def delete_vdom(obj, context, **kwargs):
cls = fortinet_db.Fortinet_ML2_Namespace
namespace = fortinet_db.query_record(context, cls, **kwargs)
if namespace:
tenant_id = namespace.tenant_id
if not fortinet_db.query_count(context, l3_db.Router,
tenant_id=tenant_id) and \
not fortinet_db.query_count(context, models_v2.Network,
tenant_id=tenant_id) and \
not fortinet_db.query_count(context, l3_db.FloatingIP,
tenant_id=tenant_id):
try:
op(obj, context, resources.Vdom.get, name=namespace.vdom)
op(obj, context, resources.Vdom.delete, name=namespace.vdom)
except Exception as e:
resources.Exinfo(e)
fortinet_db.delete_record(context, cls, **kwargs)
else:
db_routers = fortinet_db.query_records(context,
l3_db.Router,
tenant_id=tenant_id)
db_networks = fortinet_db.query_records(context,
models_v2.Network,
tenant_id=tenant_id)
db_fips = fortinet_db.query_records(context,
l3_db.FloatingIP,
tenant_id=tenant_id)
LOG.debug(
"Keeping vdom, because existing db_routers: %(routers)s,"
"db_networks: %(networks)s, db_fips: %(fips)s", {
'routers': db_routers,
'networks': db_networks,
'fips': db_fips
})
return namespace
def delete_network_precommit(self, mech_context):
"""Delete Network from the plugin specific database table."""
LOG.debug("delete_network_precommit: called")
context = mech_context._plugin_context
network = mech_context.current
if network["router:external"]:
# return when the network is external network
# TODO(samsu): may check external network
# before delete namespace
return
tenant_id = network['tenant_id']
namespace = fortinet_db.query_record(
context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id)
if not namespace:
return
records = fortinet_db.query_records(context,
fortinet_db.Fortinet_Interface,
network_id=network['id'])
for record in records:
try:
utils.delete_vlanintf(self,
context,
name=record.name,
vdom=namespace.vdom)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def delete_network_precommit(self, mech_context):
"""Delete Network from the plugin specific database table."""
LOG.debug("delete_network_precommit: called")
network = mech_context.current
network_id = network['id']
context = mech_context._plugin_context
if fortinet_db.query_record(context, ext_db.ExternalNetwork,
network_id=network_id):
# return when the network is external network
# TODO(samsu): may check external network
# before delete namespace
return
tenant_id = network['tenant_id']
namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
if not namespace:
return
# TODO(samsu): type driver support vlan only,
# need to check later
vlanid = network['provider:segmentation_id']
inf_name = const.PREFIX['inf'] + str(vlanid)
try:
utils.delete_vlanintf(self, context, name=inf_name,
vdom=namespace.vdom)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def update_floatingip(self, context, id, floatingip):
if floatingip['floatingip']['port_id']:
# floating ip associate with VM port.
try:
res = (super(FortinetL3ServicePlugin,
self).update_floatingip(context, id, floatingip))
if not floatingip['floatingip'].get('fixed_ip_address', None):
floatingip['floatingip']['fixed_ip_address'] = (
res.get('fixed_ip_address'))
self._associate_floatingip(context, id, floatingip)
self.update_floatingip_status(
context, res, l3_constants.FLOATINGIP_STATUS_ACTIVE, id=id)
except Exception as e:
with excutils.save_and_reraise_exception():
resources.Exinfo(e)
super(FortinetL3ServicePlugin,
self).disassociate_floatingips(
context, floatingip['floatingip']['port_id'])
else:
# disassociate floating ip.
self._disassociate_floatingip(context, id)
res = (super(FortinetL3ServicePlugin,
self).update_floatingip(context, id, floatingip))
self.update_floatingip_status(context,
res,
l3_constants.FLOATINGIP_STATUS_DOWN,
id=id)
return res if res else None
def create_floatingip(self, context, floatingip):
"""Create floating IP.
:param context: Neutron request context
:param floatingip: data for the floating IP being created
:returns: A floating IP object on success
As the l3 router plugin asynchronously creates floating IPs
leveraging the l3 agent, the initial status for the floating
IP object will be DOWN.
