adt-cloud-worker

Merge lp:~cprov/adt-cloud-worker/uci-nova-neutron-fallback into lp:~canonical-ci-engineering/adt-cloud-worker/uci-nova

  1. uci-nova-neutron-fallback
  2. Merge into uci-nova
Proposed by Celso Providelo
Status: Merged
Merged at revision: 2
Proposed branch: lp:~cprov/adt-cloud-worker/uci-nova-neutron-fallback
Merge into: lp:~canonical-ci-engineering/adt-cloud-worker/uci-nova
Diff against target: 106 lines (+46/-20)
1 file modified
uci-nova (+46/-20)
To merge this branch: bzr merge lp:~cprov/adt-cloud-worker/uci-nova-neutron-fallback
Reviewer Review Type Date Requested Status
Francis Ginther Approve
Review via email: mp+253147@code.launchpad.net

Commit message

Coping with missing neutron security-groups capabilities (cannonistack and stackystack) and falling back to nova security-groups without egress traffic control.

Description of the change

Coping with missing neutron security-groups capabilities (cannonistack and stackystack) and falling back to nova security-groups without egress traffic control.

To post a comment you must log in.
Revision history for this message
Francis Ginther (fginther) wrote :

Tested against both canonistack and bootstack. Bootstack blocked egress traffic as expected, canonistack not so much. Both blocked ingress traffic as expected.

Just one question inline.

review: Needs Information
Revision history for this message
Francis Ginther (fginther) wrote :

Why was --poll removed?

"because it breaks on slow clouds (by reaching nova controller too often) and also because it wasn't really necessary, the scripts polls for ip-address and also ssh access moments later"

Thanks

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'uci-nova'
--- uci-nova 2015-03-12 15:20:04 +0000
+++ uci-nova 2015-03-17 04:16:47 +0000
@@ -115,24 +115,17 @@
115 fi115 fi
116}116}
117117
118# create a testbed (if necessary), configure ssh, copy ssh key into it,118security_setup_nova() {
119# configure sudo, etc.; print a list of "key=value" parameters to stdout on119 debug "Creating specific nova security-group: $SRVNAME"
120# success120 nova secgroup-create $SRVNAME "$SRVNAME testbed"
121# required: login, hostname, and one of identity or password121
122# optional: port, options, capabilities122 debug "Allowing ingress SSH ..."
123open() {123 nova secgroup-add-rule $SRVNAME tcp 22 22 0.0.0.0/0
124 # Boot a nova instance and returns its connection parameters124
125 [ -n "$SRVNAME" ] || SRVNAME=`mktemp -u adt-nova-XXXXXX`125 debug "Egress traffic will respect external Firewall rules ..."
126126}
127 mkdir /tmp/$SRVNAME127
128128security_setup_neutron() {
129 debug "Creating new SSH key on /tmp/$SRVNAME"
130 SSH_IDENTITY=/tmp/$SRVNAME/id_rsa
131 ssh-keygen -f $SSH_IDENTITY -q -N ""
132
133 debug "Creating specific nova keypair: $SRVNAME"
134 nova keypair-add --pub-key $SSH_IDENTITY.pub $SRVNAME
135
136 debug "Creating specific neutron security-group: $SRVNAME"129 debug "Creating specific neutron security-group: $SRVNAME"
137 neutron security-group-create $SRVNAME \130 neutron security-group-create $SRVNAME \
138 --description "$SRVNAME testbed"131 --description "$SRVNAME testbed"
@@ -166,6 +159,31 @@
166 --direction egress \159 --direction egress \
167 --remote-ip-prefix 91.189.88.0/21 \160 --remote-ip-prefix 91.189.88.0/21 \
168 $SRVNAME161 $SRVNAME
162}
163
164# create a testbed (if necessary), configure ssh, copy ssh key into it,
165# configure sudo, etc.; print a list of "key=value" parameters to stdout on
166# success
167open() {
168 # Boot a nova instance and returns its connection parameters
169 [ -n "$SRVNAME" ] || SRVNAME=`mktemp -u adt-nova-XXXXXX`
170
171 mkdir /tmp/$SRVNAME
172
173 debug "Creating new SSH key on /tmp/$SRVNAME"
174 SSH_IDENTITY=/tmp/$SRVNAME/id_rsa
175 ssh-keygen -f $SSH_IDENTITY -q -N ""
176
177 debug "Creating specific nova keypair: $SRVNAME"
178 nova keypair-add --pub-key $SSH_IDENTITY.pub $SRVNAME
179
180 # Setup testbed security with nova or neutron according to their
181 # availability in the target cloud.
182 if ! neutron security-group-list; then
183 security_setup_nova
184 else
185 security_setup_neutron
186 fi
169 187
170 # generate cloud-init user data; mostly for manage_etc_hosts, but also get188 # generate cloud-init user data; mostly for manage_etc_hosts, but also get
171 # rid of some unnecessary stuff in the VM189 # rid of some unnecessary stuff in the VM
@@ -191,7 +209,7 @@
191 OUT=$(nova boot --config-drive=1 \209 OUT=$(nova boot --config-drive=1 \
192 --flavor $FLAVOR --image $IMAGE --user-data $userdata \210 --flavor $FLAVOR --image $IMAGE --user-data $userdata \
193 --key_name $SRVNAME --security-groups $SRVNAME \211 --key_name $SRVNAME --security-groups $SRVNAME \
194 $EXTRA_OPTS --poll $SRVNAME 2>&1) || {212 $EXTRA_OPTS $SRVNAME 2>&1) || {
195 error "nova boot failed:"213 error "nova boot failed:"
196 error "$OUT"214 error "$OUT"
197 exit 1215 exit 1
@@ -268,9 +286,14 @@
268 debug "Deleting /tmp/$SRVNAME SSH keys"286 debug "Deleting /tmp/$SRVNAME SSH keys"
269 rm -rf /tmp/$SRVNAME || true287 rm -rf /tmp/$SRVNAME || true
270288
289 DELETE_CMD="neutron security-group-delete $SRVNAME"
290 if ! neutron security-group-list; then
291 DELETE_CMD="nova secgroup-delete $SRVNAME"
292 fi
293
271 debug "Deleting $SRVNAME security-group"294 debug "Deleting $SRVNAME security-group"
272 retry=3295 retry=3
273 while ! neutron security-group-delete $SRVNAME; do296 while ! eval "$DELETE_CMD"; do
274 retry=$(( retry - 1 ))297 retry=$(( retry - 1 ))
275 if [ $retry -le 0 ]; then298 if [ $retry -le 0 ]; then
276 error "Timed out deleting secgroup. Aborting!"299 error "Timed out deleting secgroup. Aborting!"
@@ -312,6 +335,9 @@
312shift335shift
313parse_args "$@"336parse_args "$@"
314337
338# Don't leave stuff behind ...
339trap "cleanup" 1 2 6 15
340
315case $cmd in341case $cmd in
316 open)342 open)
317 open;;343 open;;

Subscribers

People subscribed via source and target branches