set security groups to neutron port at vimconn openstack 59/7159/8
authortierno <alfonso.tiernosepulveda@telefonica.com>
Fri, 1 Feb 2019 12:30:27 +0000 (12:30 +0000)
committertierno <alfonso.tiernosepulveda@telefonica.com>
Thu, 14 Mar 2019 09:00:56 +0000 (09:00 +0000)
Change-Id: Id6c2dc28a80ab6d62f33eeb0480a7232e112cf48
Signed-off-by: tierno <alfonso.tiernosepulveda@telefonica.com>
osm_ro/vimconn_openstack.py

index 2167fd4..b698eda 100644 (file)
@@ -127,6 +127,7 @@ class vimconnector(vimconn.vimconnector):
         self.persistent_info = persistent_info
         self.availability_zone = persistent_info.get('availability_zone', None)
         self.session = persistent_info.get('session', {'reload_client': True})
+        self.my_tenant_id = self.session.get('my_tenant_id')
         self.nova = self.session.get('nova')
         self.neutron = self.session.get('neutron')
         self.cinder = self.session.get('cinder')
@@ -144,6 +145,11 @@ class vimconnector(vimconn.vimconnector):
 
         self.logger = logging.getLogger('openmano.vim.openstack')
 
+        # allow security_groups to be a list or a single string
+        if isinstance(self.config.get('security_groups'), str):
+            self.config['security_groups'] = [self.config['security_groups']]
+        self.security_groups_id = None
+
         ####### VIO Specific Changes #########
         if self.vim_type == "VIO":
             self.logger = logging.getLogger('openmano.vim.vio')
@@ -247,13 +253,17 @@ class vimconnector(vimconn.vimconnector):
             self.nova = self.session['nova'] = nClient.Client(str(version), session=sess, endpoint_type=self.endpoint_type, region_name=region_name)
             self.neutron = self.session['neutron'] = neClient.Client('2.0', session=sess, endpoint_type=self.endpoint_type, region_name=region_name)
             self.cinder = self.session['cinder'] = cClient.Client(2, session=sess, endpoint_type=self.endpoint_type, region_name=region_name)
+            try:
+                self.my_tenant_id = self.session['my_tenant_id'] = sess.get_project_id()
+            except Exception as e:
+                self.logger.error("Cannot get project_id from session", exc_info=True)
             if self.endpoint_type == "internalURL":
                 glance_service_id = self.keystone.services.list(name="glance")[0].id
                 glance_endpoint = self.keystone.endpoints.list(glance_service_id, interface="internal")[0].url
             else:
                 glance_endpoint = None
             self.glance = self.session['glance'] = glClient.Client(2, session=sess, endpoint=glance_endpoint)
-            #using version 1 of glance client in new_image()
+            # using version 1 of glance client in new_image()
             # self.glancev1 = self.session['glancev1'] = glClient.Client('1', session=sess,
             #                                                            endpoint=glance_endpoint)
             self.session['reload_client'] = False
@@ -261,6 +271,7 @@ class vimconnector(vimconn.vimconnector):
             # add availablity zone info inside  self.persistent_info
             self._set_availablity_zones()
             self.persistent_info['availability_zone'] = self.availability_zone
+            self.security_groups_id = None  # force to get again security_groups_ids next time they are needed
 
     def __net_os2mano(self, net_list_dict):
         '''Transform the net openstack format to mano format
@@ -401,6 +412,30 @@ class vimconnector(vimconn.vimconnector):
             self.logger.error("General Exception " + str(exception), exc_info=True)
             raise vimconn.vimconnConnectionException(type(exception).__name__ + ": " + str(exception))
 
+    def _get_ids_from_name(self):
+        """
+         Obtain ids from name of tenant and security_groups. Store at self .security_groups_id"
+        :return: None
+        """
+        # get tenant_id if only tenant_name is supplied
+        self._reload_connection()
+        if not self.my_tenant_id:
+            raise vimconn.vimconnConnectionException("Error getting tenant information from name={} id={}".
+                                                     format(self.tenant_name, self.tenant_id))
+        if self.config.get('security_groups') and not self.security_groups_id:
+            # convert from name to id
+            neutron_sg_list = self.neutron.list_security_groups(tenant_id=self.my_tenant_id)["security_groups"]
+
+            self.security_groups_id = []
+            for sg in self.config.get('security_groups'):
+                for neutron_sg in neutron_sg_list:
+                    if sg in (neutron_sg["id"], neutron_sg["name"]):
+                        self.security_groups_id.append(neutron_sg["id"])
+                        break
+                else:
+                    self.security_groups_id = None
+                    raise vimconn.vimconnConnectionException("Not found security group {} for this tenant".format(sg))
+
     def get_tenant_list(self, filter_dict={}):
         '''Obtain tenants of VIM
         filter_dict can contain the following keys:
@@ -1050,15 +1085,22 @@ class vimconnector(vimconn.vimconnector):
             self._reload_connection()
             # metadata_vpci = {}   # For a specific neutron plugin
             block_device_mapping = None
+
             for net in net_list:
                 if not net.get("net_id"):   # skip non connected iface
                     continue
 
-                port_dict={
+                port_dict = {
                     "network_id": net["net_id"],
                     "name": net.get("name"),
                     "admin_state_up": True
                 }
+                if self.config.get("security_groups") and net.get("port_security") is not False and \
+                        not self.config.get("no_port_security_extension"):
+                    if not self.security_groups_id:
+                        self._get_ids_from_name()
+                    port_dict["security_groups"] = self.security_groups_id
+
                 if net["type"]=="virtual":
                     pass
                     # if "vpci" in net:
@@ -1135,9 +1177,6 @@ class vimconnector(vimconn.vimconnector):
             self.logger.debug("name '%s' image_id '%s'flavor_id '%s' net_list_vim '%s' description '%s'",
                               name, image_id, flavor_id, str(net_list_vim), description)
 
-            security_groups = self.config.get('security_groups')
-            if type(security_groups) is str:
-                security_groups = ( security_groups, )
             # cloud config
             config_drive, userdata = self._create_user_data(cloud_config)
 
@@ -1181,10 +1220,12 @@ class vimconnector(vimconn.vimconnector):
             self.logger.debug("nova.servers.create({}, {}, {}, nics={}, security_groups={}, "
                               "availability_zone={}, key_name={}, userdata={}, config_drive={}, "
                               "block_device_mapping={})".format(name, image_id, flavor_id, net_list_vim,
-                                                                security_groups, vm_av_zone, self.config.get('keypair'),
-                                                                userdata, config_drive, block_device_mapping))
+                                                                self.config.get("security_groups"), vm_av_zone,
+                                                                self.config.get('keypair'), userdata, config_drive,
+                                                                block_device_mapping))
             server = self.nova.servers.create(name, image_id, flavor_id, nics=net_list_vim,
-                                              security_groups=security_groups,
+                                              security_groups=self.config.get("security_groups"),
+                                              # TODO remove security_groups in future versions. Already at neutron port
                                               availability_zone=vm_av_zone,
                                               key_name=self.config.get('keypair'),
                                               userdata=userdata,