def _provision_ext_sec_group(self, custom_ext_rules=None):
sg_name_ext = self.name + '-ext'
try:
oaw.check_secgroup_exists(self.nova_client, sg_name_ext)
except RuntimeError:
print
print ' Creating security group for external access'
print ' NOTE: you can modify the rules afterwards through '
print
print ' nova secgroup-add-rule %s ...' % sg_name_ext
print
print ' or through the web interface'
print
sg = oaw.create_sec_group(
self.nova_client, sg_name_ext,
'Security group for %s external access' % self.name)
self.__prov_log('create', 'sec-group', sg.id, sg.name)
# add user configured rules (override the cluster config rules with custom_ext_rules if provided)
ext_rules = []
if custom_ext_rules:
ext_rules = custom_ext_rules
elif 'ext-secgroup-rules' in self.config['cluster'].keys():
ext_rules = self.config['cluster']['ext-secgroup-rules']
for rule in ext_rules:
print " adding rule '%s'" % rule
proto, from_port, to_port, cidr = rule.strip().split()
oaw.add_sec_group_rule(self.nova_client,
sg.id,
ip_protocol=proto,
from_port=from_port,
to_port=to_port,
cidr=cidr)
def _provision_ext_sec_group(self, custom_ext_rules=None):
sg_name_ext = self.name + "-ext"
try:
oaw.check_secgroup_exists(self.nova_client, sg_name_ext)
except RuntimeError:
print
print " Creating security group for external access"
print " NOTE: you can modify the rules afterwards through "
print
print " nova secgroup-add-rule %s ..." % sg_name_ext
print
print " or through the web interface"
print
sg = oaw.create_sec_group(
self.nova_client, sg_name_ext, "Security group for %s external access" % self.name
)
self.__prov_log("create", "sec-group", sg.id, sg.name)
# add user configured rules (override the cluster config rules with custom_ext_rules if provided)
ext_rules = []
if custom_ext_rules:
ext_rules = custom_ext_rules
elif "ext-secgroup-rules" in self.config["cluster"].keys():
ext_rules = self.config["cluster"]["ext-secgroup-rules"]
for rule in ext_rules:
print " adding rule '%s'" % rule
proto, from_port, to_port, cidr = rule.strip().split()
oaw.add_sec_group_rule(
self.nova_client, sg.id, ip_protocol=proto, from_port=from_port, to_port=to_port, cidr=cidr
)
def update_firewall(self, rules_file):
with open(rules_file, "r") as rf:
rules = [x.strip() for x in rf.readlines()]
sg_name = self.name + "-ext"
print "Updating firewall rules in sec-group %s" % sg_name
print " removing old rules"
oaw.delete_sec_group_rules(self.nova_client, sg_name)
sg = oaw.find_security_group_by_name(self.nova_client, sg_name)
for rule in rules:
if not len(rule) or rule.startswith("#"):
continue
print " adding rule '%s'" % rule
proto, from_port, to_port, cidr = rule.strip().split()
oaw.add_sec_group_rule(
self.nova_client, sg.id, ip_protocol=proto, from_port=from_port, to_port=to_port, cidr=cidr
)
def update_firewall(self, rules_file):
with open(rules_file, 'r') as rf:
rules = [x.strip() for x in rf.readlines()]
sg_name = self.name + '-ext'
print "Updating firewall rules in sec-group %s" % sg_name
print " removing old rules"
oaw.delete_sec_group_rules(self.nova_client, sg_name)
sg = oaw.find_security_group_by_name(self.nova_client, sg_name)
for rule in rules:
if not len(rule) or rule.startswith('#'):
continue
print " adding rule '%s'" % rule
proto, from_port, to_port, cidr = rule.strip().split()
oaw.add_sec_group_rule(self.nova_client,
sg.id,
ip_protocol=proto,
from_port=from_port,
to_port=to_port,
cidr=cidr)