vmware-nsx/quantum/plugins/midonet/plugin.py
He Jie Xu ea76470e40 Use db model hook to filter external network
Fixes bug 1132849

Change-Id: I47e01a11afaf6e6bcf06da7bd713fd39b05600ff
2013-02-26 00:05:52 +08:00

1093 lines
47 KiB
Python

# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright (C) 2012 Midokura Japan K.K.
# Copyright (C) 2013 Midokura PTE LTD
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# @author: Takaaki Suzuki, Midokura Japan KK
# @author: Tomoe Sugihara, Midokura Japan KK
# @author: Ryu Ishimoto, Midokura Japan KK
from midonetclient import api
from oslo.config import cfg
from webob import exc as w_exc
from quantum.common import exceptions as q_exc
from quantum.common.utils import find_config_file
from quantum.db import api as db
from quantum.db import db_base_plugin_v2
from quantum.db import l3_db
from quantum.db import models_v2
from quantum.db import securitygroups_db
from quantum.extensions import securitygroup as ext_sg
from quantum.openstack.common import log as logging
from quantum.plugins.midonet import config
from quantum.plugins.midonet import midonet_lib
LOG = logging.getLogger(__name__)
OS_TENANT_ROUTER_RULE_KEY = 'OS_TENANT_ROUTER_RULE'
OS_FLOATING_IP_RULE_KEY = 'OS_FLOATING_IP'
SNAT_RULE = 'SNAT'
SNAT_RULE_PROPERTY = {OS_TENANT_ROUTER_RULE_KEY: SNAT_RULE}
class MidonetResourceNotFound(q_exc.NotFound):
message = _('MidoNet %(resource_type)s %(id)s could not be found')
class MidonetPluginException(q_exc.QuantumException):
message = _("%(msg)s")
class MidonetPluginV2(db_base_plugin_v2.QuantumDbPluginV2,
l3_db.L3_NAT_db_mixin,
securitygroups_db.SecurityGroupDbMixin):
supported_extension_aliases = ['router', 'security-group']
def __init__(self):
# Read config values
midonet_conf = cfg.CONF.MIDONET
midonet_uri = midonet_conf.midonet_uri
admin_user = midonet_conf.username
admin_pass = midonet_conf.password
admin_project_id = midonet_conf.project_id
provider_router_id = midonet_conf.provider_router_id
metadata_router_id = midonet_conf.metadata_router_id
mode = midonet_conf.mode
self.mido_api = api.MidonetApi(midonet_uri, admin_user,
admin_pass,
project_id=admin_project_id)
# get MidoNet provider router and metadata router
if provider_router_id and metadata_router_id:
self.provider_router = self.mido_api.get_router(provider_router_id)
self.metadata_router = self.mido_api.get_router(metadata_router_id)
# for dev purpose only
elif mode == 'dev':
msg = _('No provider router and metadata device ids found. '
'But skipping because running in dev env.')
LOG.debug(msg)
else:
msg = _('provider_router_id and metadata_router_id '
'should be configured in the plugin config file')
LOG.exception(msg)
raise MidonetPluginException(msg=msg)
self.chain_manager = midonet_lib.ChainManager(self.mido_api)
self.pg_manager = midonet_lib.PortGroupManager(self.mido_api)
self.rule_manager = midonet_lib.RuleManager(self.mido_api)
db.configure_db()
def create_subnet(self, context, subnet):
"""Create Quantum subnet.
Creates a Quantum subnet and a DHCP entry in MidoNet bridge.
"""
LOG.debug(_("MidonetPluginV2.create_subnet called: subnet=%r"), subnet)
if subnet['subnet']['ip_version'] == 6:
raise q_exc.NotImplementedError(
_("MidoNet doesn't support IPv6."))
net = super(MidonetPluginV2, self).get_network(
context, subnet['subnet']['network_id'], fields=None)
if net['subnets']:
raise q_exc.NotImplementedError(
_("MidoNet doesn't support multiple subnets "
"on the same network."))
session = context.session
with session.begin(subtransactions=True):
sn_entry = super(MidonetPluginV2, self).create_subnet(context,
subnet)
try:
bridge = self.mido_api.get_bridge(sn_entry['network_id'])
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Bridge',
id=sn_entry['network_id'])
gateway_ip = subnet['subnet']['gateway_ip']
network_address, prefix = subnet['subnet']['cidr'].split('/')
bridge.add_dhcp_subnet().default_gateway(gateway_ip).subnet_prefix(
network_address).subnet_length(prefix).create()
# If the network is external, link the bridge to MidoNet provider
# router
self._extend_network_dict_l3(context, net)
if net['router:external']:
gateway_ip = sn_entry['gateway_ip']
network_address, length = sn_entry['cidr'].split('/')
# create a interior port in the MidoNet provider router
in_port = self.provider_router.add_interior_port()
pr_port = in_port.port_address(gateway_ip).network_address(
network_address).network_length(length).create()
