def check_sub_id(self, subscription_id):
azure_key = AzureKey.objects(subscription_id=subscription_id).first()
if self.util.is_local():
if azure_key is not None:
azure_key.verified = True
azure_key.save()
return ok(True)
if azure_key is None:
return ok(False)
try:
sms = CloudServiceAdapter(azure_key.subscription_id,
azure_key.get_local_pem_url(),
host=azure_key.management_host)
sms.list_hosted_services()
azure_key.verified = True
azure_key.save()
except Exception as e:
return ok(False)
return ok(True)
def delete_certificate(self, certificate_id, hackathon):
"""Delete certificate by azureKey.id and hackathon
Delete the hackathon-azureKey relationship first. If the auzreKey is not needed any more, delete the azureKey too
:type certificate_id: int
:param certificate_id: id of AzureKey
:type hackathon: Hackathon
:param hackathon: instance of Hackathon
"""
# delete all hackathon-azureKey relationships first
azure_key = AzureKey.objects(id=certificate_id).first()
# if no relations left, delete the azureKey itself
if azure_key in hackathon.azure_keys:
try:
if isfile(azure_key.cert_url):
os.remove(azure_key.cert_url)
else:
self.storage.delete(azure_key.cert_url)
if isfile(azure_key.pem_url):
os.remove(azure_key.pem_url)
else:
self.storage.delete(azure_key.pem_url)
except Exception as e:
self.log.error(e)
hackathon.azure_keys.remove(azure_key)
hackathon.save()
return ok(True)
def delete_certificate(self, certificate_id, hackathon):
"""Delete certificate by azureKey.id and hackathon
Delete the hackathon-azureKey relationship first. If the auzreKey is not needed any more, delete the azureKey too
:type certificate_id: int
:param certificate_id: id of AzureKey
:type hackathon: Hackathon
:param hackathon: instance of Hackathon
"""
# delete all hackathon-azureKey relationships first
azure_key = AzureKey.objects(id=certificate_id).first()
# if no relations left, delete the azureKey itself
if azure_key in hackathon.azure_keys:
try:
if isfile(azure_key.cert_url):
os.remove(azure_key.cert_url)
else:
self.storage.delete(azure_key.cert_url)
if isfile(azure_key.pem_url):
os.remove(azure_key.pem_url)
else:
self.storage.delete(azure_key.pem_url)
except Exception as e:
self.log.error(e)
hackathon.azure_keys.remove(azure_key)
hackathon.save()
return ok(True)
def check_sub_id(self, subscription_id):
azure_key = AzureKey.objects(subscription_id=subscription_id).first()
if self.util.is_local():
if azure_key is not None:
azure_key.verified = True
azure_key.save()
return ok("success")
if azure_key is None:
return internal_server_error(
"No available azure key on the server side.")
sms = CloudServiceAdapter(azure_key.subscription_id,
azure_key.get_local_pem_url(),
host=azure_key.management_host)
if sms.ping():
azure_key.verified = True
azure_key.save()
else:
return bad_request(
"Subscription id is not valid, check whether subscription id is valid and upload the right cer file to azure"
)
return ok("success")
def __update_virtual_environment_cfg(self, context):
experiment = Experiment.objects(
id=context.experiment_id).no_dereference().first()
virtual_environment = experiment.virtual_environments.get(
name=context.virtual_environment_name)
host_server = DockerHostServer.objects(
id=context.host_server_id).first()
# azure_key
if not self.util.is_local():
experiment.azure_key = AzureKey.objects(
id=context.azure_key_id).first()
# update port binding
for cfg in context.port_config:
public_port = cfg[
DOCKER_UNIT.
