def _get_tenant_network_usages(request, usages, disabled_quotas, tenant_id): enabled_quotas = ((NOVA_NETWORK_QUOTA_FIELDS | NEUTRON_QUOTA_FIELDS) - disabled_quotas) if not enabled_quotas: return # NOTE(amotoki): floatingip is Neutron quota and floating_ips is # Nova quota. We need to check both. if {'floatingip', 'floating_ips'} & enabled_quotas: floating_ips = [] try: if neutron.floating_ip_supported(request): floating_ips = neutron.tenant_floating_ip_list(request) except Exception: pass usages.tally('floating_ips', len(floating_ips)) if 'security_group' not in disabled_quotas: security_groups = [] security_groups = neutron.security_group_list(request) usages.tally('security_groups', len(security_groups)) if 'network' not in disabled_quotas: networks = neutron.network_list(request, tenant_id=tenant_id) usages.tally('networks', len(networks)) if 'subnet' not in disabled_quotas: subnets = neutron.subnet_list(request, tenant_id=tenant_id) usages.tally('subnets', len(subnets)) if 'router' not in disabled_quotas: routers = neutron.router_list(request, tenant_id=tenant_id) usages.tally('routers', len(routers))
def update(self, request, **kwargs): self.choices = [('', _('Application default security group'))] # TODO(pbourke): remove sorted when supported natively in Horizon # (https://bugs.launchpad.net/horizon/+bug/1692972) for secgroup in sorted(neutron.security_group_list(request), key=lambda e: e.name_or_id): if not secgroup.name_or_id.startswith('murano--'): self.choices.append((secgroup.name_or_id, secgroup.name_or_id))
def _get_tenant_network_usages_legacy(request, usages, disabled_quotas, tenant_id): warnings.warn( "The legacy way to retrieve neutron resource usage is deprecated " "in Ussuri release. Horizon will depend on 'quota_details' " "neutron extension added in Pike release in future.", DeprecationWarning) qs = base.QuotaSet() _get_neutron_quota_data(request, qs, disabled_quotas, tenant_id) for quota in qs: usages.add_quota(quota) resource_lister = { 'network': (neutron.network_list, { 'tenant_id': tenant_id }), 'subnet': (neutron.subnet_list, { 'tenant_id': tenant_id }), 'port': (neutron.port_list, { 'tenant_id': tenant_id }), 'router': (neutron.router_list, { 'tenant_id': tenant_id }), 'floatingip': (neutron.tenant_floating_ip_list, {}), } for quota_name, lister_info in resource_lister.items(): if quota_name not in disabled_quotas: lister = lister_info[0] kwargs = lister_info[1] try: resources = lister(request, **kwargs) except Exception: resources = [] usages.tally(quota_name, len(resources)) # Security groups have to be processed separately so that rules may be # processed in the same api call and in a single pass add_sg = 'security_group' not in disabled_quotas add_sgr = 'security_group_rule' not in disabled_quotas if add_sg or add_sgr: try: security_groups = neutron.security_group_list(request) num_rules = sum( len(group['security_group_rules']) for group in security_groups) except Exception: security_groups = [] num_rules = 0 if add_sg: usages.tally('security_group', len(security_groups)) if add_sgr: usages.tally('security_group_rule', num_rules)
def update(self, request, **kwargs): self.choices = [('', _('Application default security group'))] # TODO(pbourke): remove sorted when supported natively in Horizon # (https://bugs.launchpad.net/horizon/+bug/1692972) for secgroup in sorted( neutron.security_group_list(request), key=lambda e: e.name_or_id): if not secgroup.name_or_id.startswith('murano--'): self.choices.append((secgroup.name_or_id, secgroup.name_or_id))
def _get_tenant_network_usages_legacy(request, usages, disabled_quotas, tenant_id): qs = base.QuotaSet() _get_neutron_quota_data(request, qs, disabled_quotas, tenant_id) for quota in qs: usages.add_quota(quota) resource_lister = { 'network': (neutron.network_list, { 'tenant_id': tenant_id }), 'subnet': (neutron.subnet_list, { 'tenant_id': tenant_id }), 'port': (neutron.port_list, { 'tenant_id': tenant_id }), 'router': (neutron.router_list, { 'tenant_id': tenant_id }), 'floatingip': (neutron.tenant_floating_ip_list, {}), } for quota_name, lister_info in resource_lister.items(): if quota_name not in disabled_quotas: lister = lister_info[0] kwargs = lister_info[1] try: resources = lister(request, **kwargs) except Exception: resources = [] usages.tally(quota_name, len(resources)) # Security groups have to be processed separately so that rules may be # processed in the same api call and in a single pass add_sg = 'security_group' not in disabled_quotas add_sgr = 'security_group_rule' not in disabled_quotas if add_sg or add_sgr: try: security_groups = neutron.security_group_list(request) num_rules = sum( len(group['security_group_rules']) for group in security_groups) except Exception: security_groups = [] num_rules = 0 if add_sg: usages.tally('security_group', len(security_groups)) if add_sgr: usages.tally('security_group_rule', num_rules)
