def setup_env(self): """ :return: """ # Prepare a fortigate vdom for external network in advance session = db_api.get_session() try: utils.add_vdom(self, session, vdom=const.EXT_VDOM, tenant_id=const.FAKE_TENANT_ID) utils.set_vlanintf(self, session, vdom=const.EXT_VDOM, name=self.cfg.ext_interface) except Exception as e: utils.rollback_on_err(self, session, e) raise e utils.update_status(self, session, t_consts.TaskStatus.COMPLETED)
def Fortinet_init(self): """Fortinet specific initialization for this class.""" LOG.debug("FortinetMechanismDriver_init") self._fortigate = config.fgt_info self._driver = config.get_apiclient() for key in const.FORTINET_PARAMS: self.sync_conf_to_db(key) session = db_api.get_session() try: utils.add_vdom(self, session, vdom=const.EXT_VDOM, tenant_id=const.FAKE_TENANT_ID) utils.set_vlanintf(self, session, vdom=const.EXT_VDOM, name=self._fortigate['ext_interface']) except Exception as e: utils._rollback_on_err(self, session, e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name) utils.update_status(self, session, t_consts.TaskStatus.COMPLETED)
def Fortinet_init(self): """Fortinet specific initialization for this class.""" LOG.debug("FortinetMechanismDriver_init") self._fortigate = config.fgt_info self._driver = config.get_apiclient() for key in const.FORTINET_PARAMS: self.sync_conf_to_db(key) session = db_api.get_session() try: utils.add_vdom(self, session, vdom=const.EXT_VDOM, tenant_id=const.FAKE_TENANT_ID) utils.set_vlanintf(self, session, vdom=const.EXT_VDOM, name=self._fortigate['ext_interface']) except Exception as e: utils._rollback_on_err(self, session, e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name) utils.update_status(self, session, t_consts.TaskStatus.COMPLETED)
def create_router(self, context, router): LOG.debug("create_router: router=%s" % (router)) # Limit one router per tenant if not router.get('router', None): return tenant_id = router['router']['tenant_id'] with context.session.begin(subtransactions=True): try: namespace = utils.add_vdom(self, context, tenant_id=tenant_id) utils.add_vlink(self, context, namespace.vdom) except Exception as e: LOG.error("Failed to create_router router=%(router)s", {"router": router}) resources.Exinfo(e) utils.rollback_on_err(self, context, e) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def create_router(self, context, router): LOG.debug("create_router: router=%s" % (router)) # Limit one router per tenant if not router.get('router', None): return tenant_id = router['router']['tenant_id'] with context.session.begin(subtransactions=True): try: namespace = utils.add_vdom(self, context, tenant_id=tenant_id) utils.add_vlink(self, context, namespace.vdom) except Exception as e: LOG.error("Failed to create_router router=%(router)s", {"router": router}) resources.Exinfo(e) utils._rollback_on_err(self, context, e) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def create_network_postcommit(self, mech_context): """Create Network as a portprofile on the fortigate.""" LOG.debug("create_network_postcommit: called") network = mech_context.current if network["router:external"]: # TODO(samsu) return # use network_id to get the network attributes # ONLY depend on our db for getting back network attributes # this is so we can replay postcommit from db network_name = network['name'] tenant_id = network['tenant_id'] segment = mech_context.network_segments[0] LOG.debug( "network is created in tenant %(tenant_id)s," "segment id is %(segment)s", { "tenant_id": tenant_id, "segment": segment['segmentation_id'] }) # currently supports only one segment per network if segment['network_type'] != 'vlan': raise Exception( _("Fortinet Mechanism: failed to create network," "only network type vlan is supported")) vlanid = segment['segmentation_id'] context = mech_context._plugin_context try: namespace = utils.add_vdom(self, context, tenant_id=tenant_id) if not namespace: raise inf_name = const.PREFIX['inf'] + str(vlanid) utils.add_vlanintf(self, context, name=inf_name, vdom=namespace.vdom, vlanid=vlanid, interface=self._fortigate['int_interface'], alias=network_name, network_id=network['id']) except