opennebula 5.12.5 → 5.13.85.pre
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/ActionManager.rb +1 -1
- data/lib/CommandManager.rb +1 -1
- data/lib/DriverExecHelper.rb +44 -28
- data/lib/OpenNebulaDriver.rb +8 -4
- data/lib/VirtualMachineDriver.rb +9 -2
- data/lib/cloud/CloudClient.rb +3 -3
- data/lib/datacenter.rb +1258 -0
- data/lib/datastore.rb +1025 -0
- data/lib/distributed_firewall.rb +280 -0
- data/lib/file_helper.rb +370 -0
- data/lib/host.rb +1517 -0
- data/lib/logical_port.rb +50 -0
- data/lib/logical_switch.rb +77 -0
- data/lib/memoize.rb +74 -0
- data/lib/models.rb +32 -0
- data/lib/models/role.rb +1126 -0
- data/lib/models/service.rb +709 -0
- data/lib/network.rb +635 -0
- data/lib/nsx_client.rb +144 -0
- data/lib/nsx_component.rb +28 -0
- data/lib/nsx_constants.rb +149 -0
- data/lib/nsx_driver.rb +78 -0
- data/lib/nsx_error.rb +77 -0
- data/lib/nsx_rule.rb +193 -0
- data/lib/nsxt_client.rb +176 -0
- data/lib/nsxt_dfw.rb +196 -0
- data/lib/nsxt_logical_port.rb +94 -0
- data/lib/nsxt_rule.rb +188 -0
- data/lib/nsxt_tz.rb +38 -0
- data/lib/nsxv_client.rb +176 -0
- data/lib/nsxv_dfw.rb +202 -0
- data/lib/nsxv_logical_port.rb +107 -0
- data/lib/nsxv_rule.rb +172 -0
- data/lib/nsxv_tz.rb +41 -0
- data/lib/opaque_network.rb +134 -0
- data/lib/opennebula.rb +5 -2
- data/lib/opennebula/acl.rb +1 -1
- data/lib/opennebula/acl_pool.rb +1 -1
- data/lib/opennebula/client.rb +10 -2
- data/lib/opennebula/cluster.rb +1 -1
- data/lib/opennebula/cluster_pool.rb +1 -1
- data/lib/opennebula/datastore.rb +1 -1
- data/lib/opennebula/datastore_pool.rb +1 -1
- data/lib/opennebula/document.rb +8 -29
- data/lib/opennebula/document_json.rb +42 -12
- data/lib/opennebula/document_pool.rb +1 -1
- data/lib/opennebula/document_pool_json.rb +1 -1
- data/lib/opennebula/error.rb +4 -1
- data/lib/opennebula/flow.rb +23 -0
- data/lib/opennebula/flow/grammar.rb +1195 -0
- data/lib/opennebula/flow/service_pool.rb +190 -0
- data/lib/opennebula/flow/service_template.rb +572 -0
- data/lib/opennebula/flow/service_template_ext.rb +84 -0
- data/lib/opennebula/flow/service_template_pool.rb +32 -0
- data/lib/opennebula/flow/validator.rb +499 -0
- data/lib/opennebula/group.rb +1 -1
- data/lib/opennebula/group_pool.rb +1 -1
- data/lib/opennebula/hook.rb +5 -12
- data/lib/opennebula/hook_log.rb +1 -1
- data/lib/opennebula/hook_pool.rb +1 -1
- data/lib/opennebula/host.rb +1 -1
- data/lib/opennebula/host_pool.rb +1 -1
- data/lib/opennebula/image.rb +19 -14
- data/lib/opennebula/image_pool.rb +1 -1
- data/lib/opennebula/ldap_auth.rb +1 -1
- data/lib/opennebula/ldap_auth_spec.rb +1 -1
- data/lib/opennebula/lockable_ext.rb +163 -0
- data/lib/opennebula/marketplace.rb +1 -1
- data/lib/opennebula/marketplace_pool.rb +1 -1
- data/lib/opennebula/marketplaceapp.rb +9 -119
