def _delete(self, c, context, listener):
try:
c.client.slb.virtual_server.vport.delete(
self.a10_driver.loadbalancer._name(listener.loadbalancer),
self._meta_name(listener),
protocol=openstack_mappings.vip_protocols(c, listener.protocol),
port=listener.protocol_port)
except acos_errors.NotFound:
pass
def _delete(self, c, context, listener):
try:
c.client.slb.virtual_server.vport.delete(
self.a10_driver.loadbalancer._name(listener.loadbalancer),
self._meta_name(listener),
protocol=openstack_mappings.vip_protocols(
c, listener.protocol),
port=listener.protocol_port)
except acos_errors.NotFound:
pass
def _delete(self, c, context, listener):
try:
c.client.slb.virtual_server.vport.delete(
self.a10_driver.loadbalancer._name(listener.loadbalancer),
self._meta_name(listener),
protocol=openstack_mappings.vip_protocols(c, listener.protocol),
port=listener.protocol_port)
except acos_errors.NotFound:
pass
# clean up ssl template
if listener.protocol and listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS:
try:
c.client.slb.template.client_ssl.delete(listener.id)
except acos_errors.NotFound:
pass
def _delete(self, c, context, listener):
# First, remove any existing cert bindings and set the correct protocol for delete.
# Existence of bindings means the vport has been re-created as https.
protocol = openstack_mappings.vip_protocols(c, listener.protocol)
if self.a10_driver.config.use_database and self._remove_existing_bindings(
c, context, listener):
protocol = c.client.slb.virtual_server.vport.HTTPS
# Regular delete, use regular protocol mapping.
self._delete_listener(c, context, listener, protocol)
# clean up ssl template
if listener.protocol and listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS:
try:
c.client.slb.template.client_ssl.delete(listener.id)
except acos_errors.NotFound:
pass
def update(self, context, old_vip, vip):
with a10.A10WriteStatusContext(self, context, vip) as c:
status = c.client.slb.UP
if not vip['admin_state_up']:
status = c.client.slb.DOWN
pool_name = self._pool_name(context, vip['pool_id'])
p = PersistHandler(c, context, vip, self._meta_name(vip), old_vip)
p.create()
templates = self.meta(vip, "template", {})
if 'client_ssl' in templates:
args = {'client_ssl_template': templates['client_ssl']}
c.client.slb.template.client_ssl.update('',
'',
'',
axapi_args=args)
if 'server_ssl' in templates:
args = {'server_ssl_template': templates['server_ssl']}
c.client.slb.template.server_ssl.update('',
'',
'',
axapi_args=args)
vport_meta = self.vport_meta(vip)
c.client.slb.virtual_server.vport.update(
self._meta_name(vip),
self._meta_name(vip) + '_VPORT',
protocol=openstack_mappings.vip_protocols(c, vip['protocol']),
port=vip['protocol_port'],
service_group_name=pool_name,
s_pers_name=p.s_persistence(),
c_pers_name=p.c_persistence(),
status=status,
autosnat=c.device_cfg.get('autosnat'),
ipinip=c.device_cfg.get('ipinip'),
source_nat_pool=c.device_cfg.get('source_nat_pool'),
axapi_body=vport_meta)
self.hooks.after_vip_update(c, context, vip)
def _delete(self, c, context, listener):
# First, remove any existing cert bindings and set the correct protocol for delete.
# Existence of bindings means the vport has been re-created as https.
protocol = openstack_mappings.vip_protocols(c, listener.protocol)
if self.a10_driver.config.use_database and self._remove_existing_bindings(
c, context, listener):
