def __create_security_group(self): """ Configure OpenStack security groups. Configures and deploys an OpenStack security group object :return: the creator object """ sg_rules = list() sg_rules.append( SecurityGroupRuleSettings(sec_grp_name=self.sg_name, direction=Direction.ingress, protocol=Protocol.icmp)) sg_rules.append( SecurityGroupRuleSettings(sec_grp_name=self.sg_name, direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=22, port_range_max=22)) sg_rules.append( SecurityGroupRuleSettings(sec_grp_name=self.sg_name, direction=Direction.egress, protocol=Protocol.tcp, port_range_min=22, port_range_max=22)) log = "Security group with name: '%s'" % self.sg_name self.logger.info(log) return deploy_utils.create_security_group(self.os_creds, SecurityGroupSettings( name=self.sg_name, description=self.sg_desc, rule_settings=sg_rules))
def test_config_all(self): settings = SecurityGroupSettings( **{ 'name': 'bar', 'description': 'fubar', 'project_name': 'foo', 'rules': [{ 'sec_grp_name': 'bar', 'direction': 'ingress' }] }) self.assertEqual('bar', settings.name) self.assertEqual('fubar', settings.description) self.assertEqual('foo', settings.project_name) self.assertEqual(1, len(settings.rule_settings)) self.assertEqual('bar', settings.rule_settings[0].sec_grp_name) self.assertEqual(Direction.ingress.value, settings.rule_settings[0].direction.value)
def test_all(self): rule_settings = list() rule_settings.append( SecurityGroupRuleSettings(sec_grp_name='bar', direction=Direction.egress, description='test_rule_1')) rule_settings.append( SecurityGroupRuleSettings(sec_grp_name='bar', direction=Direction.ingress, description='test_rule_2')) settings = SecurityGroupSettings(name='bar', description='fubar', project_name='foo', rule_settings=rule_settings) self.assertEqual('bar', settings.name) self.assertEqual('fubar', settings.description) self.assertEqual('foo', settings.project_name) self.assertEqual(rule_settings[0], settings.rule_settings[0]) self.assertEqual(rule_settings[1], settings.rule_settings[1])
def prepare_security_groups(self): """Create Open Baton security group if it doesn't exist yet""" self.logger.info( "Creating security group for Open Baton if not yet existing...") sg_rules = list() sg_rules.append( SecurityGroupRuleSettings( sec_grp_name="orchestra-sec-group-allowall", direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleSettings( sec_grp_name="orchestra-sec-group-allowall", direction=Direction.egress, protocol=Protocol.tcp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleSettings( sec_grp_name="orchestra-sec-group-allowall", direction=Direction.ingress, protocol=Protocol.udp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleSettings( sec_grp_name="orchestra-sec-group-allowall", direction=Direction.egress, protocol=Protocol.udp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleSettings( sec_grp_name="orchestra-sec-group-allowall", direction=Direction.ingress, protocol=Protocol.icmp)) sg_rules.append( SecurityGroupRuleSettings( sec_grp_name="orchestra-sec-group-allowall", direction=Direction.egress, protocol=Protocol.icmp)) # sg_rules.append( # SecurityGroupRuleSettings( # sec_grp_name="orchestra-sec-group-allowall", # direction=Direction.ingress, # protocol=Protocol.icmp, # port_range_min=-1, # port_range_max=-1)) # sg_rules.append( # SecurityGroupRuleSettings( # sec_grp_name="orchestra-sec-group-allowall", # direction=Direction.egress, # protocol=Protocol.icmp, # port_range_min=-1, # port_range_max=-1)) security_group = OpenStackSecurityGroup( self.snaps_creds, SecurityGroupSettings(name="orchestra-sec-group-allowall", rule_settings=sg_rules)) security_group_info = security_group.create() self.created_resources.append(security_group) self.mano['details']['sec_group'] = security_group_info.name self.logger.info( "Security group orchestra-sec-group-allowall prepared")
def deploy_orchestrator(self): """ Deploy Cloudify Manager. network, security group, fip, VM creation """ # network creation start_time = time.time() self.__logger.info("Creating keypair ...") kp_file = os.path.join(self.data_dir, "cloudify_vrouter.pem") keypair_settings = KeypairSettings(name='cloudify_vrouter_kp', private_filepath=kp_file) keypair_creator = OpenStackKeypair(self.snaps_creds, keypair_settings) keypair_creator.create() self.created_object.append(keypair_creator) self.__logger.info("Creating full network ...") subnet_settings = SubnetSettings(name='cloudify_vrouter_subnet', cidr='10.67.79.0/24') network_settings = NetworkSettings(name='cloudify_vrouter_network', subnet_settings=[subnet_settings]) network_creator = OpenStackNetwork(self.snaps_creds, network_settings) network_creator.create() self.created_object.append(network_creator) ext_net_name = snaps_utils.get_ext_net_name(self.snaps_creds) router_creator = OpenStackRouter( self.snaps_creds, RouterSettings(name='cloudify_vrouter_router', external_gateway=ext_net_name, internal_subnets=[subnet_settings.name])) router_creator.create() self.created_object.append(router_creator) # security group creation self.