def _validate_vip_to_apply(vip_request, update=False, user=None):
vip = get_vip_request_by_id(vip_request.get('id'))
# validate vip with same ipv4 ou ipv6
vip_with_ip = get_vip_request_by_ip(vip.ipv4, vip.ipv6, vip.environmentvip)
vip_with_ip = vip_with_ip.exclude(id=vip.id).exclude(
created=False).distinct()
if vip_with_ip.count() > 0:
raise exceptions.AlreadyVipRequestException()
if update and not vip.created:
raise exceptions.VipRequestNotCreated(vip.id)
if not update and vip.created:
raise exceptions.VipRequestAlreadyCreated(vip.id)
equips = facade_eqpt.get_eqpt_by_envvip(vip_request['environmentvip'])
conf = EnvironmentVip.objects.get(id=vip_request['environmentvip']).conf
if facade_eqpt.all_equipments_are_in_maintenance(equips):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException()
if user:
if not facade_eqpt.all_equipments_can_update_config(equips, user):
raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException(
'User does not have permission to update conf in eqpt. \
Verify the permissions of user group with equipment group. Vip:{}'
.format(vip_request['id']))
cluster_unit = vip.ipv4.networkipv4.cluster_unit if vip.ipv4 else vip.ipv6.networkipv6.cluster_unit
return equips, conf, cluster_unit
def _validate_pool_to_apply(pool, update=False, user=None):
server_pool = ServerPool.objects.get(id=pool['id'])
if not server_pool:
raise exceptions.PoolNotExist()
if update and not server_pool.pool_created:
raise exceptions.PoolNotCreated(server_pool.id)
equips = Equipamento.objects.filter(
maintenance=0,
equipamentoambiente__ambiente__id=server_pool.environment.id,
tipo_equipamento__tipo_equipamento=u'Balanceador').distinct()
if facade_eqpt.all_equipments_are_in_maintenance(equips):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException()
if user:
if not facade_eqpt.all_equipments_can_update_config(equips, user):
raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException(
'User does not have permission to update conf in eqpt. '
'Verify the permissions of user group with equipment '
'group. Pool:{}'.format(pool['id']))
return equips
def deploy_networkipv4(network_id, user):
"""Loads template for creating Network IPv4 equipment configuration,
creates file and apply config.
:param network_id: NetworkIPv4 Id
Returns: List with status of equipments output
"""
try:
netv4_obj = get_networkipv4_by_id(network_id)
routers = netv4_obj.vlan.ambiente.routers
if not routers:
raise exceptions.NoEnvironmentRoutersFoundException()
if facade_eqpt.all_equipments_are_in_maintenance(routers):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException()
if user:
if not facade_eqpt.all_equipments_can_update_config(routers, user):
raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException(
'User does not have permission to update conf in eqpt. '
'Verify the permissions of user group with equipment group'
'.Network:{}'.format(netv4_obj.id))
except ObjectDoesNotExistException, e:
raise ObjectDoesNotExistException(e.detail)
def deploy_networkipv4(network_id, user):
"""Loads template for creating Network IPv4 equipment configuration,
creates file and apply config.
:param network_id: NetworkIPv4 Id
Returns: List with status of equipments output
"""
try:
netv4_obj = get_networkipv4_by_id(network_id)
routers = netv4_obj.vlan.ambiente.routers
if not routers:
raise exceptions.NoEnvironmentRoutersFoundException()
if facade_eqpt.all_equipments_are_in_maintenance(routers):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException()
if user:
if not facade_eqpt.all_equipments_can_update_config(routers, user):
raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException(
'User does not have permission to update conf in eqpt. '
'Verify the permissions of user group with equipment group'
'.Network:{}'.format(netv4_obj.id))
except ObjectDoesNotExistException, e:
raise ObjectDoesNotExistException(e.detail)
def _validate_pool_to_apply(pool, update=False, user=None):
server_pool = ServerPool.objects.get(id=pool['id'])
if not server_pool:
raise exceptions.PoolNotExist()
if update and not server_pool.pool_created:
raise exceptions.PoolNotCreated(server_pool.id)
equips = Equipamento.objects.filter(
maintenance=0,
equipamentoambiente__ambiente__id=server_pool.environment.id,
tipo_equipamento__tipo_equipamento=u'Balanceador').distinct()
if facade_eqpt.all_equipments_are_in_maintenance(equips):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException()
if user:
if not facade_eqpt.all_equipments_can_update_config(equips, user):
raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException(
'User does not have permission to update conf in eqpt. '
'Verify the permissions of user group with equipment '
'group. Pool:{}'.format(pool['id']))
return equips
def get_controller_by_envid(env_id):
""" Get all controllers from a given environment """
q_filter_environment = {
'equipmentcontrollerenvironment__environment': env_id,
'maintenance': 0
}
equips = Equipamento.objects.filter(Q(**q_filter_environment))
if facade_eqpt.all_equipments_are_in_maintenance(equips):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException()
return equips
def get_controller_by_envid(env_id):
""" Get all controllers from a given environment """
q_filter_environment = {
'equipmentcontrollerenvironment__environment': env_id,
'maintenance': 0
}
equips = Equipamento.objects.filter(Q(**q_filter_environment))
if facade_eqpt.all_equipments_are_in_maintenance(equips):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException()
return equips
def _validate_vip_to_apply(vip_request, update=False, user=None):
vip = get_vip_request_by_id(vip_request.get('id'))
# validate vip with same ipv4 ou ipv6
vip_with_ip = get_vip_request_by_ip(vip.ipv4, vip.ipv6, vip.environmentvip)
vip_with_ip = vip_with_ip.exclude(
id=vip.id
).exclude(
created=False
).distinct()
if vip_with_ip.count() > 0:
raise exceptions.AlreadyVipRequestException()
if update and not vip.created:
raise exceptions.VipRequestNotCreated(vip.id)
if not update and vip.created:
raise exceptions.VipRequestAlreadyCreated(vip.id)
equips = facade_eqpt.get_eqpt_by_envvip(vip_request['environmentvip'])
conf = EnvironmentVip.objects.get(id=vip_request['environmentvip']).conf
if facade_eqpt.all_equipments_are_in_maintenance(equips):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException()
if user:
if not facade_eqpt.all_equipments_can_update_config(equips, user):
raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException(
'User does not have permission to update conf in eqpt. \
Verify the permissions of user group with equipment group. Vip:{}'.format(
vip_request['id']))
cluster_unit = vip.ipv4.networkipv4.cluster_unit if vip.ipv4 else vip.ipv6.networkipv6.cluster_unit
return equips, conf, cluster_unit
def undeploy_networkipv4(network_id, user):
"""Loads template for removing Network IPv4 equipment configuration, creates file and
apply config.
