Revert security group management to support legacy deployment
1. Revert to use NOVA API to manage security group; 2. Fix the security group not found issue for lagacy deployment; 3. Remove unneeded chmod before scp binaries into target VM; Change-Id: I8879dcf2dde07142713e60ec5aee1032a78d340c
This commit is contained in:
parent
e9216b2dbc
commit
fac83b68e8
106
vmtp/compute.py
106
vmtp/compute.py
@ -20,12 +20,12 @@ import time
|
|||||||
|
|
||||||
import glanceclient.exc as glance_exception
|
import glanceclient.exc as glance_exception
|
||||||
import novaclient
|
import novaclient
|
||||||
|
import novaclient.exceptions as exceptions
|
||||||
|
|
||||||
class Compute(object):
|
class Compute(object):
|
||||||
|
|
||||||
def __init__(self, nova_client, neutron_client, config):
|
def __init__(self, nova_client, config):
|
||||||
self.novaclient = nova_client
|
self.novaclient = nova_client
|
||||||
self.neutronclient = neutron_client
|
|
||||||
self.config = config
|
self.config = config
|
||||||
|
|
||||||
def find_image(self, image_name):
|
def find_image(self, image_name):
|
||||||
@ -153,7 +153,7 @@ class Compute(object):
|
|||||||
retry_count=10):
|
retry_count=10):
|
||||||
|
|
||||||
if sec_group:
|
if sec_group:
|
||||||
security_groups = [sec_group['id']]
|
security_groups = [sec_group.name]
|
||||||
else:
|
else:
|
||||||
security_groups = None
|
security_groups = None
|
||||||
# Also attach the created security group for the test
|
# Also attach the created security group for the test
|
||||||
@ -250,7 +250,7 @@ class Compute(object):
|
|||||||
'''
|
'''
|
||||||
if host_list:
|
if host_list:
|
||||||
for hyp in host_list:
|
for hyp in host_list:
|
||||||
if hyp.host_name == host:
|
if hyp.host == host:
|
||||||
return self.normalize_az_host(hyp.zone, host)
|
return self.normalize_az_host(hyp.zone, host)
|
||||||
# no match on host
|
# no match on host
|
||||||
print('Error: passed host name does not exist: ' + host)
|
print('Error: passed host name does not exist: ' + host)
|
||||||
@ -384,60 +384,72 @@ class Compute(object):
|
|||||||
# Create a new security group with appropriate rules
|
# Create a new security group with appropriate rules
|
||||||
def security_group_create(self):
|
def security_group_create(self):
|
||||||
# check first the security group exists
|
# check first the security group exists
|
||||||
sec_groups = self.neutronclient.list_security_groups()['security_groups']
|
# May throw exceptions.NoUniqueMatch or NotFound
|
||||||
group = [x for x in sec_groups if x['name'] == self.config.security_group_name]
|
try:
|
||||||
if len(group) > 0:
|
group = self.novaclient.security_groups.find(name=self.config.security_group_name)
|
||||||
return group[0]
|
return group
|
||||||
|
except exceptions.NotFound:
|
||||||
body = {
|
group = self.novaclient.security_groups.create(name=self.config.security_group_name,
|
||||||
'security_group': {
|
description="PNS Security group")
|
||||||
'name': self.config.security_group_name,
|
# Once security group try to find it iteratively
|
||||||
'description': 'PNS Security Group'
|
# (this check may no longer be necessary)
|
||||||
}
|
for _ in range(self.config.generic_retry_count):
|
||||||
}
|
group = self.novaclient.security_groups.get(group)
|
||||||
group = self.neutronclient.create_security_group(body)['security_group']
|
if group:
|
||||||
self.security_group_add_rules(group)
|
self.security_group_add_rules(group)
|
||||||
return group
|
return group
|
||||||
|
else:
|
||||||
|
time.sleep(1)
|
||||||
|
return None
|
||||||
|
# except exceptions.NoUniqueMatch as exc:
|
||||||
|
# raise exc
|
||||||
|
|
||||||
# Delete a security group
|
# Delete a security group
|
||||||
def security_group_delete(self, group):
|
def security_group_delete(self, group):
|
||||||
if group:
|
if group:
|
||||||
print "Deleting security group"
|
print "Deleting security group"
|
||||||
self.neutronclient.delete_security_group(group['id'])
|
self.novaclient.security_groups.delete(group)
|
||||||
|
|
||||||
# Add rules to the security group
|
# Add rules to the security group
|
||||||
def security_group_add_rules(self, group):
|
def security_group_add_rules(self, group):
|
||||||
body = {
|
|
||||||
'security_group_rule': {
|
|
||||||
'direction': 'ingress', 'security_group_id': group['id'], 'remote_group_id': None
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if self.config.ipv6_mode:
|
|
||||||
body['security_group_rule']['ethertype'] = 'IPv6'
|
|
||||||
body['security_group_rule']['remote_ip_prefix'] = '::/0'
|
|
||||||
else:
|
|
||||||
body['security_group_rule']['ethertype'] = 'IPv4'
|
|
||||||
body['security_group_rule']['remote_ip_prefix'] = '0.0.0.0/0'
|
|
||||||
|
|
||||||
# Allow ping traffic
|
# Allow ping traffic
|
||||||
body['security_group_rule']['protocol'] = 'icmp'
|
self.novaclient.security_group_rules.create(group.id,
|
||||||
body['security_group_rule']['port_range_min'] = None
|
ip_protocol="icmp",
|
||||||
body['security_group_rule']['port_range_max'] = None
|
from_port=-1,
|
||||||
self.neutronclient.create_security_group_rule(body)
|
to_port=-1)
|
||||||
|
if self.config.ipv6_mode:
|
||||||
|
self.novaclient.security_group_rules.create(group.id,
|
||||||
|
ip_protocol="icmp",
|
||||||
|
from_port=-1,
|
||||||
|
to_port=-1,
|
||||||
|
cidr="::/0")
|
||||||
# Allow SSH traffic
|
# Allow SSH traffic
|
||||||
body['security_group_rule']['protocol'] = 'tcp'
|
self.novaclient.security_group_rules.create(group.id,
|
||||||
body['security_group_rule']['port_range_min'] = 22
|
ip_protocol="tcp",
|
||||||
body['security_group_rule']['port_range_max'] = 22
|
from_port=22,
|
||||||
self.neutronclient.create_security_group_rule(body)
|
to_port=22)
|
||||||
|
|
||||||
# Allow TCP/UDP traffic for perf tools like iperf/nuttcp
|
# Allow TCP/UDP traffic for perf tools like iperf/nuttcp
|
||||||
# 5001: Data traffic (standard iperf data port)
|
# 5001: Data traffic (standard iperf data port)
|
||||||
# 5002: Control traffic (non standard)
|
# 5002: Control traffic (non standard)
|
||||||
# note that 5000/tcp is already picked by openstack keystone
|
# note that 5000/tcp is already picked by openstack keystone
|
||||||
body['security_group_rule']['protocol'] = 'tcp'
|
if not self.config.ipv6_mode:
|
||||||
body['security_group_rule']['port_range_min'] = 5001
|
self.novaclient.security_group_rules.create(group.id,
|
||||||
body['security_group_rule']['port_range_max'] = 5002
|
ip_protocol="tcp",
|
||||||
self.neutronclient.create_security_group_rule(body)
|
from_port=5001,
|
||||||
body['security_group_rule']['protocol'] = 'udp'
|
to_port=5002)
|
||||||
self.neutronclient.create_security_group_rule(body)
|
self.novaclient.security_group_rules.create(group.id,
|
||||||
|
ip_protocol="udp",
|
||||||
|
from_port=5001,
|
||||||
|
to_port=5001)
|
||||||
|
else:
|
||||||
|
# IPV6 rules addition
|
||||||
|
self.novaclient.security_group_rules.create(group.id,
|
||||||
|
ip_protocol="tcp",
|
||||||
|
from_port=5001,
|
||||||
|
to_port=5002,
|
||||||
|
cidr="::/0")
|
||||||
|
self.novaclient.security_group_rules.create(group.id,
|
||||||
|
ip_protocol="udp",
|
||||||
|
from_port=5001,
|
||||||
|
to_port=5001,
|
||||||
|
cidr="::/0")
|
||||||
|
@ -13,9 +13,7 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
#
|
#
|
||||||
|
|
||||||
import os
|
|
||||||
import re
|
import re
|
||||||
import stat
|
|
||||||
|
|
||||||
import monitor
|
import monitor
|
||||||
from netaddr import IPAddress
|
from netaddr import IPAddress
|
||||||
@ -92,7 +90,7 @@ class Instance(object):
|
|||||||
if self.config.vnic_type:
|
if self.config.vnic_type:
|
||||||
# create the VM by passing a port ID instead of a net ID
|
# create the VM by passing a port ID instead of a net ID
|
||||||
self.port = self.net.create_port(int_net['id'],
|
self.port = self.net.create_port(int_net['id'],
|
||||||
[sec_group['id']],
|
[sec_group.id],
|
||||||
self.config.vnic_type)
|
self.config.vnic_type)
|
||||||
nics = [{'port-id': self.port['id']}]
|
nics = [{'port-id': self.port['id']}]
|
||||||
# no need to create server with a security group since
|
# no need to create server with a security group since
|
||||||
@ -242,8 +240,6 @@ class Instance(object):
|
|||||||
self.buginf('tool %s already present - skipping install',
|
self.buginf('tool %s already present - skipping install',
|
||||||
tool_name)
|
tool_name)
|
||||||
return True
|
return True
|
||||||
# first chmod the local copy since git does not keep the permission
|
|
||||||
os.chmod(source, stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO)
|
|
||||||
|
|
||||||
# scp over the tool binary
|
# scp over the tool binary
|
||||||
self.buginf('Copying %s to target...', tool_name)
|
self.buginf('Copying %s to target...', tool_name)
|
||||||
|
@ -201,7 +201,7 @@ class VmtpTest(object):
|
|||||||
nova_client = Client(**creds_nova)
|
nova_client = Client(**creds_nova)
|
||||||
neutron = neutronclient.Client(**creds)
|
neutron = neutronclient.Client(**creds)
|
||||||
|
|
||||||
self.comp = compute.Compute(nova_client, neutron, self.config)
|
self.comp = compute.Compute(nova_client, self.config)
|
||||||
|
|
||||||
# Add the appropriate public key to openstack
|
# Add the appropriate public key to openstack
|
||||||
self.comp.init_key_pair(self.config.public_key_name, self.instance_access)
|
self.comp.init_key_pair(self.config.public_key_name, self.instance_access)
|
||||||
|
Loading…
Reference in New Issue
Block a user