opennebula 5.12.13 → 5.13.80.pre

data/lib/nsxv_client.rb

@@ -0,0 +1,176 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+module NSXDriver
+
+    ONE_LOCATION = ENV['ONE_LOCATION'] unless defined?(ONE_LOCATION)
+
+    if !ONE_LOCATION
+        RUBY_LIB_LOCATION = '/usr/lib/one/ruby' \
+            unless defined?(RUBY_LIB_LOCATION)
+        GEMS_LOCATION     = '/usr/share/one/gems' \
+            unless defined?(GEMS_LOCATION)
+    else
+        RUBY_LIB_LOCATION = ONE_LOCATION + '/lib/ruby' \
+            unless defined?(RUBY_LIB_LOCATION)
+        GEMS_LOCATION     = ONE_LOCATION + '/share/gems' \
+            unless defined?(GEMS_LOCATION)
+    end
+
+    if File.directory?(GEMS_LOCATION)
+        real_gems_path = File.realpath(GEMS_LOCATION)
+        if !defined?(Gem) || Gem.path != [real_gems_path]
+            $LOAD_PATH.reject! {|l| l =~ /vendor_ruby/ }
+            require 'rubygems'
+            Gem.use_paths(real_gems_path)
+        end
+    end
+
+    $LOAD_PATH << RUBY_LIB_LOCATION
+
+    # Class NSXVClient
+    class NSXVClient < NSXClient
+
+        # ATTIBUTES
+        attr_accessor :nsxmgr
+        attr_accessor :nsx_user
+        attr_accessor :nsx_password
+        attr_accessor :nsx_type
+
+        # CONSTRUCTORS
+        def initialize(nsxmgr, nsx_user, nsx_password)
+            super(nsxmgr, nsx_user, nsx_password)
+            @nsx_type = NSXConstants::NSXV
+        end
+
+        # Prepare headers
+        def add_headers(aditional_headers = [])
+            headers = NSXConstants::HEADER_XML.clone
+            unless aditional_headers.empty?
+                aditional_headers.each do |header|
+                    headers[header.keys[0]] = header.values[0]
+                end
+            end
+            headers
+        end
+
+        # METHODS
+        def get(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK,
+                               NSXConstants::CODE_NO_CONTENT]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Get.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            Nokogiri::XML response.body
+        end
+
+        def get_full_response(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK,
+                               NSXConstants::CODE_NO_CONTENT]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Get.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            check_response(response, valid_codes)
+        end
+
+        # Return: id of the created object
+        def post(url, data, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_CREATED,
+                               NSXConstants::CODE_OK]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Post.new(uri.request_uri, headers)
+            request.body = data
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            response.body
+        end
+
+        def put(url, data, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_CREATED,
+                               NSXConstants::CODE_OK]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Put.new(uri.request_uri, headers)
+            request.body = data
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            response.body
+        end
+
+        def delete(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK,
+                               NSXConstants::CODE_NO_CONTENT]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Delete.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            check_response(response, valid_codes)
+        end
+
+        def get_token(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Post.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            response_xml = Nokogiri::XML response.body
+            token = response_xml.xpath('//authToken/value').text
+            { 'token' => token }.to_json
+        end
+
+    end
+
+end