PORTS_PUBLIC_PORT] if DOCKER_UNIT.PORTS_PUBLIC_PORT in cfg else None
port_binding = PortBinding(
name=cfg[DOCKER_UNIT.PORTS_NAME],
is_public=bool(cfg[DOCKER_UNIT.PORTS_PUBLIC]),
public_port=public_port,
host_port=cfg[DOCKER_UNIT.PORTS_HOST_PORT],
container_port=cfg[DOCKER_UNIT.PORTS_PORT])
if DOCKER_UNIT.PORTS_URL in cfg:
port_binding.url = cfg[DOCKER_UNIT.PORTS_URL]
virtual_environment.docker_container.port_bindings.append(
port_binding)
# guacamole config
guacamole = context.unit.get_remote()
port_cfg = filter(
lambda p: p[DOCKER_UNIT.PORTS_PORT] == guacamole[
DOCKER_UNIT.REMOTE_PORT], context.port_config)
if len(port_cfg) > 0:
virtual_environment.remote_provider = VERemoteProvider.Guacamole
gc = {
"displayname": context.virtual_environment_name,
"name": context.virtual_environment_name,
"protocol": guacamole[DOCKER_UNIT.REMOTE_PROTOCOL],
"hostname": host_server.public_ip,
"port": port_cfg[0][DOCKER_UNIT.PORTS_PUBLIC_PORT],
"enable-sftp": True
}
if DOCKER_UNIT.REMOTE_USERNAME in guacamole:
gc["username"] = guacamole[DOCKER_UNIT.REMOTE_USERNAME]
if DOCKER_UNIT.REMOTE_PASSWORD in guacamole:
gc["password"] = guacamole[DOCKER_UNIT.REMOTE_PASSWORD]
# save guacamole config into DB
virtual_environment.remote_paras = gc
experiment.save()
# start container
self.__start_docker_container(context, experiment, host_server)
def report_health(self):
azure_key = AzureKey.objects().first()
if not azure_key:
return {
STATUS: HEALTH_STATUS.WARNING,
DESCRIPTION: "No Azure key found"
}
service = CloudServiceAdapter(azure_key.id)
if service.ping():
return {STATUS: HEALTH_STATUS.OK, "type": "Azure Storage"}
else:
return {STATUS: HEALTH_STATUS.ERROR}
def __update_virtual_environment_cfg(self, context):
experiment = Experiment.objects(id=context.experiment_id).no_dereference().first()
virtual_environment = experiment.virtual_environments.get(name=context.virtual_environment_name)
host_server = DockerHostServer.objects(id=context.host_server_id).first()
# azure_key
if not self.util.is_local():
experiment.azure_key = AzureKey.objects(id=context.azure_key_id).first()
# update port binding
for cfg in context.port_config:
public_port = cfg[DOCKER_UNIT.PORTS_PUBLIC_PORT] if DOCKER_UNIT.PORTS_PUBLIC_PORT in cfg else None
port_binding = PortBinding(name=cfg[DOCKER_UNIT.PORTS_NAME],
is_public=bool(cfg[DOCKER_UNIT.PORTS_PUBLIC]),
public_port=public_port,
host_port=cfg[DOCKER_UNIT.PORTS_HOST_PORT],
container_port=cfg[DOCKER_UNIT.PORTS_PORT])
if DOCKER_UNIT.PORTS_URL in cfg:
port_binding.url = cfg[DOCKER_UNIT.PORTS_URL]
virtual_environment.docker_container.port_bindings.append(port_binding)
# guacamole config
guacamole = context.unit.get_remote()
port_cfg = filter(lambda p:
p[DOCKER_UNIT.PORTS_PORT] == guacamole[DOCKER_UNIT.REMOTE_PORT],
context.port_config)
if len(port_cfg) > 0:
virtual_environment.remote_provider = VERemoteProvider.Guacamole
gc = {
"displayname": context.virtual_environment_name,
"name": context.virtual_environment_name,
"protocol": guacamole[DOCKER_UNIT.REMOTE_PROTOCOL],
"hostname": host_server.public_ip,
"port": port_cfg[0][DOCKER_UNIT.PORTS_PUBLIC_PORT],
"enable-sftp": True
}
if DOCKER_UNIT.REMOTE_USERNAME in guacamole:
gc["username"] = guacamole[DOCKER_UNIT.REMOTE_USERNAME]
if DOCKER_UNIT.REMOTE_PASSWORD in guacamole:
gc["password"] = guacamole[DOCKER_UNIT.REMOTE_PASSWORD]
# save guacamole config into DB
virtual_environment.remote_paras = gc
experiment.save()
# start container
self.__start_docker_container(context, experiment, host_server)
def report_health(self):
azure_key = AzureKey.objects().first()
if not azure_key:
return {
STATUS: HEALTH_STATUS.WARNING,
DESCRIPTION: "No Azure key found"
}
service = CloudServiceAdapter(azure_key.id)
if service.ping():
return {
STATUS: HEALTH_STATUS.OK,
"type": "Azure Storage"
}
else:
return {
STATUS: HEALTH_STATUS.ERROR
}
def __load_azure_key_id(self, context):
