opennebula-oca 3.8.0 → 3.9.0.beta

data/lib/opennebula/system.rb

@@ -0,0 +1,141 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
+
+require 'opennebula/pool'
+
+module OpenNebula
+    class System
+        #######################################################################
+        # Constants and Class attribute accessors
+        #######################################################################
+
+        SYSTEM_METHODS = {
+            :userquotainfo      => "userquota.info",
+            :userquotaupdate    => "userquota.update",
+            :groupquotainfo     => "groupquota.info",
+            :groupquotaupdate   => "groupquota.update",
+            :version            => "system.version",
+            :config             => "system.config"
+        }
+
+        #######################################################################
+        # Class constructor
+        #######################################################################
+
+        # Constructor
+        #   @param [Client] client that represents a XML-RPC connection
+        def initialize(client)
+            @client = client
+        end
+
+        #######################################################################
+        # XML-RPC Methods
+        #######################################################################
+
+        # Gets the oned version
+        #
+        # @return [String, OpenNebula::Error] the oned version in case
+        #   of success, Error otherwise
+        def get_oned_version()
+            return @client.call("system.version")
+        end
+
+        # Returns whether of not the oned version is the same as the OCA version
+        #
+        # @return [true, false, OpenNebula::Error] true if oned is the same
+        #   version
+        def compatible_version()
+            no_revision = VERSION[/^\d+\.\d+\./]
+            oned_v = get_oned_version
+
+            if OpenNebula.is_error?(oned_v)
+                return oned_v
+            end
+
+            return (oned_v =~ /#{no_revision}/) != nil
+        end
+
+        # Gets the oned configuration
+        #
+        # @return [XMLElement, OpenNebula::Error] the oned configuration in case
+        #   of success, Error otherwise
+        def get_configuration()
+            rc = @client.call(SYSTEM_METHODS[:config])
+
+            if OpenNebula.is_error?(rc)
+                return rc
+            end
+
+            config = XMLElement.new
+            config.initialize_xml(rc, 'TEMPLATE')
+
+            return config
+        end
+
+        # Gets the default user quota limits
+        #
+        # @return [XMLElement, OpenNebula::Error] the default user quota in case
+        #   of success, Error otherwise
+        def get_user_quotas()
+            rc = @client.call(SYSTEM_METHODS[:userquotainfo])
+
+            if OpenNebula.is_error?(rc)
+                return rc
+            end
+
+            default_quotas = XMLElement.new
+            default_quotas.initialize_xml(rc, 'DEFAULT_USER_QUOTAS')
+
+            return default_quotas
+        end
+
+        # Sets the default user quota limits
+        # @param quota [String] a template (XML or txt) with the new quota limits
+        #
+        # @return [nil, OpenNebula::Error] nil in case of success, Error
+        #   otherwise
+        def set_user_quotas(quota)
+            return @client.call(SYSTEM_METHODS[:userquotaupdate], quota)
+        end
+
+        # Gets the default group quota limits
+        #
+        # @return [XMLElement, OpenNebula::Error] the default group quota in case
+        #   of success, Error otherwise
+        def get_group_quotas()
+            rc = @client.call(SYSTEM_METHODS[:groupquotainfo])
+
+            if OpenNebula.is_error?(rc)
+                return rc
+            end
+
+            default_quotas = XMLElement.new
+            default_quotas.initialize_xml(rc, 'DEFAULT_GROUP_QUOTAS')
+
+            return default_quotas
+        end
+
+        # Sets the default group quota limits
+        # @param quota [String] a template (XML or txt) with the new quota limits
+        #
+        # @return [nil, OpenNebula::Error] nil in case of success, Error
+        #   otherwise
+        def set_group_quotas(quota)
+            return @client.call(SYSTEM_METHODS[:groupquotaupdate], quota)
+        end
+    end
+end

data/lib/{OpenNebula/Template.rb → opennebula/template.rb}

@@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #
 
 
-require 'OpenNebula/Pool'
+require 'opennebula/pool_element'
 
 module OpenNebula
     class Template < PoolElement
@@ -32,7 +32,8 @@ module OpenNebula
             :delete      => "template.delete",
             :chown       => "template.chown",
             :chmod       => "template.chmod",
-            :clone       => "template.clone"
+            :clone       => "template.clone",
+            :rename      => "template.rename"
         }
 
