diff options
author | Lingxian Kong <anlin.kong@gmail.com> | 2020-08-10 19:48:16 +1200 |
---|---|---|
committer | Lingxian Kong <anlin.kong@gmail.com> | 2020-08-11 09:35:14 +1200 |
commit | 4de40cb5144cfd8cdc4b270f23acfdbd3eafa5be (patch) | |
tree | d8d6f9a3bdfe31193ba7c604f85862795b7569a3 /trove/taskmanager | |
parent | 680a43002bfaba4a334736af052995373cecd349 (diff) | |
download | trove-4de40cb5144cfd8cdc4b270f23acfdbd3eafa5be.tar.gz |
Support to update instance access
Change-Id: I640cd8b50fd0e0f80a1a45399b8bfdac437ae2b9
Diffstat (limited to 'trove/taskmanager')
-rw-r--r-- | trove/taskmanager/api.py | 7 | ||||
-rw-r--r-- | trove/taskmanager/manager.py | 10 | ||||
-rwxr-xr-x | trove/taskmanager/models.py | 54 |
3 files changed, 71 insertions, 0 deletions
diff --git a/trove/taskmanager/api.py b/trove/taskmanager/api.py index 61f71f4a..3ffe8d6e 100644 --- a/trove/taskmanager/api.py +++ b/trove/taskmanager/api.py @@ -179,6 +179,13 @@ class API(object): self._cast("delete_instance", version=version, instance_id=instance_id) + def update_access(self, instance_id, access): + LOG.debug(f"Making async call to update instance: {instance_id}") + version = self.API_BASE_VERSION + + self._cast("update_access", version=version, + instance_id=instance_id, access=access) + def create_backup(self, backup_info, instance_id): LOG.debug("Making async call to create a backup for instance: %s", instance_id) diff --git a/trove/taskmanager/manager.py b/trove/taskmanager/manager.py index 2ac5de87..6259863d 100644 --- a/trove/taskmanager/manager.py +++ b/trove/taskmanager/manager.py @@ -458,6 +458,16 @@ class Manager(periodic_task.PeriodicTasks): with EndNotification(context): instance_tasks.upgrade(datastore_version) + def update_access(self, context, instance_id, access): + instance_tasks = models.BuiltInstanceTasks.load(context, instance_id) + + try: + instance_tasks.update_access(access) + except Exception as e: + LOG.error(f"Failed to update access configuration for " + f"{instance_id}: {str(e)}") + self.update_db(task_status=InstanceTasks.UPDATING_ERROR_ACCESS) + def create_cluster(self, context, cluster_id): with EndNotification(context, cluster_id=cluster_id): cluster_tasks = models.load_cluster_tasks(context, cluster_id) diff --git a/trove/taskmanager/models.py b/trove/taskmanager/models.py index 62007445..517e4cf7 100755 --- a/trove/taskmanager/models.py +++ b/trove/taskmanager/models.py @@ -1348,6 +1348,60 @@ class BuiltInstanceTasks(BuiltInstance, NotifyMixin, ConfigurationMixin): else: return "/dev/%s" % device + def update_access(self, access): + LOG.info(f"Updating access for instance {self.id}, access {access}") + + new_is_public = access.get('is_public', False) + new_allowed_cidrs = access.get('allowed_cidrs', []) + is_public = (self.access.get('is_public', False) if self.access + else None) + allowed_cidrs = (self.access.get('allowed_cidrs', []) if self.access + else None) + + ports = self.neutron_client.list_ports( + name='trove-%s' % self.id)['ports'] + + if is_public != new_is_public: + for port in ports: + if 'User port' in port['description']: + LOG.debug(f"Updating port {port['id']}, is_public: " + f"{new_is_public}") + neutron.ensure_port_access(self.neutron_client, port['id'], + new_is_public) + + if CONF.trove_security_groups_support: + if allowed_cidrs != new_allowed_cidrs: + name = f"{CONF.trove_security_group_name_prefix}-{self.id}" + sgs = self.neutron_client.list_security_groups( + name=name)['security_groups'] + + LOG.debug(f"Updating security group rules for instance " + f"{self.id}") + for sg in sgs: + neutron.clear_ingress_security_group_rules( + self.neutron_client, + sg['id']) + + if new_allowed_cidrs: + tcp_ports = CONF.get(self.datastore.name).tcp_ports + udp_ports = CONF.get(self.datastore.name).udp_ports + + neutron.create_security_group_rule( + self.neutron_client, sg['id'], 'tcp', tcp_ports, + new_allowed_cidrs) + neutron.create_security_group_rule( + self.neutron_client, sg['id'], 'udp', udp_ports, + new_allowed_cidrs) + else: + LOG.warning('Security group not supported.') + + LOG.info(f"Finished to update access for instance {self.id}") + self.update_db( + task_status=InstanceTasks.NONE, + access={'is_public': new_is_public, + 'allowed_cidrs': new_allowed_cidrs} + ) + class BackupTasks(object): @classmethod |