def _update_session_persistence(self, old_pool, pool, c, context):
# didn't exist, does exist, create
if not old_pool or (not old_pool.session_persistence
and pool.session_persistence):
p = handler_persist.PersistHandler(c, context, pool, old_pool)
p.create()
return
# existed, change, delete and recreate
if (old_pool.session_persistence and pool.session_persistence
and old_pool.session_persistence.type !=
pool.session_persistence.type):
p = handler_persist.PersistHandler(c, context, old_pool)
p.delete()
p = handler_persist.PersistHandler(c, context, pool)
p.create()
return
# didn't exist, does exist now, create
if old_pool.session_persistence and not pool.session_persistence:
p = handler_persist.PersistHandler(c, context, pool)
p.create()
return
# didn't exist, doesn't exist
# did exist, does exist, didn't change
return
def delete(self, context, pool):
with a10.A10DeleteContext(self, context, pool) as c:
for member in pool.members:
self.a10_driver.member._delete(c, context, member)
LOG.debug("handler_pool.delete(): Checking pool health monitor...")
if pool.healthmonitor:
LOG.debug("handler_pool.delete(): HM: %s" %
(pool.healthmonitor))
self.a10_driver.hm._delete(c, context, pool.healthmonitor)
c.client.slb.service_group.delete(self._meta_name(pool))
handler_persist.PersistHandler(c, context, pool,
self._meta_name(pool)).delete()
def _set(self, set_method, c, context, pool):
p = handler_persist.PersistHandler(c, context, pool)
p.create()
args = {'service_group': self.meta(pool, 'service_group', {})}
set_method(self._meta_name(pool),
protocol=a10_os.service_group_protocol(c, pool.protocol),
lb_method=a10_os.service_group_lb_method(
c, pool.lb_algorithm),
axapi_args=args)
# session persistence might need a vport update
if pool.listener:
pool.listener.default_pool_id = pool.listener.default_pool_id or pool.id
self.a10_driver.listener._update(c, context, pool.listener)
def delete(self, context, pool):
with a10.A10DeleteContext(self, context, pool) as c:
for member in pool.members:
self.a10_driver.member._delete(c, context, member)
LOG.debug("handler_pool.delete(): Checking pool health monitor...")
if pool.healthmonitor:
# The pool.healthmonitor we get doesn't have a pool
# Make a new one with the hm as the root
hm = copy.copy(pool.healthmonitor)
hm.pool = copy.copy(pool)
hm.pool.healthmonitor = None
LOG.debug("handler_pool.delete(): HM: %s" % hm)
self.a10_driver.hm._delete(c, context, hm)
try:
c.client.slb.service_group.delete(self._meta_name(pool))
except (acos_errors.NotFound, acos_errors.NoSuchServiceGroup):
pass
handler_persist.PersistHandler(c, context, pool,
self._meta_name(pool)).delete()
def _set(self, set_method, c, context, listener):
if self.barbican_client is None:
self.barbican_client = certwrapper.CertManagerWrapper(handler=self)
status = c.client.slb.UP
if not listener.admin_state_up:
status = c.client.slb.DOWN
templates = self.meta(listener, "template", {})
server_args = {}
cert_data = dict()
if listener.protocol and listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS:
if self._set_terminated_https_values(listener, c, cert_data):
templates["client_ssl"] = {}
template_name = str(cert_data.get('template_name', ''))
key_passphrase = str(cert_data.get('cert_pass', ''))
cert_filename = str(cert_data.get('cert_filename', ''))
key_filename = str(cert_data.get('key_filename', ''))
else:
LOG.error("Could not created terminated HTTPS endpoint.")
if 'client_ssl' in templates:
try:
c.client.slb.template.client_ssl.create(template_name,
cert=cert_filename,
key=key_filename)
except acos_errors.Exists:
c.client.slb.template.client_ssl.update(
template_name,
cert=cert_filename,
key=key_filename,
passphrase=key_passphrase)
if 'server_ssl' in templates:
server_args = {'server_ssl_template': templates['server_ssl']}
try:
c.client.slb.template.server_ssl.create(template_name,
cert_filename,
key_filename,
axapi_args=server_args)
except acos_errors.Exists:
c.client.slb.template.server_ssl.update(template_name,
cert_filename,
key_filename,
axapi_args=server_args)
try:
pool_name = self._pool_name(context,
pool_id=listener.default_pool_id)
except Exception:
pool_name = None
persistence = handler_persist.PersistHandler(c, context,
listener.default_pool)
vport_meta = self.meta(listener.loadbalancer, 'vip_port', {})
vport_args = axapi_mappings._vport(vport_meta, c.device_cfg)
try:
set_method(self.a10_driver.loadbalancer._name(
listener.loadbalancer),
self._meta_name(listener),
protocol=openstack_mappings.vip_protocols(
c, listener.protocol),
port=listener.protocol_port,
service_group_name=pool_name,
s_pers_name=persistence.s_persistence(),
c_pers_name=persistence.c_persistence(),
status=status,
axapi_args=vport_args)
except acos_errors.Exists:
pass
def _set(self, set_method, c, context, listener):
status = c.client.slb.UP
if not listener.admin_state_up:
status = c.client.slb.DOWN
templates = self.meta(listener, "template", {})
server_args = {}
cert_data = dict()
template_args = {}
protocol = openstack_mappings.vip_protocols(c, listener.protocol)
