def validate_set(self, dict_key_value):
grub2pass_attr = 'grub2_password'
lockout_time_attr = 'lockout_time'
failed_login_attempts_attr = 'failed_login_attempts'
logging.debug('validate_set called with %s' % str(dict_key_value))
value_str = dict_key_value.get(self.domain, None)
logging.debug('{0} domain value: {1}'.format(self.domain, value_str))
if value_str is not None:
value_dict = json.loads(value_str)
if not isinstance(value_dict, dict):
raise validation.ValidationError('%s value is not a dict' %
self.domain)
passwd = value_dict.get(grub2pass_attr)
if passwd:
self.validate_passwd_hash(passwd)
lockout_t = value_dict.get(lockout_time_attr)
if lockout_t:
self.validate_lockout_time(lockout_t)
failed_login_a = value_dict.get(failed_login_attempts_attr)
if failed_login_a:
self.validate_failed_login_attempts(failed_login_a)
else:
raise validation.ValidationError('Missing domain: %s' %
self.domain)
def validate_infra_network_range(self, infra, network_domain,
networking_config, host_count):
infra_conf = networking_config.get(infra)
if not isinstance(infra_conf, dict):
return
domains_conf = infra_conf.get('network_domains')
if not isinstance(domains_conf,
dict) or network_domain not in domains_conf:
reason = '%s does not contain %s network domain configuration' % \
(infra, network_domain)
raise validation.ValidationError(reason)
cidr = domains_conf[network_domain].get('cidr')
start = domains_conf[network_domain].get('ip_range_start')
end = domains_conf[network_domain].get('ip_range_end')
if not start and cidr:
start = str(IPNetwork(cidr)[1])
if not end and cidr:
end = str(IPNetwork(cidr)[-2])
required = host_count if infra != 'infra_external' else host_count + 1
if len(IPRange(start, end)) < required:
reason = 'IP range %s - %s does not contain %d addresses' % (
start, end, required)
raise validation.ValidationError(reason)
def validate_delete(self, props):
logging.debug('validate_delete called with %s', props)
if self.domain in props:
raise validation.ValidationError('%s cannot be deleted' %
self.domain)
else:
raise validation.ValidationError(
'References in %s, cannot be deleted' % self.domain)
def validate_ntp(self, ntp_list):
if not ntp_list:
raise validation.ValidationError('Missing NTP configuration')
if not isinstance(ntp_list, list):
raise validation.ValidationError(
'NTP servers value must be a list')
utils = validation.ValidationUtils()
for ntp in ntp_list:
utils.validate_ip_address(ntp)
def validate_mac_list(self, mac_list):
if not mac_list:
return
if not isinstance(mac_list, list):
raise validation.ValidationError('mgmt_mac value must be a list')
for mac in mac_list:
pattern = '[0-9a-f]{2}([-:])[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$'
if not mac or not re.match(pattern, mac.lower()):
raise validation.ValidationError(
'Invalid mac address syntax %s' % mac)
def validate_profile_list(self, profile_list, profile_defs, host,
attribute):
if not profile_list:
raise validation.ValidationError('Missing %s for %s' %
(attribute, host))
if not isinstance(profile_list, list):
raise validation.ValidationError('%s %s value must be a list' %
(host, attribute))
for profile in profile_list:
if profile not in profile_defs:
raise validation.ValidationError('Unknown %s %s for %s' %
(attribute, profile, host))
def validate_filepath(self, filepath):
try:
val = URLValidator()
val(filepath)
except ValidationError:
raise validation.ValidationError(
'The url: "%s" is not a valid url!' % filepath)
def validate_nonempty_performance_profile(self, config, profile_name,
host_name):
profile = config.get(profile_name)
if not isinstance(profile, dict) or not profile:
reason = 'Empty performance profile %s defined for %s' % (
profile_name, host_name)
raise validation.ValidationError(reason)
def validate_set(self, dict_key_value):
logging.debug('validate_set called with %s' % str(dict_key_value))
client = self.get_plugin_client()
for key, value in dict_key_value.iteritems():
value_str = value
value_dict = json.loads(value_str)
if key == self.domain:
openstack_config = value_dict
if not isinstance(value_dict, dict):
raise validation.ValidationError('%s value is not a dict' % self.domain)
else:
raise validation.ValidationError('Unexpected configuration %s' % key)
self.validate_openstack(openstack_config)
def validate_set(self, dict_key_value):
logging.debug('validate_set called with %s' % str(dict_key_value))
for key, value in dict_key_value.iteritems():
version = json.loads(value)
if key == self.domain:
self.validate_version(version)
else:
raise validation.ValidationError(
'Unexpected configuration %s' % key)
def validate_performance_profile(self, config, profile_name):
attributes = [
'default_hugepagesz', 'hugepagesz', 'hugepages', 'ovs_dpdk_cpus'
]
profile = config.get(profile_name)
if not profile:
profile = {}
for attr in attributes:
if not profile.get(attr):
raise validation.ValidationError(
'Missing %s value for performance profile %s' %
(attr, profile_name))
def validate_set(self, dict_key_value):
user_attr = 'admin_user_name'
passwd_attr = 'admin_user_password'
init_user_attr = 'initial_user_name'
init_passwd_attr = 'initial_user_password'
logging.debug('validate_set called with %s' % str(dict_key_value))
value_str = dict_key_value.get(self.domain)
value_dict = {} if not value_str else json.loads(value_str)
if not value_dict:
raise validation.ValidationError('No value for %s' % self.domain)
if not isinstance(value_dict, dict):
raise validation.ValidationError('%s value is not a dict' % self.domain)
utils = validation.ValidationUtils()
user = value_dict.get(user_attr)
if user:
utils.validate_username(user)
else:
raise validation.ValidationError('Missing %s' % user_attr)
um_user = value_dict.get(init_user_attr)
if um_user:
utils.validate_username(um_user)
else:
raise validation.ValidationError('Missing %s' % init_user_attr)
if not value_dict.get(passwd_attr):
raise validation.ValidationError('Missing %s' % passwd_attr)
if not value_dict.get(init_passwd_attr):
raise validation.ValidationError('Missing %s' % init_passwd_attr)
def validate_version(self, version_str):
if not version_str:
raise validation.ValidationError(
'Missing configuration template version')
if not isinstance(version_str, basestring):
raise validation.ValidationError(
'Version configuration should be a string')
data = version_str.split('.')