         # Creates a Template description with just its identifier
@@ -157,6 +158,16 @@ module OpenNebula
             return rc
         end
 
+        # Renames this Template
+        #
+        # @param name [String] New name for the Template.
+        #
+        # @return [nil, OpenNebula::Error] nil in case of success, Error
+        #   otherwise
+        def rename(name)
+            return call(TEMPLATE_METHODS[:rename], @pe_id, name)
+        end
+
         #######################################################################
         # Helpers to get Template information
         #######################################################################

data/lib/{OpenNebula/TemplatePool.rb → opennebula/template_pool.rb}

@@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #
 
 
-require 'OpenNebula/Pool'
+require 'opennebula/pool'
 
 module OpenNebula
     class TemplatePool < Pool

data/lib/{OpenNebula/User.rb → opennebula/user.rb}

@@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #
 
 
-require 'OpenNebula/Pool'
+require 'opennebula/pool_element'
 
 module OpenNebula
     class User < PoolElement

data/lib/{OpenNebula/UserPool.rb → opennebula/user_pool.rb}

@@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #
 
 
-require 'OpenNebula/Pool'
+require 'opennebula/pool'
 
 module OpenNebula
     class UserPool < Pool

data/lib/{OpenNebula/VirtualMachine.rb → opennebula/virtual_machine.rb}

@@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #
 
 
-require 'OpenNebula/Pool'
+require 'opennebula/pool_element'
 
 module OpenNebula
     class VirtualMachine < PoolElement
@@ -35,7 +35,8 @@ module OpenNebula
             :chmod      => "vm.chmod",
             :monitoring => "vm.monitoring",
             :attach     => "vm.attach",
-            :detach     => "vm.detach"
+            :detach     => "vm.detach",
+            :rename     => "vm.rename"
         }
 
         VM_STATE=%w{INIT PENDING HOLD ACTIVE STOPPED SUSPENDED DONE FAILED 
@@ -140,15 +141,16 @@ module OpenNebula
 
         # Initiates the instance of the VM on the target host.
         #
-        # +host_id+ The host id (hid) of the target host where
-        # the VM will be instantiated.
-        def deploy(host_id)
-            return Error.new('ID not defined') if !@pe_id
-
-            rc = @client.call(VM_METHODS[:deploy], @pe_id, host_id.to_i)
-            rc = nil if !OpenNebula.is_error?(rc)
-
-            return rc
+        # @param host_id [Interger] The host id (hid) of the target host where
+        #   the VM will be instantiated.
+        # @param enforce [true|false] If it is set to true, the host capacity
+        #   will be checked, and the deployment will fail if the host is
+        #   overcommited. Defaults to false
+        #
+        # @return [nil, OpenNebula::Error] nil in case of success, Error
+        #   otherwise
+        def deploy(host_id, enforce=false)
+            return call(VM_METHODS[:deploy], @pe_id, host_id.to_i, enforce)
         end
 
         # Shutdowns an already deployed VM
@@ -247,23 +249,31 @@ module OpenNebula
         end
 
         # Saves a running VM and starts it again in the specified host
-        def migrate(host_id)
-            return Error.new('ID not defined') if !@pe_id
-
-            rc = @client.call(VM_METHODS[:migrate], @pe_id, host_id.to_i, false)
-            rc = nil if !OpenNebula.is_error?(rc)
-
-            return rc
+        #
+        # @param host_id [Interger] The host id (hid) of the target host where
+        #   the VM will be migrated.
+        # @param enforce [true|false] If it is set to true, the host capacity
+        #   will be checked, and the deployment will fail if the host is
+        #   overcommited. Defaults to false
+        #
+        # @return [nil, OpenNebula::Error] nil in case of success, Error
+        #   otherwise
+        def migrate(host_id, enforce=false)
+            return call(VM_METHODS[:migrate], @pe_id, host_id.to_i, false, enforce)
         end
 
