def update_pool_maxconn(maxconn, old_maxconn, sp, user): sp.default_limit = maxconn sp.save() # If pool member exists, checks if all of them have the same maxconn # before changing its default maxconn if (len(sp.serverpoolmember_set.all()) > 0): if (old_maxconn != sp.default_limit and sp.pool_created): for serverpoolmember in sp.serverpoolmember_set.all(): if serverpoolmember.limit != old_maxconn: raise exceptions.ScriptAlterLimitPoolDiffMembersException() else: serverpoolmember.limit = maxconn serverpoolmember.save() transaction.commit() command = settings.POOL_MANAGEMENT_LIMITS % (sp.id) code, _, _ = exec_script(command) if code != 0: sp.default_limit = old_maxconn for serverpoolmember in sp.serverpoolmember_set.all(): serverpoolmember.limit = old_maxconn serverpoolmember.save() sp.save() transaction.commit() raise exceptions.ScriptAlterLimitPoolException()
def update_pool_maxconn(maxconn, old_maxconn, sp, user): sp.default_limit = maxconn sp.save() # If pool member exists, checks if all of them have the same maxconn # before changing its default maxconn if(len(sp.serverpoolmember_set.all()) > 0): if(old_maxconn != sp.default_limit and sp.pool_created): for serverpoolmember in sp.serverpoolmember_set.all(): if serverpoolmember.limit != old_maxconn: raise exceptions.ScriptAlterLimitPoolDiffMembersException() else: serverpoolmember.limit = maxconn serverpoolmember.save() transaction.commit() command = settings.POOL_MANAGEMENT_LIMITS % (sp.id) code, _, _ = exec_script(command) if code != 0: sp.default_limit = old_maxconn for serverpoolmember in sp.serverpoolmember_set.all(): serverpoolmember.limit = old_maxconn serverpoolmember.save() sp.save() transaction.commit() raise exceptions.ScriptAlterLimitPoolException()
def check_pool_member_status(self, obj): command = POOL_REAL_CHECK % (obj.server_pool.id, obj.ip.id, obj.port_real) code, _, _ = exec_script(command) return code
def check_pool_member_status(self, obj): command = POOL_REAL_CHECK % ( obj.server_pool.id, obj.ip.id, obj.port_real) code, _, _ = exec_script(command) return code
def activate_network(self, user, id): # id => ex: '55-v4' or '55-v6' value = id.split('-') if len(value) != 2: self.log.error( u'The id network parameter is invalid format: %s.', value) raise InvalidValueError(None, 'id_network', value) id_net = value[0] network_type = value[1] if not is_valid_int_greater_zero_param(id_net): self.log.error( u'The id network parameter is invalid. Value: %s.', id_net) raise InvalidValueError(None, 'id_network', id_net) if not is_valid_version_ip(network_type, IP_VERSION): self.log.error( u'The type network parameter is invalid value: %s.', network_type) raise InvalidValueError(None, 'network_type', network_type) if network_type == 'v4': # network_type = 'v4' # Make command command = NETWORKIPV4_CREATE % int(id_net) code, stdout, stderr = exec_script(command) if code == 0: # Change column 'active = 1' net = NetworkIPv4.get_by_pk(id_net) net.activate(user) else: # network_type = 'v6' # Make command command = NETWORKIPV6_CREATE % int(id_net) code, stdout, stderr = exec_script(command) if code == 0: # Change column 'active = 1' net = NetworkIPv6.get_by_pk(id_net) net.activate(user) return code, stdout, stderr
def apply_priorities(list_pool_member, old_priorities_list, sp, user): transaction.commit() command = settings.POOL_MEMBER_PRIORITIES % (sp.id) code, _, _ = exec_script(command) if code != 0: for i in range(0, len(old_priorities_list)): list_pool_member[i].priority = old_priorities_list[i] list_pool_member[i].save() transaction.commit() raise exceptions.ScriptAlterPriorityPoolMembersException()
def exec_script_check_poolmember_by_pool(pool_id): # execute script check status real command = settings.POOL_REAL_CHECK_BY_POOL % (pool_id) status_code, stdout, stderr = exec_script(command) if status_code != 0: raise exceptions.ScriptCheckStatusPoolMemberException() return stdout
def deploy_pool_member_config(id_ip, id_pool, port_ip, spm, user): transaction.commit() # def prepare_and_save(self, server_pool, ip, ip_type, priority, weight, port_real, user, commit=False): # spm.prepare_and_save(sp, ip_object, IP_VERSION.IPv4[1], dic['priority'], dic['weight'], dic['port_real'], user, True) command = settings.POOL_REAL_CREATE % (id_pool, id_ip, port_ip) code, _, _ = exec_script(command) if code != 0: spm.delete() transaction.commit() raise exceptions.ScriptCreatePoolException()
def deactivate_network(self, user, id): id_network, network_type = self.get_id_and_net_type(id) if not is_valid_int_greater_zero_param(id_network): self.log.error( u'The id network parameter is invalid. Value: %s.', id_network) raise InvalidValueError(None, 'id_network', id_network) if not is_valid_version_ip(network_type, IP_VERSION): self.log.error( u'The type network parameter is invalid value: %s.', network_type) raise InvalidValueError(None, 'network_type', network_type) if network_type == self.NETWORK_TYPE_V4: net = NetworkIPv4.get_by_pk(id_network) if not self.is_active_netwok(net): raise NetworkInactiveError( message=error_messages.get(self.CODE_MESSAGE_INACTIVE_NETWORK)) command = NETWORKIPV4_REMOVE % int(id_network) code, stdout, stderr = exec_script(command) if code == 0: net = NetworkIPv4.get_by_pk(id_network) net.deactivate(user) else: net = NetworkIPv6.get_by_pk(id_network) if not self.is_active_netwok(net): raise NetworkInactiveError( message=error_messages.get(self.CODE_MESSAGE_INACTIVE_NETWORK)) command = NETWORKIPV6_REMOVE % int(id_network) code, stdout, stderr = exec_script(command) if code == 0: net.deactivate(user) return code, stdout, stderr
def check_pool_member_enabled(self, obj): command = POOL_REAL_CHECK % ( obj.server_pool.id, obj.ip.id, obj.port_real) code, _, _ = exec_script(command) if code == 0: return True return False
def check_pool_member_enabled(self, obj): command = POOL_REAL_CHECK % (obj.server_pool.id, obj.ip.id, obj.port_real) code, _, _ = exec_script(command) if code == 0: return True return False
def create_vlan(self, user, vlan_id): if not has_perm(user, AdminPermission.VLAN_MANAGEMENT, AdminPermission.WRITE_OPERATION): return self.not_authorized() vlan = Vlan().get_by_pk(vlan_id) # Check permission group equipments equips_from_ipv4 = Equipamento.objects.filter( ipequipamento__ip__networkipv4__vlan=vlan_id, equipamentoambiente__is_router=1) equips_from_ipv6 = Equipamento.objects.filter( ipv6equipament__ip__networkipv6__vlan=vlan_id, equipamentoambiente__is_router=1) for equip in equips_from_ipv4: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() for equip in equips_from_ipv6: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() if vlan.ativada: return self.response_error(122) command = settings.VLAN_CREATE % (vlan.id) code, stdout, stderr = exec_script(command) if code == 0: vlan.activate(user) success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = {'stdout': stdout, 'stderr': stderr} map = dict() map['sucesso'] = success_map # Send to Queue queue_manager = QueueManager() serializer = VlanSerializer(vlan) data_to_queue = serializer.data data_to_queue.update({'description': queue_keys.VLAN_CREATE}) queue_manager.append({'action': queue_keys.VLAN_CREATE,'kind': queue_keys.VLAN_KEY,'data': data_to_queue}) queue_manager.send() return self.response(dumps_networkapi(map)) else: return self.response_error(2, stdout + stderr)
def update_load_balancing_method(balancing, old_lb_method, sp, user): sp.lb_method = balancing sp.save() if (old_lb_method != sp.lb_method and sp.pool_created): transaction.commit() command = settings.POOL_MANAGEMENT_LB_METHOD % (sp.id) code, _, _ = exec_script(command) if code != 0: sp.lb_method = old_lb_method sp.save() transaction.commit() raise exceptions.ScriptCreatePoolException()
def apply_health_check(hc, old_healthcheck, sp, user): # Applies new healthcheck in pool sp.healthcheck = hc sp.save() if (old_healthcheck.id != hc.id and sp.pool_created): transaction.commit() command = settings.POOL_HEALTHCHECK % (sp.id) code, _, _ = exec_script(command) if code != 0: sp.healthcheck = old_healthcheck sp.save() transaction.commit() raise exceptions.ScriptCreatePoolException()
def apply_service_down_action(old_servicedownaction, servicedownaction, sp, user): # Applies new service-down-action in pool sp.servicedownaction = servicedownaction sp.save() if (old_servicedownaction != sp.servicedownaction and sp.pool_created): transaction.commit() command = settings.POOL_SERVICEDOWNACTION % (sp.id) code, _, _ = exec_script(command) if code != 0: sp.servicedownaction = old_servicedownaction sp.save() transaction.commit() raise exceptions.ScriptAlterServiceDownActionException()
def deactivate_network(self, user, id): id_network, network_type = self.get_id_and_net_type(id) if not is_valid_int_greater_zero_param(id_network): self.log.error( u'The id network parameter is invalid. Value: %s.', id_network) raise InvalidValueError(None, 'id_network', id_network) if not is_valid_version_ip(network_type, IP_VERSION): self.log.error( u'The type network parameter is invalid value: %s.', network_type) raise InvalidValueError(None, 'network_type', network_type) if not self.is_active_netwok(net): code = 0 stdout = 'Nothing to do. Network is not active.' stderr = '' else: if network_type == self.NETWORK_TYPE_V4: net = NetworkIPv4.get_by_pk(id_network) command = NETWORKIPV4_REMOVE % int(id_network) code, stdout, stderr = exec_script(command) if code == 0: net = NetworkIPv4.get_by_pk(id_network) net.deactivate(user) else: net = NetworkIPv6.get_by_pk(id_network) command = NETWORKIPV6_REMOVE % int(id_network) code, stdout, stderr = exec_script(command) if code == 0: net.deactivate(user) return code, stdout, stderr
def deactivate_network(self, user, id): id_network, network_type = self.get_id_and_net_type(id) if not is_valid_int_greater_zero_param(id_network): self.log.error(u'The id network parameter is invalid. Value: %s.', id_network) raise InvalidValueError(None, 'id_network', id_network) if not is_valid_version_ip(network_type, IP_VERSION): self.log.error(u'The type network parameter is invalid value: %s.', network_type) raise InvalidValueError(None, 'network_type', network_type) if not self.is_active_netwok(net): code = 0 stdout = 'Nothing to do. Network is not active.' stderr = '' else: if network_type == self.NETWORK_TYPE_V4: net = NetworkIPv4.get_by_pk(id_network) command = NETWORKIPV4_REMOVE % int(id_network) code, stdout, stderr = exec_script(command) if code == 0: net = NetworkIPv4.get_by_pk(id_network) net.deactivate(user) else: net = NetworkIPv6.get_by_pk(id_network) command = NETWORKIPV6_REMOVE % int(id_network) code, stdout, stderr = exec_script(command) if code == 0: net.deactivate(user) return code, stdout, stderr
def create_vip(self, vips): try: if vips.get('layers'): for vip_id in vips.get('layers'): for id_layer in vips.get('layers').get(vip_id): vip_request = vips.get('layers').get(vip_id).get( id_layer).get('vip_request') command = 'gerador_vips -i %s --cria --aceonly' % vip_request[ 'id'] log.info('calling script: %s' % command) code, stdout, stderr = exec_script(command) except Exception, e: log.error(e) raise base_exceptions.CommandErrorException(e)
def create_vip(self, vips): try: if vips.get('layers'): for vip_id in vips.get('layers'): for id_layer in vips.get('layers').get(vip_id): vip_request = vips.get('layers').get( vip_id).get(id_layer).get('vip_request') command = 'gerador_vips -i %s --cria --aceonly' % vip_request[ 'id'] log.info('calling script: %s' % command) code, stdout, stderr = exec_script(command) except Exception, e: log.error(e) raise base_exceptions.CommandErrorException(e)
