def _dhcp_operation(vca_client, network_name, operation): """ update dhcp setting for network """ dhcp_settings = ctx.node.properties['network'].get('dhcp') if dhcp_settings is None: return True gateway_name = ctx.node.properties["network"]['edge_gateway'] gateway = get_gateway(vca_client, gateway_name) if gateway.is_busy(): return False if operation == ADD_POOL: ip = _split_adresses(dhcp_settings['dhcp_range']) low_ip_address = check_ip(ip.start) hight_ip_address = check_ip(ip.end) default_lease = dhcp_settings.get('default_lease') max_lease = dhcp_settings.get('max_lease') gateway.add_dhcp_pool(network_name, low_ip_address, hight_ip_address, default_lease, max_lease) if save_gateway_configuration(gateway, vca_client, ctx): ctx.logger.info("DHCP rule successful created for network {0}" .format(network_name)) return True if operation == DELETE_POOL: gateway.delete_dhcp_pool(network_name) if save_gateway_configuration(gateway, vca_client, ctx): ctx.logger.info("DHCP rule successful deleted for network {0}" .format(network_name)) return True return False
def _save_configuration(gateway, vca_client, operation, public_ip): """ save/refresh nat rules on gateway """ ctx.logger.info("Save NAT configuration.") success = save_gateway_configuration(gateway, vca_client, ctx) if not success: return False ctx.logger.info("NAT configuration has been saved.") if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip else: service_type = get_vcloud_config().get('service_type') if is_ondemand(service_type): if not ctx.target.node.properties['nat'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx ) if PUBLIC_IP in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PUBLIC_IP] if PORT_REPLACEMENT in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PORT_REPLACEMENT] if SSH_PORT in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[SSH_PORT] if SSH_PUBLIC_IP in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[SSH_PUBLIC_IP] return True
def _save_configuration(gateway, vca_client, operation, public_ip): """ save/refresh nat rules on gateway """ ctx.logger.info("Save NAT configuration.") success = save_gateway_configuration(gateway, vca_client, ctx) if not success: return False ctx.logger.info("NAT configuration has been saved.") if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip else: service_type = get_vcloud_config().get('service_type') if is_ondemand(service_type): if not ctx.target.node.properties['nat'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx) if PUBLIC_IP in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PUBLIC_IP] if PORT_REPLACEMENT in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PORT_REPLACEMENT] if SSH_PORT in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[SSH_PORT] if SSH_PUBLIC_IP in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[SSH_PUBLIC_IP] return True
def _floatingip_operation(operation, vca_client, ctx): """ create/release floating ip by nat rules for this ip with relation to internal ip for current node, save selected public_ip in runtime properties """ service_type = get_vcloud_config().get('service_type') gateway = get_gateway( vca_client, ctx.target.node.properties['floatingip']['edge_gateway']) internal_ip = get_vm_ip(vca_client, ctx, gateway) nat_operation = None public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP) or ctx.target.node.properties['floatingip'].get(PUBLIC_IP)) if operation == CREATE: CheckAssignedInternalIp(internal_ip, gateway) if public_ip: CheckAssignedExternalIp(public_ip, gateway) else: public_ip = get_public_ip(vca_client, gateway, service_type, ctx) nat_operation = _add_nat_rule elif operation == DELETE: if not public_ip: ctx.logger.info("Can't get external IP".format(public_ip)) return True nat_operation = _del_nat_rule else: raise cfy_exc.NonRecoverableError( "Unknown operation {0}".format(operation) ) external_ip = check_ip(public_ip) nat_operation(gateway, "SNAT", internal_ip, external_ip) nat_operation(gateway, "DNAT", external_ip, internal_ip) success = save_gateway_configuration(gateway, vca_client, ctx) if not success: return False if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip save_ssh_parameters(ctx, '22', external_ip) else: if is_ondemand(service_type): if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx) if PUBLIC_IP in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PUBLIC_IP] if SSH_PUBLIC_IP in ctx.source.instance.runtime_properties: del ctx.source.instance.runtime_properties[SSH_PUBLIC_IP] if SSH_PORT in ctx.target.instance.runtime_properties: del ctx.source.instance.runtime_properties[SSH_PORT] return True