protocol = c.client.slb.virtual_server.vport.HTTPS
# Regular delete, use regular protocol mapping.
self._delete_listener(
c, context, listener, protocol)
# clean up ssl template
if listener.protocol and listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS:
try:
c.client.slb.template.client_ssl.delete(listener.id)
except acos_errors.NotFound:
pass
def update(self, context, old_vip, vip):
with a10.A10WriteStatusContext(self, context, vip) as c:
status = c.client.slb.UP
if not vip['admin_state_up']:
status = c.client.slb.DOWN
pool_name = self._pool_name(context, vip['pool_id'])
p = PersistHandler(c, context, vip, self._meta_name(vip), old_vip)
p.create()
templates = self.meta(vip, "template", {})
if 'client_ssl' in templates:
args = {'client_ssl_template': templates['client_ssl']}
c.client.slb.template.client_ssl.update(
'', '', '',
axapi_args=args)
if 'server_ssl' in templates:
args = {'server_ssl_template': templates['server_ssl']}
c.client.slb.template.server_ssl.update(
'', '', '',
axapi_args=args)
vport_meta = self.vport_meta(vip)
c.client.slb.virtual_server.vport.update(
self._meta_name(vip),
self._meta_name(vip) + '_VPORT',
protocol=openstack_mappings.vip_protocols(c, vip['protocol']),
port=vip['protocol_port'],
service_group_name=pool_name,
s_pers_name=p.s_persistence(),
c_pers_name=p.c_persistence(),
status=status,
autosnat=c.device_cfg.get('autosnat'),
ipinip=c.device_cfg.get('ipinip'),
source_nat_pool=c.device_cfg.get('source_nat_pool'),
axapi_body=vport_meta)
self.hooks.after_vip_update(c, context, vip)
def _set(self, set_method, c, context, listener):
if self.barbican_client is None:
self.barbican_client = certwrapper.CertManagerWrapper(handler=self)
status = c.client.slb.UP
if not listener.admin_state_up:
status = c.client.slb.DOWN
templates = self.meta(listener, "template", {})
server_args = {}
cert_data = dict()
template_args = {}
if listener.protocol and listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS:
if self._set_terminated_https_values(listener, c, cert_data):
templates["client_ssl"] = {}
template_name = str(cert_data.get('template_name', ''))
key_passphrase = str(cert_data.get('key_pass', ''))
cert_filename = str(cert_data.get('cert_filename', ''))
key_filename = str(cert_data.get('key_filename', ''))
else:
LOG.error("Could not created terminated HTTPS endpoint.")
if 'client_ssl' in templates:
template_args["template_client_ssl"] = template_name
try:
c.client.slb.template.client_ssl.create(
template_name,
cert=cert_filename,
key=key_filename)
except acos_errors.Exists:
c.client.slb.template.client_ssl.update(template_name, cert=cert_filename,
key=key_filename, passphrase=key_passphrase)
if 'server_ssl' in templates:
server_args = {'server_ssl_template': templates['server_ssl']}
template_args["template_server_ssl"] = template_name
try:
c.client.slb.template.server_ssl.create(
template_name,
cert_filename,
key_filename,
axapi_args=server_args)
except acos_errors.Exists:
c.client.slb.template.server_ssl.update(template_name,
cert_filename,
key_filename,
axapi_args=server_args)
try:
pool_name = self._pool_name(context, pool_id=listener.default_pool_id)
except Exception:
pool_name = None
persistence = handler_persist.PersistHandler(
c, context, listener.default_pool)
vport_meta = self.meta(listener.loadbalancer, 'vip_port', {})
try:
set_method(
self.a10_driver.loadbalancer._name(listener.loadbalancer),
self._meta_name(listener),
protocol=openstack_mappings.vip_protocols(c, listener.protocol),
port=listener.protocol_port,
service_group_name=pool_name,
s_pers_name=persistence.s_persistence(),
c_pers_name=persistence.c_persistence(),
status=status,
autosnat=c.device_cfg.get('autosnat'),
ipinip=c.device_cfg.get('ipinip'),
axapi_body=vport_meta,
**template_args)
except acos_errors.Exists:
pass
def create(self, context, vip):
with a10.A10WriteStatusContext(self, context, vip) as c:
status = c.client.slb.UP
if not vip['admin_state_up']:
status = c.client.slb.DOWN
pool_name = self._pool_name(context, vip['pool_id'])
p = PersistHandler(c, context, vip, self._meta_name(vip))
p.create()
templates = self.meta(vip, "template", {})
if 'client_ssl' in templates:
args = {'client_ssl_template': templates['client_ssl']}
try:
c.client.slb.template.client_ssl.create('',
'',
'',
axapi_args=args)
except acos_errors.Exists:
pass
if 'server_ssl' in templates:
args = {'server_ssl_template': templates['server_ssl']}
try:
c.client.slb.template.server_ssl.create('',
'',
'',
