NSXv: use synchronous call for firewall update
Also eliminate duplicate update firewall method. Change-Id: I2eee50ae16dafd25827b9e34ea03194b2f4132d1
This commit is contained in:
Kobi Samoray
garyk
parent
03e55d4d93
commit
1453ea4f79
@ -20,9 +20,6 @@ from vmware_nsx._i18n import _, _LE
|
|||||||
from vmware_nsx.db import nsxv_db
|
from vmware_nsx.db import nsxv_db
|
||||||
from vmware_nsx.plugins.nsx_v.vshield.common import (
|
from vmware_nsx.plugins.nsx_v.vshield.common import (
|
||||||
exceptions as vcns_exc)
|
exceptions as vcns_exc)
|
||||||
from vmware_nsx.plugins.nsx_v.vshield.tasks import (
|
|
||||||
constants as task_const)
|
|
||||||
from vmware_nsx.plugins.nsx_v.vshield.tasks import tasks
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
@ -219,24 +216,7 @@ class EdgeFirewallDriver(db_base_plugin_v2.NeutronDbPluginV2):
|
|||||||
res['firewall_rule_list'].append(item)
|
res['firewall_rule_list'].append(item)
|
||||||
return res
|
return res
|
||||||
|
|
||||||
def _create_rule_id_mapping(
|
def _get_firewall(self, edge_id):
|
||||||
self, context, edge_id, firewall, vcns_fw):
|
|
||||||
for rule in vcns_fw['firewallRules']['firewallRules']:
|
|
||||||
index = rule['ruleTag'] - 1
|
|
||||||
#TODO(linb):a simple filter of the retrived rules which may be
|
|
||||||
#created by other operations unintentionally
|
|
||||||
if index < len(firewall['firewall_rule_list']):
|
|
||||||
rule_vseid = rule['ruleId']
|
|
||||||
rule_id = firewall['firewall_rule_list'][index]['id']
|
|
||||||
map_info = {
|
|
||||||
'rule_id': rule_id,
|
|
||||||
'rule_vseid': rule_vseid,
|
|
||||||
'edge_id': edge_id
|
|
||||||
}
|
|
||||||
nsxv_db.add_nsxv_edge_firewallrule_binding(
|
|
||||||
context.session, map_info)
|
|
||||||
|
|
||||||
def _get_firewall(self, context, edge_id):
|
|
||||||
try:
|
try:
|
||||||
return self.vcns.get_firewall(edge_id)[1]
|
return self.vcns.get_firewall(edge_id)[1]
|
||||||
except vcns_exc.VcnsApiException as e:
|
except vcns_exc.VcnsApiException as e:
|
||||||
@ -246,7 +226,7 @@ class EdgeFirewallDriver(db_base_plugin_v2.NeutronDbPluginV2):
|
|||||||
|
|
||||||
def _get_firewall_rule_next(self, context, edge_id, rule_vseid):
|
def _get_firewall_rule_next(self, context, edge_id, rule_vseid):
|
||||||
# Return the firewall rule below 'rule_vseid'
|
# Return the firewall rule below 'rule_vseid'
|
||||||
fw_cfg = self._get_firewall(context, edge_id)
|
fw_cfg = self._get_firewall(edge_id)
|
||||||
for i in range(len(fw_cfg['firewallRules']['firewallRules'])):
|
for i in range(len(fw_cfg['firewallRules']['firewallRules'])):
|
||||||
rule_cur = fw_cfg['firewallRules']['firewallRules'][i]
|
rule_cur = fw_cfg['firewallRules']['firewallRules'][i]
|
||||||
if str(rule_cur['ruleId']) == rule_vseid:
|
if str(rule_cur['ruleId']) == rule_vseid:
|
||||||
@ -276,22 +256,9 @@ class EdgeFirewallDriver(db_base_plugin_v2.NeutronDbPluginV2):
