import java.util.List;
public class SecurityServicesImpl implements ConfigInterface, SecurityServicesManager {
+
private static final Logger LOG = LoggerFactory.getLogger(TenantNetworkManagerImpl.class);
private volatile INeutronPortCRUD neutronPortCache;
private volatile INeutronSubnetCRUD neutronSubnetCache;
private volatile ConfigurationService configurationService;
private volatile IngressAclProvider ingressAclProvider;
private volatile EgressAclProvider egressAclProvider;
+ private volatile NeutronL3Adapter neutronL3Adapter;
+ private boolean isConntrackEnabled = false;
+
+ public SecurityServicesImpl() {
+ super();
+ }
+
+ public SecurityServicesImpl(boolean isConntrack) {
+ super();
+ this.isConntrackEnabled = isConntrack;
+ }
@Override
public boolean isPortSecurityReady(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
}
NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
if (neutronPort == null) {
- return false;
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("isPortSecurityReady for {}", terminationPointAugmentation.getName()
+ + "not found");
+ return false;
+ }
}
String deviceOwner = neutronPort.getDeviceOwner();
if (!deviceOwner.contains("compute")) {
LOG.error("neutron port is null");
return neutronSecurityGroups;
}
- LOG.trace("isPortSecurityReady for {}", terminationPointAugmentation.getName());
+ LOG.trace("getSecurityGroupInPortList for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
}
NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
if (neutronPort == null) {
- return neutronSecurityGroups;
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getSecurityGroupInPortList for {}", terminationPointAugmentation.getName()
+ + "not found.");
+ return neutronSecurityGroups;
+ }
}
neutronSecurityGroups = neutronPort.getSecurityGroups();
return neutronSecurityGroups;
@Override
public NeutronPort getDhcpServerPort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("getDHCPServerPort: neutron port is null");
- return null;
+ LOG.warn("getDHCPServerPort: neutron port cache is null");
}
LOG.trace("getDHCPServerPort for {}",
terminationPointAugmentation.getName());
+ NeutronPort neutronPort = null;
try {
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
return null;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (null != neutronPortCache) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+
+ }
if (neutronPort == null) {
- LOG.error("getDHCPServerPort: neutron port of {} is not found", neutronPortId);
- return null;
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getDHCPServerPort: neutron port of {} is not found", neutronPortId);
+ return null;
+ }
+ LOG.info("getDHCPServerPort: neutron port of {} got from cleanupcache", neutronPortId);
+
+ }
+ /* if the current port is a DHCP port, return the same*/
+ if (neutronPort.getDeviceOwner().contains("dhcp")) {
+ return neutronPort;
}
/* if the current port is a DHCP port, return the same*/
if (neutronPort.getDeviceOwner().contains("dhcp")) {
/* Get all the ports in the subnet and identify the dhcp port*/
String subnetUuid = fixedIps.iterator().next().getSubnetUUID();
NeutronSubnet neutronSubnet = neutronSubnetCache.getSubnet(subnetUuid);
+ if (neutronSubnet == null) {
+ LOG.error("getDHCPServerPort: No subnet is found for " + subnetUuid);
+ return null;
+ }
List<NeutronPort> ports = neutronSubnet.getPortsInSubnet();
for (NeutronPort port : ports) {
if (port.getDeviceOwner().contains("dhcp")) {
}
NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
if (neutronPort == null) {
- LOG.error("getNeutronPortFromDhcpIntf: neutron port of {} is not found", neutronPortId);
- return null;
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getNeutronPortFromDhcpIntf: neutron port of {} is not found", neutronPortId);
+ return null;
+ }
}
/* if the current port is a DHCP port, return true*/
if (neutronPort.getDeviceOwner().contains("dhcp")) {
return null;
}
+
+ @Override
+ public NeutronPort getNeutronPortFromCache(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
+ NeutronPort neutronPort = null;
+ LOG.trace("getNeutronPortFromCache for {}",
+ terminationPointAugmentation.getName());
+ try {
+ String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
+ Constants.EXTERNAL_ID_INTERFACE_ID);
+ if (neutronPortId == null) {
+ return null;
+ }
+ if (null != neutronPortCache) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+
+ }
+ if (neutronPort == null) {
+ LOG.trace("getNeutronPortFromCache: neutron port of {} search in cleanupcache", neutronPortId);
+
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getNeutronPortFromCache: neutron port of {} is not found", neutronPortId);
+ return null;
+ }
+ LOG.trace("getNeutronPortFromCache: neutron port of {} got from cleanupcache", neutronPortId);
+
+ }
+ } catch (Exception e) {
+ LOG.warn("getNeutronPortFromCache:getNeutronPortFromCache failed due to ", e);
+ return null;
+ }
+ return neutronPort;
+ }
+
+
+
@Override
public boolean isComputePort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("neutron port is null");
- return false;
+ LOG.warn("isComputePort : neutronPortCache is null");
}
+ NeutronPort neutronPort = null;
LOG.trace("isComputePort for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
