diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py index 0938333c06c..0fb36cc56a0 100755 --- a/tools/marvin/marvin/integration/lib/base.py +++ b/tools/marvin/marvin/integration/lib/base.py @@ -233,12 +233,83 @@ class VirtualMachine: # extract out the ipaddress self.ipaddress = self.nic[0].ipaddress + @classmethod + def ssh_access_group(cls, apiclient, cmd): + """ + Programs the security group with SSH access before deploying virtualmachine + @return: + """ + zone_list = Zone.list( + apiclient, + id=cmd.zoneid if cmd.zoneid else None, + domainid=cmd.domainid if cmd.domainid else None + ) + zone = zone_list[0] + #check if security groups settings is enabled for the zone + if zone.securitygroupsenabled: + list_security_groups = SecurityGroup.list( + apiclient, + securitygroupname="basic_sec_grp" + ) + + if not isinstance(list_security_groups, list): + basic_mode_security_group = SecurityGroup.create( + apiclient, + {"name": "basic_sec_grp"} + ) + sec_grp_services = { + "protocol": "TCP", + "startport": 22, + "endport": 22, + "cidrlist": "0.0.0.0/0" + } + #Authorize security group for above ingress rule + basic_mode_security_group.authorize(apiclient, sec_grp_services, account=cmd.account, + domainid=cmd.domainid) + else: + basic_mode_security_group = list_security_groups[0] + + if isinstance(cmd.securitygroupids, list): + cmd.securitygroupids.append(basic_mode_security_group.id) + else: + cmd.securitygroupids = [basic_mode_security_group.id] + + @classmethod + def access_ssh_over_nat(cls, apiclient, services, virtual_machine): + """ + Program NAT and PF rules to open up ssh access to deployed guest + @return: + """ + public_ip = PublicIPAddress.create( + apiclient, + virtual_machine.account, + virtual_machine.zoneid, + virtual_machine.domainid, + services + ) + FireWallRule.create( + apiclient, + ipaddressid=public_ip.ipaddress.id, + protocol='TCP', + cidrlist=['0.0.0.0/0'], + startport=22, + endport=22 + ) + nat_rule = NATRule.create( + apiclient, + virtual_machine, + services, + ipaddressid=public_ip.ipaddress.id + ) + virtual_machine.ssh_ip = nat_rule.ipaddress + virtual_machine.public_ip = nat_rule.ipaddress + @classmethod def create(cls, apiclient, services, templateid=None, accountid=None, domainid=None, zoneid=None, networkids=None, serviceofferingid=None, securitygroupids=None, projectid=None, startvm=None, diskofferingid=None, affinitygroupnames=None, affinitygroupids=None, group=None, - hostid=None, keypair=None, mode='basic', method='GET'): + hostid=None, keypair=None, mode='default', method='GET'): """Create the instance""" cmd = deployVirtualMachine.deployVirtualMachineCmd() @@ -293,53 +364,6 @@ class VirtualMachine: if securitygroupids: cmd.securitygroupids = [str(sg_id) for sg_id in securitygroupids] - if mode.lower() == 'basic': - - zone_list = Zone.list( - apiclient, - id = cmd.zoneid if cmd.zoneid else None, - domainid = cmd.domainid if cmd.domainid else None - ) - - zone = zone_list[0] - - #check if security groups settings is enabled for the zone - if zone.securitygroupsenabled: - list_security_groups = SecurityGroup.list( - apiclient, - securitygroupname="basic_sec_grp" - ) - - if not isinstance(list_security_groups, list): - basic_mode_security_group = SecurityGroup.create( - apiclient, - {"name":"basic_sec_grp"} - ) - sec_grp_services = {"protocol": "TCP", - "startport": 22, - "endport":22, - "cidrlist": "0.0.0.0/0" - } - - #Authorize security group for above ingress rule - cmd_auth = authorizeSecurityGroupIngress.authorizeSecurityGroupIngressCmd() - cmd_auth.domainid = cmd.domainid - cmd_auth.account = cmd.account - cmd_auth.securitygroupid = basic_mode_security_group.id - cmd_auth.protocol = sec_grp_services["protocol"] - cmd_auth.startport = sec_grp_services["startport"] - cmd_auth.endport = sec_grp_services["endport"] - cmd_auth.cidrlist = sec_grp_services["cidrlist"] - apiclient.authorizeSecurityGroupIngress(cmd_auth) - - else: - basic_mode_security_group = list_security_groups[0] - - if isinstance(cmd.securitygroupids, list): - cmd.securitygroupids.append(basic_mode_security_group.id) - else: - cmd.securitygroupids = [basic_mode_security_group.id] - if "affinitygroupnames" in services: cmd.affinitygroupnames = services["affinitygroupnames"] elif affinitygroupnames: @@ -363,59 +387,23 @@ class VirtualMachine: if group: cmd.group = group + #program default access to ssh + if mode.lower() == 'basic': + cls.ssh_access_group(apiclient, cmd) + virtual_machine = apiclient.deployVirtualMachine(cmd, method=method) + virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress if startvm == False: - virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress virtual_machine.public_ip = virtual_machine.nic[0].ipaddress return VirtualMachine(virtual_machine.__dict__, services) - # VM should be in Running state after deploy - timeout = 10 - while True: - vm_status = VirtualMachine.list( - apiclient, - id=virtual_machine.id - ) - if isinstance(vm_status, list): - if vm_status[0].state == 'Running': - break - elif timeout == 0: - raise Exception( - "TimeOutException: Failed to start VM (ID: %s)" % - virtual_machine.id) - - time.sleep(10) - timeout = timeout - 1 - + #program ssh access over NAT via PF if mode.lower() == 'advanced': - public_ip = PublicIPAddress.create( - apiclient, - virtual_machine.account, - virtual_machine.zoneid, - virtual_machine.domainid, - services - ) - FireWallRule.create( - apiclient, - ipaddressid=public_ip.ipaddress.id, - protocol='TCP', - cidrlist=['0.0.0.0/0'], - startport=22, - endport=22 - ) - nat_rule = NATRule.create( - apiclient, - virtual_machine, - services, - ipaddressid=public_ip.ipaddress.id - ) - virtual_machine.ssh_ip = nat_rule.ipaddress - virtual_machine.public_ip = nat_rule.ipaddress - else: + cls.access_ssh_over_nat(apiclient, services, virtual_machine) + elif mode.lower() == 'basic': virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress virtual_machine.public_ip = virtual_machine.nic[0].ipaddress - return VirtualMachine(virtual_machine.__dict__, services) def start(self, apiclient):