def delete_vdom(obj, context, **kwargs): cls = fortinet_db.Fortinet_ML2_Namespace namespace = fortinet_db.query_record(context, cls, **kwargs) if namespace: tenant_id = namespace.tenant_id if not fortinet_db.query_count(context, l3_db.Router, tenant_id=tenant_id) and \ not fortinet_db.query_count(context, models_v2.Network, tenant_id=tenant_id) and \ not fortinet_db.query_count(context, l3_db.FloatingIP, tenant_id=tenant_id): try: op(obj, context, resources.Vdom.get, name=namespace.vdom) op(obj, context, resources.Vdom.delete, name=namespace.vdom) except Exception as e: resources.Exinfo(e) fortinet_db.delete_record(context, cls, **kwargs) else: db_routers = fortinet_db.query_records(context, l3_db.Router, tenant_id=tenant_id) db_networks = fortinet_db.query_records(context, models_v2.Network, tenant_id=tenant_id) db_fips = fortinet_db.query_records(context, l3_db.FloatingIP, tenant_id=tenant_id) LOG.debug( "Keeping vdom, because existing db_routers: %(routers)s," "db_networks: %(networks)s, db_fips: %(fips)s", { 'routers': db_routers, 'networks': db_networks, 'fips': db_fips }) return namespace
def delete_vlink(obj, context, tenant_id): if fortinet_db.query_count(context, l3_db.Router, tenant_id=tenant_id) or \ fortinet_db.query_count(context, l3_db.FloatingIP, tenant_id=tenant_id): db_routers = fortinet_db.query_records(context, l3_db.Router, tenant_id=tenant_id) db_fips = fortinet_db.query_records(context, l3_db.FloatingIP, tenant_id=tenant_id) LOG.debug( "Keeping vlink, because existing data " "db_routers: %(routers)s, db_fips: %(fips)s", { 'routers': db_routers, 'fips': db_fips }) return False vdom = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id).vdom vlink_vlan = fortinet_db.query_record( context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, vdom=vdom, allocated=True) if not vlink_vlan: return False vlink_ip = fortinet_db.query_record( context, fortinet_db.Fortinet_Vlink_IP_Allocation, vdom=vdom, vlink_id=vlink_vlan.id, allocated=True) if not vlink_ip: return False """ delete_fwpolicy(obj, context, vdom=const.EXT_VDOM, srcintf=vlink_vlan.inf_name_ext_vdom, dstintf=obj._fortigate['ext_interface'], nat='enable')""" gateway_ip = get_ipaddr(netaddr.IPNetwork(vlink_ip.vlink_ip_subnet), 1) delete_routerstatic(obj, context, vdom=vdom, dst=const.EXT_DEF_DST, device=vlink_vlan.inf_name_int_vdom, gateway=gateway_ip) delete_vlink_intf(obj, context, vlink_vlan) fortinet_db.delete_record(context, fortinet_db.Fortinet_Vlink_IP_Allocation, vdom=vdom, vlink_id=vlink_vlan.id) fortinet_db.delete_record(context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, id=vlink_vlan.id) return True
def sync_conf_to_db(self, param): cls = getattr(fortinet_db, const.FORTINET_PARAMS[param]['cls']) conf_list = self.get_range(param) session = db_api.get_session() records = fortinet_db.query_records(session, cls) for record in records: kwargs = {} for key in const.FORTINET_PARAMS[param]['keys']: _element = const.FORTINET_PARAMS[param]['type'](record[key]) if _element not in conf_list and not record.allocated: kwargs.setdefault(key, record[key]) fortinet_db.delete_record(session, cls, **kwargs) try: for i in range(0, len(conf_list), len(const.FORTINET_PARAMS[param]['keys'])): kwargs = {} for key in const.FORTINET_PARAMS[param]['keys']: kwargs.setdefault(key, str(conf_list[i])) i += 1 cls.init_records(session, **kwargs) except IndexError: LOG.error(_LE("The number of the configure range is not even," "the last one of %(param)s can not be used"), {'param': param}) raise IndexError
