def _set_machine_id(self, client_factory, instance):
"""
Set the machine id of the VM for guest tools to pick up and change
the IP.
"""
vm_ref = self._get_vm_ref_from_the_name(instance.name)
if vm_ref is None:
raise exception.InstanceNotFound(instance_id=instance.id)
network = db.network_get_by_instance(context.get_admin_context(),
instance['id'])
mac_addr = instance.mac_address
net_mask = network["netmask"]
gateway = network["gateway"]
ip_addr = db.instance_get_fixed_address(context.get_admin_context(),
instance['id'])
machine_id_chanfge_spec = \
vm_util.get_machine_id_change_spec(client_factory, mac_addr,
ip_addr, net_mask, gateway)
LOG.debug(_("Reconfiguring VM instance %(name)s to set the machine id "
"with ip - %(ip_addr)s") %
({'name': instance.name,
'ip_addr': ip_addr}))
reconfig_task = self._session._call_method(self._session._get_vim(),
"ReconfigVM_Task", vm_ref,
spec=machine_id_chanfge_spec)
self._session._wait_for_task(instance.id, reconfig_task)
LOG.debug(_("Reconfigured VM instance %(name)s to set the machine id "
"with ip - %(ip_addr)s") %
({'name': instance.name,
'ip_addr': ip_addr}))
def _initial_secure_host(self, instance, ports=None):
"""
Lock down the host in it's default state
"""
# TODO(tim.simpson) This hangs if the "lock_path" FLAG value refers to
# a directory which can't be locked. It'd be nice
# if we could somehow detect that and raise an error
# instead.
#
# Get the ip and network information
ctxt = context.get_admin_context()
ip = db.instance_get_fixed_address(ctxt, instance["id"])
network = db.fixed_ip_get_network(ctxt, ip)
# Create our table instance and add our chains for the instance
table_ipv4 = linux_net.iptables_manager.ipv4["filter"]
table_ipv6 = linux_net.iptables_manager.ipv6["filter"]
table_ipv4.add_chain(instance["name"])
table_ipv6.add_chain(instance["name"])
# As of right now there is no API call to manage security
# so there are no rules applied, this really is just a pass.
# The thought here is to allow us to pass a list of ports
# that should be globally open and lock down the rest but
# cannot implement this until the API passes a security
# context object down to us.
# Apply the rules
linux_net.iptables_manager.apply()
def _add_ip(self, instance, netif="eth0", if_file="etc/network/interfaces"):
"""
Add an ip to the container
"""
ctxt = context.get_admin_context()
ip = db.instance_get_fixed_address(ctxt, instance["id"])
network = db.fixed_ip_get_network(ctxt, ip)
net_path = "%s/%s" % (FLAGS.ovz_ve_private_dir, instance["id"])
if_file_path = net_path + "/" + if_file
try:
os.chdir(net_path)
with open(FLAGS.ovz_network_template) as fh:
network_file = fh.read() % {
"gateway_dev": netif,
"address": ip,
"netmask": network["netmask"],
"gateway": network["gateway"],
}
# TODO(imsplitbit): Find a way to write to this file without
# mangling the perms.
utils.execute("sudo", "chmod", "666", if_file_path)
fh = open(if_file_path, "a")
fh.write(network_file)
fh.close()
utils.execute("sudo", "chmod", "644", if_file_path)
except Exception as err:
LOG.error(err)
raise exception.Error("Error adding IP")
def _set_nameserver(self, instance):
"""
Get the nameserver for the assigned network and set it using
OpenVz's tools.
"""
ctxt = context.get_admin_context()
ip = db.instance_get_fixed_address(ctxt, instance["id"])
network = db.fixed_ip_get_network(ctxt, ip)
try:
_, err = utils.execute("sudo", "vzctl", "set", instance["id"], "--save", "--nameserver", network["dns"])
if err:
LOG.error(err)
except Exception as err:
LOG.error(err)
raise exception.Error("Unable to set nameserver for %s" % instance["id"])