# create a interior port in the bridge, then link
# it to the provider router.
br_port = bridge.add_interior_port().create()
pr_port.link(br_port.get_id())
# add a route for the subnet in the provider router
self.provider_router.add_route().type(
'Normal').src_network_addr('0.0.0.0').src_network_length(
0).dst_network_addr(
network_address).dst_network_length(
length).weight(100).next_hop_port(
pr_port.get_id()).create()
LOG.debug(_("MidonetPluginV2.create_subnet exiting: sn_entry=%r"),
sn_entry)
return sn_entry
def get_subnet(self, context, id, fields=None):
"""Get Quantum subnet.
Retrieves a Quantum subnet record but also including the DHCP entry
data stored in MidoNet.
"""
LOG.debug(_("MidonetPluginV2.get_subnet called: id=%(id)s "
"fields=%(fields)s"), {'id': id, 'fields': fields})
qsubnet = super(MidonetPluginV2, self).get_subnet(context, id)
bridge_id = qsubnet['network_id']
try:
bridge = self.mido_api.get_bridge(bridge_id)
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Bridge',
id=bridge_id)
# get dhcp subnet data from MidoNet bridge.
dhcps = bridge.get_dhcp_subnets()
b_network_address = dhcps[0].get_subnet_prefix()
b_prefix = dhcps[0].get_subnet_length()
# Validate against quantum database.
network_address, prefix = qsubnet['cidr'].split('/')
if network_address != b_network_address or int(prefix) != b_prefix:
raise MidonetResourceNotFound(resource_type='DhcpSubnet',
id=qsubnet['cidr'])
LOG.debug(_("MidonetPluginV2.get_subnet exiting: qsubnet=%s"), qsubnet)
return qsubnet
def get_subnets(self, context, filters=None, fields=None):
"""List Quantum subnets.
Retrieves Quantum subnets with some fields populated by the data
stored in MidoNet.
"""
LOG.debug(_("MidonetPluginV2.get_subnets called: filters=%(filters)r, "
"fields=%(fields)r"),
{'filters': filters, 'fields': fields})
subnets = super(MidonetPluginV2, self).get_subnets(context, filters,
fields)
for sn in subnets:
if not 'network_id' in sn:
continue
try:
bridge = self.mido_api.get_bridge(sn['network_id'])
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Bridge',
id=sn['network_id'])
# TODO(tomoe): dedupe this part.
# get dhcp subnet data from MidoNet bridge.
dhcps = bridge.get_dhcp_subnets()
b_network_address = dhcps[0].get_subnet_prefix()
b_prefix = dhcps[0].get_subnet_length()
# Validate against quantum database.
if sn.get('cidr'):
network_address, prefix = sn['cidr'].split('/')
if network_address != b_network_address or int(
prefix) != b_prefix:
raise MidonetResourceNotFound(resource_type='DhcpSubnet',
id=sn['cidr'])
LOG.debug(_("MidonetPluginV2.create_subnet exiting"))
return subnets
def delete_subnet(self, context, id):
"""Delete Quantum subnet.
Delete quantum network and its corresponding MidoNet bridge.
"""
LOG.debug(_("MidonetPluginV2.delete_subnet called: id=%s"), id)
subnet = super(MidonetPluginV2, self).get_subnet(context, id,
fields=None)
net = super(MidonetPluginV2, self).get_network(context,
subnet['network_id'],
fields=None)
bridge_id = subnet['network_id']
try:
bridge = self.mido_api.get_bridge(bridge_id)
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Bridge', id=bridge_id)
dhcp = bridge.get_dhcp_subnets()
dhcp[0].delete()
# If the network is external, clean up routes, links, ports.
self._extend_network_dict_l3(context, net)
if net['router:external']:
# Delete routes and unlink the router and the bridge.
routes = self.provider_router.get_routes()
bridge_ports_to_delete = []
for p in self.provider_router.get_peer_ports():
if p.get_device_id() == bridge.get_id():
bridge_ports_to_delete.append(p)
for p in bridge.get_peer_ports():
if p.get_device_id() == self.provider_router.get_id():
# delete the routes going to the brdge
for r in routes:
if r.get_next_hop_port() == p.get_id():
r.delete()
p.unlink()
p.delete()
# delete bridge port
map(lambda x: x.delete(), bridge_ports_to_delete)
super(MidonetPluginV2, self).delete_subnet(context, id)
LOG.debug(_("MidonetPluginV2.delete_subnet exiting"))
def create_network(self, context, network):
"""Create Quantum network.
Create a new Quantum network and its corresponding MidoNet bridge.
