def _get_config(self, source, filterstr):
"""get switch config for a source config type."""
try:
mgr = self.connect(self.host, self.username, self.password)
response = mgr.get_config(source=source,
filter=('xpath', filterstr)).data_xml
return response
except TransportError as e:
LOG.warning(
_LW("_edit_config()TransportErrorFailed"
"for Reason %s"), unicode(str(e)))
self.close_session()
raise RetryableException(exc=e)
except TimeoutExpiredError as e:
LOG.warning(
_LW("_edit_config(TimeoutExpiredError)"
"for Reason %s"), unicode(str(e)))
raise RetryableException(exc=e)
except Exception as e:
LOG.warning(_LW("_edit_config(CLUSTER ERRORS)"
"for Reason %s"), unicode(str(e)))
for exc_str in RETRYABLE_ERRORS:
if exc_str in str(e):
raise RetryableException(exc=e)
raise e
def _edit_config(self, target, config, timeout=30):
"""Modify switch config for a target config type."""
try:
mgr = self.connect(self.host, self.username, self.password)
if timeout != 30:
mgr.timeout = timeout
mgr.edit_config(target=target, config=config)
except TransportError as e:
self.close_session()
LOG.warning(_LW("_edit_config()TransportErrorFailed"
"for Reason %(exc)s"), {'exc': e})
raise RetryableException(exc=e)
except TimeoutExpiredError as e:
LOG.warning(_LW("_edit_config(TimeoutExpiredError)"
"for Reason %(exc)s"), {'exc': e})
raise RetryableException(exc=e)
except Exception as e:
LOG.warning(_LW("_edit_config(CLUSTER ERRORS)"
"for Reason %(exc)s"), {'exc': e})
for exc_str in RETRYABLE_ERRORS:
if exc_str in str(e):
raise RetryableException(exc=e)
raise e
finally:
if timeout != 30:
self._set_default_timeout_ncclient()
def _edit_config(self, target, config, timeout=30):
"""Modify switch config for a target config type."""
try:
mgr = self.connect(self.host, self.username, self.password)
if timeout != 30:
mgr.timeout = timeout
mgr.edit_config(target=target, config=config)
except TransportError as e:
self.close_session()
LOG.warning(
_LW("_edit_config()TransportErrorFailed"
"for Reason %(exc)s"), {'exc': e})
raise RetryableException(exc=e)
except TimeoutExpiredError as e:
LOG.warning(
_LW("_edit_config(TimeoutExpiredError)"
"for Reason %(exc)s"), {'exc': e})
raise RetryableException(exc=e)
except Exception as e:
LOG.warning(
_LW("_edit_config(CLUSTER ERRORS)"
"for Reason %(exc)s"), {'exc': e})
for exc_str in RETRYABLE_ERRORS:
if exc_str in str(e):
raise RetryableException(exc=e)
raise e
finally:
if timeout != 30:
self._set_default_timeout_ncclient()
def _setup_policy(self, apply_list, fw):
# create zones no matter if they exist. Interfaces are added by router
policy_name = utils.get_firewall_object_prefix(fw)
num_seq_id = len(fw['firewall_rule_list']) + len(self._pre_acls) +\
len(self._post_acls)
seq_ids = self.seq_id_bm.get_seq_ids(policy_name, num_seq_id)
index = 0
try:
if not self._driver.is_ip_acl_exists(policy_name):
index = self._config_replay_acls_file(policy_name,
self._pre_acls, seq_ids,
index)
for rule in fw['firewall_rule_list']:
if not rule['enabled']:
continue
if rule['ip_version'] == 4:
self._config_replay_acls(policy_name, rule,
str(seq_ids[index]))
index = index + 1
else:
LOG.warning(_LW("Unsupported IP version rule."))
