x
/
group-based-policy
Code Issues Proposed changes

NFP[Contrib] - Vyos service day0 configuration 

Vyos service day0 configuration installation. Vyos password is
by default 'vyos' after installation. User can still customize
the password in the day0 file before service launch.

Change-Id: I5041f8b8fcfe1e70c3c2b54076d586ca87b54925
Closes-Bug: 1681471
This commit is contained in:
Rajendra Machani 2017-04-10 20:31:24 +05:30
parent 59bceed641
commit 3b30dc4757
9 changed files with 281 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
devstack/lib/nfp
View File

@ -414,7 +414,12 @@ function copy_nfp_files_and_start_process {
sudo rm -rf /etc/nfp*
sudo cp -r bin/nfp.ini /etc/
sudo cp -r bin/nfp_proxy /usr/bin/
[[ $NFP_DEVSTACK_MODE = advanced ]] && sudo bash -c 'cat '$NFPSERVICE_DIR'/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini'
if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
sudo bash -c 'cat '$NFPSERVICE_DIR'/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini'
sudo mkdir -p /etc/nfp/vyos/
sudo cp -r $NFPSERVICE_DIR/gbpservice/contrib/nfp/bin/vyos.day0 /etc/nfp/vyos/
sudo sed -i 's/"password": ""/"password": "vyos"/' /etc/nfp/vyos/vyos.day0
fi
if [[ $NFP_DEVSTACK_MODE = base ]]; then
configurator_ip=127.0.0.1
configurator_port=8080

6
gbpservice/contrib/nfp/bin/vyos.day0 Normal file
View File

@ -0,0 +1,6 @@
{
"vyos": {
"username": "vyos",
"password": ""
}
}

5
gbpservice/contrib/nfp/configurator/drivers/base/base_driver.py
View File

@ -100,7 +100,7 @@ class BaseDriver(object):
return const.FAILED
return const.SUCCESS
def _configure_log_forwarding(self, url, mgmt_ip, port):
def _configure_log_forwarding(self, url, mgmt_ip, port, headers=None):
""" Configures log forwarding IP address in Service VMs.
:param url: url format that is used to invoke the Service VM API
@ -131,7 +131,8 @@ class BaseDriver(object):
LOG.info(msg)
try:
resp = requests.post(url, data, timeout=self.timeout)
resp = requests.post(url, data=data,
timeout=self.timeout, headers=headers)
except requests.exceptions.ConnectionError as err:
msg = ("Failed to establish connection to service at: "
"%r for configuring log forwarding. ERROR: %r" %

124
gbpservice/contrib/nfp/configurator/drivers/firewall/vyos/vyos_fw_driver.py
View File

