mirror of
https://github.com/apache/cloudstack.git
synced 2025-11-03 04:12:31 +01:00
CLOUDSTACK-3452: Refactor VirtualMachine.create()
When creating a VM if it's going to a basic zone program sec.group rules so as to allow SSH access for any tests requiring ssh access to the guest. Similarly method used to program the NAT and PF for SSH access is refactored and extracted into a separate method. By default no SSH access is allowed if the mode is set to 'default' Signed-off-by: Prasanna Santhanam <tsp@apache.org> (cherry picked from commit 9c9003a0dba755135f643777083b80ec5fa3d910)
This commit is contained in:
Prasanna Santhanam
parent
4f8c43fc20
commit
b8148c6220
@ -233,12 +233,83 @@ class VirtualMachine:
|
||||
# extract out the ipaddress
|
||||
self.ipaddress = self.nic[0].ipaddress
|
||||
|
||||
@classmethod
|
||||
def ssh_access_group(cls, apiclient, cmd):
|
||||
"""
|
||||
Programs the security group with SSH access before deploying virtualmachine
|
||||
@return:
|
||||
"""
|
||||
zone_list = Zone.list(
|
||||
apiclient,
|
||||
id=cmd.zoneid if cmd.zoneid else None,
|
||||
domainid=cmd.domainid if cmd.domainid else None
|
||||
)
|
||||
zone = zone_list[0]
|
||||
#check if security groups settings is enabled for the zone
|
||||
if zone.securitygroupsenabled:
|
||||
list_security_groups = SecurityGroup.list(
|
||||
apiclient,
|
||||
securitygroupname="basic_sec_grp"
|
||||
)
|
||||
|
||||
if not isinstance(list_security_groups, list):
|
||||
basic_mode_security_group = SecurityGroup.create(
|
||||
apiclient,
|
||||
{"name": "basic_sec_grp"}
|
||||
)
|
||||
sec_grp_services = {
|
||||
"protocol": "TCP",
|
||||
"startport": 22,
|
||||
"endport": 22,
|
||||
"cidrlist": "0.0.0.0/0"
|
||||
}
|
||||
#Authorize security group for above ingress rule
|
||||
basic_mode_security_group.authorize(apiclient, sec_grp_services, account=cmd.account,
|
||||
domainid=cmd.domainid)
|
||||
else:
|
||||
basic_mode_security_group = list_security_groups[0]
|
||||
|
||||
if isinstance(cmd.securitygroupids, list):
|
||||
cmd.securitygroupids.append(basic_mode_security_group.id)
|
||||
else:
|
||||
cmd.securitygroupids = [basic_mode_security_group.id]
|
||||
|
||||
@classmethod
|
||||
def access_ssh_over_nat(cls, apiclient, services, virtual_machine):
|
||||
"""
|
||||
Program NAT and PF rules to open up ssh access to deployed guest
|
||||
@return:
|
||||
"""
|
||||
public_ip = PublicIPAddress.create(
|
||||
apiclient,
|
||||
virtual_machine.account,
|
||||
virtual_machine.zoneid,
|
||||
virtual_machine.domainid,
|
||||
services
|
||||
)
|
||||
FireWallRule.create(
|
||||
apiclient,
|
||||
ipaddressid=public_ip.ipaddress.id,
|
||||
protocol='TCP',
|
||||
cidrlist=['0.0.0.0/0'],
|
||||
startport=22,
|
||||
endport=22
|
||||
)
|
||||
nat_rule = NATRule.create(
|
||||
apiclient,
|
||||
virtual_machine,
|
||||
services,
|
||||
ipaddressid=public_ip.ipaddress.id
|
||||
)
|
||||
virtual_machine.ssh_ip = nat_rule.ipaddress
|
||||
virtual_machine.public_ip = nat_rule.ipaddress
|
||||
|
||||
@classmethod
|
||||
def create(cls, apiclient, services, templateid=None, accountid=None,
|
||||
domainid=None, zoneid=None, networkids=None, serviceofferingid=None,
|
||||
securitygroupids=None, projectid=None, startvm=None,
|
||||
diskofferingid=None, affinitygroupnames=None, affinitygroupids=None, group=None,
|
||||
hostid=None, keypair=None, mode='basic', method='GET'):
|
||||
hostid=None, keypair=None, mode='default', method='GET'):
|
||||
"""Create the instance"""
|
||||
|
||||
cmd = deployVirtualMachine.deployVirtualMachineCmd()
|
||||
@ -293,53 +364,6 @@ class VirtualMachine:
|
||||
if securitygroupids:
|
||||
cmd.securitygroupids = [str(sg_id) for sg_id in securitygroupids]
|
||||
|
||||
if mode.lower() == 'basic':
|
||||
|
||||
zone_list = Zone.list(
|
||||
apiclient,
|
||||
id = cmd.zoneid if cmd.zoneid else None,
