def _delete_firewall_rule(self, context, fwp_tenant_id, **fwr):
"""
:param obj:
:param context:
:param kwargs: dictionary, firewall rule
firewall_rule: {'source_ip_address': u'192.176.10.0/24',... }
:return:
"""
# need to consider shared firewall rules
LOG.debug("# _delete_firewall_rule() called")
namespace = fortinet_db.Fortinet_ML2_Namespace.query_one(
context, tenant_id=fwp_tenant_id)
if not namespace:
return None
fwp_assed = fortinet_db.Fortinet_FW_Rule_Association.query_all(
context, fwr_id=fwr['id'])
for fwp in fwp_assed:
fortinet_db.delete_record(
context, fortinet_db.Fortinet_FW_Rule_Association,
fwr_id=fwp.fwr_id, fortinet_pid=fwp.fortinet_pid)
utils.delete_fwpolicy(
self, context, id=fwp.fortinet_pid, vdom=namespace.vdom)
if fwr.get('source_ip_address', None):
srcaddr = constants.PREFIX['source_ip_address'] + fwr['id']
utils.delete_fwaddress(
self, context, vdom=namespace.vdom, name=srcaddr)
if fwr.get('destination_ip_address', None):
dstaddr = constants.PREFIX['destination_ip_address'] + fwr['id']
utils.delete_fwaddress(
self, context, vdom=namespace.vdom, name=dstaddr)
self._delete_fwr_service(context, namespace.vdom, **fwr)
def remove_router_interface(self, context, router_id, interface_info):
"""Deletes vlink, default router from Fortinet device."""
LOG.debug("FortinetL3ServicePlugin.remove_router_interface called: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r",
{'router_id': router_id, 'interface_info': interface_info})
with context.session.begin(subtransactions=True):
# TODO(jerryz): move this out of transaction.
setattr(context, 'GUARD_TRANSACTION', False)
info = (super(FortinetL3ServicePlugin, self).
remove_router_interface(context, router_id,
interface_info))
try:
subnet = self._core_plugin._get_subnet(context,
info['subnet_id'])
tenant_id = subnet['tenant_id']
network_id = subnet['network_id']
vlan_inf = utils.get_intf(context, network_id)
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
utils.delete_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf)
except Exception:
with excutils.save_and_reraise_exception():
LOG.error(_LE("Fail remove of interface from Fortigate "
"router interface. info=%(info)s, "
"router_id=%(router_id)s"),
{"info": info, "router_id": router_id})
return info
def _disassociate_floatingip(self, context, id):
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
db_ip = fortinet_db.query_record(context, models_v2.IPAllocation,
port_id=l3db_fip.fixed_port_id)
vlan_inf = utils.get_intf(context, db_ip.network_id)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.delete_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=l3db_fip.fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
utils.delete_fwaddress(self, context,
name=l3db_fip.fixed_ip_address,
vdom=db_namespace.vdom)
utils.delete_fwpolicy(self, context,
vdom=db_namespace.vdom,
dstaddr=db_fip.floating_ip_address)
utils.delete_vip(self, context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address)
def _delete_firewall_rule(self, context, fwp_tenant_id, **fwr):
"""
:param obj:
:param context:
:param kwargs: dictionary, firewall rule
firewall_rule: {'source_ip_address': u'192.176.10.0/24',... }
:return:
"""
# need to consider shared firewall rules
LOG.debug("# _delete_firewall_rule() called")
namespace = fortinet_db.Fortinet_ML2_Namespace.query_one(
context, tenant_id=fwp_tenant_id)
if not namespace:
return None
fwp_assed = fortinet_db.Fortinet_FW_Rule_Association.query_all(
context, fwr_id=fwr['id'])
for fwp in fwp_assed:
fortinet_db.delete_record(
context, fortinet_db.Fortinet_FW_Rule_Association,
fwr_id=fwp.fwr_id, fortinet_pid=fwp.fortinet_pid)
utils.delete_fwpolicy(
self, context, id=fwp.fortinet_pid, vdom=namespace.vdom)
if fwr.get('source_ip_address', None):
srcaddr = constants.PREFIX['source_ip_address'] + fwr['id']
utils.delete_fwaddress(
self, context, vdom=namespace.vdom, name=srcaddr)
if fwr.get('destination_ip_address', None):
dstaddr = constants.PREFIX['destination_ip_address'] + fwr['id']
utils.delete_fwaddress(
self, context, vdom=namespace.vdom, name=dstaddr)
self._delete_fwr_service(context, namespace.vdom, **fwr)
def delete_port_postcommit(self, mech_context):
LOG.debug("delete_port_postcommit: called")
port = mech_context.current
context = mech_context._plugin_context
try:
port_id = port['id']
subnet_id = port['fixed_ips'][0]['subnet_id']
db_subnet = fortinet_db.query_record(
