def create(nova_client, **kwargs): security_group = build_sg_data() security_group['description'] = ctx.node.properties['description'] sgr_default_values = { 'ip_protocol': 'tcp', 'from_port': 1, 'to_port': 65535, 'cidr': '0.0.0.0/0', # 'group_id': None, # 'parent_group_id': None, } sg_rules = process_rules(nova_client, sgr_default_values, 'cidr', 'group_id', 'from_port', 'to_port') if use_external_sg(nova_client): return transform_resource_name(ctx, security_group) sg = nova_client.security_groups.create( security_group['name'], security_group['description']) set_sg_runtime_properties(sg, nova_client) try: for sgr in sg_rules: sgr['parent_group_id'] = sg.id nova_client.security_group_rules.create(**sgr) except Exception: delete_resource_and_runtime_properties(ctx, nova_client, RUNTIME_PROPERTIES_KEYS) raise
def create(neutron_client, args, **kwargs): security_group = build_sg_data(args) sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES, 'remote_ip_prefix', 'remote_group_id', 'port_range_min', 'port_range_max') disable_default_egress_rules = ctx.node.properties.get( 'disable_default_egress_rules') if use_external_sg(neutron_client): return transform_resource_name(ctx, security_group) sg = neutron_client.create_security_group( {'security_group': security_group})['security_group'] set_sg_runtime_properties(sg, neutron_client) try: if disable_default_egress_rules: for er in _egress_rules(_rules_for_sg_id(neutron_client, sg['id'])): neutron_client.delete_security_group_rule(er['id']) for sgr in sg_rules: sgr['security_group_id'] = sg['id'] neutron_client.create_security_group_rule( {'security_group_rule': sgr}) except Exception: delete_resource_and_runtime_properties(ctx, neutron_client, RUNTIME_PROPERTIES_KEYS) raise
def create(nova_client, **kwargs): security_group = build_sg_data() security_group['description'] = ctx.node.properties['description'] sgr_default_values = { 'ip_protocol': 'tcp', 'from_port': 1, 'to_port': 65535, 'cidr': '0.0.0.0/0', # 'group_id': None, # 'parent_group_id': None, } sg_rules = process_rules(nova_client, sgr_default_values, 'cidr', 'group_id', 'from_port', 'to_port') if use_external_sg(nova_client): return transform_resource_name(ctx, security_group) sg = nova_client.security_groups.create(security_group['name'], security_group['description']) set_sg_runtime_properties(sg, nova_client) try: for sgr in sg_rules: sgr['parent_group_id'] = sg.id nova_client.security_group_rules.create(**sgr) except Exception: delete_resource_and_runtime_properties(ctx, nova_client, RUNTIME_PROPERTIES_KEYS) raise
def create(neutron_client, args, **kwargs): security_group = build_sg_data(args) sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES, 'remote_ip_prefix', 'remote_group_id', 'port_range_min', 'port_range_max') disable_default_egress_rules = ctx.node.properties.get( 'disable_default_egress_rules') if use_external_sg(neutron_client): return transform_resource_name(ctx, security_group) sg = neutron_client.create_security_group( {'security_group': security_group})['security_group'] set_sg_runtime_properties(sg, neutron_client) try: if disable_default_egress_rules: for er in _egress_rules(_rules_for_sg_id(neutron_client, sg['id'])): neutron_client.delete_security_group_rule(er['id']) for sgr in sg_rules: sgr['security_group_id'] = sg['id'] neutron_client.create_security_group_rule( {'security_group_rule': sgr}) except Exception: delete_resource_and_runtime_properties(ctx, neutron_client, RUNTIME_PROPERTIES_KEYS) raise
