def setup_env(self):
"""
:return:
"""
# Prepare a fortigate vdom for external network in advance
session = db_api.get_session()
try:
utils.add_vdom(self, session, vdom=const.EXT_VDOM,
tenant_id=const.FAKE_TENANT_ID)
utils.set_vlanintf(self, session, vdom=const.EXT_VDOM,
name=self.cfg.ext_interface)
except Exception as e:
utils.rollback_on_err(self, session, e)
raise e
utils.update_status(self, session, t_consts.TaskStatus.COMPLETED)
def Fortinet_init(self):
"""Fortinet specific initialization for this class."""
LOG.debug("FortinetMechanismDriver_init")
self._fortigate = config.fgt_info
self._driver = config.get_apiclient()
for key in const.FORTINET_PARAMS:
self.sync_conf_to_db(key)
session = db_api.get_session()
try:
utils.add_vdom(self, session, vdom=const.EXT_VDOM,
tenant_id=const.FAKE_TENANT_ID)
utils.set_vlanintf(self, session, vdom=const.EXT_VDOM,
name=self._fortigate['ext_interface'])
except Exception as e:
utils._rollback_on_err(self, session, e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
utils.update_status(self, session, t_consts.TaskStatus.COMPLETED)
def Fortinet_init(self):
"""Fortinet specific initialization for this class."""
LOG.debug("FortinetMechanismDriver_init")
self._fortigate = config.fgt_info
self._driver = config.get_apiclient()
for key in const.FORTINET_PARAMS:
self.sync_conf_to_db(key)
session = db_api.get_session()
try:
utils.add_vdom(self, session, vdom=const.EXT_VDOM,
tenant_id=const.FAKE_TENANT_ID)
utils.set_vlanintf(self, session, vdom=const.EXT_VDOM,
name=self._fortigate['ext_interface'])
except Exception as e:
utils._rollback_on_err(self, session, e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
utils.update_status(self, session, t_consts.TaskStatus.COMPLETED)
def create_router(self, context, router):
LOG.debug("create_router: router=%s" % (router))
# Limit one router per tenant
if not router.get('router', None):
return
tenant_id = router['router']['tenant_id']
with context.session.begin(subtransactions=True):
try:
namespace = utils.add_vdom(self, context, tenant_id=tenant_id)
utils.add_vlink(self, context, namespace.vdom)
except Exception as e:
LOG.error("Failed to create_router router=%(router)s",
{"router": router})
resources.Exinfo(e)
utils.rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def create_router(self, context, router):
LOG.debug("create_router: router=%s" % (router))
# Limit one router per tenant
if not router.get('router', None):
return
tenant_id = router['router']['tenant_id']
with context.session.begin(subtransactions=True):
try:
namespace = utils.add_vdom(self, context, tenant_id=tenant_id)
utils.add_vlink(self, context, namespace.vdom)
except Exception as e:
LOG.error("Failed to create_router router=%(router)s",
{"router": router})
resources.Exinfo(e)
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def create_network_postcommit(self, mech_context):
"""Create Network as a portprofile on the fortigate."""
