70fbe736b7
In commit I1f863bf91f712d4b12db753b13cc6b842b6918a4 the qos driver stopped using the message queue. So the delete callback is now called in the plugin context, after the qos policy is already deleted. This means that we cannot access the backend profile id in the DB, since it was already deleted too. The fix is to remove the foreign key constraint from the mapping table, and manually delete the entry. Change-Id: I28e1c7c5ad0bb487d9c19ce76e2f7820f029678e
487 lines
17 KiB
Python
487 lines
17 KiB
Python
# Copyright 2012 VMware, Inc.
|
|
#
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import six
|
|
from sqlalchemy.orm import exc
|
|
|
|
from oslo_db import exception as db_exc
|
|
from oslo_log import log as logging
|
|
from oslo_utils import excutils
|
|
|
|
import neutron.db.api as db
|
|
|
|
from vmware_nsx.common import exceptions as nsx_exc
|
|
from vmware_nsx.db import nsx_models
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
def _apply_filters_to_query(query, model, filters, like_filters=None):
|
|
if filters:
|
|
for key, value in six.iteritems(filters):
|
|
column = getattr(model, key, None)
|
|
if column:
|
|
query = query.filter(column.in_(value))
|
|
if like_filters:
|
|
for key, search_term in six.iteritems(like_filters):
|
|
column = getattr(model, key, None)
|
|
if column:
|
|
query = query.filter(column.like(search_term))
|
|
return query
|
|
|
|
|
|
def get_network_bindings(session, network_id):
|
|
session = session or db.get_reader_session()
|
|
return (session.query(nsx_models.TzNetworkBinding).
|
|
filter_by(network_id=network_id).
|
|
all())
|
|
|
|
|
|
def get_network_bindings_by_vlanid_and_physical_net(session, vlan_id,
|
|
phy_uuid):
|
|
session = session or db.get_reader_session()
|
|
return (session.query(nsx_models.TzNetworkBinding).
|
|
filter_by(vlan_id=vlan_id, phy_uuid=phy_uuid).
|
|
all())
|
|
|
|
|
|
def delete_network_bindings(session, network_id):
|
|
return (session.query(nsx_models.TzNetworkBinding).
|
|
filter_by(network_id=network_id).delete())
|
|
|
|
|
|
def add_network_binding(session, network_id, binding_type, phy_uuid, vlan_id):
|
|
with session.begin(subtransactions=True):
|
|
binding = nsx_models.TzNetworkBinding(network_id, binding_type,
|
|
phy_uuid, vlan_id)
|
|
session.add(binding)
|
|
return binding
|
|
|
|
|
|
def add_neutron_nsx_network_mapping(session, neutron_id, nsx_switch_id,
|
|
dvs_id=None):
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.NeutronNsxNetworkMapping(
|
|
neutron_id=neutron_id, nsx_id=nsx_switch_id,
|
|
dvs_id=dvs_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def add_neutron_nsx_port_mapping(session, neutron_id,
|
|
nsx_switch_id, nsx_port_id):
|
|
session.begin(subtransactions=True)
|
|
try:
|
|
mapping = nsx_models.NeutronNsxPortMapping(
|
|
neutron_id, nsx_switch_id, nsx_port_id)
|
|
session.add(mapping)
|
|
session.commit()
|
|
except db_exc.DBDuplicateEntry:
|
|
with excutils.save_and_reraise_exception() as ctxt:
|
|
session.rollback()
|
|
# do not complain if the same exact mapping is being added,
|
|
# otherwise re-raise because even though it is possible for the
|
|
# same neutron port to map to different back-end ports over time,
|
|
# this should not occur whilst a mapping already exists
|
|
current = get_nsx_switch_and_port_id(session, neutron_id)
|
|
if current[1] == nsx_port_id:
|
|
LOG.debug("Port mapping for %s already available",
|
|
neutron_id)
|
|
ctxt.reraise = False
|
|
except db_exc.DBError:
|
|
with excutils.save_and_reraise_exception():
|
|
# rollback for any other db error
|
|
session.rollback()
|
|
return mapping
|
|
|
|
|
|
def add_neutron_nsx_router_mapping(session, neutron_id, nsx_router_id):
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.NeutronNsxRouterMapping(
|
|
neutron_id=neutron_id, nsx_id=nsx_router_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def add_neutron_nsx_security_group_mapping(session, neutron_id, nsx_id):
|
|
"""Map a Neutron security group to a NSX security profile.