"""
LOG.debug(_('MidonetPluginV2.create_network called: network=%r'),
network)
if network['network']['admin_state_up'] is False:
LOG.warning(_('Ignoring admin_state_up=False for network=%r'
'Overriding with True'), network)
network['network']['admin_state_up'] = True
tenant_id = self._get_tenant_id_for_create(context, network['network'])
self._ensure_default_security_group(context, tenant_id)
session = context.session
with session.begin(subtransactions=True):
bridge = self.mido_api.add_bridge().name(
network['network']['name']).tenant_id(tenant_id).create()
# Set MidoNet bridge ID to the quantum DB entry
network['network']['id'] = bridge.get_id()
net = super(MidonetPluginV2, self).create_network(context, network)
# to handle l3 related data in DB
self._process_l3_create(context, network['network'], net['id'])
self._extend_network_dict_l3(context, net)
LOG.debug(_("MidonetPluginV2.create_network exiting: net=%r"), net)
return net
def update_network(self, context, id, network):
"""Update Quantum network.
Update an existing Quantum network and its corresponding MidoNet
bridge.
"""
LOG.debug(_("MidonetPluginV2.update_network called: id=%(id)r, "
"network=%(network)r"), {'id': id, 'network': network})
# Reject admin_state_up=False
if network['network'].get('admin_state_up') and network['network'][
'admin_state_up'] is False:
raise q_exc.NotImplementedError(_('admin_state_up=False '
'networks are not '
'supported.'))
session = context.session
with session.begin(subtransactions=True):
net = super(MidonetPluginV2, self).update_network(
context, id, network)
try:
bridge = self.mido_api.get_bridge(id)
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Bridge', id=id)
bridge.name(net['name']).update()
self._extend_network_dict_l3(context, net)
LOG.debug(_("MidonetPluginV2.update_network exiting: net=%r"), net)
return net
def get_network(self, context, id, fields=None):
"""Get Quantum network.
Retrieves a Quantum network and its corresponding MidoNet bridge.
"""
LOG.debug(_("MidonetPluginV2.get_network called: id=%(id)r, "
"fields=%(fields)r"), {'id': id, 'fields': fields})
# NOTE: Get network data with all fields (fields=None) for
# _extend_network_dict_l3() method, which needs 'id' field
qnet = super(MidonetPluginV2, self).get_network(context, id, None)
try:
self.mido_api.get_bridge(id)
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Bridge', id=id)
self._extend_network_dict_l3(context, qnet)
LOG.debug(_("MidonetPluginV2.get_network exiting: qnet=%r"), qnet)
return self._fields(qnet, fields)
def get_networks(self, context, filters=None, fields=None):
"""List quantum networks and verify that all exist in MidoNet."""
LOG.debug(_("MidonetPluginV2.get_networks called: "
"filters=%(filters)r, fields=%(fields)r"),
{'filters': filters, 'fields': fields})
# NOTE: Get network data with all fields (fields=None) for
# _extend_network_dict_l3() method, which needs 'id' field
qnets = super(MidonetPluginV2, self).get_networks(context, filters,
None)
self.mido_api.get_bridges({'tenant_id': context.tenant_id})
for n in qnets:
try:
self.mido_api.get_bridge(n['id'])
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Bridge',
id=n['id'])
self._extend_network_dict_l3(context, n)
return [self._fields(net, fields) for net in qnets]
def delete_network(self, context, id):
"""Delete a network and its corresponding MidoNet bridge."""
LOG.debug(_("MidonetPluginV2.delete_network called: id=%r"), id)
self.mido_api.get_bridge(id).delete()
try:
super(MidonetPluginV2, self).delete_network(context, id)
except Exception:
LOG.error(_('Failed to delete quantum db, while Midonet bridge=%r'
'had been deleted'), id)
raise
def create_port(self, context, port):
"""Create a L2 port in Quantum/MidoNet."""
LOG.debug(_("MidonetPluginV2.create_port called: port=%r"), port)
is_compute_interface = False
port_data = port['port']
# get the bridge and create a port on it.
try:
bridge = self.mido_api.get_bridge(port_data['network_id'])
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Bridge',
id=port_data['network_id'])
device_owner = port_data['device_owner']
if device_owner.startswith('compute:') or device_owner is '':
is_compute_interface = True
bridge_port = bridge.add_exterior_port().create()
elif device_owner == l3_db.DEVICE_OWNER_ROUTER_INTF:
bridge_port = bridge.add_interior_port().create()
elif (device_owner == l3_db.DEVICE_OWNER_ROUTER_GW or
device_owner == l3_db.DEVICE_OWNER_FLOATINGIP):