:param network_id: NetworkIPv4 Id
Returns: List with status of equipments output
"""
netv4_obj = get_networkipv4_by_id(network_id)
routers = netv4_obj.vlan.ambiente.routers
if not routers:
raise exceptions.NoEnvironmentRoutersFoundException()
if facade_eqpt.all_equipments_are_in_maintenance(routers):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException()
if user:
if not facade_eqpt.all_equipments_can_update_config(routers, user):
raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException(
'User does not have permission to update conf in eqpt. '
'Verify the permissions of user group with equipment group. '
'Network:{}'.format(netv4_obj.id))
# lock network id to prevent multiple requests to same id
with distributedlock(LOCK_NETWORK_IPV4 % netv4_obj.id):
with distributedlock(LOCK_VLAN % netv4_obj.vlan.id):
if netv4_obj.active == 0:
return 'Network already not active. Nothing to do.'
# load dict with all equipment attributes
dict_ips = get_dict_v4_to_use_in_configuration_deploy(
user, netv4_obj, routers)
status_deploy = dict()
# TODO implement threads
for equipment in routers:
# generate config file
file_to_deploy = _generate_config_file(
dict_ips, equipment, TEMPLATE_NETWORKv4_DEACTIVATE)
lockvar = LOCK_EQUIPMENT_DEPLOY_CONFIG_NETWORK_SCRIPT % (
equipment.id)
# deploy config file in equipments
status_deploy[
equipment.id] = deploy_config_in_equipment_synchronous(
file_to_deploy, equipment, lockvar)
netv4_obj.deactivate_v3()
# transaction.commit()
if netv4_obj.vlan.ativada == 1:
# if there are no other networks active in vlan, remove int
# vlan
if not _has_active_network_in_vlan(netv4_obj.vlan):
# remove int vlan
for equipment in routers:
if equipment.maintenance is not True:
pass
# Delete SVI
status_deploy[equipment.id] += _remove_svi(
equipment, netv4_obj.vlan.num_vlan)
# Need verify this call
netv4_obj.vlan.deactivate_v3()
return status_deploy
def networkIPv6_deploy(request, network_id):
"""Deploy network L3 configuration in the environment routers for network ipv6
Receives optional parameter equipments to specify what equipment should
receive network configuration
"""
networkipv6 = NetworkIPv6.get_by_pk(int(network_id))
environment = networkipv6.vlan.ambiente
equipments_id_list = None
if request.DATA is not None:
equipments_id_list = request.DATA.get('equipments', None)
equipment_list = []
if equipments_id_list is not None:
if type(equipments_id_list) is not list:
raise api_exceptions.ValidationException('equipments')
for equip in equipments_id_list:
try:
int(equip)
except ValueError:
raise api_exceptions.ValidationException('equipments')
# Check that equipments received as parameters are in correct vlan
# environment
equipment_list = Equipamento.objects.filter(
equipamentoambiente__ambiente=environment,
id__in=equipments_id_list)
log.info('list = %s' % equipment_list)
if len(equipment_list) != len(equipments_id_list):
log.error(
'Error: equipments %s are not part of network environment.' % equipments_id_list)
raise exceptions.EquipmentIDNotInCorrectEnvException()
else:
# TODO GET network routers
equipment_list = Equipamento.objects.filter(
ipv6equipament__ip__networkipv6=networkipv6,
equipamentoambiente__ambiente=networkipv6.vlan.ambiente,
equipamentoambiente__is_router=1).distinct()
if len(equipment_list) == 0:
raise exceptions.NoEnvironmentRoutersFoundException()
# Check permission to configure equipments
for equip in equipment_list:
# User permission
if not has_perm(request.user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION):
log.error(u'User does not have permission to perform the operation.')
