def delete_vdom(obj, context, **kwargs): cls = fortinet_db.Fortinet_ML2_Namespace namespace = fortinet_db.query_record(context, cls, **kwargs) if namespace: tenant_id = namespace.tenant_id if not fortinet_db.query_count(context, l3_db.Router, tenant_id=tenant_id) and \ not fortinet_db.query_count(context, models_v2.Network, tenant_id=tenant_id) and \ not fortinet_db.query_count(context, l3_db.FloatingIP, tenant_id=tenant_id): try: op(obj, context, resources.Vdom.get, name=namespace.vdom) op(obj, context, resources.Vdom.delete, name=namespace.vdom) except Exception as e: resources.Exinfo(e) fortinet_db.delete_record(context, cls, **kwargs) else: db_routers = fortinet_db.query_records(context, l3_db.Router, tenant_id=tenant_id) db_networks = fortinet_db.query_records(context, models_v2.Network, tenant_id=tenant_id) db_fips = fortinet_db.query_records(context, l3_db.FloatingIP, tenant_id=tenant_id) LOG.debug( "Keeping vdom, because existing db_routers: %(routers)s," "db_networks: %(networks)s, db_fips: %(fips)s", { 'routers': db_routers, 'networks': db_networks, 'fips': db_fips }) return namespace
def delete_network_precommit(self, mech_context): """Delete Network from the plugin specific database table.""" LOG.debug("delete_network_precommit: called") context = mech_context._plugin_context network = mech_context.current if network["router:external"]: # return when the network is external network # TODO(samsu): may check external network # before delete namespace return tenant_id = network['tenant_id'] namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) if not namespace: return records = fortinet_db.query_records(context, fortinet_db.Fortinet_Interface, network_id=network['id']) for record in records: try: utils.delete_vlanintf(self, context, name=record.name, vdom=namespace.vdom) except Exception as e: resources.Exinfo(e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name)
def delete_network_precommit(self, mech_context): """Delete Network from the plugin specific database table.""" LOG.debug("delete_network_precommit: called") network = mech_context.current network_id = network['id'] context = mech_context._plugin_context if fortinet_db.query_record(context, ext_db.ExternalNetwork, network_id=network_id): # return when the network is external network # TODO(samsu): may check external network # before delete namespace return tenant_id = network['tenant_id'] namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) if not namespace: return # TODO(samsu): type driver support vlan only, # need to check later vlanid = network['provider:segmentation_id'] inf_name = const.PREFIX['inf'] + str(vlanid) try: utils.delete_vlanintf(self, context, name=inf_name, vdom=namespace.vdom) except Exception as e: resources.Exinfo(e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name)
def update_floatingip(self, context, id, floatingip): if floatingip['floatingip']['port_id']: # floating ip associate with VM port. try: res = (super(FortinetL3ServicePlugin, self).update_floatingip(context, id, floatingip)) if not floatingip['floatingip'].get('fixed_ip_address', None): floatingip['floatingip']['fixed_ip_address'] = ( res.get('fixed_ip_address')) self._associate_floatingip(context, id, floatingip) self.update_floatingip_status( context, res, l3_constants.FLOATINGIP_STATUS_ACTIVE, id=id) except Exception as e: with excutils.save_and_reraise_exception(): resources.Exinfo(e) super(FortinetL3ServicePlugin, self).disassociate_floatingips( context, floatingip['floatingip']['port_id']) else: # disassociate floating ip. self._disassociate_floatingip(context, id) res = (super(FortinetL3ServicePlugin, self).update_floatingip(context, id, floatingip)) self.update_floatingip_status(context, res, l3_constants.FLOATINGIP_STATUS_DOWN, id=id) return res if res else None
