x/vmtp
Code Issues Proposed changes

Revert security group management to support legacy deployment

Browse Source 
1. Revert to use NOVA API to manage security group;
2. Fix the security group not found issue for lagacy deployment;
3. Remove unneeded chmod before scp binaries into target VM;

Change-Id: I8879dcf2dde07142713e60ec5aee1032a78d340c
This commit is contained in:
Yichen Wang 2016-03-16 14:03:12 -07:00
parent e9216b2dbc
commit fac83b68e8
3 changed files with 61 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
vmtp/compute.py
View File

@ -20,12 +20,12 @@ import time
import glanceclient.exc as glance_exception import glanceclient.exc as glance_exception
import novaclient import novaclient
import novaclient.exceptions as exceptions
class Compute(object): class Compute(object):
def __init__(self, nova_client, neutron_client, config): def __init__(self, nova_client, config):
self.novaclient = nova_client self.novaclient = nova_client
self.neutronclient = neutron_client
self.config = config self.config = config
def find_image(self, image_name): def find_image(self, image_name):
@ -153,7 +153,7 @@ class Compute(object):
retry_count=10): retry_count=10):
if sec_group: if sec_group:
security_groups = [sec_group['id']] security_groups = [sec_group.name]
else: else:
security_groups = None security_groups = None
# Also attach the created security group for the test # Also attach the created security group for the test
@ -250,7 +250,7 @@ class Compute(object):
''' '''
if host_list: if host_list:
for hyp in host_list: for hyp in host_list:
if hyp.host_name == host: if hyp.host == host:
return self.normalize_az_host(hyp.zone, host) return self.normalize_az_host(hyp.zone, host)
# no match on host # no match on host
print('Error: passed host name does not exist: ' + host) print('Error: passed host name does not exist: ' + host)
@ -384,60 +384,72 @@ class Compute(object):
# Create a new security group with appropriate rules # Create a new security group with appropriate rules
def security_group_create(self): def security_group_create(self):
# check first the security group exists # check first the security group exists
sec_groups = self.neutronclient.list_security_groups()['security_groups'] # May throw exceptions.NoUniqueMatch or NotFound
group = [x for x in sec_groups if x['name'] == self.config.security_group_name] try:
if len(group) > 0: group = self.novaclient.security_groups.find(name=self.config.security_group_name)
return group[0] return group
except exceptions.NotFound:
body = { group = self.novaclient.security_groups.create(name=self.config.security_group_name,
'security_group': { description="PNS Security group")
'name': self.config.security_group_name, # Once security group try to find it iteratively
'description': 'PNS Security Group' # (this check may no longer be necessary)
} for _ in range(self.config.generic_retry_count):
} group = self.novaclient.security_groups.get(group)
group = self.neutronclient.create_security_group(body)['security_group'] if group:
self.security_group_add_rules(group) self.security_group_add_rules(group)
return group return group
else:
time.sleep(1)
return None
# except exceptions.NoUniqueMatch as exc:
# raise exc
# Delete a security group # Delete a security group
def security_group_delete(self, group): def security_group_delete(self, group):
if group: if group:
print "Deleting security group" print "Deleting security group"
self.neutronclient.delete_security_group(group['id']) self.novaclient.security_groups.delete(group)
# Add rules to the security group # Add rules to the security group
def security_group_add_rules(self, group): def security_group_add_rules(self, group):
body = {
'security_group_rule': {
'direction': 'ingress', 'security_group_id': group['id'], 'remote_group_id': None
}
}
if self.config.ipv6_mode:
body['security_group_rule']['ethertype'] = 'IPv6'
body['security_group_rule']['remote_ip_prefix'] = '::/0'
else:
body['security_group_rule']['ethertype'] = 'IPv4'
body['security_group_rule']['remote_ip_prefix'] = '0.0.0.0/0'
# Allow ping traffic # Allow ping traffic
body['security_group_rule']['protocol'] = 'icmp' self.novaclient.security_group_rules.create(group.id,
body['security_group_rule']['port_range_min'] = None ip_protocol="icmp",
body['security_group_rule']['port_range_max'] = None from_port=-1,
self.neutronclient.create_security_group_rule(body) to_port=-1)
if self.config.ipv6_mode:
self.novaclient.security_group_rules.create(group.id,
ip_protocol="icmp",
from_port=-1,
to_port=-1,
cidr="::/0")
# Allow SSH traffic # Allow SSH traffic
body['security_group_rule']['protocol'] = 'tcp' self.novaclient.security_group_rules.create(group.id,
body['security_group_rule']['port_range_min'] = 22 ip_protocol="tcp",
body['security_group_rule']['port_range_max'] = 22 from_port=22,
self.neutronclient.create_security_group_rule(body) to_port=22)
# Allow TCP/UDP traffic for perf tools like iperf/nuttcp # Allow TCP/UDP traffic for perf tools like iperf/nuttcp
# 5001: Data traffic (standard iperf data port) # 5001: Data traffic (standard iperf data port)
# 5002: Control traffic (non standard) # 5002: Control traffic (non standard)
# note that 5000/tcp is already picked by openstack keystone # note that 5000/tcp is already picked by openstack keystone
body['security_group_rule']['protocol'] = 'tcp' if not self.config.ipv6_mode:
body['security_group_rule']['port_range_min'] = 5001 self.novaclient.security_group_rules.create(group.id,
body['security_group_rule']['port_range_max'] = 5002 ip_protocol="tcp",
self.neutronclient.create_security_group_rule(body) from_port=5001,
body['security_group_rule']['protocol'] = 'udp' to_port=5002)
self.neutronclient.create_security_group_rule(body) self.novaclient.security_group_rules.create(group.id,
ip_protocol="udp",
from_port=5001,
to_port=5001)
else:
# IPV6 rules addition
self.novaclient.security_group_rules.create(group.id,
ip_protocol="tcp",
from_port=5001,
to_port=5002,
cidr="::/0")
self.novaclient.security_group_rules.create(group.id,
ip_protocol="udp",
from_port=5001,
to_port=5001,
cidr="::/0")

