475 lines
17 KiB
Python
475 lines
17 KiB
Python
# Copyright 2012 VMware, Inc.
|
|
#
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import six
|
|
from sqlalchemy.orm import exc
|
|
|
|
from oslo_db import exception as db_exc
|
|
from oslo_log import log as logging
|
|
from oslo_utils import excutils
|
|
|
|
import neutron.db.api as db
|
|
|
|
from vmware_nsx.common import exceptions as nsx_exc
|
|
from vmware_nsx.db import nsx_models
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
def _apply_filters_to_query(query, model, filters, like_filters=None):
|
|
if filters:
|
|
for key, value in six.iteritems(filters):
|
|
column = getattr(model, key, None)
|
|
if column:
|
|
query = query.filter(column.in_(value))
|
|
if like_filters:
|
|
for key, search_term in six.iteritems(like_filters):
|
|
column = getattr(model, key, None)
|
|
if column:
|
|
query = query.filter(column.like(search_term))
|
|
return query
|
|
|
|
|
|
def get_network_bindings(session, network_id):
|
|
session = session or db.get_session()
|
|
return (session.query(nsx_models.TzNetworkBinding).
|
|
filter_by(network_id=network_id).
|
|
all())
|
|
|
|
|
|
def get_network_bindings_by_vlanid_and_physical_net(session, vlan_id,
|
|
phy_uuid):
|
|
session = session or db.get_session()
|
|
return (session.query(nsx_models.TzNetworkBinding).
|
|
filter_by(vlan_id=vlan_id, phy_uuid=phy_uuid).
|
|
all())
|
|
|
|
|
|
def delete_network_bindings(session, network_id):
|
|
return (session.query(nsx_models.TzNetworkBinding).
|
|
filter_by(network_id=network_id).delete())
|
|
|
|
|
|
def add_network_binding(session, network_id, binding_type, phy_uuid, vlan_id):
|
|
with session.begin(subtransactions=True):
|
|
binding = nsx_models.TzNetworkBinding(network_id, binding_type,
|
|
phy_uuid, vlan_id)
|
|
session.add(binding)
|
|
return binding
|
|
|
|
|
|
def add_neutron_nsx_network_mapping(session, neutron_id, nsx_switch_id,
|
|
dvs_id=None):
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.NeutronNsxNetworkMapping(
|
|
neutron_id=neutron_id, nsx_id=nsx_switch_id,
|
|
dvs_id=dvs_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def add_neutron_nsx_port_mapping(session, neutron_id,
|
|
nsx_switch_id, nsx_port_id):
|
|
session.begin(subtransactions=True)
|
|
try:
|
|
mapping = nsx_models.NeutronNsxPortMapping(
|
|
neutron_id, nsx_switch_id, nsx_port_id)
|
|
session.add(mapping)
|
|
session.commit()
|
|
except db_exc.DBDuplicateEntry:
|
|
with excutils.save_and_reraise_exception() as ctxt:
|
|
session.rollback()
|
|
# do not complain if the same exact mapping is being added,
|
|
# otherwise re-raise because even though it is possible for the
|
|
# same neutron port to map to different back-end ports over time,
|
|
# this should not occur whilst a mapping already exists
|
|
current = get_nsx_switch_and_port_id(session, neutron_id)
|
|
if current[1] == nsx_port_id:
|
|
LOG.debug("Port mapping for %s already available",
|
|
neutron_id)
|
|
ctxt.reraise = False
|
|
except db_exc.DBError:
|
|
with excutils.save_and_reraise_exception():
|
|
# rollback for any other db error
|
|
session.rollback()
|
|
return mapping
|
|
|
|
|
|
def add_neutron_nsx_router_mapping(session, neutron_id, nsx_router_id):
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.NeutronNsxRouterMapping(
|
|
neutron_id=neutron_id, nsx_id=nsx_router_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def add_neutron_nsx_security_group_mapping(session, neutron_id, nsx_id):
|
|
"""Map a Neutron security group to a NSX security profile.