@ -20,6 +20,8 @@ from gbpservice._i18n import _LI
from gbpservice.contrib.nfp.configurator.drivers.base import base_driver
from gbpservice.contrib.nfp.configurator.drivers.firewall.vyos import (
vyos_fw_constants as const)
from gbpservice.contrib.nfp.configurator.lib import (
generic_config_constants as gen_cfg_const)
from gbpservice.contrib.nfp.configurator.lib import constants as common_const
from gbpservice.contrib.nfp.configurator.lib import data_parser
from gbpservice.contrib.nfp.configurator.lib import fw_constants as fw_const
@ -39,11 +41,12 @@ class RestApi(object):
def __init__(self, timeout):
self.timeout = timeout
def request_type_to_api_map(self, url, data, request_type):
def request_type_to_api_map(self, url, data, request_type, headers):
return getattr(requests, request_type)(url,
data=data, timeout=self.timeout)
data=data, timeout=self.timeout,
headers=headers)
def fire(self, url, data, request_type):
def fire(self, url, data, request_type, headers):
""" Invokes REST POST call to the Service VM.
:param url: URL to connect.
@ -59,8 +62,8 @@ class RestApi(object):
"vm with data %s"
% (url, request_type, data))
LOG.debug(msg)
resp = self.request_type_to_api_map(url,
data, request_type.lower())
resp = self.request_type_to_api_map(url, data,
request_type.lower(), headers)
except requests.exceptions.ConnectionError as err:
msg = ("Failed to establish connection to the service at URL: %r. "
"ERROR: %r" % (url, str(err).capitalize()))
@ -93,7 +96,72 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
def __init__(self):
self.parse = data_parser.DataParser()
def _configure_static_ips(self, resource_data):
def _parse_vm_context(self, context):
try:
username = str(context['service_vm_context'][
'vyos']['username'])
password = str(context['service_vm_context'][
'vyos']['password'])
headers = {'Content-Type': 'application/json',
'username': username,
'password': password}
return headers
except Exception as e:
msg = ("Failed to get header from context. ERROR: %s" % e)
LOG.error(msg)
raise Exception(msg)
def configure_healthmonitor(self, context, resource_data):
vm_status = super(FwGenericConfigDriver, self).configure_healthmonitor(
context, resource_data)
if resource_data['nfds'][0]['periodicity'] == gen_cfg_const.INITIAL:
if vm_status == common_const.SUCCESS:
try:
resp = self.configure_user(context, resource_data)
if resp != common_const.STATUS_SUCCESS:
return common_const.FAILURE
except Exception as e:
msg = ("Failed to configure user. ERROR: %s" % e)
LOG.error(msg)
return common_const.FAILURE
return vm_status
def configure_user(self, context, resource_data):
headers = self._parse_vm_context(context)
resource_data = self.parse.parse_data(common_const.HEALTHMONITOR,
resource_data)
mgmt_ip = resource_data['mgmt_ip']
url = const.request_url % (mgmt_ip,
self.port,
'change_auth')
data = {}
LOG.info(_LI("Initiating POST request to configure Authentication "
"service at mgmt ip:%(mgmt_ip)s"),
{'mgmt_ip': mgmt_ip})
err_msg = ("Change Auth POST request to the VyOS firewall "
"service at %s failed. " % url)
try:
resp = self.rest_api.fire(url, data, common_const.POST, headers)
except Exception as err:
err_msg += ("Reason: %r" % str(err).capitalize())
LOG.error(err_msg)
return err_msg
if resp is common_const.STATUS_SUCCESS:
msg = ("Configured user authentication successfully"
" for vyos service at %r." % mgmt_ip)
LOG.info(msg)
return resp
err_msg += (("Failed to change Authentication para Status code "
"Status code: %r, Reason: %r" %
(resp['status'], resp['reason']))
if type(resp) is dict
else ("Reason: " + resp))
LOG.error(err_msg)
return err_msg
def _configure_static_ips(self, context, resource_data):
""" Configure static IPs for provider and stitching interfaces
of service VM.
@ -105,7 +173,7 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context)
static_ips_info = dict(
provider_ip=resource_data.get('provider_ip'),
provider_cidr=resource_data.get('provider_cidr'),
@ -126,7 +194,7 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
err_msg = ("Static IP POST request to the VyOS firewall "
"service at %s failed. " % url)
try:
resp = self.rest_api.fire(url, data, common_const.POST)
resp = self.rest_api.fire(url, data, common_const.POST, headers)
except Exception as err:
err_msg += ("Reason: %r" % str(err).capitalize())
LOG.error(err_msg)
@ -158,14 +226,14 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context)
resource_data = self.parse.parse_data(common_const.INTERFACES,
resource_data)
mgmt_ip = resource_data['mgmt_ip']
try:
result_log_forward = self._configure_log_forwarding(
const.request_url, mgmt_ip, self.port)
const.request_url, mgmt_ip, self.port, headers)
except Exception as err:
msg = ("Failed to configure log forwarding for service at %s. "
"Error: %s" % (mgmt_ip, err))
@ -182,7 +250,8 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
LOG.error(msg)
try:
result_static_ips = self._configure_static_ips(resource_data)
result_static_ips = self._configure_static_ips(context,
resource_data)
except Exception as err:
msg = ("Failed to add static IPs. Error: %s" % err)
LOG.error(msg)
