def create_floatingipset(self, context, floatingipset):
floatingip = {}
fip = {}
fipset = floatingipset['floatingipset']
# check service provider exist
self._check_exist_service_provider(context, fipset)
fipset_id=uuidutils.generate_uuid()
with context.session.begin(subtransactions=True):
floatingipset_db = FloatingIPSet(id=fipset_id,
uos_name=fipset.get('uos:name'))
common_utils.make_default_name(floatingipset_db,
uos_l3_constants.UOS_PRE_FIPSET, name='uos_name')
context.session.add(floatingipset_db)
for service_provider in fipset.get(uosfloatingip.UOS_SERVICE_PROVIDER, []):
fip['rate_limit'] = fipset.get('rate_limit')
fip['tenant_id'] = fipset.get('tenant_id')
fip[uosfloatingip.UOS_NAME] = fipset.get(uosfloatingip.UOS_NAME)
fip['floating_network_id'] = fipset.get('floatingipset_network_id')
fip[uosfloatingip.UOS_SERVICE_PROVIDER] = service_provider
fip['floatingipset_id'] = fipset_id
floatingip['floatingip'] = fip
f = self.create_floatingip(context, floatingip)
return self._get_floatingipset(context, fipset_id)
def create_openvpnconnection(self, context, openvpnconnection):
openvpnconnection = openvpnconnection['openvpnconnection']
tenant_id = self._get_tenant_id_for_create(context,
openvpnconnection)
l3_plugin = manager.NeutronManager.get_service_plugins().get(
constants.L3_ROUTER_NAT)
if not l3_plugin:
raise openvpn.RouterExtNotFound()
openvpn_conns = self.get_openvpnconnections(
context, filters={'router_id': [openvpnconnection['router_id']]})
if openvpn_conns:
raise openvpn.OpenvpnInExists(router_id=openvpnconnection['router_id'])
external = self.get_external(context, openvpnconnection['router_id'],
openvpnconnection['peer_cidr'])
openvpn_id = uuidutils.generate_uuid()
openvpnconnection.update(external)
openvpnconnection.update({'id':openvpn_id})
ta_key_info = ca.OpenVPNDBDrv().generate_client_ca(openvpn_id)
openvpn_file = ca.OpenVPNFile(openvpnconnection)
zip_contents = openvpn_file.generate_zip_file()
#l3_plugin.get_router(context, openvpnconnection['router_id'])
with context.session.begin(subtransactions=True):
self._validate_peer_vpn_cidr(context,
openvpnconnection['router_id'],
openvpnconnection['peer_cidr'])
openvpnconn_db = OpenVPNConnection(
id=openvpn_id,
tenant_id=tenant_id,
name=openvpnconnection['name'],
description=openvpnconnection['description'],
peer_cidr=openvpnconnection['peer_cidr'],
port=openvpnconnection['port'],
protocol=openvpnconnection['protocol'],
router_id=openvpnconnection['router_id'],
admin_state_up=openvpnconnection['admin_state_up'],
status=constants.DOWN,
created_at=timeutils.utcnow(),
ta_key=ta_key_info['ta_key'],
zip_file=zip_contents,
)
utils.make_default_name(openvpnconn_db, uos_constants.UOS_PRE_OPENVPN)
context.session.add(openvpnconn_db)
openvpn_cons = self._make_openvpn_ca_dict(openvpnconn_db)
openvpn_cons.update(external)
LOG.debug(_('openvpn service info %s in db '),
openvpn_cons)
#remove all file of client
openvpn_file.remove_all_file()
if self.openvpn_driver:
self.openvpn_driver.create_vpnservice(context, openvpn_cons)
return self._make_openvpnconnection_dict(openvpnconn_db)
def create_pptpconnection(self, context, pptpconnection):
pptpconnection = pptpconnection['pptpconnection']
tenant_id = self._get_tenant_id_for_create(context, pptpconnection)
l3_plugin = manager.NeutronManager.get_service_plugins().get(
constants.L3_ROUTER_NAT)
if not l3_plugin:
raise pptpvpnaas.RouterExtNotFound()
l3_plugin.get_router(context, pptpconnection['router_id'])
with context.session.begin(subtransactions=True):
self._validate_vpn_cidr(context, pptpconnection['router_id'],
pptpconnection['vpn_cidr'])
pptpconn_db = PPTPConnection(
id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
name=pptpconnection['name'],
description=pptpconnection['description'],