# todo which key to use? how to support multi subscription?
azure_key = None
if "azure_key_id" in context:
azure_key = AzureKey.objects(id=context.azure_key_id).first()
if not azure_key:
expr = Experiment.objects(id=context.experiment_id).only("azure_key").first()
azure_key = expr.azure_key
if not azure_key:
hackathon = Hackathon.objects(id=context.hackathon_id).first()
if not hackathon or (len(hackathon.azure_keys) == 0):
raise Exception("no azure key configured")
azure_key = hackathon.azure_keys[0]
context.azure_key_id = azure_key.id
return azure_key
def __load_azure_key_id(self, context):
# todo which key to use? how to support multi subscription?
azure_key = None
if "azure_key_id" in context:
azure_key = AzureKey.objects(id=context.azure_key_id).first()
if not azure_key:
expr = Experiment.objects(id=context.experiment_id).only("azure_key").first()
azure_key = expr.azure_key
if not azure_key:
hackathon = Hackathon.objects(id=context.hackathon_id).first()
if not hackathon or (len(hackathon.azure_keys) == 0):
raise Exception("no azure key configured")
azure_key = hackathon.azure_keys[0]
context.azure_key_id = azure_key.id
return azure_key
def check_sub_id(self, subscription_id):
azure_key = AzureKey.objects(subscription_id=subscription_id).first()
if self.util.is_local():
if azure_key is not None:
azure_key.verified = True
azure_key.save()
return ok("success")
if azure_key is None:
return internal_server_error("No available azure key on the server side.")
sms = CloudServiceAdapter(azure_key.subscription_id,
azure_key.get_local_pem_url(),
host=azure_key.management_host)
if sms.ping():
azure_key.verified = True
azure_key.save()
else:
return bad_request("Subscription id is not valid, check whether subscription id is valid and upload the right cer file to azure")
return ok("success")
def create_certificate(self, subscription_id, management_host, hackathon):
"""Create certificate for specific subscription and hackathon
1. check certificate dir
2. generate pem file
3. generate cert file
4. add azure key to db
5. add hackathon azure key to db
:param subscription_id:
:param management_host:
:param hackathon:
:return:
"""
base_url = '%s/%s' % (self.CERT_BASE, subscription_id)
pem_url = base_url + '.pem'
cert_url = base_url + '.cer'
# avoid duplicate pem generation
if not os.path.isfile(pem_url):
pem_command = 'openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout %s -out %s -batch' % \
(pem_url, pem_url)
commands.getstatusoutput(pem_command)
else:
self.log.debug('%s exists' % pem_url)
# avoid duplicate cert generation
if not os.path.isfile(cert_url):
cert_command = 'openssl x509 -inform pem -in %s -outform der -out %s' % (pem_url, cert_url)
commands.getstatusoutput(cert_command)
else:
self.log.debug('%s exists' % cert_url)
azure_key = AzureKey.objects(subscription_id=subscription_id, management_host=management_host).first()
if azure_key is None:
azure_key = AzureKey(
cert_url=base_url + '.cer',
pem_url=base_url + '.pem',
subscription_id=subscription_id,
management_host=management_host,
verified=False
)
azure_key.save()
hackathon.azure_keys.append(azure_key)
hackathon.save()
else:
self.log.debug('azure key exists')
if not (azure_key in hackathon.azure_keys):
