projects / osm / RO.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixing RO Security Vulnerabilities
[osm/RO.git] / NG-RO / osm_ng_ro / ns.py
1 # -*- coding: utf-8 -*-
2
3 ##
4 # Copyright 2020 Telefonica Investigacion y Desarrollo, S.A.U.
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
14 # implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
17 ##
18
19 from http import HTTPStatus
20 import logging
21 from random import choice as random_choice
22 from threading import Lock
23 from time import time
24 from traceback import format_exc as traceback_format_exc
25 from uuid import uuid4
26
27 from cryptography.hazmat.backends import default_backend as crypto_default_backend
28 from cryptography.hazmat.primitives import serialization as crypto_serialization
29 from cryptography.hazmat.primitives.asymmetric import rsa
30 from jinja2 import (
31 Environment,
32 select_autoescape,
33 StrictUndefined,
34 TemplateError,
35 TemplateNotFound,
36 UndefinedError,
37 )
38 from osm_common import (
39 dbmemory,
40 dbmongo,
41 fslocal,
42 fsmongo,
43 msgkafka,
44 msglocal,
45 version as common_version,
46 )
47 from osm_common.dbbase import DbException
48 from osm_common.fsbase import FsException
49 from osm_common.msgbase import MsgException
50 from osm_ng_ro.ns_thread import deep_get, NsWorker, NsWorkerException
51 from osm_ng_ro.validation import deploy_schema, validate_input
52
53 __author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
54 min_common_version = "0.1.16"
55
56
57 class NsException(Exception):
58 def __init__(self, message, http_code=HTTPStatus.BAD_REQUEST):
59 self.http_code = http_code
60 super(Exception, self).__init__(message)
61
62
63 def get_process_id():
64 """
65 Obtain a unique ID for this process. If running from inside docker, it will get docker ID. If not it
66 will provide a random one
67 :return: Obtained ID
68 """
69 # Try getting docker id. If fails, get pid
70 try:
71 with open("/proc/self/cgroup", "r") as f:
72 text_id_ = f.readline()
73 _, _, text_id = text_id_.rpartition("/")
74 text_id = text_id.replace("\n", "")[:12]
75
76 if text_id:
77 return text_id
78 except Exception as error:
79 logging.exception(f"{error} occured while getting process id")
80
81 # Return a random id
82 return "".join(random_choice("0123456789abcdef") for _ in range(12))
83
84
85 def versiontuple(v):
86 """utility for compare dot separate versions. Fills with zeros to proper number comparison"""
87 filled = []
88
89 for point in v.split("."):
90 filled.append(point.zfill(8))
91
92 return tuple(filled)
93
94
95 class Ns(object):
96 def __init__(self):
97 self.db = None
98 self.fs = None
99 self.msg = None
100 self.config = None
101 # self.operations = None
102 self.logger = None
103 # ^ Getting logger inside method self.start because parent logger (ro) is not available yet.
104 # If done now it will not be linked to parent not getting its handler and level
105 self.map_topic = {}
106 self.write_lock = None
107 self.vims_assigned = {}
108 self.next_worker = 0
109 self.plugins = {}
110 self.workers = []
111
112 def init_db(self, target_version):
113 pass
114
115 def start(self, config):
116 """
117 Connect to database, filesystem storage, and messaging
118 :param config: two level dictionary with configuration. Top level should contain 'database', 'storage',
119 :param config: Configuration of db, storage, etc
120 :return: None
121 """
122 self.config = config
123 self.config["process_id"] = get_process_id() # used for HA identity
124 self.logger = logging.getLogger("ro.ns")
125
126 # check right version of common
127 if versiontuple(common_version) < versiontuple(min_common_version):
128 raise NsException(
129 "Not compatible osm/common version '{}'. Needed '{}' or higher".format(
130 common_version, min_common_version
131 )
132 )
133
134 try:
135 if not self.db:
136 if config["database"]["driver"] == "mongo":
137 self.db = dbmongo.DbMongo()
138 self.db.db_connect(config["database"])
139 elif config["database"]["driver"] == "memory":
140 self.db = dbmemory.DbMemory()
141 self.db.db_connect(config["database"])
142 else:
143 raise NsException(
144 "Invalid configuration param '{}' at '[database]':'driver'".format(
145 config["database"]["driver"]
146 )
147 )
148
149 if not self.fs:
150 if config["storage"]["driver"] == "local":
151 self.fs = fslocal.FsLocal()
152 self.fs.fs_connect(config["storage"])
153 elif config["storage"]["driver"] == "mongo":
154 self.fs = fsmongo.FsMongo()
155 self.fs.fs_connect(config["storage"])
156 elif config["storage"]["driver"] is None:
157 pass
158 else:
159 raise NsException(
160 "Invalid configuration param '{}' at '[storage]':'driver'".format(
161 config["storage"]["driver"]
162 )
163 )
164
165 if not self.msg:
166 if config["message"]["driver"] == "local":
167 self.msg = msglocal.MsgLocal()
168 self.msg.connect(config["message"])
169 elif config["message"]["driver"] == "kafka":
170 self.msg = msgkafka.MsgKafka()
171 self.msg.connect(config["message"])
172 else:
173 raise NsException(
174 "Invalid configuration param '{}' at '[message]':'driver'".format(
175 config["message"]["driver"]
176 )
177 )
178
179 # TODO load workers to deal with exising database tasks
180
181 self.write_lock = Lock()
182 except (DbException, FsException, MsgException) as e:
183 raise NsException(str(e), http_code=e.http_code)
184
185 def get_assigned_vims(self):
186 return list(self.vims_assigned.keys())
187
188 def stop(self):
189 try:
190 if self.db:
191 self.db.db_disconnect()
192
