async def validate_arg(self):
verrors = ValidationErrors()
with contextlib.suppress(json.JSONDecodeError, TypeError):
self.arg = json.loads(self.arg)
self.arg = clean_and_validate_arg(verrors, self.ACCEPTS[0], self.arg)
verrors.check()
def validate_credentials(data):
verrors = ValidationErrors()
if data.get('api_token'):
if data.get('cloudflare_email'):
verrors.add('cloudflare_email',
'Should not be specified when using "api_token".')
if data.get('api_key'):
verrors.add('api_key',
'Should not be specified when using "api_token".')
elif data.get('cloudflare_email') or data.get('api_key'):
if not data.get('cloudflare_email'):
verrors.add(
'cloudflare_email',
'Attribute is required when using a Global API Key (should be associated with Cloudflare account).'
)
if not data.get('api_key'):
verrors.add(
'api_key',
'Attribute is required when using a Global API Key.')
else:
verrors.add(
'api_token',
'Attribute must be specified when Global API Key is not specified.'
)
verrors.check()
async def do_create(self, data):
data.update({
'kind': 'VolumeSnapshot',
'apiVersion': f'snapshot.storage.k8s.io/{self.VERSION}'
})
namespace = data.pop('namespace')
verrors = ValidationErrors()
if not await self.middleware.call(
'k8s.zfs.snapshotclass.query', [['metadata.name', '=', data['spec']['volumeSnapshotClassName']]]
):
verrors.add(
'zfs_snapshot_create.spec.volumeSnapshotClassName',
'Specified volumeSnapshotClassName does not exist.'
)
if not await self.middleware.call(
'k8s.pvc.query', [
['metadata.name', '=', data['spec']['source']['persistentVolumeClaimName']],
['metadata.namespace', '=', namespace]
]
):
verrors.add(
'zfs_snapshot_create.spec.source.persistentVolumeClaimName',
f'Specified persistentVolumeClaimName does not exist in {namespace}.'
)
verrors.check()
async with api_client() as (api, context):
await context['custom_object_api'].create_namespaced_custom_object(
group=self.GROUP, version=self.VERSION, plural=self.PLURAL, namespace=namespace, body=data
)
return data
async def do_create(self, data):
"""
Create a Tunable.
"""
verrors = ValidationErrors()
if await self.middleware.call('tunable.query',
[('var', '=', data['var'])]):
verrors.add(
'tunable.create',
f'Tunable {data["var"]!r} already exists in database.',
errno.EEXIST)
if data['var'] not in await self.middleware.call(
'tunable.get_system_tunables'):
verrors.add('tunable.create',
f'Tunable {data["var"]!r} does not exist in kernel.',
errno.ENOENT)
verrors.check()
data['orig_value'] = await self.middleware.call(
'tunable.get_or_set', data['var'])
if (comment := data.get('comment', '').strip()):
data['comment'] = comment
async def do_create(self, data):
verrors = ValidationErrors()
# We normalize the label
data['label'] = data['label'].upper()
if await self.query([['id', '=', data['label']]]):
verrors.add('catalog_create.label', 'A catalog with specified label already exists', errno=errno.EEXIST)
if await self.query([['repository', '=', data['repository']], ['branch', '=', data['branch']]]):
for k in ('repository', 'branch'):
verrors.add(
f'catalog_create.{k}', 'A catalog with same repository/branch already exists', errno=errno.EEXIST
)
verrors.check()
if not data.pop('force'):
# We will validate the catalog now to ensure it's valid wrt contents / format
path = os.path.join(
TMP_IX_APPS_DIR, 'validate_catalogs', convert_repository_to_path(data['repository'], data['branch'])
)
try:
await self.middleware.call('catalog.update_git_repository', {**data, 'location': path}, True)
await self.middleware.call('catalog.validate_catalog_from_path', path)
finally:
await self.middleware.run_in_thread(shutil.rmtree, path, ignore_errors=True)
await self.middleware.call('datastore.insert', self._config.datastore, data)
asyncio.ensure_future(self.middleware.call('catalog.sync', data['label']))
return await self.get_instance(data['label'])
async def do_create(self, data):
"""
`catalog_create.preferred_trains` specifies trains which will be displayed in the UI directly for a user.
