opennebula 5.12.13 → 5.13.80.pre

data/lib/nsxt_client.rb

@@ -0,0 +1,176 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+module NSXDriver
+
+    ONE_LOCATION = ENV['ONE_LOCATION'] unless defined?(ONE_LOCATION)
+
+    if !ONE_LOCATION
+        RUBY_LIB_LOCATION = '/usr/lib/one/ruby' \
+            unless defined?(RUBY_LIB_LOCATION)
+        GEMS_LOCATION     = '/usr/share/one/gems' \
+            unless defined?(GEMS_LOCATION)
+    else
+        RUBY_LIB_LOCATION = ONE_LOCATION + '/lib/ruby' \
+            unless defined?(RUBY_LIB_LOCATION)
+        GEMS_LOCATION     = ONE_LOCATION + '/share/gems' \
+            unless defined?(GEMS_LOCATION)
+    end
+
+    if File.directory?(GEMS_LOCATION)
+        real_gems_path = File.realpath(GEMS_LOCATION)
+        if !defined?(Gem) || Gem.path != [real_gems_path]
+            $LOAD_PATH.reject! {|l| l =~ /vendor_ruby/ }
+            require 'rubygems'
+            Gem.use_paths(real_gems_path)
+        end
+    end
+
+    $LOAD_PATH << RUBY_LIB_LOCATION
+
+    # Class NSXTClient
+    class NSXTClient < NSXClient
+
+        # ATTIBUTES
+        attr_accessor :nsxmgr
+        attr_accessor :nsx_user
+        attr_accessor :nsx_password
+        attr_accessor :nsx_type
+
+        # CONSTRUCTORS
+        def initialize(nsxmgr, nsx_user, nsx_password)
+            super(nsxmgr, nsx_user, nsx_password)
+            @nsx_type = NSXConstants::NSXT
+        end
+
+        # Prepare headers
+        def add_headers(aditional_headers = [])
+            headers = NSXConstants::HEADER_JSON.clone
+            unless aditional_headers.empty?
+                aditional_headers.each do |header|
+                    headers[header.keys[0]] = header.values[0]
+                end
+            end
+            headers
+        end
+
+        # METHODS
+        def get(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK,
+                               NSXConstants::CODE_NO_CONTENT]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Get.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            JSON.parse(response.body)
+        end
+
+        def get_full_response(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK,
+                               NSXConstants::CODE_NO_CONTENT]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Get.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            check_response(response, valid_codes)
+        end
+
+        # Return: id of the created object
+        def post(url, data, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_CREATED,
+                               NSXConstants::CODE_OK]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Post.new(uri.request_uri, headers)
+            request.body = data
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            response_json = JSON.parse(response.body)
+            response_json['id']
+        end
+
+        def put(url, data, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_CREATED,
+                               NSXConstants::CODE_OK]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Put.new(uri.request_uri, headers)
+            request.body = data
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            response_json = JSON.parse(response.body)
+            response_json['id']
+        end
+
+        def delete(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK,
+                               NSXConstants::CODE_NO_CONTENT]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Delete.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            check_response(response, valid_codes)
+        end
+
+        def get_token(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Post.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            response.body
+        end
+
+    end
+
+end

