def parameter_check(parameter, ptype='pstr', exist='yes'):
if (parameter is None) and (exist == 'no'):
return parameter
elif (parameter is None) and (exist == 'yes'):
raise (Exception('Parameter is not allowed to be None'))
para_format = {
"pstr":
"[A-Za-z0-9-_]{1,60}$",
"pnam":
"[A-Za-z]{1,30}[A-Za-z0-9-_]{0,10}$",
"pint":
"-{0,1}[0-9]{1,16}$",
"pflt":
"-{0,1}[0-9]{1,15}[.]{0,1}[0-9]{1,6}$",
"peml": ("[A-Za-z]{1,1}[A-Za-z0-9-_]{2,30}"
"@[A-Za-z0-9]{1,1}[A-Za-z0-9-_.]{1,20}"
"[.]{1,1}[A-Za-z]{1,5}$"),
"ppwd":
".{5,60}"
}
m = re.match(para_format[ptype], str(parameter))
if m is None:
log.warning(
'Parameter format error, parameter=%s, ptype=%s, exist=%s' %
(str(parameter), ptype, exist))
raise (Exception('Parameter format error'))
return parameter
def rpcapp_run(self, dict_data):
try:
api = dict_data['api']
context = dict_data['context']
parameters = dict_data['parameters']
except Exception, e:
log.warning('parameters error: %s' % (e))
return request_result(101)
def server_start(service_name):
while True:
try:
log.info('Starting %s Restful API Server' % (service_name))
rest_app_run()
except Exception, e:
log.warning('%s RESTful API Server running error, reason=%s'
% (service_name, e))
sleep(10)
def get(self, cloudhost_uuid):
try:
token = request.headers.get('token')
token_auth(token)
except Exception, e:
log.warning('Token check error, token=%s, reason=%s' % (token, e))
return request_result(201)
def rest_app_run():
while True:
try:
app.run(debug=True, host="0.0.0.0", port=9000, threaded=True)
except Exception, e:
log.warning('k8s API Server running error, reason=%s' % e)
sleep(8)
def server_run(self, qu_ex_name):
try:
self.channel.start_consuming()
except BaseException, e:
log.warning('RabbitMQ server %s exit, reason = %s'
% (qu_ex_name, e))
self.channel.stop_consuming()
self.connection.close()
raise
def cloudhost_info(self, context, parameters):
try:
vm_uuid = context['resource_uuid']
vm_uuid = parameter_check(vm_uuid, ptype='pstr')
except Exception, e:
log.warning('parameters error, context=%s, '
'parameters=%s, reason=%s' % (context, parameters, e))
return request_result(101)
def __aclauth(*args, **kwargs):
func_args = inspect.getcallargs(func, *args, **kwargs)
context = func_args.get('context')
token = context['token']
resources_uuid = context['resource_uuid']
action = context['action']
user_info = token_auth(token)['result']
user_uuid = user_info['user_uuid']
team_uuid = user_info['team_uuid']
team_priv = user_info['team_priv']
project_uuid = user_info['project_uuid']
project_priv = user_info['project_priv']
context = "%s%s%s%s%s%s%s" % (user_uuid, team_uuid, team_priv,
project_uuid, project_priv,
resources_uuid, action)
log.debug('start ack check, context=%s' % (context))
acl_info = caches.get(context)
for resource_uuid in resources_uuid:
if (acl_info is LocalCache.notFound):
log.debug('Cache acl not hit, context=%s' % (context))
auth_manager = AuthManager(service_name)
ret = auth_manager.resource_acl_check(
user_uuid, team_uuid, team_priv, project_uuid,
project_priv, resource_uuid, action)
expire = int(time.time()) + 300
caches.set(context, {"acl_check": ret, "expire": expire})
log.debug('Cached acl check, context=%s' % (context))
else:
log.debug('Cache acl hit, context=%s' % (context))
ret = acl_info['acl_check']
log.debug('ack check result=%s' % (ret))
if ret == 0:
try:
return func(*args, **kwargs)
except Exception, e:
log.error('function(%s) exec error, reason = %s' %
(func.__name__, e))
return request_result(999)
else:
log.warning('Resource acl auth denied: user_uuid = %s, \
