.CONF.APISERVER.insecure,
auth_type=cfg.CONF.auth_strategy,
auth_host=cfg.CONF.keystone_authtoken.auth_host,
auth_port=cfg.CONF.keystone_authtoken.auth_port,
auth_protocol=cfg.CONF.keystone_authtoken.auth_protocol,
tenant_name=cfg.CONF.keystone_authtoken.admin_tenant_name,
kscertfile=cfg.CONF.keystone_authtoken.certfile,
kskeyfile=cfg.CONF.keystone_authtoken.keyfile,
ksinsecure=cfg.CONF.keystone_authtoken.insecure)
return self._func(obj, *args, **kwargs)
def __get__(self, instance, instancetype):
return functools.partial(self.__call__, instance)
def __init__(self):
self.vnc_lib = None
def read_pi_from_switch(self, switch_name, pi_name):
pi_fq_name = [self.DEFAULT_GLOBAL_CONF, switch_name, pi_name]
return self.get_physical_interface(fq_name=pi_fq_name)
def read_fabric_name_from_switch(self, switch_name):
pr_fq_name = [self.DEFAULT_GLOBAL_CONF, switch_name]
pr = self.get_physical_router(fq_name=pr_fq_name)
if not pr:
return None
fabric_refs = pr.get_fabric_refs()
if not fabric_refs:
return None
return fabric_refs[0]['to'][-1]
def read_node_by_hostname(self, host_id):
node_fq_name = [self.DEFAULT_GLOBAL_CONF, host_id]
return self.get_node(fq_name=node_fq_name)
def get_project(self, uuid=None, fq_name=None):
return self._get_object("project", uuid=uuid, fq_name=fq_name)
def get_port(self, uuid=None, fq_name=None):
return self._get_object("port", uuid=uuid, fq_name=fq_name)
def get_node(self, uuid=None, fq_name=None):
return self._get_object("node", uuid=uuid, fq_name=fq_name)
def get_physical_interface(self, uuid=None, fq_name=None):
return self._get_object("physical_interface",
uuid=uuid,
fq_name=fq_name)
def get_physical_router(self, uuid=None, fq_name=None):
return self._get_object("physical_router", uuid=uuid, fq_name=fq_name)
def get_virtual_network(self, uuid=None, fq_name=None):
return self._get_object("virtual_network", uuid=uuid, fq_name=fq_name)
def get_virtual_machine_interface(self, uuid=None, fq_name=None):
return self._get_object("virtual_machine_interface",
uuid=uuid,
fq_name=fq_name)
def get_virtual_port_group(self, uuid=None, fq_name=None):
return self._get_object("virtual_port_group",
uuid=uuid,
fq_name=fq_name)
def get_virtual_router(self, uuid=None, fq_name=None):
return self._get_object("virtual_router", uuid=uuid, fq_name=fq_name)
@vnc_connect
def create_virtual_machine_interface(self, vmi):
try:
self.vnc_lib.virtual_machine_interface_create(vmi)
except vnc_api.RefsExistError:
LOG.debug("VMI %s already exists in VNC", vmi.name)
@vnc_connect
def delete_virtual_machine_interface(self, fq_name):
try:
self.vnc_lib.virtual_machine_interface_delete(fq_name=fq_name)
except vnc_api.NoIdError:
LOG.warning("Cannot delete VMI %s: not exists" % fq_name)
@vnc_connect
def update_virtual_port_group(self, vpg):
try:
self.vnc_lib.virtual_port_group_update(vpg)
except vnc_api.NoIdError:
LOG.warning("Cannot update VPG %s: not exists" % vpg.name)
@vnc_connect
def _get_object(self, obj_name, uuid=None, fq_name=None):
func_name = "%s_read" % obj_name
read_obj = getattr(self.vnc_lib, func_name)
try:
return read_obj(id=uuid, fq_name=fq_name)
except vnc_api.NoIdError:
return None
@classmethod
def make_virtual_machine_interface(cls, name, network, properties,
bindings, project):
vmi = vnc_api.VirtualMachineInterface(name=name, parent_obj=project)
vmi.set_id_perms(cls.ID_PERMS)
vmi.add_virtual_network(network)
vmi.set_virtual_machine_interface_properties(properties)
vmi.set_virtual_machine_interface_bindings(bindings)
return vmi
@staticmethod
def make_vmi_properties_with_vlan_tag(vlan_tag):
vmi_properties = vnc_api.VirtualMachineInterfacePropertiesType(
sub_interface_vlan_tag=vlan_tag)
return vmi_properties
@staticmethod
def make_key_value_pairs(pairs):
kv_list = [vnc_api.KeyValuePair(key=k, value=v) for k, v in pairs]
return vnc_api.KeyValuePairs(kv_list)
def __call__(self, obj):
if not obj:
raise ValueError("Create called with null object")
uuid = getattr(obj, 'uuid', None)
obj._server_conn = self._server_conn
if not uuid:
uuid = obj.uuid = str(UUID.uuid4())
else:
if self._check_if_uuid_in_use(uuid):
raise vnc_exc.RefsExistError('')
if hasattr(obj, 'parent_type'):
if obj.parent_type == 'project':
parent = self._server_conn.project_read(
fq_name=obj.fq_name[:-1])
else:
rc = MockVnc.ReadCallables(
obj.parent_type,
self._resource_collection[obj.parent_type.replace(
"-", "_")], self._resource_collection,
self._server_conn)
parent = rc(fq_name=obj.fq_name[:-1])
obj.parent_uuid = parent.uuid
fq_name_str = getattr(obj, 'fq_name_str', None)
if not fq_name_str:
fq_name_str = ":".join(obj.get_fq_name())
self._resource[uuid] = obj
for field in obj._pending_field_updates:
if field.endswith("_refs"):
for r in getattr(obj, field):
setattr(obj, "processed_" + field,
list(getattr(obj, field)))
self.update_back_ref(field, getattr(obj, field),
self._resource_type, obj)
self._pending_ref_updates = self._pending_field_updates = set([])
if fq_name_str and fq_name_str != uuid:
if fq_name_str in self._resource:
fq_name_str += ("-" + uuid)
obj.get_fq_name()[-1] += ('-' + uuid)
self._resource[fq_name_str] = obj
if self._resource_type == 'virtual-machine-interface':
# generate a dummy mac address
def random_mac():
import random
mac = [0x00, 0x00, 0x00]
for i in range(3, 6):
mac.append(random.randint(0x00, 0x7f))
return ":".join(map(lambda x: "%02x" % x, mac))
if not obj.get_virtual_machine_interface_mac_addresses():
obj.set_virtual_machine_interface_mac_addresses(
vnc_api.MacAddressesType([random_mac()]))
elif self._resource_type == "instance-ip":
vn = obj.get_virtual_network_refs()[0]['uuid']
vn_obj = self._resource_collection['virtual_network'][vn]
if not obj.get_instance_ip_address():
subnet = None
if not obj.subnet_uuid:
subnet = vn_obj.get_network_ipam_refs(
)[0]['attr'].get_ipam_subnets()[0]
obj.subnet_uuid = subnet.subnet_uuid
else:
for ipams in vn_obj.get_network_ipam_refs():
for subnet in ipams['attr'].get_ipam_subnets():
if subnet.subnet_uuid == obj.subnet_uuid:
break
if subnet:
subnet_cidr = '%s/%s' % (subnet.subnet.ip_prefix,
subnet.subnet.ip_prefix_len)
cidr_obj = netaddr.IPNetwork(subnet_cidr)
if not hasattr(subnet.subnet, 'ip_prefixed'):
setattr(subnet.subnet, "ip_prefixed", 0)
if (netaddr.IPAddress(
subnet.default_gateway).words[-1] == (
subnet.subnet.ip_prefixed + 1)):
subnet.subnet.ip_prefixed += 2
else:
subnet.subnet.ip_prefixed += 1
ip_address = str(
netaddr.IPAddress(subnet.subnet.ip_prefix) +
subnet.subnet.ip_prefixed)
if ip_address not in cidr_obj:
rc = MockVnc.DeleteCallables(
self._resource_type, self._resource,
self._resource_collection, self._server_conn)
rc(id=uuid)
raise vnc_exc.HttpError(status_code=409,
content='')
obj.set_instance_ip_address(ip_address)
else:
for ipams in vn_obj.get_network_ipam_refs():
for subnet in ipams['attr'].get_ipam_subnets():
if subnet.subnet_uuid == obj.subnet_uuid:
break
subnet_cidr = '%s/%s' % (subnet.subnet.ip_prefix,
subnet.subnet.ip_prefix_len)
if (netaddr.IPAddress(obj.get_instance_ip_address())
not in netaddr.IPNetwork(subnet_cidr)):
rc = MockVnc.DeleteCallables(self._resource_type,
self._resource,
self._resource_collection,
self._server_conn)
rc(id=uuid)
raise vnc_exc.HttpError(status_code=400, content="")
elif self._resource_type == 'security-group':
if not obj.get_id_perms():
obj.set_id_perms(vnc_api.IdPermsType(enable=True))
proj_obj = self._resource_collection['project'][
obj.parent_uuid]
sgs = getattr(proj_obj, 'security_groups', None)
sg_ref = {'to': obj.get_fq_name(), 'uuid': obj.uuid}
if not sgs:
setattr(proj_obj, 'security_groups', [sg_ref])
else:
sgs.append(sg_ref)
elif self._resource_type == 'virtual-network':
self._mock_add_network_ipam(obj)
return uuid
