opennebula 5.12.9 → 6.0.0.1

data/lib/nsx_rule.rb

@@ -0,0 +1,193 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
+require 'ipaddr'
+
+# Module NSXDriver
+module NSXDriver
+
+    ONE_LOCATION = ENV['ONE_LOCATION'] unless defined?(ONE_LOCATION)
+
+    if !ONE_LOCATION
+        RUBY_LIB_LOCATION = '/usr/lib/one/ruby' \
+            unless defined?(RUBY_LIB_LOCATION)
+        GEMS_LOCATION     = '/usr/share/one/gems' \
+            unless defined?(GEMS_LOCATION)
+    else
+        RUBY_LIB_LOCATION = ONE_LOCATION + '/lib/ruby' \
+            unless defined?(RUBY_LIB_LOCATION)
+        GEMS_LOCATION     = ONE_LOCATION + '/share/gems' \
+            unless defined?(GEMS_LOCATION)
+    end
+
+    if File.directory?(GEMS_LOCATION)
+        real_gems_path = File.realpath(GEMS_LOCATION)
+        if !defined?(Gem) || Gem.path != [real_gems_path]
+            $LOAD_PATH.reject! {|l| l =~ /vendor_ruby/ }
+            require 'rubygems'
+            Gem.use_paths(real_gems_path)
+        end
+    end
+
+    $LOAD_PATH << RUBY_LIB_LOCATION
+
+    require 'nsxt_rule'
+    require 'nsxv_rule'
+
+    # Class Logical Switch
+    module NSXRule
+
+        include NSXTRule
+        include NSXVRule
+
+        def to_nets(ip_start, size)
+            nets = []
+            ipaddr = IPAddr.new ip_start
+            ip_i = ipaddr.to_i
+
+            if ipaddr.ipv4?
+                ip_length = 32
+            elsif ipaddr.ipv6?
+                ip_length = 128
+            else
+                return
+            end
+
+            # Find the largest address block (look for the first 1-bit)
+            lblock = 0
+
+            lblock += 1 while ip_i[lblock] == 0 && lblock < ip_length
+
+            # Allocate whole blocks till the size fits
+            while size >= 2**lblock
+                nets << "#{IPAddr.new(ip_i, ipaddr.family)}" \
+                        "/#{ip_length-lblock}"
+
+                ip_i += 2**lblock
+                size -= 2**lblock
+
+                lblock += 1 while ip_i[lblock] == 0 && lblock < ip_length
+            end
+
+            # Fit remaining address blocks
+            ip_length.downto(0) do |i|
+                next if size[i] == 0
+
+                nets << "#{IPAddr.new(ip_i, ipaddr.family)}/#{ip_length-i}"
+
+                ip_i += 2**i
+            end
+
+            nets
+        end
+
+        # Adapt port from ["22, 443"] to '22, 443'
+        # Adapt port from ["22", "443"] to '22, 443'
+        def parse_ports(rule_ports)
+            unless rule_ports.empty?
+                rule_ports = rule_ports.join(',')
+            end
+            rule_ports
+        end
+
+        def extract_vnet_data(vnet_id)
+            if vnet_id == ''
+                return {
+                    :nsxid => '',
+                    :name => ''
+                }
+            end
+            # Create client to communicate with OpenNebula
+            one_client = OpenNebula::Client.new
+            # Get the network XML from OpenNebula
+            # This is potentially different from the Netowrk Template
+            # provided as the API call argument
+            one_vnet = OpenNebula::VirtualNetwork.new_with_id(vnet_id,
+                                                              one_client)
+            rc = one_vnet.info
+            if OpenNebula.is_error?(rc)
+                err_msg = rc.message
+                raise CreateNetworkError, err_msg
+            end
+            {
+                :nsxid => one_vnet['TEMPLATE/NSX_ID'],
+                :name => one_vnet['NAME']
+            }
+        end
+
+        def extract_rule_data(xml_rule)
+            sg_id = xml_rule.xpath('SECURITY_GROUP_ID').text
+            sg_name = xml_rule.xpath('SECURITY_GROUP_NAME').text
+            in_out = xml_rule.xpath('RULE_TYPE').text.upcase
+            in_out == 'INBOUND' ? sg_direction = 'IN' : sg_direction = 'OUT'
+            # Protocol: TCP, UDP, ICMP...
