RETIRED, Tricircle is to provide networking automation across Neutron.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1018 lines
46 KiB

# Copyright 2015 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import collections
import datetime
import eventlet
import netaddr
import random
import six
from oslo_config import cfg
from oslo_log import log as logging
import oslo_messaging as messaging
from oslo_service import periodic_task
import neutron_lib.constants as q_constants
import neutron_lib.exceptions as q_exceptions
import neutronclient.common.exceptions as q_cli_exceptions
from tricircle.common import client
from tricircle.common import constants
from tricircle.common import xrpcapi
import tricircle.db.api as db_api
import tricircle.network.exceptions as t_network_exc
from tricircle.network import helper
CONF = cfg.CONF
LOG = logging.getLogger(__name__)
IN_TEST = False
AZ_HINTS = 'availability_zone_hints'
def _job_handle(job_type):
def handle_func(func):
@six.wraps(func)
def handle_args(*args, **kwargs):
if IN_TEST:
# NOTE(zhiyuan) job mechanism will cause some unpredictable
# result in unit test so we would like to bypass it. However
# we have problem mocking a decorator which decorates member
# functions, that's why we use this label, not an elegant
# way though.
func(*args, **kwargs)
return
ctx = args[1]
payload = kwargs['payload']
resource_id = payload[job_type]
start_time = datetime.datetime.now()
while True:
current_time = datetime.datetime.now()
delta = current_time - start_time
if delta.seconds >= CONF.worker_handle_timeout:
# quit when this handle is running for a long time
break
time_new = db_api.get_latest_timestamp(ctx, constants.JS_New,
job_type, resource_id)
if not time_new:
break
time_success = db_api.get_latest_timestamp(
ctx, constants.JS_Success, job_type, resource_id)
if time_success and time_success >= time_new:
break
job = db_api.register_job(ctx, job_type, resource_id)
if not job:
# fail to obtain the lock, let other worker handle the job
running_job = db_api.get_running_job(ctx, job_type,
resource_id)
if not running_job:
# there are two reasons that running_job is None. one
# is that the running job has just been finished, the
# other is that all workers fail to register the job
# due to deadlock exception. so we sleep and try again
eventlet.sleep(CONF.worker_sleep_time)
continue
job_time = running_job['timestamp']
current_time = datetime.datetime.now()
delta = current_time - job_time
if delta.seconds > CONF.job_run_expire:
# previous running job expires, we set its status to
# fail and try again to obtain the lock
db_api.finish_job(ctx, running_job['id'], False,
time_new)
LOG.warning('Job %(job)s of type %(job_type)s for '
'resource %(resource)s expires, set '
'its state to Fail',
{'job': running_job['id'],
'job_type': job_type,
'resource': resource_id})
eventlet.sleep(CONF.worker_sleep_time)
continue
else:
# previous running job is still valid, we just leave
# the job to the worker who holds the lock
break
# successfully obtain the lock, start to execute handler
try:
func(*args, **kwargs)
except Exception:
db_api.finish_job(ctx, job['id'], False, time_new)
LOG.error('Job %(job)s of type %(job_type)s for '
'resource %(resource)s fails',
{'job': job['id'],
'job_type': job_type,
'resource': resource_id})
break
db_api.finish_job(ctx, job['id'], True, time_new)
eventlet.sleep(CONF.worker_sleep_time)
return handle_args
return handle_func
class PeriodicTasks(periodic_task.PeriodicTasks):
def __init__(self):
super(PeriodicTasks, self).__init__(CONF)
class XManager(PeriodicTasks):
target = messaging.Target(version='1.0')
def __init__(self, host=None, service_name='xjob'):
LOG.debug('XManager initialization...')
if not host:
host = CONF.host
self.host = host
self.service_name = service_name
# self.notifier = rpc.get_notifier(self.service_name, self.host)
self.additional_endpoints = []
self.clients = {constants.TOP: client.Client()}
self.job_handles = {
constants.JT_ROUTER: self.configure_extra_routes,
constants.JT_ROUTER_SETUP: self.setup_bottom_router,
constants.JT_PORT_DELETE: self.delete_server_port,
constants.JT_SEG_RULE_SETUP: self.configure_security_group_rules,
constants.JT_NETWORK_UPDATE: self.update_network,
constants.JT_SUBNET_UPDATE: self.update_subnet,
constants.JT_SHADOW_PORT_SETUP: self.setup_shadow_ports}
self.helper = helper.NetworkHelper()
self.xjob_handler = xrpcapi.XJobAPI()
super(XManager, self).__init__()
def _get_client(self, region_name=None):
if not region_name:
return self.clients[constants.TOP]
if region_name not in self.clients:
self.clients[region_name] = client.Client(region_name)
return self.clients[region_name]
def periodic_tasks(self, context, raise_on_error=False):
"""Tasks to be run at a periodic interval."""
return self.run_periodic_tasks(context, raise_on_error=raise_on_error)
def init_host(self):
"""init_host
Hook to do additional manager initialization when one requests
the service be started. This is called before any service record
is created.
