Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 1 | import os |
| 2 | import base64 |
| 3 | import socket |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 4 | from xos.config import Config |
Scott Baker | 8b75e85 | 2016-08-16 15:04:59 -0700 | [diff] [blame] | 5 | from synchronizers.openstack.openstacksyncstep import OpenStackSyncStep |
Scott Baker | af599eb | 2017-03-21 12:43:26 -0700 | [diff] [blame] | 6 | from synchronizers.new_base.ansible_helper import * |
| 7 | from synchronizers.new_base.syncstep import * |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 8 | from xos.logger import observer_logger as logger |
Scott Baker | af599eb | 2017-03-21 12:43:26 -0700 | [diff] [blame] | 9 | from synchronizers.new_base.modelaccessor import * |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 10 | |
Scott Baker | 8c54284 | 2017-03-22 15:45:44 -0700 | [diff] [blame] | 11 | RESTAPI_HOSTNAME = getattr(Config(), "server_restapi_hostname", getattr(Config(), "server_hostname", socket.gethostname())) |
| 12 | RESTAPI_PORT = int(getattr(Config(), "server_restapi_port", getattr(Config(), "server_port", "8000"))) |
| 13 | |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 14 | def escape(s): |
| 15 | s = s.replace('\n',r'\n').replace('"',r'\"') |
| 16 | return s |
| 17 | |
| 18 | class SyncInstances(OpenStackSyncStep): |
| 19 | provides=[Instance] |
| 20 | requested_interval=0 |
| 21 | observes=Instance |
| 22 | playbook='sync_instances.yaml' |
| 23 | |
| 24 | def fetch_pending(self, deletion=False): |
| 25 | objs = super(SyncInstances, self).fetch_pending(deletion) |
| 26 | objs = [x for x in objs if x.isolation=="vm"] |
| 27 | return objs |
| 28 | |
| 29 | def get_userdata(self, instance, pubkeys): |
| 30 | userdata = '#cloud-config\n\nopencloud:\n slicename: "%s"\n hostname: "%s"\n restapi_hostname: "%s"\n restapi_port: "%s"\n' % (instance.slice.name, instance.node.name, RESTAPI_HOSTNAME, str(RESTAPI_PORT)) |
| 31 | userdata += 'ssh_authorized_keys:\n' |
| 32 | for key in pubkeys: |
| 33 | userdata += ' - %s\n' % key |
| 34 | return userdata |
| 35 | |
Andy Bavier | 4435bf0 | 2017-02-01 16:17:09 -0500 | [diff] [blame] | 36 | def get_nic_for_first_slot(self, nics): |
| 37 | # Try to find a NIC with "public" visibility |
| 38 | for nic in nics[:]: |
| 39 | network=nic.get("network", None) |
| 40 | if network: |
| 41 | tem = network.template |
| 42 | if (tem.visibility == "public"): |
| 43 | return nic |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 44 | |
Andy Bavier | 4435bf0 | 2017-02-01 16:17:09 -0500 | [diff] [blame] | 45 | # Otherwise try to find a private network |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 46 | for nic in nics[:]: |
| 47 | network=nic.get("network", None) |
| 48 | if network: |
| 49 | tem = network.template |
| 50 | if (tem.visibility == "private") and (tem.translation=="none") and ("management" not in tem.name): |
Andy Bavier | 4435bf0 | 2017-02-01 16:17:09 -0500 | [diff] [blame] | 51 | return nic |
| 52 | |
| 53 | raise Exception("Could not find a NIC for first slot") |
| 54 | |
| 55 | def sort_nics(self, nics): |
| 56 | result = [] |
| 57 | |
| 58 | # Enforce VTN's network order requirement for vSG. The access network must be |
| 59 | # inserted into the first slot. The management network must be inserted |
| 60 | # into the second slot. |
| 61 | # |
| 62 | # Some VMs may connect to multiple networks that advertise gateways. In this case, the |
| 63 | # default gateway is enforced on eth0. So give priority to "public" networks when |
| 64 | # choosing a network for the first slot. |
| 65 | |
