Commit 76bd4c77 by Szabolcs Gelencsér

Add default public security group

parent 7507ef24
...@@ -599,6 +599,8 @@ DEFAULT_EXTERNAL_NETWORK_NAME = "Smart1" ...@@ -599,6 +599,8 @@ DEFAULT_EXTERNAL_NETWORK_NAME = "Smart1"
DEFAULT_PUBLIC_ROUTER_NAME_FOR_USER = "default_public" DEFAULT_PUBLIC_ROUTER_NAME_FOR_USER = "default_public"
DEFAULT_PUBLIC_ROUTED_NET_NAME_FOR_USER = "default_public_routed" DEFAULT_PUBLIC_ROUTED_NET_NAME_FOR_USER = "default_public_routed"
DEFAULT_PUBLIC_SECURITY_GROUP_FOR_USER = "default_public"
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="bme" OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="bme"
OPENSTACK_KEYSTONE_URL="https://proxy.bmec4e.niif.hu:5000" OPENSTACK_KEYSTONE_URL="https://proxy.bmec4e.niif.hu:5000"
WEBSSO_ENABLED = True #TODO: it is always enabled, refactor openstack_auth WEBSSO_ENABLED = True #TODO: it is always enabled, refactor openstack_auth
......
...@@ -111,7 +111,7 @@ ...@@ -111,7 +111,7 @@
<h3>{% trans "Connection details" %}</h3> <h3>{% trans "Connection details" %}</h3>
<dl class="dl-horizontal vm-details-connection"> <dl class="dl-horizontal vm-details-connection">
<dt>{% trans "Protocol" %}</dt> <dt>{% trans "Protocol" %}</dt>
<dd>{{ instance.access_method|upper }}</dd> <dd>{{ access_method|upper }}</dd>
<dt>{% trans "Host" %}</dt> <dt>{% trans "Host" %}</dt>
<dd> <dd>
{% if instance.get_connect_port %} {% if instance.get_connect_port %}
......
...@@ -48,7 +48,7 @@ from common.models import ( ...@@ -48,7 +48,7 @@ from common.models import (
) )
from firewall.models import Vlan, Host, Rule from firewall.models import Vlan, Host, Rule
# from manager.scheduler import SchedulerError # from manager.scheduler import SchedulerError
from network.models import DefaultPublicRouter, DefaultPublicRoutedNet from network.models import DefaultPublicRouter, DefaultPublicRoutedNet, DefaultPublicSecurityGroup
from openstack_api.nova import Server from openstack_api.nova import Server
from request.forms import TemplateRequestForm, LeaseRequestForm from request.forms import TemplateRequestForm, LeaseRequestForm
from request.models import TemplateAccessType, LeaseType from request.models import TemplateAccessType, LeaseType
...@@ -139,7 +139,8 @@ class VmDetailView(LoginRequiredMixin, GraphMixin, DetailView): ...@@ -139,7 +139,8 @@ class VmDetailView(LoginRequiredMixin, GraphMixin, DetailView):
# 'connect_commands': user.profile.get_connect_commands(instance), # 'connect_commands': user.profile.get_connect_commands(instance),
'hide_tutorial': hide_tutorial, 'hide_tutorial': hide_tutorial,
'fav': Favourite.objects.filter(user=user.id, instance=instance.id).exists(), 'fav': Favourite.objects.filter(user=user.id, instance=instance.id).exists(),
'instance': self.object 'instance': self.object,
'access_method': 'ssh'
}) })
vm_lease = VmLease.get_or_create_lease(instance.id) vm_lease = VmLease.get_or_create_lease(instance.id)
...@@ -1088,9 +1089,9 @@ class VmPlainImageCreate(LoginRequiredMixin, TemplateView): ...@@ -1088,9 +1089,9 @@ class VmPlainImageCreate(LoginRequiredMixin, TemplateView):
return self.render_to_response(context) return self.render_to_response(context)
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
server_created = None
if request.POST.get("internet_access") or not settings.IS_NET_OMISSION_SUPPORTED: if request.POST.get("internet_access") or not settings.IS_NET_OMISSION_SUPPORTED:
default_public_routed_net_id = DefaultPublicRoutedNet.get_id(request) default_public_routed_net_id = DefaultPublicRoutedNet.get_id(request)
security_group = DefaultPublicSecurityGroup.get(request)
server_created = openstack_api.nova.server_create( server_created = openstack_api.nova.server_create(
request, request,
request.POST.get("name"), request.POST.get("name"),
...@@ -1098,7 +1099,8 @@ class VmPlainImageCreate(LoginRequiredMixin, TemplateView): ...@@ -1098,7 +1099,8 @@ class VmPlainImageCreate(LoginRequiredMixin, TemplateView):
request.POST.get("flavor"), request.POST.get("flavor"),
nics=({ nics=({
'net-id': default_public_routed_net_id, 'net-id': default_public_routed_net_id,
},) },),
security_groups=[security_group.id]
) )
else: else:
server_created = openstack_api.nova.server_create( server_created = openstack_api.nova.server_create(
......
