fixed merge of master into lts
diff --git a/containers/openvpn/Dockerfile b/containers/openvpn/Dockerfile
new file mode 100644
index 0000000..8ae8484
--- /dev/null
+++ b/containers/openvpn/Dockerfile
@@ -0,0 +1,12 @@
+FROM xosproject/xos-synchronizer-openstack
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \
+ openvpn
+
+# for OpenVPN
+RUN mkdir -p /opt/openvpn
+RUN chmod 777 /opt/openvpn
+RUN git clone https://github.com/OpenVPN/easy-rsa.git /opt/openvpn
+RUN git -C /opt/openvpn pull origin master
+RUN echo 'set_var EASYRSA "/opt/openvpn/easyrsa3"' | tee /opt/openvpn/vars
+RUN echo 'set_var EASYRSA_BATCH "true"' | tee -a /opt/openvpn/vars
diff --git a/containers/openvpn/Makefile b/containers/openvpn/Makefile
new file mode 100644
index 0000000..bdfb126
--- /dev/null
+++ b/containers/openvpn/Makefile
@@ -0,0 +1,18 @@
+IMAGE_NAME:=xosproject/xos-openvpn
+CONTAINER_NAME:=xos-synchronizer
+NO_DOCKER_CACHE?=true
+
+.PHONY: build
+build: ; sudo docker build --no-cache=${NO_DOCKER_CACHE} --rm -t ${IMAGE_NAME} .
+
+.PHONY: run
+run: ; sudo docker run -d --name ${CONTAINER_NAME} -v /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro ${IMAGE_NAME}
+
+.PHONY: stop
+stop: ; sudo docker stop ${CONTAINER_NAME}
+
+.PHONY: rm
+rm: ; sudo docker rm ${CONTAINER_NAME}
+
+.PHONY: rmi
+rmi: ; docker rmi ${IMAGE_NAME}
diff --git a/containers/openvpn/conf/ansible-hosts b/containers/openvpn/conf/ansible-hosts
new file mode 100644
index 0000000..0dd74f1
--- /dev/null
+++ b/containers/openvpn/conf/ansible-hosts
@@ -0,0 +1,2 @@
+[localhost]
+127.0.0.1
diff --git a/containers/openvpn/conf/synchronizer.conf b/containers/openvpn/conf/synchronizer.conf
new file mode 100644
index 0000000..2131a25
--- /dev/null
+++ b/containers/openvpn/conf/synchronizer.conf
@@ -0,0 +1,9 @@
+[supervisord]
+logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log)
+pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=true
+
+[program:synchronizer]
+command=python /opt/xos/synchronizers/openstack/xos-synchronizer.py
+stderr_logfile=/var/log/supervisor/synchronizer.err.log
+stdout_logfile=/var/log/supervisor/synchronizer.out.log
diff --git a/containers/xos/Dockerfile b/containers/xos/Dockerfile
index d06309c..d74974e 100644
--- a/containers/xos/Dockerfile
+++ b/containers/xos/Dockerfile
@@ -53,6 +53,7 @@
dnslib \
google-api-python-client \
httplib2 \
+ jinja2 \
lxml \
markdown \
netaddr \
diff --git a/containers/xos/Dockerfile.devel b/containers/xos/Dockerfile.devel
index bec6a06..7580f16 100644
--- a/containers/xos/Dockerfile.devel
+++ b/containers/xos/Dockerfile.devel
@@ -53,6 +53,7 @@
dnslib \
google-api-python-client \
httplib2 \
+ jinja2 \
lxml \
markdown \
netaddr \
diff --git a/views/ngXosViews/openVPNDashboard/.bowerrc b/views/ngXosViews/openVPNDashboard/.bowerrc
new file mode 100644
index 0000000..e491038
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/.bowerrc
@@ -0,0 +1,3 @@
+{
+ "directory": "src/vendor/"
+}
\ No newline at end of file
diff --git a/views/ngXosViews/openVPNDashboard/.eslintrc b/views/ngXosViews/openVPNDashboard/.eslintrc
new file mode 100644
index 0000000..c852748
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/.eslintrc
@@ -0,0 +1,42 @@
+{
+ "ecmaFeatures": {
+ "blockBindings": true,
+ "forOf": true,
+ "destructuring": true,
+ "arrowFunctions": true,
+ "templateStrings": true
+ },
+ "env": {
+ "browser": true,
+ "node": true,
+ "es6": true
+ },
+ "plugins": [
+ //"angular"
+ ],
+ "rules": {
+ "quotes": [2, "single"],
+ "camelcase": [1, {"properties": "always"}],
+ "no-underscore-dangle": 1,
+ "eqeqeq": [2, "smart"],
+ "no-alert": 1,
+ "key-spacing": [1, { "beforeColon": false, "afterColon": true }],
+ "indent": [2, 2],
+ "no-irregular-whitespace": 1,
+ "eol-last": 0,
+ "max-nested-callbacks": [2, 4],
+ "comma-spacing": [1, {"before": false, "after": true}],
+ "no-trailing-spaces": [1, { skipBlankLines: true }],
+ "no-unused-vars": [1, {"vars": "all", "args": "after-used"}],
+ "new-cap": 0,
+
+ //"angular/ng_module_name": [2, '/^xos\.*[a-z]*$/'],
+ //"angular/ng_controller_name": [2, '/^[a-z].*Ctrl$/'],
+ //"angular/ng_service_name": [2, '/^[A-Z].*Service$/'],
+ //"angular/ng_directive_name": [2, '/^[a-z]+[[A-Z].*]*$/'],
+ //"angular/ng_di": [0, "function or array"]
+ },
+ "globals" :{
+ "angular": true
+ }
+}
\ No newline at end of file
diff --git a/views/ngXosViews/openVPNDashboard/.gitignore b/views/ngXosViews/openVPNDashboard/.gitignore
new file mode 100644
index 0000000..567aee4
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/.gitignore
@@ -0,0 +1,6 @@
+dist/
+src/vendor
+.tmp
+node_modules
+npm-debug.log
+dist/
\ No newline at end of file
diff --git a/views/ngXosViews/openVPNDashboard/bower.json b/views/ngXosViews/openVPNDashboard/bower.json
new file mode 100644
index 0000000..01b2715
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/bower.json
@@ -0,0 +1,29 @@
+{
+ "name": "xos-openVPNDashboard",
+ "version": "0.0.0",
+ "authors": [
+ "Jeremy Mowery <jermowery@email.arizona.edu>"
+ ],
+ "description": "The OpenVPN Dashboard",
+ "license": "MIT",
+ "ignore": [
+ "**/.*",
+ "node_modules",
+ "bower_components",
+ "static/js/vendor/",
+ "test",
+ "tests"
+ ],
+ "dependencies": {
+ },
+ "devDependencies": {
+ "jquery": "2.1.4",
+ "angular-mocks": "1.4.7",
+ "angular": "1.4.7",
+ "angular-ui-router": "0.2.15",
+ "angular-cookies": "1.4.7",
+ "angular-resource": "1.4.7",
+ "ng-lodash": "0.3.0",
+ "bootstrap-css": "2.3.2"
+ }
+}
diff --git a/views/ngXosViews/openVPNDashboard/env/default.js b/views/ngXosViews/openVPNDashboard/env/default.js
new file mode 100644
index 0000000..5b198ec
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/env/default.js
@@ -0,0 +1,13 @@
+// This is a default configuration for your development environment.
+// You can duplicate this configuration for any of your Backend Environments.
+// Different configurations are loaded setting a NODE_ENV variable that contain the config file name.
+// `NODE_ENV=local npm start`
+//
+// If xoscsrftoken or xossessionid are not specified the browser value are used
+// (works only for local environment as both application are served on the same domain)
+
+module.exports = {
+ host: '',
+ xoscsrftoken: '',
+ xossessionid: ''
+};
diff --git a/views/ngXosViews/openVPNDashboard/gulp/build.js b/views/ngXosViews/openVPNDashboard/gulp/build.js
new file mode 100644
index 0000000..625e3ee
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/gulp/build.js
@@ -0,0 +1,150 @@
+'use strict';
+
+// BUILD
+//
+// The only purpose of this gulpfile is to build a XOS view and copy the correct files into
+// .html => dashboards
+// .js (minified and concat) => static/js
+//
+// The template are parsed and added to js with angular $templateCache
+
+var gulp = require('gulp');
+var ngAnnotate = require('gulp-ng-annotate');
+var uglify = require('gulp-uglify');
+var templateCache = require('gulp-angular-templatecache');
+var runSequence = require('run-sequence');
+var concat = require('gulp-concat');
+var del = require('del');
+var wiredep = require('wiredep');
+var angularFilesort = require('gulp-angular-filesort');
+var _ = require('lodash');
+var eslint = require('gulp-eslint');
+var inject = require('gulp-inject');
+var rename = require('gulp-rename');
+var replace = require('gulp-replace');
+var postcss = require('gulp-postcss');
+var autoprefixer = require('autoprefixer');
+var mqpacker = require('css-mqpacker');
+var csswring = require('csswring');
+
+var TEMPLATE_FOOTER = `}]);
+angular.module('xos.openVPNDashboard').run(function($location){$location.path('/')});
+angular.bootstrap(angular.element('#xosOpenVPNDashboard'), ['xos.openVPNDashboard']);`;
+
+module.exports = function(options){
+
+ // delete previous builded file
+ gulp.task('clean', function(){
+ return del(
+ [options.dashboards + 'xosOpenVPNDashboard.html'],
+ {force: true}
+ );
+ });
+
+ // minify css
+ gulp.task('css', function () {
+ var processors = [
+ autoprefixer({browsers: ['last 1 version']}),
+ mqpacker,
+ csswring
+ ];
+
+ gulp.src([
+ `${options.css}**/*.css`,
+ `!${options.css}dev.css`
+ ])
+ .pipe(postcss(processors))
+ .pipe(gulp.dest(options.tmp + '/css/'));
+ });
+
+ gulp.task('copyCss', ['css'], function(){
+ return gulp.src([`${options.tmp}/css/*.css`])
+ .pipe(concat('xosOpenVPNDashboard.css'))
+ .pipe(gulp.dest(options.static + 'css/'))
+ });
+
+ // compile and minify scripts
+ gulp.task('scripts', function() {
+ return gulp.src([
+ options.tmp + '**/*.js'
+ ])
+ .pipe(ngAnnotate())
+ .pipe(angularFilesort())
+ .pipe(concat('xosOpenVPNDashboard.js'))
+ .pipe(uglify())
+ .pipe(gulp.dest(options.static + 'js/'));
+ });
+
+ // set templates in cache
+ gulp.task('templates', function(){
+ return gulp.src('./src/templates/*.html')
+ .pipe(templateCache({
+ module: 'xos.openVPNDashboard',
+ root: 'templates/',
+ templateFooter: TEMPLATE_FOOTER
+ }))
+ .pipe(gulp.dest(options.tmp));
+ });
+
+ // copy html index to Django Folder
+ gulp.task('copyHtml', ['clean'], function(){
+ return gulp.src(options.src + 'index.html')
+ // remove dev dependencies from html
+ .pipe(replace(/<!-- bower:css -->(\n.*)*\n<!-- endbower --><!-- endcss -->/, ''))
+ .pipe(replace(/<!-- bower:js -->(\n.*)*\n<!-- endbower --><!-- endjs -->/, ''))
+ .pipe(replace(/ng-app=".*"\s/, ''))
+ // rewriting css path
+ // .pipe(replace(/(<link.*">)/, ''))
+ // injecting minified files
+ .pipe(
+ inject(
+ gulp.src([
+ options.static + 'js/vendor/xosOpenVPNDashboardVendor.js',
+ options.static + 'js/xosOpenVPNDashboard.js',
+ options.static + 'css/xosOpenVPNDashboard.css'
+ ]),
+ {ignorePath: '/../../../xos/core/xoslib'}
+ )
+ )
+ .pipe(rename('xosOpenVPNDashboard.html'))
+ .pipe(gulp.dest(options.dashboards));
+ });
+
+ // minify vendor js files
+ gulp.task('wiredep', function(){
+ var bowerDeps = wiredep().js;
+ if(!bowerDeps){
+ return;
+ }
+
+ // remove angular (it's already loaded)
+ _.remove(bowerDeps, function(dep){
+ return dep.indexOf('angular/angular.js') !== -1;
+ });
+
+ return gulp.src(bowerDeps)
+ .pipe(concat('xosOpenVPNDashboardVendor.js'))
+ .pipe(uglify())
+ .pipe(gulp.dest(options.static + 'js/vendor/'));
+ });
+
+ gulp.task('lint', function () {
+ return gulp.src(['src/js/**/*.js'])
+ .pipe(eslint())
+ .pipe(eslint.format())
+ .pipe(eslint.failAfterError());
+ });
+
+ gulp.task('build', function() {
+ runSequence(
+ 'lint',
+ 'templates',
+ 'babel',
+ 'scripts',
+ 'wiredep',
+ 'copyHtml',
+ 'copyCss',
+ 'cleanTmp'
+ );
+ });
+};
diff --git a/views/ngXosViews/openVPNDashboard/gulp/server.js b/views/ngXosViews/openVPNDashboard/gulp/server.js
new file mode 100644
index 0000000..7605294
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/gulp/server.js
@@ -0,0 +1,146 @@
+'use strict';
+
+var gulp = require('gulp');
+var browserSync = require('browser-sync').create();
+var inject = require('gulp-inject');
+var runSequence = require('run-sequence');
+var angularFilesort = require('gulp-angular-filesort');
+var babel = require('gulp-babel');
+var wiredep = require('wiredep').stream;
+var httpProxy = require('http-proxy');
+var del = require('del');
+
+const environment = process.env.NODE_ENV;
+
+if (environment){
+ var conf = require(`../env/${environment}.js`);
+}
+else{
+ var conf = require('../env/default.js')
+}
+
+var proxy = httpProxy.createProxyServer({
+ target: conf.host || 'http://0.0.0.0:9999'
+});
+
+
+proxy.on('error', function(error, req, res) {
+ res.writeHead(500, {
+ 'Content-Type': 'text/plain'
+ });
+
+ console.error('[Proxy]', error);
+});
+
+module.exports = function(options){
+
+ // open in browser with sync and proxy to 0.0.0.0
+ gulp.task('browser', function() {
+ browserSync.init({
+ // reloadDelay: 500,
+ // logLevel: 'debug',
+ // logConnections: true,
+ startPath: '#/',
+ snippetOptions: {
+ rule: {
+ match: /<!-- browserSync -->/i
+ }
+ },
+ server: {
+ baseDir: options.src,
+ routes: {
+ '/api': options.api,
+ '/xosHelpers/src': options.helpers
+ },
+ middleware: function(req, res, next){
+ if(
+ req.url.indexOf('/xos/') !== -1 ||
+ req.url.indexOf('/xoslib/') !== -1 ||
+ req.url.indexOf('/hpcapi/') !== -1
+ ){
+ if(conf.xoscsrftoken && conf.xossessionid){
+ req.headers.cookie = `xoscsrftoken=${conf.xoscsrftoken}; xossessionid=${conf.xossessionid}`;
+ req.headers['x-csrftoken'] = conf.xoscsrftoken;
+ }
+ proxy.web(req, res);
+ }
+ else{
+ next();
+ }
+ }
+ }
+ });
+
+ gulp.watch(options.src + 'js/**/*.js', ['js-watch']);
+ gulp.watch(options.src + 'vendor/**/*.js', ['bower'], function(){
+ browserSync.reload();
+ });
+ gulp.watch(options.src + '**/*.html', function(){
+ browserSync.reload();
+ });
+ });
+
+ // transpile js with sourceMaps
+ gulp.task('babel', function(){
+ return gulp.src(options.scripts + '**/*.js')
+ .pipe(babel({sourceMaps: true}))
+ .pipe(gulp.dest(options.tmp));
+ });
+
+ // inject scripts
+ gulp.task('injectScript', ['cleanTmp', 'babel'], function(){
+ return gulp.src(options.src + 'index.html')
+ .pipe(
+ inject(
+ gulp.src([
+ options.tmp + '**/*.js',
+ options.api + '*.js',
+ options.helpers + '**/*.js'
+ ])
+ .pipe(angularFilesort()),
+ {
+ ignorePath: [options.src, '/../../ngXosLib']
+ }
+ )
+ )
+ .pipe(gulp.dest(options.src));
+ });
+
+ // inject CSS
+ gulp.task('injectCss', function(){
+ return gulp.src(options.src + 'index.html')
+ .pipe(
+ inject(
+ gulp.src(options.src + 'css/*.css'),
+ {
+ ignorePath: [options.src]
+ }
+ )
+ )
+ .pipe(gulp.dest(options.src));
+ });
+
+ // inject bower dependencies with wiredep
+ gulp.task('bower', function () {
+ return gulp.src(options.src + 'index.html')
+ .pipe(wiredep({devDependencies: true}))
+ .pipe(gulp.dest(options.src));
+ });
+
+ gulp.task('js-watch', ['injectScript'], function(){
+ browserSync.reload();
+ });
+
+ gulp.task('cleanTmp', function(){
+ return del([options.tmp + '**/*']);
+ });
+
+ gulp.task('serve', function() {
+ runSequence(
+ 'bower',
+ 'injectScript',
+ 'injectCss',
+ ['browser']
+ );
+ });
+};
diff --git a/views/ngXosViews/openVPNDashboard/gulpfile.js b/views/ngXosViews/openVPNDashboard/gulpfile.js
new file mode 100644
index 0000000..a3523ee
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/gulpfile.js
@@ -0,0 +1,25 @@
+'use strict';
+
+var gulp = require('gulp');
+var wrench = require('wrench');
+
+var options = {
+ src: 'src/',
+ css: 'src/css/',
+ scripts: 'src/js/',
+ tmp: 'src/.tmp',
+ dist: 'dist/',
+ api: '../../ngXosLib/api/',
+ helpers: '../../ngXosLib/xosHelpers/src/',
+ static: '../../../xos/core/xoslib/static/', // this is the django static folder
+ dashboards: '../../../xos/core/xoslib/dashboards/' // this is the django html folder
+};
+
+wrench.readdirSyncRecursive('./gulp')
+.map(function(file) {
+ require('./gulp/' + file)(options);
+});
+
+gulp.task('default', function () {
+ gulp.start('build');
+});
diff --git a/views/ngXosViews/openVPNDashboard/karma.conf.js b/views/ngXosViews/openVPNDashboard/karma.conf.js
new file mode 100644
index 0000000..dbd344a
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/karma.conf.js
@@ -0,0 +1,89 @@
+// Karma configuration
+// Generated on Tue Oct 06 2015 09:27:10 GMT+0000 (UTC)
+
+/* eslint indent: [2,2], quotes: [2, "single"]*/
+
+/*eslint-disable*/
+var wiredep = require('wiredep');
+var path = require('path');
+
+var bowerComponents = wiredep( {devDependencies: true} )[ 'js' ].map(function( file ){
+ return path.relative(process.cwd(), file);
+});
+
+module.exports = function(config) {
+/*eslint-enable*/
+ config.set({
+
+ // base path that will be used to resolve all patterns (eg. files, exclude)
+ basePath: '',
+
+
+ // frameworks to use
+ // available frameworks: https://npmjs.org/browse/keyword/karma-adapter
+ frameworks: ['jasmine'],
+
+
+ // list of files / patterns to load in the browser
+ files: bowerComponents.concat([
+ 'src/css/**/*.css',
+ '../../static/js/xosApi.js',
+ '../../static/js/vendor/ngXosHelpers.js',
+ 'src/js/**/*.js',
+ 'spec/**/*.mock.js',
+ 'spec/**/*.test.js',
+ 'src/**/*.html'
+ ]),
+
+
+ // list of files to exclude
+ exclude: [
+ ],
+
+
+ // preprocess matching files before serving them to the browser
+ // available preprocessors: https://npmjs.org/browse/keyword/karma-preprocessor
+ preprocessors: {
+ 'src/js/**/*.js': ['babel'],
+ 'spec/**/*.test.js': ['babel'],
+ 'src/**/*.html': ['ng-html2js']
+ },
+
+ ngHtml2JsPreprocessor: {
+ stripPrefix: 'src/', //strip the src path from template url (http://stackoverflow.com/questions/22869668/karma-unexpected-request-when-testing-angular-directive-even-with-ng-html2js)
+ moduleName: 'templates' // define the template module name
+ },
+
+ // test results reporter to use
+ // possible values: 'dots', 'progress'
+ // available reporters: https://npmjs.org/browse/keyword/karma-reporter
+ reporters: ['mocha'],
+
+
+ // web server port
+ port: 9876,
+
+
+ // enable / disable colors in the output (reporters and logs)
+ colors: true,
+
+
+ // level of logging
+ // possible values: config.LOG_DISABLE || config.LOG_ERROR || config.LOG_WARN || config.LOG_INFO || config.LOG_DEBUG
+ logLevel: config.LOG_INFO,
+
+
+ // enable / disable watching file and executing tests whenever any file changes
+ autoWatch: true,
+
+
+ // start these browsers
+ // available browser launchers: https://npmjs.org/browse/keyword/karma-launcher
+ browsers: ['PhantomJS'],
+
+
+ // Continuous Integration mode
+ // if true, Karma captures browsers, runs the tests and exits
+ singleRun: false
+ });
+};
diff --git a/views/ngXosViews/openVPNDashboard/package.json b/views/ngXosViews/openVPNDashboard/package.json
new file mode 100644
index 0000000..412afec
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/package.json
@@ -0,0 +1,45 @@
+{
+ "name": "xos-openVPNDashboard",
+ "version": "1.0.0",
+ "description": "Angular Application for XOS, created with generator-xos",
+ "scripts": {
+ "prestart": "npm install && bower install",
+ "start": "gulp serve",
+ "prebuild": "npm install && bower install",
+ "build": "gulp",
+ "test": "karma start",
+ "lint": "eslint src/js/"
+ },
+ "keywords": [
+ "XOS",
+ "Angular",
+ "XOSlib"
+ ],
+ "author": "Jeremy Mowery",
+ "license": "MIT",
+ "dependencies": {},
+ "devDependencies": {
+ "browser-sync": "^2.9.11",
+ "del": "^2.0.2",
+ "gulp": "^3.9.0",
+ "gulp-angular-filesort": "^1.1.1",
+ "gulp-angular-templatecache": "^1.8.0",
+ "gulp-babel": "^5.3.0",
+ "gulp-concat": "^2.6.0",
+ "gulp-inject": "^3.0.0",
+ "gulp-minify-html": "^1.0.4",
+ "gulp-rename": "^1.2.2",
+ "gulp-replace": "^0.5.4",
+ "gulp-uglify": "^1.4.2",
+ "http-proxy": "^1.12.0",
+ "proxy-middleware": "^0.15.0",
+ "run-sequence": "^1.1.4",
+ "wiredep": "^3.0.0-beta",
+ "wrench": "^1.5.8",
+ "gulp-ng-annotate": "^1.1.0",
+ "lodash": "^3.10.1",
+ "eslint": "^1.8.0",
+ "eslint-plugin-angular": "linkmesrl/eslint-plugin-angular",
+ "gulp-eslint": "^1.0.0"
+ }
+}
diff --git a/views/ngXosViews/openVPNDashboard/spec/sample.test.js b/views/ngXosViews/openVPNDashboard/spec/sample.test.js
new file mode 100644
index 0000000..822c114
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/spec/sample.test.js
@@ -0,0 +1,37 @@
+'use strict';
+
+describe('The User List', () => {
+
+ var scope, element, isolatedScope, httpBackend;
+
+ beforeEach(module('xos.openVPNDashboard'));
+ beforeEach(module('templates'));
+
+ beforeEach(inject(function($httpBackend, $compile, $rootScope){
+
+ httpBackend = $httpBackend;
+ // Setting up mock request
+ $httpBackend.expectGET('/xos/users/?no_hyperlinks=1').respond([
+ {
+ email: 'jermowery@email.arizona.edu',
+ firstname: 'Jeremy',
+ lastname: 'Mowery'
+ }
+ ]);
+
+ scope = $rootScope.$new();
+ element = angular.element('<users-list></users-list>');
+ $compile(element)(scope);
+ scope.$digest();
+ isolatedScope = element.isolateScope().vm;
+ }));
+
+ it('should load 1 users', () => {
+ httpBackend.flush();
+ expect(isolatedScope.users.length).toBe(1);
+ expect(isolatedScope.users[0].email).toEqual('jermowery@email.arizona.edu');
+ expect(isolatedScope.users[0].firstname).toEqual('Jeremy');
+ expect(isolatedScope.users[0].lastname).toEqual('Mowery');
+ });
+
+});
\ No newline at end of file
diff --git a/views/ngXosViews/openVPNDashboard/src/css/openVPNDashboard.css b/views/ngXosViews/openVPNDashboard/src/css/openVPNDashboard.css
new file mode 100644
index 0000000..085d5d4
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/src/css/openVPNDashboard.css
@@ -0,0 +1,14 @@
+#xosOpenVPNDashboard{
+ width: 70%;
+ margin: auto;
+}
+.vpn-row {
+ display: table-row;
+}
+.vpn-cell {
+ display: table-cell;
+ padding: 5px;
+}
+.vpn-header {
+ font-weight: bold;
+}
diff --git a/views/ngXosViews/openVPNDashboard/src/index.html b/views/ngXosViews/openVPNDashboard/src/index.html
new file mode 100644
index 0000000..83048df
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/src/index.html
@@ -0,0 +1,34 @@
+<!-- browserSync -->
+<!-- bower:css -->
+<link rel="stylesheet" href="vendor/bootstrap-css/css/bootstrap.css" />
+<!-- endbower --><!-- endcss -->
+<!-- inject:css -->
+<link rel="stylesheet" href="/css/openVPNDashboard.css">
+<!-- endinject -->
+
+<div ng-app="xos.openVPNDashboard" id="xosOpenVPNDashboard">
+ <div ui-view></div>
+</div>
+
+<!-- bower:js -->
+<script src="vendor/jquery/dist/jquery.js"></script>
+<script src="vendor/angular/angular.js"></script>
+<script src="vendor/angular-mocks/angular-mocks.js"></script>
+<script src="vendor/angular-ui-router/release/angular-ui-router.js"></script>
+<script src="vendor/angular-cookies/angular-cookies.js"></script>
+<script src="vendor/angular-resource/angular-resource.js"></script>
+<script src="vendor/ng-lodash/build/ng-lodash.js"></script>
+<script src="vendor/bootstrap-css/js/bootstrap.js"></script>
+<!-- endbower --><!-- endjs -->
+<!-- inject:js -->
+<script src="/xosHelpers/src/xosHelpers.module.js"></script>
+<script src="/xosHelpers/src/ui_components/table/table.component.js"></script>
+<script src="/xosHelpers/src/ui_components/ui-components.module.js"></script>
+<script src="/xosHelpers/src/services/noHyperlinks.interceptor.js"></script>
+<script src="/xosHelpers/src/services/csrfToken.interceptor.js"></script>
+<script src="/xosHelpers/src/services/api.services.js"></script>
+<script src="/api/ng-xoslib.js"></script>
+<script src="/api/ng-xos.js"></script>
+<script src="/api/ng-hpcapi.js"></script>
+<script src="/.tmp/main.js"></script>
+<!-- endinject -->
diff --git a/views/ngXosViews/openVPNDashboard/src/js/main.js b/views/ngXosViews/openVPNDashboard/src/js/main.js
new file mode 100644
index 0000000..04d5d76
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/src/js/main.js
@@ -0,0 +1,61 @@
+'use strict';
+
+angular.module('xos.openVPNDashboard', [
+ 'ngResource',
+ 'ngCookies',
+ 'ngLodash',
+ 'ui.router',
+ 'xos.helpers'
+])
+.config(($stateProvider) => {
+ $stateProvider
+ .state('openVPNList', {
+ url: '/',
+ template: '<vpn-list></vpn-list>'
+ });
+})
+.config(($compileProvider) => {
+ $compileProvider.aHrefSanitizationWhitelist(
+ /^\s*(https?|ftp|mailto|tel|file|blob):/);
+})
+.service('Vpn', function($http, $q){
+
+ this.getOpenVpnTenants = () => {
+ let deferred = $q.defer();
+
+ $http.get('/xoslib/openvpntenant/')
+ .then((res) => {
+ deferred.resolve(res.data)
+ })
+ .catch((e) => {
+ deferred.reject(e);
+ });
+
+ return deferred.promise;
+ }
+})
+.config(function($httpProvider){
+ $httpProvider.interceptors.push('NoHyperlinks');
+})
+.directive('vpnList', function(){
+ return {
+ restrict: 'E',
+ scope: {},
+ bindToController: true,
+ controllerAs: 'vm',
+ templateUrl: 'templates/openvpn-list.tpl.html',
+ controller: function(Vpn){
+ Vpn.getOpenVpnTenants()
+ .then((vpns) => {
+ this.vpns = vpns;
+ for (var i = 0; i < this.vpns.length; i++) {
+ var blob = new Blob([this.vpns[i].script_text], {type: 'text/plain'});
+ this.vpns[i].script_text = (window.URL || window.webkitURL).createObjectURL( blob );
+ }
+ })
+ .catch((e) => {
+ throw new Error(e);
+ });
+ }
+ };
+});
diff --git a/views/ngXosViews/openVPNDashboard/src/templates/openvpn-list.tpl.html b/views/ngXosViews/openVPNDashboard/src/templates/openvpn-list.tpl.html
new file mode 100644
index 0000000..0c7635f
--- /dev/null
+++ b/views/ngXosViews/openVPNDashboard/src/templates/openvpn-list.tpl.html
@@ -0,0 +1,19 @@
+<div style="display: table;">
+ <div class="vpn-row">
+ <h1 class="vpn-cell">VPN List</h1>
+ </div>
+ <div class="vpn-row">
+ <div class="vpn-cell vpn-header">ID</div>
+ <div class="vpn-cell vpn-header">VPN Network</div>
+ <div class="vpn-cell vpn-header">VPN Subnet</div>
+ <div class="vpn-cell vpn-header">Script Link</div>
+ </div>
+ <div class="vpn-row" ng-repeat="vpn in vm.vpns">
+ <div class="vpn-cell">{{ vpn.id }}</div>
+ <div class="vpn-cell">{{ vpn.server_network }}</div>
+ <div class="vpn-cell">{{ vpn.vpn_subnet }}</div>
+ <div class="vpn-cell">
+ <a download="connect-{{ vpn.id }}.vpn" ng-href="{{ vpn.script_text }}">Script</a>
+ </div>
+ </div>
+</div>
diff --git a/views/npm-debug.log b/views/npm-debug.log
new file mode 100644
index 0000000..38c9da9
--- /dev/null
+++ b/views/npm-debug.log
@@ -0,0 +1,20 @@
+0 info it worked if it ends with ok
+1 verbose cli [ '/usr/bin/nodejs', '/usr/bin/npm', 'start' ]
+2 info using npm@3.6.0
+3 info using node@v5.7.0
+4 verbose stack Error: ENOENT: no such file or directory, open '/home/jeremy/xos/views/package.json'
+4 verbose stack at Error (native)
+5 verbose cwd /home/jeremy/xos/views
+6 error Linux 4.2.0-19-generic
+7 error argv "/usr/bin/nodejs" "/usr/bin/npm" "start"
+8 error node v5.7.0
+9 error npm v3.6.0
+10 error path /home/jeremy/xos/views/package.json
+11 error code ENOENT
+12 error errno -2
+13 error syscall open
+14 error enoent ENOENT: no such file or directory, open '/home/jeremy/xos/views/package.json'
+15 error enoent ENOENT: no such file or directory, open '/home/jeremy/xos/views/package.json'
+15 error enoent This is most likely not a problem with npm itself
+15 error enoent and is related to npm not being able to find a file.
+16 verbose exit [ -2, true ]
diff --git a/xos/configurations/acord/Makefile b/xos/configurations/acord/Makefile
index b5b93fa..bca17dd 100644
--- a/xos/configurations/acord/Makefile
+++ b/xos/configurations/acord/Makefile
@@ -8,7 +8,7 @@
cord:
sudo MYIP=$(MYIP) docker-compose up -d
bash ../common/wait_for_xos.sh
- sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/common/fixtures.yaml
+ sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py none /opt/xos/configurations/common/fixtures.yaml
sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/common/base.yaml
sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /root/setup/nodes.yaml
diff --git a/xos/configurations/acord/ceilometer.yaml b/xos/configurations/acord/ceilometer.yaml
index ff56579..66d5d32 100644
--- a/xos/configurations/acord/ceilometer.yaml
+++ b/xos/configurations/acord/ceilometer.yaml
@@ -164,6 +164,9 @@
ceilometer-trusty-server-multi-nic:
type: tosca.nodes.Image
+ m1.small:
+ type: tosca.nodes.Flavor
+
mysite_ceilometer:
description: Ceilometer Proxy Slice
type: tosca.nodes.Slice
@@ -177,8 +180,10 @@
- default_image:
node: ceilometer-trusty-server-multi-nic
relationship: tosca.relationships.DefaultImage
+ - m1.small:
+ node: m1.small
+ relationship: tosca.relationships.DefaultFlavor
properties:
- default_flavor: m1.small
max_instances: 2
# mysite_sflow:
diff --git a/xos/configurations/bash/copyin-vtn.sh b/xos/configurations/bash/copyin-vtn.sh
deleted file mode 100644
index ef18704..0000000
--- a/xos/configurations/bash/copyin-vtn.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#! /bin/bash
-
-export SETUPDIR=/root/setup
-
-# copy in file necessary to setup VTN
-
-cd ../cord
-CONTAINER=$( docker ps|grep "xos"|awk '{print $NF}' )
-make vtn_network_cfg_json
-docker cp $SETUPDIR/vtn-network-cfg.json $CONTAINER:/root/setup/
-docker cp ../common/id_rsa.pub $CONTAINER:/opt/xos/observers/onos/onos_key.pub
-docker cp ../common/id_rsa $CONTAINER:/opt/xos/observers/onos/onos_key
diff --git a/xos/configurations/common/fixtures.yaml b/xos/configurations/common/fixtures.yaml
index 6419211..6d9c0e8 100644
--- a/xos/configurations/common/fixtures.yaml
+++ b/xos/configurations/common/fixtures.yaml
@@ -7,6 +7,11 @@
topology_template:
node_templates:
+
+# -----------------------------------------------------------------------------
+# Network Parameter Types
+# -----------------------------------------------------------------------------
+
s_tag:
type: tosca.nodes.NetworkParameterType
@@ -24,3 +29,97 @@
neutron_port_name:
type: tosca.nodes.NetworkParameterType
+
+# ----------------------------------------------------------------------------
+# Roles
+# ----------------------------------------------------------------------------
+
+ siterole#admin:
+ type: tosca.nodes.SiteRole
+
+ siterole#pi:
+ type: tosca.nodes.SiteRole
+
+ siterole#tech:
+ type: tosca.nodes.SiteRole
+
+ tenantrole#admin:
+ type: tosca.nodes.TenantRole
+
+ tenantrole#access:
+ type: tosca.nodes.TenantRole
+
+ deploymentrole#admin:
+ type: tosca.nodes.DeploymentRole
+
+ slicerole#admin:
+ type: tosca.nodes.SliceRole
+
+ slicerole#access:
+ type: tosca.nodes.SliceRole
+
+# -----------------------------------------------------------------------------
+# Flavors
+# -----------------------------------------------------------------------------
+
+ m1.small:
+ type: tosca.nodes.Flavor
+
+ m1.medium:
+ type: tosca.nodes.Flavor
+
+ m1.large:
+ type: tosca.nodes.Flavor
+
+# -----------------------------------------------------------------------------
+# Dashboard Views
+# -----------------------------------------------------------------------------
+
+ xsh:
+ type: tosca.nodes.DashboardView
+ properties:
+ url: template:xsh
+
+ Customize:
+ type: tosca.nodes.DashboardView
+ properties:
+ url: template:customize
+
+ Tenant:
+ type: tosca.nodes.DashboardView
+ properties:
+ url: template:xosTenant
+
+ Developer:
+ type: tosca.nodes.DashboardView
+ properties:
+ url: template:xosDeveloper_datatables
+
+# -----------------------------------------------------------------------------
+# Network Templates
+# -----------------------------------------------------------------------------
+
+ Private:
+ type: tosca.nodes.NetworkTemplate
+ properties:
+ visibility: private
+ translation: none
+
+ Public shared IPv4:
+ type: tosca.nodes.NetworkTemplate
+ properties:
+ visibility: private
+ translation: NAT
+ shared_network_name: nat-net
+
+ Public dedicated IPv4:
+ type: tosca.nodes.NetworkTemplate
+ properties:
+ visibility: public
+ translation: none
+ shared_network_name: ext-net
+
+
+
+
+
diff --git a/xos/configurations/common/mydeployment.yaml b/xos/configurations/common/mydeployment.yaml
new file mode 100644
index 0000000..9d2c951
--- /dev/null
+++ b/xos/configurations/common/mydeployment.yaml
@@ -0,0 +1,64 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+description: Some basic fixtures
+
+imports:
+ - custom_types/xos.yaml
+
+topology_template:
+ node_templates:
+ m1.large:
+ type: tosca.nodes.Flavor
+
+ m1.medium:
+ type: tosca.nodes.Flavor
+
+ m1.small:
+ type: tosca.nodes.Flavor
+
+ MyDeployment:
+ type: tosca.nodes.Deployment
+ requirements:
+ - m1.large:
+ node: m1.large
+ relationship: tosca.relationships.SupportsFlavor
+ - m1.medium:
+ node: m1.medium
+ relationship: tosca.relationships.SupportsFlavor
+ - m1.small:
+ node: m1.small
+ relationship: tosca.relationships.SupportsFlavor
+
+ mysite:
+ type: tosca.nodes.Site
+ properties:
+ display_name: MySite
+ requirements:
+ - deployment:
+ node: MyDeployment
+ relationship: tosca.relationships.SiteDeployment
+
+ # Include the Tenant view so we can make it a default of padmin@vicci.org
+ Tenant:
+ type: tosca.nodes.DashboardView
+ properties:
+ no-create: true
+ no-update: true
+ no-delete: true
+
+ padmin@vicci.org:
+ type: tosca.nodes.User
+ properties:
+ password: letmein
+# encrypted_password: pbkdf2_sha256$12000$Qufx9iqtaYma$xs0YurPOcj9qYQna/Qrb3K+im9Yr2XEVr0J4Kqek7AE=
+ firstname: XOS
+ lastname: admin
+ is_admin: true
+ requirements:
+ - site:
+ node: mysite
+ relationship: tosca.relationships.MemberOfSite
+ - tenant_dashboard:
+ node: Tenant
+ relationship: tosca.relationships.UsesDashboard
+
diff --git a/xos/configurations/cord-deprecated/Makefile b/xos/configurations/cord-deprecated/Makefile
index 1e53e79..6633e17 100644
--- a/xos/configurations/cord-deprecated/Makefile
+++ b/xos/configurations/cord-deprecated/Makefile
@@ -8,7 +8,7 @@
cord: virtualbng_json vtn_network_cfg_json
sudo MYIP=$(MYIP) docker-compose up -d
bash ../common/wait_for_xos.sh
- sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/common/fixtures.yaml
+ sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py none /opt/xos/configurations/common/fixtures.yaml
sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/common/base.yaml
sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /root/setup/nodes.yaml
sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/cord/cord.yaml
diff --git a/xos/configurations/cord-deprecated/ceilometer.yaml b/xos/configurations/cord-deprecated/ceilometer.yaml
index 3724265..464b07b 100644
--- a/xos/configurations/cord-deprecated/ceilometer.yaml
+++ b/xos/configurations/cord-deprecated/ceilometer.yaml
@@ -164,6 +164,9 @@
ceilometer-trusty-server-multi-nic:
type: tosca.nodes.Image
+ m1.small:
+ type: tosca.nodes.Flavor
+
mysite_ceilometer:
description: Ceilometer Proxy Slice
type: tosca.nodes.Slice
@@ -177,8 +180,9 @@
- default_image:
node: ceilometer-trusty-server-multi-nic
relationship: tosca.relationships.DefaultImage
- properties:
- default_flavor: m1.small
+ - default_flavor:
+ node: m1.small
+ relationship: tosca.relationships.DefaultFlavor
# mysite_sflow:
# description: Slice for sFlow service
diff --git a/xos/configurations/cord-pod/Makefile b/xos/configurations/cord-pod/Makefile
index 9296f10..3745f93 100644
--- a/xos/configurations/cord-pod/Makefile
+++ b/xos/configurations/cord-pod/Makefile
@@ -2,6 +2,8 @@
xos: nodes.yaml images.yaml
sudo docker-compose up -d
../common/wait_for_xos_port.sh 80
+ sudo docker-compose run xos python /opt/xos/tosca/run.py none /opt/xos/configurations/common/fixtures.yaml
+ sudo docker-compose run xos python /opt/xos/tosca/run.py none /opt/xos/configurations/common/mydeployment.yaml
sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /root/setup/setup.yaml
sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /root/setup/nodes.yaml
sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /root/setup/images.yaml
@@ -11,7 +13,6 @@
cord: virtualbng_json
sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /root/setup/mgmt-net.yaml
- sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/common/fixtures.yaml
sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /root/setup/cord-vtn-vsg.yaml
exampleservice:
diff --git a/xos/configurations/cord-pod/README.md b/xos/configurations/cord-pod/README.md
index b1304b7..c300416 100644
--- a/xos/configurations/cord-pod/README.md
+++ b/xos/configurations/cord-pod/README.md
@@ -73,51 +73,80 @@
ubuntu@xos:~$ cd xos/xos/configurations/cord-pod
```
-Next, check that the following files exist in this directory:
+Next, check that the following files exist in this directory
+(they will have been put there for you by the cluster installation scripts):
* *admin-openrc.sh*: Admin credentials for your OpenStack cloud
* *id_rsa[.pub]*: A keypair that will be used by the various services
* *node_key*: A private key that allows root login to the compute nodes
-They will have been put there for you by the cluster installation scripts.
