summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--deploy/daisy_server.py5
-rwxr-xr-xdeploy/post.sh11
-rw-r--r--deploy/post/execute.py45
-rw-r--r--deploy/post/neutron.py28
4 files changed, 84 insertions, 5 deletions
diff --git a/deploy/daisy_server.py b/deploy/daisy_server.py
index 152bbe52..eb711afd 100644
--- a/deploy/daisy_server.py
+++ b/deploy/daisy_server.py
@@ -265,7 +265,8 @@ class DaisyServer(object):
def post_deploy(self):
LI('Post deploy ...')
- cmd = 'bash {script} -n {net_file}'.format(
- script=path_join(self.remote_dir, 'deploy/post.sh'),
+ cmd = 'export PYTHONPATH={python_path}; python {script} -nw {net_file}'.format(
+ python_path=self.remote_dir,
+ script=path_join(self.remote_dir, 'deploy/post/execute.py'),
net_file=path_join(self.remote_dir, self.net_file_name))
self.ssh_run(cmd, check=False)
diff --git a/deploy/post.sh b/deploy/post.sh
index 3077e007..b65d429b 100755
--- a/deploy/post.sh
+++ b/deploy/post.sh
@@ -1,4 +1,12 @@
#!/bin/bash
+##############################################################################
+# Copyright (c) 2016 ZTE Corporation and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
SCRIPT_PATH=$(readlink -f $(dirname $0))
@@ -50,6 +58,3 @@ if [ ! $? -eq 0 ]; then
exit 1
fi
-source /etc/kolla/admin-openrc.sh
-openstack security group rule create --proto icmp default
-openstack security group rule create --proto tcp --dst-port 22 default
diff --git a/deploy/post/execute.py b/deploy/post/execute.py
index 94bec65e..75abaacb 100644
--- a/deploy/post/execute.py
+++ b/deploy/post/execute.py
@@ -134,6 +134,50 @@ def _create_image_TestVM():
print ('Use existing TestVM image')
+def _config_icmp_security_group_rule(security_group_id):
+ body = {
+ 'security_group_rule': {
+ 'direction': 'ingress',
+ 'ethertype': 'IPv4',
+ 'protocol': 'icmp',
+ 'remote_ip_prefix': '0.0.0.0/0',
+ 'security_group_id': security_group_id
+ }
+ }
+ return body
+
+
+def _config_ssh_security_group_rule(security_group_id):
+ body = {
+ 'security_group_rule': {
+ 'direction': 'ingress',
+ 'ethertype': 'IPv4',
+ 'protocol': 'tcp',
+ 'port_range_min': 22,
+ 'port_range_max': 22,
+ 'remote_ip_prefix': '0.0.0.0/0',
+ 'security_group_id': security_group_id
+ }
+ }
+ return body
+
+
+def _create_security_group_rules():
+ neutronclient = neutron.Neutron()
+ try:
+ security_group_name = 'default'
+ security_group = neutronclient.get_security_group_by_name(security_group_name)
+ security_group_id = security_group['id']
+ except Exception:
+ print('Cannot find security group by name %s' % security_group_name)
+ return
+
+ neutronclient.create_security_group_rule(security_group,
+ _config_icmp_security_group_rule(security_group_id))
+ neutronclient.create_security_group_rule(security_group,
+ _config_ssh_security_group_rule(security_group_id))
+
+
def main():
parser = argparse.ArgumentParser()
parser.add_argument('-nw', '--network-file',
@@ -144,6 +188,7 @@ def main():
_create_external_network(args.network_file)
_create_flavor_m1_micro()
_create_image_TestVM()
+ _create_security_group_rules()
_config_kolla_admin_openrc('/etc/kolla/')
diff --git a/deploy/post/neutron.py b/deploy/post/neutron.py
index 77791ea8..79703310 100644
--- a/deploy/post/neutron.py
+++ b/deploy/post/neutron.py
@@ -67,3 +67,31 @@ class Neutron(keystoneauth.ClientBase):
except Exception, e:
print('_create_subnet fail with: {}'.format(e))
return None
+
+ def _list_security_groups(self):
+ return self.client.list_security_groups()['security_groups']
+
+ def get_security_group_by_name(self, name):
+ return query.find(lambda nw: nw['name'] == name, self._list_security_groups())
+
+ def _check_security_group_rule_conflict(self, security_group, body):
+ newrule = body['security_group_rule']
+ rules = security_group['security_group_rules']
+ for rule in rules:
+ is_same = True
+ for key in newrule.keys():
+ if key in rule and newrule[key] != rule[key]:
+ is_same = False
+ break
+ if is_same:
+ print('The rule already exists in the security group %s' % security_group['id'])
+ return True
+ return False
+
+ def create_security_group_rule(self, security_group, body):
+ if not self._check_security_group_rule_conflict(security_group, body):
+ try:
+ rule = self.client.create_security_group_rule(body=body)
+ print('create_security_group_rule success with id %s' % rule['security_group_rule']['id'])
+ except Exception, e:
+ print('create_security_group_rule fail with exception %s' % e)