def remove_pool_members(id_pool_member_noempty, sp, user): # exclue server pool member del_smp = sp.serverpoolmember_set.exclude(id__in=id_pool_member_noempty) if del_smp: for obj in del_smp: obj.delete() # execute script remove real if pool already created # commit transaction after each successful script call if sp.pool_created: command = settings.POOL_REAL_REMOVE % ( obj.server_pool_id, obj.ip_id if obj.ip else obj.ipv6_id, obj.port_real) code, _, _ = exec_script(command) if code != 0: raise exceptions.ScriptCreatePoolException() transaction.commit()
def create_vlan(self, user, vlan_id): if not has_perm(user, AdminPermission.VLAN_MANAGEMENT, AdminPermission.WRITE_OPERATION): return self.not_authorized() vlan = Vlan().get_by_pk(vlan_id) # Check permission group equipments equips_from_ipv4 = Equipamento.objects.filter( ipequipamento__ip__networkipv4__vlan=vlan_id, equipamentoambiente__is_router=1) equips_from_ipv6 = Equipamento.objects.filter( ipv6equipament__ip__networkipv6__vlan=vlan_id, equipamentoambiente__is_router=1) for equip in equips_from_ipv4: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() for equip in equips_from_ipv6: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() if vlan.ativada: return self.response_error(122) command = settings.VLAN_CREATE % (vlan.id) code, stdout, stderr = exec_script(command) if code == 0: vlan.activate(user) success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = {'stdout': stdout, 'stderr': stderr} map = dict() map['sucesso'] = success_map return self.response(dumps_networkapi(map)) else: return self.response_error(2, stdout + stderr)
def handle_put(self, request, user, *args, **kwargs): """Treat requests PUT change limit connections to VIP. URLs: /vip/<id_vip>/maxcon/<maxcon>/ """ self.log.info('Change limit connections to VIP') try: vip_id = kwargs.get('id_vip') maxcon = kwargs.get('maxcon') # User permission if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) # Valid Vip ID if not is_valid_int_greater_zero_param(vip_id): self.log.error( u'The vip_id parameter is not a valid value: %s.', vip_id) raise InvalidValueError(None) # Valid Maxcon if not is_valid_int_greater_equal_zero_param(maxcon): self.log.error( u'The maxcon parameter is not a valid value: %s.', maxcon) raise InvalidValueError(None) # Existing Vip ID vip = RequisicaoVips.get_by_pk(vip_id) with distributedlock(LOCK_VIP % vip_id): vip_old = clone(vip) server_pools = ServerPool.objects.filter( vipporttopool__requisicao_vip=vip) server_pools_old = [] server_pools_members_old = [] for sp in server_pools: server_pools_old.append(sp) for spm in sp.serverpoolmember_set.all(): server_pools_members_old.append(spm) # Vip must be created if not vip.vip_criado: self.log.error( u'Maxcon can not be changed because VIP has not yet been created.') raise RequestVipsNotBeenCreatedError(None) # Vip equipments permission if vip.ip is not None: for ip_equipment in vip.ip.ipequipamento_set.all(): if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): self.log.error( u'Groups of equipment registered with the IP of the VIP request is not allowed of acess.') raise EquipmentGroupsNotAuthorizedError(None) if vip.ipv6 is not None: for ip_equipment in vip.ipv6.ipv6equipament_set.all(): if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): self.log.error( u'Groups of equipment registered with the IP of the VIP request is not allowed of acess.') raise EquipmentGroupsNotAuthorizedError(None) # Get variables variables_map = vip.variables_to_map() # Valid variables vip.set_variables(variables_map) # Valid real names and real ips of real server if variables_map.get('reals') is not None: evip = EnvironmentVip.get_by_values(variables_map.get( 'finalidade'), variables_map.get('cliente'), variables_map.get('ambiente')) for real in variables_map.get('reals').get('real'): ip_aux_error = real.get('real_ip') equip_aux_error = real.get('real_name') equip = Equipamento.get_by_name(equip_aux_error) # Valid Real RequisicaoVips.valid_real_server( ip_aux_error, equip, evip) # Valid reals_prioritys variables_map, code = vip.valid_values_reals_priority( variables_map) if code is not None: return self.response_error(329) # Valid reals_weight variables_map, code = vip.valid_values_reals_weight( variables_map) if code is not None: return self.response_error(330) # Valid ports variables_map, code = vip.valid_values_ports(variables_map) if code is not None: return self.response_error(331) variables_map['maxcon'] = maxcon vip.set_variables(variables_map) vip.save(user, commit=True) # update server pool limits table # Fix #27 server_pools = ServerPool.objects.filter( vipporttopool__requisicao_vip=vip) for sp in server_pools: # If exists pool member, change default maxconn of pool and # members if(len(sp.serverpoolmember_set.all()) > 0): # if(old_maxconn != sp.default_limit and # sp.pool_created): sp.default_limit = maxcon sp.save(user, commit=True) for serverpoolmember in sp.serverpoolmember_set.all(): serverpoolmember.limit = maxcon serverpoolmember.save(user, commit=True) # gerador_vips -i <ID_REQUISICAO> --maxconn command = 'gerador_vips -i %d --maxconn' % vip.id code, stdout, stderr = exec_script(command) if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = { 'stdout': stdout, 'stderr': stderr} map = dict() map['sucesso'] = success_map return self.response(dumps_networkapi(map)) else: # TODO Check if is needed to update pool members separately vip_old.save(user, commit=True) for sp in server_pools_old: sp.save(user, commit=True) for spm in server_pools_members_old: spm.save(user, commit=True) return self.response_error(2, stdout + stderr) except XMLError, x: self.log.error(u'Error reading the XML request.') return self.response_error(3, x)
def handle_post(self, request, user, *args, **kwargs): """Treat POST requests to run script creation for vlan and networks URL: vlan/v4/create/ or vlan/v6/create/ """ try: # Generic method for v4 and v6 network_version = kwargs.get("network_version") # Commons Validations # User permission if not has_perm(user, AdminPermission.VLAN_MANAGEMENT, AdminPermission.WRITE_OPERATION): self.log.error(u"User does not have permission to perform the operation.") return self.not_authorized() # Business Validations # Load XML data xml_map, attrs_map = loads(request.raw_post_data) # XML data format networkapi_map = xml_map.get("networkapi") if networkapi_map is None: msg = u"There is no value to the networkapi tag of XML request." self.log.error(msg) return self.response_error(3, msg) vlan_map = networkapi_map.get("vlan") if vlan_map is None: msg = u"There is no value to the vlan tag of XML request." self.log.error(msg) return self.response_error(3, msg) # Get XML data network_ip_id = vlan_map.get("id_network_ip") # Valid network_ip ID if not is_valid_int_greater_zero_param(network_ip_id): self.log.error(u"Parameter id_network_ip is invalid. Value: %s.", network_ip_id) raise InvalidValueError(None, "id_network_ip", network_ip_id) # Network must exists in database if IP_VERSION.IPv4[0] == network_version: network_ip = NetworkIPv4().get_by_pk(network_ip_id) else: network_ip = NetworkIPv6().get_by_pk(network_ip_id) # Vlan must be active if Network is if network_ip.active: return self.response_error(299) # Check permission group equipments equips_from_ipv4 = Equipamento.objects.filter( ipequipamento__ip__networkipv4__vlan=network_ip.vlan.id, equipamentoambiente__is_router=1 ) equips_from_ipv6 = Equipamento.objects.filter( ipv6equipament__ip__networkipv6__vlan=network_ip.vlan.id, equipamentoambiente__is_router=1 ) for equip in equips_from_ipv4: # User permission if not has_perm( user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION, ): self.log.error(u"User does not have permission to perform the operation.") return self.not_authorized() for equip in equips_from_ipv6: # User permission if not has_perm( user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION, ): self.log.error(u"User does not have permission to perform the operation.") return self.not_authorized() # Business Rules success_map = dict() # If Vlan is not active, need to be created before network if not network_ip.vlan.ativada: # Make command vlan_command = VLAN_CREATE % (network_ip.vlan.id) # Execute command code, stdout, stderr = exec_script(vlan_command) if code == 0: # After execute script, change to activated network_ip.vlan.activate(user) vlan_success = dict() vlan_success["codigo"] = "%04d" % code vlan_success["descricao"] = {"stdout": stdout, "stderr": stderr} success_map["vlan"] = vlan_success else: return self.response_error(2, stdout + stderr) # Make command to create Network if IP_VERSION.IPv4[0] == network_version: command = NETWORKIPV4_CREATE % (network_ip.id) else: command = NETWORKIPV6_CREATE % (network_ip.id) # Execute command code, stdout, stderr = exec_script(command) if code == 0: # After execute script, change the Network to activated network_ip.activate(user) network_success = dict() network_success["codigo"] = "%04d" % code network_success["descricao"] = {"stdout": stdout, "stderr": stderr} success_map["network"] = network_success else: return self.response_error(2, stdout + stderr) map = dict() map["sucesso"] = success_map vlan_obj = network_ip.vlan # Return XML return self.response(dumps_networkapi(map)) except InvalidValueError, e: return self.response_error(269, e.param, e.value)
def manager_pools(request): """ Manager Status Pool Members Enable/Disabled By Pool :param request: HttpRequest """ try: pool_id = request.DATA.get("server_pool_id") pool_members = request.DATA.get("server_pool_members", []) # List to validate pool member status valid_status = [0, 1, False, True] pool_members_id = [member.get('id') for member in pool_members] if not is_valid_int_greater_zero_param(pool_id): raise exceptions.InvalidIdPoolException() # Validate pool members id is_valid_list_int_greater_zero_param(pool_members_id) pool_obj = ServerPool.objects.get(id=pool_id) related_pool_members = pool_obj.serverpoolmember_set.order_by('id') received_pool_members = ServerPoolMember.objects.filter( id__in=pool_members_id).order_by('id') relates = list(related_pool_members) receives = list(received_pool_members) if relates != receives: raise exceptions.InvalidIdPoolMemberException( u'Required All Pool Members By Pool') for member in pool_members: member_id = member.get("id") member_status = member.get("status") if member_status not in valid_status: raise exceptions.InvalidStatusPoolMemberException() server_pool_member = ServerPoolMember.objects.get(id=member_id) server_pool_member.status = member_status server_pool_member.save(request.user, commit=True) # Execute Script To Set Status command = settings.POOL_MANAGEMENT_MEMBERS_STATUS % pool_id code, _, _ = exec_script(command) if code != 0: raise exceptions.ScriptManagementPoolException() except (exceptions.ScriptManagementPoolException, ScriptError), exception: # Rollback for old_member in related_pool_members: old_member.save(request.user, commit=True) raise exception
