Revision b2791a77

b/snf-cyclades-app/conf/20-snf-cyclades-app-api.conf
49 49 
#DEFAULT_MAC_FILTERED_BRIDGE = 'prv0'
50 50 
#
51 51 
#
52 
## Firewalling
52 
## Firewall tags should contain '%d' to be filled with the NIC
53 
## index.
53 54 
#GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:0:protected'
54 55 
#GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:0:unprotected'
55 56 
#GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:0:limited'
b/snf-cyclades-app/synnefo/api/servers.py
693 693 
    profile = args.get("profile")
694 694 
    if profile is None:
695 695 
        raise faults.BadRequest("Missing 'profile' attribute")
696 
    servers.set_firewall_profile(vm, profile=profile)
696 
    index = args.get("index", 0)
697 
    servers.set_firewall_profile(vm, profile=profile, index=index)
697 698 
    return HttpResponse(status=202)
698 699 

  		





  699
  700
  
    

  		












  

    
      b/snf-cyclades-app/synnefo/app_settings/default/api.py
    
  






  21
  21
  
    
# network of this list. If the special network ID "SNF:ANY_PUBLIC" is used,


  		





  22
  22
  
    
# Cyclades will automatically choose a public network and connect the server to


  		





  23
  23
  
    
# it.


  		





  24
  
  
    
DEFAULT_INSTANCE_NETWORKS=["SNF:ANY_PUBLIC"]


  		





  
  24
  
    
DEFAULT_INSTANCE_NETWORKS = ["SNF:ANY_PUBLIC"]


  		





  25
  25
  
    

  		





  26
  26
  
    
# Maximum allowed network size for private networks.


  		





  27
  27
  
    
MAX_CIDR_BLOCK = 22


  		





  ......




  48
  48
  
    
DEFAULT_MAC_FILTERED_BRIDGE = 'prv0'


  		





  49
  49
  
    

  		





  50
  50
  
    

  		





  51
  
  
    
# Firewalling


  		





  52
  
  
    
GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:0:protected'


  		





  53
  
  
    
GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:0:unprotected'


  		





  54
  
  
    
GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:0:limited'


  		





  
  51
  
    
# Firewalling. Firewall tags should contain '%d' to be filled with the NIC


  		





  
  52
  
    
# index.


  		





  
  53
  
    
GANETI_FIREWALL_ENABLED_TAG = 'synnefo:network:%d:protected'


  		





  
  54
  
    
GANETI_FIREWALL_DISABLED_TAG = 'synnefo:network:%d:unprotected'


  		





  
  55
  
    
GANETI_FIREWALL_PROTECTED_TAG = 'synnefo:network:%d:limited'


  		





  55
  56
  
    

  		





  56
  57
  
    
# The default firewall profile that will be in effect if no tags are defined


  		





  57
  58
  
    
DEFAULT_FIREWALL_PROFILE = 'DISABLED'


  		












  

    
      b/snf-cyclades-app/synnefo/logic/backend.py
    
  






  761
  761
  
    
                                     dry_run=settings.TEST)


  		





  762
  762
  
    

  		





  763
  763
  
    

  		





  764
  
  
    
def set_firewall_profile(vm, profile):


  		





  
  764
  
    
def set_firewall_profile(vm, profile, index=0):


  		





  765
  765
  
    
    try:


  		





  766
  
  
    
        tag = _firewall_tags[profile]


  		





  
  766
  
    
        tag = _firewall_tags[profile] % index


  		





  767
  767
  
    
    except KeyError:


  		





  768
  768
  
    
        raise ValueError("Unsopported Firewall Profile: %s" % profile)


  		





  769
  769
  
    

  		





  770
  
  
    
    log.debug("Setting tag of VM %s to %s", vm, profile)


  		





  
  770
  
    
    log.debug("Setting tag of VM %s, NIC index %d, to %s", vm, index, profile)


  		





  771
  771
  
    

  		





  772
  772
  
    
    with pooled_rapi_client(vm) as client:


  		





  773
  
  
    
        # Delete all firewall tags


  		





  774
  
  
    
        for t in _firewall_tags.values():


  		





  775
  
  
    
            client.DeleteInstanceTags(vm.backend_vm_id, [t],


  		





  
  773
  
    
        # Delete previous firewall tags


  		





  
  774
  
    
        old_tags = client.GetInstanceTags(vm.backend_vm_id)


  		





  
  775
  
    
        delete_tags = [(t % index) for t in _firewall_tags.values()


  		





  
  776
  
    
                       if (t % index) in old_tags]


  		





  
  777
  
    
        if delete_tags:


  		





  
  778
  
    
            client.DeleteInstanceTags(vm.backend_vm_id, delete_tags,


  		





  776
  779
  
    
                                      dry_run=settings.TEST)


  		





  777
  780
  
    

  		





  778
  781
  
    
        client.AddInstanceTags(vm.backend_vm_id, [tag], dry_run=settings.TEST)


  		












  

    
      b/snf-cyclades-app/synnefo/logic/servers.py
    
  






  332
  332
  
    

  		





  333
  333
  
    

  		





  334
  334
  
    
@server_command("SET_FIREWALL_PROFILE")


  		





  335
  
  
    
def set_firewall_profile(vm, profile):


  		





  336
  
  
    
    log.info("Setting VM %s firewall %s", vm, profile)


  		





  
  335
  
    
def set_firewall_profile(vm, profile, index=0):


  		





  
  336
  
    
    log.info("Setting VM %s, NIC index %s, firewall %s", vm, index, profile)


  		





  337
  337
  
    

  		





  338
  338
  
    
    if profile not in [x[0] for x in NetworkInterface.FIREWALL_PROFILES]:


  		





  339
  339
  
    
        raise faults.BadRequest("Unsupported firewall profile")


  		





  340
  
  
    
    backend.set_firewall_profile(vm, profile)


  		





  
  340
  
    
    backend.set_firewall_profile(vm, profile=profile, index=index)


  		





  341
  341
  
    
    return None


  		





  342
  342
  
    

  		





  343
  343
  
    

  		












Also available in:
  Unified diff