team_uuid=%s, team_priv=%s, project_uuid=%s, \
project_priv=%s, resource_uuid=%s, action=%s'
%
(user_uuid, team_uuid, team_priv, project_uuid,
project_priv, resource_uuid, action))
return request_result(202)
def cloudhost_status_update(self, vm_uuid, status):
# 更新时,先从redis中获取该vm状态值进行比对,
# 不一致时才进行数据库更新,并更新redis缓存值。
try:
status_cached = self.redis_cache.get_data(vm_uuid)
self.redis_cache.set_data(vm_uuid, status, 60)
if status == status_cached:
return
except Exception, e:
log.warning('redis operation failure, reason=%s' % (e))
def cloudhost_recovery(self, context, parameters):
try:
token = context['token']
source_ip = context.get('source_ip')
vm_uuid = context['resource_uuid']
vm_uuid = parameter_check(vm_uuid, ptype='pstr')
except Exception, e:
log.warning('parameters error, context=%s, '
'parameters=%s, reason=%s' % (context, parameters, e))
return request_result(101)
def snapshot_delete(self, context, parameters):
try:
token = context['token']
source_ip = context.get('source_ip')
snapshot_uuid = context['resource_uuid']
snapshot_uuid = parameter_check(snapshot_uuid, ptype='pstr')
except Exception, e:
log.warning('parameters error, context=%s, '
'parameters=%s, reason=%s' % (context, parameters, e))
return request_result(101)
def put(self, cloudhost_uuid):
try:
token = request.headers.get('token')
token_auth(token)
source_ip = request.headers.get('X-Real-IP')
if source_ip is None:
source_ip = request.remote_addr
except Exception, e:
log.warning('Token check error, token=%s, reason=%s' % (token, e))
return request_result(201)
def get_response(self, timeout, queue_name):
cnt = 0
timeout = int(timeout) * 10
while self.response is None:
cnt += 1
if cnt >= timeout:
log.warning('RPC client exec time out, queue = %s' %
(queue_name))
self.response = request_result(597)
return
self.connection.sleep(0.1)
self.connection.process_data_events()
def cloudhost_list(self, context, parameters):
try:
user_info = token_auth(context['token'])['result']
user_uuid = user_info.get('user_uuid')
team_uuid = user_info.get('team_uuid')
team_priv = user_info.get('team_priv')
project_uuid = user_info.get('project_uuid')
project_priv = user_info.get('project_priv')
except Exception, e:
log.warning('parameters error, context=%s, '
'parameters=%s, reason=%s' % (context, parameters, e))
return request_result(101)
def parameter_check(parameter, ptype='pstr', exist='yes'):
if (parameter is None) and (exist == 'no'):
return parameter
if (parameter is None) and (exist == 'yes'):
raise(Exception('Parameter is not allow to be None'))
if ptype == 'ncid':
IPNetwork(parameter)
return parameter
if exist == 'not_essential':
if parameter is None:
return parameter
else:
if ptype == 'ndes':
return parameter
para_format = {
"pstr": "[A-Za-z0-9-_]{1,60}$",
"pnam": "[A-Za-z]{1}[A-Za-z0-9-_]{4,19}$", # name
"psiz": "[1-9]\d*", # size
"psnm": "[A-Za-z]{1}[A-Za-z0-9-_]{2,19}$",
"pint": "-{0,1}[0-9]{1,24}$",
"pflt": "-{0,1}[0-9]{1,15}[.]{0,1}[0-9]{0,6}$",
"peml": ("[A-Za-z1-9]{1,1}[A-Za-z0-9-_]{2,30}"
"@[A-Za-z0-9]{1,1}[A-Za-z0-9-_.]{1,20}"
"[.]{1,1}[A-Za-z]{1,5}$"),
"puid": ("[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-"
"[a-z0-9]{4}-[a-z0-9]{12}$"),
"pver": "[A-Za-z]{1}[A-Za-z0-9-_.]{2,19}$",
"pdat": "20{1}[0-9]{2}.[0-9]{2}.[0-9]{2}$",
"pnip": "[1-9]{1}[0-9]{0,2}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$",
"pdsk": "/dev/[s|v]{1}d[a-z]{1}[0-9]{1,2}$",
"pmac": ("[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:"
"[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}$"),
"ppwd": ".{6,60}",
"nname": "[A-Za-z]{1}[A-Za-z0-9-_]{3,19}$",
"n01": "^[01]$",
"n04": "^[46]$",
"nnum": "^\+?[1-9][0-9]*$",
"nip": "((25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(25[0-5]"
"|2[0-4]\d|((1\d{2})|([1-9]?\d)))",
}
m = re.match(para_format[ptype], str(parameter))
if m is None:
log.warning('Parameter format error, parameter=%s, ptype=%s, exist=%s'
% (str(parameter), ptype, exist))
raise(Exception('Parameter format error'))
return parameter
def appstatus_service():
appstatus = AppStatusManager()
rc_status_cache = {}
while True:
try:
log.debug('rc_status_cache=%s' % (rc_status_cache))
rc_status_cache = appstatus.rc_status_update(rc_status_cache)
except Exception, e:
rc_status_cache = {}
log.warning('Appstatus Service running error, reason=%s' % e)
sleep(15)
def server_start(n):
queue = conf.call_queue
while True:
try:
log.info('Starting RPC Call API Server, topic=%s' % queue)
rbtmq = RabbitmqServer(60)
rbtmq.rpc_call_server(queue, rpcapi_register)
except Exception, e:
log.warning(
'RPC Call API Server running error, queue=%s, reason=%s'
% (queue, e))
sleep(10)
def parameter_check(parameter, ptype='pstr', exist='yes'):
if (parameter is None) and (exist == 'no'):
return parameter
elif (parameter is None) and (exist == 'yes'):
raise (Exception('Parameter is not allow to be None'))
para_format = {
"pstr":
"[A-Za-z0-9-_]{1,60}$",
"pnam":
"[A-Za-z]{1}[A-Za-z0-9-_]{4,19}$", # name
"psiz":
"[1-9]\d*", # size
"psnm":
"[A-Za-z]{1}[A-Za-z0-9-_]{2,19}$",
"pint":
"-{0,1}[0-9]{1,24}$",
"pflt":
"-{0,1}[0-9]{1,15}[.]{0,1}[0-9]{0,6}$",
"peml": ("[A-Za-z1-9]{1,1}[A-Za-z0-9-_]{2,30}"
"@[A-Za-z0-9]{1,1}[A-Za-z0-9-_.]{1,20}"
"[.]{1,1}[A-Za-z]{1,5}$"),
"puid": ("[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-"
"[a-z0-9]{4}-[a-z0-9]{12}$"),
"pver":
"[A-Za-z]{1}[A-Za-z0-9-_.]{2,19}$",
"pdat":
"20{1}[0-9]{2}.[0-9]{2}.[0-9]{2}$",
"pnip":
"[1-9]{1}[0-9]{0,2}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$",
"pdsk":
"/dev/[s|v]{1}d[a-z]{1}[0-9]{1,2}$",
"pmac": ("[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:"
"[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}$"),
"ppwd":
".{6,60}",
"n01":
"^[01]$"
}
m = re.match(para_format[ptype], str(parameter))
if m is None:
log.warning(
'Parameter format error, parameter=%s, ptype=%s, exist=%s' %
(str(parameter), ptype, exist))
raise (Exception('Parameter format error'))
return parameter
def server_start(n):
queue = 'kubernetes_create'
while True:
try:
log.info('Starting RPC Call API Server, topic=%s' % queue)
rbtmq = RabbitmqServer(60)
rbtmq.rpc_cast_server(queue, kuber_register)
except Exception, e:
log.warning(
'RPC Call API Server running error, queue=%s, reason=%s' %
(queue, e))
sleep(10)
def attachment_create(self, server_uuid, volume_uuid, team_uuid,
project_uuid, user_uuid):
log.info('attachment args: server_uuid:%s, volume_uuid:'
'%s' % (server_uuid, volume_uuid))
# check the volume is used
try:
if_attach = self.db.get_attachment_info(volume_uuid)
if len(if_attach) != 0:
log.warning('volume(%s) is used, can\'t attach again' %
volume_uuid)
return request_result(302)
except Exception, e:
log.error('check the volume(%s) if is used by vm error, '
'reason is: %s' % (volume_uuid, e))
return request_result(403)
def parameter_check(parameter, ptype='pstr', exist='yes'):
if (parameter is None or parameter == '') and (exist == 'no'):
return parameter
elif (parameter is None or parameter == '') and (exist == 'yes'):
raise (Exception('Parameter is not allowed to be None'))
para_format = {
"pstr":
"[A-Za-z0-9-_]{1,60}$",
"pnam":
