def network_migration(context, mech_driver): """ # networks, ml2_network_segments network = { #'status': 'ACTIVE', #'subnets': [], 'name': u'test-net', #'provider: physical_network': u'physnet1', #'admin_state_up': True, 'tenant_id': u'11513667f4ee4a14acb0985659459988', 'provider: network_type': u'vlan', 'router:external': False, #'shared': False, 'id': 'ff0a1d64-ce30-4ed0-ba37-597eaf8976f0', #'provider: segmentation_id': 1200L } # ml2_network_segments segments = [{ 'segmentation_id': 1200L, 'physical_network': u'physnet1', 'id': u'e7dfa4fb-038a-4aad-b6fa-73afba788888', 'network_type': u'vlan' }] """ net = { 'name': '', 'tenant_id': '', 'provider: network_type': '', 'router:external': False, 'id': '', } segment = { 'segmentation_id': 0, 'physical_network': '', 'id': '', 'network_type': '' } records = fortinet_db.query_records(context, models_v2.Network) with Progress(len(records), 'network_migration') as p: for record in records: reset(net) reset(segment) db_seg = fortinet_db.query_record(context, ml2_db.NetworkSegment, network_id=record.id) cls2dict(record, net) db_extnet = fortinet_db.query_record(context, ExternalNetwork, network_id=record.id) if db_extnet: net['router:external'] = True cls2dict(db_seg, segment) net['provider: network_type'] = db_seg.network_type mech_context = Fake_mech_context(_plugin_context=context, current=net, network_segments=[segment]) mech_driver.create_network_postcommit(mech_context) p.update()
def delete_reservedip(obj, context, **kwargs): cls = fortinet_db.Fortinet_ML2_ReservedIP reserved_ip = fortinet_db.query_record(context, cls, **kwargs) if reserved_ip: db_reservedips = fortinet_db.query_records( context, cls, subnet_id=reserved_ip.subnet_id) db_reservedips.remove(reserved_ip) reserved_addresses = [] for rsrvdip in db_reservedips: reserved_addresses.append({ 'id': rsrvdip.edit_id, 'ip': rsrvdip.ip, 'mac': rsrvdip.mac }) db_subnet = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=reserved_ip.subnet_id) if db_subnet: op(obj, context, resources.DhcpServerRsvAddr.set, id=db_subnet.edit_id, vdom=reserved_ip.vdom, reserved_address=jsonutils.dumps(reserved_addresses)) fortinet_db.delete_record(context, cls, **kwargs)
def delete_network_precommit(self, mech_context): """Delete Network from the plugin specific database table.""" LOG.debug("delete_network_precommit: called") network = mech_context.current network_id = network['id'] context = mech_context._plugin_context if fortinet_db.query_record(context, ext_db.ExternalNetwork, network_id=network_id): # return when the network is external network # TODO(samsu): may check external network # before delete namespace return tenant_id = network['tenant_id'] namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) if not namespace: return # TODO(samsu): type driver support vlan only, # need to check later vlanid = network['provider:segmentation_id'] inf_name = const.PREFIX['inf'] + str(vlanid) try: utils.delete_vlanintf(self, context, name=inf_name, vdom=namespace.vdom) except Exception as e: resources.Exinfo(e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name)
def delete_vlink(obj, context, tenant_id): if fortinet_db.query_count(context, l3_db.Router, tenant_id=tenant_id) or \ fortinet_db.query_count(context, l3_db.FloatingIP, tenant_id=tenant_id): db_routers = fortinet_db.query_records(context, l3_db.Router, tenant_id=tenant_id) db_fips = fortinet_db.query_records(context, l3_db.FloatingIP, tenant_id=tenant_id) LOG.debug( "Keeping vlink, because existing data " "db_routers: %(routers)s, db_fips: %(fips)s", { 'routers': db_routers, 'fips': db_fips }) return False vdom = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id).vdom vlink_vlan = fortinet_db.query_record( context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, vdom=vdom, allocated=True) if