def __init__(self, *args, **kwargs): try: request = args[0] template_string = "" if "template_upload" in kwargs: template_upload = kwargs.pop('template_upload') super(ImportNodegroupTemplateDetailsForm, self).__init__( *args, **kwargs) template_string = template_upload.read() self.fields["template"].initial = template_string else: super(ImportNodegroupTemplateDetailsForm, self).__init__( *args, **kwargs) template_string = self.data["template"] template_json = json.loads(template_string) template_json = template_json["node_group_template"] security_group_list = neutron.security_group_list(request) security_group_choices = \ [(sg.id, sg.name) for sg in security_group_list] self.fields["security_groups"].choices = security_group_choices pools = neutron.floating_ip_pools_list(request) pool_choices = [(pool.id, pool.name) for pool in pools] pool_choices.insert(0, (None, "Do not assign floating IPs")) self.fields["floating_ip_pool"].choices = pool_choices flavors = nova_utils.flavor_list(request) if flavors: self.fields["flavor"].choices = nova_utils.sort_flavor_list( request, flavors) else: self.fields["flavor"].choices = [] version = (template_json.get("hadoop_version", None) or template_json["plugin_version"]) self.fields["image_id"].choices = \ self._populate_image_choices(request, template_json["plugin_name"], version) except (ValueError, KeyError): raise exceptions.BadRequest(_("Could not parse template")) except Exception: exceptions.handle(request)
def __init__(self, *args, **kwargs): try: request = args[0] template_string = "" if "template_upload" in kwargs: template_upload = kwargs.pop('template_upload') super(ImportNodegroupTemplateDetailsForm, self).__init__(*args, **kwargs) template_string = template_upload.read() self.fields["template"].initial = template_string else: super(ImportNodegroupTemplateDetailsForm, self).__init__(*args, **kwargs) template_string = self.data["template"] template_json = json.loads(template_string) template_json = template_json["node_group_template"] security_group_list = neutron.security_group_list(request) security_group_choices = \ [(sg.id, sg.name) for sg in security_group_list] self.fields["security_groups"].choices = security_group_choices pools = neutron.floating_ip_pools_list(request) pool_choices = [(pool.id, pool.name) for pool in pools] pool_choices.insert(0, (None, "Do not assign floating IPs")) self.fields["floating_ip_pool"].choices = pool_choices flavors = nova_utils.flavor_list(request) if flavors: self.fields["flavor"].choices = nova_utils.sort_flavor_list( request, flavors) else: self.fields["flavor"].choices = [] version = (template_json.get("hadoop_version", None) or template_json["plugin_version"]) self.fields["image_id"].choices = \ self._populate_image_choices(request, template_json["plugin_name"], version) except (ValueError, KeyError): raise exceptions.BadRequest(_("Could not parse template")) except Exception: exceptions.handle(request)
def __init__(self, request, *args, **kwargs): super(SecurityConfigAction, self).__init__(request, *args, **kwargs) self.fields["security_autogroup"] = forms.BooleanField( label=_("Auto Security Group"), widget=forms.CheckboxInput(), help_text=_("Create security group for this Node Group."), required=False, initial=True) try: groups = neutron.security_group_list(request) except Exception: exceptions.handle(request, _("Unable to get security group list.")) raise security_group_list = [(sg.id, sg.name) for sg in groups] self.fields["security_groups"] = forms.MultipleChoiceField( label=_("Security Groups"), widget=forms.CheckboxSelectMultiple(), help_text=_("Launch instances in these security groups."), choices=security_group_list, required=False)