- data/lib/opennebula/marketplaceapp_ext.rb +522 -0
- data/lib/opennebula/marketplaceapp_pool.rb +1 -1
- data/lib/opennebula/oneflow_client.rb +4 -3
- data/lib/opennebula/pool.rb +19 -3
- data/lib/opennebula/pool_element.rb +1 -1
- data/lib/opennebula/security_group.rb +1 -1
- data/lib/opennebula/security_group_pool.rb +1 -1
- data/lib/opennebula/server_cipher_auth.rb +1 -1
- data/lib/opennebula/server_x509_auth.rb +1 -1
- data/lib/opennebula/ssh_auth.rb +1 -1
- data/lib/opennebula/system.rb +1 -1
- data/lib/opennebula/template.rb +4 -13
- data/lib/opennebula/template_ext.rb +342 -0
- data/lib/opennebula/template_pool.rb +1 -1
- data/lib/opennebula/user.rb +26 -2
- data/lib/opennebula/user_pool.rb +1 -1
- data/lib/opennebula/utils.rb +1 -1
- data/lib/opennebula/vdc.rb +1 -1
- data/lib/opennebula/vdc_pool.rb +1 -1
- data/lib/opennebula/virtual_machine.rb +26 -206
- data/lib/opennebula/virtual_machine_ext.rb +469 -0
- data/lib/opennebula/virtual_machine_pool.rb +28 -17
- data/lib/opennebula/virtual_network.rb +4 -10
- data/lib/opennebula/virtual_network_pool.rb +1 -1
- data/lib/opennebula/virtual_router.rb +4 -12
- data/lib/opennebula/virtual_router_pool.rb +1 -1
- data/lib/opennebula/vm_group.rb +4 -11
- data/lib/opennebula/vm_group_pool.rb +1 -1
- data/lib/opennebula/vntemplate.rb +4 -13
- data/lib/opennebula/vntemplate_pool.rb +1 -1
- data/lib/opennebula/wait_ext.rb +257 -0
- data/lib/opennebula/x509_auth.rb +1 -1
- data/lib/opennebula/xml_element.rb +1 -1
- data/lib/opennebula/xml_pool.rb +1 -1
- data/lib/opennebula/xml_utils.rb +1 -1
- data/lib/opennebula/zone.rb +1 -1
- data/lib/opennebula/zone_pool.rb +1 -1
- data/lib/rest_client.rb +201 -0
- data/lib/scripts_common.rb +180 -0
- data/lib/transport_zone.rb +43 -0
- data/lib/vcenter_driver.rb +13 -12
- data/lib/vcenter_importer.rb +616 -0
- data/lib/vi_client.rb +281 -0
- data/lib/vi_helper.rb +312 -0
- data/lib/virtual_machine.rb +3477 -0
- data/lib/virtual_wire.rb +158 -0
- data/lib/vm_device.rb +80 -0
- data/lib/vm_disk.rb +202 -0
- data/lib/vm_folder.rb +69 -0
- data/lib/vm_helper.rb +30 -0
- data/lib/vm_monitor.rb +303 -0
- data/lib/vm_nic.rb +70 -0
- data/lib/vm_template.rb +1961 -0
- data/lib/vmm_importer.rb +121 -0
- metadata +122 -9
data/lib/nsx_rule.rb
ADDED
@@ -0,0 +1,193 @@
|
|
1
|
+
# -------------------------------------------------------------------------- #
|
2
|
+
# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems #
|
3
|
+
# #
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
5
|
+
# not use this file except in compliance with the License. You may obtain #
|
6
|
+
# a copy of the License at #
|
7
|
+
# #
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0 #
|
9
|
+
# #
|
10
|
+