return false;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (neutronPortCache != null) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+ }
if (neutronPort == null) {
- return false;
+ neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
+ if (neutronPort == null) {
+ return false;
+ }
}
/*Check the device owner and if it contains compute to identify
* whether it is a compute port.*/
@Override
public boolean isLastPortinSubnet(Node node, OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("isLastPortinSubnet: neutron port is null");
- return false;
+ LOG.error("isLastPortinSubnet: neutronPortCache is null");
}
+ NeutronPort neutronPort = null;
try {
LOG.trace("isLastPortinSubnet: for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
if (neutronPortId == null) {
return false;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (neutronPortCache != null) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+ }
if (neutronPort == null) {
- LOG.error("isLastPortinSubnet: neutron port of {} is not found", neutronPortId);
- return false;
+ neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
+ if (neutronPort == null) {
+ LOG.error("isLastPortinSubnet: neutron port of {} is not found", neutronPortId);
+ return false;
+ }
}
List<Neutron_IPs> neutronPortFixedIp = neutronPort.getFixedIPs();
if (null == neutronPortFixedIp || neutronPortFixedIp.isEmpty()) {
@Override
public List<Neutron_IPs> getIpAddressList(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("getIpAddress: neutron port is null");
- return null;
+ LOG.warn("getIpAddress: neutronPortCache is null");
}
+ NeutronPort neutronPort = null;
LOG.trace("getIpAddress: for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
return null;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (neutronPortCache != null) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+ }
+ if (neutronPort == null) {
+ neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
+ }
if (neutronPort == null) {
LOG.error("getIpAddress: neutron port of {} is not found", neutronPortId);
return null;
/*For every port check whether security grouplist contains the current
* security group.*/
try {
- for (NeutronPort neutronPort:neutronPortCache.getAllPorts()) {
+ for (NeutronPort neutronPort:neutronL3Adapter.getPortCleanupCache()) {
if (!neutronPort.getDeviceOwner().contains("compute")) {
LOG.debug("getVMListForSecurityGroup : the port {} is not "
+ "compute port belongs to {}", neutronPort.getID(), neutronPort.getDeviceOwner());
LOG.trace("syncSecurityGroup:" + securityGroupList + " Write:" + write);
if (null != port && null != port.getSecurityGroups()) {
Node node = getNode(port);
+ if (node == null) {
+ return;
+ }
NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
+ if (neutronNetwork == null) {
+ return;
+ }
String segmentationId = neutronNetwork.getProviderSegmentationID();
OvsdbTerminationPointAugmentation intf = getInterface(node, port);
+ if (intf == null) {
+ return;
+ }
long localPort = southbound.getOFPort(intf);
String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
if (attachedMac == null) {
return;
}
long dpid = getDpidOfIntegrationBridge(node);
+ if (dpid == 0L) {
+ return;
+ }
String neutronPortId = southbound.getInterfaceExternalIdsValue(intf,
Constants.EXTERNAL_ID_INTERFACE_ID);
+ if (neutronPortId == null) {
+ LOG.debug("syncSecurityGroup: No neutronPortId seen in {}", intf);
+ return;
+ }
for (NeutronSecurityGroup securityGroupInPort:securityGroupList) {
ingressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
securityGroupInPort, neutronPortId, write);
LOG.trace("syncSecurityGroup:" + securityRule + " Write:" + write);
if (null != port && null != port.getSecurityGroups()) {
Node node = getNode(port);
+ if (node == null) {
+ return;
+ }
NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
+ if (neutronNetwork == null) {
+ return;
+ }
String segmentationId = neutronNetwork.getProviderSegmentationID();
OvsdbTerminationPointAugmentation intf = getInterface(node, port);
+ if (intf == null) {
+ return;
+ }
long localPort = southbound.getOFPort(intf);
String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
if (attachedMac == null) {
return;
}
long dpid = getDpidOfIntegrationBridge(node);
+ if (dpid == 0L) {
+ return;
+ }
if ("IPv4".equals(securityRule.getSecurityRuleEthertype())
&& "ingress".equals(securityRule.getSecurityRuleDirection())) {
if (southbound.getBridgeName(node).equals(configurationService.getIntegrationBridgeName())) {
dpid = getDpid(node);
}
+ if (dpid == 0L) {
+ LOG.warn("getDpidOfIntegerationBridge: dpid not found: {}", node);
+ }
return dpid;
}
LOG.error("Exception during handlingNeutron network delete", e);
}
}
+ LOG.info("no node found for port:" + port);
return null;
}
} catch (Exception e) {
LOG.error("Exception during handlingNeutron network delete", e);
}
+ LOG.info("no interface found for node: " + node + " port:" + port);
return null;
}
@Override
public void setDependencies(ServiceReference serviceReference) {
+ neutronL3Adapter =
+ (NeutronL3Adapter) ServiceHelper.getGlobalInstance(NeutronL3Adapter.class, this);
southbound =
(Southbound) ServiceHelper.getGlobalInstance(Southbound.class, this);
neutronNetworkCache =
egressAclProvider = (EgressAclProvider) impl;
}
}
-}
\ No newline at end of file
+
+ @Override
+ public boolean isConntrackEnabled() {
+ return isConntrackEnabled;
+ }
+}