diff options
-rw-r--r-- | deploy/daisy_server.py | 5 | ||||
-rwxr-xr-x | deploy/post.sh | 11 | ||||
-rw-r--r-- | deploy/post/execute.py | 45 | ||||
-rw-r--r-- | deploy/post/neutron.py | 28 |
4 files changed, 84 insertions, 5 deletions
diff --git a/deploy/daisy_server.py b/deploy/daisy_server.py index 152bbe52..eb711afd 100644 --- a/deploy/daisy_server.py +++ b/deploy/daisy_server.py @@ -265,7 +265,8 @@ class DaisyServer(object): def post_deploy(self): LI('Post deploy ...') - cmd = 'bash {script} -n {net_file}'.format( - script=path_join(self.remote_dir, 'deploy/post.sh'), + cmd = 'export PYTHONPATH={python_path}; python {script} -nw {net_file}'.format( + python_path=self.remote_dir, + script=path_join(self.remote_dir, 'deploy/post/execute.py'), net_file=path_join(self.remote_dir, self.net_file_name)) self.ssh_run(cmd, check=False) diff --git a/deploy/post.sh b/deploy/post.sh index 3077e007..b65d429b 100755 --- a/deploy/post.sh +++ b/deploy/post.sh @@ -1,4 +1,12 @@ #!/bin/bash +############################################################################## +# Copyright (c) 2016 ZTE Corporation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## SCRIPT_PATH=$(readlink -f $(dirname $0)) @@ -50,6 +58,3 @@ if [ ! $? -eq 0 ]; then exit 1 fi -source /etc/kolla/admin-openrc.sh -openstack security group rule create --proto icmp default -openstack security group rule create --proto tcp --dst-port 22 default diff --git a/deploy/post/execute.py b/deploy/post/execute.py index 94bec65e..75abaacb 100644 --- a/deploy/post/execute.py +++ b/deploy/post/execute.py @@ -134,6 +134,50 @@ def _create_image_TestVM(): print ('Use existing TestVM image') +def _config_icmp_security_group_rule(security_group_id): + body = { + 'security_group_rule': { + 'direction': 'ingress', + 'ethertype': 'IPv4', + 'protocol': 'icmp', + 'remote_ip_prefix': '0.0.0.0/0', + 'security_group_id': security_group_id + } + } + return body + + +def _config_ssh_security_group_rule(security_group_id): + body = { + 'security_group_rule': { + 'direction': 'ingress', + 'ethertype': 'IPv4', + 'protocol': 'tcp', + 'port_range_min': 22, + 'port_range_max': 22, + 'remote_ip_prefix': '0.0.0.0/0', + 'security_group_id': security_group_id + } + } + return body + + +def _create_security_group_rules(): + neutronclient = neutron.Neutron() + try: + security_group_name = 'default' + security_group = neutronclient.get_security_group_by_name(security_group_name) + security_group_id = security_group['id'] + except Exception: + print('Cannot find security group by name %s' % security_group_name) + return + + neutronclient.create_security_group_rule(security_group, + _config_icmp_security_group_rule(security_group_id)) + neutronclient.create_security_group_rule(security_group, + _config_ssh_security_group_rule(security_group_id)) + + def main(): parser = argparse.ArgumentParser() parser.add_argument('-nw', '--network-file', @@ -144,6 +188,7 @@ def main(): _create_external_network(args.network_file) _create_flavor_m1_micro() _create_image_TestVM() + _create_security_group_rules() _config_kolla_admin_openrc('/etc/kolla/') diff --git a/deploy/post/neutron.py b/deploy/post/neutron.py index 77791ea8..79703310 100644 --- a/deploy/post/neutron.py +++ b/deploy/post/neutron.py @@ -67,3 +67,31 @@ class Neutron(keystoneauth.ClientBase): except Exception, e: print('_create_subnet fail with: {}'.format(e)) return None + + def _list_security_groups(self): + return self.client.list_security_groups()['security_groups'] + + def get_security_group_by_name(self, name): + return query.find(lambda nw: nw['name'] == name, self._list_security_groups()) + + def _check_security_group_rule_conflict(self, security_group, body): + newrule = body['security_group_rule'] + rules = security_group['security_group_rules'] + for rule in rules: + is_same = True + for key in newrule.keys(): + if key in rule and newrule[key] != rule[key]: + is_same = False + break + if is_same: + print('The rule already exists in the security group %s' % security_group['id']) + return True + return False + + def create_security_group_rule(self, security_group, body): + if not self._check_security_group_rule_conflict(security_group, body): + try: + rule = self.client.create_security_group_rule(body=body) + print('create_security_group_rule success with id %s' % rule['security_group_rule']['id']) + except Exception, e: + print('create_security_group_rule fail with exception %s' % e) |