import time as t
from lib_osm_openvim import ovim as ovim_module
from lib_osm_openvim.ovim import ovimException
+from Crypto.PublicKey import RSA
import osm_im.vnfd as vnfd_catalog
import osm_im.nsd as nsd_catalog
-
from pyangbind.lib.serialise import pybindJSONDecoder
from itertools import chain
user=vim['user'], passwd=vim['passwd'],
config=extra, persistent_info=vim_persistent_info[thread_id]
)
+ except vimconn.vimconnException as e:
+ myvim = e
+ logger.error("Cannot launch thread for VIM {} '{}': {}".format(vim['datacenter_name'],
+ vim['datacenter_id'], e))
except Exception as e:
raise NfvoException("Error at VIM {}; {}: {}".format(vim["type"], type(e).__name__, e),
HTTP_Internal_Server_Error)
try:
pybindJSONDecoder.load_ietf_json(vnf_descriptor, None, None, obj=myvnfd)
except Exception as e:
- raise NfvoException("Invalid yang descriptor format " + str(e), HTTP_Bad_Request)
+ raise NfvoException("Error. Invalid VNF descriptor format " + str(e), HTTP_Bad_Request)
db_vnfs = []
db_nets = []
db_vms = []
db_flavors = []
uuid_list = []
vnfd_uuid_list = []
- for rift_vnfd in myvnfd.vnfd_catalog.vnfd.itervalues():
- vnfd = rift_vnfd.get()
+ vnfd_catalog_descriptor = vnf_descriptor.get("vnfd:vnfd-catalog")
+ if not vnfd_catalog_descriptor:
+ vnfd_catalog_descriptor = vnf_descriptor.get("vnfd-catalog")
+ vnfd_descriptor_list = vnfd_catalog_descriptor.get("vnfd")
+ if not vnfd_descriptor_list:
+ vnfd_descriptor_list = vnfd_catalog_descriptor.get("vnfd:vnfd")
+ for vnfd_yang in myvnfd.vnfd_catalog.vnfd.itervalues():
+ vnfd = vnfd_yang.get()
# table vnf
vnf_uuid = str(uuid4())
"descriptor": str(vnf_descriptor)[:60000]
}
+ for vnfd_descriptor in vnfd_descriptor_list:
+ if vnfd_descriptor["id"] == str(vnfd["id"]):
+ break
+
# table nets (internal-vld)
net_id2uuid = {} # for mapping interface with network
for vld in vnfd.get("internal-vld").itervalues():
if vdu["guest-epa"].get("numa-node-policy"): # TODO or dedicated_int:
numa_node_policy = vdu["guest-epa"].get("numa-node-policy")
if numa_node_policy.get("node"):
- numa_node = numa_node_policy.node[0]
+ numa_node = numa_node_policy["node"]['0']
if numa_node.get("num-cores"):
numa["cores"] = numa_node["num-cores"]
epa_vcpu_set = True
if numa_node.get("paired-threads"):
if numa_node["paired-threads"].get("num-paired-threads"):
- numa["paired-threads"] = numa_node["paired-threads"]["num-paired-threads"]
+ numa["paired-threads"] = int(numa_node["paired-threads"]["num-paired-threads"])
epa_vcpu_set = True
- if len(numa_node["paired-threads"].get("paired-thread-ids")) > 0:
+ if len(numa_node["paired-threads"].get("paired-thread-ids")):
numa["paired-threads-id"] = []
- for pair in numa_node["paired-threads"]["paired-thread-ids"].itervalues:
+ for pair in numa_node["paired-threads"]["paired-thread-ids"].itervalues():
numa["paired-threads-id"].append(
(str(pair["thread-a"]), str(pair["thread-b"]))
)
if numa_node.get("num-threads"):
- numa["threads"] = numa_node["num-threads"]
+ numa["threads"] = int(numa_node["num-threads"])
epa_vcpu_set = True
if numa_node.get("memory-mb"):
numa["memory"] = max(int(numa_node["memory-mb"] / 1024), 1)
# cloud-init
boot_data = {}
if vdu.get("cloud-init"):
- boot_data["user-data"] = vdu["cloud-init"]
+ boot_data["user-data"] = str(vdu["cloud-init"])
elif vdu.get("cloud-init-file"):
# TODO Where this file content is present???
- # boot_data["user-data"] = rift_vnfd.files[vdu["cloud-init-file"]]
+ # boot_data["user-data"] = vnfd_yang.files[vdu["cloud-init-file"]]
boot_data["user-data"] = str(vdu["cloud-init-file"])
if vdu.get("supplemental-boot-data"):
"content": cfg_source})
boot_data['config-files'] = om_cfgfile_list
if boot_data:
- db_vm["boot_data"] = boot_data
+ db_vm["boot_data"] = yaml.safe_dump(boot_data, default_flow_style=True, width=256)
db_vms.append(db_vm)
db_vms_index += 1
db_interface["type"] = "data"
db_interface["model"] = get_str(iface.get("virtual-interface"), "type", 12)
else:
- raise ValueError("Interface type {} not supported".format(iface.get("virtual-interface").get("type")))
+ raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{}]':'vdu[{}]':'interface':'virtual"
+ "-interface':'type':'{}'. Interface type is not supported".format(
+ str(vnfd["id"])[:255], str(vdu["id"])[:255],
+ iface.get("virtual-interface").get("type")),
+ HTTP_Bad_Request)
if iface.get("external-connection-point-ref"):
try:
db_interface["external_name"] = get_str(cp, "name", 255)
cp_name2iface_uuid[db_interface["external_name"]] = iface_uuid
cp_name2vm_uuid[db_interface["external_name"]] = vm_uuid
- # TODO add port-security-enable
- # if cp.get("port-security-enabled") == False:
- # elif cp.get("port-security-enabled") == True:
+ for cp_descriptor in vnfd_descriptor["connection-point"]:
+ if cp_descriptor["name"] == db_interface["external_name"]:
+ break
+ if str(cp_descriptor.get("port-security-enabled")).lower() == "false":
+ db_interface["port_security"] = 0
+ elif str(cp_descriptor.get("port-security-enabled")).lower() == "true":
+ db_interface["port_security"] = 1
except KeyError:
- raise KeyError(
- "Error wrong reference at vnfd['{vnf}'] vdu['{vdu}']:internal-interface['{iface}']:"
- "vnfd-connection-point-ref '{cp}' is not present at connection-point".format(
- vnf=vnfd["id"], vdu=vdu["id"], iface=iface["name"],
- cp=iface.get("vnfd-connection-point-ref"))
- )
+ raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{vnf}]':'vdu[{vdu}]':"
+ "'interface[{iface}]':'vnfd-connection-point-ref':'{cp}' is not present"
+ " at connection-point".format(
+ vnf=vnfd["id"], vdu=vdu["id"], iface=iface["name"],
+ cp=iface.get("vnfd-connection-point-ref")),
+ HTTP_Bad_Request)
elif iface.get("internal-connection-point-ref"):
try:
for vld in vnfd.get("internal-vld").itervalues():
for cp in vld.get("internal-connection-point").itervalues():
if cp.get("id-ref") == iface.get("internal-connection-point-ref"):
db_interface["net_id"] = net_id2uuid[vld.get("id")]
+ for cp_descriptor in vnfd_descriptor["connection-point"]:
+ if cp_descriptor["name"] == db_interface["external_name"]:
+ break
+ if str(cp_descriptor.get("port-security-enabled")).lower() == "false":
+ db_interface["port_security"] = 0
+ elif str(cp_descriptor.get("port-security-enabled")).lower() == "true":
+ db_interface["port_security"] = 1
break
except KeyError:
- raise KeyError(
- "Error at vnfd['{vnf}'] vdu['{vdu}']:internal-interface['{iface}']:"
- "vdu-internal-connection-point-ref '{cp}' is not referenced by any internal-vld".format(
- vnf=vnfd["id"], vdu=vdu["id"], iface=iface["name"],
- cp=iface.get("vdu-internal-connection-point-ref"))
- )
+ raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{vnf}]':'vdu[{vdu}]':"
+ "'interface[{iface}]':'vdu-internal-connection-point-ref':'{cp}' is not"
+ " referenced by any internal-vld".format(
+ vnf=vnfd["id"], vdu=vdu["id"], iface=iface["name"],
+ cp=iface.get("vdu-internal-connection-point-ref")),
+ HTTP_Bad_Request)
if iface.get("position") is not None:
db_interface["created_at"] = int(iface.get("position")) - 1000
db_interfaces.append(db_interface)
for vdu in pg.get("member-vdus").itervalues():
vdu_id = get_str(vdu, "member-vdu-ref", 255)
if vdu_id not in vdu_id2db_table_index:
- raise KeyError(
- "Error at 'vnfd'['{vnf}']:'placement-groups'['{pg}']:'member-vdus':'{vdu}' references a non existing vdu".format(
- vnf=vnfd["id"], pg=pg_name, vdu=vdu_id))
+ raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{vnf}]':'placement-groups[{pg}]':"
+ "'member-vdus':'{vdu}'. Reference to a non-existing vdu".format(
+ vnf=vnfd["id"], pg=pg_name, vdu=vdu_id),
+ HTTP_Bad_Request)
db_vms[vdu_id2db_table_index[vdu_id]]["availability_zone"] = pg_name
# TODO consider the case of isolation and not colocation
# if pg.get("strategy") == "ISOLATION":
mgmt_access = {}
if vnfd["mgmt-interface"].get("vdu-id"):
if vnfd["mgmt-interface"]["vdu-id"] not in vdu_id2uuid:
- raise KeyError(
- "Error at vnfd['{vnf}']:'mgmt-interface':'vdu-id':{vdu} reference a non existing vdu".format(
- vnf=vnfd["id"], vdu=vnfd["mgmt-interface"]["vdu-id"]))
+ raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{vnf}]':'mgmt-interface':'vdu-id':"
+ "'{vdu}'. Reference to a non-existing vdu".format(
+ vnf=vnfd["id"], vdu=vnfd["mgmt-interface"]["vdu-id"]),
+ HTTP_Bad_Request)
mgmt_access["vm_id"] = vdu_id2uuid[vnfd["mgmt-interface"]["vdu-id"]]
if vnfd["mgmt-interface"].get("ip-address"):
mgmt_access["ip-address"] = str(vnfd["mgmt-interface"].get("ip-address"))
if vnfd["mgmt-interface"].get("cp"):
if vnfd["mgmt-interface"]["cp"] not in cp_name2iface_uuid:
- raise KeyError(
- "Error at vnfd['{vnf}']:'mgmt-interface':'cp':{cp} reference a non existing connection-point".
- format(vnf=vnfd["id"], cp=vnfd["mgmt-interface"]["cp"]))
+ raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{vnf}]':'mgmt-interface':'cp':'{cp}'. "
+ "Reference to a non-existing connection-point".format(
+ vnf=vnfd["id"], cp=vnfd["mgmt-interface"]["cp"]),
+ HTTP_Bad_Request)
mgmt_access["vm_id"] = cp_name2vm_uuid[vnfd["mgmt-interface"]["cp"]]
mgmt_access["interface_id"] = cp_name2iface_uuid[vnfd["mgmt-interface"]["cp"]]
default_user = get_str(vnfd.get("vnf-configuration", {}).get("config-access", {}).get("ssh-access", {}),
"default-user", 64)
+
if default_user:
mgmt_access["default_user"] = default_user
+ required = get_str(vnfd.get("vnf-configuration", {}).get("config-access", {}).get("ssh-access", {}),
+ "required", 6)
+ if required:
+ mgmt_access["required"] = required
+
if mgmt_access:
db_vnf["mgmt_access"] = yaml.safe_dump(mgmt_access, default_flow_style=True, width=256)
+
+
db_vnfs.append(db_vnf)
db_tables=[
{"vnfs": db_vnfs},
yaml.safe_dump(db_tables, indent=4, default_flow_style=False) )
mydb.new_rows(db_tables, uuid_list)
return vnfd_uuid_list
+ except NfvoException:
+ raise
except Exception as e:
logger.error("Exception {}".format(e))
raise # NfvoException("Exception {}".format(e), HTTP_Bad_Request)
try:
pybindJSONDecoder.load_ietf_json(nsd_descriptor, None, None, obj=mynsd)
except Exception as e:
- raise NfvoException("Invalid yang descriptor format " + str(e), HTTP_Bad_Request)
+ raise NfvoException("Error. Invalid NS descriptor format: " + str(e), HTTP_Bad_Request)
db_scenarios = []
db_sce_nets = []
db_sce_vnfs = []
db_ip_profiles_index = 0
uuid_list = []
nsd_uuid_list = []
- for rift_nsd in mynsd.nsd_catalog.nsd.itervalues():
- nsd = rift_nsd.get()
+ for nsd_yang in mynsd.nsd_catalog.nsd.itervalues():
+ nsd = nsd_yang.get()
# table sceanrios
scenario_uuid = str(uuid4())
existing_vnf = mydb.get_rows(FROM="vnfs", WHERE={'osm_id': str(vnf["vnfd-id-ref"])[:255],
'tenant_id': tenant_id})
if not existing_vnf:
- raise KeyError("Error at 'nsd[{}]':'constituent-vnfd':'vnfd-id-ref':'{}' references a "
- "non existing VNFD in the catalog".format(str(nsd["id"]),
- str(vnf["vnfd-id-ref"])[:255]))
+ raise NfvoException("Error. Invalid NS descriptor at 'nsd[{}]':'constituent-vnfd':'vnfd-id-ref':"
+ "'{}'. Reference to a non-existing VNFD in the catalog".format(
+ str(nsd["id"]), str(vnf["vnfd-id-ref"])[:255]),
+ HTTP_Bad_Request)
sce_vnf_uuid = str(uuid4())
uuid_list.append(sce_vnf_uuid)
db_sce_vnf = {
if vld.get("ip-profile-ref"):
ip_profile_name = vld.get("ip-profile-ref")
if ip_profile_name not in ip_profile_name2db_table_index:
- raise KeyError("Error at 'nsd[{}]':'vld[{}]':'ip-profile-ref':'{}' references a non existing "
- "'ip_profiles'".format(
- str(nsd["id"]), str(vld["id"]), str(vld["ip-profile-ref"])))
+ raise NfvoException("Error. Invalid NS descriptor at 'nsd[{}]':'vld[{}]':'ip-profile-ref':'{}'."
