def _create_iip(self, pod_name, pod_namespace, vn_obj, vmi): # Instance-ip for pods are ALWAYS allocated from pod ipam on this # VN. Get the subnet uuid of the pod ipam on this VN, so we can request # an IP from it. vn = VirtualNetworkKM.find_by_name_or_uuid(vn_obj.get_uuid()) pod_ipam_subnet_uuid = vn.get_ipam_subnet_uuid( vnc_kube_config.pod_ipam_fq_name()) # Create instance-ip. display_name = VncCommon.make_display_name(pod_namespace, pod_name) iip_uuid = str(uuid.uuid1()) iip_name = VncCommon.make_name(pod_name, iip_uuid) iip_obj = InstanceIp(name=iip_name, subnet_uuid=pod_ipam_subnet_uuid, display_name=display_name) iip_obj.uuid = iip_uuid iip_obj.add_virtual_network(vn_obj) # Creation of iip requires the vmi vnc object. vmi_obj = self._vnc_lib.virtual_machine_interface_read( fq_name=vmi.fq_name) iip_obj.add_virtual_machine_interface(vmi_obj) self.add_annotations(iip_obj, InstanceIpKM.kube_fq_name_key, pod_namespace, pod_name) try: self._vnc_lib.instance_ip_create(iip_obj) except RefsExistError: self._vnc_lib.instance_ip_update(iip_obj) InstanceIpKM.locate(iip_obj.uuid) return iip_obj
def create(self, k8s_event_type, service_ns, service_id, service_name, proj_obj, vn_obj, vip_address=None, subnet_uuid=None, tags=None): """ Create a loadbalancer. """ lb_name = VncCommon.make_name(service_name, service_id) lb_display_name = VncCommon.make_display_name(service_ns, service_name) if k8s_event_type == 'Service': lb_provider = 'native' elif k8s_event_type == 'Ingress': lb_provider = 'opencontrail' lb_obj = Loadbalancer(name=lb_name, parent_obj=proj_obj, loadbalancer_provider=lb_provider, display_name=lb_display_name) lb_obj.uuid = service_id sas_obj = self._check_provider_exists( loadbalancer_provider=lb_provider) if sas_obj is not None: lb_obj.set_service_appliance_set(sas_obj) vmi_obj, vip_address = self._create_virtual_interface(proj_obj, vn_obj, service_ns, service_name, vip_address, subnet_uuid, tags=tags) if vmi_obj is None: return None lb_obj.set_virtual_machine_interface(vmi_obj) id_perms = IdPermsType(enable=True) props = LoadbalancerType(provisioning_status='ACTIVE', id_perms=id_perms, operating_status='ONLINE', vip_address=vip_address) lb_obj.set_loadbalancer_properties(props) LoadbalancerKM.add_annotations(self, lb_obj, service_ns, service_name, k8s_type=k8s_event_type) try: self._vnc_lib.loadbalancer_create(lb_obj) except RefsExistError: self._vnc_lib.loadbalancer_update(lb_obj) return lb_obj
def create(self, lb_provider, vn_obj, service_ns, service_id, service_name, proj_obj, vip_address=None, subnet_uuid=None, annotations=None): """ Create a loadbalancer. """ lb_name = VncCommon.make_name(service_name, service_id) lb_display_name = VncCommon.make_display_name(service_ns, service_name) lb_obj = Loadbalancer(name=lb_name, parent_obj=proj_obj, loadbalancer_provider=lb_provider, display_name=lb_display_name) lb_obj.uuid = service_id sas_obj = self._check_provider_exists( loadbalancer_provider=lb_provider) if sas_obj is not None: lb_obj.set_service_appliance_set(sas_obj) vmi_obj, vip_address = self._create_virtual_interface( proj_obj, vn_obj, service_ns, service_name, vip_address, subnet_uuid) if vmi_obj is None: return None lb_obj.set_virtual_machine_interface(vmi_obj) id_perms = IdPermsType(enable=True) props = LoadbalancerType(provisioning_status='ACTIVE', id_perms=id_perms, operating_status='ONLINE', vip_address=vip_address) lb_obj.set_loadbalancer_properties(props) for key in annotations: lb_obj.add_annotations( KeyValuePair(key=key, value=annotations[key])) try: self._vnc_lib.loadbalancer_create(lb_obj) except RefsExistError: self._vnc_lib.loadbalancer_update(lb_obj) return lb_obj
