def __init__(self, request): neutron_enabled = base.is_service_enabled(request, 'network') if neutron_enabled: self.floating_ips = neutron.FloatingIpManager(request) else: self.floating_ips = nova.FloatingIpManager(request) if (neutron_enabled and neutron.is_extension_supported(request, 'security-group')): self.secgroups = neutron.SecurityGroupManager(request) else: self.secgroups = nova.SecurityGroupManager(request)
def __init__(self, request): # TODO(amotoki): neutron check needs to be dropped. # The network API wrapper can depend on neutron. neutron_enabled = base.is_service_enabled(request, 'network') if neutron_enabled: self.floating_ips = neutron.FloatingIpManager(request) else: self.floating_ips = None if (neutron_enabled and neutron.is_extension_supported(request, 'security-group')): self.secgroups = neutron.SecurityGroupManager(request) else: self.secgroups = None
def __init__(self, request): neutron_enabled = base.is_service_enabled(request, 'network') if neutron_enabled: self.floating_ips = neutron.FloatingIpManager(request) else: self.floating_ips = nova.FloatingIpManager(request) # Not all qunantum plugins support security group, # so we have enable_security_group configuration parameter. neutron_sg_enabled = getattr(settings, 'OPENSTACK_NEUTRON_NETWORK', {}).get('enable_security_group', True) if neutron_enabled and neutron_sg_enabled: self.secgroups = neutron.SecurityGroupManager(request) else: self.secgroups = nova.SecurityGroupManager(request)
def setup_new_project(request, project_id, project_name, data): try: acct_table = getattr(settings, 'ACCOUNTING', None) if acct_table: uid = acct_table.get('user_id', None) roleid = acct_table.get('role_id', None) if uid and roleid: keystone_api.add_tenant_user_role(request, project_id, uid, roleid) except: LOG.error("Cannot add user for accounting", exc_info=True) messages.error(request, _("Cannot add user for accounting")) unit_id = data.get('unit', None) cloud_table = get_unit_table() if not unit_id or not unit_id in cloud_table: return unit_data = cloud_table[unit_id] prj_cname = re.sub(r'\s+', "-", project_name) flow_step = 0 try: cinder_params = dict() for pkey, pvalue in unit_data.items(): if pkey == 'quota_total': cinder_params['gigabytes'] = pvalue elif pkey == 'quota_per_volume': cinder_params['per_volume_gigabytes'] = pvalue elif pkey.startswith('quota_'): cinder_params['gigabytes_' + pkey[6:]] = pvalue if len(cinder_params): cinder_api.tenant_quota_update(request, project_id, **cinder_params) except: LOG.error("Cannot setup project quota", exc_info=True) messages.error(request, _("Cannot setup project quota")) try: hyper_list = unit_data.get('hypervisors', []) if len(hyper_list): agg_prj_cname = "%s-%s" % (unit_data.get('aggregate_prefix', unit_id), prj_cname) avail_zone = unit_data.get('availability_zone', 'nova') new_aggr = nova_api.aggregate_create(request, agg_prj_cname, avail_zone) flow_step += 1 for h_item in hyper_list: nova_api.add_host_to_aggregate(request, new_aggr.id, h_item) flow_step += 1 all_md = { 'filter_tenant_id' : project_id } all_md.update(unit_data.get('metadata', {})) nova_api.aggregate_set_metadata(request, new_aggr.id, all_md) flow_step = 0 except: if flow_step == 0: err_msg = _("Cannot create host aggregate") elif flow_step == 1: err_msg = _("Cannot insert hypervisor in aggregate") else: err_msg = _("Cannot set metadata for aggregate") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: subnet_cidr = data['%s-net' % unit_id] prj_lan_name = "%s-lan" % prj_cname prj_net = neutron_api.network_create(request, tenant_id=project_id, name=prj_lan_name) flow_step += 1 net_args = { 'cidr' : subnet_cidr, 'ip_version' : 4, 'dns_nameservers' : unit_data.get('nameservers', []), 'enable_dhcp' : True, 'tenant_id' : project_id, 'name' : "sub-%s-lan" % prj_cname } prj_sub = neutron_api.subnet_create(request, prj_net['id'], **net_args) flow_step += 1 if 'lan_router' in unit_data: f_ips = [{ "ip_address" : subnet_cidr.replace('0/24', '1'), "subnet_id" : prj_sub['id'] }] r_port = neutron_api.port_create(request, prj_net['id'], tenant_id=project_id, project_id=project_id, fixed_ips=f_ips) neutron_api.router_add_interface(request, unit_data['lan_router'], port_id=r_port['id']) flow_step = 0 except: if flow_step == 0: err_msg = _("Cannot create network") elif flow_step == 1: err_msg = _("Cannot create sub-network") else: err_msg = _("Cannot add interface to router") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: subnet_cidr = data['%s-net' % unit_id] def_sec_group = None for sg_item in neutron_api.security_group_list(request, tenant_id=project_id): if sg_item['name'].lower() == 'default': def_sec_group = sg_item['id'] LOG.info("Found default security group %s" % def_sec_group) break flow_step += 1 sg_client = neutron_api.SecurityGroupManager(request).client if not def_sec_group: sg_params = { 'name': 'default', 'description': 'Default Security Group for ' + project_name, 'tenant_id': project_id } secgroup = sg_client.create_security_group({ 'security_group' : sg_params }) def_sec_group = SecurityGroup(secgroup.get('security_group')) flow_step += 1 # # Workaround: the tenant_id cannot be specified through high level API # port22_params = { 'security_group_id': def_sec_group, 'direction': 'ingress', 'ethertype': 'IPv4', 'protocol': 'tcp', 'port_range_min': 22, 'port_range_max': 22, 'remote_ip_prefix': "0.0.0.0/0", 'tenant_id' : project_id } icmp_params = { 'security_group_id': def_sec_group, 'direction': 'ingress', 'ethertype': 'IPv4', 'protocol': 'icmp', 'remote_ip_prefix': "0.0.0.0/0", 'tenant_id' : project_id } sg_client.create_security_group_rule({'security_group_rule': port22_params}) sg_client.create_security_group_rule({'security_group_rule': icmp_params}) except: if flow_step == 0: err_msg = _("Cannot retrieve default security group") elif flow_step == 1: err_msg = _("Cannot create default security group") else: err_msg = _("Cannot insert basic rules") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: new_tags = list() new_tags.append(ORG_TAG_FMT % unit_data.get('organization', 'other')) for ou_id in data.get('%s-ou' % unit_id, []): if ou_id.strip(): new_tags.append(OU_TAG_FMT % ou_id.strip()) kclient = keystone_api.keystoneclient(request) kclient.projects.update_tags(project_id, new_tags) except: LOG.error("Cannot add organization tags", exc_info=True) messages.error(request, _("Cannot add organization tags"))