data/lib/nsxv_dfw.rb

@@ -0,0 +1,202 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+module NSXDriver
+
+    # Class Logical Switch
+    class NSXVdfw < DistributedFirewall
+
+        # ATTRIBUTES
+        attr_reader :one_section_id
+
+        # CONSTRUCTOR
+        # Creates OpenNebula section if not exists
+        def initialize(nsx_client)
+            super(nsx_client)
+            # Construct base URLs
+            @base_url = NSXConstants::NSXV_DFW_BASE
+            @url_sections = @base_url + \
+                            NSXConstants::NSXV_DFW_SECTIONS
+            @one_section_id = init_section
+        end
+
+        # Sections
+        # Get all sections
+        # Creates OpenNebula section if not exists and returns
+        # its section_id. Returns its section_id if OpenNebula
+        # section already exists
+        def init_section
+            one_section = section_by_name(NSXConstants::ONE_SECTION_NAME)
+            one_section ||= create_section(NSXConstants::ONE_SECTION_NAME)
+            return one_section.xpath('@id').text if one_section
+        end
+
+        # Get all sections
+        # Params:
+        # - None
+        # Return:
+        # - nil | [Nokogiri::XML::NodeSet] sections
+        def sections
+            result = @nsx_client.get(@base_url)
+            xp = NSXConstants::NSXV_DFW_SECTION_XPATH
+            sections = result.xpath(xp)
+            return sections unless sections.empty?
+        end
+
+        # Get section by id
+        # Params:
+        # - section_id: [String] ID of the section or @one_section_id
+        # Return:
+        # - nil | [Nokogiri::XML::NodeSet] section
+        def section_by_id(section_id = @one_section_id)
+            url = @url_sections + '/' + section_id
+            result = @nsx_client.get(url)
+            xp = NSXConstants::NSXV_DFW_SECTION_XPATH
+            section = result.xpath(xp)
+            return section unless section.empty?
+        end
+
+        # Get section etag needed to manage FW rules
+        # Params:
+        # - section_id: [String] ID of the section or @one_section_id
+        # Return:
+        # - nil | etag [String] ID of the etag header
+        def section_etag(section_id = @one_section_id)
+            url = @url_sections + '/' + section_id
+            response = @nsx_client.get_full_response(url)
+            etag = response['etag']
+            return etag.delete('\"') if etag
+        end
+
+        # Get section by name
+        # Params:
+        # - section_name: [String] Name of the section
+        # Return:
+        # - nil | [Nokogiri::XML::NodeSet] section
+        def section_by_name(section_name)
+            url = @url_sections + '?name=' + section_name
+            result = @nsx_client.get(url) rescue nil
+            return if result.nil?
+
+            xp = NSXConstants::NSXV_DFW_SECTION_XPATH
+            result.xpath(xp)
+        end
+
+        # Create new section
+        # Params:
+        # - section_name [String] Name of the section
+        # Return:
+        # - [Nokogiri::XML::NodeSet]
+        def create_section(section_name)
+            section_spec =
+                "<section name=\"#{section_name}\"\
+                stateless=\"false\" tcpStrict=\"true\" useSid=\"false\">\
+                </section>"
+
+            section = Nokogiri::XML @nsx_client
+                      .post(@url_sections, section_spec)
+            section_id = section.xpath('//section/@id').text
+            result = section_by_id(section_id)
+            raise 'Section was not created in DFW' unless result
+
+            result
+        end
+
+        # Delete section
+        # Params:
+        # - section_id: [String] ID of the section or @one_section_id
+        def delete_section(section_id = @one_section_id)
+            url = @url_sections + '/' + section_id
+            @nsx_client.delete(url)
+        end
+
+        # Rules
+        # Get all rules
+        # Params:
+        # - section_id: [String] ID of the section or @one_section_id
+        # Return:
+        # - [Nokogiri::XML::NodeSet]
+        def rules(section_id = @one_section_id)
+            url = @url_sections + '/' + section_id
+            rules = @nsx_client.get(url)
+            rules.xpath(NSXConstants::NSXV_DFW_RULE_XPATH)
+        end
+
+        # Get rule by id
+        # Return:
+        # - rule | nil
+        def rule_by_id(rule_id, section_id = @one_section_id)
+            url = @url_sections + '/' + section_id + '/rules/' + rule_id
+            valid_codes = [NSXConstants::CODE_CREATED,
+                           NSXConstants::CODE_OK,
+                           NSXConstants::CODE_BAD_REQUEST,
+                           NSXConstants::CODE_NOT_FOUND]
+            additional_headers = []
+            result = @nsx_client.get(url, additional_headers, valid_codes)
+            result.xpath(NSXConstants::NSXV_DFW_RULE_XPATH)
+        end
+
+        # Get rules by name
+        # Return:
+        # - [Nokogiri::XML::NodeSet]
+        def rules_by_name(rule_name, section_id = @one_section_id)
+            rules = Nokogiri::XML::NodeSet.new(Nokogiri::XML::Document.new)
+
+            all_rules = rules(section_id)
+            return rules unless all_rules
+
+            all_rules.xpath("//rule[name=\"#{rule_name}\"]")
+        end
+
+        # Create new rule
+        def create_rule(rule_spec, section_id = @one_section_id)
+            # etag is needed to add a new header If-Match
+            etag = section_etag(section_id)
+            raise NSXError::ObjectNotFound('etag') \
+                unless etag
+
+            aditional_headers = [{ 'If-Match' => etag }]
+            url = @url_sections + '/' + section_id + '/rules'
+            @nsx_client.post(url, rule_spec, aditional_headers)
+        end
+
+        # Update rule
+        def update_rule(rule_id, rule_spec, section_id = @one_section_id)
+            url = @url_sections + '/' + section_id + '/rules/' + rule_id
+            rule = rule_by_id(rule_id)
+            raise "Rule id #{rule_id} not found" unless rule
+
+            # etag is needed to add a new header If-Match
+            etag = section_etag(section_id)
+            raise "Cannot get etag from section: #{section_id}" unless etag
+
+            aditional_headers = [{ 'If-Match' => etag }]
+            @nsx_client.put(url, rule_spec, aditional_headers)
+        end
+
+        # Delete rule
+        def delete_rule(rule_id, section_id = @one_section_id)
+            url = @url_sections + '/' + section_id + '/rules/' + rule_id
+            # etag is needed to add a new header If-Match
+            etag = section_etag(section_id)
+            raise "Cannot get etag from section: #{section_id}" unless etag
+
+            aditional_headers = [{ 'If-Match' => etag }]
+            @nsx_client.delete(url, aditional_headers)
+        end
+
+    end
+
+end

data/lib/nsxv_logical_port.rb

@@ -0,0 +1,107 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+module NSXDriver
+
+    # The NSXVLogicalPort class represents a LogicalPort in NSXv
+    class NSXVLogicalPort < LogicalPort
+
+        # ATTRIBUTES
+        attr_reader :id, :name, :type, :url
+
+        # CONSTRUCTOR
+        # Logical port class variables:
+        # @lp_id
+        # @url_lp
+        # @lp_name
+        # @lp_type
+        def initialize(nsx_client, id = nil, data = nil)
+            super(nsx_client)
+            # lpid can be:
+            #   - Logical port ID
+            #   - Logical port attach ID
+            if id
+                initialize_with_id(id)
+            else
+                if data
+                    begin
+                        @id = new_logical_port(data)
+                    rescue NSXError::IncorrectResponseCodeError => e
+                        raise 'Logical Port not created in ' \
+                        "NSX Manager: #{e.message}"
+                    end
+                    unless @id
+                        raise 'Logical Port not created in NSX Manager: '\
+                              'generic error'
+                    end
+                    # Construct logical port class variables
+                    @url = NSXConstants::NSXT_LP_BASE + @id
+                    @name = lp_name
+                    @type = lp_type
+                end
+            end
+        end
+
+        # Creates a NSXTLogicalPort from its id
+        def initialize_with_id(id)
+            # First try lpid as logical port id
+            @id = id
+            # Construct URL of the created logical switch
+            @url = NSXConstants::NSXV_LP_BASE + @id
+            if lp?
+                @name = lp_name
+                @type = lp_type
+            else
+                # Second try with lpid as logical port attach id
+                @id = lp_with_attachid(id)
+                if @id.nil?
+                    error_msg = "Logical port with id: #{id} not found"
+                    error = NSXError::ObjectNotFound
+                            .new(error_msg)
+                    raise error
+                else
+                    @url = NSXConstants::NSXT_LP_BASE + @id
+                    @name = lp_name
+                    @type = lp_type
+                end
+            end
+        end
+
+        # Check if logical port exists
+        def lp?
+            @nsx_client.get(@url) ? true : false
+        end
+
+        # Get logical port id from attach id
+        def lp_with_attachid(attach_id)
+            lps = @nsx_client.get(NSXConstants::NSXT_LP_BASE)
+            lps['results'].each do |lp|
+                return lp['id'] if lp['attachment']['id'] == attach_id
+            end
+        end
+
+        # Get logical port display name
+        def lp_name
+            @nsx_client.get(@url)['display_name']
+        end
+
+        # Get resource type
+        def lp_type
+            @nsx_client.get(@url)['resource_type']
+        end
+
+    end
+
+end