# Unless required by applicable law or agreed to in writing, software #
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS, #
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
13
|
+
# See the License for the specific language governing permissions and #
|
14
|
+
# limitations under the License. #
|
15
|
+
#--------------------------------------------------------------------------- #
|
16
|
+
|
17
|
+
require 'ipaddr'
|
18
|
+
|
19
|
+
# Module NSXDriver
|
20
|
+
module NSXDriver
|
21
|
+
|
22
|
+
ONE_LOCATION = ENV['ONE_LOCATION'] unless defined?(ONE_LOCATION)
|
23
|
+
|
24
|
+
if !ONE_LOCATION
|
25
|
+
RUBY_LIB_LOCATION = '/usr/lib/one/ruby' \
|
26
|
+
unless defined?(RUBY_LIB_LOCATION)
|
27
|
+
GEMS_LOCATION = '/usr/share/one/gems' \
|
28
|
+
unless defined?(GEMS_LOCATION)
|
29
|
+
else
|
30
|
+
RUBY_LIB_LOCATION = ONE_LOCATION + '/lib/ruby' \
|
31
|
+
unless defined?(RUBY_LIB_LOCATION)
|
32
|
+
GEMS_LOCATION = ONE_LOCATION + '/share/gems' \
|
33
|
+
unless defined?(GEMS_LOCATION)
|
34
|
+
end
|
35
|
+
|
36
|
+
if File.directory?(GEMS_LOCATION)
|
37
|
+
real_gems_path = File.realpath(GEMS_LOCATION)
|
38
|
+
if !defined?(Gem) || Gem.path != [real_gems_path]
|
39
|
+
$LOAD_PATH.reject! {|l| l =~ /vendor_ruby/ }
|
40
|
+
require 'rubygems'
|
41
|
+
Gem.use_paths(real_gems_path)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
$LOAD_PATH << RUBY_LIB_LOCATION
|
46
|
+
|
47
|
+
require 'nsxt_rule'
|
48
|
+
require 'nsxv_rule'
|
49
|
+
|
50
|
+
# Class Logical Switch
|
51
|
+
module NSXRule
|
52
|
+
|
53
|
+
include NSXTRule
|
54
|
+
include NSXVRule
|
55
|
+
|
56
|
+
def to_nets(ip_start, size)
|
57
|
+
nets = []
|
58
|
+
ipaddr = IPAddr.new ip_start
|
59
|
+
ip_i = ipaddr.to_i
|
60
|
+
|
61
|
+
if ipaddr.ipv4?
|
62
|
+
ip_length = 32
|
63
|
+
elsif ipaddr.ipv6?
|
64
|
+
ip_length = 128
|
65
|
+
else
|
66
|
+
return
|
67
|
+
end
|
68
|
+
|
69
|
+
# Find the largest address block (look for the first 1-bit)
|
70
|
+
lblock = 0
|
71
|
+
|
72
|
+
lblock += 1 while ip_i[lblock] == 0 && lblock < ip_length
|
73
|
+
|
74
|
+
# Allocate whole blocks till the size fits
|
75
|
+
while size >= 2**lblock
|
76
|
+
nets << "#{IPAddr.new(ip_i, ipaddr.family)}" \
|
77
|
+
"/#{ip_length-lblock}"
|
78
|
+
|
79
|
+
ip_i += 2**lblock
|
80
|
+
size -= 2**lblock
|
81
|
+
|
82
|
+
lblock += 1 while ip_i[lblock] == 0 && lblock < ip_length
|
83
|
+
end
|
84
|
+
|
85
|
+
# Fit remaining address blocks
|
86
|
+
ip_length.downto(0) do |i|
|
87
|
+
next if size[i] == 0
|
88
|
+
|
89
|
+
nets << "#{IPAddr.new(ip_i, ipaddr.family)}/#{ip_length-i}"
|
90
|
+
|
91
|
+
ip_i += 2**i
|
92
|
+
end
|
93
|
+
|
94
|
+
nets
|
95
|
+
end
|
96
|
+
|
97
|
+
# Adapt port from ["22, 443"] to '22, 443'
|
98
|
+
# Adapt port from ["22", "443"] to '22, 443'
|
99
|
+
def parse_ports(rule_ports)
|
100
|
+
unless rule_ports.empty?