"""
verrors = ValidationErrors()
# We normalize the label
data['label'] = data['label'].upper()
if await self.query([['id', '=', data['label']]]):
verrors.add('catalog_create.label',
'A catalog with specified label already exists',
errno=errno.EEXIST)
if await self.query([['repository', '=', data['repository']],
['branch', '=', data['branch']]]):
for k in ('repository', 'branch'):
verrors.add(
f'catalog_create.{k}',
'A catalog with same repository/branch already exists',
errno=errno.EEXIST)
verrors.check()
if not data['preferred_trains']:
data['preferred_trains'] = ['charts']
if not data.pop('force'):
# We will validate the catalog now to ensure it's valid wrt contents / format
path = os.path.join(
TMP_IX_APPS_DIR, 'validate_catalogs',
convert_repository_to_path(data['repository'], data['branch']))
try:
await self.middleware.call('catalog.update_git_repository', {
**data, 'location': path
}, True)
await self.middleware.call(
'catalog.validate_catalog_from_path', path)
await self.common_validation(
{
'trains':
await self.middleware.call('catalog.get_trains', path)
}, 'catalog_create', data)
except CallError as e:
verrors.add('catalog_create.label',
f'Failed to validate catalog: {e}')
finally:
await self.middleware.run_in_thread(shutil.rmtree,
path,
ignore_errors=True)
verrors.check()
await self.middleware.call('datastore.insert', self._config.datastore,
data)
asyncio.ensure_future(
self.middleware.call('catalog.sync', data['label']))
return await self.get_instance(data['label'])
async def do_create(self, job, data):
"""
`catalog_create.preferred_trains` specifies trains which will be displayed in the UI directly for a user.
"""
verrors = ValidationErrors()
# We normalize the label
data['label'] = data['label'].upper()
if await self.query([['id', '=', data['label']]]):
verrors.add('catalog_create.label', 'A catalog with specified label already exists', errno=errno.EEXIST)
if await self.query([['repository', '=', data['repository']], ['branch', '=', data['branch']]]):
for k in ('repository', 'branch'):
verrors.add(
f'catalog_create.{k}', 'A catalog with same repository/branch already exists', errno=errno.EEXIST
)
verrors.check()
if not data['preferred_trains']:
data['preferred_trains'] = ['stable']
if not data.pop('force'):
job.set_progress(40, f'Validating {data["label"]!r} catalog')
# We will validate the catalog now to ensure it's valid wrt contents / format
path = os.path.join(
TMP_IX_APPS_DIR, 'validate_catalogs', convert_repository_to_path(data['repository'], data['branch'])
)
try:
await self.middleware.call('catalog.update_git_repository', {**data, 'location': path})
await self.middleware.call('catalog.validate_catalog_from_path', path)
await self.common_validation(
{'trains': await self.middleware.call('catalog.retrieve_train_names', path)}, 'catalog_create', data
)
except ValidationErrors as ve:
verrors.extend(ve)
except CallError as e:
verrors.add('catalog_create.label', f'Failed to validate catalog: {e}')
finally:
await self.middleware.run_in_thread(shutil.rmtree, path, ignore_errors=True)
else:
job.set_progress(50, 'Skipping validation of catalog')
verrors.check()
job.set_progress(60, 'Completed Validation')
await self.middleware.call('datastore.insert', self._config.datastore, data)
job.set_progress(70, f'Successfully added {data["label"]!r} catalog')
job.set_progress(80, f'Syncing {data["label"]} catalog')
sync_job = await self.middleware.call('catalog.sync', data['label'])
await sync_job.wait()
if sync_job.error:
raise CallError(f'Catalog was added successfully but failed to sync: {sync_job.error}')
job.set_progress(100, f'Successfully synced {data["label"]!r} catalog')
return await self.get_instance(data['label'])
async def do_update(self, data):
"""
Update settings of SSH daemon service.
If `bindiface` is empty it will listen for all available addresses.
.. examples(websocket)::
Make sshd listen only to igb0 interface.