Exception as e: utils._rollback_on_err(self, context, e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def create_router(self, context, router): LOG.debug("create_router: router=%s", router) # Limit one router per tenant if not router.get('router', None): return tenant_id = router['router']['tenant_id'] if fortinet_db.query_count(context, l3_db.Router, tenant_id=tenant_id): raise Exception(_("FortinetL3ServicePlugin:create_router " "Only support one router per tenant")) with context.session.begin(subtransactions=True): try: namespace = utils.add_vdom(self, context, tenant_id=tenant_id) utils.add_vlink(self, context, namespace.vdom) except Exception as e: with excutils.save_and_reraise_exception(): LOG.error(_LE("Failed to create_router router=%(router)s"), {"router": router}) utils._rollback_on_err(self, context, e) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED) return super(FortinetL3ServicePlugin, self).\ create_router(context, router)
def create_router(self, context, router): LOG.debug("create_router: router=%s", router) # Limit one router per tenant if not router.get('router', None): return tenant_id = router['router']['tenant_id'] if fortinet_db.query_count(context, l3_db.Router, tenant_id=tenant_id): raise Exception( _("FortinetL3ServicePlugin:create_router " "Only support one router per tenant")) with context.session.begin(subtransactions=True): try: namespace = utils.add_vdom(self, context, tenant_id=tenant_id) utils.add_vlink(self, context, namespace.vdom) except Exception as e: with excutils.save_and_reraise_exception(): LOG.error(_LE("Failed to create_router router=%(router)s"), {"router": router}) utils._rollback_on_err(self, context, e) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED) return super(FortinetL3ServicePlugin, self).\ create_router(context, router)
def create_network_postcommit(self, mech_context): """Create Network as a portprofile on the fortigate.""" LOG.debug("create_network_postcommit: called") network = mech_context.current if network["router:external"]: # TODO(samsu) return # use network_id to get the network attributes # ONLY depend on our db for getting back network attributes # this is so we can replay postcommit from db network_name = network['name'] tenant_id = network['tenant_id'] segment = mech_context.network_segments[0] # currently supports only one segment per network if segment['network_type'] != 'vlan': raise Exception(_("Fortinet Mechanism: failed to create network," "only network type vlan is supported")) vlanid = segment['segmentation_id'] context = mech_context._plugin_context try: namespace = utils.add_vdom(self, context, tenant_id=tenant_id) if not namespace: raise # TODO(samsu): type driver support vlan only, # need to check later inf_name = const.PREFIX['inf'] + str(vlanid) utils.add_vlanintf(self, context, name=inf_name, vdom=namespace.vdom, vlanid=vlanid, interface=self.fortigate.cfg['int_interface'], alias=network_name) except Exception as e: utils.rollback_on_err(self, context, e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _allocate_floatingip(self, context, obj): """ 1. mapping floatingip to the one of a pair of internal ips based on the vip function. 2. add another ip of the ip pair to the secondaryip list of the external interface. obj example: { 'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8', 'router_id': None, 'fixed_ip_address': None, 'floating_ip_address': u'10.160.37.113', 'tenant_id': u'3998b33381fb48f694369689065a3760', 'status': 'DOWN', 'port_id': None, 'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f' } The floatingip is a instance of neutron.db.l3_db.FloatingIP, example: { tenant_id=u'3998b33381fb48f694369689065a3760', id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8', floating_ip_address=u'10.160.37.111', floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8', floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4', fixed_port_id=None, fixed_ip_address=None, router_id=None, last_known_router_id=None, status=u'DOWN' } """ with