+XOS can then be brought up for CORD by running a few `make` commands.
+First, run:
-**If your setup uses the CORD fabric**, you need to modify the autogenerated VTN
-configuration and node tags, and edit `cord-vtn-vsg.yml` as follows.
-
- 1. The VTN app configuration is autogenerated by XOS. For more information
-about the configuration, see [this page on the ONOS Wiki](https://wiki.onosproject.org/display/ONOS/CORD+VTN),
-under the **ONOS Settings** heading. To see the generated
-configuration, go to http://xos/admin/onos/onosapp/, click on
-*VTN_ONOS_app*, then the *Attributes* tab, and look for the
-`rest_onos/v1/network/configuration/` attribute. You can edit this
-configuration after deleting the `autogenerate` attribute (otherwise XOS will
-overwrite your changes), or you can change the other
-attributes and delete `rest_onos/v1/network/configuration/` in order
-to get XOS to regenerate it.
-
- 2. The process of autoconfiguring VTN also assigns some default values to per-node parameters. Go to
- http://xos/admin/core/node/, select a node, then select the *Tags* tab. Configure the following:
- * `bridgeId` (the ID to set on the node's br-int)
- * `dataPlaneIntf` (the data plane interface for the fabric on the node)
- * `dataPlaneIp` (the IP address for the node on the fabric)
-
- 3. Modify `cord-vtn-vsg.yml` and set these parameters to the
-appropriate values for the fabric:
- * `addresses_vsg:properties:addresses` (IP address block of fabric)
- * `addresses_vsg:properties:gateway_ip`
- * `addresses_vsg:properties:gateway_mac`
-
-If you're not using the fabric then the default values should be OK.
-
-XOS can then be brought up for CORD by running a few `make` commands:
```
ubuntu@xos:~/xos/xos/configurations/cord-pod$ make
+```
+
+After this you will be able to login to the XOS GUI at
+*http://xos/* using username/password `padmin@vicci.org/letmein`.
+Before proceeding, you should verify that objects in XOS are
+being sync'ed with OpenStack. Log into the GUI and select *Users*
+at left. Make sure there is a green check next to `padmin@vicci.org`.
+
+Next, you may need to edit `vtn-external.yml` so that `rest_hostname:`
+points to the host where ONOS should run the VTN app. Then run:
+
+```
ubuntu@xos:~/xos/xos/configurations/cord-pod$ make vtn
+```
+The above step configures the ONOS VTN app by generating a configuration
+and pushing it to ONOS. **If you are not setting up the single-node development POD**, you will
+need to modify the generated configuration via the XOS GUI. (The defaults
+should be OK for the single-node POD.) For more information
+about how to configure VTN, see [the CORD VTN page on the ONOS Wiki](https://wiki.onosproject.org/display/ONOS/CORD+VTN),
+under the **ONOS Settings** heading.
+
+* To see the generated configuration, go to *http://xos/admin/onos/onosapp/*, select
+*VTN_ONOS_app*, then the *Attributes* tab, and look for the
+`rest_onos/v1/network/configuration/` attribute.
+
+* To change `privateGatewayMac`, `localManagementIp`, `ovsdbPort`, `sshPort`,
+`sshUser` or `sshKeyFile` in the generated configuration, select *Services* at
+left in the XOS GUI, then *service_vtn*. Modify these fields under *VTN Service Details*
+and then select *Save*.
+
+* To change `bridgeId`, `dataPlaneIntf`, or `dataPlaneIp` for a particular compute node, go to
+*http://xos/admin/core/node/*, select a node, then select the *Tags* tab. Modify the appropriate tag
+and then select *Save*.
+
+* After modifying the above fields, delete the `rest_onos/v1/network/configuration/` attribute
+in the *ONOS_VTN_app* and select *Save*. The attribute will be regenerated using the new information.
+
+* Alternatively, if you want to load your own VTN configuration manually, you can delete the
+`autogenerate` attribute from the *ONOS_VTN_app*, paste your configuration in the
+`rest_onos/v1/network/configuration/` attribute, and select *Save*.
+
+Before proceeding, check that the VTN app is controlling Open vSwitch on the compute nodes. Log
+into ONOS and run the `cordvtn-nodes` command:
+
+```
+$ ssh -p 8101 karaf@onos-cord # password is karaf
+onos> cordvtn-nodes
+hostname=nova-compute, hostMgmtIp=192.168.122.177/24, dpIp=192.168.199.1/24, br-int=of:0000000000000001, dpIntf=veth1, init=COMPLETE
+Total 1 nodes
+```
+The important part is the `init=COMPLETE` at the end. If you do not see this, refer to
+[the CORD VTN page on the ONOS Wiki](https://wiki.onosproject.org/display/ONOS/CORD+VTN) for
+help fixing the problem. This must be working to bring up VMs on the POD.
+
+Finally modify `cord-vtn-vsg.yml` and change `addresses_vsg` so that it contains the IP address block,
+gateway IP, and gateway MAC of the fabric. (Again, the defaults are fine for the single-node POD.)
+Then run:
+
+```
ubuntu@xos:~/xos/xos/configurations/cord-pod$ make cord
```
-After the first 'make' command above, you will be able to login to XOS at
-*http://xos/* using username/password `padmin@vicci.org/letmein`.
### Inspecting the vSG
diff --git a/xos/configurations/cord-pod/ceilometer.yaml b/xos/configurations/cord-pod/ceilometer.yaml
index 3b32345..d07f2e9 100644
--- a/xos/configurations/cord-pod/ceilometer.yaml
+++ b/xos/configurations/cord-pod/ceilometer.yaml
@@ -171,6 +171,9 @@
ceilometer-trusty-server-multi-nic:
type: tosca.nodes.Image
+ m1.small:
+ type: tosca.nodes.Flavor
+
mysite_ceilometer:
description: Ceilometer Proxy Slice
type: tosca.nodes.Slice
@@ -187,8 +190,9 @@
- management:
node: management
relationship: tosca.relationships.ConnectsToNetwork
- properties:
- default_flavor: m1.small
+ - m1.small:
+ node: m1.small
+ relationship: tosca.relationships.DefaultFlavor
# mysite_sflow:
# description: Slice for sFlow service
diff --git a/xos/configurations/devel/Makefile b/xos/configurations/devel/Makefile
index 1e650f3..cbf152c 100644
--- a/xos/configurations/devel/Makefile
+++ b/xos/configurations/devel/Makefile
@@ -7,6 +7,7 @@
xos:
sudo MYIP=$(MYIP) docker-compose up -d
bash ../common/wait_for_xos.sh
+ sudo docker-compose run xos python /opt/xos/tosca/run.py none /opt/xos/configurations/common/fixtures.yaml
sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/common/base.yaml
sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /root/setup/nodes.yaml
diff --git a/xos/configurations/frontend/Makefile b/xos/configurations/frontend/Makefile
index ee2739c..09c714b 100644
--- a/xos/configurations/frontend/Makefile
+++ b/xos/configurations/frontend/Makefile
@@ -4,6 +4,8 @@
sudo make -f ../common/Makefile.prereqs
sudo docker-compose up -d
bash ../common/wait_for_xos.sh
+ sudo docker-compose run xos python /opt/xos/tosca/run.py none /opt/xos/configurations/common/fixtures.yaml
+ sudo docker-compose run xos python /opt/xos/tosca/run.py none /opt/xos/configurations/common/mydeployment.yaml
sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/frontend/sample.yaml
containers:
@@ -28,7 +30,6 @@
sudo docker exec frontend_xos_1 touch /opt/xos/xos/settings.py
mock-cord:
- sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/common/fixtures.yaml
sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/frontend/mocks/cord.yaml
sudo docker exec frontend_xos_1 cp /opt/xos/configurations/cord/xos_cord_config /opt/xos/xos_configuration/
sudo docker exec frontend_xos_1 touch /opt/xos/xos/settings.py
diff --git a/xos/configurations/opencloud/Makefile b/xos/configurations/opencloud/Makefile
index aef4946..03168ed 100644
--- a/xos/configurations/opencloud/Makefile
+++ b/xos/configurations/opencloud/Makefile
@@ -1,6 +1,7 @@
xos:
sudo docker-compose up -d
bash ./wait_for_xos.sh
+ sudo docker-compose run xos python /opt/xos/tosca/run.py none /opt/xos/configurations/common/fixtures.yaml
sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/opencloud/opencloud.yaml
containers:
diff --git a/xos/configurations/openvpn/Makefile b/xos/configurations/openvpn/Makefile
new file mode 100644
index 0000000..f71f638
--- /dev/null
+++ b/xos/configurations/openvpn/Makefile
@@ -0,0 +1,57 @@
+MYIP:=$(shell hostname -i)
+
+cloudlab: common_cloudlab xos
+
+xos:
+ sudo MYIP=$(MYIP) docker-compose up -d
+ bash ../common/wait_for_xos.sh
+ sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/common/base.yaml
+ sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /root/setup/nodes.yaml
+
+frontend:
+ sudo make -f ../common/Makefile.prereqs
+ sudo docker-compose up -d
+ bash ../common/wait_for_xos.sh
+ sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/frontend/sample.yaml
+
+containers:
+ cd ../../../containers/xos; make devel
+ cd ../../../containers/synchronizer; make
+ cd ../../../containers/openvpn; make
+
+common_cloudlab:
+ make -C ../common -f Makefile.cloudlab
+
+stop:
+ sudo MYIP=$(MYIP) docker-compose stop
+
+showlogs:
+ sudo MYIP=$(MYIP) docker-compose logs
+
+rm: stop
+ sudo MYIP=$(MYIP) docker-compose rm
+
+ps:
+ sudo MYIP=$(MYIP) docker-compose ps
+
+enter-xos:
+ sudo docker exec -it openvpn_xos_1 bash
+
+enter-synchronizer:
+ sudo docker exec -it openvpn_xos_synchronizer_openvpn_1 bash
+
+upgrade_pkgs:
+ sudo pip install httpie --upgrade
+
+rebuild_xos:
+ make -C ../../../containers/xos devel
+
+rebuild_synchronizer:
+ make -C ../../../containers/synchronizer
+
+cleanup_docker: rm
+ sudo docker rm -v $(docker ps -a -q -f status=exited) || true
+ docker rm -v $(docker ps -a -q -f status=exited) || true
+ sudo docker rmi $(docker images -qf "dangling=true") || true
+ socker rmi $(docker images -qf "dangling=true") || true
+ sudo docker run -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker:/var/lib/docker --rm martin/docker-cleanup-volumes || true
diff --git a/xos/configurations/openvpn/docker-compose.yml b/xos/configurations/openvpn/docker-compose.yml
new file mode 100644
index 0000000..e609838
--- /dev/null
+++ b/xos/configurations/openvpn/docker-compose.yml
@@ -0,0 +1,62 @@
+xos_db:
+ image: xosproject/xos-postgres
+ expose:
+ - "5432"
+
+xos_synchronizer_openstack:
+ image: xosproject/xos-synchronizer-openstack
+ command: bash -c "sleep 120; python /opt/xos/synchronizers/openstack/xos-synchronizer.py"
+ labels:
+ org.xosproject.kind: synchronizer
+ org.xosproject.target: openstack
+ links:
+ - xos_db
+ extra_hosts:
+ - ctl:${MYIP}
+ volumes:
+ - ../common/xos_common_config:/opt/xos/xos_configuration/xos_common_config:ro
+ - ./images:/opt/xos/images:ro
+
+xos_synchronizer_openvpn:
+ image: xosproject/xos-openvpn
+ command: bash -c "sleep 120 ; python /opt/xos/synchronizers/openvpn/openvpn-synchronizer.py -C /opt/xos/synchronizers/openvpn/openvpn_config"
+ labels:
+ org.xosproject.kind: synchronizer
+ org.xosproject.target: openvpn
+ links:
+ - xos_db
+ extra_hosts:
+ - ctl:${MYIP}
+ volumes:
+ - ../setup/id_rsa:/opt/xos/synchronizers/openvpn/openvpn_private_key:ro # private key
+ volumes_from:
+ - xos_openvpn_data:rw
+
+xos_openvpn_data:
+ image: xosproject/xos-openvpn
+ links:
+ - xos_db
+ extra_hosts:
+ - ctl:${MYIP}
+ volumes:
+ - /opt/openvpn
+
+# FUTURE
+#xos_swarm_synchronizer:
+# image: xosproject/xos-swarm-synchronizer
+# labels:
+# org.xosproject.kind: synchronizer
+# org.xosproject.target: swarm
+
+xos:
+ image: xosproject/xos-openvpn
+ command: python /opt/xos/manage.py runserver 0.0.0.0:8000 --insecure --makemigrations
+ ports:
+ - "9999:8000"
+ links:
+ - xos_db
+ volumes:
+ - ../setup:/root/setup:ro
+ - ../common/xos_common_config:/opt/xos/xos_configuration/xos_common_config:ro
+ volumes_from:
+ - xos_openvpn_data:rw
diff --git a/xos/configurations/syndicate/Makefile b/xos/configurations/syndicate/Makefile
index eb8050e..9d854f9 100644
--- a/xos/configurations/syndicate/Makefile
+++ b/xos/configurations/syndicate/Makefile
@@ -7,6 +7,7 @@
xos: syndicate_config
sudo MYIP=$(MYIP) docker-compose up -d
bash ../common/wait_for_xos.sh
+ sudo docker-compose run xos python /opt/xos/tosca/run.py none /opt/xos/configurations/common/fixtures.yaml
sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/common/base.yaml
sudo MYIP=$(MYIP) docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /root/setup/nodes.yaml
diff --git a/xos/configurations/test-standalone/Makefile b/xos/configurations/test-standalone/Makefile
index 50f2cc5..3ef5848 100644
--- a/xos/configurations/test-standalone/Makefile
+++ b/xos/configurations/test-standalone/Makefile
@@ -16,8 +16,6 @@
export TRUNCATE_FN
prepare: xos
- # INSTALL DEPS
- # RUN ONCE BEFORE RUNNING TESTS
sudo docker exec -i teststandalone_xos_1 bash -c "cd /opt/xos/tests/api; npm install --production"
sudo docker exec teststandalone_xos_1 pip install dredd_hooks
@@ -25,17 +23,15 @@
sudo make -f ../common/Makefile.prereqs
sudo docker-compose up -d
bash ../common/wait_for_xos.sh
- # sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/frontend/sample.yaml
- # sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/common/fixtures.yaml
restore-initial-db-status:
sudo docker exec teststandalone_xos_db_1 psql -U postgres -d xos -c "$$TRUNCATE_FN"
sudo docker exec teststandalone_xos_db_1 psql -U postgres -d xos -c "SELECT truncate_tables('postgres');"
sudo docker exec teststandalone_xos_db_1 psql -U postgres -d xos -c "SELECT setval('core_tenant_id_seq', 1)"
sudo docker-compose run xos python /opt/xos/manage.py --noobserver --nomodelpolicy loaddata /opt/xos/core/fixtures/core_initial_data.json
+ sudo docker-compose run xos python /opt/xos/tosca/run.py none /opt/xos/configurations/common/fixtures.yaml
+ sudo docker-compose run xos python /opt/xos/tosca/run.py none /opt/xos/configurations/common/mydeployment.yaml
sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/frontend/sample.yaml
- sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/common/fixtures.yaml
-
test: restore-initial-db-status
@@ -45,10 +41,6 @@
test-tosca:
sudo docker-compose run xos bash -c "cd /opt/xos/tosca/tests; python ./alltests.py"
-test-gui:
- cd ../../../views/ngXosViews/ceilometerDashboard; npm install
- cd ../../../views/ngXosViews/ceilometerDashboard; npm run test:ci
-
base-container:
cd ../../../containers/xos; make devel
diff --git a/xos/core/admin.py b/xos/core/admin.py
index b91267a..4721a08 100644
--- a/xos/core/admin.py
+++ b/xos/core/admin.py
@@ -979,6 +979,24 @@
)
+class TenantRoleAdmin(XOSBaseAdmin):
+ """Admin for TenantRoles."""
