def add_router_interface(self, context, router_id, interface_info): """creates vlnk on the fortinet device.""" LOG.debug("FortinetL3ServicePlugin.add_router_interface: " "router_id=%(router_id)s " "interface_info=%(interface_info)r", {'router_id': router_id, 'interface_info': interface_info}) with context.session.begin(subtransactions=True): info = super(FortinetL3ServicePlugin, self).add_router_interface( context, router_id, interface_info) port = db.get_port(context.session, info['port_id']) port['admin_state_up'] = True port['port'] = port LOG.debug("FortinetL3ServicePlugin: " "context=%(context)s" "port=%(port)s " "info=%(info)r", {'context': context, 'port': port, 'info': info}) #self._core_plugin.update_port(context, info["port_id"], port) interface_info = info subnet = self._core_plugin._get_subnet(context, interface_info['subnet_id']) network_id = subnet['network_id'] tenant_id = port['tenant_id'] port_filters = {'network_id': [network_id], 'device_owner': [DEVICE_OWNER_ROUTER_INTF]} port_count = self._core_plugin.get_ports_count(context, port_filters) # port count is checked against 2 since the current port is already # added to db if port_count == 2: # This subnet is already part of some router LOG.error(_("FortinetL3ServicePlugin: adding redundant router " "interface is not supported")) raise Exception(_("FortinetL3ServicePlugin:adding redundant " "router interface is not supported")) try: db_namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) vlan_inf = utils.get_intf(context, network_id) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, dstintf=int_intf, nat='enable') except Exception as e: LOG.error(_("Failed to create Fortinet resources to add router " "interface. info=%(info)s, router_id=%(router_id)s"), {"info": info, "router_id": router_id}) resources.Exinfo(e) with excutils.save_and_reraise_exception(): self.remove_router_interface(context, router_id, interface_info) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED) return info
def _disassociate_floatingip(self, context, id): l3db_fip = self._get_floatingip(context, id) db_namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=l3db_fip.tenant_id) db_fip = fortinet_db.query_record(context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) db_ip = fortinet_db.query_record(context, models_v2.IPAllocation, port_id=l3db_fip.fixed_port_id) vlan_inf = utils.get_intf(context, db_ip.network_id) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, srcaddr=l3db_fip.fixed_ip_address, dstintf=int_intf, poolname=mappedip) utils.delete_fwaddress(self, context, name=l3db_fip.fixed_ip_address, vdom=db_namespace.vdom) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, dstaddr=db_fip.floating_ip_address) utils.delete_vip(self, context, vdom=db_namespace.vdom, name=db_fip.floating_ip_address)
def remove_router_interface(self, context, router_id, interface_info): """Deletes vlink, default router from Fortinet device.""" LOG.debug("FortinetL3ServicePlugin.remove_router_interface called: " "router_id=%(router_id)s " "interface_info=%(interface_info)r", {'router_id': router_id, 'interface_info': interface_info}) with context.session.begin(subtransactions=True): info = super(FortinetL3ServicePlugin, self).\ remove_router_interface(context, router_id, interface_info) try: subnet = self._core_plugin._get_subnet(context, info['subnet_id']) tenant_id = subnet['tenant_id'] network_id = subnet['network_id'] vlan_inf = utils.get_intf(context, network_id) db_namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf) except Exception: LOG.error(_("Fail remove of interface from Fortinet router " "interface. info=%(info)s, " "router_id=%(router_id)s") % ({"info": info, "router_id": router_id})) raise Exception return info
def create_subnet_postcommit(self, mech_context): """Noop now, it is left here for future.""" # LOG.debug(_("create_subnetwork_postcommit: called")) gateway = mech_context.current["gateway_ip"] network_id = mech_context.current["network_id"] subnet_id = mech_context.current["id"] tenant_id = mech_context.current["tenant_id"] context = mech_context._plugin_context try: if fortinet_db.query_record(context, ExternalNetwork, network_id=network_id): utils.add_routerstatic( self, context, subnet_id=subnet_id, vdom=const.EXT_VDOM, dst=const.EXT_DEF_DST, device=self._fortigate["ext_interface"], gateway=gateway, ) else: namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) interface = utils.get_intf(context, mech_context.current["network_id"]) netmask = str(netaddr.IPNetwork(mech_context.current["cidr"]).netmask) start_ip = mech_context.current["allocation_pools"][0]["start"] end_ip = mech_context.current["allocation_pools"][0]["end"] utils.add_dhcpserver( self, context, subnet_id=subnet_id, vdom=namespace.vdom, interface=interface, gateway=gateway, netmask=netmask, start_ip=start_ip, end_ip=end_ip, ) # TODO: need to add rollback for the update and set cls = fortinet_db.Fortinet_Interface record = fortinet_db.query_record(context, cls, name=interface, vdom=namespace.vdom) if gateway: cls.update_record(context, record, ip="%s %s" % (gateway, netmask)) utils.op( self, context, resources.VlanInterface.set, name=interface, vdom=namespace.vdom, ip="%s %s" % (gateway, netmask), ) except Exception as e: utils._rollback_on_err(self, context, e) raise ml2_exc.MechanismDriverError(method=sys._getframe().f_code.co_name) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _associate_floatingip(self, context, id, floatingip): try: l3db_fip = self._get_floatingip(context, id) db_namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=l3db_fip.tenant_id) db_fip = fortinet_db.query_record(context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) fixed_ip_address = floatingip['floatingip']['fixed_ip_address'] utils.add_vip(self, context, vdom=db_namespace.vdom, name=db_fip.floating_ip_address, extip=mappedip, extintf=int_intf, mappedip=fixed_ip_address) db_ip = fortinet_db.query_record(context, models_v2.IPAllocation, port_id=floatingip['floatingip']['port_id']) vlan_inf = utils.get_intf(context, db_ip.network_id) utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=int_intf, dstintf=vlan_inf, dstaddr=db_fip.floating_ip_address, nat='enable') utils.add_fwaddress(self, context, name=fixed_ip_address, vdom=db_namespace.vdom, subnet="%s 255.255.255.255" % fixed_ip_address, associated_interface=vlan_inf) db_fwpolicy = utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, srcaddr=fixed_ip_address, dstintf=int_intf, poolname=mappedip) utils.head_firewall_policy(self, context, vdom=db_namespace.vdom, id=db_fwpolicy.edit_id) except Exception as e: utils._rollback_on_err(self, context, e) raise e utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _disassociate_floatingip(self, context, id): l3db_fip = self._get_floatingip(context, id) db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=l3db_fip.tenant_id) db_fip = fortinet_db.query_record( context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) db_ip = fortinet_db.query_record(context, models_v2.IPAllocation, port_id=l3db_fip.fixed_port_id) vlan_inf = utils.get_intf(context, db_ip.network_id) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, srcaddr=l3db_fip.fixed_ip_address, dstintf=int_intf, poolname=mappedip) utils.delete_fwaddress(self, context, name=l3db_fip.fixed_ip_address, vdom=db_namespace.vdom) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, dstaddr=db_fip.floating_ip_address) utils.delete_vip(self, context, vdom=db_namespace.vdom, name=db_fip.floating_ip_address)
def remove_router_interface(self, context, router_id, interface_info): """Deletes vlink, default router from Fortinet device.""" LOG.debug( "FortinetL3ServicePlugin.remove_router_interface called: " "router_id=%(router_id)s " "interface_info=%(interface_info)r", { 'router_id': router_id, 'interface_info': interface_info }) with context.session.begin(subtransactions=True): info = super(FortinetL3ServicePlugin, self).\ remove_router_interface(context, router_id, interface_info) try: subnet = self._core_plugin._get_subnet(context, info['subnet_id']) tenant_id = subnet['tenant_id'] network_id = subnet['network_id'] vlan_inf = utils.get_intf(context, network_id) db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf) except Exception: LOG.error( _("Fail remove of interface from Fortinet router " "interface. info=%(info)s, " "router_id=%(router_id)s") % ({ "info": info, "router_id": router_id })) raise Exception return info
