vmware-nsx/vmware_nsx/db/db.py
Adit Sarfaty a7b5bfafcc nsxlib refactor continue
- separate nsxlib/v3 constants and utils from the common ones
- separate the nsxlib/v3 tests
- update the nsxlib tests to cover create_firewall_rules
- remove all of the DB calls from the nsxlib/v3
- merge security & dfw_api classes

To be done in future patches:
- Avoid using the nsx configuration values directly
- Improve nsxlib interface (as Aaron suggested in If2fe1e014b78703ff0a9cdff1e4e8d45f3a4a16d)

Change-Id: I43257f557ce1e98b4f64b8157d723cc84ea58c2b
2016-09-29 15:59:13 +03:00

416 lines
15 KiB
Python

# Copyright 2012 VMware, Inc.
#
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import six
from sqlalchemy.orm import exc
from oslo_db import exception as db_exc
from oslo_log import log as logging
from oslo_utils import excutils
import neutron.db.api as db
from vmware_nsx.common import exceptions as nsx_exc
from vmware_nsx.db import nsx_models
LOG = logging.getLogger(__name__)
def _apply_filters_to_query(query, model, filters, like_filters=None):
if filters:
for key, value in six.iteritems(filters):
column = getattr(model, key, None)
if column:
query = query.filter(column.in_(value))
if like_filters:
for key, search_term in six.iteritems(like_filters):
column = getattr(model, key, None)
if column:
query = query.filter(column.like(search_term))
return query
def get_network_bindings(session, network_id):
session = session or db.get_session()
return (session.query(nsx_models.TzNetworkBinding).
filter_by(network_id=network_id).
all())
def get_network_bindings_by_vlanid_and_physical_net(session, vlan_id,
phy_uuid):
session = session or db.get_session()
return (session.query(nsx_models.TzNetworkBinding).
filter_by(vlan_id=vlan_id, phy_uuid=phy_uuid).
all())
def delete_network_bindings(session, network_id):
return (session.query(nsx_models.TzNetworkBinding).
filter_by(network_id=network_id).delete())
def add_network_binding(session, network_id, binding_type, phy_uuid, vlan_id):
with session.begin(subtransactions=True):
binding = nsx_models.TzNetworkBinding(network_id, binding_type,
phy_uuid, vlan_id)
session.add(binding)
return binding
def add_neutron_nsx_network_mapping(session, neutron_id, nsx_switch_id,
dvs_id=None):
with session.begin(subtransactions=True):
mapping = nsx_models.NeutronNsxNetworkMapping(
neutron_id=neutron_id, nsx_id=nsx_switch_id,
dvs_id=dvs_id)
session.add(mapping)
return mapping
def add_neutron_nsx_port_mapping(session, neutron_id,
nsx_switch_id, nsx_port_id):
session.begin(subtransactions=True)
try:
mapping = nsx_models.NeutronNsxPortMapping(
neutron_id, nsx_switch_id, nsx_port_id)
session.add(mapping)
session.commit()
except db_exc.DBDuplicateEntry:
with excutils.save_and_reraise_exception() as ctxt:
session.rollback()
# do not complain if the same exact mapping is being added,
# otherwise re-raise because even though it is possible for the
# same neutron port to map to different back-end ports over time,
# this should not occur whilst a mapping already exists
current = get_nsx_switch_and_port_id(session, neutron_id)
if current[1] == nsx_port_id:
LOG.debug("Port mapping for %s already available",
neutron_id)
ctxt.reraise = False
except db_exc.DBError:
with excutils.save_and_reraise_exception():
# rollback for any other db error
session.rollback()
return mapping
def add_neutron_nsx_router_mapping(session, neutron_id, nsx_router_id):
with session.begin(subtransactions=True):
mapping = nsx_models.NeutronNsxRouterMapping(
neutron_id=neutron_id, nsx_id=nsx_router_id)
session.add(mapping)
return mapping
def add_neutron_nsx_security_group_mapping(session, neutron_id, nsx_id):
"""Map a Neutron security group to a NSX security profile.
:param session: a valid database session object
:param neutron_id: a neutron security group identifier
:param nsx_id: a nsx security profile identifier
"""
with session.begin(subtransactions=True):
mapping = nsx_models.NeutronNsxSecurityGroupMapping(
neutron_id=neutron_id, nsx_id=nsx_id)
session.add(mapping)
return mapping
def get_nsx_service_binding(session, network_id, service_type):
try:
return session.query(nsx_models.NeutronNsxServiceBinding).filter_by(
network_id=network_id, nsx_service_type=service_type).one()
except exc.NoResultFound:
LOG.debug("NSX %s service not enabled on network %s", service_type,
network_id)
def add_neutron_nsx_service_binding(session, network_id, port_id,
service_type, service_id):
"""Store enabled NSX services on each Neutron network.
