256 lines
11 KiB
Python
256 lines
11 KiB
Python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright 2012-2013 NEC Corporation. All rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
# @author: Ryota MIBU
|
|
|
|
from neutron.openstack.common import excutils
|
|
from neutron.openstack.common import log as logging
|
|
from neutron.plugins.nec.common import config
|
|
from neutron.plugins.nec.common import exceptions as nexc
|
|
from neutron.plugins.nec.db import api as ndb
|
|
from neutron.plugins.nec.db import packetfilter as pf_db
|
|
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
class PacketFilterMixin(pf_db.PacketFilterDbMixin):
|
|
"""Mixin class to add packet filter to NECPluginV2."""
|
|
|
|
@property
|
|
def packet_filter_enabled(self):
|
|
if not hasattr(self, '_packet_filter_enabled'):
|
|
self._packet_filter_enabled = (
|
|
config.OFC.enable_packet_filter and
|
|
self.ofc.driver.filter_supported())
|
|
return self._packet_filter_enabled
|
|
|
|
def remove_packet_filter_extension_if_disabled(self, aliases):
|
|
if not self.packet_filter_enabled:
|
|
LOG.debug(_('Disabled packet-filter extension.'))
|
|
aliases.remove('packet-filter')
|
|
|
|
def create_packet_filter(self, context, packet_filter):
|
|
"""Create a new packet_filter entry on DB, then try to activate it."""
|
|
LOG.debug(_("create_packet_filter() called, packet_filter=%s ."),
|
|
packet_filter)
|
|
|
|
if hasattr(self.ofc.driver, 'validate_filter_create'):
|
|
pf = packet_filter['packet_filter']
|
|
self.ofc.driver.validate_filter_create(context, pf)
|
|
pf = super(PacketFilterMixin, self).create_packet_filter(
|
|
context, packet_filter)
|
|
|
|
return self.activate_packet_filter_if_ready(context, pf)
|
|
|
|
def update_packet_filter(self, context, id, packet_filter):
|
|
"""Update packet_filter entry on DB, and recreate it if changed.
|
|
|
|
If any rule of the packet_filter was changed, recreate it on OFC.
|
|
"""
|
|
LOG.debug(_("update_packet_filter() called, "
|
|
"id=%(id)s packet_filter=%(packet_filter)s ."),
|
|
{'id': id, 'packet_filter': packet_filter})
|
|
|
|
pf_data = packet_filter['packet_filter']
|
|
if hasattr(self.ofc.driver, 'validate_filter_update'):
|
|
self.ofc.driver.validate_filter_update(context, pf_data)
|
|
|
|
# validate ownership
|
|
pf_old = self.get_packet_filter(context, id)
|
|
|
|
pf = super(PacketFilterMixin, self).update_packet_filter(
|
|
context, id, packet_filter)
|
|
|
|
def _packet_filter_changed(old_pf, new_pf):
|
|
LOG.debug('old_pf=%(old_pf)s, new_pf=%(new_pf)s',
|
|
{'old_pf': old_pf, 'new_pf': new_pf})
|
|
# When the status is ERROR, force sync to OFC.
|
|
if old_pf['status'] == pf_db.PF_STATUS_ERROR:
|
|
LOG.debug('update_packet_filter: Force filter update '
|
|
'because the previous status is ERROR.')
