def update_l7rule(self, l7rule, service_object, bigips): LOG.debug("L7PolicyService:update_l7rule") # get l7policy for rule lbaas_service = LbaasServiceObject(service_object) l7policy = lbaas_service.get_l7policy(l7rule.get('policy_id', '')) if l7policy: # re-create policy with updated rule self.update_l7policy(l7policy, service_object, bigips)
def _assure_l7policies_created(self, service): if 'l7policies' not in service: return listener_policy_map = dict() bigips = self.driver.get_config_bigips() lbaas_service = LbaasServiceObject(service) l7policies = service['l7policies'] LOG.debug("L7 debug: processing policies: %s", l7policies) for l7policy in l7policies: LOG.debug("L7 debug: assuring policy: %s", l7policy) name = l7policy.get('name', None) if not self.esd.is_esd(name): listener_id = l7policy.get('listener_id', None) if not listener_id or listener_id in listener_policy_map: LOG.debug( "L7 debug: listener policies already added: %s", listener_id) continue listener_policy_map[listener_id] = \ self.l7service.build_policy(l7policy, lbaas_service) for listener_id, policy in listener_policy_map.items(): error = False if policy['f5_policy'].get('rules', list()): error = self.l7service.create_l7policy( policy['f5_policy'], bigips) for p in service['l7policies']: if self._is_not_pending_delete(p): if not error: self._set_status_as_active(p, force=True) else: self._set_status_as_error(p) loadbalancer = service.get('loadbalancer', {}) if not error: listener = lbaas_service.get_listener(listener_id) if listener: listener['f5_policy'] = policy['f5_policy'] else: loadbalancer['provisioning_status'] = \ constants_v2.F5_ERROR
def delete_l7policy(self, l7policy, service_object, bigips): LOG.debug("L7PolicyService:delete_l7policy") stack = [] event = 'DELETE_L7POLICY' lbaas_service = LbaasServiceObject(service_object) # only need name/partition for delete l7policy_adapter = L7PolicyServiceAdapter(self.conf) f5_l7policy = l7policy_adapter.translate_name(l7policy) stack.append(L7PolicyBuilder(event, f5_l7policy)) if l7policy['listener_id']: # remove L7 policy from virtual server listener = lbaas_service.get_listener(l7policy['listener_id']) listener_adapter = ListenerAdapter(self.conf) f5_vs = listener_adapter.translate( lbaas_service, listener, l7policy=l7policy) stack.append(VirtualServerBuilder(event, f5_vs)) self._process_stack(stack, bigips)
def create_l7policy(self, l7policy, service_object, bigips): LOG.debug("L7PolicyService: create_l7policy") stack = [] event = 'CREATE_L7POLICY' lbaas_service = LbaasServiceObject(service_object) if l7policy['listener_id']: # add L7 policy to virtual server listener = lbaas_service.get_listener(l7policy['listener_id']) listener_adapter = ListenerAdapter(self.conf) f5_vs = listener_adapter.translate( lbaas_service, listener, l7policy=l7policy) stack.append(VirtualServerBuilder(event, f5_vs)) # create L7 policy try: l7policy_adapter = L7PolicyServiceAdapter(self.conf) policies = self.build_policy(l7policy, lbaas_service) if policies['l7policies']: f5_l7policy = l7policy_adapter.translate(policies) stack.append(L7PolicyBuilder(event, f5_l7policy)) else: # empty policy -- delete wrapper policy on BIG-IPs self.delete_l7policy(l7policy, service_object, bigips) return except PolicyHasNoRules as exc: # For OpenStack, creating policies and rules are independent # commands, so this exception is valid. Delete policy because # it has no rules. LOG.debug(exc.message) self.delete_l7policy(l7policy, service_object, bigips) return except Exception: import traceback LOG.error(traceback.format_exc()) raise self._process_stack(stack, bigips)
def get_listener_policies(self, service): """Return a map of listener L7 policy ids to a list of L7 rules.""" lbaas_service = LbaasServiceObject(service) listener_policies = list() listener = service.get('listener', None) if not listener: return listener_policies listener_l7policy_ids = listener.get('l7_policies', list()) LOG.debug("L7 debug: listener policies: %s", listener_l7policy_ids) for policy in listener_l7policy_ids: if self.is_esd(policy.get('name')): continue listener_policy = lbaas_service.get_l7policy(policy['id']) LOG.debug("L7 debug: listener policy: %s", listener_policy) if not listener_policy: LOG.warning("Referenced L7 policy %s for listener %s not " "found in service.", policy['id'], listener['id']) continue listener_l7policy_rules = list() rules = listener_policy.get('rules', list()) for rule in rules: l7policy_rule = lbaas_service.get_l7rule(rule['id']) if not l7policy_rule: LOG.warning("Referenced L7 rule %s for policy %s not " "found in service.", rule['id'], policy['id']) continue if l7policy_rule['provisioning_status'] != "PENDING_DELETE": listener_l7policy_rules.append(l7policy_rule) listener_policy['l7policy_rules'] = listener_l7policy_rules listener_policies.append(listener_policy) return listener_policies
def _assure_l7policies_deleted(self, service): if 'l7policies' not in service: return listener_policy_map = dict() bigips = self.driver.get_config_bigips() lbaas_service = LbaasServiceObject(service) l7policies = service['l7policies'] for l7policy in l7policies: name = l7policy.get('name', None) if not self.esd.is_esd(name): listener_id = l7policy.get('listener_id', None) if not listener_id or listener_id in listener_policy_map: continue listener_policy_map[listener_id] = \ self.l7service.build_policy(l7policy, lbaas_service) # Clean wrapper policy this is the legacy name of a policy loadbalancer = service.get('loadbalancer', dict()) tenant_id = loadbalancer.get('tenant_id', "") try: wrapper_policy = { 'name': 'wrapper_policy', 'partition': self.service_adapter.get_folder_name(tenant_id) } self.l7service.delete_l7policy(wrapper_policy, bigips) except HTTPError as err: if err.response.status_code != 404: LOG.error("Failed to remove wrapper policy: %s", err.message) except Exception as err: LOG.error("Failed to remove wrapper policy: %s", err.message) for _, policy in listener_policy_map.items(): error = False if not policy['f5_policy'].get('rules', list()): error = self.l7service.delete_l7policy(policy['f5_policy'], bigips) for p in policy['l7policies']: if self._is_not_pending_delete(p): if not error: self._set_status_as_active(p, force=True) else: self._set_status_as_error(p) else: if error: self._set_status_as_error(p)
def service_object(): return LbaasServiceObject(service_def)