def handle_put(self, request, user, *args, **kwargs): """Treat PUT requests to activate a vlan Set column ativada = 1 URL: vlan/create/ """ try: # User permission if not has_perm(user, AdminPermission.VLAN_MANAGEMENT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() # Load XML data xml_map, attrs_map = loads(request.raw_post_data) # XML data format networkapi_map = xml_map.get('networkapi') vlan_map = networkapi_map.get('vlan') id_vlan = vlan_map.get('vlan_id') vlan = Vlan() vlan = vlan.get_by_pk(id_vlan) # Check permission group equipments equips_from_ipv4 = Equipamento.objects.filter( ipequipamento__ip__networkipv4__vlan=id_vlan, equipamentoambiente__is_router=1) equips_from_ipv6 = Equipamento.objects.filter( ipv6equipament__ip__networkipv6__vlan=id_vlan, equipamentoambiente__is_router=1) for equip in equips_from_ipv4: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() for equip in equips_from_ipv6: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() if vlan.ativada: return self.response(dumps_networkapi({})) # Make command vlan_command = settings.VLAN_CREATE % int(id_vlan) # Execute command code, stdout, stderr = exec_script(vlan_command) # if command was successfully executed if code == 0: # After execute script, change to activated vlan.activate(user) else: return self.response_error(2, stdout + stderr) return self.response(dumps_networkapi({})) except InvalidValueError as e: return self.response_error(269, e.param, e.value) except AmbienteNotFoundError as e: return self.response_error(112) except VlanNameDuplicatedError as e: return self.response_error(108) except VlanNumberNotAvailableError as e: return self.response_error(306, vlan.num_vlan) except VlanNumberEnvironmentNotAvailableError as e: return self.response_error(315, e.message) except VlanNotFoundError as e: return self.response_error(150, e.message) except XMLError as e: self.log.error(u'Error reading the XML request.') return self.response_error(3, e) except (VlanError, AmbienteError) as e: return self.response_error(1)
def handle_put(self, request, user, *args, **kwargs): """ Handles PUT requests to change the VIP's real server. URL: vip/real/edit """ self.log.info("Change VIP's real server") try: # User permission if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) # Commons Validations # Load XML data xml_map, attrs_map = loads( request.raw_post_data, ['real', 'reals_weight', 'reals_priority']) # XML data format networkapi_map = xml_map.get('networkapi') if networkapi_map is None: return self.response_error(3, u'There is no value to the networkapi tag of XML request.') vip_map = networkapi_map.get('vip') if vip_map is None: return self.response_error(3, u'There is no value to the vip tag of XML request.') # Get XML data vip_id = vip_map.get('vip_id') alter_priority = vip_map.get('alter_priority') # Valid VIP ID if not is_valid_int_greater_zero_param(vip_id): self.log.error( u'The vip_id parameter is not a valid value: %s.', vip_id) raise InvalidValueError(None, 'vip_id', vip_id) # Valid Alter Priority if not is_valid_int_greater_equal_zero_param(alter_priority): alter_priority = 0 # Existing Vip ID vip = RequisicaoVips.get_by_pk(vip_id) # Clone vip vip_old = clone(vip) server_pools = ServerPool.objects.filter(vipporttopool__requisicao_vip=vip) server_pools_old = [] server_pools_members_old = [] for sp in server_pools: server_pools_old.append(sp) for spm in sp.serverpoolmember_set.all(): server_pools_members_old.append(spm) # Get variables variables_map = vip.variables_to_map() # Valid variables vip.set_variables(variables_map) # Get balancing method vip_map['metodo_bal'] = str( variables_map.get('metodo_bal')).upper() with distributedlock(LOCK_VIP % vip_id): # Valid real names and real ips of real server if vip_map.get('reals') is not None: evip = EnvironmentVip.get_by_values(variables_map.get( 'finalidade'), variables_map.get('cliente'), variables_map.get('ambiente')) for real in vip_map.get('reals').get('real'): ip_aux_error = real.get('real_ip') equip_aux_error = real.get('real_name') if equip_aux_error is not None: equip = Equipamento.get_by_name(equip_aux_error) else: self.log.error( u'The real_name parameter is not a valid value: None.') raise InvalidValueError(None, 'real_name', 'None') # Valid Real RequisicaoVips.valid_real_server( ip_aux_error, equip, evip, False) # Valid reals_prioritys vip_map, code = vip.valid_values_reals_priority(vip_map) if code is not None: return self.response_error(329) # Valid reals_weight vip_map, code = vip.valid_values_reals_weight(vip_map) if code is not None: return self.response_error(330) # Get variables variables_map = vip.variables_to_map() vip_port_list, reals_list, reals_priority, reals_weight = vip.get_vips_and_reals( vip.id) if reals_list: variables_map['reals'] = {'real': reals_list} variables_map['reals_prioritys'] = { 'reals_priority': reals_priority} variables_map['reals_weights'] = { 'reals_weight': reals_weight} variables_map['portas_servicos'] = {'porta': vip_port_list} # clone variables_map variables_map_old = clone(variables_map) # Valid ports variables_map, code = vip.valid_values_ports(variables_map) if code is not None: return self.response_error(331) """ OLD CALLS - Deprecated """ vip_ports_pool = VipPortToPool.objects.filter( requisicao_vip=vip) reals = vip_map.get('reals') new_call = True if reals and 'port_real' not in reals['real'][0]: new_call = False reals_prioritys = vip_map.get('reals_prioritys') reals_weights = dict() if 'reals_weights' in vip_map: reals_weights = vip_map.get('reals_weights') reals_aux = dict() reals_prioritys_aux = dict() reals_weight_aux = dict() reals_aux['real'] = list() reals_prioritys_aux['reals_priority'] = list() reals_weight_aux['reals_weight'] = list() repeat = ( len(vip_ports_pool) * len(reals['real'])) / len(reals['real']) execute_list = list() for x in range(repeat): execute_list.append((x + 1) * len(reals['real'])) for i in range(len(reals['real'])): for vippp in vip_ports_pool: reals_prioritys_aux['reals_priority'].append( reals_prioritys['reals_priority'][i]) if 'reals_weight' in reals_weights: reals_weight_aux['reals_weight'].append( reals_weights['reals_weight'][i]) server_pool = ServerPool.objects.get( vipporttopool__id=vippp.id, vipporttopool__requisicao_vip=vip) if 'id_ip' not in reals['real'][i]: id_ip = get_id_ip(reals['real'][i]) else: id_ip = reals['real'][i]['id_ip'] reals_aux['real'].append({'id_ip': id_ip, 'port_real': server_pool.default_port, 'real_name': reals[ 'real'][i]['real_name'], 'port_vip': vippp.port_vip, u'real_ip': reals['real'][i]['real_ip']}) vip_map['reals_prioritys'] = reals_prioritys_aux vip_map['reals_weights'] = reals_weight_aux vip_map['reals'] = reals_aux """ OLD CALLS - END """ # Check diff reals (reals_to_add, reals_to_rem, reals_to_stay) reals_to_add, reals_to_rem, reals_to_stay = diff_reals( variables_map, vip_map) reals_final = dict() reals_final['reals'] = list() reals_final['priorities'] = list() reals_final['weights'] = list() reals_error = list() removes = True error = False ############################################## # NOT MODIFIED - reals_to_stay # ############################################## for i in range(len(reals_to_stay['reals'])): real, priority, weight, id_ip, port_vip, port_real, new_call = get_variables( reals_to_stay, i, new_call) # Check ip type if is_valid_ipv4(real.get('real_ip')) == True: ip_type = IP_VERSION.IPv4[1] ip = Ip().get_by_pk(id_ip) else: ip_type = IP_VERSION.IPv6[1] ip = Ipv6().get_by_pk(id_ip) reals_final['reals'].append(reals_to_stay['reals'][i]) reals_final['priorities'].append( reals_to_stay['priorities'][i]) if reals_to_stay['weighted']: reals_final['weights'].append( reals_to_stay['weights'][i]) server_pool = ServerPool.objects.get( vipporttopool__port_vip=port_vip, vipporttopool__requisicao_vip=vip) if ip_type == IP_VERSION.IPv4[1]: server_pool_member = ServerPoolMember.objects.get(server_pool=server_pool, port_real=port_real, ip=id_ip) else: server_pool_member = ServerPoolMember.objects.get(server_pool=server_pool, port_real=port_real, ipv6=id_ip) server_pool_member.priority = priority server_pool_member.weight = weight server_pool_member.save(user, commit=True) ############################################# # ADD REALS - reals_to_add # ############################################# for i in range(len(reals_to_add['reals'])): real, priority, weight, id_ip, port_vip, port_real, new_call = get_variables( reals_to_add, i, new_call) if len(real.get('real_ip').split('.')) <= 1: ip_type = IP_VERSION.IPv6[1] ip = Ipv6().get_by_pk(id_ip) if new_call: command = VIP_REALS_v6_CREATE % ( vip.id, id_ip, port_real, port_vip) else: command = VIP_REAL_v6_CREATE % ( vip.id, real.get('real_name'), real.get('real_ip')) else: ip_type = IP_VERSION.IPv4[1] ip = Ip().get_by_pk(id_ip) if new_call: command = VIP_REALS_v4_CREATE % ( vip.id, id_ip, port_real, port_vip) else: command = VIP_REAL_v4_CREATE % ( vip.id, real.get('real_name'), real.get('real_ip')) self.log.info( '------------------- ADD ----------------------') self.log.info( 'Insert ServerPoolMember before execute script') add_reals_before_script( port_vip, vip, ip, ip_type, priority, weight, port_real, user) self.log.info('The insert has completed successfully') # if new_call or (i + 1) in execute_list: self.log.info('Execute script: %s' % command) code, stdout, stderr = exec_script(command) self.log.info( 'Script was executed and returned code %s' % code) if code != 0: removes = False error = True reals_error.append(real) self.log.info( 'Remove ServerPoolMember after execute script if code != 0') remove_reals_after_script( port_vip, ip_type, vip, port_real, priority, weight, id_ip, user) self.log.info('The remove has completed successfully') else: reals_final['reals'].append(real) reals_final['priorities'].append( reals_to_add['priorities'][i]) if reals_to_add['weighted']: reals_final['weights'].append( reals_to_add['weights'][i]) self.log.info( '----------------- ADD END --------------------') ########################################## # REMOVE REALS - reals_to_rem # ########################################## if removes: for i in range(len(reals_to_rem['reals'])): real, priority, weight, id_ip, port_vip, port_real, new_call = get_variables( reals_to_rem, i, new_call) if len(real.get('real_ip').split('.')) <= 1: ip_type = IP_VERSION.IPv6[1] if new_call: command = VIP_REALS_v6_REMOVE % ( vip.id, id_ip, port_real, port_vip) else: command = VIP_REAL_v6_REMOVE % ( vip.id, real.get('real_name'), real.get('real_ip')) else: ip_type = IP_VERSION.IPv4[1] if new_call: command = VIP_REALS_v4_REMOVE % ( vip.id, id_ip, port_real, port_vip) else: command = VIP_REAL_v4_REMOVE % ( vip.id, real.get('real_name'), real.get('real_ip')) self.log.info( '------------------ REMOVE --------------------') self.log.info('Execute script: %s' % command) code, stdout, stderr = exec_script(command) self.log.info( 'script was executed and returned code %s' % code) if code != 0: error = True reals_error.append(real) reals_final['reals'].append(real) reals_final['priorities'].append( reals_to_rem['priorities'][i]) if reals_to_rem['weighted']: reals_final['weights'].append( reals_to_rem['weights'][i]) else: self.log.info( 'Remove ServerPoolMember after execute script') remove_reals_after_script( port_vip, ip_type, vip, port_real, priority, weight, id_ip, user) self.log.info( 'The remove has completed successfully') self.log.info( '---------------- REMOVE END ------------------') else: for i in range(len(reals_to_rem['reals'])): real = reals_to_rem['reals'][i] reals_final['reals'].append(real) reals_final['priorities'].append( reals_to_rem['priorities'][i]) if reals_to_add['weighted']: reals_final['weights'].append( reals_to_rem['weights'][i]) variables_map['reals'] = dict() variables_map['reals_prioritys'] = dict() variables_map['reals_weights'] = dict() if len(reals_final['reals']) > 0: variables_map['reals']['real'] = reals_final['reals'] variables_map['reals_prioritys'][ 'reals_priority'] = reals_final['priorities'] if reals_final['weights'] is not None: variables_map['reals_weights'][ 'reals_weight'] = reals_final['weights'] else: variables_map.pop('reals') variables_map.pop('reals_prioritys') variables_map.pop('reals_weights') # set variables vip.set_variables(variables_map) try: # If Priority changed if int(alter_priority) != 0: # gerador_vips -i <ID_REQUISICAO> --priority command = 'gerador_vips -i %d --priority' % vip.id # Logging self.log.info( '---------------- ALTER PRIORITY ------------------') self.log.info('Command: ' + command) # Execute script code, stdout, stderr = exec_script(command) self.log.info('Code returned: ' + str(code)) self.log.info('Stdout: ' + stdout) self.log.info( '-------------- ALTER PRIORITY END ----------------') # Script returned error while executing, rollback the # changes in database if code != 0: self.log.info('Code != 0, rollback changes') vip_old.save(user, commit=True) for sp in server_pools_old: sp.save(user, commit=True) for spm in server_pools_members_old: spm.save(user, commit=True) return self.response_error(2, stdout + stderr) except Exception, e: if isinstance(e, IntegrityError): # Duplicate value for Port Vip, Port Real and IP self.log.error(u'Failed to update the request vip.') return self.response_error(353) else: self.log.error(u'Failed to update the request vip.') raise RequisicaoVipsError( e, u'Failed to update the request vip') if error: # build return message vip_list = '' ip_list = '' for real in reals_error: vip_list = vip_list + real['real_name'] + ', ' ip_list = ip_list + real['real_ip'] + ', ' return self.response_error(333, vip_list[:-2], ip_list[:-2]) else: return self.response(dumps_networkapi({})) except XMLError, x: self.log.error(u'Error reading the XML request.') return self.response_error(3, x)