+            sg_protocol = xml_rule.xpath('PROTOCOL').text
+            if sg_protocol == 'ICMP'
+                sg_icmp_type = xml_rule.xpath('ICMP_TYPE').text
+            end
+            # OpenNebula network ID
+            sg_network_id = xml_rule.xpath('NETWORK_ID').text
+            vnet_data = extract_vnet_data(sg_network_id)
+
+            # ip / netmask
+            sg_ip = xml_rule.xpath('IP').text
+            sg_ipsize = xml_rule.xpath('SIZE').text
+            sg_subnets = []
+            if sg_ip != '' && sg_ipsize != ''
+                sg_subnets = to_nets(sg_ip, sg_ipsize.to_i)
+            end
+            # Ports
+            sg_ports = ''
+            sg_range_port = xml_rule.xpath('RANGE').text
+            if sg_range_port
+                if sg_range_port.index(':')
+                    sg_port_from = sg_range_port[0..sg_range_port.index(':')-1]
+                    sg_port_to = sg_range_port[sg_range_port.index(':')+1,
+                                               sg_range_port.length]
+                    sg_ports = "#{sg_port_from}-#{sg_port_to}"
+                else
+                    sg_ports = sg_range_port
+                end
+            end
+            # Create hash with data
+            {
+                :id => sg_id,
+                :name => sg_name,
+                :direction => sg_direction,
+                :protocol => sg_protocol,
+                :icmp_type => sg_icmp_type,
+                :network_id => sg_network_id,
+                :network_name => vnet_data[:name],
+                :network_nsxid => vnet_data[:nsxid],
+                :subnets => sg_subnets,
+                :ports => sg_ports.split(',')
+            }
+        end
+
+        def rule_spec(rule, vm_data, nic_data, nsx_client)
+            case nsx_client.nsx_type
+            when NSXDriver::NSXConstants::NSXT
+                nsxt_rule_spec(rule, vm_data, nic_data)
+            when NSXDriver::NSXConstants::NSXV
+                nsxv_rule_spec(rule, vm_data, nic_data)
+            else
+                raise "Unsupported NSX type: #{nsx_type}"
+            end
+        end
+
+    end
+
+end

data/lib/nsxt_client.rb

@@ -0,0 +1,176 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+module NSXDriver
+
+    ONE_LOCATION = ENV['ONE_LOCATION'] unless defined?(ONE_LOCATION)
+
+    if !ONE_LOCATION
+        RUBY_LIB_LOCATION = '/usr/lib/one/ruby' \
+            unless defined?(RUBY_LIB_LOCATION)
+        GEMS_LOCATION     = '/usr/share/one/gems' \
+            unless defined?(GEMS_LOCATION)
+    else
+        RUBY_LIB_LOCATION = ONE_LOCATION + '/lib/ruby' \
+            unless defined?(RUBY_LIB_LOCATION)
+        GEMS_LOCATION     = ONE_LOCATION + '/share/gems' \
+            unless defined?(GEMS_LOCATION)
+    end
+
+    if File.directory?(GEMS_LOCATION)
+        real_gems_path = File.realpath(GEMS_LOCATION)
+        if !defined?(Gem) || Gem.path != [real_gems_path]
+            $LOAD_PATH.reject! {|l| l =~ /vendor_ruby/ }
+            require 'rubygems'
+            Gem.use_paths(real_gems_path)
+        end
+    end
+
+    $LOAD_PATH << RUBY_LIB_LOCATION
+
+    # Class NSXTClient
+    class NSXTClient < NSXClient
+
+        # ATTIBUTES
+        attr_accessor :nsxmgr
+        attr_accessor :nsx_user
+        attr_accessor :nsx_password
+        attr_accessor :nsx_type
+
+        # CONSTRUCTORS
+        def initialize(nsxmgr, nsx_user, nsx_password)
+            super(nsxmgr, nsx_user, nsx_password)
+            @nsx_type = NSXConstants::NSXT
+        end
+
+        # Prepare headers
+        def add_headers(aditional_headers = [])
+            headers = NSXConstants::HEADER_JSON.clone
+            unless aditional_headers.empty?