|
|
return True
|
|
for key in new_pf:
|
|
if key in ('id', 'name', 'tenant_id', 'network_id',
|
|
'in_port', 'status'):
|
|
continue
|
|
if old_pf[key] != new_pf[key]:
|
|
return True
|
|
return False
|
|
|
|
if _packet_filter_changed(pf_old, pf):
|
|
if hasattr(self.ofc.driver, 'update_filter'):
|
|
# admin_state is changed
|
|
if pf_old['admin_state_up'] != pf['admin_state_up']:
|
|
LOG.debug('update_packet_filter: admin_state '
|
|
'is changed to %s', pf['admin_state_up'])
|
|
if pf['admin_state_up']:
|
|
self.activate_packet_filter_if_ready(context, pf)
|
|
else:
|
|
self.deactivate_packet_filter(context, pf)
|
|
elif pf['admin_state_up']:
|
|
LOG.debug('update_packet_filter: admin_state is '
|
|
'unchanged (True)')
|
|
if self.ofc.exists_ofc_packet_filter(context, id):
|
|
pf = self._update_packet_filter(context, pf, pf_data)
|
|
else:
|
|
pf = self.activate_packet_filter_if_ready(context, pf)
|
|
else:
|
|
LOG.debug('update_packet_filter: admin_state is unchanged '
|
|
'(False). No need to update OFC filter.')
|
|
else:
|
|
pf = self.deactivate_packet_filter(context, pf)
|
|
pf = self.activate_packet_filter_if_ready(context, pf)
|
|
|
|
return pf
|
|
|
|
def _update_packet_filter(self, context, new_pf, pf_data):
|
|
pf_id = new_pf['id']
|
|
prev_status = new_pf['status']
|
|
try:
|
|
# If previous status is ERROR, try to sync all attributes.
|
|
pf = new_pf if prev_status == pf_db.PF_STATUS_ERROR else pf_data
|
|
self.ofc.update_ofc_packet_filter(context, pf_id, pf)
|
|
new_status = pf_db.PF_STATUS_ACTIVE
|
|
if new_status != prev_status:
|
|
self._update_resource_status(context, "packet_filter",
|
|
pf_id, new_status)
|
|
new_pf['status'] = new_status
|
|
return new_pf
|
|
except Exception as exc:
|
|
with excutils.save_and_reraise_exception():
|
|
if (isinstance(exc, nexc.OFCException) or
|
|
isinstance(exc, nexc.OFCConsistencyBroken)):
|
|
LOG.error(_("Failed to create packet_filter id=%(id)s on "
|
|
"OFC: %(exc)s"),
|
|
{'id': pf_id, 'exc': exc})
|
|
new_status = pf_db.PF_STATUS_ERROR
|
|
if new_status != prev_status:
|
|
self._update_resource_status(context, "packet_filter",
|
|
pf_id, new_status)
|
|
|
|
def delete_packet_filter(self, context, id):
|
|
"""Deactivate and delete packet_filter."""
|
|
LOG.debug(_("delete_packet_filter() called, id=%s ."), id)
|
|
|
|
# validate ownership
|
|
pf = self.get_packet_filter(context, id)
|
|
|
|
pf = self.deactivate_packet_filter(context, pf)
|
|
if pf['status'] == pf_db.PF_STATUS_ERROR:
|
|
msg = _("Failed to delete packet_filter id=%s which remains in "
|
|
"error status.") % id
|
|
LOG.error(msg)
|
|
raise nexc.OFCException(reason=msg)
|
|
|
|
super(PacketFilterMixin, self).delete_packet_filter(context, id)
|
|
|
|
def activate_packet_filter_if_ready(self, context, packet_filter):
|
|
"""Activate packet_filter by creating filter on OFC if ready.
|
|
|
|
Conditions to create packet_filter on OFC are:
|
|
* packet_filter admin_state is UP
|
|
* (if 'in_port' is specified) portinfo is available
|
|
"""
|
|
LOG.debug(_("activate_packet_filter_if_ready() called, "
|
|
"packet_filter=%s."), packet_filter)
|
|
|
|
pf_id = packet_filter['id']
|
|
in_port_id = packet_filter.get('in_port')
|
|
current = packet_filter['status']
|
|
|
|
pf_status = current
|
|
if not packet_filter['admin_state_up']:
|
|
LOG.debug(_("activate_packet_filter_if_ready(): skip pf_id=%s, "
|
|
"packet_filter.admin_state_up is False."), pf_id)
|
|
elif in_port_id and not ndb.get_portinfo(context.session, in_port_id):
|
|
LOG.debug(_("activate_packet_filter_if_ready(): skip "
|
|
"pf_id=%s, no portinfo for the in_port."), pf_id)
|
|
elif self.ofc.exists_ofc_packet_filter(context, packet_filter['id']):
|
|
LOG.debug(_("_activate_packet_filter_if_ready(): skip, "
|
|
"ofc_packet_filter already exists."))
