def execute(self, l7rule, listeners, vthunder): policy = l7rule.l7policy rules = policy.l7rules for index, rule in enumerate(rules): if rule.id == l7rule.id: del rules[index] break policy.rules = rules l7rule.l7policy = policy l7policy = l7rule.l7policy filename = l7policy.id p = PolicyUtil() script = p.createPolicy(l7policy) size = len(script.encode('utf-8')) listener = listeners[0] c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool) kargs = {} listener.protocol = openstack_mappings.virtual_port_protocol( self.axapi_client, listener.protocol) try: self.axapi_client.slb.aflex_policy.create(file=filename, script=script, size=size, action="import") LOG.debug("Successfully deleted l7rule: %s", l7rule.id) except (acos_errors.ACOSException, exceptions.ConnectionError) as e: LOG.warning("Failed to delete l7rule: %s", str(e)) raise e try: get_listener = self.axapi_client.slb.virtual_server.vport.get( listener.load_balancer_id, listener.name, listener.protocol, listener.protocol_port) LOG.debug("Successfully fetched listener %s for l7rule %s", listener.id, l7rule.id) except (acos_errors.ACOSException, exceptions.ConnectionError) as e: LOG.exception("Failed to get listener %s for l7rule: %s", listener.id, l7rule.id) raise e if 'aflex-scripts' in get_listener['port']: aflex_scripts = get_listener['port']['aflex-scripts'] aflex_scripts.append({"aflex": filename}) else: aflex_scripts = [{"aflex": filename}] kargs["aflex-scripts"] = aflex_scripts try: self.axapi_client.slb.virtual_server.vport.update( listener.load_balancer_id, listener.name, listener.protocol, listener.protocol_port, listener.default_pool_id, s_pers, c_pers, 1, **kargs) LOG.debug("Successfully dissociated l7rule %s from listener %s", l7rule.id, listener.id) except (acos_errors.ACOSException, exceptions.ConnectionError) as e: LOG.exception("Failed to dissociate l7rule %s from listener %s", l7rule.id, listener.id) raise e
def execute(self, l7policy, vthunder): listener = l7policy.listener c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool) kargs = {} snat_pool = None if not (listener.protocol).islower(): listener.protocol = openstack_mappings.virtual_port_protocol( self.axapi_client, listener.protocol) try: get_listener = self.axapi_client.slb.virtual_server.vport.get( listener.load_balancer_id, listener.id, listener.protocol, listener.protocol_port) if get_listener and 'port' in get_listener and 'pool' in get_listener[ 'port']: snat_pool = get_listener['port']['pool'] LOG.debug("Successfully fetched listener %s for l7policy %s", listener.id, l7policy.id) except (acos_errors.ACOSException, exceptions.ConnectionError) as e: LOG.exception("Failed to get listener %s for l7policy: %s", listener.id, l7policy.id) raise e new_aflex_scripts = [] if 'aflex-scripts' in get_listener['port']: aflex_scripts = get_listener['port']['aflex-scripts'] for aflex in aflex_scripts: if aflex['aflex'] != l7policy.id: new_aflex_scripts.append(aflex) kargs["aflex_scripts"] = new_aflex_scripts try: self.axapi_client.slb.virtual_server.vport.replace( listener.load_balancer_id, listener.id, listener.protocol, listener.protocol_port, listener.default_pool_id, s_pers, c_pers, 1, source_nat_pool=snat_pool, **kargs) LOG.debug("Successfully dissociated l7policy %s from listener %s", l7policy.id, listener.id) except (acos_errors.ACOSException, exceptions.ConnectionError) as e: LOG.exception("Failed to dissociate l7policy %s from listener %s", l7policy.id, listener.id) raise e try: self.axapi_client.slb.aflex_policy.delete(l7policy.id) LOG.debug("Successfully deleted l7policy: %s", l7policy.id) except (acos_errors.ACOSException, exceptions.ConnectionError) as e: LOG.exception("Failed to delete l7policy: %s", l7policy.id) raise e
def execute(self, loadbalancer, listener, vthunder): listener.protocol = openstack_mappings.virtual_port_protocol( self.axapi_client, listener.protocol) try: self.axapi_client.slb.virtual_server.vport.delete( loadbalancer.id, listener.id, listener.protocol, listener.protocol_port) LOG.debug("Successfully deleted listener: %s", listener.id) except (acos_errors.ACOSException, ConnectionError) as e: LOG.exception("Failed to delete listener: %s", listener.id) raise e
def execute(self, loadbalancer, listener, vthunder): name = loadbalancer.id + "_" + str(listener.protocol_port) listener.protocol = openstack_mappings.virtual_port_protocol( self.axapi_client, listener.protocol) try: self.axapi_client.slb.virtual_server.vport.delete( loadbalancer.id, name, listener.protocol, listener.protocol_port) LOG.debug("Listener deleted successfully: %s", name) except Exception as e: LOG.warning("Failed to delete the listener: %s", str(e))