:param session: database session object
:param network_id: identifier of Neutron network enabling the service
:param port_id: identifier of Neutron port providing the service
:param service_type: type of NSX service
:param service_id: identifier of NSX service
"""
with session.begin(subtransactions=True):
binding = nsx_models.NeutronNsxServiceBinding(
network_id=network_id, port_id=port_id,
nsx_service_type=service_type, nsx_service_id=service_id)
session.add(binding)
return binding
def delete_neutron_nsx_service_binding(session, network_id, service_type):
return session.query(nsx_models.NeutronNsxServiceBinding).filter_by(
network_id=network_id, nsx_service_type=service_type).delete()
def get_nsx_dhcp_bindings(session, port_id):
return [binding for binding in session.query(
nsx_models.NeutronNsxDhcpBinding).filter_by(port_id=port_id)]
def add_neutron_nsx_dhcp_binding(session, port_id, subnet_id, ip_address,
service_id, binding_id):
"""Store DHCP binding of each Neutron port.
:param session: database session object
:param port_id: identifier of Neutron port with DHCP binding
:param subnet_id: identifier of Neutron subnet for the port
:param ip_address: IP address for the port in this subnet.
:param service_id: identifier of NSX DHCP service
:param binding_id: identifier of NSX DHCP binding
"""
with session.begin(subtransactions=True):
binding = nsx_models.NeutronNsxDhcpBinding(
port_id=port_id, subnet_id=subnet_id, ip_address=ip_address,
nsx_service_id=service_id, nsx_binding_id=binding_id)
session.add(binding)
return binding
def delete_neutron_nsx_dhcp_binding(session, port_id, binding_id):
return session.query(nsx_models.NeutronNsxDhcpBinding).filter_by(
port_id=port_id, nsx_binding_id=binding_id).delete()
def get_nsx_switch_ids(session, neutron_id):
# This function returns a list of NSX switch identifiers because of
# the possibility of chained logical switches
return [mapping['nsx_id'] for mapping in
session.query(nsx_models.NeutronNsxNetworkMapping).filter_by(
neutron_id=neutron_id)]
def get_nsx_switch_id_for_dvs(session, neutron_id, dvs_id):
"""Retrieve the NSX switch ID for a given DVS ID and neutron network."""
try:
mapping = (session.query(nsx_models.NeutronNsxNetworkMapping).
filter_by(neutron_id=neutron_id,
dvs_id=dvs_id).one())
return mapping['nsx_id']
except exc.NoResultFound:
LOG.debug("NSX switch for dvs-id: %s not yet stored in Neutron DB",
dvs_id)
def get_net_ids(session, nsx_id):
return [mapping['neutron_id'] for mapping in
get_nsx_network_mapping_for_nsx_id(session, nsx_id)]
def get_nsx_network_mapping_for_nsx_id(session, nsx_id):
return session.query(nsx_models.NeutronNsxNetworkMapping).filter_by(
nsx_id=nsx_id).all()
def get_nsx_networks_mapping(session):
return session.query(nsx_models.NeutronNsxNetworkMapping).all()
def get_nsx_switch_and_port_id(session, neutron_id):
try:
mapping = (session.query(nsx_models.NeutronNsxPortMapping).
filter_by(neutron_id=neutron_id).
one())
return mapping['nsx_switch_id'], mapping['nsx_port_id']
except exc.NoResultFound:
LOG.debug("NSX identifiers for neutron port %s not yet "
"stored in Neutron DB", neutron_id)
return None, None
def get_nsx_router_id(session, neutron_id):
try:
mapping = (session.query(nsx_models.NeutronNsxRouterMapping).
filter_by(neutron_id=neutron_id).one())
return mapping['nsx_id']
except exc.NoResultFound:
LOG.debug("NSX identifiers for neutron router %s not yet "
"stored in Neutron DB", neutron_id)
def get_nsx_security_group_id(session, neutron_id):
"""Return the id of a security group in the NSX backend.
Note: security groups are called 'security profiles' in NSX
"""
try:
mapping = (session.query(nsx_models.NeutronNsxSecurityGroupMapping).
filter_by(neutron_id=neutron_id).
one())
return mapping['nsx_id']
except exc.NoResultFound:
LOG.debug("NSX identifiers for neutron security group %s not yet "
"stored in Neutron DB", neutron_id)
return None
def get_nsx_security_group_ids(session, neutron_ids):
"""Return list of ids of a security groups in the NSX backend.
