762 lines
34 KiB
Python
762 lines
34 KiB
Python
# Copyright 2015 Huawei Technologies Co., Ltd.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import datetime
|
|
import eventlet
|
|
import netaddr
|
|
import random
|
|
import six
|
|
|
|
from oslo_config import cfg
|
|
from oslo_log import log as logging
|
|
import oslo_messaging as messaging
|
|
from oslo_service import periodic_task
|
|
|
|
import neutron_lib.exceptions as q_exceptions
|
|
import neutronclient.common.exceptions as q_cli_exceptions
|
|
|
|
from tricircle.common import client
|
|
from tricircle.common import constants
|
|
from tricircle.common.i18n import _, _LE, _LI, _LW
|
|
from tricircle.common import xrpcapi
|
|
import tricircle.db.api as db_api
|
|
from tricircle.db import core
|
|
from tricircle.db import models
|
|
import tricircle.network.exceptions as t_network_exc
|
|
from tricircle.network import helper
|
|
|
|
|
|
CONF = cfg.CONF
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
IN_TEST = False
|
|
AZ_HINTS = 'availability_zone_hints'
|
|
|
|
|
|
def _job_handle(job_type):
|
|
def handle_func(func):
|
|
@six.wraps(func)
|
|
def handle_args(*args, **kwargs):
|
|
if IN_TEST:
|
|
# NOTE(zhiyuan) job mechanism will cause some unpredictable
|
|
# result in unit test so we would like to bypass it. However
|
|
# we have problem mocking a decorator which decorates member
|
|
# functions, that's why we use this label, not an elegant
|
|
# way though.
|
|
func(*args, **kwargs)
|
|
return
|
|
ctx = args[1]
|
|
payload = kwargs['payload']
|
|
|
|
resource_id = payload[job_type]
|
|
db_api.new_job(ctx, job_type, resource_id)
|
|
start_time = datetime.datetime.now()
|
|
|
|
while True:
|
|
current_time = datetime.datetime.now()
|
|
delta = current_time - start_time
|
|
if delta.seconds >= CONF.worker_handle_timeout:
|
|
# quit when this handle is running for a long time
|
|
break
|
|
time_new = db_api.get_latest_timestamp(ctx, constants.JS_New,
|
|
job_type, resource_id)
|
|
time_success = db_api.get_latest_timestamp(
|
|
ctx, constants.JS_Success, job_type, resource_id)
|
|
if time_success and time_success >= time_new:
|
|
break
|
|
job = db_api.register_job(ctx, job_type, resource_id)
|
|
if not job:
|
|
# fail to obtain the lock, let other worker handle the job
|
|
running_job = db_api.get_running_job(ctx, job_type,
|
|
resource_id)
|
|
if not running_job:
|
|
# there are two reasons that running_job is None. one
|
|
# is that the running job has just been finished, the
|
|
# other is that all workers fail to register the job
|
|
# due to deadlock exception. so we sleep and try again
|
|
eventlet.sleep(CONF.worker_sleep_time)
|
|
continue
|
|
job_time = running_job['timestamp']
|
|
current_time = datetime.datetime.now()
|
|
delta = current_time - job_time
|
|
if delta.seconds > CONF.job_run_expire:
|
|
# previous running job expires, we set its status to
|
|
# fail and try again to obtain the lock
|
|
db_api.finish_job(ctx, running_job['id'], False,
|
|
time_new)
|
|
LOG.warning(_LW('Job %(job)s of type %(job_type)s for '
|
|
'resource %(resource)s expires, set '
|
|
'its state to Fail'),
|
|
{'job': running_job['id'],
|
|
'job_type': job_type,
|
|
'resource': resource_id})
|
|
eventlet.sleep(CONF.worker_sleep_time)
|
|
continue
|
|
else:
|
|
# previous running job is still valid, we just leave
|
|
# the job to the worker who holds the lock
|
|
break
|
|
# successfully obtain the lock, start to execute handler
|
|
try:
|
|
func(*args, **kwargs)
|
|
except Exception:
|
|
db_api.finish_job(ctx, job['id'], False, time_new)
|
|
LOG.error(_LE('Job %(job)s of type %(job_type)s for '
|
|
'resource %(resource)s fails'),
|
|
{'job': job['id'],
|
|
'job_type': job_type,
|
|
'resource': resource_id})
|
|
break
|
|
db_api.finish_job(ctx, job['id'], True, time_new)
|
|
eventlet.sleep(CONF.worker_sleep_time)
|
|
return handle_args
|
|
return handle_func
|
|
|
|
|
|
class PeriodicTasks(periodic_task.PeriodicTasks):
|
|
def __init__(self):
|
|
super(PeriodicTasks, self).__init__(CONF)
|
|
|
|
|
|
class XManager(PeriodicTasks):
|
|
|
|
target = messaging.Target(version='1.0')
|
|
|
|
def __init__(self, host=None, service_name='xjob'):
|
|
|
|
LOG.debug(_('XManager initialization...'))
