def _disassociate_floatingip(self, context, id):
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
db_ip = fortinet_db.query_record(context, models_v2.IPAllocation,
port_id=l3db_fip.fixed_port_id)
vlan_inf = utils.get_intf(context, db_ip.network_id)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.delete_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=l3db_fip.fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
utils.delete_fwaddress(self, context,
name=l3db_fip.fixed_ip_address,
vdom=db_namespace.vdom)
utils.delete_fwpolicy(self, context,
vdom=db_namespace.vdom,
dstaddr=db_fip.floating_ip_address)
utils.delete_vip(self, context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address)
def clr_ext_gw(obj, context, port):
ip_address = port['fixed_ips'][0]['ip_address']
subnetv2_db = fortinet_db.query_record(
context, models_v2.Subnet, id=port['fixed_ips'][0]['subnet_id'])
netmask = netaddr.IPNetwork(subnetv2_db.cidr).netmask
ip = "%s %s" % (ip_address, netmask)
delete_interface_ip(obj,
context,
name=obj._fortigate['ext_interface'],
vdom=const.EXT_VDOM,
ip=ip)
delete_fwpolicy(obj, context, vdom=const.EXT_VDOM, poolname=ip_address)
delete_fwippool(obj, context, vdom=const.EXT_VDOM, name=ip_address)
router_db = fortinet_db.query_record(context,
l3_db.Router,
id=port['device_id'])
tenant_id = router_db.get('tenant_id', None)
if tenant_id:
delete_vlink(obj, context, tenant_id=tenant_id)
if not [ getattr(record, 'gw_port_id', None) for record in
fortinet_db.query_records(context, l3_db.Router,
tenant_id=tenant_id)
if getattr(record, 'gw_port_id', None)] and \
not fortinet_db.query_count(context, models_v2.Network,
tenant_id=tenant_id):
delete_vdom(obj, context, tenant_id=tenant_id)
def delete_network_precommit(self, mech_context):
"""Delete Network from the plugin specific database table."""
network = mech_context.current
network_id = network['id']
context = mech_context._plugin_context
if fortinet_db.query_record(context,
ExternalNetwork,
network_id=network_id):
# return when the network is external network
# TODO: may check external network before delete namespace
return
tenant_id = network['tenant_id']
namespace = fortinet_db.query_record(
context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id)
if not namespace:
return
# TODO: type driver support vlan only, need to check later
vlanid = network['provider:segmentation_id']
inf_name = const.PREFIX['inf'] + str(vlanid)
try:
utils.delete_vlanintf(self,
context,
name=inf_name,
vdom=namespace.vdom)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def delete_reservedip(obj, context, **kwargs):
cls = fortinet_db.Fortinet_ML2_ReservedIP
reserved_ip = fortinet_db.query_record(context, cls, **kwargs)
if reserved_ip:
db_reservedips = fortinet_db.query_records(
context, cls, subnet_id=reserved_ip.subnet_id)
db_reservedips.remove(reserved_ip)
reserved_addresses = []
for rsrvdip in db_reservedips:
reserved_addresses.append({
'id': rsrvdip.edit_id,
'ip': rsrvdip.ip,
'mac': rsrvdip.mac
})
db_subnet = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Subnet,
subnet_id=reserved_ip.subnet_id)
if db_subnet:
op(obj,
context,
resources.DhcpServerRsvAddr.set,
id=db_subnet.edit_id,
vdom=reserved_ip.vdom,
reserved_address=json.dumps(reserved_addresses))
fortinet_db.delete_record(context, cls, **kwargs)
def create_port_precommit(self, mech_context):
"""Create logical port on the fortigate (db update)."""
port = mech_context.current
LOG.debug(_("create_port_precommit mech_context = %s" % mech_context))
context = mech_context._plugin_context
namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=port['tenant_id'])
port_id = port['id']
subnet_id = port['fixed_ips'][0]['subnet_id']
ip_address = port['fixed_ips'][0]['ip_address']
mac = port['mac_address']
db_subnetv2 = fortinet_db.query_record(context,
models_v2.Subnet,
id=subnet_id)
if port['device_owner'] in ['network:router_gateway']:
if fortinet_db.query_record(context,
ExternalNetwork,
network_id=port['network_id']):
utils.set_ext_gw(self, context, port)
elif port['device_owner'] in ['compute:nova', 'compute:None', '']:
# add dhcp related functions
# '': create port before associate the port with a vm
utils.add_reservedip(self,
context,
port_id=port_id,
subnet_id=subnet_id,
mac=mac,
ip=ip_address,
vdom=namespace.vdom)
elif port['device_owner'] in ['network:router_interface']:
if db_subnetv2.cidr:
cidr = netaddr.IPNetwork(db_subnetv2.cidr)
subnet = ' '.join([str(cidr.network), str(cidr.netmask)])
utils.add_fwaddress(self,
context,
vdom=namespace.vdom,
name=str(cidr.network),
subnet=subnet)
addrgrp_name = const.PREFIX['addrgrp'] + namespace.vdom
utils.add_addrgrp(self,
context,
name=addrgrp_name,
vdom=namespace.vdom,
members=[
str(cidr.network),
])
utils.add_fwpolicy(self,
context,
vdom=namespace.vdom,
srcintf='any',
srcaddr=addrgrp_name,
dstintf='any',
dstaddr=addrgrp_name,
nat='disable')
return
def set_ext_gw(obj, context, port):
"""
:param context:
:param port: example format
port = {
'status': 'DOWN',
'binding:host_id': '',
'allowed_address_pairs': [],
'device_owner': 'network:router_gateway',
'binding:profile': {},
'fixed_ips': [{
'subnet_id': u'09855a84-edfd-474d-b641-38a2bc63466a',
'ip_address': u'10.160.37.111'
}],
'id': '6e68efc0-c0ca-40a2-a502-c2bf19304317',
'security_groups': [],
'device_id': u'8312d7a2-cae5-4e87-9c04-782c4a34bb8c',
'name': '',
'admin_state_up': True,
'network_id': u'95eb736c-dd3b-4bf5-940a-8fa8e707a376',
'tenant_id': '',
'binding:vif_details': {},
'binding:vnic_type': 'normal',
'binding:vif_type': 'unbound',
'mac_address': 'fa:16:3e:95:02:ab'
}
:return:
"""
router_db = fortinet_db.query_record(context, l3_db.Router,
id=port['device_id'])
tenant_id = router_db.get('tenant_id', None)
if not tenant_id:
raise ValueError
namespace = add_vdom(obj, context, tenant_id=tenant_id)
add_vlink(obj, context, namespace.vdom)
vlink_db = fortinet_db.query_record(context,
fortinet_db.Fortinet_Vlink_Vlan_Allocation,
vdom=namespace.vdom)
ip_address = port['fixed_ips'][0]['ip_address']
add_fwippool(obj, context, vdom=const.EXT_VDOM,
name=ip_address, startip=ip_address)
add_fwpolicy(obj, context,
vdom=const.EXT_VDOM,
srcintf=vlink_db.inf_name_ext_vdom,
dstintf=obj._fortigate['ext_interface'],
poolname=ip_address)
subnet_db = fortinet_db.query_record(context, models_v2.Subnet,
id=port['fixed_ips'][0]['subnet_id'])
if subnet_db:
netmask = netaddr.IPNetwork(subnet_db.cidr).netmask
add_interface_ip(obj, context,
name=obj._fortigate['ext_interface'],
vdom=const.EXT_VDOM,
ip="%s %s" % (ip_address, netmask))
def create_subnet_postcommit(self, mech_context):
"""Noop now, it is left here for future."""
