本文整理汇总了Python中dm_utils.DMUtils.firewall_comment方法的典型用法代码示例。如果您正苦于以下问题:Python DMUtils.firewall_comment方法的具体用法?Python DMUtils.firewall_comment怎么用?Python DMUtils.firewall_comment使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类dm_utils.DMUtils的用法示例。
在下文中一共展示了DMUtils.firewall_comment方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: build_firewall_filters
# 需要导入模块: from dm_utils import DMUtils [as 别名]
# 或者: from dm_utils.DMUtils import firewall_comment [as 别名]
def build_firewall_filters(self, sg, acl, is_egress=False):
acl_rule_present = False
if not sg or not acl or not acl.vnc_obj:
return
acl = acl.vnc_obj
entries = acl.get_access_control_list_entries()
if not entries:
return
rules = entries.get_acl_rule() or []
if not rules:
return
self.firewall_config = self.firewall_config or\
Firewall(DMUtils.firewall_comment())
for rule in rules:
if not self.has_terms(rule):
continue
match = rule.get_match_condition()
if not match:
continue
acl_rule_present = True
break
if acl_rule_present:
filter_name = DMUtils.make_sg_firewall_name(sg.name, acl.uuid)
f = FirewallFilter(name=filter_name)
f.set_comment(DMUtils.make_sg_firewall_comment(sg.name, acl.uuid))
# allow arp ether type always
self.add_ether_type_term(f, 'arp')
# allow dhcp/dns always
self.add_dns_dhcp_terms(f)
for rule in rules:
if not self.has_terms(rule):
continue
match = rule.get_match_condition()
if not match:
continue
rule_uuid = rule.get_rule_uuid()
dst_addr_match = match.get_dst_address()
dst_port_match = match.get_dst_port()
ether_type_match = match.get_ethertype()
protocol_match = match.get_protocol()
src_addr_match = match.get_src_address()
src_port_match = match.get_src_port()
term = self.add_filter_term(f, rule_uuid)
self.add_addr_term(term, dst_addr_match, False)
self.add_addr_term(term, src_addr_match, True)
self.add_port_term(term, dst_port_match, False)
# source port match is not needed for now (BMS source port)
#self.add_port_term(term, src_port_match, True)
self.add_protocol_term(term, protocol_match)
self.firewall_config.add_firewall_filters(f)示例2: add_routing_instance
# 需要导入模块: from dm_utils import DMUtils [as 别名]
# 或者: from dm_utils.DMUtils import firewall_comment [as 别名]
#.........这里部分代码省略.........
ps.add_term(Term(name="t1", then=then))
for route_target in export_targets:
comm = Community(add='',
community_name=DMUtils.make_community_name(route_target))
then.add_community(comm)
if fip_map is not None:
# for nat instance
then.set_reject('')
else:
then.set_accept('')
policy_config.add_policy_statement(ps)
# add policies for import route targets
ps = PolicyStatement(name=DMUtils.make_import_name(ri_name))
if vn:
ps.set_comment(DMUtils.vn_ps_comment(vn, "Import"))
elif si:
ps.set_comment(DMUtils.si_ps_comment(si, "Import"))
from_ = From()
term = Term(name="t1", fromxx=from_)
ps.add_term(term)
for route_target in import_targets:
from_.add_community(DMUtils.make_community_name(route_target))
term.set_then(Then(accept=''))
ps.set_then(Then(reject=''))
policy_config.add_policy_statement(ps)
# add firewall config for public VRF
forwarding_options_config = self.forwarding_options_config
firewall_config = self.firewall_config
if router_external and is_l2 == False:
forwarding_options_config = (self.forwarding_options_config or
ForwardingOptions(DMUtils.forwarding_options_comment()))
firewall_config = self.firewall_config or Firewall(DMUtils.firewall_comment())
if has_ipv4_prefixes and not self.inet4_forwarding_filter:
#create single instance inet4 filter
self.inet4_forwarding_filter = self.add_inet_public_vrf_filter(
forwarding_options_config,
firewall_config, "inet")
if has_ipv6_prefixes and not self.inet6_forwarding_filter:
#create single instance inet6 filter
self.inet6_forwarding_filter = self.add_inet_public_vrf_filter(
forwarding_options_config,
firewall_config, "inet6")
if has_ipv4_prefixes:
#add terms to inet4 filter
term = self.add_inet_filter_term(ri_name, prefixes, "inet4")
# insert before the last term
terms = self.inet4_forwarding_filter.get_term()
terms = [term] + (terms or [])
self.inet4_forwarding_filter.set_term(terms)
