- rspec_nodes.append(rspec_node)
-
- return rspec_nodes
-
-
- def create_project(self, slicename, users, options={}):
- """
- Create the slice if it doesn't alredy exist
- """
- import nova.exception.ProjectNotFound
- try:
- slice = self.driver.shell.auth_manager.get_project(slicename)
- except nova.exception.ProjectNotFound:
- # convert urns to user names
- usernames = [Xrn(user['urn']).get_leaf() for user in users]
- # assume that the first user is the project manager
- proj_manager = usernames[0]
- self.driver.shell.auth_manager.create_project(slicename, proj_manager)
-
- def create_project_users(self, slicename, users, options={}):
- """
- Add requested users to the specified slice.
- """
-
- # There doesn't seem to be an effcient way to
- # look up all the users of a project, so lets not
- # attempt to remove stale users . For now lets just
- # ensure that the specified users exist
- for user in users:
- username = Xrn(user['urn']).get_leaf()
- try:
- self.driver.shell.auth_manager.get_user(username)
- except nova.exception.UserNotFound:
- self.driver.shell.auth_manager.create_user(username)
- self.verify_user_keys(username, user['keys'], options)
-
-
- def verify_user_keys(self, username, keys, options={}):
- """
- Add requested keys.
- """
- append = options.get('append', True)
- existing_keys = self.driver.shell.db.key_pair_get_all_by_user(username)
- existing_pub_keys = [key.public_key for key in existing_keys]
- removed_pub_keys = set(existing_pub_keys).difference(keys)
- added_pub_keys = set(keys).difference(existing_pub_keys)
- pubkeys = []
- # add new keys
- for public_key in added_pub_keys:
- key = {}
- key['user_id'] = username
- key['name'] = username
- key['public'] = public_key
- self.driver.shell.db.key_pair_create(key)
-
- # remove old keys
- if not append:
- for key in existing_keys:
- if key.public_key in removed_pub_keys:
- self.driver.shell.db.key_pair_destroy(username, key.name)
-
- def reserve_instance(self, image_id, kernel_id, ramdisk_id, \
- instance_type, key_name, user_data):
- conn = self.driver.euca_shell
- logger.info('Reserving an instance: image: %s, kernel: ' \
- '%s, ramdisk: %s, type: %s, key: %s' % \
- (image_id, kernel_id, ramdisk_id,
- instance_type, key_name))
- try:
- reservation = conn.run_instances(image_id=image_id,
- kernel_id=kernel_id,
- ramdisk_id=ramdisk_id,
- instance_type=instance_type,
- key_name=key_name,
- user_data = user_data)
- except EC2ResponseError, ec2RespError:
- logger.log_exc(ec2RespError)
-
- def run_instances(self, slicename, rspec, keyname, pubkeys):
- """
- Create the instances thats requested in the rspec
- """
- # the default image to use for instnaces that dont
- # explicitly request an image.
- # Just choose the first available image for now.
- available_images = self.get_available_disk_images()
- default_image = self.get_disk_images()[0]
- default_ami_id = CloudController.image_ec2_id(default_image['ami']['id'])
- default_aki_id = CloudController.image_ec2_id(default_image['aki']['id'])
- default_ari_id = CloudController.image_ec2_id(default_image['ari']['id'])
-
- # get requested slivers
+ rspec_nodes.append(rspec_node)
+
+ return rspec_nodes
+
+ def create_tenant(self, tenant_name):
+ tenants = self.driver.shell.auth_manager.tenants.findall(
+ name=tenant_name)
+ if not tenants:
+ self.driver.shell.auth_manager.tenants.create(
+ tenant_name, tenant_name)
+ tenant = self.driver.shell.auth_manager.tenants.find(
+ name=tenant_name)
+ else:
+ tenant = tenants[0]
+ return tenant
+
+ def create_instance_key(self, slice_hrn, user):
+ slice_name = Xrn(slice_hrn).leaf
+ user_name = Xrn(user['urn']).leaf
+ key_name = "%s_%s" % (slice_name, user_name)
+ pubkey = user['keys'][0]
+ key_found = False
+ existing_keys = self.driver.shell.nova_manager.keypairs.findall(
+ name=key_name)
+ for existing_key in existing_keys:
+ if existing_key.public_key != pubkey:
+ self.driver.shell.nova_manager.keypairs.delete(existing_key)
+ elif existing_key.public_key == pubkey:
+ key_found = True
+
+ if not key_found:
+ self.driver.shell.nova_manager.keypairs.create(key_name, pubkey)
+ return key_name
+
+ def create_security_group(self, slicename, fw_rules=None):
+ if fw_rules is None:
+ fw_rules = []
+ # use default group by default
+ group_name = 'default'
+ if isinstance(fw_rules, list) and fw_rules:
+ # Each sliver get's its own security group.
+ # Keep security group names unique by appending some random
+ # characters on end.
+ random_name = "".join([random.choice(string.letters + string.digits)
+ for i in xrange(6)])
+ group_name = slicename + random_name
+ security_group = SecurityGroup(self.driver)
+ security_group.create_security_group(group_name)
+ for rule in fw_rules:
+ security_group.add_rule_to_group(group_name,
+ protocol=rule.get('protocol'),
+ cidr_ip=rule.get('cidr_ip'),
+ port_range=rule.get(
+ 'port_range'),
+ icmp_type_code=rule.get('icmp_type_code'))
+ # Open ICMP by default
+ security_group.add_rule_to_group(group_name,
+ protocol="icmp",
+ cidr_ip="0.0.0.0/0",
+ icmp_type_code="-1:-1")
+ return group_name
+
+ def add_rule_to_security_group(self, group_name, **kwds):
+ security_group = SecurityGroup(self.driver)
+ security_group.add_rule_to_group(group_name=group_name,
+ protocol=kwds.get('protocol'),
+ cidr_ip=kwds.get('cidr_ip'),
+ icmp_type_code=kwds.get('icmp_type_code'))
+
+ def run_instances(self, instance_name, tenant_name, rspec, key_name, pubkeys):
+ # logger.debug('Reserving an instance: image: %s, flavor: ' \
+ # '%s, key: %s, name: %s' % \
+ # (image_id, flavor_id, key_name, slicename))
+
+ # make sure a tenant exists for this slice
+ tenant = self.create_tenant(tenant_name)
+
+ # add the sfa admin user to this tenant and update our nova client connection
+ # to use these credentials for the rest of this session. This emsures that the instances
+ # we create will be assigned to the correct tenant.
+ sfa_admin_user = self.driver.shell.auth_manager.users.find(
+ name=self.driver.shell.auth_manager.opts['OS_USERNAME'])
+ user_role = self.driver.shell.auth_manager.roles.find(name='user')
+ admin_role = self.driver.shell.auth_manager.roles.find(name='admin')
+ self.driver.shell.auth_manager.roles.add_user_role(
+ sfa_admin_user, admin_role, tenant)
+ self.driver.shell.auth_manager.roles.add_user_role(
+ sfa_admin_user, user_role, tenant)
+ self.driver.shell.nova_manager.connect(tenant=tenant.name)
+
+ authorized_keys = "\n".join(pubkeys)
+ files = {'/root/.ssh/authorized_keys': authorized_keys}