package org.opendaylight.ovsdb.openstack.netvirt.impl;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opendaylight.neutron.spi.INeutronPortCRUD;
-import org.opendaylight.neutron.spi.INeutronSubnetCRUD;
-import org.opendaylight.neutron.spi.NeutronPort;
-import org.opendaylight.neutron.spi.NeutronSecurityGroup;
-import org.opendaylight.neutron.spi.NeutronSubnet;
-import org.opendaylight.neutron.spi.Neutron_IPs;
import org.opendaylight.ovsdb.openstack.netvirt.ConfigInterface;
+import org.opendaylight.ovsdb.openstack.netvirt.api.ConfigurationService;
import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
+import org.opendaylight.ovsdb.openstack.netvirt.api.EgressAclProvider;
+import org.opendaylight.ovsdb.openstack.netvirt.api.IngressAclProvider;
import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
import org.opendaylight.ovsdb.openstack.netvirt.api.Southbound;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronNetwork;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronPort;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSubnet;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.crud.INeutronNetworkCRUD;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.crud.INeutronPortCRUD;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.crud.INeutronSubnetCRUD;
import org.opendaylight.ovsdb.utils.servicehelper.ServiceHelper;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.ovsdb.rev150105.OvsdbTerminationPointAugmentation;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.node.TerminationPoint;
-import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.ArrayList;
+import java.util.List;
+
public class SecurityServicesImpl implements ConfigInterface, SecurityServicesManager {
+
private static final Logger LOG = LoggerFactory.getLogger(TenantNetworkManagerImpl.class);
private volatile INeutronPortCRUD neutronPortCache;
private volatile INeutronSubnetCRUD neutronSubnetCache;
private volatile Southbound southbound;
+ private volatile INeutronNetworkCRUD neutronNetworkCache;
+ private volatile ConfigurationService configurationService;
+ private volatile IngressAclProvider ingressAclProvider;
+ private volatile EgressAclProvider egressAclProvider;
+ private volatile NeutronL3Adapter neutronL3Adapter;
+ private boolean isConntrackEnabled = false;
+
+ public SecurityServicesImpl() {
+ super();
+ }
+
+ public SecurityServicesImpl(boolean isConntrack) {
+ super();
+ this.isConntrackEnabled = isConntrack;
+ }
@Override
public boolean isPortSecurityReady(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
}
NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
if (neutronPort == null) {
- return false;
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("isPortSecurityReady for {}", terminationPointAugmentation.getName()
+ + "not found");
+ return false;
+ }
}
String deviceOwner = neutronPort.getDeviceOwner();
if (!deviceOwner.contains("compute")) {
@Override
public List<NeutronSecurityGroup> getSecurityGroupInPortList(OvsdbTerminationPointAugmentation
terminationPointAugmentation) {
- List<NeutronSecurityGroup> neutronSecurityGroups = new ArrayList<NeutronSecurityGroup>();
+ List<NeutronSecurityGroup> neutronSecurityGroups = new ArrayList<>();
if (neutronPortCache == null) {
LOG.error("neutron port is null");
return neutronSecurityGroups;
}
- LOG.trace("isPortSecurityReady for {}", terminationPointAugmentation.getName());
+ LOG.trace("getSecurityGroupInPortList for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
}
NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
if (neutronPort == null) {