def set(self, l7policy, listeners): filename = l7policy.id p = PolicyUtil() script = p.createPolicy(l7policy) size = len(script.encode('utf-8')) listener = listeners[0] c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool) kargs = {} listener.protocol = openstack_mappings.virtual_port_protocol(self.axapi_client, listener.protocol) try: self.axapi_client.slb.aflex_policy.create( file=filename, script=script, size=size, action="import") LOG.debug("Successfully created l7policy: %s", l7policy.id) except (acos_errors.ACOSException, exceptions.ConnectionError) as e: LOG.exception("Failed to create/update l7policy: %s", l7policy.id) raise e try: get_listener = self.axapi_client.slb.virtual_server.vport.get( listener.load_balancer_id, listener.id, listener.protocol, listener.protocol_port) LOG.debug("Successfully fetched listener %s for l7policy %s", listener.id, l7policy.id) except (acos_errors.ACOSException, exceptions.ConnectionError) as e: LOG.exception("Failed to get listener %s for l7policy: %s", listener.id, l7policy.id) raise e if 'aflex-scripts' in get_listener['port']: aflex_scripts = get_listener['port']['aflex-scripts'] aflex_scripts.append({"aflex": filename}) else: aflex_scripts = [{"aflex": filename}] kargs["aflex_scripts"] = aflex_scripts try: self.axapi_client.slb.virtual_server.vport.update( listener.load_balancer_id, listener.id, listener.protocol, listener.protocol_port, listener.default_pool_id, s_pers, c_pers, 1, **kargs) LOG.debug( "Successfully associated l7policy %s to listener %s", l7policy.id, listener.id) except (acos_errors.ACOSException, exceptions.ConnectionError) as e: LOG.exception( "Failed to associate l7policy %s to listener %s", l7policy.id, listener.id) raise e
def execute(self, loadbalancer, listener, vthunder): try: if listener: c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool) listener.protocol = openstack_mappings.virtual_port_protocol( self.axapi_client, listener.protocol).lower() self.axapi_client.slb.virtual_server.vport.update( loadbalancer.id, listener.id, listener.protocol, listener.protocol_port, listener.default_pool_id, s_pers_name=s_pers, c_pers_name=c_pers) LOG.debug("Successfully updated listener: %s", listener.id) except (acos_errors.ACOSException, ConnectionError) as e: LOG.exception("Failed to update listener: %s", listener.id) raise e
def set(self, set_method, loadbalancer, listener, vthunder, flavor_data=None, update_dict=None, ssl_template=None): listener.load_balancer = loadbalancer listener.protocol = openstack_mappings.virtual_port_protocol( self.axapi_client, listener.protocol).lower() config_data = { 'ipinip': CONF.listener.ipinip, 'use_rcv_hop': CONF.listener.use_rcv_hop_for_resp, 'ha_conn_mirror': CONF.listener.ha_conn_mirror } status = self.axapi_client.slb.UP if not listener.enabled: status = self.axapi_client.slb.DOWN config_data['status'] = status conn_limit = CONF.listener.conn_limit if listener.connection_limit != -1: conn_limit = listener.connection_limit if conn_limit < 1 or conn_limit > 64000000: raise Exception('The specified member server connection limit ' '(configuration setting: conn-limit) is out of ' 'bounds with value {0}. Please set to between ' '1-64000000.'.format(conn_limit)) config_data['conn_limit'] = conn_limit no_dest_nat = CONF.listener.no_dest_nat if no_dest_nat and ( listener.protocol not in a10constants.NO_DEST_NAT_SUPPORTED_PROTOCOL): LOG.warning("'no_dest_nat' is not allowed for HTTP," + "HTTPS or TERMINATED_HTTPS listener.") no_dest_nat = False config_data['no_dest_nat'] = no_dest_nat autosnat = CONF.listener.autosnat if autosnat and no_dest_nat: raise exceptions.SNATConfigurationError() config_data['autosnat'] = autosnat c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool) device_templates = self.axapi_client.slb.template.templates.get() vport_templates = {} template_vport = CONF.listener.template_virtual_port if template_vport and template_vport.lower() != 'none': template_key = 'template-virtual-port' if vthunder.partition_name != "shared": if CONF.a10_global.use_shared_for_template_lookup: template_key = utils.shared_template_modifier( template_key, template_vport, device_templates) vport_templates[template_key] = template_vport template_args = {} if