|
|
|
|
:param session: a valid database session object
|
|
:param neutron_id: a neutron security group identifier
|
|
:param nsx_id: a nsx security profile identifier
|
|
"""
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.NeutronNsxSecurityGroupMapping(
|
|
neutron_id=neutron_id, nsx_id=nsx_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def get_nsx_service_binding(session, network_id, service_type):
|
|
try:
|
|
return session.query(nsx_models.NeutronNsxServiceBinding).filter_by(
|
|
network_id=network_id, nsx_service_type=service_type).one()
|
|
except exc.NoResultFound:
|
|
LOG.debug("NSX %s service not enabled on network %s", service_type,
|
|
network_id)
|
|
|
|
|
|
def add_neutron_nsx_service_binding(session, network_id, port_id,
|
|
service_type, service_id):
|
|
"""Store enabled NSX services on each Neutron network.
|
|
|
|
:param session: database session object
|
|
:param network_id: identifier of Neutron network enabling the service
|
|
:param port_id: identifier of Neutron port providing the service
|
|
:param service_type: type of NSX service
|
|
:param service_id: identifier of NSX service
|
|
"""
|
|
with session.begin(subtransactions=True):
|
|
binding = nsx_models.NeutronNsxServiceBinding(
|
|
network_id=network_id, port_id=port_id,
|
|
nsx_service_type=service_type, nsx_service_id=service_id)
|
|
session.add(binding)
|
|
return binding
|
|
|
|
|
|
def delete_neutron_nsx_service_binding(session, network_id, service_type):
|
|
return session.query(nsx_models.NeutronNsxServiceBinding).filter_by(
|
|
network_id=network_id, nsx_service_type=service_type).delete()
|
|
|
|
|
|
def get_nsx_dhcp_bindings(session, port_id):
|
|
return [binding for binding in session.query(
|
|
nsx_models.NeutronNsxDhcpBinding).filter_by(port_id=port_id)]
|
|
|
|
|
|
def get_nsx_dhcp_bindings_by_service(session, service_id):
|
|
return [binding for binding in session.query(
|
|
nsx_models.NeutronNsxDhcpBinding).filter_by(nsx_service_id=service_id)]
|
|
|
|
|
|
def add_neutron_nsx_dhcp_binding(session, port_id, subnet_id, ip_address,
|
|
service_id, binding_id):
|
|
"""Store DHCP binding of each Neutron port.
|
|
|
|
:param session: database session object
|
|
:param port_id: identifier of Neutron port with DHCP binding
|
|
:param subnet_id: identifier of Neutron subnet for the port
|
|
:param ip_address: IP address for the port in this subnet.
|
|
:param service_id: identifier of NSX DHCP service
|
|
:param binding_id: identifier of NSX DHCP binding
|
|
"""
|
|
with session.begin(subtransactions=True):
|
|
binding = nsx_models.NeutronNsxDhcpBinding(
|
|
port_id=port_id, subnet_id=subnet_id, ip_address=ip_address,
|
|
nsx_service_id=service_id, nsx_binding_id=binding_id)
|
|
session.add(binding)
|
|
return binding
|
|
|
|
|
|
def delete_neutron_nsx_dhcp_binding(session, port_id, binding_id):
|
|
return session.query(nsx_models.NeutronNsxDhcpBinding).filter_by(
|
|
port_id=port_id, nsx_binding_id=binding_id).delete()
|
|
|
|
|
|
def delete_neutron_nsx_dhcp_bindings_by_service_id(session, service_id):
|
|
return session.query(nsx_models.NeutronNsxDhcpBinding).filter_by(
|
|
nsx_service_id=service_id).delete()
|
|
|
|
|
|
def get_nsx_switch_ids(session, neutron_id):
|
|
# This function returns a list of NSX switch identifiers because of
|
|
# the possibility of chained logical switches
|
|
return [mapping['nsx_id'] for mapping in
|
|
session.query(nsx_models.NeutronNsxNetworkMapping).filter_by(
|
|
neutron_id=neutron_id)]
|
|
|
|
|
|
def get_nsx_network_mappings(session, neutron_id):
|
|
# This function returns a list of NSX switch identifiers because of
|
|
# the possibility of chained logical switches
|
|
return session.query(nsx_models.NeutronNsxNetworkMapping).filter_by(
|
|
neutron_id=neutron_id).all()
|
|
|
|
|
|
def get_nsx_switch_id_for_dvs(session, neutron_id, dvs_id):
|
|
"""Retrieve the NSX switch ID for a given DVS ID and neutron network."""