def _create_vm(self, pod_namespace, pod_id, pod_name, labels): proj_fq_name = vnc_kube_config.cluster_project_fq_name(pod_namespace) vm_name = VncCommon.make_name(pod_name, pod_id) display_name=VncCommon.make_display_name(pod_namespace, pod_name) vm_obj = VirtualMachine(name=vm_name,display_name=display_name) vm_obj.uuid = pod_id VirtualMachineKM.add_annotations(self, vm_obj, pod_namespace, pod_name, k8s_uuid=str(pod_id), labels=json.dumps(labels)) try: self._vnc_lib.virtual_machine_create(vm_obj) except RefsExistError: vm_obj = self._vnc_lib.virtual_machine_read(id=pod_id) vm = VirtualMachineKM.locate(vm_obj.uuid) return vm_obj
def _check_changed_labels(self, label_diff, vm): if not label_diff or not label_diff['changed']: return for vmi_id in vm.virtual_machine_interfaces: vmi = VirtualMachineInterfaceKM.get(vmi_id) if not vmi: return break # check if pod link to be deleted for sg_id in vmi.security_groups: sg = SecurityGroupKM.get(sg_id) if not sg or not sg.dst_pod_selector: continue dst_labels = sg.dst_pod_selector if set(changed_labels.keys()).intersection(set(dst_labels.keys())): self._sg_2_pod_link(vm.uuid, sg_id, 'DELETE') # check if rule has to be deleted for label in changed_labels.items(): key = self._label_cache._get_key(label) policy_ids = self.policy_src_label_cache.get(key, []) for policy_id in policy_ids: sg = SecurityGroupKM.get(policy_id) if not sg: continue sg_name = sg.name + "__ingress" sg_name = VncCommon.make_name(sg_name, sg.uuid) sg_id = self.get_kube_fq_name_to_uuid(SecurityGroupKM, sg.namespace, sg_name) if sg_id: self._sg_2_pod_link(pod_id, sg_id, 'DELETE')
def _get_floating_ip(self, name, proj_obj, external_ip=None, vmi_obj=None): if vmi_obj: fip_refs = vmi_obj.get_floating_ip_back_refs() for ref in fip_refs or []: fip = FloatingIpKM.get(ref['uuid']) if fip: return fip else: break fip_pool = self._get_public_fip_pool() if fip_pool is None: return None fip_uuid = str(uuid.uuid4()) fip_name = VncCommon.make_name(name, fip_uuid) fip_obj = FloatingIp(fip_name, fip_pool) fip_obj.uuid = fip_uuid fip_obj.set_project(proj_obj) if vmi_obj: fip_obj.set_virtual_machine_interface(vmi_obj) if external_ip: fip_obj.floating_ip_address = external_ip try: self._vnc_lib.floating_ip_create(fip_obj) fip = FloatingIpKM.locate(fip_obj.uuid) except Exception as e: string_buf = StringIO() cgitb_hook(file=string_buf, format="text") err_msg = string_buf.getvalue() self._logger.error("%s - %s" % (self._name, err_msg)) return None return fip
def _create_np_sg(self, spec, namespace, name, uuid, np_pod_selector): sg_name = VncCommon.make_name(name, uuid) sg = self._vnc_create_sg(spec, namespace, sg_name, uuid, np_pod_selector=np_pod_selector) return sg
def _get_ingress_rule_list(self, spec, namespace, np_sg_name, np_sg_uuid): ingress_rule_list = [] ingress_acl_rules = spec.get('ingress') if not ingress_acl_rules or not len(ingress_acl_rules): self._logger.error("%s - %s:%s Ingress Rules Not Available" \ %(self._name, np_sg_name, np_sg_uuid)) return ingress_rule_list ingress_pod_sg_index = 0 for ingress_acl_rule in ingress_acl_rules: dst_port_list = [] src_address_list = [] ports = ingress_acl_rule.get('ports') if not ports: ports = [] dst_port = self._get_ports() dst_port_list.append(dst_port) for port in ports: dst_port = self._get_ports(port) dst_port_list.append(dst_port) from_rules = ingress_acl_rule.get('from') if not from_rules: from_rules = [] # allow-all-ns-sg ns_address_list = self._get_ns_address_list(np_sg_uuid) src_address_list.extend(ns_address_list) # allow-all-pods src_address = self._get_ns_address(namespace) src_address_list.append(src_address) for