import java.util.List;
public class SecurityServicesImpl implements ConfigInterface, SecurityServicesManager {
+
private static final Logger LOG = LoggerFactory.getLogger(TenantNetworkManagerImpl.class);
private volatile INeutronPortCRUD neutronPortCache;
private volatile INeutronSubnetCRUD neutronSubnetCache;
private volatile ConfigurationService configurationService;
private volatile IngressAclProvider ingressAclProvider;
private volatile EgressAclProvider egressAclProvider;
+ private volatile NeutronL3Adapter neutronL3Adapter;
+ private boolean isConntrackEnabled = false;
+
+ public SecurityServicesImpl() {
+ super();
+ }
+
+ public SecurityServicesImpl(boolean isConntrack) {
+ super();
+ this.isConntrackEnabled = isConntrack;
+ }
@Override
public boolean isPortSecurityReady(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
}
NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
if (neutronPort == null) {
- return false;
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("isPortSecurityReady for {}", terminationPointAugmentation.getName()
+ + "not found");
+ return false;
+ }
}
String deviceOwner = neutronPort.getDeviceOwner();
if (!deviceOwner.contains("compute")) {
@Override
public List<NeutronSecurityGroup> getSecurityGroupInPortList(OvsdbTerminationPointAugmentation
terminationPointAugmentation) {
- List<NeutronSecurityGroup> neutronSecurityGroups = new ArrayList<NeutronSecurityGroup>();
+ List<NeutronSecurityGroup> neutronSecurityGroups = new ArrayList<>();
if (neutronPortCache == null) {
LOG.error("neutron port is null");
return neutronSecurityGroups;
}
- LOG.trace("isPortSecurityReady for {}", terminationPointAugmentation.getName());
+ LOG.trace("getSecurityGroupInPortList for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
}
NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
if (neutronPort == null) {
- return neutronSecurityGroups;
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getSecurityGroupInPortList for {}", terminationPointAugmentation.getName()
+ + "not found.");
+ return neutronSecurityGroups;
+ }
}
neutronSecurityGroups = neutronPort.getSecurityGroups();
return neutronSecurityGroups;
@Override
public NeutronPort getDhcpServerPort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("getDHCPServerPort: neutron port is null");
- return null;
+ LOG.warn("getDHCPServerPort: neutron port cache is null");
}
LOG.trace("getDHCPServerPort for {}",
terminationPointAugmentation.getName());
+ NeutronPort neutronPort = null;
try {
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
return null;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (null != neutronPortCache) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+
+ }
if (neutronPort == null) {
- LOG.error("getDHCPServerPort: neutron port of {} is not found", neutronPortId);
- return null;
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getDHCPServerPort: neutron port of {} is not found", neutronPortId);
+ return null;
+ }
+ LOG.info("getDHCPServerPort: neutron port of {} got from cleanupcache", neutronPortId);
+
+ }
+ /* if the current port is a DHCP port, return the same*/
+ if (neutronPort.getDeviceOwner().contains("dhcp")) {
+ return neutronPort;
}
/* if the current port is a DHCP port, return the same*/
if (neutronPort.getDeviceOwner().contains("dhcp")) {
/* Get all the ports in the subnet and identify the dhcp port*/
String subnetUuid = fixedIps.iterator().next().getSubnetUUID();
NeutronSubnet neutronSubnet = neutronSubnetCache.getSubnet(subnetUuid);
+ if (neutronSubnet == null) {
+ LOG.error("getDHCPServerPort: No subnet is found for " + subnetUuid);
+ return null;
+ }
List<NeutronPort> ports = neutronSubnet.getPortsInSubnet();
for (NeutronPort port : ports) {
if (port.getDeviceOwner().contains("dhcp")) {
}
NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
if (neutronPort == null) {
- LOG.error("getNeutronPortFromDhcpIntf: neutron port of {} is not found", neutronPortId);
- return null;
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getNeutronPortFromDhcpIntf: neutron port of {} is not found", neutronPortId);
+ return null;
+ }
}
/* if the current port is a DHCP port, return true*/
if (neutronPort.getDeviceOwner().contains("dhcp")) {
return null;
}
+
+ @Override
+ public NeutronPort getNeutronPortFromCache(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
+ NeutronPort neutronPort = null;
+ LOG.trace("getNeutronPortFromCache for {}",
+ terminationPointAugmentation.getName());
