def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() super(BaGPipeMechanismDriver, self).__init__(n_const.AGENT_TYPE_LINUXBRIDGE, portbindings.VIF_TYPE_BRIDGE, {portbindings.CAP_PORT_FILTER: sg_enabled}) self.agent_notify = bagpipe_rpc_client.BaGPipeAgentNotifyAPI()
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() hybrid_plug_required = (not cfg.CONF.SECURITYGROUP.firewall_driver or cfg.CONF.SECURITYGROUP.firewall_driver in (IPTABLES_FW_DRIVER_FULL, 'iptables_hybrid')) and sg_enabled vif_details = { portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: hybrid_plug_required } # NOTE(moshele): Bind DIRECT (SR-IOV) port allows # to offload the OVS flows using tc to the SR-IOV NIC. # We are using OVS mechanism driver because the openvswitch (>=2.8.0) # support hardware offload via tc and that allow us to manage the VF by # OpenFlow control plane using representor net-device. super(OpenvswitchMechanismDriver, self).__init__(constants.AGENT_TYPE_OVS, portbindings.VIF_TYPE_OVS, vif_details) # TODO(lajoskatona): move this blacklisting to # SimpleAgentMechanismDriverBase. By that e blacklisting and validation # of the vnic_types would be available for all mechanism drivers. self.supported_vnic_types = self.blacklist_supported_vnic_types( vnic_types=[portbindings.VNIC_NORMAL, portbindings.VNIC_DIRECT], blacklist=cfg.CONF.OVS_DRIVER.vnic_type_blacklist) LOG.info("%s's supported_vnic_types: %s", self.agent_type, self.supported_vnic_types) ovs_qos_driver.register() log_driver.register()
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() hybrid_plug_required = (not cfg.CONF.SECURITYGROUP.firewall_driver or cfg.CONF.SECURITYGROUP.firewall_driver in ( IPTABLES_FW_DRIVER_FULL, 'iptables_hybrid')) and sg_enabled vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: hybrid_plug_required} # NOTE(moshele): Bind DIRECT (SR-IOV) port allows # to offload the OVS flows using tc to the SR-IOV NIC. # We are using OVS mechanism driver because the openvswitch (>=2.8.0) # support hardware offload via tc and that allow us to manage the VF by # OpenFlow control plane using representor net-device. super(OpenvswitchMechanismDriver, self).__init__( constants.AGENT_TYPE_OVS, portbindings.VIF_TYPE_OVS, vif_details) # TODO(lajoskatona): move this blacklisting to # SimpleAgentMechanismDriverBase. By that e blacklisting and validation # of the vnic_types would be available for all mechanism drivers. self.supported_vnic_types = self.blacklist_supported_vnic_types( vnic_types=[portbindings.VNIC_NORMAL, portbindings.VNIC_DIRECT], blacklist=cfg.CONF.OVS_DRIVER.vnic_type_blacklist ) LOG.info("%s's supported_vnic_types: %s", self.agent_type, self.supported_vnic_types) ovs_qos_driver.register() log_driver.register()
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() vif_details = { portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.VIF_DETAILS_CONNECTIVITY: portbindings.CONNECTIVITY_L2 } # NOTE(moshele): Bind DIRECT (SR-IOV) port allows # to offload the OVS flows using tc to the SR-IOV NIC. # We are using OVS mechanism driver because the openvswitch (>=2.8.0) # support hardware offload via tc and that allow us to manage the VF by # OpenFlow control plane using representor net-device. supported_vnic_types = [ portbindings.VNIC_NORMAL, portbindings.VNIC_DIRECT, portbindings.VNIC_SMARTNIC, portbindings.VNIC_VHOST_VDPA, ] prohibit_list = cfg.CONF.OVS_DRIVER.vnic_type_prohibit_list super(OpenvswitchMechanismDriver, self).__init__(constants.AGENT_TYPE_OVS, portbindings.VIF_TYPE_OVS, vif_details, supported_vnic_types=supported_vnic_types, vnic_type_prohibit_list=prohibit_list) ovs_qos_driver.register() log_driver.register()
