Merge "Convert the bash commands in post.sh to python code"

4 files changed, 84 insertions, 5 deletions

diff --git a/deploy/daisy_server.py b/deploy/daisy_server.py
index 152bbe52..eb711afd 100644
--- a/deploy/daisy_server.py
+++ b/deploy/daisy_server.py
@@ -265,7 +265,8 @@ class DaisyServer(object):
 
     def post_deploy(self):
         LI('Post deploy ...')
-        cmd = 'bash {script} -n {net_file}'.format(
-            script=path_join(self.remote_dir, 'deploy/post.sh'),
+        cmd = 'export PYTHONPATH={python_path}; python {script} -nw {net_file}'.format(
+            python_path=self.remote_dir,
+            script=path_join(self.remote_dir, 'deploy/post/execute.py'),
             net_file=path_join(self.remote_dir, self.net_file_name))
         self.ssh_run(cmd, check=False)
diff --git a/deploy/post.sh b/deploy/post.sh
index 3077e007..b65d429b 100755
--- a/deploy/post.sh
+++ b/deploy/post.sh
@@ -1,4 +1,12 @@
 #!/bin/bash
+##############################################################################
+# Copyright (c) 2016 ZTE Corporation and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
 
 SCRIPT_PATH=$(readlink -f $(dirname $0))
 
@@ -50,6 +58,3 @@ if [ ! $? -eq 0 ]; then
     exit 1
 fi
 
-source /etc/kolla/admin-openrc.sh
-openstack security group rule create --proto icmp default
-openstack security group rule create --proto tcp --dst-port 22 default
diff --git a/deploy/post/execute.py b/deploy/post/execute.py
index 94bec65e..75abaacb 100644
--- a/deploy/post/execute.py
+++ b/deploy/post/execute.py
@@ -134,6 +134,50 @@ def _create_image_TestVM():
         print ('Use existing TestVM image')
 
 
+def _config_icmp_security_group_rule(security_group_id):
+    body = {
+        'security_group_rule': {
+            'direction': 'ingress',
+            'ethertype': 'IPv4',
+            'protocol': 'icmp',
+            'remote_ip_prefix': '0.0.0.0/0',
+            'security_group_id': security_group_id
+        }
+    }
+    return body
+
+
+def _config_ssh_security_group_rule(security_group_id):
+    body = {
+        'security_group_rule': {
+            'direction': 'ingress',
+            'ethertype': 'IPv4',
+            'protocol': 'tcp',
+            'port_range_min': 22,
+            'port_range_max': 22,
+            'remote_ip_prefix': '0.0.0.0/0',
+            'security_group_id': security_group_id
+        }
+    }
+    return body
+
+
+def _create_security_group_rules():
+    neutronclient = neutron.Neutron()
+    try:
+        security_group_name = 'default'
+        security_group = neutronclient.get_security_group_by_name(security_group_name)
+        security_group_id = security_group['id']
+    except Exception:
+        print('Cannot find security group by name %s' % security_group_name)
+        return
+
+    neutronclient.create_security_group_rule(security_group,
+                                             _config_icmp_security_group_rule(security_group_id))
+    neutronclient.create_security_group_rule(security_group,
+                                             _config_ssh_security_group_rule(security_group_id))
+
+
 def main():
     parser = argparse.ArgumentParser()
     parser.add_argument('-nw', '--network-file',
@@ -144,6 +188,7 @@ def main():
     _create_external_network(args.network_file)
     _create_flavor_m1_micro()
     _create_image_TestVM()
+    _create_security_group_rules()
     _config_kolla_admin_openrc('/etc/kolla/')
 
 
diff --git a/deploy/post/neutron.py b/deploy/post/neutron.py
index 77791ea8..79703310 100644
--- a/deploy/post/neutron.py
+++ b/deploy/post/neutron.py
@@ -67,3 +67,31 @@ class Neutron(keystoneauth.ClientBase):
         except Exception, e:
             print('_create_subnet fail with: {}'.format(e))
             return None
+
+    def _list_security_groups(self):
+        return self.client.list_security_groups()['security_groups']
+
+    def get_security_group_by_name(self, name):
+        return query.find(lambda nw: nw['name'] == name, self._list_security_groups())
+
+    def _check_security_group_rule_conflict(self, security_group, body):
+        newrule = body['security_group_rule']
+        rules = security_group['security_group_rules']
+        for rule in rules:
+            is_same = True
+            for key in newrule.keys():
+                if key in rule and newrule[key] != rule[key]:
+                    is_same = False
+                    break
+            if is_same:
+                print('The rule already exists in the security group %s' % security_group['id'])
+                return True
+        return False
+
+    def create_security_group_rule(self, security_group, body):
+        if not self._check_security_group_rule_conflict(security_group, body):
+            try:
+                rule = self.client.create_security_group_rule(body=body)
+                print('create_security_group_rule success with id %s' % rule['security_group_rule']['id'])
+            except Exception, e:
+                print('create_security_group_rule fail with exception %s' % e)