Mike Kolesnik has uploaded a new change for review. Change subject: engine: Add security groups support ......................................................................
engine: Add security groups support Support security groups by custom property on a vNIC profile. The list of security groups will be passed to Neutron to set on the created port. Change-Id: I96faec7dee39045a8a39ce27351aac6b7eb20e23 Signed-off-by: Mike Kolesnik <[email protected]> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/ActivateDeactivateVmNicCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/network/NetworkProviderProxy.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/network/openstack/OpenstackNetworkProviderProxy.java M ovirt-engine.spec.in M packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql M pom.xml 7 files changed, 49 insertions(+), 12 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/51/22651/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmCommand.java index 9c72074..b57f320 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmCommand.java @@ -54,6 +54,7 @@ import org.ovirt.engine.core.common.businessentities.VmPoolType; import org.ovirt.engine.core.common.businessentities.network.Network; import org.ovirt.engine.core.common.businessentities.network.VmNic; +import org.ovirt.engine.core.common.businessentities.network.VnicProfile; import org.ovirt.engine.core.common.errors.VdcBLLException; import org.ovirt.engine.core.common.errors.VdcBllErrors; import org.ovirt.engine.core.common.errors.VdcBllMessages; @@ -495,12 +496,13 @@ VmDeviceGeneralType.INTERFACE)); for (VmNic iface : getVm().getInterfaces()) { - Network network = NetworkHelper.getNetworkByVnicProfileId(iface.getVnicProfileId()); + VnicProfile vnicProfile = getDbFacade().getVnicProfileDao().get(iface.getVnicProfileId()); + Network network = NetworkHelper.getNetworkByVnicProfile(vnicProfile); VmDevice vmDevice = nicDevices.get(new VmDeviceId(iface.getId(), getVmId())); if (network != null && network.isExternal() && vmDevice.getIsPlugged()) { Provider<?> provider = getDbFacade().getProviderDao().get(network.getProvidedBy().getProviderId()); NetworkProviderProxy providerProxy = ProviderProxyFactory.getInstance().create(provider); - Map<String, String> deviceProperties = providerProxy.allocate(network, iface); + Map<String, String> deviceProperties = providerProxy.allocate(network, vnicProfile, iface); getVm().getRuntimeDeviceCustomProperties().put(vmDevice, deviceProperties); } diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/ActivateDeactivateVmNicCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/ActivateDeactivateVmNicCommand.java index b81447d..8aa46ef 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/ActivateDeactivateVmNicCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/vm/ActivateDeactivateVmNicCommand.java @@ -21,6 +21,7 @@ import org.ovirt.engine.core.common.businessentities.network.Network; import org.ovirt.engine.core.common.businessentities.network.VdsNetworkInterface; import org.ovirt.engine.core.common.businessentities.network.VmInterfaceType; +import org.ovirt.engine.core.common.businessentities.network.VnicProfile; import org.ovirt.engine.core.common.config.Config; import org.ovirt.engine.core.common.config.ConfigValues; import org.ovirt.engine.core.common.errors.VdcBllMessages; @@ -38,6 +39,8 @@ public class ActivateDeactivateVmNicCommand<T extends ActivateDeactivateVmNicParameters> extends VmCommand<T> { private VmDevice vmDevice; + + private VnicProfile vnicProfile; private Network network; @@ -94,7 +97,8 @@ public Network getNetwork() { if (getParameters().getNic().getVnicProfileId() != null && network == null) { - network = NetworkHelper.getNetworkByVnicProfileId(getParameters().getNic().getVnicProfileId()); + vnicProfile = getDbFacade().getVnicProfileDao().get(getParameters().getNic().getVnicProfileId()); + network = NetworkHelper.getNetworkByVnicProfile(vnicProfile); } return network; @@ -132,7 +136,8 @@ private void handleExternalNetworks() { Provider<?> provider = getDbFacade().getProviderDao().get(getNetwork().getProvidedBy().getProviderId()); NetworkProviderProxy providerProxy = ProviderProxyFactory.getInstance().create(provider); - Map<String, String> runtimeProperties = providerProxy.allocate(getNetwork(), getParameters().getNic()); + Map<String, String> runtimeProperties = + providerProxy.allocate(getNetwork(), vnicProfile, getParameters().getNic()); if (runtimeProperties != null) { getVm().getRuntimeDeviceCustomProperties().put(vmDevice, runtimeProperties); diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/network/NetworkProviderProxy.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/network/NetworkProviderProxy.java index 3c2930a..c4c2dc1 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/network/NetworkProviderProxy.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/network/NetworkProviderProxy.java @@ -6,6 +6,7 @@ import org.ovirt.engine.core.bll.provider.ProviderProxy; import org.ovirt.engine.core.common.businessentities.network.Network; import org.ovirt.engine.core.common.businessentities.network.VmNic; +import org.ovirt.engine.core.common.businessentities.network.VnicProfile; public interface NetworkProviderProxy extends ProviderProxy { @@ -30,13 +31,14 @@ * * @param network * The network to allocate the vNIC on. + * @param vnicProfile + * The vNIC profile that connects the vNIC to the network. * @param nic * The vNIC to allocate. - * * @return A map of custom properties to forward for the vNIC device. The correct driver will know how to handle * these properties, and connect the vNIC correctly. */ - Map<String, String> allocate(Network network, VmNic nic); + Map<String, String> allocate(Network network, VnicProfile vnicProfile, VmNic nic); /** * Deallocate the vNIC from the provider. If the vNIC is not on the provider anymore, don't throw an exception. diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/network/openstack/OpenstackNetworkProviderProxy.