@ -204,7 +273,7 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
err_msg = ("Add persistent rule POST request to the VyOS firewall "
"service at %s failed. " % url)
try:
resp = self.rest_api.fire(url, data, common_const.POST)
resp = self.rest_api.fire(url, data, common_const.POST, headers)
except Exception as err:
err_msg += ("Reason: %r" % str(err).capitalize())
LOG.error(err_msg)
@ -226,7 +295,7 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
LOG.error(err_msg)
return err_msg
def _clear_static_ips(self, resource_data):
def _clear_static_ips(self, context, resource_data):
""" Clear static IPs for provider and stitching
interfaces of the service VM.
@ -238,7 +307,7 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context)
static_ips_info = dict(
provider_ip=resource_data.get('provider_ip'),
provider_cidr=resource_data.get('provider_cidr'),
@ -260,7 +329,7 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
err_msg = ("Static IP DELETE request to the VyOS firewall "
"service at %s failed. " % url)
try:
resp = self.rest_api.fire(url, data, common_const.DELETE)
resp = self.rest_api.fire(url, data, common_const.DELETE, headers)
except Exception as err:
err_msg += ("Reason: %r" % str(err).capitalize())
LOG.error(err_msg)
@ -292,11 +361,11 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context)
resource_data = self.parse.parse_data(common_const.INTERFACES,
resource_data)
try:
result_static_ips = self._clear_static_ips(resource_data)
result_static_ips = self._clear_static_ips(context, resource_data)
except Exception as err:
msg = ("Failed to remove static IPs. Error: %s" % err)
LOG.error(msg)
@ -324,7 +393,7 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
err_msg = ("Persistent rule DELETE request to the VyOS firewall "
"service at %s failed. " % url)
try:
resp = self.rest_api.fire(url, data, common_const.DELETE)
resp = self.rest_api.fire(url, data, common_const.DELETE, headers)
except Exception as err:
err_msg += ("Reason: %r" % str(err).capitalize())
LOG.error(err_msg)
@ -354,7 +423,7 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context)
forward_routes = resource_data.get('forward_route')
resource_data = self.parse.parse_data(common_const.ROUTES,
resource_data)
@ -385,7 +454,7 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
err_msg = ("Configure routes POST request to the VyOS firewall "
"service at %s failed. " % url)
try:
resp = self.rest_api.fire(url, data, common_const.POST)
resp = self.rest_api.fire(url, data, common_const.POST, headers)
except Exception as err:
err_msg += ("Reason: %r" % str(err).capitalize())
LOG.error(err_msg)
@ -415,7 +484,7 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context)
resource_data = self.parse.parse_data(common_const.ROUTES,
resource_data)
mgmt_ip = resource_data.get('mgmt_ip')
@ -435,7 +504,7 @@ class FwGenericConfigDriver(base_driver.BaseDriver):
err_msg = ("Routes DELETE request to the VyOS firewall "
"service at %s failed. " % url)
try:
resp = self.rest_api.fire(url, data, common_const.DELETE)
resp = self.rest_api.fire(url, data, common_const.DELETE, headers)
except Exception as err:
err_msg += ("Reason: %r" % str(err).capitalize())
LOG.error(err_msg)
@ -486,7 +555,7 @@ class FwaasDriver(FwGenericConfigDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context['agent_info']['context'])
resource_data = self.parse.parse_data(common_const.FIREWALL, context)
LOG.info(_LI("Processing request 'Create Firewall' in FWaaS Driver "
@ -504,7 +573,7 @@ class FwaasDriver(FwGenericConfigDriver):
err_msg = ("Configure firewall POST request to the VyOS "
"service at %s failed. " % url)
try:
resp = self.rest_api.fire(url, data, common_const.POST)
resp = self.rest_api.fire(url, data, common_const.POST, headers)
except Exception as err:
err_msg += ("Reason: %r" % str(err).capitalize())
LOG.error(err_msg)
@ -534,6 +603,7 @@ class FwaasDriver(FwGenericConfigDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context['agent_info']['context'])
LOG.info(_LI("Processing request 'Update Firewall' in FWaaS Driver "
"for Firewall ID:%(f_id)s"),
{'f_id': firewall['id']})
@ -549,7 +619,7 @@ class FwaasDriver(FwGenericConfigDriver):
err_msg = ("Update firewall POST request to the VyOS "
"service at %s failed. " % url)
try:
resp = self.rest_api.fire(url, data, common_const.PUT)
resp = self.rest_api.fire(url, data, common_const.PUT, headers)
except Exception as err:
err_msg += ("Reason: %r" % str(err).capitalize())
LOG.error(err_msg)
@ -579,7 +649,7 @@ class FwaasDriver(FwGenericConfigDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context['agent_info']['context'])
LOG.info(_LI("Processing request 'Delete Firewall' in FWaaS Driver "
"for Firewall ID:%(f_id)s"),
{'f_id': firewall['id']})
@ -595,7 +665,7 @@ class FwaasDriver(FwGenericConfigDriver):
err_msg = ("Delete firewall POST request to the VyOS "
"service at %s failed. " % url)
try:
resp = self.rest_api.fire(url, data, common_const.DELETE)
resp = self.rest_api.fire(url, data, common_const.DELETE, headers)
except Exception as err:
err_msg += ("Reason: %r" % str(err).capitalize())
LOG.error(err_msg)

