def _validate_vip_to_apply(vip_request, update=False, user=None): vip = get_vip_request_by_id(vip_request.get('id')) # validate vip with same ipv4 ou ipv6 vip_with_ip = get_vip_request_by_ip(vip.ipv4, vip.ipv6, vip.environmentvip) vip_with_ip = vip_with_ip.exclude(id=vip.id).exclude( created=False).distinct() if vip_with_ip.count() > 0: raise exceptions.AlreadyVipRequestException() if update and not vip.created: raise exceptions.VipRequestNotCreated(vip.id) if not update and vip.created: raise exceptions.VipRequestAlreadyCreated(vip.id) equips = facade_eqpt.get_eqpt_by_envvip(vip_request['environmentvip']) conf = EnvironmentVip.objects.get(id=vip_request['environmentvip']).conf if facade_eqpt.all_equipments_are_in_maintenance(equips): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException() if user: if not facade_eqpt.all_equipments_can_update_config(equips, user): raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException( 'User does not have permission to update conf in eqpt. \ Verify the permissions of user group with equipment group. Vip:{}' .format(vip_request['id'])) cluster_unit = vip.ipv4.networkipv4.cluster_unit if vip.ipv4 else vip.ipv6.networkipv6.cluster_unit return equips, conf, cluster_unit
def _validate_pool_to_apply(pool, update=False, user=None): server_pool = ServerPool.objects.get(id=pool['id']) if not server_pool: raise exceptions.PoolNotExist() if update and not server_pool.pool_created: raise exceptions.PoolNotCreated(server_pool.id) equips = Equipamento.objects.filter( maintenance=0, equipamentoambiente__ambiente__id=server_pool.environment.id, tipo_equipamento__tipo_equipamento=u'Balanceador').distinct() if facade_eqpt.all_equipments_are_in_maintenance(equips): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException() if user: if not facade_eqpt.all_equipments_can_update_config(equips, user): raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException( 'User does not have permission to update conf in eqpt. ' 'Verify the permissions of user group with equipment ' 'group. Pool:{}'.format(pool['id'])) return equips
def deploy_networkipv4(network_id, user): """Loads template for creating Network IPv4 equipment configuration, creates file and apply config. :param network_id: NetworkIPv4 Id Returns: List with status of equipments output """ try: netv4_obj = get_networkipv4_by_id(network_id) routers = netv4_obj.vlan.ambiente.routers if not routers: raise exceptions.NoEnvironmentRoutersFoundException() if facade_eqpt.all_equipments_are_in_maintenance(routers): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException() if user: if not facade_eqpt.all_equipments_can_update_config(routers, user): raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException( 'User does not have permission to update conf in eqpt. ' 'Verify the permissions of user group with equipment group' '.Network:{}'.format(netv4_obj.id)) except ObjectDoesNotExistException, e: raise ObjectDoesNotExistException(e.detail)
def deploy_networkipv4(network_id, user): """Loads template for creating Network IPv4 equipment configuration, creates file and apply config. :param network_id: NetworkIPv4 Id Returns: List with status of equipments output """ try: netv4_obj = get_networkipv4_by_id(network_id) routers = netv4_obj.vlan.ambiente.routers if not routers: raise exceptions.NoEnvironmentRoutersFoundException() if facade_eqpt.all_equipments_are_in_maintenance(routers): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException() if user: if not facade_eqpt.all_equipments_can_update_config(routers, user): raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException( 'User does not have permission to update conf in eqpt. ' 'Verify the permissions of user group with equipment group' '.Network:{}'.format(netv4_obj.id)) except ObjectDoesNotExistException, e: raise ObjectDoesNotExistException(e.detail)
def _validate_pool_to_apply(pool, update=False, user=None): server_pool = ServerPool.objects.get(id=pool['id']) if not server_pool: raise exceptions.PoolNotExist() if update and not server_pool.pool_created: raise exceptions.PoolNotCreated(server_pool.id) equips = Equipamento.objects.filter( maintenance=0, equipamentoambiente__ambiente__id=server_pool.environment.id, tipo_equipamento__tipo_equipamento=u'Balanceador').distinct() if facade_eqpt.all_equipments_are_in_maintenance(equips): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException() if user: if not facade_eqpt.all_equipments_can_update_config(equips, user): raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException( 'User does not have permission to update conf in eqpt. ' 'Verify the permissions of user group with equipment ' 'group. Pool:{}'.format(pool['id'])) return equips
def get_controller_by_envid(env_id): """ Get all controllers from a given environment """ q_filter_environment = { 'equipmentcontrollerenvironment__environment': env_id, 'maintenance': 0 } equips = Equipamento.objects.filter(Q(**q_filter_environment)) if facade_eqpt.all_equipments_are_in_maintenance(equips): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException() return equips
