Merge "VPNaaS support for VPN service admin state change and reporting"

2014-03-27 16:53:48 +00:00 · 2014-03-27 16:53:48 +00:00 · b1faf3ba3e
commit b1faf3ba3e
parent 3cbdc3ff8d f7d046c815
5 changed files with 102 additions and 2 deletions
--- a/neutron/services/vpn/device_drivers/ipsec.py
+++ b/neutron/services/vpn/device_drivers/ipsec.py
@ -77,6 +77,8 @@ STATUS_MAP = {
    'unrouted': constants.DOWN
 }

+IPSEC_CONNS = 'ipsec_site_connections'
+

 def _get_template(template_file):
    global JINJA_ENV
@ -622,14 +624,32 @@ class IPsecDriver(device_drivers.DeviceDriver):
            'ipsec_site_connections': copy.deepcopy(process.connection_status)
        }

+    def update_downed_connections(self, process_id, new_status):
+        """Update info to be reported, if connections just went down.
+
+        If there is no longer any information for a connection (because it
+        has been removed (e.g. due to an admin down of VPN service or IPSec
+        connection), but there was previous status information for the
+        connection, mark the connection as down for reporting purposes.
+        """
+        if process_id in self.process_status_cache:
+            for conn in self.process_status_cache[process_id][IPSEC_CONNS]:
+                if conn not in new_status[IPSEC_CONNS]:
+                    new_status[IPSEC_CONNS][conn] = {
+                        'status': constants.DOWN,
+                        'updated_pending_status': True
+                    }
+
    def report_status(self, context):
        status_changed_vpn_services = []
        for process in self.processes.values():
            previous_status = self.get_process_status_cache(process)
            if self.is_status_updated(process, previous_status):
                new_status = self.copy_process_status(process)
-                self.process_status_cache[process.id] = new_status
+                self.update_downed_connections(process.id, new_status)
                status_changed_vpn_services.append(new_status)
+                self.process_status_cache[process.id] = (
+                    self.copy_process_status(process))
                # We need unset updated_pending status after it
                # is reported to the server side
                self.unset_updated_pending_status(process)
--- a/neutron/services/vpn/device_drivers/template/openswan/ipsec.conf.template
+++ b/neutron/services/vpn/device_drivers/template/openswan/ipsec.conf.template
@ -6,7 +6,7 @@ conn %default
    ikelifetime=480m
    keylife=60m
    keyingtries=%forever
-{% for ipsec_site_connection in vpnservice.ipsec_site_connections
+{% for ipsec_site_connection in vpnservice.ipsec_site_connections if ipsec_site_connection.admin_state_up
 %}conn {{ipsec_site_connection.id}}
    # NOTE: a default route is required for %defaultroute to work...
    left={{vpnservice.external_ip}}
--- a/neutron/services/vpn/plugin.py
+++ b/neutron/services/vpn/plugin.py
@ -91,6 +91,15 @@ class VPNDriverPlugin(VPNPlugin, vpn_db.VPNPluginRpcDbMixin):
            context, old_ipsec_site_connection, ipsec_site_connection)
        return ipsec_site_connection

+    def update_vpnservice(self, context, vpnservice_id, vpnservice):
+        old_vpn_service = self.get_vpnservice(context, vpnservice_id)
+        new_vpn_service = super(
+            VPNDriverPlugin, self).update_vpnservice(context, vpnservice_id,
+                                                     vpnservice)
+        driver = self._get_driver_for_vpnservice(old_vpn_service)
+        driver.update_vpnservice(context, old_vpn_service, new_vpn_service)
+        return new_vpn_service
+
    def delete_vpnservice(self, context, vpnservice_id):
        vpnservice = self._get_vpnservice(context, vpnservice_id)
        super(VPNDriverPlugin, self).delete_vpnservice(context, vpnservice_id)
--- a/neutron/tests/unit/services/vpn/device_drivers/test_ipsec.py
+++ b/neutron/tests/unit/services/vpn/device_drivers/test_ipsec.py
@ -190,3 +190,69 @@ class TestIPsecDeviceDriver(base.BaseTestCase):
        process_id = _uuid()
        self.driver.sync(context, [{'id': process_id}])
        self.assertNotIn(process_id, self.driver.processes)
+
+    def test_status_updated_on_connection_admin_down(self):
+        self.driver.process_status_cache = {
+            '1': {
+                'status': constants.ACTIVE,
+                'id': 123,
+                'updated_pending_status': False,
+                'ipsec_site_connections': {
+                    '10': {
+                        'status': constants.ACTIVE,
+                        'updated_pending_status': False,
+                    },
+                    '20': {
+                        'status': constants.ACTIVE,
+                        'updated_pending_status': False,
+                    }
+                }
+            }
+        }
+        # Simulate that there is no longer status for connection '20'
+        # e.g. connection admin down
+        new_status = {
+            'ipsec_site_connections': {
+                '10': {
+                    'status': constants.ACTIVE,
+                    'updated_pending_status': False
+                }
+            }
+        }
+        self.driver.update_downed_connections('1', new_status)
+        existing_conn = new_status['ipsec_site_connections'].get('10')
+        self.assertIsNotNone(existing_conn)
+        self.assertEqual(constants.ACTIVE, existing_conn['status'])
+        missing_conn = new_status['ipsec_site_connections'].get('20')
+        self.assertIsNotNone(missing_conn)
+        self.assertEqual(constants.DOWN, missing_conn['status'])
+
+    def test_status_updated_on_service_admin_down(self):
+        self.driver.process_status_cache = {
+            '1': {
+                'status': constants.ACTIVE,
+                'id': 123,
+                'updated_pending_status': False,
+                'ipsec_site_connections': {
+                    '10': {
+                        'status': constants.ACTIVE,
+                        'updated_pending_status': False,
+                    },
+                    '20': {
+                        'status': constants.ACTIVE,
+                        'updated_pending_status': False,
+                    }
+                }
+            }
+        }
+        # Simulate that there are no connections now
+        new_status = {
+            'ipsec_site_connections': {}
+        }
+        self.driver.update_downed_connections('1', new_status)
+        missing_conn = new_status['ipsec_site_connections'].get('10')
+        self.assertIsNotNone(missing_conn)
+        self.assertEqual(constants.DOWN, missing_conn['status'])
+        missing_conn = new_status['ipsec_site_connections'].get('20')
+        self.assertIsNotNone(missing_conn)
+        self.assertEqual(constants.DOWN, missing_conn['status'])
--- a/neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py
+++ b/neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py
@ -58,6 +58,11 @@ class TestVPNDriverPlugin(test_db_vpnaas.TestVpnaas,
        self.driver.delete_vpnservice.assert_called_once_with(
            mock.ANY, mock.ANY)

+    def test_update_vpnservice(self, **extras):
+        super(TestVPNDriverPlugin, self).test_update_vpnservice()
+        self.driver.update_vpnservice.assert_called_once_with(
+            mock.ANY, mock.ANY, mock.ANY)
+
    @contextlib.contextmanager
    def vpnservice_set(self):
        """Test case to create a ipsec_site_connection."""