+ model = TenantRole
+ fields = ('role',)
+
+
+class TenantPrivilegeInline(XOSTabularInline):
+ """Inline for adding a TenantPrivilege to a Tenant."""
+ model = TenantPrivilege
+ extra = 0
+ suit_classes = 'suit-tab suit-tab-tenantprivileges'
+ fields = ['backend_status_icon', 'user', 'role', 'tenant']
+ readonly_fields = ('backend_status_icon', )
+
+ def queryset(self, request):
+ return TenantPrivilege.select_by_user(request.user)
+
+
class ProviderTenantInline(XOSTabularInline):
model = CoarseTenant
fields = ['provider_service', 'subscriber_service', 'connect_method']
@@ -2416,5 +2434,6 @@
admin.site.register(Flavor, FlavorAdmin)
admin.site.register(TenantRoot, TenantRootAdmin)
admin.site.register(TenantRootRole, TenantRootRoleAdmin)
+ admin.site.register(TenantRole, TenantRoleAdmin)
admin.site.register(TenantAttribute, TenantAttributeAdmin)
admin.site.register(AddressPool, AddressPoolAdmin)
diff --git a/xos/core/fixtures/core_initial_data.json b/xos/core/fixtures/core_initial_data.json
index 86658bb..01ff999 100644
--- a/xos/core/fixtures/core_initial_data.json
+++ b/xos/core/fixtures/core_initial_data.json
@@ -1,214 +1,6 @@
[
{
"fields": {
- "updated": "2015-02-17T22:06:37.837Z",
- "policed": null,
- "created": "2015-02-17T22:06:37.837Z",
- "deleted": false,
- "site_url": null,
- "enabled": true,
- "longitude": null,
- "name": "MySite",
- "backend_register": "{}",
- "login_base": "mysite",
- "location": "0,0",
- "latitude": null,
- "is_public": true,
- "backend_status": "0 - Provisioning in progress",
- "abbreviated_name": "mysite",
- "enacted": null
- },
- "model": "core.site",
- "pk": 1
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:38.620Z",
- "policed": null,
- "created": "2015-02-17T22:06:38.620Z",
- "deleted": false,
- "backend_register": "{}",
- "role": "admin",
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.siterole",
- "pk": 1
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:38.670Z",
- "policed": null,
- "created": "2015-02-17T22:06:38.669Z",
- "deleted": false,
- "backend_register": "{}",
- "role": "pi",
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.siterole",
- "pk": 2
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:38.731Z",
- "policed": null,
- "created": "2015-02-17T22:06:38.730Z",
- "deleted": false,
- "backend_register": "{}",
- "role": "tech",
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.siterole",
- "pk": 3
-},
-{
- "fields": {
- "accessControl": "allow all",
- "updated": "2015-02-17T22:06:37.789Z",
- "policed": null,
- "created": "2015-02-17T22:06:37.789Z",
- "deleted": false,
- "name": "MyDeployment",
- "backend_register": "{}",
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.deployment",
- "pk": 1
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:38.894Z",
- "policed": null,
- "created": "2015-02-17T22:06:38.894Z",
- "deleted": false,
- "backend_register": "{}",
- "role": "admin",
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.deploymentrole",
- "pk": 1
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:37.893Z",
- "policed": null,
- "created": "2015-02-17T22:06:37.893Z",
- "deleted": false,
- "availability_zone": null,
- "site": 1,
- "backend_register": "{}",
- "controller": null,
- "deployment": 1,
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.sitedeployment",
- "pk": 1
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:38.953Z",
- "policed": null,
- "created": "2015-02-17T22:06:38.953Z",
- "deleted": false,
- "deployments": [],
- "enabled": true,
- "name": "xsh",
- "backend_register": "{}",
- "url": "template:xsh",
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.dashboardview",
- "pk": 1
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:39.011Z",
- "policed": null,
- "created": "2015-02-17T22:06:39.011Z",
- "deleted": false,
- "deployments": [],
- "enabled": true,
- "name": "Customize",
- "backend_register": "{}",
- "url": "template:customize",
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.dashboardview",
- "pk": 2
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:39.244Z",
- "policed": null,
- "created": "2015-02-17T22:06:39.069Z",
- "deleted": false,
- "deployments": [
- 1
- ],
- "enabled": true,
- "name": "Tenant",
- "backend_register": "{}",
- "url": "template:xosTenant",
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.dashboardview",
- "pk": 3
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:39.302Z",
- "policed": null,
- "created": "2015-02-17T22:06:39.302Z",
- "deleted": false,
- "deployments": [],
- "enabled": true,
- "name": "Developer",
- "backend_register": "{}",
- "url": "template:xosDeveloper_datatables",
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.dashboardview",
- "pk": 4
-},
-{
- "fields": {
- "policed": null,
- "site": 1,
- "is_staff": true,
- "timezone": "America/New_York",
- "backend_status": "Provisioning in progress",
- "is_registering": false,
- "last_login": "2015-02-17T22:35:17.822Z",
- "email": "padmin@vicci.org",
- "username": "padmin@vicci.org",
- "updated": "2015-02-17T22:06:38.059Z",
- "firstname": "XOS",
- "user_url": null,
- "deleted": false,
- "lastname": "admin",
- "is_active": true,
- "phone": null,
- "is_admin": true,
- "password": "pbkdf2_sha256$12000$Qufx9iqtaYma$xs0YurPOcj9qYQna/Qrb3K+im9Yr2XEVr0J4Kqek7AE=",
- "enacted": null,
- "public_key": null,
- "is_readonly": false,
- "created": "2015-02-17T22:06:38.059Z"
- },
- "model": "core.user",
- "pk": 1
-},
-{
- "fields": {
"updated": "2015-02-17T22:06:39.361Z",
"membershipFee": 0,
"policed": null,
@@ -226,162 +18,5 @@
},
"model": "core.serviceclass",
"pk": 1
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:38.236Z",
- "policed": null,
- "created": "2015-02-17T22:06:38.095Z",
- "deleted": false,
- "deployments": [
- 1
- ],
- "description": null,
- "name": "m1.small",
- "backend_register": "{}",
- "default": false,
- "flavor": "m1.small",
- "backend_status": "0 - Provisioning in progress",
- "order": 0,
- "enacted": null
- },
- "model": "core.flavor",
- "pk": 1
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:38.394Z",
- "policed": null,
- "created": "2015-02-17T22:06:38.287Z",
- "deleted": false,
- "deployments": [
- 1
- ],
- "description": null,
- "name": "m1.medium",
- "backend_register": "{}",
- "default": false,
- "flavor": "m1.medium",
- "backend_status": "0 - Provisioning in progress",
- "order": 0,
- "enacted": null
- },
- "model": "core.flavor",
- "pk": 2
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:38.561Z",
- "policed": null,
- "created": "2015-02-17T22:06:38.445Z",
- "deleted": false,
- "deployments": [
- 1
- ],
- "description": null,
- "name": "m1.large",
- "backend_register": "{}",
- "default": false,
- "flavor": "m1.large",
- "backend_status": "0 - Provisioning in progress",
- "order": 0,
- "enacted": null
- },
- "model": "core.flavor",
- "pk": 3
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:38.778Z",
- "policed": null,
- "created": "2015-02-17T22:06:38.778Z",
- "deleted": false,
- "backend_register": "{}",
- "role": "admin",
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.slicerole",
- "pk": 1
-},
-{
- "fields": {
- "updated": "2015-02-17T22:06:38.836Z",
- "policed": null,
- "created": "2015-02-17T22:06:38.836Z",
- "deleted": false,
- "backend_register": "{}",
- "role": "access",
- "backend_status": "0 - Provisioning in progress",
- "enacted": null
- },
- "model": "core.slicerole",
- "pk": 2
-},
-{
- "fields": {
- "shared_network_id": null,
- "updated": "2015-02-17T22:06:39.419Z",
- "policed": null,
- "created": "2015-02-17T22:06:39.419Z",
- "deleted": false,
- "description": "A private virtual network",
- "visibility": "private",
- "name": "Private",
- "backend_register": "{}",
- "topology_kind": "bigswitch",
- "guaranteed_bandwidth": 0,
- "translation": "none",
- "backend_status": "0 - Provisioning in progress",
- "shared_network_name": null,
- "controller_kind": null,
- "enacted": null
- },
- "model": "core.networktemplate",
- "pk": 1
-},
-{
- "fields": {
- "shared_network_id": null,
- "updated": "2015-02-17T22:06:39.477Z",
- "policed": null,
- "created": "2015-02-17T22:06:39.477Z",
- "deleted": false,
- "description": "Connect a instance to the public network",
- "visibility": "private",
- "name": "Public shared IPv4",
- "backend_register": "{}",
- "topology_kind": "bigswitch",
- "guaranteed_bandwidth": 0,
- "translation": "NAT",
- "backend_status": "0 - Provisioning in progress",
- "shared_network_name": "nat-net",
- "controller_kind": null,
- "enacted": null
- },
- "model": "core.networktemplate",
- "pk": 2
-},
-{
- "fields": {
- "shared_network_id": null,
- "updated": "2015-02-17T22:06:39.536Z",
- "policed": null,
- "created": "2015-02-17T22:06:39.536Z",
- "deleted": false,
- "description": "Connect a instance to the public network",
- "visibility": "public",
- "name": "Public dedicated IPv4",
- "backend_register": "{}",
- "topology_kind": "bigswitch",
- "guaranteed_bandwidth": 0,
- "translation": "none",
- "backend_status": "0 - Provisioning in progress",
- "shared_network_name": "ext-net",
- "controller_kind": null,
- "enacted": null
- },
- "model": "core.networktemplate",
- "pk": 3
}
]
diff --git a/xos/core/migrations/0001_initial.py b/xos/core/migrations/0001_initial.py
index b2e5d00..c55a8bf 100644
--- a/xos/core/migrations/0001_initial.py
+++ b/xos/core/migrations/0001_initial.py
@@ -1628,6 +1628,52 @@
},
bases=(models.Model,),
),
+ migrations.CreateModel(
+ name='TenantPrivilege',
+ fields=[
+ ('id', models.AutoField(verbose_name='ID',
+ serialize=False, auto_created=True, primary_key=True)),
+ ('created', models.DateTimeField(
+ default=django.utils.timezone.now, auto_now_add=True)),
+ ('updated', models.DateTimeField(
+ default=django.utils.timezone.now, auto_now=True)),
+ ('enacted', models.DateTimeField(
+ default=None, null=True, blank=True)),
+ ('policed', models.DateTimeField(
+ default=None, null=True, blank=True)),
+ ('backend_status', models.CharField(
+ default=b'Provisioning in progress', max_length=140)),
+ ('deleted', models.BooleanField(default=False)),
+ ],
+ options={
+ 'abstract': False,
+ },
+ bases=(models.Model,),
+ ),
+ migrations.CreateModel(
+ name='TenantRole',
+ fields=[
+ ('id', models.AutoField(verbose_name='ID',
+ serialize=False, auto_created=True, primary_key=True)),
+ ('created', models.DateTimeField(
+ default=django.utils.timezone.now, auto_now_add=True)),
+ ('updated', models.DateTimeField(
+ default=django.utils.timezone.now, auto_now=True)),
+ ('enacted', models.DateTimeField(
+ default=None, null=True, blank=True)),
+ ('policed', models.DateTimeField(
+ default=None, null=True, blank=True)),
+ ('backend_status', models.CharField(
+ default=b'Provisioning in progress', max_length=140)),
+ ('deleted', models.BooleanField(default=False)),
+ ('role', models.CharField(unique=True, max_length=30,
+ choices=[(b'admin', b'Admin'), (b'access', b'Access')])),
+ ],
+ options={
+ 'abstract': False,
+ },
+ bases=(models.Model,),
+ ),
migrations.AddField(
model_name='sliceprivilege',
name='role',
diff --git a/xos/core/models/__init__.py b/xos/core/models/__init__.py
index 6fad0f1..5b0ad4b 100644
--- a/xos/core/models/__init__.py
+++ b/xos/core/models/__init__.py
@@ -1,7 +1,7 @@
from .plcorebase import PlCoreBase,PlCoreBaseManager,PlCoreBaseDeletionManager,PlModelMixIn
from .project import Project
from .singletonmodel import SingletonModel
-from .service import Service, Tenant, TenantWithContainer, CoarseTenant, ServicePrivilege, TenantRoot, TenantRootPrivilege, TenantRootRole, Subscriber, Provider
+from .service import Service, Tenant, TenantWithContainer, CoarseTenant, ServicePrivilege, TenantRoot, TenantRootPrivilege, TenantRootRole, TenantPrivilege, TenantRole, Subscriber, Provider
from .service import ServiceAttribute, TenantAttribute, ServiceRole
from .tag import Tag
from .role import Role
diff --git a/xos/core/models/service.py b/xos/core/models/service.py
index 641c5ae..1c19e56 100644
--- a/xos/core/models/service.py
+++ b/xos/core/models/service.py
@@ -892,3 +892,52 @@
[trp.id for trp in cls.objects.filter(tenant_root=priv.tenant_root)])
return cls.objects.filter(id__in=trp_ids)
+
+
+class TenantRole(PlCoreBase):
+ """A TenantRole option."""
+ ROLE_CHOICES = (('admin', 'Admin'), ('access', 'Access'))
+ role = StrippedCharField(choices=ROLE_CHOICES, unique=True, max_length=30)
+
+ def __unicode__(self): return u'%s' % (self.role)
+
+
+class TenantPrivilege(PlCoreBase):
+ """"A TenantPrivilege which defines how users can access a particular Tenant.
+
+ Attributes:
+ id (models.AutoField): The ID of the privilege.
+ user (models.ForeignKey): A Foreign Key to the a User.
+ tenant (models.ForeignKey): A ForeignKey to the Tenant.
+ role (models.ForeignKey): A ForeignKey to the TenantRole.
+ """
+ id = models.AutoField(primary_key=True)
+ user = models.ForeignKey('User', related_name="tenantprivileges")
+ tenant = models.ForeignKey('Tenant', related_name="tenantprivileges")
+ role = models.ForeignKey('TenantRole', related_name="tenantprivileges")
+
+ def __unicode__(self): return u'%s %s %s' % (
+ self.tenant, self.user, self.role)
+
+ def save(self, *args, **kwds):
+ if not self.user.is_active:
+ raise PermissionDenied, "Cannot modify role(s) of a disabled user"
+ super(TenantPrivilege, self).save(*args, **kwds)
+
+ def can_update(self, user):
+ return user.can_update_tenant_privilege(self)
+
+ @classmethod
+ def select_by_user(cls, user):
+ if user.is_admin:
+ return cls.objects.all()
+ else:
+ # User can see his own privilege
+ trp_ids = [trp.id for trp in cls.objects.filter(user=user)]
+
+ # A tenant admin can see the TenantPrivileges for their Tenants
+ for priv in cls.objects.filter(user=user, role__role="admin"):
+ trp_ids.extend(
+ [trp.id for trp in cls.objects.filter(tenant=priv.tenant)])
+
+ return cls.objects.filter(id__in=trp_ids)
diff --git a/xos/core/models/user.py b/xos/core/models/user.py
index f1d73d2..715c670 100644
--- a/xos/core/models/user.py
+++ b/xos/core/models/user.py
@@ -356,9 +356,21 @@
return True
return False
+ def can_update_tenant(self, tenant, allow=[]):
+ from core.models.service import Tenant, TenantPrivilege
+ if self.can_update_root():
+ return True
+ if TenantPrivilege.objects.filter(
+ tenant=tenant, user=self, role__role__in=['admin', 'Admin'] + allow):
+ return True
+ return False
+
def can_update_tenant_root_privilege(self, tenant_root_privilege, allow=[]):
return self.can_update_tenant_root(tenant_root_privilege.tenant_root, allow)
+ def can_update_tenant_privilege(self, tenant_privilege, allow=[]):
+ return self.can_update_tenant(tenant_privilege.tenant, allow)
+
def get_readable_objects(self, filter_by=None):
""" Returns a list of objects that the user is allowed to read. """
from core.models import Deployment, Flavor, Image, Network, NetworkTemplate, Node, PlModelMixIn, Site, Slice, SliceTag, Instance, Tag, User, DeploymentPrivilege, SitePrivilege, SlicePrivilege
diff --git a/xos/core/xoslib/dashboards/xosOpenVPNDashboard.html b/xos/core/xoslib/dashboards/xosOpenVPNDashboard.html
new file mode 100644
index 0000000..eb1c9c6
--- /dev/null
+++ b/xos/core/xoslib/dashboards/xosOpenVPNDashboard.html
@@ -0,0 +1,14 @@
+<!-- browserSync -->
+
+<!-- inject:css -->
+<link rel="stylesheet" href="/static/css/xosOpenVPNDashboard.css">
+<!-- endinject -->
+
+<div id="xosOpenVPNDashboard">
+ <div ui-view></div>
+</div>
+
+
+<!-- inject:js -->
+<script src="/static/js/xosOpenVPNDashboard.js"></script>
+<!-- endinject -->
diff --git a/xos/core/xoslib/methods/openvpnview.py b/xos/core/xoslib/methods/openvpnview.py
new file mode 100644
index 0000000..d8cf39e
--- /dev/null
+++ b/xos/core/xoslib/methods/openvpnview.py
@@ -0,0 +1,84 @@
+import jinja2
+from core.models import TenantPrivilege
+from plus import PlusSerializerMixin
+from rest_framework import serializers
+from services.openvpn.models import OpenVPNService, OpenVPNTenant
+from xos.apibase import XOSListCreateAPIView
+
+if hasattr(serializers, "ReadOnlyField"):
+ # rest_framework 3.x
+ ReadOnlyField = serializers.ReadOnlyField
+else:
+ # rest_framework 2.x
+ ReadOnlyField = serializers.Field
+
+
+def get_default_openvpn_service():
+ openvpn_services = OpenVPNService.get_service_objects().all()
+ if openvpn_services:
+ return openvpn_services[0].id
+ return None
+
+
+class OpenVPNTenantSerializer(serializers.ModelSerializer, PlusSerializerMixin):
+ """A Serializer for the OpenVPNTenant that has the minimum information required for clients.
