Fixes cloudpipe to get the proper ip address.

* Changes FLAGS.vpn_image_id to integer
* Converts to str when comparing because instance['image_id'] is a str
* Removes unused method from db
* Converts integer_id to ami when launching
* Adds docs for setting up interface in cloudpipe image

13 files changed, 51 insertions, 41 deletions

diff --git a/doc/source/devref/cloudpipe.rst b/doc/source/devref/cloudpipe.rst
index 95570aa1b..15d3160b7 100644
--- a/doc/source/devref/cloudpipe.rst
+++ b/doc/source/devref/cloudpipe.rst
@@ -62,12 +62,18 @@ Making a cloudpipe image is relatively easy.
    :language: bash
    :linenos:
 
-# download and run the payload on boot from /etc/rc.local.
+# download and run the payload on boot from /etc/rc.local
 
 .. literalinclude:: rc.local
    :language: bash
    :linenos:
 
+# setup /etc/network/interfaces
+
+.. literalinclude:: interfaces
+   :language: bash
+   :linenos:
+
 # register the image and set the image id in your flagfile::
 
     --vpn_image_id=ami-xxxxxxxx
diff --git a/doc/source/down.sh b/doc/source/devref/down.sh
index 5c1888870..5c1888870 100644
--- a/doc/source/down.sh
+++ b/doc/source/devref/down.sh
diff --git a/doc/source/devref/interfaces b/doc/source/devref/interfaces
new file mode 100644
index 000000000..b7116aeb7
--- /dev/null
+++ b/doc/source/devref/interfaces
@@ -0,0 +1,17 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto eth0
+iface eth0 inet manual
+  up ifconfig $IFACE 0.0.0.0 up
+  down ifconfig $IFACE down
+
+auto br0
+iface br0 inet dhcp
+  bridge_ports eth0
+
diff --git a/doc/source/up.sh b/doc/source/devref/up.sh
index 073a58e15..073a58e15 100644
--- a/doc/source/up.sh
+++ b/doc/source/devref/up.sh
diff --git a/nova/CA/geninter.sh b/nova/CA/geninter.sh
index 4b7f5a55c..9b3ea3b76 100755
--- a/nova/CA/geninter.sh
+++ b/nova/CA/geninter.sh
@@ -21,7 +21,7 @@ NAME=$1
 SUBJ=$2
 mkdir -p projects/$NAME
 cd projects/$NAME
-cp ../../openssl.cnf.tmpl openssl.cnf
+cp "$(dirname $0)/openssl.cnf.tmpl" openssl.cnf
 sed -i -e s/%USERNAME%/$NAME/g openssl.cnf
 mkdir -p certs crl newcerts private
 openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes
diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index 6a5609d4a..ea94d9c1f 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -266,7 +266,7 @@ class AdminController(object):
     def _vpn_for(self, context, project_id):
         """Get the VPN instance for a project ID."""
         for instance in db.instance_get_all_by_project(context, project_id):
-            if (instance['image_id'] == FLAGS.vpn_image_id
+            if (instance['image_id'] == str(FLAGS.vpn_image_id)
                 and not instance['state_description'] in
                     ['shutting_down', 'shutdown']):
                 return instance
diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index 0e74089be..9f4c0c05e 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -159,7 +159,7 @@ class CloudController(object):
         floating_ip = db.instance_get_floating_address(ctxt,
                                                        instance_ref['id'])
         ec2_id = ec2utils.id_to_ec2_id(instance_ref['id'])
-        image_ec2_id = self._image_ec2_id(instance_ref['image_id'], 'ami')
+        image_ec2_id = self.image_ec2_id(instance_ref['image_id'])
         data = {
             'user-data': base64.b64decode(instance_ref['user_data']),
             'meta-data': {
@@ -188,8 +188,8 @@ class CloudController(object):
 
         for image_type in ['kernel', 'ramdisk']:
             if instance_ref.get('%s_id' % image_type):
-                ec2_id = self._image_ec2_id(instance_ref['%s_id' % image_type],
-                                            self._image_type(image_type))
+                ec2_id = self.image_ec2_id(instance_ref['%s_id' % image_type],
+                                           self._image_type(image_type))
                 data['meta-data']['%s-id' % image_type] = ec2_id
 
         if False:  # TODO(vish): store ancestor ids
@@ -703,13 +703,13 @@ class CloudController(object):
             instances = self.compute_api.get_all(context, **kwargs)
         for instance in instances:
             if not context.is_admin:
-                if instance['image_id'] == FLAGS.vpn_image_id:
+                if instance['image_id'] == str(FLAGS.vpn_image_id):
                     continue
             i = {}
             instance_id = instance['id']
             ec2_id = ec2utils.id_to_ec2_id(instance_id)
             i['instanceId'] = ec2_id
-            i['imageId'] = self._image_ec2_id(instance['image_id'])
+            i['imageId'] = self.image_ec2_id(instance['image_id'])
             i['instanceState'] = {
                 'code': instance['state'],
                 'name': instance['state_description']}
@@ -900,7 +900,7 @@ class CloudController(object):
         return image_type
 