binding = None
os_name = listener.name or None
# Try Barbican first. TERMINATED HTTPS requires a default TLS container ID that is
# checked by the API so we can't fake it out.
if listener.protocol and listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS:
if self._set_terminated_https_values(listener, c, cert_data):
templates["client_ssl"] = {}
template_name = str(cert_data.get('template_name') or '')
key_passphrase = str(cert_data.get('key_pass') or '')
cert_filename = str(cert_data.get('cert_filename') or '')
key_filename = str(cert_data.get('key_filename') or '')
else:
LOG.error("Could not created terminated HTTPS endpoint.")
# Else, set it up as an HTTP endpoint and attach the A10 cert data.
elif (self.a10_driver.config.get('use_database') and listener.protocol and
listener.protocol in [constants.PROTOCOL_HTTPS,
constants.PROTOCOL_HTTP,
constants.PROTOCOL_TCP]):
try:
binding = self.cert_db.get_binding_for_listener(context, listener.id)
except Exception as ex:
LOG.exception(ex)
if binding:
# if the binding is being deleted and the listener wasn't created as https,
# remove the https port to make room for the original port
if binding.status == constants.STATUS_DELETING:
if (protocol != c.client.slb.virtual_server.vport.HTTPS):
self._delete_listener(c, context, listener,
c.client.slb.virtual_server.vport.HTTPS)
set_method = c.client.slb.virtual_server.vport.create
elif self._set_a10_https_values(listener, c, cert_data, binding):
# If the binding hasn't been created and the port isn't https
# remove the port and re-create it as https.
if (binding.status == constants.STATUS_CREATING and
protocol != c.client.slb.virtual_server.vport.HTTPS):
self._delete_listener(c, context, listener, protocol)
set_method = c.client.slb.virtual_server.vport.create
protocol = c.client.slb.virtual_server.vport.HTTPS
templates["client_ssl"] = {}
template_name = str(cert_data.get('template_name') or '')
key_passphrase = str(cert_data.get('key_pass') or '')
cert_filename = str(cert_data.get('cert_filename') or '')
key_filename = str(cert_data.get('key_filename') or '')
template_args["template_client_ssl"] = template_name
if 'client_ssl' in templates:
template_args["template_client_ssl"] = template_name
try:
c.client.slb.template.client_ssl.create(
template_name,
cert=cert_filename,
key=key_filename,
passphrase=key_passphrase)
except acos_errors.Exists:
c.client.slb.template.client_ssl.update(template_name, cert=cert_filename,
key=key_filename, passphrase=key_passphrase)
if 'server_ssl' in templates:
server_args = {'server_ssl_template': templates['server_ssl']}
template_args["template_server_ssl"] = template_name
try:
c.client.slb.template.server_ssl.create(
template_name,
cert_filename,
key_filename,
passphrase=key_passphrase,
axapi_args=server_args)
except acos_errors.Exists:
c.client.slb.template.server_ssl.update(template_name,
cert_filename,
key_filename,
passphrase=key_passphrase,
axapi_args=server_args)
try:
pool_name = self._pool_name(context, pool_id=listener.default_pool_id)
except Exception:
pool_name = None
persistence = handler_persist.PersistHandler(
c, context, listener.default_pool)
# This doesn't do anything anymore.
vport_meta = self.meta(listener.loadbalancer, 'vip_port', {})
template_args.update(**self._get_vport_defaults(c, os_name))
try:
set_method(
self.a10_driver.loadbalancer._name(listener.loadbalancer),
self._meta_name(listener),
protocol=protocol,
port=listener.protocol_port,
service_group_name=pool_name,
s_pers_name=persistence.s_persistence(),
c_pers_name=persistence.c_persistence(),
status=status,
autosnat=c.device_cfg.get('autosnat'),
ipinip=c.device_cfg.get('ipinip'),
source_nat_pool=c.device_cfg.get('source_nat_pool'),
# Device-level defaults
vport_defaults=self._get_vport_defaults(c, os_name),
axapi_body=vport_meta,
**template_args)
except acos_errors.Exists:
pass