|
|
|
|
:param session: a valid database session object
|
|
:param neutron_id: a neutron security group identifier
|
|
:param nsx_id: a nsx security profile identifier
|
|
"""
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.NeutronNsxSecurityGroupMapping(
|
|
neutron_id=neutron_id, nsx_id=nsx_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def get_nsx_service_binding(session, network_id, service_type):
|
|
try:
|
|
return session.query(nsx_models.NeutronNsxServiceBinding).filter_by(
|
|
network_id=network_id, nsx_service_type=service_type).one()
|
|
except exc.NoResultFound:
|
|
LOG.debug("NSX %s service not enabled on network %s", service_type,
|
|
network_id)
|
|
|
|
|
|
def add_neutron_nsx_service_binding(session, network_id, port_id,
|
|
service_type, service_id):
|
|
"""Store enabled NSX services on each Neutron network.
|
|
|
|
:param session: database session object
|
|
:param network_id: identifier of Neutron network enabling the service
|
|
:param port_id: identifier of Neutron port providing the service
|
|
:param service_type: type of NSX service
|
|
:param service_id: identifier of NSX service
|
|
"""
|
|
with session.begin(subtransactions=True):
|
|
binding = nsx_models.NeutronNsxServiceBinding(
|
|
network_id=network_id, port_id=port_id,
|
|
nsx_service_type=service_type, nsx_service_id=service_id)
|
|
session.add(binding)
|
|
return binding
|
|
|
|
|
|
def delete_neutron_nsx_service_binding(session, network_id, service_type):
|
|
return session.query(nsx_models.NeutronNsxServiceBinding).filter_by(
|
|
network_id=network_id, nsx_service_type=service_type).delete()
|
|
|
|
|
|
def get_nsx_dhcp_bindings(session, port_id):
|
|
return [binding for binding in session.query(
|
|
nsx_models.NeutronNsxDhcpBinding).filter_by(port_id=port_id)]
|
|
|
|
|
|
def get_nsx_dhcp_bindings_by_service(session, service_id):
|
|
return [binding for binding in session.query(
|
|
nsx_models.NeutronNsxDhcpBinding).filter_by(nsx_service_id=service_id)]
|
|
|
|
|
|
def add_neutron_nsx_dhcp_binding(session, port_id, subnet_id, ip_address,
|
|
service_id, binding_id):
|
|
"""Store DHCP binding of each Neutron port.
|
|
|
|
:param session: database session object
|
|
:param port_id: identifier of Neutron port with DHCP binding
|
|
:param subnet_id: identifier of Neutron subnet for the port
|
|
:param ip_address: IP address for the port in this subnet.
|
|
:param service_id: identifier of NSX DHCP service
|
|
:param binding_id: identifier of NSX DHCP binding
|
|
"""
|
|
with session.begin(subtransactions=True):
|
|
binding = nsx_models.NeutronNsxDhcpBinding(
|
|
port_id=port_id, subnet_id=subnet_id, ip_address=ip_address,
|
|
nsx_service_id=service_id, nsx_binding_id=binding_id)
|
|
session.add(binding)
|
|
return binding
|
|
|
|
|
|
def delete_neutron_nsx_dhcp_binding(session, port_id, binding_id):
|
|
return session.query(nsx_models.NeutronNsxDhcpBinding).filter_by(
|
|
port_id=port_id, nsx_binding_id=binding_id).delete()
|
|
|
|
|
|
def delete_neutron_nsx_dhcp_bindings_by_service_id(session, service_id):
|
|
return session.query(nsx_models.NeutronNsxDhcpBinding).filter_by(
|
|
nsx_service_id=service_id).delete()
|
|
|
|
|
|
def get_nsx_switch_ids(session, neutron_id):
|
|
# This function returns a list of NSX switch identifiers because of
|
|
# the possibility of chained logical switches
|
|
return [mapping['nsx_id'] for mapping in
|
|
session.query(nsx_models.NeutronNsxNetworkMapping).filter_by(
|
|
neutron_id=neutron_id)]
|
|
|
|
|
|
def get_nsx_switch_id_for_dvs(session, neutron_id, dvs_id):
|
|
"""Retrieve the NSX switch ID for a given DVS ID and neutron network."""
