def post(self, namespace=None, key_name=None, key=None): if not namespace: return api_base.error(400, 'no namespace specified') with db.get_lock('namespace', None, 'all', op='Namespace update'): rec = db.get_namespace(namespace) if not rec: rec = {'name': namespace, 'keys': {}} # Allow shortcut of creating key at same time as the namespace if key_name: if not key: return api_base.error(400, 'no key specified') if not isinstance(key, str): # Must be a string to encode() return api_base.error(400, 'key is not a string') if key_name == 'service_key': return api_base.error(403, 'illegal key name') encoded = str( base64.b64encode( bcrypt.hashpw(key.encode('utf-8'), bcrypt.gensalt())), 'utf-8') rec['keys'][key_name] = encoded # Initialise metadata db.persist_metadata('namespace', namespace, {}) db.persist_namespace(namespace, rec) return namespace
def new(cls, interface_uuid, netdesc, instance_uuid, order): if 'macaddress' not in netdesc or not netdesc['macaddress']: possible_mac = util_network.random_macaddr() mac_iface = {'interface_uuid': interface_uuid} while not etcd.create('macaddress', None, possible_mac, mac_iface): possible_mac = util_network.random_macaddr() netdesc['macaddress'] = possible_mac if not interface_uuid: # uuid should only be specified in testing interface_uuid = str(uuid4()) NetworkInterface._db_create( interface_uuid, { 'network_uuid': netdesc['network_uuid'], 'instance_uuid': instance_uuid, 'macaddr': netdesc['macaddress'], 'ipv4': netdesc['address'], 'order': order, 'model': netdesc['model'], 'version': cls.current_version } ) ni = NetworkInterface.from_db(interface_uuid) ni._db_set_attribute('floating', {'floating_address': None}) ni.state = NetworkInterface.STATE_INITIAL # TODO(andy): Integrate metadata into each object type # Initialise metadata db.persist_metadata('networkinterface', interface_uuid, {}) return ni
def create_namespace(self, namespace, key_name, key): encoded = str( base64.b64encode( bcrypt.hashpw(key.encode('utf-8'), bcrypt.gensalt())), 'utf-8') rec = {'name': namespace, 'keys': {key_name: encoded}} db.persist_metadata('namespace', namespace, {}) db.persist_namespace(namespace, rec)
def post(self, netblock=None, provide_dhcp=None, provide_nat=None, name=None, namespace=None): try: ipaddress.ip_network(netblock) except ValueError as e: return error(400, 'cannot parse netblock: %s' % e) if not namespace: namespace = get_jwt_identity() # If accessing a foreign name namespace, we need to be an admin if get_jwt_identity() not in [namespace, 'system']: return error( 401, 'only admins can create resources in a different namespace') network = db.allocate_network(netblock, provide_dhcp, provide_nat, name, namespace) db.add_event('network', network['uuid'], 'api', 'create', None, None) # Networks should immediately appear on the network node with db.get_lock('sf/network/%s' % network['uuid'], ttl=900) as _: if config.parsed.get('NODE_IP') == config.parsed.get( 'NETWORK_NODE_IP'): n = net.from_db(network['uuid']) if not n: LOG.info( 'network(%s): network not found, genuinely missing' % network['uuid']) return error(404, 'network not found') n.create() n.ensure_mesh() else: admin_token = util.get_api_token( 'http://%s:%d' % (config.parsed.get('NETWORK_NODE_IP'), config.parsed.get('API_PORT')), namespace=namespace) requests.request('put', ('http://%s:%d/deploy_network_node' % (config.parsed.get('NETWORK_NODE_IP'), config.parsed.get('API_PORT'))), data=json.dumps({'uuid': network['uuid']}), headers={ 'Authorization': admin_token, 'User-Agent': util.get_user_agent() }) db.add_event('network', network['uuid'], 'api', 'created', None, None) db.update_network_state(network['uuid'], 'created') # Initialise metadata db.persist_metadata('network', network['uuid'], {}) return network
def delete(self, namespace, key=None, value=None): if not key: return error(400, 'no key specified') with db.get_lock('metadata', 'namespace', namespace): md = db.get_metadata('namespace', namespace) if md is None or key not in md: return error(404, 'key not found') del md[key] db.persist_metadata('namespace', namespace, md)
def delete(self, network_uuid=None, key=None, network_from_db=None): if not key: return error(400, 'no key specified') with db.get_lock('metadata', 'network', network_uuid): md = db.get_metadata('network', network_uuid) if md is None or key not in md: return error(404, 'key not found') del md[key] db.persist_metadata('network', network_uuid, md)