+ try {
+ String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
+ Constants.EXTERNAL_ID_INTERFACE_ID);
+ if (neutronPortId == null) {
+ return null;
+ }
+ if (null != neutronPortCache) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+
+ }
+ if (neutronPort == null) {
+ LOG.trace("getNeutronPortFromCache: neutron port of {} search in cleanupcache", neutronPortId);
+
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getNeutronPortFromCache: neutron port of {} is not found", neutronPortId);
+ return null;
+ }
+ LOG.trace("getNeutronPortFromCache: neutron port of {} got from cleanupcache", neutronPortId);
+
+ }
+ } catch (Exception e) {
+ LOG.warn("getNeutronPortFromCache:getNeutronPortFromCache failed due to ", e);
+ return null;
+ }
+ return neutronPort;
+ }
+
+
+
@Override
public boolean isComputePort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("neutron port is null");
- return false;
+ LOG.warn("isComputePort : neutronPortCache is null");
}
+ NeutronPort neutronPort = null;
LOG.trace("isComputePort for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
return false;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (neutronPortCache != null) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+ }
if (neutronPort == null) {
- return false;
+ neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
+ if (neutronPort == null) {
+ return false;
+ }
}
/*Check the device owner and if it contains compute to identify
* whether it is a compute port.*/
@Override
public boolean isLastPortinSubnet(Node node, OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("isLastPortinSubnet: neutron port is null");
- return false;
+ LOG.error("isLastPortinSubnet: neutronPortCache is null");
}
+ NeutronPort neutronPort = null;
try {
LOG.trace("isLastPortinSubnet: for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
if (neutronPortId == null) {
return false;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (neutronPortCache != null) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+ }
if (neutronPort == null) {
- LOG.error("isLastPortinSubnet: neutron port of {} is not found", neutronPortId);
- return false;
+ neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
+ if (neutronPort == null) {
+ LOG.error("isLastPortinSubnet: neutron port of {} is not found", neutronPortId);
+ return false;
+ }
}
List<Neutron_IPs> neutronPortFixedIp = neutronPort.getFixedIPs();
if (null == neutronPortFixedIp || neutronPortFixedIp.isEmpty()) {
}
@Override
- public List<Neutron_IPs> getIpAddressList(Node node,
- OvsdbTerminationPointAugmentation terminationPointAugmentation) {
+ public List<Neutron_IPs> getIpAddressList(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("getIpAddress: neutron port is null");
- return null;
+ LOG.warn("getIpAddress: neutronPortCache is null");
}
+ NeutronPort neutronPort = null;
LOG.trace("getIpAddress: for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
return null;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (neutronPortCache != null) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+ }
+ if (neutronPort == null) {
+ neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
+ }
if (neutronPort == null) {
LOG.error("getIpAddress: neutron port of {} is not found", neutronPortId);
return null;
@Override
public List<Neutron_IPs> getVmListForSecurityGroup(String portUuid, String securityGroupUuid) {
- List<Neutron_IPs> vmListForSecurityGroup = new ArrayList<Neutron_IPs>();
+ List<Neutron_IPs> vmListForSecurityGroup = new ArrayList<>();
/*For every port check whether security grouplist contains the current
* security group.*/
try {
- for (NeutronPort neutronPort:neutronPortCache.getAllPorts()) {
+ for (String neutronPortUuid:neutronL3Adapter.getPortCleanupCache().keySet()) {
+ NeutronPort neutronPort = neutronL3Adapter.getPortCleanupCache().get(neutronPortUuid);
if (!neutronPort.getDeviceOwner().contains("compute")) {
LOG.debug("getVMListForSecurityGroup : the port {} is not "
+ "compute port belongs to {}", neutronPort.getID(), neutronPort.getDeviceOwner());
if (securityGroup.getSecurityGroupUUID().equals(securityGroupUuid)) {
LOG.debug("getVMListForSecurityGroup : adding ports with ips {} "
+ "compute port", neutronPort.getFixedIPs());
- vmListForSecurityGroup.addAll(neutronPort.getFixedIPs());
+ if (neutronPort.getFixedIPs() != null) {
+ vmListForSecurityGroup.addAll(neutronPort.getFixedIPs());
+ }
}
}
}
@Override
