def update_floatingip(self, context, id, floatingip):
if floatingip['floatingip']['port_id']:
# floating ip associate with VM port.
try:
res = super(FortinetL3ServicePlugin, self).\
update_floatingip(context, id, floatingip)
if not floatingip['floatingip'].get('fixed_ip_address', None):
floatingip['floatingip']['fixed_ip_address'] = \
res.get('fixed_ip_address')
self._associate_floatingip(context, id, floatingip)
self.update_floatingip_status(
context, res, l3_constants.FLOATINGIP_STATUS_ACTIVE, id=id)
except Exception as e:
resources.Exinfo(e)
super(FortinetL3ServicePlugin, self).\
disassociate_floatingips(context,
floatingip['floatingip']['port_id'])
raise e
else:
# disassociate floating ip.
self._disassociate_floatingip(context, id)
res = super(FortinetL3ServicePlugin, self).\
update_floatingip(context, id, floatingip)
self.update_floatingip_status(context,
res,
l3_constants.FLOATINGIP_STATUS_DOWN,
id=id)
return res if res else None
def create_floatingip(self, context, floatingip):
"""Create floating IP.
:param context: Neutron request context
:param floatingip: data for the floating IP being created
:returns: A floating IP object on success
As the l3 router plugin asynchronously creates floating IPs
leveraging the l3 agent, the initial status for the floating
IP object will be DOWN.
"""
LOG.debug(_("create_floatingip: floatingip=%s" % floatingip))
returned_obj = super(FortinetL3ServicePlugin, self).\
create_floatingip(context, floatingip)
try:
self._allocate_floatingip(context, returned_obj)
if returned_obj.get('port_id', None):
if not floatingip['floatingip'].get('fixed_ip_address', None):
floatingip['floatingip']['fixed_ip_address'] = \
returned_obj.get('fixed_ip_address')
self._associate_floatingip(context, returned_obj['id'],
floatingip)
self.update_floatingip_status(
context,
returned_obj,
l3_constants.FLOATINGIP_STATUS_ACTIVE,
id=returned_obj['id'])
return returned_obj
except Exception as e:
resources.Exinfo(e)
super(FortinetL3ServicePlugin,
self).delete_floatingip(context, returned_obj['id'])
raise Exception("Failed to create the floating ip")
def delete_network_precommit(self, mech_context):
"""Delete Network from the plugin specific database table."""
network = mech_context.current
network_id = network['id']
context = mech_context._plugin_context
if fortinet_db.query_record(context,
ExternalNetwork,
network_id=network_id):
# return when the network is external network
# TODO: may check external network before delete namespace
return
tenant_id = network['tenant_id']
namespace = fortinet_db.query_record(
context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id)
if not namespace:
return
# TODO: type driver support vlan only, need to check later
vlanid = network['provider:segmentation_id']
inf_name = const.PREFIX['inf'] + str(vlanid)
try:
utils.delete_vlanintf(self,
context,
name=inf_name,
vdom=namespace.vdom)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def delete_vdom(obj, context, **kwargs):
cls = fortinet_db.Fortinet_ML2_Namespace
namespace = fortinet_db.query_record(context, cls, **kwargs)
if namespace:
try:
op(obj, context, resources.Vdom.get, name=namespace.vdom)
op(obj, context, resources.Vdom.delete, name=namespace.vdom)
except Exception as e:
resources.Exinfo(e)
fortinet_db.delete_record(context, cls, **kwargs)
return namespace
def delete_subnet_postcommit(self, mech_context):
"""Noop now, it is left here for future."""
context = mech_context._plugin_context
subnet_id = mech_context.current['id']
try:
utils.delete_routerstatic(self, context, subnet_id=subnet_id)
utils.delete_dhcpserver(self, context, subnet_id=subnet_id)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def delete_resource_with_keys(obj, context, record, resource, *keys):
if record:
try:
params = {
key: getattr(record, key, None)
for key in keys if getattr(record, key, None)
}
op(obj, context, resource.get, **params)
op(obj, context, resource.delete, **params)
except exception.ResourceNotFound as e:
resources.Exinfo(e)
pass
def delete_resource_with_id(obj, context, record, resource):
if getattr(record, 'edit_id', None):
try:
op(obj, context, resource.get, vdom=record.vdom, id=record.edit_id)
op(obj,
context,
resource.delete,
vdom=record.vdom,
id=record.edit_id)
return True
except Exception as e:
resources.Exinfo(e)
return False
def delete_port_postcommit(self, mech_context):
port = mech_context.current
context = mech_context._plugin_context
try:
port_id = port['id']
subnet_id = port['fixed_ips'][0]['subnet_id']
db_subnet = fortinet_db.query_record(
context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=subnet_id)
db_subnetv2 = fortinet_db.query_record(context,
models_v2.Subnet,
id=subnet_id)
if port['device_owner'] in ['network:router_gateway']:
if fortinet_db.query_record(context,
ExternalNetwork,
network_id=port['network_id']):
#delete ippool and its related firewall policy
utils.clr_ext_gw(self, context, port)
elif port['device_owner'] in ['compute:nova', 'compute:None', '']:
# delete dhcp related functions
utils.delete_reservedip(self, context, port_id=port_id)
elif port['device_owner'] in ['network:router_interface']:
# add firewall address and address group
name = const.PREFIX['addrgrp'] + db_subnet.vdom
member = str(netaddr.IPNetwork(db_subnetv2.cidr).network)
utils.delete_fwpolicy(self,
context,
vdom=db_subnet.vdom,
srcintf='any',
srcaddr=name,
dstintf='any',
dstaddr=name,
nat='disable')
utils.delete_addrgrp(self,
context,
name=name,
vdom=db_subnet.vdom,
members=member.split(' '))
utils.delete_fwaddress(self,
context,
vdom=db_subnet.vdom,
name=member)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def delete_addrgrp(obj, context, **kwargs):
"""
:param context: for database
:param kwargs:
example format
{
"name": "addrgrp_osvdm1",
"vdom": "osvdm1",
"members": ["192.168.10.0", "192.168.33.0"]
}
each member of members is the address name to be deleted in
the specific firewall address group in FGT.
"""
cls = fortinet_db.Fortinet_Firewall_Address
records = fortinet_db.query_records(context, cls, group=kwargs['name'])
if not records:
LOG.debug(_("There is not any record in db"))
return
members = [
record.name for record in records
if record.name not in kwargs['members']
]
if members:
kwargs['members'] = members
op(obj, context, resources.FirewallAddrgrp.set, **kwargs)
else:
delete_fwpolicy(obj,
context,
vdom=kwargs.get('vdom'),
srcintf='any',
srcaddr=kwargs['name'],
dstintf='any',
nat='disable')
try:
del kwargs['members']
op(obj, context, resources.FirewallAddrgrp.delete, **kwargs)
except Exception as e:
resources.Exinfo(e)
for record in records:
if record.name not in members:
record.update_record(context, record, group=None)
def check(obj, context, vdom, resource=resources.VlanInterface):
vlink_vlan = fortinet_db.query_record(
context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, vdom=vdom)
if vlink_vlan:
try:
op(obj,
context,
resource.get,
vdom=vdom,
name=vlink_vlan.inf_name_int_vdom)
op(obj,
context,
resource.get,
vdom=const.EXT_VDOM,
name=vlink_vlan.inf_name_ext_vdom)
except exception.ResourceNotFound as e:
import inspect
caller = inspect.stack()[1][3]
LOG.debug(_("#### Check vlink interface failed on the %(func)s."),
{'func': caller})
resources.Exinfo(e)
def delete_network_postcommit(self, mech_context):
"""Delete network which translates to remove vlan interface
and related vdom from the fortigate.
"""
LOG.debug(_("delete_network_postcommit: called"))
network = mech_context.current
context = mech_context._plugin_context
tenant_id = network['tenant_id']
if not fortinet_db.query_count(
context, models_v2.Network, tenant_id=tenant_id):
try:
namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
if not namespace:
return
if not [
getattr(record, 'gw_port_id', None)
for record in fortinet_db.query_records(
context,
l3_db.Router,
tenant_id=namespace.tenant_id)
if getattr(record, 'gw_port_id', None)
]:
utils.delete_vlink(self, context, tenant_id=tenant_id)
utils.delete_vdom(self, context, vdom=namespace.vdom)
LOG.info(
_("delete network postcommit: tenant= %(tenant_id)s"
" vdom= %(vdom)s"), {
'tenant_id': tenant_id,
'vdom': namespace.vdom
})
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def _rollback_on_err(obj, context, err):
update_status(obj, context, t_consts.TaskStatus.ROLLBACK)
resources.Exinfo(err)
def add_router_interface(self, context, router_id, interface_info):
"""creates vlnk on the fortinet device."""
LOG.debug(
"FortinetL3ServicePlugin.add_router_interface: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r", {
'router_id': router_id,
'interface_info': interface_info
})
with context.session.begin(subtransactions=True):
info = super(FortinetL3ServicePlugin,
self).add_router_interface(context, router_id,
interface_info)
port = db.get_port(context.session, info['port_id'])
port['admin_state_up'] = True
port['port'] = port
LOG.debug(
"FortinetL3ServicePlugin: "
"context=%(context)s"
"port=%(port)s "
"info=%(info)r", {
'context': context,
'port': port,
'info': info
})
#self._core_plugin.update_port(context, info["port_id"], port)
interface_info = info
subnet = self._core_plugin._get_subnet(context,
interface_info['subnet_id'])
network_id = subnet['network_id']
tenant_id = port['tenant_id']
port_filters = {
'network_id': [network_id],
'device_owner': [DEVICE_OWNER_ROUTER_INTF]
}
port_count = self._core_plugin.get_ports_count(
context, port_filters)
# port count is checked against 2 since the current port is already
# added to db
if port_count == 2:
# This subnet is already part of some router
LOG.error(
_("FortinetL3ServicePlugin: adding redundant router "
"interface is not supported"))
raise Exception(
_("FortinetL3ServicePlugin:adding redundant "
"router interface is not supported"))
try:
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
vlan_inf = utils.get_intf(context, network_id)
int_intf, ext_intf = utils.get_vlink_intf(
self, context, vdom=db_namespace.vdom)
utils.add_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
dstintf=int_intf,
nat='enable')
except Exception as e:
LOG.error(
_("Failed to create Fortinet resources to add router "
"interface. info=%(info)s, router_id=%(router_id)s"), {
"info": info,
"router_id": router_id
})
resources.Exinfo(e)
with excutils.save_and_reraise_exception():
self.remove_router_interface(context, router_id,
interface_info)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
return info