"""
LOG.debug("create_floatingip: floatingip=%s", floatingip)
returned_obj = (super(FortinetL3ServicePlugin,
self).create_floatingip(context, floatingip))
try:
self._allocate_floatingip(context, returned_obj)
if returned_obj.get('port_id', None):
if not floatingip['floatingip'].get('fixed_ip_address', None):
floatingip['floatingip']['fixed_ip_address'] = (
returned_obj.get('fixed_ip_address'))
self._associate_floatingip(context, returned_obj['id'],
floatingip)
self.update_floatingip_status(
context,
returned_obj,
l3_constants.FLOATINGIP_STATUS_ACTIVE,
id=returned_obj['id'])
return returned_obj
except Exception as e:
with excutils.save_and_reraise_exception():
resources.Exinfo(e)
super(FortinetL3ServicePlugin,
self).delete_floatingip(context, returned_obj['id'])
def delete_resource_with_keys(obj, context, record, resource, *keys, **kwargs):
params = _prepare_params(record, resource, *keys, **kwargs)
try:
op(obj, context, resource.get, **params)
return op(obj, context, resource.delete, **params)
except exception.ResourceNotFound as e:
resources.Exinfo(e)
return None
def _loopingcall_callback():
self._monitor_busy = True
try:
self._check_pending_tasks()
except Exception as e:
resources.Exinfo(e)
LOG.exception(_LE("Exception in _check_pending_tasks"))
self._monitor_busy = False
def delete_subnet_postcommit(self, mech_context):
LOG.debug("delete_subnet_postcommit: called")
context = mech_context._plugin_context
subnet_id = mech_context.current['id']
try:
utils.delete_routerstatic(self, context, subnet_id=subnet_id)
utils.delete_dhcpserver(self, context, subnet_id=subnet_id)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def delete_resource_with_id(obj, context, record, resource):
if getattr(record, 'edit_id', None):
try:
op(obj, context, resource.get, vdom=record.vdom, id=record.edit_id)
return op(obj,
context,
resource.delete,
vdom=record.vdom,
id=record.edit_id)
except Exception as e:
resources.Exinfo(e)
return None
def set_resource_with_id(obj, context, record, resource, **kwargs):
# because the name 'edit_id' in record is different with id in
# the api templates, the id related function can not reuse the
# related xx_keys function
if getattr(record, 'edit_id', None):
try:
op(obj, context, resource.get, vdom=record.vdom, id=record.edit_id)
if kwargs.get('id', None):
del kwargs['id']
kwargs.setdefault('id', str(record.edit_id))
kwargs.setdefault('vdom', record.vdom)
return op(obj, context, resource.set, **kwargs)
except Exception as e:
resources.Exinfo(e)
raise e
def delete_port_postcommit(self, mech_context):
LOG.debug("delete_port_postcommit: called")
port = mech_context.current
context = mech_context._plugin_context
try:
port_id = port['id']
subnet_id = port['fixed_ips'][0]['subnet_id']
db_subnet = fortinet_db.query_record(
context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=subnet_id)
db_subnetv2 = fortinet_db.query_record(context,
models_v2.Subnet,
id=subnet_id)
if port['device_owner'] in ['network:router_gateway']:
if fortinet_db.query_record(context,
ext_db.ExternalNetwork,
network_id=port['network_id']):
#delete ippool and its related firewall policy
utils.clr_ext_gw(self, context, port)
elif port['device_owner'] in ['compute:nova', 'compute:None', '']:
# delete dhcp related functions
utils.delete_reservedip(self, context, port_id=port_id)
elif port['device_owner'] in ['network:router_interface']:
# add firewall address and address group
name = const.PREFIX['addrgrp'] + db_subnet.vdom
member = str(netaddr.IPNetwork(db_subnetv2.cidr).network)
utils.delete_fwpolicy(self,
context,
vdom=db_subnet.vdom,
srcintf='any',
srcaddr=name,
dstintf='any',
dstaddr=name,
nat='disable')
utils.delete_addrgrp(self,
context,
name=name,
vdom=db_subnet.vdom,
members=member.split(' '))
utils.delete_fwaddress(self,
context,
vdom=db_subnet.vdom,
name=member)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def create_router(self, context, router):
LOG.debug("create_router: router=%s" % (router))
# Limit one router per tenant
if not router.get('router', None):
return
tenant_id = router['router']['tenant_id']
with context.session.begin(subtransactions=True):
try:
namespace = utils.add_vdom(self, context, tenant_id=tenant_id)
utils.add_vlink(self, context, namespace.vdom)
except Exception as e:
LOG.error("Failed to create_router router=%(router)s",
{"router": router})
resources.Exinfo(e)
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def delete_network_postcommit(self, mech_context):
"""Delete network which translates to remove vlan interface
and related vdom from the fortigate.
