1""" 2Module for handling OpenStack Neutron calls 3 4:depends: - neutronclient Python module 5:configuration: This module is not usable until the user, password, tenant, and 6 auth URL are specified either in a pillar or in the minion's config file. 7 For example:: 8 9 keystone.user: 'admin' 10 keystone.password: 'password' 11 keystone.tenant: 'admin' 12 keystone.auth_url: 'http://127.0.0.1:5000/v2.0/' 13 keystone.region_name: 'RegionOne' 14 keystone.service_type: 'network' 15 16 If configuration for multiple OpenStack accounts is required, they can be 17 set up as different configuration profiles: 18 For example:: 19 20 openstack1: 21 keystone.user: 'admin' 22 keystone.password: 'password' 23 keystone.tenant: 'admin' 24 keystone.auth_url: 'http://127.0.0.1:5000/v2.0/' 25 keystone.region_name: 'RegionOne' 26 keystone.service_type: 'network' 27 28 openstack2: 29 keystone.user: 'admin' 30 keystone.password: 'password' 31 keystone.tenant: 'admin' 32 keystone.auth_url: 'http://127.0.0.2:5000/v2.0/' 33 keystone.region_name: 'RegionOne' 34 keystone.service_type: 'network' 35 36 With this configuration in place, any of the neutron functions 37 can make use of a configuration profile by declaring it explicitly. 38 For example:: 39 40 salt '*' neutron.network_list profile=openstack1 41 42 To use keystoneauth1 instead of keystoneclient, include the `use_keystoneauth` 43 option in the pillar or minion config. 44 45 .. note:: this is required to use keystone v3 as for authentication. 46 47 .. code-block:: yaml 48 49 keystone.user: admin 50 keystone.password: verybadpass 51 keystone.tenant: admin 52 keystone.auth_url: 'http://127.0.0.1:5000/v3/' 53 keystone.region_name: 'RegionOne' 54 keystone.service_type: 'network' 55 keystone.use_keystoneauth: true 56 keystone.verify: '/path/to/custom/certs/ca-bundle.crt' 57 58 59 Note: by default the neutron module will attempt to verify its connection 60 utilizing the system certificates. If you need to verify against another bundle 61 of CA certificates or want to skip verification altogether you will need to 62 specify the `verify` option. You can specify True or False to verify (or not) 63 against system certificates, a path to a bundle or CA certs to check against, or 64 None to allow keystoneauth to search for the certificates on its own.(defaults to True) 65""" 66 67import logging 68 69try: 70 import salt.utils.openstack.neutron as suoneu 71 72 HAS_NEUTRON = True 73except NameError as exc: 74 HAS_NEUTRON = False 75 76# Get logging started 77log = logging.getLogger(__name__) 78 79# Function alias to not shadow built-ins 80__func_alias__ = {"list_": "list"} 81 82 83def __virtual__(): 84 """ 85 Only load this module if neutron 86 is installed on this minion. 87 """ 88 return HAS_NEUTRON 89 90 91__opts__ = {} 92 93 94def _auth(profile=None): 95 """ 96 Set up neutron credentials 97 """ 98 if profile: 99 credentials = __salt__["config.option"](profile) 100 user = credentials["keystone.user"] 101 password = credentials["keystone.password"] 102 tenant = credentials["keystone.tenant"] 103 auth_url = credentials["keystone.auth_url"] 104 region_name = credentials.get("keystone.region_name", None) 105 service_type = credentials.get("keystone.service_type", "network") 106 os_auth_system = credentials.get("keystone.os_auth_system", None) 107 use_keystoneauth = credentials.get("keystone.use_keystoneauth", False) 108 verify = credentials.get("keystone.verify", True) 109 else: 110 user = __salt__["config.option"]("keystone.user") 111 password = __salt__["config.option"]("keystone.password") 112 tenant = __salt__["config.option"]("keystone.tenant") 113 auth_url = __salt__["config.option"]("keystone.auth_url") 114 region_name = __salt__["config.option"]("keystone.region_name") 115 service_type = __salt__["config.option"]("keystone.service_type") 116 os_auth_system = __salt__["config.option"]("keystone.os_auth_system") 117 use_keystoneauth = __salt__["config.option"]("keystone.use_keystoneauth") 118 verify = __salt__["config.option"]("keystone.verify") 119 120 if use_keystoneauth is True: 121 project_domain_name = credentials["keystone.project_domain_name"] 122 user_domain_name = credentials["keystone.user_domain_name"] 123 124 kwargs = { 125 "username": user, 126 "password": password, 127 "tenant_name": tenant, 128 "auth_url": auth_url, 129 "region_name": region_name, 130 "service_type": service_type, 131 "os_auth_plugin": os_auth_system, 132 "use_keystoneauth": use_keystoneauth, 133 "verify": verify, 134 "project_domain_name": project_domain_name, 135 "user_domain_name": user_domain_name, 136 } 137 else: 138 kwargs = { 139 "username": user, 140 "password": password, 141 "tenant_name": tenant, 142 "auth_url": auth_url, 143 "region_name": region_name, 144 "service_type": service_type, 145 "os_auth_plugin": os_auth_system, 146 } 147 148 return suoneu.SaltNeutron(**kwargs) 149 150 151def get_quotas_tenant(profile=None): 152 """ 153 Fetches tenant info in server's context for following quota operation 154 155 CLI Example: 156 157 .. code-block:: bash 158 159 salt '*' neutron.get_quotas_tenant 160 salt '*' neutron.get_quotas_tenant profile=openstack1 161 162 :param profile: Profile to build on (Optional) 163 :return: Quotas information 164 """ 165 166 conn = _auth(profile) 167 return conn.get_quotas_tenant() 168 169 170def list_quotas(profile=None): 171 """ 172 Fetches all tenants quotas 173 174 CLI Example: 175 176 .. code-block:: bash 177 178 salt '*' neutron.list_quotas 179 salt '*' neutron.list_quotas profile=openstack1 180 181 :param profile: Profile to build on (Optional) 182 :return: List of quotas 183 """ 184 conn = _auth(profile) 185 return conn.list_quotas() 186 187 188def show_quota(tenant_id, profile=None): 189 """ 190 Fetches information of a certain tenant's quotas 191 192 CLI Example: 193 194 .. code-block:: bash 195 196 salt '*' neutron.show_quota tenant-id 197 salt '*' neutron.show_quota tenant-id profile=openstack1 198 199 :param tenant_id: ID of tenant 200 :param profile: Profile to build on (Optional) 201 :return: Quota information 202 """ 203 conn = _auth(profile) 204 return conn.show_quota(tenant_id) 205 206 207def update_quota( 208 tenant_id, 209 subnet=None, 210 router=None, 211 network=None, 212 floatingip=None, 213 port=None, 214 security_group=None, 215 security_group_rule=None, 216 profile=None, 217): 218 """ 219 Update a tenant's quota 220 221 CLI Example: 222 223 .. code-block:: bash 224 225 salt '*' neutron.update_quota tenant-id subnet=40 router=50 226 network=10 floatingip=30 port=30 227 228 :param tenant_id: ID of tenant 229 :param subnet: Value of subnet quota (Optional) 230 :param router: Value of router quota (Optional) 231 :param network: Value of network quota (Optional) 232 :param floatingip: Value of floatingip quota (Optional) 233 :param port: Value of port quota (Optional) 234 :param security_group: Value of security group (Optional) 235 :param security_group_rule: Value of security group rule (Optional) 236 :param profile: Profile to build on (Optional) 237 :return: Value of updated quota 238 """ 239 conn = _auth(profile) 240 return conn.update_quota( 241 tenant_id, 242 subnet, 243 router, 244 network, 245 floatingip, 246 port, 247 security_group, 248 security_group_rule, 249 ) 250 251 252def delete_quota(tenant_id, profile=None): 253 """ 254 Delete the specified tenant's quota value 255 256 CLI Example: 257 258 .. code-block:: bash 259 260 salt '*' neutron.update_quota tenant-id 261 salt '*' neutron.update_quota tenant-id profile=openstack1 262 263 :param tenant_id: ID of tenant to quota delete 264 :param profile: Profile to build on (Optional) 265 :return: True(Delete succeed) or False(Delete failed) 266 """ 267 conn = _auth(profile) 268 return conn.delete_quota(tenant_id) 269 270 271def list_extensions(profile=None): 272 """ 273 Fetches a list of all extensions on server side 274 275 CLI Example: 276 277 .. code-block:: bash 278 279 salt '*' neutron.list_extensions 280 salt '*' neutron.list_extensions profile=openstack1 281 282 :param profile: Profile to build on (Optional) 283 :return: List of extensions 284 """ 285 conn = _auth(profile) 286 return conn.list_extensions() 287 288 289def list_ports(profile=None): 290 """ 291 Fetches a list of all networks for a tenant 292 293 CLI Example: 294 295 .. code-block:: bash 296 297 salt '*' neutron.list_ports 298 salt '*' neutron.list_ports profile=openstack1 299 300 :param profile: Profile to build on (Optional) 301 :return: List of port 302 """ 303 conn = _auth(profile) 304 return conn.list_ports() 305 306 307def show_port(port, profile=None): 308 """ 309 Fetches information of a certain port 310 311 CLI Example: 312 313 .. code-block:: bash 314 315 salt '*' neutron.show_port port-id 316 salt '*' neutron.show_port port-id profile=openstack1 317 318 :param port: ID or name of port to look up 319 :param profile: Profile to build on (Optional) 320 :return: Port information 321 """ 322 conn = _auth(profile) 323 return conn.show_port(port) 324 325 326def create_port(name, network, device_id=None, admin_state_up=True, profile=None): 327 """ 328 Creates a new port 329 330 CLI Example: 331 332 .. code-block:: bash 333 334 salt '*' neutron.create_port network-name port-name 335 336 :param name: Name of port to create 337 :param network: Network name or ID 338 :param device_id: ID of device (Optional) 339 :param admin_state_up: Set admin state up to true or false, 340 default: true (Optional) 341 :param profile: Profile to build on (Optional) 342 :return: Created port information 343 """ 344 conn = _auth(profile) 345 return conn.create_port(name, network, device_id, admin_state_up) 346 347 348def update_port(port, name, admin_state_up=True, profile=None): 349 """ 350 Updates a port 351 352 CLI Example: 353 354 .. code-block:: bash 355 356 salt '*' neutron.update_port port-name network-name new-port-name 357 358 :param port: Port name or ID 359 :param name: Name of this port 360 :param admin_state_up: Set admin state up to true or false, 361 default: true (Optional) 362 :param profile: Profile to build on (Optional) 363 :return: Value of updated port information 364 """ 365 conn = _auth(profile) 366 return conn.update_port(port, name, admin_state_up) 367 368 369def delete_port(port, profile=None): 370 """ 371 Deletes the specified port 372 373 CLI Example: 374 375 .. code-block:: bash 376 377 salt '*' neutron.delete_network port-name 378 salt '*' neutron.delete_network port-name profile=openstack1 379 380 :param port: port name or ID 381 :param profile: Profile to build on (Optional) 382 :return: True(Succeed) or False 383 """ 384 conn = _auth(profile) 385 return conn.delete_port(port) 386 387 388def list_networks(profile=None): 389 """ 390 Fetches a list of all networks for a tenant 391 392 CLI Example: 393 394 .. code-block:: bash 395 396 salt '*' neutron.list_networks 397 salt '*' neutron.list_networks profile=openstack1 398 399 :param profile: Profile to build on (Optional) 400 :return: List of network 401 """ 402 conn = _auth(profile) 403 return conn.list_networks() 404 405 406def show_network(network, profile=None): 407 """ 408 Fetches information of a certain network 409 410 CLI Example: 411 412 .. code-block:: bash 413 414 salt '*' neutron.show_network network-name 415 salt '*' neutron.show_network network-name profile=openstack1 416 417 :param network: ID or name of network to look up 418 :param profile: Profile to build on (Optional) 419 :return: Network information 420 """ 421 conn = _auth(profile) 422 return conn.show_network(network) 423 424 425def create_network( 426 name, 427 router_ext=None, 428 admin_state_up=True, 429 network_type=None, 430 physical_network=None, 431 segmentation_id=None, 432 shared=None, 433 profile=None, 434): 435 """ 436 Creates a new network 437 438 CLI Example: 439 440 .. code-block:: bash 441 442 salt '*' neutron.create_network network-name 443 salt '*' neutron.create_network network-name profile=openstack1 444 445 :param name: Name of network to create 446 :param admin_state_up: should the state of the network be up? 447 default: True (Optional) 448 :param router_ext: True then if create the external network (Optional) 449 :param network_type: the Type of network that the provider is such as GRE, VXLAN, VLAN, FLAT, or LOCAL (Optional) 450 :param physical_network: the name of the physical network as neutron knows it (Optional) 451 :param segmentation_id: the vlan id or GRE id (Optional) 452 :param shared: is the network shared or not (Optional) 453 :param profile: Profile to build on (Optional) 454 :return: Created network information 455 """ 456 conn = _auth(profile) 457 return conn.create_network( 458 name, 459 admin_state_up, 460 router_ext, 461 network_type, 462 physical_network, 463 segmentation_id, 464 shared, 465 ) 466 467 468def update_network(network, name, profile=None): 469 """ 470 Updates a network 471 472 CLI Example: 473 474 .. code-block:: bash 475 476 salt '*' neutron.update_network network-name new-network-name 477 478 :param network: ID or name of network to update 479 :param name: Name of this network 480 :param profile: Profile to build on (Optional) 481 :return: Value of updated network information 482 """ 483 conn = _auth(profile) 484 return conn.update_network(network, name) 485 486 487def delete_network(network, profile=None): 488 """ 489 Deletes the specified network 490 491 CLI Example: 492 493 .. code-block:: bash 494 495 salt '*' neutron.delete_network network-name 496 salt '*' neutron.delete_network network-name profile=openstack1 497 498 :param network: ID or name of network to delete 499 :param profile: Profile to build on (Optional) 500 :return: True(Succeed) or False 501 """ 502 conn = _auth(profile) 503 return conn.delete_network(network) 504 505 506def list_subnets(profile=None): 507 """ 508 Fetches a list of all networks for a tenant 509 510 CLI Example: 511 512 .. code-block:: bash 513 514 salt '*' neutron.list_subnets 515 salt '*' neutron.list_subnets profile=openstack1 516 517 :param profile: Profile to build on (Optional) 518 :return: List of subnet 519 """ 520 conn = _auth(profile) 521 return conn.list_subnets() 522 523 524def show_subnet(subnet, profile=None): 525 """ 526 Fetches information of a certain subnet 527 528 CLI Example: 529 530 .. code-block:: bash 531 532 salt '*' neutron.show_subnet subnet-name 533 534 :param subnet: ID or name of subnet to look up 535 :param profile: Profile to build on (Optional) 536 :return: Subnet information 537 """ 538 conn = _auth(profile) 539 return conn.show_subnet(subnet) 540 541 542def create_subnet(network, cidr, name=None, ip_version=4, profile=None): 543 """ 544 Creates a new subnet 545 546 CLI Example: 547 548 .. code-block:: bash 549 550 salt '*' neutron.create_subnet network-name 192.168.1.0/24 551 552 :param network: Network ID or name this subnet belongs to 553 :param cidr: CIDR of subnet to create (Ex. '192.168.1.0/24') 554 :param name: Name of the subnet to create (Optional) 555 :param ip_version: Version to use, default is 4(IPv4) (Optional) 556 :param profile: Profile to build on (Optional) 557 :return: Created subnet information 558 """ 559 conn = _auth(profile) 560 return conn.create_subnet(network, cidr, name, ip_version) 561 562 563def update_subnet(subnet, name, profile=None): 564 """ 565 Updates a subnet 566 567 CLI Example: 568 569 .. code-block:: bash 570 571 salt '*' neutron.update_subnet subnet-name new-subnet-name 572 573 :param subnet: ID or name of subnet to update 574 :param name: Name of this subnet 575 :param profile: Profile to build on (Optional) 576 :return: Value of updated subnet information 577 """ 578 conn = _auth(profile) 579 return conn.update_subnet(subnet, name) 580 581 582def delete_subnet(subnet, profile=None): 583 """ 584 Deletes the specified subnet 585 586 CLI Example: 587 588 .. code-block:: bash 589 590 salt '*' neutron.delete_subnet subnet-name 591 salt '*' neutron.delete_subnet subnet-name profile=openstack1 592 593 :param subnet: ID or name of subnet to delete 594 :param profile: Profile to build on (Optional) 595 :return: True(Succeed) or False 596 """ 597 conn = _auth(profile) 598 return conn.delete_subnet(subnet) 599 600 601def list_routers(profile=None): 602 """ 603 Fetches a list of all routers for a tenant 604 605 CLI Example: 606 607 .. code-block:: bash 608 609 salt '*' neutron.list_routers 610 salt '*' neutron.list_routers profile=openstack1 611 612 :param profile: Profile to build on (Optional) 613 :return: List of router 614 """ 615 conn = _auth(profile) 616 return conn.list_routers() 617 618 619def show_router(router, profile=None): 620 """ 621 Fetches information of a certain router 622 623 CLI Example: 624 625 .. code-block:: bash 626 627 salt '*' neutron.show_router router-name 628 629 :param router: ID or name of router to look up 630 :param profile: Profile to build on (Optional) 631 :return: Router information 632 """ 633 conn = _auth(profile) 634 return conn.show_router(router) 635 636 637def create_router(name, ext_network=None, admin_state_up=True, profile=None): 638 """ 639 Creates a new router 640 641 CLI Example: 642 643 .. code-block:: bash 644 645 salt '*' neutron.create_router new-router-name 646 647 :param name: Name of router to create (must be first) 648 :param ext_network: ID or name of the external for the gateway (Optional) 649 :param admin_state_up: Set admin state up to true or false, 650 default:true (Optional) 651 :param profile: Profile to build on (Optional) 652 :return: Created router information 653 """ 654 conn = _auth(profile) 655 