def add_router_interface(self, context, router_id, interface_info): """creates vlnk on the fortinet device.""" LOG.debug( "FortinetL3ServicePlugin.add_router_interface: " "router_id=%(router_id)s " "interface_info=%(interface_info)r", { 'router_id': router_id, 'interface_info': interface_info }) with context.session.begin(subtransactions=True): info = super(FortinetL3ServicePlugin, self).add_router_interface(context, router_id, interface_info) port = db.get_port(context.session, info['port_id']) port['admin_state_up'] = True port['port'] = port LOG.debug( "FortinetL3ServicePlugin: " "context=%(context)s" "port=%(port)s " "info=%(info)r", { 'context': context, 'port': port, 'info': info }) #self._core_plugin.update_port(context, info["port_id"], port) interface_info = info subnet = self._core_plugin._get_subnet(context, interface_info['subnet_id']) network_id = subnet['network_id'] tenant_id = port['tenant_id'] port_filters = { 'network_id': [network_id], 'device_owner': [DEVICE_OWNER_ROUTER_INTF] } port_count = self._core_plugin.get_ports_count( context, port_filters) # port count is checked against 2 since the current port is already # added to db if port_count == 2: # This subnet is already part of some router LOG.error( _("FortinetL3ServicePlugin: adding redundant router " "interface is not supported")) raise Exception( _("FortinetL3ServicePlugin:adding redundant " "router interface is not supported")) try: db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) vlan_inf = utils.get_intf(context, network_id) int_intf, ext_intf = utils.get_vlink_intf( self, context, vdom=db_namespace.vdom) utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, dstintf=int_intf, nat='enable') except Exception as e: LOG.error( _("Failed to create Fortinet resources to add router " "interface. info=%(info)s, router_id=%(router_id)s"), { "info": info, "router_id": router_id }) resources.Exinfo(e) with excutils.save_and_reraise_exception(): self.remove_router_interface(context, router_id, interface_info) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED) return info
def _associate_floatingip(self, context, id, floatingip): try: l3db_fip = self._get_floatingip(context, id) db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=l3db_fip.tenant_id) db_fip = fortinet_db.query_record( context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) fixed_ip_address = floatingip['floatingip']['fixed_ip_address'] utils.add_vip(self, context, vdom=db_namespace.vdom, name=db_fip.floating_ip_address, extip=mappedip, extintf=int_intf, mappedip=fixed_ip_address) db_ip = fortinet_db.query_record( context, models_v2.IPAllocation, port_id=floatingip['floatingip']['port_id']) vlan_inf = utils.get_intf(context, db_ip.network_id) utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=int_intf, dstintf=vlan_inf, dstaddr=db_fip.floating_ip_address, nat='enable') utils.add_fwaddress(self, context, name=fixed_ip_address, vdom=db_namespace.vdom, subnet="%s 255.255.255.255" % fixed_ip_address, associated_interface=vlan_inf) db_fwpolicy = utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, srcaddr=fixed_ip_address, dstintf=int_intf, poolname=mappedip) utils.head_firewall_policy(self, context, vdom=db_namespace.vdom, id=db_fwpolicy.edit_id) except Exception as e: utils._rollback_on_err(self, context, e) raise e utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def create_subnet_postcommit(self, mech_context): """Noop now, it is left here for future.""" #LOG.debug(_("create_subnetwork_postcommit: called")) gateway = mech_context.current['gateway_ip'] network_id = mech_context.current['network_id'] subnet_id = mech_context.current['id'] tenant_id = mech_context.current['tenant_id'] context = mech_context._plugin_context try: if fortinet_db.query_record(context, ExternalNetwork, network_id=network_id): utils.add_routerstatic(self, context, subnet_id=subnet_id, vdom=const.EXT_VDOM, dst=const.EXT_DEF_DST, device=self._fortigate['ext_interface'], gateway=gateway) else: namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) interface = utils.get_intf(context, mech_context.current['network_id']) netmask = str(netaddr.\ IPNetwork(mech_context.current['cidr']).netmask) start_ip = mech_context.current['allocation_pools'][0]['start'] end_ip = mech_context.current['allocation_pools'][0]['end'] utils.add_dhcpserver(self, context, subnet_id=subnet_id, vdom=namespace.vdom, interface=interface, gateway=gateway, netmask=netmask, start_ip=start_ip, end_ip=end_ip) # TODO: need to add rollback for the update and set cls = fortinet_db.Fortinet_Interface record = fortinet_db.query_record(context, cls, name=interface, vdom=namespace.vdom) if gateway: cls.update_record(context, record, ip="%s %s" % (gateway, netmask)) utils.op(self, context, resources.VlanInterface.set, name=interface, vdom=namespace.vdom, ip="%s %s" % (gateway, netmask)) except Exception as e: utils._rollback_on_err(self, context, e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)