context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=subnet_id)
db_subnetv2 = fortinet_db.query_record(context,
models_v2.Subnet,
id=subnet_id)
if port['device_owner'] in ['network:router_gateway']:
if fortinet_db.query_record(context,
ext_db.ExternalNetwork,
network_id=port['network_id']):
#delete ippool and its related firewall policy
utils.clr_ext_gw(self, context, port)
elif port['device_owner'] in ['compute:nova', 'compute:None', '']:
# delete dhcp related functions
utils.delete_reservedip(self, context, port_id=port_id)
elif port['device_owner'] in ['network:router_interface']:
# add firewall address and address group
name = const.PREFIX['addrgrp'] + db_subnet.vdom
member = str(netaddr.IPNetwork(db_subnetv2.cidr).network)
utils.delete_fwpolicy(self,
context,
vdom=db_subnet.vdom,
srcintf='any',
srcaddr=name,
dstintf='any',
dstaddr=name,
nat='disable')
utils.delete_addrgrp(self,
context,
name=name,
vdom=db_subnet.vdom,
members=member.split(' '))
utils.delete_fwaddress(self,
context,
vdom=db_subnet.vdom,
name=member)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def delete_port_postcommit(self, mech_context):
LOG.debug("delete_port_postcommit: called")
port = mech_context.current
context = mech_context._plugin_context
try:
port_id = port['id']
subnet_id = port['fixed_ips'][0]['subnet_id']
db_subnet = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Subnet,
subnet_id=subnet_id)
db_subnetv2 = fortinet_db.query_record(context, models_v2.Subnet,
id=subnet_id)
if port['device_owner'] in ['network:router_gateway']:
if fortinet_db.query_record(context, ext_db.ExternalNetwork,
network_id=port['network_id']):
#delete ippool and its related firewall policy
utils.clr_ext_gw(self, context, port)
elif port['device_owner'] in ['compute:nova', 'compute:None', '']:
# delete dhcp related functions
utils.delete_reservedip(self, context, port_id=port_id)
elif port['device_owner'] in ['network:router_interface']:
# add firewall address and address group
name = const.PREFIX['addrgrp'] + db_subnet.vdom
member = str(netaddr.IPNetwork(db_subnetv2.cidr).network)
utils.delete_fwpolicy(self, context,
vdom=db_subnet.vdom,
srcintf='any',
srcaddr=name,
dstintf='any',
dstaddr=name,
nat='disable')
utils.delete_addrgrp(self, context,
name=name,
vdom=db_subnet.vdom,
members=member.split(' '))
utils.delete_fwaddress(self, context,
vdom=db_subnet.vdom,
name=member)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def _disassociate_floatingip(self, context, id):
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self,
context,
vdom=db_namespace.vdom)
db_ip = fortinet_db.query_record(context,
models_v2.IPAllocation,
port_id=l3db_fip.fixed_port_id)
vlan_inf = utils.get_intf(context, db_ip.network_id)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.delete_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=l3db_fip.fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
utils.delete_fwaddress(self,
context,
name=l3db_fip.fixed_ip_address,
vdom=db_namespace.vdom)
utils.delete_fwpolicy(self,
context,
vdom=db_namespace.vdom,
dstaddr=db_fip.floating_ip_address)
utils.delete_vip(self,
context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address)
def remove_router_interface(self, context, router_id, interface_info):
"""Deletes vlink, default router from Fortinet device."""
LOG.debug(
"FortinetL3ServicePlugin.remove_router_interface called: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r", {
'router_id': router_id,
'interface_info': interface_info
})
with context.session.begin(subtransactions=True):
# TODO(jerryz): move this out of transaction.
setattr(context, 'GUARD_TRANSACTION', False)
info = (super(FortinetL3ServicePlugin,
self).remove_router_interface(
context, router_id, interface_info))
try:
subnet = self._core_plugin._get_subnet(context,
info['subnet_id'])
tenant_id = subnet['tenant_id']
network_id = subnet['network_id']
vlan_inf = utils.get_intf(context, network_id)
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
utils.delete_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf)
except Exception:
with excutils.save_and_reraise_exception():
LOG.error(
_LE("Fail remove of interface from Fortigate "
"router interface. info=%(info)s, "
"router_id=%(router_id)s"), {
"info": info,
"router_id": router_id
})
return info
def _release_floatingip(self, context, id):
"""
:param context:
:param id: the floatingip id in neutron.db.l3_db.FloatingIP.