- return neutronSecurityGroups;
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getSecurityGroupInPortList for {}", terminationPointAugmentation.getName()
+ + "not found.");
+ return neutronSecurityGroups;
+ }
}
neutronSecurityGroups = neutronPort.getSecurityGroups();
return neutronSecurityGroups;
@Override
public NeutronPort getDhcpServerPort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("getDHCPServerPort: neutron port is null");
- return null;
+ LOG.warn("getDHCPServerPort: neutron port cache is null");
}
LOG.trace("getDHCPServerPort for {}",
terminationPointAugmentation.getName());
+ NeutronPort neutronPort = null;
try {
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
return null;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (null != neutronPortCache) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+
+ }
if (neutronPort == null) {
- LOG.error("getDHCPServerPort: neutron port of {} is not found", neutronPortId);
- return null;
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getDHCPServerPort: neutron port of {} is not found", neutronPortId);
+ return null;
+ }
+ LOG.info("getDHCPServerPort: neutron port of {} got from cleanupcache", neutronPortId);
+
+ }
+ /* if the current port is a DHCP port, return the same*/
+ if (neutronPort.getDeviceOwner().contains("dhcp")) {
+ return neutronPort;
}
/* if the current port is a DHCP port, return the same*/
if (neutronPort.getDeviceOwner().contains("dhcp")) {
/* Get all the ports in the subnet and identify the dhcp port*/
String subnetUuid = fixedIps.iterator().next().getSubnetUUID();
NeutronSubnet neutronSubnet = neutronSubnetCache.getSubnet(subnetUuid);
+ if (neutronSubnet == null) {
+ LOG.error("getDHCPServerPort: No subnet is found for " + subnetUuid);
+ return null;
+ }
List<NeutronPort> ports = neutronSubnet.getPortsInSubnet();
for (NeutronPort port : ports) {
if (port.getDeviceOwner().contains("dhcp")) {
LOG.error("getDHCPServerPort:getDHCPServerPort failed due to ", e);
return null;
}
+ return null;
+ }
+ @Override
+ public NeutronPort getNeutronPortFromDhcpIntf(
+ OvsdbTerminationPointAugmentation terminationPointAugmentation) {
+ if (neutronPortCache == null) {
+ LOG.error("getNeutronPortFromDhcpIntf: neutron port is null");
+ return null;
+ }
+ String neutronPortId = southbound.getInterfaceExternalIdsValue(
+ terminationPointAugmentation,
+ Constants.EXTERNAL_ID_INTERFACE_ID);
+ if (neutronPortId == null) {
+ return null;
+ }
+ NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (neutronPort == null) {
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getNeutronPortFromDhcpIntf: neutron port of {} is not found", neutronPortId);
+ return null;
+ }
+ }
+ /* if the current port is a DHCP port, return true*/
+ if (neutronPort.getDeviceOwner().contains("dhcp")) {
+ LOG.trace("getNeutronPortFromDhcpIntf: neutronPort is a dhcp port", neutronPort );
+ return neutronPort;
+ }
return null;
+ }
+
+
+ @Override
+ public NeutronPort getNeutronPortFromCache(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
+ NeutronPort neutronPort = null;
+ LOG.trace("getNeutronPortFromCache for {}",
+ terminationPointAugmentation.getName());
+ try {
+ String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
+ Constants.EXTERNAL_ID_INTERFACE_ID);
+ if (neutronPortId == null) {
+ return null;
+ }
+ if (null != neutronPortCache) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+
+ }
+ if (neutronPort == null) {
+ LOG.trace("getNeutronPortFromCache: neutron port of {} search in cleanupcache", neutronPortId);
+
+ neutronPort = neutronL3Adapter.getPortFromCleanupCache(neutronPortId);
+ if (neutronPort == null) {
+ LOG.error("getNeutronPortFromCache: neutron port of {} is not found", neutronPortId);
+ return null;
+ }
+ LOG.trace("getNeutronPortFromCache: neutron port of {} got from cleanupcache", neutronPortId);
+ }
+ } catch (Exception e) {
+ LOG.warn("getNeutronPortFromCache:getNeutronPortFromCache failed due to ", e);
+ return null;
+ }
+ return neutronPort;
}
+
+
@Override
public boolean isComputePort(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("neutron port is null");
- return false;
+ LOG.warn("isComputePort : neutronPortCache is null");
}
+ NeutronPort neutronPort = null;
LOG.trace("isComputePort for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
return false;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (neutronPortCache != null) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+ }
if (neutronPort == null) {
- return false;
+ neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
+ if (neutronPort == null) {
+ return false;
+ }
}
/*Check the device owner and if it contains compute to identify
* whether it is a compute port.*/
@Override
public boolean isLastPortinSubnet(Node node, OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("isLastPortinSubnet: neutron port is null");
- return false;
+ LOG.error("isLastPortinSubnet: neutronPortCache is null");
}
+ NeutronPort neutronPort = null;
try {
LOG.trace("isLastPortinSubnet: for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
if (neutronPortId == null) {
return false;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (neutronPortCache != null) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+ }
if (neutronPort == null) {
- LOG.error("isLastPortinSubnet: neutron port of {} is not found", neutronPortId);
- return false;
+ neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
+ if (neutronPort == null) {
+ LOG.error("isLastPortinSubnet: neutron port of {} is not found", neutronPortId);
+ return false;
+ }
}
List<Neutron_IPs> neutronPortFixedIp = neutronPort.getFixedIPs();
if (null == neutronPortFixedIp || neutronPortFixedIp.isEmpty()) {
}
@Override
- public List<Neutron_IPs> getIpAddressList(Node node,
- OvsdbTerminationPointAugmentation terminationPointAugmentation) {
+ public List<Neutron_IPs> getIpAddressList(OvsdbTerminationPointAugmentation terminationPointAugmentation) {
if (neutronPortCache == null) {
- LOG.error("getIpAddress: neutron port is null");
- return null;
+ LOG.warn("getIpAddress: neutronPortCache is null");
}
+ NeutronPort neutronPort = null;
LOG.trace("getIpAddress: for {}", terminationPointAugmentation.getName());
String neutronPortId = southbound.getInterfaceExternalIdsValue(terminationPointAugmentation,
Constants.EXTERNAL_ID_INTERFACE_ID);
if (neutronPortId == null) {
return null;
}
- NeutronPort neutronPort = neutronPortCache.getPort(neutronPortId);
+ if (neutronPortCache != null) {
+ neutronPort = neutronPortCache.getPort(neutronPortId);
+ }
+ if (neutronPort == null) {
+ neutronPort = getNeutronPortFromCache(terminationPointAugmentation);
+ }
if (neutronPort == null) {
LOG.error("getIpAddress: neutron port of {} is not found", neutronPortId);
return null;
}
@Override
- public List<Neutron_IPs> getVmListForSecurityGroup(List<Neutron_IPs> srcAddressList, String securityGroupUuid) {
- List<Neutron_IPs> vmListForSecurityGroup = new ArrayList<Neutron_IPs>();
+ public List<Neutron_IPs> getVmListForSecurityGroup(String portUuid, String securityGroupUuid) {
+ List<Neutron_IPs> vmListForSecurityGroup = new ArrayList<>();
/*For every port check whether security grouplist contains the current
* security group.*/
try {
- for (NeutronPort neutronPort:neutronPortCache.getAllPorts()) {
+ for (NeutronPort neutronPort:neutronL3Adapter.getPortCleanupCache()) {
if (!neutronPort.getDeviceOwner().contains("compute")) {
LOG.debug("getVMListForSecurityGroup : the port {} is not "
+ "compute port belongs to {}", neutronPort.getID(), neutronPort.getDeviceOwner());
continue;
}
+ if (portUuid.equals(neutronPort.getID())) {
+ continue;
+ }
List<NeutronSecurityGroup> securityGroups = neutronPort.getSecurityGroups();
if (null != securityGroups) {
for (NeutronSecurityGroup securityGroup:securityGroups) {
- if (securityGroup.getSecurityGroupUUID().equals(securityGroupUuid)
- && !neutronPort.getFixedIPs().containsAll(srcAddressList)) {
+ if (securityGroup.getSecurityGroupUUID().equals(securityGroupUuid)) {
LOG.debug("getVMListForSecurityGroup : adding ports with ips {} "
+ "compute port", neutronPort.getFixedIPs());
- vmListForSecurityGroup.addAll(neutronPort.getFixedIPs());
+ if (neutronPort.getFixedIPs() != null) {
+ vmListForSecurityGroup.addAll(neutronPort.getFixedIPs());
+ }
}
}
}
}
@Override
- public void setDependencies(BundleContext bundleContext, ServiceReference serviceReference) {
+ public void syncSecurityGroup(NeutronPort port, List<NeutronSecurityGroup> securityGroupList, boolean write) {
+ LOG.trace("syncSecurityGroup:" + securityGroupList + " Write:" + write);
+ if (null != port && null != port.getSecurityGroups()) {
+ Node node = getNode(port);
+ if (node == null) {
+ return;
+ }
+ NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
+ if (neutronNetwork == null) {
+ return;
+ }
+ String segmentationId = neutronNetwork.getProviderSegmentationID();
+ OvsdbTerminationPointAugmentation intf = getInterface(node, port);
+ if (intf == null) {
+ return;
+ }
+ long localPort = southbound.getOFPort(intf);
+ String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
+ if (attachedMac == null) {
+ LOG.debug("programVlanRules: No AttachedMac seen in {}", intf);
+ return;
+ }
+ long dpid = getDpidOfIntegrationBridge(node);
+ if (dpid == 0L) {
+ return;
+ }
+ String neutronPortId = southbound.getInterfaceExternalIdsValue(intf,
+ Constants.EXTERNAL_ID_INTERFACE_ID);
+ if (neutronPortId == null) {
+ LOG.debug("syncSecurityGroup: No neutronPortId seen in {}", intf);
+ return;
+ }
+ for (NeutronSecurityGroup securityGroupInPort:securityGroupList) {
+ ingressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
+ securityGroupInPort, neutronPortId, write);
+ egressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
+ securityGroupInPort, neutronPortId, write);
+ }
+ }
+ }
+
+ @Override
+ public void syncSecurityRule(NeutronPort port, NeutronSecurityRule securityRule,Neutron_IPs vmIp, boolean write) {
+ LOG.trace("syncSecurityGroup:" + securityRule + " Write:" + write);
+ if (null != port && null != port.getSecurityGroups()) {
+ Node node = getNode(port);
+ if (node == null) {
+ return;
+ }
+ NeutronNetwork neutronNetwork = neutronNetworkCache.getNetwork(port.getNetworkUUID());
+ if (neutronNetwork == null) {
+ return;
+ }
+ String segmentationId = neutronNetwork.getProviderSegmentationID();
+ OvsdbTerminationPointAugmentation intf = getInterface(node, port);
+ if (intf == null) {
+ return;
+ }
+ long localPort = southbound.getOFPort(intf);
+ String attachedMac = southbound.getInterfaceExternalIdsValue(intf, Constants.EXTERNAL_ID_VM_MAC);
+ if (attachedMac == null) {
+ LOG.debug("programVlanRules: No AttachedMac seen in {}", intf);
+ return;
+ }
+ long dpid = getDpidOfIntegrationBridge(node);
+ if (dpid == 0L) {
+ return;
+ }
+ if ("IPv4".equals(securityRule.getSecurityRuleEthertype())
+ && "ingress".equals(securityRule.getSecurityRuleDirection())) {
+
+ ingressAclProvider.programPortSecurityRule(dpid, segmentationId, attachedMac, localPort,
+ securityRule, vmIp, write);
+ } else if (securityRule.getSecurityRuleEthertype().equals("IPv4")
+ && securityRule.getSecurityRuleDirection().equals("egress")) {
+ egressAclProvider.programPortSecurityRule(dpid, segmentationId, attachedMac, localPort,
+ securityRule, vmIp, write);
+ }
+ }
+ }
+
+ private long getDpidOfIntegrationBridge(Node node) {
+ LOG.trace("getDpidOfIntegrationBridge:" + node);
+ long dpid = 0L;
+ if (southbound.getBridgeName(node).equals(configurationService.getIntegrationBridgeName())) {
+ dpid = getDpid(node);
+ }
+ if (dpid == 0L) {
+ LOG.warn("getDpidOfIntegerationBridge: dpid not found: {}", node);
+ }
+ return dpid;
+ }
+
+ private long getDpid(Node node) {
+ LOG.trace("getDpid" + node);
+ long dpid = southbound.getDataPathId(node);
+ if (dpid == 0) {
+ LOG.warn("getDpid: dpid not found: {}", node);
+ }
+ return dpid;
+ }
+
+ private Node getNode(NeutronPort port) {
+ LOG.trace("getNode:Port" + port);
+ List<Node> toplogyNodes = southbound.readOvsdbTopologyNodes();
+
+ for (Node topologyNode : toplogyNodes) {
+ try {
+ Node node = southbound.getBridgeNode(topologyNode,Constants.INTEGRATION_BRIDGE);
+ List<OvsdbTerminationPointAugmentation> ovsdbPorts = southbound.getTerminationPointsOfBridge(node);
+ for (OvsdbTerminationPointAugmentation ovsdbPort : ovsdbPorts) {
+ String uuid = southbound.getInterfaceExternalIdsValue(ovsdbPort,
+ Constants.EXTERNAL_ID_INTERFACE_ID);
+ if (null != uuid && uuid.equals(port.getID())) {
+ return node;
+ }
+ }
+ } catch (Exception e) {
+ LOG.error("Exception during handlingNeutron network delete", e);
+ }
+ }
+ LOG.info("no node found for port:" + port);
+ return null;
+ }
+
+ private OvsdbTerminationPointAugmentation getInterface(Node node, NeutronPort port) {
+ LOG.trace("getInterface:Node:" + node + " Port:" + port);
+ try {
+ List<OvsdbTerminationPointAugmentation> ovsdbPorts = southbound.getTerminationPointsOfBridge(node);
+ for (OvsdbTerminationPointAugmentation ovsdbPort : ovsdbPorts) {
+ String uuid = southbound.getInterfaceExternalIdsValue(ovsdbPort,
+ Constants.EXTERNAL_ID_INTERFACE_ID);
+ if (null != uuid && uuid.equals(port.getID())) {
+ return ovsdbPort;
+ }
+ }
+ } catch (Exception e) {
+ LOG.error("Exception during handlingNeutron network delete", e);
+ }
+ LOG.info("no interface found for node: " + node + " port:" + port);
+ return null;
+ }
+
+ @Override
+ public void setDependencies(ServiceReference serviceReference) {
+ neutronL3Adapter =
+ (NeutronL3Adapter) ServiceHelper.getGlobalInstance(NeutronL3Adapter.class, this);
southbound =
(Southbound) ServiceHelper.getGlobalInstance(Southbound.class, this);
+ neutronNetworkCache =
+ (INeutronNetworkCRUD) ServiceHelper.getGlobalInstance(INeutronNetworkCRUD.class, this);
+ configurationService =
+ (ConfigurationService) ServiceHelper.getGlobalInstance(ConfigurationService.class, this);
}
@Override
neutronPortCache = (INeutronPortCRUD)impl;
} else if (impl instanceof INeutronSubnetCRUD) {
neutronSubnetCache = (INeutronSubnetCRUD) impl;
+ } else if (impl instanceof IngressAclProvider) {
+ ingressAclProvider = (IngressAclProvider) impl;
+ } else if (impl instanceof EgressAclProvider) {
+ egressAclProvider = (EgressAclProvider) impl;
}
}
-}
\ No newline at end of file
+
+ @Override
+ public boolean isConntrackEnabled() {
+ return isConntrackEnabled;
+ }
+}