from_rule in from_rules: src_address = {} if 'namespaceSelector' in from_rule: ns_address_list = [] ns_selector = from_rule.get('namespaceSelector') ns_selector_labels = ns_selector.get('matchLabels') if not ns_selector_labels: ns_address_list = self._get_ns_address_list(np_sg_uuid) else: ns_address_list = \ self._get_ns_address_list(np_sg_uuid, ns_selector_labels) if len(ns_address_list): src_address_list.extend(ns_address_list) if 'podSelector' in from_rule: pod_selector = from_rule.get('podSelector') pod_selector_labels = pod_selector.get('matchLabels') if not pod_selector_labels: # allow-all-pods src_address = self._get_ns_address(namespace) else: ingress_pod_sg_index += 1 src_sg_name = VncCommon.make_name(np_sg_name, 'ingress', ingress_pod_sg_index) src_address['pod_selector'] = pod_selector_labels src_address['src_sg_name'] = src_sg_name src_address_list.append(src_address) rule_list = self._get_rule_list(src_address_list, dst_port_list) ingress_rule_list.extend(rule_list) return ingress_rule_list
def vnc_network_policy_delete(self, event, sg_uuid): self._delete_sg(sg_uuid) namespace = event['object']['metadata'].get('namespace') name = event['object']['metadata'].get('name') src_sg_name = 'from__' + VncCommon.make_name(name, sg_uuid) src_sg_uuid = self.get_kube_fq_name_to_uuid(SecurityGroupKM, namespace, src_sg_name) self._delete_sg(src_sg_uuid)
def _get_ingress_rule_list(self, spec, namespace, np_sg_name, np_sg_uuid): ingress_rule_list = [] ingress_acl_rules = spec.get('ingress') if not ingress_acl_rules or not len(ingress_acl_rules): self._logger.error("%s - %s:%s Ingress Rules Not Available" \ %(self._name, np_sg_name, np_sg_uuid)) return ingress_rule_list ingress_pod_sg_index = 0 for ingress_acl_rule in ingress_acl_rules: dst_port_list = [] src_address_list = [] ports = ingress_acl_rule.get('ports') if not ports: ports = [] dst_port = self._get_ports() dst_port_list.append(dst_port) for port in ports: dst_port = self._get_ports(port) dst_port_list.append(dst_port) from_rules = ingress_acl_rule.get('from') if not from_rules: from_rules = [] # allow-all-ns-sg ns_address_list = self._get_ns_address_list(np_sg_uuid) src_address_list.extend(ns_address_list) # allow-all-pods src_address = self._get_ns_address(namespace) src_address_list.append(src_address) for from_rule in from_rules: src_address = {} if 'namespaceSelector' in from_rule: ns_address_list = [] ns_selector = from_rule.get('namespaceSelector') ns_selector_labels = ns_selector.get('matchLabels') if not ns_selector_labels: ns_address_list = self._get_ns_address_list(np_sg_uuid) else: ns_address_list = \ self._get_ns_address_list(np_sg_uuid, ns_selector_labels) if len(ns_address_list): src_address_list.extend(ns_address_list) if 'podSelector' in from_rule: pod_selector = from_rule.get('podSelector') pod_selector_labels = pod_selector.get('matchLabels') if not pod_selector_labels: # allow-all-pods src_address = self._get_ns_address(namespace) else: ingress_pod_sg_index += 1 src_sg_name = VncCommon.make_name( np_sg_name, 'ingress', ingress_pod_sg_index) src_address['pod_selector'] = pod_selector_labels src_address['src_sg_name'] = src_sg_name src_address_list.append(src_address) rule_list = self._get_rule_list(src_address_list, dst_port_list) ingress_rule_list.extend(rule_list) return ingress_rule_list