listener.protocol.upper() in a10constants.HTTP_TYPE: if listener.protocol == 'https' and listener.tls_certificate_id: # Adding TERMINATED_HTTPS SSL cert, created in previous task template_args["template_client_ssl"] = listener.id if (update_dict and 'default_tls_container_ref' in update_dict and update_dict["default_tls_container_ref"] is None): template_args["template_client_ssl"] = None elif listener.protocol == 'https': template_args["template_client_ssl"] = listener.id template_http = CONF.listener.template_http if template_http and template_http.lower() != 'none': template_key = 'template-http' if vthunder.partition_name != "shared": if CONF.a10_global.use_shared_for_template_lookup: template_key = utils.shared_template_modifier( template_key, template_http, device_templates) vport_templates[template_key] = template_http """ if ha_conn_mirror is not None: ha_conn_mirror = None LOG.warning("'ha_conn_mirror' is not allowed for HTTP " "or TERMINATED_HTTPS listeners.") """ elif listener.protocol == 'tcp': template_tcp = CONF.listener.template_tcp if template_tcp and template_tcp.lower() != 'none': template_key = 'template-tcp' if vthunder.partition_name != "shared": if CONF.a10_global.use_shared_for_template_lookup: template_key = utils.shared_template_modifier( template_key, template_tcp, device_templates) vport_templates[template_key] = template_tcp template_policy = CONF.listener.template_policy if template_policy and template_policy.lower() != 'none': template_key = 'template-policy' if vthunder.partition_name != "shared": if CONF.a10_global.use_shared_for_template_lookup: template_key = utils.shared_template_modifier( template_key, template_policy, device_templates) vport_templates[template_key] = template_policy vport_args = {} if flavor_data: virtual_port_flavor = flavor_data.get('virtual_port') if virtual_port_flavor: name_exprs = virtual_port_flavor.get('name_expressions') parsed_exprs = utils.parse_name_expressions( listener.name, name_exprs) virtual_port_flavor.pop('name_expressions', None) virtual_port_flavor.update(parsed_exprs) vport_args = {'port': virtual_port_flavor} # use default nat-pool pool if pool is not specified if 'port' not in vport_args or 'pool' not in vport_args['port']: pool_flavor = flavor_data.get('nat_pool') if pool_flavor and 'pool_name' in pool_flavor: pool_arg = {} pool_arg['pool'] = pool_flavor['pool_name'] if 'port' in vport_args: vport_args['port'].update(pool_arg) else: vport_args['port'] = pool_arg config_data.update(template_args) config_data.update(vport_args) set_method(loadbalancer.id, listener.id, listener.protocol, listener.protocol_port, listener.default_pool_id, s_pers_name=s_pers, c_pers_name=c_pers, virtual_port_templates=vport_templates, **config_data) listener.protocol = listener.protocol.upper()
def set(self, set_method, loadbalancer, listeners): ipinip = CONF.listener.ipinip no_dest_nat = CONF.listener.no_dest_nat autosnat = CONF.listener.autosnat conn_limit = CONF.listener.conn_limit use_rcv_hop = CONF.listener.use_rcv_hop_for_resp virtual_port_templates = {} template_virtual_port = CONF.listener.template_virtual_port virtual_port_templates['template-virtual-port'] = template_virtual_port template_args = {} try: for listener in listeners: if listener.connection_limit != -1: conn_limit = listener.connection_limit if conn_limit < 1 or conn_limit > 64000000: LOG.warning( 'The specified member server connection limit ' '(configuration setting: conn-limit) is out of ' 'bounds with value {0}. Please set to between ' '1-64000000. Defaulting to 64000000'.format( conn_limit)) listener.load_balancer = loadbalancer status = self.axapi_client.slb.UP if not listener.enabled: status = self.axapi_client.slb.DOWN c_pers, s_pers = utils.get_sess_pers_templates( listener.default_pool) listener.protocol = openstack_mappings.virtual_port_protocol( self.axapi_client, listener.protocol) if listener.protocol == 'HTTPS': template_args["template_client_ssl"] = self.cert_handler( loadbalancer, listener) if listener.protocol in a10constants.HTTP_TYPE: # TODO(hthompson6) work around for issue in acos client listener.protocol = listener.protocol.lower() virtual_port_template = CONF.listener.template_http virtual_port_templates[ 'template-http'] = virtual_port_template else: virtual_port_template = CONF.listener.template_tcp virtual_port_templates[ 'template-tcp'] = virtual_port_template virtual_port_template = CONF.listener.template_policy