|
|
|
|
if not host:
|
|
host = CONF.host
|
|
self.host = host
|
|
self.service_name = service_name
|
|
# self.notifier = rpc.get_notifier(self.service_name, self.host)
|
|
self.additional_endpoints = []
|
|
self.clients = {constants.TOP: client.Client()}
|
|
self.job_handles = {
|
|
constants.JT_ROUTER: self.configure_extra_routes,
|
|
constants.JT_ROUTER_SETUP: self.setup_bottom_router,
|
|
constants.JT_PORT_DELETE: self.delete_server_port,
|
|
constants.JT_SEG_RULE_SETUP: self.configure_security_group_rules}
|
|
self.helper = helper.NetworkHelper()
|
|
self.xjob_handler = xrpcapi.XJobAPI()
|
|
super(XManager, self).__init__()
|
|
|
|
def _get_client(self, pod_name=None):
|
|
if not pod_name:
|
|
return self.clients[constants.TOP]
|
|
if pod_name not in self.clients:
|
|
self.clients[pod_name] = client.Client(pod_name)
|
|
return self.clients[pod_name]
|
|
|
|
def periodic_tasks(self, context, raise_on_error=False):
|
|
"""Tasks to be run at a periodic interval."""
|
|
return self.run_periodic_tasks(context, raise_on_error=raise_on_error)
|
|
|
|
def init_host(self):
|
|
|
|
"""init_host
|
|
|
|
Hook to do additional manager initialization when one requests
|
|
the service be started. This is called before any service record
|
|
is created.
|
|
Child classes should override this method.
|
|
"""
|
|
|
|
LOG.debug(_('XManager init_host...'))
|
|
|
|
pass
|
|
|
|
def cleanup_host(self):
|
|
|
|
"""cleanup_host
|
|
|
|
Hook to do cleanup work when the service shuts down.
|
|
Child classes should override this method.
|
|
"""
|
|
|
|
LOG.debug(_('XManager cleanup_host...'))
|
|
|
|
pass
|
|
|
|
def pre_start_hook(self):
|
|
|
|
"""pre_start_hook
|
|
|
|
Hook to provide the manager the ability to do additional
|
|
start-up work before any RPC queues/consumers are created. This is
|
|
called after other initialization has succeeded and a service
|
|
record is created.
|
|
Child classes should override this method.
|
|
"""
|
|
|
|
LOG.debug(_('XManager pre_start_hook...'))
|
|
|
|
pass
|
|
|
|
def post_start_hook(self):
|
|
|
|
"""post_start_hook
|
|
|
|
Hook to provide the manager the ability to do additional
|
|
start-up work immediately after a service creates RPC consumers
|
|
and starts 'running'.
|
|
Child classes should override this method.
|
|
"""
|
|
|
|
LOG.debug(_('XManager post_start_hook...'))