+
+ Attributes:
+ id (ReadOnlyField): The ID of OpenVPNTenant.
+ server_network (ReadOnlyField): The network of the VPN.
+ vpn_subnet (ReadOnlyField): The subnet of the VPN.
+ script_text (SerializerMethodField): The text of the script for the client to use to
+ connect.
+ """
+ id = ReadOnlyField()
+ server_network = ReadOnlyField()
+ vpn_subnet = ReadOnlyField()
+ script_text = serializers.SerializerMethodField()
+
+ class Meta:
+ model = OpenVPNTenant
+ fields = ('id', 'service_specific_attribute', 'vpn_subnet',
+ 'server_network', 'script_text')
+
+ def get_script_text(self, obj):
+ """Gets the text of the client script for the requesting user.
+
+ Parameters:
+ obj (services.openvpn.models.OpenVPNTenant): The OpenVPNTenant to connect to.
+
+ Returns:
+ str: The client script as a str.
+ """
+ env = jinja2.Environment(
+ loader=jinja2.FileSystemLoader("/opt/xos/services/openvpn/templates"))
+ template = env.get_template("connect.vpn.j2")
+ client_name = self.context['request'].user.email + "-" + str(obj.id)
+ remote_ids = list(obj.failover_server_ids)
+ remote_ids.insert(0, obj.id)
+ remotes = OpenVPNTenant.get_tenant_objects().filter(pk__in=remote_ids)
+ pki_dir = OpenVPNService.get_pki_dir(obj)
+ fields = {"client_name": client_name,
+ "remotes": remotes,
+ "is_persistent": obj.is_persistent,
+ "ca_crt": obj.get_ca_crt(pki_dir),
+ "client_crt": obj.get_client_cert(client_name, pki_dir),
+ "client_key": obj.get_client_key(client_name, pki_dir)
+ }
+ return template.render(fields)
+
+
+class OpenVPNTenantList(XOSListCreateAPIView):
+ """Class that provides a list of OpenVPNTenants that the user has permission to access."""
+ serializer_class = OpenVPNTenantSerializer
+ method_kind = "list"
+ method_name = "openvpntenant"
+
+ def get_queryset(self):
+ # Get every privilege for this user
+ tenants_privs = TenantPrivilege.objects.all().filter(
+ user=self.request.user)
+ vpn_tenants = []
+ for priv in tenants_privs:
+ vpn_tenants.append(
+ OpenVPNTenant.get_tenant_objects().filter(pk=priv.tenant.pk)[0])
+ return vpn_tenants
diff --git a/xos/core/xoslib/static/css/xosOpenVPNDashboard.css b/xos/core/xoslib/static/css/xosOpenVPNDashboard.css
new file mode 100644
index 0000000..d9d966e
--- /dev/null
+++ b/xos/core/xoslib/static/css/xosOpenVPNDashboard.css
@@ -0,0 +1 @@
+#xosOpenVPNDashboard{width:70%;margin:auto}.vpn-row{display:table-row}.vpn-cell{display:table-cell;padding:5px}.vpn-header{font-weight:700}
\ No newline at end of file
diff --git a/xos/core/xoslib/static/js/xosOpenVPNDashboard.js b/xos/core/xoslib/static/js/xosOpenVPNDashboard.js
new file mode 100644
index 0000000..8723888
--- /dev/null
+++ b/xos/core/xoslib/static/js/xosOpenVPNDashboard.js
@@ -0,0 +1 @@
+"use strict";angular.module("xos.openVPNDashboard",["ngResource","ngCookies","ngLodash","ui.router","xos.helpers"]).config(["$stateProvider",function(n){n.state("openVPNList",{url:"/",template:"<vpn-list></vpn-list>"})}]).config(["$compileProvider",function(n){n.aHrefSanitizationWhitelist(/^\s*(https?|ftp|mailto|tel|file|blob):/)}]).service("Vpn",["$http","$q",function(n,e){this.getOpenVpnTenants=function(){var t=e.defer();return n.get("/xoslib/openvpntenant/").then(function(n){t.resolve(n.data)})["catch"](function(n){t.reject(n)}),t.promise}}]).config(["$httpProvider",function(n){n.interceptors.push("NoHyperlinks")}]).directive("vpnList",function(){return{restrict:"E",scope:{},bindToController:!0,controllerAs:"vm",templateUrl:"templates/openvpn-list.tpl.html",controller:["Vpn",function(n){var e=this;n.getOpenVpnTenants().then(function(n){e.vpns=n;for(var t=0;t<e.vpns.length;t++){var i=new Blob([e.vpns[t].script_text],{type:"text/plain"});e.vpns[t].script_text=(window.URL||window.webkitURL).createObjectURL(i)}})["catch"](function(n){throw new Error(n)})}]}}),angular.module("xos.openVPNDashboard").run(["$templateCache",function(n){n.put("templates/openvpn-list.tpl.html",'<div style="display: table;">\n <div class="vpn-row">\n <h1 class="vpn-cell">VPN List</h1>\n </div>\n <div class="vpn-row">\n <div class="vpn-cell vpn-header">ID</div>\n <div class="vpn-cell vpn-header">VPN Network</div>\n <div class="vpn-cell vpn-header">VPN Subnet</div>\n <div class="vpn-cell vpn-header">Script Link</div>\n </div>\n <div class="vpn-row" ng-repeat="vpn in vm.vpns">\n <div class="vpn-cell">{{ vpn.id }}</div>\n <div class="vpn-cell">{{ vpn.server_network }}</div>\n <div class="vpn-cell">{{ vpn.vpn_subnet }}</div>\n <div class="vpn-cell">\n <a download="connect-{{ vpn.id }}.vpn" ng-href="{{ vpn.script_text }}">Script</a>\n </div>\n </div>\n</div>\n')}]),angular.module("xos.openVPNDashboard").run(["$location",function(n){n.path("/")}]),angular.bootstrap(angular.element("#xosOpenVPNDashboard"),["xos.openVPNDashboard"]);
\ No newline at end of file
diff --git a/xos/services/openvpn/__init__.py b/xos/services/openvpn/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/xos/services/openvpn/__init__.py
diff --git a/xos/services/openvpn/admin.py b/xos/services/openvpn/admin.py
new file mode 100644
index 0000000..28e778d
--- /dev/null
+++ b/xos/services/openvpn/admin.py
@@ -0,0 +1,229 @@
+from django import forms
+from django.contrib import admin
+
+from core.admin import ReadOnlyAwareAdmin, SliceInline, TenantPrivilegeInline
+from core.middleware import get_request
+from core.models import User
+from services.openvpn.models import OPENVPN_KIND, OpenVPNService, OpenVPNTenant
+from xos.exceptions import XOSValidationError
+
+
+class OpenVPNServiceForm(forms.ModelForm):
+
+ exposed_ports = forms.CharField(required=True)
+
+ def __init__(self, *args, **kwargs):
+ super(OpenVPNServiceForm, self).__init__(*args, **kwargs)
+
+ if self.instance:
+ self.fields['exposed_ports'].initial = (
+ self.instance.exposed_ports_str)
+
+ def save(self, commit=True):
+ self.instance.exposed_ports = self.cleaned_data['exposed_ports']
+ return super(OpenVPNServiceForm, self).save(commit=commit)
+
+ def clean_exposed_ports(self):
+ exposed_ports = self.cleaned_data['exposed_ports']
+ self.instance.exposed_ports_str = exposed_ports
+ port_mapping = {"udp": [], "tcp": []}
+ parts = exposed_ports.split(",")
+ for part in parts:
+ part = part.strip()
+ if "/" in part:
+ (protocol, ports) = part.split("/", 1)
+ elif " " in part:
+ (protocol, ports) = part.split(None, 1)
+ else:
+ raise XOSValidationError(
+ 'malformed port specifier %s, format example: ' +
+ '"tcp 123, tcp 201:206, udp 333"' % part)
+
+ protocol = protocol.strip()
+ ports = ports.strip()
+
+ if not (protocol in ["udp", "tcp"]):
+ raise XOSValidationError('unknown protocol %s' % protocol)
+
+ if "-" in ports:
+ port_mapping[protocol].extend(
+ self.parse_port_range(ports, "-"))
+ elif ":" in ports:
+ port_mapping[protocol].extend(
+ self.parse_port_range(ports, ":"))
+ else:
+ port_mapping[protocol].append(int(ports))
+
+ return port_mapping
+
+ def parse_port_range(self, port_str, split_str):
+ (first, last) = port_str.split(split_str)
+ first = int(first.strip())
+ last = int(last.strip())
+ return list(range(first, last))
+
+ class Meta:
+ model = OpenVPNService
+
+
+class OpenVPNServiceAdmin(ReadOnlyAwareAdmin):
+ """Defines the admin for the OpenVPNService."""
+ model = OpenVPNService
+ form = OpenVPNServiceForm
+ verbose_name = "OpenVPN Service"
+
+ list_display = ("backend_status_icon", "name", "enabled")
+
+ list_display_links = ('backend_status_icon', 'name', )
+
+ fieldsets = [(None, {'fields': ['backend_status_text', 'name', 'enabled',
+ 'versionNumber', 'description', "view_url",
+ 'exposed_ports'],
+ 'classes':['suit-tab suit-tab-general']})]
+
+ readonly_fields = ('backend_status_text', )
+
+ inlines = [SliceInline]
+
+ extracontext_registered_admins = True
+
+ user_readonly_fields = ["name", "enabled", "versionNumber", "description"]
+
+ suit_form_tabs = (('general', 'VPN Service Details'),
+ ('slices', 'Slices'),)
+
+ def queryset(self, request):
+ return OpenVPNService.get_service_objects_by_user(request.user)
+
+
+class OpenVPNTenantForm(forms.ModelForm):
+ """The form used to create and edit a OpenVPNTenant.
+
+ Attributes:
+ creator (forms.ModelChoiceField): The XOS user that created this
+ tenant.
+ server_network (forms.GenericIPAddressField): The IP address of the VPN network.
+ vpn_subnet (forms.GenericIPAddressField): The subnet used by the VPN network.
+ is_persistent (forms.BooleanField): Determines if this Tenant keeps
+ this connection alive through failures.
+ clients_can_see_each_other (forms.BooleanField): Determines if the clients on the VPN can
+ communicate with each other.
+ failover_servers (forms.ModelMultipleChoiceField): The other OpenVPNTenants to use as failover
+ servers.
+ protocol (forms.ChoiceField): The protocol to use.
+ use_ca_from (forms.ModelChoiceField): Another OpenVPNTenant to use the CA of, this is a very
+ hacky way to let VPNs have the same clients.
+ """
+ creator = forms.ModelChoiceField(queryset=User.objects.all())
+ server_network = forms.GenericIPAddressField(
+ protocol="IPv4", required=True)
+ vpn_subnet = forms.GenericIPAddressField(protocol="IPv4", required=True)
+ is_persistent = forms.BooleanField(required=False)
+ clients_can_see_each_other = forms.BooleanField(required=False)
+ failover_servers = forms.ModelMultipleChoiceField(
+ required=False, queryset=OpenVPNTenant.get_tenant_objects())
+ protocol = forms.ChoiceField(required=True, choices=[
+ ("tcp", "tcp"), ("udp", "udp")])
+ use_ca_from = forms.ModelChoiceField(
+ queryset=OpenVPNTenant.get_tenant_objects(), required=False)
+
+ def __init__(self, *args, **kwargs):
+ super(OpenVPNTenantForm, self).__init__(*args, **kwargs)
+ self.fields['kind'].widget.attrs['readonly'] = True
+ self.fields['failover_servers'].widget.attrs['rows'] = 300
+ self.fields[
+ 'provider_service'].queryset = (
+ OpenVPNService.get_service_objects().all())
+
+ self.fields['kind'].initial = OPENVPN_KIND
+
+ if self.instance:
+ self.fields['creator'].initial = self.instance.creator
+ self.fields['vpn_subnet'].initial = self.instance.vpn_subnet
+ self.fields[
+ 'server_network'].initial = self.instance.server_network
+ self.fields[
+ 'clients_can_see_each_other'].initial = (
+ self.instance.clients_can_see_each_other)
+ self.fields['is_persistent'].initial = self.instance.is_persistent
+ self.initial['protocol'] = self.instance.protocol
+ self.fields['failover_servers'].queryset = (
+ OpenVPNTenant.get_tenant_objects().exclude(pk=self.instance.pk))
+ self.initial['failover_servers'] = OpenVPNTenant.get_tenant_objects().filter(
+ pk__in=self.instance.failover_server_ids)
+ self.fields['use_ca_from'].queryset = (
+ OpenVPNTenant.get_tenant_objects().exclude(pk=self.instance.pk))
+ if (self.instance.use_ca_from_id):
+ self.initial['use_ca_from'] = (
+ OpenVPNTenant.get_tenant_objects().filter(pk=self.instance.use_ca_from_id)[0])
+
+ if (not self.instance) or (not self.instance.pk):
+ self.fields['creator'].initial = get_request().user
+ self.fields['vpn_subnet'].initial = "255.255.255.0"
+ self.fields['server_network'].initial = "10.66.77.0"
+ self.fields['clients_can_see_each_other'].initial = True
+ self.fields['is_persistent'].initial = True
+ self.fields['failover_servers'].queryset = (
+ OpenVPNTenant.get_tenant_objects())
+ if OpenVPNService.get_service_objects().exists():
+ self.fields["provider_service"].initial = (
+ OpenVPNService.get_service_objects().all()[0])
+
+ def save(self, commit=True):
+ self.instance.creator = self.cleaned_data.get("creator")
+ self.instance.is_persistent = self.cleaned_data.get('is_persistent')
+ self.instance.vpn_subnet = self.cleaned_data.get("vpn_subnet")
+ self.instance.server_network = self.cleaned_data.get('server_network')
+ self.instance.clients_can_see_each_other = self.cleaned_data.get(
+ 'clients_can_see_each_other')
+
+ self.instance.failover_server_ids = [
+ tenant.id for tenant in self.cleaned_data.get('failover_servers')]
+
+ # Do not aquire a new port number if the protocol hasn't changed
+ if ((not self.instance.protocol) or
+ (self.instance.protocol != self.cleaned_data.get("protocol"))):
+ self.instance.protocol = self.cleaned_data.get("protocol")
+ self.instance.port_number = (
+ self.instance.provider_service.get_next_available_port(
+ self.instance.protocol))
+
+ if (self.cleaned_data.get('use_ca_from')):
+ self.instance.use_ca_from_id = self.cleaned_data.get(
+ 'use_ca_from').id
+ else:
+ self.instance.use_ca_from_id = None
+
+ return super(OpenVPNTenantForm, self).save(commit=commit)
+
+ class Meta:
+ model = OpenVPNTenant
+
+
+class OpenVPNTenantAdmin(ReadOnlyAwareAdmin):
+ verbose_name = "OpenVPN Tenant Admin"
+ list_display = ('id', 'backend_status_icon', 'instance',
+ 'server_network', 'vpn_subnet')
+ list_display_links = ('id', 'backend_status_icon',
+ 'instance', 'server_network', 'vpn_subnet')
+ fieldsets = [(None, {'fields': ['backend_status_text', 'kind',
+ 'provider_service', 'instance', 'creator',
+ 'server_network', 'vpn_subnet',
+ 'is_persistent', 'use_ca_from',
+ 'clients_can_see_each_other',
+ 'failover_servers', "protocol"],
+ 'classes': ['suit-tab suit-tab-general']})]
+ readonly_fields = ('backend_status_text', 'instance')
+ form = OpenVPNTenantForm
+ inlines = [TenantPrivilegeInline]
+
+ suit_form_tabs = (('general', 'Details'),
+ ('tenantprivileges', 'Privileges'))
+
+ def queryset(self, request):
+ return OpenVPNTenant.get_tenant_objects_by_user(request.user)
+
+
+# Associate the admin forms with the models.
+admin.site.register(OpenVPNService, OpenVPNServiceAdmin)
+admin.site.register(OpenVPNTenant, OpenVPNTenantAdmin)
diff --git a/xos/services/openvpn/models.py b/xos/services/openvpn/models.py
new file mode 100644
index 0000000..8aaa825
--- /dev/null
+++ b/xos/services/openvpn/models.py
@@ -0,0 +1,316 @@
+from subprocess import PIPE, Popen
+
+from django.db import transaction
+
+from core.models import Service, TenantWithContainer
+from xos.exceptions import XOSConfigurationError, XOSValidationError
+
+OPENVPN_KIND = "openvpn"
+
+
+class OpenVPNService(Service):
+ """Defines the Service for creating VPN servers."""
+ KIND = OPENVPN_KIND
+ OPENVPN_PREFIX = "/opt/openvpn/"
+ """The location of the openvpn EASY RSA files and PKIs."""
+ SERVER_PREFIX = OPENVPN_PREFIX + "server-"
+ """The prefix for server PKIs."""
+ VARS = OPENVPN_PREFIX + "vars"
+ """The location of the vars file with information for using EASY RSA."""
+ EASYRSA_LOC = OPENVPN_PREFIX + "easyrsa3/easyrsa"
+ """The location of the EASY RSA binary."""
+ EASYRSA_COMMAND_PREFIX = EASYRSA_LOC + " --vars=" + VARS
+ """Prefix for EASY RSA commands."""
+
+ @classmethod
+ def execute_easyrsa_command(cls, pki_dir, command):
+ """Executes the given EASY RSA command using the given PKI.