return conn.create_router(name, ext_network, admin_state_up) 656 657 658def update_router(router, name=None, admin_state_up=None, profile=None, **kwargs): 659 """ 660 Updates a router 661 662 CLI Example: 663 664 .. code-block:: bash 665 666 salt '*' neutron.update_router router_id name=new-router-name 667 admin_state_up=True 668 669 :param router: ID or name of router to update 670 :param name: Name of this router 671 :param ext_network: ID or name of the external for the gateway (Optional) 672 :param admin_state_up: Set admin state up to true or false, 673 default: true (Optional) 674 :param profile: Profile to build on (Optional) 675 :param kwargs: 676 :return: Value of updated router information 677 """ 678 conn = _auth(profile) 679 return conn.update_router(router, name, admin_state_up, **kwargs) 680 681 682def delete_router(router, profile=None): 683 """ 684 Delete the specified router 685 686 CLI Example: 687 688 .. code-block:: bash 689 690 salt '*' neutron.delete_router router-name 691 692 :param router: ID or name of router to delete 693 :param profile: Profile to build on (Optional) 694 :return: True(Succeed) or False 695 """ 696 conn = _auth(profile) 697 return conn.delete_router(router) 698 699 700def add_interface_router(router, subnet, profile=None): 701 """ 702 Adds an internal network interface to the specified router 703 704 CLI Example: 705 706 .. code-block:: bash 707 708 salt '*' neutron.add_interface_router router-name subnet-name 709 710 :param router: ID or name of the router 711 :param subnet: ID or name of the subnet 712 :param profile: Profile to build on (Optional) 713 :return: Added interface information 714 """ 715 conn = _auth(profile) 716 return conn.add_interface_router(router, subnet) 717 718 719def remove_interface_router(router, subnet, profile=None): 720 """ 721 Removes an internal network interface from the specified router 722 723 CLI Example: 724 725 .. code-block:: bash 726 727 salt '*' neutron.remove_interface_router router-name subnet-name 728 729 :param router: ID or name of the router 730 :param subnet: ID or name of the subnet 731 :param profile: Profile to build on (Optional) 732 :return: True(Succeed) or False 733 """ 734 conn = _auth(profile) 735 return conn.remove_interface_router(router, subnet) 736 737 738def add_gateway_router(router, ext_network, profile=None): 739 """ 740 Adds an external network gateway to the specified router 741 742 CLI Example: 743 744 .. code-block:: bash 745 746 salt '*' neutron.add_gateway_router router-name ext-network-name 747 748 :param router: ID or name of the router 749 :param ext_network: ID or name of the external network the gateway 750 :param profile: Profile to build on (Optional) 751 :return: Added Gateway router information 752 """ 753 conn = _auth(profile) 754 return conn.add_gateway_router(router, ext_network) 755 756 757def remove_gateway_router(router, profile=None): 758 """ 759 Removes an external network gateway from the specified router 760 761 CLI Example: 762 763 .. code-block:: bash 764 765 salt '*' neutron.remove_gateway_router router-name 766 767 :param router: ID or name of router 768 :param profile: Profile to build on (Optional) 769 :return: True(Succeed) or False 770 """ 771 conn = _auth(profile) 772 return conn.remove_gateway_router(router) 773 774 775def list_floatingips(profile=None): 776 """ 777 Fetch a list of all floatingIPs for a tenant 778 779 CLI Example: 780 781 .. code-block:: bash 782 783 salt '*' neutron.list_floatingips 784 salt '*' neutron.list_floatingips profile=openstack1 785 786 :param profile: Profile to build on (Optional) 787 :return: List of floatingIP 788 """ 789 conn = _auth(profile) 790 return conn.list_floatingips() 791 792 793def show_floatingip(floatingip_id, profile=None): 794 """ 795 Fetches information of a certain floatingIP 796 797 CLI Example: 798 799 .. code-block:: bash 800 801 salt '*' neutron.show_floatingip floatingip-id 802 803 :param floatingip_id: ID of floatingIP to look up 804 :param profile: Profile to build on (Optional) 805 :return: Floating IP information 806 """ 807 conn = _auth(profile) 808 return conn.show_floatingip(floatingip_id) 809 810 811def create_floatingip(floating_network, port=None, profile=None): 812 """ 813 Creates a new floatingIP 814 815 CLI Example: 816 817 .. code-block:: bash 818 819 salt '*' neutron.create_floatingip network-name port-name 820 821 :param floating_network: Network name or ID to allocate floatingIP from 822 :param port: Of the port to be associated with the floatingIP (Optional) 823 :param profile: Profile to build on (Optional) 824 :return: Created floatingIP information 825 """ 826 conn = _auth(profile) 827 return conn.create_floatingip(floating_network, port) 828 829 830def update_floatingip(floatingip_id, port=None, profile=None): 831 """ 832 Updates a floatingIP 833 834 CLI Example: 835 836 .. code-block:: bash 837 838 salt '*' neutron.update_floatingip network-name port-name 839 840 :param floatingip_id: ID of floatingIP 841 :param port: ID or name of port, to associate floatingip to `None` or do 842 not specify to disassociate the floatingip (Optional) 843 :param profile: Profile to build on (Optional) 844 :return: Value of updated floating IP information 845 """ 846 conn = _auth(profile) 847 return conn.update_floatingip(floatingip_id, port) 848 849 850def delete_floatingip(floatingip_id, profile=None): 851 """ 852 Deletes the specified floating IP 853 854 CLI Example: 855 856 .. code-block:: bash 857 858 salt '*' neutron.delete_floatingip floatingip-id 859 860 :param floatingip_id: ID of floatingIP to delete 861 :param profile: Profile to build on (Optional) 862 :return: True(Succeed) or False 863 """ 864 conn = _auth(profile) 865 return conn.delete_floatingip(floatingip_id) 866 867 868def list_security_groups(profile=None): 869 """ 870 Fetches a list of all security groups for a tenant 871 872 CLI Example: 873 874 .. code-block:: bash 875 876 salt '*' neutron.list_security_groups 877 salt '*' neutron.list_security_groups profile=openstack1 878 879 :param profile: Profile to build on (Optional) 880 :return: List of security group 881 """ 882 conn = _auth(profile) 883 return conn.list_security_groups() 884 885 886def show_security_group(security_group, profile=None): 887 """ 888 Fetches information of a certain security group 889 890 CLI Example: 891 892 .. code-block:: bash 893 894 salt '*' neutron.show_security_group security-group-name 895 896 :param security_group: ID or name of security group to look up 897 :param profile: Profile to build on (Optional) 898 :return: Security group information 899 """ 900 conn = _auth(profile) 901 return conn.show_security_group(security_group) 902 903 904def create_security_group(name=None, description=None, profile=None): 905 """ 906 Creates a new security group 907 908 CLI Example: 909 910 .. code-block:: bash 911 912 salt '*' neutron.create_security_group security-group-name \ 913 description='Security group for servers' 914 915 :param name: Name of security group (Optional) 916 :param description: Description of security group (Optional) 917 :param profile: Profile to build on (Optional) 918 :return: Created security group information 919 """ 920 conn = _auth(profile) 921 return conn.create_security_group(name, description) 922 923 924def update_security_group(security_group, name=None, description=None, profile=None): 925 """ 926 Updates a security group 927 928 CLI Example: 929 930 .. code-block:: bash 931 932 salt '*' neutron.update_security_group security-group-name \ 933 new-security-group-name 934 935 :param security_group: ID or name of security group to update 936 :param name: Name of this security group (Optional) 937 :param description: Description of security group (Optional) 938 :param profile: Profile to build on (Optional) 939 :return: Value of updated security group information 940 """ 941 conn = _auth(profile) 942 return conn.update_security_group(security_group, name, description) 943 944 945def delete_security_group(security_group, profile=None): 946 """ 947 Deletes the specified security group 948 949 CLI Example: 950 951 .. code-block:: bash 952 953 salt '*' neutron.delete_security_group security-group-name 954 955 :param security_group: ID or name of security group to delete 956 :param profile: Profile to build on (Optional) 957 :return: True(Succeed) or False 958 """ 959 conn = _auth(profile) 960 return conn.delete_security_group(security_group) 961 962 963def list_security_group_rules(profile=None): 964 """ 965 Fetches a list of all security group rules for a tenant 966 967 CLI Example: 968 969 .. code-block:: bash 970 971 salt '*' neutron.list_security_group_rules 972 salt '*' neutron.list_security_group_rules profile=openstack1 973 974 :param profile: Profile to build on (Optional) 975 :return: List of security group rule 976 """ 977 conn = _auth(profile) 978 return conn.list_security_group_rules() 979 980 981def show_security_group_rule(security_group_rule_id, profile=None): 982 """ 983 Fetches information of a certain security group rule 984 985 CLI Example: 986 987 .. code-block:: bash 988 989 salt '*' neutron.show_security_group_rule security-group-rule-id 990 991 :param security_group_rule_id: ID of security group rule to look up 992 :param profile: Profile to build on (Optional) 993 :return: Security group rule information 994 """ 995 conn = _auth(profile) 996 return conn.show_security_group_rule(security_group_rule_id) 997 998 999def create_security_group_rule( 1000 security_group, 1001 remote_group_id=None, 1002 direction="ingress", 1003 protocol=None, 1004 port_range_min=None, 1005 port_range_max=None, 1006 ethertype="IPv4", 1007 profile=None, 1008): 1009 """ 1010 Creates a new security group rule 1011 1012 CLI Example: 1013 1014 .. code-block:: bash 1015 1016 salt '*' neutron.show_security_group_rule security-group-rule-id 1017 1018 :param security_group: Security group name or ID to add rule 1019 :param remote_group_id: Remote security group name or ID to 1020 apply rule (Optional) 1021 :param direction: Direction of traffic: ingress/egress, 1022 default: ingress (Optional) 1023 :param protocol: Protocol of packet: null/icmp/tcp/udp, 1024 default: null (Optional) 1025 :param port_range_min: Starting port range (Optional) 1026 :param port_range_max: Ending port range (Optional) 1027 :param ethertype: IPv4/IPv6, default: IPv4 (Optional) 1028 :param profile: Profile to build on (Optional) 1029 :return: Created security group rule information 1030 """ 1031 conn = _auth(profile) 1032 return conn.create_security_group_rule( 1033 security_group, 1034 remote_group_id, 1035 direction, 1036 protocol, 1037 port_range_min, 1038 port_range_max, 1039 ethertype, 1040 ) 1041 1042 1043def delete_security_group_rule(security_group_rule_id, profile=None): 1044 """ 1045 Deletes the specified security group rule 1046 1047 CLI Example: 1048 1049 .. code-block:: bash 1050 1051 salt '*' neutron.delete_security_group_rule security-group-rule-id 1052 1053 :param security_group_rule_id: ID of security group rule to delete 1054 :param profile: Profile to build on (Optional) 1055 :return: True(Succeed) or False 1056 """ 1057 conn = _auth(profile) 1058 return conn.delete_security_group_rule(security_group_rule_id) 1059 1060 1061def list_vpnservices(retrieve_all=True, profile=None, **kwargs): 1062 """ 1063 Fetches a list of all configured VPN services for a tenant 1064 1065 CLI Example: 1066 1067 .. code-block:: bash 1068 1069 salt '*' neutron.list_vpnservices 1070 1071 :param retrieve_all: True or False, default: True (Optional) 1072 :param profile: Profile to build on (Optional) 1073 :return: List of VPN service 1074 """ 1075 conn = _auth(profile) 