def _get_floating_ip(self, name, ns_name, proj_obj, external_ip=None, vmi_obj=None, specified_fip_pool_fq_name_str=None): fip_pool_fq_name = None if specified_fip_pool_fq_name_str != None: fip_pool_fq_name = get_fip_pool_fq_name_from_dict_string( specified_fip_pool_fq_name_str) if fip_pool_fq_name is None: ns = self._get_namespace(ns_name) fip_pool_fq_name = ns.get_annotated_ns_fip_pool_fq_name() if fip_pool_fq_name is None: if not vnc_kube_config.is_public_fip_pool_configured(): return None try: fip_pool_fq_name = get_fip_pool_fq_name_from_dict_string( self._args.public_fip_pool) except Exception as e: string_buf = StringIO() cgitb_hook(file=string_buf, format="text") err_msg = string_buf.getvalue() self._logger.error("%s - %s" % (self._name, err_msg)) return None if vmi_obj: fip_refs = vmi_obj.get_floating_ip_back_refs() for ref in fip_refs or []: fip = FloatingIpKM.get(ref['uuid']) if fip and fip.fq_name[:-1] == fip_pool_fq_name: return fip else: break fip_pool = self._get_fip_pool_obj(fip_pool_fq_name) if fip_pool is None: return None fip_uuid = str(uuid.uuid4()) fip_name = VncCommon.make_name(name, fip_uuid) fip_obj = FloatingIp(fip_name, fip_pool) fip_obj.uuid = fip_uuid fip_obj.set_project(proj_obj) if vmi_obj: fip_obj.set_virtual_machine_interface(vmi_obj) if external_ip: fip_obj.floating_ip_address = external_ip try: self._vnc_lib.floating_ip_create(fip_obj) fip = FloatingIpKM.locate(fip_obj.uuid) except Exception as e: string_buf = StringIO() cgitb_hook(file=string_buf, format="text") err_msg = string_buf.getvalue() self._logger.error("%s - %s" % (self._name, err_msg)) return None return fip
def _create_cluster_service_fip(self, pod_name, pod_namespace, vmi_uuid): """ Isolated Pods in the cluster will be allocated a floating ip from the cluster service network, so that the pods can talk to cluster services. """ if not self._service_fip_pool: return # Construct parent ref. fip_pool_obj = FloatingIpPool() fip_pool_obj.uuid = self._service_fip_pool.uuid fip_pool_obj.fq_name = self._service_fip_pool.fq_name fip_pool_obj.name = self._service_fip_pool.name # Create Floating-Ip object. obj_uuid = str(uuid.uuid1()) display_name=VncCommon.make_display_name(pod_namespace, pod_name) name = VncCommon.make_name(pod_name, obj_uuid) fip_obj = FloatingIp(name="cluster-svc-fip-%s"% (name), parent_obj=fip_pool_obj, floating_ip_traffic_direction='egress', display_name=display_name) fip_obj.uuid = obj_uuid # Creation of fip requires the vmi vnc object. vmi_obj = self._vnc_lib.virtual_machine_interface_read( id=vmi_uuid) fip_obj.set_virtual_machine_interface(vmi_obj) self.add_annotations(fip_obj, FloatingIpKM.kube_fq_name_key, pod_namespace, pod_name) try: fip_uuid = self._vnc_lib.floating_ip_create(fip_obj) except RefsExistError: fip_uuid = self._vnc_lib.floating_ip_update(fip_obj) # Cached service floating ip. FloatingIpKM.locate(fip_uuid) return
def _create_dst_sg(self, event): uuid = event['object']['metadata'].get('uid') sg = SecurityGroupKM.get(uuid) if not sg: self._check_sg_uuid_change(event, uuid) name = event['object']['metadata'].get('name') sg_name = VncCommon.make_name(name, uuid) sg = self._create_sg(event, sg_name, uuid) else: sg = self._update_sg(event, sg) return sg
def _create_src_sg(self, event, dst_uuid): namespace = event['object']['metadata'].get('namespace') name = event['object']['metadata'].get('name') sg_name = 'from__' + VncCommon.make_name(name, dst_uuid) sg_id = self.get_kube_fq_name_to_uuid(SecurityGroupKM, namespace, sg_name) if not sg_id: sg = self._create_sg(event, sg_name) else: sg = SecurityGroupKM.locate(sg_id) return sg