raise PermissionDenied(
'No permission to configure equipment %s-%s' % (equip.id, equip.nome))
if all_equipments_are_in_maintenance(equipment_list):
raise AllEquipmentsAreInMaintenanceException()
try:
# deploy network configuration
if request.method == 'POST':
returned_data = facade.deploy_networkIPv6_configuration(
request.user, networkipv6, equipment_list)
elif request.method == 'DELETE':
returned_data = facade.remove_deploy_networkIPv6_configuration(
request.user, networkipv6, equipment_list)
return Response(returned_data)
except Exception, exception:
log.error(exception)
raise api_exceptions.NetworkAPIException()
def update_real_pool(request):
"""
- update real pool in eqpt
- update data pool in db
"""
pools = request.DATA.get("pools", [])
load_balance = {}
# valid data for save in DB and apply in eqpt
ps, sp = valid_to_save_reals_v2(pools)
for pool in pools:
ids = [p['id'] for p in pool['server_pool_members'] if p['id']]
db_members = ServerPoolMember.objects.filter(id__in=ids)
db_members_remove = ServerPoolMember.objects.filter(server_pool__id=pool['server_pool']['id']).exclude(id__in=ids)
db_members_id = [str(s.id) for s in db_members]
pools_members = list()
for pool_member in pool['server_pool_members']:
if not pool_member['ipv6']:
ip = pool_member['ip']['ip_formated']
else:
ip = pool_member['ipv6']['ip_formated']
if pool_member['id']:
member = db_members[db_members_id.index(str(pool_member['id']))]
if not member.ipv6:
ip_db = member.ip.ip_formated
else:
ip_db = member.ipv6.ip_formated
if member.port_real == pool_member['port_real'] and ip_db == ip:
pools_members.append({
'id': pool_member['id'],
'ip': ip,
'port': pool_member['port_real'],
'limit': pool_member['limit'],
'priority': pool_member['priority'],
'weight': pool_member['weight'],
})
else:
pools_members.append({
'id': None,
'ip': ip_db,
'port': member.port_real,
'remove': 1
})
pools_members.append({
'id': pool_member['id'],
'ip': ip,
'port': pool_member['port_real'],
'limit': pool_member['limit'],
'priority': pool_member['priority'],
'weight': pool_member['weight'],
'new': 1
})
else:
pools_members.append({
'id': None,
'ip': ip,
'port': pool_member['port_real'],
'limit': pool_member['limit'],
'priority': pool_member['priority'],
'weight': pool_member['weight'],
'new': 1
})
# members to remove
for member in db_members_remove:
if not member.ipv6:
ip_db = member.ip.ip_formated
else:
ip_db = member.ipv6.ip_formated
pools_members.append({
'id': member.id,
'ip': ip_db,
'port': member.port_real,
'remove': 1
})
# get eqpts associate with pool
equips = EquipamentoAmbiente.objects.filter(
ambiente__id=pool['server_pool']['environment']['id'],
equipamento__tipo_equipamento__tipo_equipamento=u'Balanceador')
equipment_list = [e.equipamento for e in equips]
if all_equipments_are_in_maintenance(equipment_list):
raise AllEquipmentsAreInMaintenanceException()
for e in equips:
eqpt_id = str(e.equipamento.id)
equipment_access = EquipamentoAcesso.search(
equipamento=e.equipamento.id,
protocolo="https"
).uniqueResult()
equipment = Equipamento.get_by_pk(e.equipamento.id)
plugin = PluginFactory.factory(equipment)
if not load_balance.get(eqpt_id):
load_balance[eqpt_id] = {
'plugin': plugin,
'fqdn': equipment_access.fqdn,
'user': equipment_access.user,
'password': equipment_access.password,
'pools': [],
}
load_balance[eqpt_id]['pools'].append({
'id': pool['server_pool']['id'],
'nome': pool['server_pool']['identifier'],
'lb_method': pool['server_pool']['lb_method'],
'healthcheck': pool['server_pool']['healthcheck'],
'action': pool['server_pool']['servicedownaction']['name'],
'pools_members': pools_members
})
# get ids from pools created
names = [sp[p].id for idx, p in enumerate(ps) if sp[p].pool_created]
environments = [sp[p].id for idx, p in enumerate(ps) if sp[p].pool_created]
# call plugin to change in load balance
for lb in load_balance:
lbe = [l for l in load_balance[lb]['pools'] if l['id'] in names if l['id'] in environments]
if len(lbe) > 0:
json = load_balance[lb]
json['pools'] = lbe
json['plugin'].updatePool(json)
# save pool in DB
for idx in sp:
idx = str(idx)
sp[idx].identifier = ps[idx]['server_pool']['identifier']
sp[idx].environment = Ambiente.objects.get(
id=ps[idx]['server_pool']['environment']['id'])
sp[idx].default_limit = ps[idx]['server_pool']['default_limit']
sp[idx].default_port = ps[idx]['server_pool']['default_port']
sp[idx].lb_method = ps[idx]['server_pool']['lb_method']
sp[idx].servicedownaction = OptionPool.objects.get(
id=ps[idx]['server_pool']['servicedownaction']['id'])
is_healthcheck_valid(ps[idx]['server_pool']['healthcheck'])
ps[idx]['server_pool']['healthcheck'] = ps[idx]['server_pool']['healthcheck']
sp[idx].healthcheck = get_or_create_healthcheck(
request.user,
ps[idx]['server_pool']['healthcheck']['healthcheck_expect'],
ps[idx]['server_pool']['healthcheck']['healthcheck_type'],
ps[idx]['server_pool']['healthcheck']['healthcheck_request'],
ps[idx]['server_pool']['healthcheck']['destination'],
ps[idx]['server_pool']['healthcheck']['identifier'])
sp[idx].save()
members_id = [p['id'] for p in pool['server_pool_members'] for pool in pools if p['id']]
pms = ServerPoolMember.objects.filter(id__in=members_id)