def delete(self, instance_uuid=None, key=None, instance_from_db=None): if not key: return error(400, 'no key specified') with db.get_lock('sf/metadata/instance/%s' % instance_uuid) as _: md = db.get_metadata('instance', instance_uuid) if md is None or key not in md: return error(404, 'key not found') del md[key] db.persist_metadata('instance', instance_uuid, md)
def _metadata_putpost(meta_type, owner, key, value): if meta_type not in ['namespace', 'instance', 'network']: return error(500, 'invalid meta_type %s' % meta_type) if not key: return error(400, 'no key specified') if not value: return error(400, 'no value specified') with db.get_lock('metadata', meta_type, owner): md = db.get_metadata(meta_type, owner) if md is None: md = {} md[key] = value db.persist_metadata(meta_type, owner, md)
def post(self, netblock=None, provide_dhcp=None, provide_nat=None, name=None, namespace=None): try: ipaddress.ip_network(netblock) except ValueError as e: return error(400, 'cannot parse netblock: %s' % e) if not namespace: namespace = get_jwt_identity() # If accessing a foreign name namespace, we need to be an admin if get_jwt_identity() not in [namespace, 'system']: return error( 401, 'only admins can create resources in a different namespace') network = db.allocate_network(netblock, provide_dhcp, provide_nat, name, namespace) db.add_event('network', network['uuid'], 'api', 'create', None, None) # Networks should immediately appear on the network node db.enqueue('networknode', { 'type': 'deploy', 'network_uuid': network['uuid'] }) db.add_event('network', network['uuid'], 'deploy', 'enqueued', None, None) db.add_event('network', network['uuid'], 'api', 'created', None, None) db.update_network_state(network['uuid'], 'created') # Initialise metadata db.persist_metadata('network', network['uuid'], {}) return network
def new(cls, name, namespace, netblock, provide_dhcp=False, provide_nat=False, uuid=None, vxid=None): if not uuid: # uuid should only be specified in testing uuid = str(uuid4()) if not vxid: vxid = Network.allocate_vxid(uuid) # Pre-create the IPManager IPManager.new(uuid, netblock) Network._db_create( uuid, { 'vxid': vxid, 'name': name, 'namespace': namespace, 'netblock': netblock, 'provide_dhcp': provide_dhcp, 'provide_nat': provide_nat, 'version': cls.current_version } ) n = Network.from_db(uuid) n.state = Network.STATE_INITIAL # Networks should immediately appear on the network node etcd.enqueue('networknode', DeployNetworkTask(uuid)) # TODO(andy): Integrate metadata into each object type # Initialise metadata db.persist_metadata('network', uuid, {}) return n
def post(self, name=None, cpus=None, memory=None, network=None, disk=None, ssh_key=None, user_data=None, placed_on=None, namespace=None, instance_uuid=None, video=None): global SCHEDULER # Check that the instance name is safe for use as a DNS host name if name != re.sub(r'([^a-zA-Z0-9_\-])', '', name) or len(name) > 63: return error(400, 'instance name must be useable as a DNS host name') # Sanity check if not disk: return error(400, 'instance must specify at least one disk') for d in disk: if not isinstance(d, dict): return error(400, 'disk specification should contain JSON objects') if network: for n in network: if not isinstance(n, dict): return error( 400, 'network specification should contain JSON objects') if 'network_uuid' not in n: return error( 400, 'network specification is missing network_uuid') if not video: video = {'model': 'cirrus', 'memory': 16384} if not namespace: namespace = get_jwt_identity() # Only system can specify a uuid if instance_uuid and get_jwt_identity() != 'system': return error(401, 'only system can specify an instance uuid') # If accessing a foreign namespace, we need to be an admin if get_jwt_identity() not in [namespace, 'system']: return error( 401, 'only admins can create resources in a different namespace') # The instance needs to exist in the DB before network interfaces are created if not instance_uuid: instance_uuid = str(uuid.uuid4()) db.add_event('instance', instance_uuid, 'uuid allocated', None, None, None) # Create instance object instance = virt.from_db(instance_uuid) if instance: if get_jwt_identity() not in [ instance.db_entry['namespace'], 'system' ]: logutil.info([virt.ThinInstance(instance_uuid)], 