axapi_args=args)
except acos_errors.Exists:
pass
vport_list = None
try:
vip_meta = self.meta(vip, 'virtual_server', {})
vport_list = vip_meta.pop('vport_list', None)
vip_args = axapi_mappings._virtual_server(
vip_meta, c.device_cfg)
c.client.slb.virtual_server.create(self._meta_name(vip),
vip['address'],
status,
axapi_args=vip_args)
except acos_errors.Exists:
pass
LOG.debug("VPORT_LIST = %s", vport_list)
if vport_list is None:
vport_list = [self.vport_meta(vip)]
for vport, i in zip(vport_list, range(len(vport_list))):
try:
vport_name = str(i) if i else ''
vport_args = axapi_mappings._vport(vport, c.device_cfg)
c.client.slb.virtual_server.vport.create(
self._meta_name(vip),
self._meta_name(vip) + '_VPORT' + vport_name,
protocol=openstack_mappings.vip_protocols(
c, vip['protocol']),
port=vip['protocol_port'],
service_group_name=pool_name,
s_pers_name=p.s_persistence(),
c_pers_name=p.c_persistence(),
status=status,
axapi_args=vport_args)
except acos_errors.Exists:
pass
self.hooks.after_vip_create(c, context, vip)
def _set(self, set_method, c, context, listener):
status = c.client.slb.UP
if not listener.admin_state_up:
status = c.client.slb.DOWN
templates = self.meta(listener, "template", {})
server_args = {}
cert_data = dict()
template_args = {}
protocol = openstack_mappings.vip_protocols(c, listener.protocol)
binding = None
os_name = listener.name or None
# Try Barbican first. TERMINATED HTTPS requires a default TLS container ID that is
# checked by the API so we can't fake it out.
if listener.protocol and listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS:
if self._set_terminated_https_values(listener, c, cert_data):
templates["client_ssl"] = {}
template_name = str(cert_data.get('template_name') or '')
key_passphrase = str(cert_data.get('key_pass') or '')
cert_filename = str(cert_data.get('cert_filename') or '')
key_filename = str(cert_data.get('key_filename') or '')
else:
LOG.error("Could not created terminated HTTPS endpoint.")
# Else, set it up as an HTTP endpoint and attach the A10 cert data.
elif (self.a10_driver.config.get('use_database') and listener.protocol and
listener.protocol in [constants.PROTOCOL_HTTPS,
constants.PROTOCOL_HTTP,
constants.PROTOCOL_TCP]):
try:
binding = self.cert_db.get_binding_for_listener(context, listener.id)
except Exception as ex:
LOG.exception(ex)
if binding:
# if the binding is being deleted and the listener wasn't created as https,
# remove the https port to make room for the original port
if binding.status == constants.STATUS_DELETING:
if (protocol != c.client.slb.virtual_server.vport.HTTPS):
self._delete_listener(c, context, listener,
c.client.slb.virtual_server.vport.HTTPS)
set_method = c.client.slb.virtual_server.vport.create
elif self._set_a10_https_values(listener, c, cert_data, binding):
# If the binding hasn't been created and the port isn't https
# remove the port and re-create it as https.
if (binding.status == constants.STATUS_CREATING and
protocol != c.client.slb.virtual_server.vport.HTTPS):
self._delete_listener(c, context, listener, protocol)
set_method = c.client.slb.virtual_server.vport.create
protocol = c.client.slb.virtual_server.vport.HTTPS
templates["client_ssl"] = {}
template_name = str(cert_data.get('template_name') or '')
key_passphrase = str(cert_data.get('key_pass') or '')
cert_filename = str(cert_data.get('cert_filename') or '')
key_filename = str(cert_data.get('key_filename') or '')
template_args["template_client_ssl"] = template_name
if 'client_ssl' in templates:
template_args["template_client_ssl"] = template_name
try:
c.client.slb.template.client_ssl.create(
template_name,
cert=cert_filename,
key=key_filename,
passphrase=key_passphrase)
except acos_errors.Exists:
c.client.slb.template.client_ssl.update(template_name, cert=cert_filename,
key=key_filename, passphrase=key_passphrase)
if 'server_ssl' in templates:
server_args = {'server_ssl_template': templates['server_ssl']}
template_args["template_server_ssl"] = template_name
try:
c.client.slb.template.server_ssl.create(
template_name,
cert_filename,
key_filename,
passphrase=key_passphrase,
axapi_args=server_args)
except acos_errors.Exists:
c.client.slb.template.server_ssl.update(template_name,
cert_filename,
key_filename,
passphrase=key_passphrase,
axapi_args=server_args)
try:
pool_name = self._pool_name(context, pool_id=listener.default_pool_id)
except Exception:
pool_name = None
persistence = handler_persist.PersistHandler(
c, context, listener.default_pool)