|
|
try:
|
|
mapping = (session.query(nsx_models.NeutronNsxNetworkMapping).
|
|
filter_by(neutron_id=neutron_id,
|
|
dvs_id=dvs_id).one())
|
|
return mapping['nsx_id']
|
|
except exc.NoResultFound:
|
|
LOG.debug("NSX switch for dvs-id: %s not yet stored in Neutron DB",
|
|
dvs_id)
|
|
|
|
|
|
def get_net_ids(session, nsx_id):
|
|
return [mapping['neutron_id'] for mapping in
|
|
get_nsx_network_mapping_for_nsx_id(session, nsx_id)]
|
|
|
|
|
|
def get_nsx_network_mapping_for_nsx_id(session, nsx_id):
|
|
return session.query(nsx_models.NeutronNsxNetworkMapping).filter_by(
|
|
nsx_id=nsx_id).all()
|
|
|
|
|
|
def get_nsx_networks_mapping(session):
|
|
return session.query(nsx_models.NeutronNsxNetworkMapping).all()
|
|
|
|
|
|
def get_nsx_switch_and_port_id(session, neutron_id):
|
|
try:
|
|
mapping = (session.query(nsx_models.NeutronNsxPortMapping).
|
|
filter_by(neutron_id=neutron_id).
|
|
one())
|
|
return mapping['nsx_switch_id'], mapping['nsx_port_id']
|
|
except exc.NoResultFound:
|
|
LOG.debug("NSX identifiers for neutron port %s not yet "
|
|
"stored in Neutron DB", neutron_id)
|
|
return None, None
|
|
|
|
|
|
def get_nsx_router_id(session, neutron_id):
|
|
try:
|
|
mapping = (session.query(nsx_models.NeutronNsxRouterMapping).
|
|
filter_by(neutron_id=neutron_id).one())
|
|
return mapping['nsx_id']
|
|
except exc.NoResultFound:
|
|
LOG.debug("NSX identifiers for neutron router %s not yet "
|
|
"stored in Neutron DB", neutron_id)
|
|
|
|
|
|
def get_nsx_security_group_id(session, neutron_id):
|
|
"""Return the id of a security group in the NSX backend.
|
|
|
|
Note: security groups are called 'security profiles' in NSX
|
|
"""
|
|
try:
|
|
mapping = (session.query(nsx_models.NeutronNsxSecurityGroupMapping).
|
|
filter_by(neutron_id=neutron_id).
|
|
one())
|
|
return mapping['nsx_id']
|
|
except exc.NoResultFound:
|
|
LOG.debug("NSX identifiers for neutron security group %s not yet "
|
|
"stored in Neutron DB", neutron_id)
|
|
return None
|
|
|
|
|
|
def get_nsx_security_group_ids(session, neutron_ids):
|
|
"""Return list of ids of a security groups in the NSX backend.