def setup_new_project(request, project_id, project_name, data): unit_id = data.get('unit', None) cloud_table = getattr(settings, 'UNIT_TABLE', {}) if not unit_id or not unit_id in cloud_table: return unit_data = cloud_table[unit_id] prj_cname = re.sub(r'\s+', "-", project_name) flow_step = 0 try: cinder_params = dict() for pkey, pvalue in unit_data.items(): if pkey == 'quota_total': cinder_params['gigabytes'] = pvalue elif pkey == 'quota_per_volume': cinder_params['per_volume_gigabytes'] = pvalue elif pkey.startswith('quota_'): cinder_params['gigabytes_' + pkey[6:]] = pvalue if len(cinder_params): cinder_api.tenant_quota_update(request, project_id, **cinder_params) except: LOG.error("Cannot setup project quota", exc_info=True) messages.error(request, _("Cannot setup project quota")) try: hyper_list = unit_data.get('hypervisors', []) if len(hyper_list): agg_prj_cname = "%s-%s" % (unit_data.get('aggregate_prefix', unit_id), prj_cname) avail_zone = unit_data.get('availability_zone', 'nova') new_aggr = nova_api.aggregate_create(request, agg_prj_cname, avail_zone) flow_step += 1 for h_item in hyper_list: nova_api.add_host_to_aggregate(request, new_aggr.id, h_item) flow_step += 1 all_md = { 'filter_tenant_id' : project_id } all_md.update(unit_data.get('metadata', {})) nova_api.aggregate_set_metadata(request, new_aggr.id, all_md) flow_step = 0 except: if flow_step == 0: err_msg = _("Cannot create host aggregate") elif flow_step == 1: err_msg = _("Cannot insert hypervisor in aggregate") else: err_msg = _("Cannot set metadata for aggregate") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: subnet_cidr = data['%s-net' % unit_id] prj_lan_name = "%s-lan" % prj_cname prj_net = neutron_api.network_create(request, tenant_id=project_id, name=prj_lan_name) flow_step += 1 net_args = { 'cidr' : subnet_cidr, 'ip_version' : 4, 'dns_nameservers' : unit_data.get('nameservers', []), 'enable_dhcp' : True, 'tenant_id' : project_id, 'name' : "sub-%s-lan" % prj_cname } prj_sub = neutron_api.subnet_create(request, prj_net['id'], **net_args) flow_step += 1 if 'lan_router' in unit_data: neutron_api.router_add_interface(request, unit_data['lan_router'], subnet_id=prj_sub['id']) flow_step = 0 except: if flow_step == 0: err_msg = _("Cannot create network") elif flow_step == 1: err_msg = _("Cannot create sub-network") else: err_msg = _("Cannot add interface to router") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: subnet_cidr = data['%s-net' % unit_id] def_sec_group = None for sg_item in neutron_api.security_group_list(request, tenant_id=project_id): if sg_item['name'].lower() == 'default': def_sec_group = sg_item['id'] LOG.info("Found default security group %s" % def_sec_group) break flow_step += 1 sg_client = neutron_api.SecurityGroupManager(request).client if not def_sec_group: sg_params = { 'name': 'default', 'description': 'Default Security Group for ' + project_name, 'tenant_id': project_id } secgroup = sg_client.create_security_group({ 'security_group' : sg_params }) def_sec_group = SecurityGroup(secgroup.get('security_group')) flow_step += 1 # # Workaround: the tenant_id cannot be specified through high level API # port22_params = { 'security_group_id': def_sec_group, 'direction': 'ingress', 'ethertype': 'IPv4', 'protocol': 'tcp', 'port_range_min': 22, 'port_range_max': 22, 'remote_ip_prefix': subnet_cidr, 'tenant_id' : project_id } icmp_params = { 'security_group_id': def_sec_group, 'direction': 'ingress', 'ethertype': 'IPv4', 'protocol': 'icmp', 'remote_ip_prefix': subnet_cidr, 'tenant_id' : project_id } sg_client.create_security_group_rule({'security_group_rule': port22_params}) sg_client.create_security_group_rule({'security_group_rule': icmp_params}) except: if flow_step == 0: err_msg = _("Cannot retrieve default security group") elif flow_step == 1: err_msg = _("Cannot create default security group") else: err_msg = _("Cannot insert basic rules") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: new_tags = list() new_tags.append(ORG_TAG_FMT % unit_data.get('organization', 'other')) if '%s-ou' % unit_id in data: new_tags.append(OU_TAG_FMT % data['%s-ou' % unit_id]) kclient = keystone_api.keystoneclient(request) kclient.projects.update_tags(project_id, new_tags) except: LOG.error("Cannot add organization tags", exc_info=True) messages.error(request, _("Cannot add organization tags"))
