Esempio n. 1
0
    def test_nat_net(self):
        slice3Name = self.make_slice_name()
        slice3 = Slice(name = slice3Name,
                       omf_friendly=True,
                       site=self.testSite,
                       creator=self.testUser)
        slice3=self.save_and_wait_for_enacted(slice3, nonempty_fields=["tenant_id"])

        network3 = Network(name = slice3Name + "-nat",
                           template = self.get_network_template("private-nat"),
                           owner = slice3)
        # note that router_id will not be filled in for nat-net, since nat-net has no routers
        network3=self.save_and_wait_for_enacted(network3, nonempty_fields=["network_id", "subnet_id", "subnet"])

        network3_slice3 = NetworkSlice(network=network3, slice=slice3)
        network3_slice3.save() # does not need to be enacted

        sliver3_1 = Sliver(image = self.testImage,
                         creator=self.testUser,
                         slice=slice3,
                         node=self.testNode,
                         deploymentNetwork=self.testDeployment)
        sliver3_1=self.save_and_wait_for_enacted(sliver3_1, nonempty_fields=["instance_id", "ip"])

        ports = self.wait_for_ports(sliver3_1, count=2)
        self.verify_network_names(ports, [slice3.name, "nat-net"])
Esempio n. 2
0
    def postprocess(self, obj):
        for sliceName in self.get_requirements("tosca.relationships.ConnectsToSlice"):
            slice = self.get_xos_object(Slice, name=sliceName)
            netSlices = NetworkSlice.objects.filter(network=obj, slice = slice)
            if not netSlices:
                self.info("Attached Network %s to Slice %s" % (obj, slice))
                ns = NetworkSlice(network = obj, slice=slice)
                ns.save()

        # this is really for vRouter
        for provider_service_name in self.get_requirements("tosca.relationships.TenantOfService"):
            provider_service = self.get_xos_object(Service, name=provider_service_name)

            existing_tenancy = Tenant.objects.filter(provider_service = provider_service, subscriber_network = obj)
            if existing_tenancy:
                self.info("Tenancy relationship from %s to %s already exists" % (str(obj), str(provider_service)))
            else:
                from services.vrouter.models import VROUTER_KIND, VRouterService
                if provider_service.kind == VROUTER_KIND:
                    tenancy = VRouterService.objects.get(id=provider_service.id).get_tenant(address_pool_name="addresses_"+obj.name, subscriber_network=obj)
                    tenancy.save()
                    obj.subnet = tenancy.cidr
                else:
                    raise Exception("The only network tenancy relationships that are allowed are to vRouter services")

                self.info("Created Tenancy relationship from %s to %s" % (str(obj), str(provider_service)))
Esempio n. 3
0
    def test_slice2(self):
        slice2Name = self.make_slice_name()
        slice2 = Slice(name = slice2Name,
                       omf_friendly=True,
                       site=self.testSite,
                       creator=self.testUser)
        slice2=self.save_and_wait_for_enacted(slice2, nonempty_fields=["tenant_id"])

        network2 = Network(name = slice2Name + "-pvt",
                           template = self.get_network_template("private"),
                           owner = slice2)
        network2=self.save_and_wait_for_enacted(network2, nonempty_fields=["network_id", "subnet_id", "router_id", "subnet"])

        network2_slice2 = NetworkSlice(network=network2, slice=slice2)
        network2_slice2.save() # does not need to be enacted

        sliver2_1 = Sliver(image = self.testImage,
                         creator=self.testUser,
                         slice=slice2,
                         node=self.testNode,
                         deploymentNetwork=self.testDeployment)
        sliver2_1=self.save_and_wait_for_enacted(sliver2_1, nonempty_fields=["instance_id", "ip"])

        ports = self.wait_for_ports(sliver2_1, count=2)
        self.verify_network_names(ports, [slice2.name, network2.name])

        self.slice2 = slice2
        self.network2 = network2
Esempio n. 4
0
 def postprocess(self, obj):
     for sliceName in self.get_requirements(
             "tosca.relationships.ConnectsToSlice"):
         slice = self.get_xos_object(Slice, name=sliceName)
         netSlices = NetworkSlice.objects.filter(network=obj, slice=slice)
         if not netSlices:
             self.info("Attached Network %s to Slice %s" % (obj, slice))
             ns = NetworkSlice(network=obj, slice=slice)
             ns.save()
Esempio n. 5
0
    def postprocess(self, obj):
        for net_name in self.get_requirements("tosca.relationships.ConnectsToNetwork"):
            net = self.get_xos_object(Network, name=net_name)
            if not NetworkSlice.objects.filter(network=net, slice=obj):
                ns = NetworkSlice(network=net, slice=obj)
                ns.save()
                self.info("Added network connection from '%s' to '%s'" % (str(obj), str(net)))

        rolemap = ( ("tosca.relationships.AdminPrivilege", "admin"), ("tosca.relationships.AccessPrivilege", "access"),
                    ("tosca.relationships.PIPrivilege", "pi"), ("tosca.relationships.TechPrivilege", "tech") )
        self.postprocess_privileges(SliceRole, SlicePrivilege, rolemap, obj, "slice")
Esempio n. 6
0
    def postprocess(self, obj):
        for net_name in self.get_requirements("tosca.relationships.ConnectsToNetwork"):
            net = self.get_xos_object(Network, name=net_name)
            if not NetworkSlice.objects.filter(network=net, slice=obj):
                ns = NetworkSlice(network=net, slice=obj)
                ns.save()
                self.info("Added network connection from '%s' to '%s'" % (str(obj), str(net)))

        rolemap = ( ("tosca.relationships.AdminPrivilege", "admin"), ("tosca.relationships.AccessPrivilege", "access"),
                    ("tosca.relationships.PIPrivilege", "pi"), ("tosca.relationships.TechPrivilege", "tech") )
        self.postprocess_privileges(SliceRole, 'Slice', rolemap, obj)
Esempio n. 7
0
    def postprocess(self, obj):
        for sliceName in self.get_requirements(
                "tosca.relationships.ConnectsToSlice"):
            slice = self.get_xos_object(Slice, name=sliceName)
            netSlices = NetworkSlice.objects.filter(network=obj, slice=slice)
            if not netSlices:
                self.info("Attached Network %s to Slice %s" % (obj, slice))
                ns = NetworkSlice(network=obj, slice=slice)
                ns.save()

        # this is really for vRouter
        for provider_service_name in self.get_requirements(
                "tosca.relationships.TenantOfService"):
            provider_service = self.get_xos_object(Service,
                                                   name=provider_service_name)

            existing_links = ServiceInstanceLink.objects.filter(
                subscriber_network=obj,
                provider_service_instance__owner=provider_service)

            if existing_links:
                self.info("Tenancy relationship from %s to %s already exists" %
                          (str(obj), str(provider_service)))
            else:
                # TODO: Break hardcoded dependencies
                # TODO: Rethink relationship between networks and vrouter tenants
                if provider_service.kind == "vROUTER":
                    # DEPRECATED
                    from services.vrouter.models import VRouterService
                    si = VRouterService.objects.get(
                        id=provider_service.id).get_tenant(
                            address_pool_name="addresses_" + obj.name)
                elif provider_service.kind == "addressmanager":
                    from services.addressmanager.models import AddressManagerService
                    si = AddressManagerService.objects.get(
                        id=provider_service.id).get_service_instance(
                            address_pool_name="addresses_" + obj.name)
                else:
                    # Hardcoded dependency, will be obsoleted by new Tosca engine
                    raise Exception(
                        "The only network tenancy relationships that are allowed are to vRouter and AddressManager services"
                    )

                si.save()
                link = ServiceInstanceLink(provider_service_instance=si,
                                           subscriber_network=obj)
                link.save()

                obj.subnet = si.cidr

                self.info("Created Tenancy relationship from %s to %s" %
                          (str(obj), str(provider_service)))
Esempio n. 8
0
    def test_shared_private_net(self):
        # connect network2 to slice1
        self.network2.permittedSlices.add(self.slice1)
        network2_slice1 = NetworkSlice(network=self.network2, slice=self.slice1)
        network2_slice1.save()

        sliver1_3 = Sliver(image = self.testImage,
                         creator=self.testUser,
                         slice=self.slice1,
                         node=self.testNode,
                         deploymentNetwork=self.testDeployment)
        sliver1_3=self.save_and_wait_for_enacted(sliver1_3, nonempty_fields=["instance_id", "ip"])

        ports = self.wait_for_ports(sliver1_3, count=3)
        self.verify_network_names(ports, [self.slice1.name, self.network1.name, self.network2.name])
Esempio n. 9
0
def handle(slice):
    from core.models import Controller, ControllerSlice, SiteDeployment, Network, NetworkSlice, NetworkTemplate, Slice
    from collections import defaultdict

    # slice = Slice.get(slice_id)

    controller_slices = ControllerSlice.objects.filter(slice=slice)
    existing_controllers = [cs.controller for cs in controller_slices]

    all_controllers = Controller.objects.all()
    for controller in all_controllers:
        if controller not in existing_controllers:
            sd = ControllerSlice(slice=slice, controller=controller)
            sd.save()

    # make sure slice has at least 1 public and 1 private networkd
    public_nets = []
    private_net = None
    networks = Network.objects.filter(owner=slice)
    for network in networks:
        if network.template.name == 'Public dedicated IPv4':
            public_nets.append(network)
        elif network.template.name == 'Public shared IPv4':
            public_nets.append(network)
        elif network.template.name == 'Private':
            private_net = network
    if not public_nets:
        # ensure there is at least one public network, and default it to dedicated
        nat_net = Network(
            name=slice.name + '-nat',
            template=NetworkTemplate.objects.get(name='Public shared IPv4'),
            owner=slice)
        nat_net.save()
        public_nets.append(nat_net)

    if not private_net:
        private_net = Network(
            name=slice.name + '-private',
            template=NetworkTemplate.objects.get(name='Private'),
            owner=slice)
        private_net.save()
    # create slice networks
    public_net_slice = None
    private_net_slice = None
    net_slices = NetworkSlice.objects.filter(slice=slice,
                                             network__in=[private_net] +
                                             public_nets)
    for net_slice in net_slices:
        if net_slice.network in public_nets:
            public_net_slice = net_slice
        elif net_slice.network == private_net:
            private_net_slice = net_slice
    if not public_net_slice:
        public_net_slice = NetworkSlice(slice=slice, network=public_nets[0])
        public_net_slice.save()
    if not private_net_slice:
        private_net_slice = NetworkSlice(slice=slice, network=private_net)
        private_net_slice.save()
Esempio n. 10
0
    def test_slice1(self):
        slice1Name = self.make_slice_name()
        slice1 = Slice(name=slice1Name,
                       omf_friendly=True,
                       site=self.testSite,
                       creator=self.testUser)
        slice1 = self.save_and_wait_for_enacted(slice1,
                                                nonempty_fields=["tenant_id"])

        instance1 = Instance(image=self.testImage,
                             creator=self.testUser,
                             slice=slice1,
                             node=self.testNode,
                             deploymentNetwork=self.testDeployment)
        instance1 = self.save_and_wait_for_enacted(
            instance1, nonempty_fields=["instance_id", "ip"])

        # instance1 should have only one port, its private network
        ports = self.wait_for_ports(instance1, count=1)
        self.verify_network_names(ports, [slice1.name])

        network1 = Network(name=slice1Name + "-pvt",
                           template=self.get_network_template("private"),
                           owner=slice1)
        network1 = self.save_and_wait_for_enacted(
            network1,
            nonempty_fields=["network_id", "subnet_id", "router_id", "subnet"])

        network1_slice1 = NetworkSlice(network=network1, slice=slice1)
        network1_slice1.save()  # does not need to be enacted

        instance1_2 = Instance(image=self.testImage,
                               creator=self.testUser,
                               slice=slice1,
                               node=self.testNode,
                               deploymentNetwork=self.testDeployment)
        instance1_2 = self.save_and_wait_for_enacted(
            instance1_2, nonempty_fields=["instance_id", "ip"])

        ports = self.wait_for_ports(instance1_2, count=2)
        self.verify_network_names(ports, [slice1.name, network1.name])

        self.slice1 = slice1
        self.network1 = network1
Esempio n. 11
0
    def postprocess(self, obj):
        for sliceName in self.get_requirements("tosca.relationships.ConnectsToSlice"):
            slice = self.get_xos_object(Slice, name=sliceName)
            netSlices = NetworkSlice.objects.filter(network=obj, slice = slice)
            if not netSlices:
                self.info("Attached Network %s to Slice %s" % (obj, slice))
                ns = NetworkSlice(network = obj, slice=slice)
                ns.save()

        # this is really for vRouter
        for provider_service_name in self.get_requirements("tosca.relationships.TenantOfService"):
            provider_service = self.get_xos_object(Service, name=provider_service_name)

            existing_links = ServiceInstanceLink.objects.filter(subscriber_network = obj, provider_service_instance__owner=provider_service)

            if existing_links:
                self.info("Tenancy relationship from %s to %s already exists" % (str(obj), str(provider_service)))
            else:
                # TODO: Break hardcoded dependencies
                # TODO: Rethink relationship between networks and vrouter tenants
                if provider_service.kind == "vROUTER":
                    # DEPRECATED
                    from services.vrouter.models import VRouterService
                    si = VRouterService.objects.get(id=provider_service.id).get_tenant(address_pool_name="addresses_"+obj.name)
                elif provider_service.kind == "addressmanager":
                    from services.addressmanager.models import AddressManagerService
                    si = AddressManagerService.objects.get(id=provider_service.id).get_service_instance(address_pool_name="addresses_"+obj.name)
                else:
                    # Hardcoded dependency, will be obsoleted by new Tosca engine
                    raise Exception(
                        "The only network tenancy relationships that are allowed are to vRouter and AddressManager services")

                si.save()
                link = ServiceInstanceLink(provider_service_instance=si, subscriber_network=obj)
                link.save()

                obj.subnet = si.cidr

                self.info("Created Tenancy relationship from %s to %s" % (str(obj), str(provider_service)))
Esempio n. 12
0
    def test_slice1(self):
        slice1Name = self.make_slice_name()
        slice1 = Slice(name = slice1Name,
                       omf_friendly=True,
                       site=self.testSite,
                       creator=self.testUser)
        slice1=self.save_and_wait_for_enacted(slice1, nonempty_fields=["tenant_id"])

        sliver1 = Sliver(image = self.testImage,
                         creator=self.testUser,
                         slice=slice1,
                         node=self.testNode,
                         deploymentNetwork=self.testDeployment)
        sliver1=self.save_and_wait_for_enacted(sliver1, nonempty_fields=["instance_id", "ip"])

