def _set_machine_id(self, client_factory, instance): """ Set the machine id of the VM for guest tools to pick up and change the IP. """ vm_ref = self._get_vm_ref_from_the_name(instance.name) if vm_ref is None: raise exception.InstanceNotFound(instance_id=instance.id) network = db.network_get_by_instance(context.get_admin_context(), instance['id']) mac_addr = instance.mac_address net_mask = network["netmask"] gateway = network["gateway"] ip_addr = db.instance_get_fixed_address(context.get_admin_context(), instance['id']) machine_id_chanfge_spec = \ vm_util.get_machine_id_change_spec(client_factory, mac_addr, ip_addr, net_mask, gateway) LOG.debug(_("Reconfiguring VM instance %(name)s to set the machine id " "with ip - %(ip_addr)s") % ({'name': instance.name, 'ip_addr': ip_addr})) reconfig_task = self._session._call_method(self._session._get_vim(), "ReconfigVM_Task", vm_ref, spec=machine_id_chanfge_spec) self._session._wait_for_task(instance.id, reconfig_task) LOG.debug(_("Reconfigured VM instance %(name)s to set the machine id " "with ip - %(ip_addr)s") % ({'name': instance.name, 'ip_addr': ip_addr}))
def _initial_secure_host(self, instance, ports=None): """ Lock down the host in it's default state """ # TODO(tim.simpson) This hangs if the "lock_path" FLAG value refers to # a directory which can't be locked. It'd be nice # if we could somehow detect that and raise an error # instead. # # Get the ip and network information ctxt = context.get_admin_context() ip = db.instance_get_fixed_address(ctxt, instance["id"]) network = db.fixed_ip_get_network(ctxt, ip) # Create our table instance and add our chains for the instance table_ipv4 = linux_net.iptables_manager.ipv4["filter"] table_ipv6 = linux_net.iptables_manager.ipv6["filter"] table_ipv4.add_chain(instance["name"]) table_ipv6.add_chain(instance["name"]) # As of right now there is no API call to manage security # so there are no rules applied, this really is just a pass. # The thought here is to allow us to pass a list of ports # that should be globally open and lock down the rest but # cannot implement this until the API passes a security # context object down to us. # Apply the rules linux_net.iptables_manager.apply()
def _add_ip(self, instance, netif="eth0", if_file="etc/network/interfaces"): """ Add an ip to the container """ ctxt = context.get_admin_context() ip = db.instance_get_fixed_address(ctxt, instance["id"]) network = db.fixed_ip_get_network(ctxt, ip) net_path = "%s/%s" % (FLAGS.ovz_ve_private_dir, instance["id"]) if_file_path = net_path + "/" + if_file try: os.chdir(net_path) with open(FLAGS.ovz_network_template) as fh: network_file = fh.read() % { "gateway_dev": netif, "address": ip, "netmask": network["netmask"], "gateway": network["gateway"], } # TODO(imsplitbit): Find a way to write to this file without # mangling the perms. utils.execute("sudo", "chmod", "666", if_file_path) fh = open(if_file_path, "a") fh.write(network_file) fh.close() utils.execute("sudo", "chmod", "644", if_file_path) except Exception as err: LOG.error(err) raise exception.Error("Error adding IP")
def _set_nameserver(self, instance): """ Get the nameserver for the assigned network and set it using OpenVz's tools. """ ctxt = context.get_admin_context() ip = db.instance_get_fixed_address(ctxt, instance["id"]) network = db.fixed_ip_get_network(ctxt, ip) try: _, err = utils.execute("sudo", "vzctl", "set", instance["id"], "--save", "--nameserver", network["dns"]) if err: LOG.error(err) except Exception as err: LOG.error(err) raise exception.Error("Unable to set nameserver for %s" % instance["id"])