if len(data) != 3:
raise validation.ValidationError(
'Invalid version data syntax in configuration')
version = []
for i in data:
if not i.isdigit():
raise validation.ValidationError(
'Version data does not consist of numbers')
version.append(int(i))
if self.version != self.devel_version and version == self.devel_version:
msg = 'Accepting development version %s' % version_str
logging.warning(msg)
elif version[0] != self.version[0]:
reason = 'Major configuration template version mismatch (%s does not match with %s)' \
% (version_str, str(self.version))
raise validation.ValidationError(reason)
elif version[1] != self.version[1]:
reason = 'Configuration template version mismatch (%s does not match with %s)' \
% (version_str, str(self.version))
self.log_changes(version[1])
raise validation.ValidationError(reason)
elif version[2] != self.version[2]:
msg = 'Minor configuration template version mismatch, check the latest template changes'
logging.warning(msg)
def validate_hwmgmt(self, hwmgmt, host):
# this list may not be comprehensive, but it matches ironic's idea
# of valid privileges. In practice, we'll likely only see OPERATOR
# and ADMINISTRATOR. Case seems to matter here.
valid_ipmi_priv = ['USER', 'CALLBACK', 'OPERATOR', 'ADMINISTRATOR']
if not hwmgmt:
raise validation.ValidationError(
'Missing hwmgmt configuration for %s' % host)
if not hwmgmt.get('user'):
raise validation.ValidationError('Missing hwmgmt username for %s' %
host)
if not hwmgmt.get('password'):
raise validation.ValidationError('Missing hwmgmt password for %s' %
host)
priv_level = hwmgmt.get('priv_level')
if priv_level and priv_level not in valid_ipmi_priv:
# priv_level is optional, but should be in the valid range.
raise validation.ValidationError(
'Invalid IPMI privilege level %s for %s' % (priv_level, host))
validationutils = validation.ValidationUtils()
validationutils.validate_ip_address(hwmgmt.get('address'))
def validate_sections(self, sections):
names = []
missing = ''
client = self.get_plugin_client()
for name in self.Required:
if name not in sections:
names.append(name)
properties = client.get_properties(self.filterstr)
keys = properties.keys()
for name in names:
if name not in keys:
missing += ', ' + name if missing else name
if missing:
raise validation.ValidationError(
'Mandatory sections missing from configuration: %s' % missing)
def validate_preallocated_ips(self, host, nw_profile_config,
networking_config):
if not self.host_has_preallocated_ip(host):
return
validationutils = validation.ValidationUtils()
for network_name, ip in host["pre_allocated_ips"].iteritems():
for net_profile_name in host["network_profiles"]:
if not self.is_network_in_net_profile(
network_name, nw_profile_config.get(net_profile_name)):
raise validation.ValidationError(
"Network %s is missing from network profile %s" %
(network_name, net_profile_name))
network_domains = networking_config.get(network_name).get(
"network_domains")
host_network_domain = host["network_domain"]
subnet = network_domains.get(host_network_domain)["cidr"]
validationutils.validate_ip_address(ip)
utils.validate_ip_in_network(ip, subnet)
def validate_set(self, dict_key_value):
ntp_attr = 'ntp_servers'
logging.debug('validate_set called with %s' % str(dict_key_value))
for key, value in dict_key_value.iteritems():
value_dict = json.loads(value)
if not value_dict:
raise validation.ValidationError('No value for %s' % key)
if not isinstance(value_dict, dict):
raise validation.ValidationError('%s value is not a dict' %
self.domain)
if key == self.domain:
ntp_list = value_dict.get(ntp_attr)
self.validate_ntp(ntp_list)
attr = 'zone'
zone = value_dict.get(attr)
if zone:
self.validate_timezone(zone)
else:
raise validation.ValidationError('Missing timezone %s' %
attr)
auth_type = value_dict.get('auth_type')
if auth_type:
self.validate_authtype(auth_type)
else:
raise validation.ValidationError(
'Missing authentication type for NTP')
filepath = value_dict.get('serverkeys_path')
if auth_type != 'none' and filepath == '':
raise validation.ValidationError(
'The serverkeys_path is missing')