+
+ Parameters:
+ pki_dir (str): The directory for the pki to execute the command on.
+ command (str): The command to execute using ESAY RSA.
+ """
+ full_command = (
+ OpenVPNService.EASYRSA_COMMAND_PREFIX + " --pki-dir=" +
+ pki_dir + " " + command)
+ proc = Popen(
+ full_command, shell=True, stdout=PIPE, stderr=PIPE
+ )
+ (stdout, stderr) = proc.communicate()
+ if (proc.returncode != 0):
+ raise XOSConfigurationError(
+ full_command + " failed with standard out:" + str(stdout) +
+ " and stderr: " + str(stderr))
+
+ @classmethod
+ def get_pki_dir(cls, tenant):
+ """Gets the directory of the PKI for the given tenant.
+
+ Parameters:
+ tenant (services.openvpn.models.OpenVPNTenant): The tenant to get the PKI directory for.
+
+ Returns:
+ str: The pki directory for the tenant.
+ """
+ return OpenVPNService.SERVER_PREFIX + str(tenant.id)
+
+ class Meta:
+ proxy = True
+ # The name used to find this service, all directories are named this
+ app_label = "openvpn"
+ verbose_name = "OpenVPN Service"
+
+ default_attributes = {'exposed_ports': None,
+ 'exposed_ports_str': None}
+
+ @property
+ def exposed_ports(self):
+ """Mapping[str, list(str)]: maps protocols to a list of ports for that protocol."""
+ return self.get_attribute("exposed_ports",
+ self.default_attributes["exposed_ports"])
+
+ @exposed_ports.setter
+ def exposed_ports(self, value):
+ self.set_attribute("exposed_ports", value)
+
+ @property
+ def exposed_ports_str(self):
+ """str: a raw str representing the exposed ports."""
+ return self.get_attribute("exposed_ports_str",
+ self.default_attributes["exposed_ports_str"])
+
+ @exposed_ports_str.setter
+ def exposed_ports_str(self, value):
+ self.set_attribute("exposed_ports_str", value)
+
+ def get_next_available_port(self, protocol):
+ """Gets the next free port for the given protocol.
+
+ Parameters:
+ protocol (str): The protocol to get a port for, must be tcp or udp.
+
+ Returns:
+ int: a port number.
+
+ Raises:
+ xos.exceptions.XOSValidationError: If there the protocol is not udp or tcp.
+ xos.exceptions.XOSValidationError: If there are no available ports for the protocol.
+ """
+ if protocol != "udp" and protocol != "tcp":
+ raise XOSValidationError("Port protocol must be udp or tcp")
+ if not self.exposed_ports[protocol]:
+ raise XOSValidationError(
+ "No availble ports for protocol: " + protocol)
+ tenants = [
+ tenant for tenant in OpenVPNTenant.get_tenant_objects().all()
+ if tenant.protocol == protocol]
+ port_numbers = self.exposed_ports[protocol]
+ for port_number in port_numbers:
+ if (
+ len([
+ tenant for tenant in tenants
+ if tenant.port_number == port_number]) == 0):
+ return port_number
+
+
+class OpenVPNTenant(TenantWithContainer):
+ """Defines the Tenant for creating VPN servers."""
+
+ class Meta:
+ proxy = True
+ verbose_name = "OpenVPN Tenant"
+
+ KIND = OPENVPN_KIND
+
+ sync_attributes = ("nat_ip", "nat_mac",)
+
+ default_attributes = {'vpn_subnet': None,
+ 'server_network': None,
+ 'clients_can_see_each_other': True,
+ 'is_persistent': True,
+ 'port': None,
+ 'use_ca_from_id': None,
+ 'failover_server_ids': list(),
+ 'protocol': None}
+
+ def __init__(self, *args, **kwargs):
+ vpn_services = OpenVPNService.get_service_objects().all()
+ if vpn_services:
+ self._meta.get_field(
+ "provider_service").default = vpn_services[0].id
+ super(OpenVPNTenant, self).__init__(*args, **kwargs)
+
+ def save(self, *args, **kwargs):
+ super(OpenVPNTenant, self).save(*args, **kwargs)
+ model_policy_vpn_tenant(self.pk)
+
+ def delete(self, *args, **kwargs):
+ self.cleanup_container()
+ super(OpenVPNTenant, self).delete(*args, **kwargs)
+
+ @property
+ def protocol(self):
+ """str: The protocol that this tenant is listening on."""
+ return self.get_attribute(
+ "protocol", self.default_attributes["protocol"])
+
+ @protocol.setter
+ def protocol(self, value):
+ self.set_attribute("protocol", value)
+
+ @property
+ def use_ca_from_id(self):
+ """int: The ID of OpenVPNTenant to use to obtain a CA."""
+ return self.get_attribute(
+ "use_ca_from_id", self.default_attributes["use_ca_from_id"])
+
+ @use_ca_from_id.setter
+ def use_ca_from_id(self, value):
+ self.set_attribute("use_ca_from_id", value)
+
+ @property
+ def addresses(self):
+ """Mapping[str, str]: The ip, mac address, and subnet of the NAT
+ network of this Tenant."""
+ if (not self.id) or (not self.instance):
+ return {}
+
+ addresses = {}
+ for ns in self.instance.ports.all():
+ if "nat" in ns.network.name.lower():
+ addresses["ip"] = ns.ip
+ addresses["mac"] = ns.mac
+ break
+
+ return addresses
+
+ # This getter is necessary because nat_ip is a sync_attribute
+ @property
+ def nat_ip(self):
+ """str: The IP of this Tenant on the NAT network."""
+ return self.addresses.get("ip", None)
+
+ # This getter is necessary because nat_mac is a sync_attribute
+ @property
+ def nat_mac(self):
+ """str: The MAC address of this Tenant on the NAT network."""
+ return self.addresses.get("mac", None)
+
+ @property
+ def server_network(self):
+ """str: The IP address of the server on the VPN."""
+ return self.get_attribute(
+ 'server_network',
+ self.default_attributes['server_network'])
+
+ @server_network.setter
+ def server_network(self, value):
+ self.set_attribute("server_network", value)
+
+ @property
+ def vpn_subnet(self):
+ """str: The IP address of the client on the VPN."""
+ return self.get_attribute(
+ 'vpn_subnet',
+ self.default_attributes['vpn_subnet'])
+
+ @vpn_subnet.setter
+ def vpn_subnet(self, value):
+ self.set_attribute("vpn_subnet", value)
+
+ @property
+ def is_persistent(self):
+ """bool: True if the VPN connection is persistence, false otherwise."""
+ return self.get_attribute(
+ "is_persistent",
+ self.default_attributes['is_persistent'])
+
+ @is_persistent.setter
+ def is_persistent(self, value):
+ self.set_attribute("is_persistent", value)
+
+ @property
+ def failover_server_ids(self):
+ """list(int): The IDs of the OpenVPNTenants to use as failover servers."""
+ return self.get_attribute(
+ "failover_server_ids", self.default_attributes["failover_server_ids"])
+
+ @failover_server_ids.setter
+ def failover_server_ids(self, value):
+ self.set_attribute("failover_server_ids", value)
+
+ @property
+ def clients_can_see_each_other(self):
+ """bool: True if the client can see the subnet of the server, false
+ otherwise."""
+ return self.get_attribute(
+ "clients_can_see_each_other",
+ self.default_attributes['clients_can_see_each_other'])
+
+ @clients_can_see_each_other.setter
+ def clients_can_see_each_other(self, value):
+ self.set_attribute("clients_can_see_each_other", value)
+
+ @property
+ def port_number(self):
+ """int: the integer representing the port number for this server"""
+ return self.get_attribute("port", self.default_attributes['port'])
+
+ @port_number.setter
+ def port_number(self, value):
+ self.set_attribute("port", value)
+
+ def get_ca_crt(self, pki_dir):
+ """Gets the lines fo the ca.crt file for this OpenVPNTenant.
+
+ Parameters:
+ pki_dir (str): The PKI directory to look in.
+
+ Returns:
+ list(str): The lines of the ca.crt file for this OpenVPNTenant.
+ """
+ with open(pki_dir + "/ca.crt", 'r') as f:
+ return f.readlines()
+
+ def get_client_cert(self, client_name, pki_dir):
+ """Gets the lines fo the crt file for a client.
+
+ Parameters:
+ pki_dir (str): The PKI directory to look in.
+ client_name (str): The client name to use.
+
+ Returns:
+ list(str): The lines of the crt file for the client.
+ """
+ with open(pki_dir + "/issued/" + client_name + ".crt", 'r') as f:
+ return f.readlines()
+
+ def get_client_key(self, client_name, pki_dir):
+ """Gets the lines fo the key file for a client.
+
+ Parameters:
+ pki_dir (str): The PKI directory to look in.
+ client_name (str): The client name to use.
+
+ Returns:
+ list(str): The lines of the key file for the client.
+ """
+ with open(pki_dir + "/private/" + client_name + ".key", 'r') as f:
+ return f.readlines()
+
+
+def model_policy_vpn_tenant(pk):
+ """Manages the container for the VPN Tenant.
+
+ Parameters
+ pk (int): The ID of this OpenVPNTenant.
+ """
+ # This section of code is atomic to prevent race conditions
+ with transaction.atomic():
+ # We find all of the tenants that are waiting to update
+ tenant = OpenVPNTenant.objects.select_for_update().filter(pk=pk)
+ if not tenant:
+ return
+ # Since this code is atomic it is safe to always use the first tenant
+ tenant = tenant[0]
+ tenant.manage_container()
diff --git a/xos/services/openvpn/templates/connect.vpn.j2 b/xos/services/openvpn/templates/connect.vpn.j2
new file mode 100644
index 0000000..2028cd9
--- /dev/null
+++ b/xos/services/openvpn/templates/connect.vpn.j2
@@ -0,0 +1,24 @@
+#! /bin/bash
+# This file autogenerated by OpenVPNTenant.
+# It contains a script used to generate the OPENVPN client files.
+printf "%b" "client
+dev tun
+remote-cert-tls server
+resolv-retry 60
+nobind
+ca ca.crt
+cert {{ client_name }}.crt
+key {{ client_name }}.key
+verb 3
+{% for tenant in remotes %}remote {{ tenant.nat_ip }} {{ tenant.port_number }} {{ tenant.protocol }}{% endfor %}
+{% if is_persistent %}
+persist-tun
+persist-key
+{% endif %}
+" > client.conf
+printf "%b" "{% for line in ca_crt %}{{ line }}{% endfor %}" > ca.crt
+printf "%b" "{% for line in client_crt %}{{ line }}{% endfor %}" > {{ client_name }}.crt
+printf "%b" "{% for line in client_key %}{{ line }}{% endfor %}" > {{ client_name }}.key
+apt-get update
+apt-get install openvpn -y
+openvpn client.conf
diff --git a/xos/synchronizers/openvpn/__init__.py b/xos/synchronizers/openvpn/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/xos/synchronizers/openvpn/__init__.py
diff --git a/xos/synchronizers/openvpn/model-deps b/xos/synchronizers/openvpn/model-deps
new file mode 100644
index 0000000..0967ef4
--- /dev/null
+++ b/xos/synchronizers/openvpn/model-deps
@@ -0,0 +1 @@
+{}
diff --git a/xos/synchronizers/openvpn/openvpn-synchronizer.py b/xos/synchronizers/openvpn/openvpn-synchronizer.py
new file mode 100755
index 0000000..3227ed9
--- /dev/null
+++ b/xos/synchronizers/openvpn/openvpn-synchronizer.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+
+import importlib
+import os
+import sys
+observer_path = os.path.join(os.path.dirname(
+ os.path.realpath(__file__)), "../../synchronizers/base")
+sys.path.append(observer_path)
+mod = importlib.import_module("xos-synchronizer")
+mod.main()
diff --git a/xos/synchronizers/openvpn/openvpn_config b/xos/synchronizers/openvpn/openvpn_config
new file mode 100644
index 0000000..8a58b52
--- /dev/null
+++ b/xos/synchronizers/openvpn/openvpn_config
@@ -0,0 +1,23 @@
+# Required by XOS
+[db]
+name=xos
+user=postgres
+password=password
+host=localhost
+port=5432
+
+# Required by XOS
+[api]
+nova_enabled=True
+
+# Sets options for the synchronizer
+[observer]
+name=openvpn
+dependency_graph=/opt/xos/synchronizers/openvpn/model-deps
+steps_dir=/opt/xos/synchronizers/openvpn/steps
+sys_dir=/opt/xos/synchronizers/openvpn/sys
+logfile=/var/log/xos_backend.log
+pretend=False
+backoff_disabled=True
+save_ansible_output=True
+proxy_ssh=False
diff --git a/xos/synchronizers/openvpn/run.sh b/xos/synchronizers/openvpn/run.sh
new file mode 100755
index 0000000..a5d90c9
--- /dev/null
+++ b/xos/synchronizers/openvpn/run.sh
@@ -0,0 +1,2 @@
+export XOS_DIR=/opt/xos
+python openvpn-synchronizer.py -C $XOS_DIR/synchronizers/openvpn/openvpn_config
diff --git a/xos/synchronizers/openvpn/steps/__init__.py b/xos/synchronizers/openvpn/steps/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/xos/synchronizers/openvpn/steps/__init__.py
diff --git a/xos/synchronizers/openvpn/steps/roles/openvpn/handlers/main.yml b/xos/synchronizers/openvpn/steps/roles/openvpn/handlers/main.yml
new file mode 100644
index 0000000..8725e29
--- /dev/null
+++ b/xos/synchronizers/openvpn/steps/roles/openvpn/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: restart openvpn
+ shell: (kill -9 $(cat {{ pki_dir }}/pid) || true) && (openvpn {{ pki_dir }}/server.conf &)
diff --git a/xos/synchronizers/openvpn/steps/roles/openvpn/tasks/main.yml b/xos/synchronizers/openvpn/steps/roles/openvpn/tasks/main.yml
new file mode 100644
index 0000000..47093b2
--- /dev/null
+++ b/xos/synchronizers/openvpn/steps/roles/openvpn/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+
+- name: install openvpn
+ apt: name=openvpn state=present update_cache=yes
+
+- name: make sure /opt/openvpn exists
+ file: path=/opt/openvpn state=directory
+
+- name: make sure directory for this server exists
+ file: path={{ pki_dir }} state=directory
+
+- name: get server key
+ copy: src={{ pki_dir }}/private/server.key dest={{ pki_dir }}/server.key
+ notify:
+ - restart openvpn
+
+- name: get server crt
+ copy: src={{ pki_dir }}/issued/server.crt dest={{ pki_dir }}/server.crt
+ notify:
+ - restart openvpn
+
+- name: get ca crt
+ copy: src={{ pki_dir }}/ca.crt dest={{ pki_dir }}/ca.crt
+ notify:
+ - restart openvpn
+
+- name: get crl
+ copy: src={{ pki_dir }}/crl.pem dest={{ pki_dir }}/crl.pem
+
+- name: get dh
+ copy: src={{ pki_dir }}/dh.pem dest={{ pki_dir }}/dh.pem
+ notify:
+ - restart openvpn
+
+- name: write config
+ template: src=server.conf.j2 dest={{ pki_dir }}/server.conf owner=root group=root
+ notify:
+ - restart openvpn
diff --git a/xos/synchronizers/openvpn/steps/roles/openvpn/templates/server.conf.j2 b/xos/synchronizers/openvpn/steps/roles/openvpn/templates/server.conf.j2
new file mode 100644
index 0000000..4766e7b
--- /dev/null
+++ b/xos/synchronizers/openvpn/steps/roles/openvpn/templates/server.conf.j2
@@ -0,0 +1,24 @@
+# This file autogenerated by OpenVPNTenant synchronizer
+# It contains the OPENVPN config file for the server
+script-security 3 system
+port {{ port_number }}
+proto {{ protocol }}
+dev tun
+writepid {{ pki_dir }}/pid
+ca {{ pki_dir }}/ca.crt
+cert {{ pki_dir }}/server.crt
+key {{ pki_dir }}/server.key
+dh {{ pki_dir }}/dh.pem
+crl-verify {{ pki_dir }}/crl.pem
+server {{ server_network }} {{ vpn_subnet }}
+ifconfig-pool-persist {{ pki_dir }}/ipp.txt
+status {{ pki_dir }}/openvpn-status.log
+verb 3
+{% if is_persistent %}
+keepalive 10 60
+persist-tun
+persist-key
+{% endif %}
+{% if clients_can_see_each_other %}
+client-to-client
+{% endif %}
diff --git a/xos/synchronizers/openvpn/steps/sync_openvpntenant.py b/xos/synchronizers/openvpn/steps/sync_openvpntenant.py
new file mode 100644
index 0000000..b58dd94
--- /dev/null
+++ b/xos/synchronizers/openvpn/steps/sync_openvpntenant.py
@@ -0,0 +1,75 @@
+import os
+import shutil
+import sys
+
+from django.db.models import F, Q
+
+from services.openvpn.models import OpenVPNService, OpenVPNTenant
+from synchronizers.base.SyncInstanceUsingAnsible import \
+ SyncInstanceUsingAnsible
+
+parentdir = os.path.join(os.path.dirname(__file__), "..")
+sys.path.insert(0, parentdir)
+
+
+class SyncOpenVPNTenant(SyncInstanceUsingAnsible):
+ """Class for syncing a OpenVPNTenant using Ansible.
+
+ This SyncStep creates any necessary files for the OpenVPNTenant using ESAY RSA and then runs the
+ Ansible template to start the server on an instance.
