2 * Copyright (c) 2014, 2015 Red Hat, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.impl;
11 import java.util.ArrayList;
12 import java.util.List;
14 import org.opendaylight.neutron.spi.INeutronPortCRUD;
15 import org.opendaylight.neutron.spi.INeutronSubnetCRUD;
16 import org.opendaylight.neutron.spi.NeutronPort;
17 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
18 import org.opendaylight.neutron.spi.NeutronSubnet;
19 import org.opendaylight.neutron.spi.Neutron_IPs;
20 import org.opendaylight.ovsdb.openstack.netvirt.ConfigInterface;
21 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
22 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
23 import org.opendaylight.ovsdb.openstack.netvirt.api.Southbound;
24 import org.opendaylight.ovsdb.utils.servicehelper.ServiceHelper;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.ovsdb.rev150105.OvsdbTerminationPointAugmentation;
26 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
27 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.node.TerminationPoint;
28 import org.osgi.framework.BundleContext;
29 import org.osgi.framework.ServiceReference;
30 import org.slf4j.Logger;
31 import org.slf4j.LoggerFactory;
33 public class SecurityServicesImpl implements ConfigInterface, SecurityServicesManager {
34 private static final Logger LOG = LoggerFactory.getLogger(TenantNetworkManagerImpl.class);
35 private volatile INeutronPortCRUD neutronPortCache;
36 private volatile INeutronSubnetCRUD neutronSubnetCache;
37 private volatile Southbound southbound;
40 public boolean isPortSecurityReady(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
41 if (neutronPortCache == null) {
42 LOG.error("neutron port is null");
45 LOG.trace("isPortSecurityReady for {}", terminationPointAugmentation.getName());
46 String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
47 Constants.EXTERNAL_ID_INTERFACE_ID);
48 if (neutronPortId == null) {
51 NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
52 if (neutronPort == null) {
55 String deviceOwner = neutronPort.getDeviceOwner();
56 if (!deviceOwner.contains("compute")) {
57 LOG.debug("Port {} is not a compute host, it is a: {}", neutronPortId, deviceOwner);
59 LOG.debug("isPortSecurityReady() is a {} ", deviceOwner);
60 List<NeutronSecurityGroup> securityGroups = neutronPort.getSecurityGroups();
61 if (securityGroups.isEmpty()) {
62 LOG.debug("Check for device: {} does not contain a Security Group for port: {}", deviceOwner,
66 LOG.debug("Security Group Check {} does contain a Neutron Security Group", neutronPortId);
71 public List<NeutronSecurityGroup> getSecurityGroupInPortList(OvsdbTerminationPointAugmentation
72 terminationPointAugmentation) {
73 List<NeutronSecurityGroup> neutronSecurityGroups = new ArrayList<NeutronSecurityGroup>();
74 if (neutronPortCache == null) {
75 LOG.error("neutron port is null");
76 return neutronSecurityGroups;
78 LOG.trace("isPortSecurityReady for {}", terminationPointAugmentation.getName());
79 String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
80 Constants.EXTERNAL_ID_INTERFACE_ID);
81 if (neutronPortId == null) {
82 return neutronSecurityGroups;
84 NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
85 if (neutronPort == null) {
86 return neutronSecurityGroups;
88 neutronSecurityGroups = neutronPort.getSecurityGroups();
89 return neutronSecurityGroups;
94 public NeutronPort getDhcpServerPort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
95 if (neutronPortCache == null) {
96 LOG.error("getDHCPServerPort: neutron port is null");
99 LOG.trace("getDHCPServerPort for {}",
100 terminationPointAugmentation.getName());