def __init__(self): self.agent_type = nsxv3_constants.NSXV3_AGENT_TYPE LOG.info("Initializing Mechanism Driver Type=" + str(self.agent_type)) self.context = context.get_admin_context_without_session() sg_enabled = securitygroups_rpc.is_firewall_enabled() LOG.info("Security Gruop Enabled=" + str(sg_enabled)) self.vif_type = portbindings.VIF_TYPE_OVS self.vif_details = { portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.VIF_DETAILS_CONNECTIVITY: portbindings.CONNECTIVITY_L2 } self.rpc = nsxv3_rpc.NSXv3AgentRpcClient(self.context) self.trunk = nsxv3_trunk.NSXv3TrunkDriver.create() self.qos = nsxv3_qos.NSXv3QosDriver.create(self.rpc) self.logging = nsxv3_logging.NSXv3LogDriver.create(self.rpc) # Register the log driver at Neutron logging api drivers manager importutils.import_module('neutron.services.logapi.common.sg_validate') manager.register(resources.SECURITY_GROUP, self.logging.register_callback_handler) LOG.info("Successfully registered NSXV3 log driver.") super(VMwareNSXv3MechanismDriver, self).__init__(self.agent_type, self.vif_type, self.vif_details) LOG.info("Initialized Mechanism Driver Type = " + str(self.agent_type))
def _get_base_binding_dict(self): sg_enabled = sg_rpc.is_firewall_enabled() vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: sg_enabled} binding = {portbindings.VIF_TYPE: portbindings.VIF_TYPE_OVS, portbindings.VIF_DETAILS: vif_details} return binding
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.VIF_DETAILS_CONNECTIVITY: portbindings.CONNECTIVITY_L2} # NOTE(moshele): Bind DIRECT (SR-IOV) port allows # to offload the OVS flows using tc to the SR-IOV NIC. # We are using OVS mechanism driver because the openvswitch (>=2.8.0) # support hardware offload via tc and that allow us to manage the VF by # OpenFlow control plane using representor net-device. super(OpenvswitchMechanismDriver, self).__init__( constants.AGENT_TYPE_OVS, portbindings.VIF_TYPE_OVS, vif_details) # TODO(lajoskatona): move this prohibition to # SimpleAgentMechanismDriverBase. By that, prohibition and validation # of the vnic_types would be available for all mechanism drivers. self.supported_vnic_types = self.prohibit_list_supported_vnic_types( vnic_types=[portbindings.VNIC_NORMAL, portbindings.VNIC_DIRECT, portbindings.VNIC_SMARTNIC], prohibit_list=cfg.CONF.OVS_DRIVER.vnic_type_prohibit_list ) LOG.info("%s's supported_vnic_types: %s", self.agent_type, self.supported_vnic_types) ovs_qos_driver.register() log_driver.register()
def _extend_port_dict_binding(self, context, port): cfg_vif_type = cfg.CONF.NOVA.vif_type.lower() if not cfg_vif_type in (portbindings.VIF_TYPE_OVS, portbindings.VIF_TYPE_IVS): LOG.warning(_("Unrecognized vif_type in configuration " "[%s]. Defaulting to ovs."), cfg_vif_type) cfg_vif_type = portbindings.VIF_TYPE_OVS # In ML2, the host_id is already populated if portbindings.HOST_ID in port: hostid = port[portbindings.HOST_ID] elif 'id' in port: hostid = porttracker_db.get_port_hostid(context, port['id']) else: hostid = None if hostid: port[portbindings.HOST_ID] = hostid override = self._check_hostvif_override(hostid) if override: cfg_vif_type = override port[portbindings.VIF_TYPE] = cfg_vif_type sg_enabled = sg_rpc.is_firewall_enabled() port[portbindings.VIF_DETAILS] = { # TODO(rkukura): Replace with new VIF security details portbindings.CAP_PORT_FILTER: 'security-group' in self.supported_extension_aliases, portbindings.OVS_HYBRID_PLUG: sg_enabled } return port
def __init__(self, context, plugin_rpc): self.context = context self.plugin_rpc = plugin_rpc if sg_rpc.is_firewall_enabled(): self.init_firewall() self._setup_rpc()
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() super(LinuxbridgeMechanismDriver, self).__init__( constants.AGENT_TYPE_LINUXBRIDGE, portbindings.VIF_TYPE_BRIDGE, {portbindings.CAP_PORT_FILTER: sg_enabled}) lb_qos_driver.register()