|
101
|
+
rule_ports = rule_ports.join(',')
|
102
|
+
end
|
103
|
+
rule_ports
|
104
|
+
end
|
105
|
+
|
106
|
+
def extract_vnet_data(vnet_id)
|
107
|
+
if vnet_id == ''
|
108
|
+
return {
|
109
|
+
:nsxid => '',
|
110
|
+
:name => ''
|
111
|
+
}
|
112
|
+
end
|
113
|
+
# Create client to communicate with OpenNebula
|
114
|
+
one_client = OpenNebula::Client.new
|
115
|
+
# Get the network XML from OpenNebula
|
116
|
+
# This is potentially different from the Netowrk Template
|
117
|
+
# provided as the API call argument
|
118
|
+
one_vnet = OpenNebula::VirtualNetwork.new_with_id(vnet_id,
|
119
|
+
one_client)
|
120
|
+
rc = one_vnet.info
|
121
|
+
if OpenNebula.is_error?(rc)
|
122
|
+
err_msg = rc.message
|
123
|
+
raise CreateNetworkError, err_msg
|
124
|
+
end
|
125
|
+
{
|
126
|
+
:nsxid => one_vnet['TEMPLATE/NSX_ID'],
|
127
|
+
:name => one_vnet['NAME']
|
128
|
+
}
|
129
|
+
end
|
130
|
+
|
131
|
+
def extract_rule_data(xml_rule)
|
132
|
+
sg_id = xml_rule.xpath('SECURITY_GROUP_ID').text
|
133
|
+
sg_name = xml_rule.xpath('SECURITY_GROUP_NAME').text
|
134
|
+
in_out = xml_rule.xpath('RULE_TYPE').text.upcase
|
135
|
+
in_out == 'INBOUND' ? sg_direction = 'IN' : sg_direction = 'OUT'
|
136
|
+
# Protocol: TCP, UDP, ICMP...
|
137
|
+
sg_protocol = xml_rule.xpath('PROTOCOL').text
|
138
|
+
if sg_protocol == 'ICMP'
|
139
|
+
sg_icmp_type = xml_rule.xpath('ICMP_TYPE').text
|
140
|
+
end
|
141
|
+
# OpenNebula network ID
|
142
|
+
sg_network_id = xml_rule.xpath('NETWORK_ID').text
|
143
|
+
vnet_data = extract_vnet_data(sg_network_id)
|
144
|
+
|
145
|
+
# ip / netmask
|
146
|
+
sg_ip = xml_rule.xpath('IP').text
|
147
|
+
sg_ipsize = xml_rule.xpath('SIZE').text
|
148
|
+
sg_subnets = []
|
149
|
+
if sg_ip != '' && sg_ipsize != ''
|
150
|
+
sg_subnets = to_nets(sg_ip, sg_ipsize.to_i)
|
151
|
+
end
|
152
|
+
# Ports
|
153
|
+
sg_ports = ''
|
154
|
+
sg_range_port = xml_rule.xpath('RANGE').text
|
155
|
+
if sg_range_port
|
156
|
+
if sg_range_port.index(':')
|
157
|
+
sg_port_from = sg_range_port[0..sg_range_port.index(':')-1]
|
158
|
+
sg_port_to = sg_range_port[sg_range_port.index(':')+1,
|
159
|
+
sg_range_port.length]
|
160
|
+
sg_ports = "#{sg_port_from}-#{sg_port_to}"
|
161
|
+
else
|
162
|
+
sg_ports = sg_range_port
|
163
|
+
end
|
164
|
+
end
|
165
|
+
# Create hash with data
|
166
|
+
{
|
167
|
+
:id => sg_id,
|
168
|
+
:name => sg_name,
|
169
|
+
:direction => sg_direction,
|
170
|
+
:protocol => sg_protocol,
|
171
|
+
:icmp_type => sg_icmp_type,
|
172
|
+
:network_id => sg_network_id,
|
173
|
+
:network_name => vnet_data[:name],
|
174
|
+
:network_nsxid => vnet_data[:nsxid],
|
175
|
+
:subnets => sg_subnets,
|
176
|
+
:ports => sg_ports.split(',')
|
177
|
+
}
|
178
|
+
end
|
179
|
+
|
180
|
+
def rule_spec(rule, vm_data, nic_data, nsx_client)
|
181
|
+
case nsx_client.nsx_type
|
182
|
+
when NSXDriver::NSXConstants::NSXT
|
183
|
+
nsxt_rule_spec(rule, vm_data, nic_data)
|
184
|
+
when NSXDriver::NSXConstants::NSXV
|
185
|
+
nsxv_rule_spec(rule, vm_data, nic_data)
|
186
|
+
else
|
187
|
+
raise "Unsupported NSX type: #{nsx_type}"
|
188
|
+
end
|
189
|
+
end
|
190
|
+
|
191
|
+
end
|
192
|
+
|
193
|
+
end
|
data/lib/nsxt_client.rb
ADDED
@@ -0,0 +1,176 @@
|
|
1
|
+
# -------------------------------------------------------------------------- #
|