|
|||||||
return self._restore_firewall_rule(context, edge_id, response)
|
return self._restore_firewall_rule(context, edge_id, response)
|
||||||
|
|
||||||
def get_firewall(self, context, edge_id):
|
def get_firewall(self, context, edge_id):
|
||||||
response = self._get_firewall(context, edge_id)
|
response = self._get_firewall(edge_id)
|
||||||
return self._restore_firewall(context, edge_id, response)
|
return self._restore_firewall(context, edge_id, response)
|
||||||
|
|
||||||
def update_firewall(self, context, edge_id, firewall):
|
|
||||||
fw_req = self._convert_firewall(context, firewall)
|
|
||||||
try:
|
|
||||||
self.vcns.update_firewall(edge_id, fw_req)
|
|
||||||
except vcns_exc.VcnsApiException as e:
|
|
||||||
LOG.exception(_LE("Failed to update firewall "
|
|
||||||
"with edge_id: %s"), edge_id)
|
|
||||||
raise e
|
|
||||||
fw_res = self._get_firewall(context, edge_id)
|
|
||||||
nsxv_db.cleanup_nsxv_edge_firewallrule_binding(
|
|
||||||
context.session, edge_id)
|
|
||||||
self._create_rule_id_mapping(context, edge_id, firewall, fw_res)
|
|
||||||
|
|
||||||
def delete_firewall(self, context, edge_id):
|
def delete_firewall(self, context, edge_id):
|
||||||
try:
|
try:
|
||||||
self.vcns.delete_firewall(edge_id)
|
self.vcns.delete_firewall(edge_id)
|
||||||
@ -407,33 +374,39 @@ class EdgeFirewallDriver(db_base_plugin_v2.NeutronDbPluginV2):
|
|||||||
"without reference rule_id")
|
"without reference rule_id")
|
||||||
raise vcns_exc.VcnsBadRequest(resource='firewall_rule', msg=msg)
|
raise vcns_exc.VcnsBadRequest(resource='firewall_rule', msg=msg)
|
||||||
|
|
||||||
def _asyn_update_firewall(self, task):
|
def update_firewall(self, edge_id, firewall, context, allow_external=True):
|
||||||
edge_id = task.userdata['edge_id']
|
config = self._convert_firewall(None, firewall,
|
||||||
config = task.userdata['config']
|
allow_external=allow_external)
|
||||||
context = task.userdata['jobdata']['context']
|
|
||||||
try:
|
try:
|
||||||
self.vcns.update_firewall(edge_id, config)
|
self.vcns.update_firewall(edge_id, config)
|
||||||
except vcns_exc.VcnsApiException:
|
except vcns_exc.VcnsApiException:
|
||||||
with excutils.save_and_reraise_exception():
|
with excutils.save_and_reraise_exception():
|
||||||
LOG.exception(_LE("Failed to update firewall "
|
LOG.exception(_LE("Failed to update firewall "
|
||||||
"with edge_id: %s"), edge_id)
|
"with edge_id: %s"), edge_id)
|
||||||
vcns_fw_config = self._get_firewall(context, edge_id)
|
vcns_fw_config = self._get_firewall(edge_id)
|
||||||
task.userdata['vcns_fw_config'] = vcns_fw_config
|
|
||||||
return task_const.TaskStatus.COMPLETED
|
|
||||||
|
|
||||||
def asyn_update_firewall(self, router_id, edge_id, firewall,
|
nsxv_db.cleanup_nsxv_edge_firewallrule_binding(
|
||||||
jobdata=None, allow_external=True):
|
context.session, edge_id)