def create(neutron_client, **kwargs): """ Create security group with rules. Parameters transformations: rules.N.remote_group_name -> rules.N.remote_group_id rules.N.remote_group_node -> rules.N.remote_group_id (Node name in YAML) """ security_group = { 'description': None, 'name': get_resource_id(ctx, SECURITY_GROUP_OPENSTACK_TYPE), } security_group.update(ctx.node.properties['security_group']) rules_to_apply = ctx.node.properties['rules'] from neutron_plugin.security_group_rule import _process_rule security_group_rules = [] for rule in rules_to_apply: security_group_rules.append(_process_rule(rule, neutron_client)) disable_default_egress_rules = ctx.node.properties.get( 'disable_default_egress_rules') external_sg = use_external_resource(ctx, neutron_client, SECURITY_GROUP_OPENSTACK_TYPE) if external_sg: try: _ensure_existing_sg_is_identical( external_sg, security_group, security_group_rules, not disable_default_egress_rules) return except Exception: delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS) raise transform_resource_name(ctx, security_group) sg = neutron_client.create_security_group( {'security_group': security_group})['security_group'] ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] = sg['id'] ctx.instance.runtime_properties[OPENSTACK_TYPE_PROPERTY] = \ SECURITY_GROUP_OPENSTACK_TYPE ctx.instance.runtime_properties[OPENSTACK_NAME_PROPERTY] = sg['name'] try: if disable_default_egress_rules: for er in _egress_rules(_rules_for_sg_id(neutron_client, sg['id'])): neutron_client.delete_security_group_rule(er['id']) for sgr in security_group_rules: sgr['security_group_id'] = sg['id'] neutron_client.create_security_group_rule( {'security_group_rule': sgr}) except neutron_exceptions.NeutronClientException: delete_resource_and_runtime_properties(ctx, neutron_client, RUNTIME_PROPERTIES_KEYS) raise
def create(neutron_client, args, status_attempts=10, status_timeout=2, **kwargs): security_group = build_sg_data(args) if not security_group['description']: security_group['description'] = ctx.node.properties['description'] sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES, 'remote_ip_prefix', 'remote_group_id', 'port_range_min', 'port_range_max') disable_default_egress_rules = ctx.node.properties.get( 'disable_default_egress_rules') if use_external_sg(neutron_client): return transform_resource_name(ctx, security_group) sg = neutron_client.create_security_group( {'security_group': security_group})['security_group'] for attempt in range(max(status_attempts, 1)): sleep(status_timeout) try: neutron_client.show_security_group(sg['id']) except RequestException as e: ctx.logger.debug( "Waiting for SG to be visible. Attempt {}".format(attempt)) else: break else: raise NonRecoverableError( "Timed out waiting for security_group to exist", e) set_sg_runtime_properties(sg, neutron_client) try: if disable_default_egress_rules: for er in _egress_rules(_rules_for_sg_id(neutron_client, sg['id'])): neutron_client.delete_security_group_rule(er['id']) for sgr in sg_rules: sgr['security_group_id'] = sg['id'] neutron_client.create_security_group_rule( {'security_group_rule': sgr}) except Exception: try: delete_resource_and_runtime_properties(ctx, neutron_client, RUNTIME_PROPERTIES_KEYS) except Exception as e: raise NonRecoverableError('Exception while tearing down for retry', e) raise
def create( neutron_client, args, status_attempts=10, status_timeout=2, **kwargs ): security_group = build_sg_data(args) if not security_group['description']: security_group['description'] = ctx.node.properties['description'] sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES, 'remote_ip_prefix', 'remote_group_id', 'port_range_min', 'port_range_max') disable_default_egress_rules = ctx.node.properties.get( 'disable_default_egress_rules') if use_external_sg(neutron_client): return transform_resource_name(ctx, security_group) sg = neutron_client.create_security_group( {'security_group': security_group})['security_group'] for attempt in range(max(status_attempts, 1)): sleep(status_timeout) try: neutron_client.show_security_group(sg['id']) except RequestException as e: ctx.logger.debug("Waiting for SG to be visible. Attempt {}".format( attempt)) else: break else: raise NonRecoverableError( "Timed out waiting for security_group to exist", e) set_sg_runtime_properties(sg, neutron_client) try: if disable_default_egress_rules: for er in _egress_rules(_rules_for_sg_id(neutron_client, sg['id'])): neutron_client.delete_security_group_rule(er['id']) for sgr in sg_rules: sgr['security_group_id'] = sg['id'] neutron_client.create_security_group_rule( {'security_group_rule': sgr}) except Exception: try: delete_resource_and_runtime_properties( ctx, neutron_client, RUNTIME_PROPERTIES_KEYS) except Exception as e: raise NonRecoverableError( 'Exception while tearing down for retry', e) raise
def delete(cinder_client, **kwargs): # seach snapshots for volume search_opts = { 'volume_id': get_openstack_id(ctx), } _delete_snapshot(cinder_client, search_opts) # remove volume itself delete_resource_and_runtime_properties(ctx, cinder_client, RUNTIME_PROPERTIES_KEYS)
def delete(keystone_client, nova_client, cinder_client, neutron_client, **kwargs): tenant_id = ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] quota = ctx.node.properties[TENANT_QUOTA_TYPE] delete_quota(tenant_id, quota, nova_client, 'nova') delete_quota(tenant_id, quota, neutron_client, 'neutron') delete_quota(tenant_id, quota, cinder_client, 'cinder') delete_resource_and_runtime_properties(ctx, keystone_client, RUNTIME_PROPERTIES_KEYS)
def delete(keystone_client, nova_client, cinder_client, neutron_client, **kwargs): project_id = get_openstack_id(ctx) quota = ctx.node.properties[PROJECT_QUOTA_TYPE] delete_quota(project_id, quota, nova_client, NOVA) delete_quota(project_id, quota, neutron_client, NEUTRON) delete_quota(project_id, quota, cinder_client, CINDER) delete_resource_and_runtime_properties(ctx, keystone_client, RUNTIME_PROPERTIES_KEYS)
def delete(keystone_client, nova_client, cinder_client, neutron_client, **kwargs): tenant_id = ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] quota = ctx.node.properties[TENANT_QUOTA_TYPE] delete_quota(tenant_id, quota, nova_client, 'nova') delete_quota(tenant_id, quota, neutron_client, 'neutron') delete_quota(tenant_id, quota, cinder_client, 'cinder') delete_resource_and_runtime_properties(ctx, keystone_client, RUNTIME_PROPERTIES_KEYS)
def delete(neutron_client, **kwargs): try: delete_resource_and_runtime_properties(ctx, neutron_client, RUNTIME_PROPERTIES_KEYS) except neutron_exceptions.NeutronClientException, e: if e.status_code == 404: # port was probably deleted when an attached device was deleted delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS) else: raise
def delete(neutron_client, **kwargs): try: delete_resource_and_runtime_properties(ctx, neutron_client, RUNTIME_PROPERTIES_KEYS) except neutron_exceptions.NeutronClientException, e: if e.status_code == 404: # port was probably deleted when an attached device was deleted delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS) else: raise
def delete(nova_client, **kwargs): if not is_external_resource(ctx): host_aggregate = nova_client.aggregates.get(get_openstack_id(ctx)) _remove_hosts(ctx, nova_client, get_openstack_id(ctx), host_aggregate.hosts) if HOSTS_PROPERTY in ctx.instance.runtime_properties: ctx.instance.runtime_properties.pop(HOSTS_PROPERTY, None) delete_resource_and_runtime_properties(ctx, nova_client, RUNTIME_PROPERTIES_KEYS)
def create(nova_client, args, **kwargs): private_key_path = _get_private_key_path() pk_exists = _check_private_key_exists(private_key_path) if use_external_resource(ctx, nova_client, KEYPAIR_OPENSTACK_TYPE): if not pk_exists: delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS) raise NonRecoverableError( 'Failed to use external keypair (node {0}): the public key {1}' ' is available on Openstack, but the private key could not be ' 'found at {2}'.format(ctx.node.id, ctx.node.properties['resource_id'], private_key_path)) return if pk_exists: raise NonRecoverableError( "Can't create keypair - private key path already exists: {0}". format(private_key_path)) keypair = { 'name': get_resource_id(ctx, KEYPAIR_OPENSTACK_TYPE), } keypair.update(ctx.node.properties['keypair'], **args) transform_resource_name(ctx, keypair) keypair = nova_client.keypairs.create(keypair['name'], keypair.get('public_key')) ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] = keypair.id ctx.instance.runtime_properties[OPENSTACK_TYPE_PROPERTY] = \ KEYPAIR_OPENSTACK_TYPE ctx.instance.runtime_properties[OPENSTACK_NAME_PROPERTY] = keypair.name try: # write private key file _mkdir_p(os.path.dirname(private_key_path)) with open(private_key_path, 'w') as f: f.write(keypair.private_key) os.chmod(private_key_path, 0600) except Exception: _delete_private_key_file() delete_resource_and_runtime_properties(ctx, nova_client, RUNTIME_PROPERTIES_KEYS) raise
def create(nova_client, args, **kwargs): private_key_path = _get_private_key_path() pk_exists = _check_private_key_exists(private_key_path) if use_external_resource(ctx, nova_client, KEYPAIR_OPENSTACK_TYPE): if not pk_exists: delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS) raise NonRecoverableError( 'Failed to use external keypair (node {0}): the public key {1}' ' is available on Openstack, but the private key could not be ' 'found at {2}'.format(ctx.node.id, ctx.node.properties['resource_id'], private_key_path)) return if pk_exists: raise NonRecoverableError( "Can't create keypair - private key path already exists: {0}" .format(private_key_path)) keypair = { 'name': get_resource_id(ctx, KEYPAIR_OPENSTACK_TYPE), } keypair.update(ctx.node.properties['keypair'], **args) transform_resource_name(ctx, keypair) keypair = nova_client.keypairs.create(keypair['name'], keypair.get('public_key')) ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] = keypair.id ctx.instance.runtime_properties[OPENSTACK_TYPE_PROPERTY] = \ KEYPAIR_OPENSTACK_TYPE ctx.instance.runtime_properties[OPENSTACK_NAME_PROPERTY] = keypair.name try: # write private key file _mkdir_p(os.path.dirname(private_key_path)) with open(private_key_path, 'w') as f: f.write(keypair.private_key) os.chmod(private_key_path, 0600) except Exception: _delete_private_key_file() delete_resource_and_runtime_properties(ctx, nova_client, RUNTIME_PROPERTIES_KEYS) raise
def delete(glance_client, **kwargs): _remove_protected(glance_client) delete_resource_and_runtime_properties(ctx, glance_client, RUNTIME_PROPERTIES_KEYS)
def delete_floatingip(client, **kwargs): delete_resource_and_runtime_properties(ctx, client, RUNTIME_PROPERTIES_KEYS)
def delete_floatingip(client, **kwargs): delete_resource_and_runtime_properties(ctx, client, RUNTIME_PROPERTIES_KEYS)
def delete(nova_client, **kwargs): if not is_external_resource(ctx): _remove_hosts(ctx, nova_client, get_openstack_id(ctx), kwargs) delete_resource_and_runtime_properties(ctx, nova_client, RUNTIME_PROPERTIES_KEYS)
def delete(keystone_client, **kwargs): delete_resource_and_runtime_properties(ctx, keystone_client, RUNTIME_PROPERTIES_KEYS)
def delete(nova_client, **kwargs): delete_resource_and_runtime_properties(ctx, nova_client, RUNTIME_PROPERTIES_KEYS) delete_runtime_properties(ctx, [EXTRA_SPECS_PROPERTY, TENANTS_PROPERTY])
def delete(neutron_client, **kwargs): delete_resource_and_runtime_properties(ctx, neutron_client, RUNTIME_PROPERTIES_KEYS)
def delete(cinder_client, **kwargs): delete_resource_and_runtime_properties(ctx, cinder_client, RUNTIME_PROPERTIES_KEYS)
def delete(glance_client, **kwargs): _remove_protected(glance_client) delete_resource_and_runtime_properties(ctx, glance_client, RUNTIME_PROPERTIES_KEYS)