|
|
|
|
pass
|
|
|
|
# rpc message endpoint handling
|
|
def test_rpc(self, ctx, payload):
|
|
|
|
LOG.info(_LI("xmanager receive payload: %s"), payload)
|
|
|
|
info_text = "xmanager receive payload: %s" % payload
|
|
|
|
return info_text
|
|
|
|
@staticmethod
|
|
def _get_resource_by_name(cli, cxt, _type, name):
|
|
return cli.list_resources(_type, cxt, filters=[{'key': 'name',
|
|
'comparator': 'eq',
|
|
'value': name}])[0]
|
|
|
|
@staticmethod
|
|
def _get_router_interfaces(cli, cxt, router_id, net_id):
|
|
return cli.list_ports(
|
|
cxt, filters=[{'key': 'network_id', 'comparator': 'eq',
|
|
'value': net_id},
|
|
{'key': 'device_id', 'comparator': 'eq',
|
|
'value': router_id}])
|
|
|
|
@periodic_task.periodic_task
|
|
def redo_failed_job(self, ctx):
|
|
failed_jobs = db_api.get_latest_failed_jobs(ctx)
|
|
failed_jobs = [
|
|
job for job in failed_jobs if job['type'] in self.job_handles]
|
|
if not failed_jobs:
|
|
return
|
|
# in one run we only pick one job to handle
|
|
job_index = random.randint(0, len(failed_jobs) - 1)
|
|
failed_job = failed_jobs[job_index]
|
|
job_type = failed_job['type']
|
|
payload = {job_type: failed_job['resource_id']}
|
|
LOG.debug(_('Redo failed job for %(resource_id)s of type '
|
|
'%(job_type)s'),
|
|
{'resource_id': failed_job['resource_id'],
|
|
'job_type': job_type})
|
|
self.job_handles[job_type](ctx, payload=payload)
|
|
|
|
@staticmethod
|
|
def _safe_create_bottom_floatingip(t_ctx, pod, client, fip_net_id,
|
|
fip_address, port_id):
|
|
try:
|
|
client.create_floatingips(
|
|
t_ctx, {'floatingip': {'floating_network_id': fip_net_id,
|
|
'floating_ip_address': fip_address,
|
|
'port_id': port_id}})
|
|
except q_cli_exceptions.IpAddressInUseClient:
|
|
fips = client.list_floatingips(t_ctx,
|
|
[{'key': 'floating_ip_address',
|
|
'comparator': 'eq',
|
|
'value': fip_address}])
|
|
if not fips:
|
|
# this is rare case that we got IpAddressInUseClient exception
|
|
# a second ago but now the floating ip is missing
|
|
raise t_network_exc.BottomPodOperationFailure(
|
|
resource='floating ip', pod_name=pod['pod_name'])
|
|
associated_port_id = fips[0].get('port_id')
|
|
if associated_port_id == port_id:
|
|
# if the internal port associated with the existing fip is what
|
|
# we expect, just ignore this exception
|
|
pass
|
|
elif not associated_port_id:
|
|
# if the existing fip is not associated with any internal port,
|
|
# update the fip to add association
|
|
client.update_floatingips(t_ctx, fips[0]['id'],
|
|
{'floatingip': {'port_id': port_id}})
|
|
else:
|
|
raise
|
|
|
|
def _setup_router_one_pod(self, ctx, t_pod, b_pod, t_client, t_net,
|
|
t_router, t_ew_bridge_net, t_ew_bridge_subnet,
|
|
need_ns_bridge):
|
|
b_client = self._get_client(b_pod['pod_name'])
|
|
|
|
router_body = {'router': {'name': t_router['id'],
|
|
'distributed': False}}
|
|
project_id = t_router['tenant_id']
|
|
|
|
# create bottom router in target bottom pod
|
|
_, b_router_id = self.helper.prepare_bottom_element(
|
|
ctx, project_id, b_pod, t_router, 'router', router_body)
|
|
|
|
# handle E-W networking
|
|
# create top E-W bridge port
|
|
q_ctx = None # no need to pass neutron context when using client
|
|
t_ew_bridge_port_id = self.helper.get_bridge_interface(
|
|