pms_delete = ServerPoolMember.objects.exclude(id__in=members_id).filter(server_pool__id__in=[pool['server_pool']['id'] for pool in pools])
members = dict()
for pool in pools:
for member in pool['server_pool_members']:
if member['id']:
members[str(member['id'])] = member
# update pool members
log.info(pools)
for pm in pms:
if members.get(str(pm.id)):
pm.port_real = members.get(str(pm.id))['port_real']
pm.priority = members.get(str(pm.id))['priority']
pm.weight = members.get(str(pm.id))['weight']
pm.limit = members.get(str(pm.id))['limit']
pm.save()
# delete pool members
for pm in pms_delete:
pm.delete()
# create new pool members
members = [p for p in pool['server_pool_members'] for pool in pools if not p['id']]
for member in members:
pm = ServerPoolMember()
pm.server_pool_id = member['server_pool']['id']
pm.limit = member['limit']
if member['ip']:
pm.ip_id = member['ip']['id']
if member['ipv6']:
pm.ipv6_id = member['ipv6']['id']
pm.identifier = member['identifier']
pm.weight = member['weight']
pm.priority = member['priority']
pm.port_real = member['port_real']
pm.save()
# Save reals
# save_server_pool_member(request.user, sp, list_server_pool_member)
return {}
def delete_real_pool(request):
"""
delete real pool in eqpt
"""
pools = request.DATA.get("pools", [])
load_balance = {}
for pool in pools:
pools_members = []
for pool_member in pool['server_pool_members']:
if pool_member['ipv6'] is None:
ip = pool_member['ip']['ip_formated']
else:
ip = pool_member['ipv6']['ip_formated']
pools_members.append({
'id': pool_member['id'],
'ip': ip,
'port': pool_member['port_real'],
'member_status': pool_member['member_status'],
'limit': pool_member['limit'],
'priority': pool_member['priority'],
'weight': pool_member['weight']
})
equips = EquipamentoAmbiente.objects.filter(
ambiente__id=pool['server_pool']['environment']['id'],
equipamento__tipo_equipamento__tipo_equipamento=u'Balanceador')
equipment_list = [e.equipamento for e in equips]
if all_equipments_are_in_maintenance(equipment_list):
raise AllEquipmentsAreInMaintenanceException()
for e in equips:
eqpt_id = str(e.equipamento.id)
equipment_access = EquipamentoAcesso.search(
equipamento=e.equipamento.id,
protocolo="https"
).uniqueResult()
equipment = Equipamento.get_by_pk(e.equipamento.id)
plugin = PluginFactory.factory(equipment)
if not load_balance.get(eqpt_id):
load_balance[eqpt_id] = {
'plugin': plugin,
'fqdn': equipment_access.fqdn,
'user': equipment_access.user,
'password': equipment_access.password,
'pools': [],
}
load_balance[eqpt_id]['pools'].append({
'id': pool['server_pool']['id'],
'nome': pool['server_pool']['identifier'],
'lb_method': pool['server_pool']['lb_method'],
'healthcheck': pool['server_pool']['healthcheck'],
'action': pool['server_pool']['servicedownaction']['name'],
'pools_members': pools_members
})
for lb in load_balance:
load_balance[lb]['plugin'].deletePool(load_balance[lb])
ids = [pool['server_pool']['id'] for pool in pools]
ServerPool.objects.filter(id__in=ids).update(pool_created=False)
return {}
def get_poolmember_state(servers_pools):
"""
Return Pool Members State
"""
load_balance = {}
for server_pool in servers_pools:
pools_members = []
server_pool_members = ServerPoolMember.objects.filter(
server_pool=server_pool)
for pool_member in server_pool_members:
if pool_member.ipv6 is None:
ip = pool_member.ip.ip_formated
else:
ip = pool_member.ipv6.ip_formated
pools_members.append({
'id': pool_member.id,
'ip': ip,
'port': pool_member.port_real,
'member_status': pool_member.member_status
})
if pools_members:
# pool_name = server_pool.identifier
pool_id = server_pool.id
equips = EquipamentoAmbiente.objects.filter(
ambiente__id=server_pool.environment.id,
equipamento__tipo_equipamento__tipo_equipamento=u'Balanceador')
equipment_list = [e.equipamento for e in equips]
if all_equipments_are_in_maintenance(equipment_list):
raise AllEquipmentsAreInMaintenanceException()
for e in equips:
eqpt_id = str(e.equipamento.id)
equipment_access = EquipamentoAcesso.search(
equipamento=e.equipamento.id,
protocolo="https"
).uniqueResult()
equipment = Equipamento.get_by_pk(e.equipamento.id)
plugin = PluginFactory.factory(equipment)
if not load_balance.get(eqpt_id):
load_balance[eqpt_id] = {
'plugin': plugin,
'fqdn': equipment_access.fqdn,
'user': equipment_access.user,
'password': equipment_access.password,
'pools': [],
}
load_balance[eqpt_id]['pools'].append({
'id': server_pool.id,
'nome': server_pool.identifier,
'pools_members': pools_members
})
for lb in load_balance:
ps = {}
status = {}
# call plugin to get state member
states = load_balance[lb]['plugin'].getStateMember(load_balance[lb])
for idx, state in enumerate(states):
pool_id = load_balance[lb]['pools'][idx]['id']
if not ps.get(pool_id):
ps[pool_id] = {}
status[pool_id] = {}
# populate variable for to verify diff states
for idx_m, st in enumerate(state):
member_id = load_balance[lb]['pools'][idx]['pools_members'][idx_m]['id']
if not ps[pool_id].get(member_id):
ps[pool_id][member_id] = []
ps[pool_id][member_id].append(st)
status[pool_id][member_id] = st
# Verify diff state of pool member in eqpts
for idx in ps:
for idx_m in ps[idx]:
if len(set(ps[idx][idx_m])) > 1:
msg = 'There are states differents in equipments.'
