def execute(self, l7rule, listeners, vthunder):
policy = l7rule.l7policy
rules = policy.l7rules
for index, rule in enumerate(rules):
if rule.id == l7rule.id:
del rules[index]
break
policy.rules = rules
l7rule.l7policy = policy
l7policy = l7rule.l7policy
filename = l7policy.id
p = PolicyUtil()
script = p.createPolicy(l7policy)
size = len(script.encode('utf-8'))
listener = listeners[0]
c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool)
kargs = {}
listener.protocol = openstack_mappings.virtual_port_protocol(
self.axapi_client, listener.protocol)
try:
self.axapi_client.slb.aflex_policy.create(file=filename,
script=script,
size=size,
action="import")
LOG.debug("Successfully deleted l7rule: %s", l7rule.id)
except (acos_errors.ACOSException, exceptions.ConnectionError) as e:
LOG.warning("Failed to delete l7rule: %s", str(e))
raise e
try:
get_listener = self.axapi_client.slb.virtual_server.vport.get(
listener.load_balancer_id, listener.name, listener.protocol,
listener.protocol_port)
LOG.debug("Successfully fetched listener %s for l7rule %s",
listener.id, l7rule.id)
except (acos_errors.ACOSException, exceptions.ConnectionError) as e:
LOG.exception("Failed to get listener %s for l7rule: %s",
listener.id, l7rule.id)
raise e
if 'aflex-scripts' in get_listener['port']:
aflex_scripts = get_listener['port']['aflex-scripts']
aflex_scripts.append({"aflex": filename})
else:
aflex_scripts = [{"aflex": filename}]
kargs["aflex-scripts"] = aflex_scripts
try:
self.axapi_client.slb.virtual_server.vport.update(
listener.load_balancer_id, listener.name, listener.protocol,
listener.protocol_port, listener.default_pool_id, s_pers,
c_pers, 1, **kargs)
LOG.debug("Successfully dissociated l7rule %s from listener %s",
l7rule.id, listener.id)
except (acos_errors.ACOSException, exceptions.ConnectionError) as e:
LOG.exception("Failed to dissociate l7rule %s from listener %s",
l7rule.id, listener.id)
raise e
def execute(self, l7policy, vthunder):
listener = l7policy.listener
c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool)
kargs = {}
snat_pool = None
if not (listener.protocol).islower():
listener.protocol = openstack_mappings.virtual_port_protocol(
self.axapi_client, listener.protocol)
try:
get_listener = self.axapi_client.slb.virtual_server.vport.get(
listener.load_balancer_id, listener.id, listener.protocol,
listener.protocol_port)
if get_listener and 'port' in get_listener and 'pool' in get_listener[
'port']:
snat_pool = get_listener['port']['pool']
LOG.debug("Successfully fetched listener %s for l7policy %s",
listener.id, l7policy.id)
except (acos_errors.ACOSException, exceptions.ConnectionError) as e:
LOG.exception("Failed to get listener %s for l7policy: %s",
listener.id, l7policy.id)
raise e
new_aflex_scripts = []
if 'aflex-scripts' in get_listener['port']:
aflex_scripts = get_listener['port']['aflex-scripts']
for aflex in aflex_scripts:
if aflex['aflex'] != l7policy.id:
new_aflex_scripts.append(aflex)
kargs["aflex_scripts"] = new_aflex_scripts
try:
self.axapi_client.slb.virtual_server.vport.replace(
listener.load_balancer_id,
listener.id,
listener.protocol,
listener.protocol_port,
listener.default_pool_id,
s_pers,
c_pers,
1,
source_nat_pool=snat_pool,
**kargs)
LOG.debug("Successfully dissociated l7policy %s from listener %s",
l7policy.id, listener.id)
