Updated Branches: refs/heads/master 4f8c43fc2 -> b8148c622
CLOUDSTACK-3452: Refactor VirtualMachine.create() When creating a VM if it's going to a basic zone program sec.group rules so as to allow SSH access for any tests requiring ssh access to the guest. Similarly method used to program the NAT and PF for SSH access is refactored and extracted into a separate method. By default no SSH access is allowed if the mode is set to 'default' Signed-off-by: Prasanna Santhanam <[email protected]> (cherry picked from commit 9c9003a0dba755135f643777083b80ec5fa3d910) Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b8148c62 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b8148c62 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b8148c62 Branch: refs/heads/master Commit: b8148c6220afbea119d70715d0771faaacd3ff9b Parents: 4f8c43f Author: Prasanna Santhanam <[email protected]> Authored: Sat Jul 20 13:29:17 2013 +0530 Committer: Prasanna Santhanam <[email protected]> Committed: Sat Jul 20 13:31:03 2013 +0530 ---------------------------------------------------------------------- tools/marvin/marvin/integration/lib/base.py | 172 +++++++++++------------ 1 file changed, 80 insertions(+), 92 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b8148c62/tools/marvin/marvin/integration/lib/base.py ---------------------------------------------------------------------- diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py index 0938333..0fb36cc 100755 --- a/tools/marvin/marvin/integration/lib/base.py +++ b/tools/marvin/marvin/integration/lib/base.py @@ -234,11 +234,82 @@ class VirtualMachine: self.ipaddress = self.nic[0].ipaddress @classmethod + def ssh_access_group(cls, apiclient, cmd): + """ + Programs the security group with SSH access before deploying virtualmachine + @return: + """ + zone_list = Zone.list( + apiclient, + id=cmd.zoneid if cmd.zoneid else None, + domainid=cmd.domainid if cmd.domainid else None + ) + zone = zone_list[0] + #check if security groups settings is enabled for the zone + if zone.securitygroupsenabled: + list_security_groups = SecurityGroup.list( + apiclient, + securitygroupname="basic_sec_grp" + ) + + if not isinstance(list_security_groups, list): + basic_mode_security_group = SecurityGroup.create( + apiclient, + {"name": "basic_sec_grp"} + ) + sec_grp_services = { + "protocol": "TCP", + "startport": 22, + "endport": 22, + "cidrlist": "0.0.0.0/0" + } + #Authorize security group for above ingress rule + basic_mode_security_group.authorize(apiclient, sec_grp_services, account=cmd.account, + domainid=cmd.domainid) + else: + basic_mode_security_group = list_security_groups[0] + + if isinstance(cmd.securitygroupids, list): + cmd.securitygroupids.append(basic_mode_security_group.id) + else: + cmd.securitygroupids = [basic_mode_security_group.id] + + @classmethod + def access_ssh_over_nat(cls, apiclient, services, virtual_machine): + """ + Program NAT and PF rules to open up ssh access to deployed guest + @return: + """ + public_ip = PublicIPAddress.create( + apiclient, + virtual_machine.account, + virtual_machine.zoneid, + virtual_machine.domainid, + services + ) + FireWallRule.create( + apiclient, + ipaddressid=public_ip.ipaddress.id, + protocol='TCP', + cidrlist=['0.0.0.0/0'], + startport=22, + endport=22 + ) + nat_rule = NATRule.create( + apiclient, + virtual_machine, + services, + ipaddressid=public_ip.ipaddress.id + ) + virtual_machine.ssh_ip = nat_rule.ipaddress + virtual_machine.public_ip = nat_rule.ipaddress + + @classmethod def