def _disassociate_floatingip(self, context, id):
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
db_ip = fortinet_db.query_record(context, models_v2.IPAllocation,
port_id=l3db_fip.fixed_port_id)
vlan_inf = utils.get_intf(context, db_ip.network_id)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.delete_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=l3db_fip.fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
utils.delete_fwaddress(self, context,
name=l3db_fip.fixed_ip_address,
vdom=db_namespace.vdom)
utils.delete_fwpolicy(self, context,
vdom=db_namespace.vdom,
dstaddr=db_fip.floating_ip_address)
utils.delete_vip(self, context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address)
def remove_router_interface(self, context, router_id, interface_info):
"""Deletes vlink, default router from Fortinet device."""
LOG.debug("FortinetL3ServicePlugin.remove_router_interface called: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r",
{'router_id': router_id, 'interface_info': interface_info})
with context.session.begin(subtransactions=True):
# TODO(jerryz): move this out of transaction.
setattr(context, 'GUARD_TRANSACTION', False)
info = (super(FortinetL3ServicePlugin, self).
remove_router_interface(context, router_id,
interface_info))
try:
subnet = self._core_plugin._get_subnet(context,
info['subnet_id'])
tenant_id = subnet['tenant_id']
network_id = subnet['network_id']
vlan_inf = utils.get_intf(context, network_id)
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
utils.delete_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf)
except Exception:
with excutils.save_and_reraise_exception():
LOG.error(_LE("Fail remove of interface from Fortigate "
"router interface. info=%(info)s, "
"router_id=%(router_id)s"),
{"info": info, "router_id": router_id})
return info
def add_router_interface(self, context, router_id, interface_info):
"""creates vlnk on the fortinet device."""
LOG.debug("FortinetL3ServicePlugin.add_router_interface: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r",
{'router_id': router_id, 'interface_info': interface_info})
with context.session.begin(subtransactions=True):
info = super(FortinetL3ServicePlugin, self).add_router_interface(
context, router_id, interface_info)
port = db.get_port(context, info['port_id'])
port['admin_state_up'] = True
port['port'] = port
LOG.debug("FortinetL3ServicePlugin: "
"context=%(context)s"
"port=%(port)s "
"info=%(info)r",
{'context': context, 'port': port, 'info': info})
interface_info = info
subnet = self._core_plugin._get_subnet(context,
interface_info['subnet_id'])
network_id = subnet['network_id']
tenant_id = port['tenant_id']
port_filters = {'network_id': [network_id],
'device_owner': [DEVICE_OWNER_ROUTER_INTF]}
port_count = self._core_plugin.get_ports_count(context,
port_filters)
# port count is checked against 2 since the current port is already
# added to db
if port_count == 2:
# This subnet is already part of some router
LOG.error(_LE("FortinetL3ServicePlugin: adding redundant "
"router interface is not supported"))
raise Exception(_("FortinetL3ServicePlugin:adding redundant "
"router interface is not supported"))
try:
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
vlan_inf = utils.get_intf(context, network_id)
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
utils.add_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
dstintf=int_intf,
nat='enable')
except Exception as e:
LOG.error(_LE("Failed to create Fortinet resources to add "
"router interface. info=%(info)s, "
"router_id=%(router_id)s"),
{"info": info, "router_id": router_id})
utils._rollback_on_err(self, context, e)
with excutils.save_and_reraise_exception():
self.remove_router_interface(context, router_id,
interface_info)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
return info
def add_router_interface(self, context, port):
"""creates vlnk on the fortinet device."""
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=port['tenant_id'])
vlan_inf = utils.get_intf(context, port['network_id'])
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
utils.add_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
dstintf=int_intf,
nat='enable')
def add_router_interface(self, context, port):
"""creates vlnk on the fortinet device."""
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=port['tenant_id'])
vlan_inf = utils.get_intf(context, port['network_id'])
int_intf, ext_intf = utils.get_vlink_intf(self,
context,
vdom=db_namespace.vdom)
utils.add_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
dstintf=int_intf,
nat='enable')
def _disassociate_floatingip(self, context, id):
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self,
context,
vdom=db_namespace.vdom)
db_ip = fortinet_db.query_record(context,
models_v2.IPAllocation,
port_id=l3db_fip.fixed_port_id)
vlan_inf = utils.get_intf(context, db_ip.network_id)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
utils.delete_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=l3db_fip.fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
utils.delete_fwaddress(self,
context,
name=l3db_fip.fixed_ip_address,
vdom=db_namespace.vdom)
utils.delete_fwpolicy(self,
context,
vdom=db_namespace.vdom,
dstaddr=db_fip.floating_ip_address)
utils.delete_vip(self,
context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address)
def remove_router_interface(self, context, router_id, interface_info):
"""Deletes vlink, default router from Fortinet device."""
LOG.debug(
"FortinetL3ServicePlugin.remove_router_interface called: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r", {
'router_id': router_id,
'interface_info': interface_info
})
with context.session.begin(subtransactions=True):
# TODO(jerryz): move this out of transaction.
setattr(context, 'GUARD_TRANSACTION', False)
info = (super(FortinetL3ServicePlugin,
self).remove_router_interface(
context, router_id, interface_info))
try:
subnet = self._core_plugin._get_subnet(context,
info['subnet_id'])
tenant_id = subnet['tenant_id']
network_id = subnet['network_id']
vlan_inf = utils.get_intf(context, network_id)
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
utils.delete_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf)
except Exception:
with excutils.save_and_reraise_exception():
LOG.error(
_LE("Fail remove of interface from Fortigate "
"router interface. info=%(info)s, "
"router_id=%(router_id)s"), {
"info": info,
"router_id": router_id
})
return info
def create_subnet_postcommit(self, mech_context, update=False):
if not update:
LOG.debug("create_subnetwork_postcommit: called")
gateway = mech_context.current['gateway_ip']
network_id = mech_context.current['network_id']
subnet_id = mech_context.current['id']
tenant_id = mech_context.current['tenant_id']
context = mech_context._plugin_context
dns_nameservers = mech_context.current.setdefault(
'dns_nameservers', [])
if update:
router_func = utils.set_routerstatic
dhcp_func = utils.set_dhcpserver
else:
router_func = utils.add_routerstatic
dhcp_func = utils.add_dhcpserver
try:
if fortinet_db.query_record(context, ext_db.ExternalNetwork,
network_id=network_id):
router_func(self, context,
subnet_id=subnet_id,
vdom=const.EXT_VDOM,
dst=const.EXT_DEF_DST,
device=self.fortigate.cfg['ext_interface'],
gateway=gateway)
else:
namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
interface = utils.get_intf(context,
mech_context.current['network_id'])
netmask = str(netaddr.
IPNetwork(mech_context.current['cidr']).netmask)
start_ip = mech_context.current['allocation_pools'][0]['start']
end_ip = mech_context.current['allocation_pools'][0]['end']
dhcp_func(self, context,
subnet_id=subnet_id,
vdom=namespace.vdom,
interface=interface,
dns_nameservers=dns_nameservers,
gateway=gateway,
netmask=netmask,
start_ip=start_ip,
end_ip=end_ip)
# TODO(samsu): need to add rollback for the update and set
cls = fortinet_db.Fortinet_Interface
record = fortinet_db.query_record(context, cls,
name=interface,
vdom=namespace.vdom)
if gateway:
cls.update_record(context, record,
ip="%s %s" % (gateway, netmask))
utils.op(self, context, resources.VlanInterface.set,
name=interface,
vdom=namespace.vdom,
ip="%s %s" % (gateway, netmask))