Child classes should override this method.
"""
LOG.debug('XManager init_host...')
def cleanup_host(self):
"""cleanup_host
Hook to do cleanup work when the service shuts down.
Child classes should override this method.
"""
LOG.debug('XManager cleanup_host...')
def pre_start_hook(self):
"""pre_start_hook
Hook to provide the manager the ability to do additional
start-up work before any RPC queues/consumers are created. This is
called after other initialization has succeeded and a service
record is created.
Child classes should override this method.
"""
LOG.debug('XManager pre_start_hook...')
def post_start_hook(self):
"""post_start_hook
Hook to provide the manager the ability to do additional
start-up work immediately after a service creates RPC consumers
and starts 'running'.
Child classes should override this method.
"""
LOG.debug('XManager post_start_hook...')
# rpc message endpoint handling
def test_rpc(self, ctx, payload):
LOG.info("xmanager receive payload: %s", payload)
info_text = "xmanager receive payload: %s" % payload
return info_text
@staticmethod
def _get_resource_by_name(cli, cxt, _type, name):
return cli.list_resources(_type, cxt, filters=[{'key': 'name',
'comparator': 'eq',
'value': name}])[0]
@staticmethod
def _get_router_interfaces(cli, cxt, router_id, net_id):
interfaces = cli.list_ports(
cxt, filters=[{'key': 'network_id', 'comparator': 'eq',
'value': net_id},
{'key': 'device_id', 'comparator': 'eq',
'value': router_id}])
return [inf for inf in interfaces if inf['device_owner'] in (
q_constants.DEVICE_OWNER_ROUTER_INTF,
q_constants.DEVICE_OWNER_DVR_INTERFACE)]
@periodic_task.periodic_task
def redo_failed_or_new_job(self, ctx):
failed_jobs, new_jobs = db_api.get_latest_failed_or_new_jobs(ctx)
failed_jobs = [
job for job in failed_jobs if job['type'] in self.job_handles]
new_jobs = [
job for job in new_jobs if job['type'] in self.job_handles]
if not failed_jobs and not new_jobs:
return
if new_jobs:
jobs = new_jobs
is_new_job = True
else:
jobs = failed_jobs
is_new_job = False
# in one run we only pick one job to handle
job_index = random.randint(0, len(jobs) - 1)
job_type = jobs[job_index]['type']
resource_id = jobs[job_index]['resource_id']
payload = {job_type: resource_id}
LOG.debug('Redo %(status)s job for %(resource_id)s of type '
'%(job_type)s',
{'status': 'new' if is_new_job else 'failed',
'resource_id': resource_id, 'job_type': job_type})
if not is_new_job:
db_api.new_job(ctx, job_type, resource_id)
self.job_handles[job_type](ctx, payload=payload)
@staticmethod
def _safe_create_bottom_floatingip(t_ctx, pod, client, fip_net_id,
fip_address, port_id):
try:
client.create_floatingips(
t_ctx, {'floatingip': {'floating_network_id': fip_net_id,
'floating_ip_address': fip_address,
'port_id': port_id}})
except q_cli_exceptions.IpAddressInUseClient:
fips = client.list_floatingips(t_ctx,
[{'key': 'floating_ip_address',
'comparator': 'eq',
'value': fip_address}])
if not fips:
# this is rare case that we got IpAddressInUseClient exception
# a second ago but now the floating ip is missing
raise t_network_exc.BottomPodOperationFailure(
resource='floating ip', region_name=pod['region_name'])
associated_port_id = fips[0].get('port_id')
if associated_port_id == port_id:
# if the internal port associated with the existing fip is what
# we expect, just ignore this exception
pass
elif not associated_port_id:
# if the existing fip is not associated with any internal port,
# update the fip to add association
client.update_floatingips(t_ctx, fips[0]['id'],
{'floatingip': {'port_id': port_id}})
else:
raise
def _setup_router_one_pod(self, ctx, t_pod, b_pod, t_client, t_net,
t_router, t_bridge_net, t_bridge_subnet,
is_ext_net_pod):