def get_controller_by_envid(env_id): """ Get all controllers from a given environment """ q_filter_environment = { 'equipmentcontrollerenvironment__environment': env_id, 'maintenance': 0 } equips = Equipamento.objects.filter(Q(**q_filter_environment)) if facade_eqpt.all_equipments_are_in_maintenance(equips): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException() return equips
def _validate_vip_to_apply(vip_request, update=False, user=None): vip = get_vip_request_by_id(vip_request.get('id')) # validate vip with same ipv4 ou ipv6 vip_with_ip = get_vip_request_by_ip(vip.ipv4, vip.ipv6, vip.environmentvip) vip_with_ip = vip_with_ip.exclude( id=vip.id ).exclude( created=False ).distinct() if vip_with_ip.count() > 0: raise exceptions.AlreadyVipRequestException() if update and not vip.created: raise exceptions.VipRequestNotCreated(vip.id) if not update and vip.created: raise exceptions.VipRequestAlreadyCreated(vip.id) equips = facade_eqpt.get_eqpt_by_envvip(vip_request['environmentvip']) conf = EnvironmentVip.objects.get(id=vip_request['environmentvip']).conf if facade_eqpt.all_equipments_are_in_maintenance(equips): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException() if user: if not facade_eqpt.all_equipments_can_update_config(equips, user): raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException( 'User does not have permission to update conf in eqpt. \ Verify the permissions of user group with equipment group. Vip:{}'.format( vip_request['id'])) cluster_unit = vip.ipv4.networkipv4.cluster_unit if vip.ipv4 else vip.ipv6.networkipv6.cluster_unit return equips, conf, cluster_unit
def undeploy_networkipv4(network_id, user): """Loads template for removing Network IPv4 equipment configuration, creates file and apply config. :param network_id: NetworkIPv4 Id Returns: List with status of equipments output """ netv4_obj = get_networkipv4_by_id(network_id) routers = netv4_obj.vlan.ambiente.routers if not routers: raise exceptions.NoEnvironmentRoutersFoundException() if facade_eqpt.all_equipments_are_in_maintenance(routers): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException() if user: if not facade_eqpt.all_equipments_can_update_config(routers, user): raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException( 'User does not have permission to update conf in eqpt. ' 'Verify the permissions of user group with equipment group. ' 'Network:{}'.format(netv4_obj.id)) # lock network id to prevent multiple requests to same id with distributedlock(LOCK_NETWORK_IPV4 % netv4_obj.id): with distributedlock(LOCK_VLAN % netv4_obj.vlan.id): if netv4_obj.active == 0: return 'Network already not active. Nothing to do.' # load dict with all equipment attributes dict_ips = get_dict_v4_to_use_in_configuration_deploy( user, netv4_obj, routers) status_deploy = dict() # TODO implement threads for equipment in routers: # generate config file file_to_deploy = _generate_config_file( dict_ips, equipment, TEMPLATE_NETWORKv4_DEACTIVATE) lockvar = LOCK_EQUIPMENT_DEPLOY_CONFIG_NETWORK_SCRIPT % ( equipment.id) # deploy config file in equipments status_deploy[ equipment.id] = deploy_config_in_equipment_synchronous( file_to_deploy, equipment, lockvar) netv4_obj.deactivate_v3() # transaction.commit() if netv4_obj.vlan.ativada == 1: # if there are no other networks active in vlan, remove int # vlan if not _has_active_network_in_vlan(netv4_obj.vlan): # remove int vlan for equipment in routers: if equipment.maintenance is not True: pass # Delete SVI status_deploy[equipment.id] += _remove_svi( equipment, netv4_obj.vlan.num_vlan) # Need verify this call netv4_obj.vlan.deactivate_v3() return status_deploy
def networkIPv6_deploy(request, network_id): """Deploy network L3 configuration in the environment routers for network ipv6 Receives optional parameter equipments to specify what equipment should receive network configuration """ networkipv6 = NetworkIPv6.get_by_pk(int(network_id)) environment = networkipv6.vlan.ambiente equipments_id_list = None if request.DATA is not None: equipments_id_list = request.DATA.get('equipments', None) equipment_list = [] if equipments_id_list is not None: if type(equipments_id_list) is not list: raise api_exceptions.ValidationException('equipments') for equip in equipments_id_list: try: int(equip) except ValueError: raise api_exceptions.ValidationException('equipments') # Check that equipments received as parameters are in correct vlan # environment equipment_list = Equipamento.objects.filter( equipamentoambiente__ambiente=environment, id__in=equipments_id_list) log.info('list = %s' % equipment_list) if len(equipment_list) != len(equipments_id_list): log.error( 'Error: equipments %s are not part of network environment.' % equipments_id_list) raise exceptions.EquipmentIDNotInCorrectEnvException() else: # TODO GET network routers equipment_list = Equipamento.objects.filter( ipv6equipament__ip__networkipv6=networkipv6, equipamentoambiente__ambiente=networkipv6.vlan.ambiente, equipamentoambiente__is_router=1).distinct() if len(equipment_list) == 0: raise exceptions.NoEnvironmentRoutersFoundException() # Check permission to configure equipments for equip in equipment_list: # User permission if not has_perm(request.user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): log.error(u'User does not have permission to perform the operation.') raise PermissionDenied( 'No permission to configure equipment %s-%s' % (equip.id, equip.nome)) if all_equipments_are_in_maintenance(equipment_list): raise AllEquipmentsAreInMaintenanceException() try: # deploy network configuration if request.method == 'POST': returned_data = facade.deploy_networkIPv6_configuration( request.user, networkipv6, equipment_list) elif request.method == 'DELETE': returned_data = facade.remove_deploy_networkIPv6_configuration( request.user, networkipv6, equipment_list) return Response(returned_data) except Exception, exception: log.error(exception) raise api_exceptions.NetworkAPIException()
