openstack/deb-murano
Code Issues Proposed changes
be6c9ef2c0
deb-murano/meta/io.murano/Classes/SharedIp.yaml
Alexander Tivelkov 247c4bdfb9 Murano can now properly attach VMs to shared networks 
When spawning VMs attached to pre-existing networks murano used to
generate a Heat template with a fixed_ips property for Neutron ports.
This can cause a policy violation if the target network is not owned
by the deploying tenant (i.e. the network is shared by some other
project).

This has been addressed: ExistingNeutronNetwork class no longer
generates the fixed_ips property of the port if the target network is
not owned by a current project.

Change-Id: I0c60a522f4223fdc47f87b950da1a0822a8cbdbe
Closes-bug: #1644797
2016-11-29 18:17:12 +03:00

122 lines
4.3 KiB
YAML
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
Namespaces:
=: io.murano
Name: SharedIp
Extends: CloudResource
Properties:
assignFloatingIp:
Contract: $.bool().notNull()
Default: false
virtualIp:
Contract: $.string()
Usage: Out
floatingIpAddress:
Contract: $.string()
Usage: Out
Methods:
initialize:
Body:
- $._environment: $.find(Environment).require()
- $.instances: []
deploy:
Body:
- If: not $.getAttr(deployed, false)
Then:
- $region: $.getRegion()
- $network: $region.defaultNetworks.environment
- $reporter: $._environment.reporter
- $network.deploy()
- $networkData: $network.describe()
- $aapPortName: format('AllowedAddressPairsPort-{0}', id($))
- $template:
resources:
$aapPortName:
type: 'OS::Neutron::Port'
properties:
network_id: $networkData.netId
replacement_policy: AUTO
outputs:
$aapPortName+'-virtualIp':
value:
get_attr: [$aapPortName, fixed_ips, 0, ip_address]
description: format('SharedIP Address of SharedIp group {0}', id($))
- If: $networkData.subnetId
Then:
- $t:
resources:
$aapPortName:
properties:
fixed_ips:
- subnet_id: $networkData.subnetId
- $template: $template.mergeWith($t)
- $region.stack.updateTemplate($template)
- If: $.assignFloatingIp
Then:
- $extNetId: $networkData.floatingIpNetId
- $fipName: format('Shared-Floating-ip-{0}', id($))
- $template:
resources:
$fipName:
type: 'OS::Neutron::FloatingIP'
properties:
floating_network_id: $extNetId
port_id:
get_resource: $aapPortName
outputs:
$fipName + '-val':
value:
get_attr: [$fipName, floating_ip_address]
description: Shared Floating IP assigned
- $region.stack.updateTemplate($template)
- $reporter.report($this, 'Allocating shared ip address')
- $region.stack.push()
- $outputs: $region.stack.output()
- $.virtualIp: $outputs.get(format('AllowedAddressPairsPort-{0}-virtualIp', id($)))
- $.floatingIpAddress: $outputs.get(format('Shared-Floating-ip-{0}-val', id($)))
- $reporter.report($this, format('Shared IP allocated at {0}', $.virtualIp))
- If: $.assignFloatingIp
Then:
- $reporter.report($this, format('Floating shared IP is {0}', $.floatingIpAddress))
- $.setAttr(deployed, true)
getSharedIpRef:
Body:
- $aapPortName: format('AllowedAddressPairsPort-{0}', id($))
- Return:
get_attr: [$aapPortName, fixed_ips, 0, ip_address]
releaseResources:
Body:
- $region: $.getRegion()
- $template: $region.stack.current()
- $template.resources: $template.resources.delete(format('AllowedAddressPairsPort-{0}', id($)))
- $template.outputs: $template.outputs.delete(format('AllowedAddressPairsPort-{0}-virtualIp', id($)))
- If: $.assignFloatingIp
Then:
- $template.resources: $template.resources.delete(format('Shared-Floating-ip-{0}', id($)))
- $template.outputs: $template.outputs.delete(format('Shared-Floating-ip-{0}-val', id($)))
- $region.stack.setTemplate($template)
- $region.stack.push()
- $.floatingIpAddress: null
- $.virtualIp: null
View Git Blame Copy Permalink