+ """
+ provides = [OpenVPNTenant]
+ observes = OpenVPNTenant
+ requested_interval = 0
+ template_name = "sync_openvpntenant.yaml"
+ service_key_name = "/opt/xos/synchronizers/openvpn/openvpn_private_key"
+
+ def fetch_pending(self, deleted):
+ if (not deleted):
+ objs = OpenVPNTenant.get_tenant_objects().filter(
+ Q(enacted__lt=F('updated')) |
+ Q(enacted=None), Q(lazy_blocked=False))
+ else:
+ objs = OpenVPNTenant.get_deleted_tenant_objects()
+
+ return objs
+
+ def get_extra_attributes(self, tenant):
+ return {"is_persistent": tenant.is_persistent,
+ "vpn_subnet": tenant.vpn_subnet,
+ "server_network": tenant.server_network,
+ "clients_can_see_each_other": (
+ tenant.clients_can_see_each_other),
+ "port_number": tenant.port_number,
+ "protocol": tenant.protocol,
+ "pki_dir": OpenVPNService.get_pki_dir(tenant)
+ }
+
+ def sync_fields(self, o, fields):
+ pki_dir = OpenVPNService.get_pki_dir(o)
+
+ if (not os.path.isdir(pki_dir)):
+ OpenVPNService.execute_easyrsa_command(pki_dir, "init-pki")
+ OpenVPNService.execute_easyrsa_command(
+ pki_dir, "--req-cn=XOS build-ca nopass")
+
+ # Very hacky way to handle VPNs that need to share CAs
+ if (o.use_ca_from_id):
+ tenant = OpenVPNTenant.get_tenant_objects().filter(
+ pk=o.use_ca_from_id)[0]
+ other_pki_dir = OpenVPNService.get_pki_dir(tenant)
+ shutil.copy2(other_pki_dir + "/ca.crt", pki_dir)
+ shutil.copy2(other_pki_dir + "/private/ca.key",
+ pki_dir + "/private")
+
+ # If the server has to be built then we need to build it
+ if (not os.path.isfile(pki_dir + "/issued/server.crt")):
+ OpenVPNService.execute_easyrsa_command(
+ pki_dir, "build-server-full server nopass")
+ OpenVPNService.execute_easyrsa_command(pki_dir, "gen-dh")
+
+ # Get the most recent list of revoked clients
+ OpenVPNService.execute_easyrsa_command(pki_dir, "gen-crl")
+
+ # Super runs the playbook
+ super(SyncOpenVPNTenant, self).sync_fields(o, fields)
diff --git a/xos/synchronizers/openvpn/steps/sync_openvpntenant.yaml b/xos/synchronizers/openvpn/steps/sync_openvpntenant.yaml
new file mode 100644
index 0000000..e36f51b
--- /dev/null
+++ b/xos/synchronizers/openvpn/steps/sync_openvpntenant.yaml
@@ -0,0 +1,17 @@
+---
+- hosts: {{ instance_name }}
+ gather_facts: False
+ connection: ssh
+ user: ubuntu
+ sudo: yes
+ vars:
+ server_network: {{ server_network }}
+ is_persistent: {{ is_persistent }}
+ vpn_subnet: {{ vpn_subnet }}
+ clients_can_see_each_other: {{ clients_can_see_each_other }}
+ port_number: {{ port_number }}
+ protocol: {{ protocol }}
+ pki_dir: {{ pki_dir }}
+
+ roles:
+ - openvpn
diff --git a/xos/synchronizers/openvpn/steps/sync_tenantprivilege.py b/xos/synchronizers/openvpn/steps/sync_tenantprivilege.py
new file mode 100644
index 0000000..51ee6df
--- /dev/null
+++ b/xos/synchronizers/openvpn/steps/sync_tenantprivilege.py
@@ -0,0 +1,79 @@
+import os
+import sys
+
+from core.models import TenantPrivilege
+from services.openvpn.models import OPENVPN_KIND, OpenVPNService, OpenVPNTenant
+from synchronizers.base.syncstep import DeferredException, SyncStep
+
+parentdir = os.path.join(os.path.dirname(__file__), "..")
+sys.path.insert(0, parentdir)
+
+
+class SyncTenantPrivilege(SyncStep):
+ """Class for syncing a TenantPrivilege for a OpenVPNTenant.
+
+ This SyncStep isolates the updated TenantPrivileges that are for OpenVPNTenants and performs
+ actions if the TenantPrivilege has been added or deleted. For added privileges a new client
+ certificate and key are made, signed with the ca.crt file used by this OpenVPNTenant. For deleted
+ privileges the client certificate is revoked and the files associated are deleted. In both
+ cases the associated OpenVPNTenant is saved causing the OpenVPNTenant synchronizer to run.
+ """
+ provides = [TenantPrivilege]
+ observes = TenantPrivilege
+ requested_interval = 0
+
+ def fetch_pending(self, deleted):
+ privs = super(SyncTenantPrivilege, self).fetch_pending(deleted)
+ # Get only the TenantPrivileges that relate to OpenVPNTenants
+ privs = [priv for priv in privs if priv.tenant.kind == OPENVPN_KIND]
+ return privs
+
+ def sync_record(self, record):
+ if (not record.tenant.id):
+ raise DeferredException("Privilege waiting on VPN Tenant ID")
+ certificate = self.get_certificate_name(record)
+ tenant = OpenVPNTenant.get_tenant_objects().filter(pk=record.tenant.id)[0]
+ if (not tenant):
+ raise DeferredException("Privilege waiting on VPN Tenant")
+ # Only add a certificate if ones does not yet exist
+ pki_dir = OpenVPNService.get_pki_dir(tenant)
+ if (not os.path.isfile(pki_dir + "/issued/" + certificate + ".crt")):
+ OpenVPNService.execute_easyrsa_command(
+ pki_dir, "build-client-full " + certificate + " nopass")
+ tenant.save()
+ record.save()
+
+ def delete_record(self, record):
+ if (not record.tenant.id):
+ return
+ certificate = self.get_certificate_name(record)
+ tenant = OpenVPNTenant.get_tenant_objects().filter(pk=record.tenant.id)[0]
+ if (not tenant):
+ return
+ # If the client has already been reovked don't do it again
+ pki_dir = OpenVPNService.get_pki_dir(tenant)
+ if (os.path.isfile(pki_dir + "/issued/" + certificate + ".crt")):
+ OpenVPNService.execute_easyrsa_command(
+ pki_dir, "revoke " + certificate)
+ # Revoking a client cert does not delete any of the files
+ # to make sure that we can add this user again we need to
+ # delete all of the files created by easyrsa
+ os.remove(pki_dir + "/issued/" + certificate + ".crt")
+ os.remove(pki_dir + "/private/" + certificate + ".key")
+ os.remove(pki_dir + "/reqs/" + certificate + ".req")
+ tenant.save()
+
+ record.delete()
+
+ def get_certificate_name(self, tenant_privilege):
+ """Gets the name of a certificate for the given TenantPrivilege
+
+ Parameters:
+ tenant_privilege (core.models.TenantPrivilege): The TenantPrivilege to use to generate
+ the certificate name.
+
+ Returns:
+ str: The certificate name.
+ """
+ return (str(tenant_privilege.user.email) +
+ "-" + str(tenant_privilege.tenant.id))
diff --git a/xos/synchronizers/openvpn/stop.sh b/xos/synchronizers/openvpn/stop.sh
new file mode 100755
index 0000000..4a83aca
--- /dev/null
+++ b/xos/synchronizers/openvpn/stop.sh
@@ -0,0 +1,2 @@
+# Kill the observer
+pkill -9 -f openvpn-synchronizer.py
diff --git a/xos/tools/xos-manage b/xos/tools/xos-manage
index ef63d9d..3aa5a75 100755
--- a/xos/tools/xos-manage
+++ b/xos/tools/xos-manage
@@ -60,13 +60,13 @@
echo Waiting for postgres to start
sleep 1
sudo -u postgres psql -c '\q'
- done
+ done
}
function db_exists {
- sudo -u postgres psql $DBNAME -c '\q' 2>/dev/null
+ sudo -u postgres psql $DBNAME -c '\q' 2>/dev/null
return $?
-}
+}
function createdb {
wait_postgres
@@ -145,6 +145,7 @@
python ./manage.py makemigrations cord
python ./manage.py makemigrations ceilometer
python ./manage.py makemigrations onos
+ python ./manage.py makemigrations openvpn
python ./manage.py makemigrations vtr
python ./manage.py makemigrations vrouter
python ./manage.py makemigrations vtn
diff --git a/xos/tosca/custom_types/xos.m4 b/xos/tosca/custom_types/xos.m4
index 9bd504a..4879584 100644
--- a/xos/tosca/custom_types/xos.m4
+++ b/xos/tosca/custom_types/xos.m4
@@ -748,13 +748,6 @@
type: string
required: false
description: default isolation to use when bringing up instances (default to 'vm')
- default_flavor:
- # Note: we should probably formally introduce flavors to Tosca
- # at some point, and use a requirement/relationship instead of
- # a text string.
- type: string
- required: false
- description: default flavor to use for slice
network:
type: string
required: false
@@ -785,6 +778,60 @@
node:
type: tosca.capabilities.xos.NodeLabel
+ tosca.nodes.Flavor:
+ derived_from: tosca.nodes.Root
+ description: >
+ An XOS Flavor.
+ properties:
+ xos_base_props
+ flavor:
+ type: string
+ required: false
+ description: openstack flavor name
+ capabilities:
+ flavor:
+ type: tosca.capabilities.xos.Flavor
+
+ tosca.nodes.SiteRole:
+ derived_from: tosca.nodes.Root
+ description: >
+ An XOS Site Role.
+ properties:
+ xos_base_props
+ capabilities:
+ siterole:
+ type: tosca.capabilities.xos.SiteRole
+
+ tosca.nodes.SliceRole:
+ derived_from: tosca.nodes.Root
+ description: >
+ An XOS Slice Role.
+ properties:
+ xos_base_props
+ capabilities:
+ slicerole:
+ type: tosca.capabilities.xos.SliceRole
+
+ tosca.nodes.TenantRole:
+ derived_from: tosca.nodes.Root
+ description: >
+ An XOS Tenant Role.
+ properties:
+ xos_base_props
+ capabilities:
+ tenantrole:
+ type: tosca.capabilities.xos.TenantRole
+
+ tosca.nodes.DeploymentRole:
+ derived_from: tosca.nodes.Root
+ description: >
+ An XOS Deployment Role.
+ properties:
+ xos_base_props
+ capabilities:
+ deploymentrole:
+ type: tosca.capabilities.xos.DeploymentRole
+
tosca.nodes.DashboardView:
derived_from: tosca.nodes.Root
description: >
@@ -923,6 +970,14 @@
derived_from: tosca.relationships.Root
valid_target_types: [ tosca.capabilities.xos.NodeLabel ]
+ tosca.relationships.SupportsFlavor:
+ derived_from: tosca.relationships.Root
+ valid_target_types: [ tosca.capabilities.xos.Flavor ]
+
+ tosca.relationships.DefaultFlavor:
+ derived_from: tosca.relationships.Root
+ valid_target_types: [ tosca.capabilities.xos.Flavor ]
+
tosca.relationships.ProvidesAddresses:
derived_from: tosca.relationships.Root
valid_target_types: [ tosca.capabilities.xos.AddressPool ]
@@ -978,6 +1033,26 @@
derived_from: tosca.capabilities.Root
description: An XOS NodeLabel
+ tosca.capabilities.xos.Flavor:
+ derived_from: tosca.capabilities.Root
+ description: An XOS Flavor
+
+ tosca.capabilities.xos.DeploymentRole:
+ derived_from: tosca.capabilities.Root
+ description: An XOS DeploymentRole
+
+ tosca.capabilities.xos.SliceRole:
+ derived_from: tosca.capabilities.Root
+ description: An XOS SliceRole
+
+ tosca.capabilities.xos.SiteRole:
+ derived_from: tosca.capabilities.Root
+ description: An XOS SiteRole
+
+ tosca.capabilities.xos.TenantRole:
+ derived_from: tosca.capabilities.Root
+ description: An XOS TenantRole
+
tosca.capabilities.xos.Image:
derived_from: tosca.capabilities.Root
description: An XOS Image
diff --git a/xos/tosca/custom_types/xos.yaml b/xos/tosca/custom_types/xos.yaml
index f790cc5..fda4182 100644
--- a/xos/tosca/custom_types/xos.yaml
+++ b/xos/tosca/custom_types/xos.yaml
@@ -1159,13 +1159,6 @@
type: string
required: false
description: default isolation to use when bringing up instances (default to 'vm')
- default_flavor:
- # Note: we should probably formally introduce flavors to Tosca
- # at some point, and use a requirement/relationship instead of
- # a text string.
- type: string
- required: false
- description: default flavor to use for slice
network:
type: string
required: false
@@ -1218,6 +1211,115 @@
node:
type: tosca.capabilities.xos.NodeLabel
+ tosca.nodes.Flavor:
+ derived_from: tosca.nodes.Root
+ description: >
+ An XOS Flavor.
+ properties:
+ no-delete:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to delete this object
+ no-create:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to create this object
+ no-update:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to update this object
+ flavor:
+ type: string
+ required: false
+ description: openstack flavor name
+ capabilities:
+ flavor:
+ type: tosca.capabilities.xos.Flavor
+
+ tosca.nodes.SiteRole:
+ derived_from: tosca.nodes.Root
+ description: >
+ An XOS Site Role.
+ properties:
+ no-delete:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to delete this object
+ no-create:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to create this object
+ no-update:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to update this object
+ capabilities:
+ siterole:
+ type: tosca.capabilities.xos.SiteRole
+
+ tosca.nodes.SliceRole:
+ derived_from: tosca.nodes.Root
+ description: >
+ An XOS Slice Role.
+ properties:
+ no-delete:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to delete this object
+ no-create:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to create this object
+ no-update:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to update this object
+ capabilities:
+ slicerole:
+ type: tosca.capabilities.xos.SliceRole
+
+ tosca.nodes.TenantRole:
+ derived_from: tosca.nodes.Root
+ description: >
+ An XOS Tenant Role.
+ properties:
+ no-delete:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to delete this object
+ no-create:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to create this object
+ no-update:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to update this object
+ capabilities:
+ tenantrole:
+ type: tosca.capabilities.xos.TenantRole
+
+ tosca.nodes.DeploymentRole:
+ derived_from: tosca.nodes.Root
+ description: >
+ An XOS Deployment Role.
+ properties:
+ no-delete:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to delete this object
+ no-create:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to create this object
+ no-update:
+ type: boolean
+ default: false
+ description: Do not allow Tosca to update this object
+ capabilities:
+ deploymentrole:
+ type: tosca.capabilities.xos.DeploymentRole
+
tosca.nodes.DashboardView:
derived_from: tosca.nodes.Root
description: >
@@ -1367,6 +1469,14 @@
derived_from: tosca.relationships.Root
valid_target_types: [ tosca.capabilities.xos.NodeLabel ]
+ tosca.relationships.SupportsFlavor:
+ derived_from: tosca.relationships.Root
+ valid_target_types: [ tosca.capabilities.xos.Flavor ]
+
+ tosca.relationships.DefaultFlavor:
+ derived_from: tosca.relationships.Root
+ valid_target_types: [ tosca.capabilities.xos.Flavor ]
+
tosca.relationships.ProvidesAddresses:
derived_from: tosca.relationships.Root
valid_target_types: [ tosca.capabilities.xos.AddressPool ]
@@ -1422,6 +1532,26 @@
derived_from: tosca.capabilities.Root
description: An XOS NodeLabel
+ tosca.capabilities.xos.Flavor:
+ derived_from: tosca.capabilities.Root
+ description: An XOS Flavor
+
+ tosca.capabilities.xos.DeploymentRole:
+ derived_from: tosca.capabilities.Root
+ description: An XOS DeploymentRole
+
+ tosca.capabilities.xos.SliceRole:
+ derived_from: tosca.capabilities.Root
+ description: An XOS SliceRole
+
+ tosca.capabilities.xos.SiteRole:
+ derived_from: tosca.capabilities.Root
+ description: An XOS SiteRole
+
+ tosca.capabilities.xos.TenantRole:
+ derived_from: tosca.capabilities.Root
+ description: An XOS TenantRole
+
tosca.capabilities.xos.Image:
derived_from: tosca.capabilities.Root
description: An XOS Image
diff --git a/xos/tosca/resources/CORDUser.py b/xos/tosca/resources/CORDUser.py
index 566e205..705a895 100644
--- a/xos/tosca/resources/CORDUser.py
+++ b/xos/tosca/resources/CORDUser.py
@@ -28,12 +28,12 @@
if not sub:
return []
for user in sub.users:
- if user["name"] == self.nodetemplate.name:
+ if user["name"] == self.obj_name:
result.append(user)
return result
def get_xos_args(self):
- args = {"name": self.nodetemplate.name,
+ args = {"name": self.obj_name,
"level": self.get_property("level"),
"mac": self.get_property("mac")}
return args
@@ -46,7 +46,7 @@
sub.create_user(**xos_args)
sub.save()
- self.info("Created CORDUser %s for Subscriber %s" % (self.nodetemplate.name, sub.name))
+ self.info("Created CORDUser %s for Subscriber %s" % (self.obj_name, sub.name))
def update(self, obj):
pass
diff --git a/xos/tosca/resources/cdnprefix.py b/xos/tosca/resources/cdnprefix.py
index 5faaca8..8daf7fb 100644
--- a/xos/tosca/resources/cdnprefix.py
+++ b/xos/tosca/resources/cdnprefix.py
@@ -16,7 +16,7 @@
copyin_props = []
def get_xos_args(self):
- args = {"prefix": self.nodetemplate.name}
+ args = {"prefix": self.obj_name}
cp_name = self.get_requirement("tosca.relationships.MemberOfContentProvider")
if cp_name:
diff --git a/xos/tosca/resources/compute.py b/xos/tosca/resources/compute.py
index 37ba390..2af010a 100644
--- a/xos/tosca/resources/compute.py
+++ b/xos/tosca/resources/compute.py
@@ -39,7 +39,7 @@
nodetemplate = self.nodetemplate
if not name:
- name = nodetemplate.name
+ name = self.obj_name
args = {"name": name}
@@ -105,7 +105,7 @@
if scalable:
default_instances = scalable.get("default_instances",1)
for i in range(0, default_instances):
- name = "%s-%d" % (self.nodetemplate.name, i)
+ name = "%s-%d" % (self.obj_name, i)
existing_instances = Instance.objects.filter(name=name)
if existing_instances:
self.info("%s %s already exists" % (self.xos_model.__name__, name))
@@ -121,7 +121,7 @@
existing_instances = []
max_instances = scalable.get("max_instances",1)
for i in range(0, max_instances):
- name = "%s-%d" % (self.nodetemplate.name, i)
+ name = "%s-%d" % (self.obj_name, i)
existing_instances = existing_instances + list(Instance.objects.filter(name=name))
return existing_instances
else:
diff --git a/xos/tosca/resources/contentprovider.py b/xos/tosca/resources/contentprovider.py
index 06ca02e..66742ea 100644
--- a/xos/tosca/resources/contentprovider.py
+++ b/xos/tosca/resources/contentprovider.py
@@ -17,7 +17,7 @@
def get_xos_args(self):
sp_name = self.get_requirement("tosca.relationships.MemberOfServiceProvider", throw_exception=True)
sp = self.get_xos_object(ServiceProvider, name=sp_name)
- return {"name": self.nodetemplate.name,
+ return {"name": self.obj_name,
"serviceProvider": sp}
def can_delete(self, obj):
diff --git a/xos/tosca/resources/deployment.py b/xos/tosca/resources/deployment.py
index ed6734c..e5ab4b1 100644
--- a/xos/tosca/resources/deployment.py
+++ b/xos/tosca/resources/deployment.py
@@ -31,9 +31,8 @@
imageDep = ImageDeployments(deployment=obj, image=image)
imageDep.save()
- # Be a little more lightweight with 'flavors'. Since we install flavors
- # as a fixture rather than using TOSCA, we can just let the user
- # use a comma-separated list.