not vlink_vlan: return False vlink_ip = fortinet_db.query_record( context, fortinet_db.Fortinet_Vlink_IP_Allocation, vdom=vdom, vlink_id=vlink_vlan.id, allocated=True) if not vlink_ip: return False """ delete_fwpolicy(obj, context, vdom=const.EXT_VDOM, srcintf=vlink_vlan.inf_name_ext_vdom, dstintf=obj._fortigate['ext_interface'], nat='enable')""" gateway_ip = get_ipaddr(netaddr.IPNetwork(vlink_ip.vlink_ip_subnet), 1) delete_routerstatic(obj, context, vdom=vdom, dst=const.EXT_DEF_DST, device=vlink_vlan.inf_name_int_vdom, gateway=gateway_ip) delete_vlink_intf(obj, context, vlink_vlan) fortinet_db.delete_record(context, fortinet_db.Fortinet_Vlink_IP_Allocation, vdom=vdom, vlink_id=vlink_vlan.id) fortinet_db.delete_record(context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, id=vlink_vlan.id) return True
def create_port_precommit(self, mech_context): """Create logical port on the fortigate (db update).""" LOG.debug("create_port_precommit: called") port = mech_context.current LOG.debug("create_port_precommit mech_context = %s", mech_context) context = mech_context._plugin_context namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=port['tenant_id']) port_id = port['id'] subnet_id = port['fixed_ips'][0]['subnet_id'] ip_address = port['fixed_ips'][0]['ip_address'] mac = port['mac_address'] db_subnetv2 = fortinet_db.query_record(context, models_v2.Subnet, id=subnet_id) if port['device_owner'] in ['network:router_gateway']: if fortinet_db.query_record(context, ext_db.ExternalNetwork, network_id=port['network_id']): utils.set_ext_gw(self, context, port) elif port['device_owner'] in ['compute:nova', 'compute:None', '']: # add dhcp related functions # '': create port before associate the port with a vm utils.add_reservedip(self, context, port_id=port_id, subnet_id=subnet_id, mac=mac, ip=ip_address, vdom=namespace.vdom) elif port['device_owner'] in ['network:router_interface']: if db_subnetv2.cidr: cidr = netaddr.IPNetwork(db_subnetv2.cidr) subnet = ' '.join([str(cidr.network), str(cidr.netmask)]) utils.add_fwaddress(self, context, vdom=namespace.vdom, name=str(cidr.network), subnet=subnet) addrgrp_name = const.PREFIX['addrgrp'] + namespace.vdom utils.add_addrgrp(self, context, name=addrgrp_name, vdom=namespace.vdom, members=[str(cidr.network)]) utils.add_fwpolicy(self, context, vdom=namespace.vdom, srcintf='any', srcaddr=addrgrp_name, dstintf='any', dstaddr=addrgrp_name, nat='disable') return
def add_interface_ip(obj, context, **kwargs): """ :param context: :param kwargs: example format as below { "ip": "10.160.37.20 255.255.255.0", "name": "port37", "vdom": "root" } :return: """ inf_db = fortinet_db.query_record(context, fortinet_db.Fortinet_Interface, name=kwargs.get('name')) if const.EXT_DEF_DST in getattr(inf_db, 'ip'): inf_db.update_record(context, inf_db, **kwargs) op(obj, context, resources.VlanInterface.set, **kwargs) else: records = fortinet_db.query_records( context, fortinet_db.Fortinet_Interface_subip, name=kwargs.get('name')) org_subips = [getattr(record, 'ip') for record in records] if kwargs.get('ip') in org_subips: return add_record(obj, context, fortinet_db.Fortinet_Interface_subip, **kwargs)
def delete_vdom(obj, context, **kwargs): cls = fortinet_db.Fortinet_ML2_Namespace namespace = fortinet_db.query_record(context, cls, **kwargs) if namespace: tenant_id = namespace.tenant_id if not fortinet_db.query_count(context, l3_db.Router, tenant_id=tenant_id) and \ not fortinet_db.query_count(context, models_v2.Network, tenant_id=tenant_id) and \ not fortinet_db.query_count(context, l3_db.FloatingIP, tenant_id=tenant_id): try: op(obj, context, resources.Vdom.get, name=namespace.vdom) op(obj, context, resources.Vdom.delete, name=namespace.vdom) except Exception as e: resources.Exinfo(e) fortinet_db.delete_record(context, cls, **kwargs) else: db_routers = fortinet_db.query_records(context, l3_db.Router, tenant_id=tenant_id) db_networks = fortinet_db.query_records(context, models_v2.Network, tenant_id=tenant_id) db_fips = fortinet_db.query_records(context, l3_db.FloatingIP, tenant_id=tenant_id) LOG.debug( "Keeping vdom, because existing db_routers: %(routers)s," "db_networks: %(networks)s, db_fips: %(fips)s", { 'routers': db_routers, 'networks': db_networks, 'fips': db_fips }) return namespace
