def _dhcp_operation(vca_client, network_name, operation): """ update dhcp setting for network """ dhcp_settings = ctx.node.properties['network'].get('dhcp') if dhcp_settings is None: return True gateway_name = ctx.node.properties["network"]['edge_gateway'] gateway = get_gateway(vca_client, gateway_name) if gateway.is_busy(): return False if operation == ADD_POOL: ip = _split_adresses(dhcp_settings['dhcp_range']) low_ip_address = check_ip(ip.start) hight_ip_address = check_ip(ip.end) default_lease = dhcp_settings.get('default_lease') max_lease = dhcp_settings.get('max_lease') gateway.add_dhcp_pool(network_name, low_ip_address, hight_ip_address, default_lease, max_lease) if save_gateway_configuration(gateway, vca_client): ctx.logger.info("DHCP rule successful created for network {0}" .format(network_name)) return True if operation == DELETE_POOL: gateway.delete_dhcp_pool(network_name) if save_gateway_configuration(gateway, vca_client): ctx.logger.info("DHCP rule successful deleted for network {0}" .format(network_name)) return True return False
def _dhcp_operation(vca_client, network_name, operation): """ update dhcp setting for network """ dhcp_settings = ctx.node.properties['network'].get('dhcp') if dhcp_settings is None: return gateway_name = ctx.node.properties["network"]['edge_gateway'] gateway = vca_client.get_gateway(get_vcloud_config()['vdc'], gateway_name) if not gateway: raise cfy_exc.NonRecoverableError( "Gateway {0} not found!".format(gateway_name)) if operation == ADD_POOL: ip = _split_adresses(dhcp_settings['dhcp_range']) low_ip_address = check_ip(ip.start) hight_ip_address = check_ip(ip.end) default_lease = dhcp_settings.get('default_lease') max_lease = dhcp_settings.get('max_lease') gateway.add_dhcp_pool(network_name, low_ip_address, hight_ip_address, default_lease, max_lease) ctx.logger.info("DHCP rule successful created for network {0}".format( network_name)) if operation == DELETE_POOL: gateway.delete_dhcp_pool(network_name) ctx.logger.info("DHCP rule successful deleted for network {0}".format( network_name)) if not save_gateway_configuration(gateway, vca_client): return ctx.operation.retry(message='Waiting for gateway.', retry_after=10)
def _dhcp_operation(vca_client, network_name, operation): """ update dhcp setting for network """ dhcp_settings = ctx.node.properties["network"].get("dhcp") if dhcp_settings is None: return gateway_name = ctx.node.properties["network"]["edge_gateway"] gateway = vca_client.get_gateway(get_vcloud_config()["vdc"], gateway_name) if not gateway: raise cfy_exc.NonRecoverableError("Gateway {0} not found!".format(gateway_name)) if operation == ADD_POOL: ip = _split_adresses(dhcp_settings["dhcp_range"]) low_ip_address = check_ip(ip.start) hight_ip_address = check_ip(ip.end) default_lease = dhcp_settings.get("default_lease") max_lease = dhcp_settings.get("max_lease") gateway.add_dhcp_pool(network_name, low_ip_address, hight_ip_address, default_lease, max_lease) ctx.logger.info("DHCP rule successful created for network {0}".format(network_name)) if operation == DELETE_POOL: gateway.delete_dhcp_pool(network_name) ctx.logger.info("DHCP rule successful deleted for network {0}".format(network_name)) if not save_gateway_configuration(gateway, vca_client): return ctx.operation.retry(message="Waiting for gateway.", retry_after=10)
def _save_configuration(gateway, vca_client, operation, public_ip): """ save/refresh nat rules on gateway """ ctx.logger.info("Save NAT configuration.") success = save_gateway_configuration(gateway, vca_client) if not success: return False ctx.logger.info("NAT configuration has been saved.") if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip else: service_type = get_vcloud_config().get('service_type') if is_ondemand(service_type): if not ctx.target.node.properties['nat'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx ) if PUBLIC_IP in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PUBLIC_IP] if PORT_REPLACEMENT in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PORT_REPLACEMENT] return True
def test_save_gateway_configuration(self): """ check reation of out code for different results from server on save configuration """ gateway = self.generate_gateway() fake_client = self.generate_client() # cant save configuration - error in first call self.set_services_conf_result(gateway, None) with self.assertRaises(cfy_exc.NonRecoverableError): network_plugin.save_gateway_configuration(gateway, fake_client) # error in status self.set_services_conf_result(gateway, vcloud_plugin_common.TASK_STATUS_ERROR) with self.assertRaises(cfy_exc.NonRecoverableError): network_plugin.save_gateway_configuration(gateway, fake_client) # everything fine self.set_services_conf_result(gateway, vcloud_plugin_common.TASK_STATUS_SUCCESS) self.assertTrue( network_plugin.save_gateway_configuration(gateway, fake_client)) # server busy self.set_services_conf_result(gateway, None) self.set_gateway_busy(gateway) self.assertFalse( network_plugin.save_gateway_configuration(gateway, fake_client))
