def _dhcp_operation(vca_client, network_name, operation):
"""
update dhcp setting for network
"""
dhcp_settings = ctx.node.properties['network'].get('dhcp')
if dhcp_settings is None:
return True
gateway_name = ctx.node.properties["network"]['edge_gateway']
gateway = get_gateway(vca_client, gateway_name)
if gateway.is_busy():
return False
if operation == ADD_POOL:
ip = _split_adresses(dhcp_settings['dhcp_range'])
low_ip_address = check_ip(ip.start)
hight_ip_address = check_ip(ip.end)
default_lease = dhcp_settings.get('default_lease')
max_lease = dhcp_settings.get('max_lease')
gateway.add_dhcp_pool(network_name, low_ip_address, hight_ip_address,
default_lease, max_lease)
if save_gateway_configuration(gateway, vca_client):
ctx.logger.info("DHCP rule successful created for network {0}"
.format(network_name))
return True
if operation == DELETE_POOL:
gateway.delete_dhcp_pool(network_name)
if save_gateway_configuration(gateway, vca_client):
ctx.logger.info("DHCP rule successful deleted for network {0}"
.format(network_name))
return True
return False
def _dhcp_operation(vca_client, network_name, operation):
"""
update dhcp setting for network
"""
dhcp_settings = ctx.node.properties['network'].get('dhcp')
if dhcp_settings is None:
return
gateway_name = ctx.node.properties["network"]['edge_gateway']
gateway = vca_client.get_gateway(get_vcloud_config()['vdc'], gateway_name)
if not gateway:
raise cfy_exc.NonRecoverableError(
"Gateway {0} not found!".format(gateway_name))
if operation == ADD_POOL:
ip = _split_adresses(dhcp_settings['dhcp_range'])
low_ip_address = check_ip(ip.start)
hight_ip_address = check_ip(ip.end)
default_lease = dhcp_settings.get('default_lease')
max_lease = dhcp_settings.get('max_lease')
gateway.add_dhcp_pool(network_name, low_ip_address, hight_ip_address,
default_lease, max_lease)
ctx.logger.info("DHCP rule successful created for network {0}".format(
network_name))
if operation == DELETE_POOL:
gateway.delete_dhcp_pool(network_name)
ctx.logger.info("DHCP rule successful deleted for network {0}".format(
network_name))
if not save_gateway_configuration(gateway, vca_client):
return ctx.operation.retry(message='Waiting for gateway.',
retry_after=10)
def _dhcp_operation(vca_client, network_name, operation):
"""
update dhcp setting for network
"""
dhcp_settings = ctx.node.properties["network"].get("dhcp")
if dhcp_settings is None:
return
gateway_name = ctx.node.properties["network"]["edge_gateway"]
gateway = vca_client.get_gateway(get_vcloud_config()["vdc"], gateway_name)
if not gateway:
raise cfy_exc.NonRecoverableError("Gateway {0} not found!".format(gateway_name))
if operation == ADD_POOL:
ip = _split_adresses(dhcp_settings["dhcp_range"])
low_ip_address = check_ip(ip.start)
hight_ip_address = check_ip(ip.end)
default_lease = dhcp_settings.get("default_lease")
max_lease = dhcp_settings.get("max_lease")
gateway.add_dhcp_pool(network_name, low_ip_address, hight_ip_address, default_lease, max_lease)
ctx.logger.info("DHCP rule successful created for network {0}".format(network_name))
if operation == DELETE_POOL:
gateway.delete_dhcp_pool(network_name)
ctx.logger.info("DHCP rule successful deleted for network {0}".format(network_name))
if not save_gateway_configuration(gateway, vca_client):
return ctx.operation.retry(message="Waiting for gateway.", retry_after=10)
def _save_configuration(gateway, vca_client, operation, public_ip):
"""
save/refresh nat rules on gateway
"""
ctx.logger.info("Save NAT configuration.")
success = save_gateway_configuration(gateway, vca_client)
if not success:
return False
ctx.logger.info("NAT configuration has been saved.")
