X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=osm_ro%2Fvimconn_openstack.py;h=43fdbc516ee6ddbea5b812cddb2f1266e5fd339f;hb=b42fd9bdcea865bd3c6d4a546a6f294ff69e1ef4;hp=734f7a307de27cc1148236171a525ef60f0d4230;hpb=41a6981cd96a7e4ae15e881bc868873fbfaa3937;p=osm%2FRO.git diff --git a/osm_ro/vimconn_openstack.py b/osm_ro/vimconn_openstack.py index 734f7a30..43fdbc51 100644 --- a/osm_ro/vimconn_openstack.py +++ b/osm_ro/vimconn_openstack.py @@ -101,7 +101,14 @@ class vimconnector(vimconn.vimconnector): vimconn.vimconnector.__init__(self, uuid, name, tenant_id, tenant_name, url, url_admin, user, passwd, log_level, config) - self.insecure = self.config.get("insecure", False) + if self.config.get("insecure") and self.config.get("ca_cert"): + raise vimconn.vimconnException("options insecure and ca_cert are mutually exclusive") + self.verify = True + if self.config.get("insecure"): + self.verify = False + if self.config.get("ca_cert"): + self.verify = self.config.get("ca_cert") + if not url: raise TypeError('url param can not be NoneType') self.persistent_info = persistent_info @@ -187,7 +194,7 @@ class vimconnector(vimconn.vimconnector): password=self.passwd, tenant_name=self.tenant_name, tenant_id=self.tenant_id) - sess = session.Session(auth=auth, verify=not self.insecure) + sess = session.Session(auth=auth, verify=self.verify) if self.api_version3: self.keystone = ksClient_v3.Client(session=sess, endpoint_type=self.endpoint_type) else: @@ -1060,10 +1067,11 @@ class vimconnector(vimconn.vimconnector): elif net['use'] == 'mgmt' and self.config.get('use_floating_ip'): net['exit_on_floating_ip_error'] = False external_network.append(net) + net['floating_ip'] = self.config.get('use_floating_ip') # If port security is disabled when the port has not yet been attached to the VM, then all vm traffic is dropped. # As a workaround we wait until the VM is active and then disable the port-security - if net.get("port_security") == False: + if net.get("port_security") == False and not self.config.get("no_port_security_extension"): no_secured_ports.append(new_port["port"]["id"]) # if metadata_vpci: @@ -1131,65 +1139,81 @@ class vimconnector(vimconn.vimconnector): block_device_mapping=block_device_mapping ) # , description=description) + vm_start_time = time.time() # Previously mentioned workaround to wait until the VM is active and then disable the port-security if no_secured_ports: self.__wait_for_vm(server.id, 'ACTIVE') for port_id in no_secured_ports: try: - self.neutron.update_port(port_id, {"port": {"port_security_enabled": False, "security_groups": None} }) + self.neutron.update_port(port_id, + {"port": {"port_security_enabled": False, "security_groups": None}}) except Exception as e: - self.logger.error("It was not possible to disable port security for port {}".format(port_id)) - raise - + raise vimconn.vimconnException("It was not possible to disable port security for port {}".format( + port_id)) # print "DONE :-)", server - pool_id = None + # pool_id = None if external_network: floating_ips = self.neutron.list_floatingips().get("floatingips", ()) - self.__wait_for_vm(server.id, 'ACTIVE') - for floating_network in external_network: try: assigned = False while not assigned: if floating_ips: ip = floating_ips.pop(0) - if not ip.get("port_id", False) and ip.get('tenant_id') == server.tenant_id: - free_floating_ip = ip.get("floating_ip_address") - try: - fix_ip = floating_network.get('ip') - server.add_floating_ip(free_floating_ip, fix_ip) - assigned = True - except Exception as e: - raise vimconn.vimconnException(type(e).__name__ + ": Cannot create floating_ip "+ str(e), http_code=vimconn.HTTP_Conflict) + if ip.get("port_id", False) or ip.get('tenant_id') != server.tenant_id: + continue + if isinstance(floating_network['floating_ip'], str): + if ip.get("floating_network_id") != floating_network['floating_ip']: + continue + free_floating_ip = ip.get("floating_ip_address") else: - #Find the external network - external_nets = list() - for net in self.neutron.list_networks()['networks']: - if net['router:external']: - external_nets.append(net) - - if len(external_nets) == 0: - raise vimconn.vimconnException("Cannot create floating_ip automatically since no external " - "network is present", - http_code=vimconn.HTTP_Conflict) - if len(external_nets) > 1: - raise vimconn.vimconnException("Cannot create floating_ip automatically since multiple " - "external networks are present", - http_code=vimconn.HTTP_Conflict) - - pool_id = external_nets[0].get('id') + if isinstance(floating_network['floating_ip'], str) and \ + floating_network['floating_ip'].lower() != "true": + pool_id = floating_network['floating_ip'] + else: + # Find the external network + external_nets = list() + for net in self.neutron.list_networks()['networks']: + if net['router:external']: + external_nets.append(net) + + if len(external_nets) == 0: + raise vimconn.vimconnException("Cannot create floating_ip automatically since no external " + "network is present", + http_code=vimconn.HTTP_Conflict) + if len(external_nets) > 1: + raise vimconn.vimconnException("Cannot create floating_ip automatically since multiple " + "external networks are present", + http_code=vimconn.HTTP_Conflict) + + pool_id = external_nets[0].get('id') param = {'floatingip': {'floating_network_id': pool_id, 'tenant_id': server.tenant_id}} try: - #self.logger.debug("Creating floating IP") + # self.logger.debug("Creating floating IP") new_floating_ip = self.neutron.create_floatingip(param) free_floating_ip = new_floating_ip['floatingip']['floating_ip_address'] - fix_ip = floating_network.get('ip') + except Exception as e: + raise vimconn.vimconnException(type(e).