"""
filters = {'neutron_id': neutron_ids}
like_filters = None
query = session.query(nsx_models.NeutronNsxSecurityGroupMapping)
mappings = _apply_filters_to_query(
query, nsx_models.NeutronNsxSecurityGroupMapping,
filters, like_filters).all()
return [mapping['nsx_id'] for mapping in mappings
if mapping['nsx_id'] is not None]
def _delete_by_neutron_id(session, model, neutron_id):
return session.query(model).filter_by(neutron_id=neutron_id).delete()
def delete_neutron_nsx_port_mapping(session, neutron_id):
return _delete_by_neutron_id(
session, nsx_models.NeutronNsxPortMapping, neutron_id)
def delete_neutron_nsx_router_mapping(session, neutron_id):
return _delete_by_neutron_id(
session, nsx_models.NeutronNsxRouterMapping, neutron_id)
def unset_default_network_gateways(session):
with session.begin(subtransactions=True):
session.query(nsx_models.NetworkGateway).update(
{nsx_models.NetworkGateway.default: False})
def set_default_network_gateway(session, gw_id):
with session.begin(subtransactions=True):
gw = (session.query(nsx_models.NetworkGateway).
filter_by(id=gw_id).one())
gw['default'] = True
def set_multiprovider_network(session, network_id):
with session.begin(subtransactions=True):
multiprovider_network = nsx_models.MultiProviderNetworks(
network_id)
session.add(multiprovider_network)
return multiprovider_network
def is_multiprovider_network(session, network_id):
with session.begin(subtransactions=True):
return bool(
session.query(nsx_models.MultiProviderNetworks).filter_by(
network_id=network_id).first())
# NSXv3 L2 Gateway DB methods.
def add_l2gw_connection_mapping(session, connection_id, bridge_endpoint_id,
port_id):
with session.begin(subtransactions=True):
mapping = nsx_models.NsxL2GWConnectionMapping(
connection_id=connection_id,
port_id=port_id,
bridge_endpoint_id=bridge_endpoint_id)
session.add(mapping)
return mapping
def get_l2gw_connection_mapping(session, connection_id):
try:
return (session.query(nsx_models.NsxL2GWConnectionMapping).
filter_by(connection_id=connection_id).one())
except exc.NoResultFound:
raise nsx_exc.NsxL2GWConnectionMappingNotFound(conn=connection_id)
# NSXv3 QoS policy id <-> switch Id mapping
def add_qos_policy_profile_mapping(session, qos_policy_id, switch_profile_id):
with session.begin(subtransactions=True):
mapping = nsx_models.QosPolicySwitchProfile(
qos_policy_id=qos_policy_id,
switch_profile_id=switch_profile_id)
session.add(mapping)
return mapping
def get_switch_profile_by_qos_policy(session, qos_policy_id):
try:
entry = (session.query(nsx_models.QosPolicySwitchProfile).
filter_by(qos_policy_id=qos_policy_id).one())
return entry.switch_profile_id
except exc.NoResultFound:
raise nsx_exc.NsxQosPolicyMappingNotFound(policy=qos_policy_id)
# NSXv3 Port Mirror Sessions DB methods.
def add_port_mirror_session_mapping(session, tf_id, pm_session_id):
with session.begin(subtransactions=True):
mapping = nsx_models.NsxPortMirrorSessionMapping(
tap_flow_id=tf_id,
port_mirror_session_id=pm_session_id)
session.add(mapping)
return mapping
def get_port_mirror_session_mapping(session, tf_id):
try:
return (session.query(nsx_models.NsxPortMirrorSessionMapping).
filter_by(tap_flow_id=tf_id).one())
except exc.NoResultFound:
raise nsx_exc.NsxPortMirrorSessionMappingNotFound(tf=tf_id)
def delete_port_mirror_session_mapping(session, tf_id):
return (session.query(nsx_models.NsxPortMirrorSessionMapping).
filter_by(tap_flow_id=tf_id).delete())
def save_sg_mappings(session, sg_id, nsgroup_id, section_id):
with session.begin(subtransactions=True):
session.add(
nsx_models.NeutronNsxFirewallSectionMapping(neutron_id=sg_id,
nsx_id=section_id))
session.add(
nsx_models.NeutronNsxSecurityGroupMapping(neutron_id=sg_id,
nsx_id=nsgroup_id))
def get_sg_mappings(session, sg_id):
nsgroup_mapping = session.query(
nsx_models.NeutronNsxSecurityGroupMapping
).filter_by(neutron_id=sg_id).one()
section_mapping = session.query(
nsx_models.NeutronNsxFirewallSectionMapping
).filter_by(neutron_id=sg_id).one()
return nsgroup_mapping.nsx_id, section_mapping.nsx_id
def get_sg_rule_mapping(session, rule_id):
rule_mapping = session.query(
nsx_models.NeutronNsxRuleMapping).filter_by(
neutron_id=rule_id).one()
return rule_mapping.nsx_id
def save_sg_rule_mappings(session, rules):
with session.begin(subtransactions=True):
for neutron_id, nsx_id in rules:
mapping = nsx_models.NeutronNsxRuleMapping(
neutron_id=neutron_id, nsx_id=nsx_id)
session.add(mapping)