data/lib/nsxt_dfw.rb

@@ -0,0 +1,196 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+module NSXDriver
+
+    # Class Logical Switch
+    class NSXTdfw < DistributedFirewall
+
+        # ATTRIBUTES
+        attr_reader :one_section_id
+
+        # CONSTRUCTOR
+        # Creates OpenNebula section if not exists
+        def initialize(nsx_client)
+            super(nsx_client)
+            # Construct base URLs
+            @base_url = NSXConstants::NSXT_DFW_BASE
+            @url_sections = @base_url + \
+                            NSXConstants::NSXT_DFW_SECTIONS
+            @one_section_id = init_section
+        end
+
+        # Sections
+        # Creates OpenNebula section if not exists and returns
+        # its section_id. Returns its section_id if OpenNebula
+        # section already exists
+        def init_section
+            one_section = section_by_name(NSXConstants::ONE_SECTION_NAME)
+            one_section ||= create_section(NSXConstants::ONE_SECTION_NAME)
+            return one_section['id'] if one_section
+        end
+
+        # Get all sections
+        # Params:
+        # - None
+        # Return
+        # - nil | sections
+        def sections
+            result = @nsx_client.get(@url_sections)
+            result['results']
+        end
+
+        # Get section by id
+        # Params:
+        # - section_id: [String] ID of the section or @one_section_id
+        # Return
+        # - nil | section
+        def section_by_id(section_id = @one_section_id)
+            url = @url_sections + '/' + section_id
+            @nsx_client.get(url)
+        end
+
+        # Get section by name
+        # Params:
+        # - section_name: Name of the section
+        # Return
+        # - nil | section
+        def section_by_name(section_name)
+            result = nil
+            all_sections = sections
+            return result unless all_sections
+
+            all_sections.each do |section|
+                result = section if section['display_name'] == section_name
+            end
+            result
+        end
+
+        # Create new section and return the section
+        def create_section(section_name)
+            section_spec = %(
+              {
+                  "display_name": "#{section_name}",
+                  "section_type": "LAYER3",
+                  "stateful": true
+              }
+            )
+            section_id = @nsx_client.post(@url_sections, section_spec)
+            result = section_by_id(section_id)
+            raise 'Section was not created in DFW' unless result
+
+            result
+        end
+
+        # Delete section
+        # Params:
+        # - section_id: [String] ID of the section or @one_section_id
+        def delete_section(section_id = @one_section_id)
+            url = @url_sections + '/' + section_id
+            @nsx_client.delete(url)
+        end
+
+        # Rules
+        # Get all rules of a Section, OpenNebula section if it's not defined
+        # Return:
+        # - [Array]
+        def rules(section_id = @one_section_id)
+            url = @url_sections + '/' + section_id + '/rules'
+            @nsx_client.get(url)
+        end
+
+        # Get rule by id
+        # Return:
+        # rule | nil
+        def rule_by_id(rule_id)
+            url = @base_url + '/rules/' + rule_id
+            valid_codes = [NSXConstants::CODE_CREATED,
+                           NSXConstants::CODE_OK,
+                           NSXConstants::CODE_BAD_REQUEST,
+                           NSXConstants::CODE_NOT_FOUND]
+            additional_headers = []
+            @nsx_client.get(url, additional_headers, valid_codes)
+        end
+
+        # Get rules by name
+        # Return:
+        #  - Array with rules or an empty array
+        def rules_by_name(rule_name, section_id = @one_section_id)
+            rules = []
+            return rules unless section_id
+
+            all_rules = rules(section_id)
+            return rules unless all_rules
+
+            all_rules['results'].each do |rule|
+                rules << rule if rule['display_name'] == rule_name
+            end
+            rules
+        end
+
+        # Get rule by regex
+        # Return:
+        #  - Array with rules or an empty array
+        def rules_by_regex(regex, section_id = @one_section_id)
+            rules = []
+            return rules unless section_id
+
+            all_rules = rules(section_id)
+            return rules unless all_rules
+
+            all_rules['results'].each do |rule|
+                rules << rule if rule['display_name'].match(regex)
+            end
+            rules
+        end
+
+        # Create new rule
+        def create_rule(rule_spec, section_id = @one_section_id)
+            # Get revision from section
+            section = section_by_id(section_id)
+            unless section
+                error_msg = "Section with id #{section_id} not found"
+                error = NSXError::ObjectNotFound
+                        .new(error_msg)
+                raise error
+            end
+            revision_id = section['_revision']
+            rule_spec['_revision'] = revision_id
+            rule_spec = rule_spec.to_json
+            url = @url_sections + '/' + section_id + '/rules'
+            @nsx_client.post(url, rule_spec)
+        end
+
+        # Update rule
+        def update_rule(rule_id, rule_spec, section_id = @one_section_id)
+            url = @url_sections + '/' + section_id + '/rules/' + rule_id
+            rule = rule_by_id(rule_id)
+            raise "Rule id #{rule_id} not found" unless rule
+
+            rule_spec['_revision'] = rule['_revision']
+            rule_spec = rule_spec.to_json
+            @nsx_client.put(url, rule_spec)
+        end
+
+        # Delete rule
+        def delete_rule(rule_id, section_id = @one_section_id)
+            url = @url_sections + '/' + section_id + '/rules/' + rule_id
+            # Delete receive a 200 OK also if the rule doesn't exist
+            @nsx_client.delete(url)
+        end
+
+    end
+
+end

