def _add_security_group_rule(openstack: Openstack, security_group_id,
rule: str):
regex = '^\s*(ingress|egress)\s+(ipv4|ipv6)\s+([a-z]+)\s*(?:(\d+(?:' \
'-\d+)?)?(?:\s|$)+)?(?:((?:(?:(?:[0-9A-Fa-f]{1,4}:){7}(?:[0' \
'-9A-Fa-f]{1,4}|:))|(?:(?:[0-9A-Fa-f]{1,4}:){6}(?::[0-9A-Fa' \
'-f]{1,4}|(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[' \
'0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(?:(?:[0-9A-Fa-f]{1' \
',4}:){5}(?:(?:(?::[0-9A-Fa-f]{1,4}){1,2})|:(?:(?:25[0-5]|2' \
'[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9' \
']?\d)){3})|:))|(?:(?:[0-9A-Fa-f]{1,4}:){4}(?:(?:(?::[0-9A-' \
'Fa-f]{1,4}){1,3})|(?:(?::[0-9A-Fa-f]{1,4})?:(?:(?:25[0-5]|' \
'2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-' \
'9]?\d)){3}))|:))|(?:(?:[0-9A-Fa-f]{1,4}:){3}(?:(?:(?::[0-9' \
'A-Fa-f]{1,4}){1,4})|(?:(?::[0-9A-Fa-f]{1,4}){0,2}:(?:(?:25' \
'[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d' \
'\d|[1-9]?\d)){3}))|:))|(?:(?:[0-9A-Fa-f]{1,4}:){2}(?:(?:(?' \
'::[0-9A-Fa-f]{1,4}){1,5})|(?:(?::[0-9A-Fa-f]{1,4}){0,3}:(?' \
':(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]' \
'\d|1\d\d|[1-9]?\d)){3}))|:))|(?:(?:[0-9A-Fa-f]{1,4}:){1}(?' \
':(?:(?::[0-9A-Fa-f]{1,4}){1,6})|(?:(?::[0-9A-Fa-f]{1,4}){0' \
',4}:(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|' \
'2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(?::(?:(?:(?::[0-9A-Fa-' \
'f]{1,4}){1,7})|(?:(?::[0-9A-Fa-f]{1,4}){0,5}:(?:(?:25[0-5]' \
'|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1' \
'-9]?\d)){3}))|:))|(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' \
'\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0' \
'-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0' \
'-9][0-9]?))(?:\/[0-9]{1,2})?(\s|$)))*'
matches = re.finditer(regex, rule)
query = None
for _, match in enumerate(matches):
query = {}
for group_id, segment in enumerate(match.groups()):
group_id += 1
if group_id == 1:
query['direction'] = segment
elif group_id == 2:
ethertype = segment
query['ethertype'] = ethertype[:2].upper() + ethertype[2:]
elif group_id == 3:
query['protocol'] = segment
elif group_id == 4:
port = segment
if port is None:
query['port_range_max'] = None
query['port_range_min'] = None
else:
range = port.split('-')
query['port_range_max'] = query['port_range_min'] = range[
0]
if len(range) == 2:
query['port_range_max'] = range[1]
elif group_id == 5:
query['remote_ip_prefix'] = segment
break
if query is not None:
openstack.create_security_group_rule(security_group_id, **query)
def update_allowed_address_pairs(cloudconfig, lab_id, lab_slice, topo):
try:
openstack = Openstack(cloudconfig.detail['openstackAuthURL'],
cloudconfig.detail['openstackProject'],
cloudconfig.detail['openstackUser'],
cloudconfig.detail['openstackPassword'])
mac_regex = '^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$'
ip_cidr_regex = '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4]' \
'[0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|(([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-' \
'f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-' \
'5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5' \
']|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}((' \
'(:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0' \
'-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]' \
'{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0' \
'-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d' \
'|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1' \
',4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d' \
'|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1' \
'\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(\/[0-9]{1,2})*$'
for link in topo['links']:
address_pairs = []
network = NetworkNode.fetchone(gid=link['network']['gid'],
slice_id=lab_slice.id)
if link['target']['type'].lower() == 'instance':
device = Instance.fetchone(gid=link['target']['gid'],
slice_id=lab_slice.id)
elif link['target']['type'].lower() == 'router':
device = Router.fetchone(gid=link['target']['gid'],
slice_id=lab_slice.id)
else:
continue
for raw_address_pair in link.get('allowedAddressPairs', []):
mac_address, ip_address, _ = (raw_address_pair + ',,').split(
',', 2)
if ip_address.strip() == '':
ip_address = mac_address
mac_address = ''
if (mac_address == '' or re.match(
mac_regex, mac_address.strip())) and re.match(
ip_cidr_regex, ip_address.strip()):
address_pair = {'ip_address': ip_address}
if mac_address != '':
address_pair['mac_address'] = mac_address
address_pairs.append(address_pair)
if address_pairs:
openstack.update_allowed_address_pairs(
network, device.cloud_attrs['id'], address_pairs)