def create(self, k8s_event_type, service_ns, service_id, service_name, proj_obj, vn_obj, vip_address=None, subnet_uuid=None, tags=None): """ Create a loadbalancer. """ lb_name = VncCommon.make_name(service_name, service_id) lb_display_name = VncCommon.make_display_name(service_ns, service_name) if k8s_event_type == 'Service': lb_provider = 'native' elif k8s_event_type == 'Ingress': lb_provider = 'opencontrail' lb_obj = Loadbalancer(name=lb_name, parent_obj=proj_obj, loadbalancer_provider=lb_provider, display_name=lb_display_name) lb_obj.uuid = service_id sas_obj = self._check_provider_exists(loadbalancer_provider=lb_provider) if sas_obj is not None: lb_obj.set_service_appliance_set(sas_obj) vmi_obj, vip_address = self._create_virtual_interface(proj_obj, vn_obj, service_ns, service_name, service_id, k8s_event_type, vip_address, subnet_uuid, tags=tags) if vmi_obj is None: return None lb_obj.set_virtual_machine_interface(vmi_obj) id_perms = IdPermsType(enable=True) props = LoadbalancerType(provisioning_status='ACTIVE', id_perms=id_perms, operating_status='ONLINE', vip_address=vip_address) lb_obj.set_loadbalancer_properties(props) LoadbalancerKM.add_annotations(self, lb_obj, service_ns, service_name, k8s_type=k8s_event_type) try: self._vnc_lib.loadbalancer_create(lb_obj) except RefsExistError: self._vnc_lib.loadbalancer_update(lb_obj) return lb_obj
def _add_src_pod_2_policy(self, pod_id, policy_list): for policy_id in policy_list: sg = SecurityGroupKM.get(policy_id) if not sg: continue if self._find_pods(sg.src_pod_selector, {pod_id}): sg_name = sg.name + "__ingress" sg_name = VncCommon.make_name(sg_name, sg.uuid) sg_id = self.get_kube_fq_name_to_uuid(SecurityGroupKM, sg.namespace, sg_name) sg_id = SecurityGroupKM.get_kube_fq_name_to_uuid(sg_fq_name) if sg_id: self._sg_2_pod_link(pod_id, sg_id, 'ADD')
def _create_vmi(self, pod_name, pod_namespace, vm_obj, vn_obj, parent_vmi): proj_fq_name = vnc_kube_config.cluster_project_fq_name(pod_namespace) proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) vmi_prop = None if self._is_pod_nested() and parent_vmi: # Pod is nested. # Allocate a vlan-id for this pod from the vlan space managed # in the VMI of the underlay VM. parent_vmi = VirtualMachineInterfaceKM.get(parent_vmi.uuid) vlan_id = parent_vmi.alloc_vlan() vmi_prop = VirtualMachineInterfacePropertiesType( sub_interface_vlan_tag=vlan_id) obj_uuid = str(uuid.uuid1()) name = VncCommon.make_name(pod_name, obj_uuid) display_name = VncCommon.make_display_name(pod_namespace, pod_name) vmi_obj = VirtualMachineInterface( name=name, parent_obj=proj_obj, virtual_machine_interface_properties=vmi_prop, display_name=display_name) vmi_obj.uuid = obj_uuid vmi_obj.set_virtual_network(vn_obj) vmi_obj.set_virtual_machine(vm_obj) self._associate_security_groups(vmi_obj, proj_obj, pod_namespace) self.add_annotations(vmi_obj, VirtualMachineInterfaceKM.kube_fq_name_key, pod_namespace, pod_name) try: vmi_uuid = self._vnc_lib.virtual_machine_interface_create(vmi_obj) except RefsExistError: vmi_uuid = self._vnc_lib.virtual_machine_interface_update(vmi_obj) VirtualMachineInterfaceKM.locate(vmi_uuid) return vmi_uuid
def _get_cluster_service_fip(self, name, ns_name, lb_obj): if not self._service_fip_pool: return None fip_pool = FloatingIpPool() fip_pool.uuid = self._service_fip_pool.uuid fip_pool.fq_name = self._service_fip_pool.fq_name fip_pool.name = self._service_fip_pool.name fip_uuid = str(uuid.uuid4()) fip_name = VncCommon.make_name(name, fip_uuid) display_name = VncCommon.make_display_name(ns_name, name) fip_obj = FloatingIp(name="cluster-svc-fip-%s" % (fip_name), parent_obj=fip_pool, floating_ip_traffic_direction='egress', display_name=display_name) fip_obj.uuid = fip_uuid proj_obj = self._get_project(ns_name) fip_obj.set_project(proj_obj) vmi_id = lb_obj.virtual_machine_interface_refs[0]['uuid'] vmi_obj = self._vnc_lib.virtual_machine_interface_read(id=vmi_id) if vmi_obj: fip_obj.set_virtual_machine_interface(vmi_obj) FloatingIpKM.add_annotations(self, fip_obj, name, ns_name) try: self._vnc_lib.floating_ip_create(fip_obj) fip = FloatingIpKM.locate(fip_obj.uuid) except Exception as e: string_buf = StringIO() cgitb_hook(file=string_buf, format="text") err_msg = string_buf.getvalue() self._logger.error("%s - %s" % (self._name, err_msg)) return
