NSXv: use synchronous call for firewall update
Also eliminate duplicate update firewall method. Change-Id: I2eee50ae16dafd25827b9e34ea03194b2f4132d1
This commit is contained in:
Kobi Samoray
garyk
parent
03e55d4d93
commit
1453ea4f79
@ -20,9 +20,6 @@ from vmware_nsx._i18n import _, _LE
|
||||
from vmware_nsx.db import nsxv_db
|
||||
from vmware_nsx.plugins.nsx_v.vshield.common import (
|
||||
exceptions as vcns_exc)
|
||||
from vmware_nsx.plugins.nsx_v.vshield.tasks import (
|
||||
constants as task_const)
|
||||
from vmware_nsx.plugins.nsx_v.vshield.tasks import tasks
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
@ -219,24 +216,7 @@ class EdgeFirewallDriver(db_base_plugin_v2.NeutronDbPluginV2):
|
||||
res['firewall_rule_list'].append(item)
|
||||
return res
|
||||
|
||||
def _create_rule_id_mapping(
|
||||
self, context, edge_id, firewall, vcns_fw):
|
||||
for rule in vcns_fw['firewallRules']['firewallRules']:
|
||||
index = rule['ruleTag'] - 1
|
||||
#TODO(linb):a simple filter of the retrived rules which may be
|
||||
#created by other operations unintentionally
|
||||
if index < len(firewall['firewall_rule_list']):
|
||||
rule_vseid = rule['ruleId']
|
||||
rule_id = firewall['firewall_rule_list'][index]['id']
|
||||
map_info = {
|
||||
'rule_id': rule_id,
|
||||
'rule_vseid': rule_vseid,
|
||||
'edge_id': edge_id
|
||||
}
|
||||
nsxv_db.add_nsxv_edge_firewallrule_binding(
|
||||
context.session, map_info)
|
||||
|
||||
def _get_firewall(self, context, edge_id):
|
||||
def _get_firewall(self, edge_id):
|
||||
try:
|
||||
return self.vcns.get_firewall(edge_id)[1]
|
||||
except vcns_exc.VcnsApiException as e:
|
||||
@ -246,7 +226,7 @@ class EdgeFirewallDriver(db_base_plugin_v2.NeutronDbPluginV2):
|
||||
|
||||
def _get_firewall_rule_next(self, context, edge_id, rule_vseid):
|
||||
# Return the firewall rule below 'rule_vseid'
|
||||
fw_cfg = self._get_firewall(context, edge_id)
|
||||
fw_cfg = self._get_firewall(edge_id)
|
||||
for i in range(len(fw_cfg['firewallRules']['firewallRules'])):
|
||||
rule_cur = fw_cfg['firewallRules']['firewallRules'][i]
|
||||
if str(rule_cur['ruleId']) == rule_vseid:
|
||||
@ -276,22 +256,9 @@ class EdgeFirewallDriver(db_base_plugin_v2.NeutronDbPluginV2):
|
||||
return self._restore_firewall_rule(context, edge_id, response)
|
||||
|
||||
def get_firewall(self, context, edge_id):
|
||||
response = self._get_firewall(context, edge_id)
|
||||
response = self._get_firewall(edge_id)
|
||||
return self._restore_firewall(context, edge_id, response)
|
||||
|
||||
def update_firewall(self, context, edge_id, firewall):
|
||||
fw_req = self._convert_firewall(context, firewall)
|
||||
try:
|
||||
self.vcns.update_firewall(edge_id, fw_req)
|
||||
except vcns_exc.VcnsApiException as e:
|
||||
LOG.exception(_LE("Failed to update firewall "
|
||||
"with edge_id: %s"), edge_id)
|
||||
raise e
|
||||
fw_res = self._get_firewall(context, edge_id)
|
||||
nsxv_db.cleanup_nsxv_edge_firewallrule_binding(
|
||||
context.session, edge_id)
|
||||
self._create_rule_id_mapping(context, edge_id, firewall, fw_res)
|
||||
|
||||
def delete_firewall(self, context, edge_id):
|
||||
try:
|
||||
self.vcns.delete_firewall(edge_id)
|
||||
@ -407,33 +374,39 @@ class EdgeFirewallDriver(db_base_plugin_v2.NeutronDbPluginV2):
|
||||
"without reference rule_id")
|
||||
raise vcns_exc.VcnsBadRequest(resource='firewall_rule', msg=msg)
|
||||
|
||||
def _asyn_update_firewall(self, task):
|
||||
edge_id = task.userdata['edge_id']
|
||||
config = task.userdata['config']
|
||||
context = task.userdata['jobdata']['context']
|
||||
def update_firewall(self, edge_id, firewall, context, allow_external=True):
|
||||
config = self._convert_firewall(None, firewall,
|
||||
allow_external=allow_external)
|
||||
|
||||
try:
|
||||
self.vcns.update_firewall(edge_id, config)
|
||||
except vcns_exc.VcnsApiException:
|
||||
with excutils.save_and_reraise_exception():
|
||||
LOG.exception(_LE("Failed to update firewall "
|
||||
"with edge_id: %s"), edge_id)
|
||||
vcns_fw_config = self._get_firewall(context, edge_id)
|
||||
task.userdata['vcns_fw_config'] = vcns_fw_config
|
||||
return task_const.TaskStatus.COMPLETED
|
||||
vcns_fw_config = self._get_firewall(edge_id)
|
||||
|
||||
def asyn_update_firewall(self, router_id, edge_id, firewall,
|
||||
jobdata=None, allow_external=True):