|
|
else:
|
|
LOG.debug(_("activate_packet_filter_if_ready(): create "
|
|
"packet_filter id=%s on OFC."), pf_id)
|
|
try:
|
|
self.ofc.create_ofc_packet_filter(context, pf_id,
|
|
packet_filter)
|
|
pf_status = pf_db.PF_STATUS_ACTIVE
|
|
except (nexc.OFCException, nexc.OFCMappingNotFound) as exc:
|
|
LOG.error(_("Failed to create packet_filter id=%(id)s on "
|
|
"OFC: %(exc)s"), {'id': pf_id, 'exc': exc})
|
|
pf_status = pf_db.PF_STATUS_ERROR
|
|
|
|
if pf_status != current:
|
|
self._update_resource_status(context, "packet_filter", pf_id,
|
|
pf_status)
|
|
packet_filter.update({'status': pf_status})
|
|
|
|
return packet_filter
|
|
|
|
def deactivate_packet_filter(self, context, packet_filter):
|
|
"""Deactivate packet_filter by deleting filter from OFC if exixts."""
|
|
LOG.debug(_("deactivate_packet_filter_if_ready() called, "
|
|
"packet_filter=%s."), packet_filter)
|
|
pf_id = packet_filter['id']
|
|
current = packet_filter['status']
|
|
|
|
pf_status = current
|
|
if self.ofc.exists_ofc_packet_filter(context, pf_id):
|
|
LOG.debug(_("deactivate_packet_filter(): "
|
|
"deleting packet_filter id=%s from OFC."), pf_id)
|
|
try:
|
|
self.ofc.delete_ofc_packet_filter(context, pf_id)
|
|
pf_status = pf_db.PF_STATUS_DOWN
|
|
except (nexc.OFCException, nexc.OFCMappingNotFound) as exc:
|
|
LOG.error(_("Failed to delete packet_filter id=%(id)s from "
|
|
"OFC: %(exc)s"), {'id': pf_id, 'exc': exc})
|
|
pf_status = pf_db.PF_STATUS_ERROR
|
|
else:
|
|
LOG.debug(_("deactivate_packet_filter(): skip, "
|
|
"Not found OFC Mapping for packet_filter id=%s."),
|
|
pf_id)
|
|
|
|
if pf_status != current:
|
|
self._update_resource_status(context, "packet_filter", pf_id,
|
|
pf_status)
|
|
packet_filter.update({'status': pf_status})
|
|
|
|
return packet_filter
|
|
|
|
def activate_packet_filters_by_port(self, context, port_id):
|
|
if not self.packet_filter_enabled:
|
|
return
|
|
|
|
filters = {'in_port': [port_id], 'admin_state_up': [True],
|
|
'status': [pf_db.PF_STATUS_DOWN]}
|
|
pfs = self.get_packet_filters(context, filters=filters)
|
|
for pf in pfs:
|
|
self.activate_packet_filter_if_ready(context, pf)
|
|
|
|
def deactivate_packet_filters_by_port(self, context, port_id):
|
|
if not self.packet_filter_enabled:
|
|
return
|
|
|
|
filters = {'in_port': [port_id], 'status': [pf_db.PF_STATUS_ACTIVE]}
|
|
pfs = self.get_packet_filters(context, filters=filters)
|
|
for pf in pfs:
|
|
self.deactivate_packet_filter(context, pf)
|
|
|
|
def get_packet_filters_for_port(self, context, port):
|
|
if self.packet_filter_enabled:
|
|
return super(PacketFilterMixin,
|
|
self).get_packet_filters_for_port(context, port)
|