context.session.begin(subtransactions=True): try: db_namespace = utils.add_vdom(self, context, tenant_id=obj['tenant_id']) db_fip = utils.add_record(self, context, fortinet_db.Fortinet_FloatingIP_Allocation, vdom=db_namespace.vdom, floating_ip_address=obj['floating_ip_address'], vip_name=obj['floating_ip_address']) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.add_vip(self, context, vdom=const.EXT_VDOM, name=db_fip.vip_name, extip=db_fip.floating_ip_address, extintf='any', mappedip=mappedip) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) utils.add_fwpolicy(self, context, vdom=const.EXT_VDOM, dstintf=ext_intf, dstaddr=db_fip.vip_name, nat='enable') utils.add_routerstatic(self, context, vdom=const.EXT_VDOM, dst="%s 255.255.255.255" % mappedip, device=ext_intf, gateway=const.DEF_GW) utils.add_fwippool(self, context, name=db_fip.floating_ip_address, vdom=const.EXT_VDOM, startip=db_fip.floating_ip_address) utils.add_fwaddress(self, context, name=mappedip, vdom=const.EXT_VDOM, subnet="%s 255.255.255.255" % mappedip) db_fwpolicy = utils.add_fwpolicy(self, context, vdom=const.EXT_VDOM, srcintf=ext_intf, srcaddr=mappedip, dstintf=self._fortigate['ext_interface'], poolname=db_fip.floating_ip_address) utils.head_firewall_policy(self, context, vdom=const.EXT_VDOM, id=db_fwpolicy.edit_id) utils.add_fwippool(self, context, name=mappedip, vdom=db_namespace.vdom, startip=mappedip) except Exception as e: with excutils.save_and_reraise_exception(): utils._rollback_on_err(self, context, e) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _allocate_floatingip(self, context, obj): """ 1. mapping floatingip to the one of a pair of internal ips based on the vip function. 2. add another ip of the ip pair to the secondaryip list of the external interface. obj example: { 'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8', 'router_id': None, 'fixed_ip_address': None, 'floating_ip_address': u'10.160.37.113', 'tenant_id': u'3998b33381fb48f694369689065a3760', 'status': 'DOWN', 'port_id': None, 'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f' } The floatingip is a instance of neutron.db.l3_db.FloatingIP, example: { tenant_id=u'3998b33381fb48f694369689065a3760', id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8', floating_ip_address=u'10.160.37.111', floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8', floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4', fixed_port_id=None, fixed_ip_address=None, router_id=None, last_known_router_id=None, status=u'DOWN' } """ with context.session.begin(subtransactions=True): try: db_namespace = utils.add_vdom(self, context, tenant_id=obj['tenant_id']) db_fip = utils.add_record( self, context, fortinet_db.Fortinet_FloatingIP_Allocation, vdom=db_namespace.vdom, floating_ip_address=obj['floating_ip_address'], vip_name=obj['floating_ip_address']) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.add_vip(self, context, vdom=const.EXT_VDOM, name=db_fip.vip_name, extip=db_fip.floating_ip_address, extintf='any', mappedip=mappedip) int_intf, ext_intf = utils.get_vlink_intf( self, context, vdom=db_namespace.vdom) utils.add_fwpolicy(self, context, vdom=const.EXT_VDOM, dstintf=ext_intf, dstaddr=db_fip.vip_name, nat='enable') utils.add_routerstatic(self, context, vdom=const.EXT_VDOM, dst="%s 255.255.255.255" % mappedip, device=ext_intf, gateway=const.DEF_GW) utils.add_fwippool(self, context, name=db_fip.floating_ip_address, vdom=const.EXT_VDOM, startip=db_fip.floating_ip_address) utils.add_fwaddress(self, context, name=mappedip, vdom=const.EXT_VDOM, subnet="%s 255.255.255.255" % mappedip) db_fwpolicy = utils.add_fwpolicy( self, context, vdom=const.EXT_VDOM, srcintf=ext_intf, srcaddr=mappedip, dstintf=self._fortigate['ext_interface'], poolname=db_fip.floating_ip_address) utils.head_firewall_policy(self, context, vdom=const.EXT_VDOM, id=db_fwpolicy.edit_id) utils.add_fwippool(self, context, name=mappedip, vdom=db_namespace.vdom, startip=mappedip) except Exception as e: with excutils.save_and_reraise_exception(): utils._rollback_on_err(self, context, e) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)