log.error(msg)
raise exceptions.DiffStatesEquipament(msg)
return status
def set_poolmember_state(pools):
"""
Set Pool Members state
"""
try:
load_balance = {}
for pool in pools:
pools_members = []
q_filters = []
for pool_member in pool['server_pool_members']:
port_real = pool_member['port_real']
if pool_member['ipv6'] is None:
ip = pool_member['ip']['ip_formated']
ip_ft = '.'.join(str(x) for x in [
pool_member['ip']['oct1'],
pool_member['ip']['oct2'],
pool_member['ip']['oct3'],
pool_member['ip']['oct4']])
if ip != ip_ft:
raise exceptions.InvalidIpNotExist()
q_filters.append({
'ip__oct1': pool_member['ip']['oct1'],
'ip__oct2': pool_member['ip']['oct2'],
'ip__oct3': pool_member['ip']['oct3'],
'ip__oct4': pool_member['ip']['oct4'],
'port_real': port_real
})
else:
ip = pool_member['ipv6']['ip_formated']
ip_ft = '.'.join(str(x) for x in [
pool_member['ipv6']['block1'],
pool_member['ipv6']['block2'],
pool_member['ipv6']['block3'],
pool_member['ipv6']['block4'],
pool_member['ipv6']['block5'],
pool_member['ipv6']['block6'],
pool_member['ipv6']['block7'],
pool_member['ipv6']['block8']])
if ip != ip_ft:
raise exceptions.InvalidIpNotExist()
q_filters.append({
'ipv6__block1': pool_member['ipv6']['block1'],
'ipv6__block2': pool_member['ipv6']['block2'],
'ipv6__block3': pool_member['ipv6']['block3'],
'ipv6__block4': pool_member['ipv6']['block4'],
'ipv6__block5': pool_member['ipv6']['block5'],
'ipv6__block6': pool_member['ipv6']['block6'],
'ipv6__block7': pool_member['ipv6']['block7'],
'ipv6__block8': pool_member['ipv6']['block8'],
'port_real': port_real
})
pools_members.append({
'id': pool_member['id'],
'ip': ip,
'port': port_real,
'member_status': pool_member['member_status']
})
server_pool_members = ServerPoolMember.objects.filter(
reduce(lambda x, y: x | y, [Q(**q_filter) for q_filter in q_filters]), server_pool=pool['server_pool']['id'])
if len(server_pool_members) != len(pools_members):
raise exceptions.PoolmemberNotExist()
pool_name = pool['server_pool']['identifier']
server_pools = ServerPool.objects.filter(identifier=pool_name)
if not server_pools:
raise exceptions.PoolNotExist()
equips = EquipamentoAmbiente.objects.filter(
ambiente__id=pool['server_pool']['environment']['id'],
equipamento__tipo_equipamento__tipo_equipamento=u'Balanceador')
equipment_list = [e.equipamento for e in equips]
if all_equipments_are_in_maintenance(equipment_list):
raise AllEquipmentsAreInMaintenanceException()
for e in equips:
eqpt_id = str(e.equipamento.id)
equipment_access = EquipamentoAcesso.search(
equipamento=e.equipamento.id,
protocolo="https"
).uniqueResult()
equipment = Equipamento.get_by_pk(e.equipamento.id)
plugin = PluginFactory.factory(equipment)
if not load_balance.get(eqpt_id):
load_balance[eqpt_id] = {
'plugin': plugin,
'fqdn': equipment_access.fqdn,
'user': equipment_access.user,
'password': equipment_access.password,
'pools': [],
}
load_balance[eqpt_id]['pools'].append({
'id': pool['server_pool']['id'],
'nome': pool_name,
'pools_members': pools_members
})
for lb in load_balance:
load_balance[lb]['plugin'].setStateMember(load_balance[lb])
return {}
except Exception, exception:
log.error(exception)
raise exception
def prepare_apply(load_balance, vip, created=True, user=None):
vip_request = copy.deepcopy(vip)
id_vip = str(vip_request.get('id'))
equips, conf, cluster_unit = _validate_vip_to_apply(
vip_request, created, user)
cache_group = OptionVip.objects.get(
id=vip_request.get('options').get('cache_group'))
traffic_return = OptionVip.objects.get(
id=vip_request.get('options').get('traffic_return'))
timeout = OptionVip.objects.get(
id=vip_request.get('options').get('timeout'))
persistence = OptionVip.objects.get(
id=vip_request.get('options').get('persistence'))
if vip_request['ipv4']:
ipv4 = Ip.get_by_pk(vip_request['ipv4']) if vip_request[
'ipv4'] else None
vip_request['ipv4'] = {
'id': ipv4.id,
'ip_formated': ipv4.ip_formated
}
if vip_request['ipv6']:
ipv6 = Ipv6.get_by_pk(vip_request['ipv6']) if vip_request[
'ipv6'] else None
vip_request['ipv6'] = {
'id': ipv6.id,
'ip_formated': ipv6.ip_formated
}
if conf:
conf = json.loads(conf)
vip_request['options'] = dict()
vip_request['options']['cache_group'] = {
'id': cache_group.id,
'nome_opcao_txt': cache_group.nome_opcao_txt
}
vip_request['options']['traffic_return'] = {
'id': traffic_return.id,
'nome_opcao_txt': traffic_return.nome_opcao_txt
}
vip_request['options']['timeout'] = {
'id': timeout.id,
'nome_opcao_txt': timeout.nome_opcao_txt
}
vip_request['options']['persistence'] = {
'id': persistence.id,
'nome_opcao_txt': persistence.nome_opcao_txt
}
vip_request['options']['cluster_unit'] = cluster_unit
try:
vip_request['options']['dscp'] = VipRequestDSCP.objects.get(
vip_request=vip_request['id']
).dscp
except:
vip_request['options']['dscp'] = None
pass
for idx, port in enumerate(vip_request['ports']):
for i, pl in enumerate(port['pools']):
pool = get_pool_by_id(pl['server_pool'])
pool_serializer = pool_slz.PoolV3Serializer(pool)
l7_rule = OptionVip.objects.get(
id=pl['l7_rule']).nome_opcao_txt
healthcheck = pool_serializer.data['healthcheck']
healthcheck['identifier'] = reserve_name_healthcheck(
pool_serializer.data['identifier'])
healthcheck['new'] = True
vip_request['ports'][idx]['pools'][i]['server_pool'] = {
'id': pool_serializer.data['id'],
'nome': pool_serializer.data['identifier'],
'lb_method': pool_serializer.data['lb_method'],
'healthcheck': healthcheck,
'action': pool_serializer.data['servicedownaction']['name'],
'pool_created': pool_serializer.data['pool_created'],
'pools_members': [{
'id': pool_member['id'],
'identifier': pool_member['identifier'],