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() super(LinuxbridgeMechanismDriver, self).__init__( constants.AGENT_TYPE_LINUXBRIDGE, 'tap', # const merge in I718f514e1673544114063af5e1a14ec29bf3274d {portbindings.CAP_PORT_FILTER: sg_enabled}) lb_qos_driver.register()
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() hybrid_plug_required = (not cfg.CONF.SECURITYGROUP.firewall_driver or cfg.CONF.SECURITYGROUP.firewall_driver in (IPTABLES_FW_DRIVER_FULL, 'iptables_hybrid')) and sg_enabled vif_details = { portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: hybrid_plug_required } # NOTE(moshele): Bind DIRECT (SR-IOV) port allows # to offload the OVS flows using tc to the SR-IOV NIC. # We are using OVS mechanism driver because the openvswitch (>=2.8.0) # support hardware offload via tc and that allow us to manage the VF by # OpenFlow control plane using representor net-device. super(OpenvswitchMechanismDriver, self).__init__(constants.AGENT_TYPE_OVS, portbindings.VIF_TYPE_OVS, vif_details, supported_vnic_types=[ portbindings.VNIC_NORMAL, portbindings.VNIC_DIRECT ]) ovs_qos_driver.register() log_driver.register()
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() super(SrMechanismDriver, self).__init__(AGENT_TYPE_SR, portbindings.VIF_TYPE_TAP, {portbindings.CAP_PORT_FILTER: sg_enabled}) self.sr_rpc_api = sr_rpc.SrAgentApi(topics.AGENT) self.vrf_allocation = None
def _extend_port_dict_binding(self, context, port): cfg_vif_type = cfg.CONF.NOVA.vif_type.lower() if cfg_vif_type not in (portbindings.VIF_TYPE_OVS, portbindings.VIF_TYPE_IVS): LOG.warning( _LW("Unrecognized vif_type in configuration " "[%s]. Defaulting to ovs."), cfg_vif_type) cfg_vif_type = portbindings.VIF_TYPE_OVS # In ML2, the host_id is already populated if portbindings.HOST_ID in port: hostid = port[portbindings.HOST_ID] elif 'id' in port: hostid = porttracker_db.get_port_hostid(context, port['id']) else: hostid = None if hostid: port[portbindings.HOST_ID] = hostid override = self._check_hostvif_override(hostid) if override: cfg_vif_type = override port[portbindings.VIF_TYPE] = cfg_vif_type sg_enabled = sg_rpc.is_firewall_enabled() port[portbindings.VIF_DETAILS] = { # TODO(rkukura): Replace with new VIF security details portbindings.CAP_PORT_FILTER: 'security-group' in self.supported_extension_aliases, portbindings.OVS_HYBRID_PLUG: sg_enabled } return port
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() super(LinuxbridgeMechanismDriver, self).__init__(constants.AGENT_TYPE_LINUXBRIDGE, portbindings.VIF_TYPE_BRIDGE, {portbindings.CAP_PORT_FILTER: sg_enabled}) lb_qos_driver.register()
def __init__(self, context, plugin_rpc): # Note: as rootwrap is not supported on HyperV, root_helper is # passed in as None. super(HyperVSecurityAgent, self).__init__(context, plugin_rpc, root_helper=None) if sg_rpc.is_firewall_enabled(): self._setup_rpc()
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: sg_enabled} super(OpenvswitchMechanismDriver, self).__init__( constants.AGENT_TYPE_OVS, portbindings.VIF_TYPE_OVS, vif_details)
def __init__(self): super(OVSvHostVFIOMechanismDriver, self).__init__() sg_enabled = securitygroups_rpc.is_firewall_enabled() hybrid_plug_required = False self.agent_type = AGENT_TYPE self.vif_details = { portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: hybrid_plug_required}
def __init__(self, context, plugin_rpc): super(HyperVSecurityAgent, self).__init__() self.context = context self.plugin_rpc = plugin_rpc if sg_rpc.is_firewall_enabled(): self.init_firewall() self._setup_rpc()
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() hybrid_plug_required = ( cfg.CONF.SECURITYGROUP.firewall_driver in (IPTABLES_FW_DRIVER_FULL, "iptables_hybrid") ) and sg_enabled vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: hybrid_plug_required} super(OpenvswitchMechanismDriver, self).__init__( constants.AGENT_TYPE_OVS, portbindings.VIF_TYPE_OVS, vif_details )
