def create(nova_client, **kwargs):
security_group = build_sg_data()
security_group['description'] = ctx.node.properties['description']
sgr_default_values = {
'ip_protocol': 'tcp',
'from_port': 1,
'to_port': 65535,
'cidr': '0.0.0.0/0',
# 'group_id': None,
# 'parent_group_id': None,
}
sg_rules = process_rules(nova_client, sgr_default_values,
'cidr', 'group_id', 'from_port', 'to_port')
if use_external_sg(nova_client):
return
transform_resource_name(ctx, security_group)
sg = nova_client.security_groups.create(
security_group['name'], security_group['description'])
set_sg_runtime_properties(sg, nova_client)
try:
for sgr in sg_rules:
sgr['parent_group_id'] = sg.id
nova_client.security_group_rules.create(**sgr)
except Exception:
delete_resource_and_runtime_properties(ctx, nova_client,
RUNTIME_PROPERTIES_KEYS)
raise
def create(neutron_client, args, **kwargs):
security_group = build_sg_data(args)
sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
'remote_ip_prefix', 'remote_group_id',
'port_range_min', 'port_range_max')
disable_default_egress_rules = ctx.node.properties.get(
'disable_default_egress_rules')
if use_external_sg(neutron_client):
return
transform_resource_name(ctx, security_group)
sg = neutron_client.create_security_group(
{'security_group': security_group})['security_group']
set_sg_runtime_properties(sg, neutron_client)
try:
if disable_default_egress_rules:
for er in _egress_rules(_rules_for_sg_id(neutron_client,
sg['id'])):
neutron_client.delete_security_group_rule(er['id'])
for sgr in sg_rules:
sgr['security_group_id'] = sg['id']
neutron_client.create_security_group_rule(
{'security_group_rule': sgr})
except Exception:
delete_resource_and_runtime_properties(ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
raise
def create(nova_client, **kwargs):
security_group = build_sg_data()
security_group['description'] = ctx.node.properties['description']
sgr_default_values = {
'ip_protocol': 'tcp',
'from_port': 1,
'to_port': 65535,
'cidr': '0.0.0.0/0',
# 'group_id': None,
# 'parent_group_id': None,
}
sg_rules = process_rules(nova_client, sgr_default_values, 'cidr',
'group_id', 'from_port', 'to_port')
if use_external_sg(nova_client):
return
transform_resource_name(ctx, security_group)
sg = nova_client.security_groups.create(security_group['name'],
security_group['description'])
set_sg_runtime_properties(sg, nova_client)
try:
for sgr in sg_rules:
sgr['parent_group_id'] = sg.id
nova_client.security_group_rules.create(**sgr)
except Exception:
delete_resource_and_runtime_properties(ctx, nova_client,
RUNTIME_PROPERTIES_KEYS)
raise
def create(neutron_client, args, **kwargs):
security_group = build_sg_data(args)
sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
'remote_ip_prefix', 'remote_group_id',
'port_range_min', 'port_range_max')
disable_default_egress_rules = ctx.node.properties.get(
'disable_default_egress_rules')
if use_external_sg(neutron_client):
return
transform_resource_name(ctx, security_group)
sg = neutron_client.create_security_group(
{'security_group': security_group})['security_group']
set_sg_runtime_properties(sg, neutron_client)
try:
if disable_default_egress_rules:
for er in _egress_rules(_rules_for_sg_id(neutron_client,
sg['id'])):
neutron_client.delete_security_group_rule(er['id'])
for sgr in sg_rules:
sgr['security_group_id'] = sg['id']
neutron_client.create_security_group_rule(
{'security_group_rule': sgr})
except Exception:
delete_resource_and_runtime_properties(ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
raise
def create(neutron_client, **kwargs):
""" Create security group with rules.