165
gbpservice/contrib/nfp/configurator/drivers/vpn/vyos/vyos_vpn_driver.py
View File

@ -16,9 +16,13 @@ import requests
import six
import time
from neutron._i18n import _LI
from gbpservice.contrib.nfp.configurator.drivers.base import base_driver
from gbpservice.contrib.nfp.configurator.drivers.vpn.vyos import (
vyos_vpn_constants as const)
from gbpservice.contrib.nfp.configurator.lib import (
generic_config_constants as gen_cfg_const)
from gbpservice.contrib.nfp.configurator.lib import constants as common_const
from gbpservice.contrib.nfp.configurator.lib import data_parser
from gbpservice.contrib.nfp.configurator.lib import vpn_constants as vpn_const
@ -52,7 +56,7 @@ class RestApi(object):
return '&'.join([str(k) + '=' + str(v)
for k, v in six.iteritems(args)])
def post(self, api, args):
def post(self, api, args, headers):
"""
Makes ReST call to the service VM to post the configurations.
@ -68,7 +72,8 @@ class RestApi(object):
data = jsonutils.dumps(args)
try:
resp = requests.post(url, data=data, timeout=self.timeout)
resp = requests.post(url, data=data, timeout=self.timeout,
headers=headers)
message = jsonutils.loads(resp.text)
msg = "POST url %s %d" % (url, resp.status_code)
LOG.debug(msg)
@ -87,7 +92,7 @@ class RestApi(object):
LOG.error(msg)
raise requests.exceptions.HTTPError(msg)
def put(self, api, args):
def put(self, api, args, headers):
"""
Makes ReST call to the service VM to put the configurations.
@ -103,7 +108,8 @@ class RestApi(object):
data = jsonutils.dumps(args)
try:
resp = requests.put(url, data=data, timeout=self.timeout)
resp = requests.put(url, data=data, timeout=self.timeout,
headers=headers)
msg = "PUT url %s %d" % (url, resp.status_code)
LOG.debug(msg)
if resp.status_code == 200:
@ -118,7 +124,7 @@ class RestApi(object):
% (url, str(err).capitalize()))
LOG.error(msg)
def delete(self, api, args, data=None):
def delete(self, api, args, headers, data=None):
"""
Makes ReST call to the service VM to delete the configurations.
@ -139,7 +145,8 @@ class RestApi(object):
if data:
data = jsonutils.dumps(data)
try:
resp = requests.delete(url, timeout=self.timeout, data=data)
resp = requests.delete(url, timeout=self.timeout, data=data,
headers=headers)
message = jsonutils.loads(resp.text)
msg = "DELETE url %s %d" % (url, resp.status_code)
LOG.debug(msg)
@ -157,7 +164,7 @@ class RestApi(object):
LOG.error(msg)
raise requests.exceptions.HTTPError(msg)
def get(self, api, args):
def get(self, api, args, headers):
"""
Makes ReST call to the service VM to put the configurations.
@ -174,7 +181,8 @@ class RestApi(object):
const.CONFIGURATION_SERVER_PORT, api)
try:
resp = requests.get(url, params=args, timeout=self.timeout)
resp = requests.get(url, params=args, timeout=self.timeout,
headers=headers)
msg = "GET url %s %d" % (url, resp.status_code)
LOG.debug(msg)
if resp.status_code == 200:
@ -305,7 +313,75 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
self.timeout = const.REST_TIMEOUT
self.parse = data_parser.DataParser()
def _configure_static_ips(self, resource_data):
def _parse_vm_context(self, context):
try:
username = str(context['service_vm_context'][
'vyos']['username'])
password = str(context['service_vm_context'][
'vyos']['password'])
headers = {'Content-Type': 'application/json',
'username': username,
'password': password}
return headers
except Exception as e:
msg = ("Failed to get header from context. ERROR: %s" % e)
LOG.error(msg)
raise Exception(msg)
def configure_healthmonitor(self, context, resource_data):
vm_status = super(VpnGenericConfigDriver,
self).configure_healthmonitor(
context, resource_data)
if resource_data['nfds'][0]['periodicity'] == gen_cfg_const.INITIAL:
if vm_status == common_const.SUCCESS:
try:
resp = self.configure_user(context, resource_data)
if resp not in common_const.SUCCESS_CODES:
return common_const.FAILURE
except Exception as e:
msg = ("Failed to configure user. ERROR: %s" % e)
LOG.error(msg)
return common_const.FAILURE
return vm_status
def configure_user(self, context, resource_data):
headers = self._parse_vm_context(context)
resource_data = self.parse.parse_data(common_const.HEALTHMONITOR,
resource_data)
mgmt_ip = resource_data['mgmt_ip']
url = const.request_url % (mgmt_ip,
self.port,
'change_auth')
data = {}
LOG.info(_LI("Initiating POST request to configure Authentication "
"service at mgmt ip:%(mgmt_ip)s"),
{'mgmt_ip': mgmt_ip})
err_msg = ("Change Auth POST request to the VyOS firewall "
"service at %s failed. " % url)
try:
resp = requests.post(url, data=data, headers=headers)
except Exception as err:
err_msg += ("Reason: %r" % str(err).capitalize())
LOG.error(err_msg)
return err_msg
if (resp.status_code in common_const.SUCCESS_CODES) and (
resp.json().get('status') is True):
msg = ("Configured user authentication successfully"
" for vyos service at %r." % mgmt_ip)