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: sg_enabled} super(FortinetMechanismDriver, self).__init__(constants.AGENT_TYPE_OVS, portbindings.VIF_TYPE_OVS, vif_details) self._driver = None self._fortigate = None self.task_manager = tasks.TaskManager() self.task_manager.start()
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() vif_details = { portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.VIF_DETAILS_CONNECTIVITY: portbindings.CONNECTIVITY_L2 } super(LinuxbridgeMechanismDriver, self).__init__(constants.AGENT_TYPE_LINUXBRIDGE, portbindings.VIF_TYPE_BRIDGE, vif_details) lb_qos_driver.register()
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: sg_enabled} super(FakeAgentMechanismDriver, self).__init__( # NOTE(yamamoto): l2pop driver has a hardcoded list of # supported agent types. constants.AGENT_TYPE_OFA, portbindings.VIF_TYPE_OVS, vif_details)
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() hybrid_plug_required = (cfg.CONF.SECURITYGROUP.firewall_driver in ( IPTABLES_FW_DRIVER_FULL, 'iptables_hybrid')) and sg_enabled vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: hybrid_plug_required} super(OpenvswitchMechanismDriver, self).__init__( constants.AGENT_TYPE_OVS, portbindings.VIF_TYPE_OVS, vif_details)
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() super(BaGPipeMechanismDriver, self).__init__( n_const.AGENT_TYPE_LINUXBRIDGE, portbindings.VIF_TYPE_BRIDGE, {portbindings.CAP_PORT_FILTER: sg_enabled}) if cfg.CONF.ml2_bagpipe.as_number != -1: raise Exception( "bagpipe AS configuration must be done on neutron l2 agents, " "in [ml2_bagpipe_extension]")
def initialize(self): LOG.info("initializing TerraMechanismDriver") self.client = TerraRestClient.create_client() self._vif_details = { portbindings.CAP_PORT_FILTER: securitygroups_rpc.is_firewall_enabled(), } self.physical_network = cfg.CONF.ml2_terra.physical_network self.complete_binding = cfg.CONF.ml2_terra.complete_binding self.binding_level = cfg.CONF.ml2_terra.binding_level self.l2_vni_pool = cfg.CONF.ml2_terra.l2_vni_pool_name self._call_client = call_client LOG.info("TerraMechanismDriver initialized")
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() vif_details = { portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: sg_enabled } super(FakeAgentMechanismDriver, self).__init__( # NOTE(yamamoto): l2pop driver has a hardcoded list of # supported agent types. constants.AGENT_TYPE_OFA, portbindings.VIF_TYPE_OVS, vif_details)
def __init__(self): self.vif_type = dvs_const.DVS sg_enabled = securitygroups_rpc.is_firewall_enabled() self.vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: sg_enabled} self.context = context.get_admin_context_without_session() self.dvs_notifier = dvs_agent_rpc_api.DVSClientAPI(self.context) LOG.info(_LI('DVS_notifier')) super(VMwareDVSMechanismDriver, self).__init__( dvs_const.AGENT_TYPE_DVS, self.vif_type, self.vif_details)
def __init__(self): self.vif_type = dvs_const.DVS sg_enabled = securitygroups_rpc.is_firewall_enabled() self.vif_details = { portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: sg_enabled } self.context = context.get_admin_context_without_session() self.dvs_notifier = dvs_agent_rpc_api.DVSClientAPI(self.context) LOG.info(_LI('DVS_notifier')) super(VMwareDVSMechanismDriver, self).__init__(dvs_const.AGENT_TYPE_DVS, self.vif_type, self.vif_details)
def __init__(self): LOG.debug("Initializing Mech Driver.") self.romana_url = cfg.CONF.romana.url sg_enabled = securitygroups_rpc.is_firewall_enabled() self.vif_type = VIF_TYPE_TAP self.vif_details = {pb.CAP_PORT_FILTER: sg_enabled} self.supported_network_types = [ p_constants.TYPE_LOCAL, p_constants.TYPE_FLAT ] super(RomanaMechanismDriver, self).__init__(constants.AGENT_TYPE_DHCP, self.vif_type, self.vif_details) LOG.debug("Initialized Mech Driver.")