:::javascript
{
"id": "6841f242-840a-11e6-a437-00e04d680384",
"msg": "method",
"method": "ssh.update",
"params": [{
"bindiface": ["igb0"]
}]
}
"""
old = await self.config()
new = old.copy()
new.update(data)
if new['bindiface']:
verrors = ValidationErrors()
iface_choices = await self.middleware.call('ssh.bindiface_choices')
invalid_ifaces = list(
filter(lambda x: x not in iface_choices, new['bindiface']))
if invalid_ifaces:
verrors.add(
'ssh_update.bindiface',
f'The following interfaces are not valid: {", ".join(invalid_ifaces)}',
)
verrors.check()
await self._update_service(old, new)
keyfile = "/usr/local/etc/ssh/ssh_host_ecdsa_key.pub"
if os.path.exists(keyfile):
with open(keyfile, "rb") as f:
pubkey = f.read().strip().split(None, 3)[1]
decoded_key = base64.b64decode(pubkey)
key_digest = hashlib.sha256(decoded_key).digest()
ssh_fingerprint = (b"SHA256:" +
base64.b64encode(key_digest).replace(
b"=", b"")).decode("utf-8")
syslog.openlog(logoption=syslog.LOG_PID, facility=syslog.LOG_USER)
syslog.syslog(
syslog.LOG_ERR,
'ECDSA Fingerprint of the SSH KEY: ' + ssh_fingerprint)
syslog.closelog()
return new
async def common_validation(self, data, schema_name):
verrors = ValidationErrors()
if data['authenticator'] not in await self.middleware.call('acme.dns.authenticator.get_authenticator_schemas'):
verrors.add(
f'{schema_name}.authenticator',
f'System does not support {data["authenticator"]} as an Authenticator'
)
else:
authenticator_obj = await self.middleware.call('acme.dns.authenticator.get_authenticator_internal', data)
authenticator_obj.validate_credentials(data['attributes'])
verrors.check()
async def validate_data(self, data, schema):
verrors = ValidationErrors()
await self.validate_path_field(data, schema, verrors)
if not data['name'].isalnum():
verrors.add(f'{schema}.name',
'Only alphanumeric characters are allowed')
verrors.check()
if not os.path.exists(data[self.path_field]):
os.makedirs(data[self.path_field])
async def do_create(self, data):
"""
Create a Virtual Machine (VM).
`grubconfig` may either be a path for the grub.cfg file or the actual content
of the file to be used with GRUB bootloader.
`devices` is a list of virtualized hardware to add to the newly created Virtual Machine.
Failure to attach a device destroys the VM and any resources allocated by the VM devices.
Maximum of 16 guest virtual CPUs are allowed. By default, every virtual CPU is configured as a
separate package. Multiple cores can be configured per CPU by specifying `cores` attributes.
`vcpus` specifies total number of CPU sockets. `cores` specifies number of cores per socket. `threads`
specifies number of threads per core.
`shutdown_timeout` indicates the time in seconds the system waits for the VM to cleanly shutdown. During system
shutdown, if the VM hasn't exited after a hardware shutdown signal has been sent by the system within
`shutdown_timeout` seconds, system initiates poweroff for the VM to stop it.
`hide_from_msr` is a boolean which when set will hide the KVM hypervisor from standard MSR based discovery and
is useful to enable when doing GPU passthrough.
SCALE Angelfish: Specifying `devices` is deprecated and will be removed in next major release.
"""
async with LIBVIRT_LOCK:
await self.middleware.run_in_thread(self._check_setup_connection)
if data.get('devices'):
warnings.warn(
'SCALE Angelfish: Specifying "devices" in "vm.create" is deprecated and will be '
'removed in next major release.', DeprecationWarning)
verrors = ValidationErrors()
await self.__common_validation(verrors, 'vm_create', data)
verrors.check()
devices = data.pop('devices')
vm_id = await self.middleware.call('datastore.insert', 'vm.vm', data)
try:
await self.safe_devices_updates(devices)
except Exception as e:
await self.middleware.call('vm.delete', vm_id)
raise e
else:
for device in devices:
await self.middleware.call('vm.device.create', {
'vm': vm_id,
**device
})
await self.middleware.run_in_thread(self._add, vm_id)
return await self.get_instance(vm_id)
async def do_update(self, data):
"""
Update settings of SSH daemon service.
