Esempio n. 1
0
def create_lport(cluster, lswitch_uuid, tenant_id, neutron_port_id,
                 display_name, device_id, admin_status_enabled,
                 mac_address=None, fixed_ips=None, port_security_enabled=None,
                 security_profiles=None, queue_id=None,
                 mac_learning_enabled=None, allowed_address_pairs=None):
    """Creates a logical port on the assigned logical switch."""
    display_name = utils.check_and_truncate(display_name)
    lport_obj = dict(
        admin_status_enabled=admin_status_enabled,
        display_name=display_name,
        tags=utils.get_tags(os_tid=tenant_id,
                            q_port_id=neutron_port_id,
                            vm_id=utils.device_id_to_vm_id(device_id))
    )

    _configure_extensions(lport_obj, mac_address, fixed_ips,
                          port_security_enabled, security_profiles,
                          queue_id, mac_learning_enabled,
                          allowed_address_pairs)

    path = nsxlib._build_uri_path(LSWITCHPORT_RESOURCE,
                                  parent_resource_id=lswitch_uuid)
    result = nsxlib.do_request(HTTP_POST, path, jsonutils.dumps(lport_obj),
                               cluster=cluster)

    LOG.debug("Created logical port %(result)s on logical switch %(uuid)s",
              {'result': result['uuid'], 'uuid': lswitch_uuid})
    return result
Esempio n. 2
0
def create_lqueue(cluster, queue_data):
    params = {
        'name': 'display_name',
        'qos_marking': 'qos_marking',
        'min': 'min_bandwidth_rate',
        'max': 'max_bandwidth_rate',
        'dscp': 'dscp'
    }
    queue_obj = dict(
        (nsx_name, queue_data.get(api_name))
        for api_name, nsx_name in params.iteritems()
        if attr.is_attr_set(queue_data.get(api_name))
    )
    if 'display_name' in queue_obj:
        queue_obj['display_name'] = utils.check_and_truncate(
            queue_obj['display_name'])

    queue_obj['tags'] = utils.get_tags()
    try:
        return nsxlib.do_request(HTTP_POST,
                                 nsxlib._build_uri_path(LQUEUE_RESOURCE),
                                 jsonutils.dumps(queue_obj),
                                 cluster=cluster)['uuid']
    except api_exc.NsxApiException:
        # FIXME(salv-orlando): This should not raise NeutronException
        with excutils.save_and_reraise_exception():
            raise exception.NeutronException()
Esempio n. 3
0
def create_l2_gw_service(cluster, tenant_id, display_name, devices):
    """Create a NSX Layer-2 Network Gateway Service.

        :param cluster: The target NSX cluster
        :param tenant_id: Identifier of the Openstack tenant for which
        the gateway service.
        :param display_name: Descriptive name of this gateway service
        :param devices: List of transport node uuids (and network
        interfaces on them) to use for the network gateway service
        :raise NsxApiException: if there is a problem while communicating
        with the NSX controller
    """
    # NOTE(salvatore-orlando): This is a little confusing, but device_id in
    # NSX is actually the identifier a physical interface on the gateway
    # device, which in the Neutron API is referred as interface_name
    gateways = [{"transport_node_uuid": device['id'],
                 "device_id": device['interface_name'],
                 "type": "L2Gateway"} for device in devices]
    gwservice_obj = {
        "display_name": utils.check_and_truncate(display_name),
        "tags": utils.get_tags(os_tid=tenant_id),
        "gateways": gateways,
        "type": "L2GatewayServiceConfig"
    }
    return nsxlib.do_request(
        HTTP_POST, nsxlib._build_uri_path(GWSERVICE_RESOURCE),
        jsonutils.dumps(gwservice_obj), cluster=cluster)
Esempio n. 4
0
def update_port(cluster, lswitch_uuid, lport_uuid, neutron_port_id, tenant_id,
                display_name, device_id, admin_status_enabled,
                mac_address=None, fixed_ips=None, port_security_enabled=None,
                security_profiles=None, queue_id=None,
                mac_learning_enabled=None, allowed_address_pairs=None):
    lport_obj = dict(
        admin_status_enabled=admin_status_enabled,
        display_name=utils.check_and_truncate(display_name),
        tags=utils.get_tags(os_tid=tenant_id,
                            q_port_id=neutron_port_id,
                            vm_id=utils.device_id_to_vm_id(device_id)))