# LOG.debug(_("create_subnetwork_postcommit: called"))
gateway = mech_context.current["gateway_ip"]
network_id = mech_context.current["network_id"]
subnet_id = mech_context.current["id"]
tenant_id = mech_context.current["tenant_id"]
context = mech_context._plugin_context
try:
if fortinet_db.query_record(context, ExternalNetwork, network_id=network_id):
utils.add_routerstatic(
self,
context,
subnet_id=subnet_id,
vdom=const.EXT_VDOM,
dst=const.EXT_DEF_DST,
device=self._fortigate["ext_interface"],
gateway=gateway,
)
else:
namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id)
interface = utils.get_intf(context, mech_context.current["network_id"])
netmask = str(netaddr.IPNetwork(mech_context.current["cidr"]).netmask)
start_ip = mech_context.current["allocation_pools"][0]["start"]
end_ip = mech_context.current["allocation_pools"][0]["end"]
utils.add_dhcpserver(
self,
context,
subnet_id=subnet_id,
vdom=namespace.vdom,
interface=interface,
gateway=gateway,
netmask=netmask,
start_ip=start_ip,
end_ip=end_ip,
)
# TODO: need to add rollback for the update and set
cls = fortinet_db.Fortinet_Interface
record = fortinet_db.query_record(context, cls, name=interface, vdom=namespace.vdom)
if gateway:
cls.update_record(context, record, ip="%s %s" % (gateway, netmask))
utils.op(
self,
context,
resources.VlanInterface.set,
name=interface,
vdom=namespace.vdom,
ip="%s %s" % (gateway, netmask),
)
except Exception as e:
utils._rollback_on_err(self, context, e)
raise ml2_exc.MechanismDriverError(method=sys._getframe().f_code.co_name)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _associate_floatingip(self, context, id, floatingip):
try:
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
fixed_ip_address = floatingip['floatingip']['fixed_ip_address']
utils.add_vip(self, context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address,
extip=mappedip,
extintf=int_intf,
mappedip=fixed_ip_address)
db_ip = fortinet_db.query_record(context, models_v2.IPAllocation,
port_id=floatingip['floatingip']['port_id'])
vlan_inf = utils.get_intf(context, db_ip.network_id)
utils.add_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=int_intf,
dstintf=vlan_inf,
dstaddr=db_fip.floating_ip_address,
nat='enable')
utils.add_fwaddress(self, context,
name=fixed_ip_address,
vdom=db_namespace.vdom,
subnet="%s 255.255.255.255" % fixed_ip_address,
associated_interface=vlan_inf)
db_fwpolicy = utils.add_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
utils.head_firewall_policy(self, context,
vdom=db_namespace.vdom,
id=db_fwpolicy.edit_id)
except Exception as e:
utils._rollback_on_err(self, context, e)
raise e
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def add_router_interface(self, context, router_id, interface_info):
"""creates vlnk on the fortinet device."""
LOG.debug("FortinetL3ServicePlugin.add_router_interface: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r",
{'router_id': router_id, 'interface_info': interface_info})
with context.session.begin(subtransactions=True):
info = super(FortinetL3ServicePlugin, self).add_router_interface(
context, router_id, interface_info)
port = db.get_port(context.session, info['port_id'])
port['admin_state_up'] = True
port['port'] = port
LOG.debug("FortinetL3ServicePlugin: "
"context=%(context)s"
"port=%(port)s "
"info=%(info)r",
{'context': context, 'port': port, 'info': info})
#self._core_plugin.update_port(context, info["port_id"], port)
interface_info = info
subnet = self._core_plugin._get_subnet(context,
interface_info['subnet_id'])
network_id = subnet['network_id']
tenant_id = port['tenant_id']
port_filters = {'network_id': [network_id],
'device_owner': [DEVICE_OWNER_ROUTER_INTF]}
port_count = self._core_plugin.get_ports_count(context,
port_filters)
# port count is checked against 2 since the current port is already
# added to db
if port_count == 2:
# This subnet is already part of some router
LOG.error(_("FortinetL3ServicePlugin: adding redundant router "
"interface is not supported"))
raise Exception(_("FortinetL3ServicePlugin:adding redundant "
"router interface is not supported"))
try:
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
vlan_inf = utils.get_intf(context, network_id)
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
utils.add_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
dstintf=int_intf,
nat='enable')
except Exception as e:
LOG.error(_("Failed to create Fortinet resources to add router "
"interface. info=%(info)s, router_id=%(router_id)s"),
{"info": info, "router_id": router_id})
resources.Exinfo(e)
with excutils.save_and_reraise_exception():
self.remove_router_interface(context, router_id,
interface_info)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
return info
def add_addrgrp(obj, context, **kwargs):
"""
:param context:
:param kwargs:
{
"name": "addrgrp_osvdm1",
"vdom": "osvdm1",
"members": ["192.168.33.0"]
}
:return:
"""
cls = fortinet_db.Fortinet_Firewall_Address
records = fortinet_db.query_records(context, cls, group=kwargs['name'])
for name in kwargs['members']:
record = fortinet_db.query_record(context, cls,
name=name, vdom=kwargs['vdom'])
if not record.group:
cls.update_record(context, record, group=kwargs['name'])
# TODO: need to add a rollback action to taskmanager
else:
LOG.debug(_("The member %(record)s already joined a group"),
{"record": record})
for record in records:
kwargs['members'].append(record.name)
try:
op(obj, context, resources.FirewallAddrgrp.get,
name=kwargs['name'], vdom=kwargs['vdom'])
# TODO: need to add a rollback action to taskmanager
op(obj, context, resources.FirewallAddrgrp.set, **kwargs)
except exception.ResourceNotFound:
op(obj, context, resources.FirewallAddrgrp.add, **kwargs)
def add_interface_ip(obj, context, **kwargs):
"""
:param context:
:param kwargs: example format as below
{
"ip": "10.160.37.20 255.255.255.0",
"name": "port37",
"vdom": "root"
}
:return:
"""
inf_db = fortinet_db.query_record(context,
fortinet_db.Fortinet_Interface,
name=kwargs.get('name'))
if const.EXT_DEF_DST in getattr(inf_db, 'ip'):
inf_db.update_record(context, inf_db, **kwargs)
op(obj, context, resources.VlanInterface.set, **kwargs)
else:
records = fortinet_db.query_records(context,
fortinet_db.Fortinet_Interface_subip,
name=kwargs.get('name'))
org_subips = [getattr(record, 'ip') for record in records]
if kwargs.get('ip') in org_subips:
return
add_record(obj, context,
fortinet_db.Fortinet_Interface_subip, **kwargs)
org_subips.append(kwargs.get('ip'))
op(obj, context, resources.VlanInterface.set,
name=kwargs.get('name'),
vdom=kwargs.get('vdom'),
secondaryips=org_subips)
def get_vlink_intf(obj, context, **kwargs):
vlink_vlan = fortinet_db.query_record(context,
fortinet_db.Fortinet_Vlink_Vlan_Allocation,
**kwargs)
if not vlink_vlan and kwargs.get('vdom', None):
return add_vlink(obj, context, kwargs['vdom'])
return (vlink_vlan.inf_name_int_vdom, vlink_vlan.inf_name_ext_vdom)
def remove_router_interface(self, context, router_id, interface_info):
"""Deletes vlink, default router from Fortinet device."""
LOG.debug("FortinetL3ServicePlugin.remove_router_interface called: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r",
{'router_id': router_id, 'interface_info': interface_info})
with context.session.begin(subtransactions=True):
info = super(FortinetL3ServicePlugin, self).\
remove_router_interface(context, router_id, interface_info)
try:
subnet = self._core_plugin._get_subnet(context,
info['subnet_id'])
tenant_id = subnet['tenant_id']
network_id = subnet['network_id']
vlan_inf = utils.get_intf(context, network_id)
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
utils.delete_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf)
except Exception:
LOG.error(_("Fail remove of interface from Fortinet router "
"interface. info=%(info)s, "
"router_id=%(router_id)s") %
({"info": info, "router_id": router_id}))
raise Exception
return info
def delete_network_postcommit(self, mech_context):
"""Delete network which translates to remove vlan interface
and related vdom from the fortigate.
