def create_floatingipset(self, context, floatingipset): floatingip = {} fip = {} fipset = floatingipset['floatingipset'] # check service provider exist self._check_exist_service_provider(context, fipset) fipset_id=uuidutils.generate_uuid() with context.session.begin(subtransactions=True): floatingipset_db = FloatingIPSet(id=fipset_id, uos_name=fipset.get('uos:name')) common_utils.make_default_name(floatingipset_db, uos_l3_constants.UOS_PRE_FIPSET, name='uos_name') context.session.add(floatingipset_db) for service_provider in fipset.get(uosfloatingip.UOS_SERVICE_PROVIDER, []): fip['rate_limit'] = fipset.get('rate_limit') fip['tenant_id'] = fipset.get('tenant_id') fip[uosfloatingip.UOS_NAME] = fipset.get(uosfloatingip.UOS_NAME) fip['floating_network_id'] = fipset.get('floatingipset_network_id') fip[uosfloatingip.UOS_SERVICE_PROVIDER] = service_provider fip['floatingipset_id'] = fipset_id floatingip['floatingip'] = fip f = self.create_floatingip(context, floatingip) return self._get_floatingipset(context, fipset_id)
def create_openvpnconnection(self, context, openvpnconnection): openvpnconnection = openvpnconnection['openvpnconnection'] tenant_id = self._get_tenant_id_for_create(context, openvpnconnection) l3_plugin = manager.NeutronManager.get_service_plugins().get( constants.L3_ROUTER_NAT) if not l3_plugin: raise openvpn.RouterExtNotFound() openvpn_conns = self.get_openvpnconnections( context, filters={'router_id': [openvpnconnection['router_id']]}) if openvpn_conns: raise openvpn.OpenvpnInExists(router_id=openvpnconnection['router_id']) external = self.get_external(context, openvpnconnection['router_id'], openvpnconnection['peer_cidr']) openvpn_id = uuidutils.generate_uuid() openvpnconnection.update(external) openvpnconnection.update({'id':openvpn_id}) ta_key_info = ca.OpenVPNDBDrv().generate_client_ca(openvpn_id) openvpn_file = ca.OpenVPNFile(openvpnconnection) zip_contents = openvpn_file.generate_zip_file() #l3_plugin.get_router(context, openvpnconnection['router_id']) with context.session.begin(subtransactions=True): self._validate_peer_vpn_cidr(context, openvpnconnection['router_id'], openvpnconnection['peer_cidr']) openvpnconn_db = OpenVPNConnection( id=openvpn_id, tenant_id=tenant_id, name=openvpnconnection['name'], description=openvpnconnection['description'], peer_cidr=openvpnconnection['peer_cidr'], port=openvpnconnection['port'], protocol=openvpnconnection['protocol'], router_id=openvpnconnection['router_id'], admin_state_up=openvpnconnection['admin_state_up'], status=constants.DOWN, created_at=timeutils.utcnow(), ta_key=ta_key_info['ta_key'], zip_file=zip_contents, ) utils.make_default_name(openvpnconn_db, uos_constants.UOS_PRE_OPENVPN) context.session.add(openvpnconn_db) openvpn_cons = self._make_openvpn_ca_dict(openvpnconn_db) openvpn_cons.update(external) LOG.debug(_('openvpn service info %s in db '), openvpn_cons) #remove all file of client openvpn_file.remove_all_file() if self.openvpn_driver: self.openvpn_driver.create_vpnservice(context, openvpn_cons) return self._make_openvpnconnection_dict(openvpnconn_db)
