module NSXDriver::NSXRule
Class Logical Switch
Public Instance Methods
extract_rule_data(xml_rule)
click to toggle source
# File lib/nsx_rule.rb, line 144 def extract_rule_data(xml_rule) sg_id = xml_rule.xpath('SECURITY_GROUP_ID').text sg_name = xml_rule.xpath('SECURITY_GROUP_NAME').text in_out = xml_rule.xpath('RULE_TYPE').text.upcase in_out == 'INBOUND' ? sg_direction = 'IN' : sg_direction = 'OUT' # Protocol: TCP, UDP, ICMP... sg_protocol = xml_rule.xpath('PROTOCOL').text if sg_protocol == 'ICMP' sg_icmp_type = xml_rule.xpath('ICMP_TYPE').text end # OpenNebula network ID sg_network_id = xml_rule.xpath('NETWORK_ID').text vnet_data = extract_vnet_data(sg_network_id) # ip / netmask sg_ip = xml_rule.xpath('IP').text sg_ipsize = xml_rule.xpath('SIZE').text sg_subnets = [] if sg_ip != '' && sg_ipsize != '' sg_subnets = to_nets(sg_ip, sg_ipsize.to_i) end # Ports sg_ports = '' sg_range_port = xml_rule.xpath('RANGE').text if sg_range_port if sg_range_port.index(':') sg_port_from = sg_range_port[0..sg_range_port.index(':')-1] sg_port_to = sg_range_port[sg_range_port.index(':')+1, sg_range_port.length] sg_ports = "#{sg_port_from}-#{sg_port_to}" else sg_ports = sg_range_port end end # Create hash with data { :id => sg_id, :name => sg_name, :direction => sg_direction, :protocol => sg_protocol, :icmp_type => sg_icmp_type, :network_id => sg_network_id, :network_name => vnet_data[:name], :network_nsxid => vnet_data[:nsxid], :subnets => sg_subnets, :ports => sg_ports.split(',') } end
extract_vnet_data(vnet_id)
click to toggle source
# File lib/nsx_rule.rb, line 119 def extract_vnet_data(vnet_id) if vnet_id == '' return { :nsxid => '', :name => '' } end # Create client to communicate with OpenNebula one_client = OpenNebula::Client.new # Get the network XML from OpenNebula # This is potentially different from the Netowrk Template # provided as the API call argument one_vnet = OpenNebula::VirtualNetwork.new_with_id(vnet_id, one_client) rc = one_vnet.info if OpenNebula.is_error?(rc) err_msg = rc.message raise CreateNetworkError, err_msg end { :nsxid => one_vnet['TEMPLATE/NSX_ID'], :name => one_vnet['NAME'] } end
parse_ports(rule_ports)
click to toggle source
Adapt port from [“22, 443”] to '22, 443' Adapt port from [“22”, “443”] to '22, 443'
# File lib/nsx_rule.rb, line 112 def parse_ports(rule_ports) unless rule_ports.empty? rule_ports = rule_ports.join(',') end rule_ports end
rule_spec(rule, vm_data, nic_data, nsx_client)
click to toggle source
# File lib/nsx_rule.rb, line 193 def rule_spec(rule, vm_data, nic_data, nsx_client) case nsx_client.nsx_type when NSXDriver::NSXConstants::NSXT nsxt_rule_spec(rule, vm_data, nic_data) when NSXDriver::NSXConstants::NSXV nsxv_rule_spec(rule, vm_data, nic_data) else raise "Unsupported NSX type: #{nsx_type}" end end
to_nets(ip_start, size)
click to toggle source
# File lib/nsx_rule.rb, line 69 def to_nets(ip_start, size) nets = [] ipaddr = IPAddr.new ip_start ip_i = ipaddr.to_i if ipaddr.ipv4? ip_length = 32 elsif ipaddr.ipv6? ip_length = 128 else return end # Find the largest address block (look for the first 1-bit) lblock = 0 lblock += 1 while ip_i[lblock] == 0 && lblock < ip_length # Allocate whole blocks till the size fits while size >= 2**lblock nets << "#{IPAddr.new(ip_i, ipaddr.family)}" \ "/#{ip_length-lblock}" ip_i += 2**lblock size -= 2**lblock lblock += 1 while ip_i[lblock] == 0 && lblock < ip_length end # Fit remaining address blocks ip_length.downto(0) do |i| next if size[i] == 0 nets << "#{IPAddr.new(ip_i, ipaddr.family)}/#{ip_length-i}" ip_i += 2**i end nets end