'Instance not found, ownership test') return error(404, 'instance not found') if not instance: instance = virt.from_definition(uuid=instance_uuid, name=name, disks=disk, memory_mb=memory, vcpus=cpus, ssh_key=ssh_key, user_data=user_data, owner=namespace, video=video, requested_placement=placed_on) # Initialise metadata db.persist_metadata('instance', instance_uuid, {}) # Allocate IP addresses order = 0 if network: for netdesc in network: n = net.from_db(netdesc['network_uuid']) if not n: db.enqueue_instance_delete( config.parsed.get('NODE_NAME'), instance_uuid, 'error', 'missing network %s during IP allocation phase' % netdesc['network_uuid']) return error( 404, 'network %s not found' % netdesc['network_uuid']) with db.get_lock('ipmanager', None, netdesc['network_uuid'], ttl=120): db.add_event('network', netdesc['network_uuid'], 'allocate address', None, None, instance_uuid) ipm = db.get_ipmanager(netdesc['network_uuid']) if 'address' not in netdesc or not netdesc['address']: netdesc['address'] = ipm.get_random_free_address() else: if not ipm.reserve(netdesc['address']): db.enqueue_instance_delete( config.parsed.get('NODE_NAME'), instance_uuid, 'error', 'failed to reserve an IP on network %s' % netdesc['network_uuid']) return error( 409, 'address %s in use' % netdesc['address']) db.persist_ipmanager(netdesc['network_uuid'], ipm.save()) if 'model' not in netdesc or not netdesc['model']: netdesc['model'] = 'virtio' db.create_network_interface(str(uuid.uuid4()), netdesc, instance_uuid, order) if not SCHEDULER: SCHEDULER = scheduler.Scheduler() try: # Have we been placed? if not placed_on: candidates = SCHEDULER.place_instance(instance, network) placement = candidates[0] else: SCHEDULER.place_instance(instance, network, candidates=[placed_on]) placement = placed_on except exceptions.LowResourceException as e: db.add_event('instance', instance_uuid, 'schedule', 'failed', None, 'insufficient resources: ' + str(e)) db.enqueue_instance_delete(config.parsed.get('NODE_NAME'), instance_uuid, 'error', 'scheduling failed') return error(507, str(e)) except exceptions.CandidateNodeNotFoundException as e: db.add_event('instance', instance_uuid, 'schedule', 'failed', None, 'candidate node not found: ' + str(e)) db.enqueue_instance_delete(config.get.parsed('NODE_NAME'), instance_uuid, 'error', 'scheduling failed') return error(404, 'node not found: %s' % e) # Record placement db.place_instance(instance_uuid, placement) db.add_event('instance', instance_uuid, 'placement', None, None, placement) # Create a queue entry for the instance start tasks = [{ 'type': 'instance_preflight', 'instance_uuid': instance_uuid, 'network': network }] for disk in instance.db_entry['block_devices']['devices']: if 'base' in disk and disk['base']: tasks.append({ 'type': 'image_fetch', 'instance_uuid': instance_uuid, 'url': disk['base'] }) tasks.append({ 'type': 'instance_start', 'instance_uuid': instance_uuid, 'network': network }) # Enqueue creation tasks on desired node task queue db.enqueue(placement, {'tasks': tasks}) db.add_event('instance', instance_uuid, 'create', 'enqueued', None, None) # Watch for a while and return results if things are fast, give up # after a while and just return the current state start_time = time.time() while time.time() - start_time < config.parsed.get('API_ASYNC_WAIT'): i = db.get_instance(instance_uuid) if i['state'] in ['created', 'deleted', 'error']: return i time.sleep(0.5) return i
def post(self, name=None, cpus=None, memory=None, network=None, disk=None, ssh_key=None, user_data=None, placed_on=None, namespace=None, instance_uuid=None): global SCHEDULER # We need to sanitise the name so its safe for DNS name = re.sub(r'([^a-zA-Z0-9_\-])', '', name) if not namespace: namespace = get_jwt_identity() # If accessing a foreign namespace, we need to be an admin if get_jwt_identity() not in [namespace, 'system']: return error( 401, 'only admins can create resources in a different namespace') # The instance needs to exist in the DB before network interfaces are created if not instance_uuid: instance_uuid = str(uuid.uuid4()) db.add_event('instance', instance_uuid, 'uuid allocated', None, None, None) # Create instance object instance = virt.from_db(instance_uuid) if instance: if get_jwt_identity() not in [ instance.db_entry['namespace'], 'system' ]: LOG.info('instance(%s): instance