def open_icmp_ssh(neutron_client, security_group_id): os_utils.create_secgroup_rule(neutron_client, security_group_id, 'ingress', 'icmp') os_utils.create_secgroup_rule(neutron_client, security_group_id, 'tcp', 80, 80)
def deploy_vnf(self): """Deploy ABOT-OAI-EPC.""" self.__logger.info("Upload VNFD") descriptor = self.vnf['descriptor'] self.__logger.info("Get or create flavor for all Abot-EPC") flavor_settings = FlavorConfig( name=self.vnf['requirements']['flavor']['name'], ram=self.vnf['requirements']['flavor']['ram_min'], disk=10, vcpus=1) flavor_creator = OpenStackFlavor(self.snaps_creds, flavor_settings) flavor_creator.create() self.created_object.append(flavor_creator) self.__logger.info("Deploying Abot-epc bundle file ...") os.system('juju deploy {}'.format('/' + descriptor.get('file_name'))) self.__logger.info("Waiting for instances .....") status = os.system('juju-wait') self.__logger.info("juju wait completed: %s", status) self.__logger.info("Deployed Abot-epc on Openstack") nova_client = nova_utils.nova_client(self.snaps_creds) neutron_client = neutron_utils.neutron_client(self.snaps_creds) if status == 0: instances = os_utils.get_instances(nova_client) for items in instances: metadata = get_instance_metadata(nova_client, items) if 'juju-units-deployed' in metadata: sec_group = ('juju-' + metadata['juju-controller-uuid'] + '-' + metadata['juju-model-uuid']) self.sec_group_id = os_utils.get_security_group_id( neutron_client, sec_group) break self.__logger.info("Adding Security group rule....") os_utils.create_secgroup_rule( neutron_client, self.sec_group_id, 'ingress', 132) self.__logger.info("Copying the feature files to Abot_node ") os.system('juju scp -- -r {}/featureFiles abot-' 'epc-basic/0:~/'.format(self.case_dir)) self.__logger.info("Copying the feature files in Abot_node ") os.system("juju ssh abot-epc-basic/0 'sudo rsync -azvv " "~/featureFiles /etc/rebaca-test-suite" "/featureFiles'") count = 0 while count < 10: epcstatus = os.system('juju status oai-epc | ' 'grep {} | grep {} | grep {}' .format('EPC', 'is', 'running')) if epcstatus == 0: break else: time.sleep(60) count = count + 1 os.system('juju-wait') return True return False
def setup_ingress_egress_secgroup(neutron_client, protocol, min_port=None, max_port=None): secgroups = os_utils.get_security_groups(neutron_client) for sg in secgroups: os_utils.create_secgroup_rule(neutron_client, sg['id'], 'ingress', protocol, port_range_min=min_port, port_range_max=max_port) os_utils.create_secgroup_rule(neutron_client, sg['id'], 'egress', protocol, port_range_min=min_port, port_range_max=max_port) return
def open_bgp_port(neutron_client, security_group_id): if os_utils.check_security_group_rules(neutron_client, security_group_id, 'ingress', 'tcp', 179, 179): if not os_utils.create_secgroup_rule(neutron_client, security_group_id, 'ingress', 'tcp', 179, 179): logger.error("Failed to create bgp security group rule...") else: logger.info("This rule exists for security group: %s" % security_group_id)
def create_security_group(self): sg_id = os_utils.get_security_group_id(self.neutron_client, self.sg_name) if sg_id != '': self.logger.info("Using existing security group '%s'..." % self.sg_name) else: self.logger.info("Creating security group '%s'..." % self.sg_name) SECGROUP = os_utils.create_security_group(self.neutron_client, self.sg_name, self.sg_desc) if not SECGROUP: self.logger.error("Failed to create the security group...") return None sg_id = SECGROUP['id'] self.logger.debug("Security group '%s' with ID=%s created " "successfully." % (SECGROUP['name'], sg_id)) self.logger.debug("Adding ICMP rules in security group '%s'..." % self.sg_name) if not os_utils.create_secgroup_rule(self.neutron_client, sg_id, 'ingress', 'icmp'): self.logger.error("Failed to create security group rule...") return None self.logger.debug("Adding SSH rules in security group '%s'..." % self.sg_name) if not os_utils.create_secgroup_rule(self.neutron_client, sg_id, 'ingress', 'tcp', '22', '22'): self.logger.error("Failed to create security group rule...") return None if not os_utils.create_secgroup_rule( self.neutron_client, sg_id, 'egress', 'tcp', '22', '22'): self.logger.error("Failed to create security group rule...") return None return sg_id