def update_real_pool(request): """ - update real pool in eqpt - update data pool in db """ pools = request.DATA.get("pools", []) load_balance = {} # valid data for save in DB and apply in eqpt ps, sp = valid_to_save_reals_v2(pools) for pool in pools: ids = [p['id'] for p in pool['server_pool_members'] if p['id']] db_members = ServerPoolMember.objects.filter(id__in=ids) db_members_remove = ServerPoolMember.objects.filter(server_pool__id=pool['server_pool']['id']).exclude(id__in=ids) db_members_id = [str(s.id) for s in db_members] pools_members = list() for pool_member in pool['server_pool_members']: if not pool_member['ipv6']: ip = pool_member['ip']['ip_formated'] else: ip = pool_member['ipv6']['ip_formated'] if pool_member['id']: member = db_members[db_members_id.index(str(pool_member['id']))] if not member.ipv6: ip_db = member.ip.ip_formated else: ip_db = member.ipv6.ip_formated if member.port_real == pool_member['port_real'] and ip_db == ip: pools_members.append({ 'id': pool_member['id'], 'ip': ip, 'port': pool_member['port_real'], 'limit': pool_member['limit'], 'priority': pool_member['priority'], 'weight': pool_member['weight'], }) else: pools_members.append({ 'id': None, 'ip': ip_db, 'port': member.port_real, 'remove': 1 }) pools_members.append({ 'id': pool_member['id'], 'ip': ip, 'port': pool_member['port_real'], 'limit': pool_member['limit'], 'priority': pool_member['priority'], 'weight': pool_member['weight'], 'new': 1 }) else: pools_members.append({ 'id': None, 'ip': ip, 'port': pool_member['port_real'], 'limit': pool_member['limit'], 'priority': pool_member['priority'], 'weight': pool_member['weight'], 'new': 1 }) # members to remove for member in db_members_remove: if not member.ipv6: ip_db = member.ip.ip_formated else: ip_db = member.ipv6.ip_formated pools_members.append({ 'id': member.id, 'ip': ip_db, 'port': member.port_real, 'remove': 1 }) # get eqpts associate with pool equips = EquipamentoAmbiente.objects.filter( ambiente__id=pool['server_pool']['environment']['id'], equipamento__tipo_equipamento__tipo_equipamento=u'Balanceador') equipment_list = [e.equipamento for e in equips] if all_equipments_are_in_maintenance(equipment_list): raise AllEquipmentsAreInMaintenanceException() for e in equips: eqpt_id = str(e.equipamento.id) equipment_access = EquipamentoAcesso.search( equipamento=e.equipamento.id, protocolo="https" ).uniqueResult() equipment = Equipamento.get_by_pk(e.equipamento.id) plugin = PluginFactory.factory(equipment) if not load_balance.get(eqpt_id): load_balance[eqpt_id] = { 'plugin': plugin, 'fqdn': equipment_access.fqdn, 'user': equipment_access.user, 'password': equipment_access.password, 'pools': [], } load_balance[eqpt_id]['pools'].append({ 'id': pool['server_pool']['id'], 'nome': pool['server_pool']['identifier'], 'lb_method': pool['server_pool']['lb_method'], 'healthcheck': pool['server_pool']['healthcheck'], 'action': pool['server_pool']['servicedownaction']['name'], 'pools_members': pools_members }) # get ids from pools created names = [sp[p].id for idx, p in enumerate(ps) if sp[p].pool_created] environments = [sp[p].id for idx, p in enumerate(ps) if sp[p].pool_created] # call plugin to change in load balance for lb in load_balance: lbe = [l for l in load_balance[lb]['pools'] if l['id'] in names if l['id'] in environments] if len(lbe) > 0: json = load_balance[lb] json['pools'] = lbe json['plugin'].updatePool(json) # save pool in DB for idx in sp: idx = str(idx) sp[idx].identifier = ps[idx]['server_pool']['identifier'] sp[idx].environment = Ambiente.objects.get( id=ps[idx]['server_pool']['environment']['id']) sp[idx].default_limit = ps[idx]['server_pool']['default_limit'] sp[idx].default_port = ps[idx]['server_pool']['default_port'] sp[idx].lb_method = ps[idx]['server_pool']['lb_method'] sp[idx].servicedownaction = OptionPool.objects.get( id=ps[idx]['server_pool']['servicedownaction']['id']) is_healthcheck_valid(ps[idx]['server_pool']['healthcheck']) ps[idx]['server_pool']['healthcheck'] = ps[idx]['server_pool']['healthcheck'] sp[idx].healthcheck = get_or_create_healthcheck( request.user, ps[idx]['server_pool']['healthcheck']['healthcheck_expect'], ps[idx]['server_pool']['healthcheck']['healthcheck_type'], ps[idx]['server_pool']['healthcheck']['healthcheck_request'], ps[idx]['server_pool']['healthcheck']['destination'], ps[idx]['server_pool']['healthcheck']['identifier']) sp[idx].save() members_id = [p['id'] for p in pool['server_pool_members'] for pool in pools if p['id']] pms = ServerPoolMember.objects.filter(id__in=members_id) pms_delete = ServerPoolMember.objects.exclude(id__in=members_id).filter(server_pool__id__in=[pool['server_pool']['id'] for pool in pools]) members = dict() for pool in pools: for member in pool['server_pool_members']: if member['id']: members[str(member['id'])] = member # update pool members log.info(pools) for pm in pms: if members.get(str(pm.id)): pm.port_real = members.get(str(pm.id))['port_real'] pm.priority = members.get(str(pm.id))['priority'] pm.weight = members.get(str(pm.id))['weight'] pm.limit = members.get(str(pm.id))['limit'] pm.save() # delete pool members for pm in pms_delete: pm.delete() # create new pool members members = [p for p in pool['server_pool_members'] for pool in pools if not p['id']] for member in members: pm = ServerPoolMember() pm.server_pool_id = member['server_pool']['id'] pm.limit = member['limit'] if member['ip']: pm.ip_id = member['ip']['id'] if member['ipv6']: pm.ipv6_id = member['ipv6']['id'] pm.identifier = member['identifier'] pm.weight = member['weight'] pm.priority = member['priority'] pm.port_real = member['port_real'] pm.save() # Save reals # save_server_pool_member(request.user, sp, list_server_pool_member) return {}
def delete_real_pool(request): """ delete real pool in eqpt """ pools = request.DATA.get("pools", []) load_balance = {} for pool in pools: pools_members = [] for pool_member in pool['server_pool_members']: if pool_member['ipv6'] is None: ip = pool_member['ip']['ip_formated'] else: ip = pool_member['ipv6']['ip_formated'] pools_members.append({ 'id': pool_member['id'], 'ip': ip, 'port': pool_member['port_real'], 'member_status': pool_member['member_status'], 'limit': pool_member['limit'], 'priority': pool_member['priority'], 'weight': pool_member['weight'] }) equips = EquipamentoAmbiente.objects.filter( ambiente__id=pool['server_pool']['environment']['id'], equipamento__tipo_equipamento__tipo_equipamento=u'Balanceador') equipment_list = [e.equipamento for e in equips] if all_equipments_are_in_maintenance(equipment_list): raise AllEquipmentsAreInMaintenanceException() for e in equips: eqpt_id = str(e.equipamento.id) equipment_access = EquipamentoAcesso.search( equipamento=e.equipamento.id, protocolo="https" ).uniqueResult() equipment = Equipamento.get_by_pk(e.equipamento.id) plugin = PluginFactory.factory(equipment) if not load_balance.get(eqpt_id): load_balance[eqpt_id] = { 'plugin': plugin, 'fqdn': equipment_access.fqdn, 'user': equipment_access.user, 'password': equipment_access.password, 'pools': [], } load_balance[eqpt_id]['pools'].append({ 'id': pool['server_pool']['id'], 'nome': pool['server_pool']['identifier'], 'lb_method': pool['server_pool']['lb_method'], 'healthcheck': pool['server_pool']['healthcheck'], 'action': pool['server_pool']['servicedownaction']['name'], 'pools_members': pools_members }) for lb in load_balance: load_balance[lb]['plugin'].deletePool(load_balance[lb]) ids = [pool['server_pool']['id'] for pool in pools] ServerPool.objects.filter(id__in=ids).update(pool_created=False) return {}
def get_poolmember_state(servers_pools): """ Return Pool Members State """ load_balance = {} for server_pool in servers_pools: pools_members = [] server_pool_members = ServerPoolMember.objects.filter( server_pool=server_pool) for pool_member in server_pool_members: if pool_member.ipv6 is None: ip = pool_member.ip.ip_formated else: ip = pool_member.ipv6.ip_formated pools_members.append({ 'id': pool_member.id, 'ip': ip, 'port': pool_member.port_real, 'member_status': pool_member.member_status }) if pools_members: # pool_name = server_pool.identifier pool_id = server_pool.id equips = EquipamentoAmbiente.objects.filter( ambiente__id=server_pool.environment.id, equipamento__tipo_equipamento__tipo_equipamento=u'Balanceador') equipment_list = [e.equipamento for e in equips] if all_equipments_are_in_maintenance(equipment_list): raise AllEquipmentsAreInMaintenanceException() for e in equips: eqpt_id = str(e.equipamento.id) equipment_access = EquipamentoAcesso.search( equipamento=e.equipamento.id, protocolo="https" ).uniqueResult() equipment = Equipamento.get_by_pk(e.equipamento.id) plugin = PluginFactory.factory(equipment) if not load_balance.get(eqpt_id): load_balance[eqpt_id] = { 'plugin': plugin, 'fqdn': equipment_access.fqdn, 'user': equipment_access.user, 'password': equipment_access.password, 'pools': [], } load_balance[eqpt_id]['pools'].append({ 'id': server_pool.id, 'nome': server_pool.identifier, 'pools_members': pools_members }) for lb in load_balance: ps = {} status = {} # call plugin to get state member states = load_balance[lb]['plugin'].getStateMember(load_balance[lb]) for idx, state in enumerate(states): pool_id = load_balance[lb]['pools'][idx]['id'] if not ps.get(pool_id): ps[pool_id] = {} status[pool_id] = {} # populate variable for to verify diff states for idx_m, st in enumerate(state): member_id = load_balance[lb]['pools'][idx]['pools_members'][idx_m]['id'] if not ps[pool_id].get(member_id): ps[pool_id][member_id] = [] ps[pool_id][member_id].append(st) status[pool_id][member_id] = st # Verify diff state of pool member in eqpts for idx in ps: for idx_m in ps[idx]: if len(set(ps[idx][idx_m])) > 1: msg = 'There are states differents in equipments.' log.error(msg) raise exceptions.DiffStatesEquipament(msg) return status