2
|
+
# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems #
|
3
|
+
# #
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
5
|
+
# not use this file except in compliance with the License. You may obtain #
|
6
|
+
# a copy of the License at #
|
7
|
+
# #
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0 #
|
9
|
+
# #
|
10
|
+
# Unless required by applicable law or agreed to in writing, software #
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS, #
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
13
|
+
# See the License for the specific language governing permissions and #
|
14
|
+
# limitations under the License. #
|
15
|
+
#--------------------------------------------------------------------------- #
|
16
|
+
module NSXDriver
|
17
|
+
|
18
|
+
ONE_LOCATION = ENV['ONE_LOCATION'] unless defined?(ONE_LOCATION)
|
19
|
+
|
20
|
+
if !ONE_LOCATION
|
21
|
+
RUBY_LIB_LOCATION = '/usr/lib/one/ruby' \
|
22
|
+
unless defined?(RUBY_LIB_LOCATION)
|
23
|
+
GEMS_LOCATION = '/usr/share/one/gems' \
|
24
|
+
unless defined?(GEMS_LOCATION)
|
25
|
+
else
|
26
|
+
RUBY_LIB_LOCATION = ONE_LOCATION + '/lib/ruby' \
|
27
|
+
unless defined?(RUBY_LIB_LOCATION)
|
28
|
+
GEMS_LOCATION = ONE_LOCATION + '/share/gems' \
|
29
|
+
unless defined?(GEMS_LOCATION)
|
30
|
+
end
|
31
|
+
|
32
|
+
if File.directory?(GEMS_LOCATION)
|
33
|
+
real_gems_path = File.realpath(GEMS_LOCATION)
|
34
|
+
if !defined?(Gem) || Gem.path != [real_gems_path]
|
35
|
+
$LOAD_PATH.reject! {|l| l =~ /vendor_ruby/ }
|
36
|
+
require 'rubygems'
|
37
|
+
Gem.use_paths(real_gems_path)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
$LOAD_PATH << RUBY_LIB_LOCATION
|
42
|
+
|
43
|
+
# Class NSXTClient
|
44
|
+
class NSXTClient < NSXClient
|
45
|
+
|
46
|
+
# ATTIBUTES
|
47
|
+
attr_accessor :nsxmgr
|
48
|
+
attr_accessor :nsx_user
|
49
|
+
attr_accessor :nsx_password
|
50
|
+
attr_accessor :nsx_type
|
51
|
+
|
52
|
+
# CONSTRUCTORS
|
53
|
+
def initialize(nsxmgr, nsx_user, nsx_password)
|
54
|
+
super(nsxmgr, nsx_user, nsx_password)
|
55
|
+
@nsx_type = NSXConstants::NSXT
|
56
|
+
end
|
57
|
+
|
58
|
+
# Prepare headers
|
59
|
+
def add_headers(aditional_headers = [])
|
60
|
+
headers = NSXConstants::HEADER_JSON.clone
|
61
|
+
unless aditional_headers.empty?
|
62
|
+
aditional_headers.each do |header|
|
63
|
+
headers[header.keys[0]] = header.values[0]
|
64
|
+
end
|
65
|
+
end
|
66
|
+
headers
|
67
|
+
end
|
68
|
+
|
69
|
+
# METHODS
|
70
|
+
def get(url, aditional_headers = [], valid_codes = [])
|
71
|
+
if valid_codes.empty?
|
72
|
+
valid_codes = [NSXConstants::CODE_OK,
|
73
|
+
NSXConstants::CODE_NO_CONTENT]
|
74
|
+
end
|
75
|
+
uri = URI.parse(@nsxmgr + url)
|
76
|
+
headers = add_headers(aditional_headers)
|
77
|
+
request = Net::HTTP::Get.new(uri.request_uri, headers)
|
78
|
+
request.basic_auth(@nsx_user, @nsx_password)
|
79
|
+
response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
|
80
|
+
:verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
|
81
|
+
https.request(request)
|
82
|
+
end
|
83
|
+
response = check_response(response, valid_codes)
|
84
|
+
JSON.parse(response.body)
|
85
|
+
end
|
86
|
+
|
87
|
+
def get_full_response(url, aditional_headers = [], valid_codes = [])
|
88
|
+
if valid_codes.empty?