|
|
try:
|
|
mapping = (session.query(nsx_models.NeutronNsxNetworkMapping).
|
|
filter_by(neutron_id=neutron_id,
|
|
dvs_id=dvs_id).one())
|
|
return mapping['nsx_id']
|
|
except exc.NoResultFound:
|
|
LOG.debug("NSX switch for dvs-id: %s not yet stored in Neutron DB",
|
|
dvs_id)
|
|
|
|
|
|
def get_net_ids(session, nsx_id):
|
|
return [mapping['neutron_id'] for mapping in
|
|
get_nsx_network_mapping_for_nsx_id(session, nsx_id)]
|
|
|
|
|
|
def get_nsx_network_mapping_for_nsx_id(session, nsx_id):
|
|
return session.query(nsx_models.NeutronNsxNetworkMapping).filter_by(
|
|
nsx_id=nsx_id).all()
|
|
|
|
|
|
def get_nsx_networks_mapping(session):
|
|
return session.query(nsx_models.NeutronNsxNetworkMapping).all()
|
|
|
|
|
|
def get_nsx_switch_and_port_id(session, neutron_id):
|
|
try:
|
|
mapping = (session.query(nsx_models.NeutronNsxPortMapping).
|
|
filter_by(neutron_id=neutron_id).
|
|
one())
|
|
return mapping['nsx_switch_id'], mapping['nsx_port_id']
|
|
except exc.NoResultFound:
|
|
LOG.debug("NSX identifiers for neutron port %s not yet "
|
|
"stored in Neutron DB", neutron_id)
|
|
return None, None
|
|
|
|
|
|
def get_nsx_router_id(session, neutron_id):
|
|
try:
|
|
mapping = (session.query(nsx_models.NeutronNsxRouterMapping).
|
|
filter_by(neutron_id=neutron_id).one())
|
|
return mapping['nsx_id']
|
|
except exc.NoResultFound:
|
|
LOG.debug("NSX identifiers for neutron router %s not yet "
|
|
"stored in Neutron DB", neutron_id)
|
|
|
|
|
|
def get_nsx_security_group_id(session, neutron_id):
|
|
"""Return the id of a security group in the NSX backend.
|
|
|
|
Note: security groups are called 'security profiles' in NSX
|
|
"""
|
|
try:
|
|
mapping = (session.query(nsx_models.NeutronNsxSecurityGroupMapping).
|
|
filter_by(neutron_id=neutron_id).
|
|
one())
|
|
return mapping['nsx_id']
|
|
except exc.NoResultFound:
|
|
LOG.debug("NSX identifiers for neutron security group %s not yet "
|
|
"stored in Neutron DB", neutron_id)
|
|
return None
|
|
|
|
|
|
def get_nsx_security_group_ids(session, neutron_ids):
|
|
"""Return list of ids of a security groups in the NSX backend.