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/network/openstack/OpenstackNetworkProviderProxy.java index 8acb6e2..a4d7130 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/network/openstack/OpenstackNetworkProviderProxy.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/network/openstack/OpenstackNetworkProviderProxy.java @@ -2,10 +2,13 @@ import java.security.cert.Certificate; import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.NotImplementedException; import org.codehaus.jackson.annotate.JsonIgnoreProperties; import org.ovirt.engine.core.bll.provider.network.NetworkProviderProxy; @@ -14,6 +17,7 @@ import org.ovirt.engine.core.common.businessentities.network.Network; import org.ovirt.engine.core.common.businessentities.network.ProviderNetwork; import org.ovirt.engine.core.common.businessentities.network.VmNic; +import org.ovirt.engine.core.common.businessentities.network.VnicProfile; import org.ovirt.engine.core.common.config.Config; import org.ovirt.engine.core.common.config.ConfigValues; import org.ovirt.engine.core.common.errors.VdcBLLException; @@ -26,9 +30,10 @@ import com.woorea.openstack.quantum.model.NetworkForCreate; import com.woorea.openstack.quantum.model.Networks; import com.woorea.openstack.quantum.model.Port; -import com.woorea.openstack.quantum.model.PortForCreate; public class OpenstackNetworkProviderProxy implements NetworkProviderProxy { + + private static final String SECURITY_GROUPS_PROPERTY = "security_groups"; private static final String API_VERSION = "/v2.0"; @@ -149,14 +154,15 @@ } @Override - public Map<String, String> allocate(Network network, VmNic nic) { + public Map<String, String> allocate(Network network, VnicProfile vnicProfile, VmNic nic) { try { Port port = locatePort(nic); + List<String> securityGroups = getSecurityGroups(vnicProfile); if (port == null) { com.woorea.openstack.quantum.model.Network externalNetwork = getClient().networks().show(network.getProvidedBy().getExternalId()).execute(); - PortForCreate portForCreate = new PortForCreate(); + Port portForCreate = new Port(); portForCreate.setAdminStateUp(true); portForCreate.setName(nic.getName()); portForCreate.setTenantId(externalNetwork.getTenantId()); @@ -164,9 +170,14 @@ portForCreate.setNetworkId(externalNetwork.getId()); portForCreate.setDeviceOwner(DEVICE_OWNER); portForCreate.setDeviceId(nic.getId().toString()); + portForCreate.setSecurityGroups(securityGroups); port = getClient().ports().create(portForCreate).execute(); + } else if (securityGroupsChanged(port.getSecurityGroups(), securityGroups)) { + Port portForUpdate = new Port(); + portForUpdate.setId(port.getId()); + portForUpdate.setSecurityGroups(securityGroups); + port = getClient().ports().update(portForUpdate).execute(); } - Map<String, String> runtimeProperties = new HashMap<>(); runtimeProperties.put("vnic_id", port.getId()); @@ -179,6 +190,22 @@ } } + private boolean securityGroupsChanged(List<String> existingSecurityGroups, List<String> desiredSecurityGroups) { + return !CollectionUtils.isEqualCollection( + existingSecurityGroups == null ? Collections.emptyList() : existingSecurityGroups, + desiredSecurityGroups); + } + + private List<String> getSecurityGroups(VnicProfile vnicProfile) { + Map<String, String> customProperties = vnicProfile.getCustomProperties(); + + if (customProperties.containsKey(SECURITY_GROUPS_PROPERTY)) { + return Arrays.asList(customProperties.get(SECURITY_GROUPS_PROPERTY).split(",\\w*")); + } + + return Collections.emptyList(); + } + @Override public void deallocate(VmNic nic) { try { diff --git a/ovirt-engine.spec.in b/ovirt-engine.spec.in index f506ff0..dbb09f8 100644 --- a/ovirt-engine.spec.in +++ b/ovirt-engine.spec.in @@ -85,7 +85,7 @@ %global vdsm_uid 36 %global vdsm_user vdsm -%global openstack_java_version 3.0.1 +%global openstack_java_version 3.0.2 # Macro to create an user: # diff --git a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql index 091f0c3..cbddf57 100644 --- a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql +++ b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql @@ -618,6 +618,7 @@ select fn_db_add_config_value('CustomDeviceProperties', '', '3.1'); select fn_db_add_config_value('CustomDeviceProperties', '', '3.2'); select fn_db_add_config_value('CustomDeviceProperties', '', '3.3'); +select fn_db_add_config_value('CustomDeviceProperties', '{type=interface;prop={security_groups=^(?:[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}, *)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$}}', '3.4'); select fn_db_add_config_value('SshSoftFencingCommand', 'service vdsmd restart', '3.0'); select fn_db_add_config_value('SshSoftFencingCommand', 'service vdsmd restart', '3.1'); diff --git a/pom.xml b/pom.xml index dbe7cf0..fef027b 100644 --- a/pom.xml +++ b/pom.xml @@ -94,7 +94,7 @@ <aopalliance.version>1.0</aopalliance.version> <!-- OpenStack --> - <openstack-client.version>3.0.1</openstack-client.version> + <openstack-client.version>3.0.2</openstack-client.version> <!-- Plugins Versions --> <maven-surefire-plugin.version>2.7.2</maven-surefire-plugin.version> -- To view, visit http://gerrit.ovirt.org/22651 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I96faec7dee39045a8a39ce27351aac6b7eb20e23 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Mike Kolesnik <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