hackathon.azure_keys.append(azure_key)
else:
self.log.debug('hackathon azure key exists')
# store cer file
cer_context = Context(
hackathon_name=hackathon.name,
file_name=subscription_id + '.cer',
file_type=FILE_TYPE.AZURE_CERT,
content=file(cert_url)
)
self.log.debug("saving cerf file [%s] to azure" % cer_context.file_name)
cer_context = self.storage.save(cer_context)
azure_key.cert_url = cer_context.url
# store pem file
# encrypt certification file before upload to storage
encrypted_pem_url = self.__encrypt_content(pem_url)
pem_contex = Context(
hackathon_name=hackathon.name,
file_name=subscription_id + '.pem',
file_type=FILE_TYPE.AZURE_CERT,
content=file(encrypted_pem_url)
)
self.log.debug("saving pem file [%s] to azure" % pem_contex.file_name)
pem_contex = self.storage.save(pem_contex)
os.remove(encrypted_pem_url)
azure_key.pem_url = pem_contex.url
azure_key.save()
return azure_key.dic()
def create_certificate(self, subscription_id, management_host, hackathon):
"""Create certificate for specific subscription and hackathon
1. check certificate dir
2. generate pem file
3. generate cert file
4. add azure key to db
5. add hackathon azure key to db
:param subscription_id:
:param management_host:
:param hackathon:
:return:
"""
base_url = '%s/%s' % (self.CERT_BASE, subscription_id)
pem_url = base_url + '.pem'
cert_url = base_url + '.cer'
# avoid duplicate pem generation
if not os.path.isfile(pem_url):
pem_command = 'openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout %s -out %s -batch' % \
(pem_url, pem_url)
commands.getstatusoutput(pem_command)
else:
self.log.debug('%s exists' % pem_url)
# avoid duplicate cert generation
if not os.path.isfile(cert_url):
cert_command = 'openssl x509 -inform pem -in %s -outform der -out %s' % (pem_url, cert_url)
commands.getstatusoutput(cert_command)
else:
self.log.debug('%s exists' % cert_url)
azure_key = AzureKey.objects(subscription_id=subscription_id, management_host=management_host).first()
if azure_key is None:
azure_key = AzureKey(
cert_url=base_url + '.cer',
pem_url=base_url + '.pem',
subscription_id=subscription_id,
management_host=management_host,
verified=False
)
azure_key.save()
hackathon.azure_keys.append(azure_key)
hackathon.save()
else:
self.log.debug('azure key exists')
if not (azure_key in hackathon.azure_keys):
hackathon.azure_keys.append(azure_key)
hackathon.save()
else:
self.log.debug('hackathon azure key exists')
# store cer file
cer_context = Context(
hackathon_name=hackathon.name,
file_name=subscription_id + '.cer',
file_type=FILE_TYPE.AZURE_CERT,
content=file(cert_url)
)
self.log.debug("saving cerf file [%s] to azure" % cer_context.file_name)
cer_context = self.storage.save(cer_context)
azure_key.cert_url = cer_context.url
# store pem file
# encrypt certification file before upload to storage
encrypted_pem_url = self.__encrypt_content(pem_url)
pem_contex = Context(
hackathon_name=hackathon.name,
file_name=subscription_id + '.pem',
file_type=FILE_TYPE.AZURE_CERT,
content=file(encrypted_pem_url)
)
self.log.debug("saving pem file [%s] to azure" % pem_contex.file_name)
pem_contex = self.storage.save(pem_contex)
os.remove(encrypted_pem_url)
azure_key.pem_url = pem_contex.url
azure_key.save()
return azure_key.dic()