success_map = dict() success_map['codigo'] = '%04d' % 0 success_map['descricao'] = { 'stdout': 'Nothing to do. Vlan was already not active', 'stderr': ''} map = dict() map['sucesso'] = success_map return self.response(dumps_networkapi(map)) # Execute script vlan_id = vlan.id environment_id = vlan.ambiente.id # navlan -i <ID_REQUISICAO> --remove command = settings.VLAN_REMOVE % vlan_id code, stdout, stderr = exec_script(command) # Return XML if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = { 'stdout': stdout, 'stderr': stderr} map = dict() map['sucesso'] = success_map # Set as deactivate vlan.remove(user) return self.response(dumps_networkapi(map))
def handle_delete(self, request, user, *args, **kwargs): """Handles DELETE requests to remove VLAN by ID. URLs: /vlan/<id_vlan>/remove/ """ self.log.info('Remove VLAN by ID') CODE_MESSAGE_VLAN_ERROR = 369 try: # Commons Validations # User permission if not has_perm(user, AdminPermission.VLAN_MANAGEMENT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() # Business Validations # Load URL param vlan_id = kwargs.get('id_vlan') # Valid VLAN ID if not is_valid_int_greater_zero_param(vlan_id): self.log.error( u'Parameter id_vlan is invalid. Value: %s.', vlan_id) raise InvalidValueError(None, 'id_vlan', vlan_id) # Existing VLAN ID vlan = Vlan().get_by_pk(vlan_id) # Check permission group equipments equips_from_ipv4 = Equipamento.objects.filter( ipequipamento__ip__networkipv4__vlan=vlan_id, equipamentoambiente__is_router=1).distinct() equips_from_ipv6 = Equipamento.objects.filter( ipv6equipament__ip__networkipv6__vlan=vlan_id, equipamentoambiente__is_router=1).distinct() for equip in equips_from_ipv4: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() for equip in equips_from_ipv6: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() with distributedlock(LOCK_VLAN % vlan_id): # Business Rules if vlan.ativada: network_errors = [] for net4 in vlan.networkipv4_set.all(): if net4.active: try: command = settings.NETWORKIPV4_REMOVE % int( net4.id) code, stdout, stderr = exec_script(command) if code == 0: net4.deactivate(user, True) else: network_errors.append(str(net4.id)) except Exception, e: network_errors.append(str(net4.id)) pass for net6 in vlan.networkipv6_set.all(): if net6.active: try: command = settings.NETWORKIPV6_REMOVE % int( net6.id) code, stdout, stderr = exec_script(command) if code == 0: net6.deactivate(user, True) else: network_errors.append(str(net6.id)) except Exception, e: network_errors.append(str(net6.id)) pass if network_errors: raise VlanNetworkError( None, message=', '.join(network_errors)) else:
def handle_put(self, request, user, *args, **kwargs): """Treat PUT requests to change reals_priority list of VIP. URLs: /vip/<id_vip>/priority/ """ self.log.info("Change list the reals_priority to VIP") try: vip_id = kwargs.get('id_vip') # Load XML data xml_map, attrs_map = loads(request.raw_post_data, ['reals_priority']) # XML data format networkapi_map = xml_map.get('networkapi') if networkapi_map is None: return self.response_error( 3, u'There is no value to the networkapi tag of XML request.' ) vip_map = networkapi_map.get('vip') if vip_map is None: return self.response_error( 3, u'There is no value to the vip tag of XML request.') # User permission if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) # Valid Vip ID if not is_valid_int_greater_zero_param(vip_id): self.log.error( u'The vip_id parameter is not a valid value: %s.', vip_id) raise InvalidValueError(None, 'vip_id', vip_id) # Valid reals_prioritys reals_prioritys_map = vip_map.get('reals_prioritys') if (reals_prioritys_map is not None): reals_priority_map = reals_prioritys_map.get('reals_priority') if (reals_priority_map is not None): # Valid values of reals_priority for reals_priority in reals_priority_map: if not is_valid_int_greater_equal_zero_param( reals_priority): self.log.error( u'The reals_priority parameter is not a valid value: %s.', reals_priority) raise InvalidValueError(None, 'reals_priority', reals_priority) if len(reals_priority_map) > 0: vip_map = RequisicaoVips.is_valid_values_reals_priority( reals_priority_map) else: self.log.error( u'The reals_priority_map parameter is not a valid value: %s.', reals_priority_map) raise InvalidValueError(None, 'reals_priority_map', reals_priority_map) else: self.log.error( u'The reals_priority parameter is not a valid value: %s.', reals_priority_map) raise InvalidValueError(None, 'reals_priority', reals_priority_map) else: self.log.error( u'The reals_prioritys parameter is not a valid value: %s.', reals_prioritys_map) raise InvalidValueError(None, 'reals_prioritys', reals_prioritys_map) # Existing Vip ID vip = RequisicaoVips.get_by_pk(vip_id) with distributedlock(LOCK_VIP % vip_id): vip_old = clone(vip) # Vip must be created if not vip.vip_criado: self.log.error( u'Priority can not be changed because VIP has not yet been created.' ) raise RequestVipsNotBeenCreatedError(None) # Vip equipments permission for ip_equipment in vip.ip.ipequipamento_set.all(): if not has_perm( user, AdminPermission.VIP_CREATE_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): self.log.error( u'Groups of equipment registered with the IP of the VIP request is not allowed of acess.' ) raise EquipmentGroupsNotAuthorizedError(None) variables_map = vip.variables_to_map() # Valid list reals_server """if len(variables_map.get('reals').get('real')) != len(vip_map.get('reals_prioritys').get('reals_priority')): self.log.error(u'List the Reals_priority is higher or lower than list the real_server.') return self.response_error(272)""" variables_map['reals_prioritys'] = vip_map.get( 'reals_prioritys') vip.set_variables(variables_map) vip.save(user, commit=True) # gerador_vips -i <ID_REQUISICAO> --priority command = 'gerador_vips -i %d --priority' % vip.id code, stdout, stderr = exec_script(command) if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = { 'stdout': stdout, 'stderr': stderr } map = dict() map['sucesso'] = success_map return self.response(dumps_networkapi(map)) else: vip_old.save(user, commit=True) return self.response_error(2, stdout + stderr) except XMLError, x: self.log.error(u'Error reading the XML request.') return self.response_error(3, x)
def save_server_pool(user, id, identifier, default_port, hc, env, balancing, maxconn, id_pool_member, servicedownaction): # Save Server pool old_healthcheck = None if id: sp = ServerPool.objects.get(id=id) # storage old healthcheck , lb method and service-down-action old_servicedownaction = sp.servicedownaction old_identifier = sp.identifier old_healthcheck = Healthcheck.objects.get(id=sp.healthcheck.id) old_lb_method = sp.lb_method old_maxconn = sp.default_limit #valid change environment if sp.environment and sp.environment.id != env.id: if sp.pool_created: raise exceptions.UpdateEnvironmentPoolCreatedException() del_smp = sp.serverpoolmember_set.exclude(id__in=id_pool_member) vip = sp.vipporttopool_set.count() if vip > 0: raise exceptions.UpdateEnvironmentVIPException() if len(del_smp) > 0: raise exceptions.UpdateEnvironmentServerPoolMemberException() #Pool already created, it is not possible to change Pool Identifier if(old_identifier != identifier and sp.pool_created): raise exceptions.CreatedPoolIdentifierException() sp.default_port = default_port sp.environment = env sp.default_limit = old_maxconn sp.healthcheck = old_healthcheck sp.lb_method = old_lb_method sp.identifier = identifier sp.save(user) sp.default_limit = maxconn sp.save(user) #If exists pool member, checks if all them have the same maxconn #before changing default maxconn of pool if(len(sp.serverpoolmember_set.all()) > 0): if(old_maxconn != sp.default_limit and sp.pool_created): for serverpoolmember in sp.serverpoolmember_set.all(): if serverpoolmember.limit != old_maxconn: raise exceptions.ScriptAlterLimitPoolDiffMembersException() else: serverpoolmember.limit = maxconn serverpoolmember.save(user) transaction.commit() command = settings.POOL_MANAGEMENT_LIMITS % (sp.id) code, _, _ = exec_script(command) if code != 0: sp.default_limit = old_maxconn for serverpoolmember in sp.serverpoolmember_set.all(): serverpoolmember.limit = old_maxconn serverpoolmember.save(user) sp.save(user) transaction.commit() raise exceptions.ScriptAlterLimitPoolException() #Applies new healthcheck in pool #Todo - new method sp.healthcheck = hc sp.save(user) if(old_healthcheck.id != hc.id and sp.pool_created): transaction.commit() command = settings.POOL_HEALTHCHECK % (sp.id) code, _, _ = exec_script(command) if code != 0: sp.healthcheck = old_healthcheck sp.save(user) transaction.commit() raise exceptions.ScriptCreatePoolException() #Applies new lb method in pool #Todo - new method sp.lb_method = balancing sp.save(user) if(old_lb_method != sp.lb_method and sp.pool_created): transaction.commit() command = settings.POOL_MANAGEMENT_LB_METHOD % (sp.id) code, _, _ = exec_script(command) if code != 0: sp.lb_method = old_lb_method sp.save(user) transaction.commit() raise exceptions.ScriptCreatePoolException() #Applies new service-down-action in pool #Todo - new method sp.servicedownaction = servicedownaction sp.save(user) if(old_servicedownaction != sp.servicedownaction and sp.pool_created): transaction.commit() command = settings.POOL_SERVICEDOWNACTION % (sp.id) code, _, _ = exec_script(command) if code != 0: sp.servicedownaction = old_servicedownaction sp.save(user) transaction.commit() raise exceptions.ScriptAlterServiceDownActionException() else: sp = ServerPool(identifier=identifier, default_port=default_port, healthcheck=hc, environment=env, pool_created=False, lb_method=balancing, default_limit=maxconn, servicedownaction=servicedownaction) sp.save(user) return sp, (old_healthcheck.id if old_healthcheck else None)
