def get_fw_info(self): fw_main_data = [] LOGGER.info("Getting firewall rules info for all csep and Data Center...") print "Getting firewall rules info for all csep and Data Center..." sites = DBSession.query(Site) if sites[0]: LOGGER.info("Got the site. Site name is " + to_str(sites[0L].name)) site_id = sites[0L].id site_name = sites[0L].name nw_service_host = get_cms_network_service_node() if nw_service_host: fw = self.get_firewall(site_id) fw.set_chain_name(site_name) fw_data = self.dump(fw) fw_main_data.append(fw_data) csep_list = DBSession.query(CSEP) for each_csep in csep_list: LOGGER.info("Got the CSEP. CSEP name is " + to_str(each_csep.name)) nw_service_host = each_csep.get_nw_service_host() if nw_service_host: fw = self.get_firewall(each_csep.id) fw.set_chain_name(each_csep.name) fw_data = self.dump(fw) fw_main_data.append(fw_data) return fw_main_data
def add_firewall_for_entity(self, entity_id): LOGGER.info("Add firewall for CSEP/ Data Center...") if entity_id: csep = DBSession.query(CSEP).filter_by(id=entity_id).first() if csep: LOGGER.info("Got CSEP") nw_service_host = csep.get_nw_service_host() if nw_service_host: fw = IptablesManager(csep.name) self.fw_map[entity_id] = fw LOGGER.info("Firewall is added to CSEP") self.set_nw_service_host(fw, nw_service_host) LOGGER.info("Network service host is added to firewall") return fw dc = DBSession.query(Site).filter_by(id=entity_id).first() if dc: LOGGER.info("Got DC") nw_service_host = get_cms_network_service_node() if nw_service_host: fw = IptablesManager(dc.name) self.fw_map[entity_id] = fw LOGGER.info("Firewall is added to DC") self.set_nw_service_host(fw, nw_service_host) LOGGER.info("Network service host is added to firewall") return fw
def init_firewall_for_all_csep(self): LOGGER.info("Applying firewall rules for all csep and Data Center...") print "Applying firewall rules for all CSEP and Data Center..." sites = DBSession.query(Site) if sites[0]: LOGGER.info("Got the site. Site name is " + to_str(sites[0].name)) site_id = sites[0].id site_name = sites[0].name nw_service_host = get_cms_network_service_node() if nw_service_host: fw = IptablesManager(site_name) self.fw_map[site_id] = fw self.set_nw_service_host(fw, nw_service_host) self.dump(fw) csep_list = DBSession.query(CSEP) for each_csep in csep_list: csep_id = each_csep.id LOGGER.info("Got the CSEP. CSEP name is " + to_str(each_csep.name)) nw_service_host = each_csep.get_nw_service_host() fw = None if nw_service_host: fw = IptablesManager(each_csep.name) self.fw_map[csep_id] = fw self.set_nw_service_host(fw, nw_service_host) nw_def_list = DBSession.query(CSEPDefLink).filter_by(csep_id=csep_id) for each_def in nw_def_list: nw_def_id = each_def.def_id self.set_firewall_for_network(csep_id, nw_def_id) ip_list = self.get_associated_public_ips(csep_id) for ip in ip_list: public_ip = IPManager().remove_cidr_format_from_ip(ip.ip) nw_vm_rel = DBSession.query(NetworkVMRelation).filter_by(public_ip_id=ip.id).first() if nw_vm_rel: ip_rec = IPS.get_ip_by_id(nw_vm_rel.private_ip_id) if ip_rec: private_ip = IPManager().remove_cidr_format_from_ip(ip_rec.ip) self.set_firewall_for_public_ip_mapping(csep_id, public_ip, private_ip) if fw: self.dump(fw)
def delete_defn(self, defn, auth, defType, def_manager, grid_manager): LOGGER.info('Deleting definition...') #from stackone.cloud.DbModel.platforms.cms.CSEP import CSEP from stackone.model.SyncDefinition import SyncDef scope = defn.scope logical_delete = False if defn.is_deleted==True: vm_id = None ext_nw_svc_host = None csep_id = None if defType==constants.NETWORK: if defn.scope==constants.SCOPE_CP: csep_defn = DBSession.query(CSEPDefLink).filter_by(def_id=defn.id).first() if csep_defn: csep_id = csep_defn.csep_id csep = DBSession.query(CSEP).filter_by(id=csep_id).first() if csep: ext_nw_svc_host = csep.get_nw_service_host() else: ext_nw_svc_host = get_cms_network_service_node() if ext_nw_svc_host: if ext_nw_svc_host.is_up() and not ext_nw_svc_host.maintenance: LOGGER.info('Syncing network service host - ' + to_str(ext_nw_svc_host.hostname)) group_id = None site_id = None defType = constants.NETWORK op = constants.DETACH update_status = True errs = [] processor = None sync_forcefully = None use_auth = False SyncDef().sync_node_defn(auth, ext_nw_svc_host, group_id, site_id, defn, defType, op, def_manager, update_status, errs, processor, sync_forcefully, csep_id, use_auth) def_manager.remove_defn_dependencies(csep_id, defn.id, vm_id) else: LOGGER.info('Network Service Node (' + to_str(ext_nw_svc_host.hostname) + ') is down') logical_delete = True if scope==constants.SCOPE_S: node_defn = DBSession.query(ServerDefLink).filter_by(def_id=defn.id, def_type=defType, status=constants.OUT_OF_SYNC).first() if node_defn: node = grid_manager.getNode(auth, node_defn.server_id) if node: LOGGER.info('Definition ' + defn.name + ' is OUT_OF_SYNC on the server ' + node.hostname) else: LOGGER.info('Allowing to delete definition...') DBSession.query(ServerDefLink).filter_by(def_id=defn.id, def_type=defType).delete() grid_manager.remove_vm_links_to_storage(defn.id) def_manager.remove_storage_disk(defn.id) DBSession.delete(defn) elif scope==constants.SCOPE_SP: rowGroupDef = DBSession.query(SPDefLink).filter_by(def_id=defn.id, def_type=defType).first() if rowGroupDef: if rowGroupDef.oos_count>0: LOGGER.info('Definition is OUT_OF_SYNC at server pool level') else: LOGGER.info('Allowing to delete definition...') DBSession.query(SPDefLink).filter_by(def_id=defn.id, def_type=defType).delete() DBSession.query(ServerDefLink).filter_by(def_id=defn.id, def_type=defType).delete() grid_manager.remove_vm_links_to_storage(defn.id) def_manager.remove_storage_disk(defn.id) if logical_delete: DBSession.delete(defn) elif scope==constants.SCOPE_DC: rowGroupDef = DBSession.query(DCDefLink).filter_by(def_id=defn.id, def_type=defType).first() if rowGroupDef: if rowGroupDef.oos_count>0: LOGGER.info('Definition is OUT_OF_SYNC at data center level') else: LOGGER.info('Allowing to delete definition...') DBSession.query(DCDefLink).filter_by(def_id=defn.id, def_type=defType).delete() DBSession.query(SPDefLink).filter_by(def_id=defn.id, def_type=defType).delete() DBSession.query(ServerDefLink).filter_by(def_id=defn.id, def_type=defType).delete() grid_manager.remove_vm_links_to_storage(defn.id) def_manager.remove_storage_disk(defn.id) DBSession.query(Storage_Stats).filter_by(storage_id=defn.id).delete() group_defn = DBSession.query(DCDefLink).filter_by(def_id=defn.id, def_type=defType).first() if not group_defn: node_defn = DBSession.query(ServerDefLink).filter_by(def_id=defn.id, def_type=defType).first() if not logical_delete and not node_defn: DBSession.delete(defn) transaction.commit() if scope==constants.SCOPE_CP: rowGroupDef = DBSession.query(CSEPDefLink).filter_by(def_id=defn.id, def_type=defType).first() if rowGroupDef: if rowGroupDef.oos_count>0: LOGGER.info('Definition is OUT_OF_SYNC at csep level') else: LOGGER.info('Allowing to delete definition...') if not logical_delete: DBSession.query(CSEPDefLink).filter_by(def_id=defn.id, def_type=defType).delete() DBSession.query(SPDefLink).filter_by(def_id=defn.id, def_type=defType).delete() DBSession.query(ServerDefLink).filter_by(def_id=defn.id, def_type=defType).delete() grid_manager.remove_vm_links_to_storage(defn.id) def_manager.remove_storage_disk(defn.id) DBSession.query(Storage_Stats).filter_by(storage_id=defn.id).delete() csep_defn = DBSession.query(CSEPDefLink).filter_by(def_id=defn.id, def_type=defType).first() if not csep_defn: node_defn = DBSession.query(ServerDefLink).filter_by(def_id=defn.id, def_type=defType).first() if not logical_delete and not node_defn: DBSession.delete(defn) transaction.commit()