     @staticmethod
-    def _image_ec2_id(image_id, image_type='ami'):
+    def image_ec2_id(image_id, image_type='ami'):
         """Returns image ec2_id using id and three letter type."""
         template = image_type + '-%08x'
         return ec2utils.id_to_ec2_id(int(image_id), template=template)
@@ -919,15 +919,15 @@ class CloudController(object):
         """Convert from format defined by BaseImageService to S3 format."""
         i = {}
         image_type = self._image_type(image.get('container_format'))
-        ec2_id = self._image_ec2_id(image.get('id'), image_type)
+        ec2_id = self.image_ec2_id(image.get('id'), image_type)
         name = image.get('name')
         i['imageId'] = ec2_id
         kernel_id = image['properties'].get('kernel_id')
         if kernel_id:
-            i['kernelId'] = self._image_ec2_id(kernel_id, 'aki')
+            i['kernelId'] = self.image_ec2_id(kernel_id, 'aki')
         ramdisk_id = image['properties'].get('ramdisk_id')
         if ramdisk_id:
-            i['ramdiskId'] = self._image_ec2_id(ramdisk_id, 'ari')
+            i['ramdiskId'] = self.image_ec2_id(ramdisk_id, 'ari')
         i['imageOwnerId'] = image['properties'].get('owner_id')
         if name:
             i['imageLocation'] = "%s (%s)" % (image['properties'].
@@ -978,8 +978,8 @@ class CloudController(object):
         metadata = {'properties': {'image_location': image_location}}
         image = self.image_service.create(context, metadata)
         image_type = self._image_type(image.get('container_format'))
-        image_id = self._image_ec2_id(image['id'],
-                                      image_type)
+        image_id = self.image_ec2_id(image['id'],
+                                     image_type)
         msg = _("Registered image %(image_location)s with"
                 " id %(image_id)s") % locals()
         LOG.audit(msg, context=context)
diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py
index dc6f55af2..7844d31e1 100644
--- a/nova/cloudpipe/pipelib.py
+++ b/nova/cloudpipe/pipelib.py
@@ -101,12 +101,13 @@ class CloudPipe(object):
         key_name = self.setup_key_pair(ctxt)
         group_name = self.setup_security_group(ctxt)
 
+        ec2_id = self.controller.image_ec2_id(FLAGS.vpn_image_id)
         reservation = self.controller.run_instances(ctxt,
             user_data=self.get_encoded_zip(project_id),
             max_count=1,
             min_count=1,
             instance_type='m1.tiny',
-            image_id=FLAGS.vpn_image_id,
+            image_id=ec2_id,
             key_name=key_name,
             security_group=[group_name])
 
diff --git a/nova/compute/manager.py b/nova/compute/manager.py
index fac00e45e..99833de85 100644
--- a/nova/compute/manager.py
+++ b/nova/compute/manager.py
@@ -212,7 +212,7 @@ class ComputeManager(manager.SchedulerDependentManager):
                                    power_state.NOSTATE,
                                    'networking')
 
-        is_vpn = instance_ref['image_id'] == FLAGS.vpn_image_id
+        is_vpn = instance_ref['image_id'] == str(FLAGS.vpn_image_id)
         # NOTE(vish): This could be a cast because we don't do anything
         #             with the address currently, but I'm leaving it as
         #             a call to ensure that network setup completes.  We
diff --git a/nova/db/api.py b/nova/db/api.py
index 1b33d8932..b0c4a31f6 100644
--- a/nova/db/api.py
+++ b/nova/db/api.py
@@ -456,11 +456,6 @@ def instance_get_project_vpn(context, project_id):
     return IMPL.instance_get_project_vpn(context, project_id)
 