LOG.info(msg)
return resp.status_code
err_msg += (("Failed to change Authentication para Status code"
": %r, Reason: %r" %
(resp.status_code, resp.json().get('reason')))
if type(resp.json()) is dict
else ("Reason: " + resp))
LOG.error(err_msg)
return err_msg
def _configure_static_ips(self, context, resource_data):
""" Configure static IPs for provider and stitching interfaces
of service VM.
@ -317,7 +393,7 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context)
static_ips_info = dict(
provider_ip=resource_data.get('provider_ip'),
provider_cidr=resource_data.get('provider_cidr'),
@ -336,7 +412,8 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
"service at: %r" % mgmt_ip)
LOG.info(msg)
try:
resp = requests.post(url, data, timeout=self.timeout)
resp = requests.post(url, data, timeout=self.timeout,
headers=headers)
except requests.exceptions.ConnectionError as err:
msg = ("Failed to establish connection to primary service at: "
"%r. ERROR: %r" %
@ -382,14 +459,14 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context)
resource_data = self.parse.parse_data(common_const.INTERFACES,
resource_data)
mgmt_ip = resource_data['mgmt_ip']
try:
result_log_forward = self._configure_log_forwarding(
const.request_url, mgmt_ip, self.port)
const.request_url, mgmt_ip, self.port, headers)
except Exception as err:
msg = ("Failed to configure log forwarding for service at %s. "
"Error: %s" % (mgmt_ip, err))
@ -406,7 +483,8 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
LOG.error(msg)
try:
result_static_ips = self._configure_static_ips(resource_data)
result_static_ips = self._configure_static_ips(context,
resource_data)
except Exception as err:
msg = ("Failed to add static IPs. Error: %s" % err)
LOG.error(msg)
@ -429,7 +507,8 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
"service at: %r" % mgmt_ip)
LOG.info(msg)
try:
resp = requests.post(url, data, timeout=self.timeout)
resp = requests.post(url, data, timeout=self.timeout,
headers=headers)
except requests.exceptions.ConnectionError as err:
msg = ("Failed to establish connection to primary service at: "
"%r. ERROR: %r" %
@ -462,7 +541,7 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
time.sleep(10)
return common_const.STATUS_SUCCESS
def _clear_static_ips(self, resource_data):
def _clear_static_ips(self, context, resource_data):
""" Clear static IPs for provider and stitching
interfaces of the service VM.
@ -474,7 +553,7 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context)
static_ips_info = dict(
provider_ip=resource_data.get('provider_ip'),
provider_cidr=resource_data.get('provider_cidr'),
@ -493,7 +572,8 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
"service at: %r" % mgmt_ip)
LOG.info(msg)
try:
resp = requests.delete(url, data=data, timeout=self.timeout)
resp = requests.delete(url, data=data, timeout=self.timeout,
headers=headers)
except requests.exceptions.ConnectionError as err:
msg = ("Failed to establish connection to primary service at: "
"%r. ERROR: %r" %
@ -538,11 +618,11 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context)
resource_data = self.parse.parse_data(common_const.INTERFACES,
resource_data)
try:
result_static_ips = self._clear_static_ips(resource_data)
result_static_ips = self._clear_static_ips(context, resource_data)
except Exception as err:
msg = ("Failed to remove static IPs. Error: %s" % err)
LOG.error(msg)
@ -569,7 +649,8 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
try:
data = jsonutils.dumps(rule_info)
resp = requests.delete(url, data=data, timeout=self.timeout)
resp = requests.delete(url, data=data, timeout=self.timeout,
headers=headers)
except requests.exceptions.ConnectionError as err:
msg = ("Failed to establish connection to service at: %r. "
"ERROR: %r" %
@ -610,6 +691,7 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
Returns: SUCCESS/Failure message with reason.
"""
headers = self._parse_vm_context(context)
forward_routes = resource_data.get('forward_route')
resource_data = self.parse.parse_data(common_const.ROUTES,
resource_data)
@ -633,7 +715,8 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
try:
resp = requests.post(
stitching_url, data=st_data, timeout=self.timeout)
stitching_url, data=st_data, timeout=self.timeout,
headers=headers)
except requests.exceptions.ConnectionError as err:
msg = ("Failed to establish connection to service at: "
"%r. ERROR: %r" % (mgmt_ip,
@ -659,7 +742,8 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
"primary service at: %r" % mgmt_ip)
LOG.info(msg)
try:
resp = requests.post(url, data=data, timeout=self.timeout)
resp = requests.post(url, data=data, timeout=self.timeout,
headers=headers)
except requests.exceptions.ConnectionError as err:
msg = ("Failed to establish connection to service at: "
"%r. ERROR: %r" % (mgmt_ip, str(err).capitalize()))
