adt-cloud-worker

Merge lp:~cprov/adt-cloud-worker/uci-nova-neutron-fallback into lp:~canonical-ci-engineering/adt-cloud-worker/uci-nova

uci-nova-neutron-fallback
Merge into uci-nova

Proposed by Celso Providelo on 2015-03-17

Status:	Merged
Merged at revision:	2
Proposed branch:	lp:~cprov/adt-cloud-worker/uci-nova-neutron-fallback
Merge into:	lp:~canonical-ci-engineering/adt-cloud-worker/uci-nova
Diff against target:	106 lines (+46/-20) 1 file modified uci-nova (+46/-20)
To merge this branch:	bzr merge lp:~cprov/adt-cloud-worker/uci-nova-neutron-fallback
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Francis Ginther		2015-03-17	Approve on 2015-03-17
Review via email: mp+253147@code.launchpad.net

Commit message

Coping with missing neutron security-groups capabilities (cannonistack and stackystack) and falling back to nova security-groups without egress traffic control.

Description of the change

Coping with missing neutron security-groups capabilities (cannonistack and stackystack) and falling back to nova security-groups without egress traffic control.

Revision history for this message

Francis Ginther (fginther) wrote on 2015-03-17:

Tested against both canonistack and bootstack. Bootstack blocked egress traffic as expected, canonistack not so much. Both blocked ingress traffic as expected.

Just one question inline.

review: Needs Information

Revision history for this message

Francis Ginther (fginther) wrote on 2015-03-17:

Why was --poll removed?

"because it breaks on slow clouds (by reaching nova controller too often) and also because it wasn't really necessary, the scripts polls for ip-address and also ssh access moments later"

Thanks

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Canonical CI Engineering

Celso Providelo

 === modified file 'uci-nova'
 --- uci-nova	2015-03-12 15:20:04 +0000
 +++ uci-nova	2015-03-17 04:16:47 +0000
@@ -115,24 +115,17 @@
      fi
+ }
--# create a testbed (if necessary), configure ssh, copy ssh key into it,
--# configure sudo, etc.; print a list of "key=value" parameters to stdout on
--# success
--# required: login, hostname, and one of identity or password
--# optional: port, options, capabilities
--open() {
--    # Boot a nova instance and returns its connection parameters
--    [ -n "$SRVNAME" ] || SRVNAME=`mktemp -u adt-nova-XXXXXX`
--
--    mkdir /tmp/$SRVNAME
--
--    debug "Creating new SSH key on /tmp/$SRVNAME"
--    SSH_IDENTITY=/tmp/$SRVNAME/id_rsa
--    ssh-keygen -f $SSH_IDENTITY -q -N ""
--
--    debug "Creating specific nova keypair: $SRVNAME"
--    nova keypair-add --pub-key $SSH_IDENTITY.pub $SRVNAME
--
++security_setup_nova() {
++    debug "Creating specific nova security-group: $SRVNAME"
++    nova secgroup-create $SRVNAME "$SRVNAME testbed"
++
++    debug "Allowing ingress SSH ..."
++    nova secgroup-add-rule $SRVNAME tcp 22 22 0.0.0.0/0
++
++    debug "Egress traffic will respect external Firewall rules ..."
++}
++
++security_setup_neutron() {
      debug "Creating specific neutron security-group: $SRVNAME"
      neutron security-group-create $SRVNAME \
  	--description "$SRVNAME testbed"
@@ -166,6 +159,31 @@
      	--direction egress \
      	--remote-ip-prefix 91.189.88.0/21 \
      	$SRVNAME
++}
++
++# create a testbed (if necessary), configure ssh, copy ssh key into it,
++# configure sudo, etc.; print a list of "key=value" parameters to stdout on
++# success
++open() {
++    # Boot a nova instance and returns its connection parameters
++    [ -n "$SRVNAME" ] || SRVNAME=`mktemp -u adt-nova-XXXXXX`
++
++    mkdir /tmp/$SRVNAME
++
++    debug "Creating new SSH key on /tmp/$SRVNAME"
++    SSH_IDENTITY=/tmp/$SRVNAME/id_rsa
++    ssh-keygen -f $SSH_IDENTITY -q -N ""
++
++    debug "Creating specific nova keypair: $SRVNAME"
++    nova keypair-add --pub-key $SSH_IDENTITY.pub $SRVNAME
++
++    # Setup testbed security with nova or neutron according to their
++    # availability in the target cloud.
++    if ! neutron security-group-list; then
++	security_setup_nova
++    else
++        security_setup_neutron
++    fi
      # generate cloud-init user data; mostly for manage_etc_hosts, but also get
      # rid of some unnecessary stuff in the VM
@@ -191,7 +209,7 @@
      OUT=$(nova boot --config-drive=1 \
  	  --flavor $FLAVOR --image $IMAGE --user-data $userdata \
            --key_name $SRVNAME --security-groups $SRVNAME \
--	  $EXTRA_OPTS --poll $SRVNAME 2>&1) || {
++	  $EXTRA_OPTS $SRVNAME 2>&1) || {
          error "nova boot failed:"
          error "$OUT"
          exit 1
@@ -268,9 +286,14 @@
      debug "Deleting /tmp/$SRVNAME SSH keys"
      rm -rf /tmp/$SRVNAME || true
++    DELETE_CMD="neutron security-group-delete $SRVNAME"
++    if ! neutron security-group-list; then
++	DELETE_CMD="nova secgroup-delete $SRVNAME"
++    fi
++
      debug "Deleting $SRVNAME security-group"
      retry=3
--    while ! neutron security-group-delete $SRVNAME; do
++    while ! eval "$DELETE_CMD"; do
          retry=$(( retry - 1 ))
          if [ $retry -le 0 ]; then
              error "Timed out deleting secgroup. Aborting!"
@@ -312,6 +335,9 @@
  shift
  parse_args "$@"
++# Don't leave stuff behind ...
++trap "cleanup" 1 2 6 15
++
  case $cmd in
      open)
          open;;