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip
else:
service_type = get_vcloud_config().get('service_type')
if is_ondemand(service_type):
if not ctx.target.node.properties['nat'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client, gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP],
ctx
)
if PUBLIC_IP in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[PUBLIC_IP]
if PORT_REPLACEMENT in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[PORT_REPLACEMENT]
return True
def test_save_gateway_configuration(self):
"""
check reation of out code for different results from server
on save configuration
"""
gateway = self.generate_gateway()
fake_client = self.generate_client()
# cant save configuration - error in first call
self.set_services_conf_result(gateway, None)
with self.assertRaises(cfy_exc.NonRecoverableError):
network_plugin.save_gateway_configuration(gateway, fake_client)
# error in status
self.set_services_conf_result(gateway,
vcloud_plugin_common.TASK_STATUS_ERROR)
with self.assertRaises(cfy_exc.NonRecoverableError):
network_plugin.save_gateway_configuration(gateway, fake_client)
# everything fine
self.set_services_conf_result(gateway,
vcloud_plugin_common.TASK_STATUS_SUCCESS)
self.assertTrue(
network_plugin.save_gateway_configuration(gateway, fake_client))
# server busy
self.set_services_conf_result(gateway, None)
self.set_gateway_busy(gateway)
self.assertFalse(
network_plugin.save_gateway_configuration(gateway, fake_client))
def _floatingip_operation(operation, vca_client, ctx):
"""
create/release floating ip by nat rules for this ip with
relation to internal ip for current node,
save selected public_ip in runtime properties
"""
service_type = get_vcloud_config().get('service_type')
gateway = get_gateway(
vca_client, ctx.target.node.properties['floatingip']['edge_gateway'])
internal_ip = get_vm_ip(vca_client, ctx, gateway)
nat_operation = None
public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP)
or ctx.target.node.properties['floatingip'].get(PUBLIC_IP))
if operation == CREATE:
CheckAssignedInternalIp(internal_ip, gateway)
if public_ip:
CheckAssignedExternalIp(public_ip, gateway)
else:
public_ip = get_public_ip(vca_client, gateway, service_type, ctx)
nat_operation = _add_nat_rule
elif operation == DELETE:
if not public_ip:
ctx.logger.info("Can't get external IP".format(public_ip))
return
nat_operation = _del_nat_rule
else:
raise cfy_exc.NonRecoverableError(
"Unknown operation {0}".format(operation)
)
external_ip = check_ip(public_ip)
nat_operation(gateway, "SNAT", internal_ip, external_ip)
nat_operation(gateway, "DNAT", external_ip, internal_ip)
if not save_gateway_configuration(gateway, vca_client):
return ctx.operation.retry(message='Waiting for gateway.',
retry_after=10)
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip
else:
if is_ondemand(service_type):
if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client,
gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP],
ctx)
del ctx.target.instance.runtime_properties[PUBLIC_IP]
def _floatingip_operation(operation, vca_client, ctx):
"""
create/release floating ip by nat rules for this ip with
relation to internal ip for current node,
save selected public_ip in runtime properties
"""
service_type = get_vcloud_config().get('service_type')
gateway = get_gateway(
vca_client, ctx.target.node.properties['floatingip']['edge_gateway'])
if gateway.is_busy():
return False
internal_ip = get_vm_ip(vca_client, ctx, gateway)
nat_operation = None
public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP)
or ctx.target.node.properties['floatingip'].get(PUBLIC_IP))
if operation == CREATE:
CheckAssignedInternalIp(internal_ip, gateway)
if public_ip:
CheckAssignedExternalIp(public_ip, gateway)
else:
public_ip = get_public_ip(vca_client, gateway, service_type, ctx)
nat_operation = _add_nat_rule
elif operation == DELETE:
if not public_ip:
ctx.logger.info("Can't get external IP".format(public_ip))
return
nat_operation = _del_nat_rule
else:
raise cfy_exc.NonRecoverableError(
"Unknown operation {0}".format(operation))
external_ip = check_ip(public_ip)
nat_operation(gateway, "SNAT", internal_ip, external_ip)
nat_operation(gateway, "DNAT", external_ip, internal_ip)
success = save_gateway_configuration(gateway, vca_client)
if not success:
return False
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip
else:
if is_ondemand(service_type):
if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client, gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP], ctx)
del ctx.target.instance.runtime_properties[PUBLIC_IP]
return True
def _save_configuration(gateway, vca_client, operation, public_ip):
if not save_gateway_configuration(gateway, vca_client):
return ctx.operation.retry(message='Waiting for gateway.',
retry_after=10)
ctx.logger.info("NAT configuration has been saved")
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip
else:
service_type = get_vcloud_config().get('service_type')
if is_ondemand(service_type):
if not ctx.target.node.properties['nat'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client, gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP], ctx)
del ctx.target.instance.runtime_properties[PUBLIC_IP]
def _save_configuration(gateway, vca_client, operation, public_ip):
"""
save/refresh nat rules on gateway
"""
if not save_gateway_configuration(gateway, vca_client):
return ctx.operation.retry(message='Waiting for gateway.',
retry_after=10)
ctx.logger.info("NAT configuration has been saved")
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip
else:
service_type = get_vcloud_config().get('service_type')
if is_ondemand(service_type):
if not ctx.target.node.properties['nat'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client, gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP], ctx)
del ctx.target.instance.runtime_properties[PUBLIC_IP]
def _rule_operation(operation, vca_client):
"""
create/delete firewall rules in gateway for current node
"""
gateway = get_gateway(
vca_client, _get_gateway_name(ctx.target.node.properties))
if gateway.is_busy():
return False
for rule in ctx.target.node.properties['rules']:
description = rule.get('description', "Rule added by pyvcloud").strip()
source_ip = rule.get("source", "external")
if not _is_literal_ip(source_ip):
check_ip(source_ip)
elif _is_host_ip(source_ip):
source_ip = get_vm_ip(vca_client, ctx, gateway)
source_port = str(rule.get("source_port", "any"))
dest_ip = rule.get("destination", "external")
if not _is_literal_ip(dest_ip):
check_ip(dest_ip)
elif _is_host_ip(dest_ip):
dest_ip = get_vm_ip(vca_client, ctx, gateway)
dest_port = str(rule.get('destination_port', 'any'))
protocol = rule.get('protocol', 'any').capitalize()
action = rule.get("action", "allow")
log = rule.get('log_traffic', False)
if operation == CREATE_RULE:
gateway.add_fw_rule(
True, description, action, protocol, dest_port, dest_ip,
source_port, source_ip, log)
ctx.logger.info(
"Firewall rule has been created: {0}".format(description))
elif operation == DELETE_RULE:
gateway.delete_fw_rule(protocol, dest_port, dest_ip,
source_port, source_ip)
ctx.logger.info(
"Firewall rule has been deleted: {0}".format(description))
return save_gateway_configuration(gateway, vca_client)
def _rule_operation(operation, vca_client):
"""
create/delete firewall rules in gateway for current node
"""
gateway = get_gateway(vca_client,
_get_gateway_name(ctx.target.node.properties))
if gateway.is_busy():
return False
for rule in ctx.target.node.properties['rules']:
description = rule.get('description', "Rule added by pyvcloud").strip()
source_ip = rule.get("source", "external")
if not _is_literal_ip(source_ip):
check_ip(source_ip)
elif _is_host_ip(source_ip):
source_ip = get_vm_ip(vca_client, ctx, gateway)
source_port = str(rule.get("source_port", "any"))
dest_ip = rule.get("destination", "external")
if not _is_literal_ip(dest_ip):
check_ip(dest_ip)
elif _is_host_ip(dest_ip):
dest_ip = get_vm_ip(vca_client, ctx, gateway)
dest_port = str(rule.get('destination_port', 'any'))
protocol = rule.get('protocol', 'any').capitalize()
action = rule.get("action", "allow")
log = rule.get('log_traffic', False)
if operation == CREATE_RULE:
gateway.add_fw_rule(True, description, action, protocol, dest_port,
dest_ip, source_port, source_ip, log)
ctx.logger.info(
"Firewall rule has been created: {0}".format(description))
elif operation == DELETE_RULE:
gateway.delete_fw_rule(protocol, dest_port, dest_ip, source_port,
source_ip)
ctx.logger.info(
"Firewall rule has been deleted: {0}".format(description))
return save_gateway_configuration(gateway, vca_client)
def _save_configuration(gateway, vca_client, operation, public_ip):
"""
save/refresh nat rules on gateway
"""
ctx.logger.info("Save NAT configuration.")
success = save_gateway_configuration(gateway, vca_client)
if not success:
return False
ctx.logger.info("NAT configuration has been saved.")
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip
else:
service_type = get_vcloud_config().get('service_type')
if is_ondemand(service_type):
if not ctx.target.node.properties['nat'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client, gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP], ctx)
if PUBLIC_IP in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[PUBLIC_IP]
if PORT_REPLACEMENT in ctx.target.instance.runtime_properties:
del ctx.target.instance.runtime_properties[PORT_REPLACEMENT]
return True
def _rule_operation(operation, vca_client):
gateway = get_gateway(
vca_client, _get_gateway_name(ctx.target.node.properties))
for rule in ctx.target.node.properties['rules']:
description = rule.get('description', "Rule added by pyvcloud").strip()
source_ip = rule.get("source", "external").capitalize()
if source_ip not in ADDRESS_LITERALS:
check_ip(source_ip)
elif source_ip == ADDRESS_LITERALS[-1]:
source_ip = get_vm_ip(vca_client, ctx, gateway)
source_port = str(rule.get("source_port", "any")).capitalize()
dest_ip = rule.get("destination", "external").capitalize()
if dest_ip not in ADDRESS_LITERALS:
check_ip(dest_ip)
elif dest_ip == ADDRESS_LITERALS[-1]:
dest_ip = get_vm_ip(vca_client, ctx, gateway)
dest_port = str(rule.get('destination_port', 'any')).capitalize()
protocol = rule.get('protocol', 'any').capitalize()
action = rule.get("action", "allow")
log = rule.get('log_traffic', False)
if operation == CREATE_RULE:
gateway.add_fw_rule(
True, description, action, protocol, dest_port, dest_ip,
source_port, source_ip, log)
ctx.logger.info(
"Firewall rule has been created: {0}".format(description))
elif operation == DELETE_RULE:
gateway.delete_fw_rule(protocol, dest_port, dest_ip.lower(),
source_port, source_ip.lower())
ctx.logger.info(
"Firewall rule has been deleted: {0}".format(description))
if not save_gateway_configuration(gateway, vca_client):
return ctx.operation.retry(message='Waiting for gateway.',
retry_after=10)
def test_save_gateway_configuration(self):
"""
check reation of out code for different results from server
on save configuration
"""
gateway = self.generate_gateway()
fake_client = self.generate_client()
# cant save configuration - error in first call
self.set_services_conf_result(
gateway, None
)
with self.assertRaises(cfy_exc.NonRecoverableError):
network_plugin.save_gateway_configuration(
gateway, fake_client
)
# error in status
self.set_services_conf_result(
gateway, vcloud_plugin_common.TASK_STATUS_ERROR
)
with self.assertRaises(cfy_exc.NonRecoverableError):
network_plugin.save_gateway_configuration(
gateway, fake_client
)
# everything fine
self.set_services_conf_result(
gateway, vcloud_plugin_common.TASK_STATUS_SUCCESS
)
self.assertTrue(
network_plugin.save_gateway_configuration(
gateway, fake_client
)
)
# server busy
self.set_services_conf_result(
gateway, None
)
self.set_gateway_busy(gateway)
self.assertFalse(
network_plugin.save_gateway_configuration(
gateway, fake_client
)
)