|
89
|
+
valid_codes = [NSXConstants::CODE_OK,
|
90
|
+
NSXConstants::CODE_NO_CONTENT]
|
91
|
+
end
|
92
|
+
uri = URI.parse(@nsxmgr + url)
|
93
|
+
headers = add_headers(aditional_headers)
|
94
|
+
request = Net::HTTP::Get.new(uri.request_uri, headers)
|
95
|
+
request.basic_auth(@nsx_user, @nsx_password)
|
96
|
+
response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
|
97
|
+
:verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
|
98
|
+
https.request(request)
|
99
|
+
end
|
100
|
+
check_response(response, valid_codes)
|
101
|
+
end
|
102
|
+
|
103
|
+
# Return: id of the created object
|
104
|
+
def post(url, data, aditional_headers = [], valid_codes = [])
|
105
|
+
if valid_codes.empty?
|
106
|
+
valid_codes = [NSXConstants::CODE_CREATED,
|
107
|
+
NSXConstants::CODE_OK]
|
108
|
+
end
|
109
|
+
uri = URI.parse(@nsxmgr + url)
|
110
|
+
headers = add_headers(aditional_headers)
|
111
|
+
request = Net::HTTP::Post.new(uri.request_uri, headers)
|
112
|
+
request.body = data
|
113
|
+
request.basic_auth(@nsx_user, @nsx_password)
|
114
|
+
response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
|
115
|
+
:verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
|
116
|
+
https.request(request)
|
117
|
+
end
|
118
|
+
response = check_response(response, valid_codes)
|
119
|
+
response_json = JSON.parse(response.body)
|
120
|
+
response_json['id']
|
121
|
+
end
|
122
|
+
|
123
|
+
def put(url, data, aditional_headers = [], valid_codes = [])
|
124
|
+
if valid_codes.empty?
|
125
|
+
valid_codes = [NSXConstants::CODE_CREATED,
|
126
|
+
NSXConstants::CODE_OK]
|
127
|
+
end
|
128
|
+
uri = URI.parse(@nsxmgr + url)
|
129
|
+
headers = add_headers(aditional_headers)
|
130
|
+
request = Net::HTTP::Put.new(uri.request_uri, headers)
|
131
|
+
request.body = data
|
132
|
+
request.basic_auth(@nsx_user, @nsx_password)
|
133
|
+
response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
|
134
|
+
:verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
|
135
|
+
https.request(request)
|
136
|
+
end
|
137
|
+
response = check_response(response, valid_codes)
|
138
|
+
response_json = JSON.parse(response.body)
|
139
|
+
response_json['id']
|
140
|
+
end
|
141
|
+
|
142
|
+
def delete(url, aditional_headers = [], valid_codes = [])
|
143
|
+
if valid_codes.empty?
|
144
|
+
valid_codes = [NSXConstants::CODE_OK,
|
145
|
+
NSXConstants::CODE_NO_CONTENT]
|
146
|
+
end
|
147
|
+
uri = URI.parse(@nsxmgr + url)
|
148
|
+
headers = add_headers(aditional_headers)
|
149
|
+
request = Net::HTTP::Delete.new(uri.request_uri, headers)
|
150
|
+
request.basic_auth(@nsx_user, @nsx_password)
|
151
|
+
response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
|
152
|
+
:verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
|
153
|
+
https.request(request)
|
154
|
+
end
|
155
|
+
check_response(response, valid_codes)
|
156
|
+
end
|
157
|
+
|
158
|
+
def get_token(url, aditional_headers = [], valid_codes = [])
|
159
|
+
if valid_codes.empty?