except Exception as ex:
error_type = 'Update allowed address pairs error'
error_msgs = [error_type + ': ' + str(ex)]
lab = Lab.fetchone(id=lab_id)
lab.update(status='deployfailed',
error_msgs=lab.error_msgs + error_msgs)
raise Exception(
error_type
) # Raise exception to not execute the next job in the dependency link
def create_networks(cloudconfig, lab_id, lab_slice, topo):
try:
openstack = Openstack(cloudconfig.detail['openstackAuthURL'],
cloudconfig.detail['openstackProject'],
cloudconfig.detail['openstackUser'],
cloudconfig.detail['openstackPassword'])
threads = []
for n in topo['networks']:
new_net = NetworkNode.insert(name=n['name'],
cidr=n['cidr'],
status='deploying',
x=n['x'],
y=n['y'],
slice_id=lab_slice.id,
gid=n['gid'])
t = CreateNetThread(openstack, new_net)
t.start()
threads.append(t)
for t in threads:
t.join()
except Exception as ex:
error_type = 'Create networks error'
error_msgs = [error_type + ': ' + str(ex)]
lab = Lab.fetchone(id=lab_id)
lab.update(status='deployfailed',
error_msgs=lab.error_msgs + error_msgs)
raise Exception(
error_type
) # Raise exception to not execute the next job in the dependency link
def delete_sec_group(cloudconfig: CloudConfig, lab_id, lab_slice: Slice):
try:
openstack = Openstack(cloudconfig.detail['openstackAuthURL'],
cloudconfig.detail['openstackProject'],
cloudconfig.detail['openstackUser'],
cloudconfig.detail['openstackPassword'])
if lab_slice.cloud_attrs.get('sec_group_id') is not None:
openstack.delete_security_group(lab_slice.name)
except Exception as ex:
error_type = 'Delete security group error'
error_msgs = [error_type + ': ' + str(ex)]
lab = Lab.fetchone(id=lab_id)
lab.update(status='destroyfailed',
error_msgs=lab.error_msgs + error_msgs)
raise Exception(
error_type
) # Raise exception to not execute the next job in the dependency link
def create_routers(cloudconfig, lab_id, lab_slice, topo,
create_sec_group_job_id):
try:
openstack = Openstack(cloudconfig.detail['openstackAuthURL'],
cloudconfig.detail['openstackProject'],
cloudconfig.detail['openstackUser'],
cloudconfig.detail['openstackPassword'])
sec_group_id = queue.fetch_job(create_sec_group_job_id).result
routers = topo['routers']
for s in routers:
links = _extract_links(s, topo)
configurations, password = _extract_configurations(
lab_id, lab_slice, s, topo)
Router.insert(name=s['name'],
status='deploying',
x=s['x'],
y=s['y'],
gid=s['gid'],
slice_id=lab_slice.id,
image=s['image'],
flavor=s['flavor'],
links=links,
configurations=configurations,
password=password)
# Actually deployment
threads = []
for router in Router.fetchall(slice_id=lab_slice.id):
t = CreateRouterThread(openstack, lab_id, router, lab_slice,
sec_group_id)
t.start()
threads.append(t)
for t in threads:
t.join()
except Exception as ex:
error_type = 'Create routers error'
error_msgs = [error_type + ': ' + str(ex)]
lab = Lab.fetchone(id=lab_id)
lab.update(status='deployfailed',
error_msgs=lab.error_msgs + error_msgs)
raise Exception(
error_type
) # Raise exception to not execute the next job in the dependency link
def create_sec_group(cloudconfig: CloudConfig, lab_id, lab_slice: Slice,
scenario):
try:
openstack = Openstack(cloudconfig.detail['openstackAuthURL'],
cloudconfig.detail['openstackProject'],
cloudconfig.detail['openstackUser'],
cloudconfig.detail['openstackPassword'])
sec_group_id = openstack.create_security_group(lab_slice.name)
new_cloud_attrs = lab_slice.cloud_attrs
new_cloud_attrs['sec_group_id'] = sec_group_id
lab_slice.update(cloud_attrs=new_cloud_attrs.value)
for rule in scenario.sg_rules:
_add_security_group_rule(openstack, sec_group_id, rule)
return sec_group_id
except Exception as ex:
error_type = 'Create security group error'
error_msgs = [error_type + ': ' + str(ex)]
lab = Lab.fetchone(id=lab_id)
lab.update(status='deployfailed',
error_msgs=lab.error_msgs + error_msgs)
raise Exception(
error_type
) # Raise exception to not execute the next job in the dependency link
def delete_routers(cloudconfig, lab_id, lab_slice):
try:
openstack = Openstack(cloudconfig.detail['openstackAuthURL'],
cloudconfig.detail['openstackProject'],
cloudconfig.detail['openstackUser'],
cloudconfig.detail['openstackPassword'])
routers = Router.fetchall(slice_id=lab_slice.id)
threads = []
for router in routers:
t = DeleteRouterThread(openstack, lab_id, router)
t.start()
threads.append(t)
for t in threads:
t.join()
except Exception as ex:
error_type = 'Delete routers error'
error_msgs = [error_type + ': ' + str(ex)]
lab = Lab.fetchone(id=lab_id)
lab.update(status='destroyfailed',
error_msgs=lab.error_msgs + error_msgs)
raise Exception(
error_type
) # Raise exception to not execute the next job in the dependency link