public void syncSecurityGroup(NeutronPort port, List<NeutronSecurityGroup> securityGroupList, boolean write) {
- LOG.trace("syncSecurityGroup:" + securityGroupList + " Write:" + Boolean.valueOf(write));
+ LOG.trace("syncSecurityGroup:" + securityGroupList + " Write:" + write);
if (null != port && null != port.getSecurityGroups()) {
Node node = getNode(port);
+ if (node == null) {
+ return;
+ }
NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
+ if (null == neutronNetwork) {
+ neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
+ }
+ if (neutronNetwork == null) {
+ return;
+ }
String segmentationId = neutronNetwork.getProviderSegmentationID();
OvsdbTerminationPointAugmentation intf = getInterface(node, port);
+ if (intf == null) {
+ return;
+ }
long localPort = southbound.getOFPort(intf);
String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
if (attachedMac == null) {
return;
}
long dpid = getDpidOfIntegrationBridge(node);
+ if (dpid == 0L) {
+ return;
+ }
String neutronPortId = southbound.getInterfaceExternalIdsValue(intf,
Constants.EXTERNAL_ID_INTERFACE_ID);
+ if (neutronPortId == null) {
+ LOG.debug("syncSecurityGroup: No neutronPortId seen in {}", intf);
+ return;
+ }
for (NeutronSecurityGroup securityGroupInPort:securityGroupList) {
ingressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
securityGroupInPort, neutronPortId, write);
@Override
public void syncSecurityRule(NeutronPort port, NeutronSecurityRule securityRule,Neutron_IPs vmIp, boolean write) {
- LOG.trace("syncSecurityGroup:" + securityRule + " Write:" + Boolean.valueOf(write));
+ LOG.trace("syncSecurityGroup:" + securityRule + " Write:" + write);
if (null != port && null != port.getSecurityGroups()) {
Node node = getNode(port);
+ if (node == null) {
+ return;
+ }
NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
+ if (null == neutronNetwork) {
+ neutronNetwork = neutronL3Adapter.getNetworkFromCleanupCache(port.getNetworkUUID());
+ }
+ if (neutronNetwork == null) {
+ return;
+ }
String segmentationId = neutronNetwork.getProviderSegmentationID();
OvsdbTerminationPointAugmentation intf = getInterface(node, port);
+ if (intf == null) {
+ return;
+ }
long localPort = southbound.getOFPort(intf);
String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
if (attachedMac == null) {
return;
}
long dpid = getDpidOfIntegrationBridge(node);
- if ("IPv4".equals(securityRule.getSecurityRuleEthertype())
- && "ingress".equals(securityRule.getSecurityRuleDirection())) {
-
- ingressAclProvider.programPortSecurityRule(dpid, segmentationId, attachedMac, localPort,
- securityRule, vmIp, write);
- } else if (securityRule.getSecurityRuleEthertype().equals("IPv4")
- && securityRule.getSecurityRuleDirection().equals("egress")) {
- egressAclProvider.programPortSecurityRule(dpid, segmentationId, attachedMac, localPort,
- securityRule, vmIp, write);
+ if (dpid == 0L) {
+ return;
+ }
+ if (NeutronSecurityRule.ETHERTYPE_IPV4.equals(securityRule.getSecurityRuleEthertype())) {
+ if (NeutronSecurityRule.DIRECTION_INGRESS.equals(securityRule.getSecurityRuleDirection())) {
+ ingressAclProvider.programPortSecurityRule(dpid, segmentationId, attachedMac, localPort,
+ securityRule, vmIp, write);
+ } else if (NeutronSecurityRule.DIRECTION_EGRESS.equals(securityRule.getSecurityRuleDirection())) {
+ egressAclProvider.programPortSecurityRule(dpid, segmentationId, attachedMac, localPort,
+ securityRule, vmIp, write);
+ }
}
}
}
if (southbound.getBridgeName(node).equals(configurationService.getIntegrationBridgeName())) {
dpid = getDpid(node);
}
+ if (dpid == 0L) {
+ LOG.warn("getDpidOfIntegerationBridge: dpid not found: {}", node);
+ }
return dpid;
}
LOG.error("Exception during handlingNeutron network delete", e);
}
}
+ LOG.info("no node found for port:" + port);
return null;
}
} catch (Exception e) {
LOG.error("Exception during handlingNeutron network delete", e);
}
+ LOG.info("no interface found for node: " + node + " port:" + port);
return null;
}
@Override
public void setDependencies(ServiceReference serviceReference) {
+ neutronL3Adapter =
+ (NeutronL3Adapter) ServiceHelper.getGlobalInstance(NeutronL3Adapter.class, this);
southbound =
(Southbound) ServiceHelper.getGlobalInstance(Southbound.class, this);
neutronNetworkCache =
egressAclProvider = (EgressAclProvider) impl;
}
}
-}
\ No newline at end of file
+
+ @Override
+ public boolean isConntrackEnabled() {
+ return isConntrackEnabled;
+ }
+}
Code Review / ovsdb.git / blobdiff