blob: df0736dae388c323be9e74fd5c707ef8a223c0b8 [file] [log] [blame]
# -*- coding: utf-8 -*-
'''
Management of Neutron resources
===============================
:depends: - neutronclient Python module
:configuration: See :py:mod:`salt.modules.neutron` for setup instructions.
.. code-block:: yaml
neutron network present:
neutron.network_present:
- name: Netone
- provider_physical_network: PHysnet1
- provider_network_type: vlan
'''
import logging
from functools import wraps
LOG = logging.getLogger(__name__)
def __virtual__():
'''
Only load if neutron module is present in __salt__
'''
return 'neutronng' if 'neutron.list_networks' in __salt__ else False
def _test_call(method):
(resource, functionality) = method.func_name.split('_')
if functionality == 'present':
functionality = 'updated'
else:
functionality = 'removed'
@wraps(method)
def check_for_testing(name, *args, **kwargs):
if __opts__.get('test', None):
return _no_change(name, resource, test=functionality)
return method(name, *args, **kwargs)
return check_for_testing
def _neutron_module_call(method, *args, **kwargs):
return __salt__['neutronng.{0}'.format(method)](*args, **kwargs)
def _auth(profile=None):
'''
Set up neutron credentials
'''
if profile:
credentials = __salt__['config.option'](profile)
user = credentials['keystone.user']
password = credentials['keystone.password']
tenant = credentials['keystone.tenant']
auth_url = credentials['keystone.auth_url']
kwargs = {
'connection_user': user,
'connection_password': password,
'connection_tenant': tenant,
'connection_auth_url': auth_url
}
return kwargs
@_test_call
def network_present(name=None,
tenant=None,
provider_network_type=None,
provider_physical_network=None,
router_external=None,
admin_state_up=None,
shared=None,
provider_segmentation_id=None,
profile=None):
'''
Ensure that the neutron network is present with the specified properties.
name
The name of the network to manage
'''
tenant_name = tenant
connection_args = _auth(profile)
try:
tenant_id = __salt__['keystone.tenant_get'](
name=tenant_name, **connection_args)[tenant_name]['id']
except:
tenant_id = None
LOG.debug('Cannot get the tenant id. User {0} is not an admin.'.format(
connection_args['connection_user']))
existing_network = _neutron_module_call(
'list_networks', name=name, **connection_args)
network_arguments = _get_non_null_args(
name=name,
provider_network_type=provider_network_type,
provider_physical_network=provider_physical_network,
router_external=router_external,
admin_state_up=admin_state_up,
shared=shared,
tenant_id=tenant_id,
provider_segmentation_id=provider_segmentation_id)
if not existing_network:
network_arguments.update(connection_args)
_neutron_module_call('create_network', **network_arguments)
existing_network = _neutron_module_call(
'list_networks', name=name, **connection_args)
if existing_network:
return _created(name, 'network', existing_network[name])
return _update_failed(name, 'network')
LOG.info('CONNECTION STRINGS' + str(connection_args))
LOG.info('existing ' + str(existing_network))
LOG.info('new ' + str(network_arguments))
existing_network = dict((key.replace(':', '_', 1), value)
for key, value in
existing_network[name].iteritems())
# generate differential
diff = dict((key, value) for key, value in network_arguments.iteritems()
if existing_network.get(key, None) != value)
if diff:
# update the changes
network_arguments = diff.copy()
network_arguments.update(connection_args)
try:
LOG.debug('updating network {0} with changes {1}'.format(
name, str(diff)))
_neutron_module_call('update_network',
existing_network['id'],
**network_arguments)
changes_dict = _created(name, 'network', diff)
changes_dict['comment'] = '{1} {0} updated'.format(name, 'network')
return changes_dict
except:
LOG.exception('Could not update network {0}'.format(name))
return _update_failed(name, 'network')
return _no_change(name, 'network')
@_test_call
def network_absent(name, profile=None):
connection_args = _auth(profile)
existing_network = _neutron_module_call(
'list_networks', name=name, **connection_args)
if existing_network:
_neutron_module_call(
'delete_network', existing_network[name]['id'], **connection_args)
if _neutron_module_call('list_networks', name=name, **connection_args):
return _delete_failed(name, 'network')
return _deleted(name, 'network', existing_network[name])
return _absent(name, 'network')
@_test_call
def subnet_present(name=None,
tenant=None,
network=None,
cidr=None,
ip_version=4,
enable_dhcp=True,
allocation_pools=None,
gateway_ip=None,
dns_nameservers=None,
host_routes=None,
profile=None):
'''
Ensure that the neutron subnet is present with the specified properties.