# This is a dummy port to make l3_db happy.
# This will not be used in MidoNet
bridge_port = bridge.add_interior_port().create()
if bridge_port:
# set midonet port id to quantum port id and create a DB record.
port_data['id'] = bridge_port.get_id()
session = context.session
with session.begin(subtransactions=True):
port_db_entry = super(MidonetPluginV2,
self).create_port(context, port)
self._extend_port_dict_security_group(context, port_db_entry)
if is_compute_interface:
# Create a DHCP entry if needed.
if 'ip_address' in (port_db_entry['fixed_ips'] or [{}])[0]:
# get ip and mac from DB record, assuming one IP address
# at most since we only support one subnet per network now.
fixed_ip = port_db_entry['fixed_ips'][0]['ip_address']
mac = port_db_entry['mac_address']
# create dhcp host entry under the bridge.
dhcp_subnets = bridge.get_dhcp_subnets()
if dhcp_subnets:
dhcp_subnets[0].add_dhcp_host().ip_addr(
fixed_ip).mac_addr(mac).create()
LOG.debug(_("MidonetPluginV2.create_port exiting: port_db_entry=%r"),
port_db_entry)
return port_db_entry
def update_port(self, context, id, port):
"""Update port."""
LOG.debug(_("MidonetPluginV2.update_port called: id=%(id)s "
"port=%(port)r"), {'id': id, 'port': port})
return super(MidonetPluginV2, self).update_port(context, id, port)
def get_port(self, context, id, fields=None):
"""Retrieve port."""
LOG.debug(_("MidonetPluginV2.get_port called: id=%(id)s "
"fields=%(fields)r"), {'id': id, 'fields': fields})
# get the quantum port from DB.
port_db_entry = super(MidonetPluginV2, self).get_port(context,
id, fields)
self._extend_port_dict_security_group(context, port_db_entry)
# verify that corresponding port exists in MidoNet.
try:
self.mido_api.get_port(id)
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Port', id=id)
LOG.debug(_("MidonetPluginV2.get_port exiting: port_db_entry=%r"),
port_db_entry)
return port_db_entry
def get_ports(self, context, filters=None, fields=None):
"""List quantum ports and verify that they exist in MidoNet."""
LOG.debug(_("MidonetPluginV2.get_ports called: filters=%(filters)s "
"fields=%(fields)r"),
{'filters': filters, 'fields': fields})
ports_db_entry = super(MidonetPluginV2, self).get_ports(context,
filters,
fields)
if ports_db_entry:
try:
for port in ports_db_entry:
self.mido_api.get_port(port['id'])
self._extend_port_dict_security_group(context, port)
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Port',
id=port['id'])
return ports_db_entry
def delete_port(self, context, id, l3_port_check=True):
"""Delete a quantum port and corresponding MidoNet bridge port."""
LOG.debug(_("MidonetPluginV2.delete_port called: id=%(id)s "
"l3_port_check=%(l3_port_check)r"),
{'id': id, 'l3_port_check': l3_port_check})
# if needed, check to see if this is a port owned by
# and l3-router. If so, we should prevent deletion.
if l3_port_check:
self.prevent_l3_port_deletion(context, id)
session = context.session
with session.begin(subtransactions=True):
port_db_entry = super(MidonetPluginV2, self).get_port(context,
id, None)
bridge = self.mido_api.get_bridge(port_db_entry['network_id'])
# Clean up dhcp host entry if needed.
if 'ip_address' in (port_db_entry['fixed_ips'] or [{}])[0]:
# get ip and mac from DB record.
ip = port_db_entry['fixed_ips'][0]['ip_address']
mac = port_db_entry['mac_address']
# create dhcp host entry under the bridge.
dhcp_subnets = bridge.get_dhcp_subnets()
if dhcp_subnets:
for dh in dhcp_subnets[0].get_dhcp_hosts():
if dh.get_mac_addr() == mac and dh.get_ip_addr() == ip:
dh.delete()
self.mido_api.get_port(id).delete()
return super(MidonetPluginV2, self).delete_port(context, id)
#
# L3 APIs.
#
def create_router(self, context, router):
LOG.debug(_("MidonetPluginV2.create_router called: router=%r"), router)
if router['router']['admin_state_up'] is False:
LOG.warning(_('Ignoreing admin_state_up=False for router=%r',
'Overriding with True'), router)
router['router']['admin_state_up'] = True
tenant_id = self._get_tenant_id_for_create(context, router['router'])
session = context.session
with session.begin(subtransactions=True):
mrouter = self.mido_api.add_router().name(
router['router']['name']).tenant_id(tenant_id).create()
qrouter = super(MidonetPluginV2, self).create_router(context,
router)
chains = self.chain_manager.create_router_chains(tenant_id,
mrouter.get_id())
# set chains to in/out filters
mrouter.inbound_filter_id(
chains['in'].get_id()).outbound_filter_id(
chains['out'].get_id()).update()
