def create_customer_gateway(context, ip_address, type, bgp_asn=None):
if bgp_asn and bgp_asn != DEFAULT_BGP_ASN:
raise exception.Unsupported("BGP dynamic routing is unsupported")
customer_gateway = next((cgw for cgw in db_api.get_items(context, 'cgw')
if cgw['ip_address'] == ip_address), None)
if not customer_gateway:
customer_gateway = db_api.add_item(context, 'cgw',
{'ip_address': ip_address})
return {'customerGateway': _format_customer_gateway(customer_gateway)}
def get_os_public_network(context):
neutron = clients.neutron(context)
search_opts = {'router:external': True, 'name': CONF.external_network}
os_networks = neutron.list_networks(**search_opts)['networks']
if len(os_networks) != 1:
if CONF.external_network:
if len(os_networks) == 0:
msg = "No external network with name '%s' is found"
else:
msg = "More than one external network with name '%s' is found"
LOG.error(msg, CONF.external_network)
else:
if len(os_networks) == 0:
msg = 'No external network is found'
else:
msg = 'More than one external network is found'
LOG.error(msg)
raise exception.Unsupported(_('Feature is restricted by OS admin'))
return os_networks[0]
def import_image(context, architecture=None, client_data=None,
client_token=None, description=None, disk_container=None,
hypervisor=None, license_type=None, platform=None,
role_name=None):
# Check architecture
validate_enum(architecture, ('i386', 'x86_64'), 'architecture',
allow_empty=True)
# Ignore client_data...?
if client_data is not None:
raise exception.Unsupported(reason='Client data is not supported')
# Ignore client_token...?
if client_token is not None:
raise exception.Unsupported(reason='Client token is not supported')
# Description retrieved below
# Check disk_container
disk = disk_container[0]
url = disk.get('url')
disk_format = disk.get('format', 'RAW')
if disk.get('snapshotid') is not None:
raise exception.Unsupported(reason='Snapshot IDs not supported')
if url is None or disk.get('userbucket') is not None:
raise exception.Unsupported(reason='Buckets not implemented. Need URL')
# disk_container descrption overrides default descrption
description = disk.get('description') or description
# hypervisor set below
# Ignore license_type
validate_enum(license_type, ('AWS', 'BYOL'), 'license_type', allow_empty=True)
# Check platform
validate_enum(platform, ('Linux', 'Windows'), 'platform', allow_empty=True)
if role_name is not None:
raise exception.Unsupported(reason='Buckets not implemented. Need URL')
# Create EC2 image
ec2_image = { 'is_public': False }
if description is not None:
ec2_image['description'] = description
ec2_image = db_api.add_item(context, 'ami', ec2_image)
# Create properties for openstack
properties = {}
if architecture is not None:
properties['architecture'] = architecture
if hypervisor is not None:
properties['hypervisor_type'] = hypervisor
if license_type is not None:
properties['license_type'] = license_type
if platform is not None:
properties['os_type'] = platform
if description is not None:
properties['description'] = description
# Set EC2 id for retrieval on the way back
properties['ec2_id'] = ec2_image['id']
# Connect to glance
glance = clients.glance(context)
# NOTE: container_format is not currently used, so we can always default
# to bare. Read more here:
# http://docs.openstack.org/developer/glance/formats.html
os_image = glance.images.create(
name=ec2_image['id'], copy_from=url, disk_format=disk_format,
container_format='bare', properties=properties, is_public=False)
# Update EC2 id
ec2_image['os_id'] = os_image.id
db_api.update_item(context, ec2_image)
return {'imageId': ec2_image['id']}
def create_vpn_connection(context,
customer_gateway_id,
vpn_gateway_id,
type,
options=None):
if not options or options.get('static_routes_only') is not True:
raise exception.Unsupported('BGP dynamic routing is unsupported')
customer_gateway = ec2utils.get_db_item(context, customer_gateway_id)
vpn_gateway = ec2utils.get_db_item(context, vpn_gateway_id)
vpn_connection = next(
(vpn for vpn in db_api.get_items(context, 'vpn')
if vpn['customer_gateway_id'] == customer_gateway_id), None)
if vpn_connection:
if vpn_connection['vpn_gateway_id'] == vpn_gateway_id:
ec2_vpn_connections = describe_vpn_connections(
context, vpn_connection_id=[vpn_connection['id']])
return {
'vpnConnection': ec2_vpn_connections['vpnConnectionSet'][0]
}
else:
raise exception.InvalidCustomerGatewayDuplicateIpAddress()
neutron = clients.neutron(context)
with common.OnCrashCleaner() as cleaner:
os_ikepolicy = {
'ike_version': 'v1',
'auth_algorithm': 'sha1',
'encryption_algorithm': 'aes-128',
'pfs': 'group2',
'phase1_negotiation_mode': 'main',
'lifetime': {
'units': 'seconds',
'value': 28800
}
}
os_ikepolicy = neutron.create_ikepolicy({'ikepolicy':
os_ikepolicy})['ikepolicy']
cleaner.addCleanup(neutron.delete_ikepolicy, os_ikepolicy['id'])
os_ipsecpolicy = {
'transform_protocol': 'esp',
'auth_algorithm': 'sha1',
'encryption_algorithm': 'aes-128',
'pfs': 'group2',
'encapsulation_mode': 'tunnel',
'lifetime': {
'units': 'seconds',
'value': 3600
}
}
os_ipsecpolicy = neutron.create_ipsecpolicy(
{'ipsecpolicy': os_ipsecpolicy})['ipsecpolicy']
cleaner.addCleanup(neutron.delete_ipsecpolicy, os_ipsecpolicy['id'])
psk = ''.join(random.choice(SHARED_KEY_CHARS) for _x in range(32))
vpn_connection = db_api.add_item(
context, 'vpn', {
'customer_gateway_id': customer_gateway['id'],
'vpn_gateway_id': vpn_gateway['id'],
'pre_shared_key': psk,
'os_ikepolicy_id': os_ikepolicy['id'],
'os_ipsecpolicy_id': os_ipsecpolicy['id'],
'cidrs': [],
'os_ipsec_site_connections': {}
})
cleaner.addCleanup(db_api.delete_item, context, vpn_connection['id'])
neutron.update_ikepolicy(os_ikepolicy['id'],
{'ikepolicy': {
'name': vpn_connection['id']
}})
neutron.update_ipsecpolicy(
os_ipsecpolicy['id'],
{'ipsecpolicy': {
'name': vpn_connection['id']
}})
_reset_vpn_connections(context,
neutron,
cleaner,
vpn_gateway,
vpn_connections=[vpn_connection])
ec2_vpn_connections = describe_vpn_connections(
context, vpn_connection_id=[vpn_connection['id']])
return {'vpnConnection': ec2_vpn_connections['vpnConnectionSet'][0]}