@ -708,6 +792,7 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
"""
# clear the static stitching gateway route
headers = self._parse_vm_context(context)
resource_data = self.parse.parse_data(common_const.ROUTES,
resource_data)
mgmt_ip = resource_data.get('mgmt_ip')
@ -721,7 +806,8 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
{'gateway_ip': resource_data.get('stitching_gw_ip')})
try:
resp = requests.post(
stitching_url, data=st_data, timeout=self.timeout)
stitching_url, data=st_data, timeout=self.timeout,
headers=headers)
except requests.exceptions.ConnectionError as err:
msg = ("Failed to establish connection to service at: "
"%r. ERROR: %r" % (mgmt_ip,
@ -740,7 +826,8 @@ class VpnGenericConfigDriver(base_driver.BaseDriver):
% mgmt_ip)
LOG.info(msg)
try:
resp = requests.delete(url, data=data, timeout=self.timeout)
resp = requests.delete(url, data=data, timeout=self.timeout,
headers=headers)
except requests.exceptions.ConnectionError as err:
msg = ("Failed to establish connection to primary service at: "
" %r. ERROR: %r" % (mgmt_ip, err))
@ -920,7 +1007,7 @@ class VpnaasIpsecDriver(VpnGenericConfigDriver):
Returns: None
"""
headers = self._parse_vm_context(context['agent_info']['context'])
conn = resource_data.get('resource')
description = conn['description']
svc_context = self.agent.get_vpn_servicecontext(
@ -952,13 +1039,15 @@ class VpnaasIpsecDriver(VpnGenericConfigDriver):
peer_cidrs_from_2 = conn['peer_cidrs'][1:]
conn['peer_cidrs'] = [conn['peer_cidrs'][0]]
svc_context['service']['cidr'] = self._get_stitching_cidr(conn)
RestApi(mgmt_fip).post("create-ipsec-site-conn", svc_context)
RestApi(mgmt_fip).post(
"create-ipsec-site-conn", svc_context, headers)
if peer_cidrs_from_2:
tunnel = {}
tunnel['peer_address'] = conn['peer_address']
tunnel['local_cidr'] = tunnel_local_cidr
tunnel['peer_cidrs'] = peer_cidrs_from_2
RestApi(mgmt_fip).post("create-ipsec-site-tunnel", tunnel)
RestApi(mgmt_fip).post(
"create-ipsec-site-tunnel", tunnel, headers)
self._init_state(context, conn)
def _ipsec_create_tunnel(self, context, mgmt_fip, conn):
@ -971,6 +1060,7 @@ class VpnaasIpsecDriver(VpnGenericConfigDriver):
Returns: None
"""
headers = self._parse_vm_context(context['agent_info']['context'])
tunnel_local_cidr, _ = (
self._get_ipsec_tunnel_local_cidr_from_vpnsvc(conn))
@ -978,7 +1068,8 @@ class VpnaasIpsecDriver(VpnGenericConfigDriver):
tunnel['peer_address'] = conn['peer_address']
tunnel['local_cidr'] = tunnel_local_cidr
tunnel['peer_cidrs'] = conn['peer_cidrs']
RestApi(mgmt_fip).post("create-ipsec-site-tunnel", tunnel)
RestApi(mgmt_fip).post(
"create-ipsec-site-tunnel", tunnel, headers)
self._init_state(context, conn)
def _ipsec_get_tenant_conns(self, context, mgmt_fip, conn,
@ -1081,7 +1172,7 @@ class VpnaasIpsecDriver(VpnGenericConfigDriver):
Returns: None
"""
headers = self._parse_vm_context(context['agent_info']['context'])
conn = resource_data.get('resource')
lcidr = resource_data['provider_cidr']
@ -1091,7 +1182,7 @@ class VpnaasIpsecDriver(VpnGenericConfigDriver):
tunnel['peer_cidrs'] = conn['peer_cidrs']
try:
RestApi(mgmt_fip).delete(
"delete-ipsec-site-tunnel", tunnel)
"delete-ipsec-site-tunnel", tunnel, headers)
self.agent.ipsec_site_conn_deleted(context, conn['id'])
except Exception as err:
msg = ("IPSec: Failed to delete IPSEC tunnel. %s"
@ -1112,17 +1203,17 @@ class VpnaasIpsecDriver(VpnGenericConfigDriver):
"""
try:
headers = self._parse_vm_context(context['agent_info']['context'])
RestApi(mgmt_fip).delete(
"delete-ipsec-site-conn",
{'peer_address': conn['peer_address']})
{'peer_address': conn['peer_address']}, headers)
self.agent.ipsec_site_conn_deleted(context, conn['id'])
except Exception as err:
msg = ("IPSec: Failed to delete IPSEC conn. %s"
% str(err).capitalize())
LOG.error(msg)
def _ipsec_is_state_changed(self, svc_context, conn, fip):
def _ipsec_is_state_changed(self, context, svc_context, conn, fip):
"""
Make GET request to the service VM to get the status of the site conn.
@ -1132,7 +1223,7 @@ class VpnaasIpsecDriver(VpnGenericConfigDriver):
Returns: None
"""
headers = self._parse_vm_context(context['agent_info']['context'])
c_state = None
lcidr, _ = self._get_ipsec_tunnel_local_cidr_from_vpnsvc(conn)
if conn['status'] == vpn_const.STATE_INIT:
@ -1142,7 +1233,7 @@ class VpnaasIpsecDriver(VpnGenericConfigDriver):
'peer_cidr': conn['peer_cidrs'][0]}
output = RestApi(fip).get(
"get-ipsec-site-tunnel-state",
tunnel)
tunnel, headers)
state = output['state']
if state.upper() == 'UP' and (
@ -1287,7 +1378,7 @@ class VpnaasIpsecDriver(VpnGenericConfigDriver):
conn = svc_context['siteconns'][0]['connection']
try:
state, changed = self._ipsec_is_state_changed(
state, changed = self._ipsec_is_state_changed(context,
svc_context, conn, fip)
except Exception as err:
msg = ("Failed to check if IPSEC state is changed. %s"