Parameters transformations:
rules.N.remote_group_name -> rules.N.remote_group_id
rules.N.remote_group_node -> rules.N.remote_group_id
(Node name in YAML)
"""
security_group = {
'description': None,
'name': get_resource_id(ctx, SECURITY_GROUP_OPENSTACK_TYPE),
}
security_group.update(ctx.node.properties['security_group'])
rules_to_apply = ctx.node.properties['rules']
from neutron_plugin.security_group_rule import _process_rule
security_group_rules = []
for rule in rules_to_apply:
security_group_rules.append(_process_rule(rule, neutron_client))
disable_default_egress_rules = ctx.node.properties.get(
'disable_default_egress_rules')
external_sg = use_external_resource(ctx, neutron_client,
SECURITY_GROUP_OPENSTACK_TYPE)
if external_sg:
try:
_ensure_existing_sg_is_identical(
external_sg, security_group, security_group_rules,
not disable_default_egress_rules)
return
except Exception:
delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS)
raise
transform_resource_name(ctx, security_group)
sg = neutron_client.create_security_group(
{'security_group': security_group})['security_group']
ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] = sg['id']
ctx.instance.runtime_properties[OPENSTACK_TYPE_PROPERTY] = \
SECURITY_GROUP_OPENSTACK_TYPE
ctx.instance.runtime_properties[OPENSTACK_NAME_PROPERTY] = sg['name']
try:
if disable_default_egress_rules:
for er in _egress_rules(_rules_for_sg_id(neutron_client,
sg['id'])):
neutron_client.delete_security_group_rule(er['id'])
for sgr in security_group_rules:
sgr['security_group_id'] = sg['id']
neutron_client.create_security_group_rule(
{'security_group_rule': sgr})
except neutron_exceptions.NeutronClientException:
delete_resource_and_runtime_properties(ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
raise
def create(neutron_client,
args,
status_attempts=10,
status_timeout=2,
**kwargs):
security_group = build_sg_data(args)
if not security_group['description']:
security_group['description'] = ctx.node.properties['description']
sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
'remote_ip_prefix', 'remote_group_id',
'port_range_min', 'port_range_max')
disable_default_egress_rules = ctx.node.properties.get(
'disable_default_egress_rules')
if use_external_sg(neutron_client):
return
transform_resource_name(ctx, security_group)
sg = neutron_client.create_security_group(
{'security_group': security_group})['security_group']
for attempt in range(max(status_attempts, 1)):
sleep(status_timeout)
try:
neutron_client.show_security_group(sg['id'])
except RequestException as e:
ctx.logger.debug(
"Waiting for SG to be visible. Attempt {}".format(attempt))
else:
break
else:
raise NonRecoverableError(
"Timed out waiting for security_group to exist", e)
set_sg_runtime_properties(sg, neutron_client)
try:
if disable_default_egress_rules:
for er in _egress_rules(_rules_for_sg_id(neutron_client,
sg['id'])):
neutron_client.delete_security_group_rule(er['id'])
for sgr in sg_rules:
sgr['security_group_id'] = sg['id']
neutron_client.create_security_group_rule(
{'security_group_rule': sgr})
except Exception:
try:
delete_resource_and_runtime_properties(ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
except Exception as e:
raise NonRecoverableError('Exception while tearing down for retry',
e)
raise
def create(
neutron_client, args,
status_attempts=10, status_timeout=2, **kwargs
):
security_group = build_sg_data(args)
if not security_group['description']:
security_group['description'] = ctx.node.properties['description']
sg_rules = process_rules(neutron_client, DEFAULT_RULE_VALUES,
'remote_ip_prefix', 'remote_group_id',
'port_range_min', 'port_range_max')
disable_default_egress_rules = ctx.node.properties.get(
'disable_default_egress_rules')
if use_external_sg(neutron_client):
return
transform_resource_name(ctx, security_group)
sg = neutron_client.create_security_group(
{'security_group': security_group})['security_group']
for attempt in range(max(status_attempts, 1)):
sleep(status_timeout)
try:
neutron_client.show_security_group(sg['id'])
except RequestException as e:
ctx.logger.debug("Waiting for SG to be visible. Attempt {}".format(
attempt))
else:
break
else:
raise NonRecoverableError(
"Timed out waiting for security_group to exist", e)
set_sg_runtime_properties(sg, neutron_client)
try:
if disable_default_egress_rules:
for er in _egress_rules(_rules_for_sg_id(neutron_client,
sg['id'])):
neutron_client.delete_security_group_rule(er['id'])
for sgr in sg_rules:
sgr['security_group_id'] = sg['id']
neutron_client.create_security_group_rule(
{'security_group_rule': sgr})
except Exception:
try:
delete_resource_and_runtime_properties(
ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
except Exception as e:
raise NonRecoverableError(
'Exception while tearing down for retry', e)
raise
def delete(cinder_client, **kwargs):
# seach snapshots for volume
search_opts = {
'volume_id': get_openstack_id(ctx),
}
_delete_snapshot(cinder_client, search_opts)
# remove volume itself
delete_resource_and_runtime_properties(ctx, cinder_client,
RUNTIME_PROPERTIES_KEYS)
def delete(keystone_client, nova_client, cinder_client,
neutron_client, **kwargs):
tenant_id = ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY]
quota = ctx.node.properties[TENANT_QUOTA_TYPE]
delete_quota(tenant_id, quota, nova_client, 'nova')
delete_quota(tenant_id, quota, neutron_client, 'neutron')
delete_quota(tenant_id, quota, cinder_client, 'cinder')
delete_resource_and_runtime_properties(ctx, keystone_client,
RUNTIME_PROPERTIES_KEYS)
def delete(keystone_client, nova_client, cinder_client,
neutron_client, **kwargs):
project_id = get_openstack_id(ctx)
quota = ctx.node.properties[PROJECT_QUOTA_TYPE]
delete_quota(project_id, quota, nova_client, NOVA)
delete_quota(project_id, quota, neutron_client, NEUTRON)
delete_quota(project_id, quota, cinder_client, CINDER)
delete_resource_and_runtime_properties(ctx, keystone_client,
RUNTIME_PROPERTIES_KEYS)
def delete(keystone_client, nova_client, cinder_client, neutron_client,
**kwargs):
tenant_id = ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY]
quota = ctx.node.properties[TENANT_QUOTA_TYPE]
delete_quota(tenant_id, quota, nova_client, 'nova')
delete_quota(tenant_id, quota, neutron_client, 'neutron')
delete_quota(tenant_id, quota, cinder_client, 'cinder')
delete_resource_and_runtime_properties(ctx, keystone_client,
RUNTIME_PROPERTIES_KEYS)
def delete(neutron_client, **kwargs):
try:
delete_resource_and_runtime_properties(ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
except neutron_exceptions.NeutronClientException, e:
if e.status_code == 404:
# port was probably deleted when an attached device was deleted
delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS)
else:
raise
def delete(neutron_client, **kwargs):
try:
delete_resource_and_runtime_properties(ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
except neutron_exceptions.NeutronClientException, e:
if e.status_code == 404:
# port was probably deleted when an attached device was deleted
delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS)
else:
raise
def delete(nova_client, **kwargs):
if not is_external_resource(ctx):
host_aggregate = nova_client.aggregates.get(get_openstack_id(ctx))
_remove_hosts(ctx, nova_client, get_openstack_id(ctx),
host_aggregate.hosts)
if HOSTS_PROPERTY in ctx.instance.runtime_properties:
ctx.instance.runtime_properties.pop(HOSTS_PROPERTY, None)
delete_resource_and_runtime_properties(ctx, nova_client,
RUNTIME_PROPERTIES_KEYS)
def create(nova_client, args, **kwargs):
private_key_path = _get_private_key_path()
pk_exists = _check_private_key_exists(private_key_path)
if use_external_resource(ctx, nova_client, KEYPAIR_OPENSTACK_TYPE):
if not pk_exists:
delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS)
raise NonRecoverableError(
'Failed to use external keypair (node {0}): the public key {1}'
' is available on Openstack, but the private key could not be '
'found at {2}'.format(ctx.node.id,
ctx.node.properties['resource_id'],
private_key_path))
return
if pk_exists:
raise NonRecoverableError(
"Can't create keypair - private key path already exists: {0}".
format(private_key_path))
keypair = {
'name': get_resource_id(ctx, KEYPAIR_OPENSTACK_TYPE),
}
keypair.update(ctx.node.properties['keypair'], **args)
transform_resource_name(ctx, keypair)
keypair = nova_client.keypairs.create(keypair['name'],
keypair.get('public_key'))
ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] = keypair.id
ctx.instance.runtime_properties[OPENSTACK_TYPE_PROPERTY] = \
KEYPAIR_OPENSTACK_TYPE
ctx.instance.runtime_properties[OPENSTACK_NAME_PROPERTY] = keypair.name
try:
# write private key file
_mkdir_p(os.path.dirname(private_key_path))
with open(private_key_path, 'w') as f:
f.write(keypair.private_key)
os.chmod(private_key_path, 0600)
except Exception:
_delete_private_key_file()
delete_resource_and_runtime_properties(ctx, nova_client,
RUNTIME_PROPERTIES_KEYS)
raise
def create(nova_client, args, **kwargs):
private_key_path = _get_private_key_path()
pk_exists = _check_private_key_exists(private_key_path)
if use_external_resource(ctx, nova_client, KEYPAIR_OPENSTACK_TYPE):
if not pk_exists:
delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS)
raise NonRecoverableError(
'Failed to use external keypair (node {0}): the public key {1}'
' is available on Openstack, but the private key could not be '
'found at {2}'.format(ctx.node.id,
ctx.node.properties['resource_id'],
private_key_path))
return
if pk_exists:
raise NonRecoverableError(
"Can't create keypair - private key path already exists: {0}"
.format(private_key_path))
keypair = {
'name': get_resource_id(ctx, KEYPAIR_OPENSTACK_TYPE),
}
keypair.update(ctx.node.properties['keypair'], **args)
transform_resource_name(ctx, keypair)
keypair = nova_client.keypairs.create(keypair['name'],
keypair.get('public_key'))
ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] = keypair.id
ctx.instance.runtime_properties[OPENSTACK_TYPE_PROPERTY] = \
KEYPAIR_OPENSTACK_TYPE
ctx.instance.runtime_properties[OPENSTACK_NAME_PROPERTY] = keypair.name
try:
# write private key file
_mkdir_p(os.path.dirname(private_key_path))
with open(private_key_path, 'w') as f:
f.write(keypair.private_key)
os.chmod(private_key_path, 0600)
except Exception:
_delete_private_key_file()
delete_resource_and_runtime_properties(ctx, nova_client,
RUNTIME_PROPERTIES_KEYS)
raise
def delete(glance_client, **kwargs):
_remove_protected(glance_client)
delete_resource_and_runtime_properties(ctx, glance_client,
RUNTIME_PROPERTIES_KEYS)
def delete_floatingip(client, **kwargs):
delete_resource_and_runtime_properties(ctx, client,
RUNTIME_PROPERTIES_KEYS)
def delete_floatingip(client, **kwargs):
delete_resource_and_runtime_properties(ctx, client,
RUNTIME_PROPERTIES_KEYS)
def delete(nova_client, **kwargs):
if not is_external_resource(ctx):
_remove_hosts(ctx, nova_client, get_openstack_id(ctx), kwargs)
delete_resource_and_runtime_properties(ctx, nova_client,
RUNTIME_PROPERTIES_KEYS)
def delete(keystone_client, **kwargs):
delete_resource_and_runtime_properties(ctx, keystone_client,
RUNTIME_PROPERTIES_KEYS)
def delete(nova_client, **kwargs):
delete_resource_and_runtime_properties(ctx, nova_client,
RUNTIME_PROPERTIES_KEYS)
delete_runtime_properties(ctx, [EXTRA_SPECS_PROPERTY, TENANTS_PROPERTY])
def delete(neutron_client, **kwargs):
delete_resource_and_runtime_properties(ctx, neutron_client,
RUNTIME_PROPERTIES_KEYS)
def delete(cinder_client, **kwargs):
delete_resource_and_runtime_properties(ctx, cinder_client,
RUNTIME_PROPERTIES_KEYS)
def delete(glance_client, **kwargs):
_remove_protected(glance_client)
delete_resource_and_runtime_properties(ctx, glance_client,
RUNTIME_PROPERTIES_KEYS)