"[A-Za-z]{1}[A-Za-z0-9-_]{4,19}$",
"pint":
"-{0,1}[0-9]{1,16}$",
"pflt":
"-{0,1}[0-9]{1,15}[.]{0,1}[0-9]{1,6}$",
"peml": ("[A-Za-z1-9]{1,1}[A-Za-z0-9-_]{2,30}"
"@[A-Za-z0-9]{1,1}[A-Za-z0-9-_.]{1,20}"
"[.]{1,1}[A-Za-z]{1,5}$"),
"puid": ("[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-"
"[a-z0-9]{4}-[a-z0-9]{12}$"),
"pdat":
"20{1}[0-9]{2}.[0-9]{2}.[0-9]{2}$",
"pnip":
"[1-9]{1}[0-9]{0,2}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$",
"ppwd":
".{6,60}",
"pimgid":
"^[0-9]*$",
"choice":
"^[01]$",
"pod_num":
"^([0-9]|10)$",
"command":
"^[A-Za-z]{1}[A-Za-z0-9-_@,& ]{1,130}[A-Za-z0-9]{1}$",
"container_port":
"^([0-9]|[1-9]\d|[1-9]\d{2}|[1-9]\d{3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])$",
"domain":
"^((http://)|(https://))?([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,6}(/)?"
}
m = re.match(para_format[ptype], str(parameter))
if m is None:
log.warning(
'Parameter format error, parameter=%s, ptype=%s, exist=%s' %
(str(parameter), ptype, exist))
raise (Exception('Parameter format error'))
return parameter
def snap_list(self, context, parameters):
try:
user_info = token_auth(context['token'])['result']
user_uuid = user_info.get('user_uuid')
team_uuid = user_info.get('team_uuid')
team_priv = user_info.get('team_priv')
project_uuid = user_info.get('project_uuid')
project_priv = user_info.get('project_priv')
volume_uuid = parameters.get('volume_uuid')
page_size = parameters.get('page_size')
page_num = parameters.get('page_num')
parameter_check(volume_uuid, exist='no')
except Exception, e:
log.warning('parameters error, context=%s, reason=%s'
% (context, e))
return request_result(101)
class VolumeRouteManager(object):
def __init__(self):
self.op_driver = OpenstackDriver()
self.db = CinderDB()
self.cinder = CinderDriver()
self.op_user = conf.op_user
self.op_pass = conf.op_pass
# --force
# Attempt forced removal of volume(s), regardless of state(defaults to
# False)
# --purge
# Remove any snapshots along with volume(s)(defaults to False)
# Volume version 2 only
# <volume>
# Volume(s) to delete(name or ID): this use ID
def if_can_delete(self, volume_uuid):
try:
db_result = self.db.volume_if_can_delete(volume_uuid)
if_as_templet = self.db.volume_if_as_templet(volume_uuid)
attach_info = self.db.get_attachment_info(volume_uuid)
except Exception, e:
log.error('check if can delete the volume(%s) error, '
'reason is: %s' % (volume_uuid, e))
return
if (db_result[0][0] != 0) or (len(attach_info) !=
0) or (if_as_templet[0][0] != 0):
log.warning('can\'t delete the volume(%s)' % volume_uuid)
return False
else:
return True
def role_check(action, privilege):
try:
if ((action == 'create') and ('C' in privilege)):
return 0
elif ((action == 'delete') and ('D' in privilege)):
return 0
elif ((action == 'update') and ('U' in privilege)):
return 0
elif ((action == 'read') and ('R' in privilege)):
return 0
else:
return 1
except Exception, e:
log.warning('Role check error, reason=%s' % (e))
return 1
class CloudHostsApi(Resource):
def __init__(self):
self.compute_api = compute_manager.ComputeManagerAPI()
@time_log
def post(self):
try:
token = request.headers.get('token')
token_auth(token)
source_ip = request.headers.get('X-Real-IP')
if source_ip is None:
source_ip = request.remote_addr
except Exception, e:
log.warning('Token check error, token=%s, reason=%s' % (token, e))
return request_result(201)
try:
body = request.get_data()
parameters = json.loads(body)
except Exception, e:
log.warning('Parameters error, body=%s, reason=%s' % (body, e))
return request_result(101)