# NOTE(zhiyuan) after the bridge network combination, external network
# is attached to a separate router, which is created in central plugin,
# so is_ext_net_pod is not used in the current implementation, but we
# choose to keep this parameter since it's an important attribute of a
# pod and we may need to use it later.
b_client = self._get_client(b_pod['region_name'])
is_distributed = t_router.get('distributed', False)
router_body = {'router': {'name': t_router['id'],
'distributed': is_distributed}}
project_id = t_router['tenant_id']
# create bottom router in target bottom pod
_, b_router_id = self.helper.prepare_bottom_element(
ctx, project_id, b_pod, t_router, constants.RT_ROUTER, router_body)
q_ctx = None # no need to pass neutron context when using client
is_local_router = self.helper.is_local_router(ctx, t_router)
if not is_local_router:
# create top bridge port
t_bridge_port_id = self.helper.get_bridge_interface(
ctx, q_ctx, project_id, t_pod, t_bridge_net['id'], b_router_id)
# create bottom bridge port
# if target bottom pod is hosting real external network, we create
# another bottom router and attach the bridge network as internal
# network, but this work is done by central plugin when user sets
# router gateway.
t_bridge_port = t_client.get_ports(ctx, t_bridge_port_id)
(is_new, b_bridge_port_id, b_bridge_subnet_id,
b_bridge_net_id) = self.helper.get_bottom_bridge_elements(
ctx, project_id, b_pod, t_bridge_net,
True, t_bridge_subnet, None)
# we attach the bridge port as router gateway
# add_gateway is update operation, which can run multiple times
gateway_ip = t_bridge_port['fixed_ips'][0]['ip_address']
b_client.action_routers(
ctx, 'add_gateway', b_router_id,
{'network_id': b_bridge_net_id,
'enable_snat': False,
'external_fixed_ips': [{'subnet_id': b_bridge_subnet_id,
'ip_address': gateway_ip}]})
# attach internal port to bottom router
t_ports = self._get_router_interfaces(t_client, ctx, t_router['id'],
t_net['id'])
b_net_id = db_api.get_bottom_id_by_top_id_region_name(
ctx, t_net['id'], b_pod['region_name'], constants.RT_NETWORK)
if b_net_id:
b_ports = self._get_router_interfaces(b_client, ctx, b_router_id,
b_net_id)
else:
b_ports = []
if not t_ports and b_ports:
# remove redundant bottom interface
b_port = b_ports[0]
request_body = {'port_id': b_port['id']}
b_client.action_routers(ctx, 'remove_interface', b_router_id,
request_body)
elif t_ports and not b_ports:
# create new bottom interface
t_port = t_ports[0]
# only consider ipv4 address currently
t_subnet_id = t_port['fixed_ips'][0]['subnet_id']
t_subnet = t_client.get_subnets(ctx, t_subnet_id)
if CONF.enable_api_gateway:
(b_net_id,
subnet_map) = self.helper.prepare_bottom_network_subnets(
ctx, q_ctx, project_id, b_pod, t_net, [t_subnet])
else:
(b_net_id,
subnet_map) = (t_net['id'], {t_subnet['id']: t_subnet['id']})
# the gateway ip of bottom subnet is set to the ip of t_port, so
# we just attach the bottom subnet to the bottom router and neutron
# server in the bottom pod will create the interface for us, using
# the gateway ip.
b_client.action_routers(ctx, 'add_interface', b_router_id,
{'subnet_id': subnet_map[t_subnet_id]})
if not t_router['external_gateway_info']:
return
# handle floatingip
t_ext_net_id = t_router['external_gateway_info']['network_id']
t_fips = t_client.list_floatingips(ctx, [{'key': 'floating_network_id',
'comparator': 'eq',
'value': t_ext_net_id}])
# skip unbound top floatingip
t_ip_fip_map = dict([(fip['floating_ip_address'],
fip) for fip in t_fips if fip['port_id']])
mappings = db_api.get_bottom_mappings_by_top_id(ctx, t_ext_net_id,
constants.RT_NETWORK)
# bottom external network should exist
b_ext_pod, b_ext_net_id = mappings[0]
b_ext_client = self._get_client(b_ext_pod['region_name'])
b_fips = b_ext_client.list_floatingips(
ctx, [{'key': 'floating_network_id', 'comparator': 'eq',
'value': b_ext_net_id}])
b_ip_fip_map = dict([(fip['floating_ip_address'],
fip) for fip in b_fips])
add_fips = [ip for ip in t_ip_fip_map if ip not in b_ip_fip_map]
del_fips = [ip for ip in b_ip_fip_map if ip not in t_ip_fip_map]
for add_fip in add_fips:
fip = t_ip_fip_map[add_fip]
t_int_port_id = fip['port_id']
b_int_port_id = db_api.get_bottom_id_by_top_id_region_name(
ctx, t_int_port_id, b_pod['region_name'], constants.RT_PORT)
if not b_int_port_id:
LOG.warning('Port %(port_id)s associated with floating ip '
'%(fip)s is not mapped to bottom pod',
{'port_id': t_int_port_id, 'fip': add_fip})
continue
t_int_port = t_client.get_ports(ctx, t_int_port_id)
if t_int_port['network_id'] != t_net['id']:
# only handle floating ip association for the given top network
continue
if b_ext_pod['pod_id'] != b_pod['pod_id']:
# if the internal port is not located in the external network
# pod, we need to create a shadow port in that pod for floating
# ip association purpose
t_int_net_id = t_int_port['network_id']
t_int_subnet_id = t_int_port['fixed_ips'][0]['subnet_id']
b_int_port = b_client.get_ports(ctx, b_int_port_id)
host = b_int_port['binding:host_id']
agent_type = self.helper.get_agent_type_by_vif(
b_int_port['binding:vif_type'])
agent = db_api.get_agent_by_host_type(ctx, host, agent_type)
max_bulk_size = CONF.client.max_shadow_port_bulk_size
self.helper.prepare_shadow_ports(
ctx, project_id, b_ext_pod, t_int_net_id,
[b_int_port], [agent], max_bulk_size)
# create routing entries for shadow network and subnet so we
# can easily find them during central network and subnet
# deletion, create_resource_mapping will catch DBDuplicateEntry
# exception and ignore it so it's safe to call this function
# multiple times
db_api.create_resource_mapping(ctx, t_int_net_id, t_int_net_id,
b_ext_pod['pod_id'], project_id,
constants.RT_SD_NETWORK)
db_api.create_resource_mapping(ctx, t_int_subnet_id,
t_int_subnet_id,
b_ext_pod['pod_id'], project_id,
constants.RT_SD_SUBNET)
self._safe_create_bottom_floatingip(
ctx, b_pod, b_ext_client, b_ext_net_id, add_fip,
b_int_port_id)
for del_fip in del_fips:
fip = b_ip_fip_map[del_fip]
if b_ext_pod['pod_id'] != b_pod['pod_id'] and fip['port_id']:
# shadow port is created in this case, but we leave shadow port
# deletion work to plugin, so do nothing
pass
b_ext_client.delete_floatingips(ctx, fip['id'])
@_job_handle(constants.JT_ROUTER_SETUP)
def setup_bottom_router(self, ctx, payload):
(b_pod_id,
t_router_id, t_net_id) = payload[constants.JT_ROUTER_SETUP].split('#')
if b_pod_id == constants.POD_NOT_SPECIFIED:
mappings = db_api.get_bottom_mappings_by_top_id(
ctx, t_net_id, constants.RT_NETWORK)
b_pods = [mapping[0] for mapping in mappings]
for b_pod in b_pods:
# NOTE(zhiyuan) we create one job for each pod to avoid
# conflict caused by different workers operating the same pod
self.xjob_handler.setup_bottom_router(
ctx, t_net_id, t_router_id, b_pod['pod_id'])
return
t_client = self._get_client()
t_pod = db_api.get_top_pod(ctx)
t_router = t_client.get_routers(ctx, t_router_id)
if not t_router:
# we just end this job if top router no longer exists
return
t_net = t_client.get_networks(ctx, t_net_id)
if not t_net:
# we just end this job if top network no longer exists
return
project_id = t_router['tenant_id']
b_pod = db_api.get_pod(ctx, b_pod_id)
is_local_router = self.helper.is_local_router(ctx, t_router)
if is_local_router:
t_bridge_net = None
t_bridge_subnet = None
else:
t_bridge_net_name = constants.bridge_net_name % project_id
t_bridge_subnet_name = constants.bridge_subnet_name % project_id
t_bridge_net = self._get_resource_by_name(t_client, ctx, 'network',
t_bridge_net_name)
t_bridge_subnet = self._get_resource_by_name(
t_client, ctx, 'subnet', t_bridge_subnet_name)
ext_nets = t_client.list_networks(ctx,
filters=[{'key': 'router:external',
'comparator': 'eq',
'value': True}])
ext_net_region_names = set(
[ext_net[AZ_HINTS][0] for ext_net in ext_nets])
if not ext_net_region_names:
is_ext_net_pod = False
elif b_pod['region_name'] in ext_net_region_names:
is_ext_net_pod = True
else:
is_ext_net_pod = False
self._setup_router_one_pod(
ctx, t_pod, b_pod, t_client, t_net, t_router, t_bridge_net,
t_bridge_subnet, is_ext_net_pod)
if not is_local_router:
self.xjob_handler.configure_extra_routes(ctx, t_router_id)
@_job_handle(constants.JT_ROUTER)
def configure_extra_routes(self, ctx, payload):
t_router_id = payload[constants.JT_ROUTER]
t_client = self._get_client()
t_router = t_client.get_routers(ctx, t_router_id)
if not t_router:
return
if t_router.get('external_gateway_info'):
t_ext_net_id = t_router['external_gateway_info']['network_id']
else:
t_ext_net_id = None
non_vm_port_types = [q_constants.DEVICE_OWNER_ROUTER_INTF,
q_constants.DEVICE_OWNER_DVR_INTERFACE,
q_constants.DEVICE_OWNER_ROUTER_SNAT,
q_constants.DEVICE_OWNER_ROUTER_GW,
q_constants.DEVICE_OWNER_DHCP,
constants.DEVICE_OWNER_SHADOW]
ew_attached_port_types = [q_constants.DEVICE_OWNER_ROUTER_INTF,
q_constants.DEVICE_OWNER_DVR_INTERFACE,
q_constants.DEVICE_OWNER_ROUTER_GW]
ns_attached_port_types = [q_constants.DEVICE_OWNER_ROUTER_INTF,
q_constants.DEVICE_OWNER_DVR_INTERFACE]
mappings = db_api.get_bottom_mappings_by_top_id(ctx, t_router_id,
constants.RT_ROUTER)
if not mappings:
b_pods, b_router_ids = [], []
else:
b_pods, b_router_ids = map(list, zip(*mappings))
ns_mappings = db_api.get_bottom_mappings_by_top_id(
ctx, t_router_id, constants.RT_NS_ROUTER)
b_ns_pdd, b_ns_router_id = None, None
if ns_mappings:
b_ns_pdd, b_ns_router_id = ns_mappings[0]
b_pods.append(b_ns_pdd)
b_router_ids.append(b_ns_router_id)
router_ew_bridge_ip_map = {}
router_ns_bridge_ip_map = {}
router_ips_map = {}
for i, b_pod in enumerate(b_pods):
is_ns_router = b_router_ids[i] == b_ns_router_id
bottom_client = self._get_client(b_pod['region_name'])
if is_ns_router:
device_owner_filter = ns_attached_port_types
else:
device_owner_filter = ew_attached_port_types
b_interfaces = bottom_client.list_ports(
ctx, filters=[{'key': 'device_id',
'comparator': 'eq',
'value': b_router_ids[i]},
{'key': 'device_owner',
'comparator': 'eq',
'value': device_owner_filter}])
router_ips_map[b_router_ids[i]] = {}
for b_interface in b_interfaces:
ip = b_interface['fixed_ips'][0]['ip_address']
bridge_cidr = CONF.client.bridge_cidr
if netaddr.IPAddress(ip) in netaddr.IPNetwork(bridge_cidr):
if is_ns_router:
# this ip is the default gateway ip for north-south
# networking
router_ns_bridge_ip_map[b_router_ids[i]] = ip
else:
# this ip is the next hop for east-west networking
router_ew_bridge_ip_map[b_router_ids[i]] = ip
continue
b_net_id = b_interface['network_id']
b_subnet = bottom_client.get_subnets(
ctx, b_interface['fixed_ips'][0]['subnet_id'])
b_ports = bottom_client.list_ports(
ctx, filters=[{'key': 'network_id',
'comparator': 'eq',
'value': b_net_id}])
b_vm_ports = [b_port for b_port in b_ports if b_port.get(
'device_owner', '') not in non_vm_port_types]
ips = [vm_port['fixed_ips'][0][
'ip_address'] for vm_port in b_vm_ports]
router_ips_map[b_router_ids[i]][b_subnet['cidr']] = ips
# handle extra routes for east-west traffic
for i, b_router_id in enumerate(b_router_ids):
if b_router_id == b_ns_router_id:
continue
bottom_client = self._get_client(b_pods[i]['region_name'])
extra_routes = []
if not router_ips_map[b_router_id]:
bottom_client.update_routers(
ctx, b_router_id, {'router': {'routes': extra_routes}})
continue
for router_id, cidr_ips_map in six.iteritems(router_ips_map):
if router_id == b_router_id:
continue
for cidr, ips in six.iteritems(cidr_ips_map):
if router_ips_map[b_router_id].get(cidr):
# if the ip list is not empty, meaning that there are
# already vm ports in the pod of b_router, so no need
# to add extra routes
continue
for ip in ips:
route = {'nexthop': router_ew_bridge_ip_map[router_id],
'destination': ip + '/32'}
extra_routes.append(route)
if router_ns_bridge_ip_map and t_ext_net_id:
extra_routes.append(
{'nexthop': router_ns_bridge_ip_map.values()[0],
'destination': constants.DEFAULT_DESTINATION})
bottom_client.update_routers(
ctx, b_router_id, {'router': {'routes': extra_routes}})
if not b_ns_router_id:
# router for north-south networking not exist, skip extra routes
# configuration for north-south router
return
if not t_ext_net_id:
# router not attached to external gateway but router for north-
# south networking exists, clear the extra routes
bottom_client = self._get_client(b_ns_pdd['region_name'])
bottom_client.update_routers(
ctx, b_ns_router_id, {'router': {'routes': []}})
return
# handle extra routes for north-south router
ip_bridge_ip_map = {}
for router_id, cidr_ips_map in six.iteritems(router_ips_map):
if router_id not in router_ew_bridge_ip_map:
continue
for cidr, ips in six.iteritems(cidr_ips_map):
for ip in ips:
nexthop = router_ew_bridge_ip_map[router_id]
destination = ip + '/32'
ip_bridge_ip_map[destination] = nexthop
bottom_client = self._get_client(b_ns_pdd['region_name'])
extra_routes = []
for fixed_ip in ip_bridge_ip_map:
extra_routes.append(
{'nexthop': ip_bridge_ip_map[fixed_ip],
'destination': fixed_ip})
bottom_client.update_routers(
ctx, b_ns_router_id, {'router': {'routes': extra_routes}})
@_job_handle(constants.JT_PORT_DELETE)
def delete_server_port(self, ctx, payload):
b_pod_id, b_port_id = payload[constants.JT_PORT_DELETE].split('#')
b_pod = db_api.get_pod(ctx, b_pod_id)
self._get_client(b_pod['region_name']).delete_ports(ctx, b_port_id)
@staticmethod
def _safe_create_security_group_rule(context, client, body):
try:
client.create_security_group_rules(context, body)
except q_exceptions.Conflict:
return
@staticmethod
def _safe_delete_security_group_rule(context, client, _id):
try:
client.delete_security_group_rules(context, _id)
except q_exceptions.NotFound:
return
@staticmethod
def _construct_bottom_rule(rule, sg_id, ip=None):
ip = ip or rule['remote_ip_prefix']
# if ip is passed, this is an extended rule for remote group
return {'remote_group_id': None,
'direction': rule['direction'],
'remote_ip_prefix': ip,
'protocol': rule.get('protocol'),
'ethertype': rule['ethertype'],
'port_range_max': rule.get('port_range_max'),
'port_range_min': rule.get('port_range_min'),
'security_group_id': sg_id}
@staticmethod
def _compare_rule(rule1, rule2):
for key in ('direction', 'remote_ip_prefix', 'protocol', 'ethertype',
'port_range_max', 'port_range_min'):
if rule1[key] != rule2[key]:
return False
return True
@_job_handle(constants.JT_SEG_RULE_SETUP)
def configure_security_group_rules(self, ctx, payload):
project_id = payload[constants.JT_SEG_RULE_SETUP]
top_client = self._get_client()
sg_filters = [{'key': 'tenant_id', 'comparator': 'eq',
'value': project_id}]
top_sgs = top_client.list_security_groups(ctx, sg_filters)
for top_sg in top_sgs:
new_b_rules = []
for t_rule in top_sg['security_group_rules']:
if not t_rule['remote_group_id']:
# leave sg_id empty here
new_b_rules.append(
self._construct_bottom_rule(t_rule, ''))
continue
if top_sg['name'] != 'default':
# currently we only handle rules containing remote_group_id
# for default security group
continue
if t_rule['ethertype'] != 'IPv4':
continue
subnets = top_client.list_subnets(
ctx, [{'key': 'tenant_id', 'comparator': 'eq',
'value': project_id}])
bridge_ip_net = netaddr.IPNetwork(CONF.client.bridge_cidr)
for subnet in subnets:
ip_net = netaddr.IPNetwork(subnet['cidr'])
if ip_net in bridge_ip_net:
continue
# leave sg_id empty here
new_b_rules.append(
self._construct_bottom_rule(t_rule, '',
subnet['cidr']))
mappings = db_api.get_bottom_mappings_by_top_id(
ctx, top_sg['id'], constants.RT_SG)
for pod, b_sg_id in mappings:
client = self._get_client(pod['region_name'])
b_sg = client.get_security_groups(ctx, b_sg_id)
add_rules = []
del_rules = []
match_index = set()
for b_rule in b_sg['security_group_rules']:
match = False
for i, rule in enumerate(new_b_rules):
if self._compare_rule(b_rule, rule):
match = True
match_index.add(i)
break
if not match:
del_rules.append(b_rule)
for i, rule in enumerate(new_b_rules):
if i not in match_index:
add_rules.append(rule)
for del_rule in del_rules:
self._safe_delete_security_group_rule(
ctx, client, del_rule['id'])
if add_rules:
rule_body = {'security_group_rules': []}
for add_rule in add_rules:
add_rule['security_group_id'] = b_sg_id
rule_body['security_group_rules'].append(add_rule)
self._safe_create_security_group_rule(
ctx, client, rule_body)
@_job_handle(constants.JT_NETWORK_UPDATE)
def update_network(self, ctx, payload):
"""update bottom network
if bottom pod id equal to POD_NOT_SPECIFIED, dispatch jobs for every
mapped bottom pod via RPC, otherwise update network in the specified
pod.
