This patch allows users to supply a list* of their own security groups to
an instance, rather than using the application defined one (built via
the SecurityGroupManager).
* Note, while we can support multiple security groups, murano-dashboard
currently has no UI element to select multiple items. This means that
currently users are restricted to selecting one group. If/when the
UI is improved this change can easily support multiple groups.
Example
=======
Application authors can make this available in their apps as follows:
UI.yaml
-------
Forms:
- instanceConfiguration:
fields:
...
- name: securityGroups
type: securitygroup
label: Security Group
required: false
Class.yaml:
----------
Application:
?:
type: com.paul.HelloWorld
instance:
?:
type: io.murano.resources.LinuxMuranoInstance
name: $.instanceConfiguration.hostname
securityGroups: $.instanceConfiguration.securityGroups
...
DocImpact
Change-Id: I60d37cfe034c467e894ee93cf3718e463bf49337
Partially-Implements: blueprint app-use-existing-security-group
When deploying an Instance joined to ExistingNeutronNetwork its
ipAddresses property returned an empty list, which was causing most of
the applications to fail. This happened because the responsibility of
managing HOT outputs for the instance IP was moved to the Network
classes and was implemented for the NeutronNetwork but not the
ExistingNeutronNetwork.
This commit moves the logic to the base class for all Neutron networks
and refactors it so that it could be used for them all
Change-Id: I552098683e0faeb66f7c622ea8c1d073a82d6338
Closes-Bug: #1649715
When spawning VMs attached to pre-existing networks murano used to
generate a Heat template with a fixed_ips property for Neutron ports.
This can cause a policy violation if the target network is not owned
by the deploying tenant (i.e. the network is shared by some other
project).
This has been addressed: ExistingNeutronNetwork class no longer
generates the fixed_ips property of the port if the target network is
not owned by a current project.
Change-Id: I0c60a522f4223fdc47f87b950da1a0822a8cbdbe
Closes-bug: #1644797
.init methods of the components are called before
the environment is initialized. Thus regions are not
configured at this point. Thus if the object is not
directly or indirectly owned by the CloudRegion
it cannot call getRegion() from the initializer.
Normally networks do belong to CloudRegion
so there is no problem. However a Network instance
such as ExistingNetwork might be passed to the Instance
class which is not owned by the ClouydRegion and in this
case an exception will be thrown.
Change-Id: I1f3c4f53d4ebc92772c79c9991b19840aa0b0ed7
Closes-Bug: #1633096
After the FormatVersion of core library was updated
there is no mo legacy firstOrDefault() method.
Instead native yaql first(null) must be used
Change-Id: I016d6932ee45e2eeee2147da6370be7f7b585267
Now all OpenStack resource classes inherit CloudResource
that provides getRegion method and regionName property.
This allows to assign resources to different regions.
getRegion() returns CloudRegion instance that resource or it
parent belong to. CloudRegion has the similar interface to
Environment class and is the correct way to get HeatStack
instance associated with the regoin, default network
configuration, security group manager and agent listener
instances. Environment acts as the default region so backward
compatibility is not broken. However new applications
should not use environment to set security group rules but
rather a region(s) of their instance(s) in order to work correctly
when their instances were configured to use region other then
the default.
Change-Id: I4dbf40c65042e9a354f3bfadfcd63a63e6e3e418
Calling describe() method for ExistingNeutronNetwork failed
with exception: Access to uninitialized property "_getSubnetworks"
in class "io.murano.resources.ExistingNeutronNetwork" is forbidden.
Change-Id: I81da23c2ac720af4ec690c4985434c331f6bfe2c
Closes-Bug: #1594821
The Environment class got two additional properties:
region - name of the region where environment should be deployed. If
null then home region is used.
regionConfigs - config property (taken from class config) that specifies
region parameters. It is a dictionary of a form regionName -> regionSettings.
Currently the only setting available is a agentRabbitMq that is itself
a dictionary containing the same options as [rabbitmq] section of murano.conf
Thus the configuration file io.murano.Environment.yaml may look like:
regionConfigs:
RegionOne:
agentRabbitMq:
host: rabbitMqHostName
port: 5672
login: murano
password: murano
virtual_host: /
ssl: false
ca_certs: null
Implements Blueprint: assign-environment-to-region
Change-Id: I3c84c96f8eeae738f83ed7b3691be38100b30e1d
This patch changes the method of getting dns address.
Previously dns could be an empty list, if user didn't configured
'default_dns' settings in murano.conf. Now it is taken from already
created subnet.
Change-Id: I5c6a831738e8d971a12bd81eff42aebc869c9a2e
Related-Bug: #1536651
It is possible that there are several public networks exist.
ExistingNeutronNetwork used to pick first one of them.
Now when internal network name or ID supplied it tries
to find such public network that the internal network has
a common router with.
Change-Id: I252bb5545891903355cf7f8480a2cd76febcfebe
Closes-Bug: #1524322
Provides ability to get following information about network
* network name
* network id
* CIDR Range
* gateway IP
implements bp modify-describe-method
Change-Id: Iff59f5c828e2ede42dd0f35eb68046679cf838d3
describe methods allows to get network-specific information that will
allow refer to it in Heat template
Change-Id: I1e15b2d682a666c1d26ec194e4852fe2757867fe
Closes-Bug: #1442671
YAQL expression for FIP resource were incorrect and left as is (as a string).
Thus there were single resource for FIP with incorrect name instead of resource
per VM
Change-Id: Ieecdfdb0a7fbad82ef4344b4bac1a55656991e9e
Closes-Bug: #1435787
Closes-Bug: #1435961
Also refactores networking code to move networking code from
Instance so that different types of network can be represented by
single simple interface
Implements: blueprint join-existing-neutron-networks
Change-Id: I90afcea6b1c12d7f6f564d8524f5c0d30e1b4686