|
||||||
# TODO(berlin): Remove uncessary context input parameter.
|
|
||||||
config = self._convert_firewall(None, firewall,
|
self._create_rule_id_mapping(
|
||||||
allow_external=allow_external)
|
context, edge_id, firewall, vcns_fw_config)
|
||||||
userdata = {
|
|
||||||
'edge_id': edge_id,
|
def _create_rule_id_mapping(
|
||||||
'config': config,
|
self, context, edge_id, firewall, vcns_fw):
|
||||||
'fw_config': firewall,
|
for rule in vcns_fw['firewallRules']['firewallRules']:
|
||||||
'jobdata': jobdata}
|
if rule.get('ruleTag'):
|
||||||
task_name = "update-firewall-%s" % edge_id
|
index = rule['ruleTag'] - 1
|
||||||
task = tasks.Task(task_name, router_id,
|
# TODO(linb):a simple filter of the retrieved rules which may
|
||||||
self._asyn_update_firewall, userdata=userdata)
|
# be created by other operations unintentionally
|
||||||
task.add_result_monitor(self.callbacks.firewall_update_result)
|
if index < len(firewall['firewall_rule_list']):
|
||||||
self.task_manager.add(task)
|
rule_vseid = rule['ruleId']
|
||||||
return task
|
rule_id = firewall['firewall_rule_list'][index].get('id')
|
||||||
|
if rule_id:
|
||||||
|
map_info = {
|
||||||
|
'rule_id': rule_id,
|
||||||
|
'rule_vseid': rule_vseid,
|
||||||
|
'edge_id': edge_id
|
||||||
|
}
|
||||||
|
nsxv_db.add_nsxv_edge_firewallrule_binding(
|
||||||
|
context.session, map_info)
|
||||||
|
|||||||
@ -2236,15 +2236,12 @@ def clear_nat_rules(nsxv_manager, context, router_id):
|
|||||||
|
|
||||||
def update_firewall(nsxv_manager, context, router_id, firewall,
|
def update_firewall(nsxv_manager, context, router_id, firewall,
|
||||||
allow_external=True):
|
allow_external=True):
|
||||||
jobdata = {'context': context}
|
|
||||||
binding = nsxv_db.get_nsxv_router_binding(
|
binding = nsxv_db.get_nsxv_router_binding(
|
||||||
context.session, router_id)
|
context.session, router_id)
|
||||||
if binding:
|
if binding:
|
||||||
edge_id = binding['edge_id']
|
edge_id = binding['edge_id']
|
||||||
task = nsxv_manager.asyn_update_firewall(router_id, edge_id,
|
nsxv_manager.update_firewall(edge_id, firewall, context,
|
||||||
firewall, jobdata=jobdata,
|
allow_external=allow_external)
|
||||||
allow_external=allow_external)
|
|
||||||
task.wait(task_const.TaskState.RESULT)
|
|
||||||
else:
|
else:
|
||||||
LOG.warning(_LW("Bindings do not exists for %s"), router_id)
|
LOG.warning(_LW("Bindings do not exists for %s"), router_id)
|
||||||
|
|
||||||
@ -2399,33 +2396,3 @@ class NsxVCallbacks(object):
|
|||||||
|
|
||||||
def nat_update_result(self, task):
|
def nat_update_result(self, task):
|
||||||
LOG.debug("nat_update_result %d", task.status)
|
LOG.debug("nat_update_result %d", task.status)
|
||||||
|
|
||||||
def _create_rule_id_mapping(
|
|
||||||
self, context, edge_id, firewall, vcns_fw):
|
|
||||||
for rule in vcns_fw['firewallRules']['firewallRules']:
|
|
||||||
if rule.get('ruleTag'):
|
|
||||||
index = rule['ruleTag'] - 1
|
|
||||||
#TODO(linb):a simple filter of the retrieved rules which may be
|
|
||||||
#created by other operations unintentionally
|
|
||||||
if index < len(firewall['firewall_rule_list']):
|
|
||||||
rule_vseid = rule['ruleId']
|
|
||||||
rule_id = firewall['firewall_rule_list'][index].get('id')
|
|
||||||
if rule_id:
|
|
||||||
map_info = {
|
|
||||||
'rule_id': rule_id,
|
|
||||||
'rule_vseid': rule_vseid,
|
|
||||||
'edge_id': edge_id
|
|
||||||
}
|
|
||||||
nsxv_db.add_nsxv_edge_firewallrule_binding(
|
|
||||||
context.session, map_info)
|
|
||||||
|
|
||||||
def firewall_update_result(self, task):
|
|
||||||
LOG.debug("firewall_update_result %d", task.status)
|
|
||||||
context = task.userdata['jobdata']['context']
|
|
||||||
edge_id = task.userdata['edge_id']
|
|
||||||
fw_config = task.userdata['fw_config']
|
|
||||||
vcns_fw_config = task.userdata['vcns_fw_config']
|
|
||||||
nsxv_db.cleanup_nsxv_edge_firewallrule_binding(
|
|
||||||
context.session, edge_id)
|
|
||||||
self._create_rule_id_mapping(
|
|
||||||
context, edge_id, fw_config, vcns_fw_config)
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user