def _floatingip_operation(operation, vca_client, ctx): """ create/release floating ip by nat rules for this ip with relation to internal ip for current node, save selected public_ip in runtime properties """ service_type = get_vcloud_config().get('service_type') gateway = get_gateway( vca_client, ctx.target.node.properties['floatingip']['edge_gateway']) internal_ip = get_vm_ip(vca_client, ctx, gateway) nat_operation = None public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP) or ctx.target.node.properties['floatingip'].get(PUBLIC_IP)) if operation == CREATE: CheckAssignedInternalIp(internal_ip, gateway) if public_ip: CheckAssignedExternalIp(public_ip, gateway) else: public_ip = get_public_ip(vca_client, gateway, service_type, ctx) nat_operation = _add_nat_rule elif operation == DELETE: if not public_ip: ctx.logger.info("Can't get external IP".format(public_ip)) return True nat_operation = _del_nat_rule else: raise cfy_exc.NonRecoverableError( "Unknown operation {0}".format(operation)) external_ip = check_ip(public_ip) nat_operation(gateway, "SNAT", internal_ip, external_ip) nat_operation(gateway, "DNAT", external_ip, internal_ip) success = save_gateway_configuration(gateway, vca_client, ctx) if not success: return False if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip save_ssh_parameters(ctx, '22', external_ip) else: if is_ondemand(service_type): if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx) if PUBLIC_IP in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PUBLIC_IP] if SSH_PUBLIC_IP in ctx.source.instance.runtime_properties: del ctx.source.instance.runtime_properties[SSH_PUBLIC_IP] if SSH_PORT in ctx.source.instance.runtime_properties: del ctx.source.instance.runtime_properties[SSH_PORT] return True
def _rule_operation(operation, vca_client): """ create/delete firewall rules in gateway for current node """ gateway_name = _get_gateway_name(ctx.target.node.properties) gateway = get_gateway(vca_client, gateway_name) for rule in ctx.target.node.properties['rules']: description = rule.get('description', "Rule added by pyvcloud").strip() source_ip = rule.get("source", "external") if not _is_literal_ip(source_ip): check_ip(source_ip) elif _is_host_ip(source_ip): source_ip = get_vm_ip(vca_client, ctx, gateway) source_port = str(rule.get("source_port", "any")) dest_ip = rule.get("destination", "external") if not _is_literal_ip(dest_ip): check_ip(dest_ip) elif _is_host_ip(dest_ip): dest_ip = get_vm_ip(vca_client, ctx, gateway) dest_port = str(rule.get('destination_port', 'any')) protocol = rule.get('protocol', 'any').capitalize() action = rule.get("action", "allow") log = rule.get('log_traffic', False) if operation == CREATE_RULE: gateway.add_fw_rule( True, description, action, protocol, dest_port, dest_ip, source_port, source_ip, log) ctx.logger.info( "Firewall rule has been created: {0}".format(description)) elif operation == DELETE_RULE: gateway.delete_fw_rule(protocol, dest_port, dest_ip, source_port, source_ip) ctx.logger.info( "Firewall rule has been deleted: {0}".format(description)) ctx.logger.info("Saving security group configuration") return save_gateway_configuration(gateway, vca_client, ctx)
def test_save_gateway_configuration(self): """ check reation of out code for different results from server on save configuration """ gateway = self.generate_gateway() fake_client = self.generate_client() fake_ctx = self.generate_node_context() # cant save configuration - error in first call self.set_services_conf_result( gateway, None ) fake_ctx = self.generate_node_context() with self.assertRaises(cfy_exc.NonRecoverableError): vcloud_network_plugin.save_gateway_configuration( gateway, fake_client, fake_ctx) # error in status self.set_services_conf_result( gateway, vcloud_plugin_common.TASK_STATUS_ERROR ) with self.assertRaises(cfy_exc.NonRecoverableError): with mock.patch('vcloud_plugin_common.ctx', fake_ctx): vcloud_network_plugin.save_gateway_configuration( gateway, fake_client, fake_ctx) # everything fine self.set_services_conf_result( gateway, vcloud_plugin_common.TASK_STATUS_SUCCESS ) with mock.patch('vcloud_plugin_common.ctx', fake_ctx): self.assertTrue( vcloud_network_plugin.save_gateway_configuration( gateway, fake_client, fake_ctx)) # server busy self.set_services_conf_result( gateway, None ) self.set_gateway_busy(gateway) self.assertFalse( vcloud_network_plugin.save_gateway_configuration( gateway, fake_client, fake_ctx))