ctx, q_ctx, project_id, t_pod, t_ew_bridge_net['id'],
|
|
b_router_id, None, True)
|
|
|
|
# create bottom E-W bridge port
|
|
t_ew_bridge_port = t_client.get_ports(ctx, t_ew_bridge_port_id)
|
|
(is_new, b_ew_bridge_port_id,
|
|
_, _) = self.helper.get_bottom_bridge_elements(
|
|
ctx, project_id, b_pod, t_ew_bridge_net, False, t_ew_bridge_subnet,
|
|
t_ew_bridge_port)
|
|
|
|
# attach bottom E-W bridge port to bottom router
|
|
if is_new:
|
|
# only attach bridge port the first time
|
|
b_client.action_routers(ctx, 'add_interface', b_router_id,
|
|
{'port_id': b_ew_bridge_port_id})
|
|
else:
|
|
# still need to check if the bridge port is bound
|
|
port = b_client.get_ports(ctx, b_ew_bridge_port_id)
|
|
if not port.get('device_id'):
|
|
b_client.action_routers(ctx, 'add_interface', b_router_id,
|
|
{'port_id': b_ew_bridge_port_id})
|
|
|
|
# handle N-S networking
|
|
if need_ns_bridge:
|
|
t_ns_bridge_net_name = constants.ns_bridge_net_name % project_id
|
|
t_ns_bridge_subnet_name = constants.ns_bridge_subnet_name % (
|
|
project_id)
|
|
t_ns_bridge_net = self._get_resource_by_name(
|
|
t_client, ctx, 'network', t_ns_bridge_net_name)
|
|
t_ns_bridge_subnet = self._get_resource_by_name(
|
|
t_client, ctx, 'subnet', t_ns_bridge_subnet_name)
|
|
# create bottom N-S bridge network and subnet
|
|
(_, _, b_ns_bridge_subnet_id,
|
|
b_ns_bridge_net_id) = self.helper.get_bottom_bridge_elements(
|
|
ctx, project_id, b_pod, t_ns_bridge_net, True,
|
|
t_ns_bridge_subnet, None)
|
|
# create top N-S bridge gateway port
|
|
t_ns_bridge_gateway_id = self.helper.get_bridge_interface(
|
|
ctx, q_ctx, project_id, t_pod, t_ns_bridge_net['id'],
|
|
b_router_id, None, False)
|
|
t_ns_bridge_gateway = t_client.get_ports(ctx,
|
|
t_ns_bridge_gateway_id)
|
|
# add external gateway for bottom router
|
|
# add gateway is update operation, can run multiple times
|
|
gateway_ip = t_ns_bridge_gateway['fixed_ips'][0]['ip_address']
|
|
b_client.action_routers(
|
|
ctx, 'add_gateway', b_router_id,
|
|
{'network_id': b_ns_bridge_net_id,
|
|
'external_fixed_ips': [{'subnet_id': b_ns_bridge_subnet_id,
|
|
'ip_address': gateway_ip}]})
|
|
|
|
# attach internal port to bottom router
|
|
t_ports = self._get_router_interfaces(t_client, ctx, t_router['id'],
|
|
t_net['id'])
|
|
b_net_id = db_api.get_bottom_id_by_top_id_pod_name(
|
|
ctx, t_net['id'], b_pod['pod_name'], constants.RT_NETWORK)
|
|
if b_net_id:
|
|
b_ports = self._get_router_interfaces(b_client, ctx, b_router_id,
|
|
b_net_id)
|
|
else:
|
|
b_ports = []
|
|
if not t_ports and b_ports:
|
|
# remove redundant bottom interface
|
|
b_port = b_ports[0]
|
|
request_body = {'port_id': b_port['id']}
|
|
b_client.action_routers(ctx, 'remove_interface', b_router_id,
|
|
request_body)
|
|
elif t_ports and not b_ports:
|
|
# create new bottom interface
|
|
t_port = t_ports[0]
|
|
|
|
# only consider ipv4 address currently
|
|
t_subnet_id = t_port['fixed_ips'][0]['subnet_id']
|
|
t_subnet = t_client.get_subnets(ctx, t_subnet_id)
|
|
|
|
if CONF.enable_api_gateway:
|
|
(b_net_id,
|
|
subnet_map) = self.helper.prepare_bottom_network_subnets(
|
|
ctx, q_ctx, project_id, b_pod, t_net, [t_subnet])
|
|
else:
|
|
(b_net_id,
|
|
subnet_map) = (t_net['id'], {t_subnet['id']: t_subnet['id']})
|
|
|
|
# the gateway ip of bottom subnet is set to the ip of t_port, so
|
|
# we just attach the bottom subnet to the bottom router and neutron
|
|
# server in the bottom pod will create the interface for us, using
|
|
# the gateway ip.
|
|
b_client.action_routers(ctx, 'add_interface', b_router_id,
|
|
{'subnet_id': subnet_map[t_subnet_id]})
|
|
|
|
if not t_router['external_gateway_info']:
|
|
return
|
|
|
|
# handle floatingip
|
|
t_ext_net_id = t_router['external_gateway_info']['network_id']
|
|
t_fips = t_client.list_floatingips(ctx, [{'key': 'floating_network_id',
|
|
'comparator': 'eq',
|
|
'value': t_ext_net_id}])
|
|
# skip unbound top floatingip
|
|
t_ip_fip_map = dict([(fip['floating_ip_address'],
|
|
fip) for fip in t_fips if fip['port_id']])
|
|
mappings = db_api.get_bottom_mappings_by_top_id(ctx, t_ext_net_id,
|
|
constants.RT_NETWORK)
|
|
# bottom external network should exist
|
|
b_ext_pod, b_ext_net_id = mappings[0]
|
|
b_ext_client = self._get_client(b_ext_pod['pod_name'])
|
|
b_fips = b_ext_client.list_floatingips(
|
|
ctx, [{'key': 'floating_network_id', 'comparator': 'eq',
|
|
'value': b_ext_net_id}])
|
|
b_ip_fip_map = dict([(fip['floating_ip_address'],
|
|
fip) for fip in b_fips])
|
|
add_fips = [ip for ip in t_ip_fip_map if ip not in b_ip_fip_map]
|
|
del_fips = [ip for ip in b_ip_fip_map if ip not in t_ip_fip_map]
|
|
|
|
for add_fip in add_fips:
|
|
fip = t_ip_fip_map[add_fip]
|
|
t_int_port_id = fip['port_id']
|
|
b_int_port_id = db_api.get_bottom_id_by_top_id_pod_name(
|
|
ctx, t_int_port_id, b_pod['pod_name'], constants.RT_PORT)
|
|
if not b_int_port_id:
|
|
LOG.warning(_LW('Port %(port_id)s associated with floating ip '
|
|
'%(fip)s is not mapped to bottom pod'),
|
|
{'port_id': t_int_port_id, 'fip': add_fip})
|
|
continue
|
|
t_int_port = t_client.get_ports(ctx, t_int_port_id)
|
|
if t_int_port['network_id'] != t_net['id']:
|
|
# only handle floating ip association for the given top network
|
|
continue
|
|
if need_ns_bridge:
|
|
# create top N-S bridge interface port
|
|
t_ns_bridge_port_id = self.helper.get_bridge_interface(
|
|
ctx, q_ctx, project_id, t_pod, t_ns_bridge_net['id'], None,
|
|
b_int_port_id, False)
|
|
t_ns_bridge_port = t_client.get_ports(ctx, t_ns_bridge_port_id)
|
|
b_ext_bridge_net_id = db_api.get_bottom_id_by_top_id_pod_name(
|
|
ctx, t_ns_bridge_net['id'], b_ext_pod['pod_name'],
|
|
constants.RT_NETWORK)
|
|
port_body = {
|
|
'port': {
|
|
'tenant_id': project_id,
|
|
'admin_state_up': True,
|
|
'name': 'ns_bridge_port',
|
|
'network_id': b_ext_bridge_net_id,
|
|
'fixed_ips': [{'ip_address': t_ns_bridge_port[
|
|
'fixed_ips'][0]['ip_address']}]
|
|
}
|
|
}
|
|
_, b_ns_bridge_port_id = self.helper.prepare_bottom_element(
|
|
ctx, project_id, b_ext_pod, t_ns_bridge_port,
|
|
constants.RT_PORT, port_body)
|
|
# swap these two lines
|
|
self._safe_create_bottom_floatingip(
|
|
ctx, b_pod, b_client, b_ns_bridge_net_id,
|
|
t_ns_bridge_port['fixed_ips'][0]['ip_address'],
|
|
b_int_port_id)
|
|
self._safe_create_bottom_floatingip(
|
|
ctx, b_ext_pod, b_ext_client, b_ext_net_id, add_fip,
|
|
b_ns_bridge_port_id)
|
|
else:
|
|
self._safe_create_bottom_floatingip(
|
|
ctx, b_pod, b_client, b_ext_net_id, add_fip,
|
|
b_int_port_id)
|
|
|
|
for del_fip in del_fips:
|
|
fip = b_ip_fip_map[del_fip]
|
|
if not fip['port_id']:
|
|
b_ext_client.delete_floatingips(ctx, fip['id'])
|
|
continue
|
|
if need_ns_bridge:
|
|