def router_migration(context, l3_driver): """ # table routers, router_extra_attributes router={ u'router': { 'external_gateway_info': None, u'name': u'adm_router', u'admin_state_up': True, u'tenant_id': u'01c2468ab38b4d4490a39765bb87cb00', 'distributed': 'fakedistributed', 'ha': 'fakeha' } } """ router_obj = { 'name': 'adm_router', 'admin_state_up': True, 'tenant_id': u'01c2468ab38b4d4490a39765bb87cb00' } router = {'router': router_obj} records = fortinet_db.query_records(context, l3_db.Router) with Progress(len(records), 'router_migration') as p: for record in records: reset(router_obj) cls2dict(record, router_obj) l3_driver.create_router(context, router) p.update()
def delete_secondaryip(obj, context, **kwargs): """ :param obj: :param context: :param kwargs: 'name': vl_ext_xx, 'vdom': const.EXT_VDOM, 'ip': 'x.x.x.x x.x.x.x' :return: """ records = fortinet_db.query_records( context, fortinet_db.Fortinet_FloatingIP_Allocation, vdom=kwargs['vdom'], allocated=True) secondaryips = [] for record in records: secondaryip = getip(record.ip_subnet, 1) if secondaryip == kwargs.get('ip'): continue secondaryips.append(secondaryip) op(obj, context, resources.VlanInterface.set, name=kwargs['name'], vdom=kwargs['vdom'], secondaryips=secondaryips)
def delete_reservedip(obj, context, **kwargs): cls = fortinet_db.Fortinet_ML2_ReservedIP reserved_ip = fortinet_db.query_record(context, cls, **kwargs) if reserved_ip: db_reservedips = fortinet_db.query_records( context, cls, subnet_id=reserved_ip.subnet_id) db_reservedips.remove(reserved_ip) reserved_addresses = [] for rsrvdip in db_reservedips: reserved_addresses.append({ 'id': rsrvdip.edit_id, 'ip': rsrvdip.ip, 'mac': rsrvdip.mac }) db_subnet = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=reserved_ip.subnet_id) if db_subnet: op(obj, context, resources.DhcpServerRsvAddr.set, id=db_subnet.edit_id, vdom=reserved_ip.vdom, reserved_address=jsonutils.dumps(reserved_addresses)) fortinet_db.delete_record(context, cls, **kwargs)
def network_migration(context, mech_driver): """ # networks, ml2_network_segments network = { #'status': 'ACTIVE', #'subnets': [], 'name': u'test-net', #'provider: physical_network': u'physnet1', #'admin_state_up': True, 'tenant_id': u'11513667f4ee4a14acb0985659459988', 'provider: network_type': u'vlan', 'router:external': False, #'shared': False, 'id': 'ff0a1d64-ce30-4ed0-ba37-597eaf8976f0', #'provider: segmentation_id': 1200L } # ml2_network_segments segments = [{ 'segmentation_id': 1200L, 'physical_network': u'physnet1', 'id': u'e7dfa4fb-038a-4aad-b6fa-73afba788888', 'network_type': u'vlan' }] """ net = { 'name': '', 'tenant_id': '', 'provider: network_type': '', 'router:external': False, 'id': '', } segment = { 'segmentation_id': 0, 'physical_network': '', 'id': '', 'network_type': '' } records = fortinet_db.query_records(context, models_v2.Network) with Progress(len(records), 'network_migration') as p: for record in records: reset(net) reset(segment) db_seg = fortinet_db.query_record(context, ml2_db.NetworkSegment, network_id=record.id) cls2dict(record, net) db_extnet = fortinet_db.query_record(context, ExternalNetwork, network_id=record.id) if db_extnet: net['router:external'] = True cls2dict(db_seg, segment) net['provider: network_type'] = db_seg.network_type mech_context = Fake_mech_context(_plugin_context=context, current=net, network_segments=[segment]) mech_driver.create_network_postcommit(mech_context) p.update()