def get_response(self, timeout, queue_name):
cnt = 0
timeout = int(timeout) * 100
while self.response is None:
cnt += 1
if cnt >= timeout:
log.warning('RPC client exec time out, queue = %s' %
(queue_name))
self.response = json.dumps(request_result(597))
return
self.connection.sleep(0.01)
try:
self.connection.process_data_events()
except Exception, e:
log.error('process_data_events exec error, reason is: %s' % e)
raise Exception('process_data_events exec error')
def osdisk_delete(self, volume_uuid):
# try:
# self.db.volume_delete(volume_uuid)
# except Exception, e:
# log.error('delete the osdisk error, reason is: %s' % e)
# return request_result(404)
try:
db_ret = self.db.get_attachment_info(volume_uuid)
if len(db_ret) != 0:
attachment_uuid = db_ret[0][0]
# server_uuid = db_ret[0][1]
else:
log.warning('don\'t have this volume(%s) attachment'
'msg' % volume_uuid)
return request_result(0)
except Exception, e:
log.error('get the attachment uuid error, reason is: %s' % e)
return request_result(403)
def token_auth(token):
log.debug('start token check, token=%s' % (token))
token_info = caches.get(token)
if (token_info is LocalCache.notFound):
log.debug('Cache token auth not hit, token=%s' % (token))
try:
headers = {'token': token}
ret = requests.get(token_auth_url,
headers=headers, timeout=5).json()
status = ret['status']
if status != 0:
raise(Exception('Token auth denied'))
except Exception, e:
log.warning('Token ucenter auth error: reason=%s' % (e))
raise(Exception('Token auth error'))
expire = int(time.time()) + 300
caches.set(token, {"token_info": ret, "expire": expire})
def __reslmt(*args, **kwargs):
try:
func_args = inspect.getcallargs(func, *args, **kwargs)
token = func_args.get('token')
cost = func_args.get('cost')
user_info = token_auth(token)['result']
team_uuid = user_info.get('team_uuid')
project_uuid = user_info.get('project_uuid')
user_uuid = user_info.get('user_uuid')
if user_uuid != 'sysadmin':
limit_info = billing_limit_check(
token, resource_type, cost)
balance_check = limit_info['result']['balance_check']
if int(balance_check) != 0:
log.warning('Limit check denied, not enough balance')
return request_result(302)
limit_check = limit_info['result']['limit_check']
res_db = resources_db.ResourcesDB()
resource_count = res_db.resource_count(
resource_type, team_uuid,
project_uuid, user_uuid)
log.debug('billing_limit_check=%s, resource_count=%s'
% (limit_check, resource_count))
if int(resource_count) >= int(limit_check):
log.warning('Limit check denied, Team(%s) resource(%s) '
'reach upper limit'
% (team_uuid, resource_type))
return request_result(303)
try:
return func(*args, **kwargs)
except Exception, e:
log.error('function(%s) exec error, reason = %s'
% (func.__name__, e))
return request_result(601)
except Exception, e:
log.error('Limit check error, reason=%s' % (e))
return request_result(303)
def snapshot_create(self, context, parameters):
try:
token = context['token']
source_ip = context.get('source_ip')
user_info = token_auth(context['token'])['result']
user_uuid = user_info.get('user_uuid')
team_uuid = user_info.get('team_uuid')
project_uuid = user_info.get('project_uuid')
cloudhost_uuid = parameters.get('cloudhost_uuid')
snapshot_name = parameters.get('snapshot')
comment = parameters.get('comment')
cloudhost_uuid = parameter_check(cloudhost_uuid, ptype='pstr')
snapshot_name = parameter_check(snapshot_name, ptype='pnam')
except Exception, e:
log.warning('parameters error, context=%s, '
'parameters=%s, reason=%s' % (context, parameters, e))
return request_result(101)
