Security group for OpenStack server provider

Add security group with 'accept all' rule to openstack server provider. Change-Id: I6b34018ef9a3bebb82567e2d1b601896431277ac Closes-Bug: 1262123
2015-11-09 21:34:18 +02:00 · 2015-11-09 21:34:18 +02:00 · e8f2a438c2
commit e8f2a438c2
parent a003008a04
2 changed files with 40 additions and 3 deletions
--- a/rally/deployment/serverprovider/providers/openstack.py
+++ b/rally/deployment/serverprovider/providers/openstack.py
@ -83,7 +83,8 @@ class OpenStackProvider(provider.ProviderFactory):
                "name": "Ubuntu Precise(added by rally)",
                "format": "qcow2",
                "userdata": "#cloud-config\r\n disable_root: false"
-            }
+            },
+            "secgroup_name": "Rally"
        }
    """

@ -128,6 +129,7 @@ class OpenStackProvider(provider.ProviderFactory):
                    }
                ]
            },
+            "secgroup_name": {"type": "string"},
        },
        "additionalProperties": False,
        "required": ["user", "password", "tenant", "deployment_name",
@ -142,6 +144,7 @@ class OpenStackProvider(provider.ProviderFactory):
            region_name=config.get("region"))
        clients = osclients.Clients(user_credential)
        self.nova = clients.nova()
+        self.sg = None
        try:
            self.glance = clients.glance()
        except KeyError:
@ -204,6 +207,22 @@ class OpenStackProvider(provider.ProviderFactory):
    def get_nics(self):
        return self.config.get("nics", None)

+    def create_security_group_and_rules(self):
+        sec_group_name = self.config.get("secgroup_name",
+                                         "rally_security_group")
+        rule_params = {
+            "cidr": "0.0.0.0",
+            "from_port": 0,
+            "to_port": 0,
+            "ip_protocol": "tcp"
+        }
+
+        self.sg = self.nova.security_groups.create(sec_group_name,
+                                                   sec_group_name)
+
+        self.nova.security_group_rules.create(
+            self.sg.id, **rule_params)
+
    def create_servers(self):
        """Create VMs with chosen image."""

@ -213,6 +232,9 @@ class OpenStackProvider(provider.ProviderFactory):
        nics = self.get_nics()

        keypair, public_key_path = self.create_keypair()
+        self.create_security_group_and_rules()
+
+        sg_args = {"security_groups": [self.sg.name]} if self.sg else {}

        os_servers = []
        for i in range(self.config.get("amount", 1)):
@ -222,7 +244,8 @@ class OpenStackProvider(provider.ProviderFactory):
                nics=nics,
                key_name=keypair.name,
                userdata=userdata,
-                config_drive=self.config.get("config_drive", False))
+                config_drive=self.config.get("config_drive", False),
+                **sg_args)
            os_servers.append(server)
            self.resources.create({"id": server.id}, type=SERVER_TYPE)

@ -249,6 +272,13 @@ class OpenStackProvider(provider.ProviderFactory):

        return servers

+    def delete_security_group(self):
+        sg_name = self.config.get("secgroup_name", "rally_security_group")
+        sgs = self.nova.security_groups.list(serch_opts={"name": sg_name})
+        if sgs:
+            for secgroup in sgs:
+                self.nova.security_groups.delete(secgroup.id)
+
    def destroy_servers(self):
        for resource in self.resources.get_all(type=SERVER_TYPE):
            try:
@ -286,3 +316,5 @@ class OpenStackProvider(provider.ProviderFactory):
                         name=resource["info"]["id"]
                         )
                )
+            finally:
+                self.delete_security_group()
--- a/tests/unit/deployment/serverprovider/providers/test_openstack.py
+++ b/tests/unit/deployment/serverprovider/providers/test_openstack.py
@ -201,6 +201,8 @@ class OpenStackProviderTestCase(test.TestCase):
        fake_keypair = mock.Mock()
        fake_keypair.name = "fake_key_name"
        provider = OSProvider(mock.Mock(), self._get_valid_config())
+        provider.sg = mock.Mock(id="33")
+        provider.config["secgroup_name"] = "some_sg"
        provider.nova = mock.Mock()
        provider.get_image_uuid = mock.Mock(return_value="fake_image_uuid")
        provider.get_userdata = mock.Mock(return_value="fake_userdata")
@ -215,6 +217,8 @@ class OpenStackProviderTestCase(test.TestCase):
        fake_instance.addresses = {"private": [{"addr": "1.2.3.4"}]}

        servers = provider.create_servers()
+        provider.nova.security_groups.create.assert_called_once_with(
+            provider.config["secgroup_name"], provider.config["secgroup_name"])

        mock_server.assert_called_once_with(host="1.2.3.4", user="root",
                                            key="fake_path")
@ -222,7 +226,8 @@ class OpenStackProviderTestCase(test.TestCase):
        fake_server.ssh.wait.assert_called_once_with(interval=5, timeout=120)
        provider.nova.servers.create.assert_called_once_with(
            "rally-dep-1-0", "fake_image_uuid", "22", userdata="fake_userdata",
-            nics="fake_nics", key_name="fake_key_name", config_drive=False)
+            nics="fake_nics", key_name="fake_key_name", config_drive=False,
+            security_groups=[provider.sg.name])

    @mock.patch(MOD_NAME + ".osclients")
    def test_get_image_found_by_checksum(self, mock_osclients):