def sync_conf_to_db(self, param): cls = getattr(fortinet_db, const.FORTINET_PARAMS[param]['cls']) conf_list = self.get_range(param) session = db_api.get_session() records = fortinet_db.query_records(session, cls) for record in records: kwargs = {} for key in const.FORTINET_PARAMS[param]['keys']: _element = const.FORTINET_PARAMS[param]['type'](record[key]) if _element not in conf_list and not record.allocated: kwargs.setdefault(key, record[key]) fortinet_db.delete_record(session, cls, **kwargs) try: for i in range(0, len(conf_list), len(const.FORTINET_PARAMS[param]['keys'])): kwargs = {} for key in const.FORTINET_PARAMS[param]['keys']: kwargs.setdefault(key, str(conf_list[i])) i += 1 cls.init_records(session, **kwargs) except IndexError: LOG.error(_LE("The number of the configure range is not even," "the last one of %(param)s can not be used"), {'param': param}) raise IndexError
def run(self): while True: try: if self._stopped: # Gracefully terminate this thread if the _stopped # attribute was set to true LOG.info(_LI("Stopping TaskManager")) break # get a task from queue, or timeout for periodic status check task = self._get_task() try: #if constants.TaskStatus.ROLLBACK == task.status: self._main_thread_exec_task = task self._execute(task) finally: self._main_thread_exec_task = None if task.status in [ constants.TaskStatus.NONE, constants.TaskStatus.ERROR, constants.TaskStatus.COMPLETED ]: # The thread is killed during _execute(). To guarantee # the task been aborted correctly, put it to the queue. #self._enqueue(task) self._dequeue(task) else: self._enqueue(task) except Exception: LOG.exception( _LE("TaskManager terminating because " "of an exception")) break
def _loopingcall_callback(): self._monitor_busy = True try: self._check_pending_tasks() except Exception as e: resources.Exinfo(e) LOG.exception(_LE("Exception in _check_pending_tasks")) self._monitor_busy = False
def __init__(self, exception): exc_type, exc_obj, exc_tb = sys.exc_info() fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1] LOG.error( _LE("An exception of type %(exception)s occured with " "arguments %(args)s, line %(line)s, in %(file)s"), { 'exception': type(exception).__name__, 'args': exception.args, 'line': exc_tb.tb_lineno, 'file': fname })
def update_firewall_rule(self, context, id, firewall_rule): LOG.debug( "update_firewall_rule() id: %(id)s, " "firewall_rule: %(firewall_rule)s", { 'id': id, 'firewall_rule': firewall_rule }) try: fwr = self._update_firewall_rule_dict(context, id, firewall_rule) self._update_firewall_rule(context, id, fwr) self._ensure_update_firewall_rule(context, id) fwr = super(FortinetFirewallPlugin, self).update_firewall_rule(context, id, firewall_rule) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED) return fwr except Exception as e: with excutils.save_and_reraise_exception(): LOG.error(_LE("update_firewall_rule %(fwr)s failed"), {'fwr': firewall_rule}) utils._rollback_on_err(self, context, e)
def delete_router(self, context, id): LOG.debug("delete_router: router id=%s", id) try: if self.enable_fwaas: fw_plugin = directory.get_plugin(service_consts.FIREWALL) fw_plugin.update_firewall_for_delete_router(context, id) with context.session.begin(subtransactions=True): router = fortinet_db.query_record(context, l3_db.Router, id=id) # TODO(jerryz): move this out of transaction. setattr(context, 'GUARD_TRANSACTION', False) super(FortinetL3ServicePlugin, self).delete_router(context, id) if getattr(router, 'tenant_id', None): utils.delete_vlink(self, context, router.tenant_id) utils.delete_vdom(self, context, tenant_id=router.tenant_id) except Exception as e: with excutils.save_and_reraise_exception(): LOG.error(_LE("Failed to delete_router routerid=%(id)s"), {"id": id}) resources.Exinfo(e)
def create_router(self, context, router): LOG.debug("create_router: router=%s", router) # Limit one router per tenant if not router.get('router', None): return tenant_id = router['router']['tenant_id'] if fortinet_db.query_count(context, l3_db.Router, tenant_id=tenant_id): raise Exception( _("FortinetL3ServicePlugin:create_router " "Only support one router per tenant")) with context.session.begin(subtransactions=True): try: namespace = utils.add_vdom(self, context, tenant_id=tenant_id) utils.add_vlink(self, context, namespace.vdom) except Exception as e: with excutils.save_and_reraise_exception(): LOG.error(_LE("Failed to create_router router=%(router)s"), {"router": router}) utils._rollback_on_err(self, context, e) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED) return super(FortinetL3ServicePlugin, self).\ create_router(context, router)