3
gbpservice/contrib/nfp/tools/setup_nfp.py
View File

@ -98,6 +98,9 @@ def set_keystone_authtoken_section():
def configure_nfp():
commands.getoutput("cat /usr/lib/python2.7/site-packages/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini")
commands.getoutput("mkdir -p /etc/nfp/vyos/")
commands.getoutput("cp -r /usr/lib/python2.7/site-packages/gbpservice/contrib/nfp/bin/vyos.day0 /etc/nfp/vyos/")
commands.getoutput("sed -i 's/\"password\": \"\"/\"password\": \"vyos\"/' /etc/nfp/vyos/vyos.day0")
set_keystone_authtoken_section()
check_if_apic_sys()
curr_service_plugins = commands.getoutput("crudini --get /etc/neutron/neutron.conf DEFAULT service_plugins")

17
gbpservice/contrib/tests/unit/nfp/configurator/drivers/firewall/test_vyos_fw_driver.py
View File

@ -60,7 +60,8 @@ class FwGenericConfigDriverTestCase(base.BaseTestCase):
data = jsonutils.dumps(self.fo.static_ip_data())
mock_post.assert_called_with(
self.fo.get_url_for_api('add_static_ip'),
data=data, timeout=self.fo.timeout)
data=data, headers=self.fo.fake_header,
timeout=self.fo.timeout)
def test_configure_interfaces(self):
""" Implements test case for configure interfaces method
@ -85,6 +86,7 @@ class FwGenericConfigDriverTestCase(base.BaseTestCase):
data = jsonutils.dumps(self.fo.data_for_interface)
mock_post.assert_called_with(self.fo.get_url_for_api('add_inte'),
data=data,
headers=self.fo.fake_header,
timeout=self.fo.timeout)
def test_clear_interfaces(self):
@ -105,7 +107,7 @@ class FwGenericConfigDriverTestCase(base.BaseTestCase):
data = jsonutils.dumps(self.fo.data_for_interface)
mock_delete.assert_called_with(
self.fo.get_url_for_api('del_inte'),
data=data,
data=data, headers=self.fo.fake_header,
timeout=self.fo.timeout)
def test_configure_source_routes(self):
@ -129,7 +131,8 @@ class FwGenericConfigDriverTestCase(base.BaseTestCase):
data = jsonutils.dumps(data)
mock_post.assert_called_with(
self.fo.get_url_for_api('add_src_route'),
data=data, timeout=self.fo.timeout)
data=data, headers=self.fo.fake_header,
timeout=self.fo.timeout)
def test_delete_source_routes(self):
""" Implements test case for clear routes method
@ -152,7 +155,8 @@ class FwGenericConfigDriverTestCase(base.BaseTestCase):
data = jsonutils.dumps(data)
mock_delete.assert_called_with(
self.fo.get_url_for_api('del_src_route'),
data=data, timeout=self.fo.timeout)
data=data, headers=self.fo.fake_header,
timeout=self.fo.timeout)
class FwaasDriverTestCase(base.BaseTestCase):
@ -192,6 +196,7 @@ class FwaasDriverTestCase(base.BaseTestCase):
self.fo.firewall, self.fo.host)
mock_post.assert_called_with(self.fo.get_url_for_api('config_fw'),
data=self.firewall,
headers=self.fo.fake_header,
timeout=self.fo.timeout)
def test_update_firewall_fwaasdriver(self):
@ -210,6 +215,7 @@ class FwaasDriverTestCase(base.BaseTestCase):
self.fo.firewall, self.fo.host)
mock_put.assert_called_with(self.fo.get_url_for_api('update_fw'),
data=self.firewall,
headers=self.fo.fake_header,
timeout=self.fo.timeout)
def test_delete_firewall_fwaasdriver(self):
@ -228,4 +234,5 @@ class FwaasDriverTestCase(base.BaseTestCase):
self.fo.firewall, self.fo.host)
mock_delete.assert_called_with(
self.fo.get_url_for_api('delete_fw'),
data=self.firewall, timeout=self.fo.timeout)
data=self.firewall, headers=self.fo.fake_header,
timeout=self.fo.timeout)

28
gbpservice/contrib/tests/unit/nfp/configurator/test_data/fw_test_data.py
View File

@ -18,15 +18,17 @@ class FakeObjects(object):
sc = 'sc'
empty_dict = {}
context = 'APIcontext'
neutron_context = {
'agent_info': {
'service_type': 'firewall',
'notification_data': {},
'service_vendor': 'vyos',
'resource': 'firewall',
'context': 'APIcontext'},
'neutron context for *aaS': {}}
context = {'service_vm_context': {'vyos': {
'username': 'name',
'password': 'password'}}}
neutron_context = {'agent_info': {'service_type': 'firewall',
'notification_data': {},
'service_vendor': 'vyos',
'resource': 'firewall',
'context': 'APIcontext'
},
'neutron context for *aaS': {}
}
firewall = {'id': 'firewall'}
host = 'host'
conf = 'conf'
@ -35,6 +37,9 @@ class FakeObjects(object):
drivers = 'drivers'
data_for_interface = dict(provider_mac="fa:16:3e:d9:4c:33",
stitching_mac="fa:16:3e:da:ca:4d")
fake_header = {'username': 'name',
'password': 'password',
'Content-Type': 'application/json'}
data_for_add_src_route = [{'source_cidr': "11.0.1.0/24",
'gateway_ip': "192.168.0.1"},
{'source_cidr': "192.168.0.0/28",
@ -76,7 +81,10 @@ class FakeObjects(object):
'resource': 'firewall',
'service_vendor': 'vyos',
'context': {'requester': 'device_orch',
'logging_context': {}},
'logging_context': {},
'service_vm_context': {'vyos':
{'username': 'name',
'password': 'password'}}},
'resource_type': 'firewall'},
'notification_data': {}, 'service_info': {},
"resource_data": {

22
gbpservice/nfp/common/utils.py
View File

@ -61,12 +61,8 @@ def is_vpn_in_service_chain(sc_specs):
return False
def get_config_file(dir_name, service_vendor):
file_name = ''
for _file in os.listdir(dir_name):
if _file.startswith(service_vendor):
file_name = _file
break
def get_config_file(service_vendor):
file_name = service_vendor + '.day0'
return file_name
@ -76,16 +72,16 @@ def get_service_vm_context(service_vendor, tenant_name=None):
:param tenant_name
- Day0 file name must start with service vendor name followed by
string '_day0'
e.g Vyos day0 file name can be vyos_day0.json or vyos_day0
string '.day0'
e.g Vyos day0 file name must be vyos.day0
- File format can be of any type like text file, json file etc
- service vendor specific default day0 config file
/etc/nfp/<service_vendor>/<day0_file>
e.g /etc/nfp/vyos/vyos_day0.json
e.g /etc/nfp/vyos/vyos.day0
- tenant specific vendor day0 config file
/etc/nfp/<service_vendor>/<tenant_name>/<day0_file>
e.g /etc/nfp/vyos/services/vyos_day0.json
e.g /etc/nfp/vyos/services/vyos.day0
Returns - day0 config file
"""
@ -96,14 +92,12 @@ def get_service_vm_context(service_vendor, tenant_name=None):
if tenant_name:
tenant_day0_dir = vendor_day0_dir + tenant_name + '/'
if os.path.isdir(tenant_day0_dir):
file_name = get_config_file(tenant_day0_dir,
service_vendor)
file_name = get_config_file(service_vendor)
if file_name:
day0_config_file = tenant_day0_dir + file_name
else:
if os.path.isdir(vendor_day0_dir):
file_name = get_config_file(vendor_day0_dir,
service_vendor)
file_name = get_config_file(service_vendor)
day0_config_file = vendor_day0_dir + file_name
else:
day0_config_file = '/fake_file_path'