def add_interface_ip(obj, context, **kwargs): """ :param context: :param kwargs: example format as below { "ip": "10.160.37.20 255.255.255.0", "name": "port37", "vdom": "root" } :return: """ inf_db = fortinet_db.query_record(context, fortinet_db.Fortinet_Interface, name=kwargs.get('name')) if const.EXT_DEF_DST in getattr(inf_db, 'ip'): inf_db.update_record(context, inf_db, **kwargs) op(obj, context, resources.VlanInterface.set, **kwargs) else: records = fortinet_db.query_records( context, fortinet_db.Fortinet_Interface_subip, name=kwargs.get('name')) org_subips = [getattr(record, 'ip') for record in records] if kwargs.get('ip') in org_subips: return add_record(obj, context, fortinet_db.Fortinet_Interface_subip, **kwargs)
def delete_routerstatics(obj, context, **kwargs): records = fortinet_db.query_records(context, fortinet_db.Fortinet_Static_Router, **kwargs) for record in records: delete_routerstatic(obj, context, vdom=record.vdom, edit_id=record.edit_id)
def subnet_migration(context, mech_driver): # table subnets subnet = { 'allocation_pools': [{ 'start': '172.20.21.2', 'end': '172.20.21.254' }], 'cidr': '172.20.21.0/24', 'id': 'ee1506dc-d1a9-45b3-840e-137bdaebce52', 'enable_dhcp': True, 'network_id': u'ad47f7b8-4bb7-4591-b8ed-f720237dd24f', 'tenant_id': u'11513667f4ee4a14acb0985659456f24', 'dns_nameservers': [], 'gateway_ip': u'172.20.21.1', 'shared': False } ipallocation_pool = {'start': '172.20.21.2', 'end': '172.20.21.254'} records = fortinet_db.query_records(context, models_v2.Subnet) with Progress(len(records), 'subnet_migration') as p: for record in records: dns_nameservers = [] reset(subnet) reset(ipallocation_pool) db_ipallocation = fortinet_db.query_record( context, models_v2.IPAllocationPool, subnet_id=record.id) cls2dict(db_ipallocation, ipallocation_pool, first_ip='start', last_ip='end') db_dnssrvs = fortinet_db.query_records(context, models_v2.DNSNameServer, subnet_id=record.id) for dns in db_dnssrvs: dns_nameservers.append(dns.address) cls2dict(record, subnet) subnet['dns_nameservers'] = dns_nameservers subnet['allocation_pools'] = [ipallocation_pool] mech_context = Fake_mech_context(_plugin_context=context, current=subnet) mech_driver.create_subnet_postcommit(mech_context) p.update()
def delete_interface_ip(obj, context, **kwargs): """ :param context: :param kwargs: example format as below { "ip": "10.160.37.20 255.255.255.0", "name": "port37", "vdom": "root" } :return: """ records = fortinet_db.query_records(context, fortinet_db.Fortinet_Interface_subip, name=kwargs.get('name')) org_subips = [getattr(record, 'ip') for record in records] if kwargs.get('ip') in org_subips: org_subips.remove(kwargs["ip"]) #op(obj, context, resources.VlanInterface.set, # name=kwargs.get('name'), # vdom=kwargs.get('vdom'), # secondaryips=org_subips) fortinet_db.delete_record(context, fortinet_db.Fortinet_Interface_subip, **kwargs) else: inf_db = fortinet_db.query_record(context, fortinet_db.Fortinet_Interface, **kwargs) if not inf_db: return if org_subips: kwargs['ip'] = org_subips.pop() op(obj, context, resources.VlanInterface.set, name=kwargs.get('name'), vdom=kwargs.get('vdom'), secondaryips=org_subips) fortinet_db.delete_record(context, fortinet_db.Fortinet_Interface_subip, **kwargs) else: kwargs['ip'] = const.EXT_DEF_DST op(obj, context, resources.VlanInterface.set, **kwargs) inf_db.update_record(context, inf_db, ip=kwargs['ip'])
def _get_fips_in_fw(self, context, tenant_id, fw_net): fw_fips = [] if not fw_net: return fw_fips namespace = fortinet_db.Fortinet_ML2_Namespace.query_one( context, tenant_id=tenant_id) if not namespace: return fw_fips db_fips = fortinet_db.query_records( context, l3_db.FloatingIP, tenant_id=tenant_id, status=n_consts.FLOATINGIP_STATUS_ACTIVE) for fip in db_fips: if getattr(fip, 'fixed_ip_address', None) and \ IPAddress(fip.fixed_ip_address) in IPNetwork(fw_net): fw_fips.append((fip.id, fip.floating_ip_address)) return fw_fips