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() vif_details = { portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: sg_enabled } super(FortinetMechanismDriver, self).__init__(constants.AGENT_TYPE_OVS, portbindings.VIF_TYPE_OVS, vif_details) self._driver = None self._fortigate = None self.task_manager = tasks.TaskManager() self.task_manager.start()
def initialize(self, connection, driver_type): """Perform Agent Extension initialization""" self.conf = cfg.CONF int_br = self.agent_api.request_int_br() self.vlan_manager = vlanmanager.LocalVlanManager() fw_l2_driver_cls = self._load_l2_driver_class(driver_type) sg_enabled = securitygroups_rpc.is_firewall_enabled() self.driver = manager.NeutronManager.load_class_for_provider( FWAAS_L2_DRIVER, fw_l2_driver_cls)(int_br, sg_enabled) self.plugin_rpc = FWaaSL2PluginApi(consts.FIREWALL_PLUGIN, self.conf.host) self.start_rpc_listeners() self.fwg_map = PortFirewallGroupMap()
def delete_port_postcommit(self, current, original, segment): try: dvs = self._lookup_dvs_for_context(segment) except exceptions.NoDVSForPhysicalNetwork: raise exceptions.InvalidSystemState( details=_("Port %(port_id)s belong to VMWare VM, but there is " "no mapping from network to DVS.") % {"port_id": current["id"]} ) else: if sg_rpc.is_firewall_enabled(): key = current.get("binding:vif_details", {}).get("dvs_port_key") if key: dvs.remove_block(key) else: dvs.release_port(current)
def __init__(self): LOG.info(_LI("VMware DVS mechanism driver initializing...")) self.agent_type = dvs_constants.AGENT_TYPE_DVS self.vif_type = dvs_constants.DVS sg_enabled = securitygroups_rpc.is_firewall_enabled() self.vif_details = { portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: sg_enabled, } super(VMwareDVSMechanismDriver, self).__init__(self.agent_type, self.vif_type, self.vif_details) LOG.info(_LI("VMware DVS mechanism driver initialized..."))
def delete_port_postcommit(self, current, original, segment): try: dvs = self._lookup_dvs_for_context(segment) except exceptions.NoDVSForPhysicalNetwork: raise exceptions.InvalidSystemState( details=_('Port %(port_id)s belong to VMWare VM, but there is ' 'no mapping from network to DVS.') % {'port_id': current['id']}) else: if sg_rpc.is_firewall_enabled(): key = current.get('binding:vif_details', {}).get('dvs_port_key') if key: dvs.remove_block(key) else: dvs.release_port(current)
def __init__(self): LOG.info(_LI("VMware DVS mechanism driver initializing...")) self.agent_type = dvs_constants.AGENT_TYPE_DVS self.vif_type = dvs_constants.DVS self.version = 1 sg_enabled = securitygroups_rpc.is_firewall_enabled() self.vif_details = { portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: sg_enabled, } self.context = context.get_admin_context_without_session() self.dvs_notifier = dvs_agent_rpc_api.DVSClientAPI(self.context) super(VMwareDVSMechanismDriver, self).__init__(self.agent_type, self.vif_type, self.vif_details) LOG.info(_LI("VMware DVS mechanism driver initialized..."))
def __init__(self): sg_enabled = securitygroups_rpc.is_firewall_enabled() hybrid_plug_required = (not cfg.CONF.SECURITYGROUP.firewall_driver or cfg.CONF.SECURITYGROUP.firewall_driver in ( IPTABLES_FW_DRIVER_FULL, 'iptables_hybrid')) and sg_enabled vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled, portbindings.OVS_HYBRID_PLUG: hybrid_plug_required} # NOTE(moshele): Bind DIRECT (SR-IOV) port allows # to offload the OVS flows using tc to the SR-IOV NIC. # We are using OVS mechanism driver because the openvswitch (>=2.8.0) # support hardware offload via tc and that allow us to manage the VF by # OpenFlow control plane using representor net-device. super(OpenvswitchMechanismDriver, self).__init__( constants.AGENT_TYPE_OVS, portbindings.VIF_TYPE_OVS, vif_details, supported_vnic_types=[portbindings.VNIC_NORMAL, portbindings.VNIC_DIRECT]) ovs_qos_driver.register() log_driver.register()
def __init__(self, context, plugin_rpc): super(VBoxSecurityAgent, self).__init__(context, plugin_rpc) if sg_rpc.is_firewall_enabled(): self._setup_rpc()
def __init__(self, context, plugin_rpc, root_helper): super(HyperVSecurityAgent, self).__init__(context, plugin_rpc, root_helper) if sg_rpc.is_firewall_enabled(): self._setup_rpc()