"""
LOG.debug(_("delete_network_postcommit: called"))
network = mech_context.current
context = mech_context._plugin_context
tenant_id = network["tenant_id"]
if not fortinet_db.query_count(context, models_v2.Network, tenant_id=tenant_id):
try:
namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id)
if not namespace:
return
if not [
getattr(record, "gw_port_id", None)
for record in fortinet_db.query_records(context, l3_db.Router, tenant_id=namespace.tenant_id)
if getattr(record, "gw_port_id", None)
]:
utils.delete_vlink(self, context, tenant_id=tenant_id)
utils.delete_vdom(self, context, vdom=namespace.vdom)
LOG.info(
_("delete network postcommit: tenant= %(tenant_id)s" " vdom= %(vdom)s"),
{"tenant_id": tenant_id, "vdom": namespace.vdom},
)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(method=sys._getframe().f_code.co_name)
def delete_port_postcommit(self, mech_context):
port = mech_context.current
context = mech_context._plugin_context
try:
port_id = port['id']
subnet_id = port['fixed_ips'][0]['subnet_id']
db_subnet = fortinet_db.query_record(
context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=subnet_id)
db_subnetv2 = fortinet_db.query_record(context,
models_v2.Subnet,
id=subnet_id)
if port['device_owner'] in ['network:router_gateway']:
if fortinet_db.query_record(context,
ExternalNetwork,
network_id=port['network_id']):
#delete ippool and its related firewall policy
utils.clr_ext_gw(self, context, port)
elif port['device_owner'] in ['compute:nova', 'compute:None', '']:
# delete dhcp related functions
utils.delete_reservedip(self, context, port_id=port_id)
elif port['device_owner'] in ['network:router_interface']:
# add firewall address and address group
name = const.PREFIX['addrgrp'] + db_subnet.vdom
member = str(netaddr.IPNetwork(db_subnetv2.cidr).network)
utils.delete_fwpolicy(self,
context,
vdom=db_subnet.vdom,
srcintf='any',
srcaddr=name,
dstintf='any',
dstaddr=name,
nat='disable')
utils.delete_addrgrp(self,
context,
name=name,
vdom=db_subnet.vdom,
members=member.split(' '))
utils.delete_fwaddress(self,
context,
vdom=db_subnet.vdom,
name=member)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def delete_floatingip(self, context, id):
LOG.debug(_("delete_floatingip: id=%s" % id))
fip = fortinet_db.query_record(context, l3_db.FloatingIP, id=id)
if fip and getattr(fip, 'fixed_port_id', None):
self._disassociate_floatingip(context, id)
super(FortinetL3ServicePlugin,
self).disassociate_floatingips(context, fip['fixed_port_id'])
self._release_floatingip(context, id)
super(FortinetL3ServicePlugin, self).delete_floatingip(context, id)
def delete_floatingip(self, context, id):
LOG.debug(_("delete_floatingip: id=%s" % id))
fip = fortinet_db.query_record(context, l3_db.FloatingIP, id=id)
if fip and getattr(fip, 'fixed_port_id', None):
self._disassociate_floatingip(context, id)
super(FortinetL3ServicePlugin, self).disassociate_floatingips(
context, fip['fixed_port_id'])
self._release_floatingip(context, id)
super(FortinetL3ServicePlugin, self).delete_floatingip(context, id)
def disassociate_floatingips(self, context, port_id, do_notify=True):
fip = fortinet_db.query_record(context, l3_db.FloatingIP,
fixed_port_id=port_id)
if fip and getattr(fip, 'id', None):
self._disassociate_floatingip(context, fip.id)
return super(FortinetL3ServicePlugin,
self).disassociate_floatingips(context,
port_id,
do_notify=do_notify)
def disassociate_floatingips(self, context, port_id, do_notify=True):
fip = fortinet_db.query_record(context,
l3_db.FloatingIP,
fixed_port_id=port_id)
if fip and getattr(fip, 'id', None):
self._disassociate_floatingip(context, fip.id)
return super(FortinetL3ServicePlugin,
self).disassociate_floatingips(context,
port_id,
do_notify=do_notify)
def delete_vdom(obj, context, **kwargs):
cls = fortinet_db.Fortinet_ML2_Namespace
namespace = fortinet_db.query_record(context, cls, **kwargs)
if namespace:
try:
op(obj, context, resources.Vdom.get, name=namespace.vdom)
op(obj, context, resources.Vdom.delete, name=namespace.vdom)
except Exception as e:
resources.Exinfo(e)
fortinet_db.delete_record(context, cls, **kwargs)
return namespace
def delete_vdom(obj, context, **kwargs):
cls = fortinet_db.Fortinet_ML2_Namespace
namespace = fortinet_db.query_record(context, cls, **kwargs)
if namespace:
try:
op(obj, context, resources.Vdom.get, name=namespace.vdom)
op(obj, context, resources.Vdom.delete, name=namespace.vdom)
except Exception as e:
resources.Exinfo(e)
fortinet_db.delete_record(context, cls, **kwargs)
return namespace
def _disassociate_floatingip(self, context, id):
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self,
context,
vdom=db_namespace.vdom)
db_ip = fortinet_db.query_record(context,
models_v2.IPAllocation,
port_id=l3db_fip.fixed_port_id)
vlan_inf = utils.get_intf(context, db_ip.network_id)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.delete_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=l3db_fip.fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
utils.delete_fwaddress(self,
context,
name=l3db_fip.fixed_ip_address,
vdom=db_namespace.vdom)
utils.delete_fwpolicy(self,
context,
vdom=db_namespace.vdom,
dstaddr=db_fip.floating_ip_address)
utils.delete_vip(self,
context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address)
def delete_network_precommit(self, mech_context):
"""Delete Network from the plugin specific database table."""
network = mech_context.current
network_id = network["id"]
context = mech_context._plugin_context
if fortinet_db.query_record(context, ExternalNetwork, network_id=network_id):
# return when the network is external network
# TODO: may check external network before delete namespace
return
tenant_id = network["tenant_id"]
namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id)
if not namespace:
return
# TODO: type driver support vlan only, need to check later
vlanid = network["provider:segmentation_id"]
inf_name = const.PREFIX["inf"] + str(vlanid)
try:
utils.delete_vlanintf(self, context, name=inf_name, vdom=namespace.vdom)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(method=sys._getframe().f_code.co_name)
def delete_vlink(obj, context, tenant_id):
vdom = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id).vdom
vlink_vlan = fortinet_db.query_record(
context,
fortinet_db.Fortinet_Vlink_Vlan_Allocation,
vdom=vdom,
allocated=True)
if not vlink_vlan:
return False
vlink_ip = fortinet_db.query_record(
context,
fortinet_db.Fortinet_Vlink_IP_Allocation,
vdom=vdom,
vlink_id=vlink_vlan.id,
allocated=True)
if not vlink_ip:
return False
"""
delete_fwpolicy(obj, context,
vdom=const.EXT_VDOM,
srcintf=vlink_vlan.inf_name_ext_vdom,
dstintf=obj._fortigate['ext_interface'],
nat='enable')"""
delete_routerstatic(obj,
context,
vdom=vdom,
dst=const.EXT_DEF_DST,
device=vlink_vlan.inf_name_int_vdom,
gateway=const.DEF_GW)
delete_vlink_intf(obj, context, vlink_vlan)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Vlink_IP_Allocation,
vdom=vdom,
vlink_id=vlink_vlan.id)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Vlink_Vlan_Allocation,
id=vlink_vlan.id)
return True
def create_port_precommit(self, mech_context):
"""Create logical port on the fortigate (db update)."""