data/lib/nsxt_logical_port.rb

@@ -0,0 +1,94 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+module NSXDriver
+
+    # Class NSXTLogicalPort
+    class NSXTLogicalPort < LogicalPort
+
+        # ATTRIBUTES
+        attr_reader :id, :name, :type, :url
+
+        # CONSTRUCTOR
+        # Logical port class variables:
+        # @lp_id
+        # @url_lp
+        # @lp_name
+        # @lp_type
+        def initialize(nsx_client, id = nil, data = nil)
+            super(nsx_client)
+            # lpid can be:
+            #   - Logical port attach ID
+            if id
+                initialize_with_id(id)
+            else
+                if data
+                    begin
+                        @id = new_logical_port(data)
+                    rescue NSXError::IncorrectResponseCodeError => e
+                        raise 'Logical Port not created in ' \
+                        "NSX Manager: #{e.message}"
+                    end
+                    unless @id
+                        raise 'Logical Port not created in NSX Manager: '\
+                              'generic error'
+                    end
+                    # Construct logical port class variables
+                    @url = NSXConstants::NSXT_LP_BASE + @id
+                    @name = lp_name
+                    @type = lp_type
+                end
+            end
+        end
+
+        # Creates a NSXTLogicalPort from its id
+        def initialize_with_id(id)
+            @id = lp_with_attachid(id)
+            # Construct URL of the created logical switch
+            @url = NSXConstants::NSXT_LP_BASE + @id
+            return unless lp?
+
+            @name = lp_name
+            @type = lp_type
+        end
+
+        # Check if logical port exists
+        def lp?
+            @nsx_client.get(@url)
+        end
+
+        # Get logical port id from attach id
+        def lp_with_attachid(attach_id)
+            lps = @nsx_client.get(NSXConstants::NSXT_LP_BASE)
+            lps['results'].each do |lp|
+                return lp['id'] if lp['attachment']['id'] == attach_id
+            end
+        end
+
+        # # Get logical port display name
+        def lp_name
+            lp = @nsx_client.get(@url)
+            lp['display_name']
+        end
+
+        # # Get resource type
+        def lp_type
+            lp = @nsx_client.get(@url)
+            lp['resource_type']
+        end
+
+    end
+
+end