# This doesn't do anything anymore.
vport_meta = self.meta(listener.loadbalancer, 'vip_port', {})
template_args.update(**self._get_vport_defaults(c, os_name))
vport_defaults = self._get_vport_defaults(c, os_name)
# ADD A CONDITION TO VPORT DEFAULTS TO FIX THIS
# EXAMPLE:
# "condition": {"field": "protocol", "op": "=", "value": "http"}}
if "ha-conn-mirror" in vport_defaults and protocol.lower() not in ("tcp", "udp"):
del vport_defaults["ha-conn-mirror"]
if "ha-conn-mirror" in template_args and protocol.lower() not in ("tcp", "udp"):
del template_args["ha-conn-mirror"]
if "template-http" in vport_defaults and protocol.lower() not in ("http", "https"):
del vport_defaults["template-http"]
if "template-http" in template_args and protocol.lower() not in ("http", "https"):
del template_args["template-http"]
if "no-dest-nat" in vport_defaults and protocol.lower() in ("http", "https"):
del vport_defaults["no-dest-nat"]
if "no-dest-nat" in template_args and protocol.lower() in ("http", "https"):
del template_args["no-dest-nat"]
try:
set_method(
self.a10_driver.loadbalancer._name(listener.loadbalancer),
self._meta_name(listener),
protocol=protocol,
port=listener.protocol_port,
service_group_name=pool_name,
s_pers_name=persistence.s_persistence(),
c_pers_name=persistence.c_persistence(),
status=status,
autosnat=c.device_cfg.get('autosnat'),
ipinip=c.device_cfg.get('ipinip'),
source_nat_pool=c.device_cfg.get('source-nat-pool'),
ha_conn_mirror=c.device_cfg.get('ha-conn-mirror'),
no_dest_nat=c.device_cfg.get('no-dest-nat'),
conn_limit=c.device_cfg.get('conn-limit'),
# Device-level defaults
vport_defaults=vport_defaults,
axapi_body=vport_meta,
**template_args)
except acos_errors.Exists:
pass
def create(self, context, vip):
with a10.A10WriteStatusContext(self, context, vip) as c:
status = c.client.slb.UP
if not vip['admin_state_up']:
status = c.client.slb.DOWN
pool_name = self._pool_name(context, vip['pool_id'])
p = PersistHandler(c, context, vip, self._meta_name(vip))
p.create()
templates = self.meta(vip, "template", {})
if 'client_ssl' in templates:
args = {'client_ssl_template': templates['client_ssl']}
try:
c.client.slb.template.client_ssl.create(
'', '', '',
axapi_args=args)
except acos_errors.Exists:
pass
if 'server_ssl' in templates:
args = {'server_ssl_template': templates['server_ssl']}
try:
c.client.slb.template.server_ssl.create(
'', '', '',
axapi_args=args)
except acos_errors.Exists:
pass
vport_list = None
try:
vip_meta = self.meta(vip, 'virtual_server', {})
vport_list = vip_meta.pop('vport_list', None)
c.client.slb.virtual_server.create(
self._meta_name(vip),
vip['address'],
status,
vrid=c.device_cfg.get('default_virtual_server_vrid'),
axapi_body=vip_meta)
except acos_errors.Exists:
pass
LOG.debug("VPORT_LIST = %s", vport_list)
if vport_list is None:
vport_list = [self.vport_meta(vip)]
for vport, i in zip(vport_list, range(len(vport_list))):
try:
vport_name = str(i) if i else ''
c.client.slb.virtual_server.vport.create(
self._meta_name(vip),
self._meta_name(vip) + '_VPORT' + vport_name,
protocol=openstack_mappings.vip_protocols(c, vip['protocol']),
port=vip['protocol_port'],
service_group_name=pool_name,
s_pers_name=p.s_persistence(),
c_pers_name=p.c_persistence(),
status=status,
autosnat=c.device_cfg.get('autosnat'),
ipinip=c.device_cfg.get('ipinip'),
axapi_body=vport)
except acos_errors.Exists:
pass
self.hooks.after_vip_create(c, context, vip)
def _set(self, set_method, c, context, listener):
status = c.client.slb.UP
if not listener.admin_state_up:
status = c.client.slb.DOWN
templates = self.meta(listener, "template", {})
server_args = {}
cert_data = dict()
template_args = {}
protocol = openstack_mappings.vip_protocols(c, listener.protocol)
