mirror of https://github.com/apache/cloudstack.git
CLOUDSTACK-3452: Refactor VirtualMachine.create()
When creating a VM if it's going to a basic zone program sec.group rules so as to allow SSH access for any tests requiring ssh access to the guest. Similarly method used to program the NAT and PF for SSH access is refactored and extracted into a separate method. By default no SSH access is allowed if the mode is set to 'default' Signed-off-by: Prasanna Santhanam <tsp@apache.org>
This commit is contained in:
Prasanna Santhanam
parent
3c360ce028
commit
9c9003a0db
|
|
@ -233,12 +233,83 @@ class VirtualMachine:
|
|||
# extract out the ipaddress
|
||||
self.ipaddress = self.nic[0].ipaddress
|
||||
|
||||
@classmethod
|
||||
def ssh_access_group(cls, apiclient, cmd):
|
||||
"""
|
||||
Programs the security group with SSH access before deploying virtualmachine
|
||||
@return:
|
||||
"""
|
||||
zone_list = Zone.list(
|
||||
apiclient,
|
||||
id=cmd.zoneid if cmd.zoneid else None,
|
||||
domainid=cmd.domainid if cmd.domainid else None
|
||||
)
|
||||
zone = zone_list[0]
|
||||
#check if security groups settings is enabled for the zone
|
||||
if zone.securitygroupsenabled:
|
||||
list_security_groups = SecurityGroup.list(
|
||||
apiclient,
|
||||
securitygroupname="basic_sec_grp"
|
||||
)
|
||||
|
||||
if not isinstance(list_security_groups, list):
|
||||
basic_mode_security_group = SecurityGroup.create(
|
||||
apiclient,
|
||||
{"name": "basic_sec_grp"}
|
||||
)
|
||||
sec_grp_services = {
|
||||
"protocol": "TCP",
|
||||
"startport": 22,
|
||||
"endport": 22,
|
||||
"cidrlist": "0.0.0.0/0"
|
||||
}
|
||||
#Authorize security group for above ingress rule
|
||||
basic_mode_security_group.authorize(apiclient, sec_grp_services, account=cmd.account,
|
||||
domainid=cmd.domainid)
|
||||
else:
|
||||
basic_mode_security_group = list_security_groups[0]
|
||||
|
||||
if isinstance(cmd.securitygroupids, list):
|
||||
cmd.securitygroupids.append(basic_mode_security_group.id)
|
||||
else:
|
||||
cmd.securitygroupids = [basic_mode_security_group.id]
|
||||
|
||||
@classmethod
|
||||
def access_ssh_over_nat(cls, apiclient, services, virtual_machine):
|
||||
"""
|
||||
Program NAT and PF rules to open up ssh access to deployed guest
|
||||
@return:
|
||||
"""
|
||||
public_ip = PublicIPAddress.create(
|
||||
apiclient,
|
||||
virtual_machine.account,
|
||||
virtual_machine.zoneid,
|
||||
virtual_machine.domainid,
|
||||
services
|
||||
)
|
||||
FireWallRule.create(
|
||||
apiclient,
|
||||
ipaddressid=public_ip.ipaddress.id,
|
||||
protocol='TCP',
|
||||
cidrlist=['0.0.0.0/0'],
|
||||
startport=22,
|
||||
endport=22
|
||||
)
|
||||
nat_rule = NATRule.create(
|
||||
apiclient,
|
||||
virtual_machine,
|
||||
services,
|
||||
ipaddressid=public_ip.ipaddress.id
|
||||
)
|
||||
virtual_machine.ssh_ip = nat_rule.ipaddress
|
||||
virtual_machine.public_ip = nat_rule.ipaddress
|
||||
|
||||
@classmethod
|
||||
def create(cls, apiclient, services, templateid=None, accountid=None,
|
||||
domainid=None, zoneid=None, networkids=None, serviceofferingid=None,
|
||||
securitygroupids=None, projectid=None, startvm=None,
|
||||
diskofferingid=None, affinitygroupnames=None, affinitygroupids=None, group=None,
|
||||
hostid=None, keypair=None, mode='basic', method='GET'):
|
||||
hostid=None, keypair=None, mode='default', method='GET'):
|
||||
"""Create the instance"""
|
||||
|
||||
cmd = deployVirtualMachine.deployVirtualMachineCmd()
|
||||
|
|
@ -293,53 +364,6 @@ class VirtualMachine:
|
|||
if securitygroupids:
|
||||
cmd.securitygroupids = [str(sg_id) for sg_id in securitygroupids]
|
||||
|
||||
if mode.lower() == 'basic':
|
||||
|
||||
zone_list = Zone.list(
|
||||
apiclient,
|
||||
id = cmd.zoneid if cmd.zoneid else None,
|
||||
domainid = cmd.domainid if cmd.domainid else None