if has_ipv6_prefixes:
#add terms to inet6 filter
term = self.add_inet_filter_term(ri_name, prefixes, "inet6")
# insert before the last term
terms = self.inet6_forwarding_filter.get_term()
terms = [term] + (terms or [])
self.inet6_forwarding_filter.set_term(terms)
if fip_map is not None:
firewall_config = firewall_config or Firewall(DMUtils.firewall_comment())
f = FirewallFilter(name=DMUtils.make_private_vrf_filter_name(ri_name))
f.set_comment(DMUtils.vn_firewall_comment(vn, "private"))
ff = firewall_config.get_family()
if not ff:
ff = FirewallFamily()示例3: add_routing_instance
# 需要导入模块: from dm_utils import DMUtils [as 别名]
# 或者: from dm_utils.DMUtils import firewall_comment [as 别名]
def add_routing_instance(self, ri_conf):
ri_name = ri_conf.get("ri_name")
vn = ri_conf.get("vn")
is_l2 = ri_conf.get("is_l2", False)
is_l2_l3 = ri_conf.get("is_l2_l3", False)
import_targets = ri_conf.get("import_targets", set())
export_targets = ri_conf.get("export_targets", set())
prefixes = ri_conf.get("prefixes", [])
gateways = ri_conf.get("gateways", [])
router_external = ri_conf.get("router_external", False)
is_dci = ri_conf.get("is_dci_network", False)
connected_dci_network = ri_conf.get("connected_dci_network")
interfaces = ri_conf.get("interfaces", [])
vni = ri_conf.get("vni", None)
fip_map = ri_conf.get("fip_map", None)
network_id = ri_conf.get("network_id", None)
is_internal_vn = True if '_contrail_lr_internal_vn_' in vn.name else False
is_dci_vn = True if '_contrail_dci_internal_vn_' in vn.name else False
encapsulation_priorities = \
ri_conf.get("encapsulation_priorities") or ["MPLSoGRE"]
ri = RoutingInstance(name=ri_name)
if vn:
is_nat = True if fip_map else False
ri.set_comment(DMUtils.vn_ri_comment(vn, is_l2, is_l2_l3, is_nat,
router_external))
self.ri_map[ri_name] = ri
ri.set_virtual_network_id(str(network_id))
ri.set_vxlan_id(str(vni))
ri.set_virtual_network_is_internal(is_internal_vn or is_dci_vn)
ri.set_is_public_network(router_external)
if is_l2_l3:
ri.set_virtual_network_mode('l2-l3')
elif is_l2:
ri.set_virtual_network_mode('l2')
else:
ri.set_virtual_network_mode('l3')
has_ipv6_prefixes = DMUtils.has_ipv6_prefixes(prefixes)
has_ipv4_prefixes = DMUtils.has_ipv4_prefixes(prefixes)
if not is_l2:
ri.set_routing_instance_type("vrf")
if fip_map is None:
for interface in interfaces:
self.add_ref_to_list(ri.get_interfaces(), interface.name)
if prefixes:
for prefix in prefixes:
ri.add_static_routes(self.get_route_for_cidr(prefix))
ri.add_prefixes(self.get_subnet_for_cidr(prefix))
else:
if encapsulation_priorities[0] == "VXLAN":
ri.set_routing_instance_type("virtual-switch")
elif (any(x in encapsulation_priorities for x in ["MPLSoGRE", "MPLSoUDP"])):
ri.set_routing_instance_type("evpn")
if is_internal_vn:
self.internal_vn_ris.append(ri)
if is_dci_vn:
self.dci_vn_ris.append(ri)
if is_internal_vn or router_external or is_dci_vn:
self.add_bogus_lo0(ri, network_id, vn)
if self.is_gateway() and is_l2_l3:
self.add_irb_config(ri_conf)
self.attach_irb(ri_conf, ri)
if fip_map is not None:
self.add_ref_to_list(ri.get_interfaces(), interfaces[0].name)
public_vrf_ips = {}
for pip in fip_map.values():
if pip["vrf_name"] not in public_vrf_ips:
public_vrf_ips[pip["vrf_name"]] = set()
public_vrf_ips[pip["vrf_name"]].add(pip["floating_ip"])
for public_vrf, fips in public_vrf_ips.items():
ri_public = RoutingInstance(name=public_vrf)
self.ri_map[public_vrf] = ri_public
self.add_ref_to_list(ri_public.get_interfaces(), interfaces[1].name)
floating_ips = []
for fip in fips:
ri_public.add_static_routes(
Route(prefix=fip,
prefix_len=32,
next_hop=interfaces[1].name,
comment=DMUtils.fip_egress_comment()))
floating_ips.append(FloatingIpMap(floating_ip=fip + "/32"))
ri_public.add_floating_ip_list(FloatingIpList(
public_routing_instance=public_vrf,
floating_ips=floating_ips))
# add firewall config for public VRF
if router_external and is_l2 is False:
self.firewall_config = self.firewall_config or Firewall(
comment=DMUtils.firewall_comment())
if has_ipv4_prefixes and not self.inet4_forwarding_filter:
# create single instance inet4 filter
#.........这里部分代码省略.........