def _create_auto_security_group(self, node_group): name = g.generate_auto_security_group_name(node_group) nova_client = nova.client() security_group = nova_client.security_groups.create( name, "Auto security group created by Sahara for Node Group '%s' " "of cluster '%s'." % (node_group.name, node_group.cluster.name)) # ssh remote needs ssh port, agents are not implemented yet nova_client.security_group_rules.create(security_group.id, 'tcp', SSH_PORT, SSH_PORT, "0.0.0.0/0") # open all traffic for private networks if CONF.use_neutron: for cidr in neutron.get_private_network_cidrs(node_group.cluster): for protocol in ['tcp', 'udp']: nova_client.security_group_rules.create( security_group.id, protocol, 1, 65535, cidr) nova_client.security_group_rules.create( security_group.id, 'icmp', -1, -1, cidr) # enable ports returned by plugin for port in node_group.open_ports: nova_client.security_group_rules.create(security_group.id, 'tcp', port, port, "0.0.0.0/0") security_groups = list(node_group.security_groups or []) security_groups.append(security_group.id) conductor.node_group_update(context.ctx(), node_group, {"security_groups": security_groups}) return security_groups
def _create_auto_security_group(self, node_group): name = g.generate_auto_security_group_name(node_group) nova_client = nova.client() security_group = nova_client.security_groups.create( name, "Auto security group created by Sahara for Node Group '%s' " "of cluster '%s'." % (node_group.name, node_group.cluster.name)) # ssh remote needs ssh port, agents are not implemented yet nova_client.security_group_rules.create( security_group.id, 'tcp', SSH_PORT, SSH_PORT, "0.0.0.0/0") # open all traffic for private networks if CONF.use_neutron: for cidr in neutron.get_private_network_cidrs(node_group.cluster): for protocol in ['tcp', 'udp']: nova_client.security_group_rules.create( security_group.id, protocol, 1, 65535, cidr) nova_client.security_group_rules.create( security_group.id, 'icmp', -1, -1, cidr) # enable ports returned by plugin for port in node_group.open_ports: nova_client.security_group_rules.create( security_group.id, 'tcp', port, port, "0.0.0.0/0") security_groups = list(node_group.security_groups or []) security_groups.append(security_group.id) conductor.node_group_update(context.ctx(), node_group, {"security_groups": security_groups}) return security_groups
def _serialize_auto_security_group_rules(self, ng, create_rule): rules = [] for port in ng.open_ports: rules.append(create_rule(4, '0.0.0.0/0', 'tcp', port, port)) rules.append(create_rule(6, '::/0', 'tcp', port, port)) rules.append(create_rule(4, '0.0.0.0/0', 'tcp', SSH_PORT, SSH_PORT)) rules.append(create_rule(6, '::/0', 'tcp', SSH_PORT, SSH_PORT)) # open all traffic for private networks for cidr in neutron.get_private_network_cidrs(ng.cluster): ip_ver = 6 if ':' in cidr else 4 for protocol in ['tcp', 'udp']: rules.append(create_rule(ip_ver, cidr, protocol, 1, 65535)) rules.append(create_rule(ip_ver, cidr, 'icmp', 0, 255)) return rules
def _serialize_auto_security_group_rules(self, ng, create_rule): rules = [] for port in ng.open_ports: rules.append(create_rule(4, "0.0.0.0/0", "tcp", port, port)) rules.append(create_rule(6, "::/0", "tcp", port, port)) rules.append(create_rule(4, "0.0.0.0/0", "tcp", SSH_PORT, SSH_PORT)) rules.append(create_rule(6, "::/0", "tcp", SSH_PORT, SSH_PORT)) # open all traffic for private networks if CONF.use_neutron: for cidr in neutron.get_private_network_cidrs(ng.cluster): ip_ver = 6 if ":" in cidr else 4 for protocol in ["tcp", "udp"]: rules.append(create_rule(ip_ver, cidr, protocol, 1, 65535)) rules.append(create_rule(ip_ver, cidr, "icmp", 0, 255)) return rules
def _serialize_auto_security_group_rules(self, ng): create_rule = lambda cidr, proto, from_port, to_port: { 'remote_ip_prefix': cidr, 'protocol': proto, 'port_range_min': from_port, 'port_range_max': to_port} rules = [] for port in ng.open_ports: rules.append(create_rule('0.0.0.0/0', 'tcp', port, port)) rules.append(create_rule('0.0.0.0/0', 'tcp', SSH_PORT, SSH_PORT)) # open all traffic for private networks if CONF.use_neutron: for cidr in neutron.get_private_network_cidrs(ng.cluster): for protocol in ['tcp', 'udp']: rules.append(create_rule(cidr, protocol, 1, 65535)) rules.append(create_rule(cidr, 'icmp', -1, -1)) return json.dumps(rules)
def _serialize_auto_security_group_rules(self, ng): create_rule = lambda cidr, proto, from_port, to_port: { "CidrIp": cidr, "IpProtocol": proto, "FromPort": six.text_type(from_port), "ToPort": six.text_type(to_port)} rules = [] for port in ng.open_ports: rules.append(create_rule('0.0.0.0/0', 'tcp', port, port)) rules.append(create_rule('0.0.0.0/0', 'tcp', SSH_PORT, SSH_PORT)) # open all traffic for private networks if CONF.use_neutron: for cidr in neutron.get_private_network_cidrs(ng.cluster): for protocol in ['tcp', 'udp']: rules.append(create_rule(cidr, protocol, 1, 65535)) rules.append(create_rule(cidr, 'icmp', -1, -1)) return rules