193 if self.fs:
194 self.fs.fs_disconnect()
195
196 if self.msg:
197 self.msg.disconnect()
198
199 self.write_lock = None
200 except (DbException, FsException, MsgException) as e:
201 raise NsException(str(e), http_code=e.http_code)
202
203 for worker in self.workers:
204 worker.insert_task(("terminate",))
205
206 def _create_worker(self):
207 """
208 Look for a worker thread in idle status. If not found it creates one unless the number of threads reach the
209 limit of 'server.ns_threads' configuration. If reached, it just assigns one existing thread
210 return the index of the assigned worker thread. Worker threads are storead at self.workers
211 """
212 # Look for a thread in idle status
213 worker_id = next(
214 (
215 i
216 for i in range(len(self.workers))
217 if self.workers[i] and self.workers[i].idle
218 ),
219 None,
220 )
221
222 if worker_id is not None:
223 # unset idle status to avoid race conditions
224 self.workers[worker_id].idle = False
225 else:
226 worker_id = len(self.workers)
227
228 if worker_id < self.config["global"]["server.ns_threads"]:
229 # create a new worker
230 self.workers.append(
231 NsWorker(worker_id, self.config, self.plugins, self.db)
232 )
233 self.workers[worker_id].start()
234 else:
235 # reached maximum number of threads, assign VIM to an existing one
236 worker_id = self.next_worker
237 self.next_worker = (self.next_worker + 1) % self.config["global"][
238 "server.ns_threads"
239 ]
240
241 return worker_id
242
243 def assign_vim(self, target_id):
244 with self.write_lock:
245 return self._assign_vim(target_id)
246
247 def _assign_vim(self, target_id):
248 if target_id not in self.vims_assigned:
249 worker_id = self.vims_assigned[target_id] = self._create_worker()
250 self.workers[worker_id].insert_task(("load_vim", target_id))
251
252 def reload_vim(self, target_id):
253 # send reload_vim to the thread working with this VIM and inform all that a VIM has been changed,
254 # this is because database VIM information is cached for threads working with SDN
255 with self.write_lock:
256 for worker in self.workers:
257 if worker and not worker.idle:
258 worker.insert_task(("reload_vim", target_id))
259
260 def unload_vim(self, target_id):
261 with self.write_lock:
262 return self._unload_vim(target_id)
263
264 def _unload_vim(self, target_id):
265 if target_id in self.vims_assigned:
266 worker_id = self.vims_assigned[target_id]
267 self.workers[worker_id].insert_task(("unload_vim", target_id))
268 del self.vims_assigned[target_id]
269
270 def check_vim(self, target_id):
271 with self.write_lock:
272 if target_id in self.vims_assigned:
273 worker_id = self.vims_assigned[target_id]
274 else:
275 worker_id = self._create_worker()
276
277 worker = self.workers[worker_id]
278 worker.insert_task(("check_vim", target_id))
279
280 def unload_unused_vims(self):
281 with self.write_lock:
282 vims_to_unload = []
283
284 for target_id in self.vims_assigned:
285 if not self.db.get_one(
286 "ro_tasks",
287 q_filter={
288 "target_id": target_id,
289 "tasks.status": ["SCHEDULED", "BUILD", "DONE", "FAILED"],
290 },
291 fail_on_empty=False,
292 ):
293 vims_to_unload.append(target_id)
294
295 for target_id in vims_to_unload:
296 self._unload_vim(target_id)
297
298 def _get_cloud_init(self, where):
299 """
300 Not used as cloud init content is provided in the http body. This method reads cloud init from a file
301 :param where: can be 'vnfr_id:file:file_name' or 'vnfr_id:vdu:vdu_idex'
302 :return:
303 """
304 vnfd_id, _, other = where.partition(":")
305 _type, _, name = other.partition(":")
306 vnfd = self.db.get_one("vnfds", {"_id": vnfd_id})
307
308 if _type == "file":
309 base_folder = vnfd["_admin"]["storage"]
310 cloud_init_file = "{}/{}/cloud_init/{}".format(
311 base_folder["folder"], base_folder["pkg-dir"], name
312 )
313
314 if not self.fs:
315 raise NsException(
316 "Cannot read file '{}'. Filesystem not loaded, change configuration at storage.driver".format(
317 cloud_init_file
318 )
319 )
320
321 with self.fs.file_open(cloud_init_file, "r") as ci_file:
322 cloud_init_content = ci_file.read()
323 elif _type == "vdu":
324 cloud_init_content = vnfd["vdu"][int(name)]["cloud-init"]
325 else:
326 raise NsException("Mismatch descriptor for cloud init: {}".format(where))
327
328 return cloud_init_content
329
330 def _parse_jinja2(self, cloud_init_content, params, context):
331 try:
332 env = Environment(
333 undefined=StrictUndefined,
334 autoescape=select_autoescape(default_for_string=True, default=True),
335 )
336 template = env.from_string(cloud_init_content)
337
338 return template.render(params or {})
339 except UndefinedError as e:
340 raise NsException(
341 "Variable '{}' defined at vnfd='{}' must be provided in the instantiation parameters"
342 "inside the 'additionalParamsForVnf' block".format(e, context)
343 )
344 except (TemplateError, TemplateNotFound) as e:
345 raise NsException(
346 "Error parsing Jinja2 to cloud-init content at vnfd='{}': {}".format(
347 context, e
348 )
349 )
350
351 def _create_db_ro_nsrs(self, nsr_id, now):
352 try:
353 key = rsa.generate_private_key(
354 backend=crypto_default_backend(), public_exponent=65537, key_size=2048
355 )
356 private_key = key.private_bytes(
357 crypto_serialization.Encoding.PEM,
358 crypto_serialization.PrivateFormat.PKCS8,
359 crypto_serialization.NoEncryption(),
360 )
361 public_key = key.public_key().public_bytes(
362 crypto_serialization.Encoding.OpenSSH,
363 crypto_serialization.PublicFormat.OpenSSH,
364 )