elif auth_type == 'none':
pass
else:
self.validate_filepath(filepath)
self.validate_yaml_format(filepath, auth_type)
else:
raise validation.ValidationError(
'Unexpected configuration %s' % key)
def search_for_duplicate_ips(self, hosts):
ips_field = "pre_allocated_ips"
hosts_with_preallocated_ip = {
name: attributes
for name, attributes in hosts.iteritems()
if self.host_has_preallocated_ip(attributes)
}
for host_name, host in hosts_with_preallocated_ip.iteritems():
other_hosts = {
name: attributes
for name, attributes in hosts_with_preallocated_ip.iteritems()
if name != host_name
}
for other_host_name, other_host in other_hosts.iteritems():
if self.host_has_preallocated_ip(other_host):
logging.debug(
"Checking %s and %s for duplicated preallocated IPs",
host_name, other_host_name)
duplicated_ip = self.is_ip_duplicated(
host[ips_field], other_host[ips_field])
if duplicated_ip:
raise validation.ValidationError(
"%s and %s has duplicated IP address: %s" %
(host_name, other_host_name, duplicated_ip))
def validate_yaml_format(self, url, auth_type):
if url.startswith("file://"):
path = url.lstrip("file://")
try:
with open(path) as f:
f_content = f.read()
except IOError:
raise validation.ValidationError(
'The file: "%s" is not present on the system!' % url)
else:
try:
r = requests.get(url)
if r['status_code'] != 200:
raise requests.exceptions.ConnectionError()
f_content = r['content']
except requests.exceptions.ConnectionError:
raise validation.ValidationError(
'The url: "%s" is not reachable!' % url)
try:
yaml_content = yaml.load(f_content)
except yaml.YAMLError:
raise validation.ValidationError(
'The validation of the yamlfile failed!')
for item in yaml_content:
srv = item.keys()[0]
if auth_type == 'symmetric' and not isinstance(item[srv], str):
raise validation.ValidationError(
'The yamlfile contains invalid data! '
'(The authentication method looks like it\'s symmetric.)')
elif auth_type == 'crypto' and isinstance(item[srv], dict):
if (item[srv]['type'] != 'iff' or item[srv]['type'] != 'gq' or
item[srv]['type'] != 'mv')\
and (not isinstance(item[srv]['keys'], list)):
raise validation.ValidationError(
'The yamlfile contains invalid data! '
'(The authentication method looks like it\'s crypto.)')
else:
raise validation.ValidationError(
'The yamlfile contains invalid data!')
def validate_delete(self, dict_key_value):
logging.debug('validate_delete called with %s' % str(dict_key_value))
raise validation.ValidationError('%s cannot be deleted' % self.domain)
def validate_authtype(self, auth_type):
if auth_type not in TimeValidation.supported_authentication_types:
raise validation.ValidationError(
'The provided authentication method for NTP is not supported')
def err_provider_vlan_conflict(iface):
err = NetworkProfilesValidation.ERR_PROVIDER_VLAN_CONFLICT.format(iface)
raise validation.ValidationError(err)
def err_vf_count(network):
err = NetworkProfilesValidation.ERR_VF_COUNT.format(network)
raise validation.ValidationError(err)
def err_sriov_iface_conflict():
err = NetworkProfilesValidation.ERR_SRIOV_IFACE_CONFLICT
raise validation.ValidationError(err)
def err_sriov_lacp_conflict():
err = NetworkProfilesValidation.ERR_SRIOV_LACP_CONFLICT
raise validation.ValidationError(err)
def err_infra_provider_untagged_conflict(network):
err = NetworkProfilesValidation.ERR_INFRA_PROVIDER_UNTAGGED_CONFLICT.format(network)
raise validation.ValidationError(err)
def err_infra_provider_vlan_conflict(network):
err = NetworkProfilesValidation.ERR_INFRA_PROVIDER_VLAN_CONFLICT.format(network)
raise validation.ValidationError(err)
def err_single_nic_provider_type(profile, provider_type):
err = NetworkProfilesValidation.ERR_SINGLE_NIC_PROVIDER_TYPE.format(profile, provider_type)
raise validation.ValidationError(err)
def validate_timezone(self, value):
try:
pytz.timezone(value)
except pytz.UnknownTimeZoneError as exc:
raise validation.ValidationError(
"Invalid time zone: {0}".format(exc))
def err_single_nic_violation(profile):
err = NetworkProfilesValidation.ERR_SINGLE_NIC_VIOLATION.format(profile)
raise validation.ValidationError(err)