From 7d923d28d673340af1e168f99e7178cd01ea3ac3 Mon Sep 17 00:00:00 2001 From: Soren Hansen Date: Mon, 5 Sep 2011 09:32:14 +0200 Subject: Make a security group rule that references another security group return ipPermission for each of tcp, udp, and icmp. --- nova/api/ec2/cloud.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'nova/api') diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py index fe44191c8..14f5f69e2 100644 --- a/nova/api/ec2/cloud.py +++ b/nova/api/ec2/cloud.py @@ -572,18 +572,25 @@ class CloudController(object): g['ipPermissions'] = [] for rule in group.rules: r = {} - r['ipProtocol'] = rule.protocol - r['fromPort'] = rule.from_port - r['toPort'] = rule.to_port r['groups'] = [] r['ipRanges'] = [] if rule.group_id: source_group = db.security_group_get(context, rule.group_id) r['groups'] += [{'groupName': source_group.name, 'userId': source_group.project_id}] + for protocol, min_port, max_port in (('icmp', -1, -1), + ('tcp', 1, 65535), + ('udp', 1, 65536)): + r['ipProtocol'] = protocol + r['fromPort'] = min_port + r['toPort'] = max_port + g['ipPermissions'] += [dict(r)] else: + r['ipProtocol'] = rule.protocol + r['fromPort'] = rule.from_port + r['toPort'] = rule.to_port r['ipRanges'] += [{'cidrIp': rule.cidr}] - g['ipPermissions'] += [r] + g['ipPermissions'] += [r] return g def _rule_args_to_dict(self, context, kwargs): -- cgit From 2c16115e236760f3933eadd3a5d7d20dda39866d Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Tue, 6 Sep 2011 07:31:39 -0400 Subject: Update the v1.0 rescue admin action and the v1.1 rescue extension to generate 'adminPass'. Fixes an issue where rescue commands were broken on XenServer. lp#838518 --- nova/api/openstack/contrib/rescue.py | 13 ++++++++++--- nova/api/openstack/create_instance_helper.py | 4 ++-- nova/api/openstack/servers.py | 20 ++++++++++++++------ 3 files changed, 26 insertions(+), 11 deletions(-) (limited to 'nova/api') diff --git a/nova/api/openstack/contrib/rescue.py b/nova/api/openstack/contrib/rescue.py index 3de128895..f140664b3 100644 --- a/nova/api/openstack/contrib/rescue.py +++ b/nova/api/openstack/contrib/rescue.py @@ -18,11 +18,14 @@ import webob from webob import exc from nova import compute +from nova import flags from nova import log as logging +from nova import utils from nova.api.openstack import extensions as exts from nova.api.openstack import faults +FLAGS = flags.FLAGS LOG = logging.getLogger("nova.api.contrib.rescue") @@ -30,7 +33,7 @@ def wrap_errors(fn): """"Ensure errors are not passed along.""" def wrapped(*args): try: - fn(*args) + return fn(*args) except Exception, e: return faults.Fault(exc.HTTPInternalServerError()) return wrapped @@ -46,9 +49,13 @@ class Rescue(exts.ExtensionDescriptor): def _rescue(self, input_dict, req, instance_id): """Rescue an instance.""" context = req.environ["nova.context"] - self.compute_api.rescue(context, instance_id) + if input_dict['rescue'] and 'adminPass' in input_dict['rescue']: + password = input_dict["rescue"]["adminPass"] + else: + password = utils.generate_password(FLAGS.password_length) + self.compute_api.rescue(context, instance_id, rescue_password=password) - return webob.Response(status_int=202) + return {'adminPass': password} @wrap_errors def _unrescue(self, input_dict, req, instance_id): diff --git a/nova/api/openstack/create_instance_helper.py b/nova/api/openstack/create_instance_helper.py index 29e071609..9c331f2bc 100644 --- a/nova/api/openstack/create_instance_helper.py +++ b/nova/api/openstack/create_instance_helper.py @@ -316,14 +316,14 @@ class CreateInstanceHelper(object): def _get_server_admin_password_old_style(self, server): """ Determine the admin password for a server on creation """ - return utils.generate_password(16) + return utils.generate_password(FLAGS.password_length) def _get_server_admin_password_new_style(self, server): """ Determine the admin password for a server on creation """ password = server.get('adminPass') if password is None: - return utils.generate_password(16) + return utils.generate_password(FLAGS.password_length) if not isinstance(password, basestring) or password == '': msg = _("Invalid adminPass") raise exc.HTTPBadRequest(explanation=msg) diff --git a/nova/api/openstack/servers.py b/nova/api/openstack/servers.py index 977958f5d..3506a4bca 100644 --- a/nova/api/openstack/servers.py +++ b/nova/api/openstack/servers.py @@ -477,16 +477,22 @@ class Controller(object): return webob.Response(status_int=202) @scheduler_api.redirect_handler - def