'ip': pool_member['ip']['ip_formated'] if pool_member['ip'] else pool_member['ipv6']['ip_formated'],
'port': pool_member['port_real'],
'member_status': pool_member['member_status'],
'limit': pool_member['limit'],
'priority': pool_member['priority'],
'weight': pool_member['weight']
} for pool_member in pool_serializer.data['server_pool_members']]
}
vip_request['ports'][idx]['pools'][i]['l7_rule'] = l7_rule
l7_protocol = OptionVip.objects.get(
id=port['options']['l7_protocol'])
l4_protocol = OptionVip.objects.get(
id=port['options']['l4_protocol'])
vip_request['ports'][idx]['options'] = dict()
vip_request['ports'][idx]['options']['l7_protocol'] = {
'id': l7_protocol.id,
'nome_opcao_txt': l7_protocol.nome_opcao_txt
}
vip_request['ports'][idx]['options']['l4_protocol'] = {
'id': l4_protocol.id,
'nome_opcao_txt': l4_protocol.nome_opcao_txt
}
vip_request['conf'] = conf
if conf:
for idx, layer in enumerate(conf['conf']['layers']):
requiments = layer.get('requiments')
if requiments:
# validate for port
for idx_port, port in enumerate(vip['ports']):
for requiment in requiments:
condicionals = requiment.get('condicionals')
for condicional in condicionals:
validated = True
validations = condicional.get('validations')
for validation in validations:
if validation.get('type') == 'optionvip':
validated &= valid_expression(
validation.get('operator'),
int(vip['options'][
validation.get('variable')]),
int(validation.get('value'))
)
if validation.get('type') == 'portoptionvip':
validated &= valid_expression(
validation.get('operator'),
int(port['options'][
validation.get('variable')]),
int(validation.get('value'))
)
if validation.get('type') == 'field' and validation.get('variable') == 'cluster_unit':
validated &= valid_expression(
validation.get('operator'),
cluster_unit,
validation.get('value')
)
if validated:
use = condicional.get('use')
for item in use:
definitions = item.get('definitions')
eqpts = item.get('eqpts')
if eqpts:
eqpts = Equipamento.objects.filter(
id__in=eqpts,
maintenance=0,
tipo_equipamento__tipo_equipamento=u'Balanceador').distinct()
if facade_eqpt.all_equipments_are_in_maintenance(equips):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException()
if user:
if not facade_eqpt.all_equipments_can_update_config(equips, user):
raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException(
'User does not have permission to update conf in eqpt. \
Verify the permissions of user group with equipment group. Vip:{}'.format(
vip_request['id']))
for eqpt in eqpts:
eqpt_id = str(eqpt.id)
if not load_balance.get(eqpt_id):
equipment_access = EquipamentoAcesso.search(
equipamento=eqpt.id
)
plugin = PluginFactory.factory(
eqpt)
load_balance[eqpt_id] = {
'plugin': plugin,
'access': equipment_access,
'vips': [],
'layers': {},
}
idx_layer = str(idx)
idx_port_str = str(port['port'])
if not load_balance[eqpt_id]['layers'].get(id_vip):
load_balance[eqpt_id][
'layers'][id_vip] = dict()
if load_balance[eqpt_id]['layers'][id_vip].get(idx_layer):
if load_balance[eqpt_id]['layers'][id_vip].get(idx_layer).get('definitions').get(idx_port_str):
load_balance[eqpt_id]['layers'][id_vip][idx_layer][
'definitions'][idx_port_str] += definitions
else:
load_balance[eqpt_id]['layers'][id_vip][idx_layer][
'definitions'][idx_port_str] = definitions
else:
load_balance[eqpt_id]['layers'][id_vip][idx_layer] = {
'vip_request': vip_request,
'definitions': {
idx_port_str: definitions
}
}
# In first validated==True stops conditionals.
# Removing this break will add a wrong
# conditional.
break
for e in equips:
eqpt_id = str(e.id)
if not load_balance.get(eqpt_id):
equipment_access = EquipamentoAcesso.search(
equipamento=e.id
)
plugin = PluginFactory.factory(e)
load_balance[eqpt_id] = {
'plugin': plugin,
'access': equipment_access,
'vips': [],
'layers': {},
}
load_balance[eqpt_id]['vips'].append({'vip_request': vip_request})
return load_balance
def networkIPv6_deploy(request, network_id):
"""Deploy network L3 configuration in the environment routers for network ipv6
Receives optional parameter equipments to specify what equipment should
receive network configuration
"""
networkipv6 = NetworkIPv6.get_by_pk(int(network_id))
environment = networkipv6.vlan.ambiente
equipments_id_list = None
if request.DATA is not None:
equipments_id_list = request.DATA.get('equipments', None)
equipment_list = []
if equipments_id_list is not None:
if type(equipments_id_list) is not list:
raise api_exceptions.ValidationException('equipments')
for equip in equipments_id_list:
try:
int(equip)
except ValueError:
raise api_exceptions.ValidationException('equipments')
# Check that equipments received as parameters are in correct vlan
# environment
equipment_list = Equipamento.objects.filter(
equipamentoambiente__ambiente=environment,
id__in=equipments_id_list)
log.info('list = %s' % equipment_list)
if len(equipment_list) != len(equipments_id_list):
log.error(
'Error: equipments %s are not part of network environment.' %
equipments_id_list)
raise exceptions.EquipmentIDNotInCorrectEnvException()
else:
# TODO GET network routers
equipment_list = Equipamento.objects.filter(
ipv6equipament__ip__networkipv6=networkipv6,
equipamentoambiente__ambiente=networkipv6.vlan.ambiente,
equipamentoambiente__is_router=1).distinct()
if len(equipment_list) == 0:
raise exceptions.NoEnvironmentRoutersFoundException()
# Check permission to configure equipments
for equip in equipment_list:
# User permission
if not has_perm(request.user, AdminPermission.EQUIPMENT_MANAGEMENT,
AdminPermission.WRITE_OPERATION, None, equip.id,
AdminPermission.EQUIP_WRITE_OPERATION):
log.error(
u'User does not have permission to perform the operation.')