|
160
|
+
valid_codes = [NSXConstants::CODE_OK]
|
161
|
+
end
|
162
|
+
uri = URI.parse(@nsxmgr + url)
|
163
|
+
headers = add_headers(aditional_headers)
|
164
|
+
request = Net::HTTP::Post.new(uri.request_uri, headers)
|
165
|
+
request.basic_auth(@nsx_user, @nsx_password)
|
166
|
+
response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
|
167
|
+
:verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
|
168
|
+
https.request(request)
|
169
|
+
end
|
170
|
+
response = check_response(response, valid_codes)
|
171
|
+
response.body
|
172
|
+
end
|
173
|
+
|
174
|
+
end
|
175
|
+
|
176
|
+
end
|
data/lib/nsxt_dfw.rb
ADDED
@@ -0,0 +1,196 @@
|
|
1
|
+
# -------------------------------------------------------------------------- #
|
2
|
+
# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems #
|
3
|
+
# #
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
5
|
+
# not use this file except in compliance with the License. You may obtain #
|
6
|
+
# a copy of the License at #
|
7
|
+
# #
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0 #
|
9
|
+
# #
|
10
|
+
# Unless required by applicable law or agreed to in writing, software #
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS, #
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
13
|
+
# See the License for the specific language governing permissions and #
|
14
|
+
# limitations under the License. #
|
15
|
+
#--------------------------------------------------------------------------- #
|
16
|
+
module NSXDriver
|
17
|
+
|
18
|
+
# Class Logical Switch
|
19
|
+
class NSXTdfw < DistributedFirewall
|
20
|
+
|
21
|
+
# ATTRIBUTES
|
22
|
+
attr_reader :one_section_id
|
23
|
+
|
24
|
+
# CONSTRUCTOR
|
25
|
+
# Creates OpenNebula section if not exists
|
26
|
+
def initialize(nsx_client)
|
27
|
+
super(nsx_client)
|
28
|
+
# Construct base URLs
|
29
|
+
@base_url = NSXConstants::NSXT_DFW_BASE
|
30
|
+
@url_sections = @base_url + \
|
31
|
+
NSXConstants::NSXT_DFW_SECTIONS
|
32
|
+
@one_section_id = init_section
|
33
|
+
end
|
34
|
+
|
35
|
+
# Sections
|
36
|
+
# Creates OpenNebula section if not exists and returns
|
37
|
+
# its section_id. Returns its section_id if OpenNebula
|
38
|
+
# section already exists
|
39
|
+
def init_section
|
40
|
+
one_section = section_by_name(NSXConstants::ONE_SECTION_NAME)
|
41
|
+
one_section ||= create_section(NSXConstants::ONE_SECTION_NAME)
|
42
|
+
return one_section['id'] if one_section
|
43
|
+
end
|
44
|
+
|
45
|
+
# Get all sections
|
46
|
+
# Params:
|
47
|
+
# - None
|
48
|
+
# Return
|
49
|
+
# - nil | sections
|
50
|
+
def sections
|
51
|
+
result = @nsx_client.get(@url_sections)
|
52
|
+
result['results']
|
53
|
+
end
|
54
|
+
|
55
|
+
# Get section by id
|
56
|
+
# Params:
|
57
|
+
# - section_id: [String] ID of the section or @one_section_id
|
58
|
+
# Return
|
59
|
+
# - nil | section
|
60
|
+
def section_by_id(section_id = @one_section_id)
|
61
|
+
url = @url_sections + '/' + section_id
|
62
|
+
@nsx_client.get(url)
|
63
|
+
end
|
64
|
+
|
65
|
+
# Get section by name
|
66
|
+
# Params:
|
67
|
+
# - section_name: Name of the section
|
68
|
+
# Return
|
69
|
+
# - nil | section
|
70
|
+
def section_by_name(section_name)
|
71
|
+
result = nil
|
72
|
+
all_sections = sections
|
73
|
+
return result unless all_sections
|
74
|
+
|
75
|
+
all_sections.each do |section|
|
76
|
+
result = section if section['display_name'] == section_name
|
77
|
+
end
|
78
|
+
result
|
79
|
+
end
|
80
|
+
|
81
|
+
# Create new section and return the section
|
82
|
+
def create_section(section_name)
|
83
|
+
section_spec = %(
|
84
|
+
{
|
85
|
+
"display_name": "#{section_name}",
|
86
|
+
"section_type": "LAYER3",