def delete_addrgrp(obj, context, **kwargs): """ :param context: for database :param kwargs: example format { "name": "addrgrp_osvdm1", "vdom": "osvdm1", "members": ["192.168.10.0", "192.168.33.0"] } each member of members is the address name to be deleted in the specific firewall address group in FGT. """ cls = fortinet_db.Fortinet_Firewall_Address records = fortinet_db.query_records(context, cls, group=kwargs['name']) if not records: LOG.debug("There is not any record in db") return members = [ record.name for record in records if record.name not in kwargs['members'] ] if members: kwargs['members'] = members op(obj, context, resources.FirewallAddrgrp.set, **kwargs) else: delete_fwpolicy(obj, context, vdom=kwargs.get('vdom'), srcintf='any', srcaddr=kwargs['name'], dstintf='any', nat='disable') try: del kwargs['members'] op(obj, context, resources.FirewallAddrgrp.delete, **kwargs) except Exception as e: resources.Exinfo(e) for record in records: if record.name not in members: record.update_record(context, record, group=None)
def floatingip_migration(context, l3_driver): """ # table floatingips, ipallocations floatingip = { u'floatingip': { u'floating_network_id': u'2bdcaa63-22c5-4e58-8e2e-8f35bef7f513', 'tenant_id': u'11513667f4ee4a14acb0985659456f24', 'fixed_ip_address': None, 'port_id': None } } returned_obj { 'floating_network_id': u'2bdcaa63-22c5-4e58-8e2e-8f35bef7f513', 'router_id': None, 'fixed_ip_address': None, 'floating_ip_address': u'10.160.37.139', 'tenant_id': u'11513667f4ee4a14acb0985659456f24', 'status': 'DOWN', 'port_id': None, 'id': '78764016-da62-42fd-96a4-f2bd0510b5bc' } """ returned_obj = { 'fixed_ip_address': None, 'floating_ip_address': u'10.160.37.139', 'tenant_id': u'11513667f4ee4a14acb0985659456f24', 'status': 'DOWN', 'port_id': None, 'id': '78764016-da62-42fd-96a4-f2bd0510b5bc' } floatingip = {'floatingip': returned_obj} records = fortinet_db.query_records(context, l3_db.FloatingIP) with Progress(len(records), 'floatingip_migration') as p: for record in records: reset(returned_obj) cls2dict(record, returned_obj, fixed_port_id='port_id') l3_driver.create_floatingip(context, floatingip, returned_obj) p.update()
def add_reservedip(obj, context, **kwargs): cls = fortinet_db.Fortinet_ML2_ReservedIP add_record(obj, context, cls, **kwargs) db_reservedips = fortinet_db.query_records( context, cls, subnet_id=kwargs.get('subnet_id')) db_subnet = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=kwargs.get('subnet_id')) if db_subnet: reserved_addresses = [] for rsrvdip in db_reservedips: reserved_addresses.append({ 'id': rsrvdip.edit_id, 'ip': rsrvdip.ip, 'mac': rsrvdip.mac }) op(obj, context, resources.DhcpServerRsvAddr.set, id=db_subnet.edit_id, vdom=kwargs.get('vdom'), reserved_address=jsonutils.dumps(reserved_addresses))
def add_secondaryip(obj, context, **kwargs): """ :param obj: :param context: :param kwargs: 'name': vl_ext_xx, 'vdom': const.EXT_VDOM, 'ip': 'x.x.x.x x.x.x.x' :return: """ records = fortinet_db.query_records( context, fortinet_db.Fortinet_FloatingIP_Allocation, vdom=kwargs['vdom'], allocated=True) secondaryips = [] for record in records: secondaryips.append(getip(record.ip_subnet, 1)) if op(obj, context, resources.VlanInterface.set, name=kwargs['name'], vdom=const.EXT_VDOM, secondaryips=secondaryips): secondaryips.remove(kwargs['ip']) rollback = { 'params': (obj._driver, { 'name': kwargs['name'], 'vdom': const.EXT_VDOM, 'secondaryips': secondaryips }), 'func': resources.VlanInterface.set } obj.task_manager.add(getid(context), **rollback)