port = mech_context.current
LOG.debug(_("create_port_precommit mech_context = %s" % mech_context))
context = mech_context._plugin_context
namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=port["tenant_id"])
port_id = port["id"]
subnet_id = port["fixed_ips"][0]["subnet_id"]
ip_address = port["fixed_ips"][0]["ip_address"]
mac = port["mac_address"]
db_subnetv2 = fortinet_db.query_record(context, models_v2.Subnet, id=subnet_id)
if port["device_owner"] in ["network:router_gateway"]:
if fortinet_db.query_record(context, ExternalNetwork, network_id=port["network_id"]):
utils.set_ext_gw(self, context, port)
elif port["device_owner"] in ["compute:nova", "compute:None", ""]:
# add dhcp related functions
# '': create port before associate the port with a vm
utils.add_reservedip(
self, context, port_id=port_id, subnet_id=subnet_id, mac=mac, ip=ip_address, vdom=namespace.vdom
)
elif port["device_owner"] in ["network:router_interface"]:
if db_subnetv2.cidr:
cidr = netaddr.IPNetwork(db_subnetv2.cidr)
subnet = " ".join([str(cidr.network), str(cidr.netmask)])
utils.add_fwaddress(self, context, vdom=namespace.vdom, name=str(cidr.network), subnet=subnet)
addrgrp_name = const.PREFIX["addrgrp"] + namespace.vdom
utils.add_addrgrp(self, context, name=addrgrp_name, vdom=namespace.vdom, members=[str(cidr.network)])
utils.add_fwpolicy(
self,
context,
vdom=namespace.vdom,
srcintf="any",
srcaddr=addrgrp_name,
dstintf="any",
dstaddr=addrgrp_name,
nat="disable",
)
return
def delete_reservedip(obj, context, **kwargs):
cls = fortinet_db.Fortinet_ML2_ReservedIP
reserved_ip = fortinet_db.query_record(context, cls, **kwargs)
if reserved_ip:
db_reservedips = fortinet_db.query_records(context, cls,
subnet_id=reserved_ip.subnet_id)
db_reservedips.remove(reserved_ip)
reserved_addresses = []
for rsrvdip in db_reservedips:
reserved_addresses.append({ 'id': rsrvdip.edit_id,
'ip': rsrvdip.ip,
'mac': rsrvdip.mac })
db_subnet = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Subnet,
subnet_id=reserved_ip.subnet_id)
if db_subnet:
op(obj, context, resources.DhcpServerRsvAddr.set,
id=db_subnet.edit_id,
vdom=reserved_ip.vdom,
reserved_address=json.dumps(reserved_addresses))
fortinet_db.delete_record(context, cls, **kwargs)
def Fortinet_init(self):
"""Fortinet specific initialization for this class."""
LOG.debug(_("FortinetMechanismDriver_init"))
self._fortigate = {
'address': cfg.CONF.ml2_fortinet.address,
'port': cfg.CONF.ml2_fortinet.port,
'protocol': cfg.CONF.ml2_fortinet.protocol,
'username': cfg.CONF.ml2_fortinet.username,
'password': cfg.CONF.ml2_fortinet.password,
'int_interface': cfg.CONF.ml2_fortinet.int_interface,
'ext_interface': cfg.CONF.ml2_fortinet.ext_interface,
'tenant_network_type': cfg.CONF.ml2_fortinet.tenant_network_type,
'vlink_vlan_id_range': cfg.CONF.ml2_fortinet.vlink_vlan_id_range,
'vlink_ip_range': cfg.CONF.ml2_fortinet.vlink_ip_range,
'vip_mappedip_range': cfg.CONF.ml2_fortinet.vip_mappedip_range,
'npu_available': cfg.CONF.ml2_fortinet.npu_available
}
api_server = [(self._fortigate['address'], self._fortigate['port'],
'https' == self._fortigate['protocol'])]
self._driver = client.FortiosApiClient(api_server,
self._fortigate['username'],
self._fortigate['password'])
for key in const.FORTINET_PARAMS:
self.sync_conf_to_db(key)
session = db_api.get_session()
cls = fortinet_db.Fortinet_Interface
ext_inf = {
"name": self._fortigate['ext_interface'],
"vdom": const.EXT_VDOM
}
record = fortinet_db.query_record(session, cls, **ext_inf)
if not record:
fortinet_db.add_record(session, cls, **ext_inf)
"""create a vdom for external network if it doesn't exist"""
try:
message = {
"name": const.EXT_VDOM,
}
self._driver.request("GET_VDOM", **message)
except exception.ResourceNotFound:
LOG.info(_("external vdom doesn't exist, creating one"))
self._driver.request("ADD_VDOM", **message)
message = {
"name": self._fortigate['ext_interface'],
"vdom": const.EXT_VDOM
}
self._driver.request("SET_VLAN_INTERFACE", **message)
def delete_vlink(obj, context, tenant_id):
vdom = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id).vdom
vlink_vlan = fortinet_db.query_record(context,
fortinet_db.Fortinet_Vlink_Vlan_Allocation,
vdom=vdom,
allocated=True)
if not vlink_vlan:
return False
vlink_ip = fortinet_db.query_record(context,
fortinet_db.Fortinet_Vlink_IP_Allocation,
vdom=vdom,
vlink_id=vlink_vlan.id,
allocated=True)
if not vlink_ip:
return False
"""
delete_fwpolicy(obj, context,
vdom=const.EXT_VDOM,
srcintf=vlink_vlan.inf_name_ext_vdom,
dstintf=obj._fortigate['ext_interface'],
nat='enable')"""
delete_routerstatic(obj, context,
vdom=vdom,
dst=const.EXT_DEF_DST,
device=vlink_vlan.inf_name_int_vdom,
gateway=const.DEF_GW)
delete_vlink_intf(obj, context, vlink_vlan)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Vlink_IP_Allocation,
vdom=vdom,
vlink_id=vlink_vlan.id)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Vlink_Vlan_Allocation,
id=vlink_vlan.id)
return True
def delete_port_postcommit(self, mech_context):
port = mech_context.current
context = mech_context._plugin_context
try:
port_id = port["id"]
subnet_id = port["fixed_ips"][0]["subnet_id"]
db_subnet = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=subnet_id)
db_subnetv2 = fortinet_db.query_record(context, models_v2.Subnet, id=subnet_id)
if port["device_owner"] in ["network:router_gateway"]:
if fortinet_db.query_record(context, ExternalNetwork, network_id=port["network_id"]):
# delete ippool and its related firewall policy
utils.clr_ext_gw(self, context, port)
elif port["device_owner"] in ["compute:nova", "compute:None", ""]:
# delete dhcp related functions
utils.delete_reservedip(self, context, port_id=port_id)
elif port["device_owner"] in ["network:router_interface"]:
# add firewall address and address group
name = const.PREFIX["addrgrp"] + db_subnet.vdom
member = str(netaddr.IPNetwork(db_subnetv2.cidr).network)
utils.delete_fwpolicy(
self,
context,
vdom=db_subnet.vdom,
srcintf="any",
srcaddr=name,
dstintf="any",
dstaddr=name,
nat="disable",
)
utils.delete_addrgrp(self, context, name=name, vdom=db_subnet.vdom, members=member.split(" "))
utils.delete_fwaddress(self, context, vdom=db_subnet.vdom, name=member)
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(method=sys._getframe().f_code.co_name)
def check(obj, context, vdom, resource=resources.VlanInterface):
vlink_vlan = fortinet_db.query_record(context,
fortinet_db.Fortinet_Vlink_Vlan_Allocation, vdom=vdom)
if vlink_vlan:
try:
op(obj, context, resource.get,
vdom=vdom, name=vlink_vlan.inf_name_int_vdom)
op(obj, context, resource.get,
vdom=const.EXT_VDOM, name=vlink_vlan.inf_name_ext_vdom)
except exception.ResourceNotFound as e:
import inspect
caller = inspect.stack()[1][3]
LOG.debug(_("#### Check vlink interface failed on the %(func)s."),
{'func': caller})
resources.Exinfo(e)
def clr_ext_gw(obj, context, port):
ip_address = port['fixed_ips'][0]['ip_address']
subnetv2_db = fortinet_db.query_record(context, models_v2.Subnet,
id=port['fixed_ips'][0]['subnet_id'])
netmask = netaddr.IPNetwork(subnetv2_db.cidr).netmask
ip = "%s %s" % (ip_address, netmask)
delete_interface_ip(obj, context,
name=obj._fortigate['ext_interface'],
vdom=const.EXT_VDOM,
ip=ip)
delete_fwpolicy(obj, context, vdom=const.EXT_VDOM, poolname=ip_address)
delete_fwippool(obj, context, vdom=const.EXT_VDOM, name=ip_address)
router_db = fortinet_db.query_record(context, l3_db.Router,
id=port['device_id'])
tenant_id = router_db.get('tenant_id', None)
if tenant_id:
delete_vlink(obj, context, tenant_id=tenant_id)
if not [ getattr(record, 'gw_port_id', None) for record in
fortinet_db.query_records(context, l3_db.Router,
tenant_id=tenant_id)
if getattr(record, 'gw_port_id', None)] and \
not fortinet_db.query_count(context, models_v2.Network,
tenant_id=tenant_id):
delete_vdom(obj, context, tenant_id=tenant_id)
def delete_interface_ip(obj, context, **kwargs):
"""
:param context:
:param kwargs: example format as below
{
"ip": "10.160.37.20 255.255.255.0",
"name": "port37",
"vdom": "root"
}
:return:
"""
records = fortinet_db.query_records(context,
fortinet_db.Fortinet_Interface_subip,
name=kwargs.get('name'))
org_subips = [getattr(record, 'ip') for record in records]
if kwargs.get('ip') in org_subips:
org_subips.remove(kwargs["ip"])
op(obj,
context,
resources.VlanInterface.set,
name=kwargs.get('name'),
vdom=kwargs.get('vdom'),
secondaryips=org_subips)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Interface_subip,
**kwargs)
else:
inf_db = fortinet_db.query_record(context,
fortinet_db.Fortinet_Interface,
**kwargs)
if not inf_db:
return
if org_subips:
kwargs['ip'] = org_subips.pop()
op(obj,
context,
resources.VlanInterface.set,
name=kwargs.get('name'),
vdom=kwargs.get('vdom'),
secondaryips=org_subips)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Interface_subip,
**kwargs)
else:
kwargs['ip'] = const.EXT_DEF_DST
op(obj, context, resources.VlanInterface.set, **kwargs)
inf_db.update_record(context, inf_db, ip=kwargs['ip'])
def delete_interface_ip(obj, context, **kwargs):
"""
:param context:
:param kwargs: example format as below
{
"ip": "10.160.37.20 255.255.255.0",
"name": "port37",
"vdom": "root"
}
:return:
"""
records = fortinet_db.query_records(context,
fortinet_db.Fortinet_Interface_subip,
name=kwargs.get('name'))
org_subips = [getattr(record, 'ip') for record in records]
if kwargs.get('ip') in org_subips:
org_subips.remove(kwargs["ip"])
op(obj, context, resources.VlanInterface.set,
name=kwargs.get('name'),
vdom=kwargs.get('vdom'),
secondaryips=org_subips)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Interface_subip,
**kwargs)
else:
inf_db = fortinet_db.query_record(context,
fortinet_db.Fortinet_Interface,
**kwargs)
if not inf_db:
return
if org_subips:
kwargs['ip'] = org_subips.pop()
op(obj, context, resources.VlanInterface.set,
name=kwargs.get('name'),
vdom=kwargs.get('vdom'),
secondaryips=org_subips)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_Interface_subip,
**kwargs)
else:
kwargs['ip'] = const.EXT_DEF_DST
op(obj, context, resources.VlanInterface.set, **kwargs)
inf_db.update_record(context, inf_db, ip=kwargs['ip'])
def add_reservedip(obj, context, **kwargs):
cls = fortinet_db.Fortinet_ML2_ReservedIP
reserved_ip = add_record(obj, context, cls, **kwargs)
db_reservedips = fortinet_db.query_records(context, cls,
subnet_id=kwargs.get('subnet_id'))
db_subnet = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Subnet,
subnet_id=kwargs.get('subnet_id'))
if db_subnet:
reserved_addresses = []
for rsrvdip in db_reservedips:
reserved_addresses.append({ 'id': rsrvdip.edit_id,
'ip': rsrvdip.ip,
'mac': rsrvdip.mac })
op(obj, context, resources.DhcpServerRsvAddr.set,
id=db_subnet.edit_id,
vdom=kwargs.get('vdom'),
reserved_address=json.dumps(reserved_addresses))
def check(obj, context, vdom, resource=resources.VlanInterface):
vlink_vlan = fortinet_db.query_record(
context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, vdom=vdom)
if vlink_vlan:
try:
op(obj,
context,
resource.get,
vdom=vdom,
name=vlink_vlan.inf_name_int_vdom)
op(obj,
context,
resource.get,
vdom=const.EXT_VDOM,
name=vlink_vlan.inf_name_ext_vdom)
except exception.ResourceNotFound as e:
import inspect
caller = inspect.stack()[1][3]
LOG.debug(_("#### Check vlink interface failed on the %(func)s."),
{'func': caller})
resources.Exinfo(e)
def Fortinet_init(self):
"""Fortinet specific initialization for this class."""
LOG.debug(_("FortinetMechanismDriver_init"))
self._fortigate = {
"address": cfg.CONF.ml2_fortinet.address,
"port": cfg.CONF.ml2_fortinet.port,
"protocol": cfg.CONF.ml2_fortinet.protocol,
"username": cfg.CONF.ml2_fortinet.username,
"password": cfg.CONF.ml2_fortinet.password,
"int_interface": cfg.CONF.ml2_fortinet.int_interface,
"ext_interface": cfg.CONF.ml2_fortinet.ext_interface,
"tenant_network_type": cfg.CONF.ml2_fortinet.tenant_network_type,
"vlink_vlan_id_range": cfg.CONF.ml2_fortinet.vlink_vlan_id_range,
"vlink_ip_range": cfg.CONF.ml2_fortinet.vlink_ip_range,
"vip_mappedip_range": cfg.CONF.ml2_fortinet.vip_mappedip_range,
"npu_available": cfg.CONF.ml2_fortinet.npu_available,
}
api_server = [(self._fortigate["address"], self._fortigate["port"], "https" == self._fortigate["protocol"])]
self._driver = client.FortiosApiClient(api_server, self._fortigate["username"], self._fortigate["password"])
for key in const.FORTINET_PARAMS:
self.sync_conf_to_db(key)
session = db_api.get_session()
cls = fortinet_db.Fortinet_Interface
ext_inf = {"name": self._fortigate["ext_interface"], "vdom": const.EXT_VDOM}
record = fortinet_db.query_record(session, cls, **ext_inf)
if not record:
fortinet_db.add_record(session, cls, **ext_inf)
"""create a vdom for external network if it doesn't exist"""
try:
message = {"name": const.EXT_VDOM}
self._driver.request("GET_VDOM", **message)
except exception.ResourceNotFound:
LOG.info(_("external vdom doesn't exist, creating one"))
self._driver.request("ADD_VDOM", **message)
message = {"name": self._fortigate["ext_interface"], "vdom": const.EXT_VDOM}
self._driver.request("SET_VLAN_INTERFACE", **message)
def add_reservedip(obj, context, **kwargs):
cls = fortinet_db.Fortinet_ML2_ReservedIP
reserved_ip = add_record(obj, context, cls, **kwargs)
db_reservedips = fortinet_db.query_records(
context, cls, subnet_id=kwargs.get('subnet_id'))
db_subnet = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Subnet,
subnet_id=kwargs.get('subnet_id'))
if db_subnet:
reserved_addresses = []
for rsrvdip in db_reservedips:
reserved_addresses.append({
'id': rsrvdip.edit_id,
'ip': rsrvdip.ip,
'mac': rsrvdip.mac
})
op(obj,
context,
resources.DhcpServerRsvAddr.set,
id=db_subnet.edit_id,
vdom=kwargs.get('vdom'),
reserved_address=json.dumps(reserved_addresses))
def remove_router_interface(self, context, router_id, interface_info):
"""Deletes vlink, default router from Fortinet device."""
LOG.debug(
"FortinetL3ServicePlugin.remove_router_interface called: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r", {
'router_id': router_id,
'interface_info': interface_info
})
with context.session.begin(subtransactions=True):
info = super(FortinetL3ServicePlugin, self).\
remove_router_interface(context, router_id, interface_info)
try:
subnet = self._core_plugin._get_subnet(context,
info['subnet_id'])
tenant_id = subnet['tenant_id']
network_id = subnet['network_id']
vlan_inf = utils.get_intf(context, network_id)
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
utils.delete_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf)
except Exception:
LOG.error(
_("Fail remove of interface from Fortinet router "
"interface. info=%(info)s, "
"router_id=%(router_id)s") % ({
"info": info,
"router_id": router_id
}))
raise Exception
return info
def delete_network_postcommit(self, mech_context):
"""Delete network which translates to remove vlan interface
and related vdom from the fortigate.
"""
LOG.debug(_("delete_network_postcommit: called"))
network = mech_context.current
context = mech_context._plugin_context
tenant_id = network['tenant_id']
if not fortinet_db.query_count(
context, models_v2.Network, tenant_id=tenant_id):
try:
namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
if not namespace:
return
if not [
getattr(record, 'gw_port_id', None)
for record in fortinet_db.query_records(
context,
l3_db.Router,
tenant_id=namespace.tenant_id)
if getattr(record, 'gw_port_id', None)
]:
utils.delete_vlink(self, context, tenant_id=tenant_id)
utils.delete_vdom(self, context, vdom=namespace.vdom)
LOG.info(
_("delete network postcommit: tenant= %(tenant_id)s"
" vdom= %(vdom)s"), {
'tenant_id': tenant_id,
'vdom': namespace.vdom
})
except Exception as e:
resources.Exinfo(e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
def add_interface_ip(obj, context, **kwargs):
"""
:param context:
:param kwargs: example format as below
{
"ip": "10.160.37.20 255.255.255.0",
"name": "port37",
"vdom": "root"
}
:return:
"""
inf_db = fortinet_db.query_record(context,
fortinet_db.Fortinet_Interface,
name=kwargs.get('name'))
if const.EXT_DEF_DST in getattr(inf_db, 'ip'):
inf_db.update_record(context, inf_db, **kwargs)
op(obj, context, resources.VlanInterface.set, **kwargs)
else:
records = fortinet_db.query_records(
context,
fortinet_db.Fortinet_Interface_subip,
name=kwargs.get('name'))
org_subips = [getattr(record, 'ip') for record in records]
if kwargs.get('ip') in org_subips:
return
add_record(obj, context, fortinet_db.Fortinet_Interface_subip,
**kwargs)
org_subips.append(kwargs.get('ip'))
op(obj,
context,
resources.VlanInterface.set,
name=kwargs.get('name'),
vdom=kwargs.get('vdom'),
secondaryips=org_subips)
def add_addrgrp(obj, context, **kwargs):
"""
:param context:
:param kwargs:
{
"name": "addrgrp_osvdm1",
"vdom": "osvdm1",
"members": ["192.168.33.0"]
}
:return:
"""
cls = fortinet_db.Fortinet_Firewall_Address
records = fortinet_db.query_records(context, cls, group=kwargs['name'])
for name in kwargs['members']:
record = fortinet_db.query_record(context,
cls,
name=name,
vdom=kwargs['vdom'])
if not record.group:
cls.update_record(context, record, group=kwargs['name'])
# TODO: need to add a rollback action to taskmanager
else:
LOG.debug(_("The member %(record)s already joined a group"),
{"record": record})
for record in records:
kwargs['members'].append(record.name)
try:
op(obj,
context,
resources.FirewallAddrgrp.get,
name=kwargs['name'],
vdom=kwargs['vdom'])
# TODO: need to add a rollback action to taskmanager
op(obj, context, resources.FirewallAddrgrp.set, **kwargs)
except exception.ResourceNotFound:
op(obj, context, resources.FirewallAddrgrp.add, **kwargs)
def _allocate_floatingip(self, context, obj):
"""
1. mapping floatingip to the one of a pair of internal ips based on
the vip function.
2. add another ip of the ip pair to the secondaryip list of
the external interface.
obj example:
{
'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
'router_id': None,
'fixed_ip_address': None,
'floating_ip_address': u'10.160.37.113',
'tenant_id': u'3998b33381fb48f694369689065a3760',
'status': 'DOWN',
'port_id': None,
'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f'
}
The floatingip is a instance of neutron.db.l3_db.FloatingIP, example:
{
tenant_id=u'3998b33381fb48f694369689065a3760',
id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
floating_ip_address=u'10.160.37.111',
floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
fixed_port_id=None,
fixed_ip_address=None,
router_id=None,
last_known_router_id=None,
status=u'DOWN'
}
"""
try:
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=obj['tenant_id'])
db_fip = utils.add_record(
self,
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=db_namespace.vdom,
floating_ip_address=obj['floating_ip_address'],
vip_name=obj['floating_ip_address'])
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.add_vip(self,
context,
vdom=const.EXT_VDOM,
name=db_fip.vip_name,
extip=db_fip.floating_ip_address,
extintf='any',
mappedip=mappedip)
int_intf, ext_intf = utils.get_vlink_intf(self,
context,
vdom=db_namespace.vdom)
#utils.add_secondaryip(self, context,
# name=ext_inf,
# vdom=db_namespace.vdom,
# ip=utils.getip(db_fip.ip_subnet, 1))
utils.add_fwpolicy(self,
context,
vdom=const.EXT_VDOM,
srcintf=self._fortigate['ext_interface'],
dstintf=ext_intf,
dstaddr=db_fip.vip_name,
nat='enable')
utils.add_routerstatic(self,
context,
vdom=const.EXT_VDOM,
dst="%s 255.255.255.255" % mappedip,
device=ext_intf,
gateway=const.DEF_GW)
utils.add_fwippool(self,
context,
name=db_fip.floating_ip_address,
vdom=const.EXT_VDOM,
startip=db_fip.floating_ip_address)
#ipaddr = utils.get_ipaddr(db_fip.ip_subnet, 2)
utils.add_fwaddress(self,
context,
name=mappedip,
vdom=const.EXT_VDOM,
subnet="%s 255.255.255.255" % mappedip)
db_fwpolicy = utils.add_fwpolicy(
self,
context,
vdom=const.EXT_VDOM,
srcintf=ext_intf,
srcaddr=mappedip,
dstintf=self._fortigate['ext_interface'],
poolname=db_fip.floating_ip_address)
utils.head_firewall_policy(self,
context,
vdom=const.EXT_VDOM,
id=db_fwpolicy.edit_id)
utils.add_fwippool(self,
context,
name=mappedip,
vdom=db_namespace.vdom,
startip=mappedip)
except Exception as e:
utils._rollback_on_err(self, context, e)
raise e
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def set_vlanintf(obj, context, **kwargs):
cls = fortinet_db.Fortinet_Interface
record = fortinet_db.query_record(context, cls, **kwargs)
rbkwargs = backup_fields(record, **kwargs)
cls.update_record(context, record, **kwargs)
pass
def get_vlink_intf(obj, context, **kwargs):
vlink_vlan = fortinet_db.query_record(
context, fortinet_db.Fortinet_Vlink_Vlan_Allocation, **kwargs)
if not vlink_vlan and kwargs.get('vdom', None):
return add_vlink(obj, context, kwargs['vdom'])
return (vlink_vlan.inf_name_int_vdom, vlink_vlan.inf_name_ext_vdom)
def delete_by_id(obj, context, cls, resource, **kwargs):
record = fortinet_db.query_record(context, cls, **kwargs)
delete_resource_with_id(obj, context, record, resource)
fortinet_db.delete_record(context, cls, **kwargs)
def delete_by_keys(obj, context, cls, resource, *keys, **kwargs):
record = fortinet_db.query_record(context, cls, **kwargs)
delete_resource_with_keys(obj, context, record, resource, *keys)
return fortinet_db.delete_record(context, cls, **kwargs)
def update_floatingip_status(self, context, res, status, **kwargs):
if res.get('status', None):
res['status'] = status
record = fortinet_db.query_record(context, l3_db.FloatingIP, **kwargs)
fortinet_db.update_record(context, record, status=status)
def _allocate_floatingip(self, context, obj):
"""
1. mapping floatingip to the one of a pair of internal ips based on
the vip function.