365 private_key = private_key.decode("utf8")
366 # Change first line because Paramiko needs a explicit start with 'BEGIN RSA PRIVATE KEY'
367 i = private_key.find("\n")
368 private_key = "-----BEGIN RSA PRIVATE KEY-----" + private_key[i:]
369 public_key = public_key.decode("utf8")
370 except Exception as e:
371 raise NsException("Cannot create ssh-keys: {}".format(e))
372
373 schema_version = "1.1"
374 private_key_encrypted = self.db.encrypt(
375 private_key, schema_version=schema_version, salt=nsr_id
376 )
377 db_content = {
378 "_id": nsr_id,
379 "_admin": {
380 "created": now,
381 "modified": now,
382 "schema_version": schema_version,
383 },
384 "public_key": public_key,
385 "private_key": private_key_encrypted,
386 "actions": [],
387 }
388 self.db.create("ro_nsrs", db_content)
389
390 return db_content
391
392 def deploy(self, session, indata, version, nsr_id, *args, **kwargs):
393 self.logger.debug("ns.deploy nsr_id={} indata={}".format(nsr_id, indata))
394 validate_input(indata, deploy_schema)
395 action_id = indata.get("action_id", str(uuid4()))
396 task_index = 0
397 # get current deployment
398 db_nsr_update = {} # update operation on nsrs
399 db_vnfrs_update = {}
400 db_vnfrs = {} # vnf's info indexed by _id
401 nb_ro_tasks = 0 # for logging
402 vdu2cloud_init = indata.get("cloud_init_content") or {}
403 step = ""
404 logging_text = "Task deploy nsr_id={} action_id={} ".format(nsr_id, action_id)
405 self.logger.debug(logging_text + "Enter")
406
407 try:
408 step = "Getting ns and vnfr record from db"
409 db_nsr = self.db.get_one("nsrs", {"_id": nsr_id})
410 db_new_tasks = []
411 tasks_by_target_record_id = {}
412 # read from db: vnf's of this ns
413 step = "Getting vnfrs from db"
414 db_vnfrs_list = self.db.get_list("vnfrs", {"nsr-id-ref": nsr_id})
415
416 if not db_vnfrs_list:
417 raise NsException("Cannot obtain associated VNF for ns")
418
419 for vnfr in db_vnfrs_list:
420 db_vnfrs[vnfr["_id"]] = vnfr
421 db_vnfrs_update[vnfr["_id"]] = {}
422
423 now = time()
424 db_ro_nsr = self.db.get_one("ro_nsrs", {"_id": nsr_id}, fail_on_empty=False)
425
426 if not db_ro_nsr:
427 db_ro_nsr = self._create_db_ro_nsrs(nsr_id, now)
428
429 ro_nsr_public_key = db_ro_nsr["public_key"]
430
431 # check that action_id is not in the list of actions. Suffixed with :index
432 if action_id in db_ro_nsr["actions"]:
433 index = 1
434
435 while True:
436 new_action_id = "{}:{}".format(action_id, index)
437
438 if new_action_id not in db_ro_nsr["actions"]:
439 action_id = new_action_id
440 self.logger.debug(
441 logging_text
442 + "Changing action_id in use to {}".format(action_id)
443 )
444 break
445
446 index += 1
447
448 def _create_task(
449 target_id,
450 item,
451 action,
452 target_record,
453 target_record_id,
454 extra_dict=None,
455 ):
456 nonlocal task_index
457 nonlocal action_id
458 nonlocal nsr_id
459
460 task = {
461 "target_id": target_id, # it will be removed before pushing at database
462 "action_id": action_id,
463 "nsr_id": nsr_id,
464 "task_id": "{}:{}".format(action_id, task_index),
465 "status": "SCHEDULED",
466 "action": action,
467 "item": item,
468 "target_record": target_record,
469 "target_record_id": target_record_id,
470 }
471
472 if extra_dict:
473 task.update(extra_dict) # params, find_params, depends_on
474
475 task_index += 1
476
477 return task
478
479 def _create_ro_task(target_id, task):
480 nonlocal action_id
481 nonlocal task_index
482 nonlocal now
483
484 _id = task["task_id"]
485 db_ro_task = {
486 "_id": _id,
487 "locked_by": None,
488 "locked_at": 0.0,
489 "target_id": target_id,
490 "vim_info": {
491 "created": False,
492 "created_items": None,
493 "vim_id": None,
494 "vim_name": None,
495 "vim_status": None,
496 "vim_details": None,
497 "refresh_at": None,
498 },
499 "modified_at": now,
500 "created_at": now,
501 "to_check_at": now,
502 "tasks": [task],
503 }
504
505 return db_ro_task
506
507 def _process_image_params(target_image, vim_info, target_record_id):
508 find_params = {}
509
510 if target_image.get("image"):
511 find_params["filter_dict"] = {"name": target_image.get("image")}
512
513 if target_image.get("vim_image_id"):
514 find_params["filter_dict"] = {
515 "id": target_image.get("vim_image_id")
516 }
517
518 if target_image.get("image_checksum"):
519 find_params["filter_dict"] = {
520 "checksum": target_image.get("image_checksum")
521 }
522
523 return {"find_params": find_params}
524
525 def _process_flavor_params(target_flavor, vim_info, target_record_id):
526 def _get_resource_allocation_params(quota_descriptor):
527 """
528 read the quota_descriptor from vnfd and fetch the resource allocation properties from the
529 descriptor object
530 :param quota_descriptor: cpu/mem/vif/disk-io quota descriptor
531 :return: quota params for limit, reserve, shares from the descriptor object
532 """
533 quota = {}
534
535 if quota_descriptor.get("limit"):
536 quota["limit"] = int(quota_descriptor["limit"])
537
538 if quota_descriptor.get("reserve"):
539 quota["reserve"] = int(quota_descriptor["reserve"])
540
541 if quota_descriptor.get("shares"):
542 quota["shares"] = int(quota_descriptor["shares"])
543
544 return quota
545
546 nonlocal indata
547
548 flavor_data = {
549 "disk": int(target_flavor["storage-gb"]),
550 "ram": int(target_flavor["memory-mb"]),
551 "vcpus": int(target_flavor["vcpu-count"]),
552 }
553 numa = {}
554 extended = {}
555
556 target_vdur = None
557 for vnf in indata.get("vnf", []):
558 for vdur in vnf.get("vdur", []):
559 if vdur.get("ns-flavor-id") == target_flavor["id"]:
560 target_vdur = vdur
561
562 for storage in target_vdur.get("virtual-storages", []):
563 if (
564 storage.get("type-of-storage")
565 == "etsi-nfv-descriptors:ephemeral-storage"
566 ):
567 flavor_data["ephemeral"] = int(
568 storage.get("size-of-storage", 0)
569 )
570 elif (
571 storage.get("type-of-storage")
572 == "etsi-nfv-descriptors:swap-storage"
573 ):
574 flavor_data["swap"] = int(storage.get("size-of-storage", 0))
575
576 if target_flavor.get("guest-epa"):
577 extended = {}
578 epa_vcpu_set = False
579
580 if target_flavor["guest-epa"].get("numa-node-policy"):
581 numa_node_policy = target_flavor["guest-epa"].get(
582 "numa-node-policy"
583 )
584
585 if numa_node_policy.get("node"):
586 numa_node = numa_node_policy["node"][0]
587
588 if numa_node.get("num-cores"):
589 numa["cores"] = numa_node["num-cores"]
590 epa_vcpu_set = True
591
592 if numa_node.get("paired-threads"):
593 if numa_node["paired-threads"].get(
594 "num-paired-threads"
595 ):
596 numa["paired-threads"] = int(
597 numa_node["paired-threads"][
598 "num-paired-threads"
599 ]
600 )
601 epa_vcpu_set = True
602
603 if len(
604 numa_node["paired-threads"].get("paired-thread-ids")
605 ):
606 numa["paired-threads-id"] = []
607
608 for pair in numa_node["paired-threads"][
609 "paired-thread-ids"
610 ]:
611 numa["paired-threads-id"].append(
612 (
613 str(pair["thread-a"]),
614 str(pair["thread-b"]),
615 )
616 )
617
618 if numa_node.get("num-threads"):
619 numa["threads"] = int(numa_node["num-threads"])
620 epa_vcpu_set = True
621
622 if numa_node.get("memory-mb"):
623 numa["memory"] = max(
624 int(numa_node["memory-mb"] / 1024), 1
625 )
626
627 if target_flavor["guest-epa"].get("mempage-size"):
628 extended["mempage-size"] = target_flavor["guest-epa"].get(
629 "mempage-size"
630 )
631
632 if (
633 target_flavor["guest-epa"].get("cpu-pinning-policy")
634 and not epa_vcpu_set
635 ):
636 if (
637 target_flavor["guest-epa"]["cpu-pinning-policy"]
638 == "DEDICATED"
639 ):
640 if (
641 target_flavor["guest-epa"].get(
642 "cpu-thread-pinning-policy"
643 )
644 and target_flavor["guest-epa"][
645 "cpu-thread-pinning-policy"
646 ]
647 != "PREFER"
648 ):
649 numa["cores"] = max(flavor_data["vcpus"], 1)
650 else:
651 numa["threads"] = max(flavor_data["vcpus"], 1)
652
653 epa_vcpu_set = True
654
655 if target_flavor["guest-epa"].get("cpu-quota") and not epa_vcpu_set:
656 cpuquota = _get_resource_allocation_params(
657 target_flavor["guest-epa"].get("cpu-quota")
658 )
659
660 if cpuquota:
661 extended["cpu-quota"] = cpuquota
662
663 if target_flavor["guest-epa"].get("mem-quota"):
664 vduquota = _get_resource_allocation_params(
665 target_flavor["guest-epa"].get("mem-quota")
666 )
667
668 if vduquota:
669 extended["mem-quota"] = vduquota
670
671 if target_flavor["guest-epa"].get("disk-io-quota"):
672 diskioquota = _get_resource_allocation_params(
673 target_flavor["guest-epa"].get("disk-io-quota")
674 )
675
676 if diskioquota:
677 extended["disk-io-quota"] = diskioquota
678
679 if target_flavor["guest-epa"].get("vif-quota"):
680 vifquota = _get_resource_allocation_params(
681 target_flavor["guest-epa"].get("vif-quota")
682 )
683
684 if vifquota:
685 extended["vif-quota"] = vifquota
686
687 if numa:
688 extended["numas"] = [numa]
689
690 if extended:
691 flavor_data["extended"] = extended
692
693 extra_dict = {"find_params": {"flavor_data": flavor_data}}
694 flavor_data_name = flavor_data.copy()
695 flavor_data_name["name"] = target_flavor["name"]
696 extra_dict["params"] = {"flavor_data": flavor_data_name}
697
698 return extra_dict
699
700 def _process_affinity_group_params(
701 target_affinity_group, vim_info, target_record_id
702 ):
703 extra_dict = {}
704
705 affinity_group_data = {
706 "name": target_affinity_group["name"],
707 "type": target_affinity_group["type"],
708 "scope": target_affinity_group["scope"],
709 }
710
711 if target_affinity_group.get("vim-affinity-group-id"):
712 affinity_group_data[
713 "vim-affinity-group-id"
714 ] = target_affinity_group["vim-affinity-group-id"]
715
716 extra_dict["params"] = {
717 "affinity_group_data": affinity_group_data,
718 }
719
720 return extra_dict
721
722 def _ip_profile_2_ro(ip_profile):
723 if not ip_profile:
724 return None
725
726 ro_ip_profile = {
727 "ip_version": "IPv4"
728 if "v4" in ip_profile.get("ip-version", "ipv4")
729 else "IPv6",
730 "subnet_address": ip_profile.get("subnet-address"),
731 "gateway_address": ip_profile.get("gateway-address"),
732 "dhcp_enabled": ip_profile.get("dhcp-params", {}).get(
733 "enabled", False
734 ),
735 "dhcp_start_address": ip_profile.get("dhcp-params", {}).get(
736 "start-address", None
737 ),
738 "dhcp_count": ip_profile.get("dhcp-params", {}).get("count", None),
739 }
740
741 if ip_profile.get("dns-server"):
742 ro_ip_profile["dns_address"] = ";".join(
743 [v["address"] for v in ip_profile["dns-server"]]
744 )
745
746 if ip_profile.get("security-group"):
747 ro_ip_profile["security_group"] = ip_profile["security-group"]
748
749 return ro_ip_profile
750
751 def _process_net_params(target_vld, vim_info, target_record_id):
752 nonlocal indata
753 extra_dict = {}
754
755 if vim_info.get("sdn"):
756 # vnf_preffix = "vnfrs:{}".format(vnfr_id)
757 # ns_preffix = "nsrs:{}".format(nsr_id)
758 # remove the ending ".sdn
759 vld_target_record_id, _, _ = target_record_id.rpartition(".")
760 extra_dict["params"] = {
761 k: vim_info[k]
762 for k in ("sdn-ports", "target_vim", "vlds", "type")
763 if vim_info.get(k)
764 }
765
766 # TODO needed to add target_id in the dependency.
767 if vim_info.get("target_vim"):
768 extra_dict["depends_on"] = [
769 vim_info.get("target_vim") + " " + vld_target_record_id
770 ]
771
772 return extra_dict
773
774 if vim_info.get("vim_network_name"):
775 extra_dict["find_params"] = {
776 "filter_dict": {"name": vim_info.get("vim_network_name")}
777 }
778 elif vim_info.get("vim_network_id"):
779 extra_dict["find_params"] = {
780 "filter_dict": {"id": vim_info.get("vim_network_id")}
781 }
782 elif target_vld.get("mgmt-network"):
783 extra_dict["find_params"] = {"mgmt": True, "name": target_vld["id"]}
784 else:
785 # create
786 extra_dict["params"] = {
787 "net_name": "{}-{}".format(
788 indata["name"][:16],
789 target_vld.get("name", target_vld["id"])[:16],
790 ),
791 "ip_profile": _ip_profile_2_ro(vim_info.get("ip_profile")),
792 "provider_network_profile": vim_info.get("provider_network"),
793 }
794
795 if not target_vld.get("underlay"):
796 extra_dict["params"]["net_type"] = "bridge"
797 else:
798 extra_dict["params"]["net_type"] = (
799 "ptp" if target_vld.get("type") == "ELINE" else "data"
800 )
801
802 return extra_dict
803
804 def _process_vdu_params(target_vdu, vim_info, target_record_id):
805 nonlocal vnfr_id
806 nonlocal nsr_id
807 nonlocal indata
808 nonlocal vnfr
809 nonlocal vdu2cloud_init
810 nonlocal tasks_by_target_record_id
811
812 vnf_preffix = "vnfrs:{}".format(vnfr_id)
813 ns_preffix = "nsrs:{}".format(nsr_id)
814 image_text = ns_preffix + ":image." + target_vdu["ns-image-id"]
815 flavor_text = ns_preffix + ":flavor." + target_vdu["ns-flavor-id"]
816 extra_dict = {"depends_on": [image_text, flavor_text]}
817 net_list = []
818
819 # If the position info is provided for all the interfaces, it will be sorted
820 # according to position number ascendingly.
821 if all(
822 i.get("position") + 1
823 for i in target_vdu["interfaces"]
824 if i.get("position") is not None
825 ):
826 sorted_interfaces = sorted(
827 target_vdu["interfaces"],
828 key=lambda x: (x.get("position") is None, x.get("position")),
829 )
830 target_vdu["interfaces"] = sorted_interfaces
831
832 # If the position info is provided for some interfaces but not all of them, the interfaces
833 # which has specific position numbers will be placed and others' positions will not be taken care.
834 else:
835 if any(
836 i.get("position") + 1
837 for i in target_vdu["interfaces"]
838 if i.get("position") is not None
839 ):
840 n = len(target_vdu["interfaces"])
841 sorted_interfaces = [-1] * n
842 k, m = 0, 0
843 while k < n:
844 if target_vdu["interfaces"][k].get("position"):
845 idx = target_vdu["interfaces"][k]["position"]
846 sorted_interfaces[idx - 1] = target_vdu["interfaces"][k]
847 k += 1
848 while m < n:
849 if not target_vdu["interfaces"][m].get("position"):
850 idy = sorted_interfaces.index(-1)
851 sorted_interfaces[idy] = target_vdu["interfaces"][m]
852 m += 1
853
854 target_vdu["interfaces"] = sorted_interfaces
855
856 # If the position info is not provided for the interfaces, interfaces will be attached
857 # according to the order in the VNFD.
858 for iface_index, interface in enumerate(target_vdu["interfaces"]):
859 if interface.get("ns-vld-id"):
860 net_text = ns_preffix + ":vld." + interface["ns-vld-id"]
861 elif interface.get("vnf-vld-id"):
862 net_text = vnf_preffix + ":vld." + interface["vnf-vld-id"]
863 else:
864 self.logger.error(
865 "Interface {} from vdu {} not connected to any vld".format(
866 iface_index, target_vdu["vdu-name"]
867 )
868 )
869
870 continue # interface not connected to any vld
871
872 extra_dict["depends_on"].append(net_text)
873
874 if "port-security-enabled" in interface:
875 interface["port_security"] = interface.pop(
876 "port-security-enabled"
877 )
878
879 if "port-security-disable-strategy" in interface:
880 interface["port_security_disable_strategy"] = interface.pop(
881 "port-security-disable-strategy"
882 )
883
884 net_item = {
885 x: v
886 for x, v in interface.items()
887 if x
888 in (
889 "name",
890 "vpci",
891 "port_security",
892 "port_security_disable_strategy",
893 "floating_ip",
894 )
895 }
896 net_item["net_id"] = "TASK-" + net_text
897 net_item["type"] = "virtual"
898
899 # TODO mac_address: used for SR-IOV ifaces #TODO for other types
900 # TODO floating_ip: True/False (or it can be None)
901 if interface.get("type") in ("SR-IOV", "PCI-PASSTHROUGH"):
902 # mark the net create task as type data
903 if deep_get(
904 tasks_by_target_record_id, net_text, "params", "net_type"
905 ):
906 tasks_by_target_record_id[net_text]["params"][
907 "net_type"
908 ] = "data"
909
910 net_item["use"] = "data"
911 net_item["model"] = interface["type"]
912 net_item["type"] = interface["type"]
913 elif (
914 interface.get("type") == "OM-MGMT"
915 or interface.get("mgmt-interface")
916 or interface.get("mgmt-vnf")
917 ):
918 net_item["use"] = "mgmt"
919 else:
920 # if interface.get("type") in ("VIRTIO", "E1000", "PARAVIRT"):
921 net_item["use"] = "bridge"
922 net_item["model"] = interface.get("type")
923
924 if interface.get("ip-address"):
925 net_item["ip_address"] = interface["ip-address"]
926
927 if interface.get("mac-address"):
928 net_item["mac_address"] = interface["mac-address"]
929
930 net_list.append(net_item)
931
932 if interface.get("mgmt-vnf"):
933 extra_dict["mgmt_vnf_interface"] = iface_index
934 elif interface.get("mgmt-interface"):
935 extra_dict["mgmt_vdu_interface"] = iface_index
936
937 # cloud config
938 cloud_config = {}
939
940 if target_vdu.get("cloud-init"):
941 if target_vdu["cloud-init"] not in vdu2cloud_init:
942 vdu2cloud_init[target_vdu["cloud-init"]] = self._get_cloud_init(
943 target_vdu["cloud-init"]
944 )
945
946 cloud_content_ = vdu2cloud_init[target_vdu["cloud-init"]]
947 cloud_config["user-data"] = self._parse_jinja2(
948 cloud_content_,
949 target_vdu.get("additionalParams"),
950 target_vdu["cloud-init"],
951 )
952
953 if target_vdu.get("boot-data-drive"):
954 cloud_config["boot-data-drive"] = target_vdu.get("boot-data-drive")
955
956 ssh_keys = []
957
958 if target_vdu.get("ssh-keys"):
959 ssh_keys += target_vdu.get("ssh-keys")
960
961 if target_vdu.get("ssh-access-required"):
962 ssh_keys.append(ro_nsr_public_key)
963
964 if ssh_keys:
965 cloud_config["key-pairs"] = ssh_keys
966
967 persistent_root_disk = {}
968 disk_list = []
969 vnfd_id = vnfr["vnfd-id"]
970 vnfd = self.db.get_one("vnfds", {"_id": vnfd_id})
971 for vdu in vnfd.get("vdu", ()):
972 if vdu["name"] == target_vdu["vdu-name"]:
973 for vsd in vnfd.get("virtual-storage-desc", ()):
974 if (
975 vsd.get("id")
976 == vdu.get("virtual-storage-desc", [[]])[0]
977 ):
978 root_disk = vsd
979 if root_disk.get(
980 "type-of-storage"
981 ) == "persistent-storage:persistent-storage" and root_disk.get(
982 "size-of-storage"
983 ):
984 persistent_root_disk[vsd["id"]] = {
985 "image_id": vdu.get("sw-image-desc"),
986 "size": root_disk["size-of-storage"],
987 }
988 disk_list.append(persistent_root_disk[vsd["id"]])
989
990 if target_vdu.get("virtual-storages"):
991 for disk in target_vdu["virtual-storages"]:
992 if (
993 disk.get("type-of-storage")
994 == "persistent-storage:persistent-storage"
995 and disk["id"] not in persistent_root_disk.keys()
996 ):
997 disk_list.append({"size": disk["size-of-storage"]})
998
999 affinity_group_list = []
1000
1001 if target_vdu.get("affinity-or-anti-affinity-group-id"):
1002 affinity_group = {}
1003 for affinity_group_id in target_vdu[
1004 "affinity-or-anti-affinity-group-id"
1005 ]:
1006 affinity_group_text = (
1007 ns_preffix
1008 + ":affinity-or-anti-affinity-group."
1009 + affinity_group_id
1010 )
1011
1012 extra_dict["depends_on"].append(affinity_group_text)
1013 affinity_group["affinity_group_id"] = (
1014 "TASK-" + affinity_group_text
1015 )
1016 affinity_group_list.append(affinity_group)
1017
1018 extra_dict["params"] = {
1019 "name": "{}-{}-{}-{}".format(
1020 indata["name"][:16],
1021 vnfr["member-vnf-index-ref"][:16],
1022 target_vdu["vdu-name"][:32],
1023 target_vdu.get("count-index") or 0,
1024 ),
1025 "description": target_vdu["vdu-name"],
1026 "start": True,
1027 "image_id": "TASK-" + image_text,
1028 "flavor_id": "TASK-" + flavor_text,
1029 "affinity_group_list": affinity_group_list,
1030 "net_list": net_list,
1031 "cloud_config": cloud_config or None,
1032 "disk_list": disk_list,
1033 "availability_zone_index": None, # TODO
1034 "availability_zone_list": None, # TODO
1035 }
1036
1037 return extra_dict
1038
1039 def _process_items(
1040 target_list,
1041 existing_list,
1042 db_record,
1043 db_update,
1044 db_path,
1045 item,
1046 process_params,
1047 ):
1048 nonlocal db_new_tasks
1049 nonlocal tasks_by_target_record_id
1050 nonlocal task_index
1051
1052 # ensure all the target_list elements has an "id". If not assign the index as id
1053 for target_index, tl in enumerate(target_list):
1054 if tl and not tl.get("id"):
1055 tl["id"] = str(target_index)
1056
1057 # step 1 items (networks,vdus,...) to be deleted/updated
1058 for item_index, existing_item in enumerate(existing_list):
1059 target_item = next(
1060 (t for t in target_list if t["id"] == existing_item["id"]), None
1061 )
1062
1063 for target_vim, existing_viminfo in existing_item.get(
1064 "vim_info", {}
1065 ).items():
1066 if existing_viminfo is None:
1067 continue
1068
1069 if target_item:
1070 target_viminfo = target_item.get("vim_info", {}).get(
1071 target_vim
1072 )
1073 else:
1074 target_viminfo = None
1075
1076 if target_viminfo is None:
1077 # must be deleted
1078 self._assign_vim(target_vim)
1079 target_record_id = "{}.{}".format(
1080 db_record, existing_item["id"]
1081 )
1082 item_ = item
1083
1084 if target_vim.startswith("sdn") or target_vim.startswith(
1085 "wim"
1086 ):
1087 # item must be sdn-net instead of net if target_vim is a sdn
1088 item_ = "sdn_net"
1089 target_record_id += ".sdn"
1090
1091 task = _create_task(
1092 target_vim,
1093 item_,
1094 "DELETE",
1095 target_record="{}.{}.vim_info.{}".format(
1096 db_record, item_index, target_vim
1097 ),
1098 target_record_id=target_record_id,
1099 )
1100 tasks_by_target_record_id[target_record_id] = task
1101 db_new_tasks.append(task)
1102 # TODO delete
1103 # TODO check one by one the vims to be created/deleted
1104
1105 # step 2 items (networks,vdus,...) to be created
1106 for target_item in target_list:
1107 item_index = -1
1108
1109 for item_index, existing_item in enumerate(existing_list):
1110 if existing_item["id"] == target_item["id"]:
1111 break
1112 else:
1113 item_index += 1
1114 db_update[db_path + ".{}".format(item_index)] = target_item
1115 existing_list.append(target_item)
1116 existing_item = None
1117
1118 for target_vim, target_viminfo in target_item.get(
1119 "vim_info", {}
1120 ).items():
1121 existing_viminfo = None
1122
1123 if existing_item:
1124 existing_viminfo = existing_item.get("vim_info", {}).get(
1125 target_vim
1126 )
1127
1128 # TODO check if different. Delete and create???
