def __create_security_group(self):
"""
Configure OpenStack security groups.
Configures and deploys an OpenStack security group object
:return: the creator object
"""
sg_rules = list()
sg_rules.append(
SecurityGroupRuleSettings(sec_grp_name=self.sg_name,
direction=Direction.ingress,
protocol=Protocol.icmp))
sg_rules.append(
SecurityGroupRuleSettings(sec_grp_name=self.sg_name,
direction=Direction.ingress,
protocol=Protocol.tcp, port_range_min=22,
port_range_max=22))
sg_rules.append(
SecurityGroupRuleSettings(sec_grp_name=self.sg_name,
direction=Direction.egress,
protocol=Protocol.tcp, port_range_min=22,
port_range_max=22))
log = "Security group with name: '%s'" % self.sg_name
self.logger.info(log)
return deploy_utils.create_security_group(self.os_creds,
SecurityGroupSettings(
name=self.sg_name,
description=self.sg_desc,
rule_settings=sg_rules))
def test_config_name_and_direction(self):
settings = SecurityGroupRuleSettings(**{
'sec_grp_name': 'foo',
'direction': 'ingress'
})
self.assertEqual('foo', settings.sec_grp_name)
self.assertEqual(Direction.ingress.value, settings.direction.value)
def test_proto_null(self):
settings = SecurityGroupRuleSettings(**{
'sec_grp_name': 'foo',
'direction': 'ingress',
'protocol': 'null'
})
self.assertEqual('foo', settings.sec_grp_name)
self.assertEqual(Direction.ingress.value, settings.direction.value)
self.assertEqual(Protocol.null.value, settings.protocol.value)
def test_all(self):
rule_settings = list()
rule_settings.append(
SecurityGroupRuleSettings(sec_grp_name='bar',
direction=Direction.egress,
description='test_rule_1'))
rule_settings.append(
SecurityGroupRuleSettings(sec_grp_name='bar',
direction=Direction.ingress,
description='test_rule_2'))
settings = SecurityGroupSettings(name='bar',
description='fubar',
project_name='foo',
rule_settings=rule_settings)
self.assertEqual('bar', settings.name)
self.assertEqual('fubar', settings.description)
self.assertEqual('foo', settings.project_name)
self.assertEqual(rule_settings[0], settings.rule_settings[0])
self.assertEqual(rule_settings[1], settings.rule_settings[1])
def test_all(self):
settings = SecurityGroupRuleSettings(sec_grp_name='foo',
description='fubar',
direction=Direction.egress,
remote_group_id='rgi',
protocol=Protocol.icmp,
ethertype=Ethertype.IPv6,
port_range_min=1,
port_range_max=2,
remote_ip_prefix='prfx')
self.assertEqual('foo', settings.sec_grp_name)
self.assertEqual('fubar', settings.description)
self.assertEqual(Direction.egress.value, settings.direction.value)
self.assertEqual('rgi', settings.remote_group_id)
self.assertEqual(Protocol.icmp.value, settings.protocol.value)
self.assertEqual(Ethertype.IPv6.value, settings.ethertype.value)
self.assertEqual(1, settings.port_range_min)
self.assertEqual(2, settings.port_range_max)
self.assertEqual('prfx', settings.remote_ip_prefix)
def test_config_all(self):
settings = SecurityGroupRuleSettings(
**{
'sec_grp_name': 'foo',
'description': 'fubar',
'direction': 'egress',
'remote_group_id': 'rgi',
'protocol': 'tcp',
'ethertype': 'IPv6',
'port_range_min': 1,
'port_range_max': 2,
'remote_ip_prefix': 'prfx'
})
self.assertEqual('foo', settings.sec_grp_name)
self.assertEqual('fubar', settings.description)
self.assertEqual(Direction.egress.value, settings.direction.value)
self.assertEqual('rgi', settings.remote_group_id)
self.assertEqual(Protocol.tcp.value, settings.protocol.value)
self.assertEqual(Ethertype.IPv6.value, settings.ethertype.value)
self.assertEqual(1, settings.port_range_min)
self.assertEqual(2, settings.port_range_max)
self.assertEqual('prfx', settings.remote_ip_prefix)
def prepare_security_groups(self):
"""Create Open Baton security group if it doesn't exist yet"""
self.logger.info(
"Creating security group for Open Baton if not yet existing...")