|
|
"""
|
|
filters = {'neutron_id': neutron_ids}
|
|
like_filters = None
|
|
query = session.query(nsx_models.NeutronNsxSecurityGroupMapping)
|
|
mappings = _apply_filters_to_query(
|
|
query, nsx_models.NeutronNsxSecurityGroupMapping,
|
|
filters, like_filters).all()
|
|
return [mapping['nsx_id'] for mapping in mappings
|
|
if mapping['nsx_id'] is not None]
|
|
|
|
|
|
def _delete_by_neutron_id(session, model, neutron_id):
|
|
return session.query(model).filter_by(neutron_id=neutron_id).delete()
|
|
|
|
|
|
def delete_neutron_nsx_port_mapping(session, neutron_id):
|
|
return _delete_by_neutron_id(
|
|
session, nsx_models.NeutronNsxPortMapping, neutron_id)
|
|
|
|
|
|
def delete_neutron_nsx_router_mapping(session, neutron_id):
|
|
return _delete_by_neutron_id(
|
|
session, nsx_models.NeutronNsxRouterMapping, neutron_id)
|
|
|
|
|
|
def unset_default_network_gateways(session):
|
|
with session.begin(subtransactions=True):
|
|
session.query(nsx_models.NetworkGateway).update(
|
|
{nsx_models.NetworkGateway.default: False})
|
|
|
|
|
|
def set_default_network_gateway(session, gw_id):
|
|
with session.begin(subtransactions=True):
|
|
gw = (session.query(nsx_models.NetworkGateway).
|
|
filter_by(id=gw_id).one())
|
|
gw['default'] = True
|
|
|
|
|
|
def set_multiprovider_network(session, network_id):
|
|
with session.begin(subtransactions=True):
|
|
multiprovider_network = nsx_models.MultiProviderNetworks(
|
|
network_id)
|
|
session.add(multiprovider_network)
|
|
return multiprovider_network
|
|
|
|
|
|
def is_multiprovider_network(session, network_id):
|
|
with session.begin(subtransactions=True):
|
|
return bool(
|
|
session.query(nsx_models.MultiProviderNetworks).filter_by(
|
|
network_id=network_id).first())
|
|
|
|
|
|
# NSXv3 L2 Gateway DB methods.
|
|
def add_l2gw_connection_mapping(session, connection_id, bridge_endpoint_id,
|
|
port_id):
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.NsxL2GWConnectionMapping(
|
|
connection_id=connection_id,
|
|
port_id=port_id,
|
|
bridge_endpoint_id=bridge_endpoint_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def get_l2gw_connection_mapping(session, connection_id):
|
|
try:
|
|
return (session.query(nsx_models.NsxL2GWConnectionMapping).
|
|
filter_by(connection_id=connection_id).one())
|
|
except exc.NoResultFound:
|
|
raise nsx_exc.NsxL2GWConnectionMappingNotFound(conn=connection_id)
|
|
|
|
|
|
# NSXv3 QoS policy id <-> switch Id mapping
|
|
def add_qos_policy_profile_mapping(session, qos_policy_id, switch_profile_id):
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.QosPolicySwitchProfile(
|
|
qos_policy_id=qos_policy_id,
|
|
switch_profile_id=switch_profile_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def get_switch_profile_by_qos_policy(session, qos_policy_id):
|
|
try:
|
|
entry = (session.query(nsx_models.QosPolicySwitchProfile).
|
|
filter_by(qos_policy_id=qos_policy_id).one())
|
|
return entry.switch_profile_id
|
|
except exc.NoResultFound:
|
|
raise nsx_exc.NsxQosPolicyMappingNotFound(policy=qos_policy_id)
|
|
|
|
|
|
def delete_qos_policy_profile_mapping(session, qos_policy_id):
|
|
return (session.query(nsx_models.QosPolicySwitchProfile).
|
|
filter_by(qos_policy_id=qos_policy_id).delete())
|
|
|
|
|
|
# NSXv3 Port Mirror Sessions DB methods.
|
|
def add_port_mirror_session_mapping(session, tf_id, pm_session_id):
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.NsxPortMirrorSessionMapping(
|
|
tap_flow_id=tf_id,
|
|
port_mirror_session_id=pm_session_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def get_port_mirror_session_mapping(session, tf_id):
|
|
try:
|
|
return (session.query(nsx_models.NsxPortMirrorSessionMapping).