def create_pptpconnection(self, context, pptpconnection): pptpconnection = pptpconnection['pptpconnection'] tenant_id = self._get_tenant_id_for_create(context, pptpconnection) l3_plugin = manager.NeutronManager.get_service_plugins().get( constants.L3_ROUTER_NAT) if not l3_plugin: raise pptpvpnaas.RouterExtNotFound() l3_plugin.get_router(context, pptpconnection['router_id']) with context.session.begin(subtransactions=True): self._validate_vpn_cidr(context, pptpconnection['router_id'], pptpconnection['vpn_cidr']) pptpconn_db = PPTPConnection( id=uuidutils.generate_uuid(), tenant_id=tenant_id, name=pptpconnection['name'], description=pptpconnection['description'], vpn_cidr=pptpconnection['vpn_cidr'], router_id=pptpconnection['router_id'], admin_state_up=pptpconnection['admin_state_up'], status=constants.DOWN, created_at=timeutils.utcnow(), ) utils.make_default_name(pptpconn_db, uos_constants.UOS_PRE_PPTP) context.session.add(pptpconn_db) result = self._make_pptpconnection_dict(pptpconn_db) if self.pptp_driver: self.pptp_driver.create_vpnservice(context, result) return result
def create_openvpnconnection(self, context, openvpnconnection): openvpnconnection = openvpnconnection['openvpnconnection'] tenant_id = self._get_tenant_id_for_create(context, openvpnconnection) l3_plugin = manager.NeutronManager.get_service_plugins().get( constants.L3_ROUTER_NAT) if not l3_plugin: raise openvpn.RouterExtNotFound() openvpn_conns = self.get_openvpnconnections( context, filters={'router_id': [openvpnconnection['router_id']]}) if openvpn_conns: raise openvpn.OpenvpnInExists( router_id=openvpnconnection['router_id']) external = self.get_external(context, openvpnconnection['router_id'], openvpnconnection['peer_cidr']) openvpn_id = uuidutils.generate_uuid() openvpnconnection.update(external) openvpnconnection.update({'id': openvpn_id}) ta_key_info = ca.OpenVPNDBDrv().generate_client_ca(openvpn_id) openvpn_file = ca.OpenVPNFile(openvpnconnection) zip_contents = openvpn_file.generate_zip_file() #l3_plugin.get_router(context, openvpnconnection['router_id']) with context.session.begin(subtransactions=True): self._validate_peer_vpn_cidr(context, openvpnconnection['router_id'], openvpnconnection['peer_cidr']) openvpnconn_db = OpenVPNConnection( id=openvpn_id, tenant_id=tenant_id, name=openvpnconnection['name'], description=openvpnconnection['description'], peer_cidr=openvpnconnection['peer_cidr'], port=openvpnconnection['port'], protocol=openvpnconnection['protocol'], router_id=openvpnconnection['router_id'], admin_state_up=openvpnconnection['admin_state_up'], status=constants.DOWN, created_at=timeutils.utcnow(), ta_key=ta_key_info['ta_key'], zip_file=zip_contents, ) utils.make_default_name(openvpnconn_db, uos_constants.UOS_PRE_OPENVPN) context.session.add(openvpnconn_db) openvpn_cons = self._make_openvpn_ca_dict(openvpnconn_db) openvpn_cons.update(external) LOG.debug(_('openvpn service info %s in db '), openvpn_cons) #remove all file of client openvpn_file.remove_all_file() if self.openvpn_driver: self.openvpn_driver.create_vpnservice(context, openvpn_cons) return self._make_openvpnconnection_dict(openvpnconn_db)
def create_security_group(self, context, security_group, default_sg=False): """Create security group. If default_sg is true that means we are a default security group for a given tenant if it does not exist. """ s = security_group['security_group'] tenant_id = self._get_tenant_id_for_create(context, s) if not default_sg: self._ensure_default_security_group(context, tenant_id) try: with context.session.begin(subtransactions=True): security_group_db = SecurityGroup( id=s.get('id') or (uuidutils.generate_uuid()), description=s['description'], tenant_id=tenant_id, name=s['name'], created_at=timeutils.utcnow()) utils.make_default_name(security_group_db, uos_constants.UOS_PRE_SG) context.session.add(security_group_db) for ethertype in ext_sg.sg_supported_ethertypes: if s.get('name') == 'default': # Allow intercommunication ingress_rule = SecurityGroupRule( id=uuidutils.generate_uuid(), tenant_id=tenant_id, security_group=security_group_db, direction='ingress', ethertype=ethertype, source_group=security_group_db) context.session.add(ingress_rule) egress_rule = SecurityGroupRule( id=uuidutils.generate_uuid(), tenant_id=tenant_id, security_group=security_group_db, direction='egress', ethertype=ethertype) context.session.add(egress_rule) # gongysh UOS default ingress port open for default_rule in ( sg_cfg.DefaultSGRulesConfig.sg_default_rules): if (s.get('name') != 'default' and 'self' == default_rule.protocol): # Allow intercommunication ingress_rule = SecurityGroupRule( id=uuidutils.generate_uuid(), tenant_id=tenant_id, security_group=security_group_db, direction='ingress', ethertype=ethertype, source_group=security_group_db) context.session.add(ingress_rule) elif ('self' != default_rule.protocol): ingress_rule = SecurityGroupRule( id=uuidutils.generate_uuid(), tenant_id=tenant_id, security_group=security_group_db, direction=default_rule.direction, ethertype=ethertype, protocol=default_rule.protocol, port_range_min=default_rule.port_range_min, port_range_max=default_rule.port_range_max) context.session.add(ingress_rule) except db_exc.DBDuplicateEntry as e: if e.columns == ['tenant_id', 'name']: if default_sg: raise else: raise ext_sg.SecurityGroupDuplicateName(name=s['name']) return self._make_security_group_dict(security_group_db, process_extensions=False)
def create_security_group(self, context, security_group, default_sg=False): """Create security group. If default_sg is true that means we are a default security group for a given tenant if it does not exist. """ s = security_group['security_group'] tenant_id = self._get_tenant_id_for_create(context, s) if not default_sg: self._ensure_default_security_group(context, tenant_id) try: with context.session.begin(subtransactions=True): security_group_db = SecurityGroup(id=s.get('id') or ( uuidutils.generate_uuid()), description=s['description'], tenant_id=tenant_id, name=s['name'], created_at=timeutils.utcnow() ) utils.make_default_name(security_group_db, uos_constants.UOS_PRE_SG) context.session.add(security_group_db) for ethertype in ext_sg.sg_supported_ethertypes: if s.get('name') == 'default': # Allow intercommunication ingress_rule = SecurityGroupRule( id=uuidutils.generate_uuid(), tenant_id=tenant_id, security_group=security_group_db, direction='ingress', ethertype=ethertype, source_group=security_group_db) context.session.add(ingress_rule) egress_rule = SecurityGroupRule( id=uuidutils.generate_uuid(), tenant_id=tenant_id, security_group=security_group_db, direction='egress', ethertype=ethertype) context.session.add(egress_rule) # gongysh UOS default ingress port open for default_rule in (sg_cfg.DefaultSGRulesConfig. sg_default_rules): if (s.get('name') != 'default' and 'self' == default_rule.protocol): # Allow intercommunication ingress_rule = SecurityGroupRule( id=uuidutils.generate_uuid(), tenant_id=tenant_id, security_group=security_group_db, direction='ingress', ethertype=ethertype, source_group=security_group_db) context.session.add(ingress_rule) elif ('self' != default_rule.protocol): ingress_rule = SecurityGroupRule( id=uuidutils.generate_uuid(), tenant_id=tenant_id, security_group=security_group_db, direction=default_rule.direction, ethertype=ethertype, protocol=default_rule.protocol, port_range_min=default_rule.port_range_min, port_range_max=default_rule.port_range_max) context.session.add(ingress_rule) except db_exc.DBDuplicateEntry as e: if e.columns == ['tenant_id', 'name']: if default_sg: raise else: raise ext_sg.SecurityGroupDuplicateName(name=s['name']) return self._make_security_group_dict(security_group_db, process_extensions=False)