def delete_floatingip(self, context, id): LOG.debug("delete_floatingip called() id=%s", id) fip = fortinet_db.query_record(context, l3_db.FloatingIP, id=id) if fip and getattr(fip, 'fixed_port_id', None): self._disassociate_floatingip(context, id) super(FortinetL3ServicePlugin, self).disassociate_floatingips(context, fip['fixed_port_id']) self._release_floatingip(context, id)
def set_by_id(obj, context, cls, resource, **kwargs): params = _prepare_params(None, resource, 'vdom', 'id', **kwargs) record = fortinet_db.query_record(context, cls, **params) if record: cls.update_record(context, record, **kwargs) set_resource_with_id(obj, context, record, resource, **kwargs) return record else: return None
def set_by_keys(obj, context, cls, resource, *keys, **kwargs): params = _prepare_params(None, resource, *keys, **kwargs) record = fortinet_db.query_record(context, cls, **params) if record: record = cls.update_record(context, record, **kwargs) set_resource_with_keys(obj, context, record, resource, *keys, **kwargs) else: record = add_by_keys(obj, context, cls, resource, *keys, **kwargs) return record
def update_firewall_for_delete_router(self, context, router_id): LOG.debug("fwaas delete_router() called, router_id: %(rtid)s", {'rtid': router_id}) cls = firewall_router_insertion_db.FirewallRouterAssociation db_fw_rt = fortinet_db.query_record(context, cls, router_id=router_id) if not db_fw_rt: return None firewall = {u'firewall': {'router_ids': []}} return self.update_firewall(context, db_fw_rt.fw_id, firewall)
def delete_port_postcommit(self, mech_context): LOG.debug("delete_port_postcommit: called") port = mech_context.current context = mech_context._plugin_context try: port_id = port['id'] subnet_id = port['fixed_ips'][0]['subnet_id'] db_subnet = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=subnet_id) db_subnetv2 = fortinet_db.query_record(context, models_v2.Subnet, id=subnet_id) if port['device_owner'] in ['network:router_gateway']: if fortinet_db.query_record(context, ext_db.ExternalNetwork, network_id=port['network_id']): # delete ippool and its related firewall policy utils.clr_ext_gw(self, context, port) elif port['device_owner'] in ['compute:nova', 'compute:None', '']: # delete dhcp related functions utils.delete_reservedip(self, context, port_id=port_id) elif port['device_owner'] in ['network:router_interface']: # add firewall address and address group name = const.PREFIX['addrgrp'] + db_subnet.vdom member = str(netaddr.IPNetwork(db_subnetv2.cidr).network) utils.delete_fwpolicy(self, context, vdom=db_subnet.vdom, srcintf='any', srcaddr=name, dstintf='any', dstaddr=name, nat='disable') utils.delete_addrgrp(self, context, name=name, vdom=db_subnet.vdom, members=member.split(' ')) utils.delete_fwaddress(self, context, vdom=db_subnet.vdom, name=member) except Exception as e: resources.Exinfo(e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name)
def disassociate_floatingips(self, context, port_id, do_notify=True): fip = fortinet_db.query_record(context, l3_db.FloatingIP, fixed_port_id=port_id) if fip and getattr(fip, 'id', None): self._disassociate_floatingip(context, fip.id) return super(FortinetL3ServicePlugin, self).disassociate_floatingips(context, port_id, do_notify=do_notify)
