def _dhcp_operation(vca_client, network_name, operation): """ update dhcp setting for network """ dhcp_settings = ctx.node.properties['network'].get('dhcp') if dhcp_settings is None: return True gateway_name = ctx.node.properties["network"]['edge_gateway'] gateway = get_gateway(vca_client, gateway_name) if gateway.is_busy(): return False if operation == ADD_POOL: ip = _split_adresses(dhcp_settings['dhcp_range']) low_ip_address = check_ip(ip.start) hight_ip_address = check_ip(ip.end) default_lease = dhcp_settings.get('default_lease') max_lease = dhcp_settings.get('max_lease') gateway.add_dhcp_pool(network_name, low_ip_address, hight_ip_address, default_lease, max_lease) if save_gateway_configuration(gateway, vca_client, ctx): ctx.logger.info("DHCP rule successful created for network {0}" .format(network_name)) return True if operation == DELETE_POOL: gateway.delete_dhcp_pool(network_name) if save_gateway_configuration(gateway, vca_client, ctx): ctx.logger.info("DHCP rule successful deleted for network {0}" .format(network_name)) return True return False
def creation_validation(vca_client, **kwargs): """ validate port settings, ip_allocation_mode must be in 'manual', 'dhcp', 'pool', and valid ip_address if set """ port = get_mandatory(ctx.node.properties, "port") ip_allocation_mode = port.get("ip_allocation_mode") if ip_allocation_mode: if ip_allocation_mode.lower() not in ["manual", "dhcp", "pool"]: raise cfy_exc.NonRecoverableError("Unknown allocation mode {0}".format(ip_allocation_mode)) ip_address = port.get("ip_address") if ip_address: check_ip(ip_address)
def creation_validation(vca_client, **kwargs): """ validate firewall rules for node """ getaway = get_gateway( vca_client, _get_gateway_name(ctx.node.properties) ) if not getaway.is_fw_enabled(): raise cfy_exc.NonRecoverableError( "Gateway firewall is disabled. Please, enable firewall.") rules = get_mandatory(ctx.node.properties, 'rules') for rule in rules: description = rule.get("description") if description and not isinstance(description, basestring): raise cfy_exc.NonRecoverableError( "Parameter 'description' must be string.") source = rule.get("source") if source: if not isinstance(source, basestring): raise cfy_exc.NonRecoverableError( "Parameter 'source' must be valid IP address string.") if not _is_literal_ip(source): check_ip(source) utils.check_port(rule.get('source_port')) destination = rule.get('destination') if destination: if not isinstance(destination, basestring): raise cfy_exc.NonRecoverableError( "Parameter 'destination' must be valid IP address string.") if not _is_literal_ip(destination): check_ip(destination) utils.check_port(rule.get('destination_port')) utils.check_protocol(rule.get('protocol')) action = get_mandatory(rule, "action") if (not isinstance(action, basestring) or action.lower() not in ACTIONS): raise cfy_exc.NonRecoverableError( "Action must be on of{0}.".format(ACTIONS)) log = rule.get('log_traffic') if log and not isinstance(log, bool): raise cfy_exc.NonRecoverableError( "Parameter 'log_traffic' must be boolean.")