|
||||
# TODO(berlin): Remove uncessary context input parameter.
|
||||
config = self._convert_firewall(None, firewall,
|
||||
allow_external=allow_external)
|
||||
userdata = {
|
||||
'edge_id': edge_id,
|
||||
'config': config,
|
||||
'fw_config': firewall,
|
||||
'jobdata': jobdata}
|
||||
task_name = "update-firewall-%s" % edge_id
|
||||
task = tasks.Task(task_name, router_id,
|
||||
self._asyn_update_firewall, userdata=userdata)
|
||||
task.add_result_monitor(self.callbacks.firewall_update_result)
|
||||
self.task_manager.add(task)
|
||||
return task
|
||||
nsxv_db.cleanup_nsxv_edge_firewallrule_binding(
|
||||
context.session, edge_id)
|
||||
|
||||
self._create_rule_id_mapping(
|
||||
context, edge_id, firewall, vcns_fw_config)
|
||||
|
||||
def _create_rule_id_mapping(
|
||||
self, context, edge_id, firewall, vcns_fw):
|
||||
for rule in vcns_fw['firewallRules']['firewallRules']:
|
||||
if rule.get('ruleTag'):
|
||||
index = rule['ruleTag'] - 1
|
||||
# TODO(linb):a simple filter of the retrieved rules which may
|
||||
# be created by other operations unintentionally
|
||||
if index < len(firewall['firewall_rule_list']):
|
||||
rule_vseid = rule['ruleId']
|
||||
rule_id = firewall['firewall_rule_list'][index].get('id')
|
||||
if rule_id:
|
||||
map_info = {
|
||||
'rule_id': rule_id,
|
||||
'rule_vseid': rule_vseid,
|
||||
'edge_id': edge_id
|
||||
}
|
||||
nsxv_db.add_nsxv_edge_firewallrule_binding(
|
||||
context.session, map_info)
|
||||
|
||||
@ -2236,15 +2236,12 @@ def clear_nat_rules(nsxv_manager, context, router_id):
|
||||
|
||||
def update_firewall(nsxv_manager, context, router_id, firewall,
|
||||
allow_external=True):
|
||||
jobdata = {'context': context}
|
||||
binding = nsxv_db.get_nsxv_router_binding(
|
||||
context.session, router_id)
|
||||
if binding:
|
||||
edge_id = binding['edge_id']
|
||||
task = nsxv_manager.asyn_update_firewall(router_id, edge_id,
|
||||
firewall, jobdata=jobdata,
|
||||
allow_external=allow_external)
|
||||
task.wait(task_const.TaskState.RESULT)
|
||||
nsxv_manager.update_firewall(edge_id, firewall, context,
|
||||
allow_external=allow_external)
|
||||
else:
|
||||
LOG.warning(_LW("Bindings do not exists for %s"), router_id)
|
||||
|
||||
@ -2399,33 +2396,3 @@ class NsxVCallbacks(object):
|
||||
|
||||
def nat_update_result(self, task):
|
||||
LOG.debug("nat_update_result %d", task.status)
|
||||
|
||||
def _create_rule_id_mapping(
|
||||
self, context, edge_id, firewall, vcns_fw):
|
||||
for rule in vcns_fw['firewallRules']['firewallRules']:
|
||||
if rule.get('ruleTag'):
|
||||
index = rule['ruleTag'] - 1
|
||||
#TODO(linb):a simple filter of the retrieved rules which may be
|
||||
#created by other operations unintentionally
|
||||
if index < len(firewall['firewall_rule_list']):
|
||||
rule_vseid = rule['ruleId']
|
||||
rule_id = firewall['firewall_rule_list'][index].get('id')
|
||||
if rule_id:
|
||||
map_info = {
|
||||
'rule_id': rule_id,
|
||||
'rule_vseid': rule_vseid,
|
||||
'edge_id': edge_id
|
||||
}
|
||||
nsxv_db.add_nsxv_edge_firewallrule_binding(
|
||||
context.session, map_info)
|
||||
|
||||
def firewall_update_result(self, task):
|
||||
LOG.debug("firewall_update_result %d", task.status)
|
||||
context = task.userdata['jobdata']['context']
|
||||
edge_id = task.userdata['edge_id']
|
||||
fw_config = task.userdata['fw_config']
|
||||
vcns_fw_config = task.userdata['vcns_fw_config']
|
||||
nsxv_db.cleanup_nsxv_edge_firewallrule_binding(
|
||||
context.session, edge_id)
|
||||
self._create_rule_id_mapping(
|
||||
context, edge_id, fw_config, vcns_fw_config)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user