except Exception as e:
utils.rollback_on_err(self, context, e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
if not update:
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _associate_floatingip(self, context, id, floatingip):
try:
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self, context,
vdom=db_namespace.vdom)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
fixed_ip_address = floatingip['floatingip']['fixed_ip_address']
utils.add_vip(self, context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address,
extip=mappedip,
extintf=int_intf,
mappedip=fixed_ip_address)
db_ip = fortinet_db.query_record(context, models_v2.IPAllocation,
port_id=floatingip['floatingip']['port_id'])
vlan_inf = utils.get_intf(context, db_ip.network_id)
utils.add_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=int_intf,
dstintf=vlan_inf,
dstaddr=db_fip.floating_ip_address,
nat='enable')
utils.add_fwaddress(self, context,
name=fixed_ip_address,
vdom=db_namespace.vdom,
subnet="%s 255.255.255.255" % fixed_ip_address,
associated_interface=vlan_inf)
db_fwpolicy = utils.add_fwpolicy(self, context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
if self.enable_fwaas:
fwrass = fortinet_db.Fortinet_FW_Rule_Association.query_one(
context, fwr_id=db_namespace.tenant_id)
default_fwp = getattr(fwrass, 'fortinet_policy', None)
if getattr(default_fwp, 'edit_id', None):
utils.head_firewall_policy(self, context,
vdom=db_namespace.vdom,
id=db_fwpolicy.edit_id,
after=default_fwp.edit_id)
_headed = True
if '_headed' not in locals():
utils.head_firewall_policy(self, context,
vdom=db_namespace.vdom,
id=db_fwpolicy.edit_id)
except Exception as e:
with excutils.save_and_reraise_exception():
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def create_subnet_postcommit(self, mech_context, update=False):
if not update:
# log the context for debugging
LOG.debug("create_subnetwork_postcommit: called, context %(ctx)s",
{'ctx': mech_context.current})
gateway = mech_context.current['gateway_ip']
network_id = mech_context.current['network_id']
subnet_id = mech_context.current['id']
tenant_id = mech_context.current['tenant_id']
context = mech_context._plugin_context
dns_nameservers = mech_context.current.setdefault(
'dns_nameservers', [])
if update:
router_func = utils.set_routerstatic
dhcp_func = utils.set_dhcpserver
else:
router_func = utils.add_routerstatic
dhcp_func = utils.add_dhcpserver
try:
if fortinet_db.query_record(context,
ext_db.ExternalNetwork,
network_id=network_id):
router_func(self,
context,
subnet_id=subnet_id,
vdom=const.EXT_VDOM,
dst=const.EXT_DEF_DST,
device=self._fortigate['ext_interface'],
gateway=gateway)
else:
namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
interface = utils.get_intf(context,
mech_context.current['network_id'])
netmask = str(
netaddr.IPNetwork(mech_context.current['cidr']).netmask)
start_ip = mech_context.current['allocation_pools'][0]['start']
end_ip = mech_context.current['allocation_pools'][0]['end']
dhcp_func(self,
context,
subnet_id=subnet_id,
vdom=namespace.vdom,
interface=interface,
dns_nameservers=dns_nameservers,
gateway=gateway,
netmask=netmask,
start_ip=start_ip,
end_ip=end_ip)
# TODO(samsu): need to add rollback for the update and set
cls = fortinet_db.Fortinet_Interface
record = fortinet_db.query_record(context,
cls,
name=interface,
vdom=namespace.vdom)
if gateway:
cls.update_record(context,
record,
ip="%s %s" % (gateway, netmask))
utils.op(self,
context,
resources.VlanInterface.set,
name=interface,
vdom=namespace.vdom,
ip="%s %s" % (gateway, netmask))
except Exception as e:
utils._rollback_on_err(self, context, e)
raise ml2_exc.MechanismDriverError(
method=sys._getframe().f_code.co_name)
if not update:
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _associate_floatingip(self, context, id, floatingip):
try:
l3db_fip = self._get_floatingip(context, id)
