diff options
| author |   Zhijiang Hu <hu.zhijiang@zte.com.cn> | 2017-07-27 00:59:13 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@opnfv.org> | 2017-07-27 00:59:13 +0000 |
| commit | 55ab19b724474a7db45f7aa62d89097a57cb97cb (patch) | |
| tree | c7e9147f37005bfcb6a3787d6e1a4a3f5d620069 /deploy/post | |
| parent | 1efff0d9d55114ba5bad95c1e21c2909edd649f5 (diff) | |
| parent | 8d951bd35aca9af5f4fa26fec643d25622f4f466 (diff) | |
Merge "Convert the bash commands in post.sh to python code"
Diffstat (limited to 'deploy/post')
| -rw-r--r-- | deploy/post/execute.py | 45 | ||||
| -rw-r--r-- | deploy/post/neutron.py | 28 |
2 files changed, 73 insertions, 0 deletions
diff --git a/deploy/post/execute.py b/deploy/post/execute.py index 94bec65e..75abaacb 100644 --- a/deploy/post/execute.py +++ b/deploy/post/execute.py @@ -134,6 +134,50 @@ def _create_image_TestVM(): print ('Use existing TestVM image') +def _config_icmp_security_group_rule(security_group_id): + body = { + 'security_group_rule': { + 'direction': 'ingress', + 'ethertype': 'IPv4', + 'protocol': 'icmp', + 'remote_ip_prefix': '0.0.0.0/0', + 'security_group_id': security_group_id + } + } + return body + + +def _config_ssh_security_group_rule(security_group_id): + body = { + 'security_group_rule': { + 'direction': 'ingress', + 'ethertype': 'IPv4', + 'protocol': 'tcp', + 'port_range_min': 22, + 'port_range_max': 22, + 'remote_ip_prefix': '0.0.0.0/0', + 'security_group_id': security_group_id + } + } + return body + + +def _create_security_group_rules(): + neutronclient = neutron.Neutron() + try: + security_group_name = 'default' + security_group = neutronclient.get_security_group_by_name(security_group_name) + security_group_id = security_group['id'] + except Exception: + print('Cannot find security group by name %s' % security_group_name) + return + + neutronclient.create_security_group_rule(security_group, + _config_icmp_security_group_rule(security_group_id)) + neutronclient.create_security_group_rule(security_group, + _config_ssh_security_group_rule(security_group_id)) + + def main(): parser = argparse.ArgumentParser() parser.add_argument('-nw', '--network-file', @@ -144,6 +188,7 @@ def main(): _create_external_network(args.network_file) _create_flavor_m1_micro() _create_image_TestVM() + _create_security_group_rules() _config_kolla_admin_openrc('/etc/kolla/') diff --git a/deploy/post/neutron.py b/deploy/post/neutron.py index 77791ea8..79703310 100644 --- a/deploy/post/neutron.py +++ b/deploy/post/neutron.py @@ -67,3 +67,31 @@ class Neutron(keystoneauth.ClientBase): except Exception, e: print('_create_subnet fail with: {}'.format(e)) return None + + def _list_security_groups(self): + return self.client.list_security_groups()['security_groups'] + + def get_security_group_by_name(self, name): + return query.find(lambda nw: nw['name'] == name, self._list_security_groups()) + + def _check_security_group_rule_conflict(self, security_group, body): + newrule = body['security_group_rule'] + rules = security_group['security_group_rules'] + for rule in rules: + is_same = True + for key in newrule.keys(): + if key in rule and newrule[key] != rule[key]: + is_same = False + break + if is_same: + print('The rule already exists in the security group %s' % security_group['id']) + return True + return False + + def create_security_group_rule(self, security_group, body): + if not self._check_security_group_rule_conflict(security_group, body): + try: + rule = self.client.create_security_group_rule(body=body) + print('create_security_group_rule success with id %s' % rule['security_group_rule']['id']) + except Exception, e: + print('create_security_group_rule fail with exception %s' % e) |