2. add another ip of the ip pair to the secondaryip list of
the external interface.
obj example:
{
'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
'router_id': None,
'fixed_ip_address': None,
'floating_ip_address': u'10.160.37.113',
'tenant_id': u'3998b33381fb48f694369689065a3760',
'status': 'DOWN',
'port_id': None,
'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f'
}
The floatingip is a instance of neutron.db.l3_db.FloatingIP, example:
{
tenant_id=u'3998b33381fb48f694369689065a3760',
id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
floating_ip_address=u'10.160.37.111',
floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
fixed_port_id=None,
fixed_ip_address=None,
router_id=None,
last_known_router_id=None,
status=u'DOWN'
}
"""
try:
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=obj['tenant_id'])
db_fip = utils.add_record(self, context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=db_namespace.vdom,
floating_ip_address=obj['floating_ip_address'],
vip_name=obj['floating_ip_address'])
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.add_vip(self, context,
vdom=const.EXT_VDOM,
name=db_fip.vip_name,
extip=db_fip.floating_ip_address,
extintf='any',
mappedip=mappedip)
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
#utils.add_secondaryip(self, context,
# name=ext_inf,
# vdom=db_namespace.vdom,
# ip=utils.getip(db_fip.ip_subnet, 1))
utils.add_fwpolicy(self, context,
vdom=const.EXT_VDOM,
srcintf=self._fortigate['ext_interface'],
dstintf=ext_intf,
dstaddr=db_fip.vip_name,
nat='enable')
utils.add_routerstatic(self, context,
vdom=const.EXT_VDOM,
dst="%s 255.255.255.255" % mappedip,
device=ext_intf,
gateway=const.DEF_GW)
utils.add_fwippool(self, context,
name=db_fip.floating_ip_address,
vdom=const.EXT_VDOM,
startip=db_fip.floating_ip_address)
#ipaddr = utils.get_ipaddr(db_fip.ip_subnet, 2)
utils.add_fwaddress(self, context,
name=mappedip,
vdom=const.EXT_VDOM,
subnet="%s 255.255.255.255" % mappedip)
db_fwpolicy = utils.add_fwpolicy(self, context,
vdom=const.EXT_VDOM,
srcintf=ext_intf,
srcaddr=mappedip,
dstintf=self._fortigate['ext_interface'],
poolname=db_fip.floating_ip_address)
utils.head_firewall_policy(self, context,
vdom=const.EXT_VDOM,
id=db_fwpolicy.edit_id)
utils.add_fwippool(self, context,
name=mappedip,
vdom=db_namespace.vdom,
startip=mappedip)
except Exception as e:
utils._rollback_on_err(self, context, e)
raise e
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def set_vlanintf(obj, context, **kwargs):
cls = fortinet_db.Fortinet_Interface
record = fortinet_db.query_record(context, cls, **kwargs)
rbkwargs = backup_fields(record, **kwargs)
cls.update_record(context, record, **kwargs)
pass
def delete_by_keys(obj, context, cls, resource, *keys, **kwargs):
record = fortinet_db.query_record(context, cls, **kwargs)
delete_resource_with_keys(obj, context, record, resource, *keys)
return fortinet_db.delete_record(context, cls, **kwargs)
def delete_by_id(obj, context, cls, resource, **kwargs):
record = fortinet_db.query_record(context, cls, **kwargs)
delete_resource_with_id(obj, context, record, resource)
fortinet_db.delete_record(context, cls, **kwargs)
def get_segmentation_id(context, network_id):
ml2_net_seg = fortinet_db.query_record(context, ml2_db.NetworkSegment,
network_id=network_id)
return getattr(ml2_net_seg, 'segmentation_id', None)
def create_subnet_postcommit(self, mech_context):
"""Noop now, it is left here for future."""
#LOG.debug(_("create_subnetwork_postcommit: called"))
gateway = mech_context.current['gateway_ip']
network_id = mech_context.current['network_id']
subnet_id = mech_context.current['id']
tenant_id = mech_context.current['tenant_id']
context = mech_context._plugin_context
try:
if fortinet_db.query_record(context,
ExternalNetwork,
network_id=network_id):
utils.add_routerstatic(self,
context,
subnet_id=subnet_id,
vdom=const.EXT_VDOM,
dst=const.EXT_DEF_DST,
device=self._fortigate['ext_interface'],
gateway=gateway)
else:
namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
interface = utils.get_intf(context,
mech_context.current['network_id'])
netmask = str(netaddr.\
IPNetwork(mech_context.current['cidr']).netmask)
start_ip = mech_context.current['allocation_pools'][0]['start']
end_ip = mech_context.current['allocation_pools'][0]['end']
utils.add_dhcpserver(self,
context,
subnet_id=subnet_id,
vdom=namespace.vdom,
interface=interface,
gateway=gateway,
netmask=netmask,
start_ip=start_ip,
end_ip=end_ip)
# TODO: need to add rollback for the update and set
cls = fortinet_db.Fortinet_Interface
record = fortinet_db.query_record(context,
cls,
name=interface,
vdom=namespace.vdom)
if gateway:
cls.update_record(context,
record,
ip="%s %s" % (gateway, netmask))
utils.op(self,
context,
resources.VlanInterface.set,
name=interface,
vdom=namespace.vdom,
ip="%s %s" % (gateway, netmask))
except Exception as e:
utils._rollback_on_err(self, context, e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def update_floatingip_status(self, context, res, status, **kwargs):
if res.get('status', None):
res['status'] = status
record = fortinet_db.query_record(context, l3_db.FloatingIP, **kwargs)
fortinet_db.update_record(context, record, status=status)
def _release_floatingip(self, context, id):
"""
:param context:
:param id: the floatingip id in neutron.db.l3_db.FloatingIP.
{
tenant_id=u'3998b33381fb48f694369689065a3760',
id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
floating_ip_address=u'10.160.37.111',
floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
fixed_port_id=None,
fixed_ip_address=None,
router_id=None,
last_known_router_id=None,
status=u'DOWN'
}
:return:
"""
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
if not db_fip or not db_namespace:
return
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.delete_fwippool(self, context,
name=mappedip,
vdom=db_namespace.vdom,
startip=mappedip)
utils.delete_fwpolicy(self, context,
vdom=const.EXT_VDOM,
srcintf=ext_intf,
srcaddr=mappedip,
dstintf=self._fortigate['ext_interface'],
poolname=db_fip.floating_ip_address)
utils.delete_fwaddress(self, context,
name=mappedip,
vdom=const.EXT_VDOM,
subnet="%s 255.255.255.255" % mappedip)
utils.delete_fwippool(self, context,
name=db_fip.floating_ip_address,
vdom=const.EXT_VDOM,
startip=db_fip.floating_ip_address)
utils.delete_routerstatic(self, context,
vdom=const.EXT_VDOM,
dst="%s 255.255.255.255" % mappedip,
device=ext_intf,
gateway=const.DEF_GW)
utils.delete_fwpolicy(self, context,
vdom=const.EXT_VDOM,
dstintf=ext_intf,
dstaddr=l3db_fip.floating_ip_address)
#utils.delete_secondaryip(self, context,
# name=ext_inf,
# vdom=const.EXT_VDOM,
# ip=utils.getip(db_fip.ip_subnet, 1))
utils.delete_vip(self, context,
vdom=const.EXT_VDOM,
name=db_fip.vip_name,
extip=db_fip.floating_ip_address,
extintf='any',
mappedip=mappedip)
fortinet_db.delete_record(context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=db_namespace.vdom,
floating_ip_address=db_fip.floating_ip_address,
vip_name=db_fip.floating_ip_address)
def _associate_floatingip(self, context, id, floatingip):
try:
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self,
context,
vdom=db_namespace.vdom)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
fixed_ip_address = floatingip['floatingip']['fixed_ip_address']
utils.add_vip(self,
context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address,
extip=mappedip,
extintf=int_intf,
mappedip=fixed_ip_address)
db_ip = fortinet_db.query_record(
context,
models_v2.IPAllocation,
port_id=floatingip['floatingip']['port_id'])
vlan_inf = utils.get_intf(context, db_ip.network_id)
utils.add_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=int_intf,
dstintf=vlan_inf,
dstaddr=db_fip.floating_ip_address,
nat='enable')
utils.add_fwaddress(self,
context,
name=fixed_ip_address,
vdom=db_namespace.vdom,
subnet="%s 255.255.255.255" % fixed_ip_address,
associated_interface=vlan_inf)
db_fwpolicy = utils.add_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
utils.head_firewall_policy(self,
context,
vdom=db_namespace.vdom,
id=db_fwpolicy.edit_id)
except Exception as e:
utils._rollback_on_err(self, context, e)
raise e
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def set_ext_gw(obj, context, port):
"""
:param context:
:param port: example format
port = {
'status': 'DOWN',
'binding:host_id': '',
'allowed_address_pairs': [],
'device_owner': 'network:router_gateway',
'binding:profile': {},
'fixed_ips': [{
'subnet_id': u'09855a84-edfd-474d-b641-38a2bc63466a',
'ip_address': u'10.160.37.111'
}],
'id': '6e68efc0-c0ca-40a2-a502-c2bf19304317',
'security_groups': [],
'device_id': u'8312d7a2-cae5-4e87-9c04-782c4a34bb8c',
'name': '',
'admin_state_up': True,
'network_id': u'95eb736c-dd3b-4bf5-940a-8fa8e707a376',
'tenant_id': '',
'binding:vif_details': {},
'binding:vnic_type': 'normal',
'binding:vif_type': 'unbound',
'mac_address': 'fa:16:3e:95:02:ab'
}
:return:
"""
router_db = fortinet_db.query_record(context,
l3_db.Router,
id=port['device_id'])
tenant_id = router_db.get('tenant_id', None)
if not tenant_id:
raise ValueError
namespace = add_vdom(obj, context, tenant_id=tenant_id)
add_vlink(obj, context, namespace.vdom)
vlink_db = fortinet_db.query_record(
context,
fortinet_db.Fortinet_Vlink_Vlan_Allocation,
vdom=namespace.vdom)
ip_address = port['fixed_ips'][0]['ip_address']
add_fwippool(obj,
context,
vdom=const.EXT_VDOM,
name=ip_address,
startip=ip_address)
add_fwpolicy(obj,
context,
vdom=const.EXT_VDOM,
srcintf=vlink_db.inf_name_ext_vdom,
dstintf=obj._fortigate['ext_interface'],
poolname=ip_address)
subnet_db = fortinet_db.query_record(context,
models_v2.Subnet,
id=port['fixed_ips'][0]['subnet_id'])
if subnet_db:
netmask = netaddr.IPNetwork(subnet_db.cidr).netmask
add_interface_ip(obj,
context,
name=obj._fortigate['ext_interface'],
vdom=const.EXT_VDOM,
ip="%s %s" % (ip_address, netmask))
def _release_floatingip(self, context, id):
"""
:param context:
:param id: the floatingip id in neutron.db.l3_db.FloatingIP.
{
tenant_id=u'3998b33381fb48f694369689065a3760',
id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
floating_ip_address=u'10.160.37.111',
floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
fixed_port_id=None,
fixed_ip_address=None,
router_id=None,
last_known_router_id=None,
status=u'DOWN'
}
:return:
"""
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
if not db_fip or not db_namespace:
return
int_intf, ext_intf = utils.get_vlink_intf(self,
context,
vdom=db_namespace.vdom)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.delete_fwippool(self,
context,
name=mappedip,
vdom=db_namespace.vdom,
startip=mappedip)
utils.delete_fwpolicy(self,
context,
vdom=const.EXT_VDOM,
srcintf=ext_intf,
srcaddr=mappedip,
dstintf=self._fortigate['ext_interface'],
poolname=db_fip.floating_ip_address)
utils.delete_fwaddress(self,
context,
name=mappedip,
vdom=const.EXT_VDOM,
subnet="%s 255.255.255.255" % mappedip)
utils.delete_fwippool(self,
context,
name=db_fip.floating_ip_address,
vdom=const.EXT_VDOM,
startip=db_fip.floating_ip_address)
utils.delete_routerstatic(self,
context,
vdom=const.EXT_VDOM,
dst="%s 255.255.255.255" % mappedip,
device=ext_intf,
gateway=const.DEF_GW)
utils.delete_fwpolicy(self,
context,
vdom=const.EXT_VDOM,
dstintf=ext_intf,
dstaddr=l3db_fip.floating_ip_address)
#utils.delete_secondaryip(self, context,
# name=ext_inf,
# vdom=const.EXT_VDOM,
# ip=utils.getip(db_fip.ip_subnet, 1))
utils.delete_vip(self,
context,
vdom=const.EXT_VDOM,
name=db_fip.vip_name,
extip=db_fip.floating_ip_address,
extintf='any',
mappedip=mappedip)
fortinet_db.delete_record(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=db_namespace.vdom,
floating_ip_address=db_fip.floating_ip_address,
vip_name=db_fip.floating_ip_address)
def get_segmentation_id(context, network_id):
ml2_net_seg = fortinet_db.query_record(context,
ml2_db.NetworkSegment,
network_id=network_id)
return getattr(ml2_net_seg, 'segmentation_id', None)
def add_router_interface(self, context, router_id, interface_info):
"""creates vlnk on the fortinet device."""
LOG.debug(
"FortinetL3ServicePlugin.add_router_interface: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r", {
'router_id': router_id,
'interface_info': interface_info
})
with context.session.begin(subtransactions=True):
info = super(FortinetL3ServicePlugin,
self).add_router_interface(context, router_id,
interface_info)
port = db.get_port(context.session, info['port_id'])
port['admin_state_up'] = True
port['port'] = port
LOG.debug(
"FortinetL3ServicePlugin: "
"context=%(context)s"
"port=%(port)s "
"info=%(info)r", {
'context': context,
'port': port,
'info': info
})
#self._core_plugin.update_port(context, info["port_id"], port)
interface_info = info
subnet = self._core_plugin._get_subnet(context,
interface_info['subnet_id'])
network_id = subnet['network_id']
tenant_id = port['tenant_id']
port_filters = {
'network_id': [network_id],
'device_owner': [DEVICE_OWNER_ROUTER_INTF]
}
port_count = self._core_plugin.get_ports_count(
context, port_filters)
# port count is checked against 2 since the current port is already
# added to db
if port_count == 2:
# This subnet is already part of some router
LOG.error(
_("FortinetL3ServicePlugin: adding redundant router "
"interface is not supported"))
raise Exception(
_("FortinetL3ServicePlugin:adding redundant "
"router interface is not supported"))
try:
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
vlan_inf = utils.get_intf(context, network_id)
int_intf, ext_intf = utils.get_vlink_intf(
self, context, vdom=db_namespace.vdom)
utils.add_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
dstintf=int_intf,
nat='enable')
except Exception as e:
LOG.error(
_("Failed to create Fortinet resources to add router "
"interface. info=%(info)s, router_id=%(router_id)s"), {
"info": info,
"router_id": router_id
})
resources.Exinfo(e)
with excutils.save_and_reraise_exception():
self.remove_router_interface(context, router_id,
interface_info)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
return info