    _configure_extensions(lport_obj, mac_address, fixed_ips,
                          port_security_enabled, security_profiles,
                          queue_id, mac_learning_enabled,
                          allowed_address_pairs)

    path = "/ws.v1/lswitch/" + lswitch_uuid + "/lport/" + lport_uuid
    try:
        result = nsxlib.do_request(HTTP_PUT, path, jsonutils.dumps(lport_obj),
                                   cluster=cluster)
        LOG.debug("Updated logical port %(result)s "
                  "on logical switch %(uuid)s",
                  {'result': result['uuid'], 'uuid': lswitch_uuid})
        return result
    except exception.NotFound as e:
        LOG.error(_LE("Port or Network not found, Error: %s"), str(e))
        raise exception.PortNotFoundOnNetwork(
            port_id=lport_uuid, net_id=lswitch_uuid)
Esempio n. 5
0
def _build_gateway_device_body(tenant_id, display_name, neutron_id,
                               connector_type, connector_ip,
                               client_certificate, tz_uuid):

    connector_type_mappings = {
        utils.NetworkTypes.STT: "STTConnector",
        utils.NetworkTypes.GRE: "GREConnector",
        utils.NetworkTypes.BRIDGE: "BridgeConnector",
        'ipsec%s' % utils.NetworkTypes.STT: "IPsecSTT",
        'ipsec%s' % utils.NetworkTypes.GRE: "IPsecGRE"}
    nsx_connector_type = connector_type_mappings.get(connector_type)
    body = {"display_name": utils.check_and_truncate(display_name),
            "tags": utils.get_tags(os_tid=tenant_id,
                                   q_gw_dev_id=neutron_id),
            "admin_status_enabled": True}

    if connector_ip and nsx_connector_type:
        body["transport_connectors"] = [
            {"transport_zone_uuid": tz_uuid,
             "ip_address": connector_ip,
             "type": nsx_connector_type}]

    if client_certificate:
        body["credential"] = {"client_certificate":
                              {"pem_encoded": client_certificate},
                              "type": "SecurityCertificateCredential"}
    return body
Esempio n. 6
0
def update_l2_gw_service(cluster, gateway_id, display_name):
    # TODO(salvatore-orlando): Allow updates for gateways too
    gwservice_obj = get_l2_gw_service(cluster, gateway_id)
    if not display_name:
        # Nothing to update
        return gwservice_obj
    gwservice_obj["display_name"] = utils.check_and_truncate(display_name)
    return nsxlib.do_request(HTTP_PUT,
                             nsxlib._build_uri_path(GWSERVICE_RESOURCE,
                                                    resource_id=gateway_id),
                             jsonutils.dumps(gwservice_obj), cluster=cluster)
Esempio n. 7
0
    def create_lswitch(self, name, tz_config, tags=None,
                       port_isolation=False, replication_mode="service"):
        lsconfig = {
            'display_name': utils.check_and_truncate(name),
            "tags": tags or [],
            "type": "LogicalSwitchConfig",
            "_schema": "/ws.v1/schema/LogicalSwitchConfig",
            "transport_zones": tz_config
        }
        if port_isolation is bool:
            lsconfig["port_isolation_enabled"] = port_isolation
        if replication_mode:
            lsconfig["replication_mode"] = replication_mode

        response = self.vcns.create_lswitch(lsconfig)[1]
        return response
Esempio n. 8
0
def update_lswitch(cluster, lswitch_id, display_name, tenant_id=None, **kwargs):
    uri = nsxlib._build_uri_path(LSWITCH_RESOURCE, resource_id=lswitch_id)
    lswitch_obj = {"display_name": utils.check_and_truncate(display_name)}
    # NOTE: tag update will not 'merge' existing tags with new ones.
    tags = []
    if tenant_id:
        tags = utils.get_tags(os_tid=tenant_id)
    # The 'tags' kwarg might existing and be None
    tags.extend(kwargs.get("tags") or [])
    if tags:
        lswitch_obj["tags"] = tags
    try:
        return nsxlib.do_request(HTTP_PUT, uri, jsonutils.dumps(lswitch_obj), cluster=cluster)
    except exception.NotFound as e:
        LOG.error(_LE("Network not found, Error: %s"), str(e))
        raise exception.NetworkNotFound(net_id=lswitch_id)
Esempio n. 9
0
def create_security_profile(cluster, tenant_id, neutron_id, security_profile):
    """Create a security profile on the NSX backend.