raise PermissionDenied(
'No permission to configure equipment %s-%s' %
(equip.id, equip.nome))
if all_equipments_are_in_maintenance(equipment_list):
raise AllEquipmentsAreInMaintenanceException()
try:
# deploy network configuration
if request.method == 'POST':
returned_data = facade.deploy_networkIPv6_configuration(
request.user, networkipv6, equipment_list)
elif request.method == 'DELETE':
returned_data = facade.remove_deploy_networkIPv6_configuration(
request.user, networkipv6, equipment_list)
return Response(returned_data)
except Exception, exception:
log.error(exception)
raise api_exceptions.NetworkAPIException()
def deploy_networkipv6(network_id, user):
"""Loads template for creating Network IPv6 equipment configuration, creates file and
apply config.
Args: NetworkIPv6 object
Equipamento objects list
Returns: List with status of equipments output
"""
netv6_obj = get_networkipv6_by_id(network_id)
routers = netv6_obj.vlan.ambiente.routers
if not routers:
raise exceptions.NoEnvironmentRoutersFoundException()
if facade_eqpt.all_equipments_are_in_maintenance(routers):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException()
if user:
if not facade_eqpt.all_equipments_can_update_config(routers, user):
raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException(
'User does not have permission to update conf in eqpt. '
'Verify the permissions of user group with equipment group. '
'Network:{}'.format(netv6_obj.id))
# lock network id to prevent multiple requests to same id
with distributedlock(LOCK_NETWORK_IPV6 % netv6_obj.id):
with distributedlock(LOCK_VLAN % netv6_obj.vlan.id):
if netv6_obj.active == 1:
return 'Network already active. Nothing to do.'
# load dict with all equipment attributes
dict_ips = get_dict_v6_to_use_in_configuration_deploy(
user, netv6_obj, routers)
status_deploy = dict()
# TODO implement threads
for equipment in routers:
# generate config file
file_to_deploy = _generate_config_file(
dict_ips, equipment, TEMPLATE_NETWORKv6_ACTIVATE)
# deploy config file in equipments
lockvar = LOCK_EQUIPMENT_DEPLOY_CONFIG_NETWORK_SCRIPT % (
equipment.id)
status_deploy[
equipment.id] = deploy_config_in_equipment_synchronous(
file_to_deploy, equipment, lockvar)
netv6_obj.activate_v3()
# transaction.commit()
if netv6_obj.vlan.ativada == 0:
netv6_obj.vlan.activate_v3()
return status_deploy
#TODO GET network routers
equipment_list = Equipamento.objects.filter(
ipequipamento__ip__networkipv4 = networkipv4,
equipamentoambiente__ambiente = networkipv4.vlan.ambiente,
equipamentoambiente__is_router = 1).distinct()
if len(equipment_list) == 0:
raise exceptions.NoEnvironmentRoutersFoundException()
# Check permission to configure equipments
for equip in equipment_list:
# User permission
if not has_perm(request.user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION):
log.error(u'User does not have permission to perform the operation.')
raise PermissionDenied("No permission to configure equipment %s-%s" % (equip.id, equip.nome) )
if all_equipments_are_in_maintenance(equipment_list):
raise AllEquipmentsAreInMaintenanceException()
#deploy network configuration
if request.method == 'POST':
returned_data = facade.deploy_networkIPv4_configuration(request.user, networkipv4, equipment_list)
elif request.method == 'DELETE':
returned_data = facade.remove_deploy_networkIPv4_configuration(request.user, networkipv4, equipment_list)
return Response(returned_data)
@api_view(['GET'])
@permission_classes((IsAuthenticated, Read))
def networksIPv6(request):
'''Lists network ipv6 and filter by url parameters
def prepare_apply(load_balance, vip, created=True, user=None):
vip_request = copy.deepcopy(vip)
id_vip = str(vip_request.get('id'))
equips, conf, cluster_unit = _validate_vip_to_apply(
vip_request, created, user)
cache_group = OptionVip.objects.get(
id=vip_request.get('options').get('cache_group'))
traffic_return = OptionVip.objects.get(
id=vip_request.get('options').get('traffic_return'))
timeout = OptionVip.objects.get(
id=vip_request.get('options').get('timeout'))
persistence = OptionVip.objects.get(
id=vip_request.get('options').get('persistence'))
if vip_request['ipv4']:
ipv4 = Ip.get_by_pk(
vip_request['ipv4']) if vip_request['ipv4'] else None
vip_request['ipv4'] = {'id': ipv4.id, 'ip_formated': ipv4.ip_formated}
if vip_request['ipv6']:
ipv6 = Ipv6.get_by_pk(
vip_request['ipv6']) if vip_request['ipv6'] else None
vip_request['ipv6'] = {'id': ipv6.id, 'ip_formated': ipv6.ip_formated}
if conf:
conf = json.loads(conf)
vip_request['options'] = dict()
vip_request['options']['cache_group'] = {
'id': cache_group.id,
'nome_opcao_txt': cache_group.nome_opcao_txt
}
vip_request['options']['traffic_return'] = {
'id': traffic_return.id,
'nome_opcao_txt': traffic_return.nome_opcao_txt
}
vip_request['options']['timeout'] = {
'id': timeout.id,
'nome_opcao_txt': timeout.nome_opcao_txt
}
vip_request['options']['persistence'] = {
'id': persistence.id,