data/lib/nsxv_rule.rb

@@ -0,0 +1,172 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+module NSXDriver
+
+    module NSXRule
+
+        # Module NSXVRule
+        module NSXVRule
+
+            def nsxv_rule_spec(rule, vm_data, nic_data)
+                rule_name = "#{rule[:id]}-#{rule[:name]}-#{vm_data[:id]}"
+                rule_name << "-#{vm_data[:deploy_id]}-#{nic_data[:id]}"
+
+                # rubocop:disable Layout/LineLength
+                builder = Nokogiri::XML::Builder.new(:encoding => 'UTF-8') do |xml|
+                    # rubocop:enable Layout/LineLength
+                    xml.rule('disabled' => 'false', 'logged' => 'false') do
+                        xml.name rule_name
+                        xml.action 'allow'
+                        xml.appliedToList do
+                            xml.appliedTo do
+                                xml.name nic_data[:name]
+                                xml.value nic_data[:lp]
+                                xml.type 'Vnic'
+                                xml.isValid 'true'
+                            end
+                        end
+                        xml.sectionId @one_section_id
+
+                        # SOURCES / DESTINATIONS: Any | IP Address | Vnet
+
+                        unless rule[:network_id].empty? && rule[:subnets].empty?
+
+                            if rule[:direction] == 'IN'
+                                xml.sources('excluded' => 'false') do
+                                    if !rule[:network_id].empty?
+                                        xml.source do
+                                            xml.name rule[:network_name]
+                                            xml.value rule[:network_nsxid]
+                                            xml.type 'VirtualWire'
+                                            xml.isValid 'true'
+                                        end
+                                    elsif !rule[:subnets].empty?
+                                        rule[:subnets].each do |subnet|
+                                            xml.source do
+                                                # rubocop:disable Layout/LineLength
+                                                ip_version = IPAddr.new(subnet).ipv4? ? 'Ipv4Address' : 'Ipv6Address'
+                                                # rubocop:enable Layout/LineLength
+                                                xml.value subnet
+                                                xml.type ip_version
+                                                xml.isValid 'true'
+                                            end
+                                        end
+                                    end
+                                end
+                            else
+                                xml.destinations('excluded' => 'false') do
+                                    # Target network: Vnet
+                                    if !rule[:network_id].empty?
+                                        xml.destination do
+                                            xml.name nic_data[:network_name]
+                                            xml.value rule[:network_nsxid]
+                                            xml.type 'VirtualWire'
+                                            xml.isValid 'true'
+                                        end
+                                    # Target network: Manual network(IP Address)
+                                    elsif !rule[:subnets].empty?
+                                        rule[:subnets].each do |subnet|
+                                            xml.destination do
+                                                # rubocop:disable Layout/LineLength
+                                                ip_version = IPAddr.new(subnet).ipv4? ? 'Ipv4Address' : 'Ipv6Address'
+                                                # rubocop:enable Layout/LineLength
+                                                xml.value subnet
+                                                xml.type ip_version
+                                                xml.isValid 'true'
+                                            end
+                                        end
+                                    end
+                                end
+                            end
+                        end
+
+                        ##### SERVICES #####
+                        unless rule[:protocol].empty?
+                            xml.services do
+                                case rule[:protocol]
+                                when 'TCP'
+                                    xml.service do
+                                        xml.isValid 'true'
+                                        xml.protocol '6'
+                                        xml.protocolName 'TCP'
+                                        # rubocop:disable Layout/LineLength
+                                        xml.sourcePort parse_ports(rule[:ports]) \
+                                            if rule[:direction] == 'IN'
+                                        xml.destinationPort parse_ports(rule[:ports]) \
+                                            if rule[:direction] == 'OUT'
+                                        # rubocop:enable Layout/LineLength
+                                    end
+                                when 'UDP'
+                                    xml.service do
+                                        xml.isValid 'true'
+                                        xml.protocol '17'
+                                        xml.protocolName 'UDP'
+                                        # rubocop:disable Layout/LineLength
+                                        xml.sourcePort parse_ports(rule[:ports]) \
+                                            if rule[:direction] == 'IN'
+                                        xml.destinationPort parse_ports(rule[:ports]) \
+                                            if rule[:direction] == 'OUT'
+                                        # rubocop:enable Layout/LineLength
+                                    end
+                                when 'ICMP'
+                                    xml.service do
+                                        xml.isValid 'true'
+                                        xml.protocol '1'
+                                        xml.protocolName 'ICMP'
+                                    end
+                                when 'ICMPv6'
+                                    xml.service do
+                                        xml.isValid 'true'
+                                        xml.protocol '58'
+                                        xml.protocolName 'IPV6ICMP'
+                                    end
+                                when 'IPSEC'
+                                    ports = NSXConstants::NSX_RULE_IPSEC_PORTS
+                                    xml.service do
+                                        xml.isValid 'true'
+                                        xml.protocol '50'
+                                        xml.protocolName 'ESP'
+                                    end
+                                    xml.service do
+                                        xml.isValid 'true'
+                                        xml.protocol '51'
+                                        xml.protocolName 'AH'
+                                    end
+                                    xml.service do
+                                        xml.isValid 'true'
+                                        xml.protocol '17'
+                                        xml.protocolName 'UDP'
+                                        xml.sourcePort parse_ports(ports) \
+                                            if rule[:direction] == 'IN'
+                                        xml.destinationPort parse_ports(ports) \
+                                            if rule[:direction] == 'OUT'
+                                    end
+                                end
+                            end
+                        end
+
+                        xml.direction rule[:direction].downcase
+                        xml.packetType 'any'
+                    end
+                end
+                builder.to_xml
+            end
+
+        end
+
+    end
+
+end