def _get_cluster_service_fip(self, name, ns_name, lb_obj): if not self._service_fip_pool: return None fip_pool = FloatingIpPool() fip_pool.uuid = self._service_fip_pool.uuid fip_pool.fq_name = self._service_fip_pool.fq_name fip_pool.name = self._service_fip_pool.name fip_uuid = str(uuid.uuid4()) fip_name = VncCommon.make_name(name, fip_uuid) display_name=VncCommon.make_display_name(ns_name, name) fip_obj = FloatingIp(name="cluster-svc-fip-%s"% (fip_name), parent_obj=fip_pool, floating_ip_traffic_direction='egress', display_name=display_name) fip_obj.uuid = fip_uuid proj_obj = self._get_project(ns_name) fip_obj.set_project(proj_obj) vmi_id = lb_obj.virtual_machine_interface_refs[0]['uuid'] vmi_obj = self._vnc_lib.virtual_machine_interface_read(id=vmi_id) if vmi_obj: fip_obj.set_virtual_machine_interface(vmi_obj) FloatingIpKM.add_annotations(self, fip_obj, name, ns_name) try: self._vnc_lib.floating_ip_create(fip_obj) fip = FloatingIpKM.locate(fip_obj.uuid) except Exception as e: string_buf = StringIO() cgitb_hook(file=string_buf, format="text") err_msg = string_buf.getvalue() self._logger.error("%s - %s" %(self._name, err_msg)) return
def _get_floating_ip(self, name, proj_obj, external_ip=None, vmi_obj=None): if not vnc_kube_config.is_public_fip_pool_configured(): return None try: fip_pool_fq_name = get_fip_pool_fq_name_from_dict_string( self._args.public_fip_pool) except Exception as e: string_buf = StringIO() cgitb_hook(file=string_buf, format="text") err_msg = string_buf.getvalue() self._logger.error("%s - %s" %(self._name, err_msg)) return None if vmi_obj: fip_refs = vmi_obj.get_floating_ip_back_refs() for ref in fip_refs or []: fip = FloatingIpKM.get(ref['uuid']) if fip and fip.fq_name[:-1] == fip_pool_fq_name: return fip else: break fip_pool = self._get_public_fip_pool(fip_pool_fq_name) if fip_pool is None: return None fip_uuid = str(uuid.uuid4()) fip_name = VncCommon.make_name(name, fip_uuid) fip_obj = FloatingIp(fip_name, fip_pool) fip_obj.uuid = fip_uuid fip_obj.set_project(proj_obj) if vmi_obj: fip_obj.set_virtual_machine_interface(vmi_obj) if external_ip: fip_obj.floating_ip_address = external_ip try: self._vnc_lib.floating_ip_create(fip_obj) fip = FloatingIpKM.locate(fip_obj.uuid) except Exception as e: string_buf = StringIO() cgitb_hook(file=string_buf, format="text") err_msg = string_buf.getvalue() self._logger.error("%s - %s" %(self._name, err_msg)) return None return fip
def _create_sg(self, event, name, uuid=None): namespace = event['object']['metadata'].get('namespace') proj_fq_name = vnc_kube_config.cluster_project_fq_name(namespace) proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name, parent='domain') sg_display_name = VncCommon.make_display_name(namespace, name) sg_obj = SecurityGroup(name=name, parent_obj=proj_obj, display_name=sg_display_name) if uuid: sg_obj.uuid = uuid self._set_sg_annotations(sg_obj, None, event) try: self._vnc_lib.security_group_create(sg_obj) except Exception as e: self.logger.error("Failed to create SG %s" % uuid) return None sg = SecurityGroupKM.locate(sg_obj.uuid) return sg