# get entry from the DB and update 'id' with MidoNet router id.
qrouter_entry = self._get_router(context, qrouter['id'])
qrouter['id'] = mrouter.get_id()
qrouter_entry.update(qrouter)
# link to metadata router
in_port = self.metadata_router.add_interior_port()
mdr_port = in_port.network_address('169.254.255.0').network_length(
30).port_address('169.254.255.1').create()
tr_port = mrouter.add_interior_port().network_address(
'169.254.255.0').network_length(30).port_address(
'169.254.255.2').create()
mdr_port.link(tr_port.get_id())
# forward metadata traffic to metadata router
mrouter.add_route().type('Normal').src_network_addr(
'0.0.0.0').src_network_length(0).dst_network_addr(
'169.254.169.254').dst_network_length(32).weight(
100).next_hop_port(tr_port.get_id()).create()
LOG.debug(_("MidonetPluginV2.create_router exiting: qrouter=%r"),
qrouter)
return qrouter
def update_router(self, context, id, router):
LOG.debug(_("MidonetPluginV2.update_router called: id=%(id)s "
"router=%(router)r"), router)
if router['router'].get('admin_state_up') is False:
raise q_exc.NotImplementedError(_('admin_state_up=False '
'routers are not '
'supported.'))
op_gateway_set = False
op_gateway_clear = False
# figure out which operation it is in
if ('external_gateway_info' in router['router'] and
'network_id' in router['router']['external_gateway_info']):
op_gateway_set = True
elif ('external_gateway_info' in router['router'] and
router['router']['external_gateway_info'] == {}):
op_gateway_clear = True
qports = super(MidonetPluginV2, self).get_ports(
context, {'device_id': [id],
'device_owner': ['network:router_gateway']})
assert len(qports) == 1
qport = qports[0]
snat_ip = qport['fixed_ips'][0]['ip_address']
qport['network_id']
session = context.session
with session.begin(subtransactions=True):
qrouter = super(MidonetPluginV2, self).update_router(context, id,
router)
changed_name = router['router'].get('name')
if changed_name:
self.mido_api.get_router(id).name(changed_name).update()
tenant_router = self.mido_api.get_router(id)
if op_gateway_set:
# find a qport with the network_id for the router
qports = super(MidonetPluginV2, self).get_ports(
context, {'device_id': [id],
'device_owner': ['network:router_gateway']})
assert len(qports) == 1
qport = qports[0]
snat_ip = qport['fixed_ips'][0]['ip_address']
in_port = self.provider_router.add_interior_port()
pr_port = in_port.network_address(
'169.254.255.0').network_length(30).port_address(
'169.254.255.1').create()
# Create a port in the tenant router
tr_port = tenant_router.add_interior_port().network_address(
'169.254.255.0').network_length(30).port_address(
'169.254.255.2').create()
# Link them
pr_port.link(tr_port.get_id())
# Add a route for snat_ip to bring it down to tenant
self.provider_router.add_route().type(
'Normal').src_network_addr('0.0.0.0').src_network_length(
0).dst_network_addr(snat_ip).dst_network_length(
32).weight(100).next_hop_port(
pr_port.get_id()).create()
# Add default route to uplink in the tenant router
tenant_router.add_route().type('Normal').src_network_addr(
'0.0.0.0').src_network_length(0).dst_network_addr(
'0.0.0.0').dst_network_length(0).weight(
100).next_hop_port(tr_port.get_id()).create()
# ADD SNAT(masquerade) rules
chains = self.chain_manager.get_router_chains(
tenant_router.get_tenant_id(), tenant_router.get_id())
chains['in'].add_rule().nw_dst_address(snat_ip).nw_dst_length(
32).type('rev_snat').flow_action('accept').in_ports(
[tr_port.get_id()]).properties(
SNAT_RULE_PROPERTY).position(1).create()
nat_targets = []
nat_targets.append(
{'addressFrom': snat_ip, 'addressTo': snat_ip,
'portFrom': 1, 'portTo': 65535})
chains['out'].add_rule().type('snat').flow_action(
'accept').nat_targets(nat_targets).out_ports(
[tr_port.get_id()]).properties(
SNAT_RULE_PROPERTY).position(1).create()
if op_gateway_clear:
# delete the port that is connected to provider router
for p in tenant_router.get_ports():
if p.get_port_address() == '169.254.255.2':
peer_port_id = p.get_peer_id()
p.unlink()
self.mido_api.get_port(peer_port_id).delete()
p.delete()
# delete default route
for r in tenant_router.get_routes():
if (r.get_dst_network_addr() == '0.0.0.0' and
r.get_dst_network_length() == 0):
r.delete()
# delete SNAT(masquerade) rules
chains = self.chain_manager.get_router_chains(
tenant_router.get_tenant_id(),
tenant_router.get_id())
for r in chains['in'].get_rules():
if OS_TENANT_ROUTER_RULE_KEY in r.get_properties():
if r.get_properties()[
OS_TENANT_ROUTER_RULE_KEY] == SNAT_RULE:
r.delete()
for r in chains['out'].get_rules():
if OS_TENANT_ROUTER_RULE_KEY in r.get_properties():
if r.get_properties()[
OS_TENANT_ROUTER_RULE_KEY] == SNAT_RULE:
r.delete()
LOG.debug(_("MidonetPluginV2.update_router exiting: qrouter=%r"),
qrouter)
return qrouter
def delete_router(self, context, id):
LOG.debug(_("MidonetPluginV2.delete_router called: id=%s"), id)
mrouter = self.mido_api.get_router(id)
tenant_id = mrouter.get_tenant_id()
