diff --git a/kloudbuster/base_compute.py b/kloudbuster/base_compute.py index 23b7551..1a45ec1 100644 --- a/kloudbuster/base_compute.py +++ b/kloudbuster/base_compute.py @@ -74,7 +74,7 @@ class BaseCompute(object): availability_zone=avail_zone, userdata=user_data, config_drive=config_drive, - security_groups=[sec_group.id]) + security_groups=[sec_group['id']]) self.res_logger.log('instances', self.vm_name, instance.id) if not instance: @@ -140,63 +140,84 @@ class BaseCompute(object): class SecGroup(object): - - def __init__(self, novaclient): + def __init__(self, novaclient, neutronclient): self.secgroup = None self.secgroup_name = None self.novaclient = novaclient - + self.neutronclient = neutronclient def create_secgroup_with_rules(self, group_name): - group = self.novaclient.security_groups.create(name=group_name, - description="Test sec group") + body = { + 'security_group': { + 'name': group_name, + 'description': 'Test sec group' + } + } + group = self.neutronclient.create_security_group(body)['security_group'] + + body = { + 'security_group_rule': { + 'direction': 'ingress', + 'security_group_id': group['id'], + 'remote_group_id': None + } + } + # Allow ping traffic - self.novaclient.security_group_rules.create(group.id, - ip_protocol="icmp", - from_port=-1, - to_port=-1) + body['security_group_rule']['protocol'] = 'icmp' + body['security_group_rule']['port_range_min'] = None + body['security_group_rule']['port_range_max'] = None + self.neutronclient.create_security_group_rule(body) + # Allow SSH traffic - self.novaclient.security_group_rules.create(group.id, - ip_protocol="tcp", - from_port=22, - to_port=22) + body['security_group_rule']['protocol'] = 'tcp' + body['security_group_rule']['port_range_min'] = 22 + body['security_group_rule']['port_range_max'] = 22 + self.neutronclient.create_security_group_rule(body) + # Allow HTTP traffic - self.novaclient.security_group_rules.create(group.id, - ip_protocol="tcp", - from_port=80, - to_port=80) + body['security_group_rule']['protocol'] = 'tcp' + body['security_group_rule']['port_range_min'] = 80 + body['security_group_rule']['port_range_max'] = 80 + self.neutronclient.create_security_group_rule(body) + # Allow Redis traffic - self.novaclient.security_group_rules.create(group.id, - ip_protocol="tcp", - from_port=6379, - to_port=6379) + body['security_group_rule']['protocol'] = 'tcp' + body['security_group_rule']['port_range_min'] = 6379 + body['security_group_rule']['port_range_max'] = 6379 + self.neutronclient.create_security_group_rule(body) + # Allow Nuttcp traffic - self.novaclient.security_group_rules.create(group.id, - ip_protocol="tcp", - from_port=5000, - to_port=6000) - self.novaclient.security_group_rules.create(group.id, - ip_protocol="tcp", - from_port=12000, - to_port=13000) + body['security_group_rule']['protocol'] = 'tcp' + body['security_group_rule']['port_range_min'] = 5000 + body['security_group_rule']['port_range_max'] = 6000 + self.neutronclient.create_security_group_rule(body) + body['security_group_rule']['protocol'] = 'tcp' + body['security_group_rule']['port_range_min'] = 12000 + body['security_group_rule']['port_range_max'] = 13000 + self.neutronclient.create_security_group_rule(body) + + body['security_group_rule']['protocol'] = 'udp' + body['security_group_rule']['port_range_min'] = 123 + body['security_group_rule']['port_range_max'] = 123 + self.neutronclient.create_security_group_rule(body) + + body['security_group_rule']['protocol'] = 'udp' + body['security_group_rule']['port_range_min'] = 5000 + body['security_group_rule']['port_range_max'] = 6000 + self.neutronclient.create_security_group_rule(body) + + body['security_group_rule']['protocol'] = 'udp' + body['security_group_rule']['port_range_min'] = 12000 + body['security_group_rule']['port_range_max'] = 14000 + self.neutronclient.create_security_group_rule(body) + + body['security_group_rule']['protocol'] = 'udp' + body['security_group_rule']['port_range_min'] = 319 + body['security_group_rule']['port_range_max'] = 320 + self.neutronclient.create_security_group_rule(body) - self.novaclient.security_group_rules.create(group.id, - ip_protocol="udp", - from_port=123, - to_port=123) - self.novaclient.security_group_rules.create(group.id, - ip_protocol="udp", - from_port=5000, - to_port=6000) - self.novaclient.security_group_rules.create(group.id, - ip_protocol="udp", - from_port=12000, - to_port=14000) - self.novaclient.security_group_rules.create(group.id, - ip_protocol="udp", - from_port=319, - to_port=320) self.secgroup = group self.secgroup_name = group_name @@ -211,12 +232,12 @@ class SecGroup(object): for _ in range(10): try: - self.novaclient.security_groups.delete(self.secgroup) + self.neutronclient.delete_security_group(self.secgroup['id']) return True except Exception: time.sleep(2) - LOG.error('Failed while deleting security group %s.' % self.secgroup.id) + LOG.error('Failed while deleting security group %s.' % self.secgroup['id']) return False class KeyPair(object): diff --git a/kloudbuster/base_network.py b/kloudbuster/base_network.py index 97ca0aa..b0afd17 100644 --- a/kloudbuster/base_network.py +++ b/kloudbuster/base_network.py @@ -152,12 +152,12 @@ class BaseNetwork(object): """ # Create the security groups first for secgroup_count in range(config_scale['secgroups_per_network']): - secgroup_instance = base_compute.SecGroup(self.nova_client) + secgroup_instance = base_compute.SecGroup(self.nova_client, self.neutron_client) self.secgroup_list.append(secgroup_instance) secgroup_name = network_prefix + "-SG" + str(secgroup_count) secgroup_instance.create_secgroup_with_rules(secgroup_name) - self.res_logger.log('sec_groups', secgroup_instance.secgroup.name, - secgroup_instance.secgroup.id) + self.res_logger.log('sec_groups', secgroup_instance.secgroup['name'], + secgroup_instance.secgroup['id']) LOG.info("Scheduled to create VMs for network %s..." % network_prefix) diff --git a/requirements.txt b/requirements.txt index f97f311..62c5f06 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,7 +12,7 @@ python-glanceclient>=2.6.0 python-openstackclient>=3.11.0 python-neutronclient>=6.2.0 # migrate security group API to neutron client before moving to nova client 8.0.0 -python-novaclient<8.0.0 +python-novaclient>=8.0.0 python-keystoneclient>=3.10.0 attrdict>=2.0.0 hdrhistogram>=0.5.2