rescue(self, req, id): + def rescue(self, req, id, body={}): """Permit users to rescue the server.""" context = req.environ["nova.context"] try: - self.compute_api.rescue(context, id) + if 'rescue' in body and body['rescue'] and \ + 'adminPass' in body['rescue']: + password = body["rescue"]["adminPass"] + else: + password = utils.generate_password(FLAGS.password_length) + self.compute_api.rescue(context, id, rescue_password=password) except Exception: readable = traceback.format_exc() LOG.exception(_("compute.api::rescue %s"), readable) raise exc.HTTPUnprocessableEntity() - return webob.Response(status_int=202) + + return {'adminPass': password} @scheduler_api.redirect_handler def unrescue(self, req, id): @@ -618,7 +624,7 @@ class ControllerV10(Controller): LOG.debug(msg) raise exc.HTTPBadRequest(explanation=msg) - password = utils.generate_password(16) + password = utils.generate_password(FLAGS.password_length) try: self.compute_api.rebuild(context, instance_id, image_id, password) @@ -760,8 +766,10 @@ class ControllerV11(Controller): self._validate_metadata(metadata) self._decode_personalities(personalities) - password = info["rebuild"].get("adminPass", - utils.generate_password(16)) + if 'rebuild' in info and 'adminPass' in info['rebuild']: + password = info["rebuild"]["adminPass"] + else: + password = utils.generate_password(FLAGS.password_length) try: self.compute_api.rebuild(context, instance_id, image_href, -- cgit From 6fafde1fa52d1eba0c77f403b9e2a6f77b5379cd Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Mon, 12 Sep 2011 09:20:11 -0400 Subject: Make quoting consistent. --- nova/api/openstack/contrib/rescue.py | 2 +- nova/api/openstack/servers.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'nova/api') diff --git a/nova/api/openstack/contrib/rescue.py b/nova/api/openstack/contrib/rescue.py index f140664b3..2e5dbab73 100644 --- a/nova/api/openstack/contrib/rescue.py +++ b/nova/api/openstack/contrib/rescue.py @@ -50,7 +50,7 @@ class Rescue(exts.ExtensionDescriptor): """Rescue an instance.""" context = req.environ["nova.context"] if input_dict['rescue'] and 'adminPass' in input_dict['rescue']: - password = input_dict["rescue"]["adminPass"] + password = input_dict['rescue']['adminPass'] else: password = utils.generate_password(FLAGS.password_length) self.compute_api.rescue(context, instance_id, rescue_password=password) diff --git a/nova/api/openstack/servers.py b/nova/api/openstack/servers.py index 49f267eb9..2c6f9724c 100644 --- a/nova/api/openstack/servers.py +++ b/nova/api/openstack/servers.py @@ -483,7 +483,7 @@ class Controller(object): try: if 'rescue' in body and body['rescue'] and \ 'adminPass' in body['rescue']: - password = body["rescue"]["adminPass"] + password = body['rescue']['adminPass'] else: password = utils.generate_password(FLAGS.password_length) self.compute_api.rescue(context, id, rescue_password=password) @@ -767,7 +767,7 @@ class ControllerV11(Controller): self._decode_personalities(personalities) if 'rebuild' in info and 'adminPass' in info['rebuild']: - password = info["rebuild"]["adminPass"] + password = info['rebuild']['adminPass'] else: password = utils.generate_password(FLAGS.password_length) -- cgit From 63c4cc459a5b27040610ca9071ac578ecd43c059 Mon Sep 17 00:00:00 2001 From: Soren Hansen Date: Thu, 15 Sep 2011 18:15:19 +0200 Subject: Return three rules for describe_security_groups if a rule refers to a foreign group, but does not specify protocol/port. --- nova/api/ec2/cloud.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'nova/api') diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py index 14f5f69e2..5c876a3b7 100644 --- a/nova/api/ec2/cloud.py +++ b/nova/api/ec2/cloud.py @@ -578,13 +578,19 @@ class CloudController(object): source_group = db.security_group_get(context, rule.group_id) r['groups'] += [{'groupName': source_group.name, 'userId': source_group.project_id}] - for protocol, min_port, max_port in (('icmp', -1, -1), - ('tcp', 1, 65535), - ('udp', 1, 65536)): - r['ipProtocol'] = protocol - r['fromPort'] = min_port - r['toPort'] = max_port + if rule.protocol: + r['ipProtocol'] = rule.protocol + r['fromPort'] = rule.from_port + r['toPort'] = rule.to_port g['ipPermissions'] += [dict(r)] + else: + for protocol, min_port, max_port in (('icmp', -1, -1), + ('tcp', 1, 65535), + ('udp', 1, 65536)): + r['ipProtocol'] = protocol + r['fromPort'] = min_port + r['toPort'] = max_port + g['ipPermissions'] += [dict(r)] else: r['ipProtocol'] = rule.protocol r['fromPort'] = rule.from_port -- cgit