...@@ -171,4 +171,37 @@ class DefaultPublicRoutedNet(object): ...@@ -171,4 +171,37 @@ class DefaultPublicRoutedNet(object):
@classmethod @classmethod
def get_id(cls, request): def get_id(cls, request):
return DefaultPublicRoutedNet.__create_if_not_exists(request).id return DefaultPublicRoutedNet.__create_if_not_exists(request).id
\ No newline at end of file
class DefaultPublicSecurityGroup(object):
@classmethod
def _create_security_group(cls, request):
name = settings.DEFAULT_PUBLIC_SECURITY_GROUP_FOR_USER
security_group = openstack_api.neutron.security_group_create(request, name, name)
openstack_api.neutron.security_group_rule_create(
request,
security_group.id,
"ingress",
"IPv4",
None, None, None,
"0.0.0.0/0", None,
)
return security_group
@classmethod
def __get(cls, request):
sec_groups = openstack_api.neutron.security_group_list(request)
sec_groups = [sg for sg in sec_groups if sg.name == settings.DEFAULT_PUBLIC_SECURITY_GROUP_FOR_USER]
return sec_groups[0] if len(sec_groups) > 0 else None
@classmethod
def __create_if_not_exists(cls, request):
default_public_sg = DefaultPublicSecurityGroup.__get(request)
if default_public_sg is None:
default_public_sg = DefaultPublicSecurityGroup._create_security_group(request)
return default_public_sg
@classmethod
def get(cls, request):
return DefaultPublicSecurityGroup.__create_if_not_exists(request)
...@@ -34,6 +34,8 @@ from django.utils import timezone ...@@ -34,6 +34,8 @@ from django.utils import timezone
from django.utils.translation import ugettext_lazy as _, ugettext_noop from django.utils.translation import ugettext_lazy as _, ugettext_noop
from django.conf import settings from django.conf import settings
from django.db.models import Q from django.db.models import Q
from network.models import DefaultPublicSecurityGroup
from openstack_api.nova import Server from openstack_api.nova import Server
from sizefield.utils import filesizeformat from sizefield.utils import filesizeformat
...@@ -191,16 +193,7 @@ class AddInterfaceOperation(InstanceOperation): ...@@ -191,16 +193,7 @@ class AddInterfaceOperation(InstanceOperation):
def _operation(self, request, user, system, vlan, managed=None): def _operation(self, request, user, system, vlan, managed=None):
interface = openstack_api.nova.interface_attach(request, self.instance, net_id=vlan) interface = openstack_api.nova.interface_attach(request, self.instance, net_id=vlan)
security_group = openstack_api.neutron.security_group_create(request, interface.port_id, interface.port_id) security_group = DefaultPublicSecurityGroup.get(request)
# TODO: add UI elements to adjust this
openstack_api.neutron.security_group_rule_create(
request,
security_group.id,
"ingress",
"IPv4",
None, None, None,
"0.0.0.0/0", None,
)
openstack_api.neutron.port_update(request, interface.port_id, security_groups=[security_group.id]) openstack_api.neutron.port_update(request, interface.port_id, security_groups=[security_group.id])
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment