From d05dbe3ac253d2a7e1a84fe6fccf952d38539d9f Mon Sep 17 00:00:00 2001 From: Benjamin Weder Date: Sat, 18 Nov 2023 12:56:48 +0100 Subject: [PATCH 1/2] Add functionality to open ports in OpenStack IA --- .../OpenStack_CloudProviderInterface.war | 4 +- ...enStackCloudProviderInterfaceEndpoint.java | 48 ++++++++++++------- .../main/resources/cloudProviderInterface.xsd | 2 +- 3 files changed, 34 insertions(+), 20 deletions(-) diff --git a/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/files/OpenStack_CloudProviderInterface.war b/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/files/OpenStack_CloudProviderInterface.war index 778351c..e534e5d 100644 --- a/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/files/OpenStack_CloudProviderInterface.war +++ b/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/files/OpenStack_CloudProviderInterface.war @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ae1f7f61fa89a5992743457a8147702d4ff55e9a3b483148b2083739bddcfc4a -size 34360016 +oid sha256:5b4fffd6c8bb816ca186d2e10f991fa48014de1ff88f9f87b9c0448f1b234f2c +size 34360551 diff --git a/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/java/org/opentosca/artifacttemplates/openstack/OpenStackCloudProviderInterfaceEndpoint.java b/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/java/org/opentosca/artifacttemplates/openstack/OpenStackCloudProviderInterfaceEndpoint.java index c4ff205..c88d99f 100644 --- a/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/java/org/opentosca/artifacttemplates/openstack/OpenStackCloudProviderInterfaceEndpoint.java +++ b/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/java/org/opentosca/artifacttemplates/openstack/OpenStackCloudProviderInterfaceEndpoint.java @@ -17,7 +17,9 @@ import org.openstack4j.model.compute.Address; import org.openstack4j.model.compute.Flavor; import org.openstack4j.model.compute.FloatingIP; +import org.openstack4j.model.compute.IPProtocol; import org.openstack4j.model.compute.Image; +import org.openstack4j.model.compute.SecGroupExtension; import org.openstack4j.model.compute.Server; import org.openstack4j.model.compute.Server.Status; import org.openstack4j.model.compute.ServerCreate; @@ -102,15 +104,6 @@ public void createVM(@RequestPayload CreateVMRequest request, MessageContext mes } } - String securityGroup = "default"; - if (request.getVMSecurityGroup() != null && !request.getVMSecurityGroup().isEmpty()) { - securityGroup = request.getVMSecurityGroup(); - if (!securityGroup.contains("default")) { - securityGroup = "default," + securityGroup; - } - } - logger.info("Received security groups {}", securityGroup); - // Create OpenStack client OSClient osClient = authenticate(request); @@ -160,6 +153,34 @@ public void createVM(@RequestPayload CreateVMRequest request, MessageContext mes return; } + // add defined security group or create new security group with defined open ports + String securityGroup; + if (request.getVMSecurityGroup() != null && !request.getVMSecurityGroup().isEmpty()) { + logger.info("Adding configured security group: {}", request.getVMSecurityGroup()); + securityGroup = request.getVMSecurityGroup(); + } else{ + logger.info("Creating new security group to open ports: {}", request.getVMOpenPorts()); + + // create security group + SecGroupExtension group = osClient.compute().securityGroups().create("OpenTOSCA-" + System.currentTimeMillis(), "OpenTOSCA security group"); + securityGroup = group.getName(); + logger.info("Created new security group with name: {}", securityGroup); + + // open ports within security group + String[] ports = request.getVMOpenPorts().split(","); + logger.info("Opening {} ports...", ports.length); + for (String port :ports){ + logger.info("Opening port: {}", port); + osClient.compute().securityGroups() + .createRule(Builders.secGroupRule() + .parentGroupId(group.getId()) + .protocol(IPProtocol.TCP) + .cidr("0.0.0.0/0") + .range(Integer.parseInt(port), Integer.parseInt(port)).build()); + } + } + logger.info("Resulting security group: {}", securityGroup); + // Get Networks based on Type String List availableNetworks = osClient.networking().network().list(); logger.info("Found "+ availableNetworks.size() + " Networks"); @@ -231,16 +252,9 @@ public void createVM(@RequestPayload CreateVMRequest request, MessageContext mes .flavor(flavor) .image(image) .networks(availableNetworksIds) + .addSecurityGroup(securityGroup) .keypairName(request.getVMKeyPairName()); - for (String secGroup : securityGroup.split(",")) { - String trim = secGroup.trim(); - if (!trim.isEmpty()) { - serverCreateBuilder.addSecurityGroup(trim); - logger.info("Added security group {}", trim); - } - } - ServerCreate sc = serverCreateBuilder.build(); // Start Server diff --git a/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/resources/cloudProviderInterface.xsd b/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/resources/cloudProviderInterface.xsd index 5a3c11b..41f3a00 100644 --- a/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/resources/cloudProviderInterface.xsd +++ b/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/resources/cloudProviderInterface.xsd @@ -40,6 +40,7 @@ + @@ -63,5 +64,4 @@ - From 3bd266a0a6b26ca24856190483f34282123fcd61 Mon Sep 17 00:00:00 2001 From: Benjamin Weder Date: Sat, 18 Nov 2023 14:16:06 +0100 Subject: [PATCH 2/2] Open SSh port as default --- .../files/OpenStack_CloudProviderInterface.war | 4 ++-- .../OpenStackCloudProviderInterfaceEndpoint.java | 10 +++++++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/files/OpenStack_CloudProviderInterface.war b/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/files/OpenStack_CloudProviderInterface.war index e534e5d..ec74eb4 100644 --- a/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/files/OpenStack_CloudProviderInterface.war +++ b/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/files/OpenStack_CloudProviderInterface.war @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5b4fffd6c8bb816ca186d2e10f991fa48014de1ff88f9f87b9c0448f1b234f2c -size 34360551 +oid sha256:99e74327fdec0a9521e67affe5f05d68fab9e322eaf33cc3d959625050f8e407 +size 34360571 diff --git a/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/java/org/opentosca/artifacttemplates/openstack/OpenStackCloudProviderInterfaceEndpoint.java b/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/java/org/opentosca/artifacttemplates/openstack/OpenStackCloudProviderInterfaceEndpoint.java index c88d99f..f8a1b64 100644 --- a/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/java/org/opentosca/artifacttemplates/openstack/OpenStackCloudProviderInterfaceEndpoint.java +++ b/artifacttemplates/http%3A%2F%2Fopentosca.org%2Fartifacttemplates/OpenStack_CloudProviderInterfaceIA-w2/source/src/main/java/org/opentosca/artifacttemplates/openstack/OpenStackCloudProviderInterfaceEndpoint.java @@ -167,9 +167,13 @@ public void createVM(@RequestPayload CreateVMRequest request, MessageContext mes logger.info("Created new security group with name: {}", securityGroup); // open ports within security group - String[] ports = request.getVMOpenPorts().split(","); - logger.info("Opening {} ports...", ports.length); - for (String port :ports){ + List ports = Arrays.asList(request.getVMOpenPorts().split(",")); + if (ports.contains("22")){ + // add SSH port if not defined + ports.add("22"); + } + logger.info("Opening {} ports...", ports.size()); + for (String port : ports){ logger.info("Opening port: {}", port); osClient.compute().securityGroups() .createRule(Builders.secGroupRule()