コード例 #1
0
 def setUp(self):
     super(NsxvLoadbalancerTestCase, self).setUp()
     self._lb = nsxv_loadbalancer.NsxvLoadbalancer()
     self._vcns = vcns.Vcns(None, None, None, None, True)
コード例 #2
0
ファイル: md_proxy.py プロジェクト: richardboswell/vmware-nsx 
    def _setup_metadata_lb(self, rtr_id, vip, v_port, s_port, member_ips,
                           proxy_lb=False, context=None):

        if context is None:
            context = neutron_context.get_admin_context()

        edge_id = self._get_edge_id_by_rtr_id(context, rtr_id)
        LOG.debug('Setting up Edge device %s', edge_id)

        lb_obj = nsxv_lb.NsxvLoadbalancer()

        protocol = 'HTTP'
        ssl_pass_through = False
        cert_id = None
        # Set protocol to HTTPS with default port of 443 if metadata_insecure
        # is set to False.
        if not cfg.CONF.nsxv.metadata_insecure:
            protocol = 'HTTPS'
            if proxy_lb:
                v_port = METADATA_HTTPS_VIP_PORT
            else:
                v_port = METADATA_HTTPS_PORT
                # Create the certificate on the backend
                cert_id = self._create_ssl_cert(edge_id)
            ssl_pass_through = proxy_lb
        mon_type = protocol if proxy_lb else 'tcp'
        # Create virtual server
        virt_srvr = nsxv_lb.NsxvLBVirtualServer(
            name=METADATA_VSE_NAME,
            ip_address=vip,
            protocol=protocol,
            port=v_port)

        # For router Edge, we add X-LB-Proxy-ID header
        if not proxy_lb:
            md_app_rule = nsxv_lb.NsxvLBAppRule(
                'insert-mdp',
                'reqadd X-Metadata-Provider:' + edge_id)
            virt_srvr.add_app_rule(md_app_rule)

            # When shared proxy is configured, insert authentication string
            if cfg.CONF.nsxv.metadata_shared_secret:
                signature = hmac.new(
                    cfg.CONF.nsxv.metadata_shared_secret,
                    edge_id,
                    hashlib.sha256).hexdigest()
                sign_app_rule = nsxv_lb.NsxvLBAppRule(
                    'insert-auth',
                    'reqadd X-Metadata-Provider-Signature:' + signature)
                virt_srvr.add_app_rule(sign_app_rule)

        # Create app profile
        #  XFF is inserted in router LBs
        app_profile = nsxv_lb.NsxvLBAppProfile(
            name='MDSrvProxy',
            template=protocol,
            server_ssl_enabled=not cfg.CONF.nsxv.metadata_insecure,
            ssl_pass_through=ssl_pass_through,
            insert_xff=not proxy_lb,
            client_ssl_cert=cert_id)

        virt_srvr.set_app_profile(app_profile)

        # Create pool, members and monitor
        pool = nsxv_lb.NsxvLBPool(
            name=METADATA_POOL_NAME)

        monitor = nsxv_lb.NsxvLBMonitor(name='MDSrvMon',
                                        mon_type=mon_type.lower())
        pool.add_monitor(monitor)

        i = 0
        for member_ip in member_ips:
            i += 1
            member = nsxv_lb.NsxvLBPoolMember(
                name='Member-%d' % i,
                ip_address=member_ip,
                port=s_port,
                monitor_port=s_port)
            pool.add_member(member)

        virt_srvr.set_default_pool(pool)
        lb_obj.add_virtual_server(virt_srvr)

        lb_obj.submit_to_backend(self.nsxv_plugin.nsx_v.vcns, edge_id)