# unlink from metadata router and delete the interior ports
# that connect metadata router and this router.
for pp in self.metadata_router.get_peer_ports():
if pp.get_device_id() == mrouter.get_id():
mdr_port = self.mido_api.get_port(pp.get_peer_id())
pp.unlink()
pp.delete()
mdr_port.delete()
# delete corresponding chains
chains = self.chain_manager.get_router_chains(tenant_id,
mrouter.get_id())
chains['in'].delete()
chains['out'].delete()
# delete the router
mrouter.delete()
result = super(MidonetPluginV2, self).delete_router(context, id)
LOG.debug(_("MidonetPluginV2.delete_router exiting: result=%s"),
result)
return result
def get_router(self, context, id, fields=None):
LOG.debug(_("MidonetPluginV2.get_router called: id=%(id)s "
"fields=%(fields)r"), {'id': id, 'fields': fields})
qrouter = super(MidonetPluginV2, self).get_router(context, id, fields)
try:
self.mido_api.get_router(id)
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Router', id=id)
LOG.debug(_("MidonetPluginV2.get_router exiting: qrouter=%r"),
qrouter)
return qrouter
def get_routers(self, context, filters=None, fields=None):
LOG.debug(_("MidonetPluginV2.get_routers called: filters=%(filters)s "
"fields=%(fields)r"),
{'filters': filters, 'fields': fields})
qrouters = super(MidonetPluginV2, self).get_routers(
context, filters, fields)
for qr in qrouters:
try:
self.mido_api.get_router(qr['id'])
except w_exc.HTTPNotFound:
raise MidonetResourceNotFound(resource_type='Router',
id=qr['id'])
return qrouters
def add_router_interface(self, context, router_id, interface_info):
LOG.debug(_("MidonetPluginV2.add_router_interface called: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r"),
{'router_id': router_id, 'interface_info': interface_info})
qport = super(MidonetPluginV2, self).add_router_interface(
context, router_id, interface_info)
# TODO(tomoe): handle a case with 'port' in interface_info
if 'subnet_id' in interface_info:
subnet_id = interface_info['subnet_id']
subnet = self._get_subnet(context, subnet_id)
gateway_ip = subnet['gateway_ip']
network_address, length = subnet['cidr'].split('/')
# Link the router and the bridge port.
mrouter = self.mido_api.get_router(router_id)
mrouter_port = mrouter.add_interior_port().port_address(
gateway_ip).network_address(
network_address).network_length(length).create()
mbridge_port = self.mido_api.get_port(qport['port_id'])
mrouter_port.link(mbridge_port.get_id())
# Add a route entry to the subnet
mrouter.add_route().type('Normal').src_network_addr(
'0.0.0.0').src_network_length(0).dst_network_addr(
network_address).dst_network_length(length).weight(
100).next_hop_port(mrouter_port.get_id()).create()
# add a route for the subnet in metadata router; forward
# packets destined to the subnet to the tenant router
found = False
for pp in self.metadata_router.get_peer_ports():
if pp.get_device_id() == mrouter.get_id():
mdr_port_id = pp.get_peer_id()
found = True
assert found
self.metadata_router.add_route().type(
'Normal').src_network_addr('0.0.0.0').src_network_length(
0).dst_network_addr(network_address).dst_network_length(
length).weight(100).next_hop_port(mdr_port_id).create()
LOG.debug(_("MidonetPluginV2.add_router_interface exiting: "
"qport=%r"), qport)
return qport
def remove_router_interface(self, context, router_id, interface_info):
"""Remove interior router ports."""
LOG.debug(_("MidonetPluginV2.remove_router_interface called: "
"router_id=%(router_id)s "
"interface_info=%(interface_info)r"),
{'router_id': router_id, 'interface_info': interface_info})
if 'port_id' in interface_info:
mbridge_port = self.mido_api.get_port(interface_info['port_id'])
subnet_id = self.get_port(context,
interface_info['port_id']
)['fixed_ips'][0]['subnet_id']
subnet = self._get_subnet(context, subnet_id)
if 'subnet_id' in interface_info:
subnet_id = interface_info['subnet_id']
subnet = self._get_subnet(context, subnet_id)
network_id = subnet['network_id']
# find a quantum port for the network
rport_qry = context.session.query(models_v2.Port)
ports = rport_qry.filter_by(
device_id=router_id,
device_owner=l3_db.DEVICE_OWNER_ROUTER_INTF,
network_id=network_id).all()
network_port = None
for p in ports:
if p['fixed_ips'][0]['subnet_id'] == subnet_id:
network_port = p
break
assert network_port
mbridge_port = self.mido_api.get_port(network_port['id'])
# get network information from subnet data
network_addr, network_length = subnet['cidr'].split('/')
network_length = int(network_length)
# Unlink the router and the bridge.
mrouter = self.mido_api.get_router(router_id)
mrouter_port = self.mido_api.get_port(mbridge_port.get_peer_id())
mrouter_port.unlink()
# Delete the route for the subnet.
found = False
for r in mrouter.get_routes():
if r.get_next_hop_port() == mrouter_port.get_id():
r.delete()
found = True
#break # commented out due to issue#314
assert found
# delete the route for the subnet in the metadata router
found = False
for r in self.metadata_router.get_routes():
if (r.get_dst_network_addr() == network_addr and
r.get_dst_network_length() == network_length):
LOG.debug(_('Deleting route=%r ...'), r)
r.delete()
found = True
break
assert found
super(MidonetPluginV2, self).remove_router_interface(
context, router_id, interface_info)
LOG.debug(_("MidonetPluginV2.remove_router_interface exiting"))
def update_floatingip(self, context, id, floatingip):
LOG.debug(_("MidonetPluginV2.update_floatingip called: id=%(id)s "
"floatingip=%(floatingip)s "),
{'id': id, 'floatingip': floatingip})
session = context.session
with session.begin(subtransactions=True):
if floatingip['floatingip']['port_id']:
fip = super(MidonetPluginV2, self).update_floatingip(
context, id, floatingip)
router_id = fip['router_id']
floating_address = fip['floating_ip_address']
fixed_address = fip['fixed_ip_address']
tenant_router = self.mido_api.get_router(router_id)
# find the provider router port that is connected to the tenant
# of the floating ip
for p in tenant_router.get_peer_ports():
if p.get_device_id() == self.provider_router.get_id():
pr_port = p
# get the tenant router port id connected to provider router
tr_port_id = pr_port.get_peer_id()
# add a route for the floating ip to bring it to the tenant
self.provider_router.add_route().type(
'Normal').src_network_addr('0.0.0.0').src_network_length(
0).dst_network_addr(
floating_address).dst_network_length(
32).weight(100).next_hop_port(
pr_port.get_id()).create()
chains = self.chain_manager.get_router_chains(fip['tenant_id'],
fip['router_id'])
# add dnat/snat rule pair for the floating ip
nat_targets = []
nat_targets.append(
{'addressFrom': fixed_address, 'addressTo': fixed_address,
'portFrom': 0, 'portTo': 0})
floating_property = {OS_FLOATING_IP_RULE_KEY: id}
chains['in'].add_rule().nw_dst_address(
floating_address).nw_dst_length(32).type(
'dnat').flow_action('accept').nat_targets(
nat_targets).in_ports([tr_port_id]).position(
1).properties(floating_property).create()
nat_targets = []
nat_targets.append(
{'addressFrom': floating_address,
'addressTo': floating_address,
'portFrom': 0,
'portTo': 0})
chains['out'].add_rule().nw_src_address(
fixed_address).nw_src_length(32).type(
'snat').flow_action('accept').nat_targets(
nat_targets).out_ports(
[tr_port_id]).position(1).properties(
floating_property).create()
# disassociate floating IP
elif floatingip['floatingip']['port_id'] is None:
fip = super(MidonetPluginV2, self).get_floatingip(context, id)
router_id = fip['router_id']
floating_address = fip['floating_ip_address']
fixed_address = fip['fixed_ip_address']
# delete the route for this floating ip
for r in self.provider_router.get_routes():
if (r.get_dst_network_addr() == floating_address and
r.get_dst_network_length() == 32):
r.delete()
# delete snat/dnat rule pair for this floating ip
chains = self.chain_manager.get_router_chains(fip['tenant_id'],
fip['router_id'])
LOG.debug(_('chains=%r'), chains)
for r in chains['in'].get_rules():
if OS_FLOATING_IP_RULE_KEY in r.get_properties():
if r.get_properties()[OS_FLOATING_IP_RULE_KEY] == id:
LOG.debug(_('deleting rule=%r'), r)
r.delete()
break
for r in chains['out'].get_rules():
if OS_FLOATING_IP_RULE_KEY in r.get_properties():
if r.get_properties()[OS_FLOATING_IP_RULE_KEY] == id:
LOG.debug(_('deleting rule=%r'), r)
r.delete()
break
super(MidonetPluginV2, self).update_floatingip(context, id,
floatingip)
LOG.debug(_("MidonetPluginV2.update_floating_ip exiting: fip=%s"), fip)
return fip
#
# Security groups supporting methods
#
def create_security_group(self, context, security_group, default_sg=False):
"""Create chains for Quantum security group."""