def create_floatingip(self, context, floatingip): """Create floating IP. :param context: Neutron request context :param floatingip: data for the floating IP being created :returns: A floating IP object on success As the l3 router plugin asynchronously creates floating IPs leveraging the l3 agent, the initial status for the floating IP object will be DOWN. """ LOG.debug("create_floatingip: floatingip=%s", floatingip) returned_obj = (super(FortinetL3ServicePlugin, self).create_floatingip(context, floatingip)) try: self._allocate_floatingip(context, returned_obj) if returned_obj.get('port_id', None): if not floatingip['floatingip'].get('fixed_ip_address', None): floatingip['floatingip']['fixed_ip_address'] = ( returned_obj.get('fixed_ip_address')) self._associate_floatingip(context, returned_obj['id'], floatingip) self.update_floatingip_status( context, returned_obj, l3_constants.FLOATINGIP_STATUS_ACTIVE, id=returned_obj['id']) return returned_obj except Exception as e: with excutils.save_and_reraise_exception(): resources.Exinfo(e) super(FortinetL3ServicePlugin, self).delete_floatingip(context, returned_obj['id'])
def delete_resource_with_keys(obj, context, record, resource, *keys, **kwargs): params = _prepare_params(record, resource, *keys, **kwargs) try: op(obj, context, resource.get, **params) return op(obj, context, resource.delete, **params) except exception.ResourceNotFound as e: resources.Exinfo(e) return None
def _loopingcall_callback(): self._monitor_busy = True try: self._check_pending_tasks() except Exception as e: resources.Exinfo(e) LOG.exception(_LE("Exception in _check_pending_tasks")) self._monitor_busy = False
def delete_subnet_postcommit(self, mech_context): LOG.debug("delete_subnet_postcommit: called") context = mech_context._plugin_context subnet_id = mech_context.current['id'] try: utils.delete_routerstatic(self, context, subnet_id=subnet_id) utils.delete_dhcpserver(self, context, subnet_id=subnet_id) except Exception as e: resources.Exinfo(e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name)
def delete_resource_with_id(obj, context, record, resource): if getattr(record, 'edit_id', None): try: op(obj, context, resource.get, vdom=record.vdom, id=record.edit_id) return op(obj, context, resource.delete, vdom=record.vdom, id=record.edit_id) except Exception as e: resources.Exinfo(e) return None
def set_resource_with_id(obj, context, record, resource, **kwargs): # because the name 'edit_id' in record is different with id in # the api templates, the id related function can not reuse the # related xx_keys function if getattr(record, 'edit_id', None): try: op(obj, context, resource.get, vdom=record.vdom, id=record.edit_id) if kwargs.get('id', None): del kwargs['id'] kwargs.setdefault('id', str(record.edit_id)) kwargs.setdefault('vdom', record.vdom) return op(obj, context, resource.set, **kwargs) except Exception as e: resources.Exinfo(e) raise e
def delete_port_postcommit(self, mech_context): LOG.debug("delete_port_postcommit: called") port = mech_context.current context = mech_context._plugin_context try: port_id = port['id'] subnet_id = port['fixed_ips'][0]['subnet_id'] db_subnet = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=subnet_id) db_subnetv2 = fortinet_db.query_record(context, models_v2.Subnet, id=subnet_id) if port['device_owner'] in ['network:router_gateway']: if fortinet_db.query_record(context, ext_db.ExternalNetwork, network_id=port['network_id']): #delete ippool and its related firewall policy utils.clr_ext_gw(self, context, port) elif port['device_owner'] in ['compute:nova', 'compute:None', '']: # delete dhcp related functions utils.delete_reservedip(self, context, port_id=port_id) elif port['device_owner'] in ['network:router_interface']: # add firewall address and address group name = const.PREFIX['addrgrp'] + db_subnet.vdom member = str(netaddr.IPNetwork(db_subnetv2.cidr).network) utils.delete_fwpolicy(self, context, vdom=db_subnet.vdom, srcintf='any', srcaddr=name, dstintf='any', dstaddr=name, nat='disable') utils.delete_addrgrp(self, context, name=name, vdom=db_subnet.vdom, members=member.split(' ')) utils.delete_fwaddress(self, context, vdom=db_subnet.vdom, name=member) except Exception as e: resources.Exinfo(e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name)