name
The name of the subnet to manage
'''
connection_args = _auth(profile)
tenant_name = tenant
try:
tenant_id = __salt__['keystone.tenant_get'](
name=tenant_name, **connection_args)[tenant_name]['id']
except:
tenant_id = None
LOG.debug('Cannot get the tenant id. User {0} is not an admin.'.format(
connection_args['connection_user']))
existing_subnet = _neutron_module_call(
'list_subnets', tenant_id=tenant_id, name=name, **connection_args)
subnet_arguments = _get_non_null_args(
name=name,
network=network,
cidr=cidr,
ip_version=ip_version,
enable_dhcp=enable_dhcp,
allocation_pools=allocation_pools,
gateway_ip=gateway_ip,
dns_nameservers=dns_nameservers,
host_routes=host_routes)
# replace network with network_id
if 'network' in subnet_arguments:
network = subnet_arguments.pop('network', None)
existing_network = _neutron_module_call(
'list_networks', tenant_id=tenant_id, name=network, **connection_args)
if existing_network:
subnet_arguments['network_id'] = existing_network[network]['id']
if not existing_subnet:
subnet_arguments.update(connection_args)
_neutron_module_call('create_subnet', tenant_id=tenant_id, **subnet_arguments)
existing_subnet = _neutron_module_call(
'list_subnets', tenant_id=tenant_id, name=name, **connection_args)
if existing_subnet:
return _created(name, 'subnet', existing_subnet[name])
return _update_failed(name, 'subnet')
# change from internal representation
existing_subnet = existing_subnet[name]
# create differential
LOG.error('existing ' + str(existing_subnet))
LOG.error('new ' + str(subnet_arguments))
diff = dict((key, value) for key, value in subnet_arguments.iteritems()
if existing_subnet.get(key, None) != value)
if diff:
# update the changes
subnet_arguments = diff.copy()
subnet_arguments.update(connection_args)
try:
LOG.debug('updating subnet {0} with changes {1}'.format(
name, str(diff)))
_neutron_module_call('update_subnet',
existing_subnet['id'],
**subnet_arguments)
changes_dict = _created(name, 'subnet', diff)
changes_dict['comment'] = '{1} {0} updated'.format(name, 'subnet')
return changes_dict
except:
LOG.exception('Could not update subnet {0}'.format(name))
return _update_failed(name, 'subnet')
return _no_change(name, 'subnet')
@_test_call
def subnet_absent(name, profile=None):
connection_args = _auth(profile)
existing_subnet = _neutron_module_call(
'list_subnets', tenant_id=tenant_id, name=name, **connection_args)
if existing_subnet:
_neutron_module_call(
'delete_subnet', existing_subnet[name]['id'], **connection_args)
if _neutron_module_call('list_subnets', name=name, **connection_args):
return _delete_failed(name, 'subnet')
return _deleted(name, 'subnet', existing_subnet[name])
return _absent(name, 'subnet')
return _absent(name, 'network')
@_test_call
def router_present(name=None,
tenant=None,
gateway_network=None,
interfaces=None,
admin_state_up=True,
profile=None):
'''
Ensure that the neutron router is present with the specified properties.