1129 # TODO delete if not exist
1130 if existing_viminfo is not None:
1131 continue
1132
1133 target_record_id = "{}.{}".format(db_record, target_item["id"])
1134 item_ = item
1135
1136 if target_vim.startswith("sdn") or target_vim.startswith("wim"):
1137 # item must be sdn-net instead of net if target_vim is a sdn
1138 item_ = "sdn_net"
1139 target_record_id += ".sdn"
1140
1141 extra_dict = process_params(
1142 target_item, target_viminfo, target_record_id
1143 )
1144 self._assign_vim(target_vim)
1145 task = _create_task(
1146 target_vim,
1147 item_,
1148 "CREATE",
1149 target_record="{}.{}.vim_info.{}".format(
1150 db_record, item_index, target_vim
1151 ),
1152 target_record_id=target_record_id,
1153 extra_dict=extra_dict,
1154 )
1155 tasks_by_target_record_id[target_record_id] = task
1156 db_new_tasks.append(task)
1157
1158 if target_item.get("common_id"):
1159 task["common_id"] = target_item["common_id"]
1160
1161 db_update[db_path + ".{}".format(item_index)] = target_item
1162
1163 def _process_action(indata):
1164 nonlocal db_new_tasks
1165 nonlocal task_index
1166 nonlocal db_vnfrs
1167 nonlocal db_ro_nsr
1168
1169 if indata["action"]["action"] == "inject_ssh_key":
1170 key = indata["action"].get("key")
1171 user = indata["action"].get("user")
1172 password = indata["action"].get("password")
1173
1174 for vnf in indata.get("vnf", ()):
1175 if vnf["_id"] not in db_vnfrs:
1176 raise NsException("Invalid vnf={}".format(vnf["_id"]))
1177
1178 db_vnfr = db_vnfrs[vnf["_id"]]
1179
1180 for target_vdu in vnf.get("vdur", ()):
1181 vdu_index, vdur = next(
1182 (
1183 i_v
1184 for i_v in enumerate(db_vnfr["vdur"])
1185 if i_v[1]["id"] == target_vdu["id"]
1186 ),
1187 (None, None),
1188 )
1189
1190 if not vdur:
1191 raise NsException(
1192 "Invalid vdu vnf={}.{}".format(
1193 vnf["_id"], target_vdu["id"]
1194 )
1195 )
1196
1197 target_vim, vim_info = next(
1198 k_v for k_v in vdur["vim_info"].items()
1199 )
1200 self._assign_vim(target_vim)
1201 target_record = "vnfrs:{}:vdur.{}.ssh_keys".format(
1202 vnf["_id"], vdu_index
1203 )
1204 extra_dict = {
1205 "depends_on": [
1206 "vnfrs:{}:vdur.{}".format(vnf["_id"], vdur["id"])
1207 ],
1208 "params": {
1209 "ip_address": vdur.get("ip-address"),
1210 "user": user,
1211 "key": key,
1212 "password": password,
1213 "private_key": db_ro_nsr["private_key"],
1214 "salt": db_ro_nsr["_id"],
1215 "schema_version": db_ro_nsr["_admin"][
1216 "schema_version"
1217 ],
1218 },
1219 }
1220 task = _create_task(
1221 target_vim,
1222 "vdu",
1223 "EXEC",
1224 target_record=target_record,
1225 target_record_id=None,
1226 extra_dict=extra_dict,
1227 )
1228 db_new_tasks.append(task)
1229
1230 with self.write_lock:
1231 if indata.get("action"):
1232 _process_action(indata)
1233 else:
1234 # compute network differences
1235 # NS.vld
1236 step = "process NS VLDs"
1237 _process_items(
1238 target_list=indata["ns"]["vld"] or [],
1239 existing_list=db_nsr.get("vld") or [],
1240 db_record="nsrs:{}:vld".format(nsr_id),
1241 db_update=db_nsr_update,
1242 db_path="vld",
1243 item="net",
1244 process_params=_process_net_params,
1245 )
1246
1247 step = "process NS images"
1248 _process_items(
1249 target_list=indata.get("image") or [],
1250 existing_list=db_nsr.get("image") or [],
1251 db_record="nsrs:{}:image".format(nsr_id),
1252 db_update=db_nsr_update,
1253 db_path="image",
1254 item="image",
1255 process_params=_process_image_params,
1256 )
1257
1258 step = "process NS flavors"
1259 _process_items(
1260 target_list=indata.get("flavor") or [],
1261 existing_list=db_nsr.get("flavor") or [],
1262 db_record="nsrs:{}:flavor".format(nsr_id),
1263 db_update=db_nsr_update,
1264 db_path="flavor",
1265 item="flavor",
1266 process_params=_process_flavor_params,
1267 )
1268
1269 step = "process NS Affinity Groups"
1270 _process_items(
1271 target_list=indata.get("affinity-or-anti-affinity-group") or [],
1272 existing_list=db_nsr.get("affinity-or-anti-affinity-group")
1273 or [],
1274 db_record="nsrs:{}:affinity-or-anti-affinity-group".format(
1275 nsr_id
1276 ),
1277 db_update=db_nsr_update,
1278 db_path="affinity-or-anti-affinity-group",
1279 item="affinity-or-anti-affinity-group",
1280 process_params=_process_affinity_group_params,
1281 )
1282
1283 # VNF.vld
1284 for vnfr_id, vnfr in db_vnfrs.items():
1285 # vnfr_id need to be set as global variable for among others nested method _process_vdu_params
1286 step = "process VNF={} VLDs".format(vnfr_id)
1287 target_vnf = next(
1288 (
1289 vnf
1290 for vnf in indata.get("vnf", ())
1291 if vnf["_id"] == vnfr_id
1292 ),
1293 None,
1294 )
1295 target_list = target_vnf.get("vld") if target_vnf else None
1296 _process_items(
1297 target_list=target_list or [],
1298 existing_list=vnfr.get("vld") or [],
1299 db_record="vnfrs:{}:vld".format(vnfr_id),
1300 db_update=db_vnfrs_update[vnfr["_id"]],
1301 db_path="vld",
1302 item="net",
1303 process_params=_process_net_params,
1304 )
1305