def _get_floating_ip(self, name, proj_obj, vmi_obj=None): fip_refs = vmi_obj.get_floating_ip_back_refs() for ref in fip_refs or []: fip = FloatingIpKM.get(ref['uuid']) if fip: return fip else: break fip_pool = self._get_public_fip_pool() if fip_pool is None: return None fip_uuid = str(uuid.uuid4()) fip_name = VncCommon.make_name(name, fip_uuid) fip_obj = FloatingIp(fip_name, fip_pool) fip_obj.uuid = fip_uuid fip_obj.set_project(proj_obj) if vmi_obj: fip_obj.set_virtual_machine_interface(vmi_obj) self._vnc_lib.floating_ip_create(fip_obj) fip = FloatingIpKM.locate(fip_obj.uuid) return fip
def _is_service_exists(self, service_name, service_namespace): resource_type = "services" service_info = self._kube.get_resource(resource_type, service_name, service_namespace) if service_info and 'metadata' in service_info: uid = service_info['metadata'].get('uid') if not uid: return False, None else: return False, None name = VncCommon.make_name(service_name, uid) proj_fq_name = vnc_kube_config.cluster_project_fq_name(service_namespace) lb_fq_name = proj_fq_name + [name] try: lb_obj = self._vnc_lib.loadbalancer_read(fq_name=lb_fq_name) except NoIdError: return False, None if lb_obj is None: return False, None else: return True, lb_obj.uuid
def _create_virtual_interface(self, proj_obj, vn_obj, service_ns, service_name, vip_address=None, subnet_uuid=None): vmi_uuid = str(uuid.uuid4()) vmi_name = VncCommon.make_name(service_name, vmi_uuid) vmi_display_name = VncCommon.make_display_name(service_ns, service_name) #Check if VMI exists, if yes, delete it. vmi_obj = VirtualMachineInterface(name=vmi_name, parent_obj=proj_obj, display_name=vmi_display_name) try: vmi_id = self._vnc_lib.fq_name_to_id('virtual-machine-interface', vmi_obj.get_fq_name()) if vmi_id: self.logger.error("Duplicate LB Interface %s, delete it" % vmi_obj.get_fq_name()) vmi = VirtualMachineInterfaceKM.get(vmi_id) iip_ids = vmi.instance_ips for iip_id in list(iip_ids): iip_obj = self._vnc_lib.instance_ip_read(id=iip_id) fip_refs = iip_obj.get_floating_ips() for fip_ref in fip_refs or []: fip = self._vnc_lib.floating_ip_read( id=fip_ref['uuid']) fip.set_virtual_machine_interface_list([]) self._vnc_lib.floating_ip_update(fip) self._vnc_lib.floating_ip_delete(id=fip_ref['uuid']) self._vnc_lib.instance_ip_delete(id=iip_obj.uuid) self._vnc_lib.virtual_machine_interface_delete(id=vmi_id) except NoIdError: pass #Create LB VMI vmi_obj.name = vmi_name vmi_obj.uuid = vmi_uuid vmi_obj.set_virtual_network(vn_obj) vmi_obj.set_virtual_machine_interface_device_owner("K8S:LOADBALANCER") sg_name = "-".join( [vnc_kube_config.cluster_name(), service_ns, 'default']) sg_obj = SecurityGroup(sg_name, proj_obj) vmi_obj.add_security_group(sg_obj) sg_name = "-".join([vnc_kube_config.cluster_name(), service_ns, "sg"]) sg_obj = SecurityGroup(sg_name, proj_obj) vmi_obj.add_security_group(sg_obj) try: self.logger.debug("Create LB Interface %s " % vmi_obj.get_fq_name()) self._vnc_lib.virtual_machine_interface_create(vmi_obj) VirtualMachineInterfaceKM.locate(vmi_obj.uuid) except BadRequest as e: self.logger.warning("LB (%s) Interface create failed %s " % (service_name, str(e))) return None, None try: vmi_obj = self._vnc_lib.virtual_machine_interface_read( id=vmi_obj.uuid) except NoIdError: self.logger.warning("Read Service VMI failed for" " service (" + service_name + ")" + " with NoIdError for vmi(" + vmi_id + ")") return None, None #Create InstanceIP <--- LB VMI iip_uuid = str(uuid.uuid4()) iip_name = VncCommon.make_name(service_name, iip_uuid) iip_display_name = VncCommon.make_display_name(service_ns, service_name) iip_obj = InstanceIp(name=iip_name, display_name=iip_display_name) iip_obj.uuid = iip_uuid iip_obj.set_virtual_network(vn_obj) if subnet_uuid: iip_obj.set_subnet_uuid(subnet_uuid) iip_obj.set_virtual_machine_interface(vmi_obj) iip_obj.set_display_name(service_name) if vip_address: iip_obj.set_instance_ip_address(vip_address) try: self.logger.debug("Create LB VMI InstanceIp %s " % iip_obj.get_fq_name()) self._vnc_lib.instance_ip_create(iip_obj) except RefsExistError: self._vnc_lib.instance_ip_update(iip_obj) InstanceIpKM.locate(iip_obj.uuid) iip_obj = self._vnc_lib.instance_ip_read(id=iip_obj.uuid) vip_address = iip_obj.get_instance_ip_address() self.logger.debug("Created LB VMI InstanceIp %s with VIP %s" % (iip_obj.get_fq_name(), vip_address)) return vmi_obj, vip_address