def set_poolmember_state(pools): """ Set Pool Members state """ try: load_balance = {} for pool in pools: pools_members = [] q_filters = [] for pool_member in pool['server_pool_members']: port_real = pool_member['port_real'] if pool_member['ipv6'] is None: ip = pool_member['ip']['ip_formated'] ip_ft = '.'.join(str(x) for x in [ pool_member['ip']['oct1'], pool_member['ip']['oct2'], pool_member['ip']['oct3'], pool_member['ip']['oct4']]) if ip != ip_ft: raise exceptions.InvalidIpNotExist() q_filters.append({ 'ip__oct1': pool_member['ip']['oct1'], 'ip__oct2': pool_member['ip']['oct2'], 'ip__oct3': pool_member['ip']['oct3'], 'ip__oct4': pool_member['ip']['oct4'], 'port_real': port_real }) else: ip = pool_member['ipv6']['ip_formated'] ip_ft = '.'.join(str(x) for x in [ pool_member['ipv6']['block1'], pool_member['ipv6']['block2'], pool_member['ipv6']['block3'], pool_member['ipv6']['block4'], pool_member['ipv6']['block5'], pool_member['ipv6']['block6'], pool_member['ipv6']['block7'], pool_member['ipv6']['block8']]) if ip != ip_ft: raise exceptions.InvalidIpNotExist() q_filters.append({ 'ipv6__block1': pool_member['ipv6']['block1'], 'ipv6__block2': pool_member['ipv6']['block2'], 'ipv6__block3': pool_member['ipv6']['block3'], 'ipv6__block4': pool_member['ipv6']['block4'], 'ipv6__block5': pool_member['ipv6']['block5'], 'ipv6__block6': pool_member['ipv6']['block6'], 'ipv6__block7': pool_member['ipv6']['block7'], 'ipv6__block8': pool_member['ipv6']['block8'], 'port_real': port_real }) pools_members.append({ 'id': pool_member['id'], 'ip': ip, 'port': port_real, 'member_status': pool_member['member_status'] }) server_pool_members = ServerPoolMember.objects.filter( reduce(lambda x, y: x | y, [Q(**q_filter) for q_filter in q_filters]), server_pool=pool['server_pool']['id']) if len(server_pool_members) != len(pools_members): raise exceptions.PoolmemberNotExist() pool_name = pool['server_pool']['identifier'] server_pools = ServerPool.objects.filter(identifier=pool_name) if not server_pools: raise exceptions.PoolNotExist() equips = EquipamentoAmbiente.objects.filter( ambiente__id=pool['server_pool']['environment']['id'], equipamento__tipo_equipamento__tipo_equipamento=u'Balanceador') equipment_list = [e.equipamento for e in equips] if all_equipments_are_in_maintenance(equipment_list): raise AllEquipmentsAreInMaintenanceException() for e in equips: eqpt_id = str(e.equipamento.id) equipment_access = EquipamentoAcesso.search( equipamento=e.equipamento.id, protocolo="https" ).uniqueResult() equipment = Equipamento.get_by_pk(e.equipamento.id) plugin = PluginFactory.factory(equipment) if not load_balance.get(eqpt_id): load_balance[eqpt_id] = { 'plugin': plugin, 'fqdn': equipment_access.fqdn, 'user': equipment_access.user, 'password': equipment_access.password, 'pools': [], } load_balance[eqpt_id]['pools'].append({ 'id': pool['server_pool']['id'], 'nome': pool_name, 'pools_members': pools_members }) for lb in load_balance: load_balance[lb]['plugin'].setStateMember(load_balance[lb]) return {} except Exception, exception: log.error(exception) raise exception
def prepare_apply(load_balance, vip, created=True, user=None): vip_request = copy.deepcopy(vip) id_vip = str(vip_request.get('id')) equips, conf, cluster_unit = _validate_vip_to_apply( vip_request, created, user) cache_group = OptionVip.objects.get( id=vip_request.get('options').get('cache_group')) traffic_return = OptionVip.objects.get( id=vip_request.get('options').get('traffic_return')) timeout = OptionVip.objects.get( id=vip_request.get('options').get('timeout')) persistence = OptionVip.objects.get( id=vip_request.get('options').get('persistence')) if vip_request['ipv4']: ipv4 = Ip.get_by_pk(vip_request['ipv4']) if vip_request[ 'ipv4'] else None vip_request['ipv4'] = { 'id': ipv4.id, 'ip_formated': ipv4.ip_formated } if vip_request['ipv6']: ipv6 = Ipv6.get_by_pk(vip_request['ipv6']) if vip_request[ 'ipv6'] else None vip_request['ipv6'] = { 'id': ipv6.id, 'ip_formated': ipv6.ip_formated } if conf: conf = json.loads(conf) vip_request['options'] = dict() vip_request['options']['cache_group'] = { 'id': cache_group.id, 'nome_opcao_txt': cache_group.nome_opcao_txt } vip_request['options']['traffic_return'] = { 'id': traffic_return.id, 'nome_opcao_txt': traffic_return.nome_opcao_txt } vip_request['options']['timeout'] = { 'id': timeout.id, 'nome_opcao_txt': timeout.nome_opcao_txt } vip_request['options']['persistence'] = { 'id': persistence.id, 'nome_opcao_txt': persistence.nome_opcao_txt } vip_request['options']['cluster_unit'] = cluster_unit try: vip_request['options']['dscp'] = VipRequestDSCP.objects.get( vip_request=vip_request['id'] ).dscp except: vip_request['options']['dscp'] = None pass for idx, port in enumerate(vip_request['ports']): for i, pl in enumerate(port['pools']): pool = get_pool_by_id(pl['server_pool']) pool_serializer = pool_slz.PoolV3Serializer(pool) l7_rule = OptionVip.objects.get( id=pl['l7_rule']).nome_opcao_txt healthcheck = pool_serializer.data['healthcheck'] healthcheck['identifier'] = reserve_name_healthcheck( pool_serializer.data['identifier']) healthcheck['new'] = True vip_request['ports'][idx]['pools'][i]['server_pool'] = { 'id': pool_serializer.data['id'], 'nome': pool_serializer.data['identifier'], 