data/lib/nsxt_rule.rb

@@ -0,0 +1,188 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+module NSXDriver
+
+    module NSXRule
+
+        # Class Logical Switch
+        module NSXTRule
+
+            def nsxt_rule_spec(rule, vm_data, nic_data)
+                # default spec
+                # Allow any-any to any port applied on the
+                # virtual machine logical port
+                rule_name = "#{rule[:id]}-#{rule[:name]}-#{vm_data[:id]}"
+                rule_name << "-#{vm_data[:deploy_id]}-#{nic_data[:id]}"
+                rule_spec = {
+                    :display_name => rule_name,
+                    :destinations_excluded => false,
+                    :sources => [],
+                    :destinations => [],
+                    :services => [],
+                    :applied_tos => [
+                        {
+                            :target_id => nic_data[:lp].id,
+                            :target_display_name => nic_data[:name],
+                            :target_type => nic_data[:lp].type,
+                            :is_valid => true
+                        }
+                    ],
+                    :ip_protocol => 'IPV4_IPV6',
+                    :logged => false,
+                    :action => 'ALLOW',
+                    :sources_excluded => false,
+                    :disabled => false,
+                    :direction => rule[:direction]
+                }
+
+                rule_protocol_template = {
+                    'TCP' => [
+                        {
+                            :service => {
+                                :l4_protocol => 'TCP',
+                                :source_ports => [],
+                                :destination_ports => [],
+                                :resource_type => 'L4PortSetNSService'
+                            }
+                        }
+                    ],
+                    'UDP' => [
+                        {
+                            :service => {
+                                :l4_protocol => 'UDP',
+                                :source_ports => [],
+                                :destination_ports => [],
+                                :resource_type => 'L4PortSetNSService'
+                            }
+                        }
+                    ],
+                    'ICMP' => [
+                        {
+                            :service => {
+                                :protocol => 'ICMPv4',
+                                :resource_type => 'ICMPTypeNSService'
+                            }
+                        }
+                    ],
+                    'ICMPv6' => [
+                        {
+                            :service => {
+                                :protocol => 'ICMPv6',
+                                :resource_type => 'ICMPTypeNSService'
+                            }
+                        }
+                    ],
+                    'IPSEC' => [
+                        {
+                            :service => {
+                                :l4_protocol => 'UDP',
+                                :source_ports => [],
+                                :destination_ports => [],
+                                :resource_type => 'L4PortSetNSService'
+                            }
+                        },
+                        {
+                            :service => {
+                                :protocol_number => 50,
+                                :resource_type => 'IPProtocolNSService'
+                            }
+                        },
+                        {
+                            :service => {
+                                :protocol_number => 51,
+                                :resource_type => 'IPProtocolNSService'
+                            }
+                        }
+                    ]
+                }
+
+                # Modify default rule spec based on rule_data extracted
+                # from vm template
+
+                ###### SOURCES / DESTINATIONS: Any | IP Address | Vnet #####
+                src_or_dst = []
+
+                # Target network: Vnet
+                if !rule[:network_id].empty?
+
+                    src_or_dst << {
+                        :target_id => rule[:network_nsxid],
+                        :target_display_name => rule[:network_name],
+                        :target_type => 'LogicalSwitch',
+                        :is_valid => true
+                    }
+
+                # Target network: Manual network (IP Address)
+                elsif !rule[:subnets].empty?
+                    rule[:subnets].each do |subnet|
+                        src_or_dst << {
+                            :target_id => subnet,
+                            :target_display_name => subnet,
+                            :target_type => 'IPAddress',
+                            :is_valid => true
+                        }
+                    end
+                end
+
+                # (OpenNebula) INBOUND  => Destination (NSX)
+                # (OpenNebula) OUTBOUND => Source (NSX)
+                unless src_or_dst.empty?
+                    rule_spec[:sources] = src_or_dst \
+                        if rule[:direction] == 'IN'
+                    rule_spec[:destinations] = src_or_dst \
+                        if rule[:direction] == 'OUT'
+                end
+
+                ##### SERVICES #####
+                services = []
+                service = rule_protocol_template[rule[:protocol]]
+
+                case rule[:protocol]
+                when 'TCP'
+                    service[0][:service][:source_ports] = rule[:ports] \
+                        if rule[:direction] == 'IN'
+                    service[0][:service][:destination_ports] = rule[:ports] \
+                        if rule[:direction] == 'OUT'
+                when 'UDP'
+                    service[0][:service][:source_ports] = rule[:ports] \
+                        if rule[:direction] == 'IN'
+                    service[0][:service][:destination_ports] = rule[:ports] \
+                        if rule[:direction] == 'OUT'
+                # when 'ICMP'
+                # when 'ICMPv6'
+                when 'IPSEC'
+                    ipsec_ports = NSXConstants::NSX_RULE_IPSEC_PORTS
+                    service[0][:service][:source_ports] = ipsec_ports \
+                        if rule[:direction] == 'IN'
+                    service[0][:service][:destination_ports] = ipsec_ports \
+                        if rule[:direction] == 'OUT'
+                end
+
+                if rule[:protocol] != 'ALL' && !service.empty?
+                    service.each do |s|
+                        services << s
+                    end
+                    rule_spec[:services] = services
+                end
+
+                rule_spec
+            end
+
+        end
+
+    end
+
+end

data/lib/nsxt_tz.rb

@@ -0,0 +1,38 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+module NSXDriver
+
+    # Class Transport Zone
+    class NSXTtz < TransportZone
+
+        # ATTRIBUTES
+        attr_reader :tz_id
+
+        # CONSTRUCTOR
+        def initialize(nsx_client)
+            super(nsx_client)
+            # Construct base URLs
+            @url_tzs_nsxt = NSXConstants::NSXT_TZS
+        end
+
+        # METHODS
+        def tzs
+            @nsx_client.get(@url_tzs_nsxt)
+        end
+
+    end
+
+end