- def verify_user_keys(self, username, keys, options={}):
- """
- Add requested keys.
- """
- append = options.get('append', True)
- existing_keys = self.driver.shell.db.key_pair_get_all_by_user(username)
- existing_pub_keys = [key.public_key for key in existing_keys]
- removed_pub_keys = set(existing_pub_keys).difference(keys)
- added_pub_keys = set(keys).difference(existing_pub_keys)
- pubkeys = []
- # add new keys
- for public_key in added_pub_keys:
- key = {}
- key['user_id'] = username
- key['name'] = username
- key['public'] = public_key
- self.driver.shell.db.key_pair_create(key)
-
- # remove old keys
- if not append:
- for key in existing_keys:
- if key.public_key in removed_pub_keys:
- self.driver.shell.db.key_pair_destroy(username, key.name)
-
- def reserve_instance(self, image_id, kernel_id, ramdisk_id, \
- instance_type, key_name, user_data):
- conn = self.driver.euca_shell
- logger.info('Reserving an instance: image: %s, kernel: ' \
- '%s, ramdisk: %s, type: %s, key: %s' % \
- (image_id, kernel_id, ramdisk_id,
- instance_type, key_name))
- try:
- reservation = conn.run_instances(image_id=image_id,
- kernel_id=kernel_id,
- ramdisk_id=ramdisk_id,
- instance_type=instance_type,
- key_name=key_name,
- user_data = user_data)
- except EC2ResponseError, ec2RespError:
- logger.log_exc(ec2RespError)
-
- def run_instances(self, slicename, rspec, keyname, pubkeys):
- """
- Create the instances thats requested in the rspec
- """
- # the default image to use for instnaces that dont
- # explicitly request an image.
- # Just choose the first available image for now.
- available_images = self.get_available_disk_images()
- default_image = self.get_disk_images()[0]
- default_ami_id = CloudController.image_ec2_id(default_image['ami']['id'])
- default_aki_id = CloudController.image_ec2_id(default_image['aki']['id'])
- default_ari_id = CloudController.image_ec2_id(default_image['ari']['id'])
-
- # get requested slivers
+ def create_security_group(self, slicename, fw_rules=[]):
+ # use default group by default
+ group_name = 'default'
+ if isinstance(fw_rules, list) and fw_rules:
+ # Each sliver get's its own security group.
+ # Keep security group names unique by appending some random
+ # characters on end.
+ random_name = "".join([random.choice(string.letters+string.digits)
+ for i in xrange(6)])
+ group_name = slicename + random_name
+ security_group = SecurityGroup(self.driver)
+ security_group.create_security_group(group_name)
+ for rule in fw_rules:
+ security_group.add_rule_to_group(group_name,
+ protocol = rule.get('protocol'),
+ cidr_ip = rule.get('cidr_ip'),
+ port_range = rule.get('port_range'),
+ icmp_type_code = rule.get('icmp_type_code'))
+ return group_name
+
+ def add_rule_to_security_group(self, group_name, **kwds):
+ security_group = SecurityGroup(self.driver)
+ security_group.add_rule_to_group(group_name=group_name,
+ protocol=kwds.get('protocol'),
+ cidr_ip =kwds.get('cidr_ip'),
+ icmp_type_code = kwds.get('icmp_type_code'))
+
+
+
+ def run_instances(self, instance_name, tenant_name, rspec, key_name, pubkeys):
+ #logger.debug('Reserving an instance: image: %s, flavor: ' \
+ # '%s, key: %s, name: %s' % \
+ # (image_id, flavor_id, key_name, slicename))
+
+ # make sure a tenant exists for this slice
+ tenant = self.create_tenant(tenant_name)
+
+ # add the sfa admin user to this tenant and update our nova client connection
+ # to use these credentials for the rest of this session. This emsures that the instances
+ # we create will be assigned to the correct tenant.
+ sfa_admin_user = self.driver.shell.auth_manager.users.find(name=self.driver.shell.auth_manager.opts['OS_USERNAME'])
+ user_role = self.driver.shell.auth_manager.roles.find(name='user')
+ admin_role = self.driver.shell.auth_manager.roles.find(name='admin')
+ self.driver.shell.auth_manager.roles.add_user_role(sfa_admin_user, admin_role, tenant)
+ self.driver.shell.auth_manager.roles.add_user_role(sfa_admin_user, user_role, tenant)
+ self.driver.shell.nova_manager.connect(tenant=tenant.name)
+
+ authorized_keys = "\n".join(pubkeys)
+ files = {'/root/.ssh/authorized_keys': authorized_keys}