name
The name of the subnet to manage
gateway_network
The network that would be the router's default gateway
interfaces
list of subnets the router attaches to
'''
connection_args = _auth(profile)
tenant_name = tenant
try:
tenant_id = __salt__['keystone.tenant_get'](
name=tenant_name, **connection_args)[tenant_name]['id']
except:
tenant_id = None
LOG.debug('Cannot get the tenant id. User {0} is not an admin.'.format(
connection_args['connection_user']))
existing_router = _neutron_module_call(
'list_routers', name=name, **connection_args)
if not existing_router:
_neutron_module_call('create_router', name=name, tenant_id=tenant_id, admin_state_up=admin_state_up, **connection_args)
created_router = _neutron_module_call(
'list_routers', name=name, **connection_args)
if created_router:
router_id = created_router[name]['id']
network = _neutron_module_call(
'list_networks', name=gateway_network, **connection_args)
gateway_network_id = network[gateway_network]['id']
_neutron_module_call('router_gateway_set',
router_id=router_id,
external_gateway=gateway_network_id,
**connection_args)
for interface in interfaces:
subnet = _neutron_module_call(
'list_subnets', name=interface, **connection_args)
subnet_id = subnet[interface]['id']
_neutron_module_call('router_add_interface',
router_id=router_id,
subnet_id=subnet_id,
**connection_args)
return _created(name,
'router',
_neutron_module_call('list_routers',
name=name,
**connection_args))
return _create_failed(name, 'router')
router_id = existing_router[name]['id']
existing_router = existing_router[name]
diff = {}
if ( admin_state_up == True or admin_state_up == False ) and existing_router['admin_state_up'] != admin_state_up:
diff.update({'admin_state_up': admin_state_up})
if gateway_network:
network = _neutron_module_call(
'list_networks', name=gateway_network, **connection_args)
gateway_network_id = network[gateway_network]['id']
if not existing_router['external_gateway_info'] and not existing_router['external_gateway_info'] == None:
if existing_router['external_gateway_info']['network_id'] != gateway_network_id:
diff.update({'external_gateway_info': {'network_id': gateway_network_id}})
elif not existing_router['external_gateway_info'] == None:
if not 'network_id' in existing_router['external_gateway_info'] or existing_router['external_gateway_info']['network_id'] != gateway_network_id:
diff.update({'external_gateway_info': {'network_id': gateway_network_id}})
if diff:
# update the changes
router_args = diff.copy()
router_args.update(connection_args)
try:
_neutron_module_call('update_router', existing_router['id'], **router_args)
changes_dict = _created(name, 'router', diff)
changes_dict['comment'] = 'Router {0} updated'.format(name)
return changes_dict
except:
LOG.exception('Router {0} could not be updated'.format(name))
return _update_failed(name, 'router')
return _no_change(name, 'router')
def floatingip_present(name=None,
tenant_name=None,
subnet=None,
tenant=None,
network=None,
port_id=None,
fip_exists=False,
profile=None):
'''
Ensure that the floating ip address is present for an instance
'''
instance_id = __salt__['novang.server_get'](name=name, tenant_name=tenant_name, profile=profile)
subnet_name = subnet
connection_args = _auth(profile)
existing_subnet = _neutron_module_call(
'list_subnets', name=subnet_name, **connection_args)
subnet_id = existing_subnet[subnet_name]['id']
ret = {}
existing_ports = _neutron_module_call(
'list_ports', **connection_args)
existing_floatingips = _neutron_module_call(
'list_floatingips', **connection_args)
tenant = __salt__['keystone.tenant_get'](name=tenant_name, profile=profile, **connection_args)
tenant_id = tenant[tenant_name]['id']
existing_network = _neutron_module_call(
'list_networks', name=network, **connection_args)
floating_network_id = existing_network[network]['id']
for key, value in existing_ports.iteritems():
try:
if value['fixed_ips'][0]['subnet_id'] == subnet_id and value['device_id'] == instance_id:
port_id=value['id']
except:
pass
for key, value in existing_floatingips.iteritems():
try:
if value['floating_network_id'] == floating_network_id and value['port_id'] == port_id and value['tenant_id'] == tenant_id:
fip_exists = True
break
except:
pass
if fip_exists == False:
for key, value in existing_ports.iteritems():
try:
if value['fixed_ips'][0]['subnet_id'] == subnet_id and value['device_id'] == instance_id:
ret = _neutron_module_call('create_floatingip', floating_network_id=floating_network_id, port_id=value['id'], tenant_id=tenant_id, **connection_args)
except:
pass
return _created('port', 'floatingip', ret)
else:
return _no_change('for instance {0}'.format(name), 'floatingip')
def security_group_present(name=None,
tenant=None,
description=None,
rules=[],
profile=None):
'''
Ensure that the security group is present with the specified properties.
name
The name of the security group
description
The description of the security group
rules
list of rules to be added to the given security group
'''
# If the user is an admin, he's able to see the security groups from
# other tenants. In this case, we'll use the tenant id to get an existing
# security group.
connection_args = _auth(profile)
tenant_name = tenant
try:
tenant_id = __salt__['keystone.tenant_get'](
name=tenant_name, **connection_args)[tenant_name]['id']
except:
tenant_id = None
LOG.debug('Cannot get the tenant id. User {0} is not an admin.'.format(
connection_args['connection_user']))
if tenant_id:
security_group = _neutron_module_call(
'list_security_groups', name=name, tenant_id=tenant_id,
**connection_args)
else:
security_group = _neutron_module_call(
'list_security_groups', name=name, **connection_args)
if not security_group:
# Create the security group as it doesn't exist already.
security_group_id = _neutron_module_call('create_security_group',
name=name,
description=description,
tenant_id=tenant_id,
**connection_args)
else:
security_group_id = security_group[name]['id']
# Set the missing rules attributes (in case the user didn't specify them
# in pillar) to some default values.
rules_attributes_defaults = {
'direction': 'ingress',
'ethertype': 'IPv4',
'protocol': 'TCP',
'port_range_min': None,
'port_range_max': None,
'remote_ip_prefix': None
}
for rule in rules:
for attribute in rules_attributes_defaults.keys():
if not rule.has_key(attribute):
rule[attribute] = rules_attributes_defaults[attribute]
# Remove all the duplicates rules given by the user in pillar.
unique_rules = []
for rule in rules:
if rule not in unique_rules:
unique_rules.append(rule)
# Get the existing security group rules.
existing_rules = _neutron_module_call(
'list_security_groups',
id=security_group_id,
**connection_args)[name]['security_group_rules']
new_rules = {}
for rule in unique_rules:
rule_found = False
for existing_rule in existing_rules:
attributes_match = True
# Compare the attributes of the existing security group rule with
# the attributes of the rule that we want to add.
for attribute in rules_attributes_defaults.keys():
existing_attribute = '' if not existing_rule[attribute] \
else str(existing_rule[attribute]).lower()
attribute = '' if not rule[attribute] \
else str(rule[attribute]).lower()
if existing_attribute != attribute:
attributes_match = False
break
if attributes_match:
rule_found = True
break
if rule_found:
# Skip adding the rule as it already exists.
continue
rule_index = len(new_rules) + 1
new_rules.update({'Rule {0}'.format(rule_index): rule})
_neutron_module_call('create_security_group_rule',
security_group_id=security_group_id,
direction=rule['direction'],
ethertype=rule['ethertype'],
protocol=rule['protocol'],
port_range_min=rule['port_range_min'],
port_range_max=rule['port_range_max'],
remote_ip_prefix=rule['remote_ip_prefix'],
tenant_id=tenant_id,
**connection_args)
if not security_group:
# The security group didn't exist. It was created and specified
# rules were added to it.
security_group = _neutron_module_call('list_security_groups',
id=security_group_id,
**connection_args)[name]
return _created(name, 'security_group', security_group)
if len(new_rules) == 0:
# Security group already exists and specified rules are already
# present.
return _no_change(name, 'security_group')
# Security group already exists, but the specified rules were added to it.
return _updated(name, 'security_group', {'New Rules': new_rules})
def _created(name, resource, resource_definition):
changes_dict = {'name': name,
'changes': resource_definition,
'result': True,
'comment': '{0} {1} created'.format(resource, name)}
return changes_dict
def _updated(name, resource, resource_definition):
changes_dict = {'name': name,
'changes': resource_definition,
'result': True,
'comment': '{0} {1} updated'.format(resource, name)}
return changes_dict
def _no_change(name, resource, test=False):
changes_dict = {'name': name,
'changes': {},
'result': True}
if test:
changes_dict['comment'] = \
'{0} {1} will be {2}'.format(resource, name, test)
else:
changes_dict['comment'] = \
'{0} {1} is in correct state'.format(resource, name)
return changes_dict
def _deleted(name, resource, resource_definition):
changes_dict = {'name': name,
'changes': {},
'comment': '{0} {1} removed'.format(resource, name),
'result': True}
return changes_dict
def _absent(name, resource):
changes_dict = {'name': name,
'changes': {},
'comment': '{0} {1} not present'.format(resource, name),
'result': True}
return changes_dict
def _delete_failed(name, resource):
changes_dict = {'name': name,
'changes': {},
'comment': '{0} {1} failed to delete'.format(resource,
name),
'result': False}
return changes_dict
def _create_failed(name, resource):
changes_dict = {'name': name,
'changes': {},
'comment': '{0} {1} failed to create'.format(resource,
name),
'result': False}
return changes_dict
def _update_failed(name, resource):
changes_dict = {'name': name,
'changes': {},
'comment': '{0} {1} failed to update'.format(resource,
name),
'result': False}
return changes_dict
def _get_non_null_args(**kwargs):
'''
Return those kwargs which are not null
'''
return dict((key, value,) for key, value in kwargs.iteritems()
if value is not None)