b_ns_bridge_port = b_ext_client.get_ports(ctx, fip['port_id'])
|
|
entries = core.query_resource(
|
|
ctx, models.ResourceRouting,
|
|
[{'key': 'bottom_id', 'comparator': 'eq',
|
|
'value': b_ns_bridge_port['id']},
|
|
{'key': 'pod_id', 'comparator': 'eq',
|
|
'value': b_ext_pod['pod_id']}], [])
|
|
t_ns_bridge_port_id = entries[0]['top_id']
|
|
b_int_fips = b_client.list_floatingips(
|
|
ctx,
|
|
[{'key': 'floating_ip_address',
|
|
'comparator': 'eq',
|
|
'value': b_ns_bridge_port['fixed_ips'][0]['ip_address']},
|
|
{'key': 'floating_network_id',
|
|
'comparator': 'eq',
|
|
'value': b_ns_bridge_net_id}])
|
|
if b_int_fips:
|
|
b_client.delete_floatingips(ctx, b_int_fips[0]['id'])
|
|
|
|
# for bridge port, we have two resource routing entries, one
|
|
# for bridge port in top pod, another for bridge port in bottom
|
|
# pod. calling t_client.delete_ports will delete bridge port in
|
|
# bottom pod as well as routing entry for it, but we also need
|
|
# to remove routing entry for bridge port in top pod, bridge
|
|
# network will be deleted when deleting router
|
|
|
|
# first we update the routing entry to set bottom_id to None
|
|
# and expire the entry, so if we succeed to delete the bridge
|
|
# port next, this expired entry will be deleted; otherwise, we
|
|
# fail to delete the bridge port, when the port is accessed via
|
|
# lock_handle module, that module will find the port and update
|
|
# the entry
|
|
with ctx.session.begin():
|
|
core.update_resources(
|
|
ctx, models.ResourceRouting,
|
|
[{'key': 'bottom_id', 'comparator': 'eq',
|
|
'value': t_ns_bridge_port_id}],
|
|
{'bottom_id': None,
|
|
'created_at': constants.expire_time,
|
|
'updated_at': constants.expire_time})
|
|
# delete bridge port
|
|
t_client.delete_ports(ctx, t_ns_bridge_port_id)
|
|
# delete the expired entry, even if this deletion fails, we
|
|
# still have a chance that lock_handle module will delete it
|
|
with ctx.session.begin():
|
|
core.delete_resources(ctx, models.ResourceRouting,
|
|
[{'key': 'bottom_id',
|
|
'comparator': 'eq',
|
|
'value': t_ns_bridge_port_id}])
|
|
b_ext_client.delete_floatingips(ctx, fip['id'])
|
|
|
|
@_job_handle(constants.JT_ROUTER_SETUP)
|
|
def setup_bottom_router(self, ctx, payload):
|
|
(b_pod_id,
|
|
t_router_id, t_net_id) = payload[constants.JT_ROUTER_SETUP].split('#')
|
|
|
|
if b_pod_id == constants.POD_NOT_SPECIFIED:
|
|
mappings = db_api.get_bottom_mappings_by_top_id(
|
|
ctx, t_net_id, constants.RT_NETWORK)
|
|
b_pods = [mapping[0] for mapping in mappings]
|
|
for b_pod in b_pods:
|
|
# NOTE(zhiyuan) we create one job for each pod to avoid
|
|
# conflict caused by different workers operating the same pod
|
|
self.xjob_handler.setup_bottom_router(
|
|
ctx, t_net_id, t_router_id, b_pod['pod_id'])
|
|
return
|
|
|
|
t_client = self._get_client()
|
|
t_pod = db_api.get_top_pod(ctx)
|
|
t_router = t_client.get_routers(ctx, t_router_id)
|
|
if not t_router:
|
|
# we just end this job if top router no longer exists
|
|
return
|
|
t_net = t_client.get_networks(ctx, t_net_id)
|
|
if not t_net:
|
|
# we just end this job if top network no longer exists
|
|
return
|
|
project_id = t_router['tenant_id']
|
|
|
|
b_pod = db_api.get_pod(ctx, b_pod_id)
|
|
|
|
t_ew_bridge_net_name = constants.ew_bridge_net_name % project_id
|
|
t_ew_bridge_subnet_name = constants.ew_bridge_subnet_name % project_id
|
|
t_ew_bridge_net = self._get_resource_by_name(t_client, ctx, 'network',