        # sliver1 should have only one port, its private network
        ports = self.wait_for_ports(sliver1, count=1)
        self.verify_network_names(ports, [slice1.name])

        network1 = Network(name = slice1Name + "-pvt",
                           template = self.get_network_template("private"),
                           owner = slice1)
        network1=self.save_and_wait_for_enacted(network1, nonempty_fields=["network_id", "subnet_id", "router_id", "subnet"])

        network1_slice1 = NetworkSlice(network=network1, slice=slice1)
        network1_slice1.save() # does not need to be enacted

        sliver1_2 = Sliver(image = self.testImage,
                         creator=self.testUser,
                         slice=slice1,
                         node=self.testNode,
                         deploymentNetwork=self.testDeployment)
        sliver1_2=self.save_and_wait_for_enacted(sliver1_2, nonempty_fields=["instance_id", "ip"])

        ports = self.wait_for_ports(sliver1_2, count=2)
        self.verify_network_names(ports, [slice1.name, network1.name])

        self.slice1 = slice1
        self.network1 = network1
Esempio n. 13
0
def handle(slice):
    from core.models import Controller, ControllerSlice, SiteDeployment, Network, NetworkSlice,NetworkTemplate, Slice
    from collections import defaultdict

    # slice = Slice.get(slice_id)

    controller_slices = ControllerSlice.objects.filter(slice=slice)
    existing_controllers = [cs.controller for cs in controller_slices] 
        
    all_controllers = Controller.objects.all() 
    for controller in all_controllers:
        if controller not in existing_controllers:
            sd = ControllerSlice(slice=slice, controller=controller)
            sd.save()

    # make sure slice has at least 1 public and 1 private networkd
    public_nets = []
    private_net = None
    networks = Network.objects.filter(owner=slice)
    for network in networks:
        if network.template.name == 'Public dedicated IPv4':
            public_nets.append(network)
        elif network.template.name == 'Public shared IPv4':
            public_nets.append(network)
        elif network.template.name == 'Private':
            private_net = network
    if not public_nets:
                # ensure there is at least one public network, and default it to dedicated
        nat_net = Network(
                name = slice.name+'-nat',
                    template = NetworkTemplate.objects.get(name='Public shared IPv4'),
                owner = slice
                )
        nat_net.save()
        public_nets.append(nat_net)

    if not private_net:
        private_net = Network(
        name = slice.name+'-private',
        template = NetworkTemplate.objects.get(name='Private'),
        owner = slice
        )
        private_net.save()
    # create slice networks
    public_net_slice = None
    private_net_slice = None
    net_slices = NetworkSlice.objects.filter(slice=slice, network__in=[private_net]+public_nets)
    for net_slice in net_slices:
        if net_slice.network in public_nets:
            public_net_slice = net_slice
        elif net_slice.network == private_net:
            private_net_slice = net_slice
    if not public_net_slice:
        public_net_slice = NetworkSlice(slice=slice, network=public_nets[0])
        public_net_slice.save()
    if not private_net_slice:
        private_net_slice = NetworkSlice(slice=slice, network=private_net)
        private_net_slice.save()
Esempio n. 14
0
    def postprocess(self, obj):
        for sliceName in self.get_requirements(
                "tosca.relationships.ConnectsToSlice"):
            slice = self.get_xos_object(Slice, name=sliceName)
            netSlices = NetworkSlice.objects.filter(network=obj, slice=slice)
            if not netSlices:
                self.info("Attached Network %s to Slice %s" % (obj, slice))
                ns = NetworkSlice(network=obj, slice=slice)
                ns.save()

        # this is really for vRouter
        for provider_service_name in self.get_requirements(
                "tosca.relationships.TenantOfService"):
            provider_service = self.get_xos_object(Service,
                                                   name=provider_service_name)

            existing_tenancy = Tenant.objects.filter(
                provider_service=provider_service, subscriber_network=obj)
            if existing_tenancy:
                self.info("Tenancy relationship from %s to %s already exists" %
                          (str(obj), str(provider_service)))
            else:
                if provider_service.kind == "vROUTER":
                    from services.vrouter.models import VRouterService
                    tenancy = VRouterService.objects.get(
                        id=provider_service.id).get_tenant(
                            address_pool_name="addresses_" + obj.name,
                            subscriber_network=obj)
                    tenancy.save()
                    obj.subnet = tenancy.cidr
                else:
                    raise Exception(
                        "The only network tenancy relationships that are allowed are to vRouter services"
                    )

                self.info("Created Tenancy relationship from %s to %s" %
                          (str(obj), str(provider_service)))
Esempio n. 15
0
    def postprocess(self, obj):
        for net_name in self.get_requirements(
                "tosca.relationships.ConnectsToNetwork"):
            net = self.get_xos_object(Network, name=net_name)
            if not NetworkSlice.objects.filter(network=net, slice=obj):
                ns = NetworkSlice(network=net, slice=obj)
                ns.save()
                self.info("Added network connection from '%s' to '%s'" %
                          (str(obj), str(net)))

        rolemap = (("tosca.relationships.AdminPrivilege", "admin"),
                   ("tosca.relationships.AccessPrivilege",
                    "access"), ("tosca.relationships.PIPrivilege", "pi"),
                   ("tosca.relationships.TechPrivilege", "tech"))
        for (rel, role) in rolemap:
            for email in self.get_requirements(rel):
                role = self.get_xos_object(SliceRole, role=role)
                user = self.get_xos_object(User, email=email)
                if not SlicePrivilege.objects.filter(
                        user=user, role=role, slice=obj):
                    sp = SlicePrivilege(user=user, role=role, slice=obj)
                    sp.save()
                    self.info("Added slice privilege on %s role %s for %s" %
                              (str(obj), str(role), str(user)))
Esempio n. 16
0
def handle(slice):
    from core.models import Controller, ControllerSlice, SiteDeployment, Network, NetworkSlice, NetworkTemplate, Slice
    from collections import defaultdict

    # only create nat_net if not using VTN
    support_nat_net = not getattr(Config(), "networking_use_vtn", False)

    print "MODEL POLICY: slice", slice

    # slice = Slice.get(slice_id)

    controller_slices = ControllerSlice.objects.filter(slice=slice)
    existing_controllers = [cs.controller for cs in controller_slices]

    print "MODEL POLICY: slice existing_controllers=", existing_controllers

    all_controllers = Controller.objects.all()
    for controller in all_controllers:
        if controller not in existing_controllers:
            print "MODEL POLICY: slice adding controller", controller
            sd = ControllerSlice(slice=slice, controller=controller)
            sd.save()

    if slice.network in ["host", "bridged"]:
        # Host and Bridged docker containers need no networks and they will
        # only get in the way.
        print "MODEL POLICY: Skipping network creation"
    elif slice.network in ["noauto"]:
        # do nothing
        pass
    else:
        # make sure slice has at least 1 public and 1 private networkd
        public_nets = []
        private_nets = []
        networks = Network.objects.filter(owner=slice)
        for network in networks:
            if not network.autoconnect:
                continue
            if network.template.name == 'Public dedicated IPv4':
                public_nets.append(network)
            elif network.template.name == 'Public shared IPv4':
                public_nets.append(network)
            elif network.template.name == 'Private':
                private_nets.append(network)
        if support_nat_net and (not public_nets):
            # ensure there is at least one public network, and default it to dedicated
            nat_net = Network(name=slice.name + '-nat',
                              template=NetworkTemplate.objects.get(
                                  name='Public shared IPv4'),
                              owner=slice)
            if slice.exposed_ports:
                nat_net.ports = slice.exposed_ports
            nat_net.save()
            public_nets.append(nat_net)
            print "MODEL POLICY: slice", slice, "made nat-net"

        if not private_nets:
            private_net = Network(
                name=slice.name + '-private',
                template=NetworkTemplate.objects.get(name='Private'),
                owner=slice)
            private_net.save()
            print "MODEL POLICY: slice", slice, "made private net"
            private_nets = [private_net]
        # create slice networks
        public_net_slice = None
        private_net_slice = None
        net_slices = NetworkSlice.objects.filter(slice=slice,
                                                 network__in=private_nets +
                                                 public_nets)
        for net_slice in net_slices:
            if net_slice.network in public_nets:
                public_net_slice = net_slice
            elif net_slice.network in private_nets:
                private_net_slice = net_slice
        if support_nat_net and (not public_net_slice):
            public_net_slice = NetworkSlice(slice=slice,
                                            network=public_nets[0])
            public_net_slice.save()
            print "MODEL POLICY: slice", slice, "made public_net_slice"
        if not private_net_slice:
            private_net_slice = NetworkSlice(slice=slice,
                                             network=private_nets[0])
            private_net_slice.save()
            print "MODEL POLICY: slice", slice, "made private_net_slice"

    print "MODEL POLICY: slice", slice, "DONE"
Esempio n. 17
0
def handle(slice):
    from core.models import Controller, ControllerSlice, SiteDeployment, Network, NetworkSlice,NetworkTemplate, Slice
    from collections import defaultdict

    # only create nat_net if not using VTN
    support_nat_net = not getattr(Config(), "networking_use_vtn", False)

    print "MODEL POLICY: slice", slice

    # slice = Slice.get(slice_id)

    controller_slices = ControllerSlice.objects.filter(slice=slice)
    existing_controllers = [cs.controller for cs in controller_slices] 
        
    print "MODEL POLICY: slice existing_controllers=", existing_controllers

    all_controllers = Controller.objects.all()
    for controller in all_controllers:
        if controller not in existing_controllers:
            print "MODEL POLICY: slice adding controller", controller
            sd = ControllerSlice(slice=slice, controller=controller)
            sd.save()

    if slice.network in ["host", "bridged"]:
        # Host and Bridged docker containers need no networks and they will
        # only get in the way.
        print "MODEL POLICY: Skipping network creation"
    elif slice.network in ["noauto"]:
        # do nothing
        pass
    else:
        # make sure slice has at least 1 public and 1 private networkd
        public_nets = []
        private_nets = []
        networks = Network.objects.filter(owner=slice)
        for network in networks:
            if not network.autoconnect:
                continue
            if network.template.name == 'Public dedicated IPv4':
                public_nets.append(network)
            elif network.template.name == 'Public shared IPv4':
                public_nets.append(network)
            elif network.template.name == 'Private':
                private_nets.append(network)
        if support_nat_net and (not public_nets):
            # ensure there is at least one public network, and default it to dedicated
            nat_net = Network(
                    name = slice.name+'-nat',
                        template = NetworkTemplate.objects.get(name='Public shared IPv4'),
                    owner = slice
                    )
            if slice.exposed_ports:
                nat_net.ports = slice.exposed_ports
            nat_net.save()
            public_nets.append(nat_net)
            print "MODEL POLICY: slice", slice, "made nat-net"

        if not private_nets:
            private_net = Network(
                name = slice.name+'-private',
                template = NetworkTemplate.objects.get(name='Private'),
                owner = slice
            )
            private_net.save()
            print "MODEL POLICY: slice", slice, "made private net"
            private_nets = [private_net]
        # create slice networks
        public_net_slice = None
        private_net_slice = None
        net_slices = NetworkSlice.objects.filter(slice=slice, network__in=private_nets+public_nets)
        for net_slice in net_slices:
            if net_slice.network in public_nets:
                public_net_slice = net_slice
            elif net_slice.network in private_nets:
                private_net_slice = net_slice
        if support_nat_net and (not public_net_slice):
            public_net_slice = NetworkSlice(slice=slice, network=public_nets[0])
            public_net_slice.save()
            print "MODEL POLICY: slice", slice, "made public_net_slice"
        if not private_net_slice:
            private_net_slice = NetworkSlice(slice=slice, network=private_nets[0])
            private_net_slice.save()
            print "MODEL POLICY: slice", slice, "made private_net_slice"

    print "MODEL POLICY: slice", slice, "DONE"