def handle_put(self, request, user, *args, **kwargs): '''Treat PUT requests to activate a vlan Set column ativada = 1 URL: vlan/create/ ''' try: # User permission if not has_perm(user, AdminPermission.VLAN_MANAGEMENT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() # Load XML data xml_map, attrs_map = loads(request.raw_post_data) # XML data format networkapi_map = xml_map.get('networkapi') vlan_map = networkapi_map.get('vlan') id_vlan = vlan_map.get('vlan_id') vlan = Vlan() vlan = vlan.get_by_pk(id_vlan) # Check permission group equipments equips_from_ipv4 = Equipamento.objects.filter( ipequipamento__ip__networkipv4__vlan=id_vlan, equipamentoambiente__is_router=1) equips_from_ipv6 = Equipamento.objects.filter( ipv6equipament__ip__networkipv6__vlan=id_vlan, equipamentoambiente__is_router=1) for equip in equips_from_ipv4: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() for equip in equips_from_ipv6: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() if vlan.ativada: return self.response_error(122) # Make command vlan_command = settings.VLAN_CREATE % int(id_vlan) # Execute command code, stdout, stderr = exec_script(vlan_command) # if command was successfully executed if code == 0: # After execute script, change to activated vlan.activate(user) else: return self.response_error(2, stdout + stderr) # Send to Queue queue_manager = QueueManager() serializer = VlanSerializer(vlan) data_to_queue = serializer.data data_to_queue.update({'description': queue_keys.VLAN_ACTIVATE}) queue_manager.append({'action': queue_keys.VLAN_ACTIVATE,'kind': queue_keys.VLAN_KEY,'data': data_to_queue}) queue_manager.send() return self.response(dumps_networkapi({})) except InvalidValueError, e: return self.response_error(269, e.param, e.value)
def handle_put(self, request, user, *args, **kwargs): """ Handles PUT requests to change the VIP's healthcheck. URL: vip/<id_vip>/healthcheck """ self.log.info("Change VIP's healthcheck") try: # Commons Validations # User permission if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) # Valid Vip ID vip_id = kwargs.get('id_vip') if not is_valid_int_greater_zero_param(vip_id): self.log.error( u'The vip_id parameter is not a valid value: %s.', vip_id) raise InvalidValueError(None) # Existing Vip ID vip = RequisicaoVips.get_by_pk(vip_id) with distributedlock(LOCK_VIP % vip_id): vip_old = clone(vip) # Vip must be created if not vip.vip_criado: self.log.error( u'Healthcheck can not be changed because VIP has not yet been created.' ) raise RequestVipsNotBeenCreatedError(None) # Vip equipments permission if vip.ip is not None: for ip_equipment in vip.ip.ipequipamento_set.all(): if not has_perm( user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): self.log.error( u'Groups of equipment registered with the IP of the VIP request is not allowed of acess.' ) raise EquipmentGroupsNotAuthorizedError(None) if vip.ipv6 is not None: for ip_equipment in vip.ipv6.ipv6equipament_set.all(): if not has_perm( user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): self.log.error( u'Groups of equipment registered with the IP of the VIP request is not allowed of acess.' ) raise EquipmentGroupsNotAuthorizedError(None) # Business Validations # Load XML data xml_map, attrs_map = loads(request.raw_post_data) # XML data format networkapi_map = xml_map.get('networkapi') if networkapi_map is None: return self.response_error( 3, u'There is no value to the networkapi tag of XML request.' ) vip_map = networkapi_map.get('vip') if vip_map is None: return self.response_error( 3, u'There is no value to the vip tag of XML request.') # Get XML data healthcheck_type = upper(str(vip_map['healthcheck_type'])) healthcheck = vip_map['healthcheck'] id_healthcheck_expect = vip_map['id_healthcheck_expect'] vars = vip.variables_to_map() environment_vip = EnvironmentVip.get_by_values( vars.get('finalidade'), vars.get('cliente'), vars.get('ambiente')) healthcheck_is_valid = RequisicaoVips.heathcheck_exist( healthcheck_type, environment_vip.id) # healthcheck_type exist' if not healthcheck_is_valid: self.log.error( u'The healthcheck_type parameter not exist.') raise InvalidValueError( u'The healthcheck_type parameter not exist.', 'healthcheck_type', healthcheck_type) # If healthcheck_type is not HTTP id_healthcheck_expect and # healthcheck must be None if healthcheck_type != 'HTTP': if not (id_healthcheck_expect is None and healthcheck is None): msg = u'The healthcheck_type parameter is %s, then healthcheck and id_healthcheck_expect must be None.' % healthcheck_type self.log.error(msg) raise InvalidValueError(msg) # return self.response_error(276) # If healthcheck_type is 'HTTP' id_healthcheck_expect and # healthcheck must NOT be None elif healthcheck_type == 'HTTP': if id_healthcheck_expect is None or healthcheck is None: msg = u'The healthcheck_type parameter is HTTP, then healthcheck and id_healthcheck_expect must NOT be None.' self.log.error(msg) raise InvalidValueError(msg) else: try: # Valid healthcheck_expect ID if not is_valid_int_greater_zero_param( id_healthcheck_expect): self.log.error( u'The id_healthcheck_expect parameter is not a valid value: %s.', id_healthcheck_expect) raise InvalidValueError( None, 'id_healthcheck_expect', id_healthcheck_expect) # Find healthcheck_expect by ID to check if it # exist healthcheck_expect = HealthcheckExpect.get_by_pk( id_healthcheck_expect) # Check if healthcheck is a string if not isinstance(healthcheck, basestring): msg = u'The healthcheck must be a string.' self.log.error(msg) raise InvalidValueError( msg, 'healthcheck', healthcheck) except HealthcheckExpectNotFoundError: msg = u'The id_healthcheck_expect parameter does not exist.' self.log.error(msg) raise InvalidValueError(msg, 'id_healthcheck_expect', id_healthcheck_expect) # Business Rules # Get variables variables_map = vip.variables_to_map() # Valid variables vip.set_variables(variables_map) # Set healthcheck_type variables_map['healthcheck_type'] = healthcheck_type # If healthcheck_type is HTTP if healthcheck_type == 'HTTP': # Set healthcheck variables_map['healthcheck'] = healthcheck # Set id_healthcheck_expect vip.healthcheck_expect = healthcheck_expect else: # Set healthcheck to None variables_map['healthcheck'] = None # Set id_healthcheck_expect to None vip.healthcheck_expect = None # Set variables vip.set_variables(variables_map) # Save VIP vip.save(user, commit=True) # Executar script # Put old call to work with new pool features # This call is deprecated server_pools = ServerPool.objects.filter( vipporttopool__requisicao_vip=vip) if healthcheck is None: healthcheck = '' if id_healthcheck_expect is None: healthcheck_expect = '' else: healthcheck_expect = healthcheck_expect.expect_string healthcheck_identifier = '' healthcheck_destination = '*:*' hc = get_or_create_healthcheck(user, healthcheck_expect, healthcheck_type, healthcheck, healthcheck_destination, healthcheck_identifier) # Applies new healthcheck in pool # Todo - new method old_healthchecks = [] for sp in server_pools: old_healthchecks.append(sp.healthcheck) sp.healthcheck = hc sp.save(user, commit=True) # gerador_vips -i <ID_REQUISICAO> --healthcheck command = 'gerador_vips -i %d --healthcheck' % vip.id code, stdout, stderr = exec_script(command) if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = { 'stdout': stdout, 'stderr': stderr } map = dict() map['sucesso'] = success_map return self.response(dumps_networkapi(map)) else: old_healthchecks.reverse() for sp in server_pools: sp.healthcheck = old_healthchecks.pop() sp.save(user, commit=True) vip_old.save(user, commit=True) return self.response_error(2, stdout + stderr) except XMLError, x: self.log.error(u'Error reading the XML request.') return self.response_error(3, x)
class GroupVirtualResource(RestResource): log = logging.getLogger('GroupVirtualResource') def handle_delete(self, request, user, *args, **kwargs): """Trata as requisições de PUT para remover um grupo virtual. URL: /grupovirtual/ """ try: xml_map, attrs_map = loads( request.raw_post_data, ['vip', 'equipamento', 'id_equipamento']) except XMLError, x: self.log.error(u'Erro ao ler o XML da requisição.') return self.response_error(3, x) networkapi_map = xml_map.get('networkapi') if networkapi_map is None: return self.response_error( 3, u'Não existe valor para a tag networkapi do XML de requisição.' ) vips_map = networkapi_map.get('vips') try: equipments_map = networkapi_map['equipamentos'] except KeyError: return self.response_error(3, u'XML de requisição inválido.') try: with distributedlock(LOCK_GROUP_VIRTUAL): # Vips if vips_map is not None: try: vip_maps = vips_map['vip'] for vip_map in vip_maps: balanceadores_map = vip_map['balanceadores'] if balanceadores_map is None: return self.response_error( 3, u'Valor da tag balanceadores do XML de requisição inválido.' ) ip_id = vip_map['id_ip'] try: ip_id = int(ip_id) except (TypeError, ValueError), e: self.log.error(u'Valor do id_ip inválido: %s.', ip_id) raise IpNotFoundError( e, u'Valor do id_ip inválido: %s.' % ip_id) vip_s = RequisicaoVips.get_by_ipv4_id(ip_id) # Run scripts to remove vips for vip in vip_s: # Make command command = VIP_REMOVE % (vip.id) # Execute command code, stdout, stderr = exec_script(command) if code == 0: vip.vip_criado = 0 vip.save() # SYNC_VIP old_to_new(vip) else: return self.response_error( 2, stdout + stderr) equipment_ids = balanceadores_map['id_equipamento'] for equip_id in equipment_ids: try: equip_id = int(equip_id) except (TypeError, ValueError), e: self.log.error( u'Valor do id_equipamento inválido: %s.', equip_id) raise EquipamentoNotFoundError( e, u'Valor do id_equipamento inválido: %s.' % equip_id) remove_ip_equipment(ip_id, equip_id, user) except KeyError: return self.response_error( 3, u'Valor das tags vips/vip do XML de requisição inválido.' )
def handle_post(self, request, user, *args, **kwargs): '''Treat POST requests to run remove script for vip URL: vip/remove/ ''' try: # Commons Validations # User permission if not has_perm(user, AdminPermission.VIP_REMOVE_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() # Business Validations # Load XML data xml_map, attrs_map = loads(request.raw_post_data) # XML data format networkapi_map = xml_map.get('networkapi') if networkapi_map is None: msg = u'There is no value to the networkapi tag of XML request.' self.log.error(msg) return self.response_error(3, msg) vip_map = networkapi_map.get('vip') if vip_map is None: msg = u'There is no value to the vlan tag of XML request.' self.log.error(msg) return self.response_error(3, msg) # Get XML data vip_id = vip_map.get('id_vip') # Valid vip ID if not is_valid_int_greater_zero_param(vip_id): self.log.error(u'Parameter id_vip is invalid. Value: %s.', vip_id) raise InvalidValueError(None, 'id_vip', vip_id) map = dict() # Vip must exists in database vip = RequisicaoVips.get_by_pk(vip_id) with distributedlock(LOCK_VIP % vip_id): # Equipment permissions if vip.ip is not None: for ip_equipment in vip.ip.ipequipamento_set.all(): if not has_perm( user, AdminPermission.VIP_CREATE_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): return self.not_authorized() if vip.ipv6 is not None: for ip_equipment in vip.ipv6.ipv6equipament_set.all(): if not has_perm( user, AdminPermission.VIP_CREATE_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): return self.not_authorized() # Must be validated if not vip.validado: return self.response_error(191, vip_id) # Must be created if not vip.vip_criado: return self.response_error(322, vip_id) # Business Rules # Make command command = VIP_REMOVE % (vip.id) # Execute command code, stdout, stderr = exec_script(command) if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = { 'stdout': stdout, 'stderr': stderr } vip.vip_criado = 0 vip.save() # SYNC_VIP old_to_new(vip) #Marks the server pool as not created if the # server pool is not used in another already created vip request server_pools = ServerPool.objects.filter( vipporttopool__requisicao_vip=vip.id) for server_pool in server_pools: #Checks if server pool is still used in another created vip request server_pools_still_used = VipPortToPool.objects.filter( server_pool=server_pool).exclude( requisicao_vip=vip.id) vip_with_server_pool_is_created = 0 for server_pool_still_used in server_pools_still_used: if server_pool_still_used.requisicao_vip.vip_criado: vip_with_server_pool_is_created = 1 if not vip_with_server_pool_is_created and server_pool.pool_created: server_pool.pool_created = 0 server_pool.save() map['sucesso'] = success_map else: return self.response_error(2, stdout + stderr) # Return XML return self.response(dumps_networkapi(map)) except InvalidValueError, e: return self.response_error(269, e.param, e.value)