except (acos_errors.ACOSException, exceptions.ConnectionError) as e:
LOG.exception("Failed to dissociate l7policy %s from listener %s",
l7policy.id, listener.id)
raise e
try:
self.axapi_client.slb.aflex_policy.delete(l7policy.id)
LOG.debug("Successfully deleted l7policy: %s", l7policy.id)
except (acos_errors.ACOSException, exceptions.ConnectionError) as e:
LOG.exception("Failed to delete l7policy: %s", l7policy.id)
raise e
def execute(self, loadbalancer, listener, vthunder):
listener.protocol = openstack_mappings.virtual_port_protocol(
self.axapi_client, listener.protocol)
try:
self.axapi_client.slb.virtual_server.vport.delete(
loadbalancer.id, listener.id, listener.protocol,
listener.protocol_port)
LOG.debug("Successfully deleted listener: %s", listener.id)
except (acos_errors.ACOSException, ConnectionError) as e:
LOG.exception("Failed to delete listener: %s", listener.id)
raise e
def execute(self, loadbalancer, listener, vthunder):
name = loadbalancer.id + "_" + str(listener.protocol_port)
listener.protocol = openstack_mappings.virtual_port_protocol(
self.axapi_client, listener.protocol)
try:
self.axapi_client.slb.virtual_server.vport.delete(
loadbalancer.id, name, listener.protocol,
listener.protocol_port)
LOG.debug("Listener deleted successfully: %s", name)
except Exception as e:
LOG.warning("Failed to delete the listener: %s", str(e))
def set(self, l7policy, listeners):
filename = l7policy.id
p = PolicyUtil()
script = p.createPolicy(l7policy)
size = len(script.encode('utf-8'))
listener = listeners[0]
c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool)
kargs = {}
listener.protocol = openstack_mappings.virtual_port_protocol(self.axapi_client,
listener.protocol)
try:
self.axapi_client.slb.aflex_policy.create(
file=filename, script=script, size=size, action="import")
LOG.debug("Successfully created l7policy: %s", l7policy.id)
except (acos_errors.ACOSException, exceptions.ConnectionError) as e:
LOG.exception("Failed to create/update l7policy: %s", l7policy.id)
raise e
try:
get_listener = self.axapi_client.slb.virtual_server.vport.get(
listener.load_balancer_id, listener.id,
listener.protocol, listener.protocol_port)
LOG.debug("Successfully fetched listener %s for l7policy %s", listener.id, l7policy.id)
except (acos_errors.ACOSException, exceptions.ConnectionError) as e:
LOG.exception("Failed to get listener %s for l7policy: %s", listener.id, l7policy.id)
raise e
if 'aflex-scripts' in get_listener['port']:
aflex_scripts = get_listener['port']['aflex-scripts']
aflex_scripts.append({"aflex": filename})
else:
aflex_scripts = [{"aflex": filename}]
kargs["aflex_scripts"] = aflex_scripts
try:
self.axapi_client.slb.virtual_server.vport.update(
listener.load_balancer_id, listener.id,
listener.protocol, listener.protocol_port,
listener.default_pool_id, s_pers,
c_pers, 1, **kargs)
LOG.debug(
"Successfully associated l7policy %s to listener %s",
l7policy.id,
listener.id)
except (acos_errors.ACOSException, exceptions.ConnectionError) as e:
LOG.exception(
"Failed to associate l7policy %s to listener %s",
l7policy.id,
listener.id)
raise e
def execute(self, loadbalancer, listener, vthunder):
try:
if listener:
c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool)
listener.protocol = openstack_mappings.virtual_port_protocol(
