Updated Branches: refs/heads/4.2 3c360ce02 -> 9c9003a0d
CLOUDSTACK-3452: Refactor VirtualMachine.create() When creating a VM if it's going to a basic zone program sec.group rules so as to allow SSH access for any tests requiring ssh access to the guest. Similarly method used to program the NAT and PF for SSH access is refactored and extracted into a separate method. By default no SSH access is allowed if the mode is set to 'default' Signed-off-by: Prasanna Santhanam <t...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9c9003a0 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9c9003a0 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9c9003a0 Branch: refs/heads/4.2 Commit: 9c9003a0dba755135f643777083b80ec5fa3d910 Parents: 3c360ce Author: Prasanna Santhanam <t...@apache.org> Authored: Sat Jul 20 13:29:17 2013 +0530 Committer: Prasanna Santhanam <t...@apache.org> Committed: Sat Jul 20 13:29:17 2013 +0530 ---------------------------------------------------------------------- tools/marvin/marvin/integration/lib/base.py | 172 +++++++++++------------ 1 file changed, 80 insertions(+), 92 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9c9003a0/tools/marvin/marvin/integration/lib/base.py ---------------------------------------------------------------------- diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py index 0938333..0fb36cc 100755 --- a/tools/marvin/marvin/integration/lib/base.py +++ b/tools/marvin/marvin/integration/lib/base.py @@ -234,11 +234,82 @@ class VirtualMachine: self.ipaddress = self.nic[0].ipaddress @classmethod + def ssh_access_group(cls, apiclient, cmd): + """ + Programs the security group with SSH access before deploying virtualmachine + @return: + """ + zone_list = Zone.list( + apiclient, + id=cmd.zoneid if cmd.zoneid else None, + domainid=cmd.domainid if cmd.domainid else None + ) + zone = zone_list[0] + #check if security groups settings is enabled for the zone + if zone.securitygroupsenabled: + list_security_groups = SecurityGroup.list( + apiclient, + securitygroupname="basic_sec_grp" + ) + + if not isinstance(list_security_groups, list): + basic_mode_security_group = SecurityGroup.create( + apiclient, + {"name": "basic_sec_grp"} + ) + sec_grp_services = { + "protocol": "TCP", + "startport": 22, + "endport": 22, + "cidrlist": "0.0.0.0/0" + } + #Authorize security group for above ingress rule + basic_mode_security_group.authorize(apiclient, sec_grp_services, account=cmd.account, + domainid=cmd.domainid) + else: + basic_mode_security_group = list_security_groups[0] + + if isinstance(cmd.securitygroupids, list): + cmd.securitygroupids.append(basic_mode_security_group.id) + else: + cmd.securitygroupids = [basic_mode_security_group.id] + + @classmethod + def access_ssh_over_nat(cls, apiclient, services, virtual_machine): + """ + Program NAT and PF rules to open up ssh access to deployed guest + @return: + """ + public_ip = PublicIPAddress.create( + apiclient, + virtual_machine.account, + virtual_machine.zoneid, + virtual_machine.domainid, + services + ) + FireWallRule.create( + apiclient, + ipaddressid=public_ip.ipaddress.id, + protocol='TCP', + cidrlist=['0.0.0.0/0'], + startport=22, + endport=22 + ) + nat_rule = NATRule.create( + apiclient, + virtual_machine, + services, + ipaddressid=public_ip.ipaddress.id + ) + virtual_machine.ssh_ip = nat_rule.ipaddress + virtual_machine.public_ip = nat_rule.ipaddress + + @classmethod def create(cls, apiclient, services, templateid=None, accountid=None, domainid=None, zoneid=None, networkids=None, serviceofferingid=None, securitygroupids=None, projectid=None, startvm=None, diskofferingid=None, affinitygroupnames=None, affinitygroupids=None, group=None, - hostid=None, keypair=None, mode='basic', method='GET'): + hostid=None, keypair=None, mode='default', method='GET'): """Create