         # Migrates a running VM to another host without downtime
-        def live_migrate(host_id)
-            return Error.new('ID not defined') if !@pe_id
-
-            rc = @client.call(VM_METHODS[:migrate], @pe_id, host_id.to_i, true)
-            rc = nil if !OpenNebula.is_error?(rc)
-
-            return rc
+        #
+        # @param host_id [Interger] The host id (hid) of the target host where
+        #   the VM will be migrated.
+        # @param enforce [true|false] If it is set to true, the host capacity
+        #   will be checked, and the deployment will fail if the host is
+        #   overcommited. Defaults to false
+        #
+        # @return [nil, OpenNebula::Error] nil in case of success, Error
+        #   otherwise
+        def live_migrate(host_id, enforce=false)
+            return call(VM_METHODS[:migrate], @pe_id, host_id.to_i, true, enforce)
         end
 
         # Set the specified vm's disk to be saved in a new image
@@ -352,6 +362,16 @@ module OpenNebula
             return @client.call(VM_METHODS[:monitoring], @pe_id)
         end
 
+        # Renames this VM
+        #
+        # @param name [String] New name for the VM.
+        #
+        # @return [nil, OpenNebula::Error] nil in case of success, Error
+        #   otherwise
+        def rename(name)
+            return call(VM_METHODS[:rename], @pe_id, name)
+        end
+
         #######################################################################
         # Helpers to get VirtualMachine information
         #######################################################################

data/lib/{OpenNebula/VirtualMachinePool.rb → opennebula/virtual_machine_pool.rb}

@@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #
 
 
-require 'OpenNebula/Pool'
+require 'opennebula/pool'
 
 module OpenNebula
     class VirtualMachinePool < Pool

data/lib/{OpenNebula/VirtualNetwork.rb → opennebula/virtual_network.rb}

@@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #
 
 
-require 'OpenNebula/Pool'
+require 'opennebula/pool_element'
 
 module OpenNebula
     class VirtualNetwork < PoolElement
@@ -34,7 +34,8 @@ module OpenNebula
             :chmod      => "vn.chmod",
             :update     => "vn.update",
             :hold       => "vn.hold",
-            :release    => "vn.release"
+            :release    => "vn.release",
+            :rename     => "vn.rename"
         }
 
         VN_TYPES=%w{RANGED FIXED}
@@ -191,6 +192,16 @@ module OpenNebula
             super(VN_METHODS[:chmod], owner_u, owner_m, owner_a, group_u,
                 group_m, group_a, other_u, other_m, other_a)
         end
+        
+        # Renames this virtual network
+        #
+        # @param name [String] New name for the virtual network.
+        #
+        # @return [nil, OpenNebula::Error] nil in case of success, Error
+        #   otherwise
+        def rename(name)
+            return call(VN_METHODS[:rename], @pe_id, name)
+        end
 
         #######################################################################
         # Helpers to get VirtualNetwork information

data/lib/{OpenNebula/VirtualNetworkPool.rb → opennebula/virtual_network_pool.rb}

@@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #
 
 
-require 'OpenNebula/Pool'
+require 'opennebula/pool'
 
 module OpenNebula
     class VirtualNetworkPool < Pool

data/lib/opennebula/x509_auth.rb

@@ -0,0 +1,241 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
+require 'openssl'
+require 'base64'
+require 'fileutils'
+require 'yaml'
+
+module OpenNebula; end
+
+# X509 authentication class. It can be used as a driver for auth_mad
+# as auth method is defined. It also holds some helper methods to be used
+# by oneauth command
+class OpenNebula::X509Auth
+    ###########################################################################
+    #Constants with paths to relevant files and defaults
+    ###########################################################################
+    if !ENV["ONE_LOCATION"]
+        ETC_LOCATION      = "/etc/one"
+    else
+        ETC_LOCATION      = ENV["ONE_LOCATION"] + "/etc"
+    end
+
+    LOGIN_PATH = ENV['HOME']+'/.one/one_x509'
+
+    X509_AUTH_CONF_PATH = ETC_LOCATION + "/auth/x509_auth.conf"
+
+    X509_DEFAULTS = {
+        :ca_dir   => ETC_LOCATION + "/auth/certificates"
+    }
+
+    ###########################################################################
+    # Initialize x509Auth object
+    #
+    # @param [Hash] default options for path
+    # @option options [String] :certs_pem
+    #         cert chain array in colon-separated pem format
+    # @option options [String] :key_pem
+    #         key in pem format
+    # @option options [String] :ca_dir
+    #         directory of trusted CA's. Needed for auth method, not for login.
+    def initialize(options={})
+        @options ||= X509_DEFAULTS
+        @options.merge!(options)
+
+        load_options(X509_AUTH_CONF_PATH)
+
+        @cert_chain = @options[:certs_pem].collect do |cert_pem|
+            OpenSSL::X509::Certificate.new(cert_pem)
+        end
+
+        if @options[:key_pem]
+            @key  = OpenSSL::PKey::RSA.new(@options[:key_pem])
+        end
+    end
+
+    ###########################################################################
+    # Client side
+    ###########################################################################
+
+    # Creates the login file for x509 authentication at ~/.one/one_x509.
+    # By default it is valid as long as the certificate is valid. It can
+    # be changed to any number of seconds with expire parameter (sec.)
+    def login(user, expire=0)
+        write_login(login_token(user,expire))
+    end
+
+    # Returns a valid password string to create a user using this auth driver.
+    # In this case the dn of the user certificate.
+    def password
+        @cert_chain[0].subject.to_s.delete("\s")
+    end
+
+    # Generates a login token in the form:
+    # user_name:x509:user_name:time_expires:cert_chain
+    #   - user_name:time_expires is encrypted with the user certificate
+    #   - user_name:time_expires:cert_chain is base64 encoded
+    def login_token(user, expire)
+        if expire != 0
+            expires = Time.now.to_i + expire.to_i
+        else
+            expires = @cert_chain[0].not_after.to_i
+        end
+
+        text_to_sign = "#{user}:#{expires}"
+        signed_text  = encrypt(text_to_sign)
+
+        certs_pem = @cert_chain.collect{|cert| cert.to_pem}.join(":")
+
+        token     = "#{signed_text}:#{certs_pem}"
+        token64   = Base64::encode64(token).strip.delete("\n")
+
+        login_out = "#{user}:#{token64}"
+
+        login_out
+    end
+
+    ###########################################################################
+    # Server side
+    ###########################################################################
+    # auth method for auth_mad
+    def authenticate(user, pass, signed_text)
+        begin
+            # Decryption demonstrates that the user posessed the private key.
+            _user, expires = decrypt(signed_text).split(':')
+
+            return "User name missmatch" if user != _user
+
+            return "x509 proxy expired"  if Time.now.to_i >= expires.to_i
+
+            # Some DN in the chain must match a DN in the password
+            dn_ok = @cert_chain.each do |cert|
+                if pass.split('|').include?(cert.subject.to_s.delete("\s"))
+                    break true
+                end
+            end
+
+            unless dn_ok == true
+                return "Certificate subject missmatch"
+            end
+
+            validate
+
+            return true
+        rescue => e
+            return e.message
+        end
+    end
+
+private
+    # Writes a login_txt to the login file as defined in LOGIN_PATH
+    # constant
+    def write_login(login_txt)
+        # Inits login file path and creates ~/.one directory if needed
+        # Set instance variables
+        login_dir = File.dirname(LOGIN_PATH)
+
+        begin
+            FileUtils.mkdir_p(login_dir)
+        rescue Errno::EEXIST
+        end
+
+        file = File.open(LOGIN_PATH, "w")
+        file.write(login_txt)
+        file.close
+
+        File.chmod(0600,LOGIN_PATH)
+    end
+
+    # Load class options form a configuration file (yaml syntax)
+    def load_options(conf_file)
+        if File.readable?(conf_file)
+            conf_txt = File.read(conf_file)
+            conf_opt = YAML::load(conf_txt)
+
+            @options.merge!(conf_opt) if conf_opt != false
+        end
+    end
+
+    ###########################################################################
+    #                       Methods to encrpyt/decrypt keys
+    ###########################################################################
+    # Encrypts data with the private key of the user and returns
+    # base 64 encoded output in a single line
+    def encrypt(data)
+        return nil if !@key
+        Base64::encode64(@key.private_encrypt(data)).delete("\n").strip
+    end
+
+    # Decrypts base 64 encoded data with pub_key (public key)
+    def decrypt(data)
+        @cert_chain[0].public_key.public_decrypt(Base64::decode64(data))
+    end
+
+    ###########################################################################
+    # Validate the user certificate
+    ###########################################################################
+    def validate
+        now    = Time.now
+        failed = "Could not validate user credentials: "
+
+        # Check start time and end time of certificates
+        @cert_chain.each do |cert|
+            if cert.not_before > now || cert.not_after < now
+                raise failed +  "Certificate not valid. Current time is " +
+                  now.localtime.to_s + "."
+            end
+        end
+
+        begin
+            # Validate the proxy certifcates
+            signee = @cert_chain[0]
+
+            @cert_chain[1..-1].each do |cert|
+                if !((signee.issuer.to_s == cert.subject.to_s) &&
+                     (signee.verify(cert.public_key)))
+                    raise  failed + signee.subject.to_s + " with issuer " +
+                           signee.issuer.to_s + " was not verified by " +
+                           cert.subject.to_s + "."
+                end
+                signee = cert
+            end
+
+            # Validate the End Entity certificate
+            if !@options[:ca_dir]
+                raise failed + "No certifcate authority directory was specified."
+            end
+
+            begin
+                ca_hash = signee.issuer.hash.to_s(16)
+                ca_path = @options[:ca_dir] + '/' + ca_hash + '.0'
+
+                ca_cert = OpenSSL::X509::Certificate.new(File.read(ca_path))
+
+                if !((signee.issuer.to_s == ca_cert.subject.to_s) &&
+                     (signee.verify(ca_cert.public_key)))
+                    raise  failed + signee.subject.to_s + " with issuer " +
+                           signee.issuer.to_s + " was not verified by " +
+                           ca_cert.subject.to_s + "."
+                end
+
+                signee = ca_cert
+            end while ca_cert.subject.to_s != ca_cert.issuer.to_s
+        rescue
+            raise
+        end
+    end
+end

data/lib/{OpenNebula/XMLUtils.rb → opennebula/xml_element.rb}

@@ -16,21 +16,6 @@
 
 
 module OpenNebula
-
-    begin
-        require 'nokogiri'
-        NOKOGIRI=true
-    rescue LoadError
-        NOKOGIRI=false
-    end
-
-    begin
-        require 'rexml/formatters/pretty'
-        REXML_FORMATTERS=true
-    rescue LoadError
-        REXML_FORMATTERS=false
-    end
-
     # The XMLElement class provides an abstraction of the underlying
     # XML parser engine. It provides XML-related methods for the Pool and
     # PoolElement classes
@@ -79,12 +64,18 @@ module OpenNebula
 
             return doc
         end
-        # Extract an element from the XML description of the PoolElement.
-        # key::_String_ The name of the element
-        # [return] _String_ the value of the element
-        # Examples:
-        #   ['VID'] # gets VM id
-        #   ['HISTORY/HOSTNAME'] # get the hostname from the history
+
+        # Extract a text element from the XML description of the PoolElement.
+        #
+        # @param [String] key Xpath expression
+        #
+        # @return [String, nil] If a text element is found, the element's
+        #   text value. Otherwise, an empty string or nil, depending
+        #   on the backend
+        #
+        # @example
+        #   vm['VID'] # gets VM id
+        #   vm['HISTORY/HOSTNAME'] # get the hostname from the history
         def [](key)
             if NOKOGIRI
                 element=@xml.xpath(key.to_s)