def administrate_real(self, user, vip_id, equip_id, ip_id, operation, network_version, port_vip=None, port_real=None): # Valid VIP ID if not is_valid_int_greater_zero_param(vip_id): self.log.error( u'The vip_id parameter is not a valid value: %s.', vip_id) raise InvalidValueError(None, 'vip_id', vip_id) # Valid Equipament ID if not is_valid_int_greater_zero_param(equip_id): self.log.error( u'The equip_id parameter is not a valid value: %s.', equip_id) raise InvalidValueError(None, 'equip_id', equip_id) # Valid IP ID if not is_valid_int_greater_zero_param(ip_id): self.log.error( u'The ip_id parameter is not a valid value: %s.', ip_id) raise InvalidValueError(None, 'ip_id', ip_id) # Valid operation if operation not in ['add', 'del', 'ena', 'dis', 'chk']: self.log.error( u'The operation parameter is not a valid value: %s.', operation) raise InvalidValueError(None, 'operation', operation) # Valid network version if network_version not in ['v4', 'v6']: self.log.error( u'The network_version parameter is not a valid value: %s.', network_version) raise InvalidValueError(None, 'network_version', network_version) # User permission if (operation == 'chk'): if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.READ_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) else: if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, equip_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) # new_call = True - New calls for Add/Del/Enable/Disable/Check with new params (Port Vip and Port Real) # new_call = False = Old calls for compatibility new_call = False if port_vip != None and port_real != None: # Valid ports if not is_valid_int_greater_zero_param(port_vip): self.log.error( u'The port_vip parameter is not a valid value: %s.', port_vip) raise InvalidValueError(None, 'port_vip', port_vip) if not is_valid_int_greater_zero_param(port_real): self.log.error( u'The port_vip parameter is not a valid value: %s.', port_real) raise InvalidValueError(None, 'port_real', port_real) new_call = True # Find Request VIP by ID to check if it exist vip = RequisicaoVips.get_by_pk(vip_id) # Get variables variables_map = vip.variables_to_map() # Valid variables #vip.set_variables(variables_map) evip = EnvironmentVip.get_by_values(variables_map.get('finalidade'), variables_map.get('cliente'), variables_map.get('ambiente')) # Valid network_version - IPv4 if network_version == IP_VERSION.IPv4[0]: # Find IpEquipamento to check if it exist IpEquip = IpEquipamento().get_by_ip_equipment(ip_id, equip_id) real_name = IpEquip.equipamento.nome end_ip = "%s.%s.%s.%s" % ( IpEquip.ip.oct1, IpEquip.ip.oct2, IpEquip.ip.oct3, IpEquip.ip.oct4) # Valid Real RequisicaoVips.valid_real_server(end_ip, IpEquip.equipamento, evip, False) # Valid network_version - IPv6 elif network_version == IP_VERSION.IPv6[0]: # Find Ipv6Equipament to check if it exist Ipv6Equip = Ipv6Equipament().get_by_ip_equipment(ip_id, equip_id) real_name = Ipv6Equip.equipamento.nome end_ip = "%s:%s:%s:%s:%s:%s:%s:%s" % (Ipv6Equip.ip.block1, Ipv6Equip.ip.block2, Ipv6Equip.ip.block3, Ipv6Equip.ip.block4, Ipv6Equip.ip.block5, Ipv6Equip.ip.block6, Ipv6Equip.ip.block7, Ipv6Equip.ip.block8) # Valid Real RequisicaoVips.valid_real_server(end_ip, Ipv6Equip.equipamento, evip, False) if (operation == 'chk'): if IP_VERSION.IPv4[0] == network_version: if new_call: command = VIP_REALS_v4_CHECK % ( vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v4_CHECK % (vip_id, real_name, end_ip) else: if new_call: command = VIP_REALS_v6_CHECK % ( vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v6_CHECK % (vip_id, real_name, end_ip) else: with distributedlock(LOCK_VIP_IP_EQUIP % (vip_id, ip_id, equip_id)): if (operation == 'add'): if IP_VERSION.IPv4[0] == network_version: if new_call: command = VIP_REALS_v4_CREATE % ( vip_id, ip_id, port_real, port_vip) ServerPoolMember().save_specified_port( vip_id, port_vip, IpEquip.ip, IP_VERSION.IPv4[1], port_real, user) else: command = VIP_REAL_v4_CREATE % ( vip_id, real_name, end_ip) ServerPoolMember().save_with_default_port( vip_id, IpEquip.ip, IP_VERSION.IPv4[1], user) else: if new_call: command = VIP_REALS_v6_CREATE % ( vip_id, ip_id, port_real, port_vip) ServerPoolMember().save_specified_port( vip_id, port_vip, Ipv6Equip.ip, IP_VERSION.IPv6[1], port_real, user) else: command = VIP_REAL_v6_CREATE % ( vip_id, real_name, end_ip) ServerPoolMember().save_with_default_port( vip_id, Ipv6Equip.ip, IP_VERSION.IPv6[1], user) elif (operation == 'del'): if IP_VERSION.IPv4[0] == network_version: if new_call: command = VIP_REALS_v4_REMOVE % ( vip_id, ip_id, port_real, port_vip) pool_members = ServerPoolMember.objects.filter( ip=ip_id, server_pool__vipporttopool__requisicao_vip__id=vip_id, server_pool__vipporttopool__port_vip=port_vip, port_real=port_real) [pool_member.delete() for pool_member in pool_members] else: command = VIP_REAL_v4_REMOVE % ( vip_id, real_name, end_ip) pool_members = ServerPoolMember.objects.filter( ip=ip_id, server_pool__vipporttopool__requisicao_vip__id=vip_id) [pool_member.delete() for pool_member in pool_members] else: if new_call: command = VIP_REALS_v6_REMOVE % ( vip_id, ip_id, port_real, port_vip) pool_members = ServerPoolMember.objects.filter( ipv6=ip_id, server_pool__vipporttopool__requisicao_vip__id=vip_id, server_pool__vipporttopool__port_vip=port_vip, port_real=port_real) [pool_member.delete() for pool_member in pool_members] else: command = VIP_REAL_v6_REMOVE % ( vip_id, real_name, end_ip) pool_members = ServerPoolMember.objects.filter( ipv6=ip_id, server_pool__vipporttopool__requisicao_vip__id=vip_id) [pool_member.delete() for pool_member in pool_members] elif (operation == 'ena'): if IP_VERSION.IPv4[0] == network_version: if new_call: command = VIP_REALS_v4_ENABLE % ( vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v4_ENABLE % ( vip_id, real_name, end_ip) else: if new_call: command = VIP_REALS_v6_ENABLE % ( vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v6_ENABLE % ( vip_id, real_name, end_ip) elif (operation == 'dis'): if IP_VERSION.IPv4[0] == network_version: if new_call: command = VIP_REALS_v4_DISABLE % ( vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v4_DISABLE % ( vip_id, real_name, end_ip) else: if new_call: command = VIP_REALS_v6_DISABLE % ( vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v6_DISABLE % ( vip_id, real_name, end_ip) self.log.info(command) # Execute script code, stdout, stderr = exec_script(command) self.log.info(stdout) map = dict() success_map = dict() # Return XML if code == 0: success_map['codigo'] = '%04d' % code success_map['descricao'] = {'stdout': stdout, 'stderr': stderr} map['sucesso'] = success_map return self.response(dumps_networkapi(map)) elif code == 12: success_map['codigo'] = '0' success_map['descricao'] = {'stdout': '0', 'stderr': ''} map['sucesso'] = success_map self.rollback_changes(operation, new_call, network_version, vip_id, ip_id, port_real, port_vip, real_name, end_ip, user) return self.response(dumps_networkapi(map)) else: self.rollback_changes(operation, new_call, network_version, vip_id, ip_id, port_real, port_vip, real_name, end_ip, user) return self.response_error(2, stdout + stderr)
def handle_put(self, request, user, *args, **kwargs): """ Handles PUT requests to change the VIP's persistence. URL: vip/<id_vip>/persistence """ self.log.info("Change VIP's persistence") try: # Commons Validations # User permission if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) # Valid Vip ID vip_id = kwargs.get('id_vip') if not is_valid_int_greater_zero_param(vip_id): self.log.error( u'The vip_id parameter is not a valid value: %s.', vip_id) raise InvalidValueError(None) # Existing Vip ID vip = RequisicaoVips.get_by_pk(vip_id) with distributedlock(LOCK_VIP % vip_id): vip_old = clone(vip) # Vip must be created if not vip.vip_criado: self.log.error( u'Persistence can not be changed because VIP has not yet been created.' ) raise RequestVipsNotBeenCreatedError(None) # Vip equipments permission if vip.ip is not None: for ip_equipment in vip.ip.ipequipamento_set.all(): if not has_perm( user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): self.log.error( u'Groups of equipment registered with the IP of the VIP request is not allowed of acess.' ) raise EquipmentGroupsNotAuthorizedError(None) if vip.ipv6 is not None: for ip_equipment in vip.ipv6.ipv6equipament_set.all(): if not has_perm( user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): self.log.error( u'Groups of equipment registered with the IP of the VIP request is not allowed of acess.' ) raise EquipmentGroupsNotAuthorizedError(None) # Business Validations # Load XML data xml_map, attrs_map = loads(request.raw_post_data) # XML data format networkapi_map = xml_map.get('networkapi') if networkapi_map is None: return self.response_error( 3, u'There is no value to the networkapi tag of XML request.' ) vip_map = networkapi_map.get('vip') if vip_map is None: return self.response_error( 3, u'There is no value to the vip tag of XML request.') # Get variables variables_map = vip.variables_to_map() # validation of persistence type is doing by set_variables persistence = vip_map.get('persistencia', None) variables_map['persistencia'] = persistence # Set variables vip.set_variables(variables_map) # Save VIP vip.save(user, commit=True) # SYNC_VIP old_to_new(vip) # Executar script # gerador_vips -i <ID_REQUISICAO> --healthcheck command = 'gerador_vips -i %d --persistence' % vip.id code, stdout, stderr = exec_script(command) if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = { 'stdout': stdout, 'stderr': stderr } map = dict() map['sucesso'] = success_map return self.response(dumps_networkapi(map)) else: vip_old.save(user, commit=True) return self.response_error(2, stdout + stderr) except XMLError, x: self.log.error(u'Error reading the XML request.') return self.response_error(3, x)
success_map = dict() success_map['codigo'] = '%04d' % 0 success_map['descricao'] = { 'stdout': 'Nothing to do. Vlan was already not active', 'stderr': ''} map = dict() map['sucesso'] = success_map return self.response(dumps_networkapi(map)) # Execute script vlan_id = vlan.id environment_id = vlan.ambiente.id # navlan -i <ID_REQUISICAO> --remove command = settings.VLAN_REMOVE % vlan_id code, stdout, stderr = exec_script(command) # Return XML if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = { 'stdout': stdout, 'stderr': stderr} map = dict() map['sucesso'] = success_map #Set as deactivate vlan.remove(user) return self.response(dumps_networkapi(map))