def add_addrgrp(obj, context, **kwargs): """ :param context: :param kwargs: { "name": "addrgrp_osvdm1", "vdom": "osvdm1", "members": ["192.168.33.0"] } :return: """ cls = fortinet_db.Fortinet_Firewall_Address records = fortinet_db.query_records(context, cls, group=kwargs['name']) for name in kwargs['members']: record = fortinet_db.query_record(context, cls, name=name, vdom=kwargs['vdom']) if not record.group: cls.update_record(context, record, group=kwargs['name']) # TODO(samsu): need to add a rollback action to taskmanager else: LOG.debug("The member %(record)s already joined a group", {"record": record}) for record in records: kwargs['members'].append(record.name) try: op(obj, context, resources.FirewallAddrgrp.get, name=kwargs['name'], vdom=kwargs['vdom']) # TODO(samsu): need to add a rollback action to taskmanager op(obj, context, resources.FirewallAddrgrp.set, **kwargs) except exception.ResourceNotFound: op(obj, context, resources.FirewallAddrgrp.add, **kwargs)
def port_migration(context, mech_driver, l3_driver): """ :param mech_driver: :param context: :return: # table ports port { 'status': 'DOWN', 'binding: host_id': '', 'allowed_address_pairs': [], 'device_owner': 'network: router_interface', 'binding: profile': { }, # table ipallocations 'fixed_ips': [{ 'subnet_id': u'f645b09c-a34a-42fb-9c14-b999e43a54c7', 'ip_address': u'172.20.21.1' }], 'id': 'fb66def6-bd5e-44a0-a3f7-7c0e8e08d9ff', 'security_groups': [], 'device_id': u'e4020c65-7003-468b-a34d-31af297397a0', 'name': '', 'admin_state_up': True, 'network_id': u'f8e34426-ccf7-429c-b726-3809d54cabdc', 'tenant_id': u'11513667f4ee4a14acb0985659456f24', 'binding: vif_details': { }, 'binding: vnic_type': 'normal', 'binding: vif_type': 'unbound', 'mac_address': u'00: 0c: 29: d9: 18: 3f' } """ port = { 'device_owner': 'network: router_interface', 'fixed_ips': [{ 'subnet_id': u'f645b09c-a34a-42fb-9c14-b999e43a54c7', 'ip_address': u'172.20.21.1' }], 'id': 'fb66def6-bd5e-44a0-a3f7-7c0e8e08d9ff', 'device_id': u'e4020c65-7003-468b-a34d-31af297397a0', 'admin_state_up': True, 'network_id': u'f8e34426-ccf7-429c-b726-3809d54cabdc', 'tenant_id': u'11513667f4ee4a14acb0985659456f24', 'mac_address': u'00: 0c: 29: d9: 18: 3f' } ipallocation = { 'subnet_id': u'f645b09c-a34a-42fb-9c14-b999e43a54c7', 'ip_address': u'172.20.21.1' } MAC = utils.get_mac(mech_driver, context) records = fortinet_db.query_records(context, models_v2.Port) with Progress(len(records), 'port_migration') as p: for record in records: reset(port) cls2dict(record, port) if port['fixed_ips']: fixed_ips = [] for fixed_ip in port['fixed_ips']: cls2dict(fixed_ip, ipallocation) fixed_ips.append(ipallocation) port['fixed_ips'] = fixed_ips if port['device_owner'] in [ROUTER_INTF, ROUTER_GW] and \ MAC not in port['mac_address']: port['mac_address'] = MAC if not fortinet_db.query_count(context, models_v2.Port, mac_address=MAC, network_id=record.network_id): fortinet_db.update_record(context, record, mac_address=MAC) mech_context = Fake_mech_context(_plugin_context=context, current=port) mech_driver.create_port_precommit(mech_context) mech_driver.create_port_postcommit(mech_context) db_routerport = fortinet_db.query_record(context, l3_db.RouterPort, port_id=record.id) if getattr(db_routerport, 'port_type', None) in [ROUTER_INTF]: l3_driver.add_router_interface(context, port) p.update()