|
|
t_ew_bridge_net_name)
|
|
t_ew_bridge_subnet = self._get_resource_by_name(
|
|
t_client, ctx, 'subnet', t_ew_bridge_subnet_name)
|
|
|
|
ext_nets = t_client.list_networks(ctx,
|
|
filters=[{'key': 'router:external',
|
|
'comparator': 'eq',
|
|
'value': True}])
|
|
ext_net_pod_names = set(
|
|
[ext_net[AZ_HINTS][0] for ext_net in ext_nets])
|
|
|
|
if not ext_net_pod_names:
|
|
need_ns_bridge = False
|
|
elif b_pod['pod_name'] in ext_net_pod_names:
|
|
need_ns_bridge = False
|
|
else:
|
|
need_ns_bridge = True
|
|
self._setup_router_one_pod(ctx, t_pod, b_pod, t_client, t_net,
|
|
t_router, t_ew_bridge_net,
|
|
t_ew_bridge_subnet, need_ns_bridge)
|
|
|
|
self.xjob_handler.configure_extra_routes(ctx, t_router_id)
|
|
|
|
@_job_handle(constants.JT_ROUTER)
|
|
def configure_extra_routes(self, ctx, payload):
|
|
t_router_id = payload[constants.JT_ROUTER]
|
|
|
|
non_vm_port_types = ['network:router_interface',
|
|
'network:router_gateway',
|
|
'network:dhcp']
|
|
|
|
b_pods, b_router_ids = zip(*db_api.get_bottom_mappings_by_top_id(
|
|
ctx, t_router_id, constants.RT_ROUTER))
|
|
|
|
router_bridge_ip_map = {}
|
|
router_ips_map = {}
|
|
for i, b_pod in enumerate(b_pods):
|
|
bottom_client = self._get_client(pod_name=b_pod['pod_name'])
|
|
b_interfaces = bottom_client.list_ports(
|
|
ctx, filters=[{'key': 'device_id',
|
|
'comparator': 'eq',
|
|
'value': b_router_ids[i]},
|
|
{'key': 'device_owner',
|
|
'comparator': 'eq',
|
|
'value': 'network:router_interface'}])
|
|
router_ips_map[b_router_ids[i]] = {}
|
|
for b_interface in b_interfaces:
|
|
ip = b_interface['fixed_ips'][0]['ip_address']
|
|
ew_bridge_cidr = CONF.client.ew_bridge_cidr
|
|
ns_bridge_cidr = CONF.client.ns_bridge_cidr
|
|
if netaddr.IPAddress(ip) in netaddr.IPNetwork(ew_bridge_cidr):
|
|
router_bridge_ip_map[b_router_ids[i]] = ip
|
|
continue
|
|
if netaddr.IPAddress(ip) in netaddr.IPNetwork(ns_bridge_cidr):
|
|
continue
|
|
b_net_id = b_interface['network_id']
|
|
b_subnet = bottom_client.get_subnets(
|
|
ctx, b_interface['fixed_ips'][0]['subnet_id'])
|
|
b_ports = bottom_client.list_ports(
|
|
ctx, filters=[{'key': 'network_id',
|
|
'comparator': 'eq',
|
|
'value': b_net_id}])
|
|
b_vm_ports = [b_port for b_port in b_ports if b_port.get(
|
|
'device_owner', '') not in non_vm_port_types]
|
|
ips = [vm_port['fixed_ips'][0][
|
|
'ip_address'] for vm_port in b_vm_ports]
|
|
router_ips_map[b_router_ids[i]][b_subnet['cidr']] = ips
|
|
|
|
for i, b_router_id in enumerate(b_router_ids):
|
|
bottom_client = self._get_client(pod_name=b_pods[i]['pod_name'])
|
|
extra_routes = []
|
|
if not router_ips_map[b_router_id]:
|
|
bottom_client.update_routers(
|
|
ctx, b_router_id, {'router': {'routes': extra_routes}})
|
|
continue
|
|
for router_id, cidr_ips_map in router_ips_map.iteritems():
|
|
if router_id == b_router_id:
|
|
continue
|
|
for cidr, ips in cidr_ips_map.iteritems():
|
|
if cidr in router_ips_map[b_router_id]:
|
|
continue
|
|
for ip in ips:
|
|
extra_routes.append(
|
|
{'nexthop': router_bridge_ip_map[router_id],
|
|
'destination': ip + '/32'})
|
|
bottom_client.update_routers(
|
|
ctx, b_router_id, {'router': {'routes': extra_routes}})
|
|
|
|
@_job_handle(constants.JT_PORT_DELETE)
|
|
def delete_server_port(self, ctx, payload):
|
|
t_port_id = payload[constants.JT_PORT_DELETE]
|
|
self._get_client().delete_ports(ctx, t_port_id)
|
|
|
|
@staticmethod
|
|
