Add default public security group

76bd4c77 · Szabolcs Gelencsér · 7507ef24 · 76bd4c77 · 76bd4c77 · 76bd4c77
Commit 76bd4c77 authored Aug 19, 2018 by Szabolcs Gelencsér
Showing with 45 additions and 15 deletions

circle/circle/settings/base.py
+2 -0

circle/dashboard/templates/dashboard/vm-detail.html
+1 -1

circle/dashboard/views/vm.py
+6 -4

circle/network/models.py
+33 -0

circle/vm/operations.py
+3 -10

No files found.
--- a/circle/circle/settings/base.py
+++ b/circle/circle/settings/base.py
@@ -599,6 +599,8 @@ DEFAULT_EXTERNAL_NETWORK_NAME = "Smart1"
 DEFAULT_PUBLIC_ROUTER_NAME_FOR_USER = "default_public"
 DEFAULT_PUBLIC_ROUTED_NET_NAME_FOR_USER = "default_public_routed"

+DEFAULT_PUBLIC_SECURITY_GROUP_FOR_USER = "default_public"
+
 OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="bme"
 OPENSTACK_KEYSTONE_URL="https://proxy.bmec4e.niif.hu:5000"
 WEBSSO_ENABLED = True #TODO: it is always enabled, refactor openstack_auth

--- a/circle/dashboard/templates/dashboard/vm-detail.html
+++ b/circle/dashboard/templates/dashboard/vm-detail.html
@@ -111,7 +111,7 @@
      <h3>{% trans "Connection details" %}</h3>
      <dl class="dl-horizontal vm-details-connection">
        <dt>{% trans "Protocol" %}</dt>
-        <dd>{{ instance.access_method|upper }}</dd>
+        <dd>{{ access_method|upper }}</dd>
          <dt>{% trans "Host" %}</dt>
          <dd>
            {% if instance.get_connect_port %}

--- a/circle/dashboard/views/vm.py
+++ b/circle/dashboard/views/vm.py
@@ -48,7 +48,7 @@ from common.models import (
 )
 from firewall.models import Vlan, Host, Rule
 # from manager.scheduler import SchedulerError
-from network.models import DefaultPublicRouter, DefaultPublicRoutedNet
+from network.models import DefaultPublicRouter, DefaultPublicRoutedNet, DefaultPublicSecurityGroup
 from openstack_api.nova import Server
 from request.forms import TemplateRequestForm, LeaseRequestForm
 from request.models import TemplateAccessType, LeaseType
@@ -139,7 +139,8 @@ class VmDetailView(LoginRequiredMixin, GraphMixin, DetailView):
            # 'connect_commands': user.profile.get_connect_commands(instance),
            'hide_tutorial': hide_tutorial,
            'fav': Favourite.objects.filter(user=user.id, instance=instance.id).exists(),
-            'instance': self.object
+            'instance': self.object,
+            'access_method': 'ssh'
        })

        vm_lease = VmLease.get_or_create_lease(instance.id)
@@ -1088,9 +1089,9 @@ class VmPlainImageCreate(LoginRequiredMixin, TemplateView):
        return self.render_to_response(context)

    def post(self, request, *args, **kwargs):
-        server_created = None
        if request.POST.get("internet_access") or not settings.IS_NET_OMISSION_SUPPORTED:
            default_public_routed_net_id = DefaultPublicRoutedNet.get_id(request)
+            security_group = DefaultPublicSecurityGroup.get(request)
            server_created = openstack_api.nova.server_create(
                request,
                request.POST.get("name"),
@@ -1098,7 +1099,8 @@ class VmPlainImageCreate(LoginRequiredMixin, TemplateView):
                request.POST.get("flavor"),
                nics=({
                    'net-id': default_public_routed_net_id,
-                },)
+                },),
+                security_groups=[security_group.id]
            )
        else:
            server_created = openstack_api.nova.server_create(

--- a/circle/network/models.py
+++ b/circle/network/models.py
@@ -172,3 +172,36 @@ class DefaultPublicRoutedNet(object):
    @classmethod
    def get_id(cls, request):
        return DefaultPublicRoutedNet.__create_if_not_exists(request).id
+
+
+class DefaultPublicSecurityGroup(object):
+    @classmethod
+    def _create_security_group(cls, request):
+        name = settings.DEFAULT_PUBLIC_SECURITY_GROUP_FOR_USER
+        security_group = openstack_api.neutron.security_group_create(request, name, name)
+        openstack_api.neutron.security_group_rule_create(
+            request,
+            security_group.id,
+            "ingress",
+            "IPv4",
+            None, None, None,
+            "0.0.0.0/0", None,
+        )
+        return security_group
+
+    @classmethod
+    def __get(cls, request):
+        sec_groups = openstack_api.neutron.security_group_list(request)
+        sec_groups = [sg for sg in sec_groups if sg.name == settings.DEFAULT_PUBLIC_SECURITY_GROUP_FOR_USER]
+        return sec_groups[0] if len(sec_groups) > 0 else None
+
+    @classmethod
+    def __create_if_not_exists(cls, request):
+        default_public_sg = DefaultPublicSecurityGroup.__get(request)
+        if default_public_sg is None:
+            default_public_sg = DefaultPublicSecurityGroup._create_security_group(request)
+        return default_public_sg
+
+    @classmethod
+    def get(cls, request):
+        return DefaultPublicSecurityGroup.__create_if_not_exists(request)
--- a/circle/vm/operations.py
+++ b/circle/vm/operations.py
@@ -34,6 +34,8 @@ from django.utils import timezone
 from django.utils.translation import ugettext_lazy as _, ugettext_noop
 from django.conf import settings
 from django.db.models import Q
+
+from network.models import DefaultPublicSecurityGroup
 from openstack_api.nova import Server

 from sizefield.utils import filesizeformat
@@ -191,16 +193,7 @@ class AddInterfaceOperation(InstanceOperation):
    def _operation(self, request, user, system, vlan, managed=None):
        interface = openstack_api.nova.interface_attach(request, self.instance, net_id=vlan)

-        security_group = openstack_api.neutron.security_group_create(request, interface.port_id, interface.port_id)
-        # TODO: add UI elements to adjust this
-        openstack_api.neutron.security_group_rule_create(
-            request,
-            security_group.id,
-            "ingress",
-            "IPv4",
-            None, None, None,
-            "0.0.0.0/0", None,
-        )
+        security_group = DefaultPublicSecurityGroup.get(request)
        openstack_api.neutron.port_update(request, interface.port_id, security_groups=[security_group.id])