def determine_error_cause(session, vmuuid):
cause = ""
try:
api_helper.get_suitable_vm_ip(session, vmuuid)
except util.XSContainerException:
cause = ERROR_CAUSE_NETWORK
# No reason to continue, if there is no network connection
return cause
try:
ssh_helper.execute_ssh(session, vmuuid, ['echo', 'hello world'])
except ssh_helper.AuthenticationException:
cause = (cause + "Unable to verify key-based authentication. "
+ "Please prepare the VM to install a key.")
# No reason to continue, if there is no SSH connection
return cause
except ssh_helper.VmHostKeyException:
cause = (cause + "The SSH host key of the VM has unexpectedly"
+ " changed, which could potentially be a security breach."
+ " If you think this is safe and expected, you"
+ " can reset the record stored in XS using xe"
+ " vm-param-remove uuid=<vm-uuid> param-name=other-config"
+ " param-key=xscontainer-sshhostkey")
# No reason to continue, if there is no SSH connection
return cause
except ssh_helper.SshException:
cause = (cause + "Unable to connect to the VM using SSH. Please "
+ "check the logs inside the VM and also try manually.")
# No reason to continue, if there is no SSH connection
return cause
# @todo: we could alternatively support socat
# @todo: we could probably prepare this as part of xscontainer-prepare-vm
try:
ssh_helper.execute_ssh(session, vmuuid, ['command -v ncat'])
except util.XSContainerException:
cause = (cause + "Unable to find ncat inside the VM. Please install "
+ "ncat. ")
try:
ssh_helper.execute_ssh(session, vmuuid, ['test', '-S',
DOCKER_SOCKET_PATH])
except util.XSContainerException:
cause = (cause + "Unable to find the Docker unix socket at %s."
% (DOCKER_SOCKET_PATH) +
" Please install and run Docker.")
# No reason to continue, if there is no docker socket
return cause
try:
ssh_helper.execute_ssh(session, vmuuid,
['test -r "%s" && test -w "%s" '
% (DOCKER_SOCKET_PATH, DOCKER_SOCKET_PATH)])
except util.XSContainerException:
cause = (cause + "Unable to access the Docker unix socket. "
+ "Please make sure the specified user account "
+ "belongs to the docker account group.")
if cause == "":
cause = "Unable to determine cause of failure."
return cause
def determine_error_cause(session, vmuuid):
cause = ""
try:
api_helper.get_suitable_vm_ip(session, vmuuid)
except util.XSContainerException:
cause = ERROR_CAUSE_NETWORK
# No reason to continue, if there is no network connection
return cause
try:
ssh_helper.execute_ssh(session, vmuuid, ['echo', 'hello world'])
except ssh_helper.AuthenticationException:
cause = (cause + "Unable to verify key-based authentication. " +
"Please prepare the VM to install a key.")
# No reason to continue, if there is no SSH connection
return cause
except ssh_helper.VmHostKeyException:
cause = (cause + "The SSH host key of the VM has unexpectedly" +
" changed, which could potentially be a security breach." +
" If you think this is safe and expected, you" +
" can reset the record stored in XS using xe" +
" vm-param-remove uuid=<vm-uuid> param-name=other-config" +
" param-key=xscontainer-sshhostkey")
# No reason to continue, if there is no SSH connection
return cause
except ssh_helper.SshException:
cause = (cause + "Unable to connect to the VM using SSH. Please " +
"check the logs inside the VM and also try manually.")
# No reason to continue, if there is no SSH connection
return cause
# @todo: we could alternatively support socat
# @todo: we could probably prepare this as part of xscontainer-prepare-vm
try:
ssh_helper.execute_ssh(session, vmuuid, ['command -v ncat'])
except util.XSContainerException:
cause = (cause + "Unable to find ncat inside the VM. Please install " +
"ncat. ")
try:
ssh_helper.execute_ssh(session, vmuuid,
['test', '-S', DOCKER_SOCKET_PATH])
except util.XSContainerException:
cause = (cause + "Unable to find the Docker unix socket at %s." %
(DOCKER_SOCKET_PATH) + " Please install and run Docker.")
# No reason to continue, if there is no docker socket
return cause
try:
ssh_helper.execute_ssh(session, vmuuid, [
'test -r "%s" && test -w "%s" ' %
(DOCKER_SOCKET_PATH, DOCKER_SOCKET_PATH)
])
except util.XSContainerException:
cause = (cause + "Unable to access the Docker unix socket. " +
"Please make sure the specified user account " +
"belongs to the docker account group.")
if cause == "":
cause = "Unable to determine cause of failure."
return cause
def prepare_ssh_client(session, vmuuid):
username = api_helper.get_vm_xscontainer_username(session, vmuuid)
host = api_helper.get_suitable_vm_ip(session, vmuuid, SSH_PORT)
log.info("prepare_ssh_client for vm %s, via %s@%s" %
(vmuuid, username, host))
client = paramiko.SSHClient()
pkey = paramiko.rsakey.RSAKey.from_private_key(
StringIO.StringIO(api_helper.get_idrsa_secret_private(session)))
client.get_host_keys().clear()
client.set_missing_host_key_policy(MyHostKeyPolicy(session, vmuuid))
try:
client.connect(host,
port=SSH_PORT,
username=username,
pkey=pkey,
look_for_keys=False)
except SshException:
# This exception is already improved - leave it as it is
raise
except paramiko.AuthenticationException as exception:
message = ("prepare_ssh_client failed to authenticate with private key"
" on VM %s" % (vmuuid))
log.info(message)
raise AuthenticationException(message)
except (paramiko.SSHException, socket.error) as exception:
# reraise as SshException
raise SshException("prepare_ssh_client: %s" % exception,
(sys.exc_info()[2]))
return client
def execute_docker_data_listen(session, vm_uuid, request,
stop_monitoring_request):
host = api_helper.get_suitable_vm_ip(session, vm_uuid, DOCKER_TLS_PORT)
log.info("tls.execute_docker_listen_charbychar for VM %s, via %s"
% (vm_uuid, host))
asocket = _get_socket(session, vm_uuid)
try:
asocket.connect((host, DOCKER_TLS_PORT))
if hasattr(asocket, 'version'):
# Newer python versions provide the TLS version
log.info("Connected VM %s using %s" % (vm_uuid,
asocket.version()))
asocket.send(request)
asocket.setblocking(0)
while not stop_monitoring_request:
rlist, _, _ = select.select(
[asocket.fileno()], [], [],
constants.MONITOR_EVENTS_POLL_INTERVAL)
if not rlist:
continue
try:
read_data = asocket.recv(1024)
if read_data == "":
break
yield read_data
except IOError, exception:
if exception[0] not in (errno.EAGAIN, errno.EINTR):
raise
sys.exc_clear()
continue
except ssl.SSLError, exception:
raise TlsException("Failed to communicate with Docker via TLS: %s"
% exception, (sys.exc_info()[2]))
def execute_docker_data_listen(session, vm_uuid, request,
stop_monitoring_request):
host = api_helper.get_suitable_vm_ip(session, vm_uuid, DOCKER_TLS_PORT)
log.info("tls.execute_docker_listen_charbychar for VM %s, via %s" %
(vm_uuid, host))
asocket = _get_socket(session, vm_uuid)
try:
asocket.connect((host, DOCKER_TLS_PORT))
if hasattr(asocket, 'version'):
# Newer python versions provide the TLS version
log.info("Connected VM %s using %s" % (vm_uuid, asocket.version()))
asocket.send(request)
asocket.setblocking(0)
while not stop_monitoring_request:
rlist, _, _ = select.select([asocket.fileno()], [], [],
constants.MONITOR_EVENTS_POLL_INTERVAL)
if not rlist:
continue
try:
read_data = asocket.recv(1024)
if read_data == "":
break
yield read_data
except IOError, exception:
if exception[0] not in (errno.EAGAIN, errno.EINTR):
raise
sys.exc_clear()
continue
except ssl.SSLError, exception:
raise TlsException(
"Failed to communicate with Docker via TLS: %s" % exception,
(sys.exc_info()[2]))
def determine_error_cause(session, vm_uuid):
cause = ""
try:
api_helper.get_suitable_vm_ip(session, vm_uuid, DOCKER_TLS_PORT)
except util.XSContainerException:
cause = ERROR_CAUSE_NETWORK
# No reason to continue, if there is no network connection
return cause
try:
request = "GET '/info' HTTP/1.0\r\n\r\n"
execute_docker(session, vm_uuid, request)
except TlsException:
cause = (cause + "Unable to connect to the VM using TLS. Please "
"check the logs inside the VM and also try "
"connecting manually. The cause may be a problem "
"with the TLS certificates.")
if cause == "":
cause = "Unable to determine cause of failure."
return cause
def determine_error_cause(session, vm_uuid):
cause = ""
try:
api_helper.get_suitable_vm_ip(session, vm_uuid, DOCKER_TLS_PORT)
except util.XSContainerException:
cause = ERROR_CAUSE_NETWORK
# No reason to continue, if there is no network connection
return cause
try:
request = "GET '/info' HTTP/1.0\r\n\r\n"
execute_docker(session, vm_uuid, request)
except TlsException:
cause = (cause + "Unable to connect to the VM using TLS. Please "
"check the logs inside the VM and also try "
"connecting manually. The cause may be a problem "
"with the TLS certificates.")
if cause == "":
cause = "Unable to determine cause of failure."
return cause
def execute_docker(session, vm_uuid, request):
host = api_helper.get_suitable_vm_ip(session, vm_uuid, DOCKER_TLS_PORT)
log.info("tls.execute_docker for VM %s, via %s" % (vm_uuid, host))
asocket = _get_socket(session, vm_uuid)
try:
asocket.connect((host, DOCKER_TLS_PORT))
asocket.send(request)
result = asocket.recv(constants.MAX_BUFFER_SIZE)
except ssl.SSLError, exception:
raise TlsException("Failed to communicate with Docker via TLS: %s"
% exception, (sys.exc_info()[2]))
def execute_docker(session, vm_uuid, request):
host = api_helper.get_suitable_vm_ip(session, vm_uuid, DOCKER_TLS_PORT)
log.info("tls.execute_docker for VM %s, via %s" % (vm_uuid, host))
asocket = _get_socket(session, vm_uuid)
try:
asocket.connect((host, DOCKER_TLS_PORT))
asocket.send(request)
result = ""
while len(result) < constants.MAX_BUFFER_SIZE:
result_iteration = asocket.recv(constants.MAX_BUFFER_SIZE -
len(result))
if result_iteration == "":
break
result += result_iteration
except ssl.SSLError, exception:
raise TlsException(
"Failed to communicate with Docker via TLS: %s" % exception,
(sys.exc_info()[2]))
def prepare_ssh_client(session, vmuuid):
username = api_helper.get_vm_xscontainer_username(session, vmuuid)
host = api_helper.get_suitable_vm_ip(session, vmuuid, SSH_PORT)
log.info("prepare_ssh_client for vm %s, via %s@%s"
% (vmuuid, username, host))
client = paramiko.SSHClient()
pkey = paramiko.rsakey.RSAKey.from_private_key(
StringIO.StringIO(api_helper.get_idrsa_secret_private(session)))
client.get_host_keys().clear()
client.set_missing_host_key_policy(MyHostKeyPolicy(session, vmuuid))
try:
client.connect(host, port=SSH_PORT, username=username,
pkey=pkey, look_for_keys=False)
except SshException:
# This exception is already improved - leave it as it is
raise
except paramiko.AuthenticationException, exception:
message = ("prepare_ssh_client failed to authenticate with private key"
" on VM %s" % (vmuuid))
log.info(message)
raise AuthenticationException(message)