vpn_cidr=pptpconnection['vpn_cidr'],
router_id=pptpconnection['router_id'],
admin_state_up=pptpconnection['admin_state_up'],
status=constants.DOWN,
created_at=timeutils.utcnow(),
)
utils.make_default_name(pptpconn_db, uos_constants.UOS_PRE_PPTP)
context.session.add(pptpconn_db)
result = self._make_pptpconnection_dict(pptpconn_db)
if self.pptp_driver:
self.pptp_driver.create_vpnservice(context, result)
return result
def create_pptpconnection(self, context, pptpconnection):
pptpconnection = pptpconnection['pptpconnection']
tenant_id = self._get_tenant_id_for_create(context,
pptpconnection)
l3_plugin = manager.NeutronManager.get_service_plugins().get(
constants.L3_ROUTER_NAT)
if not l3_plugin:
raise pptpvpnaas.RouterExtNotFound()
l3_plugin.get_router(context, pptpconnection['router_id'])
with context.session.begin(subtransactions=True):
self._validate_vpn_cidr(context,
pptpconnection['router_id'],
pptpconnection['vpn_cidr'])
pptpconn_db = PPTPConnection(
id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
name=pptpconnection['name'],
description=pptpconnection['description'],
vpn_cidr=pptpconnection['vpn_cidr'],
router_id=pptpconnection['router_id'],
admin_state_up=pptpconnection['admin_state_up'],
status=constants.DOWN,
created_at=timeutils.utcnow(),
)
utils.make_default_name(pptpconn_db, uos_constants.UOS_PRE_PPTP)
context.session.add(pptpconn_db)
result = self._make_pptpconnection_dict(pptpconn_db)
if self.pptp_driver:
self.pptp_driver.create_vpnservice(context, result)
return result
def create_openvpnconnection(self, context, openvpnconnection):
openvpnconnection = openvpnconnection['openvpnconnection']
tenant_id = self._get_tenant_id_for_create(context, openvpnconnection)
l3_plugin = manager.NeutronManager.get_service_plugins().get(
constants.L3_ROUTER_NAT)
if not l3_plugin:
raise openvpn.RouterExtNotFound()
openvpn_conns = self.get_openvpnconnections(
context, filters={'router_id': [openvpnconnection['router_id']]})
if openvpn_conns:
raise openvpn.OpenvpnInExists(
router_id=openvpnconnection['router_id'])
external = self.get_external(context, openvpnconnection['router_id'],
openvpnconnection['peer_cidr'])
openvpn_id = uuidutils.generate_uuid()
openvpnconnection.update(external)
openvpnconnection.update({'id': openvpn_id})
ta_key_info = ca.OpenVPNDBDrv().generate_client_ca(openvpn_id)
openvpn_file = ca.OpenVPNFile(openvpnconnection)
zip_contents = openvpn_file.generate_zip_file()
#l3_plugin.get_router(context, openvpnconnection['router_id'])
with context.session.begin(subtransactions=True):
self._validate_peer_vpn_cidr(context,
openvpnconnection['router_id'],
openvpnconnection['peer_cidr'])
openvpnconn_db = OpenVPNConnection(
id=openvpn_id,
tenant_id=tenant_id,
name=openvpnconnection['name'],
description=openvpnconnection['description'],
peer_cidr=openvpnconnection['peer_cidr'],
port=openvpnconnection['port'],
protocol=openvpnconnection['protocol'],
router_id=openvpnconnection['router_id'],
admin_state_up=openvpnconnection['admin_state_up'],
status=constants.DOWN,
created_at=timeutils.utcnow(),
ta_key=ta_key_info['ta_key'],
zip_file=zip_contents,
)
utils.make_default_name(openvpnconn_db,
uos_constants.UOS_PRE_OPENVPN)
context.session.add(openvpnconn_db)
openvpn_cons = self._make_openvpn_ca_dict(openvpnconn_db)
openvpn_cons.update(external)
LOG.debug(_('openvpn service info %s in db '), openvpn_cons)
#remove all file of client
openvpn_file.remove_all_file()
if self.openvpn_driver:
self.openvpn_driver.create_vpnservice(context, openvpn_cons)
return self._make_openvpnconnection_dict(openvpnconn_db)
def create_security_group(self, context, security_group, default_sg=False):
"""Create security group.
If default_sg is true that means we are a default security group for
a given tenant if it does not exist.