|
||||
domainid = cmd.domainid if cmd.domainid else None
|
||||
)
|
||||
|
||||
zone = zone_list[0]
|
||||
|
||||
#check if security groups settings is enabled for the zone
|
||||
if zone.securitygroupsenabled:
|
||||
list_security_groups = SecurityGroup.list(
|
||||
apiclient,
|
||||
securitygroupname="basic_sec_grp"
|
||||
)
|
||||
|
||||
if not isinstance(list_security_groups, list):
|
||||
basic_mode_security_group = SecurityGroup.create(
|
||||
apiclient,
|
||||
{"name":"basic_sec_grp"}
|
||||
)
|
||||
sec_grp_services = {"protocol": "TCP",
|
||||
"startport": 22,
|
||||
"endport":22,
|
||||
"cidrlist": "0.0.0.0/0"
|
||||
}
|
||||
|
||||
#Authorize security group for above ingress rule
|
||||
cmd_auth = authorizeSecurityGroupIngress.authorizeSecurityGroupIngressCmd()
|
||||
cmd_auth.domainid = cmd.domainid
|
||||
cmd_auth.account = cmd.account
|
||||
cmd_auth.securitygroupid = basic_mode_security_group.id
|
||||
cmd_auth.protocol = sec_grp_services["protocol"]
|
||||
cmd_auth.startport = sec_grp_services["startport"]
|
||||
cmd_auth.endport = sec_grp_services["endport"]
|
||||
cmd_auth.cidrlist = sec_grp_services["cidrlist"]
|
||||
apiclient.authorizeSecurityGroupIngress(cmd_auth)
|
||||
|
||||
else:
|
||||
basic_mode_security_group = list_security_groups[0]
|
||||
|
||||
if isinstance(cmd.securitygroupids, list):
|
||||
cmd.securitygroupids.append(basic_mode_security_group.id)
|
||||
else:
|
||||
cmd.securitygroupids = [basic_mode_security_group.id]
|
||||
|
||||
if "affinitygroupnames" in services:
|
||||
cmd.affinitygroupnames = services["affinitygroupnames"]
|
||||
elif affinitygroupnames:
|
||||
@ -363,59 +387,23 @@ class VirtualMachine:
|
||||
if group:
|
||||
cmd.group = group
|
||||
|
||||
#program default access to ssh
|
||||
if mode.lower() == 'basic':
|
||||
cls.ssh_access_group(apiclient, cmd)
|
||||
|
||||
virtual_machine = apiclient.deployVirtualMachine(cmd, method=method)
|
||||
|
||||
virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress
|
||||
if startvm == False:
|
||||
virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress
|
||||
virtual_machine.public_ip = virtual_machine.nic[0].ipaddress
|
||||
return VirtualMachine(virtual_machine.__dict__, services)
|
||||
|
||||
# VM should be in Running state after deploy
|
||||
timeout = 10
|
||||
while True:
|
||||
vm_status = VirtualMachine.list(
|
||||
apiclient,
|
||||
id=virtual_machine.id
|
||||
)
|
||||
if isinstance(vm_status, list):
|
||||
if vm_status[0].state == 'Running':
|
||||
break
|
||||
elif timeout == 0:
|
||||
raise Exception(
|
||||
"TimeOutException: Failed to start VM (ID: %s)" %
|
||||
virtual_machine.id)
|
||||
|
||||
time.sleep(10)
|
||||
timeout = timeout - 1
|
||||
|
||||
#program ssh access over NAT via PF
|
||||
if mode.lower() == 'advanced':
|
||||
public_ip = PublicIPAddress.create(
|
||||
apiclient,
|
||||
virtual_machine.account,
|
||||
virtual_machine.zoneid,
|
||||
virtual_machine.domainid,
|
||||
services
|
||||
)
|
||||
FireWallRule.create(
|
||||
apiclient,
|
||||
ipaddressid=public_ip.ipaddress.id,
|
||||
protocol='TCP',
|
||||
cidrlist=['0.0.0.0/0'],
|
||||
startport=22,
|
||||
endport=22
|
||||
)
|
||||
nat_rule = NATRule.create(
|
||||
apiclient,
|
||||
virtual_machine,
|
||||
services,
|
||||
ipaddressid=public_ip.ipaddress.id
|
||||
)
|
||||
virtual_machine.ssh_ip = nat_rule.ipaddress
|
||||
virtual_machine.public_ip = nat_rule.ipaddress
|
||||
else:
|
||||
cls.access_ssh_over_nat(apiclient, services, virtual_machine)
|
||||
elif mode.lower() == 'basic':
|
||||
virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress
|
||||
virtual_machine.public_ip = virtual_machine.nic[0].ipaddress
|
||||
|
||||
return VirtualMachine(virtual_machine.__dict__, services)
|
||||
|
||||
def start(self, apiclient):
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user