__logger.info("Creating security group for cloudify manager vm") sg_rules = list() sg_rules.append( SecurityGroupRuleSettings(sec_grp_name="sg-cloudify-manager", direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleSettings(sec_grp_name="sg-cloudify-manager", direction=Direction.ingress, protocol=Protocol.udp, port_range_min=1, port_range_max=65535)) security_group_creator = OpenStackSecurityGroup( self.snaps_creds, SecurityGroupSettings(name="sg-cloudify-manager", rule_settings=sg_rules)) security_group_creator.create() self.created_object.append(security_group_creator) # orchestrator VM flavor self.__logger.info("Get or create flavor for cloudify manager vm ...") flavor_settings = FlavorSettings( name=self.orchestrator['requirements']['flavor']['name'], ram=self.orchestrator['requirements']['flavor']['ram_min'], disk=50, vcpus=2) flavor_creator = OpenStackFlavor(self.snaps_creds, flavor_settings) flavor_creator.create() self.created_object.append(flavor_creator) image_settings = ImageSettings( name=self.orchestrator['requirements']['os_image'], image_user='******', exists=True) port_settings = PortSettings(name='cloudify_manager_port', network_name=network_settings.name) manager_settings = VmInstanceSettings( name='cloudify_manager', flavor=flavor_settings.name, port_settings=[port_settings], security_group_names=[ security_group_creator.sec_grp_settings.name ], floating_ip_settings=[ FloatingIpSettings( name='cloudify_manager_fip', port_name=port_settings.name, router_name=router_creator.router_settings.name) ]) manager_creator = OpenStackVmInstance(self.snaps_creds, manager_settings, image_settings, keypair_settings) self.__logger.info("Creating cloudify manager VM") manager_creator.create() self.created_object.append(manager_creator) public_auth_url = os_utils.get_endpoint('identity') self.__logger.info("Set creds for cloudify manager") cfy_creds = dict(keystone_username=self.tenant_name, keystone_password=self.tenant_name, keystone_tenant_name=self.tenant_name, keystone_url=public_auth_url) cfy_client = CloudifyClient(host=manager_creator.get_floating_ip().ip, username='******', password='******', tenant='default_tenant') self.orchestrator['object'] = cfy_client self.cfy_manager_ip = manager_creator.get_floating_ip().ip self.__logger.info("Attemps running status of the Manager") cfy_status = None retry = 10 while str(cfy_status) != 'running' and retry: try: cfy_status = cfy_client.manager.get_status()['status'] self.__logger.debug("The current manager status is %s", cfy_status) except Exception: # pylint: disable=broad-except self.__logger.warning("Cloudify Manager isn't " + "up and running. Retrying ...") retry = retry - 1 time.sleep(30) if str(cfy_status) == 'running': self.__logger.info("Cloudify Manager is up and running") else: raise Exception("Cloudify Manager isn't up and running") self.__logger.info("Put OpenStack creds in manager") secrets_list = cfy_client.secrets.list() for k, val in cfy_creds.iteritems(): if not any(d.get('key', None) == k for d in secrets_list): cfy_client.secrets.create(k, val) else: cfy_client.secrets.update(k, val) duration = time.time() - start_time self.__logger.info("Put private keypair in manager") if manager_creator.vm_ssh_active(block=True): ssh = manager_creator.ssh_client() scp = SCPClient(ssh.get_transport(), socket_timeout=15.0) scp.put(kp_file, '~/') cmd = "sudo cp ~/cloudify_vrouter.pem /etc/cloudify/" run_blocking_ssh_command(ssh, cmd) cmd = "sudo chmod 444 /etc/cloudify/cloudify_vrouter.pem" run_blocking_ssh_command(ssh, cmd) cmd = "sudo yum install -y gcc python-devel" run_blocking_ssh_command(ssh, cmd, "Unable to install packages on manager") self.details['orchestrator'].update(status='PASS', duration=duration) self.vnf['inputs'].update(dict(external_network_name=ext_net_name)) return True
def test_invalid_rule(self): rule_setting = SecurityGroupRuleSettings(sec_grp_name='bar', direction=Direction.ingress, description='test_rule_1') with self.assertRaises(SecurityGroupConfigError): SecurityGroupSettings(name='foo', rule_settings=[rule_setting])
def test_config_with_name_only(self): settings = SecurityGroupSettings(**{'name': 'foo'}) self.assertEqual('foo', settings.name)
def test_name_only(self): settings = SecurityGroupSettings(name='foo') self.assertEqual('foo', settings.name)
def test_empty_config(self): with self.assertRaises(SecurityGroupConfigError): SecurityGroupSettings(**dict())
def test_no_params(self): with self.assertRaises(SecurityGroupConfigError): SecurityGroupSettings()