def create_subnet_postcommit(self, mech_context): """Noop now, it is left here for future.""" # LOG.debug(_("create_subnetwork_postcommit: called")) gateway = mech_context.current["gateway_ip"] network_id = mech_context.current["network_id"] subnet_id = mech_context.current["id"] tenant_id = mech_context.current["tenant_id"] context = mech_context._plugin_context try: if fortinet_db.query_record(context, ExternalNetwork, network_id=network_id): utils.add_routerstatic( self, context, subnet_id=subnet_id, vdom=const.EXT_VDOM, dst=const.EXT_DEF_DST, device=self._fortigate["ext_interface"], gateway=gateway, ) else: namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) interface = utils.get_intf(context, mech_context.current["network_id"]) netmask = str(netaddr.IPNetwork(mech_context.current["cidr"]).netmask) start_ip = mech_context.current["allocation_pools"][0]["start"] end_ip = mech_context.current["allocation_pools"][0]["end"] utils.add_dhcpserver( self, context, subnet_id=subnet_id, vdom=namespace.vdom, interface=interface, gateway=gateway, netmask=netmask, start_ip=start_ip, end_ip=end_ip, ) # TODO: need to add rollback for the update and set cls = fortinet_db.Fortinet_Interface record = fortinet_db.query_record(context, cls, name=interface, vdom=namespace.vdom) if gateway: cls.update_record(context, record, ip="%s %s" % (gateway, netmask)) utils.op( self, context, resources.VlanInterface.set, name=interface, vdom=namespace.vdom, ip="%s %s" % (gateway, netmask), ) except Exception as e: utils._rollback_on_err(self, context, e) raise ml2_exc.MechanismDriverError(method=sys._getframe().f_code.co_name) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _associate_floatingip(self, context, id, floatingip): try: l3db_fip = self._get_floatingip(context, id) db_namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=l3db_fip.tenant_id) db_fip = fortinet_db.query_record(context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) fixed_ip_address = floatingip['floatingip']['fixed_ip_address'] utils.add_vip(self, context, vdom=db_namespace.vdom, name=db_fip.floating_ip_address, extip=mappedip, extintf=int_intf, mappedip=fixed_ip_address) db_ip = fortinet_db.query_record(context, models_v2.IPAllocation, port_id=floatingip['floatingip']['port_id']) vlan_inf = utils.get_intf(context, db_ip.network_id) utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=int_intf, dstintf=vlan_inf, dstaddr=db_fip.floating_ip_address, nat='enable') utils.add_fwaddress(self, context, name=fixed_ip_address, vdom=db_namespace.vdom, subnet="%s 255.255.255.255" % fixed_ip_address, associated_interface=vlan_inf) db_fwpolicy = utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, srcaddr=fixed_ip_address, dstintf=int_intf, poolname=mappedip) utils.head_firewall_policy(self, context, vdom=db_namespace.vdom, id=db_fwpolicy.edit_id) except Exception as e: utils._rollback_on_err(self, context, e) raise e utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def create_network_postcommit(self, mech_context): """Create Network as a portprofile on the fortigate.""" network = mech_context.current if network["router:external"]: # TODO return # use network_id to get the network attributes # ONLY depend on our db for getting back network attributes # this is so we can replay postcommit from db network_name = network['name'] tenant_id = network['tenant_id'] segment = mech_context.network_segments[0] # currently supports only one segment per network if segment['network_type'] != 'vlan': raise Exception( _("Fortinet Mechanism: failed to create network," "only network type vlan is supported")) vlanid = segment['segmentation_id'] context = mech_context._plugin_context try: namespace = utils.add_vdom(self, context, tenant_id=tenant_id) if not namespace: raise # TODO: type driver support vlan only, need to check later inf_name = const.PREFIX['inf'] + str(vlanid) utils.add_vlanintf(self, context, name=inf_name, vdom=namespace.vdom, vlanid=vlanid, interface=self._fortigate['int_interface'], alias=network_name) except Exception as e: utils._rollback_on_err(self, context, e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def create_network_postcommit(self, mech_context): """Create Network as a portprofile on the fortigate.""" network = mech_context.current if network["router:external"]: # TODO return # use network_id to get the network attributes # ONLY depend on our db for getting back network attributes # this is so we can replay postcommit from db network_name = network["name"] tenant_id = network["tenant_id"] segment = mech_context.network_segments[0] # currently supports only one segment per network if segment["network_type"] != "vlan": raise Exception(_("Fortinet Mechanism: failed to create network," "only network type vlan is supported")) vlanid = segment["segmentation_id"] context = mech_context._plugin_context try: namespace = utils.add_vdom(self, context, tenant_id=tenant_id) if not namespace: raise # TODO: type driver support vlan only, need to check later inf_name = const.PREFIX["inf"] + str(vlanid) utils.add_vlanintf( self, context, name=inf_name, vdom=namespace.vdom, vlanid=vlanid, interface=self._fortigate["int_interface"], alias=network_name, ) except Exception as e: utils._rollback_on_err(self, context, e) raise ml2_exc.MechanismDriverError(method=sys._getframe().f_code.co_name) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _allocate_floatingip(self, context, obj): """ 1. mapping floatingip to the one of a pair of internal ips based on the vip function. 2. add another ip of the ip pair to the secondaryip list of the external interface. obj example: { 'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8', 'router_id': None, 'fixed_ip_address': None, 'floating_ip_address': u'10.160.37.113', 'tenant_id': u'3998b33381fb48f694369689065a3760', 'status': 'DOWN', 'port_id': None, 'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f' } The floatingip is a instance of neutron.db.l3_db.FloatingIP, example: { tenant_id=u'3998b33381fb48f694369689065a3760', id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8', floating_ip_address=u'10.160.37.111', floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8', floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4', fixed_port_id=None, fixed_ip_address=None, router_id=None, last_known_router_id=None, status=u'DOWN' } """ try: db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=obj['tenant_id']) db_fip = utils.add_record( self, context, fortinet_db.Fortinet_FloatingIP_Allocation, vdom=db_namespace.vdom, floating_ip_address=obj['floating_ip_address'], vip_name=obj['floating_ip_address']) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.add_vip(self, context, vdom=const.EXT_VDOM, name=db_fip.vip_name, extip=db_fip.floating_ip_address, extintf='any', mappedip=mappedip) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) #utils.add_secondaryip(self, context, # name=ext_inf, # vdom=db_namespace.vdom, # ip=utils.getip(db_fip.ip_subnet, 1)) utils.add_fwpolicy(self, context, vdom=const.EXT_VDOM, srcintf=self._fortigate['ext_interface'], dstintf=ext_intf, dstaddr=db_fip.vip_name, nat='enable') utils.add_routerstatic(self, context, vdom=const.EXT_VDOM, dst="%s 255.255.255.255" % mappedip, device=ext_intf, gateway=const.DEF_GW) utils.add_fwippool(self, context, name=db_fip.floating_ip_address, vdom=const.EXT_VDOM, startip=db_fip.floating_ip_address) #ipaddr = utils.get_ipaddr(db_fip.ip_subnet, 2) utils.add_fwaddress(self, context, name=mappedip, vdom=const.EXT_VDOM, subnet="%s 255.255.255.255" % mappedip) db_fwpolicy = utils.add_fwpolicy( self, context, vdom=const.EXT_VDOM, srcintf=ext_intf, srcaddr=mappedip, dstintf=self._fortigate['ext_interface'], poolname=db_fip.floating_ip_address) utils.head_firewall_policy(self, context, vdom=const.EXT_VDOM, id=db_fwpolicy.edit_id) utils.add_fwippool(self, context, name=mappedip, vdom=db_namespace.vdom, startip=mappedip) except Exception as e: utils._rollback_on_err(self, context, e) raise e utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _associate_floatingip(self, context, id, floatingip): try: l3db_fip = self._get_floatingip(context, id) db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=l3db_fip.tenant_id) db_fip = fortinet_db.query_record( context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) fixed_ip_address = floatingip['floatingip']['fixed_ip_address'] utils.add_vip(self, context, vdom=db_namespace.vdom, name=db_fip.floating_ip_address, extip=mappedip, extintf=int_intf, mappedip=fixed_ip_address) db_ip = fortinet_db.query_record( context, models_v2.IPAllocation, port_id=floatingip['floatingip']['port_id']) vlan_inf = utils.get_intf(context, db_ip.network_id) utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=int_intf, dstintf=vlan_inf, dstaddr=db_fip.floating_ip_address, nat='enable') utils.add_fwaddress(self, context, name=fixed_ip_address, vdom=db_namespace.vdom, subnet="%s 255.255.255.255" % fixed_ip_address, associated_interface=vlan_inf) db_fwpolicy = utils.add_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, srcaddr=fixed_ip_address, dstintf=int_intf, poolname=mappedip) utils.head_firewall_policy(self, context, vdom=db_namespace.vdom, id=db_fwpolicy.edit_id) except Exception as e: utils._rollback_on_err(self, context, e) raise e utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def create_subnet_postcommit(self, mech_context): """Noop now, it is left here for future.""" #LOG.debug(_("create_subnetwork_postcommit: called")) gateway = mech_context.current['gateway_ip'] network_id = mech_context.current['network_id'] subnet_id = mech_context.current['id'] tenant_id = mech_context.current['tenant_id'] context = mech_context._plugin_context try: if fortinet_db.query_record(context, ExternalNetwork, network_id=network_id): utils.add_routerstatic(self, context, subnet_id=subnet_id, vdom=const.EXT_VDOM, dst=const.EXT_DEF_DST, device=self._fortigate['ext_interface'], gateway=gateway) else: namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) interface = utils.get_intf(context, mech_context.current['network_id']) netmask = str(netaddr.\ IPNetwork(mech_context.current['cidr']).netmask) start_ip = mech_context.current['allocation_pools'][0]['start'] end_ip = mech_context.current['allocation_pools'][0]['end'] utils.add_dhcpserver(self, context, subnet_id=subnet_id, vdom=namespace.vdom, interface=interface, gateway=gateway, netmask=netmask, start_ip=start_ip, end_ip=end_ip) # TODO: need to add rollback for the update and set cls = fortinet_db.Fortinet_Interface record = fortinet_db.query_record(context, cls, name=interface, vdom=namespace.vdom) if gateway: cls.update_record(context, record, ip="%s %s" % (gateway, netmask)) utils.op(self, context, resources.VlanInterface.set, name=interface, vdom=namespace.vdom, ip="%s %s" % (gateway, netmask)) except Exception as e: utils._rollback_on_err(self, context, e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name) utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
def _allocate_floatingip(self, context, obj): """ 1. mapping floatingip to the one of a pair of internal ips based on the vip function. 2. add another ip of the ip pair to the secondaryip list of the external interface. obj example: { 'floating_network_id': u'1c1dbecc-9dac-4311-a346-f147a04c8dc8', 'router_id': None, 'fixed_ip_address': None, 'floating_ip_address': u'10.160.37.113', 'tenant_id': u'3998b33381fb48f694369689065a3760', 'status': 'DOWN', 'port_id': None, 'id': '5ec1b08b-77c1-4e39-80ac-224ee937ee9f' } The floatingip is a instance of neutron.db.l3_db.FloatingIP, example: { tenant_id=u'3998b33381fb48f694369689065a3760', id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8', floating_ip_address=u'10.160.37.111', floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8', floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4', fixed_port_id=None, fixed_ip_address=None, router_id=None, last_known_router_id=None, status=u'DOWN' } """ try: db_namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=obj['tenant_id']) db_fip = utils.add_record(self, context, fortinet_db.Fortinet_FloatingIP_Allocation, vdom=db_namespace.vdom, floating_ip_address=obj['floating_ip_address'], vip_name=obj['floating_ip_address']) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.add_vip(self, context, vdom=const.EXT_VDOM, name=db_fip.vip_name, extip=db_fip.floating_ip_address, extintf='any', mappedip=mappedip) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) #utils.add_secondaryip(self, context, # name=ext_inf, # vdom=db_namespace.vdom, # ip=utils.getip(db_fip.ip_subnet, 1)) utils.add_fwpolicy(self, context, vdom=const.EXT_VDOM, srcintf=self._fortigate['ext_interface'], dstintf=ext_intf, dstaddr=db_fip.vip_name, nat='enable') utils.add_routerstatic(self, context, vdom=const.EXT_VDOM, dst="%s 255.255.255.255" % mappedip, device=ext_intf, gateway=const.DEF_GW) utils.add_fwippool(self, context, name=db_fip.floating_ip_address, vdom=const.EXT_VDOM, startip=db_fip.floating_ip_address) #ipaddr = utils.get_ipaddr(db_fip.ip_subnet, 2) utils.add_fwaddress(self, context, name=mappedip, vdom=const.EXT_VDOM, subnet="%s 255.255.255.255" % mappedip) db_fwpolicy = utils.add_fwpolicy(self, context, vdom=const.EXT_VDOM, srcintf=ext_intf, srcaddr=mappedip, dstintf=self._fortigate['ext_interface'], poolname=db_fip.floating_ip_address) utils.head_firewall_policy(self, context, vdom=const.EXT_VDOM, id=db_fwpolicy.edit_id) utils.add_fwippool(self, context, name=mappedip, vdom=db_namespace.vdom, startip=mappedip) except Exception as e: utils._rollback_on_err(self, context, e) raise e utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)