sg_rules = list()
sg_rules.append(
SecurityGroupRuleSettings(
sec_grp_name="orchestra-sec-group-allowall",
direction=Direction.ingress,
protocol=Protocol.tcp,
port_range_min=1,
port_range_max=65535))
sg_rules.append(
SecurityGroupRuleSettings(
sec_grp_name="orchestra-sec-group-allowall",
direction=Direction.egress,
protocol=Protocol.tcp,
port_range_min=1,
port_range_max=65535))
sg_rules.append(
SecurityGroupRuleSettings(
sec_grp_name="orchestra-sec-group-allowall",
direction=Direction.ingress,
protocol=Protocol.udp,
port_range_min=1,
port_range_max=65535))
sg_rules.append(
SecurityGroupRuleSettings(
sec_grp_name="orchestra-sec-group-allowall",
direction=Direction.egress,
protocol=Protocol.udp,
port_range_min=1,
port_range_max=65535))
sg_rules.append(
SecurityGroupRuleSettings(
sec_grp_name="orchestra-sec-group-allowall",
direction=Direction.ingress,
protocol=Protocol.icmp))
sg_rules.append(
SecurityGroupRuleSettings(
sec_grp_name="orchestra-sec-group-allowall",
direction=Direction.egress,
protocol=Protocol.icmp))
# sg_rules.append(
# SecurityGroupRuleSettings(
# sec_grp_name="orchestra-sec-group-allowall",
# direction=Direction.ingress,
# protocol=Protocol.icmp,
# port_range_min=-1,
# port_range_max=-1))
# sg_rules.append(
# SecurityGroupRuleSettings(
# sec_grp_name="orchestra-sec-group-allowall",
# direction=Direction.egress,
# protocol=Protocol.icmp,
# port_range_min=-1,
# port_range_max=-1))
security_group = OpenStackSecurityGroup(
self.snaps_creds,
SecurityGroupSettings(name="orchestra-sec-group-allowall",
rule_settings=sg_rules))
security_group_info = security_group.create()
self.created_resources.append(security_group)
self.mano['details']['sec_group'] = security_group_info.name
self.logger.info(
"Security group orchestra-sec-group-allowall prepared")
def deploy_orchestrator(self):
"""
Deploy Cloudify Manager.
network, security group, fip, VM creation
"""
# network creation
start_time = time.time()
self.__logger.info("Creating keypair ...")
kp_file = os.path.join(self.data_dir, "cloudify_vrouter.pem")
keypair_settings = KeypairSettings(name='cloudify_vrouter_kp',
private_filepath=kp_file)
keypair_creator = OpenStackKeypair(self.snaps_creds, keypair_settings)
keypair_creator.create()
self.created_object.append(keypair_creator)
self.__logger.info("Creating full network ...")
subnet_settings = SubnetSettings(name='cloudify_vrouter_subnet',
cidr='10.67.79.0/24')
network_settings = NetworkSettings(name='cloudify_vrouter_network',
subnet_settings=[subnet_settings])
network_creator = OpenStackNetwork(self.snaps_creds, network_settings)
network_creator.create()
self.created_object.append(network_creator)
ext_net_name = snaps_utils.get_ext_net_name(self.snaps_creds)
router_creator = OpenStackRouter(
self.snaps_creds,
RouterSettings(name='cloudify_vrouter_router',
external_gateway=ext_net_name,
internal_subnets=[subnet_settings.name]))
router_creator.create()
self.created_object.append(router_creator)
# security group creation
self.__logger.info("Creating security group for cloudify manager vm")
sg_rules = list()
sg_rules.append(
SecurityGroupRuleSettings(sec_grp_name="sg-cloudify-manager",
direction=Direction.ingress,
protocol=Protocol.tcp,
port_range_min=1,
port_range_max=65535))
sg_rules.append(
SecurityGroupRuleSettings(sec_grp_name="sg-cloudify-manager",
direction=Direction.ingress,
protocol=Protocol.udp,
port_range_min=1,
port_range_max=65535))
security_group_creator = OpenStackSecurityGroup(
self.snaps_creds,
SecurityGroupSettings(name="sg-cloudify-manager",
rule_settings=sg_rules))
security_group_creator.create()
self.created_object.append(security_group_creator)
# orchestrator VM flavor
self.__logger.info("Get or create flavor for cloudify manager vm ...")