|
87
|
+
"stateful": true
|
88
|
+
}
|
89
|
+
)
|
90
|
+
section_id = @nsx_client.post(@url_sections, section_spec)
|
91
|
+
result = section_by_id(section_id)
|
92
|
+
raise 'Section was not created in DFW' unless result
|
93
|
+
|
94
|
+
result
|
95
|
+
end
|
96
|
+
|
97
|
+
# Delete section
|
98
|
+
# Params:
|
99
|
+
# - section_id: [String] ID of the section or @one_section_id
|
100
|
+
def delete_section(section_id = @one_section_id)
|
101
|
+
url = @url_sections + '/' + section_id
|
102
|
+
@nsx_client.delete(url)
|
103
|
+
end
|
104
|
+
|
105
|
+
# Rules
|
106
|
+
# Get all rules of a Section, OpenNebula section if it's not defined
|
107
|
+
# Return:
|
108
|
+
# - [Array]
|
109
|
+
def rules(section_id = @one_section_id)
|
110
|
+
url = @url_sections + '/' + section_id + '/rules'
|
111
|
+
@nsx_client.get(url)
|
112
|
+
end
|
113
|
+
|
114
|
+
# Get rule by id
|
115
|
+
# Return:
|
116
|
+
# rule | nil
|
117
|
+
def rule_by_id(rule_id)
|
118
|
+
url = @base_url + '/rules/' + rule_id
|
119
|
+
valid_codes = [NSXConstants::CODE_CREATED,
|
120
|
+
NSXConstants::CODE_OK,
|
121
|
+
NSXConstants::CODE_BAD_REQUEST,
|
122
|
+
NSXConstants::CODE_NOT_FOUND]
|
123
|
+
additional_headers = []
|
124
|
+
@nsx_client.get(url, additional_headers, valid_codes)
|
125
|
+
end
|
126
|
+
|
127
|
+
# Get rules by name
|
128
|
+
# Return:
|
129
|
+
# - Array with rules or an empty array
|
130
|
+
def rules_by_name(rule_name, section_id = @one_section_id)
|
131
|
+
rules = []
|
132
|
+
return rules unless section_id
|
133
|
+
|
134
|
+
all_rules = rules(section_id)
|
135
|
+
return rules unless all_rules
|
136
|
+
|
137
|
+
all_rules['results'].each do |rule|
|
138
|
+
rules << rule if rule['display_name'] == rule_name
|
139
|
+
end
|
140
|
+
rules
|
141
|
+
end
|
142
|
+
|
143
|
+
# Get rule by regex
|
144
|
+
# Return:
|
145
|
+
# - Array with rules or an empty array
|
146
|
+
def rules_by_regex(regex, section_id = @one_section_id)
|
147
|
+
rules = []
|
148
|
+
return rules unless section_id
|
149
|
+
|
150
|
+
all_rules = rules(section_id)
|
151
|
+
return rules unless all_rules
|
152
|
+
|
153
|
+
all_rules['results'].each do |rule|
|
154
|
+
rules << rule if rule['display_name'].match(regex)
|
155
|
+
end
|
156
|
+
rules
|
157
|
+
end
|
158
|
+
|
159
|
+
# Create new rule
|
160
|
+
def create_rule(rule_spec, section_id = @one_section_id)
|
161
|
+
# Get revision from section
|
162
|
+
section = section_by_id(section_id)
|
163
|
+
unless section
|
164
|
+
error_msg = "Section with id #{section_id} not found"
|
165
|
+
error = NSXError::ObjectNotFound
|
166
|
+
.new(error_msg)
|
167
|
+
raise error
|
168
|
+
end
|
169
|
+
revision_id = section['_revision']
|
170
|
+
rule_spec['_revision'] = revision_id
|
171
|
+
rule_spec = rule_spec.to_json
|
172
|
+
url = @url_sections + '/' + section_id + '/rules'
|
173
|
+
@nsx_client.post(url, rule_spec)
|
174
|
+
end
|
175
|
+
|
176
|
+
# Update rule
|
177
|
+
def update_rule(rule_id, rule_spec, section_id = @one_section_id)
|
178
|
+
url = @url_sections + '/' + section_id + '/rules/' + rule_id
|
179
|
+
rule = rule_by_id(rule_id)
|
180
|
+
raise "Rule id #{rule_id} not found" unless rule
|
181
|
+
|
182
|
+
rule_spec['_revision'] = rule['_revision']
|
183
|
+
rule_spec = rule_spec.to_json
|
184
|
+
@nsx_client.put(url, rule_spec)
|
185
|
+
end
|
186
|
+
|
187
|
+
# Delete rule
|
188
|
+
def delete_rule(rule_id, section_id = @one_section_id)
|
189
|
+
url = @url_sections + '/' + section_id + '/rules/' + rule_id
|
190
|
+
# Delete receive a 200 OK also if the rule doesn't exist
|
191
|
+
@nsx_client.delete(url)
|
192
|
+
end
|
193
|
+
|
194
|
+
end
|
195
|
+
|
196
|
+
end
|