|
|
filter_by(tap_flow_id=tf_id).one())
|
|
except exc.NoResultFound:
|
|
raise nsx_exc.NsxPortMirrorSessionMappingNotFound(tf=tf_id)
|
|
|
|
|
|
def delete_port_mirror_session_mapping(session, tf_id):
|
|
return (session.query(nsx_models.NsxPortMirrorSessionMapping).
|
|
filter_by(tap_flow_id=tf_id).delete())
|
|
|
|
|
|
def save_sg_mappings(session, sg_id, nsgroup_id, section_id):
|
|
with session.begin(subtransactions=True):
|
|
session.add(
|
|
nsx_models.NeutronNsxFirewallSectionMapping(neutron_id=sg_id,
|
|
nsx_id=section_id))
|
|
session.add(
|
|
nsx_models.NeutronNsxSecurityGroupMapping(neutron_id=sg_id,
|
|
nsx_id=nsgroup_id))
|
|
|
|
|
|
def get_sg_mappings(session, sg_id):
|
|
nsgroup_mapping = session.query(
|
|
nsx_models.NeutronNsxSecurityGroupMapping
|
|
).filter_by(neutron_id=sg_id).one()
|
|
section_mapping = session.query(
|
|
nsx_models.NeutronNsxFirewallSectionMapping
|
|
).filter_by(neutron_id=sg_id).one()
|
|
return nsgroup_mapping.nsx_id, section_mapping.nsx_id
|
|
|
|
|
|
def get_sg_rule_mapping(session, rule_id):
|
|
rule_mapping = session.query(
|
|
nsx_models.NeutronNsxRuleMapping).filter_by(
|
|
neutron_id=rule_id).one()
|
|
return rule_mapping.nsx_id
|
|
|
|
|
|
def save_sg_rule_mappings(session, rules):
|
|
with session.begin(subtransactions=True):
|
|
for neutron_id, nsx_id in rules:
|
|
mapping = nsx_models.NeutronNsxRuleMapping(
|
|
neutron_id=neutron_id, nsx_id=nsx_id)
|
|
session.add(mapping)
|
|
|
|
|
|
def add_nsx_ipam_subnet_pool(session, subnet_id, nsx_pool_id):
|
|
with session.begin(subtransactions=True):
|
|
binding = nsx_models.NsxSubnetIpam(
|
|
subnet_id=subnet_id,
|
|
nsx_pool_id=nsx_pool_id)
|
|
session.add(binding)
|
|
return binding
|
|
|
|
|
|
def get_nsx_ipam_pool_for_subnet(session, subnet_id):
|
|
try:
|
|
entry = session.query(
|
|
nsx_models.NsxSubnetIpam).filter_by(
|
|
subnet_id=subnet_id).one()
|
|
return entry.nsx_pool_id
|
|
except exc.NoResultFound:
|
|
return
|
|
|
|
|
|
def del_nsx_ipam_subnet_pool(session, subnet_id, nsx_pool_id):
|
|
return (session.query(nsx_models.NsxSubnetIpam).
|
|
filter_by(subnet_id=subnet_id,
|
|
nsx_pool_id=nsx_pool_id).delete())
|
|
|
|
|
|
def get_certificate(session, purpose):
|
|
try:
|
|
cert_entry = session.query(
|
|
nsx_models.NsxCertificateRepository).filter_by(
|
|
purpose=purpose).one()
|
|
return cert_entry.certificate, cert_entry.private_key
|
|
except exc.NoResultFound:
|
|
return None, None
|
|
|
|
|
|
def save_certificate(session, purpose, cert, pk):
|
|
with session.begin(subtransactions=True):
|
|
cert_entry = nsx_models.NsxCertificateRepository(
|
|
purpose=purpose,
|
|
certificate=cert,
|
|
private_key=pk)
|
|
session.add(cert_entry)
|
|
|
|
|
|
def delete_certificate(session, purpose):
|
|
return (session.query(nsx_models.NsxCertificateRepository).
|
|
filter_by(purpose=purpose).delete())
|