def _dhcp_operation(vca_client, network_name, operation):
"""
update dhcp setting for network
"""
dhcp_settings = ctx.node.properties['network'].get('dhcp')
if dhcp_settings is None:
return True
gateway_name = ctx.node.properties["network"]['edge_gateway']
gateway = get_gateway(vca_client, gateway_name)
if gateway.is_busy():
return False
if operation == ADD_POOL:
ip = _split_adresses(dhcp_settings['dhcp_range'])
low_ip_address = check_ip(ip.start)
hight_ip_address = check_ip(ip.end)
default_lease = dhcp_settings.get('default_lease')
max_lease = dhcp_settings.get('max_lease')
gateway.add_dhcp_pool(network_name, low_ip_address, hight_ip_address,
default_lease, max_lease)
if save_gateway_configuration(gateway, vca_client, ctx):
ctx.logger.info("DHCP rule successful created for network {0}"
.format(network_name))
return True
if operation == DELETE_POOL:
gateway.delete_dhcp_pool(network_name)
if save_gateway_configuration(gateway, vca_client, ctx):
ctx.logger.info("DHCP rule successful deleted for network {0}"
.format(network_name))
return True
return False
def _save_configuration(gateway, vca_client, operation, public_ip):
"""
save/refresh nat rules on gateway
"""
ctx.logger.info("Save NAT configuration.")
success = save_gateway_configuration(gateway, vca_client, ctx)
if not success:
return False
ctx.logger.info("NAT configuration has been saved.")
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip
else:
service_type = get_vcloud_config().get('service_type')
if is_ondemand(service_type):
if not ctx.target.node.properties['nat'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client, gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP],
ctx
)
if PUBLIC_IP in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[PUBLIC_IP]
if PORT_REPLACEMENT in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[PORT_REPLACEMENT]
if SSH_PORT in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[SSH_PORT]
if SSH_PUBLIC_IP in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[SSH_PUBLIC_IP]
return True
def _save_configuration(gateway, vca_client, operation, public_ip):
"""
save/refresh nat rules on gateway
"""
ctx.logger.info("Save NAT configuration.")
success = save_gateway_configuration(gateway, vca_client, ctx)
if not success:
return False
ctx.logger.info("NAT configuration has been saved.")
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip
else:
service_type = get_vcloud_config().get('service_type')
if is_ondemand(service_type):
if not ctx.target.node.properties['nat'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client, gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP], ctx)
if PUBLIC_IP in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[PUBLIC_IP]
if PORT_REPLACEMENT in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[PORT_REPLACEMENT]
if SSH_PORT in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[SSH_PORT]
if SSH_PUBLIC_IP in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[SSH_PUBLIC_IP]
return True
def _floatingip_operation(operation, vca_client, ctx):
"""
create/release floating ip by nat rules for this ip with
relation to internal ip for current node,
save selected public_ip in runtime properties
"""
service_type = get_vcloud_config().get('service_type')
gateway = get_gateway(
vca_client, ctx.target.node.properties['floatingip']['edge_gateway'])
internal_ip = get_vm_ip(vca_client, ctx, gateway)
nat_operation = None
public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP)
or ctx.target.node.properties['floatingip'].get(PUBLIC_IP))
if operation == CREATE:
CheckAssignedInternalIp(internal_ip, gateway)
if public_ip:
CheckAssignedExternalIp(public_ip, gateway)
else:
public_ip = get_public_ip(vca_client, gateway, service_type, ctx)
nat_operation = _add_nat_rule
elif operation == DELETE:
if not public_ip:
ctx.logger.info("Can't get external IP".format(public_ip))
return True
nat_operation = _del_nat_rule
else:
raise cfy_exc.NonRecoverableError(
"Unknown operation {0}".format(operation)
)
external_ip = check_ip(public_ip)
nat_operation(gateway, "SNAT", internal_ip, external_ip)
nat_operation(gateway, "DNAT", external_ip, internal_ip)
success = save_gateway_configuration(gateway, vca_client, ctx)
if not success:
return False
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip
save_ssh_parameters(ctx, '22', external_ip)
else:
if is_ondemand(service_type):
if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client,
gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP],
ctx)
if PUBLIC_IP in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[PUBLIC_IP]
if SSH_PUBLIC_IP in ctx.source.instance.runtime_properties:
del ctx.source.instance.runtime_properties[SSH_PUBLIC_IP]
if SSH_PORT in ctx.target.instance.runtime_properties:
del ctx.source.instance.runtime_properties[SSH_PORT]
return True
def _floatingip_operation(operation, vca_client, ctx):
"""
create/release floating ip by nat rules for this ip with
relation to internal ip for current node,
save selected public_ip in runtime properties
"""
service_type = get_vcloud_config().get('service_type')
gateway = get_gateway(
vca_client, ctx.target.node.properties['floatingip']['edge_gateway'])
internal_ip = get_vm_ip(vca_client, ctx, gateway)
nat_operation = None
public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP)
or ctx.target.node.properties['floatingip'].get(PUBLIC_IP))
if operation == CREATE:
CheckAssignedInternalIp(internal_ip, gateway)
if public_ip:
CheckAssignedExternalIp(public_ip, gateway)
else:
public_ip = get_public_ip(vca_client, gateway, service_type, ctx)
nat_operation = _add_nat_rule
elif operation == DELETE:
if not public_ip:
ctx.logger.info("Can't get external IP".format(public_ip))
return True
nat_operation = _del_nat_rule
else:
raise cfy_exc.NonRecoverableError(
"Unknown operation {0}".format(operation))
external_ip = check_ip(public_ip)
nat_operation(gateway, "SNAT", internal_ip, external_ip)
nat_operation(gateway, "DNAT", external_ip, internal_ip)
success = save_gateway_configuration(gateway, vca_client, ctx)
if not success:
return False
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip
save_ssh_parameters(ctx, '22', external_ip)
else:
if is_ondemand(service_type):
if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client, gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP], ctx)
if PUBLIC_IP in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[PUBLIC_IP]
if SSH_PUBLIC_IP in ctx.source.instance.runtime_properties:
del ctx.source.instance.runtime_properties[SSH_PUBLIC_IP]
if SSH_PORT in ctx.source.instance.runtime_properties:
del ctx.source.instance.runtime_properties[SSH_PORT]
return True
def _rule_operation(operation, vca_client):
"""
create/delete firewall rules in gateway for current node
"""
gateway_name = _get_gateway_name(ctx.target.node.properties)
gateway = get_gateway(vca_client, gateway_name)
for rule in ctx.target.node.properties['rules']:
description = rule.get('description', "Rule added by pyvcloud").strip()
source_ip = rule.get("source", "external")
if not _is_literal_ip(source_ip):
check_ip(source_ip)
elif _is_host_ip(source_ip):
source_ip = get_vm_ip(vca_client, ctx, gateway)
source_port = str(rule.get("source_port", "any"))
dest_ip = rule.get("destination", "external")
if not _is_literal_ip(dest_ip):
check_ip(dest_ip)
elif _is_host_ip(dest_ip):
dest_ip = get_vm_ip(vca_client, ctx, gateway)
dest_port = str(rule.get('destination_port', 'any'))
protocol = rule.get('protocol', 'any').capitalize()
action = rule.get("action", "allow")
log = rule.get('log_traffic', False)
if operation == CREATE_RULE:
gateway.add_fw_rule(
True, description, action, protocol, dest_port, dest_ip,
source_port, source_ip, log)
ctx.logger.info(
"Firewall rule has been created: {0}".format(description))
elif operation == DELETE_RULE:
gateway.delete_fw_rule(protocol, dest_port, dest_ip,
source_port, source_ip)
ctx.logger.info(
"Firewall rule has been deleted: {0}".format(description))
ctx.logger.info("Saving security group configuration")
return save_gateway_configuration(gateway, vca_client, ctx)
def test_save_gateway_configuration(self):
"""
check reation of out code for different results from server
on save configuration
"""
gateway = self.generate_gateway()
fake_client = self.generate_client()
fake_ctx = self.generate_node_context()
# cant save configuration - error in first call
self.set_services_conf_result(
gateway, None
)
fake_ctx = self.generate_node_context()
with self.assertRaises(cfy_exc.NonRecoverableError):
vcloud_network_plugin.save_gateway_configuration(
gateway, fake_client, fake_ctx)
# error in status
self.set_services_conf_result(
gateway, vcloud_plugin_common.TASK_STATUS_ERROR
)
with self.assertRaises(cfy_exc.NonRecoverableError):
with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
vcloud_network_plugin.save_gateway_configuration(
gateway, fake_client, fake_ctx)
# everything fine
self.set_services_conf_result(
gateway, vcloud_plugin_common.TASK_STATUS_SUCCESS
)
with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
self.assertTrue(
vcloud_network_plugin.save_gateway_configuration(
gateway, fake_client, fake_ctx))
# server busy
self.set_services_conf_result(
gateway, None
)
self.set_gateway_busy(gateway)
self.assertFalse(
vcloud_network_plugin.save_gateway_configuration(
gateway, fake_client, fake_ctx))