"""
s = security_group['security_group']
tenant_id = self._get_tenant_id_for_create(context, s)
if not default_sg:
self._ensure_default_security_group(context, tenant_id)
try:
with context.session.begin(subtransactions=True):
security_group_db = SecurityGroup(
id=s.get('id') or (uuidutils.generate_uuid()),
description=s['description'],
tenant_id=tenant_id,
name=s['name'],
created_at=timeutils.utcnow())
utils.make_default_name(security_group_db,
uos_constants.UOS_PRE_SG)
context.session.add(security_group_db)
for ethertype in ext_sg.sg_supported_ethertypes:
if s.get('name') == 'default':
# Allow intercommunication
ingress_rule = SecurityGroupRule(
id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
security_group=security_group_db,
direction='ingress',
ethertype=ethertype,
source_group=security_group_db)
context.session.add(ingress_rule)
egress_rule = SecurityGroupRule(
id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
security_group=security_group_db,
direction='egress',
ethertype=ethertype)
context.session.add(egress_rule)
# gongysh UOS default ingress port open
for default_rule in (
sg_cfg.DefaultSGRulesConfig.sg_default_rules):
if (s.get('name') != 'default'
and 'self' == default_rule.protocol):
# Allow intercommunication
ingress_rule = SecurityGroupRule(
id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
security_group=security_group_db,
direction='ingress',
ethertype=ethertype,
source_group=security_group_db)
context.session.add(ingress_rule)
elif ('self' != default_rule.protocol):
ingress_rule = SecurityGroupRule(
id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
security_group=security_group_db,
direction=default_rule.direction,
ethertype=ethertype,
protocol=default_rule.protocol,
port_range_min=default_rule.port_range_min,
port_range_max=default_rule.port_range_max)
context.session.add(ingress_rule)
except db_exc.DBDuplicateEntry as e:
if e.columns == ['tenant_id', 'name']:
if default_sg:
raise
else:
raise ext_sg.SecurityGroupDuplicateName(name=s['name'])
return self._make_security_group_dict(security_group_db,
process_extensions=False)
def create_security_group(self, context, security_group, default_sg=False):
"""Create security group.
If default_sg is true that means we are a default security group for
a given tenant if it does not exist.
"""
s = security_group['security_group']
tenant_id = self._get_tenant_id_for_create(context, s)
if not default_sg:
self._ensure_default_security_group(context, tenant_id)
try:
with context.session.begin(subtransactions=True):
security_group_db = SecurityGroup(id=s.get('id') or (
uuidutils.generate_uuid()),
description=s['description'],
tenant_id=tenant_id,
name=s['name'],
created_at=timeutils.utcnow()
)
utils.make_default_name(security_group_db,
uos_constants.UOS_PRE_SG)
context.session.add(security_group_db)
for ethertype in ext_sg.sg_supported_ethertypes:
if s.get('name') == 'default':
# Allow intercommunication
ingress_rule = SecurityGroupRule(
id=uuidutils.generate_uuid(), tenant_id=tenant_id,
security_group=security_group_db,
direction='ingress',
ethertype=ethertype,
source_group=security_group_db)
context.session.add(ingress_rule)
egress_rule = SecurityGroupRule(
id=uuidutils.generate_uuid(), tenant_id=tenant_id,
security_group=security_group_db,
direction='egress',
ethertype=ethertype)
context.session.add(egress_rule)
# gongysh UOS default ingress port open
for default_rule in (sg_cfg.DefaultSGRulesConfig.
sg_default_rules):
if (s.get('name') != 'default' and
'self' == default_rule.protocol):
# Allow intercommunication
ingress_rule = SecurityGroupRule(
id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
security_group=security_group_db,
direction='ingress',
ethertype=ethertype,
source_group=security_group_db)
context.session.add(ingress_rule)
elif ('self' != default_rule.protocol):
ingress_rule = SecurityGroupRule(
id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
security_group=security_group_db,
direction=default_rule.direction,
ethertype=ethertype,
protocol=default_rule.protocol,
port_range_min=default_rule.port_range_min,
port_range_max=default_rule.port_range_max)
context.session.add(ingress_rule)
except db_exc.DBDuplicateEntry as e:
if e.columns == ['tenant_id', 'name']:
if default_sg:
raise
else:
raise ext_sg.SecurityGroupDuplicateName(name=s['name'])
return self._make_security_group_dict(security_group_db,
process_extensions=False)