1306 target_list = target_vnf.get("vdur") if target_vnf else None
1307 step = "process VNF={} VDUs".format(vnfr_id)
1308 _process_items(
1309 target_list=target_list or [],
1310 existing_list=vnfr.get("vdur") or [],
1311 db_record="vnfrs:{}:vdur".format(vnfr_id),
1312 db_update=db_vnfrs_update[vnfr["_id"]],
1313 db_path="vdur",
1314 item="vdu",
1315 process_params=_process_vdu_params,
1316 )
1317
1318 for db_task in db_new_tasks:
1319 step = "Updating database, Appending tasks to ro_tasks"
1320 target_id = db_task.pop("target_id")
1321 common_id = db_task.get("common_id")
1322
1323 if common_id:
1324 if self.db.set_one(
1325 "ro_tasks",
1326 q_filter={
1327 "target_id": target_id,
1328 "tasks.common_id": common_id,
1329 },
1330 update_dict={"to_check_at": now, "modified_at": now},
1331 push={"tasks": db_task},
1332 fail_on_empty=False,
1333 ):
1334 continue
1335
1336 if not self.db.set_one(
1337 "ro_tasks",
1338 q_filter={
1339 "target_id": target_id,
1340 "tasks.target_record": db_task["target_record"],
1341 },
1342 update_dict={"to_check_at": now, "modified_at": now},
1343 push={"tasks": db_task},
1344 fail_on_empty=False,
1345 ):
1346 # Create a ro_task
1347 step = "Updating database, Creating ro_tasks"
1348 db_ro_task = _create_ro_task(target_id, db_task)
1349 nb_ro_tasks += 1
1350 self.db.create("ro_tasks", db_ro_task)
1351
1352 step = "Updating database, nsrs"
1353 if db_nsr_update:
1354 self.db.set_one("nsrs", {"_id": nsr_id}, db_nsr_update)
1355
1356 for vnfr_id, db_vnfr_update in db_vnfrs_update.items():
1357 if db_vnfr_update:
1358 step = "Updating database, vnfrs={}".format(vnfr_id)
1359 self.db.set_one("vnfrs", {"_id": vnfr_id}, db_vnfr_update)
1360
1361 self.logger.debug(
1362 logging_text
1363 + "Exit. Created {} ro_tasks; {} tasks".format(
1364 nb_ro_tasks, len(db_new_tasks)
1365 )
1366 )
1367
1368 return (
1369 {"status": "ok", "nsr_id": nsr_id, "action_id": action_id},
1370 action_id,
1371 True,
1372 )
1373 except Exception as e:
1374 if isinstance(e, (DbException, NsException)):
1375 self.logger.error(
1376 logging_text + "Exit Exception while '{}': {}".format(step, e)
1377 )
1378 else:
1379 e = traceback_format_exc()
1380 self.logger.critical(
1381 logging_text + "Exit Exception while '{}': {}".format(step, e),
1382 exc_info=True,
1383 )
1384
1385 raise NsException(e)
1386
1387 def delete(self, session, indata, version, nsr_id, *args, **kwargs):
1388 self.logger.debug("ns.delete version={} nsr_id={}".format(version, nsr_id))
1389 # self.db.del_list({"_id": ro_task["_id"], "tasks.nsr_id.ne": nsr_id})
1390
1391 with self.write_lock:
1392 try:
1393 NsWorker.delete_db_tasks(self.db, nsr_id, None)
1394 except NsWorkerException as e:
1395 raise NsException(e)
1396
1397 return None, None, True
1398
1399 def status(self, session, indata, version, nsr_id, action_id, *args, **kwargs):
1400 # self.logger.debug("ns.status version={} nsr_id={}, action_id={} indata={}"
1401 # .format(version, nsr_id, action_id, indata))
1402 task_list = []
1403 done = 0
1404 total = 0
1405 ro_tasks = self.db.get_list("ro_tasks", {"tasks.action_id": action_id})
1406 global_status = "DONE"
1407 details = []
1408
1409 for ro_task in ro_tasks:
1410 for task in ro_task["tasks"]:
1411 if task and task["action_id"] == action_id:
1412 task_list.append(task)
1413 total += 1
1414
1415 if task["status"] == "FAILED":
1416 global_status = "FAILED"
1417 error_text = "Error at {} {}: {}".format(
1418 task["action"].lower(),
1419 task["item"],
1420 ro_task["vim_info"].get("vim_details") or "unknown",
1421 )
1422 details.append(error_text)
1423 elif task["status"] in ("SCHEDULED", "BUILD"):
1424 if global_status != "FAILED":
1425 global_status = "BUILD"
1426 else:
1427 done += 1
1428
1429 return_data = {
1430 "status": global_status,
1431 "details": ". ".join(details)
1432 if details
1433 else "progress {}/{}".format(done, total),
1434 "nsr_id": nsr_id,
1435 "action_id": action_id,
1436 "tasks": task_list,
1437 }
1438
1439 return return_data, None, True
1440
1441 def cancel(self, session, indata, version, nsr_id, action_id, *args, **kwargs):
1442 print(
1443 "ns.cancel session={} indata={} version={} nsr_id={}, action_id={}".format(
1444 session, indata, version, nsr_id, action_id
1445 )
1446 )
1447
1448 return None, None, True
1449
1450 def get_deploy(self, session, indata, version, nsr_id, action_id, *args, **kwargs):
1451 nsrs = self.db.get_list("nsrs", {})
1452 return_data = []
1453
1454 for ns in nsrs:
1455 return_data.append({"_id": ns["_id"], "name": ns["name"]})
1456
1457 return return_data, None, True
1458
1459 def get_actions(self, session, indata, version, nsr_id, action_id, *args, **kwargs):
1460 ro_tasks = self.db.get_list("ro_tasks", {"tasks.nsr_id": nsr_id})
1461 return_data = []
1462
1463 for ro_task in ro_tasks:
1464 for task in ro_task["tasks"]:
1465 if task["action_id"] not in return_data:
1466 return_data.append(task["action_id"])
1467
1468 return return_data, None, True