def _floatingip_operation(operation, vca_client, ctx): """ create/release floating ip by nat rules for this ip with relation to internal ip for current node, save selected public_ip in runtime properties """ service_type = get_vcloud_config().get('service_type') gateway = get_gateway( vca_client, ctx.target.node.properties['floatingip']['edge_gateway']) internal_ip = get_vm_ip(vca_client, ctx, gateway) nat_operation = None public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP) or ctx.target.node.properties['floatingip'].get(PUBLIC_IP)) if operation == CREATE: CheckAssignedInternalIp(internal_ip, gateway) if public_ip: CheckAssignedExternalIp(public_ip, gateway) else: public_ip = get_public_ip(vca_client, gateway, service_type, ctx) nat_operation = _add_nat_rule elif operation == DELETE: if not public_ip: ctx.logger.info("Can't get external IP".format(public_ip)) return nat_operation = _del_nat_rule else: raise cfy_exc.NonRecoverableError( "Unknown operation {0}".format(operation) ) external_ip = check_ip(public_ip) nat_operation(gateway, "SNAT", internal_ip, external_ip) nat_operation(gateway, "DNAT", external_ip, internal_ip) if not save_gateway_configuration(gateway, vca_client): return ctx.operation.retry(message='Waiting for gateway.', retry_after=10) if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip else: if is_ondemand(service_type): if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx) del ctx.target.instance.runtime_properties[PUBLIC_IP]
def _floatingip_operation(operation, vca_client, ctx): """ create/release floating ip by nat rules for this ip with relation to internal ip for current node, save selected public_ip in runtime properties """ service_type = get_vcloud_config().get('service_type') gateway = get_gateway( vca_client, ctx.target.node.properties['floatingip']['edge_gateway']) if gateway.is_busy(): return False internal_ip = get_vm_ip(vca_client, ctx, gateway) nat_operation = None public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP) or ctx.target.node.properties['floatingip'].get(PUBLIC_IP)) if operation == CREATE: CheckAssignedInternalIp(internal_ip, gateway) if public_ip: CheckAssignedExternalIp(public_ip, gateway) else: public_ip = get_public_ip(vca_client, gateway, service_type, ctx) nat_operation = _add_nat_rule elif operation == DELETE: if not public_ip: ctx.logger.info("Can't get external IP".format(public_ip)) return nat_operation = _del_nat_rule else: raise cfy_exc.NonRecoverableError( "Unknown operation {0}".format(operation)) external_ip = check_ip(public_ip) nat_operation(gateway, "SNAT", internal_ip, external_ip) nat_operation(gateway, "DNAT", external_ip, internal_ip) success = save_gateway_configuration(gateway, vca_client) if not success: return False if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip else: if is_ondemand(service_type): if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx) del ctx.target.instance.runtime_properties[PUBLIC_IP] return True
def _save_configuration(gateway, vca_client, operation, public_ip): if not save_gateway_configuration(gateway, vca_client): return ctx.operation.retry(message='Waiting for gateway.', retry_after=10) ctx.logger.info("NAT configuration has been saved") if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip else: service_type = get_vcloud_config().get('service_type') if is_ondemand(service_type): if not ctx.target.node.properties['nat'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx) del ctx.target.instance.runtime_properties[PUBLIC_IP]
def _save_configuration(gateway, vca_client, operation, public_ip): """ save/refresh nat rules on gateway """ if not save_gateway_configuration(gateway, vca_client): return ctx.operation.retry(message='Waiting for gateway.', retry_after=10) ctx.logger.info("NAT configuration has been saved") if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip else: service_type = get_vcloud_config().get('service_type') if is_ondemand(service_type): if not ctx.target.node.properties['nat'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx) del ctx.target.instance.runtime_properties[PUBLIC_IP]
def _rule_operation(operation, vca_client): """ create/delete firewall rules in gateway for current node """ gateway = get_gateway( vca_client, _get_gateway_name(ctx.target.node.properties)) if gateway.is_busy(): return False for rule in ctx.target.node.properties['rules']: description = rule.get('description', "Rule added by pyvcloud").strip() source_ip = rule.get("source", "external") if not _is_literal_ip(source_ip): check_ip(source_ip) elif _is_host_ip(source_ip): source_ip = get_vm_ip(vca_client, ctx, gateway) source_port = str(rule.get("source_port", "any")) dest_ip = rule.get("destination", "external") if not _is_literal_ip(dest_ip): check_ip(dest_ip) elif _is_host_ip(dest_ip): dest_ip = get_vm_ip(vca_client, ctx, gateway) dest_port = str(rule.get('destination_port', 'any')) protocol = rule.get('protocol', 'any').capitalize() action = rule.get("action", "allow") log = rule.get('log_traffic', False) if operation == CREATE_RULE: gateway.add_fw_rule( True, description, action, protocol, dest_port, dest_ip, source_port, source_ip, log) ctx.logger.info( "Firewall rule has been created: {0}".format(description)) elif operation == DELETE_RULE: gateway.delete_fw_rule(protocol, dest_port, dest_ip, source_port, source_ip) ctx.logger.info( "Firewall rule has been deleted: {0}".format(description)) return save_gateway_configuration(gateway, vca_client)
def _rule_operation(operation, vca_client): """ create/delete firewall rules in gateway for current node """ gateway = get_gateway(vca_client, _get_gateway_name(ctx.target.node.properties)) if gateway.is_busy(): return False for rule in ctx.target.node.properties['rules']: description = rule.get('description', "Rule added by pyvcloud").strip() source_ip = rule.get("source", "external") if not _is_literal_ip(source_ip): check_ip(source_ip) elif _is_host_ip(source_ip): source_ip = get_vm_ip(vca_client, ctx, gateway) source_port = str(rule.get("source_port", "any")) dest_ip = rule.get("destination", "external") if not _is_literal_ip(dest_ip): check_ip(dest_ip) elif _is_host_ip(dest_ip): dest_ip = get_vm_ip(vca_client, ctx, gateway) dest_port = str(rule.get('destination_port', 'any')) protocol = rule.get('protocol', 'any').capitalize() action = rule.get("action", "allow") log = rule.get('log_traffic', False) if operation == CREATE_RULE: gateway.add_fw_rule(True, description, action, protocol, dest_port, dest_ip, source_port, source_ip, log) ctx.logger.info( "Firewall rule has been created: {0}".format(description)) elif operation == DELETE_RULE: gateway.delete_fw_rule(protocol, dest_port, dest_ip, source_port, source_ip) ctx.logger.info( "Firewall rule has been deleted: {0}".format(description)) return save_gateway_configuration(gateway, vca_client)
def _save_configuration(gateway, vca_client, operation, public_ip): """ save/refresh nat rules on gateway """ ctx.logger.info("Save NAT configuration.") success = save_gateway_configuration(gateway, vca_client) if not success: return False ctx.logger.info("NAT configuration has been saved.") if operation == CREATE: ctx.target.instance.runtime_properties[PUBLIC_IP] = public_ip else: service_type = get_vcloud_config().get('service_type') if is_ondemand(service_type): if not ctx.target.node.properties['nat'].get(PUBLIC_IP): del_ondemand_public_ip( vca_client, gateway, ctx.target.instance.runtime_properties[PUBLIC_IP], ctx) if PUBLIC_IP in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PUBLIC_IP] if PORT_REPLACEMENT in ctx.target.instance.runtime_properties: del ctx.target.instance.runtime_properties[PORT_REPLACEMENT] return True
def _rule_operation(operation, vca_client): gateway = get_gateway( vca_client, _get_gateway_name(ctx.target.node.properties)) for rule in ctx.target.node.properties['rules']: description = rule.get('description', "Rule added by pyvcloud").strip() source_ip = rule.get("source", "external").capitalize() if source_ip not in ADDRESS_LITERALS: check_ip(source_ip) elif source_ip == ADDRESS_LITERALS[-1]: source_ip = get_vm_ip(vca_client, ctx, gateway) source_port = str(rule.get("source_port", "any")).capitalize() dest_ip = rule.get("destination", "external").capitalize() if dest_ip not in ADDRESS_LITERALS: check_ip(dest_ip) elif dest_ip == ADDRESS_LITERALS[-1]: dest_ip = get_vm_ip(vca_client, ctx, gateway) dest_port = str(rule.get('destination_port', 'any')).capitalize() protocol = rule.get('protocol', 'any').capitalize() action = rule.get("action", "allow") log = rule.get('log_traffic', False) if operation == CREATE_RULE: gateway.add_fw_rule( True, description, action, protocol, dest_port, dest_ip, source_port, source_ip, log) ctx.logger.info( "Firewall rule has been created: {0}".format(description)) elif operation == DELETE_RULE: gateway.delete_fw_rule(protocol, dest_port, dest_ip.lower(), source_port, source_ip.lower()) ctx.logger.info( "Firewall rule has been deleted: {0}".format(description)) if not save_gateway_configuration(gateway, vca_client): return ctx.operation.retry(message='Waiting for gateway.', retry_after=10)
def test_save_gateway_configuration(self): """ check reation of out code for different results from server on save configuration """ gateway = self.generate_gateway() fake_client = self.generate_client() # cant save configuration - error in first call self.set_services_conf_result( gateway, None ) with self.assertRaises(cfy_exc.NonRecoverableError): network_plugin.save_gateway_configuration( gateway, fake_client ) # error in status self.set_services_conf_result( gateway, vcloud_plugin_common.TASK_STATUS_ERROR ) with self.assertRaises(cfy_exc.NonRecoverableError): network_plugin.save_gateway_configuration( gateway, fake_client ) # everything fine self.set_services_conf_result( gateway, vcloud_plugin_common.TASK_STATUS_SUCCESS ) self.assertTrue( network_plugin.save_gateway_configuration( gateway, fake_client ) ) # server busy self.set_services_conf_result( gateway, None ) self.set_gateway_busy(gateway) self.assertFalse( network_plugin.save_gateway_configuration( gateway, fake_client ) )