virtual_port_templates[ 'template-policy'] = virtual_port_template # Add all config filters here if no_dest_nat and ( listener.protocol.lower() not in a10constants.NO_DEST_NAT_SUPPORTED_PROTOCOL): LOG.warning("'no_dest_nat' is not allowed for HTTP," + "HTTPS or TERMINATED_HTTPS listener.") no_dest_nat = False name = loadbalancer.id + "_" + str(listener.protocol_port) set_method( loadbalancer.id, name, listener.protocol, listener.protocol_port, listener.default_pool_id, s_pers_name=s_pers, c_pers_name=c_pers, status=status, no_dest_nat=no_dest_nat, autosnat=autosnat, ipinip=ipinip, # TODO(hthompson6) resolve in acos client # ha_conn_mirror=ha_conn_mirror, use_rcv_hop=use_rcv_hop, conn_limit=conn_limit, virtual_port_templates=virtual_port_templates, **template_args) LOG.info("Listener created successfully.") except Exception as e: LOG.error(str(e)) LOG.info("Error occurred")
def set(self, set_method, loadbalancer, listener, vthunder, ssl_template=None): listener.load_balancer = loadbalancer listener.protocol = openstack_mappings.virtual_port_protocol( self.axapi_client, listener.protocol).lower() ipinip = CONF.listener.ipinip use_rcv_hop = CONF.listener.use_rcv_hop_for_resp ha_conn_mirror = CONF.listener.ha_conn_mirror status = self.axapi_client.slb.UP if not listener.enabled: status = self.axapi_client.slb.DOWN conn_limit = CONF.listener.conn_limit if listener.connection_limit != -1: conn_limit = listener.connection_limit if conn_limit < 1 or conn_limit > 64000000: LOG.warning('The specified member server connection limit ' '(configuration setting: conn-limit) is out of ' 'bounds with value {0}. Please set to between ' '1-64000000. Defaulting to 64000000'.format(conn_limit)) no_dest_nat = CONF.listener.no_dest_nat if no_dest_nat and ( listener.protocol not in a10constants.NO_DEST_NAT_SUPPORTED_PROTOCOL): LOG.warning("'no_dest_nat' is not allowed for HTTP," + "HTTPS or TERMINATED_HTTPS listener.") no_dest_nat = False autosnat = CONF.listener.autosnat if autosnat and no_dest_nat: raise exceptions.SNATConfigurationError() c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool) device_templates = self.axapi_client.slb.template.templates.get() vport_templates = {} template_vport = CONF.listener.template_virtual_port if template_vport and template_vport.lower() != 'none': template_key = 'template-virtual-port' if vthunder.partition_name != "shared": if CONF.a10_global.use_shared_for_template_lookup: template_key = utils.shared_template_modifier(template_key, template_vport, device_templates) vport_templates[template_key] = template_vport template_args = {} if listener.protocol == 'https' and listener.tls_certificate_id: # Adding TERMINATED_HTTPS SSL cert, created in previous task template_args["template_client_ssl"] = listener.id elif listener.protocol.upper() in a10constants.HTTP_TYPE: template_http = CONF.listener.template_http if template_http and template_http.lower() != 'none': template_key = 'template-http' if vthunder.partition_name != "shared": if CONF.a10_global.use_shared_for_template_lookup: template_key = utils.shared_template_modifier(template_key, template_http, device_templates) vport_templates[template_key] = template_http if ha_conn_mirror is not None: ha_conn_mirror = None LOG.warning("'ha_conn_mirror' is not allowed for HTTP " "or TERMINATED_HTTPS listeners.") elif listener.protocol == 'tcp': template_tcp = CONF.listener.template_tcp if template_tcp and template_tcp.lower() != 'none': template_key = 'template-tcp' if vthunder.partition_name != "shared": if CONF.a10_global.use_shared_for_template_lookup: template_key = utils.shared_template_modifier(template_key, template_tcp, device_templates) vport_templates[template_key] = template_tcp template_policy = CONF.listener.template_policy if template_policy and template_policy.lower() != 'none': template_key = 'template-policy' if vthunder.partition_name != "shared": if CONF.a10_global.use_shared_for_template_lookup: template_key = utils.shared_template_modifier(template_key, template_policy, device_templates) vport_templates[template_key] = template_policy set_method(loadbalancer.id, listener.id, listener.protocol, listener.protocol_port, listener.default_pool_id, s_pers_name=s_pers, c_pers_name=c_pers, status=status, no_dest_nat=no_dest_nat, autosnat=autosnat, ipinip=ipinip, ha_conn_mirror=ha_conn_mirror, use_rcv_hop=use_rcv_hop, conn_limit=conn_limit, virtual_port_templates=vport_templates, **template_args)