def _get_fip_before_id(self, context, fwr_id): fwp_assed = fortinet_db.Fortinet_FW_Rule_Association.query_one( context, type=constants.TYPE_EXT, fwr_id=fwr_id) if not fwp_assed: fwp_assed = fortinet_db.Fortinet_FW_Rule_Association.query_one( context, type=constants.TYPE_INT, fwr_id=fwr_id) fwp = fortinet_db.query_record(context, fortinet_db.Fortinet_Firewall_Policy, id=fwp_assed.fortinet_pid) return getattr(fwp, 'edit_id', None)
def _disassociate_floatingip(self, context, id): l3db_fip = self._get_floatingip(context, id) db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=l3db_fip.tenant_id) db_fip = fortinet_db.query_record( context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) db_ip = fortinet_db.query_record(context, models_v2.IPAllocation, port_id=l3db_fip.fixed_port_id) vlan_inf = utils.get_intf(context, db_ip.network_id) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, srcaddr=l3db_fip.fixed_ip_address, dstintf=int_intf, poolname=mappedip) utils.delete_fwaddress(self, context, name=l3db_fip.fixed_ip_address, vdom=db_namespace.vdom) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, dstaddr=db_fip.floating_ip_address) utils.delete_vip(self, context, vdom=db_namespace.vdom, name=db_fip.floating_ip_address)
def clr_ext_gw(obj, context, port): ip_address = port['fixed_ips'][0]['ip_address'] subnetv2_db = fortinet_db.query_record( context, models_v2.Subnet, id=port['fixed_ips'][0]['subnet_id']) netmask = netaddr.IPNetwork(subnetv2_db.cidr).netmask ip = "%s %s" % (ip_address, netmask) delete_interface_ip(obj, context, name=obj._fortigate['ext_interface'], vdom=const.EXT_VDOM, ip=ip) delete_fwpolicy(obj, context, vdom=const.EXT_VDOM, poolname=ip_address) delete_fwippool(obj, context, vdom=const.EXT_VDOM, name=ip_address)
def add_router_interface(self, context, port): """creates vlnk on the fortinet device.""" db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=port['tenant_id']) vlan_inf = utils.get_intf(context, port['network_id']) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, dstintf=int_intf, nat='enable')
def delete_interface_ip(obj, context, **kwargs): """ :param context: :param kwargs: example format as below { "ip": "10.160.37.20 255.255.255.0", "name": "port37", "vdom": "root" } :return: """ records = fortinet_db.query_records(context, fortinet_db.Fortinet_Interface_subip, name=kwargs.get('name')) org_subips = [getattr(record, 'ip') for record in records] if kwargs.get('ip') in org_subips: org_subips.remove(kwargs["ip"]) #op(obj, context, resources.VlanInterface.set, # name=kwargs.get('name'), # vdom=kwargs.get('vdom'), # secondaryips=org_subips) fortinet_db.delete_record(context, fortinet_db.Fortinet_Interface_subip, **kwargs) else: inf_db = fortinet_db.query_record(context, fortinet_db.Fortinet_Interface, **kwargs) if not inf_db: return if org_subips: kwargs['ip'] = org_subips.pop() op(obj, context, resources.VlanInterface.set, name=kwargs.get('name'), vdom=kwargs.get('vdom'), secondaryips=org_subips) fortinet_db.delete_record(context, fortinet_db.Fortinet_Interface_subip, **kwargs) else: kwargs['ip'] = const.EXT_DEF_DST op(obj, context, resources.VlanInterface.set, **kwargs) inf_db.update_record(context, inf_db, ip=kwargs['ip'])
def subnet_migration(context, mech_driver): # table subnets subnet = { 'allocation_pools': [{ 'start': '172.20.21.2', 'end': '172.20.21.254' }], 'cidr': '172.20.21.0/24', 'id': 'ee1506dc-d1a9-45b3-840e-137bdaebce52', 'enable_dhcp': True, 'network_id': u'ad47f7b8-4bb7-4591-b8ed-f720237dd24f', 'tenant_id': u'11513667f4ee4a14acb0985659456f24', 'dns_nameservers': [], 'gateway_ip': u'172.20.21.1', 'shared': False } ipallocation_pool = {'start': '172.20.21.2', 'end': '172.20.21.254'} records = fortinet_db.query_records(context, models_v2.Subnet) with Progress(len(records), 'subnet_migration') as p: for record in records: dns_nameservers = [] reset(subnet) reset(ipallocation_pool) db_ipallocation = fortinet_db.query_record( context, models_v2.IPAllocationPool, subnet_id=record.id) cls2dict(db_ipallocation, ipallocation_pool, first_ip='start', last_ip='end') db_dnssrvs = fortinet_db.query_records(context, models_v2.DNSNameServer, subnet_id=record.id) for dns in db_dnssrvs: dns_nameservers.append(dns.address) cls2dict(record, subnet) subnet['dns_nameservers'] = dns_nameservers subnet['allocation_pools'] = [ipallocation_pool] mech_context = Fake_mech_context(_plugin_context=context, current=subnet) mech_driver.create_subnet_postcommit(mech_context) p.update()
def check(obj, context, vdom, resource=resources.VlanInterface): vlink_vlan = fortinet_db.query_record( context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, vdom=vdom) if vlink_vlan: try: op(obj, context, resource.get, vdom=vdom, name=vlink_vlan.inf_name_int_vdom) op(obj, context, resource.get, vdom=const.EXT_VDOM, name=vlink_vlan.inf_name_ext_vdom) except exception.ResourceNotFound as e: import inspect caller = inspect.stack()[1][3] LOG.debug("## Check vlink interface failed on the %(func)s.", {'func': caller}) resources.Exinfo(e)
def delete_router(self, context, id): LOG.debug("delete_router: router id=%s", id) try: if self.enable_fwaas: fw_plugin = directory.get_plugin(service_consts.FIREWALL) fw_plugin.update_firewall_for_delete_router(context, id) with context.session.begin(subtransactions=True): router = fortinet_db.query_record(context, l3_db.Router, id=id) # TODO(jerryz): move this out of transaction. setattr(context, 'GUARD_TRANSACTION', False) super(FortinetL3ServicePlugin, self).delete_router(context, id) if getattr(router, 'tenant_id', None): utils.delete_vlink(self, context, router.tenant_id) utils.delete_vdom(self, context, tenant_id=router.tenant_id) except Exception as e: with excutils.save_and_reraise_exception(): LOG.error(_LE("Failed to delete_router routerid=%(id)s"), {"id": id}) resources.Exinfo(e)
def remove_router_interface(self, context, router_id, interface_info): """Deletes vlink, default router from Fortinet device.""" LOG.debug( "FortinetL3ServicePlugin.remove_router_interface called: " "router_id=%(router_id)s " "interface_info=%(interface_info)r", { 'router_id': router_id, 'interface_info': interface_info }) with context.session.begin(subtransactions=True): # TODO(jerryz): move this out of transaction. setattr(context, 'GUARD_TRANSACTION', False) info = (super(FortinetL3ServicePlugin, self).remove_router_interface( context, router_id, interface_info)) try: subnet = self._core_plugin._get_subnet(context, info['subnet_id']) tenant_id = subnet['tenant_id'] network_id = subnet['network_id'] vlan_inf = utils.get_intf(context, network_id) db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf) except Exception: with excutils.save_and_reraise_exception(): LOG.error( _LE("Fail remove of interface from Fortigate " "router interface. info=%(info)s, " "router_id=%(router_id)s"), { "info": info, "router_id": router_id }) return info
def add_reservedip(obj, context, **kwargs): cls = fortinet_db.Fortinet_ML2_ReservedIP add_record(obj, context, cls, **kwargs) db_reservedips = fortinet_db.query_records( context, cls, subnet_id=kwargs.get('subnet_id')) db_subnet = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=kwargs.get('subnet_id')) if db_subnet: reserved_addresses = [] for rsrvdip in db_reservedips: reserved_addresses.append({ 'id': rsrvdip.edit_id, 'ip': rsrvdip.ip, 'mac': rsrvdip.mac }) op(obj, context, resources.DhcpServerRsvAddr.set, id=db_subnet.edit_id, vdom=kwargs.get('vdom'), reserved_address=jsonutils.dumps(reserved_addresses))
