Move vpn_image_id to pipelib

Apart from checking whether a given image is the cloudpipe image, the
vpn_image_id option is only used within pipelib itself.

Add a is_vpn_image() helper method and move the option into pipelib.
Some rejiggering of how pipelib imports ec2 opts is required to avoid
circular imports.

blueprint: scope-config-opts
Change-Id: Ie984b2bb81681c24d3cee803082960083992a535

nova/api/ec2/cloud.py

@@ -30,6 +30,7 @@ from nova.api.ec2 import inst_state
 from nova.api import validator
 from nova import availability_zones
 from nova import block_device
+from nova.cloudpipe import pipelib
 from nova import compute
 from nova.compute import api as compute_api
 from nova.compute import instance_types
@@ -71,7 +72,6 @@ ec2_opts = [
 CONF = cfg.CONF
 CONF.register_opts(ec2_opts)
 CONF.import_opt('my_ip', 'nova.config')
-CONF.import_opt('vpn_image_id', 'nova.config')
 CONF.import_opt('vpn_key_suffix', 'nova.config')
 CONF.import_opt('internal_service_availability_zone',
         'nova.availability_zones')
@@ -1132,7 +1132,7 @@ class CloudController(object):
 
         for instance in instances:
             if not context.is_admin:
-                if instance['image_ref'] == str(CONF.vpn_image_id):
+                if pipelib.is_vpn_image(instance['image_ref']):
                     continue
             i = {}
             instance_uuid = instance['uuid']

nova/api/openstack/compute/contrib/cloudpipe.py

@@ -31,7 +31,6 @@ from nova.openstack.common import timeutils
 from nova import utils
 
 CONF = cfg.CONF
-CONF.import_opt('vpn_image_id', 'nova.config')
 LOG = logging.getLogger(__name__)
 authorize = extensions.extension_authorizer('compute', 'cloudpipe')
 
@@ -77,7 +76,7 @@ class CloudpipeController(object):
         instances = self.compute_api.get_all(context,
                                              search_opts={'deleted': False})
         return [instance for instance in instances
-                if instance['image_ref'] == str(CONF.vpn_image_id)
+                if pipelib.is_vpn_image(instance['image_ref'])
                 and instance['vm_state'] != vm_states.DELETED]
 
     def _get_cloudpipe_for_project(self, context, project_id):

nova/cloudpipe/pipelib.py

@@ -39,6 +39,9 @@ from nova import utils
 
 
 cloudpipe_opts = [
+    cfg.StrOpt('vpn_image_id',
+               default='0',
+               help='image id used when starting up a cloudpipe vpn server'),
     cfg.StrOpt('vpn_instance_type',
                default='m1.tiny',
                help=_('Instance type for vpn instances')),
@@ -55,15 +58,33 @@ cloudpipe_opts = [
 
 CONF = cfg.CONF
 CONF.register_opts(cloudpipe_opts)
-CONF.import_opt('ec2_dmz_host', 'nova.api.ec2.cloud')
-CONF.import_opt('ec2_port', 'nova.api.ec2.cloud')
-CONF.import_opt('vpn_image_id', 'nova.config')
 CONF.import_opt('vpn_key_suffix', 'nova.config')
-CONF.import_opt('cnt_vpn_clients', 'nova.network.manager')
 
 LOG = logging.getLogger(__name__)
 
 
+def is_vpn_image(image_id):
+    return image_id == CONF.vpn_image_id
+
+
+def _load_boot_script():
+    shellfile = open(CONF.boot_script_template, "r")
+    try:
+        s = string.Template(shellfile.read())
+    finally:
+        shellfile.close()
+
+    CONF.import_opt('ec2_dmz_host', 'nova.api.ec2.cloud')
+    CONF.import_opt('ec2_port', 'nova.api.ec2.cloud')
+    CONF.import_opt('cnt_vpn_clients', 'nova.network.manager')
+
+    return s.substitute(cc_dmz=CONF.ec2_dmz_host,
+                        cc_port=CONF.ec2_port,
+                        dmz_net=CONF.dmz_net,
+                        dmz_mask=CONF.dmz_mask,
+                        num_vpn=CONF.cnt_vpn_clients)
+
+
 class CloudPipe(object):
     def __init__(self):
         self.compute_api = compute.API()
@@ -74,14 +95,7 @@ class CloudPipe(object):
             filename = "payload.zip"
             zippath = os.path.join(tmpdir, filename)
             z = zipfile.ZipFile(zippath, "w", zipfile.ZIP_DEFLATED)
-            shellfile = open(CONF.boot_script_template, "r")
+            boot_script = _load_boot_script()
-            s = string.Template(shellfile.read())
-            shellfile.close()
-            boot_script = s.substitute(cc_dmz=CONF.ec2_dmz_host,
-                                       cc_port=CONF.ec2_port,
-                                       dmz_net=CONF.dmz_net,
-                                       dmz_mask=CONF.dmz_mask,
-                                       num_vpn=CONF.cnt_vpn_clients)
             # genvpn, sign csr
             crypto.generate_vpn_files(project_id)
             z.writestr('autorun.sh', boot_script)

