def _get_edge_id_by_rtr_id(self, rtr_id, context=None): if not context: context = self.context binding = nsxv_db.get_nsxv_router_binding( context.session, rtr_id) if binding: return binding['edge_id']
def _get_lb_edge_id(self, context, subnet_id): """ Grab the id of an Edge appliance that is connected to subnet_id. """ subnet = self.callbacks.plugin.get_subnet(context, subnet_id) net_id = subnet.get('network_id') filters = {'network_id': [net_id], 'device_owner': ['network:router_interface']} attached_routers = self.callbacks.plugin.get_ports( context.elevated(), filters=filters, fields=['device_id']) for attached_router in attached_routers: router = self.callbacks.plugin.get_router( context, attached_router['device_id']) if router['router_type'] == 'exclusive': rtr_bindings = nsxv_db.get_nsxv_router_binding( context.session, router['id']) return rtr_bindings['edge_id']
def _setup_metadata_lb(self, rtr_id, vip, v_port, s_port, member_ips, proxy_lb=False, context=None): if context is None: context = self.context binding = nsxv_db.get_nsxv_router_binding(context.session, rtr_id) edge_id = binding['edge_id'] LOG.debug('Setting up Edge device %s', edge_id) lb_obj = nsxv_lb.NsxvLoadbalancer() # Create virtual server virt_srvr = nsxv_lb.NsxvLBVirtualServer( name='MdSrv', ip_address=vip, port=v_port) # For router Edge, we add X-LB-Proxy-ID header if not proxy_lb: md_app_rule = nsxv_lb.NsxvLBAppRule( 'insert-mdp', 'reqadd X-Metadata-Provider:' + edge_id) virt_srvr.add_app_rule(md_app_rule) # When shared proxy is configured, insert authentication string if cfg.CONF.nsxv.metadata_shared_secret: signature = hmac.new( cfg.CONF.nsxv.metadata_shared_secret, edge_id, hashlib.sha256).hexdigest() sign_app_rule = nsxv_lb.NsxvLBAppRule( 'insert-auth', 'reqadd X-Metadata-Provider-Signature:' + signature) virt_srvr.add_app_rule(sign_app_rule) # Create app profile # XFF is inserted in router LBs app_profile = nsxv_lb.NsxvLBAppProfile( name='MDSrvProxy', template='HTTP', insert_xff=not proxy_lb) virt_srvr.set_app_profile(app_profile) # Create pool, members and monitor pool = nsxv_lb.NsxvLBPool( name='MDSrvPool') monitor = nsxv_lb.NsxvLBMonitor( name='MDSrvMon') pool.add_monitor(monitor) i = 0 for member_ip in member_ips: i += 1 member = nsxv_lb.NsxvLBPoolMember( name='Member-%d' % i, ip_address=member_ip, port=s_port, monitor_port=s_port) pool.add_member(member) virt_srvr.set_default_pool(pool) lb_obj.add_virtual_server(virt_srvr) lb_obj.submit_to_backend( self.nsxv_plugin.nsx_v.vcns, edge_id)
def _get_proxy_edge(self, rtr_ip): # If DB Entry already defined by another Neutron instance, retrieve # its IP address and exit try: nsxv_db.create_nsxv_internal_edge( self.context.session, rtr_ip, vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE, None) except db_exc.DBDuplicateEntry: edge_ip = None ctr = 0 while edge_ip is None and ctr < EDGE_WAIT_INTERVAL: rtr_list = nsxv_db.get_nsxv_internal_edge( self.context.session, rtr_ip) if rtr_list: rtr_id = rtr_list[0]['router_id'] if rtr_id: edge_ip = self._get_edge_internal_ip(rtr_id) if edge_ip: return edge_ip self.context.session.expire_all() ctr += EDGE_CHECK_INTERVAL time.sleep(EDGE_CHECK_INTERVAL) error = _('Metadata proxy creation on other neutron instance ' 'timed out') raise nsxv_exc.NsxPluginException(err_msg=error) rtr_id = None try: router_data = { 'router': { 'name': 'metadata_proxy_router', 'admin_state_up': True, 'router_type': 'exclusive', 'tenant_id': None}} rtr = self.nsxv_plugin.create_router( self.context, router_data, allow_metadata=False) rtr_id = rtr['id'] binding = nsxv_db.get_nsxv_router_binding( self.context.session, rtr_id) self.nsxv_plugin.nsx_v.update_interface( rtr['id'], binding['edge_id'], vcns_const.EXTERNAL_VNIC_INDEX, cfg.CONF.nsxv.mgt_net_moid, address=rtr_ip, netmask=cfg.CONF.nsxv.mgt_net_proxy_netmask, secondary=[]) port_data = { 'port': { 'network_id': self.internal_net, 'name': None, 'admin_state_up': True, 'device_id': rtr_id, 'device_owner': constants.DEVICE_OWNER_ROUTER_INTF, 'fixed_ips': attr.ATTR_NOT_SPECIFIED, 'mac_address': attr.ATTR_NOT_SPECIFIED, 'port_security_enabled': False, 'tenant_id': None}} port = self.nsxv_plugin.create_port(self.context, port_data) address_groups = self._get_address_groups( self.context, self.internal_net, rtr_id, is_proxy=True) edge_ip = port['fixed_ips'][0]['ip_address'] edge_utils.update_internal_interface( self.nsxv_plugin.nsx_v, self.context, rtr_id, self.internal_net, address_groups) self._setup_metadata_lb(rtr_id, port['fixed_ips'][0]['ip_address'], cfg.CONF.nsxv.nova_metadata_port, cfg.CONF.nsxv.nova_metadata_port, cfg.CONF.nsxv.nova_metadata_ips, proxy_lb=True) firewall_rule = { 'action': 'allow', 'enabled': True, 'source_ip_address': [INTERNAL_SUBNET]} edge_utils.update_firewall( self.nsxv_plugin.nsx_v, self.context, rtr_id, {'firewall_rule_list': [firewall_rule]}, allow_external=False) if cfg.CONF.nsxv.mgt_net_default_gateway: self.nsxv_plugin._update_routes( self.context, rtr_id, cfg.CONF.nsxv.mgt_net_default_gateway) nsxv_db.update_nsxv_internal_edge( self.context.session, rtr_ip, rtr_id) return edge_ip except Exception as e: with excutils.save_and_reraise_exception(): nsxv_db.delete_nsxv_internal_edge( self.context.session, rtr_ip) if rtr_id: self.nsxv_plugin.delete_router(self.context, rtr_id) LOG.exception(_LE("Exception %s while creating internal edge " "for metadata service"), e)
def _get_router_edge_id(self, context, router_id): binding = nsxv_db.get_nsxv_router_binding(context.session, router_id) return binding['edge_id']