예제 #1
0
    def process_port_security(self, context, port):
        subnet_id = port['fixed_ips'][0]['subnet_id']
        subnet_mapping = nuagedb.get_subnet_l2dom_by_id(
            context.session, subnet_id)
        vport = self._get_nuage_vport(port, subnet_mapping, required=False)
        if not vport:
            return
        if port.get(portsecurity.PORTSECURITY):
            self.client.update_vport_policygroups(vport['ID'], [])
            return

        l2dom_id, l3dom_id = get_l2_and_l3_sub_id(subnet_mapping)
        rtr_id = None
        if l3dom_id:
            rtr_id = (self.client.get_nuage_domain_id_from_subnet(l3dom_id))

        params = {
            'l2dom_id': l2dom_id,
            'l3dom_id': l3dom_id,
            'rtr_id': rtr_id,
            'type': '',
            'sg_type': constants.HARDWARE
        }
        policygroup_id = self.client.create_nuage_sec_grp_for_no_port_sec(
            params)
        self.client.update_vport_policygroups(vport['ID'], [policygroup_id])
예제 #2
0
    def process_port_redirect_target(self, context, port, rtargets,
                                     n_rtargets_ids):
        if not is_attr_set(rtargets):
            port[ext_rtarget.REDIRECTTARGETS] = []
            return
        subnet_mapping = nuagedb.get_subnet_l2dom_by_id(
            context.session, port['fixed_ips'][0]['subnet_id'])
        for n_rtarget_id in n_rtargets_ids:
            l2dom_id = subnet_mapping['nuage_subnet_id']
            l3dom_id = subnet_mapping['nuage_subnet_id']
            try:
                params = {'neutron_port_id': port['id']}

                l2_id, l3_id = get_l2_and_l3_sub_id(subnet_mapping)
                params['l2dom_id'] = l2_id
                params['l3dom_id'] = l3_id

                nuage_port = self.vsdclient.get_nuage_vport_by_neutron_id(
                    params)
                nuage_port['l2dom_id'] = l2dom_id
                nuage_port['l3dom_id'] = l3dom_id
                if nuage_port and nuage_port.get('ID'):
                    self.vsdclient.update_nuage_vport_redirect_target(
                        n_rtarget_id, nuage_port.get('ID'))
            except Exception:
                raise

        port[ext_rtarget.REDIRECTTARGETS] = (list(n_rtargets_ids)
                                             if n_rtargets_ids else [])
예제 #3
0
    def delete_gw_host_vport(self, context, port, subnet_mapping):
        port_params = {
            'neutron_port_id': port['id']
        }

        # Check if l2domain/subnet exist. In case of router_interface_delete,
        # subnet is deleted and then call comes to delete_port. In that
        # case, we just return
        vsd_subnet = self.vsdclient.get_nuage_subnet_by_mapping(subnet_mapping)
        if not vsd_subnet:
            return

        if self._is_vsd_mgd(subnet_mapping):
            port_params['l2dom_id'] = subnet_mapping['nuage_subnet_id']
            port_params['l3dom_id'] = subnet_mapping['nuage_subnet_id']
        else:
            l2_id, l3_id = get_l2_and_l3_sub_id(subnet_mapping)
            port_params['l2dom_id'] = l2_id
            port_params['l3dom_id'] = l3_id
        nuage_vport = self.vsdclient.get_nuage_vport_by_neutron_id(
            port_params, required=False)
        if nuage_vport and (nuage_vport['type'] == constants.HOST_VPORT):
            def_netpart = cfg.CONF.RESTPROXY.default_net_partition_name
            netpart = nuagedb.get_default_net_partition(context, def_netpart)
            self.vsdclient.delete_nuage_gateway_vport(
                context,
                nuage_vport.get('ID'),
                netpart['id'])
예제 #4
0
    def _delete_port_redirect_target_bindings(self, context, port_id):
        port = self.core_plugin.get_port(context, port_id)
        subnet_id = port['fixed_ips'][0]['subnet_id']
        subnet_mapping = nuagedb.get_subnet_l2dom_by_id(
            context.session, subnet_id)
        if subnet_mapping:
            l2dom_id, l3dom_id = get_l2_and_l3_sub_id(subnet_mapping)

            params = {
                'neutron_port_id': port_id,
                'l2dom_id': l2dom_id,
                'l3dom_id': l3dom_id
            }
            self.vsdclient.delete_port_redirect_target_bindings(params)
예제 #5
0
    def delete_subnet_postcommit(self, context):
        db_context = context._plugin_context
        subnet = context.current
        network = context.network.current
        mapping = context.nuage_mapping
        dual_stack_subnet = context.dual_stack_subnet
        if not mapping:
            return

        if self._is_os_mgd(mapping):
            if network.get('nuage_l2bridge'):
                with db_context.session.begin(subtransactions=True):
                    l2bridge = nuagedb.get_nuage_l2bridge_blocking(
                        db_context.session, network['nuage_l2bridge'])
                    attempt = 0
                    while True:
                        try:
                            bridged_subnets = (
                                nuagedb.get_subnets_for_nuage_l2bridge(
                                    db_context.session, l2bridge['id']))
                            break
                        except db_exc.DBDeadlock:
                            if attempt < 25:
                                LOG.debug("Retrying to get bridged subnets"
                                          " due to Deadlock.")
                                attempt += 1
                                time.sleep(0.2)
                                continue
                            msg = ("Chance of a hanging L2Domain on VSD for"
                                   "resource nuage-l2bridge: %s",
                                   l2bridge['id'])
                            raise Exception(msg)
                    ipv4s = [
                        s['id'] for s in bridged_subnets
                        if self._is_ipv4(s) and s['id'] != subnet['id']
                    ]
                    ipv6s = [
                        s['id'] for s in bridged_subnets
                        if self._is_ipv6(s) and s['id'] != subnet['id']
                    ]
                    if ((self._is_ipv4(subnet) and ipv4s)
                            or (self._is_ipv6(subnet) and ipv6s)):
                        return
                    elif not ipv4s and not ipv6s:
                        l2bridge['nuage_subnet_id'] = None
                    else:
                        # Delete subnet from dualstack on vsd
                        dual_stack_subnet = self.core_plugin.get_subnet(
                            db_context, ipv4s[0] if ipv4s else ipv6s[0])
            if dual_stack_subnet:
                v4 = v6 = None
                if self._is_ipv4(subnet):
                    v6 = dual_stack_subnet
                else:
                    v4 = dual_stack_subnet
                self.vsdclient.delete_subnet(mapping=mapping,
                                             ipv4_subnet=v4,
                                             ipv6_subnet=v6)
                return
            else:
                l2_id, l3_sub_id = get_l2_and_l3_sub_id(mapping)
                self.vsdclient.delete_subnet(l3_vsd_subnet_id=l3_sub_id,
                                             l2dom_id=l2_id,
                                             mapping=mapping)
        else:
            # VSD managed could be ipv6 + ipv4. If only one of the 2 is
            # deleted, the use permission should not be removed yet.
            # Also, there can be multiple subnets mapped to same VSD subnet.
            clean_groups = True
            other_mappings = nuagedb.get_subnet_l2doms_by_nuage_id(
                db_context.session, mapping['nuage_subnet_id'])

            if other_mappings:
                for other_mapping in other_mappings:
                    other_subnet = context._plugin.get_subnet(
                        db_context, other_mapping['subnet_id'])
                    if subnet['tenant_id'] == other_subnet['tenant_id']:
                        clean_groups = False
                        break

            if clean_groups:
                self._cleanup_group(db_context, mapping['net_partition_id'],
                                    mapping['nuage_subnet_id'], subnet)