self.axapi_client, listener.protocol).lower()
self.axapi_client.slb.virtual_server.vport.update(
loadbalancer.id,
listener.id,
listener.protocol,
listener.protocol_port,
listener.default_pool_id,
s_pers_name=s_pers, c_pers_name=c_pers)
LOG.debug("Successfully updated listener: %s", listener.id)
except (acos_errors.ACOSException, ConnectionError) as e:
LOG.exception("Failed to update listener: %s", listener.id)
raise e
def set(self,
set_method,
loadbalancer,
listener,
vthunder,
flavor_data=None,
update_dict=None,
ssl_template=None):
listener.load_balancer = loadbalancer
listener.protocol = openstack_mappings.virtual_port_protocol(
self.axapi_client, listener.protocol).lower()
config_data = {
'ipinip': CONF.listener.ipinip,
'use_rcv_hop': CONF.listener.use_rcv_hop_for_resp,
'ha_conn_mirror': CONF.listener.ha_conn_mirror
}
status = self.axapi_client.slb.UP
if not listener.enabled:
status = self.axapi_client.slb.DOWN
config_data['status'] = status
conn_limit = CONF.listener.conn_limit
if listener.connection_limit != -1:
conn_limit = listener.connection_limit
if conn_limit < 1 or conn_limit > 64000000:
raise Exception('The specified member server connection limit '
'(configuration setting: conn-limit) is out of '
'bounds with value {0}. Please set to between '
'1-64000000.'.format(conn_limit))
config_data['conn_limit'] = conn_limit
no_dest_nat = CONF.listener.no_dest_nat
if no_dest_nat and (
listener.protocol
not in a10constants.NO_DEST_NAT_SUPPORTED_PROTOCOL):
LOG.warning("'no_dest_nat' is not allowed for HTTP," +
"HTTPS or TERMINATED_HTTPS listener.")
no_dest_nat = False
config_data['no_dest_nat'] = no_dest_nat
autosnat = CONF.listener.autosnat
if autosnat and no_dest_nat:
raise exceptions.SNATConfigurationError()
config_data['autosnat'] = autosnat
c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool)
device_templates = self.axapi_client.slb.template.templates.get()
vport_templates = {}
template_vport = CONF.listener.template_virtual_port
if template_vport and template_vport.lower() != 'none':
template_key = 'template-virtual-port'
if vthunder.partition_name != "shared":
if CONF.a10_global.use_shared_for_template_lookup:
template_key = utils.shared_template_modifier(
template_key, template_vport, device_templates)
vport_templates[template_key] = template_vport
template_args = {}
if listener.protocol.upper() in a10constants.HTTP_TYPE:
if listener.protocol == 'https' and listener.tls_certificate_id:
# Adding TERMINATED_HTTPS SSL cert, created in previous task
template_args["template_client_ssl"] = listener.id
if (update_dict and 'default_tls_container_ref' in update_dict
and update_dict["default_tls_container_ref"] is None):
template_args["template_client_ssl"] = None
elif listener.protocol == 'https':
template_args["template_client_ssl"] = listener.id
template_http = CONF.listener.template_http
if template_http and template_http.lower() != 'none':
template_key = 'template-http'
if vthunder.partition_name != "shared":
if CONF.a10_global.use_shared_for_template_lookup:
template_key = utils.shared_template_modifier(
template_key, template_http, device_templates)
vport_templates[template_key] = template_http
"""
if ha_conn_mirror is not None:
ha_conn_mirror = None
LOG.warning("'ha_conn_mirror' is not allowed for HTTP "
"or TERMINATED_HTTPS listeners.")
"""
elif listener.protocol == 'tcp':
template_tcp = CONF.listener.template_tcp
if template_tcp and template_tcp.lower() != 'none':
template_key = 'template-tcp'
if vthunder.partition_name != "shared":
if CONF.a10_global.use_shared_for_template_lookup:
template_key = utils.shared_template_modifier(
template_key, template_tcp, device_templates)
vport_templates[template_key] = template_tcp
template_policy = CONF.listener.template_policy
if template_policy and template_policy.lower() != 'none':
template_key = 'template-policy'
if vthunder.partition_name != "shared":
if CONF.a10_global.use_shared_for_template_lookup:
template_key = utils.shared_template_modifier(
template_key, template_policy, device_templates)
vport_templates[template_key] = template_policy
vport_args = {}
if flavor_data:
virtual_port_flavor = flavor_data.get('virtual_port')
if virtual_port_flavor:
name_exprs = virtual_port_flavor.get('name_expressions')
parsed_exprs = utils.parse_name_expressions(
listener.name, name_exprs)
virtual_port_flavor.pop('name_expressions', None)
virtual_port_flavor.update(parsed_exprs)
vport_args = {'port': virtual_port_flavor}
# use default nat-pool pool if pool is not specified
if 'port' not in vport_args or 'pool' not in vport_args['port']:
pool_flavor = flavor_data.get('nat_pool')
if pool_flavor and 'pool_name' in pool_flavor:
pool_arg = {}
pool_arg['pool'] = pool_flavor['pool_name']
if 'port' in vport_args:
vport_args['port'].update(pool_arg)
else:
vport_args['port'] = pool_arg
config_data.update(template_args)
config_data.update(vport_args)
set_method(loadbalancer.id,
listener.id,
listener.protocol,
listener.protocol_port,
listener.default_pool_id,
s_pers_name=s_pers,
c_pers_name=c_pers,
virtual_port_templates=vport_templates,
**config_data)
listener.protocol = listener.protocol.upper()
def set(self, set_method, loadbalancer, listeners):
ipinip = CONF.listener.ipinip
no_dest_nat = CONF.listener.no_dest_nat
autosnat = CONF.listener.autosnat
conn_limit = CONF.listener.conn_limit
use_rcv_hop = CONF.listener.use_rcv_hop_for_resp
virtual_port_templates = {}
template_virtual_port = CONF.listener.template_virtual_port
virtual_port_templates['template-virtual-port'] = template_virtual_port
template_args = {}
try:
for listener in listeners:
if listener.connection_limit != -1:
conn_limit = listener.connection_limit
if conn_limit < 1 or conn_limit > 64000000:
LOG.warning(
'The specified member server connection limit '
'(configuration setting: conn-limit) is out of '
'bounds with value {0}. Please set to between '
'1-64000000. Defaulting to 64000000'.format(
conn_limit))
listener.load_balancer = loadbalancer
status = self.axapi_client.slb.UP
if not listener.enabled:
status = self.axapi_client.slb.DOWN
c_pers, s_pers = utils.get_sess_pers_templates(
listener.default_pool)
listener.protocol = openstack_mappings.virtual_port_protocol(
self.axapi_client, listener.protocol)
if listener.protocol == 'HTTPS':
template_args["template_client_ssl"] = self.cert_handler(
loadbalancer, listener)
if listener.protocol in a10constants.HTTP_TYPE:
# TODO(hthompson6) work around for issue in acos client
listener.protocol = listener.protocol.lower()
virtual_port_template = CONF.listener.template_http
virtual_port_templates[
'template-http'] = virtual_port_template
else:
virtual_port_template = CONF.listener.template_tcp
virtual_port_templates[
'template-tcp'] = virtual_port_template
virtual_port_template = CONF.listener.template_policy
virtual_port_templates[
'template-policy'] = virtual_port_template
# Add all config filters here
if no_dest_nat and (
listener.protocol.lower()
not in a10constants.NO_DEST_NAT_SUPPORTED_PROTOCOL):
LOG.warning("'no_dest_nat' is not allowed for HTTP," +
"HTTPS or TERMINATED_HTTPS listener.")
no_dest_nat = False
name = loadbalancer.id + "_" + str(listener.protocol_port)
set_method(
loadbalancer.id,
name,
listener.protocol,
listener.protocol_port,
listener.default_pool_id,
s_pers_name=s_pers,
c_pers_name=c_pers,
status=status,
no_dest_nat=no_dest_nat,
autosnat=autosnat,
ipinip=ipinip,
# TODO(hthompson6) resolve in acos client
# ha_conn_mirror=ha_conn_mirror,
use_rcv_hop=use_rcv_hop,
conn_limit=conn_limit,
virtual_port_templates=virtual_port_templates,
**template_args)
LOG.info("Listener created successfully.")
except Exception as e:
LOG.error(str(e))
LOG.info("Error occurred")
def set(self, set_method, loadbalancer, listener, vthunder, ssl_template=None):
listener.load_balancer = loadbalancer
listener.protocol = openstack_mappings.virtual_port_protocol(
self.axapi_client, listener.protocol).lower()
ipinip = CONF.listener.ipinip
use_rcv_hop = CONF.listener.use_rcv_hop_for_resp
ha_conn_mirror = CONF.listener.ha_conn_mirror
status = self.axapi_client.slb.UP
if not listener.enabled:
status = self.axapi_client.slb.DOWN
conn_limit = CONF.listener.conn_limit
if listener.connection_limit != -1:
conn_limit = listener.connection_limit
if conn_limit < 1 or conn_limit > 64000000:
LOG.warning('The specified member server connection limit '
'(configuration setting: conn-limit) is out of '
'bounds with value {0}. Please set to between '
'1-64000000. Defaulting to 64000000'.format(conn_limit))
no_dest_nat = CONF.listener.no_dest_nat
if no_dest_nat and (
listener.protocol
not in a10constants.NO_DEST_NAT_SUPPORTED_PROTOCOL):
LOG.warning("'no_dest_nat' is not allowed for HTTP," +
"HTTPS or TERMINATED_HTTPS listener.")
no_dest_nat = False
autosnat = CONF.listener.autosnat
if autosnat and no_dest_nat:
raise exceptions.SNATConfigurationError()
c_pers, s_pers = utils.get_sess_pers_templates(listener.default_pool)
device_templates = self.axapi_client.slb.template.templates.get()
vport_templates = {}
template_vport = CONF.listener.template_virtual_port
if template_vport and template_vport.lower() != 'none':
template_key = 'template-virtual-port'
if vthunder.partition_name != "shared":
if CONF.a10_global.use_shared_for_template_lookup:
template_key = utils.shared_template_modifier(template_key,
template_vport,
device_templates)
vport_templates[template_key] = template_vport
template_args = {}
if listener.protocol == 'https' and listener.tls_certificate_id:
# Adding TERMINATED_HTTPS SSL cert, created in previous task
template_args["template_client_ssl"] = listener.id
elif listener.protocol.upper() in a10constants.HTTP_TYPE:
template_http = CONF.listener.template_http
if template_http and template_http.lower() != 'none':
template_key = 'template-http'
if vthunder.partition_name != "shared":
if CONF.a10_global.use_shared_for_template_lookup:
template_key = utils.shared_template_modifier(template_key,
template_http,
device_templates)
vport_templates[template_key] = template_http
if ha_conn_mirror is not None:
ha_conn_mirror = None
LOG.warning("'ha_conn_mirror' is not allowed for HTTP "
"or TERMINATED_HTTPS listeners.")
elif listener.protocol == 'tcp':
template_tcp = CONF.listener.template_tcp
if template_tcp and template_tcp.lower() != 'none':
template_key = 'template-tcp'
if vthunder.partition_name != "shared":
if CONF.a10_global.use_shared_for_template_lookup:
template_key = utils.shared_template_modifier(template_key,
template_tcp,
device_templates)
vport_templates[template_key] = template_tcp
template_policy = CONF.listener.template_policy
if template_policy and template_policy.lower() != 'none':
template_key = 'template-policy'
if vthunder.partition_name != "shared":
if CONF.a10_global.use_shared_for_template_lookup:
template_key = utils.shared_template_modifier(template_key,
template_policy,
device_templates)
vport_templates[template_key] = template_policy
set_method(loadbalancer.id,
listener.id,
listener.protocol,
listener.protocol_port,
listener.default_pool_id,
s_pers_name=s_pers, c_pers_name=c_pers,
status=status, no_dest_nat=no_dest_nat,
autosnat=autosnat, ipinip=ipinip,
ha_conn_mirror=ha_conn_mirror,
use_rcv_hop=use_rcv_hop,
conn_limit=conn_limit,
virtual_port_templates=vport_templates,
**template_args)