def remove_router_interface(self, context, router_id, interface_info): """Deletes vlink, default router from Fortinet device.""" LOG.debug( "FortinetL3ServicePlugin.remove_router_interface called: " "router_id=%(router_id)s " "interface_info=%(interface_info)r", { 'router_id': router_id, 'interface_info': interface_info }) with context.session.begin(subtransactions=True): # TODO(jerryz): move this out of transaction. setattr(context, 'GUARD_TRANSACTION', False) info = (super(FortinetL3ServicePlugin, self).remove_router_interface( context, router_id, interface_info)) try: subnet = self._core_plugin._get_subnet(context, info['subnet_id']) tenant_id = subnet['tenant_id'] network_id = subnet['network_id'] vlan_inf = utils.get_intf(context, network_id) db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf) except Exception: with excutils.save_and_reraise_exception(): LOG.error( _LE("Fail remove of interface from Fortigate " "router interface. info=%(info)s, " "router_id=%(router_id)s"), { "info": info, "router_id": router_id }) return info
def _apply_firewall(self, context, **fw_with_rules): tenant_id = fw_with_rules['tenant_id'] default_fwr = self._make_default_firewall_rule_dict(tenant_id) try: if fw_with_rules.get('del-router-ids', None): for fwr in list(fw_with_rules.get('firewall_rule_list', None)): self._delete_firewall_rule(context, tenant_id, **fwr) if default_fwr: self._delete_firewall_rule(context, tenant_id, **default_fwr) self.update_firewall_status(context, fw_with_rules['id'], const.INACTIVE) if fw_with_rules.get('add-router-ids', None): vdom = getattr( fortinet_db.Fortinet_ML2_Namespace.query_one( context, tenant_id=tenant_id), 'vdom', None) if not vdom: raise fw_ext.FirewallInternalDriverError( driver='Fortinet_fwaas_plugin') if default_fwr: self._add_firewall_rule(context, tenant_id, **default_fwr) for fwr in reversed( list(fw_with_rules.get('firewall_rule_list', None))): self._add_firewall_rule(context, tenant_id, **fwr) self.update_firewall_status(context, fw_with_rules['id'], const.ACTIVE) else: self.update_firewall_status(context, fw_with_rules['id'], const.INACTIVE) except Exception as e: with excutils.save_and_reraise_exception(): LOG.error(_LE("apply_firewall %(fws)s failed"), {'fws': fw_with_rules}) utils._rollback_on_err(self, context, e) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def add_router_interface(self, context, router_id, interface_info): """creates vlnk on the fortinet device.""" LOG.debug( "FortinetL3ServicePlugin.add_router_interface: " "router_id=%(router_id)s " "interface_info=%(interface_info)r", { 'router_id': router_id, 'interface_info': interface_info }) with context.session.begin(subtransactions=True): info = super(FortinetL3ServicePlugin, self).add_router_interface(context, router_id, interface_info) port = db.get_port(context, info['port_id']) port['admin_state_up'] = True port['port'] = port LOG.debug( "FortinetL3ServicePlugin: " "context=%(context)s" "port=%(port)s " "info=%(info)r", { 'context': context, 'port': port, 'info': info }) interface_info = info subnet = self._core_plugin._get_subnet(context, interface_info['subnet_id']) network_id = subnet['network_id'] tenant_id = port['tenant_id'] port_filters = { 'network_id': [network_id], 'device_owner': [DEVICE_OWNER_ROUTER_INTF] } port_count = self._core_plugin.get_ports_count( context, port_filters) # port count is checked against 2 since the current port is already # added to db if port_count == 2: # This subnet is already part of some router LOG.error( _LE("FortinetL3ServicePlugin: adding redundant " "router interface is not supported")) raise Exception( _("FortinetL3ServicePlugin:adding redundant " "router interface is not supported")) try: db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) vlan_inf = utils.get_intf(context, network_id) int_intf, ext_intf = utils.get_vlink_intf( self, context, vdom=db_namespace.vdom) utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, dstintf=int_intf, nat='enable') except Exception as e: LOG.error( _LE("Failed to create Fortinet resources to add " "router interface. info=%(info)s, " "router_id=%(router_id)s"), { "info": info, "router_id": router_id }) utils._rollback_on_err(self, context, e) with excutils.save_and_reraise_exception(): self.remove_router_interface(context, router_id, interface_info) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED) return info