'lb_method': pool_serializer.data['lb_method'], 'healthcheck': healthcheck, 'action': pool_serializer.data['servicedownaction']['name'], 'pool_created': pool_serializer.data['pool_created'], 'pools_members': [{ 'id': pool_member['id'], 'identifier': pool_member['identifier'], 'ip': pool_member['ip']['ip_formated'] if pool_member['ip'] else pool_member['ipv6']['ip_formated'], 'port': pool_member['port_real'], 'member_status': pool_member['member_status'], 'limit': pool_member['limit'], 'priority': pool_member['priority'], 'weight': pool_member['weight'] } for pool_member in pool_serializer.data['server_pool_members']] } vip_request['ports'][idx]['pools'][i]['l7_rule'] = l7_rule l7_protocol = OptionVip.objects.get( id=port['options']['l7_protocol']) l4_protocol = OptionVip.objects.get( id=port['options']['l4_protocol']) vip_request['ports'][idx]['options'] = dict() vip_request['ports'][idx]['options']['l7_protocol'] = { 'id': l7_protocol.id, 'nome_opcao_txt': l7_protocol.nome_opcao_txt } vip_request['ports'][idx]['options']['l4_protocol'] = { 'id': l4_protocol.id, 'nome_opcao_txt': l4_protocol.nome_opcao_txt } vip_request['conf'] = conf if conf: for idx, layer in enumerate(conf['conf']['layers']): requiments = layer.get('requiments') if requiments: # validate for port for idx_port, port in enumerate(vip['ports']): for requiment in requiments: condicionals = requiment.get('condicionals') for condicional in condicionals: validated = True validations = condicional.get('validations') for validation in validations: if validation.get('type') == 'optionvip': validated &= valid_expression( validation.get('operator'), int(vip['options'][ validation.get('variable')]), int(validation.get('value')) ) if validation.get('type') == 'portoptionvip': validated &= valid_expression( validation.get('operator'), int(port['options'][ validation.get('variable')]), int(validation.get('value')) ) if validation.get('type') == 'field' and validation.get('variable') == 'cluster_unit': validated &= valid_expression( validation.get('operator'), cluster_unit, validation.get('value') ) if validated: use = condicional.get('use') for item in use: definitions = item.get('definitions') eqpts = item.get('eqpts') if eqpts: eqpts = Equipamento.objects.filter( id__in=eqpts, maintenance=0, tipo_equipamento__tipo_equipamento=u'Balanceador').distinct() if facade_eqpt.all_equipments_are_in_maintenance(equips): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException() if user: if not facade_eqpt.all_equipments_can_update_config(equips, user): raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException( 'User does not have permission to update conf in eqpt. \ Verify the permissions of user group with equipment group. Vip:{}'.format( vip_request['id'])) for eqpt in eqpts: eqpt_id = str(eqpt.id) if not load_balance.get(eqpt_id): equipment_access = EquipamentoAcesso.search( equipamento=eqpt.id ) plugin = PluginFactory.factory( eqpt) load_balance[eqpt_id] = { 'plugin': plugin, 'access': equipment_access, 'vips': [], 'layers': {}, } idx_layer = str(idx) idx_port_str = str(port['port']) if not load_balance[eqpt_id]['layers'].get(id_vip): load_balance[eqpt_id][ 'layers'][id_vip] = dict() if load_balance[eqpt_id]['layers'][id_vip].get(idx_layer): if load_balance[eqpt_id]['layers'][id_vip].get(idx_layer).get('definitions').get(idx_port_str): load_balance[eqpt_id]['layers'][id_vip][idx_layer][ 'definitions'][idx_port_str] += definitions else: load_balance[eqpt_id]['layers'][id_vip][idx_layer][ 'definitions'][idx_port_str] = definitions else: load_balance[eqpt_id]['layers'][id_vip][idx_layer] = { 'vip_request': vip_request, 'definitions': { idx_port_str: definitions } } # In first validated==True stops conditionals. # Removing this break will add a wrong # conditional. break for e in equips: eqpt_id = str(e.id) if not load_balance.get(eqpt_id): equipment_access = EquipamentoAcesso.search( equipamento=e.id ) plugin = PluginFactory.factory(e) load_balance[eqpt_id] = { 'plugin': plugin, 'access': equipment_access, 'vips': [], 'layers': {}, } load_balance[eqpt_id]['vips'].append({'vip_request': vip_request}) return load_balance
def networkIPv6_deploy(request, network_id): """Deploy network L3 configuration in the environment routers for network ipv6 Receives optional parameter equipments to specify what equipment should receive network configuration """ networkipv6 = NetworkIPv6.get_by_pk(int(network_id)) environment = networkipv6.vlan.ambiente equipments_id_list = None if request.DATA is not None: equipments_id_list = request.DATA.get('equipments', None) equipment_list = [] if equipments_id_list is not None: if type(equipments_id_list) is not list: raise api_exceptions.ValidationException('equipments') for equip in equipments_id_list: try: int(equip) except ValueError: raise api_exceptions.ValidationException('equipments') # Check that equipments received as parameters are in correct vlan # environment equipment_list = Equipamento.objects.filter( equipamentoambiente__ambiente=environment, id__in=equipments_id_list) log.info('list = %s' % equipment_list) if len(equipment_list) != len(equipments_id_list): log.error( 'Error: equipments %s are not part of network environment.' % equipments_id_list) raise