If `bindiface` is empty it will listen for all available addresses.
.. examples(websocket)::
Make sshd listen only to igb0 interface.
:::javascript
{
"id": "6841f242-840a-11e6-a437-00e04d680384",
"msg": "method",
"method": "ssh.update",
"params": [{
"bindiface": ["igb0"]
}]
}
"""
old = await self.config()
new = old.copy()
new.update(data)
if new['bindiface']:
verrors = ValidationErrors()
iface_choices = await self.middleware.call('ssh.bindiface_choices')
invalid_ifaces = list(filter(lambda x: x not in iface_choices, new['bindiface']))
if invalid_ifaces:
verrors.add(
'ssh_update.bindiface',
f'The following interfaces are not valid: {", ".join(invalid_ifaces)}',
)
verrors.check()
await self._update_service(old, new)
keyfile = "/usr/local/etc/ssh/ssh_host_ecdsa_key.pub"
if os.path.exists(keyfile):
with open(keyfile, "rb") as f:
pubkey = f.read().strip().split(None, 3)[1]
decoded_key = base64.b64decode(pubkey)
key_digest = hashlib.sha256(decoded_key).digest()
ssh_fingerprint = (b"SHA256:" + base64.b64encode(key_digest).replace(b"=", b"")).decode("utf-8")
syslog.openlog(logoption=syslog.LOG_PID, facility=syslog.LOG_USER)
syslog.syslog(syslog.LOG_ERR, 'ECDSA Fingerprint of the SSH KEY: ' + ssh_fingerprint)
syslog.closelog()
return new
async def common_validation(self, catalog, schema, data):
found_trains = set(catalog['trains'])
diff = set(data['preferred_trains']) - found_trains
verrors = ValidationErrors()
if diff:
verrors.add(
f'{schema}.preferred_trains',
f'{", ".join(diff)} trains were not found in catalog.')
if not data['preferred_trains']:
verrors.add(
f'{schema}.preferred_trains',
'At least 1 preferred train must be specified for a catalog.')
verrors.check()
async def do_create(self, data):
"""
Create a Virtual Machine (VM).
Maximum of 16 guest virtual CPUs are allowed. By default, every virtual CPU is configured as a
separate package. Multiple cores can be configured per CPU by specifying `cores` attributes.
`vcpus` specifies total number of CPU sockets. `cores` specifies number of cores per socket. `threads`
specifies number of threads per core.
`ensure_display_device` when set ( the default ) will ensure that the guest always has access to a video device.
For headless installations like ubuntu server this is required for the guest to operate properly. However
for cases where consumer would like to use GPU passthrough and does not want a display device added should set
this to `false`.
`arch_type` refers to architecture type and can be specified for the guest. By default the value is `null` and
system in this case will choose a reasonable default based on host.
`machine_type` refers to machine type of the guest based on the architecture type selected with `arch_type`.
By default the value is `null` and system in this case will choose a reasonable default based on `arch_type`
configuration.
`shutdown_timeout` indicates the time in seconds the system waits for the VM to cleanly shutdown. During system
shutdown, if the VM hasn't exited after a hardware shutdown signal has been sent by the system within
`shutdown_timeout` seconds, system initiates poweroff for the VM to stop it.
`hide_from_msr` is a boolean which when set will hide the KVM hypervisor from standard MSR based discovery and
is useful to enable when doing GPU passthrough.
`hyperv_enlightenments` can be used to enable subset of predefined Hyper-V enlightenments for Windows guests. These
enlightenments improve performance and enable otherwise missing features.
"""
async with LIBVIRT_LOCK:
await self.middleware.run_in_thread(self._check_setup_connection)
verrors = ValidationErrors()
await self.__common_validation(verrors, 'vm_create', data)
verrors.check()
vm_id = await self.middleware.call('datastore.insert', 'vm.vm', data)
await self.middleware.run_in_thread(self._add, vm_id)
await self.middleware.call('etc.generate', 'libvirt_guests')
return await self.get_instance(vm_id)
async def common_validation(self, data, schema_name, old=None):
verrors = ValidationErrors()
filters = [['name', '!=', old['name']]] if old else []
filters.append(['name', '=', data['name']])
if await self.query(filters):
verrors.add(f'{schema_name}.name',
'Specified name is already in use')
if data['authenticator'] not in await self.middleware.call(
'acme.dns.authenticator.get_authenticator_schemas'):
verrors.add(
f'{schema_name}.authenticator',
f'System does not support {data["authenticator"]} as an Authenticator'
)
else:
authenticator_obj = await self.middleware.call(
'acme.dns.authenticator.get_authenticator_internal', data)
authenticator_obj.validate_credentials(data['attributes'])
verrors.check()
async def validate(self, data, schema_name):
verrors = ValidationErrors()
if data.get('protocol') == 'httphttps' and data.get(
'tcpport') == data.get('tcpportssl'):
verrors.add(f"{schema_name}.tcpportssl",
'The HTTP and HTTPS ports cannot be the same!')
cert_ssl = data.get('certssl') or 0
if data.get('protocol') != 'http':
if not cert_ssl:
verrors.add(
f"{schema_name}.certssl",
'WebDAV SSL protocol specified without choosing a certificate'
)
else:
verrors.extend((await self.middleware.call(
'certificate.cert_services_validation', cert_ssl,
f'{schema_name}.certssl', False)))
verrors.check()
return data
async def do_update(self, data):
"""
Update LLDP Service Configuration.
`country` is a two letter ISO 3166 country code required for LLDP location support.
`location` is an optional attribute specifying the physical location of the host.
"""
old = await self.config()
new = old.copy()
new.update(data)
verrors = ValidationErrors()
if new['country'] not in await self.country_choices():
verrors.add(
'lldp_update.country',
f'{new["country"]} not in countries recognized by the system.')
verrors.check()
await self._update_service(old, new)
return new
async def do_create(self, data):
"""
Create a Virtual Machine (VM).
`devices` is a list of virtualized hardware to add to the newly created Virtual Machine.
Failure to attach a device destroys the VM and any resources allocated by the VM devices.
Maximum of 16 guest virtual CPUs are allowed. By default, every virtual CPU is configured as a
separate package. Multiple cores can be configured per CPU by specifying `cores` attributes.
`vcpus` specifies total number of CPU sockets. `cores` specifies number of cores per socket. `threads`
specifies number of threads per core.
`ensure_display_device` when set ( the default ) will ensure that the guest always has access to a video device.
For headless installations like ubuntu server this is required for the guest to operate properly. However
for cases where consumer would like to use GPU passthrough and does not want a display device added should set
this to `false`.
`arch_type` refers to architecture type and can be specified for the guest. By default the value is `null` and
system in this case will choose a reasonable default based on host.
`machine_type` refers to machine type of the guest based on the architecture type selected with `arch_type`.
By default the value is `null` and system in this case will choose a reasonable default based on `arch_type`
configuration.
`shutdown_timeout` indicates the time in seconds the system waits for the VM to cleanly shutdown. During system
shutdown, if the VM hasn't exited after a hardware shutdown signal has been sent by the system within
`shutdown_timeout` seconds, system initiates poweroff for the VM to stop it.
`hide_from_msr` is a boolean which when set will hide the KVM hypervisor from standard MSR based discovery and
is useful to enable when doing GPU passthrough.
SCALE Angelfish: Specifying `devices` is deprecated and will be removed in next major release.
"""
async with LIBVIRT_LOCK:
await self.middleware.run_in_thread(self._check_setup_connection)
if data.get('devices'):
warnings.warn(
'SCALE Angelfish: Specifying "devices" in "vm.create" is deprecated and will be '
'removed in next major release.', DeprecationWarning)
verrors = ValidationErrors()
await self.__common_validation(verrors, 'vm_create', data)
verrors.check()
devices = data.pop('devices')
vm_id = await self.middleware.call('datastore.insert', 'vm.vm', data)
try:
await self.safe_devices_updates(devices)
except Exception as e:
await self.middleware.call('vm.delete', vm_id)
raise e
else:
for device in devices:
await self.middleware.call('vm.device.create', {
'vm': vm_id,
**device
})
await self.middleware.run_in_thread(self._add, vm_id)
return await self.get_instance(vm_id)