def setup_new_project(request, project_id, project_name, data): try: acct_table = getattr(settings, 'ACCOUNTING', None) if acct_table: uid = acct_table.get('user_id', None) roleid = acct_table.get('role_id', None) if uid and roleid: keystone_api.add_tenant_user_role(request, project_id, uid, roleid) except: LOG.error("Cannot add user for accounting", exc_info=True) messages.error(request, _("Cannot add user for accounting")) unit_id = data.get('unit', None) cloud_table = get_unit_table() if not unit_id or not unit_id in cloud_table: return unit_data = cloud_table[unit_id] prj_cname = re.sub(r'\s+', "-", project_name) flow_step = 0 try: cinder_params = dict() for pkey, pvalue in unit_data.items(): if pkey == 'quota_total': cinder_params['gigabytes'] = pvalue elif pkey == 'quota_per_volume': cinder_params['per_volume_gigabytes'] = pvalue elif pkey.startswith('quota_'): cinder_params['gigabytes_' + pkey[6:]] = pvalue if len(cinder_params): cinder_api.tenant_quota_update(request, project_id, **cinder_params) except: LOG.error("Cannot setup project quota", exc_info=True) messages.error(request, _("Cannot setup project quota")) try: hyper_list = unit_data.get('hypervisors', []) if len(hyper_list): agg_prj_cname = "%s-%s" % (unit_data.get('aggregate_prefix', unit_id), prj_cname) avail_zone = unit_data.get('availability_zone', 'nova') new_aggr = nova_api.aggregate_create(request, agg_prj_cname, avail_zone) flow_step += 1 for h_item in hyper_list: nova_api.add_host_to_aggregate(request, new_aggr.id, h_item) flow_step += 1 all_md = { 'filter_tenant_id' : project_id } all_md.update(unit_data.get('metadata', {})) nova_api.aggregate_set_metadata(request, new_aggr.id, all_md) flow_step = 0 except: if flow_step == 0: err_msg = _("Cannot create host aggregate") elif flow_step == 1: err_msg = _("Cannot insert hypervisor in aggregate") else: err_msg = _("Cannot set metadata for aggregate") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: subnet_cidr = data['%s-net' % unit_id] prj_lan_name = "%s-lan" % prj_cname prj_net = neutron_api.network_create(request, tenant_id=project_id, name=prj_lan_name) flow_step += 1 net_args = { 'cidr' : subnet_cidr, 'ip_version' : 4, 'dns_nameservers' : unit_data.get('nameservers', []), 'enable_dhcp' : True, 'tenant_id' : project_id, 'name' : "sub-%s-lan" % prj_cname } prj_sub = neutron_api.subnet_create(request, prj_net['id'], **net_args) flow_step += 1 if 'lan_router' in unit_data: f_ips = [{ "ip_address" : subnet_cidr.replace('0/24', '1'), "subnet_id" : prj_sub['id'] }] r_port = neutron_api.port_create(request, prj_net['id'], tenant_id=project_id, project_id=project_id, fixed_ips=f_ips) neutron_api.router_add_interface(request, unit_data['lan_router'], port_id=r_port['id']) flow_step = 0 except: if flow_step == 0: err_msg = _("Cannot create network") elif flow_step == 1: err_msg = _("Cannot create sub-network") else: err_msg = _("Cannot add interface to router") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: subnet_cidr = data['%s-net' % unit_id] def_sec_group = None for sg_item in neutron_api.security_group_list(request, tenant_id=project_id): if sg_item['name'].lower() == 'default': def_sec_group = sg_item['id'] LOG.info("Found default security group %s" % def_sec_group) break flow_step += 1 sg_client = neutron_api.SecurityGroupManager(request).client if not def_sec_group: sg_params = { 'name': 'default', 'description': 'Default Security Group for ' + project_name, 'tenant_id': project_id } secgroup = sg_client.create_security_group({ 'security_group' : sg_params }) def_sec_group = SecurityGroup(secgroup.get('security_group')) flow_step += 1 # # Workaround: the tenant_id cannot be specified through high level API # port22_params = { 'security_group_id': def_sec_group, 'direction': 'ingress', 'ethertype': 'IPv4', 'protocol': 'tcp', 'port_range_min': 22, 'port_range_max': 22, 'remote_ip_prefix': "0.0.0.0/0", 'tenant_id' : project_id } icmp_params = { 'security_group_id': def_sec_group, 'direction': 'ingress', 'ethertype': 'IPv4', 'protocol': 'icmp', 'remote_ip_prefix': "0.0.0.0/0", 'tenant_id' : project_id } sg_client.create_security_group_rule({'security_group_rule': port22_params}) sg_client.create_security_group_rule({'security_group_rule': icmp_params}) except: if flow_step == 0: err_msg = _("Cannot retrieve default security group") elif flow_step == 1: err_msg = _("Cannot create default security group") else: err_msg = _("Cannot insert basic rules") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: new_tags = list() new_tags.append(ORG_TAG_FMT % unit_data.get('organization', 'other')) for ou_id in data.get('%s-ou' % unit_id, []): if ou_id.strip(): new_tags.append(OU_TAG_FMT % ou_id.strip()) kclient = keystone_api.keystoneclient(request) kclient.projects.update_tags(project_id, new_tags) except: LOG.error("Cannot add organization tags", exc_info=True) messages.error(request, _("Cannot add organization tags"))