def update_l7rule(self, l7rule, service_object, bigips):
LOG.debug("L7PolicyService:update_l7rule")
# get l7policy for rule
lbaas_service = LbaasServiceObject(service_object)
l7policy = lbaas_service.get_l7policy(l7rule.get('policy_id', ''))
if l7policy:
# re-create policy with updated rule
self.update_l7policy(l7policy, service_object, bigips)
def _assure_l7policies_created(self, service):
if 'l7policies' not in service:
return
listener_policy_map = dict()
bigips = self.driver.get_config_bigips()
lbaas_service = LbaasServiceObject(service)
l7policies = service['l7policies']
LOG.debug("L7 debug: processing policies: %s", l7policies)
for l7policy in l7policies:
LOG.debug("L7 debug: assuring policy: %s", l7policy)
name = l7policy.get('name', None)
if not self.esd.is_esd(name):
listener_id = l7policy.get('listener_id', None)
if not listener_id or listener_id in listener_policy_map:
LOG.debug(
"L7 debug: listener policies already added: %s",
listener_id)
continue
listener_policy_map[listener_id] = \
self.l7service.build_policy(l7policy, lbaas_service)
for listener_id, policy in listener_policy_map.items():
error = False
if policy['f5_policy'].get('rules', list()):
error = self.l7service.create_l7policy(
policy['f5_policy'], bigips)
for p in service['l7policies']:
if self._is_not_pending_delete(p):
if not error:
self._set_status_as_active(p, force=True)
else:
self._set_status_as_error(p)
loadbalancer = service.get('loadbalancer', {})
if not error:
listener = lbaas_service.get_listener(listener_id)
if listener:
listener['f5_policy'] = policy['f5_policy']
else:
loadbalancer['provisioning_status'] = \
constants_v2.F5_ERROR
def delete_l7policy(self, l7policy, service_object, bigips):
LOG.debug("L7PolicyService:delete_l7policy")
stack = []
event = 'DELETE_L7POLICY'
lbaas_service = LbaasServiceObject(service_object)
# only need name/partition for delete
l7policy_adapter = L7PolicyServiceAdapter(self.conf)
f5_l7policy = l7policy_adapter.translate_name(l7policy)
stack.append(L7PolicyBuilder(event, f5_l7policy))
if l7policy['listener_id']:
# remove L7 policy from virtual server
listener = lbaas_service.get_listener(l7policy['listener_id'])
listener_adapter = ListenerAdapter(self.conf)
f5_vs = listener_adapter.translate(
lbaas_service, listener, l7policy=l7policy)
stack.append(VirtualServerBuilder(event, f5_vs))
self._process_stack(stack, bigips)
def create_l7policy(self, l7policy, service_object, bigips):
LOG.debug("L7PolicyService: create_l7policy")
stack = []
event = 'CREATE_L7POLICY'
lbaas_service = LbaasServiceObject(service_object)
if l7policy['listener_id']:
# add L7 policy to virtual server
listener = lbaas_service.get_listener(l7policy['listener_id'])
listener_adapter = ListenerAdapter(self.conf)
f5_vs = listener_adapter.translate(
lbaas_service, listener, l7policy=l7policy)
stack.append(VirtualServerBuilder(event, f5_vs))
# create L7 policy
try:
l7policy_adapter = L7PolicyServiceAdapter(self.conf)
policies = self.build_policy(l7policy, lbaas_service)
if policies['l7policies']:
f5_l7policy = l7policy_adapter.translate(policies)
stack.append(L7PolicyBuilder(event, f5_l7policy))
else:
# empty policy -- delete wrapper policy on BIG-IPs
self.delete_l7policy(l7policy, service_object, bigips)
return
except PolicyHasNoRules as exc:
# For OpenStack, creating policies and rules are independent
# commands, so this exception is valid. Delete policy because
# it has no rules.
LOG.debug(exc.message)
self.delete_l7policy(l7policy, service_object, bigips)
return
except Exception:
import traceback
LOG.error(traceback.format_exc())
raise
self._process_stack(stack, bigips)
def get_listener_policies(self, service):
"""Return a map of listener L7 policy ids to a list of L7 rules."""
lbaas_service = LbaasServiceObject(service)
listener_policies = list()
listener = service.get('listener', None)
if not listener:
return listener_policies
listener_l7policy_ids = listener.get('l7_policies', list())
LOG.debug("L7 debug: listener policies: %s", listener_l7policy_ids)
for policy in listener_l7policy_ids:
if self.is_esd(policy.get('name')):
continue
listener_policy = lbaas_service.get_l7policy(policy['id'])
LOG.debug("L7 debug: listener policy: %s", listener_policy)
if not listener_policy:
LOG.warning("Referenced L7 policy %s for listener %s not "
"found in service.", policy['id'], listener['id'])
continue
listener_l7policy_rules = list()
rules = listener_policy.get('rules', list())
for rule in rules:
l7policy_rule = lbaas_service.get_l7rule(rule['id'])
if not l7policy_rule:
LOG.warning("Referenced L7 rule %s for policy %s not "
"found in service.", rule['id'], policy['id'])
continue
if l7policy_rule['provisioning_status'] != "PENDING_DELETE":
listener_l7policy_rules.append(l7policy_rule)
listener_policy['l7policy_rules'] = listener_l7policy_rules
listener_policies.append(listener_policy)
return listener_policies
def _assure_l7policies_deleted(self, service):
if 'l7policies' not in service:
return
listener_policy_map = dict()
bigips = self.driver.get_config_bigips()
lbaas_service = LbaasServiceObject(service)
l7policies = service['l7policies']
for l7policy in l7policies:
name = l7policy.get('name', None)
if not self.esd.is_esd(name):
listener_id = l7policy.get('listener_id', None)
if not listener_id or listener_id in listener_policy_map:
continue
listener_policy_map[listener_id] = \
self.l7service.build_policy(l7policy, lbaas_service)
# Clean wrapper policy this is the legacy name of a policy
loadbalancer = service.get('loadbalancer', dict())
tenant_id = loadbalancer.get('tenant_id', "")
try:
wrapper_policy = {
'name': 'wrapper_policy',
'partition': self.service_adapter.get_folder_name(tenant_id)
}
self.l7service.delete_l7policy(wrapper_policy, bigips)
except HTTPError as err:
if err.response.status_code != 404:
LOG.error("Failed to remove wrapper policy: %s", err.message)
except Exception as err:
LOG.error("Failed to remove wrapper policy: %s", err.message)
for _, policy in listener_policy_map.items():
error = False
if not policy['f5_policy'].get('rules', list()):
error = self.l7service.delete_l7policy(policy['f5_policy'],
bigips)
for p in policy['l7policies']:
if self._is_not_pending_delete(p):
if not error:
self._set_status_as_active(p, force=True)
else:
self._set_status_as_error(p)
else:
if error:
self._set_status_as_error(p)
def service_object():
return LbaasServiceObject(service_def)