1076 return conn.list_vpnservices(retrieve_all, **kwargs) 1077 1078 1079def show_vpnservice(vpnservice, profile=None, **kwargs): 1080 """ 1081 Fetches information of a specific VPN service 1082 1083 CLI Example: 1084 1085 .. code-block:: bash 1086 1087 salt '*' neutron.show_vpnservice vpnservice-name 1088 1089 :param vpnservice: ID or name of vpn service to look up 1090 :param profile: Profile to build on (Optional) 1091 :return: VPN service information 1092 """ 1093 conn = _auth(profile) 1094 return conn.show_vpnservice(vpnservice, **kwargs) 1095 1096 1097def create_vpnservice(subnet, router, name, admin_state_up=True, profile=None): 1098 """ 1099 Creates a new VPN service 1100 1101 CLI Example: 1102 1103 .. code-block:: bash 1104 1105 salt '*' neutron.create_vpnservice router-name name 1106 1107 :param subnet: Subnet unique identifier for the VPN service deployment 1108 :param router: Router unique identifier for the VPN service 1109 :param name: Set a name for the VPN service 1110 :param admin_state_up: Set admin state up to true or false, 1111 default:True (Optional) 1112 :param profile: Profile to build on (Optional) 1113 :return: Created VPN service information 1114 """ 1115 conn = _auth(profile) 1116 return conn.create_vpnservice(subnet, router, name, admin_state_up) 1117 1118 1119def update_vpnservice(vpnservice, desc, profile=None): 1120 """ 1121 Updates a VPN service 1122 1123 CLI Example: 1124 1125 .. code-block:: bash 1126 1127 salt '*' neutron.update_vpnservice vpnservice-name desc='VPN Service1' 1128 1129 :param vpnservice: ID or name of vpn service to update 1130 :param desc: Set a description for the VPN service 1131 :param profile: Profile to build on (Optional) 1132 :return: Value of updated VPN service information 1133 """ 1134 conn = _auth(profile) 1135 return conn.update_vpnservice(vpnservice, desc) 1136 1137 1138def delete_vpnservice(vpnservice, profile=None): 1139 """ 1140 Deletes the specified VPN service 1141 1142 CLI Example: 1143 1144 .. code-block:: bash 1145 1146 salt '*' neutron.delete_vpnservice vpnservice-name 1147 1148 :param vpnservice: ID or name of vpn service to delete 1149 :param profile: Profile to build on (Optional) 1150 :return: True(Succeed) or False 1151 """ 1152 conn = _auth(profile) 1153 return conn.delete_vpnservice(vpnservice) 1154 1155 1156def list_ipsec_site_connections(profile=None): 1157 """ 1158 Fetches all configured IPsec Site Connections for a tenant 1159 1160 CLI Example: 1161 1162 .. code-block:: bash 1163 1164 salt '*' neutron.list_ipsec_site_connections 1165 salt '*' neutron.list_ipsec_site_connections profile=openstack1 1166 1167 :param profile: Profile to build on (Optional) 1168 :return: List of IPSec site connection 1169 """ 1170 conn = _auth(profile) 1171 return conn.list_ipsec_site_connections() 1172 1173 1174def show_ipsec_site_connection(ipsec_site_connection, profile=None): 1175 """ 1176 Fetches information of a specific IPsecSiteConnection 1177 1178 CLI Example: 1179 1180 .. code-block:: bash 1181 1182 salt '*' neutron.show_ipsec_site_connection connection-name 1183 1184 :param ipsec_site_connection: ID or name of ipsec site connection 1185 to look up 1186 :param profile: Profile to build on (Optional) 1187 :return: IPSec site connection information 1188 """ 1189 conn = _auth(profile) 1190 return conn.show_ipsec_site_connection(ipsec_site_connection) 1191 1192 1193def create_ipsec_site_connection( 1194 name, 1195 ipsecpolicy, 1196 ikepolicy, 1197 vpnservice, 1198 peer_cidrs, 1199 peer_address, 1200 peer_id, 1201 psk, 1202 admin_state_up=True, 1203 profile=None, 1204 **kwargs 1205): 1206 """ 1207 Creates a new IPsecSiteConnection 1208 1209 CLI Example: 1210 1211 .. code-block:: bash 1212 1213 salt '*' neutron.show_ipsec_site_connection connection-name 1214 ipsec-policy-name ikepolicy-name vpnservice-name 1215 192.168.XXX.XXX/24 192.168.XXX.XXX 192.168.XXX.XXX secret 1216 1217 :param name: Set friendly name for the connection 1218 :param ipsecpolicy: IPSec policy ID or name associated with this connection 1219 :param ikepolicy: IKE policy ID or name associated with this connection 1220 :param vpnservice: VPN service instance ID or name associated with 1221 this connection 1222 :param peer_cidrs: Remote subnet(s) in CIDR format 1223 :param peer_address: Peer gateway public IPv4/IPv6 address or FQDN 1224 :param peer_id: Peer router identity for authentication 1225 Can be IPv4/IPv6 address, e-mail address, key id, or FQDN 1226 :param psk: Pre-shared key string 1227 :param initiator: Initiator state in lowercase, default:bi-directional 1228 :param admin_state_up: Set admin state up to true or false, 1229 default: True (Optional) 1230 :param mtu: size for the connection, default:1500 (Optional) 1231 :param dpd_action: Dead Peer Detection attribute: hold/clear/disabled/ 1232 restart/restart-by-peer (Optional) 1233 :param dpd_interval: Dead Peer Detection attribute (Optional) 1234 :param dpd_timeout: Dead Peer Detection attribute (Optional) 1235 :param profile: Profile to build on (Optional) 1236 :return: Created IPSec site connection information 1237 """ 1238 conn = _auth(profile) 1239 return conn.create_ipsec_site_connection( 1240 name, 1241 ipsecpolicy, 1242 ikepolicy, 1243 vpnservice, 1244 peer_cidrs, 1245 peer_address, 1246 peer_id, 1247 psk, 1248 admin_state_up, 1249 **kwargs 1250 ) 1251 1252 1253def delete_ipsec_site_connection(ipsec_site_connection, profile=None): 1254 """ 1255 Deletes the specified IPsecSiteConnection 1256 1257 CLI Example: 1258 1259 .. code-block:: bash 1260 1261 salt '*' neutron.delete_ipsec_site_connection connection-name 1262 1263 :param ipsec_site_connection: ID or name of ipsec site connection to delete 1264 :param profile: Profile to build on (Optional) 1265 :return: True(Succeed) or False 1266 """ 1267 conn = _auth(profile) 1268 return conn.delete_ipsec_site_connection(ipsec_site_connection) 1269 1270 1271def list_ikepolicies(profile=None): 1272 """ 1273 Fetches a list of all configured IKEPolicies for a tenant 1274 1275 CLI Example: 1276 1277 .. code-block:: bash 1278 1279 salt '*' neutron.list_ikepolicies 1280 salt '*' neutron.list_ikepolicies profile=openstack1 1281 1282 :param profile: Profile to build on (Optional) 1283 :return: List of IKE policy 1284 """ 1285 conn = _auth(profile) 1286 return conn.list_ikepolicies() 1287 1288 1289def show_ikepolicy(ikepolicy, profile=None): 1290 """ 1291 Fetches information of a specific IKEPolicy 1292 1293 CLI Example: 1294 1295 .. code-block:: bash 1296 1297 salt '*' neutron.show_ikepolicy ikepolicy-name 1298 1299 :param ikepolicy: ID or name of ikepolicy to look up 1300 :param profile: Profile to build on (Optional) 1301 :return: IKE policy information 1302 """ 1303 conn = _auth(profile) 1304 return conn.show_ikepolicy(ikepolicy) 1305 1306 1307def create_ikepolicy(name, profile=None, **kwargs): 1308 """ 1309 Creates a new IKEPolicy 1310 1311 CLI Example: 1312 1313 .. code-block:: bash 1314 1315 salt '*' neutron.create_ikepolicy ikepolicy-name 1316 phase1_negotiation_mode=main auth_algorithm=sha1 1317 encryption_algorithm=aes-128 pfs=group5 1318 1319 :param name: Name of the IKE policy 1320 :param phase1_negotiation_mode: IKE Phase1 negotiation mode in lowercase, 1321 default: main (Optional) 1322 :param auth_algorithm: Authentication algorithm in lowercase, 1323 default: sha1 (Optional) 1324 :param encryption_algorithm: Encryption algorithm in lowercase. 1325 default:aes-128 (Optional) 1326 :param pfs: Prefect Forward Security in lowercase, 1327 default: group5 (Optional) 1328 :param units: IKE lifetime attribute. default: seconds (Optional) 1329 :param value: IKE lifetime attribute. default: 3600 (Optional) 1330 :param ike_version: IKE version in lowercase, default: v1 (Optional) 1331 :param profile: Profile to build on (Optional) 1332 :param kwargs: 1333 :return: Created IKE policy information 1334 """ 1335 conn = _auth(profile) 1336 return conn.create_ikepolicy(name, **kwargs) 1337 1338 1339def delete_ikepolicy(ikepolicy, profile=None): 1340 """ 1341 Deletes the specified IKEPolicy 1342 1343 CLI Example: 1344 1345 .. code-block:: bash 1346 1347 salt '*' neutron.delete_ikepolicy ikepolicy-name 1348 1349 :param ikepolicy: ID or name of IKE policy to delete 1350 :param profile: Profile to build on (Optional) 1351 :return: True(Succeed) or False 1352 """ 1353 conn = _auth(profile) 1354 return conn.delete_ikepolicy(ikepolicy) 1355 1356 1357def list_ipsecpolicies(profile=None): 1358 """ 1359 Fetches a list of all configured IPsecPolicies for a tenant 1360 1361 CLI Example: 1362 1363 .. code-block:: bash 1364 1365 salt '*' neutron.list_ipsecpolicies ipsecpolicy-name 1366 salt '*' neutron.list_ipsecpolicies ipsecpolicy-name profile=openstack1 1367 1368 :param profile: Profile to build on (Optional) 1369 :return: List of IPSec policy 1370 """ 1371 conn = _auth(profile) 1372 return conn.list_ipsecpolicies() 1373 1374 1375def show_ipsecpolicy(ipsecpolicy, profile=None): 1376 """ 1377 Fetches information of a specific IPsecPolicy 1378 1379 CLI Example: 1380 1381 .. code-block:: bash 1382 1383 salt '*' neutron.show_ipsecpolicy ipsecpolicy-name 1384 1385 :param ipsecpolicy: ID or name of IPSec policy to look up 1386 :param profile: Profile to build on (Optional) 1387 :return: IPSec policy information 1388 """ 1389 conn = _auth(profile) 1390 return conn.show_ipsecpolicy(ipsecpolicy) 1391 1392 1393def create_ipsecpolicy(name, profile=None, **kwargs): 1394 """ 1395 Creates a new IPsecPolicy 1396 1397 CLI Example: 1398 1399 .. code-block:: bash 1400 1401 salt '*' neutron.create_ipsecpolicy ipsecpolicy-name 1402 transform_protocol=esp auth_algorithm=sha1 1403 encapsulation_mode=tunnel encryption_algorithm=aes-128 1404 1405 :param name: Name of the IPSec policy 1406 :param transform_protocol: Transform protocol in lowercase, 1407 default: esp (Optional) 1408 :param auth_algorithm: Authentication algorithm in lowercase, 1409 default: sha1 (Optional) 1410 :param encapsulation_mode: Encapsulation mode in lowercase, 1411 default: tunnel (Optional) 1412 :param encryption_algorithm: Encryption algorithm in lowercase, 1413 default:aes-128 (Optional) 1414 :param pfs: Prefect Forward Security in lowercase, 1415 default: group5 (Optional) 1416 :param units: IPSec lifetime attribute. default: seconds (Optional) 1417 :param value: IPSec lifetime attribute. default: 3600 (Optional) 1418 :param profile: Profile to build on (Optional) 1419 :return: Created IPSec policy information 1420 """ 1421 conn = _auth(profile) 1422 return conn.create_ipsecpolicy(name, **kwargs) 1423 1424 1425def delete_ipsecpolicy(ipsecpolicy, profile=None): 1426 """ 1427 Deletes the specified IPsecPolicy 1428 1429 CLI Example: 1430 1431 .. code-block:: bash 1432 1433 salt '*' neutron.delete_ipsecpolicy ipsecpolicy-name 1434 1435 :param ipsecpolicy: ID or name of IPSec policy to delete 1436 :param profile: Profile to build on (Optional) 1437 :return: True(Succeed) or False 1438 """ 1439 conn = _auth(profile) 1440 return conn.delete_ipsecpolicy(ipsecpolicy) 1441 1442 1443def list_firewall_rules(profile=None): 1444 """ 1445 Fetches a list of all firewall rules for a tenant 1446 1447 CLI Example: 1448 1449 .. code-block:: bash 1450 1451 salt '*' neutron.list_firewall_rules 1452 1453 :param profile: Profile to build on (Optional) 1454 1455 :return: List of firewall rules 1456 """ 1457 conn = _auth(profile) 1458 return conn.list_firewall_rules() 1459 1460 1461def show_firewall_rule(firewall_rule, profile=None): 1462 """ 1463 Fetches information of a specific firewall rule 1464 1465 CLI Example: 1466 1467 .. code-block:: bash 1468 1469 salt '*' neutron.show_firewall_rule firewall-rule-name 1470 1471 :param ipsecpolicy: ID or name of firewall rule to look up 1472 1473 :param profile: Profile to build on (Optional) 1474 1475 :return: firewall rule information 1476 """ 1477 conn = _auth(profile) 1478 return conn.show_firewall_rule(firewall_rule) 1479 1480 1481def create_firewall_rule(protocol, action, profile=None, **kwargs): 1482 """ 1483 Creates a new firewall rule 1484 1485 CLI Example: 1486 1487 .. code-block:: bash 1488 1489 salt '*' neutron.create_firewall_rule protocol action 1490 tenant_id=TENANT_ID name=NAME description=DESCRIPTION ip_version=IP_VERSION 1491 source_ip_address=SOURCE_IP_ADDRESS destination_ip_address=DESTINATION_IP_ADDRESS source_port=SOURCE_PORT 1492 destination_port=DESTINATION_PORT shared=SHARED enabled=ENABLED 1493 1494 :param protocol: Protocol for the firewall rule, choose "tcp","udp","icmp" or "None". 