binding = None
os_name = listener.name or None
# Try Barbican first. TERMINATED HTTPS requires a default TLS container ID that is
# checked by the API so we can't fake it out.
if listener.protocol and listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS:
if self._set_terminated_https_values(listener, c, cert_data):
templates["client_ssl"] = {}
template_name = str(cert_data.get('template_name') or '')
key_passphrase = str(cert_data.get('key_pass') or '')
cert_filename = str(cert_data.get('cert_filename') or '')
key_filename = str(cert_data.get('key_filename') or '')
else:
LOG.error("Could not created terminated HTTPS endpoint.")
# Else, set it up as an HTTP endpoint and attach the A10 cert data.
elif (self.a10_driver.config.get('use_database') and listener.protocol and
listener.protocol in [constants.PROTOCOL_HTTPS,
constants.PROTOCOL_HTTP,
constants.PROTOCOL_TCP]):
try:
binding = self.cert_db.get_binding_for_listener(context, listener.id)
except Exception as ex:
LOG.exception(ex)
if binding:
# if the binding is being deleted and the listener wasn't created as https,
# remove the https port to make room for the original port
if binding.status == constants.STATUS_DELETING:
if (protocol != c.client.slb.virtual_server.vport.HTTPS):
self._delete_listener(c, context, listener,
c.client.slb.virtual_server.vport.HTTPS)
set_method = c.client.slb.virtual_server.vport.create
elif self._set_a10_https_values(listener, c, cert_data, binding):
# If the binding hasn't been created and the port isn't https
# remove the port and re-create it as https.
if (binding.status == constants.STATUS_CREATING and
protocol != c.client.slb.virtual_server.vport.HTTPS):
self._delete_listener(c, context, listener, protocol)
set_method = c.client.slb.virtual_server.vport.create
protocol = c.client.slb.virtual_server.vport.HTTPS
templates["client_ssl"] = {}
template_name = str(cert_data.get('template_name') or '')
key_passphrase = str(cert_data.get('key_pass') or '')
cert_filename = str(cert_data.get('cert_filename') or '')
key_filename = str(cert_data.get('key_filename') or '')
template_args["template_client_ssl"] = template_name
if 'client_ssl' in templates:
template_args["template_client_ssl"] = template_name
try:
c.client.slb.template.client_ssl.create(
template_name,
cert=cert_filename,
key=key_filename,
passphrase=key_passphrase)
except acos_errors.Exists:
c.client.slb.template.client_ssl.update(template_name, cert=cert_filename,
key=key_filename, passphrase=key_passphrase)
if 'server_ssl' in templates:
server_args = {'server_ssl_template': templates['server_ssl']}
template_args["template_server_ssl"] = template_name
try:
c.client.slb.template.server_ssl.create(
template_name,
cert_filename,
key_filename,
passphrase=key_passphrase,
axapi_args=server_args)
except acos_errors.Exists:
c.client.slb.template.server_ssl.update(template_name,
cert_filename,
key_filename,
passphrase=key_passphrase,
axapi_args=server_args)
try:
pool_name = self._pool_name(context, pool_id=listener.default_pool_id)
except Exception:
pool_name = None
persistence = handler_persist.PersistHandler(
c, context, listener.default_pool)
# This doesn't do anything anymore.
vport_meta = self.meta(listener.loadbalancer, 'vip_port', {})
# TODO(mdurrant): This breaks if we introduce non-template args
# template_args.update(**self._get_vport_defaults(c, os_name))
vport_defaults = self._get_vport_defaults(c, os_name)
# ADD A CONDITION TO VPORT DEFAULTS TO FIX THIS
# EXAMPLE:
# "condition": {"field": "protocol", "op": "=", "value": "http"}}
if "ha-conn-mirror" in vport_defaults and protocol.lower() not in ("tcp", "udp"):
del vport_defaults["ha-conn-mirror"]
if "ha-conn-mirror" in template_args and protocol.lower() not in ("tcp", "udp"):
del template_args["ha-conn-mirror"]
if "template-http" in vport_defaults and protocol.lower() not in ("http", "https"):
del vport_defaults["template-http"]
if "template-http" in template_args and protocol.lower() not in ("http", "https"):
del template_args["template-http"]
if "no-dest-nat" in vport_defaults and protocol.lower() in ("http", "https"):
del vport_defaults["no-dest-nat"]
if "no-dest-nat" in template_args and protocol.lower() in ("http", "https"):
del template_args["no-dest-nat"]
if hasattr(listener, 'aflex'):
template_args["aflex-scripts"] = listener.aflex
if "protocol" in vport_defaults:
protocol = vport_defaults["protocol"]
del vport_defaults["protocol"]
conf_templates = c.device_cfg.get('templates')
if conf_templates:
virtual_port_templates = conf_templates.get("virtual-port", None)
else:
virtual_port_templates = None
try:
set_method(
self.a10_driver.loadbalancer._name(listener.loadbalancer),
self._meta_name(listener),
protocol=protocol,
port=listener.protocol_port,
service_group_name=pool_name,
s_pers_name=persistence.s_persistence(),
c_pers_name=persistence.c_persistence(),
status=status,
autosnat=c.device_cfg.get('autosnat'),
ipinip=c.device_cfg.get('ipinip'),
source_nat_pool=c.device_cfg.get('source-nat-pool'),
ha_conn_mirror=c.device_cfg.get('ha-conn-mirror'),
no_dest_nat=c.device_cfg.get('no-dest-nat'),
conn_limit=c.device_cfg.get('conn-limit'),
# Device-level defaults
virtual_port_templates=virtual_port_templates,
vport_defaults=vport_defaults,
axapi_body=vport_meta,
**template_args)
except acos_errors.Exists:
pass
def _set(self, set_method, c, context, listener):
if self.barbican_client is None:
self.barbican_client = certwrapper.CertManagerWrapper(handler=self)
status = c.client.slb.UP
if not listener.admin_state_up:
status = c.client.slb.DOWN
templates = self.meta(listener, "template", {})
server_args = {}
cert_data = dict()
if listener.protocol and listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS:
if self._set_terminated_https_values(listener, c, cert_data):
templates["client_ssl"] = {}
template_name = str(cert_data.get('template_name', ''))
key_passphrase = str(cert_data.get('cert_pass', ''))
cert_filename = str(cert_data.get('cert_filename', ''))
key_filename = str(cert_data.get('key_filename', ''))
else:
LOG.error("Could not created terminated HTTPS endpoint.")
if 'client_ssl' in templates:
try:
c.client.slb.template.client_ssl.create(template_name,
cert=cert_filename,
key=key_filename)
except acos_errors.Exists:
c.client.slb.template.client_ssl.update(
template_name,
cert=cert_filename,
key=key_filename,
passphrase=key_passphrase)
if 'server_ssl' in templates:
server_args = {'server_ssl_template': templates['server_ssl']}
try:
c.client.slb.template.server_ssl.create(template_name,
cert_filename,
key_filename,
axapi_args=server_args)
except acos_errors.Exists:
c.client.slb.template.server_ssl.update(template_name,
cert_filename,
key_filename,
axapi_args=server_args)
try:
pool_name = self._pool_name(context,
pool_id=listener.default_pool_id)
except Exception:
pool_name = None
persistence = handler_persist.PersistHandler(c, context,
listener.default_pool)
vport_meta = self.meta(listener.loadbalancer, 'vip_port', {})
vport_args = axapi_mappings._vport(vport_meta, c.device_cfg)
try:
set_method(self.a10_driver.loadbalancer._name(
listener.loadbalancer),
self._meta_name(listener),
protocol=openstack_mappings.vip_protocols(
c, listener.protocol),
port=listener.protocol_port,
service_group_name=pool_name,
s_pers_name=persistence.s_persistence(),
c_pers_name=persistence.c_persistence(),
status=status,
axapi_args=vport_args)
except acos_errors.Exists:
pass
def _set(self, set_method, c, context, listener):
status = c.client.slb.UP
if not listener.admin_state_up:
status = c.client.slb.DOWN
templates = self.meta(listener, "template", {})
server_args = {}
cert_data = dict()
template_args = {}
protocol = openstack_mappings.vip_protocols(c, listener.protocol)
binding = None
os_name = listener.name or None
# Try Barbican first. TERMINATED HTTPS requires a default TLS container ID that is
# checked by the API so we can't fake it out.
if listener.protocol and listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS:
if self._set_terminated_https_values(listener, c, cert_data):
templates["client_ssl"] = {}
template_name = str(cert_data.get('template_name') or '')
key_passphrase = str(cert_data.get('key_pass') or '')
cert_filename = str(cert_data.get('cert_filename') or '')
key_filename = str(cert_data.get('key_filename') or '')
else:
LOG.error("Could not created terminated HTTPS endpoint.")
# Else, set it up as an HTTP endpoint and attach the A10 cert data.
elif (self.a10_driver.config.get('use_database') and listener.protocol and
listener.protocol in [constants.PROTOCOL_HTTPS,
constants.PROTOCOL_HTTP,
constants.PROTOCOL_TCP]):
try:
binding = self.cert_db.get_binding_for_listener(context, listener.id)
except Exception as ex:
LOG.exception(ex)
if binding:
# if the binding is being deleted and the listener wasn't created as https,
# remove the https port to make room for the original port
if binding.status == constants.STATUS_DELETING:
if (protocol != c.client.slb.virtual_server.vport.HTTPS):
self._delete_listener(c, context, listener,
c.client.slb.virtual_server.vport.HTTPS)
set_method = c.client.slb.virtual_server.vport.create
elif self._set_a10_https_values(listener, c, cert_data, binding):
# If the binding hasn't been created and the port isn't https
# remove the port and re-create it as https.
if (binding.status == constants.STATUS_CREATING and
protocol != c.client.slb.virtual_server.vport.HTTPS):
self._delete_listener(c, context, listener, protocol)
set_method = c.client.slb.virtual_server.vport.create
protocol = c.client.slb.virtual_server.vport.HTTPS
templates["client_ssl"] = {}
template_name = str(cert_data.get('template_name') or '')
key_passphrase = str(cert_data.get('key_pass') or '')
cert_filename = str(cert_data.get('cert_filename') or '')
key_filename = str(cert_data.get('key_filename') or '')
template_args["template_client_ssl"] = template_name
if 'client_ssl' in templates:
template_args["template_client_ssl"] = template_name
try:
c.client.slb.template.client_ssl.create(
template_name,
cert=cert_filename,
key=key_filename,
passphrase=key_passphrase)
except acos_errors.Exists:
c.client.slb.template.client_ssl.update(template_name, cert=cert_filename,
key=key_filename, passphrase=key_passphrase)
if 'server_ssl' in templates:
server_args = {'server_ssl_template': templates['server_ssl']}
template_args["template_server_ssl"] = template_name
try:
c.client.slb.template.server_ssl.create(
template_name,
cert_filename,
key_filename,
passphrase=key_passphrase,
axapi_args=server_args)
except acos_errors.Exists:
c.client.slb.template.server_ssl.update(template_name,
cert_filename,
key_filename,
passphrase=key_passphrase,
axapi_args=server_args)
try:
pool_name = self._pool_name(context, pool_id=listener.default_pool_id)
except Exception:
pool_name = None
persistence = handler_persist.PersistHandler(
c, context, listener.default_pool)
# This doesn't do anything anymore.
vport_meta = self.meta(listener.loadbalancer, 'vip_port', {})
template_args.update(**self._get_vport_defaults(c, os_name))
try:
set_method(
self.a10_driver.loadbalancer._name(listener.loadbalancer),
self._meta_name(listener),
protocol=protocol,
port=listener.protocol_port,
service_group_name=pool_name,
s_pers_name=persistence.s_persistence(),
c_pers_name=persistence.c_persistence(),
status=status,
autosnat=c.device_cfg.get('autosnat'),
ipinip=c.device_cfg.get('ipinip'),
source_nat_pool=c.device_cfg.get('source_nat_pool'),
# Device-level defaults
vport_defaults=self._get_vport_defaults(c, os_name),
axapi_body=vport_meta,
**template_args)
except acos_errors.Exists:
pass