6
vmtp/instance.py
View File

@ -13,9 +13,7 @@
# under the License. # under the License.
# #
import os
import re import re
import stat
import monitor import monitor
from netaddr import IPAddress from netaddr import IPAddress
@ -92,7 +90,7 @@ class Instance(object):
if self.config.vnic_type: if self.config.vnic_type:
# create the VM by passing a port ID instead of a net ID # create the VM by passing a port ID instead of a net ID
self.port = self.net.create_port(int_net['id'], self.port = self.net.create_port(int_net['id'],
[sec_group['id']], [sec_group.id],
self.config.vnic_type) self.config.vnic_type)
nics = [{'port-id': self.port['id']}] nics = [{'port-id': self.port['id']}]
# no need to create server with a security group since # no need to create server with a security group since
@ -242,8 +240,6 @@ class Instance(object):
self.buginf('tool %s already present - skipping install', self.buginf('tool %s already present - skipping install',
tool_name) tool_name)
return True return True
# first chmod the local copy since git does not keep the permission
os.chmod(source, stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO)
# scp over the tool binary # scp over the tool binary
self.buginf('Copying %s to target...', tool_name) self.buginf('Copying %s to target...', tool_name)

2
vmtp/vmtp.py
View File

@ -201,7 +201,7 @@ class VmtpTest(object):
nova_client = Client(**creds_nova) nova_client = Client(**creds_nova)
neutron = neutronclient.Client(**creds) neutron = neutronclient.Client(**creds)
self.comp = compute.Compute(nova_client, neutron, self.config) self.comp = compute.Compute(nova_client, self.config)
# Add the appropriate public key to openstack # Add the appropriate public key to openstack
self.comp.init_key_pair(self.config.public_key_name, self.instance_access) self.comp.init_key_pair(self.config.public_key_name, self.instance_access)