1495 :param action: Action for the firewall rule, choose "allow" or "deny". 1496 :param tenant_id: The owner tenant ID. (Optional) 1497 :param name: Name for the firewall rule. (Optional) 1498 :param description: Description for the firewall rule. (Optional) 1499 :param ip_version: IP protocol version, default: 4. (Optional) 1500 :param source_ip_address: Source IP address or subnet. (Optional) 1501 :param destination_ip_address: Destination IP address or subnet. (Optional) 1502 :param source_port: Source port (integer in [1, 65535] or range in a:b). (Optional) 1503 :param destination_port: Destination port (integer in [1, 65535] or range in a:b). (Optional) 1504 :param shared: Set shared to True, default: False. (Optional) 1505 :param enabled: To enable this rule, default: True. (Optional) 1506 """ 1507 conn = _auth(profile) 1508 return conn.create_firewall_rule(protocol, action, **kwargs) 1509 1510 1511def delete_firewall_rule(firewall_rule, profile=None): 1512 """ 1513 Deletes the specified firewall_rule 1514 1515 CLI Example: 1516 1517 .. code-block:: bash 1518 1519 salt '*' neutron.delete_firewall_rule firewall-rule 1520 1521 :param firewall_rule: ID or name of firewall rule to delete 1522 :param profile: Profile to build on (Optional) 1523 :return: True(Succeed) or False 1524 """ 1525 conn = _auth(profile) 1526 return conn.delete_firewall_rule(firewall_rule) 1527 1528 1529def update_firewall_rule( 1530 firewall_rule, 1531 protocol=None, 1532 action=None, 1533 name=None, 1534 description=None, 1535 ip_version=None, 1536 source_ip_address=None, 1537 destination_ip_address=None, 1538 source_port=None, 1539 destination_port=None, 1540 shared=None, 1541 enabled=None, 1542 profile=None, 1543): 1544 """ 1545 Update a firewall rule 1546 1547 CLI Example: 1548 1549 .. code-block:: bash 1550 1551 salt '*' neutron.update_firewall_rule firewall_rule protocol=PROTOCOL action=ACTION 1552 name=NAME description=DESCRIPTION ip_version=IP_VERSION 1553 source_ip_address=SOURCE_IP_ADDRESS destination_ip_address=DESTINATION_IP_ADDRESS 1554 source_port=SOURCE_PORT destination_port=DESTINATION_PORT shared=SHARED enabled=ENABLED 1555 1556 :param firewall_rule: ID or name of firewall rule to update. 1557 :param protocol: Protocol for the firewall rule, choose "tcp","udp","icmp" or "None". (Optional) 1558 :param action: Action for the firewall rule, choose "allow" or "deny". (Optional) 1559 :param name: Name for the firewall rule. (Optional) 1560 :param description: Description for the firewall rule. (Optional) 1561 :param ip_version: IP protocol version, default: 4. (Optional) 1562 :param source_ip_address: Source IP address or subnet. (Optional) 1563 :param destination_ip_address: Destination IP address or subnet. (Optional) 1564 :param source_port: Source port (integer in [1, 65535] or range in a:b). (Optional) 1565 :param destination_port: Destination port (integer in [1, 65535] or range in a:b). (Optional) 1566 :param shared: Set shared to True, default: False. (Optional) 1567 :param enabled: To enable this rule, default: True. (Optional) 1568 :param profile: Profile to build on (Optional) 1569 """ 1570 conn = _auth(profile) 1571 return conn.update_firewall_rule( 1572 firewall_rule, 1573 protocol, 1574 action, 1575 name, 1576 description, 1577 ip_version, 1578 source_ip_address, 1579 destination_ip_address, 1580 source_port, 1581 destination_port, 1582 shared, 1583 enabled, 1584 ) 1585 1586 1587def list_firewalls(profile=None): 1588 """ 1589 Fetches a list of all firewalls for a tenant 1590 1591 CLI Example: 1592 1593 .. code-block:: bash 1594 1595 salt '*' neutron.list_firewalls 1596 1597 :param profile: Profile to build on (Optional) 1598 :return: List of firewalls 1599 """ 1600 conn = _auth(profile) 1601 return conn.list_firewalls() 1602 1603 1604def show_firewall(firewall, profile=None): 1605 """ 1606 Fetches information of a specific firewall rule 1607 1608 CLI Example: 1609 1610 .. code-block:: bash 1611 1612 salt '*' neutron.show_firewall firewall 1613 1614 :param firewall: ID or name of firewall to look up 1615 :param profile: Profile to build on (Optional) 1616 :return: firewall information 1617 """ 1618 conn = _auth(profile) 1619 return conn.show_firewall(firewall) 1620 1621 1622def list_l3_agent_hosting_routers(router, profile=None): 1623 """ 1624 List L3 agents hosting a router. 1625 1626 CLI Example: 1627 1628 .. code-block:: bash 1629 1630 salt '*' neutron.list_l3_agent_hosting_routers router 1631 1632 :param router:router name or ID to query. 1633 :param profile: Profile to build on (Optional) 1634 :return: L3 agents message. 1635 """ 1636 conn = _auth(profile) 1637 return conn.list_l3_agent_hosting_routers(router) 1638 1639 1640def list_agents(profile=None): 1641 """ 1642 List agents. 1643 1644 CLI Example: 1645 1646 .. code-block:: bash 1647 1648 salt '*' neutron.list_agents 1649 1650 :param profile: Profile to build on (Optional) 1651 :return: agents message. 1652 """ 1653 conn = _auth(profile) 1654 return conn.list_agents() 1655