+ # DEPRECATED - should switch to using a requirement, so tosca can do
+ # the topsort properly
flavors = self.get_property("flavors")
if flavors:
@@ -47,6 +46,15 @@
flavor.deployments.add(obj)
flavor.save()
+ # The new, right way
+ for flavor in self.get_requirements("tosca.relationships.SupportsFlavor"):
+ flavor = self.get_xos_object(Flavor, name=flavor)
+ if not flavor.deployments.filter(id=obj.id).exists():
+ self.info("Attached flavor %s to deployment %s" % (flavor, obj))
+ flavor.deployments.add(obj)
+ flavor.save()
+
+
rolemap = ( ("tosca.relationships.AdminPrivilege", "admin"), )
self.postprocess_privileges(DeploymentRole, DeploymentPrivilege, rolemap, obj, "deployment")
diff --git a/xos/tosca/resources/deploymentrole.py b/xos/tosca/resources/deploymentrole.py
new file mode 100644
index 0000000..4339026
--- /dev/null
+++ b/xos/tosca/resources/deploymentrole.py
@@ -0,0 +1,29 @@
+# note: this module named xossite.py instead of site.py due to conflict with
+# /usr/lib/python2.7/site.py
+
+import os
+import pdb
+import sys
+import tempfile
+sys.path.append("/opt/tosca")
+from translator.toscalib.tosca_template import ToscaTemplate
+
+from core.models import User, Deployment, DeploymentRole
+
+from xosresource import XOSResource
+
+class XOSDeploymentRole(XOSResource):
+ provides = "tosca.nodes.DeploymentRole"
+ xos_model = DeploymentRole
+ name_field = "role"
+
+ def get_xos_args(self):
+ args = super(XOSDeploymentRole, self).get_xos_args()
+
+ return args
+
+ def delete(self, obj):
+ super(XOSDeploymentRole, self).delete(obj)
+
+
+
diff --git a/xos/tosca/resources/flavor.py b/xos/tosca/resources/flavor.py
new file mode 100644
index 0000000..f61ccad
--- /dev/null
+++ b/xos/tosca/resources/flavor.py
@@ -0,0 +1,37 @@
+# note: this module named xossite.py instead of site.py due to conflict with
+# /usr/lib/python2.7/site.py
+
+import os
+import pdb
+import sys
+import tempfile
+sys.path.append("/opt/tosca")
+from translator.toscalib.tosca_template import ToscaTemplate
+
+from core.models import User, Deployment, Flavor
+
+from xosresource import XOSResource
+
+class XOSFlavor(XOSResource):
+ provides = "tosca.nodes.Flavor"
+ xos_model = Flavor
+ copyin_props = ["flavor"]
+
+ def get_xos_args(self):
+ args = super(XOSFlavor, self).get_xos_args()
+
+ # Support the default where the OpenStack flavor is the same as the
+ # flavor name
+ if "flavor" not in args:
+ args["flavor"] = args["name"]
+
+ return args
+
+ def delete(self, obj):
+ if obj.instance_set.exists():
+ self.info("Flavor %s has active instances; skipping delete" % obj.name)
+ return
+ super(XOSFlavor, self).delete(obj)
+
+
+
diff --git a/xos/tosca/resources/node.py b/xos/tosca/resources/node.py
index 99e756f..128aaed 100644
--- a/xos/tosca/resources/node.py
+++ b/xos/tosca/resources/node.py
@@ -14,7 +14,7 @@
xos_model = Node
def get_xos_args(self):
- args = {"name": self.nodetemplate.name}
+ args = {"name": self.obj_name}
site = None
siteName = self.get_requirement("tosca.relationships.MemberOfSite", throw_exception=False)
@@ -44,9 +44,6 @@
obj.save()
def create(self):
- nodetemplate = self.nodetemplate
- sliceName = nodetemplate.name
-
xos_args = self.get_xos_args()
if not xos_args.get("site", None):
diff --git a/xos/tosca/resources/onosapp.py b/xos/tosca/resources/onosapp.py
index 72511b3..dccc8db 100644
--- a/xos/tosca/resources/onosapp.py
+++ b/xos/tosca/resources/onosapp.py
@@ -33,7 +33,7 @@
def get_existing_objs(self):
objs = ONOSApp.get_tenant_objects().all()
- objs = [x for x in objs if x.name == self.nodetemplate.name]
+ objs = [x for x in objs if x.name == self.obj_name]
return objs
def set_tenant_attr(self, obj, prop_name, value):
diff --git a/xos/tosca/resources/originserver.py b/xos/tosca/resources/originserver.py
index 196ce2e..46cf87e 100644
--- a/xos/tosca/resources/originserver.py
+++ b/xos/tosca/resources/originserver.py
@@ -15,18 +15,18 @@
name_field = "url"
copyin_props = []
- def nodetemplate_name_to_url(self):
- url = self.nodetemplate.name
+ def obj_name_to_url(self):
+ url = self.obj_name
if url.startswith("http_"):
url = url[5:]
return url
def get_existing_objs(self):
- url = self.nodetemplate_name_to_url()
+ url = self.obj_name_to_url()
return self.xos_model.objects.filter(**{self.name_field: url})
def get_xos_args(self):
- url = self.nodetemplate_name_to_url()
+ url = self.obj_name_to_url()
cp_name = self.get_requirement("tosca.relationships.MemberOfContentProvider", throw_exception=True)
cp = self.get_xos_object(ContentProvider, name=cp_name)
return {"url": url,
diff --git a/xos/tosca/resources/serviceprovider.py b/xos/tosca/resources/serviceprovider.py
index 8faec6c..2c9a167 100644
--- a/xos/tosca/resources/serviceprovider.py
+++ b/xos/tosca/resources/serviceprovider.py
@@ -17,7 +17,7 @@
def get_xos_args(self):
hpc_service_name = self.get_requirement("tosca.relationships.MemberOfService", throw_exception=True)
hpc_service = self.get_xos_object(HpcService, name=hpc_service_name)
- return {"name": self.nodetemplate.name,
+ return {"name": self.obj_name,
"hpcService": hpc_service}
def can_delete(self, obj):
diff --git a/xos/tosca/resources/siterole.py b/xos/tosca/resources/siterole.py
new file mode 100644
index 0000000..abb1f0d
--- /dev/null
+++ b/xos/tosca/resources/siterole.py
@@ -0,0 +1,29 @@
+# note: this module named xossite.py instead of site.py due to conflict with
+# /usr/lib/python2.7/site.py
+
+import os
+import pdb
+import sys
+import tempfile
+sys.path.append("/opt/tosca")
+from translator.toscalib.tosca_template import ToscaTemplate
+
+from core.models import User, Deployment, SiteRole
+
+from xosresource import XOSResource
+
+class XOSSiteRole(XOSResource):
+ provides = "tosca.nodes.SiteRole"
+ xos_model = SiteRole
+ name_field = "role"
+
+ def get_xos_args(self):
+ args = super(XOSSiteRole, self).get_xos_args()
+
+ return args
+
+ def delete(self, obj):
+ super(XOSSiteRole, self).delete(obj)
+
+
+
diff --git a/xos/tosca/resources/slice.py b/xos/tosca/resources/slice.py
index 48e5eb0..0add5ac 100644
--- a/xos/tosca/resources/slice.py
+++ b/xos/tosca/resources/slice.py
@@ -31,7 +31,7 @@
default_image = self.get_xos_object(Image, name=default_image_name, throw_exception=True)
args["default_image"] = default_image
- default_flavor_name = self.get_property_default("default_flavor", None)
+ default_flavor_name = self.get_requirement("tosca.relationships.DefaultFlavor", throw_exception=False)
if default_flavor_name:
default_flavor = self.get_xos_object(Flavor, name=default_flavor_name, throw_exception=True)
args["default_flavor"] = default_flavor
@@ -50,19 +50,6 @@
("tosca.relationships.PIPrivilege", "pi"), ("tosca.relationships.TechPrivilege", "tech") )
self.postprocess_privileges(SliceRole, SlicePrivilege, rolemap, obj, "slice")
- def create(self):
- nodetemplate = self.nodetemplate
- sliceName = nodetemplate.name
-
- xos_args = self.get_xos_args()
- slice = Slice(**xos_args)
- slice.caller = self.user
- slice.save()
-
- self.postprocess(slice)
-
- self.info("Created Slice '%s' on Site '%s'" % (str(slice), str(slice.site)))
-
def delete(self, obj):
if obj.instances.exists():
self.info("Slice %s has active instances; skipping delete" % obj.name)
diff --git a/xos/tosca/resources/slicerole.py b/xos/tosca/resources/slicerole.py
new file mode 100644
index 0000000..fc7d3f1
--- /dev/null
+++ b/xos/tosca/resources/slicerole.py
@@ -0,0 +1,29 @@
+# note: this module named xossite.py instead of site.py due to conflict with
+# /usr/lib/python2.7/site.py
+
+import os
+import pdb
+import sys
+import tempfile
+sys.path.append("/opt/tosca")
+from translator.toscalib.tosca_template import ToscaTemplate
+
+from core.models import User, Deployment, SliceRole
+
+from xosresource import XOSResource
+
+class XOSSliceRole(XOSResource):
+ provides = "tosca.nodes.SliceRole"
+ xos_model = SliceRole
+ name_field = "role"
+
+ def get_xos_args(self):
+ args = super(XOSSliceRole, self).get_xos_args()
+
+ return args
+
+ def delete(self, obj):
+ super(XOSSliceRole, self).delete(obj)
+
+
+
diff --git a/xos/tosca/resources/tenantrole.py b/xos/tosca/resources/tenantrole.py
new file mode 100644
index 0000000..316a5a3
--- /dev/null
+++ b/xos/tosca/resources/tenantrole.py
@@ -0,0 +1,29 @@
+# note: this module named xossite.py instead of site.py due to conflict with
+# /usr/lib/python2.7/site.py
+
+import os
+import pdb
+import sys
+import tempfile
+sys.path.append("/opt/tosca")
+from translator.toscalib.tosca_template import ToscaTemplate
+
+from core.models import User, Deployment, TenantRole
+
+from xosresource import XOSResource
+
+class XOSTenantRole(XOSResource):
+ provides = "tosca.nodes.TenantRole"
+ xos_model = TenantRole
+ name_field = "role"
+
+ def get_xos_args(self):
+ args = super(XOSTenantRole, self).get_xos_args()
+
+ return args
+
+ def delete(self, obj):
+ super(XOSTenantRole, self).delete(obj)
+
+
+
diff --git a/xos/tosca/resources/user.py b/xos/tosca/resources/user.py
index 8587c89..79b2e71 100644
--- a/xos/tosca/resources/user.py
+++ b/xos/tosca/resources/user.py
@@ -25,7 +25,7 @@
return args
def get_existing_objs(self):
- return self.xos_model.objects.filter(email = self.nodetemplate.name)
+ return self.xos_model.objects.filter(email = self.obj_name)
def postprocess(self, obj):
rolemap = ( ("tosca.relationships.AdminPrivilege", "admin"), ("tosca.relationships.AccessPrivilege", "access"),
@@ -62,8 +62,6 @@
udv.save()
def create(self):
- nodetemplate = self.nodetemplate
-
xos_args = self.get_xos_args()
if not xos_args.get("site",None):
diff --git a/xos/tosca/resources/xosresource.py b/xos/tosca/resources/xosresource.py
index cc4672b..e70cfa9 100644
--- a/xos/tosca/resources/xosresource.py
+++ b/xos/tosca/resources/xosresource.py
@@ -19,6 +19,17 @@
self.nodetemplate = nodetemplate
self.engine = engine
+ @property
+ def full_name(self):
+ return self.nodetemplate.name
+
+ @property
+ def obj_name(self):
+ if "#" in self.nodetemplate.name:
+ return self.nodetemplate.name.split("#",1)[1]
+ else:
+ return self.nodetemplate.name
+
def get_all_required_node_names(self):
results = []
for reqs in self.nodetemplate.requirements:
@@ -38,7 +49,7 @@
results.append(v["node"])
if (not results) and throw_exception:
- raise Exception("Failed to find requirement in %s using relationship %s" % (self.nodetemplate.name, relationship_name))
+ raise Exception("Failed to find requirement in %s using relationship %s" % (self.full_name, relationship_name))
return results
@@ -75,7 +86,7 @@
return objs[0]
def get_existing_objs(self):
- return self.xos_model.objects.filter(**{self.name_field: self.nodetemplate.name})
+ return self.xos_model.objects.filter(**{self.name_field: self.obj_name})
def get_model_class_name(self):
return self.xos_model.__name__
@@ -84,19 +95,19 @@
existing_objs = self.get_existing_objs()
if existing_objs:
if self.get_property_default("no-update", False):
- self.info("%s %s already exists. Skipping update due to 'no-update' property" % (self.get_model_class_name(), self.nodetemplate.name))
+ self.info("%s:%s (%s) already exists. Skipping update due to 'no-update' property" % (self.get_model_class_name(), self.obj_name, self.full_name))
else:
- self.info("%s %s already exists" % (self.get_model_class_name(), self.nodetemplate.name))
+ self.info("%s:%s (%s) already exists" % (self.get_model_class_name(), self.obj_name, self.full_name))
self.update(existing_objs[0])
else:
if self.get_property_default("no-create", False):
- self.info("%s %s does not exist, but 'no-create' is specified" % (self.get_model_class_name(), self.nodetemplate.name))
+ self.info("%s:%s (%s) does not exist, but 'no-create' is specified" % (self.get_model_class_name(), self.obj_name, self.full_name))
else:
self.create()
def can_delete(self, obj):
if self.get_property_default("no-delete",False):
- self.info("%s %s is marked 'no-delete'. Skipping delete." % (self.get_model_class_name(), self.nodetemplate.name))
+ self.info("%s:%s %s is marked 'no-delete'. Skipping delete." % (self.get_model_class_name(), self.obj_name, self.full_name))
return False
return True
@@ -170,7 +181,7 @@
args = {}
if self.name_field:
- args[self.name_field] = self.nodetemplate.name
+ args[self.name_field] = self.obj_name
# copy simple string properties from the template into the arguments
for prop in self.copyin_props:
@@ -186,7 +197,8 @@
def create(self):
xos_args = self.get_xos_args()
xos_obj = self.xos_model(**xos_args)
- xos_obj.caller = self.user
+ if self.user:
+ xos_obj.caller = self.user
xos_obj.save()
self.info("Created %s '%s'" % (self.xos_model.__name__,str(xos_obj)))
diff --git a/xos/tosca/resources/xossite.py b/xos/tosca/resources/xossite.py
index 0db2705..9b03bc5 100644
--- a/xos/tosca/resources/xossite.py
+++ b/xos/tosca/resources/xossite.py
@@ -19,9 +19,9 @@
def get_xos_args(self):
display_name = self.get_property("display_name")
if not display_name:
- display_name = self.nodetemplate.name
+ display_name = self.obj_name
- args = {"login_base": self.nodetemplate.name,
+ args = {"login_base": self.obj_name,
"name": display_name}
# copy simple string properties from the template into the arguments
@@ -33,7 +33,7 @@
return args
def get_existing_objs(self):
- return self.xos_model.objects.filter(login_base = self.nodetemplate.name)
+ return self.xos_model.objects.filter(login_base = self.obj_name)
def postprocess(self, obj):
results = []
@@ -44,19 +44,20 @@
deployment = self.get_xos_object(Deployment, name=deployment_name)
controller_name = None
- for sd_req in v["requirements"]:
+ for sd_req in v.get("requirements", []):
for (sd_req_k, sd_req_v) in sd_req.items():
if sd_req_v["relationship"] == "tosca.relationships.UsesController":
controller_name = sd_req_v["node"]
- if not controller_name:
- raise Exception("Controller must be specified in SiteDeployment relationship")
-
- controller = self.get_xos_object(Controller, name=controller_name, throw_exception=True)
+ if controller_name:
+ controller = self.get_xos_object(Controller, name=controller_name, throw_exception=True)
+ else:
+ controller = None
+ # raise Exception("Controller must be specified in SiteDeployment relationship")
existing_sitedeps = SiteDeployment.objects.filter(deployment=deployment, site=obj)
if existing_sitedeps:
sd = existing_sitedeps[0]
- if sd.controller != controller:
+ if (sd.controller != controller) and (controller != None):
sd.controller = controller
sd.save()
self.info("SiteDeployment from %s to %s updated controller" % (str(obj), str(deployment)))
@@ -67,20 +68,6 @@
sitedep.save()
self.info("Created SiteDeployment from %s to %s" % (str(obj), str(deployment)))
- def create(self):
- nodetemplate = self.nodetemplate
- siteName = nodetemplate.name
-
- xos_args = self.get_xos_args()
-
- site = Site(**xos_args)
- site.caller = self.user
- site.save()
-
- self.postprocess(site)
-
- self.info("Created Site '%s'" % (str(site), ))
-
def delete(self, obj):
if obj.slices.exists():
self.info("Site %s has active slices; skipping delete" % obj.name)
diff --git a/xos/tosca/run.py b/xos/tosca/run.py
index 591582b..58dc22b 100644
--- a/xos/tosca/run.py
+++ b/xos/tosca/run.py
@@ -25,7 +25,10 @@
username = sys.argv[1]
template_name = sys.argv[2]
- u = User.objects.get(email=username)
+ if username.lower()=="none":
+ u=None
+ else:
+ u = User.objects.get(email=username)
xt = XOSTosca(file(template_name).read(), parent_dir=currentdir, log_to_console=True)
xt.execute(u)
diff --git a/xos/tosca/samples/slice_default_image.yaml b/xos/tosca/samples/slice_default_image.yaml
index 91b95c7..ff63373 100644
--- a/xos/tosca/samples/slice_default_image.yaml
+++ b/xos/tosca/samples/slice_default_image.yaml
@@ -16,6 +16,9 @@
trusty-server-multi-nic:
type: tosca.nodes.Image
+ m1.small:
+ type: tosca.nodes.Flavor
+
mysite_test1:
type: tosca.nodes.Slice
requirements:
@@ -25,6 +28,6 @@
- default_image:
node: trusty-server-multi-nic
relationship: tosca.relationships.DefaultImage
- properties:
- default_flavor: m1.small
-
+ -default_flavor:
+ node: m1.small
+ relationship: tosca.relationships.DefaultFlavor
diff --git a/xos/xos/settings.py b/xos/xos/settings.py
index f73e383..61f4ac2 100644
--- a/xos/xos/settings.py
+++ b/xos/xos/settings.py
@@ -179,6 +179,7 @@
'services.ceilometer',
'services.requestrouter',
'services.syndicate_storage',
+ 'services.openvpn',
'services.vtr',
'services.vrouter',
'services.vtn',