:param ctx: tricircle context
:param payload: dict whose key is JT_NETWORK_UPDATE and value
is "bottom_pod_id#top_network_id"
:return: None
"""
(b_pod_id, t_network_id) = payload[
constants.JT_NETWORK_UPDATE].split('#')
if b_pod_id == constants.POD_NOT_SPECIFIED:
mappings = db_api.get_bottom_mappings_by_top_id(
ctx, t_network_id, constants.RT_NETWORK)
b_pods = [mapping[0] for mapping in mappings]
for b_pod in b_pods:
self.xjob_handler.update_network(ctx, t_network_id,
b_pod['pod_id'])
return
t_client = self._get_client()
t_network = t_client.get_networks(ctx, t_network_id)
if not t_network:
return
b_pod = db_api.get_pod(ctx, b_pod_id)
b_region_name = b_pod['region_name']
b_client = self._get_client(region_name=b_region_name)
b_network_id = db_api.get_bottom_id_by_top_id_region_name(
ctx, t_network_id, b_region_name, constants.RT_NETWORK)
# name is not allowed to be updated, because it is used by
# lock_handle to retrieve bottom/local resources that have been
# created but not registered in the resource routing table
body = {
'network': {
'description': t_network['description'],
'admin_state_up': t_network['admin_state_up'],
'shared': t_network['shared']
}
}
try:
b_client.update_networks(ctx, b_network_id, body)
except q_cli_exceptions.NotFound:
LOG.error('network: %(net_id)s not found,'
'pod name: %(name)s',
{'net_id': b_network_id, 'name': b_region_name})
@_job_handle(constants.JT_SUBNET_UPDATE)
def update_subnet(self, ctx, payload):
"""update bottom subnet
if bottom pod id equal to POD_NOT_SPECIFIED, dispatch jobs for every
mapped bottom pod via RPC, otherwise update subnet in the specified
pod.
:param ctx: tricircle context
:param payload: dict whose key is JT_SUBNET_UPDATE and value
is "bottom_pod_id#top_subnet_id"
:return: None
"""
(b_pod_id, t_subnet_id) = payload[
constants.JT_SUBNET_UPDATE].split('#')
if b_pod_id == constants.POD_NOT_SPECIFIED:
mappings = db_api.get_bottom_mappings_by_top_id(
ctx, t_subnet_id, constants.RT_SUBNET)
b_pods = [mapping[0] for mapping in mappings]
for b_pod in b_pods:
self.xjob_handler.update_subnet(ctx, t_subnet_id,
b_pod['pod_id'])
return
t_client = self._get_client()
t_subnet = t_client.get_subnets(ctx, t_subnet_id)
if not t_subnet:
return
b_pod = db_api.get_pod(ctx, b_pod_id)
b_region_name = b_pod['region_name']
b_subnet_id = db_api.get_bottom_id_by_top_id_region_name(
ctx, t_subnet_id, b_region_name, constants.RT_SUBNET)
b_client = self._get_client(region_name=b_region_name)
b_subnet = b_client.get_subnets(ctx, b_subnet_id)
b_gateway_ip = b_subnet['gateway_ip']
# we need to remove the bottom subnet gateway ip from the top subnet
# allaction pools
b_allocation_pools = helper.NetworkHelper.get_bottom_subnet_pools(
t_subnet, b_gateway_ip)
# bottom gateway_ip doesn't need to be updated, because it is reserved
# by top pod.
# name is not allowed to be updated, because it is used by
# lock_handle to retrieve bottom/local resources that have been
# created but not registered in the resource routing table
body = {
'subnet':
{'description': t_subnet['description'],
'enable_dhcp': t_subnet['enable_dhcp'],
'allocation_pools': b_allocation_pools,
'host_routes': t_subnet['host_routes'],
'dns_nameservers': t_subnet['dns_nameservers']}
}
try:
b_client.update_subnets(ctx, b_subnet_id, body)
except q_cli_exceptions.NotFound:
LOG.error('subnet: %(subnet_id)s not found, '
'pod name: %(name)s',
{'subnet_id': b_subnet_id, 'name': b_region_name})
@_job_handle(constants.JT_SHADOW_PORT_SETUP)
def setup_shadow_ports(self, ctx, payload):
"""Setup shadow ports for the target pod and network
this job workes as following:
(1) query all shadow ports from pods the target network is mapped to
(2) query all real ports from pods the target network is mapped to
(3) check the shadow ports and real ports in the target pod, create
needed shadow ports
(4) check the shadow ports and real ports in other pods, create a new
job if the pod lacks some shadow ports
:param ctx: tricircle context