|
|
"""
|
|
filters = {'neutron_id': neutron_ids}
|
|
like_filters = None
|
|
query = session.query(nsx_models.NeutronNsxSecurityGroupMapping)
|
|
mappings = _apply_filters_to_query(
|
|
query, nsx_models.NeutronNsxSecurityGroupMapping,
|
|
filters, like_filters).all()
|
|
return [mapping['nsx_id'] for mapping in mappings
|
|
if mapping['nsx_id'] is not None]
|
|
|
|
|
|
def _delete_by_neutron_id(session, model, neutron_id):
|
|
return session.query(model).filter_by(neutron_id=neutron_id).delete()
|
|
|
|
|
|
def delete_neutron_nsx_port_mapping(session, neutron_id):
|
|
return _delete_by_neutron_id(
|
|
session, nsx_models.NeutronNsxPortMapping, neutron_id)
|
|
|
|
|
|
def delete_neutron_nsx_router_mapping(session, neutron_id):
|
|
return _delete_by_neutron_id(
|
|
session, nsx_models.NeutronNsxRouterMapping, neutron_id)
|
|
|
|
|
|
def unset_default_network_gateways(session):
|
|
with session.begin(subtransactions=True):
|
|
session.query(nsx_models.NetworkGateway).update(
|
|
{nsx_models.NetworkGateway.default: False})
|
|
|
|
|
|
def set_default_network_gateway(session, gw_id):
|
|
with session.begin(subtransactions=True):
|
|
gw = (session.query(nsx_models.NetworkGateway).
|
|
filter_by(id=gw_id).one())
|
|
gw['default'] = True
|
|
|
|
|
|
def set_multiprovider_network(session, network_id):
|
|
with session.begin(subtransactions=True):
|
|
multiprovider_network = nsx_models.MultiProviderNetworks(
|
|
network_id)
|
|
session.add(multiprovider_network)
|
|
return multiprovider_network
|
|
|
|
|
|
def is_multiprovider_network(session, network_id):
|
|
with session.begin(subtransactions=True):
|
|
return bool(
|
|
session.query(nsx_models.MultiProviderNetworks).filter_by(
|
|
network_id=network_id).first())
|
|
|
|
|
|
# NSXv3 L2 Gateway DB methods.
|
|
def add_l2gw_connection_mapping(session, connection_id, bridge_endpoint_id,
|
|
port_id):
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.NsxL2GWConnectionMapping(
|
|
connection_id=connection_id,
|
|
port_id=port_id,
|
|
bridge_endpoint_id=bridge_endpoint_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def get_l2gw_connection_mapping(session, connection_id):
|
|
try:
|
|
return (session.query(nsx_models.NsxL2GWConnectionMapping).
|
|
filter_by(connection_id=connection_id).one())
|
|
except exc.NoResultFound:
|
|
raise nsx_exc.NsxL2GWConnectionMappingNotFound(conn=connection_id)
|
|
|
|
|
|
# NSXv3 QoS policy id <-> switch Id mapping
|
|
def add_qos_policy_profile_mapping(session, qos_policy_id, switch_profile_id):
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.QosPolicySwitchProfile(
|
|
qos_policy_id=qos_policy_id,
|
|
switch_profile_id=switch_profile_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def get_switch_profile_by_qos_policy(session, qos_policy_id):
|
|
try:
|
|
entry = (session.query(nsx_models.QosPolicySwitchProfile).
|
|
filter_by(qos_policy_id=qos_policy_id).one())
|
|
return entry.switch_profile_id
|
|
except exc.NoResultFound:
|
|
raise nsx_exc.NsxQosPolicyMappingNotFound(policy=qos_policy_id)
|
|
|
|
|
|
# NSXv3 Port Mirror Sessions DB methods.
|
|
def add_port_mirror_session_mapping(session, tf_id, pm_session_id):
|
|
with session.begin(subtransactions=True):
|
|
mapping = nsx_models.NsxPortMirrorSessionMapping(
|
|
tap_flow_id=tf_id,
|
|
port_mirror_session_id=pm_session_id)
|
|
session.add(mapping)
|
|
return mapping
|
|
|
|
|
|
def get_port_mirror_session_mapping(session, tf_id):
|
|
try:
|
|
return (session.query(nsx_models.NsxPortMirrorSessionMapping).