def add_addrgrp(obj, context, **kwargs): """ :param context: :param kwargs: { "name": "addrgrp_osvdm1", "vdom": "osvdm1", "members": ["192.168.33.0"] } :return: """ cls = fortinet_db.Fortinet_Firewall_Address records = fortinet_db.query_records(context, cls, group=kwargs['name']) for name in kwargs['members']: record = fortinet_db.query_record(context, cls, name=name, vdom=kwargs['vdom']) if not record.group: cls.update_record(context, record, group=kwargs['name']) # TODO(samsu): need to add a rollback action to taskmanager else: LOG.debug("The member %(record)s already joined a group", {"record": record}) for record in records: kwargs['members'].append(record.name) try: op(obj, context, resources.FirewallAddrgrp.get, name=kwargs['name'], vdom=kwargs['vdom']) # TODO(samsu): need to add a rollback action to taskmanager op(obj, context, resources.FirewallAddrgrp.set, **kwargs) except exception.ResourceNotFound: op(obj, context, resources.FirewallAddrgrp.add, **kwargs)
def get_vlink_intf(obj, context, **kwargs): vlink_vlan = fortinet_db.query_record( context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, **kwargs) if not vlink_vlan and kwargs.get('vdom', None): return add_vlink(obj, context, kwargs['vdom']) return (vlink_vlan.inf_name_int_vdom, vlink_vlan.inf_name_ext_vdom)
def _release_floatingip(self, context, id): """ :param context: :param id: the floatingip id in neutron.db.l3_db.FloatingIP. { tenant_id=u'3998b33381fb48f694369689065a3760', id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8', floating_ip_address=u'10.160.37.111', floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8', floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4', fixed_port_id=None, fixed_ip_address=None, router_id=None, last_known_router_id=None, status=u'DOWN' } :return: """ with context.session.begin(subtransactions=True): l3db_fip = self._get_floatingip(context, id) tenant_id = l3db_fip.tenant_id db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) db_fip = fortinet_db.query_record( context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) if not db_fip or not db_namespace: return int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.delete_fwippool(self, context, name=mappedip, vdom=db_namespace.vdom, startip=mappedip) utils.delete_fwpolicy(self, context, vdom=const.EXT_VDOM, srcintf=ext_intf, srcaddr=mappedip, dstintf=self._fortigate['ext_interface'], poolname=db_fip.floating_ip_address) utils.delete_fwaddress(self, context, name=mappedip, vdom=const.EXT_VDOM, subnet="%s 255.255.255.255" % mappedip) utils.delete_fwippool(self, context, name=db_fip.floating_ip_address, vdom=const.EXT_VDOM, startip=db_fip.floating_ip_address) utils.delete_routerstatic(self, context, vdom=const.EXT_VDOM, dst="%s 255.255.255.255" % mappedip, device=ext_intf, gateway=const.DEF_GW) utils.delete_fwpolicy(self, context, vdom=const.EXT_VDOM, dstintf=ext_intf, dstaddr=l3db_fip.floating_ip_address) utils.delete_vip(self, context, vdom=const.EXT_VDOM, name=db_fip.vip_name, extip=db_fip.floating_ip_address, extintf='any', mappedip=mappedip) fortinet_db.delete_record( context, fortinet_db.Fortinet_FloatingIP_Allocation, vdom=db_namespace.vdom, floating_ip_address=db_fip.floating_ip_address, vip_name=db_fip.floating_ip_address) # TODO(jerryz): move this out of transaction. setattr(context, 'GUARD_TRANSACTION', False) super(FortinetL3ServicePlugin, self).delete_floatingip(context, id) utils.delete_vlink(self, context, tenant_id) utils.delete_vdom(self, context, tenant_id=tenant_id)
def delete_by_id(obj, context, cls, resource, **kwargs): record = fortinet_db.query_record(context, cls, **kwargs) delete_resource_with_id(obj, context, record, resource) return fortinet_db.delete_record(context, cls, **kwargs)