:param payload: {JT_SHADOW_PORT_SETUP: pod_id#network_id}
:return: None
"""
run_label = 'during shadow ports setup'
(target_pod_id,
t_net_id) = payload[constants.JT_SHADOW_PORT_SETUP].split('#')
target_pod = db_api.get_pod(ctx, target_pod_id)
t_client = self._get_client()
t_net = t_client.get_networks(ctx, t_net_id)
if not t_net:
# we just end this job if top network no longer exists
return
project_id = t_net['tenant_id']
mappings = db_api.get_bottom_mappings_by_top_id(ctx, t_net_id,
constants.RT_NETWORK)
pod_ids = set([pod['pod_id'] for pod, _ in mappings])
pod_port_ids_map = collections.defaultdict(set)
pod_sw_port_ids_map = {}
port_info_map = {}
if target_pod_id not in pod_ids:
LOG.debug('Pod %s not found %s', target_pod_id, run_label)
# network is not mapped to the specified pod, nothing to do
return
for b_pod, b_net_id in mappings:
b_client = self._get_client(b_pod['region_name'])
# port table has (network_id, device_owner) index
b_sw_ports = b_client.list_ports(
ctx, filters=[{'key': 'network_id', 'comparator': 'eq',
'value': b_net_id},
{'key': 'device_owner', 'comparator': 'eq',
'value': constants.DEVICE_OWNER_SHADOW},
{'key': 'fields', 'comparator': 'eq',
'value': ['id', 'status']}])
b_sw_port_ids = set([port['id'] for port in b_sw_ports])
if b_pod['pod_id'] == target_pod['pod_id']:
b_down_sw_port_ids = set(
[port['id'] for port in b_sw_ports if (
port['status'] == q_constants.PORT_STATUS_DOWN)])
pod_sw_port_ids_map[b_pod['pod_id']] = b_sw_port_ids
# port table has (network_id, device_owner) index
b_ports = b_client.list_ports(
ctx, filters=[{'key': 'network_id', 'comparator': 'eq',
'value': b_net_id},
{'key': 'fields', 'comparator': 'eq',
'value': ['id', 'binding:vif_type',
'binding:host_id', 'fixed_ips',
'device_owner', 'mac_address']}])
LOG.debug('Shadow ports %s in pod %s %s',
b_sw_ports, target_pod_id, run_label)
LOG.debug('Ports %s in pod %s %s',
b_ports, target_pod_id, run_label)
for b_port in b_ports:
if not self.helper.is_need_top_sync_port(
b_port, cfg.CONF.client.bridge_cidr):
continue
if b_port['device_owner'] == constants.DEVICE_OWNER_SHADOW:
continue
b_port_id = b_port['id']
pod_port_ids_map[b_pod['pod_id']].add(b_port_id)
port_info_map[b_port_id] = b_port
all_port_ids = set()
for port_ids in six.itervalues(pod_port_ids_map):
all_port_ids |= port_ids
sync_port_ids = all_port_ids - (
pod_port_ids_map[target_pod_id] | pod_sw_port_ids_map[
target_pod_id])
sync_pod_list = []
for pod_id in pod_port_ids_map:
if pod_id == target_pod_id:
continue
if pod_port_ids_map[target_pod_id] - (
pod_port_ids_map[pod_id] | pod_sw_port_ids_map[pod_id]):
sync_pod_list.append(pod_id)
LOG.debug('Sync port ids %s %s', sync_port_ids, run_label)
LOG.debug('Sync pod ids %s %s', sync_pod_list, run_label)
agent_info_map = {}
port_bodys = []
agents = []
for port_id in sync_port_ids:
port_body = port_info_map[port_id]
host = port_body['binding:host_id']
agent_type = self.helper.get_agent_type_by_vif(
port_body['binding:vif_type'])
if not agent_type:
continue
key = '%s#%s' % (host, agent_type)
if key in agent_info_map:
agent = agent_info_map[key]
else:
agent = db_api.get_agent_by_host_type(ctx, host, agent_type)
if not agent:
LOG.error('Agent of type %(agent_type)s in '
'host %(host)s not found during shadow '
'ports setup',
{'agent_type': agent_type, 'host': host})
continue
agent_info_map[key] = agent
port_bodys.append(port_body)
agents.append(agent)
max_bulk_size = CONF.client.max_shadow_port_bulk_size
sw_port_ids = self.helper.prepare_shadow_ports(
ctx, project_id, target_pod, t_net_id, port_bodys, agents,
max_bulk_size)
b_down_sw_port_ids = b_down_sw_port_ids | set(sw_port_ids)
# value for key constants.PROFILE_FORCE_UP does not matter
update_body = {
'port': {
'binding:profile': {constants.PROFILE_FORCE_UP: 'True'}
}
}
for sw_port_id in b_down_sw_port_ids:
self._get_client(target_pod['region_name']).update_ports(
ctx, sw_port_id, update_body)
for pod_id in sync_pod_list:
self.xjob_handler.setup_shadow_ports(ctx, pod_id, t_net_id)