def _create_virtual_interface(self, proj_obj, vn_obj, service_ns, service_name, vip_address=None, subnet_uuid=None): vmi_uuid = str(uuid.uuid4()) vmi_name = VncCommon.make_name(service_name, vmi_uuid) vmi_display_name = VncCommon.make_display_name(service_ns, service_name) #Check if VMI exists, if yes, delete it. vmi_obj = VirtualMachineInterface(name=vmi_name, parent_obj=proj_obj, display_name=vmi_display_name) try: vmi_id = self._vnc_lib.fq_name_to_id('virtual-machine-interface',vmi_obj.get_fq_name()) if vmi_id: self.logger.error("Duplicate LB Interface %s, delete it" % vmi_obj.get_fq_name()) vmi = VirtualMachineInterfaceKM.get(vmi_id) iip_ids = vmi.instance_ips for iip_id in list(iip_ids): iip_obj = self._vnc_lib.instance_ip_read(id=iip_id) fip_refs = iip_obj.get_floating_ips() for fip_ref in fip_refs or []: fip = self._vnc_lib.floating_ip_read(id=fip_ref['uuid']) fip.set_virtual_machine_interface_list([]) self._vnc_lib.floating_ip_update(fip) self._vnc_lib.floating_ip_delete(id=fip_ref['uuid']) self._vnc_lib.instance_ip_delete(id=iip_obj.uuid) self._vnc_lib.virtual_machine_interface_delete(id=vmi_id) except NoIdError: pass #Create LB VMI vmi_obj.name = vmi_name vmi_obj.uuid = vmi_uuid vmi_obj.set_virtual_network(vn_obj) vmi_obj.set_virtual_machine_interface_device_owner("K8S:LOADBALANCER") sg_name = "-".join([vnc_kube_config.cluster_name(), service_ns, 'default']) sg_obj = SecurityGroup(sg_name, proj_obj) vmi_obj.add_security_group(sg_obj) sg_name = "-".join([vnc_kube_config.cluster_name(), service_ns, "sg"]) sg_obj = SecurityGroup(sg_name, proj_obj) vmi_obj.add_security_group(sg_obj) try: self.logger.debug("Create LB Interface %s " % vmi_obj.get_fq_name()) self._vnc_lib.virtual_machine_interface_create(vmi_obj) VirtualMachineInterfaceKM.locate(vmi_obj.uuid) except BadRequest as e: self.logger.warning("LB (%s) Interface create failed %s " % (service_name, str(e))) return None, None try: vmi_obj = self._vnc_lib.virtual_machine_interface_read(id=vmi_obj.uuid) except NoIdError: self.logger.warning("Read Service VMI failed for" " service (" + service_name + ")" + " with NoIdError for vmi(" + vmi_id + ")") return None, None #Create InstanceIP <--- LB VMI iip_uuid = str(uuid.uuid4()) iip_name = VncCommon.make_name(service_name, iip_uuid) iip_display_name = VncCommon.make_display_name(service_ns, service_name) iip_obj = InstanceIp(name=iip_name, display_name=iip_display_name) iip_obj.uuid = iip_uuid iip_obj.set_virtual_network(vn_obj) if subnet_uuid: iip_obj.set_subnet_uuid(subnet_uuid) iip_obj.set_virtual_machine_interface(vmi_obj) iip_obj.set_display_name(service_name) if vip_address: iip_obj.set_instance_ip_address(vip_address) try: self.logger.debug("Create LB VMI InstanceIp %s " % iip_obj.get_fq_name()) self._vnc_lib.instance_ip_create(iip_obj) except RefsExistError: self._vnc_lib.instance_ip_update(iip_obj) InstanceIpKM.locate(iip_obj.uuid) iip_obj = self._vnc_lib.instance_ip_read(id=iip_obj.uuid) vip_address = iip_obj.get_instance_ip_address() self.logger.debug("Created LB VMI InstanceIp %s with VIP %s" % (iip_obj.get_fq_name(), vip_address)) return vmi_obj, vip_address