not found, ownership test' % instance_uuid) return error(404, 'instance not found') if not instance: instance = virt.from_definition(uuid=instance_uuid, name=name, disks=disk, memory_mb=memory, vcpus=cpus, ssh_key=ssh_key, user_data=user_data, owner=namespace) if not SCHEDULER: SCHEDULER = scheduler.Scheduler() # Have we been placed? if not placed_on: candidates = SCHEDULER.place_instance(instance, network) if len(candidates) == 0: db.add_event('instance', instance_uuid, 'schedule', 'failed', None, 'insufficient resources') db.update_instance_state(instance_uuid, 'error') return error(507, 'insufficient capacity') placed_on = candidates[0] db.place_instance(instance_uuid, placed_on) db.add_event('instance', instance_uuid, 'placement', None, None, placed_on) else: try: candidates = SCHEDULER.place_instance(instance, network, candidates=[placed_on]) if len(candidates) == 0: db.add_event('instance', instance_uuid, 'schedule', 'failed', None, 'insufficient resources') db.update_instance_state(instance_uuid, 'error') return error(507, 'insufficient capacity') except scheduler.CandidateNodeNotFoundException as e: return error(404, 'node not found: %s' % e) # Have we been placed on a different node? if not placed_on == config.parsed.get('NODE_NAME'): body = flask_get_post_body() body['placed_on'] = placed_on body['instance_uuid'] = instance_uuid body['namespace'] = namespace token = util.get_api_token( 'http://%s:%d' % (placed_on, config.parsed.get('API_PORT')), namespace=namespace) r = requests.request('POST', 'http://%s:%d/instances' % (placed_on, config.parsed.get('API_PORT')), data=json.dumps(body), headers={ 'Authorization': token, 'User-Agent': util.get_user_agent() }) LOG.info('Returning proxied request: %d, %s' % (r.status_code, r.text)) resp = flask.Response(r.text, mimetype='application/json') resp.status_code = r.status_code return resp # Check we can get the required IPs nets = {} allocations = {} def error_with_cleanup(status_code, message): for network_uuid in allocations: n = net.from_db(network_uuid) for addr, _ in allocations[network_uuid]: with db.get_lock('sf/ipmanager/%s' % n.uuid, ttl=120) as _: ipm = db.get_ipmanager(n.uuid) ipm.release(addr) db.persist_ipmanager(n.uuid, ipm.save()) return error(status_code, message) order = 0 if network: for netdesc in network: if 'network_uuid' not in netdesc or not netdesc['network_uuid']: return error_with_cleanup(404, 'network not specified') if netdesc['network_uuid'] not in nets: n = net.from_db(netdesc['network_uuid']) if not n: return error_with_cleanup( 404, 'network %s not found' % netdesc['network_uuid']) nets[netdesc['network_uuid']] = n n.create() with db.get_lock('sf/ipmanager/%s' % netdesc['network_uuid'], ttl=120) as _: db.add_event('network', netdesc['network_uuid'], 'allocate address', None, None, instance_uuid) allocations.setdefault(netdesc['network_uuid'], []) ipm = db.get_ipmanager(netdesc['network_uuid']) if 'address' not in netdesc or not netdesc['address']: netdesc['address'] = ipm.get_random_free_address() else: if not ipm.reserve(netdesc['address']): return error_with_cleanup( 409, 'address %s in use' % netdesc['address']) db.persist_ipmanager(netdesc['network_uuid'], ipm.save()) allocations[netdesc['network_uuid']].append( (netdesc['address'], order)) if 'model' not in netdesc or not netdesc['model']: netdesc['model'] = 'virtio' db.create_network_interface(str(uuid.uuid4()), netdesc, instance_uuid, order) order += 1 # Initialise metadata db.persist_metadata('instance', instance_uuid, {}) # Now we can start the instance with db.get_lock('sf/instance/%s' % instance.db_entry['uuid'], ttl=900) as lock: with util.RecordedOperation('ensure networks exist', instance) as _: for network_uuid in nets: n = nets[network_uuid] n.ensure_mesh() n.update_dhcp() with util.RecordedOperation('instance creation', instance) as _: instance.create(lock=lock) for iface in db.get_instance_interfaces(instance.db_entry['uuid']): db.update_network_interface_state(iface['uuid'], 'created') return db.get_instance(instance_uuid)
def persist_metadata(self, dbo_type, uuid, metadata): """Set metadata for a specified object""" if not DatabaseBackedObject.__subclasscheck__(dbo_type): raise NotImplementedError( 'Objects must be subclasses of DatabaseBackedObject') db.persist_metadata(dbo_type.object_type, uuid, metadata)