LOG.debug("create_network_postcommit: called")
network = mech_context.current
if network["router:external"]:
# TODO(samsu)
return
# use network_id to get the network attributes
# ONLY depend on our db for getting back network attributes
# this is so we can replay postcommit from db
network_name = network['name']
tenant_id = network['tenant_id']
segment = mech_context.network_segments[0]
LOG.debug(
"network is created in tenant %(tenant_id)s,"
"segment id is %(segment)s", {
"tenant_id": tenant_id,
"segment": segment['segmentation_id']
})
# currently supports only one segment per network
if segment['network_type'] != 'vlan':
raise Exception(
_("Fortinet Mechanism: failed to create network,"
"only network type vlan is supported"))
vlanid = segment['segmentation_id']
context = mech_context._plugin_context
try:
namespace = utils.add_vdom(self, context, tenant_id=tenant_id)
if not namespace:
raise
inf_name = const.PREFIX['inf'] + str(vlanid)
utils.add_vlanintf(self,
context,
name=inf_name,
vdom=namespace.vdom,
vlanid=vlanid,
interface=self._fortigate['int_interface'],
alias=network_name,
network_id=network['id'])
except Exception as e:
utils._rollback_on_err(self, context, e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def create_router(self, context, router):
LOG.debug("create_router: router=%s", router)
# Limit one router per tenant
if not router.get('router', None):
return
tenant_id = router['router']['tenant_id']
if fortinet_db.query_count(context, l3_db.Router,
tenant_id=tenant_id):
raise Exception(_("FortinetL3ServicePlugin:create_router "
"Only support one router per tenant"))
with context.session.begin(subtransactions=True):
try:
namespace = utils.add_vdom(self, context, tenant_id=tenant_id)
utils.add_vlink(self, context, namespace.vdom)
except Exception as e:
with excutils.save_and_reraise_exception():
LOG.error(_LE("Failed to create_router router=%(router)s"),
{"router": router})
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
return super(FortinetL3ServicePlugin, self).\
create_router(context, router)
def create_router(self, context, router):
LOG.debug("create_router: router=%s", router)
# Limit one router per tenant
if not router.get('router', None):
return
tenant_id = router['router']['tenant_id']
if fortinet_db.query_count(context, l3_db.Router, tenant_id=tenant_id):
raise Exception(
_("FortinetL3ServicePlugin:create_router "
"Only support one router per tenant"))
with context.session.begin(subtransactions=True):
try:
namespace = utils.add_vdom(self, context, tenant_id=tenant_id)
utils.add_vlink(self, context, namespace.vdom)
except Exception as e:
with excutils.save_and_reraise_exception():
LOG.error(_LE("Failed to create_router router=%(router)s"),
{"router": router})
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
return super(FortinetL3ServicePlugin, self).\
create_router(context, router)
def create_network_postcommit(self, mech_context):
"""Create Network as a portprofile on the fortigate."""
LOG.debug("create_network_postcommit: called")
network = mech_context.current
if network["router:external"]:
# TODO(samsu)
return
# use network_id to get the network attributes
# ONLY depend on our db for getting back network attributes
# this is so we can replay postcommit from db
network_name = network['name']
tenant_id = network['tenant_id']
segment = mech_context.network_segments[0]
# currently supports only one segment per network
if segment['network_type'] != 'vlan':
raise Exception(_("Fortinet Mechanism: failed to create network,"
"only network type vlan is supported"))
vlanid = segment['segmentation_id']
context = mech_context._plugin_context
try:
namespace = utils.add_vdom(self, context, tenant_id=tenant_id)
if not namespace:
raise
# TODO(samsu): type driver support vlan only,
# need to check later
inf_name = const.PREFIX['inf'] + str(vlanid)
utils.add_vlanintf(self, context,
name=inf_name,
vdom=namespace.vdom,
vlanid=vlanid,
interface=self.fortigate.cfg['int_interface'],
alias=network_name)
except Exception as e:
utils.rollback_on_err(self, context, e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _allocate_floatingip(self, context, obj):
"""
1. mapping floatingip to the one of a pair of internal ips based on
the vip function.
2. add another ip of the ip pair to the secondaryip list of
the external interface.