flavor_settings = FlavorSettings(
name=self.orchestrator['requirements']['flavor']['name'],
ram=self.orchestrator['requirements']['flavor']['ram_min'],
disk=50,
vcpus=2)
flavor_creator = OpenStackFlavor(self.snaps_creds, flavor_settings)
flavor_creator.create()
self.created_object.append(flavor_creator)
image_settings = ImageSettings(
name=self.orchestrator['requirements']['os_image'],
image_user='******',
exists=True)
port_settings = PortSettings(name='cloudify_manager_port',
network_name=network_settings.name)
manager_settings = VmInstanceSettings(
name='cloudify_manager',
flavor=flavor_settings.name,
port_settings=[port_settings],
security_group_names=[
security_group_creator.sec_grp_settings.name
],
floating_ip_settings=[
FloatingIpSettings(
name='cloudify_manager_fip',
port_name=port_settings.name,
router_name=router_creator.router_settings.name)
])
manager_creator = OpenStackVmInstance(self.snaps_creds,
manager_settings, image_settings,
keypair_settings)
self.__logger.info("Creating cloudify manager VM")
manager_creator.create()
self.created_object.append(manager_creator)
public_auth_url = os_utils.get_endpoint('identity')
self.__logger.info("Set creds for cloudify manager")
cfy_creds = dict(keystone_username=self.tenant_name,
keystone_password=self.tenant_name,
keystone_tenant_name=self.tenant_name,
keystone_url=public_auth_url)
cfy_client = CloudifyClient(host=manager_creator.get_floating_ip().ip,
username='******',
password='******',
tenant='default_tenant')
self.orchestrator['object'] = cfy_client
self.cfy_manager_ip = manager_creator.get_floating_ip().ip
self.__logger.info("Attemps running status of the Manager")
cfy_status = None
retry = 10
while str(cfy_status) != 'running' and retry:
try:
cfy_status = cfy_client.manager.get_status()['status']
self.__logger.debug("The current manager status is %s",
cfy_status)
except Exception: # pylint: disable=broad-except
self.__logger.warning("Cloudify Manager isn't " +
"up and running. Retrying ...")
retry = retry - 1
time.sleep(30)
if str(cfy_status) == 'running':
self.__logger.info("Cloudify Manager is up and running")
else:
raise Exception("Cloudify Manager isn't up and running")
self.__logger.info("Put OpenStack creds in manager")
secrets_list = cfy_client.secrets.list()
for k, val in cfy_creds.iteritems():
if not any(d.get('key', None) == k for d in secrets_list):
cfy_client.secrets.create(k, val)
else:
cfy_client.secrets.update(k, val)
duration = time.time() - start_time
self.__logger.info("Put private keypair in manager")
if manager_creator.vm_ssh_active(block=True):
ssh = manager_creator.ssh_client()
scp = SCPClient(ssh.get_transport(), socket_timeout=15.0)
scp.put(kp_file, '~/')
cmd = "sudo cp ~/cloudify_vrouter.pem /etc/cloudify/"
run_blocking_ssh_command(ssh, cmd)
cmd = "sudo chmod 444 /etc/cloudify/cloudify_vrouter.pem"
run_blocking_ssh_command(ssh, cmd)
cmd = "sudo yum install -y gcc python-devel"
run_blocking_ssh_command(ssh, cmd,
"Unable to install packages on manager")
self.details['orchestrator'].update(status='PASS', duration=duration)
self.vnf['inputs'].update(dict(external_network_name=ext_net_name))
return True
def test_name_and_direction(self):
settings = SecurityGroupRuleSettings(sec_grp_name='foo',
direction=Direction.ingress)
self.assertEqual('foo', settings.sec_grp_name)
self.assertEqual(Direction.ingress.value, settings.direction.value)
def test_config_with_name_only(self):
with self.assertRaises(SecurityGroupRuleConfigError):
SecurityGroupRuleSettings(**{'sec_grp_name': 'foo'})
def test_name_only(self):
with self.assertRaises(SecurityGroupRuleConfigError):
SecurityGroupRuleSettings(sec_grp_name='foo')
def test_empty_config(self):
with self.assertRaises(SecurityGroupRuleConfigError):
SecurityGroupRuleSettings(**dict())
def test_no_params(self):
with self.assertRaises(SecurityGroupRuleConfigError):
SecurityGroupRuleSettings()
def test_invalid_rule(self):
rule_setting = SecurityGroupRuleSettings(sec_grp_name='bar',
direction=Direction.ingress,
description='test_rule_1')
with self.assertRaises(SecurityGroupConfigError):
SecurityGroupSettings(name='foo', rule_settings=[rule_setting])