def _associate_floatingip(self, context, id, floatingip): try: l3db_fip = self._get_floatingip(context, id) db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=l3db_fip.tenant_id) db_fip = fortinet_db.query_record( context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) fixed_ip_address = floatingip['floatingip']['fixed_ip_address'] utils.add_vip(self, context, vdom=db_namespace.vdom, name=db_fip.floating_ip_address, extip=mappedip, extintf=int_intf, mappedip=fixed_ip_address) db_ip = fortinet_db.query_record( context, models_v2.IPAllocation, port_id=floatingip['floatingip']['port_id']) vlan_inf = utils.get_intf(context, db_ip.network_id) utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=int_intf, dstintf=vlan_inf, dstaddr=db_fip.floating_ip_address, nat='enable') utils.add_fwaddress(self, context, name=fixed_ip_address, vdom=db_namespace.vdom, subnet="%s 255.255.255.255" % fixed_ip_address, associated_interface=vlan_inf) db_fwpolicy = utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, srcaddr=fixed_ip_address, dstintf=int_intf, poolname=mappedip) if self.enable_fwaas: fwrass = fortinet_db.Fortinet_FW_Rule_Association.query_one( context, fwr_id=db_namespace.tenant_id) default_fwp = getattr(fwrass, 'fortinet_policy', None) if getattr(default_fwp, 'edit_id', None): utils.head_firewall_policy(self, context, vdom=db_namespace.vdom, id=db_fwpolicy.edit_id, after=default_fwp.edit_id) _headed = True if '_headed' not in locals(): utils.head_firewall_policy(self, context, vdom=db_namespace.vdom, id=db_fwpolicy.edit_id) except Exception as e: with excutils.save_and_reraise_exception(): utils._rollback_on_err(self, context, e) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def update_floatingip_status(self, context, res, status, **kwargs): if res.get('status', None): res['status'] = status record = fortinet_db.query_record(context, l3_db.FloatingIP, **kwargs) fortinet_db.update_record(context, record, status=status)
def add_router_interface(self, context, router_id, interface_info): """creates vlnk on the fortinet device.""" LOG.debug( "FortinetL3ServicePlugin.add_router_interface: " "router_id=%(router_id)s " "interface_info=%(interface_info)r", { 'router_id': router_id, 'interface_info': interface_info }) with context.session.begin(subtransactions=True): info = super(FortinetL3ServicePlugin, self).add_router_interface(context, router_id, interface_info) port = db.get_port(context, info['port_id']) port['admin_state_up'] = True port['port'] = port LOG.debug( "FortinetL3ServicePlugin: " "context=%(context)s" "port=%(port)s " "info=%(info)r", { 'context': context, 'port': port, 'info': info }) interface_info = info subnet = self._core_plugin._get_subnet(context, interface_info['subnet_id']) network_id = subnet['network_id'] tenant_id = port['tenant_id'] port_filters = { 'network_id': [network_id], 'device_owner': [DEVICE_OWNER_ROUTER_INTF] } port_count = self._core_plugin.get_ports_count( context, port_filters) # port count is checked against 2 since the current port is already # added to db if port_count == 2: # This subnet is already part of some router LOG.error( _LE("FortinetL3ServicePlugin: adding redundant " "router interface is not supported")) raise Exception( _("FortinetL3ServicePlugin:adding redundant " "router interface is not supported")) try: db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) vlan_inf = utils.get_intf(context, network_id) int_intf, ext_intf = utils.get_vlink_intf( self, context, vdom=db_namespace.vdom) utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, dstintf=int_intf, nat='enable') except Exception as e: LOG.error( _LE("Failed to create Fortinet resources to add " "router interface. info=%(info)s, " "router_id=%(router_id)s"), { "info": info, "router_id": router_id }) utils._rollback_on_err(self, context, e) with excutils.save_and_reraise_exception(): self.remove_router_interface(context, router_id, interface_info) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED) return info