__name__ + ": Cannot create new floating_ip " + + str(e), http_code=vimconn.HTTP_Conflict) + + fix_ip = floating_network.get('ip') + while not assigned: + try: server.add_floating_ip(free_floating_ip, fix_ip) - assigned=True + assigned = True except Exception as e: - raise vimconn.vimconnException(type(e).__name__ + ": Cannot assign floating_ip "+ str(e), http_code=vimconn.HTTP_Conflict) + # openstack need some time after VM creation to asign an IP. So retry if fails + vm_status = self.nova.servers.get(server.id).status + if vm_status != 'ACTIVE' and vm_status != 'ERROR': + if time.time() - vm_start_time < server_timeout: + time.sleep(5) + continue + raise vimconn.vimconnException( + "Cannot create floating_ip: {} {}".format(type(e).__name__, e), + http_code=vimconn.HTTP_Conflict) + except Exception as e: if not floating_network['exit_on_floating_ip_error']: self.logger.warn("Cannot create floating_ip. %s", str(e)) @@ -1377,7 +1401,7 @@ class vimconnector(vimconn.vimconnector): #get interfaces try: self._reload_connection() - port_dict=self.neutron.list_ports(device_id=vm_id) + port_dict = self.neutron.list_ports(device_id=vm_id) for port in port_dict["ports"]: interface={} try: @@ -1411,16 +1435,20 @@ class vimconnector(vimconn.vimconnector): interface["vlan"] = network['network'].get('provider:segmentation_id') ips=[] #look for floating ip address - floating_ip_dict = self.neutron.list_floatingips(port_id=port["id"]) - if floating_ip_dict.get("floatingips"): - ips.append(floating_ip_dict["floatingips"][0].get("floating_ip_address") ) + try: + floating_ip_dict = self.neutron.list_floatingips(port_id=port["id"]) + if floating_ip_dict.get("floatingips"): + ips.append(floating_ip_dict["floatingips"][0].get("floating_ip_address") ) + except Exception: + pass for subnet in port["fixed_ips"]: ips.append(subnet["ip_address"]) interface["ip_address"] = ";".join(ips) vm["interfaces"].append(interface) except Exception as e: - self.logger.error("Error getting vm interface information " + type(e).__name__ + ": "+ str(e)) + self.logger.error("Error getting vm interface information {}: {}".format(type(e).__name__, e), + exc_info=True) except vimconn.vimconnNotFoundException as e: self.logger.error("Exception getting vm status: %s", str(e)) vm['status'] = "DELETED" @@ -1598,8 +1626,7 @@ class vimconnector(vimconn.vimconnector): error_text= type(e).__name__ + ": "+ (str(e) if len(e.args)==0 else str(e.args[0])) #TODO insert exception vimconn.HTTP_Unauthorized #if reaching here is because an exception - if self.debug: - self.logger.debug("new_user " + error_text) + self.logger.debug("new_user " + error_text) return error_value, error_text def delete_user(self, user_id): @@ -1622,8 +1649,7 @@ class vimconnector(vimconn.vimconnector): error_text= type(e).__name__ + ": "+ (str(e) if len(e.args)==0 else str(e.args[0])) #TODO insert exception vimconn.HTTP_Unauthorized #if reaching here is because an exception - if self.debug: - print("delete_tenant " + error_text) + self.logger.debug("delete_tenant " + error_text) return error_value, error_text def get_hosts_info(self): @@ -1646,8 +1672,7 @@ class vimconnector(vimconn.vimconnector): error_text= type(e).__name__ + ": "+ (str(e) if len(e.args)==0 else str(e.args[0])) #TODO insert exception vimconn.HTTP_Unauthorized #if reaching here is because an exception - if self.debug: - print("get_hosts_info " + error_text) + self.logger.debug("get_hosts_info " + error_text) return error_value, error_text def get_hosts(self, vim_tenant): @@ -1675,8 +1700,7 @@ class vimconnector(vimconn.vimconnector): error_text= type(e).__name__ + ": "+ (str(e) if len(e.args)==0 else str(e.args[0])) #TODO insert exception vimconn.HTTP_Unauthorized #if reaching here is because an exception - if self.debug: - print("get_hosts " + error_text) + self.logger.debug("get_hosts " + error_text) return error_value, error_text def new_classification(self, name, ctype, definition): @@ -1832,9 +1856,9 @@ class vimconnector(vimconn.vimconnector): try: new_sf = None self._reload_connection() - correlation = None - if sfc_encap: - correlation = 'nsh' + # correlation = None + # if sfc_encap: + # correlation = 'nsh' for instance in sfis: sfi = self.get_sfi(instance) if sfi.get('sfc_encap') != sfc_encap: