X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=osm_ro%2Fnfvo.py;h=bd9d3689f173df9330822865e4fc88cc6e14bb31;hb=66eba6ece53cd85d0efbe8b4ff4f414c812b347b;hp=d5d2dc6610c4c1b10b23e81150c14732da6b1b72;hpb=868220c566cfd302a38f9a45a75f4dbd4ebbf395;p=osm%2FRO.git diff --git a/osm_ro/nfvo.py b/osm_ro/nfvo.py index d5d2dc66..bd9d3689 100644 --- a/osm_ro/nfvo.py +++ b/osm_ro/nfvo.py @@ -38,6 +38,7 @@ import console_proxy_thread as cli import vimconn import logging import collections +import math from uuid import uuid4 from db_base import db_base_Exception @@ -46,10 +47,10 @@ from threading import Lock import time as t from lib_osm_openvim import ovim as ovim_module from lib_osm_openvim.ovim import ovimException +from Crypto.PublicKey import RSA import osm_im.vnfd as vnfd_catalog import osm_im.nsd as nsd_catalog - from pyangbind.lib.serialise import pybindJSONDecoder from itertools import chain @@ -138,9 +139,14 @@ def start_service(mydb): 'log_level_of': 'DEBUG' } try: + # starts ovim library ovim = ovim_module.ovim(ovim_configuration) ovim.start_service() + #delete old unneeded vim_actions + clean_db(mydb) + + # starts vim_threads from_= 'tenants_datacenters as td join datacenters as d on td.datacenter_id=d.uuid join '\ 'datacenter_tenants as dt on td.datacenter_tenant_id=dt.uuid' select_ = ('type', 'd.config as config', 'd.uuid as datacenter_id', 'vim_url', 'vim_url_admin', @@ -182,6 +188,10 @@ def start_service(mydb): user=vim['user'], passwd=vim['passwd'], config=extra, persistent_info=vim_persistent_info[thread_id] ) + except vimconn.vimconnException as e: + myvim = e + logger.error("Cannot launch thread for VIM {} '{}': {}".format(vim['datacenter_name'], + vim['datacenter_id'], e)) except Exception as e: raise NfvoException("Error at VIM {}; {}: {}".format(vim["type"], type(e).__name__, e), HTTP_Internal_Server_Error) @@ -220,6 +230,37 @@ def get_version(): return ("openmanod version {} {}\n(c) Copyright Telefonica".format(global_config["version"], global_config["version_date"] )) +def clean_db(mydb): + """ + Clean unused or old entries at database to avoid unlimited growing + :param mydb: database connector + :return: None + """ + # get and delete unused vim_actions: all elements deleted, one week before, instance not present + now = t.time()-3600*24*7 + instance_action_id = None + nb_deleted = 0 + while True: + actions_to_delete = mydb.get_rows( + SELECT=("item", "item_id", "instance_action_id"), + FROM="vim_actions as va join instance_actions as ia on va.instance_action_id=ia.uuid " + "left join instance_scenarios as i on ia.instance_id=i.uuid", + WHERE={"va.action": "DELETE", "va.modified_at<": now, "i.uuid": None, + "va.status": ("DONE", "SUPERSEDED")}, + LIMIT=100 + ) + for to_delete in actions_to_delete: + mydb.delete_row(FROM="vim_actions", WHERE=to_delete) + if instance_action_id != to_delete["instance_action_id"]: + instance_action_id = to_delete["instance_action_id"] + mydb.delete_row(FROM="instance_actions", WHERE={"uuid": instance_action_id}) + nb_deleted += len(actions_to_delete) + if len(actions_to_delete) < 100: + break + if nb_deleted: + logger.debug("Removed {} unused vim_actions".format(nb_deleted)) + + def get_flavorlist(mydb, vnf_id, nfvo_tenant=None): '''Obtain flavorList @@ -789,7 +830,7 @@ def new_vnfd_v3(mydb, tenant_id, vnf_descriptor): try: pybindJSONDecoder.load_ietf_json(vnf_descriptor, None, None, obj=myvnfd) except Exception as e: - raise NfvoException("Invalid yang descriptor format " + str(e), HTTP_Bad_Request) + raise NfvoException("Error. Invalid VNF descriptor format " + str(e), HTTP_Bad_Request) db_vnfs = [] db_nets = [] db_vms = [] @@ -799,16 +840,23 @@ def new_vnfd_v3(mydb, tenant_id, vnf_descriptor): db_flavors = [] uuid_list = [] vnfd_uuid_list = [] - for rift_vnfd in myvnfd.vnfd_catalog.vnfd.itervalues(): - vnfd = rift_vnfd.get() + vnfd_catalog_descriptor = vnf_descriptor.get("vnfd:vnfd-catalog") + if not vnfd_catalog_descriptor: + vnfd_catalog_descriptor = vnf_descriptor.get("vnfd-catalog") + vnfd_descriptor_list = vnfd_catalog_descriptor.get("vnfd") + if not vnfd_descriptor_list: + vnfd_descriptor_list = vnfd_catalog_descriptor.get("vnfd:vnfd") + for vnfd_yang in myvnfd.vnfd_catalog.vnfd.itervalues(): + vnfd = vnfd_yang.get() # table vnf vnf_uuid = str(uuid4()) uuid_list.append(vnf_uuid) vnfd_uuid_list.append(vnf_uuid) + vnfd_id = get_str(vnfd, "id", 255) db_vnf = { "uuid": vnf_uuid, - "osm_id": get_str(vnfd, "id", 255), + "osm_id": vnfd_id, "name": get_str(vnfd, "name", 255), "description": get_str(vnfd, "description", 255), "tenant_id": tenant_id, @@ -817,6 +865,10 @@ def new_vnfd_v3(mydb, tenant_id, vnf_descriptor): "descriptor": str(vnf_descriptor)[:60000] } + for vnfd_descriptor in vnfd_descriptor_list: + if vnfd_descriptor["id"] == str(vnfd["id"]): + break + # table nets (internal-vld) net_id2uuid = {} # for mapping interface with network for vld in vnfd.get("internal-vld").itervalues(): @@ -838,9 +890,10 @@ def new_vnfd_v3(mydb, tenant_id, vnf_descriptor): for vdu in vnfd.get("vdu").itervalues(): vm_uuid = str(uuid4()) uuid_list.append(vm_uuid) + vdu_id = get_str(vdu, "id", 255) db_vm = { "uuid": vm_uuid, - "osm_id": get_str(vdu, "id", 255), + "osm_id": vdu_id, "name": get_str(vdu, "name", 255), "description": get_str(vdu, "description", 255), "vnf_id": vnf_uuid, @@ -887,81 +940,13 @@ def new_vnfd_v3(mydb, tenant_id, vnf_descriptor): device["image checksum"] = str(volume["image-checksum"]) devices.append(device) - # table flavors - db_flavor = { - "name": get_str(vdu, "name", 250) + "-flv", - "vcpus": int(vdu["vm-flavor"].get("vcpu-count", 1)), - "ram": int(vdu["vm-flavor"].get("memory-mb", 1)), - "disk": int(vdu["vm-flavor"].get("storage-gb", 1)), - } - # EPA TODO revise - extended = {} - numa = {} - if devices: - extended["devices"] = devices - if vdu.get("guest-epa"): # TODO or dedicated_int: - epa_vcpu_set = False - if vdu["guest-epa"].get("numa-node-policy"): # TODO or dedicated_int: - numa_node_policy = vdu["guest-epa"].get("numa-node-policy") - if numa_node_policy.get("node"): - numa_node = numa_node_policy.node[0] - if numa_node.get("num-cores"): - numa["cores"] = numa_node["num-cores"] - epa_vcpu_set = True - if numa_node.get("paired-threads"): - if numa_node["paired-threads"].get("num-paired-threads"): - numa["paired-threads"] = numa_node["paired-threads"]["num-paired-threads"] - epa_vcpu_set = True - if len(numa_node["paired-threads"].get("paired-thread-ids")) > 0: - numa["paired-threads-id"] = [] - for pair in numa_node["paired-threads"]["paired-thread-ids"].itervalues: - numa["paired-threads-id"].append( - (str(pair["thread-a"]), str(pair["thread-b"])) - ) - if numa_node.get("num-threads"): - numa["threads"] = numa_node["num-threads"] - epa_vcpu_set = True - if numa_node.get("memory-mb"): - numa["memory"] = max(int(numa_node["memory-mb"] / 1024), 1) - if vdu["guest-epa"].get("mempage-size"): - if vdu["guest-epa"]["mempage-size"] != "SMALL": - numa["memory"] = max(int(db_flavor["ram"] / 1024), 1) - if vdu["guest-epa"].get("cpu-pinning-policy") and not epa_vcpu_set: - if vdu["guest-epa"]["cpu-pinning-policy"] == "DEDICATED": - if vdu["guest-epa"].get("cpu-thread-pinning-policy") and \ - vdu["guest-epa"]["cpu-thread-pinning-policy"] != "PREFER": - numa["cores"] = max(db_flavor["vcpus"], 1) - else: - numa["threads"] = max(db_flavor["vcpus"], 1) - if numa: - extended["numas"] = [numa] - if extended: - extended_text = yaml.safe_dump(extended, default_flow_style=True, width=256) - db_flavor["extended"] = extended_text - # look if flavor exist - - temp_flavor_dict = {'disk': db_flavor.get('disk', 1), - 'ram': db_flavor.get('ram'), - 'vcpus': db_flavor.get('vcpus'), - 'extended': db_flavor.get('extended') - } - existing_flavors = mydb.get_rows(FROM="flavors", WHERE=temp_flavor_dict) - if existing_flavors: - flavor_uuid = existing_flavors[0]["uuid"] - else: - flavor_uuid = str(uuid4()) - uuid_list.append(flavor_uuid) - db_flavor["uuid"] = flavor_uuid - db_flavors.append(db_flavor) - db_vm["flavor_id"] = flavor_uuid - # cloud-init boot_data = {} if vdu.get("cloud-init"): - boot_data["user-data"] = vdu["cloud-init"] + boot_data["user-data"] = str(vdu["cloud-init"]) elif vdu.get("cloud-init-file"): # TODO Where this file content is present??? - # boot_data["user-data"] = rift_vnfd.files[vdu["cloud-init-file"]] + # boot_data["user-data"] = vnfd_yang.files[vdu["cloud-init-file"]] boot_data["user-data"] = str(vdu["cloud-init-file"]) if vdu.get("supplemental-boot-data"): @@ -976,16 +961,20 @@ def new_vnfd_v3(mydb, tenant_id, vnf_descriptor): "content": cfg_source}) boot_data['config-files'] = om_cfgfile_list if boot_data: - db_vm["boot_data"] = boot_data + db_vm["boot_data"] = yaml.safe_dump(boot_data, default_flow_style=True, width=256) db_vms.append(db_vm) db_vms_index += 1 # table interfaces (internal/external interfaces) + flavor_epa_interfaces = [] cp_name2iface_uuid = {} cp_name2vm_uuid = {} + cp_name2db_interface = {} + vdu_id2cp_name = {} # stored only when one external connection point is presented at this VDU # for iface in chain(vdu.get("internal-interface").itervalues(), vdu.get("external-interface").itervalues()): for iface in vdu.get("interface").itervalues(): + flavor_epa_interface = {} iface_uuid = str(uuid4()) uuid_list.append(iface_uuid) db_interface = { @@ -993,12 +982,15 @@ def new_vnfd_v3(mydb, tenant_id, vnf_descriptor): "internal_name": get_str(iface, "name", 255), "vm_id": vm_uuid, } + flavor_epa_interface["name"] = db_interface["internal_name"] if iface.get("virtual-interface").get("vpci"): db_interface["vpci"] = get_str(iface.get("virtual-interface"), "vpci", 12) + flavor_epa_interface["vpci"] = db_interface["vpci"] if iface.get("virtual-interface").get("bandwidth"): bps = int(iface.get("virtual-interface").get("bandwidth")) - db_interface["bw"] = bps/1000 + db_interface["bw"] = int(math.ceil(bps/1000000.0)) + flavor_epa_interface["bandwidth"] = "{} Mbps".format(db_interface["bw"]) if iface.get("virtual-interface").get("type") == "OM-MGMT": db_interface["type"] = "mgmt" @@ -1008,8 +1000,14 @@ def new_vnfd_v3(mydb, tenant_id, vnf_descriptor): elif iface.get("virtual-interface").get("type") in ("SR-IOV", "PCI-PASSTHROUGH"): db_interface["type"] = "data" db_interface["model"] = get_str(iface.get("virtual-interface"), "type", 12) + flavor_epa_interface["dedicated"] = "no" if iface["virtual-interface"]["type"] == "SR-IOV" \ + else "yes" + flavor_epa_interfaces.append(flavor_epa_interface) else: - raise ValueError("Interface type {} not supported".format(iface.get("virtual-interface").get("type"))) + raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{}]':'vdu[{}]':'interface':'virtual" + "-interface':'type':'{}'. Interface type is not supported".format( + vnfd_id, vdu_id, iface.get("virtual-interface").get("type")), + HTTP_Bad_Request) if iface.get("external-connection-point-ref"): try: @@ -1017,43 +1015,134 @@ def new_vnfd_v3(mydb, tenant_id, vnf_descriptor): db_interface["external_name"] = get_str(cp, "name", 255) cp_name2iface_uuid[db_interface["external_name"]] = iface_uuid cp_name2vm_uuid[db_interface["external_name"]] = vm_uuid - # TODO add port-security-enable - # if cp.get("port-security-enabled") == False: - # elif cp.get("port-security-enabled") == True: + cp_name2db_interface[db_interface["external_name"]] = db_interface + for cp_descriptor in vnfd_descriptor["connection-point"]: + if cp_descriptor["name"] == db_interface["external_name"]: + break + else: + raise KeyError() + + if vdu_id in vdu_id2cp_name: + vdu_id2cp_name[vdu_id] = None # more than two connecdtion point for this VDU + else: + vdu_id2cp_name[vdu_id] = db_interface["external_name"] + + # port security + if str(cp_descriptor.get("port-security-enabled")).lower() == "false": + db_interface["port_security"] = 0 + elif str(cp_descriptor.get("port-security-enabled")).lower() == "true": + db_interface["port_security"] = 1 except KeyError: - raise KeyError( - "Error wrong reference at vnfd['{vnf}'] vdu['{vdu}']:internal-interface['{iface}']:" - "vnfd-connection-point-ref '{cp}' is not present at connection-point".format( - vnf=vnfd["id"], vdu=vdu["id"], iface=iface["name"], - cp=iface.get("vnfd-connection-point-ref")) - ) + raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{vnf}]':'vdu[{vdu}]':" + "'interface[{iface}]':'vnfd-connection-point-ref':'{cp}' is not present" + " at connection-point".format( + vnf=vnfd_id, vdu=vdu_id, iface=iface["name"], + cp=iface.get("vnfd-connection-point-ref")), + HTTP_Bad_Request) elif iface.get("internal-connection-point-ref"): try: for vld in vnfd.get("internal-vld").itervalues(): for cp in vld.get("internal-connection-point").itervalues(): if cp.get("id-ref") == iface.get("internal-connection-point-ref"): db_interface["net_id"] = net_id2uuid[vld.get("id")] + for cp_descriptor in vnfd_descriptor["connection-point"]: + if cp_descriptor["name"] == db_interface["external_name"]: + break + if str(cp_descriptor.get("port-security-enabled")).lower() == "false": + db_interface["port_security"] = 0 + elif str(cp_descriptor.get("port-security-enabled")).lower() == "true": + db_interface["port_security"] = 1 break except KeyError: - raise KeyError( - "Error at vnfd['{vnf}'] vdu['{vdu}']:internal-interface['{iface}']:" - "vdu-internal-connection-point-ref '{cp}' is not referenced by any internal-vld".format( - vnf=vnfd["id"], vdu=vdu["id"], iface=iface["name"], - cp=iface.get("vdu-internal-connection-point-ref")) - ) + raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{vnf}]':'vdu[{vdu}]':" + "'interface[{iface}]':'vdu-internal-connection-point-ref':'{cp}' is not" + " referenced by any internal-vld".format( + vnf=vnfd_id, vdu=vdu_id, iface=iface["name"], + cp=iface.get("vdu-internal-connection-point-ref")), + HTTP_Bad_Request) if iface.get("position") is not None: db_interface["created_at"] = int(iface.get("position")) - 1000 db_interfaces.append(db_interface) + # table flavors + db_flavor = { + "name": get_str(vdu, "name", 250) + "-flv", + "vcpus": int(vdu["vm-flavor"].get("vcpu-count", 1)), + "ram": int(vdu["vm-flavor"].get("memory-mb", 1)), + "disk": int(vdu["vm-flavor"].get("storage-gb", 1)), + } + # EPA TODO revise + extended = {} + numa = {} + if devices: + extended["devices"] = devices + if flavor_epa_interfaces: + numa["interfaces"] = flavor_epa_interfaces + if vdu.get("guest-epa"): # TODO or dedicated_int: + epa_vcpu_set = False + if vdu["guest-epa"].get("numa-node-policy"): # TODO or dedicated_int: + numa_node_policy = vdu["guest-epa"].get("numa-node-policy") + if numa_node_policy.get("node"): + numa_node = numa_node_policy["node"]['0'] + if numa_node.get("num-cores"): + numa["cores"] = numa_node["num-cores"] + epa_vcpu_set = True + if numa_node.get("paired-threads"): + if numa_node["paired-threads"].get("num-paired-threads"): + numa["paired-threads"] = int(numa_node["paired-threads"]["num-paired-threads"]) + epa_vcpu_set = True + if len(numa_node["paired-threads"].get("paired-thread-ids")): + numa["paired-threads-id"] = [] + for pair in numa_node["paired-threads"]["paired-thread-ids"].itervalues(): + numa["paired-threads-id"].append( + (str(pair["thread-a"]), str(pair["thread-b"])) + ) + if numa_node.get("num-threads"): + numa["threads"] = int(numa_node["num-threads"]) + epa_vcpu_set = True + if numa_node.get("memory-mb"): + numa["memory"] = max(int(numa_node["memory-mb"] / 1024), 1) + if vdu["guest-epa"].get("mempage-size"): + if vdu["guest-epa"]["mempage-size"] != "SMALL": + numa["memory"] = max(int(db_flavor["ram"] / 1024), 1) + if vdu["guest-epa"].get("cpu-pinning-policy") and not epa_vcpu_set: + if vdu["guest-epa"]["cpu-pinning-policy"] == "DEDICATED": + if vdu["guest-epa"].get("cpu-thread-pinning-policy") and \ + vdu["guest-epa"]["cpu-thread-pinning-policy"] != "PREFER": + numa["cores"] = max(db_flavor["vcpus"], 1) + else: + numa["threads"] = max(db_flavor["vcpus"], 1) + if numa: + extended["numas"] = [numa] + if extended: + extended_text = yaml.safe_dump(extended, default_flow_style=True, width=256) + db_flavor["extended"] = extended_text + # look if flavor exist + temp_flavor_dict = {'disk': db_flavor.get('disk', 1), + 'ram': db_flavor.get('ram'), + 'vcpus': db_flavor.get('vcpus'), + 'extended': db_flavor.get('extended') + } + existing_flavors = mydb.get_rows(FROM="flavors", WHERE=temp_flavor_dict) + if existing_flavors: + flavor_uuid = existing_flavors[0]["uuid"] + else: + flavor_uuid = str(uuid4()) + uuid_list.append(flavor_uuid) + db_flavor["uuid"] = flavor_uuid + db_flavors.append(db_flavor) + db_vm["flavor_id"] = flavor_uuid + # VNF affinity and antiaffinity for pg in vnfd.get("placement-groups").itervalues(): pg_name = get_str(pg, "name", 255) for vdu in pg.get("member-vdus").itervalues(): vdu_id = get_str(vdu, "member-vdu-ref", 255) if vdu_id not in vdu_id2db_table_index: - raise KeyError( - "Error at 'vnfd'['{vnf}']:'placement-groups'['{pg}']:'member-vdus':'{vdu}' references a non existing vdu".format( - vnf=vnfd["id"], pg=pg_name, vdu=vdu_id)) + raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{vnf}]':'placement-groups[{pg}]':" + "'member-vdus':'{vdu}'. Reference to a non-existing vdu".format( + vnf=vnfd_id, pg=pg_name, vdu=vdu_id), + HTTP_Bad_Request) db_vms[vdu_id2db_table_index[vdu_id]]["availability_zone"] = pg_name # TODO consider the case of isolation and not colocation # if pg.get("strategy") == "ISOLATION": @@ -1061,27 +1150,45 @@ def new_vnfd_v3(mydb, tenant_id, vnf_descriptor): # VNF mgmt configuration mgmt_access = {} if vnfd["mgmt-interface"].get("vdu-id"): - if vnfd["mgmt-interface"]["vdu-id"] not in vdu_id2uuid: - raise KeyError( - "Error at vnfd['{vnf}']:'mgmt-interface':'vdu-id':{vdu} reference a non existing vdu".format( - vnf=vnfd["id"], vdu=vnfd["mgmt-interface"]["vdu-id"])) + mgmt_vdu_id = get_str(vnfd["mgmt-interface"], "vdu-id", 255) + if mgmt_vdu_id not in vdu_id2uuid: + raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{vnf}]':'mgmt-interface':'vdu-id':" + "'{vdu}'. Reference to a non-existing vdu".format( + vnf=vnfd_id, vdu=mgmt_vdu_id), + HTTP_Bad_Request) mgmt_access["vm_id"] = vdu_id2uuid[vnfd["mgmt-interface"]["vdu-id"]] + # if only one cp is defined by this VDU, mark this interface as of type "mgmt" + if vdu_id2cp_name.get(mgmt_vdu_id): + cp_name2db_interface[vdu_id2cp_name[mgmt_vdu_id]]["type"] = "mgmt" + if vnfd["mgmt-interface"].get("ip-address"): mgmt_access["ip-address"] = str(vnfd["mgmt-interface"].get("ip-address")) if vnfd["mgmt-interface"].get("cp"): if vnfd["mgmt-interface"]["cp"] not in cp_name2iface_uuid: - raise KeyError( - "Error at vnfd['{vnf}']:'mgmt-interface':'cp':{cp} reference a non existing connection-point". - format(vnf=vnfd["id"], cp=vnfd["mgmt-interface"]["cp"])) + raise NfvoException("Error. Invalid VNF descriptor at 'vnfd[{vnf}]':'mgmt-interface':'cp':'{cp}'. " + "Reference to a non-existing connection-point".format( + vnf=vnfd_id, cp=vnfd["mgmt-interface"]["cp"]), + HTTP_Bad_Request) mgmt_access["vm_id"] = cp_name2vm_uuid[vnfd["mgmt-interface"]["cp"]] mgmt_access["interface_id"] = cp_name2iface_uuid[vnfd["mgmt-interface"]["cp"]] + # mark this interface as of type mgmt + cp_name2db_interface[vnfd["mgmt-interface"]["cp"]]["type"] = "mgmt" + default_user = get_str(vnfd.get("vnf-configuration", {}).get("config-access", {}).get("ssh-access", {}), "default-user", 64) + if default_user: mgmt_access["default_user"] = default_user + required = get_str(vnfd.get("vnf-configuration", {}).get("config-access", {}).get("ssh-access", {}), + "required", 6) + if required: + mgmt_access["required"] = required + if mgmt_access: db_vnf["mgmt_access"] = yaml.safe_dump(mgmt_access, default_flow_style=True, width=256) + + db_vnfs.append(db_vnf) db_tables=[ {"vnfs": db_vnfs}, @@ -1096,6 +1203,8 @@ def new_vnfd_v3(mydb, tenant_id, vnf_descriptor): yaml.safe_dump(db_tables, indent=4, default_flow_style=False) ) mydb.new_rows(db_tables, uuid_list) return vnfd_uuid_list + except NfvoException: + raise except Exception as e: logger.error("Exception {}".format(e)) raise # NfvoException("Exception {}".format(e), HTTP_Bad_Request) @@ -1427,8 +1536,7 @@ def get_vnf_id(mydb, tenant_id, vnf_id): content = mydb.get_rows(FROM='vnfs join vms on vnfs.uuid=vms.vnf_id join interfaces on vms.uuid=interfaces.vm_id',\ SELECT=('interfaces.uuid as uuid','interfaces.external_name as external_name', 'vms.name as vm_name', 'interfaces.vm_id as vm_id', \ 'interfaces.internal_name as internal_name', 'interfaces.type as type', 'interfaces.vpci as vpci','interfaces.bw as bw'),\ - WHERE={'vnfs.uuid': vnf_id}, - WHERE_NOT={'interfaces.external_name': None} ) + WHERE={'vnfs.uuid': vnf_id, 'interfaces.external_name<>': None} ) #print content data['vnf']['external-connections'] = content @@ -1615,8 +1723,7 @@ def new_scenario(mydb, tenant_id, topo): #1.2: Check that VNF are present at database table vnfs. Insert uuid, description and external interfaces for name,vnf in vnfs.items(): - where={} - where_or={"tenant_id": tenant_id, 'public': "true"} + where = {"OR": {"tenant_id": tenant_id, 'public': "true"}} error_text = "" error_pos = "'topology':'nodes':'" + name + "'" if 'vnf_id' in vnf: @@ -1625,14 +1732,12 @@ def new_scenario(mydb, tenant_id, topo): if 'VNF model' in vnf: error_text += " 'VNF model' " + vnf['VNF model'] where['name'] = vnf['VNF model'] - if len(where) == 0: + if len(where) == 1: raise NfvoException("Descriptor need a 'vnf_id' or 'VNF model' field at " + error_pos, HTTP_Bad_Request) vnf_db = mydb.get_rows(SELECT=('uuid','name','description'), FROM='vnfs', - WHERE=where, - WHERE_OR=where_or, - WHERE_AND_OR="AND") + WHERE=where) if len(vnf_db)==0: raise NfvoException("unknown" + error_text + " at " + error_pos, HTTP_Not_Found) elif len(vnf_db)>1: @@ -1642,7 +1747,7 @@ def new_scenario(mydb, tenant_id, topo): #get external interfaces ext_ifaces = mydb.get_rows(SELECT=('external_name as name','i.uuid as iface_uuid', 'i.type as type'), FROM='vnfs join vms on vnfs.uuid=vms.vnf_id join interfaces as i on vms.uuid=i.vm_id', - WHERE={'vnfs.uuid':vnf['uuid']}, WHERE_NOT={'external_name':None} ) + WHERE={'vnfs.uuid':vnf['uuid'], 'external_name<>': None} ) for ext_iface in ext_ifaces: vnf['ifaces'][ ext_iface['name'] ] = {'uuid':ext_iface['iface_uuid'], 'type':ext_iface['type']} @@ -1881,8 +1986,7 @@ def new_scenario_v02(mydb, tenant_id, scenario_dict, version): # 1: Check that VNF are present at database table vnfs and update content into scenario dict for name,vnf in scenario["vnfs"].iteritems(): - where={} - where_or={"tenant_id": tenant_id, 'public': "true"} + where = {"OR": {"tenant_id": tenant_id, 'public': "true"}} error_text = "" error_pos = "'scenario':'vnfs':'" + name + "'" if 'vnf_id' in vnf: @@ -1891,13 +1995,11 @@ def new_scenario_v02(mydb, tenant_id, scenario_dict, version): if 'vnf_name' in vnf: error_text += " 'vnf_name' " + vnf['vnf_name'] where['name'] = vnf['vnf_name'] - if len(where) == 0: + if len(where) == 1: raise NfvoException("Needed a 'vnf_id' or 'vnf_name' at " + error_pos, HTTP_Bad_Request) vnf_db = mydb.get_rows(SELECT=('uuid', 'name', 'description'), FROM='vnfs', - WHERE=where, - WHERE_OR=where_or, - WHERE_AND_OR="AND") + WHERE=where) if len(vnf_db) == 0: raise NfvoException("Unknown" + error_text + " at " + error_pos, HTTP_Not_Found) elif len(vnf_db) > 1: @@ -1908,7 +2010,7 @@ def new_scenario_v02(mydb, tenant_id, scenario_dict, version): # get external interfaces ext_ifaces = mydb.get_rows(SELECT=('external_name as name', 'i.uuid as iface_uuid', 'i.type as type'), FROM='vnfs join vms on vnfs.uuid=vms.vnf_id join interfaces as i on vms.uuid=i.vm_id', - WHERE={'vnfs.uuid':vnf['uuid']}, WHERE_NOT={'external_name': None} ) + WHERE={'vnfs.uuid':vnf['uuid'], 'external_name<>': None} ) for ext_iface in ext_ifaces: vnf['ifaces'][ ext_iface['name'] ] = {'uuid':ext_iface['iface_uuid'], 'type': ext_iface['type']} # TODO? get internal-connections from db.nets and their profiles, and update scenario[vnfs][internal-connections] accordingly @@ -2003,7 +2105,7 @@ def new_nsd_v3(mydb, tenant_id, nsd_descriptor): try: pybindJSONDecoder.load_ietf_json(nsd_descriptor, None, None, obj=mynsd) except Exception as e: - raise NfvoException("Invalid yang descriptor format " + str(e), HTTP_Bad_Request) + raise NfvoException("Error. Invalid NS descriptor format: " + str(e), HTTP_Bad_Request) db_scenarios = [] db_sce_nets = [] db_sce_vnfs = [] @@ -2012,8 +2114,8 @@ def new_nsd_v3(mydb, tenant_id, nsd_descriptor): db_ip_profiles_index = 0 uuid_list = [] nsd_uuid_list = [] - for rift_nsd in mynsd.nsd_catalog.nsd.itervalues(): - nsd = rift_nsd.get() + for nsd_yang in mynsd.nsd_catalog.nsd.itervalues(): + nsd = nsd_yang.get() # table sceanrios scenario_uuid = str(uuid4()) @@ -2038,9 +2140,10 @@ def new_nsd_v3(mydb, tenant_id, nsd_descriptor): existing_vnf = mydb.get_rows(FROM="vnfs", WHERE={'osm_id': str(vnf["vnfd-id-ref"])[:255], 'tenant_id': tenant_id}) if not existing_vnf: - raise KeyError("Error at 'nsd[{}]':'constituent-vnfd':'vnfd-id-ref':'{}' references a " - "non existing VNFD in the catalog".format(str(nsd["id"]), - str(vnf["vnfd-id-ref"])[:255])) + raise NfvoException("Error. Invalid NS descriptor at 'nsd[{}]':'constituent-vnfd':'vnfd-id-ref':" + "'{}'. Reference to a non-existing VNFD in the catalog".format( + str(nsd["id"]), str(vnf["vnfd-id-ref"])[:255]), + HTTP_Bad_Request) sce_vnf_uuid = str(uuid4()) uuid_list.append(sce_vnf_uuid) db_sce_vnf = { @@ -2096,16 +2199,18 @@ def new_nsd_v3(mydb, tenant_id, nsd_descriptor): elif vld.get("provider-network").get("overlay-type") == "VLAN": db_sce_net["type"] = "data" else: - db_sce_net["type"] = "bridge" + # later on it will be fixed to bridge or data depending on the type of interfaces attached to it + db_sce_net["type"] = None db_sce_nets.append(db_sce_net) # ip-profile, link db_ip_profile with db_sce_net if vld.get("ip-profile-ref"): ip_profile_name = vld.get("ip-profile-ref") if ip_profile_name not in ip_profile_name2db_table_index: - raise KeyError("Error at 'nsd[{}]':'vld[{}]':'ip-profile-ref':'{}' references a non existing " - "'ip_profiles'".format( - str(nsd["id"]), str(vld["id"]), str(vld["ip-profile-ref"]))) + raise NfvoException("Error. Invalid NS descriptor at 'nsd[{}]':'vld[{}]':'ip-profile-ref':'{}'." + " Reference to a non-existing 'ip_profiles'".format( + str(nsd["id"]), str(vld["id"]), str(vld["ip-profile-ref"])), + HTTP_Bad_Request) db_ip_profiles[ip_profile_name2db_table_index[ip_profile_name]]["sce_net_id"] = sce_net_uuid # table sce_interfaces (vld:vnfd-connection-point-ref) @@ -2113,22 +2218,27 @@ def new_nsd_v3(mydb, tenant_id, nsd_descriptor): vnf_index = int(iface['member-vnf-index-ref']) # check correct parameters if vnf_index not in vnf_index2vnf_uuid: - raise KeyError("Error at 'nsd[{}]':'vld[{}]':'vnfd-connection-point-ref':'member-vnf-index-ref'" - ":'{}' references a non existing index at 'nsd':'constituent-vnfd'".format( - str(nsd["id"]), str(vld["id"]), str(iface["member-vnf-index-ref"]))) + raise NfvoException("Error. Invalid NS descriptor at 'nsd[{}]':'vld[{}]':'vnfd-connection-point" + "-ref':'member-vnf-index-ref':'{}'. Reference to a non-existing index at " + "'nsd':'constituent-vnfd'".format( + str(nsd["id"]), str(vld["id"]), str(iface["member-vnf-index-ref"])), + HTTP_Bad_Request) - existing_ifaces = mydb.get_rows(SELECT=('i.uuid as uuid',), + existing_ifaces = mydb.get_rows(SELECT=('i.uuid as uuid', 'i.type as iface_type'), FROM="interfaces as i join vms on i.vm_id=vms.uuid", WHERE={'vnf_id': vnf_index2vnf_uuid[vnf_index], 'external_name': get_str(iface, "vnfd-connection-point-ref", 255)}) if not existing_ifaces: - raise KeyError("Error at 'nsd[{}]':'vld[{}]':'vnfd-connection-point-ref':'vnfd-connection-point" - "-ref':'{}' references a non existing interface at VNFD '{}'".format( - str(nsd["id"]), str(vld["id"]), str(iface["vnfd-connection-point-ref"]), - str(iface.get("vnfd-id-ref"))[:255])) - + raise NfvoException("Error. Invalid NS descriptor at 'nsd[{}]':'vld[{}]':'vnfd-connection-point" + "-ref':'vnfd-connection-point-ref':'{}'. Reference to a non-existing " + "connection-point name at VNFD '{}'".format( + str(nsd["id"]), str(vld["id"]), str(iface["vnfd-connection-point-ref"]), + str(iface.get("vnfd-id-ref"))[:255]), + HTTP_Bad_Request) interface_uuid = existing_ifaces[0]["uuid"] + if existing_ifaces[0]["iface_type"] == "data" and not db_sce_net["type"]: + db_sce_net["type"] = "data" sce_interface_uuid = str(uuid4()) uuid_list.append(sce_net_uuid) db_sce_interface = { @@ -2139,6 +2249,8 @@ def new_nsd_v3(mydb, tenant_id, nsd_descriptor): # "ip_address": #TODO } db_sce_interfaces.append(db_sce_interface) + if not db_sce_net["type"]: + db_sce_net["type"] = "bridge" db_tables = [ {"scenarios": db_scenarios}, @@ -2152,6 +2264,8 @@ def new_nsd_v3(mydb, tenant_id, nsd_descriptor): yaml.safe_dump(db_tables, indent=4, default_flow_style=False) ) mydb.new_rows(db_tables, uuid_list) return nsd_uuid_list + except NfvoException: + raise except Exception as e: logger.error("Exception {}".format(e)) raise # NfvoException("Exception {}".format(e), HTTP_Bad_Request) @@ -2355,7 +2469,7 @@ def start_scenario(mydb, tenant_id, scenario_id, instance_scenario_name, instanc else: av_index = None - vm_id = myvim.new_vminstance(myVMDict['name'], myVMDict['description'], myVMDict.get('start', None), + vm_id, _ = myvim.new_vminstance(myVMDict['name'], myVMDict['description'], myVMDict.get('start', None), myVMDict['imageRef'], myVMDict['flavorRef'], myVMDict['networks'], availability_zone_index=av_index, availability_zone_list=vnf_availability_zones) @@ -2386,7 +2500,6 @@ def start_scenario(mydb, tenant_id, scenario_id, instance_scenario_name, instanc #logger.error("start_scenario %s", error_text) raise NfvoException(error_text, e.http_code) - def unify_cloud_config(cloud_config_preserve, cloud_config): """ join the cloud config information into cloud_config_preserve. In case of conflict cloud_config_preserve preserves @@ -2508,6 +2621,28 @@ def get_vim_thread(mydb, tenant_id, datacenter_id_name=None, datacenter_tenant_i raise NfvoException("{} {}".format(type(e).__name__ , str(e)), e.http_code) +def get_datacenter_uuid(mydb, tenant_id, datacenter_id_name): + WHERE_dict={} + if utils.check_valid_uuid(datacenter_id_name): + WHERE_dict['d.uuid'] = datacenter_id_name + else: + WHERE_dict['d.name'] = datacenter_id_name + + if tenant_id: + WHERE_dict['nfvo_tenant_id'] = tenant_id + from_= "tenants_datacenters as td join datacenters as d on td.datacenter_id=d.uuid join datacenter_tenants as" \ + " dt on td.datacenter_tenant_id=dt.uuid" + else: + from_ = 'datacenters as d' + vimaccounts = mydb.get_rows(FROM=from_, SELECT=("d.uuid as uuid",), WHERE=WHERE_dict ) + if len(vimaccounts) == 0: + raise NfvoException("datacenter '{}' not found".format(str(datacenter_id_name)), HTTP_Not_Found) + elif len(vimaccounts)>1: + #print "nfvo.datacenter_action() error. Several datacenters found" + raise NfvoException("More than one datacenters found, try to identify with uuid", HTTP_Conflict) + return vimaccounts[0]["uuid"] + + def get_datacenter_by_name_uuid(mydb, tenant_id, datacenter_id_name=None, **extra_filter): datacenter_id = None datacenter_name = None @@ -2536,7 +2671,6 @@ def update(d, u): d[k] = u[k] return d - def create_instance(mydb, tenant_id, instance_dict): # print "Checking that nfvo_tenant_id exists and getting the VIM URI and the VIM tenant_id" # logger.debug("Creating instance...") @@ -2549,7 +2683,9 @@ def create_instance(mydb, tenant_id, instance_dict): default_datacenter_id, vim = get_datacenter_by_name_uuid(mydb, tenant_id, datacenter) myvims[default_datacenter_id] = vim myvim_threads_id[default_datacenter_id], _ = get_vim_thread(mydb, tenant_id, default_datacenter_id) + tenant = mydb.get_rows_by_id('nfvo_tenants', tenant_id) # myvim_tenant = myvim['tenant_id'] + rollbackList=[] # print "Checking that the scenario exists and getting the scenario dictionary" @@ -2613,6 +2749,7 @@ def create_instance(mydb, tenant_id, instance_dict): site_without_datacenter_field = False for site in net_instance_desc["sites"]: if site.get("datacenter"): + site["datacenter"] = get_datacenter_uuid(mydb, tenant_id, site["datacenter"]) if site["datacenter"] not in myvims: # Add this datacenter to myvims d, v = get_datacenter_by_name_uuid(mydb, tenant_id, site["datacenter"]) @@ -2636,6 +2773,7 @@ def create_instance(mydb, tenant_id, instance_dict): raise NfvoException("Invalid vnf name '{}' at instance:vnfs".format(vnf_instance_desc), HTTP_Bad_Request) if "datacenter" in vnf_instance_desc: # Add this datacenter to myvims + vnf_instance_desc["datacenter"] = get_datacenter_uuid(mydb, tenant_id, vnf_instance_desc["datacenter"]) if vnf_instance_desc["datacenter"] not in myvims: d, v = get_datacenter_by_name_uuid(mydb, tenant_id, vnf_instance_desc["datacenter"]) myvims[d] = v @@ -2644,6 +2782,10 @@ def create_instance(mydb, tenant_id, instance_dict): # 0.1 parse cloud-config parameters cloud_config = unify_cloud_config(instance_dict.get("cloud-config"), scenarioDict.get("cloud-config")) + # We add the RO key to cloud_config + if tenant[0].get('RO_pub_key'): + RO_key = {"key-pairs": [tenant[0]['RO_pub_key']]} + cloud_config = unify_cloud_config(cloud_config, RO_key) # 0.2 merge instance information into scenario # Ideally, the operation should be as simple as: update(scenarioDict,instance_dict) @@ -2746,16 +2888,15 @@ def create_instance(mydb, tenant_id, instance_dict): create_network = True lookfor_network = False - if lookfor_network and create_network: - # TODO create two tasks FIND + CREATE with their relationship - task_action = "FIND_CREATE" - task_params = (lookfor_filter, (net_vim_name, net_type, sce_net.get('ip_profile', None))) + task_extra = {} + if create_network: + task_action = "CREATE" + task_extra["params"] = (net_vim_name, net_type, sce_net.get('ip_profile', None)) + if lookfor_network: + task_extra["find"] = (lookfor_filter,) elif lookfor_network: task_action = "FIND" - task_params = (lookfor_filter,) - elif create_network: - task_action = "CREATE" - task_params = (net_vim_name, net_type, sce_net.get('ip_profile', None)) + task_extra["params"] = (lookfor_filter,) # fill database content net_uuid = str(uuid4()) @@ -2780,7 +2921,7 @@ def create_instance(mydb, tenant_id, instance_dict): "action": task_action, "item": "instance_nets", "item_id": net_uuid, - "extra": yaml.safe_dump({"params": task_params}, default_flow_style=True, width=256) + "extra": yaml.safe_dump(task_extra, default_flow_style=True, width=256) } net2task_id['scenario'][sce_net['uuid']][datacenter_id] = task_index task_index += 1 @@ -3143,6 +3284,7 @@ def delete_instance(mydb, tenant_id, instance_id): myvims = {} myvim_threads = {} vimthread_affected = {} + net2vm_dependencies = {} task_index = 0 instance_action_id = get_task_id() @@ -3181,36 +3323,29 @@ def delete_instance(mydb, tenant_id, instance_id): if not myvim: error_msg += "\n VM id={} cannot be deleted because datacenter={} not found".format(vm['vim_vm_id'], sce_vnf["datacenter_id"]) continue - try: - db_vim_action = { - "instance_action_id": instance_action_id, - "task_index": task_index, - "datacenter_vim_id": sce_vnf["datacenter_tenant_id"], - "action": "DELETE", - "status": "SCHEDULED", - "item": "instance_vms", - "item_id": vm["uuid"], - "extra": yaml.safe_dump({"params": vm["interfaces"]}, - default_flow_style=True, width=256) - } - task_index += 1 - db_vim_actions.append(db_vim_action) - - except vimconn.vimconnNotFoundException as e: - error_msg+="\n VM VIM_id={} not found at datacenter={}".format(vm['vim_vm_id'], sce_vnf["datacenter_id"]) - logger.warn("VM instance '%s'uuid '%s', VIM id '%s', from VNF_id '%s' not found", - vm['name'], vm['uuid'], vm['vim_vm_id'], sce_vnf['vnf_id']) - except vimconn.vimconnException as e: - error_msg+="\n VM VIM_id={} at datacenter={} Error: {} {}".format(vm['vim_vm_id'], sce_vnf["datacenter_id"], e.http_code, str(e)) - logger.error("Error %d deleting VM instance '%s'uuid '%s', VIM_id '%s', from VNF_id '%s': %s", - e.http_code, vm['name'], vm['uuid'], vm['vim_vm_id'], sce_vnf['vnf_id'], str(e)) + db_vim_action = { + "instance_action_id": instance_action_id, + "task_index": task_index, + "datacenter_vim_id": sce_vnf["datacenter_tenant_id"], + "action": "DELETE", + "status": "SCHEDULED", + "item": "instance_vms", + "item_id": vm["uuid"], + "extra": yaml.safe_dump({"params": vm["interfaces"]}, + default_flow_style=True, width=256) + } + db_vim_actions.append(db_vim_action) + for interface in vm["interfaces"]: + if not interface.get("instance_net_id"): + continue + if interface["instance_net_id"] not in net2vm_dependencies: + net2vm_dependencies[interface["instance_net_id"]] = [] + net2vm_dependencies[interface["instance_net_id"]].append(task_index) + task_index += 1 # 2.2 deleting NETS # net_fail_list=[] for net in instanceDict['nets']: - # TODO if not net['created']: - # TODO continue #skip not created nets - vimthread_affected[net["datacenter_tenant_id"]] = None datacenter_key = (net["datacenter_id"], net["datacenter_tenant_id"]) if datacenter_key not in myvims: @@ -3233,31 +3368,21 @@ def delete_instance(mydb, tenant_id, instance_id): if not myvim: error_msg += "\n Net VIM_id={} cannot be deleted because datacenter={} not found".format(net['vim_net_id'], net["datacenter_id"]) continue - try: - db_vim_action = { - "instance_action_id": instance_action_id, - "task_index": task_index, - "datacenter_vim_id": net["datacenter_tenant_id"], - "action": "DELETE", - "status": "SCHEDULED", - "item": "instance_nets", - "item_id": net["uuid"], - "extra": yaml.safe_dump({"params": (net['vim_net_id'], net['sdn_net_id'])}, - default_flow_style=True, width=256) - } - task_index += 1 - db_vim_actions.append(db_vim_action) - - except vimconn.vimconnNotFoundException as e: - error_msg += "\n NET VIM_id={} not found at datacenter={}".format(net['vim_net_id'], net["datacenter_id"]) - logger.warn("NET '%s', VIM_id '%s', from VNF_net_id '%s' not found", - net['uuid'], net['vim_net_id'], str(net['vnf_net_id'])) - except vimconn.vimconnException as e: - error_msg += "\n NET VIM_id={} at datacenter={} Error: {} {}".format(net['vim_net_id'], - net["datacenter_id"], - e.http_code, str(e)) - logger.error("Error %d deleting NET '%s', VIM_id '%s', from VNF_net_id '%s': %s", - e.http_code, net['uuid'], net['vim_net_id'], str(net['vnf_net_id']), str(e)) + extra = {"params": (net['vim_net_id'], net['sdn_net_id'])} + if net2vm_dependencies.get(net["uuid"]): + extra["depends_on"] = net2vm_dependencies[net["uuid"]] + db_vim_action = { + "instance_action_id": instance_action_id, + "task_index": task_index, + "datacenter_vim_id": net["datacenter_tenant_id"], + "action": "DELETE", + "status": "SCHEDULED", + "item": "instance_nets", + "item_id": net["uuid"], + "extra": yaml.safe_dump(extra, default_flow_style=True, width=256) + } + task_index += 1 + db_vim_actions.append(db_vim_action) db_instance_action["number_tasks"] = task_index db_tables = [ @@ -3442,7 +3567,6 @@ def refresh_instance(mydb, nfvo_tenant, instanceDict, datacenter=None, vim_tenan return 0, 'Scenario instance ' + instance_id + ' refreshed.' - def instance_action(mydb,nfvo_tenant,instance_id, action_dict): #print "Checking that the instance_id exists and getting the instance dictionary" instanceDict = mydb.get_instance_scenario(instance_id, nfvo_tenant) @@ -3475,44 +3599,69 @@ def instance_action(mydb,nfvo_tenant,instance_id, action_dict): vm['uuid'] not in input_vms and vm['name'] not in input_vms: continue try: - data = myvim.action_vminstance(vm['vim_vm_id'], action_dict) - if "console" in action_dict: - if not global_config["http_console_proxy"]: - vm_result[ vm['uuid'] ] = {"vim_result": 200, - "description": "{protocol}//{ip}:{port}/{suffix}".format( - protocol=data["protocol"], - ip = data["server"], - port = data["port"], - suffix = data["suffix"]), - "name":vm['name'] - } - vm_ok +=1 - elif data["server"]=="127.0.0.1" or data["server"]=="localhost": - vm_result[ vm['uuid'] ] = {"vim_result": -HTTP_Unauthorized, - "description": "this console is only reachable by local interface", - "name":vm['name'] - } - vm_error+=1 - else: - #print "console data", data + if "add_public_key" in action_dict: + mgmt_access = {} + if sce_vnf.get('mgmt_access'): + mgmt_access = yaml.load(sce_vnf['mgmt_access']) + ssh_access = mgmt_access['config-access']['ssh-access'] + tenant = mydb.get_rows_by_id('nfvo_tenants', nfvo_tenant) try: - console_thread = create_or_use_console_proxy_thread(data["server"], data["port"]) + if ssh_access['required'] and ssh_access['default-user']: + if 'ip_address' in vm: + mgmt_ip = vm['ip_address'].split(';') + password = mgmt_access['config-access'].get('password') + priv_RO_key = decrypt_key(tenant[0]['encrypted_RO_priv_key'], tenant[0]['uuid']) + myvim.inject_user_key(mgmt_ip[0], ssh_access['default-user'], + action_dict['add_public_key'], + password=password, ro_key=priv_RO_key) + else: + raise NfvoException("Unable to inject ssh key in vm: {} - Aborting".format(vm['uuid']), + HTTP_Internal_Server_Error) + except KeyError: + raise NfvoException("Unable to inject ssh key in vm: {} - Aborting".format(vm['uuid']), + HTTP_Internal_Server_Error) + else: + raise NfvoException("Unable to inject ssh key in vm: {} - Aborting".format(vm['uuid']), + HTTP_Internal_Server_Error) + else: + data = myvim.action_vminstance(vm['vim_vm_id'], action_dict) + if "console" in action_dict: + if not global_config["http_console_proxy"]: vm_result[ vm['uuid'] ] = {"vim_result": 200, "description": "{protocol}//{ip}:{port}/{suffix}".format( protocol=data["protocol"], - ip = global_config["http_console_host"], - port = console_thread.port, + ip = data["server"], + port = data["port"], suffix = data["suffix"]), "name":vm['name'] } vm_ok +=1 - except NfvoException as e: - vm_result[ vm['uuid'] ] = {"vim_result": e.http_code, "name":vm['name'], "description": str(e)} + elif data["server"]=="127.0.0.1" or data["server"]=="localhost": + vm_result[ vm['uuid'] ] = {"vim_result": -HTTP_Unauthorized, + "description": "this console is only reachable by local interface", + "name":vm['name'] + } vm_error+=1 + else: + #print "console data", data + try: + console_thread = create_or_use_console_proxy_thread(data["server"], data["port"]) + vm_result[ vm['uuid'] ] = {"vim_result": 200, + "description": "{protocol}//{ip}:{port}/{suffix}".format( + protocol=data["protocol"], + ip = global_config["http_console_host"], + port = console_thread.port, + suffix = data["suffix"]), + "name":vm['name'] + } + vm_ok +=1 + except NfvoException as e: + vm_result[ vm['uuid'] ] = {"vim_result": e.http_code, "name":vm['name'], "description": str(e)} + vm_error+=1 - else: - vm_result[ vm['uuid'] ] = {"vim_result": 200, "description": "ok", "name":vm['name']} - vm_ok +=1 + else: + vm_result[ vm['uuid'] ] = {"vim_result": 200, "description": "ok", "name":vm['name']} + vm_ok +=1 except vimconn.vimconnException as e: vm_result[ vm['uuid'] ] = {"vim_result": e.http_code, "name":vm['name'], "description": str(e)} vm_error+=1 @@ -3568,11 +3717,18 @@ def check_tenant(mydb, tenant_id): raise NfvoException("tenant '{}' not found".format(tenant_id), HTTP_Not_Found) return - def new_tenant(mydb, tenant_dict): - tenant_id = mydb.new_row("nfvo_tenants", tenant_dict, add_uuid=True) - return tenant_id + tenant_uuid = str(uuid4()) + tenant_dict['uuid'] = tenant_uuid + try: + pub_key, priv_key = create_RO_keypair(tenant_uuid) + tenant_dict['RO_pub_key'] = pub_key + tenant_dict['encrypted_RO_priv_key'] = priv_key + mydb.new_row("nfvo_tenants", tenant_dict, confidential_data=True) + except db_base_Exception as e: + raise NfvoException("Error creating the new tenant: {} ".format(tenant_dict['name']) + str(e), HTTP_Internal_Server_Error) + return tenant_uuid def delete_tenant(mydb, tenant): #get nfvo_tenant info @@ -3598,7 +3754,7 @@ def new_datacenter(mydb, datacenter_descriptor): # file.close(module_info[0]) raise NfvoException("Incorrect datacenter type '{}'. Plugin '{}'.py not installed".format(datacenter_type, module), HTTP_Bad_Request) - datacenter_id = mydb.new_row("datacenters", datacenter_descriptor, add_uuid=True) + datacenter_id = mydb.new_row("datacenters", datacenter_descriptor, add_uuid=True, confidential_data=True) return datacenter_id @@ -3658,73 +3814,79 @@ def delete_datacenter(mydb, datacenter): def associate_datacenter_to_tenant(mydb, nfvo_tenant, datacenter, vim_tenant_id=None, vim_tenant_name=None, vim_username=None, vim_password=None, config=None): - #get datacenter info - datacenter_id, myvim = get_datacenter_by_name_uuid(mydb, None, datacenter, vim_user=vim_username, vim_passwd=vim_password) - datacenter_name = myvim["name"] - - create_vim_tenant = True if not vim_tenant_id and not vim_tenant_name else False - - # get nfvo_tenant info - tenant_dict = mydb.get_table_by_uuid_name('nfvo_tenants', nfvo_tenant) - if vim_tenant_name==None: - vim_tenant_name=tenant_dict['name'] - - #check that this association does not exist before - tenants_datacenter_dict={"nfvo_tenant_id":tenant_dict['uuid'], "datacenter_id":datacenter_id } - tenants_datacenters = mydb.get_rows(FROM='tenants_datacenters', WHERE=tenants_datacenter_dict) - if len(tenants_datacenters)>0: - raise NfvoException("datacenter '{}' and tenant'{}' are already attached".format(datacenter_id, tenant_dict['uuid']), HTTP_Conflict) - - vim_tenant_id_exist_atdb=False - if not create_vim_tenant: - where_={"datacenter_id": datacenter_id} - if vim_tenant_id!=None: - where_["vim_tenant_id"] = vim_tenant_id - if vim_tenant_name!=None: - where_["vim_tenant_name"] = vim_tenant_name - #check if vim_tenant_id is already at database - datacenter_tenants_dict = mydb.get_rows(FROM='datacenter_tenants', WHERE=where_) - if len(datacenter_tenants_dict)>=1: - datacenter_tenants_dict = datacenter_tenants_dict[0] - vim_tenant_id_exist_atdb=True - #TODO check if a field has changed and edit entry at datacenter_tenants at DB - else: #result=0 + # get datacenter info + try: + datacenter_id = get_datacenter_uuid(mydb, None, datacenter) + + create_vim_tenant = True if not vim_tenant_id and not vim_tenant_name else False + + # get nfvo_tenant info + tenant_dict = mydb.get_table_by_uuid_name('nfvo_tenants', nfvo_tenant) + if vim_tenant_name==None: + vim_tenant_name=tenant_dict['name'] + + #check that this association does not exist before + tenants_datacenter_dict={"nfvo_tenant_id":tenant_dict['uuid'], "datacenter_id":datacenter_id } + tenants_datacenters = mydb.get_rows(FROM='tenants_datacenters', WHERE=tenants_datacenter_dict) + if len(tenants_datacenters)>0: + raise NfvoException("datacenter '{}' and tenant'{}' are already attached".format(datacenter_id, tenant_dict['uuid']), HTTP_Conflict) + + vim_tenant_id_exist_atdb=False + if not create_vim_tenant: + where_={"datacenter_id": datacenter_id} + if vim_tenant_id!=None: + where_["vim_tenant_id"] = vim_tenant_id + if vim_tenant_name!=None: + where_["vim_tenant_name"] = vim_tenant_name + #check if vim_tenant_id is already at database + datacenter_tenants_dict = mydb.get_rows(FROM='datacenter_tenants', WHERE=where_) + if len(datacenter_tenants_dict)>=1: + datacenter_tenants_dict = datacenter_tenants_dict[0] + vim_tenant_id_exist_atdb=True + #TODO check if a field has changed and edit entry at datacenter_tenants at DB + else: #result=0 + datacenter_tenants_dict = {} + #insert at table datacenter_tenants + else: #if vim_tenant_id==None: + #create tenant at VIM if not provided + try: + _, myvim = get_datacenter_by_name_uuid(mydb, None, datacenter, vim_user=vim_username, + vim_passwd=vim_password) + datacenter_name = myvim["name"] + vim_tenant_id = myvim.new_tenant(vim_tenant_name, "created by openmano for datacenter "+datacenter_name) + except vimconn.vimconnException as e: + raise NfvoException("Not possible to create vim_tenant {} at VIM: {}".format(vim_tenant_id, str(e)), HTTP_Internal_Server_Error) datacenter_tenants_dict = {} - #insert at table datacenter_tenants - else: #if vim_tenant_id==None: - #create tenant at VIM if not provided - try: - vim_tenant_id = myvim.new_tenant(vim_tenant_name, "created by openmano for datacenter "+datacenter_name) - except vimconn.vimconnException as e: - raise NfvoException("Not possible to create vim_tenant {} at VIM: {}".format(vim_tenant_id, str(e)), HTTP_Internal_Server_Error) - datacenter_tenants_dict = {} - datacenter_tenants_dict["created"]="true" - - #fill datacenter_tenants table - if not vim_tenant_id_exist_atdb: - datacenter_tenants_dict["vim_tenant_id"] = vim_tenant_id - datacenter_tenants_dict["vim_tenant_name"] = vim_tenant_name - datacenter_tenants_dict["user"] = vim_username - datacenter_tenants_dict["passwd"] = vim_password - datacenter_tenants_dict["datacenter_id"] = datacenter_id - if config: - datacenter_tenants_dict["config"] = yaml.safe_dump(config, default_flow_style=True, width=256) - id_ = mydb.new_row('datacenter_tenants', datacenter_tenants_dict, add_uuid=True) - datacenter_tenants_dict["uuid"] = id_ - - #fill tenants_datacenters table - datacenter_tenant_id = datacenter_tenants_dict["uuid"] - tenants_datacenter_dict["datacenter_tenant_id"] = datacenter_tenant_id - mydb.new_row('tenants_datacenters', tenants_datacenter_dict) - # create thread - datacenter_id, myvim = get_datacenter_by_name_uuid(mydb, tenant_dict['uuid'], datacenter_id) # reload data - thread_name = get_non_used_vim_name(datacenter_name, datacenter_id, tenant_dict['name'], tenant_dict['uuid']) - new_thread = vim_thread.vim_thread(myvim, task_lock, thread_name, datacenter_name, datacenter_tenant_id, - db=db, db_lock=db_lock, ovim=ovim) - new_thread.start() - thread_id = datacenter_tenants_dict["uuid"] - vim_threads["running"][thread_id] = new_thread - return datacenter_id + datacenter_tenants_dict["created"]="true" + + #fill datacenter_tenants table + if not vim_tenant_id_exist_atdb: + datacenter_tenants_dict["vim_tenant_id"] = vim_tenant_id + datacenter_tenants_dict["vim_tenant_name"] = vim_tenant_name + datacenter_tenants_dict["user"] = vim_username + datacenter_tenants_dict["passwd"] = vim_password + datacenter_tenants_dict["datacenter_id"] = datacenter_id + if config: + datacenter_tenants_dict["config"] = yaml.safe_dump(config, default_flow_style=True, width=256) + id_ = mydb.new_row('datacenter_tenants', datacenter_tenants_dict, add_uuid=True, confidential_data=True) + datacenter_tenants_dict["uuid"] = id_ + + #fill tenants_datacenters table + datacenter_tenant_id = datacenter_tenants_dict["uuid"] + tenants_datacenter_dict["datacenter_tenant_id"] = datacenter_tenant_id + mydb.new_row('tenants_datacenters', tenants_datacenter_dict) + # create thread + datacenter_id, myvim = get_datacenter_by_name_uuid(mydb, tenant_dict['uuid'], datacenter_id) # reload data + datacenter_name = myvim["name"] + thread_name = get_non_used_vim_name(datacenter_name, datacenter_id, tenant_dict['name'], tenant_dict['uuid']) + new_thread = vim_thread.vim_thread(myvim, task_lock, thread_name, datacenter_name, datacenter_tenant_id, + db=db, db_lock=db_lock, ovim=ovim) + new_thread.start() + thread_id = datacenter_tenants_dict["uuid"] + vim_threads["running"][thread_id] = new_thread + return datacenter_id + except vimconn.vimconnException as e: + raise NfvoException(str(e), HTTP_Bad_Request) def edit_datacenter_to_tenant(mydb, nfvo_tenant, datacenter_id, vim_tenant_id=None, vim_tenant_name=None, @@ -3766,9 +3928,6 @@ def edit_datacenter_to_tenant(mydb, nfvo_tenant, datacenter_id, vim_tenant_id=No return datacenter_id def deassociate_datacenter_to_tenant(mydb, tenant_id, datacenter, vim_tenant_id=None): - #get datacenter info - datacenter_id, myvim = get_datacenter_by_name_uuid(mydb, tenant_id, datacenter) - #get nfvo_tenant info if not tenant_id or tenant_id=="any": tenant_uuid = None @@ -3776,8 +3935,9 @@ def deassociate_datacenter_to_tenant(mydb, tenant_id, datacenter, vim_tenant_id= tenant_dict = mydb.get_table_by_uuid_name('nfvo_tenants', tenant_id) tenant_uuid = tenant_dict['uuid'] + datacenter_id = get_datacenter_uuid(mydb, tenant_uuid, datacenter) #check that this association exist before - tenants_datacenter_dict={"datacenter_id":datacenter_id } + tenants_datacenter_dict={"datacenter_id": datacenter_id } if tenant_uuid: tenants_datacenter_dict["nfvo_tenant_id"] = tenant_uuid tenant_datacenter_list = mydb.get_rows(FROM='tenants_datacenters', WHERE=tenants_datacenter_dict) @@ -3797,6 +3957,7 @@ def deassociate_datacenter_to_tenant(mydb, tenant_id, datacenter, vim_tenant_id= if vim_tenant_dict['created']=='true': #delete tenant at VIM if created by NFVO try: + datacenter_id, myvim = get_datacenter_by_name_uuid(mydb, tenant_id, datacenter) myvim.delete_tenant(vim_tenant_dict['vim_tenant_id']) except vimconn.vimconnException as e: warning = "Not possible to delete vim_tenant_id {} from VIM: {} ".format(vim_tenant_dict['vim_tenant_id'], str(e)) @@ -4331,3 +4492,42 @@ def datacenter_sdn_port_mapping_list(mydb, tenant_id, datacenter_id): def datacenter_sdn_port_mapping_delete(mydb, tenant_id, datacenter_id): return ovim.clear_of_port_mapping(db_filter={"region":datacenter_id}) + +def create_RO_keypair(tenant_id): + """ + Creates a public / private keys for a RO tenant and returns their values + Params: + tenant_id: ID of the tenant + Return: + public_key: Public key for the RO tenant + private_key: Encrypted private key for RO tenant + """ + + bits = 2048 + key = RSA.generate(bits) + try: + public_key = key.publickey().exportKey('OpenSSH') + if isinstance(public_key, ValueError): + raise NfvoException("Unable to create public key: {}".format(public_key), HTTP_Internal_Server_Error) + private_key = key.exportKey(passphrase=tenant_id, pkcs=8) + except (ValueError, NameError) as e: + raise NfvoException("Unable to create private key: {}".format(e), HTTP_Internal_Server_Error) + return public_key, private_key + +def decrypt_key (key, tenant_id): + """ + Decrypts an encrypted RSA key + Params: + key: Private key to be decrypted + tenant_id: ID of the tenant + Return: + unencrypted_key: Unencrypted private key for RO tenant + """ + try: + key = RSA.importKey(key,tenant_id) + unencrypted_key = key.exportKey('PEM') + if isinstance(unencrypted_key, ValueError): + raise NfvoException("Unable to decrypt the private key: {}".format(unencrypted_key), HTTP_Internal_Server_Error) + except ValueError as e: + raise NfvoException("Unable to decrypt the private key: {}".format(e), HTTP_Internal_Server_Error) + return unencrypted_key