obj example:
{
'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
'router_id': None,
'fixed_ip_address': None,
'floating_ip_address': u'10.160.37.113',
'tenant_id': u'3998b33381fb48f694369689065a3760',
'status': 'DOWN',
'port_id': None,
'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f'
}
The floatingip is a instance of neutron.db.l3_db.FloatingIP, example:
{
tenant_id=u'3998b33381fb48f694369689065a3760',
id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
floating_ip_address=u'10.160.37.111',
floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
fixed_port_id=None,
fixed_ip_address=None,
router_id=None,
last_known_router_id=None,
status=u'DOWN'
}
"""
with context.session.begin(subtransactions=True):
try:
db_namespace = utils.add_vdom(self, context,
tenant_id=obj['tenant_id'])
db_fip = utils.add_record(self, context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=db_namespace.vdom,
floating_ip_address=obj['floating_ip_address'],
vip_name=obj['floating_ip_address'])
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.add_vip(self, context,
vdom=const.EXT_VDOM,
name=db_fip.vip_name,
extip=db_fip.floating_ip_address,
extintf='any',
mappedip=mappedip)
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
utils.add_fwpolicy(self, context,
vdom=const.EXT_VDOM,
dstintf=ext_intf,
dstaddr=db_fip.vip_name,
nat='enable')
utils.add_routerstatic(self, context,
vdom=const.EXT_VDOM,
dst="%s 255.255.255.255" % mappedip,
device=ext_intf,
gateway=const.DEF_GW)
utils.add_fwippool(self, context,
name=db_fip.floating_ip_address,
vdom=const.EXT_VDOM,
startip=db_fip.floating_ip_address)
utils.add_fwaddress(self, context,
name=mappedip,
vdom=const.EXT_VDOM,
subnet="%s 255.255.255.255" % mappedip)
db_fwpolicy = utils.add_fwpolicy(self, context,
vdom=const.EXT_VDOM,
srcintf=ext_intf,
srcaddr=mappedip,
dstintf=self._fortigate['ext_interface'],
poolname=db_fip.floating_ip_address)
utils.head_firewall_policy(self, context,
vdom=const.EXT_VDOM,
id=db_fwpolicy.edit_id)
utils.add_fwippool(self, context,
name=mappedip,
vdom=db_namespace.vdom,
startip=mappedip)
except Exception as e:
with excutils.save_and_reraise_exception():
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _allocate_floatingip(self, context, obj):
"""
1. mapping floatingip to the one of a pair of internal ips based on
the vip function.
2. add another ip of the ip pair to the secondaryip list of
the external interface.
obj example:
{
'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
'router_id': None,
'fixed_ip_address': None,
'floating_ip_address': u'10.160.37.113',
'tenant_id': u'3998b33381fb48f694369689065a3760',
'status': 'DOWN',
'port_id': None,
'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f'
}
The floatingip is a instance of neutron.db.l3_db.FloatingIP, example:
{
tenant_id=u'3998b33381fb48f694369689065a3760',
id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
floating_ip_address=u'10.160.37.111',
floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
fixed_port_id=None,
fixed_ip_address=None,
router_id=None,
last_known_router_id=None,
status=u'DOWN'
}
"""
with context.session.begin(subtransactions=True):
try:
db_namespace = utils.add_vdom(self,
context,
tenant_id=obj['tenant_id'])
db_fip = utils.add_record(
self,
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=db_namespace.vdom,
floating_ip_address=obj['floating_ip_address'],
vip_name=obj['floating_ip_address'])
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.add_vip(self,
context,
vdom=const.EXT_VDOM,
name=db_fip.vip_name,
extip=db_fip.floating_ip_address,
extintf='any',
mappedip=mappedip)
int_intf, ext_intf = utils.get_vlink_intf(
self, context, vdom=db_namespace.vdom)
utils.add_fwpolicy(self,
context,
vdom=const.EXT_VDOM,
dstintf=ext_intf,
dstaddr=db_fip.vip_name,
nat='enable')
utils.add_routerstatic(self,
context,
vdom=const.EXT_VDOM,
dst="%s 255.255.255.255" % mappedip,
device=ext_intf,
gateway=const.DEF_GW)
utils.add_fwippool(self,
context,
name=db_fip.floating_ip_address,
vdom=const.EXT_VDOM,
startip=db_fip.floating_ip_address)
utils.add_fwaddress(self,
context,
name=mappedip,
vdom=const.EXT_VDOM,
subnet="%s 255.255.255.255" % mappedip)
db_fwpolicy = utils.add_fwpolicy(
self,
context,
vdom=const.EXT_VDOM,
srcintf=ext_intf,
srcaddr=mappedip,
dstintf=self._fortigate['ext_interface'],
poolname=db_fip.floating_ip_address)
utils.head_firewall_policy(self,
context,
vdom=const.EXT_VDOM,
id=db_fwpolicy.edit_id)
utils.add_fwippool(self,
context,
name=mappedip,
vdom=db_namespace.vdom,
startip=mappedip)
except Exception as e:
with excutils.save_and_reraise_exception():
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