def handle_post(self, request, user, *args, **kwargs): '''Treat POST requests to run script creation for vlan and networks URL: vlan/v4/create/ or vlan/v6/create/ ''' try: # Generic method for v4 and v6 network_version = kwargs.get('network_version') # Commons Validations # User permission if not has_perm(user, AdminPermission.VLAN_MANAGEMENT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() # Business Validations # Load XML data xml_map, attrs_map = loads(request.raw_post_data) # XML data format networkapi_map = xml_map.get('networkapi') if networkapi_map is None: msg = u'There is no value to the networkapi tag of XML request.' self.log.error(msg) return self.response_error(3, msg) vlan_map = networkapi_map.get('vlan') if vlan_map is None: msg = u'There is no value to the vlan tag of XML request.' self.log.error(msg) return self.response_error(3, msg) # Get XML data network_ip_id = vlan_map.get('id_network_ip') # Valid network_ip ID if not is_valid_int_greater_zero_param(network_ip_id): self.log.error( u'Parameter id_network_ip is invalid. Value: %s.', network_ip_id) raise InvalidValueError(None, 'id_network_ip', network_ip_id) # Network must exists in database if IP_VERSION.IPv4[0] == network_version: network_ip = NetworkIPv4().get_by_pk(network_ip_id) else: network_ip = NetworkIPv6().get_by_pk(network_ip_id) # Vlan must be active if Network is if network_ip.active: return self.response_error(299) # Check permission group equipments equips_from_ipv4 = Equipamento.objects.filter( ipequipamento__ip__networkipv4__vlan=network_ip.vlan.id, equipamentoambiente__is_router=1) equips_from_ipv6 = Equipamento.objects.filter( ipv6equipament__ip__networkipv6__vlan=network_ip.vlan.id, equipamentoambiente__is_router=1) for equip in equips_from_ipv4: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() for equip in equips_from_ipv6: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() # Business Rules success_map = dict() # If Vlan is not active, need to be created before network if not network_ip.vlan.ativada: # Make command vlan_command = VLAN_CREATE % (network_ip.vlan.id) # Execute command code, stdout, stderr = exec_script(vlan_command) if code == 0: # After execute script, change to activated network_ip.vlan.activate(user) vlan_success = dict() vlan_success['codigo'] = '%04d' % code vlan_success['descricao'] = { 'stdout': stdout, 'stderr': stderr} success_map['vlan'] = vlan_success else: return self.response_error(2, stdout + stderr) # Make command to create Network if IP_VERSION.IPv4[0] == network_version: command = NETWORKIPV4_CREATE % (network_ip.id) else: command = NETWORKIPV6_CREATE % (network_ip.id) # Execute command code, stdout, stderr = exec_script(command) if code == 0: # After execute script, change the Network to activated network_ip.activate(user) network_success = dict() network_success['codigo'] = '%04d' % code network_success['descricao'] = { 'stdout': stdout, 'stderr': stderr} success_map['network'] = network_success else: return self.response_error(2, stdout + stderr) map = dict() map['sucesso'] = success_map vlan_obj = network_ip.vlan # Return XML return self.response(dumps_networkapi(map)) except InvalidValueError, e: return self.response_error(269, e.param, e.value)
def handle_put(self, request, user, *args, **kwargs): """Treat requests PUT change limit connections to VIP. URLs: /vip/<id_vip>/maxcon/<maxcon>/ """ self.log.info("Change limit connections to VIP") try: vip_id = kwargs.get('id_vip') maxcon = kwargs.get('maxcon') # User permission if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) # Valid Vip ID if not is_valid_int_greater_zero_param(vip_id): self.log.error( u'The vip_id parameter is not a valid value: %s.', vip_id) raise InvalidValueError(None) # Valid Maxcon if not is_valid_int_greater_equal_zero_param(maxcon): self.log.error( u'The maxcon parameter is not a valid value: %s.', maxcon) raise InvalidValueError(None) # Existing Vip ID vip = RequisicaoVips.get_by_pk(vip_id) with distributedlock(LOCK_VIP % vip_id): vip_old = clone(vip) server_pools = ServerPool.objects.filter(vipporttopool__requisicao_vip=vip) server_pools_old = [] server_pools_members_old = [] for sp in server_pools: server_pools_old.append(sp) for spm in sp.serverpoolmember_set.all(): server_pools_members_old.append(spm) # Vip must be created if not vip.vip_criado: self.log.error( u'Maxcon can not be changed because VIP has not yet been created.') raise RequestVipsNotBeenCreatedError(None) # Vip equipments permission if vip.ip is not None: for ip_equipment in vip.ip.ipequipamento_set.all(): if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): self.log.error( u'Groups of equipment registered with the IP of the VIP request is not allowed of acess.') raise EquipmentGroupsNotAuthorizedError(None) if vip.ipv6 is not None: for ip_equipment in vip.ipv6.ipv6equipament_set.all(): if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): self.log.error( u'Groups of equipment registered with the IP of the VIP request is not allowed of acess.') raise EquipmentGroupsNotAuthorizedError(None) # Get variables variables_map = vip.variables_to_map() # Valid variables vip.set_variables(variables_map) # Valid real names and real ips of real server if variables_map.get('reals') is not None: evip = EnvironmentVip.get_by_values(variables_map.get( 'finalidade'), variables_map.get('cliente'), variables_map.get('ambiente')) for real in variables_map.get('reals').get('real'): ip_aux_error = real.get('real_ip') equip_aux_error = real.get('real_name') equip = Equipamento.get_by_name(equip_aux_error) # Valid Real RequisicaoVips.valid_real_server( ip_aux_error, equip, evip) # Valid reals_prioritys variables_map, code = vip.valid_values_reals_priority( variables_map) if code is not None: return self.response_error(329) # Valid reals_weight variables_map, code = vip.valid_values_reals_weight( variables_map) if code is not None: return self.response_error(330) # Valid ports variables_map, code = vip.valid_values_ports(variables_map) if code is not None: return self.response_error(331) variables_map['maxcon'] = maxcon vip.set_variables(variables_map) vip.save(user, commit=True) #update server pool limits table #Fix #27 server_pools = ServerPool.objects.filter(vipporttopool__requisicao_vip=vip) for sp in server_pools: #If exists pool member, change default maxconn of pool and members if(len(sp.serverpoolmember_set.all()) > 0): #if(old_maxconn != sp.default_limit and sp.pool_created): sp.default_limit = maxcon sp.save(user, commit=True) for serverpoolmember in sp.serverpoolmember_set.all(): serverpoolmember.limit = maxcon serverpoolmember.save(user, commit=True) # gerador_vips -i <ID_REQUISICAO> --maxconn command = 'gerador_vips -i %d --maxconn' % vip.id code, stdout, stderr = exec_script(command) if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = { 'stdout': stdout, 'stderr': stderr} map = dict() map['sucesso'] = success_map return self.response(dumps_networkapi(map)) else: #TODO Check if is needed to update pool members separately vip_old.save(user, commit=True) for sp in server_pools_old: sp.save(user, commit=True) for spm in server_pools_members_old: spm.save(user, commit=True) return self.response_error(2, stdout + stderr) except XMLError, x: self.log.error(u'Error reading the XML request.') return self.response_error(3, x)
def handle_post(self, request, user, *args, **kwargs): '''Treat POST requests to run remove script for vip URL: vip/remove/ ''' try: # Commons Validations # User permission if not has_perm(user, AdminPermission.VIP_REMOVE_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() # Business Validations # Load XML data xml_map, attrs_map = loads(request.raw_post_data) # XML data format networkapi_map = xml_map.get('networkapi') if networkapi_map is None: msg = u'There is no value to the networkapi tag of XML request.' self.log.error(msg) return self.response_error(3, msg) vip_map = networkapi_map.get('vip') if vip_map is None: msg = u'There is no value to the vlan tag of XML request.' self.log.error(msg) return self.response_error(3, msg) # Get XML data vip_id = vip_map.get('id_vip') # Valid vip ID if not is_valid_int_greater_zero_param(vip_id): self.log.error( u'Parameter id_vip is invalid. Value: %s.', vip_id) raise InvalidValueError(None, 'id_vip', vip_id) # Vip must exists in database vip = RequisicaoVips.get_by_pk(vip_id) with distributedlock(LOCK_VIP % vip_id): # Equipment permissions if vip.ip is not None: for ip_equipment in vip.ip.ipequipamento_set.all(): if not has_perm(user, AdminPermission.VIP_CREATE_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): return self.not_authorized() if vip.ipv6 is not None: for ip_equipment in vip.ipv6.ipv6equipament_set.all(): if not has_perm(user, AdminPermission.VIP_CREATE_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): return self.not_authorized() # Must be validated if not vip.validado: return self.response_error(191, vip_id) # Must be created if not vip.vip_criado: return self.response_error(322, vip_id) # Business Rules # Make command command = VIP_REMOVE % (vip.id) # Execute command code, stdout, stderr = exec_script(command) if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = { 'stdout': stdout, 'stderr': stderr} vip.vip_criado = 0 vip.save() #Marks the server pool as not created if the # server pool is not used in another already created vip request server_pools = ServerPool.objects.filter(vipporttopool__requisicao_vip=vip.id) for server_pool in server_pools: #Checks if server pool is still used in another created vip request server_pools_still_used = VipPortToPool.objects.filter(server_pool=server_pool).exclude(requisicao_vip=vip.id) vip_with_server_pool_is_created = 0 for server_pool_still_used in server_pools_still_used: if server_pool_still_used.requisicao_vip.vip_criado: vip_with_server_pool_is_created = 1 if not vip_with_server_pool_is_created and server_pool.pool_created: server_pool.pool_created = 0 server_pool.save() map = dict() map['sucesso'] = success_map else: return self.response_error(2, stdout + stderr) # Return XML return self.response(dumps_networkapi(map)) except InvalidValueError, e: return self.response_error(269, e.param, e.value)
def handle_get(self, request, user, *args, **kwargs): """Rollback of the filter URLs: /vip/l7/<id_vip>/rollback/ """ self.log.info('Applies the last working filter to VIP') try: id_vip = kwargs.get('id_vip') # User is authorized if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) # Valid Vip ID if not is_valid_int_greater_zero_param(id_vip): self.log.error( u'The vip_id parameter is not a valid value: %s.', id_vip) raise InvalidValueError(None) # Get VIP data vip = RequisicaoVips.get_by_pk(id_vip) with distributedlock(LOCK_VIP % id_vip): # backup do vip vip_old = clone(vip) # Vip must be created if not vip.vip_criado: self.log.error( u'Filter can not be applied because VIP has not been created yet.' ) raise RequestVipsNotBeenCreatedError(None) # salva data do rollback, rollback para aplicado, passa o # aplicado para l7 vip.applied_l7_datetime = datetime.now().strftime( '%Y-%m-%d %H:%M:%S') # Set Applied With Rollback vip.filter_applied = vip_old.filter_rollback vip.rule_applied = vip_old.rule_rollback # Set Rollback With Applied vip.filter_rollback = vip_old.filter_applied vip.rule_rollback = vip_old.rule_applied vip.save(user, commit=True) # roda script command = 'gerador_vips -i %d --l7_filter_current' % vip.id code, stdout, stderr = exec_script(command) # code 0 = executou com sucesso if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = { 'stdout': stdout, 'stderr': stderr } map = dict() map['sucesso'] = success_map return self.response(dumps_networkapi(map)) else: # pega os dados anteriores e os salva no banco vip_old.save(user, commit=True) return self.response_error(2, stdout + stderr) except XMLError, x: self.log.error(u'Error reading the XML request.') return self.response_error(3, x)
