func (m *InstanceManager) LocateInterface( network *types.VirtualNetwork, instance *types.VirtualMachine) *types.VirtualMachineInterface { tenant := network.GetFQName()[len(network.GetFQName())-2] fqn := interfaceFQName(m.config.DefaultDomain, tenant, instance.GetName()) obj, err := m.client.FindByName( "virtual-machine-interface", strings.Join(fqn, ":")) if err == nil { nic := obj.(*types.VirtualMachineInterface) // TODO(prm): ensure network is as expected, else update. return nic } nic := new(types.VirtualMachineInterface) nic.SetFQName("project", fqn) nic.AddVirtualMachine(instance) if network != nil { nic.AddVirtualNetwork(network) } err = m.client.Create(nic) if err != nil { glog.Errorf("Create interface %s: %v", instance.GetName(), err) return nil } obj, err = m.client.FindByUuid(nic.GetType(), nic.GetUuid()) if err != nil { glog.Errorf("Get vmi %s: %v", nic.GetUuid(), err) return nil } return obj.(*types.VirtualMachineInterface) }
func (m *ServiceManagerImpl) locatePolicyRule(policy *types.NetworkPolicy, lhs, rhs *types.VirtualNetwork) error { lhsName := strings.Join(lhs.GetFQName(), ":") rhsName := strings.Join(rhs.GetFQName(), ":") entries := policy.GetNetworkPolicyEntries() for _, rule := range entries.PolicyRule { if rule.SrcAddresses[0].VirtualNetwork == lhsName && rule.DstAddresses[0].VirtualNetwork == rhsName { return nil } } rule := new(types.PolicyRuleType) rule.Protocol = "any" rule.Direction = "<>" rule.SrcAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: lhsName, }} rule.DstAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: rhsName, }} rule.SrcPorts = []types.PortType{types.PortType{-1, -1}} rule.DstPorts = []types.PortType{types.PortType{-1, -1}} rule.ActionList = &types.ActionListType{ SimpleAction: "pass", } entries.AddPolicyRule(rule) policy.SetNetworkPolicyEntries(&entries) err := m.client.Update(policy) if err != nil { glog.Errorf("policy-rule: %v", err) return err } return nil }
func (c *consistencyChecker) globalNetworkCheckPolicyAttachment(network *types.VirtualNetwork) bool { policyName := makeGlobalNetworkPolicyName(c.config, network.GetFQName()) policy, err := types.NetworkPolicyByName(c.client, strings.Join(policyName, ":")) if err != nil { glog.V(3).Infof("No network policy for %s", network.GetName()) return true } policyRefs, err := network.GetNetworkPolicyRefs() if err != nil { glog.Error(err) return true } for _, ref := range policyRefs { if ref.Uuid == policy.GetUuid() { glog.V(5).Infof("Network %s attached to %s", network.GetName(), policy.GetUuid()) return true } } err = policyAttach(c.client, network, policy) if err != nil { glog.Error(err) } else { glog.Infof("attached global network %s to policy", strings.Join(network.GetFQName(), ":")) } return false }
func (c *Controller) globalNetworkConnectionUpdate(network *types.VirtualNetwork) { if !networkAccessGlobalNetworks(c.config, network.GetFQName()) { return } // connect to each of the global-networks for _, gbl := range c.config.GlobalNetworks { err := c.networkMgr.Connect(network, gbl) if err != nil { glog.Error(err) continue } glog.V(2).Infof("Connected %s to %s", strings.Join(network.GetFQName(), ":"), gbl) } }
func (c *consistencyChecker) networkEvalPolicyRefs(network *types.VirtualNetwork, services ServiceIdList, lastIterationMap networkConnectionMap) (bool, error) { policyRefs, err := network.GetNetworkPolicyRefs() if err != nil { return false, err } consistent := true serviceDeleteList := make([]string, 0) gblNetworkDeleteList := make(map[string]string, 0) networkCSN := strings.Join(network.GetFQName(), ":") for _, ref := range policyRefs { if len(ref.To) < 3 { glog.Errorf("unexpected policy id %+v", ref.To) continue } if serviceName, err := serviceNameFromPolicyName(ref.To[len(ref.To)-1]); err == nil { namespace := ref.To[1] if !services.Contains(namespace, serviceName) { consistent = false if lastIterationMap == nil || c.connectionShouldDelete(network, lastIterationMap, ref.To) { serviceDeleteList = append(serviceDeleteList, ref.Uuid) } } } else if targetName, err := globalNetworkFromPolicyName(c.config, ref.To); err == nil { if targetName == networkCSN { continue } if !networkAccessGlobalNetworks(c.config, network.GetFQName()) || !isGlobalNetworkName(c.config, targetName) { consistent = false if lastIterationMap == nil || c.connectionShouldDelete(network, lastIterationMap, ref.To) { glog.Infof("Delete connection %s %s", networkCSN, targetName) gblNetworkDeleteList[ref.Uuid] = targetName } else { glog.Infof("Network connection %s %s not used by global network configuration", networkCSN, targetName) } } } } if len(gblNetworkDeleteList) > 0 { c.networkMgr.DeleteConnections(network, gblNetworkDeleteList) } if len(serviceDeleteList) > 0 { c.serviceMgr.DeleteConnections(network, serviceDeleteList) } return consistent, nil }
func (m *NetworkManagerImpl) LocateFloatingIp(network *types.VirtualNetwork, resourceName, targetAddress string) (*types.FloatingIp, error) { obj, err := m.client.FindByName("floating-ip-pool", makePoolName(network)) if err != nil { glog.Errorf("Get floating-ip-pool %s: %v", network.GetName(), err) return nil, err } pool := obj.(*types.FloatingIpPool) fqn := AppendConst(pool.GetFQName(), resourceName) obj, err = m.client.FindByName("floating-ip", strings.Join(fqn, ":")) if err == nil { fip := obj.(*types.FloatingIp) if targetAddress != "" && fip.GetFloatingIpAddress() != targetAddress { fip.SetFloatingIpAddress(targetAddress) err = m.client.Update(fip) if err != nil { glog.Errorf("Update floating-ip %s: %v", resourceName, err) return nil, err } } return fip, nil } projectFQN := network.GetFQName()[0 : len(network.GetFQName())-1] obj, err = m.client.FindByName("project", strings.Join(projectFQN, ":")) if err != nil { glog.Errorf("Get project %s: %v", projectFQN[len(projectFQN)-1], err) return nil, err } project := obj.(*types.Project) fip := new(types.FloatingIp) fip.SetParent(pool) fip.SetName(resourceName) if targetAddress != "" { fip.SetFloatingIpAddress(targetAddress) } fip.AddProject(project) err = m.client.Create(fip) if err != nil { glog.Errorf("Create floating-ip %s: %v", resourceName, err) return nil, err } if targetAddress == "" { fip, err = types.FloatingIpByUuid(m.client, fip.GetUuid()) } return fip, err }
// connectionShouldDelete returns true when a connection should be deleted. // When a connection is first considered to be stale it is added to a GC list; if it is considered to be stale // in two consistency runs, it is deleted. func (c *consistencyChecker) connectionShouldDelete(network *types.VirtualNetwork, lastIterationMap networkConnectionMap, policyName []string) bool { networkName := strings.Join(network.GetFQName(), ":") policyCSN := strings.Join(policyName, ":") if entry, ok := lastIterationMap[networkName]; ok { if _, exists := entry[policyCSN]; exists { glog.Infof("%s network connection %s delete", networkName, policyCSN) return true } } gcPolicies, exists := c.staleConnectionMap[networkName] if !exists { gcPolicies = make(policySet, 0) c.staleConnectionMap[networkName] = gcPolicies } glog.Infof("%s network connection %s not used by pod specifications", networkName, policyCSN) gcPolicies[policyCSN] = true return false }
// Connect creates a network-policy and corresponding policy rule (when they do not exist) in order to // connect the source network with the target. The target network may or not exist yet. func (m *NetworkManagerImpl) Connect(network *types.VirtualNetwork, targetCSN string) error { targetName := strings.Split(targetCSN, ":") policy, err := m.locatePolicy(targetName) if err != nil { return err } policyAttach(m.client, network, policy) target, err := types.VirtualNetworkByName(m.client, targetCSN) if err == nil { err = policyAttach(m.client, target, policy) if err != nil { glog.Error(err) } } err = policyLocateRuleByFQN(m.client, policy, network.GetFQName(), targetName) if err != nil { return err } return nil }
func policyLocateRule(client contrail.ApiClient, policy *types.NetworkPolicy, lhs, rhs *types.VirtualNetwork) error { return policyLocateRuleByFQN(client, policy, lhs.GetFQName(), rhs.GetFQName()) }
func makePoolName(network *types.VirtualNetwork) string { fqn := make([]string, len(network.GetFQName()), len(network.GetFQName())+1) copy(fqn, network.GetFQName()) fqn = append(fqn, fqn[len(fqn)-1]) return strings.Join(fqn, ":") }