def creation_validation(vca_client, **kwargs): """ validate port settings, ip_allocation_mode must be in 'manual', 'dhcp', 'pool', and valid ip_address if set """ port = get_mandatory(ctx.node.properties, 'port') ip_allocation_mode = port.get('ip_allocation_mode') if ip_allocation_mode: if ip_allocation_mode.lower() not in ['manual', 'dhcp', 'pool']: raise cfy_exc.NonRecoverableError( "Unknown allocation mode {0}".format(ip_allocation_mode)) ip_address = port.get('ip_address') if ip_address: check_ip(ip_address)
def test_check_ip(self): """ check ip code """ # wrong type with self.assertRaises(cfy_exc.NonRecoverableError): vcloud_network_plugin.check_ip({'wrong': None}) # wrong value with self.assertRaises(cfy_exc.NonRecoverableError): vcloud_network_plugin.check_ip("1.1.1.400") # good case self.assertEqual( vcloud_network_plugin.check_ip("1.1.1.40"), "1.1.1.40" )
def _floatingip_operation(operation, vca_client, ctx): """ create/release floating ip by nat rules for this ip with relation to internal ip for current node, save selected public_ip in runtime properties """ service_type = get_vcloud_config().get('service_type') gateway = get_gateway( vca_client, ctx.target.node.properties['floatingip']['edge_gateway']) internal_ip = get_vm_ip(vca_client, ctx, gateway) nat_operation = None public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP) or ctx.target.node.properties['floatingip'].get(PUBLIC_IP)) if operation == CREATE: CheckAssignedInternalIp(internal_ip, gateway) if public_ip: CheckAssignedExternalIp(public_ip, gateway) else: public_ip = get_public_ip(vca_client, gateway, service_type, ctx) nat_operation = _add_nat_rule elif operation == DELETE: if not public_ip: ctx.logger.info("Can't get external IP".format(public_ip)) return True nat_operation = _del_nat_rule else: raise cfy_exc.NonRecoverableError( "Unknown operation {0}".format(operation) ) external_ip = check_ip(public_ip) nat_operation(gateway, "SNAT", internal_ip, external_ip) nat_operation(gateway, "DNAT", external_ip, internal_ip) success = save_gateway_configuration(gateway, vca_client, ctx) if not success: return False if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip save_ssh_parameters(ctx, '22', external_ip) else: if is_ondemand(service_type): if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx) if PUBLIC_IP in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PUBLIC_IP] if SSH_PUBLIC_IP in ctx.source.instance.runtime_properties: del ctx.source.instance.runtime_properties[SSH_PUBLIC_IP] if SSH_PORT in ctx.target.instance.runtime_properties: del ctx.source.instance.runtime_properties[SSH_PORT] return True
def _split_adresses(address_range): """ split network addresses from 1.1.1.1-2.2.2.2 representation to separate (start,end) tuple """ adresses = [ip.strip() for ip in address_range.split('-')] IPRange = collections.namedtuple('IPRange', 'start end') try: start = check_ip(adresses[0]) end = check_ip(adresses[1]) if not is_valid_ip_range(start, end): raise cfy_exc.NonRecoverableError( "Start address {0} is greater than end address: {1}" .format(start, end)) return IPRange(start=start, end=end) except IndexError: raise cfy_exc.NonRecoverableError("Can't parse IP range:{0}". format(address_range))
def _floatingip_operation(operation, vca_client, ctx): """ create/release floating ip by nat rules for this ip with relation to internal ip for current node, save selected public_ip in runtime properties """ service_type = get_vcloud_config().get('service_type') gateway = get_gateway( vca_client, ctx.target.node.properties['floatingip']['edge_gateway']) internal_ip = get_vm_ip(vca_client, ctx, gateway) nat_operation = None public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP) or ctx.target.node.properties['floatingip'].get(PUBLIC_IP)) if operation == CREATE: CheckAssignedInternalIp(internal_ip, gateway) if public_ip: CheckAssignedExternalIp(public_ip, gateway) else: public_ip = get_public_ip(vca_client, gateway, service_type, ctx) nat_operation = _add_nat_rule elif operation == DELETE: if not public_ip: ctx.logger.info("Can't get external IP".format(public_ip)) return True nat_operation = _del_nat_rule else: raise cfy_exc.NonRecoverableError( "Unknown operation {0}".format(operation)) external_ip = check_ip(public_ip) nat_operation(gateway, "SNAT", internal_ip, external_ip) nat_operation(gateway, "DNAT", external_ip, internal_ip) success = save_gateway_configuration(gateway, vca_client, ctx) if not success: return False if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip save_ssh_parameters(ctx, '22', external_ip) else: if is_ondemand(service_type): if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx) if PUBLIC_IP in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PUBLIC_IP] if SSH_PUBLIC_IP in ctx.source.instance.runtime_properties: del ctx.source.instance.runtime_properties[SSH_PUBLIC_IP] if SSH_PORT in ctx.source.instance.runtime_properties: del ctx.source.instance.runtime_properties[SSH_PORT] return True
def creation_validation(vca_client, **kwargs): """ validate node context, fields from floatingip dict: * edge_gateway - mandatory, * public_ip - prefered ip for node, can be empty fields from vcloud_config: * service_type - ondemand, subscription also check availability of public ip if set or exist some free ip in subscription case """ floatingip = get_mandatory(ctx.node.properties, 'floatingip') edge_gateway = get_mandatory(floatingip, 'edge_gateway') gateway = get_gateway(vca_client, edge_gateway) service_type = get_vcloud_config().get('service_type') public_ip = floatingip.get(PUBLIC_IP) if public_ip: check_ip(public_ip) CheckAssignedExternalIp(public_ip, gateway) else: if is_subscription(service_type): getFreeIP(gateway)
def _rule_operation(operation, vca_client): """ create/delete firewall rules in gateway for current node """ gateway_name = _get_gateway_name(ctx.target.node.properties) gateway = get_gateway(vca_client, gateway_name) for rule in ctx.target.node.properties['rules']: description = rule.get('description', "Rule added by pyvcloud").strip() source_ip = rule.get("source", "external") if not _is_literal_ip(source_ip): check_ip(source_ip) elif _is_host_ip(source_ip): source_ip = get_vm_ip(vca_client, ctx, gateway) source_port = str(rule.get("source_port", "any")) dest_ip = rule.get("destination", "external") if not _is_literal_ip(dest_ip): check_ip(dest_ip) elif _is_host_ip(dest_ip): dest_ip = get_vm_ip(vca_client, ctx, gateway) dest_port = str(rule.get('destination_port', 'any')) protocol = rule.get('protocol', 'any').capitalize() action = rule.get("action", "allow") log = rule.get('log_traffic', False) if operation == CREATE_RULE: gateway.add_fw_rule( True, description, action, protocol, dest_port, dest_ip, source_port, source_ip, log) ctx.logger.info( "Firewall rule has been created: {0}".format(description)) elif operation == DELETE_RULE: gateway.delete_fw_rule(protocol, dest_port, dest_ip, source_port, source_ip) ctx.logger.info( "Firewall rule has been deleted: {0}".format(description)) ctx.logger.info("Saving security group configuration") return save_gateway_configuration(gateway, vca_client, ctx)
def creation_validation(vca_client, **kwargs): """ validate nat rules in node properties """ nat = get_mandatory(ctx.node.properties, 'nat') gateway = get_gateway(vca_client, get_mandatory(nat, 'edge_gateway')) service_type = get_vcloud_config().get('service_type') public_ip = nat.get(PUBLIC_IP) if public_ip: check_ip(public_ip) else: if is_subscription(service_type): getFreeIP(gateway) for rule in get_mandatory(ctx.node.properties, 'rules'): if _is_dnat(rule['type']): utils.check_protocol(rule.get('protocol')) original_port = rule.get('original_port') if original_port and not isinstance(original_port, int): raise cfy_exc.NonRecoverableError( "Parameter 'original_port' must be integer") translated_port = rule.get('translated_port') if translated_port and not isinstance(translated_port, int): raise cfy_exc.NonRecoverableError( "Parameter 'translated_port' must be integer")
def creation_validation(vca_client, **kwargs): """ check network description from node description """ network_name = get_network_name(ctx.node.properties) ctx.logger.info("Validation cloudify.vcloud.nodes.Network node: {0}" .format(network_name)) if is_network_exists(vca_client, network_name): if ctx.node.properties.get('use_external_resource'): # TODO: check: default gateway must exists return else: raise cfy_exc.NonRecoverableError( "Network already exsists: {0}".format(network_name)) net_prop = get_mandatory(ctx.node.properties, "network") gateway_name = get_mandatory(net_prop, 'edge_gateway') if not vca_client.get_gateway(get_vcloud_config()['vdc'], gateway_name): raise cfy_exc.NonRecoverableError( "Gateway {0} not found".format(gateway_name)) static_ip = _split_adresses(get_mandatory(net_prop, 'static_range')) check_ip(static_ip.start) check_ip(static_ip.end) dns_list = net_prop.get("dns") if dns_list: for ip in dns_list: check_ip(ip) gateway_ip = check_ip(get_mandatory(net_prop, "gateway_ip")) netmask = check_ip(get_mandatory(net_prop, "netmask")) ips = [gateway_ip, static_ip.start, static_ip.end] dhcp = net_prop.get("dhcp") if dhcp: dhcp_range = get_mandatory(net_prop["dhcp"], "dhcp_range") dhcp_ip = _split_adresses(dhcp_range) if not is_separate_ranges(static_ip, dhcp_ip): raise cfy_exc.NonRecoverableError( "Static_range and dhcp_range is overlapped.") ips.extend([dhcp_ip.start, dhcp_ip.end]) if not is_ips_in_same_subnet(ips, netmask): raise cfy_exc.NonRecoverableError( "IP addresses in different subnets.")