+ " Reference to a non-existing 'ip_profiles'".format(
+ str(nsd["id"]), str(vld["id"]), str(vld["ip-profile-ref"])),
+ HTTP_Bad_Request)
db_ip_profiles[ip_profile_name2db_table_index[ip_profile_name]]["sce_net_id"] = sce_net_uuid
# table sce_interfaces (vld:vnfd-connection-point-ref)
vnf_index = int(iface['member-vnf-index-ref'])
# check correct parameters
if vnf_index not in vnf_index2vnf_uuid:
- raise KeyError("Error at 'nsd[{}]':'vld[{}]':'vnfd-connection-point-ref':'member-vnf-index-ref'"
- ":'{}' references a non existing index at 'nsd':'constituent-vnfd'".format(
- str(nsd["id"]), str(vld["id"]), str(iface["member-vnf-index-ref"])))
+ raise NfvoException("Error. Invalid NS descriptor at 'nsd[{}]':'vld[{}]':'vnfd-connection-point"
+ "-ref':'member-vnf-index-ref':'{}'. Reference to a non-existing index at "
+ "'nsd':'constituent-vnfd'".format(
+ str(nsd["id"]), str(vld["id"]), str(iface["member-vnf-index-ref"])),
+ HTTP_Bad_Request)
existing_ifaces = mydb.get_rows(SELECT=('i.uuid as uuid',),
FROM="interfaces as i join vms on i.vm_id=vms.uuid",
'external_name': get_str(iface, "vnfd-connection-point-ref",
255)})
if not existing_ifaces:
- raise KeyError("Error at 'nsd[{}]':'vld[{}]':'vnfd-connection-point-ref':'vnfd-connection-point"
- "-ref':'{}' references a non existing interface at VNFD '{}'".format(
- str(nsd["id"]), str(vld["id"]), str(iface["vnfd-connection-point-ref"]),
- str(iface.get("vnfd-id-ref"))[:255]))
-
+ raise NfvoException("Error. Invalid NS descriptor at 'nsd[{}]':'vld[{}]':'vnfd-connection-point"
+ "-ref':'vnfd-connection-point-ref':'{}'. Reference to a non-existing "
+ "connection-point name at VNFD '{}'".format(
+ str(nsd["id"]), str(vld["id"]), str(iface["vnfd-connection-point-ref"]),
+ str(iface.get("vnfd-id-ref"))[:255]),
+ HTTP_Bad_Request)
interface_uuid = existing_ifaces[0]["uuid"]
sce_interface_uuid = str(uuid4())
uuid_list.append(sce_net_uuid)
yaml.safe_dump(db_tables, indent=4, default_flow_style=False) )
mydb.new_rows(db_tables, uuid_list)
return nsd_uuid_list
+ except NfvoException:
+ raise
except Exception as e:
logger.error("Exception {}".format(e))
raise # NfvoException("Exception {}".format(e), HTTP_Bad_Request)
#logger.error("start_scenario %s", error_text)
raise NfvoException(error_text, e.http_code)
-
def unify_cloud_config(cloud_config_preserve, cloud_config):
""" join the cloud config information into cloud_config_preserve.
In case of conflict cloud_config_preserve preserves
raise NfvoException("{} {}".format(type(e).__name__ , str(e)), e.http_code)
+def get_datacenter_uuid(mydb, tenant_id, datacenter_id_name):
+ WHERE_dict={}
+ if utils.check_valid_uuid(datacenter_id_name):
+ WHERE_dict['d.uuid'] = datacenter_id_name
+ else:
+ WHERE_dict['d.name'] = datacenter_id_name
+
+ if tenant_id:
+ WHERE_dict['nfvo_tenant_id'] = tenant_id
+ from_= "tenants_datacenters as td join datacenters as d on td.datacenter_id=d.uuid join datacenter_tenants as" \
+ " dt on td.datacenter_tenant_id=dt.uuid"
+ else:
+ from_ = 'datacenters as d'
+ vimaccounts = mydb.get_rows(FROM=from_, SELECT=("d.uuid as uuid",), WHERE=WHERE_dict )
+ if len(vimaccounts) == 0:
+ raise NfvoException("datacenter '{}' not found".format(str(datacenter_id_name)), HTTP_Not_Found)
+ elif len(vimaccounts)>1:
+ #print "nfvo.datacenter_action() error. Several datacenters found"
+ raise NfvoException("More than one datacenters found, try to identify with uuid", HTTP_Conflict)
+ return vimaccounts[0]["uuid"]
+
+
def get_datacenter_by_name_uuid(mydb, tenant_id, datacenter_id_name=None, **extra_filter):
datacenter_id = None
datacenter_name = None
d[k] = u[k]
return d
-
def create_instance(mydb, tenant_id, instance_dict):
# print "Checking that nfvo_tenant_id exists and getting the VIM URI and the VIM tenant_id"
# logger.debug("Creating instance...")
default_datacenter_id, vim = get_datacenter_by_name_uuid(mydb, tenant_id, datacenter)
myvims[default_datacenter_id] = vim
myvim_threads_id[default_datacenter_id], _ = get_vim_thread(mydb, tenant_id, default_datacenter_id)
+ tenant = mydb.get_rows_by_id('nfvo_tenants', tenant_id)
# myvim_tenant = myvim['tenant_id']
+
rollbackList=[]
# print "Checking that the scenario exists and getting the scenario dictionary"
site_without_datacenter_field = False
for site in net_instance_desc["sites"]:
if site.get("datacenter"):
+ site["datacenter"] = get_datacenter_uuid(mydb, tenant_id, site["datacenter"])
if site["datacenter"] not in myvims:
# Add this datacenter to myvims
d, v = get_datacenter_by_name_uuid(mydb, tenant_id, site["datacenter"])
raise NfvoException("Invalid vnf name '{}' at instance:vnfs".format(vnf_instance_desc), HTTP_Bad_Request)
if "datacenter" in vnf_instance_desc:
# Add this datacenter to myvims
+ vnf_instance_desc["datacenter"] = get_datacenter_uuid(mydb, tenant_id, vnf_instance_desc["datacenter"])
if vnf_instance_desc["datacenter"] not in myvims:
d, v = get_datacenter_by_name_uuid(mydb, tenant_id, vnf_instance_desc["datacenter"])
myvims[d] = v
# 0.1 parse cloud-config parameters
cloud_config = unify_cloud_config(instance_dict.get("cloud-config"), scenarioDict.get("cloud-config"))
+ # We add the RO key to cloud_config
+ if tenant[0].get('RO_pub_key'):
+ RO_key = {"key-pairs": [tenant[0]['RO_pub_key']]}
+ cloud_config = unify_cloud_config(cloud_config, RO_key)
# 0.2 merge instance information into scenario
# Ideally, the operation should be as simple as: update(scenarioDict,instance_dict)
create_network = True
lookfor_network = False
- if lookfor_network and create_network:
- # TODO create two tasks FIND + CREATE with their relationship
- task_action = "FIND_CREATE"
- task_params = (lookfor_filter, (net_vim_name, net_type, sce_net.get('ip_profile', None)))
+ task_extra = {}
+ if create_network:
+ task_action = "CREATE"
+ task_extra["params"] = (net_vim_name, net_type, sce_net.get('ip_profile', None))
+ if lookfor_network:
+ task_extra["find"] = (lookfor_filter,)
elif lookfor_network:
task_action = "FIND"
- task_params = (lookfor_filter,)
- elif create_network:
- task_action = "CREATE"
- task_params = (net_vim_name, net_type, sce_net.get('ip_profile', None))
+ task_extra["params"] = (lookfor_filter,)
# fill database content
net_uuid = str(uuid4())
"action": task_action,
"item": "instance_nets",
"item_id": net_uuid,
- "extra": yaml.safe_dump({"params": task_params}, default_flow_style=True, width=256)
+ "extra": yaml.safe_dump(task_extra, default_flow_style=True, width=256)
}
net2task_id['scenario'][sce_net['uuid']][datacenter_id] = task_index
task_index += 1
return 0, 'Scenario instance ' + instance_id + ' refreshed.'
-
def instance_action(mydb,nfvo_tenant,instance_id, action_dict):
#print "Checking that the instance_id exists and getting the instance dictionary"
instanceDict = mydb.get_instance_scenario(instance_id, nfvo_tenant)
vm['uuid'] not in input_vms and vm['name'] not in input_vms:
continue
try:
- data = myvim.action_vminstance(vm['vim_vm_id'], action_dict)
- if "console" in action_dict:
- if not global_config["http_console_proxy"]:
- vm_result[ vm['uuid'] ] = {"vim_result": 200,
- "description": "{protocol}//{ip}:{port}/{suffix}".format(
- protocol=data["protocol"],
- ip = data["server"],
- port = data["port"],
- suffix = data["suffix"]),
- "name":vm['name']
- }
- vm_ok +=1
- elif data["server"]=="127.0.0.1" or data["server"]=="localhost":
- vm_result[ vm['uuid'] ] = {"vim_result": -HTTP_Unauthorized,
- "description": "this console is only reachable by local interface",
- "name":vm['name']
- }
- vm_error+=1
- else:
- #print "console data", data
+ if "add_public_key" in action_dict:
+ mgmt_access = {}
+ if sce_vnf.get('mgmt_access'):
+ mgmt_access = yaml.load(sce_vnf['mgmt_access'])
+ ssh_access = mgmt_access['config-access']['ssh-access']
+ tenant = mydb.get_rows_by_id('nfvo_tenants', nfvo_tenant)
try:
- console_thread = create_or_use_console_proxy_thread(data["server"], data["port"])
+ if ssh_access['required'] and ssh_access['default-user']:
+ if 'ip_address' in vm:
+ mgmt_ip = vm['ip_address'].split(';')
+ password = mgmt_access['config-access'].get('password')
