예제 #1
0
    def _provision_ext_sec_group(self, custom_ext_rules=None):
        sg_name_ext = self.name + '-ext'
        try:
            oaw.check_secgroup_exists(self.nova_client, sg_name_ext)
        except RuntimeError:
            print
            print '    Creating security group for external access'
            print '    NOTE: you can modify the rules afterwards through '
            print
            print '      nova secgroup-add-rule %s ...' % sg_name_ext
            print
            print '      or through the web interface'
            print
            sg = oaw.create_sec_group(
                self.nova_client, sg_name_ext,
                'Security group for %s external access' % self.name)
            self.__prov_log('create', 'sec-group', sg.id, sg.name)

            # add user configured rules (override the cluster config rules with custom_ext_rules if provided)
            ext_rules = []
            if custom_ext_rules:
                ext_rules = custom_ext_rules
            elif 'ext-secgroup-rules' in self.config['cluster'].keys():
                ext_rules = self.config['cluster']['ext-secgroup-rules']

            for rule in ext_rules:
                print "    adding rule '%s'" % rule
                proto, from_port, to_port, cidr = rule.strip().split()
                oaw.add_sec_group_rule(self.nova_client,
                                       sg.id,
                                       ip_protocol=proto,
                                       from_port=from_port,
                                       to_port=to_port,
                                       cidr=cidr)
예제 #2
0
    def _provision_ext_sec_group(self, custom_ext_rules=None):
        sg_name_ext = self.name + "-ext"
        try:
            oaw.check_secgroup_exists(self.nova_client, sg_name_ext)
        except RuntimeError:
            print
            print "    Creating security group for external access"
            print "    NOTE: you can modify the rules afterwards through "
            print
            print "      nova secgroup-add-rule %s ..." % sg_name_ext
            print
            print "      or through the web interface"
            print
            sg = oaw.create_sec_group(
                self.nova_client, sg_name_ext, "Security group for %s external access" % self.name
            )
            self.__prov_log("create", "sec-group", sg.id, sg.name)

            # add user configured rules (override the cluster config rules with custom_ext_rules if provided)
            ext_rules = []
            if custom_ext_rules:
                ext_rules = custom_ext_rules
            elif "ext-secgroup-rules" in self.config["cluster"].keys():
                ext_rules = self.config["cluster"]["ext-secgroup-rules"]

            for rule in ext_rules:
                print "    adding rule '%s'" % rule
                proto, from_port, to_port, cidr = rule.strip().split()
                oaw.add_sec_group_rule(
                    self.nova_client, sg.id, ip_protocol=proto, from_port=from_port, to_port=to_port, cidr=cidr
                )
예제 #3
0
    def update_firewall(self, rules_file):
        with open(rules_file, "r") as rf:
            rules = [x.strip() for x in rf.readlines()]

        sg_name = self.name + "-ext"
        print "Updating firewall rules in sec-group %s" % sg_name

        print "    removing old rules"
        oaw.delete_sec_group_rules(self.nova_client, sg_name)
        sg = oaw.find_security_group_by_name(self.nova_client, sg_name)
        for rule in rules:
            if not len(rule) or rule.startswith("#"):
                continue
            print "    adding rule '%s'" % rule
            proto, from_port, to_port, cidr = rule.strip().split()
            oaw.add_sec_group_rule(
                self.nova_client, sg.id, ip_protocol=proto, from_port=from_port, to_port=to_port, cidr=cidr
            )
예제 #4
0
    def update_firewall(self, rules_file):
        with open(rules_file, 'r') as rf:
            rules = [x.strip() for x in rf.readlines()]

        sg_name = self.name + '-ext'
        print "Updating firewall rules in sec-group %s" % sg_name

        print "    removing old rules"
        oaw.delete_sec_group_rules(self.nova_client, sg_name)
        sg = oaw.find_security_group_by_name(self.nova_client, sg_name)
        for rule in rules:
            if not len(rule) or rule.startswith('#'):
                continue
            print "    adding rule '%s'" % rule
            proto, from_port, to_port, cidr = rule.strip().split()
            oaw.add_sec_group_rule(self.nova_client,
                                   sg.id,
                                   ip_protocol=proto,
                                   from_port=from_port,
                                   to_port=to_port,
                                   cidr=cidr)