|
|
filter_by(tap_flow_id=tf_id).one())
|
|
except exc.NoResultFound:
|
|
raise nsx_exc.NsxPortMirrorSessionMappingNotFound(tf=tf_id)
|
|
|
|
|
|
def delete_port_mirror_session_mapping(session, tf_id):
|
|
return (session.query(nsx_models.NsxPortMirrorSessionMapping).
|
|
filter_by(tap_flow_id=tf_id).delete())
|
|
|
|
|
|
def save_sg_mappings(session, sg_id, nsgroup_id, section_id):
|
|
with session.begin(subtransactions=True):
|
|
session.add(
|
|
nsx_models.NeutronNsxFirewallSectionMapping(neutron_id=sg_id,
|
|
nsx_id=section_id))
|
|
session.add(
|
|
nsx_models.NeutronNsxSecurityGroupMapping(neutron_id=sg_id,
|
|
nsx_id=nsgroup_id))
|
|
|
|
|
|
def get_sg_mappings(session, sg_id):
|
|
nsgroup_mapping = session.query(
|
|
nsx_models.NeutronNsxSecurityGroupMapping
|
|
).filter_by(neutron_id=sg_id).one()
|
|
section_mapping = session.query(
|
|
nsx_models.NeutronNsxFirewallSectionMapping
|
|
).filter_by(neutron_id=sg_id).one()
|
|
return nsgroup_mapping.nsx_id, section_mapping.nsx_id
|
|
|
|
|
|
def get_sg_rule_mapping(session, rule_id):
|
|
rule_mapping = session.query(
|
|
nsx_models.NeutronNsxRuleMapping).filter_by(
|
|
neutron_id=rule_id).one()
|
|
return rule_mapping.nsx_id
|
|
|
|
|
|
def save_sg_rule_mappings(session, rules):
|
|
with session.begin(subtransactions=True):
|
|
for neutron_id, nsx_id in rules:
|
|
mapping = nsx_models.NeutronNsxRuleMapping(
|
|
neutron_id=neutron_id, nsx_id=nsx_id)
|
|
session.add(mapping)
|
|
|
|
|
|
def add_nsx_ipam_subnet_pool(session, subnet_id, nsx_pool_id):
|
|
with session.begin(subtransactions=True):
|
|
binding = nsx_models.NsxSubnetIpam(
|
|
subnet_id=subnet_id,
|
|
nsx_pool_id=nsx_pool_id)
|
|
session.add(binding)
|
|
return binding
|
|
|
|
|
|
def get_nsx_ipam_pool_for_subnet(session, subnet_id):
|
|
try:
|
|
entry = session.query(
|
|
nsx_models.NsxSubnetIpam).filter_by(
|
|
subnet_id=subnet_id).one()
|
|
return entry.nsx_pool_id
|
|
except exc.NoResultFound:
|
|
return
|
|
|
|
|
|
def del_nsx_ipam_subnet_pool(session, subnet_id, nsx_pool_id):
|
|
return (session.query(nsx_models.NsxSubnetIpam).
|
|
filter_by(subnet_id=subnet_id,
|
|
nsx_pool_id=nsx_pool_id).delete())
|
|
|
|
|
|
def get_certificate(session, purpose):
|
|
try:
|
|
cert_entry = session.query(
|
|
nsx_models.NsxCertificateRepository).filter_by(
|
|
purpose=purpose).one()
|
|
return cert_entry.certificate, cert_entry.private_key
|
|
except exc.NoResultFound:
|
|
return None, None
|
|
|
|
|
|
def save_certificate(session, purpose, cert, pk):
|
|
with session.begin(subtransactions=True):
|
|
cert_entry = nsx_models.NsxCertificateRepository(
|
|
purpose=purpose,
|
|
certificate=cert,
|
|
private_key=pk)
|
|
session.add(cert_entry)
|
|
|
|
|
|
def delete_certificate(session, purpose):
|
|
return (session.query(nsx_models.NsxCertificateRepository).
|
|
filter_by(purpose=purpose).delete())
|