+ priv_RO_key = decrypt_key(tenant[0]['encrypted_RO_priv_key'], tenant[0]['uuid'])
+ myvim.inject_user_key(mgmt_ip[0], ssh_access['default-user'],
+ action_dict['add_public_key'],
+ password=password, ro_key=priv_RO_key)
+ else:
+ raise NfvoException("Unable to inject ssh key in vm: {} - Aborting".format(vm['uuid']),
+ HTTP_Internal_Server_Error)
+ except KeyError:
+ raise NfvoException("Unable to inject ssh key in vm: {} - Aborting".format(vm['uuid']),
+ HTTP_Internal_Server_Error)
+ else:
+ raise NfvoException("Unable to inject ssh key in vm: {} - Aborting".format(vm['uuid']),
+ HTTP_Internal_Server_Error)
+ else:
+ data = myvim.action_vminstance(vm['vim_vm_id'], action_dict)
+ if "console" in action_dict:
+ if not global_config["http_console_proxy"]:
vm_result[ vm['uuid'] ] = {"vim_result": 200,
"description": "{protocol}//{ip}:{port}/{suffix}".format(
protocol=data["protocol"],
- ip = global_config["http_console_host"],
- port = console_thread.port,
+ ip = data["server"],
+ port = data["port"],
suffix = data["suffix"]),
"name":vm['name']
}
vm_ok +=1
- except NfvoException as e:
- vm_result[ vm['uuid'] ] = {"vim_result": e.http_code, "name":vm['name'], "description": str(e)}
+ elif data["server"]=="127.0.0.1" or data["server"]=="localhost":
+ vm_result[ vm['uuid'] ] = {"vim_result": -HTTP_Unauthorized,
+ "description": "this console is only reachable by local interface",
+ "name":vm['name']
+ }
vm_error+=1
+ else:
+ #print "console data", data
+ try:
+ console_thread = create_or_use_console_proxy_thread(data["server"], data["port"])
+ vm_result[ vm['uuid'] ] = {"vim_result": 200,
+ "description": "{protocol}//{ip}:{port}/{suffix}".format(
+ protocol=data["protocol"],
+ ip = global_config["http_console_host"],
+ port = console_thread.port,
+ suffix = data["suffix"]),
+ "name":vm['name']
+ }
+ vm_ok +=1
+ except NfvoException as e:
+ vm_result[ vm['uuid'] ] = {"vim_result": e.http_code, "name":vm['name'], "description": str(e)}
+ vm_error+=1
- else:
- vm_result[ vm['uuid'] ] = {"vim_result": 200, "description": "ok", "name":vm['name']}
- vm_ok +=1
+ else:
+ vm_result[ vm['uuid'] ] = {"vim_result": 200, "description": "ok", "name":vm['name']}
+ vm_ok +=1
except vimconn.vimconnException as e:
vm_result[ vm['uuid'] ] = {"vim_result": e.http_code, "name":vm['name'], "description": str(e)}
vm_error+=1
raise NfvoException("tenant '{}' not found".format(tenant_id), HTTP_Not_Found)
return
-
def new_tenant(mydb, tenant_dict):
- tenant_id = mydb.new_row("nfvo_tenants", tenant_dict, add_uuid=True)
- return tenant_id
+ tenant_uuid = str(uuid4())
+ tenant_dict['uuid'] = tenant_uuid
+ try:
+ pub_key, priv_key = create_RO_keypair(tenant_uuid)
+ tenant_dict['RO_pub_key'] = pub_key
+ tenant_dict['encrypted_RO_priv_key'] = priv_key
+ mydb.new_row("nfvo_tenants", tenant_dict, confidential_data=True)
+ except db_base_Exception as e:
+ raise NfvoException("Error creating the new tenant: {} ".format(tenant_dict['name']) + str(e), HTTP_Internal_Server_Error)
+ return tenant_uuid
def delete_tenant(mydb, tenant):
#get nfvo_tenant info
# file.close(module_info[0])
raise NfvoException("Incorrect datacenter type '{}'. Plugin '{}'.py not installed".format(datacenter_type, module), HTTP_Bad_Request)
- datacenter_id = mydb.new_row("datacenters", datacenter_descriptor, add_uuid=True)
+ datacenter_id = mydb.new_row("datacenters", datacenter_descriptor, add_uuid=True, confidential_data=True)
return datacenter_id
def associate_datacenter_to_tenant(mydb, nfvo_tenant, datacenter, vim_tenant_id=None, vim_tenant_name=None, vim_username=None, vim_password=None, config=None):
- #get datacenter info
- datacenter_id, myvim = get_datacenter_by_name_uuid(mydb, None, datacenter, vim_user=vim_username, vim_passwd=vim_password)
- datacenter_name = myvim["name"]
-
- create_vim_tenant = True if not vim_tenant_id and not vim_tenant_name else False
-
- # get nfvo_tenant info
- tenant_dict = mydb.get_table_by_uuid_name('nfvo_tenants', nfvo_tenant)
- if vim_tenant_name==None:
- vim_tenant_name=tenant_dict['name']
-
- #check that this association does not exist before
- tenants_datacenter_dict={"nfvo_tenant_id":tenant_dict['uuid'], "datacenter_id":datacenter_id }
- tenants_datacenters = mydb.get_rows(FROM='tenants_datacenters', WHERE=tenants_datacenter_dict)
- if len(tenants_datacenters)>0:
- raise NfvoException("datacenter '{}' and tenant'{}' are already attached".format(datacenter_id, tenant_dict['uuid']), HTTP_Conflict)
-
- vim_tenant_id_exist_atdb=False
- if not create_vim_tenant:
- where_={"datacenter_id": datacenter_id}
- if vim_tenant_id!=None:
- where_["vim_tenant_id"] = vim_tenant_id
- if vim_tenant_name!=None:
- where_["vim_tenant_name"] = vim_tenant_name
- #check if vim_tenant_id is already at database
- datacenter_tenants_dict = mydb.get_rows(FROM='datacenter_tenants', WHERE=where_)
- if len(datacenter_tenants_dict)>=1:
- datacenter_tenants_dict = datacenter_tenants_dict[0]
- vim_tenant_id_exist_atdb=True
- #TODO check if a field has changed and edit entry at datacenter_tenants at DB
- else: #result=0
+ # get datacenter info
+ try:
+ datacenter_id = get_datacenter_uuid(mydb, None, datacenter)
+
+ create_vim_tenant = True if not vim_tenant_id and not vim_tenant_name else False
+
+ # get nfvo_tenant info
+ tenant_dict = mydb.get_table_by_uuid_name('nfvo_tenants', nfvo_tenant)
+ if vim_tenant_name==None:
+ vim_tenant_name=tenant_dict['name']
+
+ #check that this association does not exist before
+ tenants_datacenter_dict={"nfvo_tenant_id":tenant_dict['uuid'], "datacenter_id":datacenter_id }
+ tenants_datacenters = mydb.get_rows(FROM='tenants_datacenters', WHERE=tenants_datacenter_dict)
+ if len(tenants_datacenters)>0:
+ raise NfvoException("datacenter '{}' and tenant'{}' are already attached".format(datacenter_id, tenant_dict['uuid']), HTTP_Conflict)
+
+ vim_tenant_id_exist_atdb=False
+ if not create_vim_tenant:
+ where_={"datacenter_id": datacenter_id}
+ if vim_tenant_id!=None:
+ where_["vim_tenant_id"] = vim_tenant_id
+ if vim_tenant_name!=None:
+ where_["vim_tenant_name"] = vim_tenant_name
+ #check if vim_tenant_id is already at database
+ datacenter_tenants_dict = mydb.get_rows(FROM='datacenter_tenants', WHERE=where_)
+ if len(datacenter_tenants_dict)>=1:
+ datacenter_tenants_dict = datacenter_tenants_dict[0]
+ vim_tenant_id_exist_atdb=True
+ #TODO check if a field has changed and edit entry at datacenter_tenants at DB
+ else: #result=0
+ datacenter_tenants_dict = {}
+ #insert at table datacenter_tenants
+ else: #if vim_tenant_id==None:
+ #create tenant at VIM if not provided
+ try:
+ _, myvim = get_datacenter_by_name_uuid(mydb, None, datacenter, vim_user=vim_username,
+ vim_passwd=vim_password)
+ datacenter_name = myvim["name"]
+ vim_tenant_id = myvim.new_tenant(vim_tenant_name, "created by openmano for datacenter "+datacenter_name)
+ except vimconn.vimconnException as e:
+ raise NfvoException("Not possible to create vim_tenant {} at VIM: {}".format(vim_tenant_id, str(e)), HTTP_Internal_Server_Error)
datacenter_tenants_dict = {}
- #insert at table datacenter_tenants
- else: #if vim_tenant_id==None:
- #create tenant at VIM if not provided
- try:
- vim_tenant_id = myvim.new_tenant(vim_tenant_name, "created by openmano for datacenter "+datacenter_name)
- except vimconn.vimconnException as e:
- raise NfvoException("Not possible to create vim_tenant {} at VIM: {}".format(vim_tenant_id, str(e)), HTTP_Internal_Server_Error)
- datacenter_tenants_dict = {}
- datacenter_tenants_dict["created"]="true"
-
- #fill datacenter_tenants table
- if not vim_tenant_id_exist_atdb:
- datacenter_tenants_dict["vim_tenant_id"] = vim_tenant_id
- datacenter_tenants_dict["vim_tenant_name"] = vim_tenant_name
- datacenter_tenants_dict["user"] = vim_username
- datacenter_tenants_dict["passwd"] = vim_password
- datacenter_tenants_dict["datacenter_id"] = datacenter_id
- if config:
- datacenter_tenants_dict["config"] = yaml.safe_dump(config, default_flow_style=True, width=256)
- id_ = mydb.new_row('datacenter_tenants', datacenter_tenants_dict, add_uuid=True)
- datacenter_tenants_dict["uuid"] = id_
-
- #fill tenants_datacenters table
- datacenter_tenant_id = datacenter_tenants_dict["uuid"]
- tenants_datacenter_dict["datacenter_tenant_id"] = datacenter_tenant_id
- mydb.new_row('tenants_datacenters', tenants_datacenter_dict)
- # create thread
- datacenter_id, myvim = get_datacenter_by_name_uuid(mydb, tenant_dict['uuid'], datacenter_id) # reload data
- thread_name = get_non_used_vim_name(datacenter_name, datacenter_id, tenant_dict['name'], tenant_dict['uuid'])
- new_thread = vim_thread.vim_thread(myvim, task_lock, thread_name, datacenter_name, datacenter_tenant_id,
- db=db, db_lock=db_lock, ovim=ovim)
- new_thread.start()
- thread_id = datacenter_tenants_dict["uuid"]
