def create_port_precommit(self, mech_context):
"""Create logical port on the fortigate (db update)."""
LOG.debug("create_port_precommit: called")
port = mech_context.current
LOG.debug("create_port_precommit mech_context = %s", mech_context)
context = mech_context._plugin_context
namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=port['tenant_id'])
port_id = port['id']
subnet_id = port['fixed_ips'][0]['subnet_id']
ip_address = port['fixed_ips'][0]['ip_address']
mac = port['mac_address']
db_subnetv2 = fortinet_db.query_record(context,
models_v2.Subnet,
id=subnet_id)
if port['device_owner'] in ['network:router_gateway']:
if fortinet_db.query_record(context,
ext_db.ExternalNetwork,
network_id=port['network_id']):
utils.set_ext_gw(self, context, port)
elif port['device_owner'] in ['compute:nova', 'compute:None', '']:
# add dhcp related functions
# '': create port before associate the port with a vm
utils.add_reservedip(self,
context,
port_id=port_id,
subnet_id=subnet_id,
mac=mac,
ip=ip_address,
vdom=namespace.vdom)
elif port['device_owner'] in ['network:router_interface']:
if db_subnetv2.cidr:
cidr = netaddr.IPNetwork(db_subnetv2.cidr)
subnet = ' '.join([str(cidr.network), str(cidr.netmask)])
utils.add_fwaddress(self,
context,
vdom=namespace.vdom,
name=str(cidr.network),
subnet=subnet)
addrgrp_name = const.PREFIX['addrgrp'] + namespace.vdom
utils.add_addrgrp(self,
context,
name=addrgrp_name,
vdom=namespace.vdom,
members=[str(cidr.network)])
utils.add_fwpolicy(self,
context,
vdom=namespace.vdom,
srcintf='any',
srcaddr=addrgrp_name,
dstintf='any',
dstaddr=addrgrp_name,
nat='disable')
return
def _add_fwr_ip_address(self,
context,
vdom,
place='source_ip_address',
**fwr):
fwaddress = self._make_fortinet_fwaddress_dict(place=place,
vdom=vdom,
**fwr)
utils.add_fwaddress(self, context, **fwaddress)
return fwaddress
def create_port_precommit(self, mech_context):
"""Create logical port on the fortigate (db update)."""
LOG.debug("create_port_precommit: called")
port = mech_context.current
LOG.debug("create_port_precommit mech_context = %s", mech_context)
context = mech_context._plugin_context
namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=port['tenant_id'])
port_id = port['id']
subnet_id = port['fixed_ips'][0]['subnet_id']
ip_address = port['fixed_ips'][0]['ip_address']
mac = port['mac_address']
db_subnetv2 = fortinet_db.query_record(context, models_v2.Subnet,
id=subnet_id)
if port['device_owner'] in ['network:router_gateway']:
if fortinet_db.query_record(context, ext_db.ExternalNetwork,
network_id=port['network_id']):
utils.set_ext_gw(self, context, port)
elif port['device_owner'] in ['compute:nova', 'compute:None', '']:
# add dhcp related functions
# '': create port before associate the port with a vm
utils.add_reservedip(self, context,
port_id=port_id,
subnet_id=subnet_id,
mac=mac,
ip=ip_address,
vdom=namespace.vdom)
elif port['device_owner'] in ['network:router_interface']:
if db_subnetv2.cidr:
cidr = netaddr.IPNetwork(db_subnetv2.cidr)
subnet = ' '.join([str(cidr.network), str(cidr.netmask)])
utils.add_fwaddress(self, context,
vdom=namespace.vdom,
name=str(cidr.network),
subnet=subnet)
addrgrp_name = const.PREFIX['addrgrp'] + namespace.vdom
utils.add_addrgrp(self, context,
name=addrgrp_name,
vdom=namespace.vdom,
members=[str(cidr.network)])
utils.add_fwpolicy(self, context,
vdom=namespace.vdom,
srcintf='any',
srcaddr=addrgrp_name,
dstintf='any',
dstaddr=addrgrp_name,
nat='disable')
return
def _add_fwr_ip_address(self, context, vdom,
place='source_ip_address', **fwr):
fwaddress = self._make_fortinet_fwaddress_dict(
place=place, vdom=vdom, **fwr)
utils.add_fwaddress(self, context, **fwaddress)
return fwaddress
def _allocate_floatingip(self, context, obj):
"""
1. mapping floatingip to the one of a pair of internal ips based on
the vip function.
