From 9c9003a0dba755135f643777083b80ec5fa3d910 Mon Sep 17 00:00:00 2001 From: Prasanna Santhanam Date: Sat, 20 Jul 2013 13:29:17 +0530 Subject: [PATCH] CLOUDSTACK-3452: Refactor VirtualMachine.create() When creating a VM if it's going to a basic zone program sec.group rules so as to allow SSH access for any tests requiring ssh access to the guest. Similarly method used to program the NAT and PF for SSH access is refactored and extracted into a separate method. By default no SSH access is allowed if the mode is set to 'default' Signed-off-by: Prasanna Santhanam --- tools/marvin/marvin/integration/lib/base.py | 172 +++++++++----------- 1 file changed, 80 insertions(+), 92 deletions(-) diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py index 0938333c06c..0fb36cc56a0 100755 --- a/tools/marvin/marvin/integration/lib/base.py +++ b/tools/marvin/marvin/integration/lib/base.py @@ -233,12 +233,83 @@ class VirtualMachine: # extract out the ipaddress self.ipaddress = self.nic[0].ipaddress + @classmethod + def ssh_access_group(cls, apiclient, cmd): + """ + Programs the security group with SSH access before deploying virtualmachine + @return: + """ + zone_list = Zone.list( + apiclient, + id=cmd.zoneid if cmd.zoneid else None, + domainid=cmd.domainid if cmd.domainid else None + ) + zone = zone_list[0] + #check if security groups settings is enabled for the zone + if zone.securitygroupsenabled: + list_security_groups = SecurityGroup.list( + apiclient, + securitygroupname="basic_sec_grp" + ) + + if not isinstance(list_security_groups, list): + basic_mode_security_group = SecurityGroup.create( + apiclient, + {"name": "basic_sec_grp"} + ) + sec_grp_services = { + "protocol": "TCP", + "startport": 22, + "endport": 22, + "cidrlist": "0.0.0.0/0" + } + #Authorize security group for above ingress rule + basic_mode_security_group.authorize(apiclient, sec_grp_services, account=cmd.account, + domainid=cmd.domainid) + else: + basic_mode_security_group = list_security_groups[0] + + if isinstance(cmd.securitygroupids, list): + cmd.securitygroupids.append(basic_mode_security_group.id) + else: + cmd.securitygroupids = [basic_mode_security_group.id] + + @classmethod + def access_ssh_over_nat(cls, apiclient, services, virtual_machine): + """ + Program NAT and PF rules to open up ssh access to deployed guest + @return: + """ + public_ip = PublicIPAddress.create( + apiclient, + virtual_machine.account, + virtual_machine.zoneid, + virtual_machine.domainid, + services + ) + FireWallRule.create( + apiclient, + ipaddressid=public_ip.ipaddress.id, + protocol='TCP', + cidrlist=['0.0.0.0/0'], + startport=22, + endport=22 + ) + nat_rule = NATRule.create( + apiclient, + virtual_machine, + services, + ipaddressid=public_ip.ipaddress.id + ) + virtual_machine.ssh_ip = nat_rule.ipaddress + virtual_machine.public_ip = nat_rule.ipaddress + @classmethod def create(cls, apiclient, services, templateid=None, accountid=None, domainid=None, zoneid=None, networkids=None, serviceofferingid=None, securitygroupids=None, projectid=None, startvm=None, diskofferingid=None, affinitygroupnames=None, affinitygroupids=None, group=None, - hostid=None, keypair=None, mode='basic', method='GET'): + hostid=None, keypair=None, mode='default', method='GET'): """Create the instance""" cmd = deployVirtualMachine.deployVirtualMachineCmd() @@ -293,53 +364,6 @@ class VirtualMachine: if securitygroupids: cmd.securitygroupids = [str(sg_id) for sg_id in securitygroupids] - if mode.lower() == 'basic': - - zone_list = Zone.list( - apiclient, - id = cmd.zoneid if cmd.zoneid else None, - domainid = cmd.domainid if cmd.domainid else None - ) - - zone = zone_list[0] - - #check if security groups settings is enabled for the zone - if zone.securitygroupsenabled: - list_security_groups = SecurityGroup.list( - apiclient, - securitygroupname="basic_sec_grp" - ) - - if not isinstance(list_security_groups, list): - basic_mode_security_group = SecurityGroup.create( - apiclient, - {"name":"basic_sec_grp"} - ) - sec_grp_services = {"protocol": "TCP", - "startport": 22, - "endport":22, - "cidrlist": "0.0.0.0/0" - } - - #Authorize security group for above ingress rule - cmd_auth = authorizeSecurityGroupIngress.authorizeSecurityGroupIngressCmd() - cmd_auth.domainid = cmd.domainid - cmd_auth.account = cmd.account - cmd_auth.securitygroupid = basic_mode_security_group.id - cmd_auth.protocol = sec_grp_services["protocol"] - cmd_auth.startport = sec_grp_services["startport"] - cmd_auth.endport = sec_grp_services["endport"] - cmd_auth.cidrlist = sec_grp_services["cidrlist"] - apiclient.authorizeSecurityGroupIngress(cmd_auth) - - else: - basic_mode_security_group = list_security_groups[0] - - if isinstance(cmd.securitygroupids, list): - cmd.securitygroupids.append(basic_mode_security_group.id) - else: - cmd.securitygroupids = [basic_mode_security_group.id] - if "affinitygroupnames" in services: cmd.affinitygroupnames = services["affinitygroupnames"] elif affinitygroupnames: @@ -363,59 +387,23 @@ class VirtualMachine: if group: cmd.group = group + #program default access to ssh + if mode.lower() == 'basic': + cls.ssh_access_group(apiclient, cmd) + virtual_machine = apiclient.deployVirtualMachine(cmd, method=method) + virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress if startvm == False: - virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress virtual_machine.public_ip = virtual_machine.nic[0].ipaddress return VirtualMachine(virtual_machine.__dict__, services) - # VM should be in Running state after deploy - timeout = 10 - while True: - vm_status = VirtualMachine.list( - apiclient, - id=virtual_machine.id - ) - if isinstance(vm_status, list): - if vm_status[0].state == 'Running': - break - elif timeout == 0: - raise Exception( - "TimeOutException: Failed to start VM (ID: %s)" % - virtual_machine.id) - - time.sleep(10) - timeout = timeout - 1 - + #program ssh access over NAT via PF if mode.lower() == 'advanced': - public_ip = PublicIPAddress.create( - apiclient, - virtual_machine.account, - virtual_machine.zoneid, - virtual_machine.domainid, - services - ) - FireWallRule.create( - apiclient, - ipaddressid=public_ip.ipaddress.id, - protocol='TCP', - cidrlist=['0.0.0.0/0'], - startport=22, - endport=22 - ) - nat_rule = NATRule.create( - apiclient, - virtual_machine, - services, - ipaddressid=public_ip.ipaddress.id - ) - virtual_machine.ssh_ip = nat_rule.ipaddress - virtual_machine.public_ip = nat_rule.ipaddress - else: + cls.access_ssh_over_nat(apiclient, services, virtual_machine) + elif mode.lower() == 'basic': virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress virtual_machine.public_ip = virtual_machine.nic[0].ipaddress - return VirtualMachine(virtual_machine.__dict__, services) def start(self, apiclient):