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=l3db_fip.tenant_id)
db_fip = fortinet_db.query_record(
context,
fortinet_db.Fortinet_FloatingIP_Allocation,
floating_ip_address=l3db_fip.floating_ip_address,
allocated=True)
int_intf, ext_intf = utils.get_vlink_intf(self,
context,
vdom=db_namespace.vdom)
mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0)
fixed_ip_address = floatingip['floatingip']['fixed_ip_address']
utils.add_vip(self,
context,
vdom=db_namespace.vdom,
name=db_fip.floating_ip_address,
extip=mappedip,
extintf=int_intf,
mappedip=fixed_ip_address)
db_ip = fortinet_db.query_record(
context,
models_v2.IPAllocation,
port_id=floatingip['floatingip']['port_id'])
vlan_inf = utils.get_intf(context, db_ip.network_id)
utils.add_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=int_intf,
dstintf=vlan_inf,
dstaddr=db_fip.floating_ip_address,
nat='enable')
utils.add_fwaddress(self,
context,
name=fixed_ip_address,
vdom=db_namespace.vdom,
subnet="%s 255.255.255.255" % fixed_ip_address,
associated_interface=vlan_inf)
db_fwpolicy = utils.add_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
srcaddr=fixed_ip_address,
dstintf=int_intf,
poolname=mappedip)
if self.enable_fwaas:
fwrass = fortinet_db.Fortinet_FW_Rule_Association.query_one(
context, fwr_id=db_namespace.tenant_id)
default_fwp = getattr(fwrass, 'fortinet_policy', None)
if getattr(default_fwp, 'edit_id', None):
utils.head_firewall_policy(self,
context,
vdom=db_namespace.vdom,
id=db_fwpolicy.edit_id,
after=default_fwp.edit_id)
_headed = True
if '_headed' not in locals():
utils.head_firewall_policy(self,
context,
vdom=db_namespace.vdom,
id=db_fwpolicy.edit_id)
except Exception as e:
with excutils.save_and_reraise_exception():
utils._rollback_on_err(self, context, e)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def add_router_interface(self, context, router_id, interface_info):
"""creates vlnk on the fortinet device."""
LOG.debug(
"FortinetL3ServicePlugin.add_router_interface: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r", {
'router_id': router_id,
'interface_info': interface_info
})
with context.session.begin(subtransactions=True):
info = super(FortinetL3ServicePlugin,
self).add_router_interface(context, router_id,
interface_info)
port = db.get_port(context, info['port_id'])
port['admin_state_up'] = True
port['port'] = port
LOG.debug(
"FortinetL3ServicePlugin: "
"context=%(context)s"
"port=%(port)s "
"info=%(info)r", {
'context': context,
'port': port,
'info': info
})
interface_info = info
subnet = self._core_plugin._get_subnet(context,
interface_info['subnet_id'])
network_id = subnet['network_id']
tenant_id = port['tenant_id']
port_filters = {
'network_id': [network_id],
'device_owner': [DEVICE_OWNER_ROUTER_INTF]
}
port_count = self._core_plugin.get_ports_count(
context, port_filters)
# port count is checked against 2 since the current port is already
# added to db
if port_count == 2:
# This subnet is already part of some router
LOG.error(
_LE("FortinetL3ServicePlugin: adding redundant "
"router interface is not supported"))
raise Exception(
_("FortinetL3ServicePlugin:adding redundant "
"router interface is not supported"))
try:
db_namespace = fortinet_db.query_record(
context,
fortinet_db.Fortinet_ML2_Namespace,
tenant_id=tenant_id)
vlan_inf = utils.get_intf(context, network_id)
int_intf, ext_intf = utils.get_vlink_intf(
self, context, vdom=db_namespace.vdom)
utils.add_fwpolicy(self,
context,
vdom=db_namespace.vdom,
srcintf=vlan_inf,
dstintf=int_intf,
nat='enable')
except Exception as e:
LOG.error(
_LE("Failed to create Fortinet resources to add "
"router interface. info=%(info)s, "
"router_id=%(router_id)s"), {
"info": info,
"router_id": router_id
})
utils._rollback_on_err(self, context, e)
with excutils.save_and_reraise_exception():
self.remove_router_interface(context, router_id,
interface_info)
utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
return info