102 String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
103 Constants.EXTERNAL_ID_INTERFACE_ID);
104 if (neutronPortId == null) {
107 NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
108 if (neutronPort == null) {
109 LOG.error("getDHCPServerPort: neutron port of {} is not found", neutronPortId);
112 /* if the current port is a DHCP port, return the same*/
113 if (neutronPort.getDeviceOwner().contains("dhcp")) {
116 /*Since all the fixed ip assigned to a port should be
117 *from the same network, first port is sufficient.*/
118 List<Neutron_IPs> fixedIps = neutronPort.getFixedIPs();
119 if (null == fixedIps || 0 == fixedIps.size() ) {
120 LOG.error("getDHCPServerPort: No fixed ip is assigned");
123 /* Get all the ports in the subnet and identify the dhcp port*/
124 String subnetUuid = fixedIps.iterator().next().getSubnetUUID();
125 NeutronSubnet neutronSubnet = neutronSubnetCache.getSubnet(subnetUuid);
126 List<NeutronPort> ports = neutronSubnet.getPortsInSubnet();
127 for (NeutronPort port : ports) {
128 if (port.getDeviceOwner().contains("dhcp")) {
132 } catch (Exception e) {
133 LOG.error("getDHCPServerPort:getDHCPServerPort failed due to ", e);
142 public boolean isComputePort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
143 if (neutronPortCache == null) {
144 LOG.error("neutron port is null");
147 LOG.trace("isComputePort for {}", terminationPointAugmentation.getName());
148 String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
149 Constants.EXTERNAL_ID_INTERFACE_ID);
150 if (neutronPortId == null) {
153 NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
154 if (neutronPort == null) {
157 /*Check the device owner and if it contains compute to identify
158 * whether it is a compute port.*/
159 String deviceOwner = neutronPort.getDeviceOwner();
160 if (!deviceOwner.contains("compute")) {
161 LOG.debug("isComputePort : Port {} is not a DHCP server port for device owner {}",
162 neutronPortId,deviceOwner);
169 public boolean isLastPortinSubnet(Node node, OvsdbTerminationPointAugmentation terminationPointAugmentation) {
170 if (neutronPortCache == null) {
171 LOG.error("isLastPortinSubnet: neutron port is null");
175 LOG.trace("isLastPortinSubnet: for {}", terminationPointAugmentation.getName());
176 String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
177 Constants.EXTERNAL_ID_INTERFACE_ID);
178 if (neutronPortId == null) {
181 NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
182 if (neutronPort == null) {
183 LOG.error("isLastPortinSubnet: neutron port of {} is not found", neutronPortId);
186 List<Neutron_IPs> neutronPortFixedIp = neutronPort.getFixedIPs();
187 if (null == neutronPortFixedIp || neutronPortFixedIp.isEmpty()) {
190 /*Get all the ports in the current node and check whether there
191 * is any port belonging to the same subnet of the input
193 List<TerminationPoint> terminationPoints = node.getTerminationPoint();
194 if (terminationPoints != null && !terminationPoints.isEmpty()) {
195 for (TerminationPoint tp : terminationPoints) {
196 OvsdbTerminationPointAugmentation ovsdbTerminationPointAugmentation =
197 tp.getAugmentation(OvsdbTerminationPointAugmentation.class);
198 if (ovsdbTerminationPointAugmentation != null && !ovsdbTerminationPointAugmentation
199 .getName().equals(Constants.INTEGRATION_BRIDGE)) {
200 String portId = southbound.getInterfaceExternalIdsValue(ovsdbTerminationPointAugmentation,
201 Constants.EXTERNAL_ID_INTERFACE_ID);
202 if (null != portId) {
203 NeutronPort port = neutronPortCache.getPort(portId);
204 if (null != port && !(port.getID().equals(neutronPort.getID()))
205 && port.getDeviceOwner().contains("compute")) {