index = self._config_replay_acls_file(policy_name,
self._post_acls, seq_ids,
index)
self.merge_and_replay_acls(policy_name)
for ri in apply_list:
for svi in ri.router['svis']:
self._apply_policy_on_interface(policy_name, svi)
except Exception as e:
LOG.error(_LE("Error creating ACL policy :Error: %s"), e)
self._clear_policy(apply_list, fw)
raise e
def _setup_policy(self, apply_list, fw):
# create zones no matter if they exist. Interfaces are added by router
policy_name = utils.get_firewall_object_prefix(fw)
num_seq_id = len(fw['firewall_rule_list']) + len(self._pre_acls) +\
len(self._post_acls)
seq_ids = self.seq_id_bm.get_seq_ids(policy_name, num_seq_id)
index = 0
try:
if not self._driver.is_ip_acl_exists(policy_name):
index = self._config_replay_acls_file(policy_name,
self._pre_acls,
seq_ids, index)
for rule in fw['firewall_rule_list']:
if not rule['enabled']:
continue
if rule['ip_version'] == 4:
self._config_replay_acls(policy_name, rule,
str(seq_ids[index]))
index = index + 1
else:
LOG.warning(_LW("Unsupported IP version rule."))
index = self._config_replay_acls_file(policy_name,
self._post_acls,
seq_ids, index)
self.merge_and_replay_acls(policy_name)
for ri in apply_list:
for svi in ri.router['svis']:
self._apply_policy_on_interface(policy_name, svi)
except Exception as e:
LOG.error(_LE("Error creating ACL policy :Error: %s"), e)
self._clear_policy(apply_list, fw)
raise e
def brocade_init(self):
"""Brocade specific initialization."""
LOG.debug("brocade init BrocadeFwaas Drivers")
self._switch = utils.get_brocade_credentials()
self._svi = utils.get_brocade_l3_config()
self._switch['rbridge_ids'] = self._svi['rbridge_ids']
self._fwaas = utils.get_brocade_fwaas_config()
LOG.debug("FWAAS PARAMETERS seq_ids %s direction %s count %s"
" log %s", self._fwaas['seq_ids'],
self._fwaas['direction'],
self._fwaas['count'],
self._fwaas['log'])
if not ((self._fwaas['direction'] == 'both') or
(self._fwaas['direction'] == 'in') or
(self._fwaas['direction'] == 'out')):
LOG.warning(_LW("invalid direction %s intializing"
" todirection both"),
self._fwaas['direction'])
self._fwaas['direction'] = 'both'
self._seq_id_low, self._seq_id_high = utils.get_seq_ids(
self._fwaas['seq_ids'])
self.seq_id_bm = utils.SeqIdBitmap(int(self._seq_id_low),
int(self._seq_id_high))
self._driver = driver.NOSdriver(self._switch['address'],
self._switch['username'],
self._switch['password'])
self._pre_acls, self._post_acls = self.open_file_if_exists(
self._fwaas['acl_file'])
self.req = []
self._driver.close_session()
def create_router(self, rbridge_id, router_id):
"""create vrf NOS"""
if not utils.is_vrf_required():
LOG.warning(
_LW("not requested to created vrf there will"
"no L5 traffic isolation and no overlapping IP"
"supported"))
return
vrf_name = template.OS_VRF_NAME.format(id=router_id)
vrf_name = vrf_name[:32]
# This is done because on 4.0.0 rd doesnt accept
# alpha character nor hyphen
rd = "".join(i for i in router_id if i in "0123456789")
rd = rd[:4] + ":" + rd[:4]
try:
self.create_vrf(rbridge_id, vrf_name)
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception(_LE("NETCONF error"))
try:
self.configure_rd_for_vrf(rbridge_id, vrf_name, rd)
self.configure_address_family_for_vrf(rbridge_id, vrf_name)
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception(_LE("NETCONF error"))
def brocade_init(self):
"""Brocade specific initialization."""
LOG.debug("brocade init BrocadeFwaas Drivers")
self._switch = utils.get_brocade_credentials()
self._svi = utils.get_brocade_l3_config()
self._switch['rbridge_ids'] = self._svi['rbridge_ids']
self._fwaas = utils.get_brocade_fwaas_config()
LOG.debug(
"FWAAS PARAMETERS seq_ids %s direction %s count %s"
" log %s", self._fwaas['seq_ids'], self._fwaas['direction'],
self._fwaas['count'], self._fwaas['log'])
if not ((self._fwaas['direction'] == 'both') or
(self._fwaas['direction'] == 'in') or
(self._fwaas['direction'] == 'out')):
LOG.warning(
_LW("invalid direction %s intializing"
" todirection both"), self._fwaas['direction'])
self._fwaas['direction'] = 'both'
self._seq_id_low, self._seq_id_high = utils.get_seq_ids(
self._fwaas['seq_ids'])
self.seq_id_bm = utils.SeqIdBitmap(int(self._seq_id_low),
int(self._seq_id_high))
self._driver = driver.NOSdriver(self._switch['address'],
self._switch['username'],
self._switch['password'])
self._pre_acls, self._post_acls = self.open_file_if_exists(
self._fwaas['acl_file'])
self.req = []
self._driver.close_session()
def remove_native_vlan_from_interface(self, speed, name):
"""configure native vlan on interface"""
confstr = template.REMOVE_NATIVE_VLAN_FROM_INTERFACE.format(
speed=speed, name=name)
try:
self._edit_config('running', confstr)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("Error remove native vlan on interface {}"))
ctxt.reraise = False
def remove_native_vlan_from_interface(self, speed, name):
"""configure native vlan on interface"""
confstr = template.REMOVE_NATIVE_VLAN_FROM_INTERFACE.format(
speed=speed, name=name)
try:
self._edit_config('running', confstr)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("Error remove native vlan on interface {}"))
ctxt.reraise = False
def configure_mtu_on_interface(self, speed, name, mtu):
"""native vlan on interfacew"""
confstr = template.CONFIGURE_MTU_ON_INTERFACE.format(speed=speed,
name=name,
mtu=mtu)
try:
self._edit_config('running', confstr)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("Error configuring Mtu on interface {}"))
ctxt.reraise = False
def configure_static_route(self, rbridge_id, dest_ip, next_hop):
configure_static_route = template.\
CONFIGURE_IP_STATIC_ROUTE.\
format(rbridge_id=rbridge_id,
destination_ip=dest_ip,
next_hop=next_hop)
try:
self._edit_config('running', configure_static_route)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("Configuration of static route failed"))
ctxt.reraise = False
def f_retry(*args, **kwargs):
mtries, mdelay = tries, delay
while mtries > 0:
try:
return f(*args, **kwargs)
except ExceptionToCheck as e:
LOG.warning(_LW("Retrying in %d seconds..."), mdelay)
time.sleep(mdelay)
mtries -= 1
mdelay *= backoff
lastException = e
raise lastException
def activate_interface(self, interface_speed, interface_name):
"""Activate physical interface """
if not self.is_interface_shutdown(interface_speed, interface_name):
return
confstr_activate = template.ACTIVATE_INTERFACE.format(
speed=interface_speed, name=interface_name)
try:
self._edit_config('running', confstr_activate)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("interface already in active state"))
ctxt.reraise = False
def activate_interface(self, interface_speed, interface_name):
"""Activate physical interface """
if not self.is_interface_shutdown(interface_speed, interface_name):
return
confstr_activate = template.ACTIVATE_INTERFACE.format(
speed=interface_speed, name=interface_name)
try:
self._edit_config('running', confstr_activate)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("interface already in active state"))
ctxt.reraise = False
def open_file_if_exists(self, fname):
pre_acls = []
post_acls = []
if os.path.isfile(fname):
with open(fname, "r") as acl_file:
try:
data = jsonutils.load(acl_file)
if 'pre_acls' in data:
pre_acls = data['pre_acls']
if 'post_acls' in data:
post_acls = data['post_acls']
LOG.debug("pre acls : %s", pre_acls)
LOG.debug("post acls : %s", post_acls)
except Exception:
LOG.warning(_LW("Error Loadng %s file(may be empty file)"),
fname)
return pre_acls, post_acls
else:
LOG.warning(_LW("%s file doesn't exists"), fname)
return pre_acls, post_acls
def configure_static_route(self, rbridge_id, dest_ip, next_hop):
configure_static_route = template.\
CONFIGURE_IP_STATIC_ROUTE.\
format(rbridge_id=rbridge_id,
destination_ip=dest_ip,
next_hop=next_hop)
try:
self._edit_config('running', configure_static_route)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("Configuration of static route failed"))
ctxt.reraise = False
def open_file_if_exists(self, fname):
pre_acls = []
post_acls = []
if os.path.isfile(fname):
with open(fname, "r") as acl_file:
try:
data = jsonutils.load(acl_file)
if 'pre_acls' in data:
pre_acls = data['pre_acls']
if 'post_acls' in data:
post_acls = data['post_acls']
LOG.debug("pre acls : %s", pre_acls)
LOG.debug("post acls : %s", post_acls)
except Exception:
LOG.warning(_LW("Error Loadng %s file(may be empty file)"),
fname)
return pre_acls, post_acls
else:
LOG.warning(_LW("%s file doesn't exists"), fname)
return pre_acls, post_acls
def configure_mtu_on_interface(self, speed, name, mtu):
"""native vlan on interfacew"""
confstr = template.CONFIGURE_MTU_ON_INTERFACE.format(
speed=speed,
name=name,
mtu=mtu)
try:
self._edit_config('running', confstr)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("Error configuring Mtu on interface {}"))
ctxt.reraise = False
def f_retry(*args, **kwargs):
mtries, mdelay = tries, delay
while mtries > 0:
try:
return f(*args, **kwargs)
except ExceptionToCheck as e:
LOG.warning(_LW("Retrying in %d seconds..."), mdelay)
time.sleep(mdelay)
mtries -= 1
mdelay *= backoff
lastException = e
raise lastException
def configure_l2_mode_for_interface(self, interface_speed,
interface_name):
"""Configures given interface in L2 mode"""
if self.is_interface_in_port_profile_mode(interface_speed,
interface_name):
try:
self.set_interface_to_accept_l2_mode(interface_speed,
interface_name)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("interface already in active state"))
ctxt.reraise = False
try:
if (interface_speed != 'port-channel'):
confstr = template.REMOVE_CHANNEL_GROUP.format(
speed=interface_speed, name=interface_name)
self._edit_config('running', confstr)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("exception cg removing"))
ctxt.reraise = False
try:
version = self.osversion
if int(version[0]) >= 5 or (int(version[0]) >= 4 and
int(version[1]) >= 1):
confstr = template.CONFIGURE_INTERFACE_SWITCHPORT_V1.format(
speed=interface_speed, name=interface_name)
else:
confstr = template.CONFIGURE_INTERFACE_SWITCHPORT_V2.format(
speed=interface_speed, name=interface_name)
self._edit_config('running', confstr)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW(
"interface not accepting switching please check"
"innterface status"))
def configure_native_vlan_on_interface(self, speed, name, vlan_id):
"""configure native vlan on interface"""
confstr1 = template.ALLOW_UNTAG_TRAF_ON_INTERFACE.format(speed=speed,
name=name)
confstr2 = template.ADD_NATIVE_VLAN_TO_INTERFACE.format(
speed=speed, name=name, vlan_id=vlan_id)
confstr_trunk = template.CONFIGURE_INTERFACE_SWITCHPORT_TRUNK.format(
speed=speed, name=name)
self.configure_l2_mode_for_interface(speed, name)
self.configure_interface_in_trunk_mode(confstr_trunk)
self.activate_interface(speed, name)
try:
self._edit_config('running', confstr1)
except Exception:
LOG.warning(_LW("interface ready to accept untagged traffic"))
try:
self._edit_config('running', confstr2)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(
_LW("Error configuring native vlan"
" on interface {}"))
ctxt.reraise = False
def _get_config(self, source, filterstr):
"""get switch config for a source config type."""
try:
mgr = self.connect(self.host, self.username, self.password)
response = mgr.get_config(source=source,
filter=('xpath', filterstr)).data_xml
return response
except TransportError as e:
LOG.warning(_LW("_edit_config()TransportErrorFailed"
"for Reason %s"), unicode(str(e)))
self.close_session()
raise RetryableException(exc=e)
except TimeoutExpiredError as e:
LOG.warning(_LW("_edit_config(TimeoutExpiredError)"
"for Reason %s"), unicode(str(e)))
raise RetryableException(exc=e)
except Exception as e:
LOG.warning(_LW("_edit_config(CLUSTER ERRORS)"
"for Reason %s"), unicode(str(e)))
for exc_str in RETRYABLE_ERRORS:
if exc_str in str(e):
raise RetryableException(exc=e)
raise e
def configure_l2_mode_for_interface(self, interface_speed, interface_name):
"""Configures given interface in L2 mode"""
if self.is_interface_in_port_profile_mode(interface_speed,
interface_name):
try:
self.set_interface_to_accept_l2_mode(interface_speed,
interface_name)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("interface already in active state"))
ctxt.reraise = False
try:
if (interface_speed != 'port-channel'):
confstr = template.REMOVE_CHANNEL_GROUP.format(
speed=interface_speed, name=interface_name)
self._edit_config('running', confstr)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("exception cg removing"))
ctxt.reraise = False
try:
version = self.osversion
if int(version[0]) >= 5 or (int(version[0]) >= 4
and int(version[1]) >= 1):
confstr = template.CONFIGURE_INTERFACE_SWITCHPORT_V1.format(
speed=interface_speed, name=interface_name)
else:
confstr = template.CONFIGURE_INTERFACE_SWITCHPORT_V2.format(
speed=interface_speed, name=interface_name)
self._edit_config('running', confstr)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(
_LW("interface not accepting switching please check"
"innterface status"))
def _update_firewall(self, context, svi, tenant_id):
"""update newly added interface with firewall rules"""
fw_plugin = manager.NeutronManager.get_service_plugins().get(
plugin_constants.FIREWALL, None)
if not fw_plugin:
LOG.info(_LI('No Firewall plugin registered!!'))
return
context.tenant_id = tenant_id
if hasattr(fw_plugin, 'handle_router_interface_add'):
fw_plugin.handle_router_interface_add(context, svi, tenant_id)
else:
LOG.warning(_LW("Brocade SVI Plugin is used but brocade firewall"
" plugin you may want to configure"
" brocade firewall plugin"))
def delete_vrf_static_route(self, rbridge_id, vrf_name, dest_ip, next_hop):
configure_static_route = template.\
DELETE_VRF_IP_STATIC_ROUTE.\
format(rbridge_id=rbridge_id,
vrf_name=vrf_name,
destination_ip=dest_ip,
next_hop=next_hop)
try:
self._edit_config('running', configure_static_route)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(
_LW("Configuration of static route failed for vrf %s"),
vrf_name)
ctxt.reraise = False
def configure_native_vlan_on_interface(self, speed, name, vlan_id):
"""configure native vlan on interface"""
confstr1 = template.ALLOW_UNTAG_TRAF_ON_INTERFACE.format(speed=speed,
name=name)
confstr2 = template.ADD_NATIVE_VLAN_TO_INTERFACE.format(
speed=speed,
name=name,
vlan_id=vlan_id)
confstr_trunk = template.CONFIGURE_INTERFACE_SWITCHPORT_TRUNK.format(
speed=speed, name=name)
self.configure_l2_mode_for_interface(speed, name)
self.configure_interface_in_trunk_mode(confstr_trunk)
self.activate_interface(speed, name)
try:
self._edit_config('running', confstr1)
except Exception:
LOG.warning(_LW("interface ready to accept untagged traffic"))
try:
self._edit_config('running', confstr2)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW("Error configuring native vlan"
" on interface {}"))
ctxt.reraise = False
def delete_vrf_static_route(self, rbridge_id, vrf_name, dest_ip, next_hop):
configure_static_route = template.\
DELETE_VRF_IP_STATIC_ROUTE.\
format(rbridge_id=rbridge_id,
vrf_name=vrf_name,
destination_ip=dest_ip,
next_hop=next_hop)
try:
self._edit_config('running', configure_static_route)
except Exception:
with excutils.save_and_reraise_exception() as ctxt:
LOG.warning(_LW(
"Configuration of static route failed for vrf %s"),
vrf_name)
ctxt.reraise = False
def _update_firewall(self, context, svi, tenant_id):
"""update newly added interface with firewall rules"""
fw_plugin = manager.NeutronManager.get_service_plugins().get(
plugin_constants.FIREWALL, None)
if not fw_plugin:
LOG.info(_LI('No Firewall plugin registered!!'))
return
context.tenant_id = tenant_id
if hasattr(fw_plugin, 'handle_router_interface_add'):
fw_plugin.handle_router_interface_add(context, svi, tenant_id)
else:
LOG.warning(
_LW("Brocade SVI Plugin is used but brocade firewall"
" plugin you may want to configure"
" brocade firewall plugin"))
def firewall_deleted(self, context, firewall_id, **kwargs):
"""Agent uses this to indicate firewall is deleted."""
LOG.debug("firewall_deleted() called")
with context.session.begin(subtransactions=True):
fw_db = self.plugin._get_firewall(context, firewall_id)
# allow to delete firewalls in ERROR state
if fw_db.status in (const.PENDING_DELETE, const.ERROR):
self.plugin.delete_db_firewall_object(context, firewall_id)
return True
else:
LOG.warning(_LW('Firewall %(fw)s unexpectedly'
' deleted by agent, '
'status was %(status)s'),
{'fw': firewall_id, 'status': fw_db.status})
fw_db.update({"status": const.ERROR})
return False
def firewall_deleted(self, context, firewall_id, **kwargs):
"""Agent uses this to indicate firewall is deleted."""
LOG.debug("firewall_deleted() called")
with context.session.begin(subtransactions=True):
fw_db = self.plugin._get_firewall(context, firewall_id)
# allow to delete firewalls in ERROR state
if fw_db.status in (const.PENDING_DELETE, const.ERROR):
self.plugin.delete_db_firewall_object(context, firewall_id)
return True
else:
LOG.warning(
_LW('Firewall %(fw)s unexpectedly'
' deleted by agent, '
'status was %(status)s'), {
'fw': firewall_id,
'status': fw_db.status
})
fw_db.update({"status": const.ERROR})
return False
def create_router(self, rbridge_id, router_id):
"""create vrf NOS"""
if not utils.is_vrf_required():
LOG.warning(_LW("not requested to created vrf there will"
"no L5 traffic isolation and no overlapping IP"
"supported"))
return
vrf_name = template.OS_VRF_NAME.format(id=router_id)
vrf_name = vrf_name[:32]
# This is done because on 4.0.0 rd doesnt accept
# alpha character nor hyphen
rd = "".join(i for i in router_id if i in "0123456789")
rd = rd[:4] + ":" + rd[:4]
try:
self.create_vrf(rbridge_id, vrf_name)
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception(_LE("NETCONF error"))
try:
self.configure_rd_for_vrf(rbridge_id, vrf_name, rd)
self.configure_address_family_for_vrf(rbridge_id, vrf_name)
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception(_LE("NETCONF error"))