# Copyright (c) 2013 OpenStack Foundation # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import re from oslo.config import cfg import requests from neutron.openstack.common import jsonutils from neutron.openstack.common import log from neutron.plugins.ml2 import driver_api as api LOG = log.getLogger(__name__) ncs_opts = [ cfg.StrOpt('url', help=_("HTTP URL of Tail-f NCS REST interface.")), cfg.StrOpt('username', help=_("HTTP username for authentication")), cfg.StrOpt('password', secret=True, help=_("HTTP password for authentication")), cfg.IntOpt('timeout', default=10, help=_("HTTP timeout in seconds.")) ] cfg.CONF.register_opts(ncs_opts, "ml2_ncs") class NCSMechanismDriver(api.MechanismDriver): """Mechanism Driver for Tail-f Network Control System (NCS). This driver makes portions of the Neutron database available for service provisioning in NCS. For example, NCS can use this information to provision physical switches and routers in response to OpenStack configuration changes. The database is replicated from Neutron to NCS using HTTP and JSON. The driver has two states: out-of-sync (initially) and in-sync. In the out-of-sync state each driver event triggers an attempt to synchronize the complete database. On success the driver transitions to the in-sync state. In the in-sync state each driver event triggers synchronization of one network or port. On success the driver stays in-sync and on failure it transitions to the out-of-sync state. """ out_of_sync = True def initialize(self): self.url = cfg.CONF.ml2_ncs.url self.timeout = cfg.CONF.ml2_ncs.timeout self.username = cfg.CONF.ml2_ncs.username self.password = cfg.CONF.ml2_ncs.password # Postcommit hooks are used to trigger synchronization. def create_network_postcommit(self, context): self.synchronize('create', 'network', context) def update_network_postcommit(self, context): self.synchronize('update', 'network', context) def delete_network_postcommit(self, context): self.synchronize('delete', 'network', context) def create_subnet_postcommit(self, context): self.synchronize('create', 'subnet', context) def update_subnet_postcommit(self, context): self.synchronize('update', 'subnet', context) def delete_subnet_postcommit(self, context): self.synchronize('delete', 'subnet', context) def create_port_postcommit(self, context): self.synchronize('create', 'port', context) def update_port_postcommit(self, context): self.synchronize('update', 'port', context) def delete_port_postcommit(self, context): self.synchronize('delete', 'port', context) def synchronize(self, operation, object_type, context): """Synchronize NCS with Neutron following a configuration change.""" if self.out_of_sync: self.sync_full(context) else: self.sync_object(operation, object_type, context) def sync_full(self, context): """Resync the entire database to NCS. Transition to the in-sync state on success. """ dbcontext = context._plugin_context networks = context._plugin.get_networks(dbcontext) subnets = context._plugin.get_subnets(dbcontext) ports = context._plugin.get_ports(dbcontext) for port in ports: self.add_security_groups(context, dbcontext, port) json = {'openstack': {'network': networks, 'subnet': subnets, 'port': ports}} self.sendjson('put', self.url, json) self.out_of_sync = False def sync_object(self, operation, object_type, context): """Synchronize the single modified record to NCS. Transition to the out-of-sync state on failure. """ self.out_of_sync = True dbcontext = context._plugin_context id = context.current['id'] urlpath = object_type + '/' + id if operation == 'delete': self.sendjson('delete', urlpath, None) else: assert operation == 'create' or operation == 'update' if object_type == 'network': network = context._plugin.get_network(dbcontext, id) self.sendjson('put', urlpath, {'network': network}) elif object_type == 'subnet': subnet = context._plugin.get_subnet(dbcontext, id) self.sendjson('put', urlpath, {'subnet': subnet}) else: assert object_type == 'port' port = context._plugin.get_port(dbcontext, id) self.add_security_groups(context, dbcontext, port) self.sendjson('put', urlpath, {'port': port}) self.out_of_sync = False def add_security_groups(self, context, dbcontext, port): """Populate the 'security_groups' field with entire records.""" groups = [context._plugin.get_security_group(dbcontext, sg) for sg in port['security_groups']] port['security_groups'] = groups def sendjson(self, method, urlpath, obj): obj = self.escape_keys(obj) headers = {'Content-Type': 'application/vnd.yang.data+json'} if obj is None: data = None else: data = jsonutils.dumps(obj, indent=2) auth = None if self.username and self.password: auth = (self.username, self.password) if self.url: url = '/'.join([self.url, urlpath]) r = requests.request(method, url=url, headers=headers, data=data, auth=auth, timeout=self.timeout) r.raise_for_status() def escape_keys(self, obj): """Escape JSON keys to be NCS compatible. NCS does not allow period (.) or colon (:) characters. """ if isinstance(obj, dict): obj = dict((self.escape(k), self.escape_keys(v)) for k, v in obj.iteritems()) if isinstance(obj, list): obj = [self.escape_keys(x) for x in obj] return obj def escape(self, string): return re.sub('[:._]', '-', string)