def generate(self):
LOG.info('%s()' % KenLog.fcn())
self._action = KenLog.fcn()
cloud_internal = CloudModel.internal(self._models['CloudModel'])
control_planes = CloudModel.get(cloud_internal, 'control-planes', {})
# If we have an error in an earlier generator we may not have
# control_planes in the internal model
if not control_planes:
return
routes = {}
for cp_name, cp in control_planes.iteritems():
load_balancers = cp.get('load-balancers', {})
for cluster in cp['clusters']:
for server in cluster.get('servers', []):
self._add_routes_from_server(cp, server, load_balancers,
routes)
for r_name, r in cp.get('resources', {}).iteritems():
for server in r.get('servers', []):
self._add_routes_from_server(cp, server, load_balancers,
routes)
#
default_routes = {}
# Warn about any routes using the "default" route
for src_net, net_routes in routes.iteritems():
for dest_net, route_data in net_routes.iteritems():
if route_data['default']:
hosts = set()
if src_net not in default_routes:
default_routes[src_net] = []
for src, src_data in route_data['used_by'].iteritems():
for dest, host_list in src_data.iteritems():
for host in host_list:
hosts.add(host)
default_routes[src_net].append({
'net': dest_net,
'hosts': hosts
})
if default_routes:
msg = (
"Default routing used between networks\n"
"The following networks are using a 'default' route rule. To remove this warning\n"
"either add an explict route in the source network group or force the network to\n"
"attach in the interface model used by the servers.\n")
for src in sorted(default_routes):
dest_list = default_routes[src]
for dest_data in dest_list:
msg += " %s to %s\n" % (src, dest_data['net'])
for host in sorted(dest_data['hosts']):
msg += " %s\n" % (host)
self.add_warning(msg)
CloudModel.put(cloud_internal, 'routes', routes)
def build(self):
LOG.info('%s()' % KenLog.fcn())
cloud_name = CloudDescription.get_cloud_name(self.cloud_desc)
ntp_servers = CloudModel.get(self._cloud_internal, 'ntp_servers')
dns_settings = CloudModel.get(self._cloud_internal, 'dns_settings')
smtp_settings = CloudModel.get(self._cloud_internal, 'smtp_settings')
control_planes = CloudModel.get(self._cloud_internal, 'control-planes')
net_group_firewall = CloudModel.get(self._cloud_internal,
'net-group-firewall')
firewall_settings = CloudModel.get(self._cloud_internal,
'firewall_settings')
pass_through = CloudModel.get(self._cloud_internal, 'pass_through')
components = CloudModel.get(self._cloud_internal, 'components')
services = CloudModel.get(self._cloud_internal, 'services')
for cp_name, cp in control_planes.iteritems():
for cluster in cp['clusters']:
for s in cluster['servers']:
self._build_ansible_host_vars(
cloud_name, s, cp['endpoints'], cp, cluster['name'],
ntp_servers, dns_settings, smtp_settings, pass_through,
components, services, net_group_firewall,
firewall_settings)
for r_name, resources in cp.get('resources', {}).iteritems():
for s in resources['servers']:
self._build_ansible_host_vars(
cloud_name, s, cp['endpoints'], cp, resources['name'],
ntp_servers, dns_settings, smtp_settings, pass_through,
components, services, net_group_firewall,
firewall_settings)
CloudModel.put(self._cloud_internal, 'cloud-firewall',
self._cloud_firewall)
def build(self):
LOG.info('%s()' % KenLog.fcn())
cloud_name = CloudDescription.get_cloud_name(self.cloud_desc)
ntp_servers = CloudModel.get(self._cloud_internal, 'ntp_servers')
dns_settings = CloudModel.get(self._cloud_internal, 'dns_settings')
smtp_settings = CloudModel.get(self._cloud_internal, 'smtp_settings')
control_planes = CloudModel.get(self._cloud_internal, 'control-planes')
net_group_firewall = CloudModel.get(self._cloud_internal, 'net-group-firewall')
firewall_settings = CloudModel.get(self._cloud_internal, 'firewall_settings')
pass_through = CloudModel.get(self._cloud_internal, 'pass_through')
components = CloudModel.get(self._cloud_internal, 'components')
services = CloudModel.get(self._cloud_internal, 'services')