{
tenant_id=u'3998b33381fb48f694369689065a3760',
id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
floating_ip_address=u'10.160.37.111',
floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
fixed_port_id=None,
fixed_ip_address=None,
router_id=None,
last_known_router_id=None,
status=u'DOWN'
}
:return:
"""
with context.session.begin(subtransactions=True):
l3db_fip = self._get_floatingip(context, id)
tenant_id = l3db_fip.tenant_id
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
db_fip = fortinet_db.query_record(context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
if not db_fip or not db_namespace:
return
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.delete_fwippool(self, context,
name=mappedip,
vdom=db_namespace.vdom,
startip=mappedip)
utils.delete_fwpolicy(self, context,
vdom=const.EXT_VDOM,
srcintf=ext_intf,
srcaddr=mappedip,
dstintf=self._fortigate['ext_interface'],
poolname=db_fip.floating_ip_address)
utils.delete_fwaddress(self, context,
name=mappedip,
vdom=const.EXT_VDOM,
subnet="%s 255.255.255.255" % mappedip)
utils.delete_fwippool(self, context,
name=db_fip.floating_ip_address,
vdom=const.EXT_VDOM,
startip=db_fip.floating_ip_address)
utils.delete_routerstatic(self, context,
vdom=const.EXT_VDOM,
dst="%s 255.255.255.255" % mappedip,
device=ext_intf,
gateway=const.DEF_GW)
utils.delete_fwpolicy(self, context,
vdom=const.EXT_VDOM,
dstintf=ext_intf,
dstaddr=l3db_fip.floating_ip_address)
utils.delete_vip(self, context,
vdom=const.EXT_VDOM,
name=db_fip.vip_name,
extip=db_fip.floating_ip_address,
extintf='any',
mappedip=mappedip)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=db_namespace.vdom,
floating_ip_address=db_fip.floating_ip_address,
vip_name=db_fip.floating_ip_address)
# TODO(jerryz): move this out of transaction.
setattr(context, 'GUARD_TRANSACTION', False)
super(FortinetL3ServicePlugin, self).delete_floatingip(context, id)
utils.delete_vlink(self, context, tenant_id)
utils.delete_vdom(self, context, tenant_id=tenant_id)
def _release_floatingip(self, context, id):
"""
:param context:
:param id: the floatingip id in neutron.db.l3_db.FloatingIP.
{
tenant_id=u'3998b33381fb48f694369689065a3760',
id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
floating_ip_address=u'10.160.37.111',
floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
fixed_port_id=None,
fixed_ip_address=None,
router_id=None,
last_known_router_id=None,
status=u'DOWN'
}
:return:
"""
with context.session.begin(subtransactions=True):
l3db_fip = self._get_floatingip(context, id)
tenant_id = l3db_fip.tenant_id
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
db_fip = fortinet_db.query_record(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
if not db_fip or not db_namespace:
return
int_intf, ext_intf = utils.get_vlink_intf(self,
context,
vdom=db_namespace.vdom)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.delete_fwippool(self,
context,
name=mappedip,
vdom=db_namespace.vdom,
startip=mappedip)
utils.delete_fwpolicy(self,
context,
vdom=const.EXT_VDOM,
srcintf=ext_intf,
srcaddr=mappedip,
dstintf=self._fortigate['ext_interface'],
poolname=db_fip.floating_ip_address)
utils.delete_fwaddress(self,
context,
name=mappedip,
vdom=const.EXT_VDOM,
subnet="%s 255.255.255.255" % mappedip)
utils.delete_fwippool(self,
context,
name=db_fip.floating_ip_address,
vdom=const.EXT_VDOM,
startip=db_fip.floating_ip_address)
utils.delete_routerstatic(self,
context,
vdom=const.EXT_VDOM,
dst="%s 255.255.255.255" % mappedip,
device=ext_intf,
gateway=const.DEF_GW)
utils.delete_fwpolicy(self,
context,
vdom=const.EXT_VDOM,
dstintf=ext_intf,
dstaddr=l3db_fip.floating_ip_address)
utils.delete_vip(self,
context,
vdom=const.EXT_VDOM,
name=db_fip.vip_name,
extip=db_fip.floating_ip_address,
extintf='any',
mappedip=mappedip)
fortinet_db.delete_record(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=db_namespace.vdom,
floating_ip_address=db_fip.floating_ip_address,
vip_name=db_fip.floating_ip_address)
# TODO(jerryz): move this out of transaction.
setattr(context, 'GUARD_TRANSACTION', False)
super(FortinetL3ServicePlugin, self).delete_floatingip(context, id)
utils.delete_vlink(self, context, tenant_id)
utils.delete_vdom(self, context, tenant_id=tenant_id)