LOG.debug(_("MidonetPluginV2.create_security_group called: "
"security_group=%(security_group)s "
"default_sg=%(default_sg)s "),
{'security_group': security_group, 'default_sg': default_sg})
sg = security_group.get('security_group')
tenant_id = self._get_tenant_id_for_create(context, sg)
with context.session.begin(subtransactions=True):
sg_db_entry = super(MidonetPluginV2, self).create_security_group(
context, security_group, default_sg)
# Create MidoNet chains and portgroup for the SG
sg_id = sg_db_entry['id']
sg_name = sg_db_entry['name']
self.chain_manager.create_for_sg(tenant_id, sg_id, sg_name)
self.pg_manager.create(tenant_id, sg_id, sg_name)
LOG.debug(_("MidonetPluginV2.create_security_group exiting: "
"sg_db_entry=%r"), sg_db_entry)
return sg_db_entry
def delete_security_group(self, context, id):
"""Delete chains for Quantum security group."""
LOG.debug(_("MidonetPluginV2.delete_security_group called: id=%s"), id)
with context.session.begin(subtransactions=True):
sg_db_entry = super(MidonetPluginV2, self).get_security_group(
context, id)
if not sg_db_entry:
raise ext_sg.SecurityGroupNotFound(id=id)
sg_name = sg_db_entry['name']
sg_id = sg_db_entry['id']
tenant_id = sg_db_entry['tenant_id']
if sg_name == 'default':
raise ext_sg.SecurityGroupCannotRemoveDefault()
filters = {'security_group_id': [sg_id]}
if super(MidonetPluginV2, self)._get_port_security_group_bindings(
context, filters):
raise ext_sg.SecurityGroupInUse(id=sg_id)
# Delete MidoNet Chains and portgroup for the SG
self.chain_manager.delete_for_sg(tenant_id, sg_id, sg_name)
self.pg_manager.delete(tenant_id, sg_id, sg_name)
return super(MidonetPluginV2, self).delete_security_group(
context, id)
def get_security_groups(self, context, filters=None, fields=None):
LOG.debug(_("MidonetPluginV2.get_security_groups called: "
"filters=%(filters)r fields=%(fields)r"),
{'filters': filters, 'fields': fields})
return super(MidonetPluginV2, self).get_security_groups(
context, filters, fields)
def get_security_group(self, context, id, fields=None, tenant_id=None):
LOG.debug(_("MidonetPluginV2.get_security_group called: id=%(id)s "
"fields=%(fields)r tenant_id=%(tenant_id)s"),
{'id': id, 'fields': fields, 'tenant_id': tenant_id})
return super(MidonetPluginV2, self).get_security_group(context, id,
fields)
def create_security_group_rule(self, context, security_group_rule):
LOG.debug(_("MidonetPluginV2.create_security_group_rule called: "
"security_group_rule=%(security_group_rule)r"),
{'security_group_rule': security_group_rule})
with context.session.begin(subtransactions=True):
rule_db_entry = super(
MidonetPluginV2, self).create_security_group_rule(
context, security_group_rule)
self.rule_manager.create_for_sg_rule(rule_db_entry)
LOG.debug(_("MidonetPluginV2.create_security_group_rule exiting: "
"rule_db_entry=%r"), rule_db_entry)
return rule_db_entry
def delete_security_group_rule(self, context, sgrid):
LOG.debug(_("MidonetPluginV2.delete_security_group_rule called: "
"sgrid=%s"), sgrid)
with context.session.begin(subtransactions=True):
rule_db_entry = super(MidonetPluginV2,
self).get_security_group_rule(context, sgrid)
if not rule_db_entry:
raise ext_sg.SecurityGroupRuleNotFound(id=sgrid)
self.rule_manager.delete_for_sg_rule(rule_db_entry)
return super(MidonetPluginV2,
self).delete_security_group_rule(context, sgrid)
def get_security_group_rules(self, context, filters=None, fields=None):
LOG.debug(_("MidonetPluginV2.get_security_group_rules called: "
"filters=%(filters)r fields=%(fields)r"),
{'filters': filters, 'fields': fields})
return super(MidonetPluginV2, self).get_security_group_rules(
context, filters, fields)
def get_security_group_rule(self, context, id, fields=None):
LOG.debug(_("MidonetPluginV2.get_security_group_rule called: "
"id=%(id)s fields=%(fields)r"),
{'id': id, 'fields': fields})
return super(MidonetPluginV2, self).get_security_group_rule(
context, id, fields)