- vim_threads["running"][thread_id] = new_thread
- return datacenter_id
+ datacenter_tenants_dict["created"]="true"
+
+ #fill datacenter_tenants table
+ if not vim_tenant_id_exist_atdb:
+ datacenter_tenants_dict["vim_tenant_id"] = vim_tenant_id
+ datacenter_tenants_dict["vim_tenant_name"] = vim_tenant_name
+ datacenter_tenants_dict["user"] = vim_username
+ datacenter_tenants_dict["passwd"] = vim_password
+ datacenter_tenants_dict["datacenter_id"] = datacenter_id
+ if config:
+ datacenter_tenants_dict["config"] = yaml.safe_dump(config, default_flow_style=True, width=256)
+ id_ = mydb.new_row('datacenter_tenants', datacenter_tenants_dict, add_uuid=True, confidential_data=True)
+ datacenter_tenants_dict["uuid"] = id_
+
+ #fill tenants_datacenters table
+ datacenter_tenant_id = datacenter_tenants_dict["uuid"]
+ tenants_datacenter_dict["datacenter_tenant_id"] = datacenter_tenant_id
+ mydb.new_row('tenants_datacenters', tenants_datacenter_dict)
+ # create thread
+ datacenter_id, myvim = get_datacenter_by_name_uuid(mydb, tenant_dict['uuid'], datacenter_id) # reload data
+ datacenter_name = myvim["name"]
+ thread_name = get_non_used_vim_name(datacenter_name, datacenter_id, tenant_dict['name'], tenant_dict['uuid'])
+ new_thread = vim_thread.vim_thread(myvim, task_lock, thread_name, datacenter_name, datacenter_tenant_id,
+ db=db, db_lock=db_lock, ovim=ovim)
+ new_thread.start()
+ thread_id = datacenter_tenants_dict["uuid"]
+ vim_threads["running"][thread_id] = new_thread
+ return datacenter_id
+ except vimconn.vimconnException as e:
+ raise NfvoException(str(e), HTTP_Bad_Request)
def edit_datacenter_to_tenant(mydb, nfvo_tenant, datacenter_id, vim_tenant_id=None, vim_tenant_name=None,
return datacenter_id
def deassociate_datacenter_to_tenant(mydb, tenant_id, datacenter, vim_tenant_id=None):
- #get datacenter info
- datacenter_id, myvim = get_datacenter_by_name_uuid(mydb, tenant_id, datacenter)
-
#get nfvo_tenant info
if not tenant_id or tenant_id=="any":
tenant_uuid = None
tenant_dict = mydb.get_table_by_uuid_name('nfvo_tenants', tenant_id)
tenant_uuid = tenant_dict['uuid']
+ datacenter_id = get_datacenter_uuid(mydb, tenant_uuid, datacenter)
#check that this association exist before
- tenants_datacenter_dict={"datacenter_id":datacenter_id }
+ tenants_datacenter_dict={"datacenter_id": datacenter_id }
if tenant_uuid:
tenants_datacenter_dict["nfvo_tenant_id"] = tenant_uuid
tenant_datacenter_list = mydb.get_rows(FROM='tenants_datacenters', WHERE=tenants_datacenter_dict)
if vim_tenant_dict['created']=='true':
#delete tenant at VIM if created by NFVO
try:
+ datacenter_id, myvim = get_datacenter_by_name_uuid(mydb, tenant_id, datacenter)
myvim.delete_tenant(vim_tenant_dict['vim_tenant_id'])
except vimconn.vimconnException as e:
warning = "Not possible to delete vim_tenant_id {} from VIM: {} ".format(vim_tenant_dict['vim_tenant_id'], str(e))
def datacenter_sdn_port_mapping_delete(mydb, tenant_id, datacenter_id):
return ovim.clear_of_port_mapping(db_filter={"region":datacenter_id})
+
+def create_RO_keypair(tenant_id):
+ """
+ Creates a public / private keys for a RO tenant and returns their values
+ Params:
+ tenant_id: ID of the tenant
+ Return:
+ public_key: Public key for the RO tenant
+ private_key: Encrypted private key for RO tenant
+ """
+
+ bits = 2048
+ key = RSA.generate(bits)
+ try:
+ public_key = key.publickey().exportKey('OpenSSH')
+ if isinstance(public_key, ValueError):
+ raise NfvoException("Unable to create public key: {}".format(public_key), HTTP_Internal_Server_Error)
+ private_key = key.exportKey(passphrase=tenant_id, pkcs=8)
+ except (ValueError, NameError) as e:
+ raise NfvoException("Unable to create private key: {}".format(e), HTTP_Internal_Server_Error)
+ return public_key, private_key
+
+def decrypt_key (key, tenant_id):
+ """
+ Decrypts an encrypted RSA key
+ Params:
+ key: Private key to be decrypted
+ tenant_id: ID of the tenant
+ Return:
+ unencrypted_key: Unencrypted private key for RO tenant
+ """
+ try:
+ key = RSA.importKey(key,tenant_id)
+ unencrypted_key = key.exportKey('PEM')
+ if isinstance(unencrypted_key, ValueError):
+ raise NfvoException("Unable to decrypt the private key: {}".format(unencrypted_key), HTTP_Internal_Server_Error)
+ except ValueError as e:
+ raise NfvoException("Unable to decrypt the private key: {}".format(e), HTTP_Internal_Server_Error)
+ return unencrypted_key