the instance""" cmd = deployVirtualMachine.deployVirtualMachineCmd() @@ -293,53 +364,6 @@ class VirtualMachine: if securitygroupids: cmd.securitygroupids = [str(sg_id) for sg_id in securitygroupids] - if mode.lower() == 'basic': - - zone_list = Zone.list( - apiclient, - id = cmd.zoneid if cmd.zoneid else None, - domainid = cmd.domainid if cmd.domainid else None - ) - - zone = zone_list[0] - - #check if security groups settings is enabled for the zone - if zone.securitygroupsenabled: - list_security_groups = SecurityGroup.list( - apiclient, - securitygroupname="basic_sec_grp" - ) - - if not isinstance(list_security_groups, list): - basic_mode_security_group = SecurityGroup.create( - apiclient, - {"name":"basic_sec_grp"} - ) - sec_grp_services = {"protocol": "TCP", - "startport": 22, - "endport":22, - "cidrlist": "0.0.0.0/0" - } - - #Authorize security group for above ingress rule - cmd_auth = authorizeSecurityGroupIngress.authorizeSecurityGroupIngressCmd() - cmd_auth.domainid = cmd.domainid - cmd_auth.account = cmd.account - cmd_auth.securitygroupid = basic_mode_security_group.id - cmd_auth.protocol = sec_grp_services["protocol"] - cmd_auth.startport = sec_grp_services["startport"] - cmd_auth.endport = sec_grp_services["endport"] - cmd_auth.cidrlist = sec_grp_services["cidrlist"] - apiclient.authorizeSecurityGroupIngress(cmd_auth) - - else: - basic_mode_security_group = list_security_groups[0] - - if isinstance(cmd.securitygroupids, list): - cmd.securitygroupids.append(basic_mode_security_group.id) - else: - cmd.securitygroupids = [basic_mode_security_group.id] - if "affinitygroupnames" in services: cmd.affinitygroupnames = services["affinitygroupnames"] elif affinitygroupnames: @@ -363,59 +387,23 @@ class VirtualMachine: if group: cmd.group = group + #program default access to ssh + if mode.lower() == 'basic': + cls.ssh_access_group(apiclient, cmd) + virtual_machine = apiclient.deployVirtualMachine(cmd, method=method) + virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress if startvm == False: - virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress virtual_machine.public_ip = virtual_machine.nic[0].ipaddress return VirtualMachine(virtual_machine.__dict__, services) - # VM should be in Running state after deploy - timeout = 10 - while True: - vm_status = VirtualMachine.list( - apiclient, - id=virtual_machine.id - ) - if isinstance(vm_status, list): - if vm_status[0].state == 'Running': - break - elif timeout == 0: - raise Exception( - "TimeOutException: Failed to start VM (ID: %s)" % - virtual_machine.id) - - time.sleep(10) - timeout = timeout - 1 - + #program ssh access over NAT via PF if mode.lower() == 'advanced': - public_ip = PublicIPAddress.create( - apiclient, - virtual_machine.account, - virtual_machine.zoneid, - virtual_machine.domainid, - services - ) - FireWallRule.create( - apiclient, - ipaddressid=public_ip.ipaddress.id, - protocol='TCP', - cidrlist=['0.0.0.0/0'], - startport=22, - endport=22 - ) - nat_rule = NATRule.create( - apiclient, - virtual_machine, - services, - ipaddressid=public_ip.ipaddress.id - ) - virtual_machine.ssh_ip = nat_rule.ipaddress - virtual_machine.public_ip = nat_rule.ipaddress - else: + cls.access_ssh_over_nat(apiclient, services, virtual_machine) + elif mode.lower() == 'basic': virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress virtual_machine.public_ip = virtual_machine.nic[0].ipaddress - return VirtualMachine(virtual_machine.__dict__, services) def start(self, apiclient):