nova/compute/manager.py

@@ -42,6 +42,7 @@ import uuid
 from eventlet import greenthread
 
 from nova import block_device
+from nova.cloudpipe import pipelib
 from nova import compute
 from nova.compute import instance_types
 from nova.compute import power_state
@@ -177,7 +178,6 @@ CONF.import_opt('host', 'nova.config')
 CONF.import_opt('my_ip', 'nova.config')
 CONF.import_opt('network_manager', 'nova.service')
 CONF.import_opt('reclaim_instance_interval', 'nova.config')
-CONF.import_opt('vpn_image_id', 'nova.config')
 CONF.import_opt('my_ip', 'nova.config')
 
 QUOTAS = quota.QUOTAS
@@ -938,7 +938,7 @@ class ComputeManager(manager.SchedulerDependentManager):
                               vm_state=vm_states.BUILDING,
                               task_state=task_states.NETWORKING,
                               expected_task_state=None)
-        is_vpn = instance['image_ref'] == str(CONF.vpn_image_id)
+        is_vpn = pipelib.is_vpn_image(instance['image_ref'])
         try:
             # allocate and get network info
             network_info = self.network_api.allocate_for_instance(

nova/config.py

@@ -47,9 +47,6 @@ global_opts = [
     cfg.StrOpt('my_ip',
                default=_get_my_ip(),
                help='ip address of this host'),
-    cfg.StrOpt('vpn_image_id',
-               default='0',
-               help='image id used when starting up a cloudpipe vpn server'),
     cfg.StrOpt('vpn_key_suffix',
                default='-vpn',
                help='Suffix to add to project name for vpn key and secgroups'),

nova/tests/api/openstack/compute/contrib/test_cloudpipe.py

@@ -28,7 +28,7 @@ from nova.tests import matchers
 from nova import utils
 
 CONF = cfg.CONF
-CONF.import_opt('vpn_image_id', 'nova.config')
+CONF.import_opt('vpn_image_id', 'nova.cloudpipe.pipelib')
 
 
 def fake_vpn_instance():

nova/tests/integrated/test_api_samples.py

@@ -51,7 +51,7 @@ CONF = cfg.CONF
 CONF.import_opt('allow_resize_to_same_host', 'nova.compute.api')
 CONF.import_opt('osapi_compute_extension',
                 'nova.api.openstack.compute.extensions')
-CONF.import_opt('vpn_image_id', 'nova.config')
+CONF.import_opt('vpn_image_id', 'nova.cloudpipe.pipelib')
 CONF.import_opt('osapi_compute_link_prefix', 'nova.api.openstack.common')
 CONF.import_opt('osapi_glance_link_prefix', 'nova.api.openstack.common')
 LOG = logging.getLogger(__name__)

nova/virt/libvirt/firewall.py

@@ -20,6 +20,7 @@
 
 from eventlet import tpool
 
+from nova.cloudpipe import pipelib
 from nova.openstack.common import cfg
 from nova.openstack.common import log as logging
 import nova.virt.firewall as base_firewall
@@ -27,7 +28,6 @@ import nova.virt.firewall as base_firewall
 LOG = logging.getLogger(__name__)
 CONF = cfg.CONF
 CONF.import_opt('use_ipv6', 'nova.config')
-CONF.import_opt('vpn_image_id', 'nova.config')
 
 try:
     import libvirt
@@ -117,7 +117,7 @@ class NWFilterFirewall(base_firewall.FirewallDriver):
             if mapping['dhcp_server']:
                 allow_dhcp = True
                 break
-        if instance['image_ref'] == str(CONF.vpn_image_id):
+        if pipelib.is_vpn_image(instance['image_ref']):
             base_filter = 'nova-vpn'
         elif allow_dhcp:
             base_filter = 'nova-base'