2. add another ip of the ip pair to the secondaryip list of
the external interface.
obj example:
{
'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
'router_id': None,
'fixed_ip_address': None,
'floating_ip_address': u'10.160.37.113',
'tenant_id': u'3998b33381fb48f694369689065a3760',
'status': 'DOWN',
'port_id': None,
'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f'
}
The floatingip is a instance of neutron.db.l3_db.FloatingIP, example:
{
tenant_id=u'3998b33381fb48f694369689065a3760',
id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
floating_ip_address=u'10.160.37.111',
floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
fixed_port_id=None,
fixed_ip_address=None,
router_id=None,
last_known_router_id=None,
status=u'DOWN'
}
"""
with context.session.begin(subtransactions=True):
try:
db_namespace = utils.add_vdom(self, context,
tenant_id=obj['tenant_id'])
db_fip = utils.add_record(self, context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=db_namespace.vdom,
floating_ip_address=obj['floating_ip_address'],
vip_name=obj['floating_ip_address'])
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.add_vip(self, context,
vdom=const.EXT_VDOM,
name=db_fip.vip_name,
extip=db_fip.floating_ip_address,
extintf='any',
mappedip=mappedip)
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
utils.add_fwpolicy(self, context,
vdom=const.EXT_VDOM,
dstintf=ext_intf,
dstaddr=db_fip.vip_name,
nat='enable')
utils.add_routerstatic(self, context,
vdom=const.EXT_VDOM,
dst="%s 255.255.255.255" % mappedip,
device=ext_intf,
gateway=const.DEF_GW)
utils.add_fwippool(self, context,
name=db_fip.floating_ip_address,
vdom=const.EXT_VDOM,
startip=db_fip.floating_ip_address)
utils.add_fwaddress(self, context,
name=mappedip,
vdom=const.EXT_VDOM,
subnet="%s 255.255.255.255" % mappedip)
db_fwpolicy = utils.add_fwpolicy(self, context,
vdom=const.EXT_VDOM,
srcintf=ext_intf,
srcaddr=mappedip,
dstintf=self._fortigate['ext_interface'],
poolname=db_fip.floating_ip_address)
utils.head_firewall_policy(self, context,
vdom=const.EXT_VDOM,
id=db_fwpolicy.edit_id)
utils.add_fwippool(self, context,
name=mappedip,
vdom=db_namespace.vdom,
startip=mappedip)
except Exception as e:
with excutils.save_and_reraise_exception():
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _associate_floatingip(self, context, id, floatingip):
try:
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
fixed_ip_address = floatingip['floatingip']['fixed_ip_address']
utils.add_vip(self, context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address,
extip=mappedip,
extintf=int_intf,
mappedip=fixed_ip_address)
db_ip = fortinet_db.query_record(context, models_v2.IPAllocation,
port_id=floatingip['floatingip']['port_id'])
vlan_inf = utils.get_intf(context, db_ip.network_id)
utils.add_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=int_intf,
dstintf=vlan_inf,
dstaddr=db_fip.floating_ip_address,
nat='enable')
utils.add_fwaddress(self, context,
name=fixed_ip_address,
vdom=db_namespace.vdom,
subnet="%s 255.255.255.255" % fixed_ip_address,
associated_interface=vlan_inf)
db_fwpolicy = utils.add_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
if self.enable_fwaas:
fwrass = fortinet_db.Fortinet_FW_Rule_Association.query_one(
context, fwr_id=db_namespace.tenant_id)
default_fwp = getattr(fwrass, 'fortinet_policy', None)
if getattr(default_fwp, 'edit_id', None):
utils.head_firewall_policy(self, context,
vdom=db_namespace.vdom,
id=db_fwpolicy.edit_id,
after=default_fwp.edit_id)
_headed = True
if '_headed' not in locals():
utils.head_firewall_policy(self, context,
vdom=db_namespace.vdom,
id=db_fwpolicy.edit_id)
except Exception as e:
with excutils.save_and_reraise_exception():
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _allocate_floatingip(self, context, obj):
"""
1. mapping floatingip to the one of a pair of internal ips based on
the vip function.
2. add another ip of the ip pair to the secondaryip list of
the external interface.
obj example:
{
'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
'router_id': None,
'fixed_ip_address': None,
'floating_ip_address': u'10.160.37.113',
'tenant_id': u'3998b33381fb48f694369689065a3760',
'status': 'DOWN',
'port_id': None,
'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f'
}
The floatingip is a instance of neutron.db.l3_db.FloatingIP, example:
{
tenant_id=u'3998b33381fb48f694369689065a3760',
id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8',
floating_ip_address=u'10.160.37.111',
floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8',
floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4',
fixed_port_id=None,
fixed_ip_address=None,
router_id=None,
last_known_router_id=None,
status=u'DOWN'
}
"""
with context.session.begin(subtransactions=True):
try:
db_namespace = utils.add_vdom(self,
context,
tenant_id=obj['tenant_id'])
db_fip = utils.add_record(
self,
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
vdom=db_namespace.vdom,
floating_ip_address=obj['floating_ip_address'],
vip_name=obj['floating_ip_address'])
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.add_vip(self,
context,
vdom=const.EXT_VDOM,
name=db_fip.vip_name,
extip=db_fip.floating_ip_address,
extintf='any',
mappedip=mappedip)
int_intf, ext_intf = utils.get_vlink_intf(
self, context, vdom=db_namespace.vdom)
utils.add_fwpolicy(self,
context,
vdom=const.EXT_VDOM,
dstintf=ext_intf,
dstaddr=db_fip.vip_name,
nat='enable')
utils.add_routerstatic(self,
context,
vdom=const.EXT_VDOM,
dst="%s 255.255.255.255" % mappedip,
device=ext_intf,
gateway=const.DEF_GW)
utils.add_fwippool(self,
context,
name=db_fip.floating_ip_address,
vdom=const.EXT_VDOM,
startip=db_fip.floating_ip_address)
utils.add_fwaddress(self,
context,
name=mappedip,
vdom=const.EXT_VDOM,
subnet="%s 255.255.255.255" % mappedip)
db_fwpolicy = utils.add_fwpolicy(
self,
context,
vdom=const.EXT_VDOM,
srcintf=ext_intf,
srcaddr=mappedip,
dstintf=self._fortigate['ext_interface'],
poolname=db_fip.floating_ip_address)
utils.head_firewall_policy(self,
context,
vdom=const.EXT_VDOM,
id=db_fwpolicy.edit_id)
utils.add_fwippool(self,
context,
name=mappedip,
vdom=db_namespace.vdom,
startip=mappedip)
except Exception as e:
with excutils.save_and_reraise_exception():
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _associate_floatingip(self, context, id, floatingip):
try:
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self,
context,
vdom=db_namespace.vdom)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
fixed_ip_address = floatingip['floatingip']['fixed_ip_address']
utils.add_vip(self,
context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address,
extip=mappedip,
extintf=int_intf,
mappedip=fixed_ip_address)
db_ip = fortinet_db.query_record(
context,
models_v2.IPAllocation,
port_id=floatingip['floatingip']['port_id'])
vlan_inf = utils.get_intf(context, db_ip.network_id)
utils.add_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=int_intf,
dstintf=vlan_inf,
dstaddr=db_fip.floating_ip_address,
nat='enable')
utils.add_fwaddress(self,
context,
name=fixed_ip_address,
vdom=db_namespace.vdom,
subnet="%s 255.255.255.255" % fixed_ip_address,
associated_interface=vlan_inf)
db_fwpolicy = utils.add_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
if self.enable_fwaas:
fwrass = fortinet_db.Fortinet_FW_Rule_Association.query_one(
context, fwr_id=db_namespace.tenant_id)
default_fwp = getattr(fwrass, 'fortinet_policy', None)
if getattr(default_fwp, 'edit_id', None):
utils.head_firewall_policy(self,
context,
vdom=db_namespace.vdom,
id=db_fwpolicy.edit_id,
after=default_fwp.edit_id)
_headed = True
if '_headed' not in locals():
utils.head_firewall_policy(self,
context,
vdom=db_namespace.vdom,
id=db_fwpolicy.edit_id)
except Exception as e:
with excutils.save_and_reraise_exception():
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