| 66 | nic = self.get_nic_for_first_slot(nics) |
| 67 | result.append(nic) |
| 68 | nics.remove(nic) |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 69 | |
| 70 | # move the management network to the second spot |
Scott Baker | ead6af4 | 2016-10-11 16:40:40 -0700 | [diff] [blame] | 71 | for nic in nics[:]: |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 72 | network=nic.get("network", None) |
| 73 | if network: |
| 74 | tem = network.template |
| 75 | if (tem.visibility == "private") and (tem.translation=="none") and ("management" in tem.name): |
| 76 | #MCORD |
| 77 | # if len(result)!=1: |
| 78 | # raise Exception("Management network needs to be inserted in slot 1, but there are %d private nics" % len(result)) |
| 79 | result.append(nic) |
| 80 | nics.remove(nic) |
| 81 | |
| 82 | # add everything else. For VTN there probably shouldn't be any more. |
| 83 | result.extend(nics) |
| 84 | |
| 85 | return result |
| 86 | |
| 87 | def map_sync_inputs(self, instance): |
Scott Baker | e13170a | 2017-01-26 09:57:37 -0800 | [diff] [blame] | 88 | |
| 89 | # sanity check - make sure model_policy for slice has run |
| 90 | if ((not instance.slice.policed) or (instance.slice.policed < instance.slice.updated)): |
Scott Baker | a0a688a | 2017-03-28 11:59:56 -0700 | [diff] [blame] | 91 | raise DeferredException("Instance %s waiting on Slice %s to execute model policies" % (instance, instance.slice.name)) |
Scott Baker | e13170a | 2017-01-26 09:57:37 -0800 | [diff] [blame] | 92 | |
| 93 | # sanity check - make sure model_policy for all slice networks have run |
| 94 | for network in instance.slice.ownedNetworks.all(): |
| 95 | if ((not network.policed) or (network.policed < network.updated)): |
| 96 | raise DeferredException("Instance %s waiting on Network %s to execute model policies" % (instance, network.name)) |
| 97 | |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 98 | inputs = {} |
| 99 | metadata_update = {} |
| 100 | if (instance.numberCores): |
| 101 | metadata_update["cpu_cores"] = str(instance.numberCores) |
| 102 | |
Scott Baker | 75bae45 | 2017-03-27 20:10:58 -0700 | [diff] [blame] | 103 | # not supported by API... assuming it's not used ... look into enabling later |
| 104 | # for tag in instance.slice.tags.all(): |
| 105 | # if tag.name.startswith("sysctl-"): |
| 106 | # metadata_update[tag.name] = tag.value |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 107 | |
Scott Baker | af599eb | 2017-03-21 12:43:26 -0700 | [diff] [blame] | 108 | slice_memberships = SlicePrivilege.objects.filter(slice_id=instance.slice.id) |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 109 | pubkeys = set([sm.user.public_key for sm in slice_memberships if sm.user.public_key]) |
| 110 | if instance.creator.public_key: |
| 111 | pubkeys.add(instance.creator.public_key) |
| 112 | |
| 113 | if instance.slice.creator.public_key: |
| 114 | pubkeys.add(instance.slice.creator.public_key) |
| 115 | |
| 116 | if instance.slice.service and instance.slice.service.public_key: |
| 117 | pubkeys.add(instance.slice.service.public_key) |
| 118 | |
| 119 | nics=[] |
| 120 | |
| 121 | # handle ports the were created by the user |
| 122 | port_ids=[] |
Scott Baker | af599eb | 2017-03-21 12:43:26 -0700 | [diff] [blame] | 123 | for port in Port.objects.filter(instance_id=instance.id): |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 124 | if not port.port_id: |
| 125 | raise DeferredException("Instance %s waiting on port %s" % (instance, port)) |
| 126 | nics.append({"kind": "port", "value": port.port_id, "network": port.network}) |
| 127 | |
| 128 | # we want to exclude from 'nics' any network that already has a Port |
Scott Baker | af599eb | 2017-03-21 12:43:26 -0700 | [diff] [blame] | 129 | existing_port_networks = [port.network for port in Port.objects.filter(instance_id=instance.id)] |
| 130 | existing_port_network_ids = [x.id for x in existing_port_networks] |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 131 | |
Scott Baker | af599eb | 2017-03-21 12:43:26 -0700 | [diff] [blame] | 132 | networks = [ns.network for ns in NetworkSlice.objects.filter(slice_id=instance.slice.id) if ns.network.id not in existing_port_network_ids] |
| 133 | networks_ids = [x.id for x in networks] |
| 134 | controller_networks = ControllerNetwork.objects.filter(controller_id=instance.node.site_deployment.controller.id) |
| 135 | controller_networks = [x for x in controller_networks if x.id in networks_ids] |
| 136 | |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 137 | |
Scott Baker | 6c69a12 | 2016-12-07 16:08:55 -0800 | [diff] [blame] | 138 | for network in networks: |
Scott Baker | af599eb | 2017-03-21 12:43:26 -0700 | [diff] [blame] | 139 | if not ControllerNetwork.objects.filter(network_id=network.id, controller_id=instance.node.site_deployment.controller.id).exists(): |
Scott Baker | 6c69a12 | 2016-12-07 16:08:55 -0800 | [diff] [blame] | 140 | raise DeferredException("Instance %s Private Network %s lacks ControllerNetwork object" % (instance, network.name)) |
| 141 | |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 142 | for controller_network in controller_networks: |
| 143 | # Lenient exception - causes slow backoff |
Andy Bavier | 4435bf0 | 2017-02-01 16:17:09 -0500 | [diff] [blame] | 144 | if controller_network.network.template.translation == 'none': |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 145 | if not controller_network.net_id: |
| 146 | raise DeferredException("Instance %s Private Network %s has no id; Try again later" % (instance, controller_network.network.name)) |
| 147 | nics.append({"kind": "net", "value": controller_network.net_id, "network": controller_network.network}) |
| 148 | |
| 149 | # now include network template |
| 150 | network_templates = [network.template.shared_network_name for network in networks \ |
| 151 | if network.template.shared_network_name] |
| 152 | |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 153 | driver = self.driver.admin_driver(tenant='admin', controller=instance.node.site_deployment.controller) |
| 154 | nets = driver.shell.neutron.list_networks()['networks'] |
| 155 | for net in nets: |
| 156 | if net['name'] in network_templates: |
| 157 | nics.append({"kind": "net", "value": net['id'], "network": None}) |
| 158 | |
| 159 | if (not nics): |
| 160 | for net in nets: |
| 161 | if net['name']=='public': |
| 162 | nics.append({"kind": "net", "value": net['id'], "network": None}) |
| 163 | |
| 164 | nics = self.sort_nics(nics) |
| 165 | |
| 166 | image_name = None |
Scott Baker | af599eb | 2017-03-21 12:43:26 -0700 | [diff] [blame] | 167 | controller_images = instance.image.controllerimages.all() |
| 168 | controller_images = [x for x in controller_images if x.controller_id==instance.node.site_deployment.controller.id] |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 169 | if controller_images: |
| 170 | image_name = controller_images[0].image.name |
| 171 | logger.info("using image from ControllerImage object: " + str(image_name)) |
| 172 | |
| 173 | if image_name is None: |
| 174 | controller_driver = self.driver.admin_driver(controller=instance.node.site_deployment.controller) |
| 175 | images = controller_driver.shell.glanceclient.images.list() |
| 176 | for image in images: |
| 177 | if image.name == instance.image.name or not image_name: |
| 178 | image_name = image.name |
| 179 | logger.info("using image from glance: " + str(image_name)) |
| 180 | |
| 181 | try: |
| 182 | legacy = Config().observer_legacy |
| 183 | except: |
| 184 | legacy = False |
| 185 | |
| 186 | if (legacy): |
| 187 | host_filter = instance.node.name.split('.',1)[0] |
| 188 | else: |
| 189 | host_filter = instance.node.name.strip() |
| 190 | |
| 191 | availability_zone_filter = 'nova:%s'%host_filter |
| 192 | instance_name = '%s-%d'%(instance.slice.name,instance.id) |
| 193 | self.instance_name = instance_name |
| 194 | |
| 195 | userData = self.get_userdata(instance, pubkeys) |
| 196 | if instance.userData: |
| 197 | userData += instance.userData |
| 198 | |
Scott Baker | 75bae45 | 2017-03-27 20:10:58 -0700 | [diff] [blame] | 199 | # make sure nics is pickle-able |
| 200 | sanitized_nics = [{"kind": nic["kind"], "value": nic["value"]} for nic in nics] |
| 201 | |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 202 | controller = instance.node.site_deployment.controller |
| 203 | fields = {'endpoint':controller.auth_url, |
| 204 | 'endpoint_v3': controller.auth_url_v3, |
| 205 | 'domain': controller.domain, |
| 206 | 'admin_user': instance.creator.email, |
| 207 | 'admin_password': instance.creator.remote_password, |
| 208 | 'project_name': instance.slice.name, |
| 209 | 'tenant': instance.slice.name, |
| 210 | 'tenant_description': instance.slice.description, |
| 211 | 'name':instance_name, |
| 212 | 'ansible_tag':instance_name, |
| 213 | 'availability_zone': availability_zone_filter, |
| 214 | 'image_name':image_name, |
| 215 | 'flavor_name':instance.flavor.name, |
Scott Baker | 75bae45 | 2017-03-27 20:10:58 -0700 | [diff] [blame] | 216 | 'nics':sanitized_nics, |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 217 | 'meta':metadata_update, |
| 218 | 'user_data':r'%s'%escape(userData)} |
| 219 | return fields |
| 220 | |
| 221 | |
| 222 | def map_sync_outputs(self, instance, res): |
| 223 | instance_id = res[0]['openstack']['OS-EXT-SRV-ATTR:instance_name'] |
| 224 | instance_uuid = res[0]['id'] |
| 225 | |
| 226 | try: |
| 227 | hostname = res[0]['openstack']['OS-EXT-SRV-ATTR:hypervisor_hostname'] |
| 228 | ip = socket.gethostbyname(hostname) |
| 229 | instance.ip = ip |
| 230 | except: |
| 231 | pass |
| 232 | |
| 233 | instance.instance_id = instance_id |
| 234 | instance.instance_uuid = instance_uuid |
| 235 | instance.instance_name = self.instance_name |
| 236 | instance.save() |
| 237 | |
| 238 | |
| 239 | def map_delete_inputs(self, instance): |
| 240 | controller_register = json.loads(instance.node.site_deployment.controller.backend_register) |
| 241 | |
| 242 | if (controller_register.get('disabled',False)): |
| 243 | raise InnocuousException('Controller %s is disabled'%instance.node.site_deployment.controller.name) |
| 244 | |
| 245 | instance_name = '%s-%d'%(instance.slice.name,instance.id) |
| 246 | controller = instance.node.site_deployment.controller |
| 247 | input = {'endpoint':controller.auth_url, |
| 248 | 'admin_user': instance.creator.email, |
| 249 | 'admin_password': instance.creator.remote_password, |
Andy Bavier | 9e65a35 | 2016-09-30 15:39:02 -0400 | [diff] [blame] | 250 | 'project_name': instance.slice.name, |
Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 251 | 'tenant': instance.slice.name, |
| 252 | 'tenant_description': instance.slice.description, |
| 253 | 'name':instance_name, |
| 254 | 'ansible_tag':instance_name, |
| 255 | 'delete': True} |
| 256 | return input |