|
||||
)
|
||||
|
||||
zone = zone_list[0]
|
||||
|
||||
#check if security groups settings is enabled for the zone
|
||||
if zone.securitygroupsenabled:
|
||||
list_security_groups = SecurityGroup.list(
|
||||
apiclient,
|
||||
securitygroupname="basic_sec_grp"
|
||||
)
|
||||
|
||||
if not isinstance(list_security_groups, list):
|
||||
basic_mode_security_group = SecurityGroup.create(
|
||||
apiclient,
|
||||
{"name":"basic_sec_grp"}
|
||||
)
|
||||
sec_grp_services = {"protocol": "TCP",
|
||||
"startport": 22,
|
||||
"endport":22,
|
||||
"cidrlist": "0.0.0.0/0"
|
||||
}
|
||||
|
||||
#Authorize security group for above ingress rule
|
||||
cmd_auth = authorizeSecurityGroupIngress.authorizeSecurityGroupIngressCmd()
|
||||
cmd_auth.domainid = cmd.domainid
|
||||
cmd_auth.account = cmd.account
|
||||
cmd_auth.securitygroupid = basic_mode_security_group.id
|
||||
cmd_auth.protocol = sec_grp_services["protocol"]
|
||||
cmd_auth.startport = sec_grp_services["startport"]
|
||||
cmd_auth.endport = sec_grp_services["endport"]
|
||||
cmd_auth.cidrlist = sec_grp_services["cidrlist"]
|
||||
apiclient.authorizeSecurityGroupIngress(cmd_auth)
|
||||
|
||||
else:
|
||||
basic_mode_security_group = list_security_groups[0]
|
||||
|
||||
if isinstance(cmd.securitygroupids, list):
|
||||
cmd.securitygroupids.append(basic_mode_security_group.id)
|
||||
else:
|
||||
cmd.securitygroupids = [basic_mode_security_group.id]
|
||||
|
||||
if "affinitygroupnames" in services:
|
||||
cmd.affinitygroupnames = services["affinitygroupnames"]
|
||||
elif affinitygroupnames:
|
||||
|
|
@ -363,59 +387,23 @@ class VirtualMachine:
|
|||
if group:
|
||||
cmd.group = group
|
||||
|
||||
#program default access to ssh
|
||||
if mode.lower() == 'basic':
|
||||
cls.ssh_access_group(apiclient, cmd)
|
||||
|
||||
virtual_machine = apiclient.deployVirtualMachine(cmd, method=method)
|
||||
|
||||
virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress
|
||||
if startvm == False:
|
||||
virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress
|
||||
virtual_machine.public_ip = virtual_machine.nic[0].ipaddress
|
||||
return VirtualMachine(virtual_machine.__dict__, services)
|
||||
|
||||
# VM should be in Running state after deploy
|
||||
timeout = 10
|
||||
while True:
|
||||
vm_status = VirtualMachine.list(
|
||||
apiclient,
|
||||
id=virtual_machine.id
|
||||
)
|
||||
if isinstance(vm_status, list):
|
||||
if vm_status[0].state == 'Running':
|
||||
break
|
||||
elif timeout == 0:
|
||||
raise Exception(
|
||||
"TimeOutException: Failed to start VM (ID: %s)" %
|
||||
virtual_machine.id)
|
||||
|
||||
time.sleep(10)
|
||||
timeout = timeout - 1
|
||||
|
||||
#program ssh access over NAT via PF
|
||||
if mode.lower() == 'advanced':
|
||||
public_ip = PublicIPAddress.create(
|
||||
apiclient,
|
||||
virtual_machine.account,
|
||||
virtual_machine.zoneid,
|
||||
virtual_machine.domainid,
|
||||
services
|
||||
)
|
||||
FireWallRule.create(
|
||||
apiclient,
|
||||
ipaddressid=public_ip.ipaddress.id,
|
||||
protocol='TCP',
|
||||
cidrlist=['0.0.0.0/0'],
|
||||
startport=22,
|
||||
endport=22
|
||||
)
|
||||
nat_rule = NATRule.create(
|
||||
apiclient,
|
||||
virtual_machine,
|
||||
services,
|
||||
ipaddressid=public_ip.ipaddress.id
|
||||
)
|
||||
virtual_machine.ssh_ip = nat_rule.ipaddress
|
||||
virtual_machine.public_ip = nat_rule.ipaddress
|
||||
else:
|
||||
cls.access_ssh_over_nat(apiclient, services, virtual_machine)
|
||||
elif mode.lower() == 'basic':
|
||||
virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress
|
||||
virtual_machine.public_ip = virtual_machine.nic[0].ipaddress
|
||||
|
||||
return VirtualMachine(virtual_machine.__dict__, services)
|
||||
|
||||
def start(self, apiclient):
|
||||
|
|
|
|||
Loading…
Reference in New Issue