 
-def instance_is_vpn(context, instance_id):
-    """True if instance is a vpn."""
-    return IMPL.instance_is_vpn(context, instance_id)
-
-
 def instance_set_state(context, instance_id, state, description=None):
     """Set the state of an instance."""
     return IMPL.instance_set_state(context, instance_id, state, description)
diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
index cd6052506..fb9258238 100644
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -941,7 +941,7 @@ def instance_get_project_vpn(context, project_id):
                    options(joinedload('security_groups')).\
                    options(joinedload('instance_type')).\
                    filter_by(project_id=project_id).\
-                   filter_by(image_id=FLAGS.vpn_image_id).\
+                   filter_by(image_id=str(FLAGS.vpn_image_id)).\
                    filter_by(deleted=can_read_deleted(context)).\
                    first()
 
@@ -981,13 +981,6 @@ def instance_get_floating_address(context, instance_id):
 
 
 @require_admin_context
-def instance_is_vpn(context, instance_id):
-    # TODO(vish): Move this into image code somewhere
-    instance_ref = instance_get(context, instance_id)
-    return instance_ref['image_id'] == FLAGS.vpn_image_id
-
-
-@require_admin_context
 def instance_set_state(context, instance_id, state, description=None):
     # TODO(devcamcar): Move this out of models and into driver
     from nova.compute import power_state
diff --git a/nova/flags.py b/nova/flags.py
index d1b93f0a8..2357fc3a8 100644
--- a/nova/flags.py
+++ b/nova/flags.py
@@ -324,7 +324,7 @@ DEFINE_string('null_kernel', 'nokernel',
               'kernel image that indicates not to use a kernel,'
               ' but to use a raw disk image instead')
 
-DEFINE_string('vpn_image_id', 'ami-cloudpipe', 'AMI for cloudpipe vpn server')
+DEFINE_integer('vpn_image_id', 0, 'integer id for cloudpipe vpn server')
 DEFINE_string('vpn_key_suffix',
               '-vpn',
               'Suffix to add to project name for vpn key and secgroups')
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 5202c838a..85688f739 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1742,11 +1742,16 @@ class NWFilterFirewall(FirewallDriver):
         logging.info('ensuring static filters')
         self._ensure_static_filters()
 
+        if instance['image_id'] == str(FLAGS.vpn_image_id):
+            base_filter = 'nova-vpn'
+        else:
+            base_filter = 'nova-base'
+
         for (network, mapping) in network_info:
             nic_id = mapping['mac'].replace(':', '')
             instance_filter_name = self._instance_filter_name(instance, nic_id)
             self._define_filter(self._filter_container(instance_filter_name,
-                                                       ['nova-base']))
+                                                       [base_filter]))
 
     def _ensure_static_filters(self):
         if self.static_filters_configured:
@@ -1757,11 +1762,12 @@ class NWFilterFirewall(FirewallDriver):
                                                     'no-ip-spoofing',
                                                     'no-arp-spoofing',
                                                     'allow-dhcp-server']))
+        self._define_filter(self._filter_container('nova-vpn',
+                                                   ['allow-dhcp-server']))
         self._define_filter(self.nova_base_ipv4_filter)
         self._define_filter(self.nova_base_ipv6_filter)
         self._define_filter(self.nova_dhcp_filter)
         self._define_filter(self.nova_ra_filter)
-        self._define_filter(self.nova_vpn_filter)
         if FLAGS.allow_project_net_traffic:
             self._define_filter(self.nova_project_filter)
             if FLAGS.use_ipv6:
@@ -1775,14 +1781,6 @@ class NWFilterFirewall(FirewallDriver):
                  ''.join(["<filterref filter='%s'/>" % (f,) for f in filters]))
         return xml
 
-    nova_vpn_filter = '''<filter name='nova-vpn' chain='root'>
-                           <uuid>2086015e-cf03-11df-8c5d-080027c27973</uuid>
-                           <filterref filter='allow-dhcp-server'/>
-                           <filterref filter='nova-allow-dhcp-server'/>
-                           <filterref filter='nova-base-ipv4'/>
-                           <filterref filter='nova-base-ipv6'/>
-                         </filter>'''
-
     def nova_base_ipv4_filter(self):
         retval = "<filter name='nova-base-ipv4' chain='ipv4'>"
         for protocol in ['tcp', 'udp', 'icmp']:
@@ -1845,7 +1843,7 @@ class NWFilterFirewall(FirewallDriver):
         """
         if not network_info:
             network_info = _get_network_info(instance)
-        if instance['image_id'] == FLAGS.vpn_image_id:
+        if instance['image_id'] == str(FLAGS.vpn_image_id):
             base_filter = 'nova-vpn'
         else:
             base_filter = 'nova-base'