for cp_name, cp in control_planes.iteritems():
for cluster in cp['clusters']:
for s in cluster['servers']:
self._build_ansible_host_vars(cloud_name, s, cp['endpoints'],
cp, cluster['name'],
ntp_servers, dns_settings, smtp_settings,
pass_through, components, services,
net_group_firewall, firewall_settings)
for r_name, resources in cp.get('resources', {}).iteritems():
for s in resources['servers']:
self._build_ansible_host_vars(cloud_name, s, cp['endpoints'],
cp, resources['name'],
ntp_servers, dns_settings, smtp_settings,
pass_through, components, services,
net_group_firewall, firewall_settings)
CloudModel.put(self._cloud_internal, 'cloud-firewall', self._cloud_firewall)
def _generate_ring_specifications_info(self):
LOG.info('%s()' % KenLog.fcn())
self._action = KenLog.fcn()
cloud_version = CloudModel.version(self._models['CloudModel'],
self._version)
ring_specifications_config = CloudModel.get(cloud_version,
'ring-specifications', [])
cloud_internal = CloudModel.internal(self._models['CloudModel'])
CloudModel.put(cloud_internal, 'ring-specifications',
ring_specifications_config)
def generate(self):
LOG.info('%s()' % KenLog.fcn())
self._action = KenLog.fcn()
cloud_internal = CloudModel.internal(self._models['CloudModel'])
control_planes = CloudModel.get(cloud_internal, 'control-planes', {})
# If we have an error in an earlier generator we may not have
# control_planes in the internal model
if not control_planes:
return
routes = {}
for cp_name, cp in control_planes.iteritems():
load_balancers = cp.get('load-balancers', {})
for cluster in cp['clusters']:
for server in cluster.get('servers', []):
self._add_routes_from_server(cp, server, load_balancers, routes)
for r_name, r in cp.get('resources', {}).iteritems():
for server in r.get('servers', []):
self._add_routes_from_server(cp, server, load_balancers, routes)
#
default_routes = {}
# Warn about any routes using the "default" route
for src_net, net_routes in routes.iteritems():
for dest_net, route_data in net_routes.iteritems():
if route_data['default']:
hosts = set()
if src_net not in default_routes:
default_routes[src_net] = []
for src, src_data in route_data['used_by'].iteritems():
for dest, host_list in src_data.iteritems():
for host in host_list:
hosts.add(host)
default_routes[src_net].append({'net': dest_net, 'hosts': hosts})
if default_routes:
msg = ("Default routing used between networks\n"
"The following networks are using a 'default' route rule. To remove this warning\n"
"either add an explict route in the source network group or force the network to\n"
"attach in the interface model used by the servers.\n")
for src in sorted(default_routes):
dest_list = default_routes[src]
for dest_data in dest_list:
msg += " %s to %s\n" % (src, dest_data['net'])
for host in sorted(dest_data['hosts']):
msg += " %s\n" % (host)
self.add_warning(msg)
CloudModel.put(cloud_internal, 'routes', routes)
def _generate_ring_specifications_info(self):
LOG.info('%s()' % KenLog.fcn())
self._action = KenLog.fcn()
cloud_version = CloudModel.version(
self._models['CloudModel'], self._version)
ring_specifications_config = CloudModel.get(
cloud_version, 'ring-specifications', [])
cloud_internal = CloudModel.internal(self._models['CloudModel'])
CloudModel.put(cloud_internal,
'ring-specifications',
ring_specifications_config)
def _generate_firewall_rules(self):
LOG.info('%s()' % KenLog.fcn())
self._action = KenLog.fcn()
cloud_version = CloudModel.version(
self._models['CloudModel'], self._version)
cloud_internal = CloudModel.internal(self._models['CloudModel'])
firewall_rules = CloudModel.get(cloud_version, 'firewall-rules', [])
network_groups = CloudModel.get(cloud_version, 'network-groups')
components = CloudModel.get(cloud_internal, 'components', [])
# If component is not set then it means an earlier generator failed
if not components:
return
# Initialise the firewall structure
net_group_firewall = {}
for net_group in network_groups:
net_group_firewall[net_group['name']] = {'user': [],
'component': {}}
#
# Add ports from components.
#
explicit_components = set()
for net_group in network_groups:
for comp in self._get_netgroup_components(net_group, exclude_default=True):
explicit_components.add(comp)
for net_group in network_groups:
net_group_components = self._get_netgroup_components(net_group)
for comp_name, comp_data in components.iteritems():
if (comp_name in net_group_components
or ('default' in net_group_components
and comp_name not in explicit_components)):
comp_rules = []
for endpoint in comp_data.get('endpoints', []):
if ':' in str(endpoint['port']):
ports = str.split(endpoint['port'], ':')
else:
ports = [endpoint['port'], endpoint['port']]
rule = {'type': 'allow',
'remote-ip-prefix': '0.0.0.0/0',
'port-range-min': ports[0],
'port-range-max': ports[1],
'protocol': endpoint.get('protocol', 'tcp')}
comp_rules.append(rule)
if comp_rules:
net_group_firewall[net_group['name']]['component'][comp_name] = comp_rules
# Annotate the rules so we can trace where they came from
for rule_group in firewall_rules:
for rule in rule_group.get('rules', []):
rule['component'] = "user-%s" % rule_group['name']
#
# Add user defined rules to network groups
#
for rule in firewall_rules:
if rule.get('final'):
continue
for firewall_netgroup in rule['network-groups']:
for net_group in network_groups:
if (firewall_netgroup == "all"
or firewall_netgroup == net_group['name']):
net_group_firewall[net_group['name']]['user'].extend(rule['rules'])
#
# Add user defined final rules to network groups
#
for rule in firewall_rules:
if not rule.get('final'):
continue
for firewall_netgroup in rule['network-groups']:
for net_group in network_groups:
if (firewall_netgroup == "all"
or firewall_netgroup == net_group['name']):
net_group_firewall[net_group['name']]['user'].extend(rule['rules'])
CloudModel.put(cloud_internal, 'net-group-firewall', net_group_firewall)
def _generate_firewall_rules(self):
LOG.info('%s()' % KenLog.fcn())
self._action = KenLog.fcn()
cloud_version = CloudModel.version(self._models['CloudModel'],
self._version)
cloud_internal = CloudModel.internal(self._models['CloudModel'])
firewall_rules = CloudModel.get(cloud_version, 'firewall-rules', [])
network_groups = CloudModel.get(cloud_version, 'network-groups')
components = CloudModel.get(cloud_internal, 'components', [])
# If component is not set then it means an earlier generator failed
if not components:
return
# Initialise the firewall structure
net_group_firewall = {}
for net_group in network_groups:
net_group_firewall[net_group['name']] = {
'user': [],
'component': {}
}
#
# Add ports from components.
#
explicit_components = set()
for net_group in network_groups:
for comp in self._get_netgroup_components(net_group,
exclude_default=True):
explicit_components.add(comp)
for net_group in network_groups:
net_group_components = self._get_netgroup_components(net_group)
for comp_name, comp_data in components.iteritems():
if (comp_name in net_group_components
or ('default' in net_group_components
and comp_name not in explicit_components)):
comp_rules = []
for endpoint in comp_data.get('endpoints', []):
if ':' in str(endpoint['port']):
ports = str.split(endpoint['port'], ':')
else:
ports = [endpoint['port'], endpoint['port']]
rule = {
'type': 'allow',
'remote-ip-prefix': '0.0.0.0/0',
'port-range-min': ports[0],
'port-range-max': ports[1],
'protocol': endpoint.get('protocol', 'tcp')
}
comp_rules.append(rule)
if comp_rules:
net_group_firewall[net_group['name']]['component'][
comp_name] = comp_rules
# Annotate the rules so we can trace where they came from
for rule_group in firewall_rules:
for rule in rule_group.get('rules', []):
rule['component'] = "user-%s" % rule_group['name']
#
# Add user defined rules to network groups
#
for rule in firewall_rules:
if rule.get('final'):
continue
for firewall_netgroup in rule['network-groups']:
for net_group in network_groups:
if (firewall_netgroup == "all"
or firewall_netgroup == net_group['name']):
net_group_firewall[net_group['name']]['user'].extend(
rule['rules'])
#
# Add user defined final rules to network groups
#
for rule in firewall_rules:
if not rule.get('final'):
continue
for firewall_netgroup in rule['network-groups']:
for net_group in network_groups:
if (firewall_netgroup == "all"
or firewall_netgroup == net_group['name']):
net_group_firewall[net_group['name']]['user'].extend(
rule['rules'])
CloudModel.put(cloud_internal, 'net-group-firewall',
net_group_firewall)
