def sync_conf_to_db(self, param):
cls = getattr(fortinet_db, const.FORTINET_PARAMS[param]['cls'])
conf_list = self.get_range(param)
session = db_api.get_session()
records = fortinet_db.query_records(session, cls)
for record in records:
kwargs = {}
for key in const.FORTINET_PARAMS[param]['keys']:
_element = const.FORTINET_PARAMS[param]['type'](record[key])
if _element not in conf_list and not record.allocated:
kwargs.setdefault(key, record[key])
fortinet_db.delete_record(session, cls, **kwargs)
try:
for i in range(0, len(conf_list),
len(const.FORTINET_PARAMS[param]['keys'])):
kwargs = {}
for key in const.FORTINET_PARAMS[param]['keys']:
kwargs.setdefault(key, str(conf_list[i]))
i += 1
cls.init_records(session, **kwargs)
except IndexError:
LOG.error(_LE("The number of the configure range is not even,"
"the last one of %(param)s can not be used"),
{'param': param})
raise IndexError
def run(self):
while True:
try:
if self._stopped:
# Gracefully terminate this thread if the _stopped
# attribute was set to true
LOG.info(_LI("Stopping TaskManager"))
break
# get a task from queue, or timeout for periodic status check
task = self._get_task()
try:
#if constants.TaskStatus.ROLLBACK == task.status:
self._main_thread_exec_task = task
self._execute(task)
finally:
self._main_thread_exec_task = None
if task.status in [
constants.TaskStatus.NONE,
constants.TaskStatus.ERROR,
constants.TaskStatus.COMPLETED
]:
# The thread is killed during _execute(). To guarantee
# the task been aborted correctly, put it to the queue.
#self._enqueue(task)
self._dequeue(task)
else:
self._enqueue(task)
except Exception:
LOG.exception(
_LE("TaskManager terminating because "
"of an exception"))
break
def _loopingcall_callback():
self._monitor_busy = True
try:
self._check_pending_tasks()
except Exception as e:
resources.Exinfo(e)
LOG.exception(_LE("Exception in _check_pending_tasks"))
self._monitor_busy = False
def __init__(self, exception):
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
LOG.error(
_LE("An exception of type %(exception)s occured with "
"arguments %(args)s, line %(line)s, in %(file)s"), {
'exception': type(exception).__name__,
'args': exception.args,
'line': exc_tb.tb_lineno,
'file': fname
})
def update_firewall_rule(self, context, id, firewall_rule):
LOG.debug(
"update_firewall_rule() id: %(id)s, "
"firewall_rule: %(firewall_rule)s", {
'id': id,
'firewall_rule': firewall_rule
})
try:
fwr = self._update_firewall_rule_dict(context, id, firewall_rule)
self._update_firewall_rule(context, id, fwr)
self._ensure_update_firewall_rule(context, id)
fwr = super(FortinetFirewallPlugin,
self).update_firewall_rule(context, id, firewall_rule)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
return fwr
except Exception as e:
with excutils.save_and_reraise_exception():
LOG.error(_LE("update_firewall_rule %(fwr)s failed"),
{'fwr': firewall_rule})
utils._rollback_on_err(self, context, e)
def delete_router(self, context, id):
LOG.debug("delete_router: router id=%s", id)
try:
if self.enable_fwaas:
fw_plugin = directory.get_plugin(service_consts.FIREWALL)
fw_plugin.update_firewall_for_delete_router(context, id)
with context.session.begin(subtransactions=True):
router = fortinet_db.query_record(context, l3_db.Router, id=id)
# TODO(jerryz): move this out of transaction.
setattr(context, 'GUARD_TRANSACTION', False)
super(FortinetL3ServicePlugin, self).delete_router(context, id)
if getattr(router, 'tenant_id', None):
utils.delete_vlink(self, context, router.tenant_id)
utils.delete_vdom(self,
context,
tenant_id=router.tenant_id)
except Exception as e:
with excutils.save_and_reraise_exception():
LOG.error(_LE("Failed to delete_router routerid=%(id)s"),
{"id": id})
resources.Exinfo(e)
def create_router(self, context, router):
LOG.debug("create_router: router=%s", router)
# Limit one router per tenant
if not router.get('router', None):
return
tenant_id = router['router']['tenant_id']
if fortinet_db.query_count(context, l3_db.Router, tenant_id=tenant_id):
raise Exception(
_("FortinetL3ServicePlugin:create_router "
"Only support one router per tenant"))
with context.session.begin(subtransactions=True):
try:
namespace = utils.add_vdom(self, context, tenant_id=tenant_id)
utils.add_vlink(self, context, namespace.vdom)
except Exception as e:
with excutils.save_and_reraise_exception():
LOG.error(_LE("Failed to create_router router=%(router)s"),
{"router": router})
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
return super(FortinetL3ServicePlugin, self).\
create_router(context, router)
def remove_router_interface(self, context, router_id, interface_info):
"""Deletes vlink, default router from Fortinet device."""
