def delete_security_group_rule(rule=None, tenant_id=None):
""" delete security group rule with rule_id and tenant_id
:param rule_id: the id of security group rule
:param tenant_id: the id of tenant,default None
"""
try:
if tenant_id:
yield security_group_rule_request(request_url=security_group_rule_path % rule.get("id"),
method=os.METHOD_DELETE,
tenant_id=tenant_id)
else:
# 默认安全组规则
# sgr = yield get_security_group_rule(rule_id=rule_id)
# del_sgrs = yield __get_tenant_default_sgrs(sgr)
del_sgrs = yield get_securitygrouprules_by_db(rule_info=rule)
for sgr in del_sgrs:
url = security_group_rule_path % sgr.get("id")
yield security_group_rule_request(request_url=url,
method=os.METHOD_DELETE)
# for k, v in del_sgrs.iteritems():
# if v and len(v) > 0:
# url = security_group_rule_path % v[0]
# yield security_group_rule_request(request_url=url,
# method=os.METHOD_DELETE)
except Exception, e:
LOG.error("delete security group rule error: %s" % e)
LOG.error(trace())
raise SecGroupRuleOperationFailed()
def gen_sgr_body(new_rule, sg_id):
""" generate security group rule's body
:param new_rule: the body of rule
:param sg_id: the id of security group
:rtype dict
"""
try:
rule = copy.deepcopy(new_rule)
if not rule['cidr']:
rule['cidr'] = None
if rule['from_port'] < 0:
rule['from_port'] = None
if rule['to_port'] < 0:
rule['to_port'] = None
if isinstance(rule['protocol'], int) and rule['protocol'] < 0:
rule['protocol'] = None
else:
rule['protocol'] = convert_protocol(rule['protocol'])
if rule['protocol']:
if rule['protocol'] in ALL_PROTOCOLS.iterkeys():
rule['protocol'] = ALL_PROTOCOLS.get(rule['protocol'])
if rule['protocol'] != ALL_ICMP:
rule['from_port'] = 1
rule['to_port'] = 65535
else:
protocols = [
v for k, v in PROTOCOL_PORT_DICT.iteritems()
if k == rule['protocol']
]
if protocols:
rule['from_port'] = protocols[0]
rule['to_port'] = protocols[0]
rule['protocol'] = PROTOCOL_TCP
rule['direction'] = DIRECTION_IN
if sg_id:
rule_body = {
'security_group_rule': {
'security_group_id': sg_id,
'direction': rule['direction'],
'ethertype': rule['ethertype'],
'protocol': rule['protocol'],
# 'remote_group_id': sg_id if rule['cidr'] is None else None,
'port_range_min': rule['from_port'],
'port_range_max': rule['to_port']
}
}
# 'remote_ip_prefix': rule['cidr']}}
if not rule.get("cidr"):
rule_body['security_group_rule']['remote_group_id'] = sg_id
else:
rule_body['security_group_rule'][
'remote_ip_prefix'] = rule.get("cidr")
else:
rule_body = {}
return rule_body
except BaseException as e:
LOG.error("gen_sgr_body error:%s", e)
LOG.error(trace())
def set_user_role(user_id, role_name, tenant_id=None):
try:
admin_tenant_id = yield openstack.get_admin_tenant_id()
flag = False
if not tenant_id or (tenant_id == admin_tenant_id):
flag = True
tenant_id = admin_tenant_id
if flag:
if role_name not in CONF.identify.admin_roles:
raise UnknownRoleName(args=(role_name, ))
else:
if role_name not in CONF.identify.public_roles:
raise UnknownRoleName(args=(role_name, ))
role = yield get_user_role(user_id, tenant_id)
yield tenant_users.remove_tenant_user(tenant_id=tenant_id,
user_id=user_id,
role_id=role['id'])
rid = openstack.get_role_by_name(role_name)
yield tenant_users.add_tenant_user(tenant_id=tenant_id,
user_id=user_id,
role_id=rid)
if flag:
u = __USER_CACHE.get_by_id(user_id)
u['role'] = {"id": rid, "name": str(role_name)}
__USER_CACHE.set(user_id, u)
except BaseException, e:
LOG.error(trace())
LOG.error("grant role '%s' to user '%s' raise an error: %s" %
(role_name, user_id, e.message))
raise UserOperationFailed()
def gen_network_comment(network):
result = ""
try:
rs = [net[0] for net in network]
result += ' '.join(rs)
except BaseException as e:
LOG.error("network add failed:%s", e)
LOG.error(trace())
return result
def update_snapshot_snapshot(self, snapshot_id, params):
try:
snapshot = yield snapshot_package.get_snapshot(snapshot_id)
except BaseException as e:
LOG.error("snapshot is not exist %s", e)
LOG.error(trace())
raise SnapShotNotExist
volume_name = yield snapshot_package.update_snapshot(
snapshot_id, params.get("name"), params.get("des"))
name = volume_name[len("ecloud-snapshot-"):]
optLog.write(self.request, Type.SNAPSHOT, name, Operator.UPDATE,
params.get("name"))
self.response(Response())
def get_image(image_id):
if image_id:
request_url = u'/v2/images/%s' % image_id
try:
session = yield openstack.get_session()
result = yield openstack.connect_request(
session=session,
type=openstack.TYPE_IMAGE,
method=openstack.METHOD_GET,
url=request_url)
if result:
result = __map_image_fields(result)
except BaseException as e:
LOG.error("get image error:%s", e)
LOG.error(trace())
raise ImageNotExsit
raise gen.Return(result if result else None)
def list_users(admin=False):
ret = []
try:
admin_tenant_id = yield openstack.get_admin_tenant_id()
t_users = yield tenant_users.list_tenant_users(admin_tenant_id, admin)
__USER_CACHE.clear()
user_role = yield __list_users_admin_role()
member_role = {
"id": openstack.get_role_by_name(CONF.identify.internal_user_role),
"name": CONF.identify.internal_user_role
}
u_r = {}
for u in t_users:
u['role'] = user_role.get(u['id'])
u_r[u['name']] = {"role": u['role'], "id": u['id']}
__USER_CACHE.set(u['id'], u)
if not CONF.ldap.enable:
ret.append(u)
if CONF.ldap.enable:
ret = users()
l_u = []
for lu in ret:
if lu['name']:
lu["role"] = member_role
l_u.append(lu['name'])
if lu["name"] in u_r:
lu["role"] = u_r[lu["name"]]["role"]
lu["id"] = u_r[lu["name"]]["id"]
for r in t_users:
if r['name'] not in l_u:
if r['name'] != 'ecloud':
yield delete_user(r["id"])
else:
ret.append(r)
except OpenStackException, e:
LOG.error('list users raise an error: %s' % e.message)
LOG.error(trace())
raise UserOperationFailed()
def __retrieve_seq(name, seq_type):
db = dbpools.get_pool(dbpools.COMMON_DB)
tx = None
try:
tx = yield db.begin()
yield tx.execute(
"update sequence set sn=sn+step, dt_updated=now() where name=%s and sn <= max_sn and type=%s",
(name, seq_type)
)
cur = yield tx.execute(
"select * from sequence where name=%s and sn <= max_sn and type = %s",
(name, seq_type)
)
rs = cur.fetchone()
# cur.close()
if not rs:
raise SequenceNotFound()
yield tx.commit()
except Exception, e:
yield tx.rollback()
LOG.error(trace())
raise e
def control(action, vm_ids):
""" vm action control, start\reboot\shutdown
:param request: the request of function
:param vm_ids: the VM ids of to Control
:param action: VM control action
"""
try:
if not action:
raise RequiredParamNotExist(args=["action"])
if not vm_ids:
raise RequiredParamNotExist(args=["vm_ids"])
if action not in __VM_ACTIONS:
raise InvalidVmActionError(args=[action])
if not isinstance(vm_ids, (list, tuple)):
raise InvalidateParam(args=['vm_id'])
vms = yield list_server(vm_ids=vm_ids, with_task=False)
# vms = [vm for vm in vms if vm['id'] in vm_ids]
vmnames = []
task_id = task.gen_task_id()
if action == __VM_ACTION_START:
for vm in vms:
if vm['state'] != VM_STATUS_STOP or vm[
"host_status"] == "unavailable" or vm[
"service_status"] == "unavailable":
continue
vm_id = vm['id']
yield task.insert_task_flow(task_id,
"wait start",
vm_id,
type=SCHED_TYPE_ACTIONG_START,
host=vm['host']['name'])
vmnames.append({
"name": vm['name'],
"displayname": vm['displayname'],
"network": vm['network']
})
if action == __VM_ACTION_SHUTDOWN:
for vm in vms:
vm_id = vm['id']
if vm['state'] != VM_STATUS_ACTIVE or vm[
"host_status"] == "unavailable" or vm[
"service_status"] == "unavailable":
continue
yield server_action(vm_id, Control.STOP)
vmnames.append({
"name": vm['name'],
"displayname": vm['displayname'],
"network": vm['network']
})
if action == __VM_ACTION_REBOOT:
for vm in vms:
vm_id = vm['id']
if vm['state'] != VM_STATUS_ACTIVE or vm[
"host_status"] == "unavailable" or vm[
"service_status"] == "unavailable":
continue
yield task.insert_task_flow(task_id,
"wait reboot",
vm_id,
type=SCHED_TYPE_ACTIONG_REBOOT,
host=vm['host']['name'])
vmnames.append({
"name": vm['name'],
"displayname": vm['displayname'],
"network": vm['network']
})
except Exception, e:
LOG.error(trace())
LOG.error("vm control error ! %s", e)
def create_reboot_start_schedule():
LOG.debug("*************************************************")
LOG.debug("*********** Compute Control Start ************")
LOG.debug("*************************************************")
try:
all_tasks = yield task.get_task_flow()
host_schedule = {}
for t_obj in all_tasks:
host = t_obj.get("host")
status = t_obj.get("status")
type = t_obj.get("type")
if host not in host_schedule:
host_schedule[host] = {
"nedd_create_tasks": [],
"need_reboot_tasks": [],
"need_start_tasks": [],
"runnig_num": 0
}
if status in (SCHED_STATUS_RUNNING, SCHED_STATUS_RUN_SUCCESS):
host_schedule[host]["runnig_num"] += 1
if status == SCHED_STATUS_PREPARE_SUCCESS and type == SCHED_TYPE_ACTIONG_CREATE:
host_schedule[host]["nedd_create_tasks"].append(t_obj)
if status == SCHED_STATUS_PREPARE and type == SCHED_TYPE_ACTIONG_START:
host_schedule[host]["need_start_tasks"].append(t_obj)
if status == SCHED_STATUS_PREPARE and type == SCHED_TYPE_ACTIONG_REBOOT:
host_schedule[host]["need_reboot_tasks"].append(t_obj)
if status == SCHED_STATUS_RUN_SUCCESS:
now = datetime.datetime.now()
old = t_obj.get("updated_at")
if (now - old).seconds > CONF.compute.boot_interval:
yield task.delete_task_flow(t_obj.get("id"))
for k, v in host_schedule.items():
need_running = CONF.compute.max_booting - v.get("runnig_num")
if need_running > 0:
for i in range(0, need_running):
if v["nedd_create_tasks"]:
t = v["nedd_create_tasks"].pop()
LOG.debug("boot vm name is %s status is %s " %
(t['resource'], t['status']))
row = yield task.update_task_flow_status(
t.get("id"), status=SCHED_STATUS_RUNNING)
if row:
yield __boot_vm(t)
continue
if v["need_start_tasks"]:
t = v["need_start_tasks"].pop()
vm_id = t.get("resource")
need_reboot = yield get_server_metas(vm_id)
LOG.debug("start vm name is %s status is %s ", vm_id,
t['status'])
row = yield task.update_task_flow_status(
t.get("id"), status=SCHED_STATUS_RUNNING)
if row:
iso_list = yield list_server_attach_volume(
vm_id, vd_type=3)
if iso_list:
for iso in iso_list:
volume_id = iso.get("volume_id")
yield _detach_iso_volume(volume_id, vm_id)
else:
if need_reboot.get(NEED_REBOOT):
yield server_action(vm_id,
Control.REBOOT,
info={"type": "HARD"})
yield del_server_meta(vm_id, [NEED_REBOOT])
else:
yield server_action(vm_id, Control.START)
continue
if v["need_reboot_tasks"]:
t = v["need_reboot_tasks"].pop()
vm_id = t.get("resource")
LOG.debug("reboot vm name is %s status is %s ",
t.get("resource"), t['status'])
row = yield task.update_task_flow_status(
t.get("id"), status=SCHED_STATUS_RUNNING)
if row:
iso_list = yield list_server_attach_volume(
vm_id, vd_type=3)
if iso_list:
for iso in iso_list:
volume_id = iso.get("volume_id")
yield _detach_iso_volume(volume_id, vm_id)
else:
yield server_action(t.get("resource"),
Control.REBOOT,
info={"type": "SOFT"})
continue
LOG.debug("*************************************************")
LOG.debug("*********** Compute Control End ************")
LOG.debug("*************************************************")
except Exception, e:
LOG.error(trace())
LOG.error(" create start reboot schedule error %s" % e)
if not admin:
result = filter(lambda x: x['name'] != CONF.keystone.username and x['name'] != CONF.identify.super_user_name,
ret)
else:
result = filter(lambda x: x['name'] != CONF.keystone.username,
ret)
if CONF.ldap.enable:
try:
ldap_ret = eldap.users()
l_u = {}
for lu in ldap_ret:
if lu['name']:
l_u[lu['name']] = lu
ldap_result = []
for k in result:
if k['name'] not in l_u.keys():
if admin and k['name'] == CONF.identify.super_user_name:
ldap_result.append(k)
elif k['name'] != 'ecloud':
yield user.delete_user(k["id"])
else:
k.update(l_u[k['name']])
ldap_result.append(k)
result = ldap_result
except BaseException, e:
LOG.error("list ldap user error %s",e)
LOG.error(trace())
raise gen.Return(result)