'nome_opcao_txt': persistence.nome_opcao_txt
}
vip_request['options']['cluster_unit'] = cluster_unit
try:
vip_request['options']['dscp'] = VipRequestDSCP.objects.get(
vip_request=vip_request['id']).dscp
except:
vip_request['options']['dscp'] = None
pass
for idx, port in enumerate(vip_request['ports']):
for i, pl in enumerate(port['pools']):
pool = get_pool_by_id(pl['server_pool'])
pool_serializer = pool_slz.PoolV3Serializer(pool)
l7_rule = OptionVip.objects.get(id=pl['l7_rule']).nome_opcao_txt
healthcheck = pool_serializer.data['healthcheck']
healthcheck['identifier'] = reserve_name_healthcheck(
pool_serializer.data['identifier'])
healthcheck['new'] = True
vip_request['ports'][idx]['pools'][i]['server_pool'] = {
'id':
pool_serializer.data['id'],
'nome':
pool_serializer.data['identifier'],
'lb_method':
pool_serializer.data['lb_method'],
'healthcheck':
healthcheck,
'action':
pool_serializer.data['servicedownaction']['name'],
'pool_created':
pool_serializer.data['pool_created'],
'pools_members':
[{
'id':
pool_member['id'],
'identifier':
pool_member['identifier'],
'ip':
pool_member['ip']['ip_formated'] if pool_member['ip'] else
pool_member['ipv6']['ip_formated'],
'port':
pool_member['port_real'],
'member_status':
pool_member['member_status'],
'limit':
pool_member['limit'],
'priority':
pool_member['priority'],
'weight':
pool_member['weight']
}
for pool_member in pool_serializer.data['server_pool_members']
]
}
vip_request['ports'][idx]['pools'][i]['l7_rule'] = l7_rule
l7_protocol = OptionVip.objects.get(id=port['options']['l7_protocol'])
l4_protocol = OptionVip.objects.get(id=port['options']['l4_protocol'])
vip_request['ports'][idx]['options'] = dict()
vip_request['ports'][idx]['options']['l7_protocol'] = {
'id': l7_protocol.id,
'nome_opcao_txt': l7_protocol.nome_opcao_txt
}
vip_request['ports'][idx]['options']['l4_protocol'] = {
'id': l4_protocol.id,
'nome_opcao_txt': l4_protocol.nome_opcao_txt
}
vip_request['conf'] = conf
if conf:
for idx, layer in enumerate(conf['conf']['layers']):
requiments = layer.get('requiments')
if requiments:
# validate for port
for idx_port, port in enumerate(vip['ports']):
for requiment in requiments:
condicionals = requiment.get('condicionals')
for condicional in condicionals:
validated = True
validations = condicional.get('validations')
for validation in validations:
if validation.get('type') == 'optionvip':
validated &= valid_expression(
validation.get('operator'),
int(vip['options'][validation.get(
'variable')]),
int(validation.get('value')))
if validation.get('type') == 'portoptionvip':
validated &= valid_expression(
validation.get('operator'),
int(port['options'][validation.get(
'variable')]),
int(validation.get('value')))
if validation.get(
'type') == 'field' and validation.get(
'variable') == 'cluster_unit':
validated &= valid_expression(
validation.get('operator'),
cluster_unit, validation.get('value'))
if validated:
use = condicional.get('use')
for item in use:
definitions = item.get('definitions')
eqpts = item.get('eqpts')
if eqpts:
eqpts = Equipamento.objects.filter(
id__in=eqpts,
maintenance=0,
tipo_equipamento__tipo_equipamento=
u'Balanceador').distinct()
if facade_eqpt.all_equipments_are_in_maintenance(
equips):
raise exceptions_eqpt.AllEquipmentsAreInMaintenanceException(
)
if user:
if not facade_eqpt.all_equipments_can_update_config(
equips, user):
raise exceptions_eqpt.UserDoesNotHavePermInAllEqptException(
'User does not have permission to update conf in eqpt. \
Verify the permissions of user group with equipment group. Vip:{}'
.format(vip_request['id']))
for eqpt in eqpts:
eqpt_id = str(eqpt.id)
if not load_balance.get(eqpt_id):
equipment_access = EquipamentoAcesso.search(
equipamento=eqpt.id)
plugin = PluginFactory.factory(
eqpt)
load_balance[eqpt_id] = {
'plugin': plugin,
'access': equipment_access,
'vips': [],
'layers': {},
}
idx_layer = str(idx)
idx_port_str = str(port['port'])
if not load_balance[eqpt_id][
'layers'].get(id_vip):
load_balance[eqpt_id][
'layers'][id_vip] = dict()
if load_balance[eqpt_id]['layers'][
id_vip].get(idx_layer):
if load_balance[eqpt_id][
'layers'][id_vip].get(
idx_layer).get(
'definitions'
).get(
idx_port_str):
load_balance[eqpt_id][
'layers'][id_vip][
idx_layer][
'definitions'][
idx_port_str] += definitions
else:
load_balance[eqpt_id][
'layers'][id_vip][
idx_layer][
'definitions'][
idx_port_str] = definitions
else:
load_balance[eqpt_id][
'layers'][id_vip][
idx_layer] = {
'vip_request':
vip_request,
'definitions': {
idx_port_str:
definitions
}
}
# In first validated==True stops conditionals.
# Removing this break will add a wrong
# conditional.
break
for e in equips:
eqpt_id = str(e.id)
if not load_balance.get(eqpt_id):
equipment_access = EquipamentoAcesso.search(equipamento=e.id)
plugin = PluginFactory.factory(e)
load_balance[eqpt_id] = {
'plugin': plugin,
'access': equipment_access,
'vips': [],
'layers': {},
}
load_balance[eqpt_id]['vips'].append({'vip_request': vip_request})
return load_balance