+                aditional_headers.each do |header|
+                    headers[header.keys[0]] = header.values[0]
+                end
+            end
+            headers
+        end
+
+        # METHODS
+        def get(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK,
+                               NSXConstants::CODE_NO_CONTENT]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Get.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            JSON.parse(response.body)
+        end
+
+        def get_full_response(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK,
+                               NSXConstants::CODE_NO_CONTENT]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Get.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            check_response(response, valid_codes)
+        end
+
+        # Return: id of the created object
+        def post(url, data, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_CREATED,
+                               NSXConstants::CODE_OK]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Post.new(uri.request_uri, headers)
+            request.body = data
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            response_json = JSON.parse(response.body)
+            response_json['id']
+        end
+
+        def put(url, data, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_CREATED,
+                               NSXConstants::CODE_OK]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Put.new(uri.request_uri, headers)
+            request.body = data
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            response_json = JSON.parse(response.body)
+            response_json['id']
+        end
+
+        def delete(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK,
+                               NSXConstants::CODE_NO_CONTENT]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Delete.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            check_response(response, valid_codes)
+        end
+
+        def get_token(url, aditional_headers = [], valid_codes = [])
+            if valid_codes.empty?
+                valid_codes = [NSXConstants::CODE_OK]
+            end
+            uri = URI.parse(@nsxmgr + url)
+            headers = add_headers(aditional_headers)
+            request = Net::HTTP::Post.new(uri.request_uri, headers)
+            request.basic_auth(@nsx_user, @nsx_password)
+            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
+                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
+                    https.request(request)
+                end
+            response = check_response(response, valid_codes)
+            response.body
+        end
+
+    end
+
+end

data/lib/nsxt_dfw.rb

@@ -0,0 +1,196 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+module NSXDriver
+
+    # Class Logical Switch
+    class NSXTdfw < DistributedFirewall
+
+        # ATTRIBUTES
+        attr_reader :one_section_id
+
+        # CONSTRUCTOR
+        # Creates OpenNebula section if not exists
+        def initialize(nsx_client)
+            super(nsx_client)
+            # Construct base URLs
+            @base_url = NSXConstants::NSXT_DFW_BASE
+            @url_sections = @base_url + \
+                            NSXConstants::NSXT_DFW_SECTIONS
+            @one_section_id = init_section
+        end
+
+        # Sections
+        # Creates OpenNebula section if not exists and returns
+        # its section_id. Returns its section_id if OpenNebula
+        # section already exists
+        def init_section
+            one_section = section_by_name(NSXConstants::ONE_SECTION_NAME)
+            one_section ||= create_section(NSXConstants::ONE_SECTION_NAME)
+            return one_section['id'] if one_section
+        end
+
+        # Get all sections
+        # Params:
+        # - None
+        # Return
+        # - nil | sections
+        def sections
+            result = @nsx_client.get(@url_sections)
+            result['results']
+        end
+
+        # Get section by id
+        # Params:
+        # - section_id: [String] ID of the section or @one_section_id
+        # Return
+        # - nil | section
+        def section_by_id(section_id = @one_section_id)
+            url = @url_sections + '/' + section_id
+            @nsx_client.get(url)
+        end
+
+        # Get section by name
+        # Params:
+        # - section_name: Name of the section
+        # Return
+        # - nil | section
+        def section_by_name(section_name)
+            result = nil
+            all_sections = sections
+            return result unless all_sections
+
+            all_sections.each do |section|
+                result = section if section['display_name'] == section_name
+            end
+            result
+        end
+
+        # Create new section and return the section
+        def create_section(section_name)
+            section_spec = %(
+              {
+                  "display_name": "#{section_name}",
+                  "section_type": "LAYER3",
+                  "stateful": true
+              }
+            )
+            section_id = @nsx_client.post(@url_sections, section_spec)
+            result = section_by_id(section_id)
+            raise 'Section was not created in DFW' unless result
+
+            result
+        end
+
+        # Delete section
+        # Params:
+        # - section_id: [String] ID of the section or @one_section_id
+        def delete_section(section_id = @one_section_id)
+            url = @url_sections + '/' + section_id
+            @nsx_client.delete(url)
+        end
+
+        # Rules
+        # Get all rules of a Section, OpenNebula section if it's not defined
+        # Return:
+        # - [Array]
+        def rules(section_id = @one_section_id)
+            url = @url_sections + '/' + section_id + '/rules'
+            @nsx_client.get(url)
+        end
+
+        # Get rule by id
+        # Return:
+        # rule | nil
+        def rule_by_id(rule_id)
+            url = @base_url + '/rules/' + rule_id
+            valid_codes = [NSXConstants::CODE_CREATED,
+                           NSXConstants::CODE_OK,
+                           NSXConstants::CODE_BAD_REQUEST,
+                           NSXConstants::CODE_NOT_FOUND]
+            additional_headers = []
+            @nsx_client.get(url, additional_headers, valid_codes)
+        end
+
+        # Get rules by name
+        # Return:
+        #  - Array with rules or an empty array
+        def rules_by_name(rule_name, section_id = @one_section_id)
+            rules = []
+            return rules unless section_id
+
+            all_rules = rules(section_id)
+            return rules unless all_rules
+
+            all_rules['results'].each do |rule|
+                rules << rule if rule['display_name'] == rule_name
+            end
+            rules
+        end
+
+        # Get rule by regex
+        # Return:
+        #  - Array with rules or an empty array
+        def rules_by_regex(regex, section_id = @one_section_id)
+            rules = []
+            return rules unless section_id
+
+            all_rules = rules(section_id)
+            return rules unless all_rules
+
+            all_rules['results'].each do |rule|
+                rules << rule if rule['display_name'].match(regex)
+            end
+            rules
+        end
+
+        # Create new rule
+        def create_rule(rule_spec, section_id = @one_section_id)
+            # Get revision from section
+            section = section_by_id(section_id)
+            unless section
+                error_msg = "Section with id #{section_id} not found"
+                error = NSXError::ObjectNotFound
+                        .new(error_msg)
+                raise error
+            end
+            revision_id = section['_revision']
+            rule_spec['_revision'] = revision_id
+            rule_spec = rule_spec.to_json
+            url = @url_sections + '/' + section_id + '/rules'
+            @nsx_client.post(url, rule_spec)
+        end
+
+        # Update rule
+        def update_rule(rule_id, rule_spec, section_id = @one_section_id)
+            url = @url_sections + '/' + section_id + '/rules/' + rule_id
+            rule = rule_by_id(rule_id)
+            raise "Rule id #{rule_id} not found" unless rule
+
+            rule_spec['_revision'] = rule['_revision']
+            rule_spec = rule_spec.to_json
+            @nsx_client.put(url, rule_spec)
+        end
+
+        # Delete rule
+        def delete_rule(rule_id, section_id = @one_section_id)
+            url = @url_sections + '/' + section_id + '/rules/' + rule_id
+            # Delete receive a 200 OK also if the rule doesn't exist
+            @nsx_client.delete(url)
+        end
+
+    end
+
+end