LOG.debug(
"FortinetL3ServicePlugin.remove_router_interface called: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r", {
'router_id': router_id,
'interface_info': interface_info
})
with context.session.begin(subtransactions=True):
# TODO(jerryz): move this out of transaction.
setattr(context, 'GUARD_TRANSACTION', False)
info = (super(FortinetL3ServicePlugin,
self).remove_router_interface(
context, router_id, interface_info))
try:
subnet = self._core_plugin._get_subnet(context,
info['subnet_id'])
tenant_id = subnet['tenant_id']
network_id = subnet['network_id']
vlan_inf = utils.get_intf(context, network_id)
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
utils.delete_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf)
except Exception:
with excutils.save_and_reraise_exception():
LOG.error(
_LE("Fail remove of interface from Fortigate "
"router interface. info=%(info)s, "
"router_id=%(router_id)s"), {
"info": info,
"router_id": router_id
})
return info
def _apply_firewall(self, context, **fw_with_rules):
tenant_id = fw_with_rules['tenant_id']
default_fwr = self._make_default_firewall_rule_dict(tenant_id)
try:
if fw_with_rules.get('del-router-ids', None):
for fwr in list(fw_with_rules.get('firewall_rule_list', None)):
self._delete_firewall_rule(context, tenant_id, **fwr)
if default_fwr:
self._delete_firewall_rule(context, tenant_id,
**default_fwr)
self.update_firewall_status(context, fw_with_rules['id'],
const.INACTIVE)
if fw_with_rules.get('add-router-ids', None):
vdom = getattr(
fortinet_db.Fortinet_ML2_Namespace.query_one(
context, tenant_id=tenant_id), 'vdom', None)
if not vdom:
raise fw_ext.FirewallInternalDriverError(
driver='Fortinet_fwaas_plugin')
if default_fwr:
self._add_firewall_rule(context, tenant_id, **default_fwr)
for fwr in reversed(
list(fw_with_rules.get('firewall_rule_list', None))):
self._add_firewall_rule(context, tenant_id, **fwr)
self.update_firewall_status(context, fw_with_rules['id'],
const.ACTIVE)
else:
self.update_firewall_status(context, fw_with_rules['id'],
const.INACTIVE)
except Exception as e:
with excutils.save_and_reraise_exception():
LOG.error(_LE("apply_firewall %(fws)s failed"),
{'fws': fw_with_rules})
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def add_router_interface(self, context, router_id, interface_info):
"""creates vlnk on the fortinet device."""
LOG.debug(
"FortinetL3ServicePlugin.add_router_interface: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r", {
'router_id': router_id,
'interface_info': interface_info
})
with context.session.begin(subtransactions=True):
info = super(FortinetL3ServicePlugin,
self).add_router_interface(context, router_id,
interface_info)
port = db.get_port(context, info['port_id'])
port['admin_state_up'] = True
port['port'] = port
LOG.debug(
"FortinetL3ServicePlugin: "
"context=%(context)s"
"port=%(port)s "
"info=%(info)r", {
'context': context,
'port': port,
'info': info
})
interface_info = info
subnet = self._core_plugin._get_subnet(context,
interface_info['subnet_id'])
network_id = subnet['network_id']
tenant_id = port['tenant_id']
port_filters = {
'network_id': [network_id],
'device_owner': [DEVICE_OWNER_ROUTER_INTF]
}
port_count = self._core_plugin.get_ports_count(
context, port_filters)
# port count is checked against 2 since the current port is already
# added to db
if port_count == 2:
# This subnet is already part of some router
LOG.error(
_LE("FortinetL3ServicePlugin: adding redundant "
"router interface is not supported"))
raise Exception(
_("FortinetL3ServicePlugin:adding redundant "
"router interface is not supported"))
try:
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
vlan_inf = utils.get_intf(context, network_id)
int_intf, ext_intf = utils.get_vlink_intf(
self, context, vdom=db_namespace.vdom)
utils.add_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
dstintf=int_intf,
nat='enable')
except Exception as e:
LOG.error(
_LE("Failed to create Fortinet resources to add "
"router interface. info=%(info)s, "
"router_id=%(router_id)s"), {
"info": info,
"router_id": router_id
})
utils._rollback_on_err(self, context, e)
with excutils.save_and_reraise_exception():
self.remove_router_interface(context, router_id,
interface_info)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
return info