206 List<Neutron_IPs> portFixedIp = port.getFixedIPs();
207 if (null == portFixedIp || portFixedIp.isEmpty()) {
210 if (portFixedIp.iterator().next().getSubnetUUID()
211 .equals(neutronPort.getFixedIPs().iterator().next().getSubnetUUID())) {
212 LOG.trace("isLastPortinSubnet: Port is not the only port.");
220 } catch (Exception e) {
221 LOG.error("isLastPortinSubnet: isLastPortinSubnet failed due to ", e);
228 public boolean isLastPortinBridge(Node node, OvsdbTerminationPointAugmentation terminationPointAugmentation) {
229 LOG.trace("isLastPortinBridge: for {}", terminationPointAugmentation.getName());
230 List<TerminationPoint> terminationPoints = node.getTerminationPoint();
231 /*Check whether the node has any port other than br-int*/
232 if (terminationPoints != null && !terminationPoints.isEmpty()) {
233 for (TerminationPoint tp : terminationPoints) {
234 OvsdbTerminationPointAugmentation ovsdbTerminationPointAugmentation =
235 tp.getAugmentation(OvsdbTerminationPointAugmentation.class);
236 if (null != ovsdbTerminationPointAugmentation
237 && !(ovsdbTerminationPointAugmentation.getName().equals(Constants.INTEGRATION_BRIDGE))
238 && !(terminationPointAugmentation.getInterfaceUuid()
239 .equals(ovsdbTerminationPointAugmentation.getInterfaceUuid()))) {
240 LOG.debug("isLastPortinBridge: it the last port in bridge {}",
241 terminationPointAugmentation.getName());
250 public List<Neutron_IPs> getIpAddressList(Node node,
251 OvsdbTerminationPointAugmentation terminationPointAugmentation) {
252 if (neutronPortCache == null) {
253 LOG.error("getIpAddress: neutron port is null");
256 LOG.trace("getIpAddress: for {}", terminationPointAugmentation.getName());
257 String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
258 Constants.EXTERNAL_ID_INTERFACE_ID);
259 if (neutronPortId == null) {
262 NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
263 if (neutronPort == null) {
264 LOG.error("getIpAddress: neutron port of {} is not found", neutronPortId);
267 return neutronPort.getFixedIPs();
271 public List<Neutron_IPs> getVmListForSecurityGroup(List<Neutron_IPs> srcAddressList, String securityGroupUuid) {
272 List<Neutron_IPs> vmListForSecurityGroup = new ArrayList<Neutron_IPs>();
273 /*For every port check whether security grouplist contains the current
276 for (NeutronPort neutronPort:neutronPortCache.getAllPorts()) {
277 if (!neutronPort.getDeviceOwner().contains("compute")) {
278 LOG.debug("getVMListForSecurityGroup : the port {} is not "
279 + "compute port belongs to {}", neutronPort.getID(), neutronPort.getDeviceOwner());
282 List<NeutronSecurityGroup> securityGroups = neutronPort.getSecurityGroups();
283 if (null != securityGroups) {
284 for (NeutronSecurityGroup securityGroup:securityGroups) {
285 if (securityGroup.getSecurityGroupUUID().equals(securityGroupUuid)
286 && !neutronPort.getFixedIPs().containsAll(srcAddressList)) {
287 LOG.debug("getVMListForSecurityGroup : adding ports with ips {} "
288 + "compute port", neutronPort.getFixedIPs());
289 vmListForSecurityGroup.addAll(neutronPort.getFixedIPs());
295 } catch (Exception e) {
296 LOG.error("getVMListForSecurityGroup: getVMListForSecurityGroup"
297 + " failed due to ", e);
300 return vmListForSecurityGroup;
305 public void setDependencies(BundleContext bundleContext, ServiceReference serviceReference) {
307 (Southbound) ServiceHelper.getGlobalInstance(Southbound.class, this);
311 public void setDependencies(Object impl) {
312 if (impl instanceof INeutronPortCRUD) {
313 neutronPortCache = (INeutronPortCRUD)impl;
314 } else if (impl instanceof INeutronSubnetCRUD) {
315 neutronSubnetCache = (INeutronSubnetCRUD) impl;