def _safe_create_security_group_rule(context, client, body):
|
|
try:
|
|
client.create_security_group_rules(context, body)
|
|
except q_exceptions.Conflict:
|
|
return
|
|
|
|
@staticmethod
|
|
def _safe_delete_security_group_rule(context, client, _id):
|
|
try:
|
|
client.delete_security_group_rules(context, _id)
|
|
except q_exceptions.NotFound:
|
|
return
|
|
|
|
@staticmethod
|
|
def _construct_bottom_rule(rule, sg_id, ip=None):
|
|
ip = ip or rule['remote_ip_prefix']
|
|
# if ip is passed, this is a extended rule for remote group
|
|
return {'remote_group_id': None,
|
|
'direction': rule['direction'],
|
|
'remote_ip_prefix': ip,
|
|
'protocol': rule.get('protocol'),
|
|
'ethertype': rule['ethertype'],
|
|
'port_range_max': rule.get('port_range_max'),
|
|
'port_range_min': rule.get('port_range_min'),
|
|
'security_group_id': sg_id}
|
|
|
|
@staticmethod
|
|
def _compare_rule(rule1, rule2):
|
|
for key in ('direction', 'remote_ip_prefix', 'protocol', 'ethertype',
|
|
'port_range_max', 'port_range_min'):
|
|
if rule1[key] != rule2[key]:
|
|
return False
|
|
return True
|
|
|
|
@_job_handle(constants.JT_SEG_RULE_SETUP)
|
|
def configure_security_group_rules(self, ctx, payload):
|
|
project_id = payload[constants.JT_SEG_RULE_SETUP]
|
|
top_client = self._get_client()
|
|
sg_filters = [{'key': 'tenant_id', 'comparator': 'eq',
|
|
'value': project_id}]
|
|
top_sgs = top_client.list_security_groups(ctx, sg_filters)
|
|
for top_sg in top_sgs:
|
|
new_b_rules = []
|
|
for t_rule in top_sg['security_group_rules']:
|
|
if not t_rule['remote_group_id']:
|
|
# leave sg_id empty here
|
|
new_b_rules.append(
|
|
self._construct_bottom_rule(t_rule, ''))
|
|
continue
|
|
if top_sg['name'] != 'default':
|
|
# currently we only handle rules containing remote_group_id
|
|
# for default security group
|
|
continue
|
|
if t_rule['ethertype'] != 'IPv4':
|
|
continue
|
|
subnets = top_client.list_subnets(
|
|
ctx, [{'key': 'tenant_id', 'comparator': 'eq',
|
|
'value': project_id}])
|
|
ew_bridge_ip_net = netaddr.IPNetwork(
|
|
CONF.client.ew_bridge_cidr)
|
|
ns_bridge_ip_net = netaddr.IPNetwork(
|
|
CONF.client.ns_bridge_cidr)
|
|
for subnet in subnets:
|
|
ip_net = netaddr.IPNetwork(subnet['cidr'])
|
|
if ip_net in ew_bridge_ip_net or (
|
|
ip_net in ns_bridge_ip_net):
|
|
continue
|
|
# leave sg_id empty here
|
|
new_b_rules.append(
|
|
self._construct_bottom_rule(t_rule, '',
|
|
subnet['cidr']))
|
|
|
|
mappings = db_api.get_bottom_mappings_by_top_id(
|
|
ctx, top_sg['id'], constants.RT_SG)
|
|
for pod, b_sg_id in mappings:
|
|
client = self._get_client(pod['pod_name'])
|
|
b_sg = client.get_security_groups(ctx, b_sg_id)
|
|
add_rules = []
|
|
del_rules = []
|
|
match_index = set()
|
|
for b_rule in b_sg['security_group_rules']:
|
|
match = False
|
|
for i, rule in enumerate(new_b_rules):
|
|
if self._compare_rule(b_rule, rule):
|
|
match = True
|
|
match_index.add(i)
|
|
break
|
|
if not match:
|
|
del_rules.append(b_rule)
|
|
for i, rule in enumerate(new_b_rules):
|
|
if i not in match_index:
|
|
add_rules.append(rule)
|
|
|
|
for del_rule in del_rules:
|
|
self._safe_delete_security_group_rule(
|
|
ctx, client, del_rule['id'])
|
|
if add_rules:
|
|
rule_body = {'security_group_rules': []}
|
|
for add_rule in add_rules:
|
|
add_rule['security_group_id'] = b_sg_id
|
|
rule_body['security_group_rules'].append(add_rule)
|
|
self._safe_create_security_group_rule(
|
|
ctx, client, rule_body)
|