def create_router(self, context, router): LOG.debug("create_router: router=%s" % (router)) # Limit one router per tenant if not router.get('router', None): return tenant_id = router['router']['tenant_id'] with context.session.begin(subtransactions=True): try: namespace = utils.add_vdom(self, context, tenant_id=tenant_id) utils.add_vlink(self, context, namespace.vdom) except Exception as e: LOG.error("Failed to create_router router=%(router)s", {"router": router}) resources.Exinfo(e) utils._rollback_on_err(self, context, e) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def delete_network_postcommit(self, mech_context): """Delete network which translates to remove vlan interface and related vdom from the fortigate. """ LOG.debug("delete_network_postcommit: called") network = mech_context.current context = mech_context._plugin_context tenant_id = network['tenant_id'] with context.session.begin(subtransactions=True): try: utils.delete_vdom(self, context, tenant_id=tenant_id) LOG.info(_LI("delete network postcommit: tenant= %(tenant_id)s" " network= %(network)s"), {'tenant_id': tenant_id, 'network': network}) except Exception as e: resources.Exinfo(e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name)
def delete_addrgrp(obj, context, **kwargs): """ :param context: for database :param kwargs: example format { "name": "addrgrp_osvdm1", "vdom": "osvdm1", "members": ["192.168.10.0", "192.168.33.0"] } each member of members is the address name to be deleted in the specific firewall address group in FGT. """ cls = fortinet_db.Fortinet_Firewall_Address records = fortinet_db.query_records(context, cls, group=kwargs['name']) if not records: LOG.debug("There is not any record in db") return members = [ record.name for record in records if record.name not in kwargs['members'] ] if members: kwargs['members'] = members op(obj, context, resources.FirewallAddrgrp.set, **kwargs) else: delete_fwpolicy(obj, context, vdom=kwargs.get('vdom'), srcintf='any', srcaddr=kwargs['name'], dstintf='any', nat='disable') try: del kwargs['members'] op(obj, context, resources.FirewallAddrgrp.delete, **kwargs) except Exception as e: resources.Exinfo(e) for record in records: if record.name not in members: record.update_record(context, record, group=None)
def delete_router(self, context, id): LOG.debug("delete_router: router id=%s", id) try: if self.enable_fwaas: fw_plugin = directory.get_plugin(service_consts.FIREWALL) fw_plugin.update_firewall_for_delete_router(context, id) with context.session.begin(subtransactions=True): router = fortinet_db.query_record(context, l3_db.Router, id=id) # TODO(jerryz): move this out of transaction. setattr(context, 'GUARD_TRANSACTION', False) super(FortinetL3ServicePlugin, self).delete_router(context, id) if getattr(router, 'tenant_id', None): utils.delete_vlink(self, context, router.tenant_id) utils.delete_vdom(self, context, tenant_id=router.tenant_id) except Exception as e: with excutils.save_and_reraise_exception(): LOG.error(_LE("Failed to delete_router routerid=%(id)s"), {"id": id}) resources.Exinfo(e)
def check(obj, context, vdom, resource=resources.VlanInterface): vlink_vlan = fortinet_db.query_record( context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, vdom=vdom) if vlink_vlan: try: op(obj, context, resource.get, vdom=vdom, name=vlink_vlan.inf_name_int_vdom) op(obj, context, resource.get, vdom=const.EXT_VDOM, name=vlink_vlan.inf_name_ext_vdom) except exception.ResourceNotFound as e: import inspect caller = inspect.stack()[1][3] LOG.debug("## Check vlink interface failed on the %(func)s.", {'func': caller}) resources.Exinfo(e)
def _rollback_on_err(obj, context, err): update_status(obj, context, t_consts.TaskStatus.ROLLBACK) resources.Exinfo(err)