    :param cluster: a NSX cluster object reference
    :param tenant_id: identifier of the Neutron tenant
    :param neutron_id: neutron security group identifier
    :param security_profile: dictionary with data for
    configuring the NSX security profile.
    """
    path = "/ws.v1/security-profile"
    # Allow all dhcp responses and all ingress traffic
    hidden_rules = {'logical_port_egress_rules':
                    [{'ethertype': 'IPv4',
                      'protocol': constants.PROTO_NUM_UDP,
                      'port_range_min': constants.DHCP_RESPONSE_PORT,
                      'port_range_max': constants.DHCP_RESPONSE_PORT,
                      'ip_prefix': '0.0.0.0/0'}],
                    'logical_port_ingress_rules':
                    [{'ethertype': 'IPv4'},
                     {'ethertype': 'IPv6'}]}
    display_name = utils.check_and_truncate(security_profile.get('name'))
    # NOTE(salv-orlando): neutron-id tags are prepended with 'q' for
    # historical reasons
    body = mk_body(
        tags=utils.get_tags(os_tid=tenant_id, q_sec_group_id=neutron_id),
        display_name=display_name,
        logical_port_ingress_rules=(
            hidden_rules['logical_port_ingress_rules']),
        logical_port_egress_rules=hidden_rules['logical_port_egress_rules']
    )
    rsp = nsxlib.do_request(HTTP_POST, path, body, cluster=cluster)
    if security_profile.get('name') == 'default':
        # If security group is default allow ip traffic between
        # members of the same security profile is allowed and ingress traffic
        # from the switch
        rules = {'logical_port_egress_rules': [{'ethertype': 'IPv4',
                                                'profile_uuid': rsp['uuid']},
                                               {'ethertype': 'IPv6',
                                                'profile_uuid': rsp['uuid']}],
                 'logical_port_ingress_rules': [{'ethertype': 'IPv4'},
                                                {'ethertype': 'IPv6'}]}

        update_security_group_rules(cluster, rsp['uuid'], rules)
    LOG.debug("Created Security Profile: %s", rsp)
    return rsp
Esempio n. 10
0
def _prepare_lrouter_body(name, neutron_router_id, tenant_id,
                          router_type, distributed=None, **kwargs):
    body = {
        "display_name": utils.check_and_truncate(name),
        "tags": utils.get_tags(os_tid=tenant_id,
                               q_router_id=neutron_router_id),
        "routing_config": {
            "type": router_type
        },
        "type": "LogicalRouterConfig",
        "replication_mode": cfg.CONF.NSX.replication_mode,
    }
    # add the distributed key only if not None (ie: True or False)
    if distributed is not None:
        body['distributed'] = distributed
    if kwargs:
        body["routing_config"].update(kwargs)
    return body
Esempio n. 11
0
def update_implicit_routing_lrouter(cluster, r_id, display_name, nexthop):
    lrouter_obj = get_lrouter(cluster, r_id)
    if not display_name and not nexthop:
        # Nothing to update
        return lrouter_obj
    # It seems that this is faster than the doing an if on display_name
    lrouter_obj["display_name"] = (utils.check_and_truncate(display_name) or
                                   lrouter_obj["display_name"])
    if nexthop:
        nh_element = lrouter_obj["routing_config"].get(
            "default_route_next_hop")
        if nh_element:
            nh_element["gateway_ip_address"] = nexthop
    return nsxlib.do_request(HTTP_PUT,
                             nsxlib._build_uri_path(LROUTER_RESOURCE,
                                                    resource_id=r_id),
                             jsonutils.dumps(lrouter_obj),
                             cluster=cluster)
Esempio n. 12
0
def create_lswitch(cluster, neutron_net_id, tenant_id, display_name, transport_zones_config, shared=None, **kwargs):
    # The tag scope adopts a slightly different naming convention for
    # historical reasons
    lswitch_obj = {
        "display_name": utils.check_and_truncate(display_name),
        "transport_zones": transport_zones_config,
        "replication_mode": cfg.CONF.NSX.replication_mode,
        "tags": utils.get_tags(os_tid=tenant_id, quantum_net_id=neutron_net_id),
    }
    # TODO(salv-orlando): Now that we have async status synchronization
    # this tag is perhaps not needed anymore
    if shared:
        lswitch_obj["tags"].append({"tag": "true", "scope": "shared"})
    if "tags" in kwargs:
        lswitch_obj["tags"].extend(kwargs["tags"])
    uri = nsxlib._build_uri_path(LSWITCH_RESOURCE)
    lswitch = nsxlib.do_request(HTTP_POST, uri, jsonutils.dumps(lswitch_obj), cluster=cluster)
    LOG.debug("Created logical switch: %s", lswitch["uuid"])
    return lswitch
Esempio n. 13
0
def update_security_profile(cluster, spid, name):
    return nsxlib.do_request(
        HTTP_PUT,
        nsxlib._build_uri_path(SECPROF_RESOURCE, resource_id=spid),
        jsonutils.dumps({"display_name": utils.check_and_truncate(name)}),
        cluster=cluster)
Esempio n. 14
0
 def test_check_and_truncate_name_long_name(self):
     name = 'this_is_a_port_whose_name_is_longer_than_40_chars'
     result = utils.check_and_truncate(name)
     self.assertEqual(len(result), utils.MAX_DISPLAY_NAME_LEN)
Esempio n. 15
0
 def test_check_and_truncate_name_with_short_name(self):
     name = 'foo_port_name'
     result = utils.check_and_truncate(name)
     self.assertEqual(name, result)
Esempio n. 16
0
 def test_check_and_truncate_name_with_none(self):
     name = None
     result = utils.check_and_truncate(name)
     self.assertEqual('', result)