def create_security_group(neutron_client): sg_id = openstack_utils.get_security_group_id(neutron_client, SECGROUP_NAME) if sg_id != '': logger.info("Using existing security group '%s'..." % SECGROUP_NAME) else: logger.info("Creating security group '%s'..." % SECGROUP_NAME) SECGROUP = openstack_utils.create_security_group(neutron_client, SECGROUP_NAME, SECGROUP_DESCR) if not SECGROUP: logger.error("Failed to create the security group...") return False sg_id = SECGROUP['id'] logger.debug("Security group '%s' with ID=%s created successfully." % (SECGROUP['name'], sg_id)) logger.debug("Adding ICMP rules in security group '%s'..." % SECGROUP_NAME) if not openstack_utils.create_secgroup_rule(neutron_client, sg_id, 'ingress', 'icmp'): logger.error("Failed to create the security group rule...") return False logger.debug("Adding SSH rules in security group '%s'..." % SECGROUP_NAME) if not openstack_utils.create_secgroup_rule(neutron_client, sg_id, 'ingress', 'tcp', '22', '22'): logger.error("Failed to create the security group rule...") return False if not openstack_utils.create_secgroup_rule(neutron_client, sg_id, 'egress', 'tcp', '22', '22'): logger.error("Failed to create the security group rule...") return False return sg_id
def deploy_orchestrator(self): self.logger.info("Additional pre-configuration steps") nova_client = os_utils.get_nova_client() neutron_client = os_utils.get_neutron_client() glance_client = os_utils.get_glance_client() # Import images if needed # needs some images self.logger.info("Upload some OS images if it doesn't exist") temp_dir = os.path.join(self.data_dir, "tmp/") for image_name, image_url in self.images.iteritems(): self.logger.info("image: %s, url: %s", image_name, image_url) try: image_id = os_utils.get_image_id(glance_client, image_name) self.logger.info("image_id: %s", image_id) except BaseException: self.logger.error("Unexpected error: %s", sys.exc_info()[0]) if image_id == '': self.logger.info("""%s image doesn't exist on glance repository. Try downloading this image and upload on glance !""" % image_name) image_id = os_utils.download_and_add_image_on_glance( glance_client, image_name, image_url, temp_dir) if image_id == '': self.logger.error("Failed to find or upload required OS " "image for this deployment") return False network_dic = os_utils.create_network_full(neutron_client, "openbaton_mgmt", "openbaton_mgmt_subnet", "openbaton_router", "192.168.100.0/24") # orchestrator VM flavor self.logger.info( "Check if orchestra Flavor is available, if not create one") flavor_exist, flavor_id = os_utils.get_or_create_flavor("orchestra", "4096", '20', '2', public=True) self.logger.debug("Flavor id: %s" % flavor_id) if not network_dic: self.logger.error("There has been a problem when creating the " "neutron network") network_id = network_dic["net_id"] self.logger.info("Creating floating IP for VM in advance...") floatip_dic = os_utils.create_floating_ip(neutron_client) floatip = floatip_dic['fip_addr'] if floatip is None: self.logger.error("Cannot create floating IP.") return False userdata = "#!/bin/bash\n" userdata += "echo \"Executing userdata...\"\n" userdata += "set -x\n" userdata += "set -e\n" userdata += "echo \"Set nameserver to '8.8.8.8'...\"\n" userdata += "echo \"nameserver 8.8.8.8\" >> /etc/resolv.conf\n" userdata += "echo \"Install curl...\"\n" userdata += "apt-get install curl\n" userdata += "echo \"Inject public key...\"\n" userdata += ("echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuPXrV3" "geeHc6QUdyUr/1Z+yQiqLcOskiEGBiXr4z76MK4abiFmDZ18OMQlc" "fl0p3kS0WynVgyaOHwZkgy/DIoIplONVr2CKBKHtPK+Qcme2PVnCtv" "EqItl/FcD+1h5XSQGoa+A1TSGgCod/DPo+pes0piLVXP8Ph6QS1k7S" "ic7JDeRQ4oT1bXYpJ2eWBDMfxIWKZqcZRiGPgMIbJ1iEkxbpeaAd9O" "4MiM9nGCPESmed+p54uYFjwEDlAJZShcAZziiZYAvMZhvAhe6USljc" "7YAdalAnyD/jwCHuwIrUw/lxo7UdNCmaUxeobEYyyFA1YVXzpNFZya" "XPGAAYIJwEq/ openbaton@opnfv\" >> /home/ubuntu/.ssh/aut" "horized_keys\n") userdata += "echo \"Download bootstrap...\"\n" userdata += ("curl -s %s " "> ./bootstrap\n" % self.bootstrap_link) userdata += ("curl -s %s" "> ./config_file\n" % self.bootstrap_config_link) userdata += ("echo \"Disable usage of mysql...\"\n") userdata += "sed -i s/mysql=.*/mysql=no/g /config_file\n" userdata += ("echo \"Setting 'rabbitmq_broker_ip' to '%s'\"\n" % floatip) userdata += ("sed -i s/rabbitmq_broker_ip=localhost/rabbitmq_broker_ip" "=%s/g /config_file\n" % floatip) userdata += "echo \"Set autostart of components to 'false'\"\n" userdata += "export OPENBATON_COMPONENT_AUTOSTART=false\n" userdata += "echo \"Execute bootstrap...\"\n" bootstrap = "sh ./bootstrap release -configFile=./config_file" userdata += bootstrap + "\n" userdata += "echo \"Setting 'nfvo.plugin.timeout' to '300000'\"\n" userdata += ("echo \"nfvo.plugin.timeout=600000\" >> " "/etc/openbaton/openbaton-nfvo.properties\n") userdata += ( "wget %s -O /etc/openbaton/openbaton-vnfm-generic-user-data.sh\n" % self.userdata_file) userdata += "sed -i '113i\ \ \ \ sleep 60' " \ "/etc/openbaton/openbaton-vnfm-generic-user-data.sh\n" userdata += "echo \"Starting NFVO\"\n" userdata += "service openbaton-nfvo restart\n" userdata += "echo \"Starting Generic VNFM\"\n" userdata += "service openbaton-vnfm-generic restart\n" userdata += "echo \"...end of userdata...\"\n" sg_id = os_utils.create_security_group_full(neutron_client, "orchestra-sec-group", "allowall") os_utils.create_secgroup_rule(neutron_client, sg_id, "ingress", "icmp", 0, 255) os_utils.create_secgroup_rule(neutron_client, sg_id, "egress", "icmp", 0, 255) os_utils.create_secgroup_rule(neutron_client, sg_id, "ingress", "tcp", 1, 65535) os_utils.create_secgroup_rule(neutron_client, sg_id, "ingress", "udp", 1, 65535) os_utils.create_secgroup_rule(neutron_client, sg_id, "egress", "tcp", 1, 65535) os_utils.create_secgroup_rule(neutron_client, sg_id, "egress", "udp", 1, 65535) self.logger.info("Security group set") self.logger.info("Create instance....") self.logger.info( "flavor: m1.medium\n" "image: %s\n" "network_id: %s\n" "userdata: %s\n", self.imagename, network_id, userdata) instance = os_utils.create_instance_and_wait_for_active( "orchestra", os_utils.get_image_id(glance_client, self.imagename), network_id, "orchestra-openbaton", config_drive=False, userdata=userdata) self.ob_instance_id = instance.id self.logger.info("Adding sec group to orchestra instance") os_utils.add_secgroup_to_instance(nova_client, self.ob_instance_id, sg_id) self.logger.info("Associating floating ip: '%s' to VM '%s' ", floatip, "orchestra-openbaton") if not os_utils.add_floating_ip(nova_client, instance.id, floatip): self.logger.error("Cannot associate floating IP to VM.") return False self.logger.info("Waiting for Open Baton NFVO to be up and running...") x = 0 while x < 200: if servertest(floatip, "8080"): break else: self.logger.debug("Open Baton NFVO is not started yet (%ss)" % (x * 5)) time.sleep(5) x += 1 if x == 200: self.logger.error("Open Baton is not started correctly") self.ob_ip = floatip self.ob_password = "******" self.ob_username = "******" self.ob_https = False self.ob_port = "8080" self.logger.info("Waiting for all components up and running...") time.sleep(60) self.details["orchestrator"] = { 'status': "PASS", 'result': "Deploy Open Baton NFVO: OK" } self.logger.info("Deploy Open Baton NFVO: OK") return True
def open_bgp_port(neutron_client, security_group_id): os_utils.create_secgroup_rule(neutron_client, security_group_id, 'tcp', 179, 179)