create(cls, apiclient, services, templateid=None, accountid=None, domainid=None, zoneid=None, networkids=None, serviceofferingid=None, securitygroupids=None, projectid=None, startvm=None, diskofferingid=None, affinitygroupnames=None, affinitygroupids=None, group=None, - hostid=None, keypair=None, mode='basic', method='GET'): + hostid=None, keypair=None, mode='default', method='GET'): """Create the instance""" cmd = deployVirtualMachine.deployVirtualMachineCmd() @@ -293,53 +364,6 @@ class VirtualMachine: if securitygroupids: cmd.securitygroupids = [str(sg_id) for sg_id in securitygroupids] - if mode.lower() == 'basic': - - zone_list = Zone.list( - apiclient, - id = cmd.zoneid if cmd.zoneid else None, - domainid = cmd.domainid if cmd.domainid else None - ) - - zone = zone_list[0] - - #check if security groups settings is enabled for the zone - if zone.securitygroupsenabled: - list_security_groups = SecurityGroup.list( - apiclient, - securitygroupname="basic_sec_grp" - ) - - if not isinstance(list_security_groups, list): - basic_mode_security_group = SecurityGroup.create( - apiclient, - {"name":"basic_sec_grp"} - ) - sec_grp_services = {"protocol": "TCP", - "startport": 22, - "endport":22, - "cidrlist": "0.0.0.0/0" - } - - #Authorize security group for above ingress rule - cmd_auth = authorizeSecurityGroupIngress.authorizeSecurityGroupIngressCmd() - cmd_auth.domainid = cmd.domainid - cmd_auth.account = cmd.account - cmd_auth.securitygroupid = basic_mode_security_group.id - cmd_auth.protocol = sec_grp_services["protocol"] - cmd_auth.startport = sec_grp_services["startport"] - cmd_auth.endport = sec_grp_services["endport"] - cmd_auth.cidrlist = sec_grp_services["cidrlist"] - apiclient.authorizeSecurityGroupIngress(cmd_auth) - - else: - basic_mode_security_group = list_security_groups[0] - - if isinstance(cmd.securitygroupids, list): - cmd.securitygroupids.append(basic_mode_security_group.id) - else: - cmd.securitygroupids = [basic_mode_security_group.id] - if "affinitygroupnames" in services: cmd.affinitygroupnames = services["affinitygroupnames"] elif affinitygroupnames: @@ -363,59 +387,23 @@ class VirtualMachine: if group: cmd.group = group + #program default access to ssh + if mode.lower() == 'basic': + cls.ssh_access_group(apiclient, cmd) + virtual_machine = apiclient.deployVirtualMachine(cmd, method=method) + virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress if startvm == False: - virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress virtual_machine.public_ip = virtual_machine.nic[0].ipaddress return VirtualMachine(virtual_machine.__dict__, services) - # VM should be in Running state after deploy - timeout = 10 - while True: - vm_status = VirtualMachine.list( - apiclient, - id=virtual_machine.id - ) - if isinstance(vm_status, list): - if vm_status[0].state == 'Running': - break - elif timeout == 0: - raise Exception( - "TimeOutException: Failed to start VM (ID: %s)" % - virtual_machine.id) - - time.sleep(10) - timeout = timeout - 1 - + #program ssh access over NAT via PF if mode.lower() == 'advanced': - public_ip = PublicIPAddress.create( - apiclient, - virtual_machine.account, - virtual_machine.zoneid, - virtual_machine.domainid, - services - ) - FireWallRule.create( - apiclient, - ipaddressid=public_ip.ipaddress.id, - protocol='TCP', - cidrlist=['0.0.0.0/0'], - startport=22, - endport=22 - ) - nat_rule = NATRule.create( - apiclient, - virtual_machine, - services, - ipaddressid=public_ip.ipaddress.id - ) - virtual_machine.ssh_ip = nat_rule.ipaddress - virtual_machine.public_ip = nat_rule.ipaddress - else: + cls.access_ssh_over_nat(apiclient, services, virtual_machine) + elif mode.lower() == 'basic': virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress virtual_machine.public_ip = virtual_machine.nic[0].ipaddress - return VirtualMachine(virtual_machine.__dict__, services) def start(self, apiclient):