exceptions.EquipmentIDNotInCorrectEnvException() else: # TODO GET network routers equipment_list = Equipamento.objects.filter( ipv6equipament__ip__networkipv6=networkipv6, equipamentoambiente__ambiente=networkipv6.vlan.ambiente, equipamentoambiente__is_router=1).distinct() if len(equipment_list) == 0: raise exceptions.NoEnvironmentRoutersFoundException() # Check permission to configure equipments for equip in equipment_list: # User permission if not has_perm(request.user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): log.error( u'User does not have permission to perform the operation.') raise PermissionDenied( 'No permission to configure equipment %s-%s' % (equip.id, equip.nome)) if all_equipments_are_in_maintenance(equipment_list): raise AllEquipmentsAreInMaintenanceException() try: # deploy network configuration if request.method == 'POST': returned_data = facade.deploy_networkIPv6_configuration( request.user, networkipv6, equipment_list) elif request.method == 'DELETE': returned_data = facade.remove_deploy_networkIPv6_configuration( request.user, networkipv6, equipment_list) return Response(returned_data) except Exception, exception: log.error(exception) raise api_exceptions.NetworkAPIException()
def deploy_networkipv6(network_id, user): """Loads template for creating Network IPv6 equipment configuration, creates file and apply config. Args: NetworkIPv6 object Equipamento objects list Returns: List with status of equipments output """ netv6_obj = get_networkipv6_by_id(network_id) routers = netv6_obj.vlan.ambiente.routers if not routers: raise exceptions.NoEnvironmentRoutersFoundException() if facade_eqpt.all_equipments_are_in_maintenance(routers): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException() if user: if not facade_eqpt.all_equipments_can_update_config(routers, user): raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException( 'User does not have permission to update conf in eqpt. ' 'Verify the permissions of user group with equipment group. ' 'Network:{}'.format(netv6_obj.id)) # lock network id to prevent multiple requests to same id with distributedlock(LOCK_NETWORK_IPV6 % netv6_obj.id): with distributedlock(LOCK_VLAN % netv6_obj.vlan.id): if netv6_obj.active == 1: return 'Network already active. Nothing to do.' # load dict with all equipment attributes dict_ips = get_dict_v6_to_use_in_configuration_deploy( user, netv6_obj, routers) status_deploy = dict() # TODO implement threads for equipment in routers: # generate config file file_to_deploy = _generate_config_file( dict_ips, equipment, TEMPLATE_NETWORKv6_ACTIVATE) # deploy config file in equipments lockvar = LOCK_EQUIPMENT_DEPLOY_CONFIG_NETWORK_SCRIPT % ( equipment.id) status_deploy[ equipment.id] = deploy_config_in_equipment_synchronous( file_to_deploy, equipment, lockvar) netv6_obj.activate_v3() # transaction.commit() if netv6_obj.vlan.ativada == 0: netv6_obj.vlan.activate_v3() return status_deploy
#TODO GET network routers equipment_list = Equipamento.objects.filter( ipequipamento__ip__networkipv4 = networkipv4, equipamentoambiente__ambiente = networkipv4.vlan.ambiente, equipamentoambiente__is_router = 1).distinct() if len(equipment_list) == 0: raise exceptions.NoEnvironmentRoutersFoundException() # Check permission to configure equipments for equip in equipment_list: # User permission if not has_perm(request.user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): log.error(u'User does not have permission to perform the operation.') raise PermissionDenied("No permission to configure equipment %s-%s" % (equip.id, equip.nome) ) if all_equipments_are_in_maintenance(equipment_list): raise AllEquipmentsAreInMaintenanceException() #deploy network configuration if request.method == 'POST': returned_data = facade.deploy_networkIPv4_configuration(request.user, networkipv4, equipment_list) elif request.method == 'DELETE': returned_data = facade.remove_deploy_networkIPv4_configuration(request.user, networkipv4, equipment_list) return Response(returned_data) @api_view(['GET']) @permission_classes((IsAuthenticated, Read)) def networksIPv6(request): '''Lists network ipv6 and filter by url parameters
def prepare_apply(load_balance, vip, created=True, user=None): vip_request = copy.deepcopy(vip) id_vip = str(vip_request.get('id')) equips, conf, cluster_unit = _validate_vip_to_apply( vip_request, created, user) cache_group = OptionVip.objects.get( id=vip_request.get('options').get('cache_group')) traffic_return = OptionVip.objects.get( id=vip_request.get('options').get('traffic_return')) timeout = OptionVip.objects.get( id=vip_request.get('options').get('timeout')) persistence = OptionVip.objects.get( id=vip_request.get('options').get('persistence')) if vip_request['ipv4']: ipv4 = Ip.get_by_pk( vip_request['ipv4']) if vip_request['ipv4'] else None vip_request['ipv4'] = {'id': ipv4.id, 'ip_formated': ipv4.ip_formated} if vip_request['ipv6']: ipv6 = Ipv6.get_by_pk( vip_request['ipv6']) if vip_request['ipv6'] else None vip_request['ipv6'] = {'id': ipv6.id, 'ip_formated': ipv6.ip_formated} if conf: conf = json.loads(conf) vip_request['options'] = dict() vip_request['options']['cache_group'] = { 'id': cache_group.id, 'nome_opcao_txt': cache_group.nome_opcao_txt } vip_request['options']['traffic_return'] = { 'id': traffic_return.id, 'nome_opcao_txt': traffic_return.nome_opcao_txt } vip_request['options']['timeout'] = { 'id': timeout.id, 'nome_opcao_txt': timeout.nome_opcao_txt } vip_request['options']['persistence'] = { 'id': persistence.id, 'nome_opcao_txt': persistence.nome_opcao_txt } vip_request['options']['cluster_unit'] = cluster_unit try: vip_request['options']['dscp'] = VipRequestDSCP.objects.get( vip_request=vip_request['id']).dscp except: vip_request['options']['dscp'] = None pass for idx, port in enumerate(vip_request['ports']): for i, pl in enumerate(port['pools']): pool = get_pool_by_id(pl['server_pool']) pool_serializer = pool_slz.PoolV3Serializer(pool) l7_rule = OptionVip.objects.get(id=pl['l7_rule']).nome_opcao_txt healthcheck = pool_serializer.data['healthcheck'] healthcheck['identifier'] = reserve_name_healthcheck( pool_serializer.data['identifier']) healthcheck['new'] = True vip_request['ports'][idx]['pools'][i]['server_pool'] = { 'id': pool_serializer.data['id'], 'nome': pool_serializer.data['identifier'], 'lb_method': pool_serializer.data['lb_method'], 'healthcheck': healthcheck, 'action': pool_serializer.data['servicedownaction']['name'], 'pool_created': pool_serializer.data['pool_created'], 'pools_members': [{ 'id': pool_member['id'], 'identifier': pool_member['identifier'], 'ip': pool_member['ip']['ip_formated'] if pool_member['ip'] else pool_member['ipv6']['ip_formated'], 'port': pool_member['port_real'], 'member_status': pool_member['member_status'], 'limit': pool_member['limit'], 'priority': pool_member['priority'], 'weight': pool_member['weight'] } for pool_member in pool_serializer.data['server_pool_members'] ] } vip_request['ports'][idx]['pools'][i]['l7_rule'] = l7_rule l7_protocol = OptionVip.objects.get(id=port['options']['l7_protocol']) l4_protocol = OptionVip.objects.get(id=port['options']['l4_protocol']) vip_request['ports'][idx]['options'] = dict() vip_request['ports'][idx]['options']['l7_protocol'] = { 'id': l7_protocol.id, 'nome_opcao_txt': l7_protocol.nome_opcao_txt } vip_request['ports'][idx]['options']['l4_protocol'] = { 'id': l4_protocol.id, 'nome_opcao_txt': l4_protocol.nome_opcao_txt } vip_request['conf'] = conf if conf: for idx, layer in enumerate(conf['conf']['layers']): requiments = layer.get('requiments') if requiments: # validate for port for idx_port, port in enumerate(vip['ports']): for requiment in requiments: condicionals = requiment.get('condicionals') for condicional in condicionals: validated = True validations = condicional.get('validations') for validation in validations: if validation.get('type') == 'optionvip': validated &= valid_expression( validation.get('operator'), int(vip['options'][validation.get( 'variable')]), int(validation.get('value'))) if validation.get('type') == 'portoptionvip': validated &= valid_expression( validation.get('operator'), int(port['options'][validation.get( 'variable')]), int(validation.get('value'))) if validation.get( 'type') == 'field' and validation.get( 'variable') == 'cluster_unit': validated &= valid_expression( validation.get('operator'), cluster_unit, validation.get('value')) if validated: use = condicional.get('use') for item in use: definitions = item.get('definitions') eqpts = item.get('eqpts') if eqpts: eqpts = Equipamento.objects.filter( id__in=eqpts, maintenance=0, tipo_equipamento__tipo_equipamento= u'Balanceador').distinct() if facade_eqpt.all_equipments_are_in_maintenance( equips): raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException( ) if user: if not facade_eqpt.all_equipments_can_update_config( equips, user): raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException( 'User does not have permission to update conf in eqpt. \ Verify the permissions of user group with equipment group. Vip:{}' .format(vip_request['id'])) for eqpt in eqpts: eqpt_id = str(eqpt.id) if not load_balance.get(eqpt_id): equipment_access = EquipamentoAcesso.search( equipamento=eqpt.id) plugin = PluginFactory.factory( eqpt) load_balance[eqpt_id] = { 'plugin': plugin, 'access': equipment_access, 'vips': [], 'layers': {}, } idx_layer = str(idx) idx_port_str = str(port['port']) if not load_balance[eqpt_id][ 'layers'].get(id_vip): load_balance[eqpt_id][ 'layers'][id_vip] = dict() if load_balance[eqpt_id]['layers'][ id_vip].get(idx_layer): if load_balance[eqpt_id][ 'layers'][id_vip].get( idx_layer).get( 'definitions' ).get( idx_port_str): load_balance[eqpt_id][ 'layers'][id_vip][ idx_layer][ 'definitions'][ idx_port_str] += definitions else: load_balance[eqpt_id][ 'layers'][id_vip][ idx_layer][ 'definitions'][ idx_port_str] = definitions else: load_balance[eqpt_id][ 'layers'][id_vip][ idx_layer] = { 'vip_request': vip_request, 'definitions': { idx_port_str: definitions } } # In first validated==True stops conditionals. # Removing this break will add a wrong # conditional. break for e in equips: eqpt_id = str(e.id) if not load_balance.get(eqpt_id): equipment_access = EquipamentoAcesso.search(equipamento=e.id) plugin = PluginFactory.factory(e) load_balance[eqpt_id] = { 'plugin': plugin, 'access': equipment_access, 'vips': [], 'layers': {}, } load_balance[eqpt_id]['vips'].append({'vip_request': vip_request}) return load_balance