"""
LOG.debug("delete_network_postcommit: called")
network = mech_context.current
context = mech_context._plugin_context
tenant_id = network['tenant_id']
with context.session.begin(subtransactions=True):
try:
utils.delete_vdom(self, context, tenant_id=tenant_id)
LOG.info(_LI("delete network postcommit: tenant= %(tenant_id)s"
" network= %(network)s"),
{'tenant_id': tenant_id, 'network': network})
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def delete_addrgrp(obj, context, **kwargs):
"""
:param context: for database
:param kwargs:
example format
{
"name": "addrgrp_osvdm1",
"vdom": "osvdm1",
"members": ["192.168.10.0", "192.168.33.0"]
}
each member of members is the address name to be deleted in
the specific firewall address group in FGT.
"""
cls = fortinet_db.Fortinet_Firewall_Address
records = fortinet_db.query_records(context, cls, group=kwargs['name'])
if not records:
LOG.debug("There is not any record in db")
return
members = [
record.name for record in records
if record.name not in kwargs['members']
]
if members:
kwargs['members'] = members
op(obj, context, resources.FirewallAddrgrp.set, **kwargs)
else:
delete_fwpolicy(obj,
context,
vdom=kwargs.get('vdom'),
srcintf='any',
srcaddr=kwargs['name'],
dstintf='any',
nat='disable')
try:
del kwargs['members']
op(obj, context, resources.FirewallAddrgrp.delete, **kwargs)
except Exception as e:
resources.Exinfo(e)
for record in records:
if record.name not in members:
record.update_record(context, record, group=None)
def delete_router(self, context, id):
LOG.debug("delete_router: router id=%s", id)
try:
if self.enable_fwaas:
fw_plugin = directory.get_plugin(service_consts.FIREWALL)
fw_plugin.update_firewall_for_delete_router(context, id)
with context.session.begin(subtransactions=True):
router = fortinet_db.query_record(context, l3_db.Router, id=id)
# TODO(jerryz): move this out of transaction.
setattr(context, 'GUARD_TRANSACTION', False)
super(FortinetL3ServicePlugin, self).delete_router(context, id)
if getattr(router, 'tenant_id', None):
utils.delete_vlink(self, context, router.tenant_id)
utils.delete_vdom(self,
context,
tenant_id=router.tenant_id)
except Exception as e:
with excutils.save_and_reraise_exception():
LOG.error(_LE("Failed to delete_router routerid=%(id)s"),
{"id": id})
resources.Exinfo(e)
def check(obj, context, vdom, resource=resources.VlanInterface):
vlink_vlan = fortinet_db.query_record(
context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, vdom=vdom)
if vlink_vlan:
try:
op(obj,
context,
resource.get,
vdom=vdom,
name=vlink_vlan.inf_name_int_vdom)
op(obj,
context,
resource.get,
vdom=const.EXT_VDOM,
name=vlink_vlan.inf_name_ext_vdom)
except exception.ResourceNotFound as e:
import inspect
caller = inspect.stack()[1][3]
LOG.debug("## Check vlink interface failed on the %(func)s.",
{'func': caller})
resources.Exinfo(e)
def _rollback_on_err(obj, context, err):
update_status(obj, context, t_consts.TaskStatus.ROLLBACK)
resources.Exinfo(err)