def handle_put(self, request, user, *args, **kwargs): """ Handles PUT requests to change the VIP's healthcheck. URL: vip/<id_vip>/healthcheck """ self.log.info("Change VIP's healthcheck") try: # Commons Validations # User permission if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error(u"User does not have permission to perform the operation.") raise UserNotAuthorizedError(None) # Valid Vip ID vip_id = kwargs.get("id_vip") if not is_valid_int_greater_zero_param(vip_id): self.log.error(u"The vip_id parameter is not a valid value: %s.", vip_id) raise InvalidValueError(None) # Existing Vip ID vip = RequisicaoVips.get_by_pk(vip_id) with distributedlock(LOCK_VIP % vip_id): vip_old = clone(vip) # Vip must be created if not vip.vip_criado: self.log.error(u"Healthcheck can not be changed because VIP has not yet been created.") raise RequestVipsNotBeenCreatedError(None) # Vip equipments permission if vip.ip is not None: for ip_equipment in vip.ip.ipequipamento_set.all(): if not has_perm( user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION, ): self.log.error( u"Groups of equipment registered with the IP of the VIP request is not allowed of acess." ) raise EquipmentGroupsNotAuthorizedError(None) if vip.ipv6 is not None: for ip_equipment in vip.ipv6.ipv6equipament_set.all(): if not has_perm( user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION, ): self.log.error( u"Groups of equipment registered with the IP of the VIP request is not allowed of acess." ) raise EquipmentGroupsNotAuthorizedError(None) # Business Validations # Load XML data xml_map, attrs_map = loads(request.raw_post_data) # XML data format networkapi_map = xml_map.get("networkapi") if networkapi_map is None: return self.response_error(3, u"There is no value to the networkapi tag of XML request.") vip_map = networkapi_map.get("vip") if vip_map is None: return self.response_error(3, u"There is no value to the vip tag of XML request.") # Get XML data healthcheck_type = upper(str(vip_map["healthcheck_type"])) healthcheck = vip_map["healthcheck"] id_healthcheck_expect = vip_map["id_healthcheck_expect"] vars = vip.variables_to_map() environment_vip = EnvironmentVip.get_by_values( vars.get("finalidade"), vars.get("cliente"), vars.get("ambiente") ) healthcheck_is_valid = RequisicaoVips.heathcheck_exist(healthcheck_type, environment_vip.id) # healthcheck_type exist' if not healthcheck_is_valid: self.log.error(u"The healthcheck_type parameter not exist.") raise InvalidValueError( u"The healthcheck_type parameter not exist.", "healthcheck_type", healthcheck_type ) # If healthcheck_type is not HTTP id_healthcheck_expect and # healthcheck must be None if healthcheck_type != "HTTP": if not (id_healthcheck_expect == None and healthcheck == None): msg = ( u"The healthcheck_type parameter is %s, then healthcheck and id_healthcheck_expect must be None." % healthcheck_type ) self.log.error(msg) raise InvalidValueError(msg) # return self.response_error(276) # If healthcheck_type is 'HTTP' id_healthcheck_expect and # healthcheck must NOT be None elif healthcheck_type == "HTTP": if id_healthcheck_expect == None or healthcheck == None: msg = u"The healthcheck_type parameter is HTTP, then healthcheck and id_healthcheck_expect must NOT be None." self.log.error(msg) raise InvalidValueError(msg) else: try: # Valid healthcheck_expect ID if not is_valid_int_greater_zero_param(id_healthcheck_expect): self.log.error( u"The id_healthcheck_expect parameter is not a valid value: %s.", id_healthcheck_expect, ) raise InvalidValueError(None, "id_healthcheck_expect", id_healthcheck_expect) # Find healthcheck_expect by ID to check if it # exist healthcheck_expect = HealthcheckExpect.get_by_pk(id_healthcheck_expect) # Check if healthcheck is a string if not isinstance(healthcheck, basestring): msg = u"The healthcheck must be a string." self.log.error(msg) raise InvalidValueError(msg, "healthcheck", healthcheck) except HealthcheckExpectNotFoundError: msg = u"The id_healthcheck_expect parameter does not exist." self.log.error(msg) raise InvalidValueError(msg, "id_healthcheck_expect", id_healthcheck_expect) # Business Rules # Get variables variables_map = vip.variables_to_map() # Valid variables vip.set_variables(variables_map) # Set healthcheck_type variables_map["healthcheck_type"] = healthcheck_type # If healthcheck_type is HTTP if healthcheck_type == "HTTP": # Set healthcheck variables_map["healthcheck"] = healthcheck # Set id_healthcheck_expect vip.healthcheck_expect = healthcheck_expect else: # Set healthcheck to None variables_map["healthcheck"] = None # Set id_healthcheck_expect to None vip.healthcheck_expect = None # Set variables vip.set_variables(variables_map) # Save VIP vip.save(user, commit=True) # Executar script # Put old call to work with new pool features # This call is deprecated server_pools = ServerPool.objects.filter(vipporttopool__requisicao_vip=vip) if healthcheck == None: healthcheck = "" if id_healthcheck_expect == None: healthcheck_expect = "" else: healthcheck_expect = healthcheck_expect.expect_string healthcheck_identifier = "" healthcheck_destination = "*:*" hc = get_or_create_healthcheck( user, healthcheck_expect, healthcheck_type, healthcheck, healthcheck_destination, healthcheck_identifier, ) # Applies new healthcheck in pool # Todo - new method old_healthchecks = [] for sp in server_pools: old_healthchecks.append(sp.healthcheck) sp.healthcheck = hc sp.save(user, commit=True) # gerador_vips -i <ID_REQUISICAO> --healthcheck command = "gerador_vips -i %d --healthcheck" % vip.id code, stdout, stderr = exec_script(command) if code == 0: success_map = dict() success_map["codigo"] = "%04d" % code success_map["descricao"] = {"stdout": stdout, "stderr": stderr} map = dict() map["sucesso"] = success_map return self.response(dumps_networkapi(map)) else: old_healthchecks.reverse() for sp in server_pools: sp.healthcheck = old_healthchecks.pop() sp.save(user, commit=True) vip_old.save(user, commit=True) return self.response_error(2, stdout + stderr) except XMLError, x: self.log.error(u"Error reading the XML request.") return self.response_error(3, x)
def add_remove_check_list_vlan_trunk(self, user, networkapi_map, vlan_id, operation): equipment_map = networkapi_map.get('equipamento') if equipment_map is None: return self.response_error(105) try: name = equipment_map.get('nome') if name is None or name == '': self.log.error(u'Parameter nome is invalid. Value: %s.', name) raise InvalidValueError(None, 'nome', name) interface_name = equipment_map.get('nome_interface') if interface_name is None or interface_name == '': self.log.error( u'Parameter nome_interface is invalid. Value: %s.', interface_name) raise InvalidValueError(None, 'nome_interface', interface_name) if operation != 'list': vlan = Vlan().get_by_pk(vlan_id) # Check existence equipment = Equipamento().get_by_name(name) equip_permission = AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION admin_permission = AdminPermission.WRITE_OPERATION if operation in ['check', 'list']: equip_permission = AdminPermission.EQUIP_READ_OPERATION admin_permission = AdminPermission.READ_OPERATION if not has_perm(user, AdminPermission.VLAN_ALTER_SCRIPT, admin_permission, None, equipment.id, equip_permission): return self.not_authorized() interface = Interface.get_by_interface_equipment( interface_name, equipment.id) if interface.ligacao_front is None: return self.response_error(139) protected = None if operation not in ['check', 'list']: protected = 0 try: switch_interface = interface.get_switch_interface_from_host_interface( protected) except InterfaceNotFoundError: return self.response_error(144) if not has_perm(user, AdminPermission.VLAN_ALTER_SCRIPT, admin_permission, None, switch_interface.equipamento_id, equip_permission): return self.not_authorized() # configurador -T snmp_vlans_trunk -i <nomequip> -A “'int=<interface> add=<numvlan>'” # configurador -T snmp_vlans_trunk -i <nomequip> -A “'int=<interface> del=<numvlan>'” # configurador -T snmp_vlans_trunk -i <nomequip> -A “'int=<interface> check=<numvlan>'" # configurador -T snmp_vlans_trunk -i <nomequip> -A # “'int=<interface> list'" command = 'configurador -T snmp_vlans_trunk -i %s -A "\'int=%s %s' % (switch_interface.equipamento.nome, switch_interface.interface, operation) if operation != 'list': command = command + '=%d' % vlan.num_vlan command = command + '\'"' code, stdout, stderr = exec_script(command) if code == 0: map = dict() success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = {'stdout': stdout, 'stderr': stderr} map['sucesso'] = success_map return self.response(dumps_networkapi(map)) else: return self.response_error(2, stdout + stderr) except EquipamentoNotFoundError: return self.response_error(117, name) except InvalidValueError, e: return self.response_error(269, e.param, e.value)
def handle_put(self, request, user, *args, **kwargs): """ Handles PUT requests to change the VIP's real server. URL: vip/real/edit """ self.log.info("Change VIP's real server") try: # User permission if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) # Commons Validations # Load XML data xml_map, attrs_map = loads( request.raw_post_data, ['real', 'reals_weight', 'reals_priority']) # XML data format networkapi_map = xml_map.get('networkapi') if networkapi_map is None: return self.response_error( 3, u'There is no value to the networkapi tag of XML request.' ) vip_map = networkapi_map.get('vip') if vip_map is None: return self.response_error( 3, u'There is no value to the vip tag of XML request.') # Get XML data vip_id = vip_map.get('vip_id') alter_priority = vip_map.get('alter_priority') # Valid VIP ID if not is_valid_int_greater_zero_param(vip_id): self.log.error( u'The vip_id parameter is not a valid value: %s.', vip_id) raise InvalidValueError(None, 'vip_id', vip_id) # Valid Alter Priority if not is_valid_int_greater_equal_zero_param(alter_priority): alter_priority = 0 # Existing Vip ID vip = RequisicaoVips.get_by_pk(vip_id) # Clone vip vip_old = clone(vip) server_pools = ServerPool.objects.filter( vipporttopool__requisicao_vip=vip) server_pools_old = [] server_pools_members_old = [] for sp in server_pools: server_pools_old.append(sp) for spm in sp.serverpoolmember_set.all(): server_pools_members_old.append(spm) # Get variables variables_map = vip.variables_to_map() # Valid variables vip.set_variables(variables_map) # Get balancing method vip_map['metodo_bal'] = str( variables_map.get('metodo_bal')).upper() with distributedlock(LOCK_VIP % vip_id): # Valid real names and real ips of real server if vip_map.get('reals') is not None: evip = EnvironmentVip.get_by_values( variables_map.get('finalidade'), variables_map.get('cliente'), variables_map.get('ambiente')) for real in vip_map.get('reals').get('real'): ip_aux_error = real.get('real_ip') equip_aux_error = real.get('real_name') if equip_aux_error is not None: equip = Equipamento.get_by_name(equip_aux_error) else: self.log.error( u'The real_name parameter is not a valid value: None.' ) raise InvalidValueError(None, 'real_name', 'None') # Valid Real RequisicaoVips.valid_real_server( ip_aux_error, equip, evip, False) # Valid reals_prioritys vip_map, code = vip.valid_values_reals_priority(vip_map) if code is not None: return self.response_error(329) # Valid reals_weight vip_map, code = vip.valid_values_reals_weight(vip_map) if code is not None: return self.response_error(330) # Get variables variables_map = vip.variables_to_map() vip_port_list, reals_list, reals_priority, reals_weight = vip.get_vips_and_reals( vip.id) if reals_list: variables_map['reals'] = {'real': reals_list} variables_map['reals_prioritys'] = { 'reals_priority': reals_priority } variables_map['reals_weights'] = { 'reals_weight': reals_weight } variables_map['portas_servicos'] = {'porta': vip_port_list} # clone variables_map # variables_map_old = clone(variables_map) # Valid ports variables_map, code = vip.valid_values_ports(variables_map) if code is not None: return self.response_error(331) """ OLD CALLS - Deprecated """ vip_ports_pool = VipPortToPool.objects.filter( requisicao_vip=vip) reals = vip_map.get('reals') new_call = True if reals and 'port_real' not in reals['real'][0]: new_call = False reals_prioritys = vip_map.get('reals_prioritys') reals_weights = dict() if 'reals_weights' in vip_map: reals_weights = vip_map.get('reals_weights') reals_aux = dict() reals_prioritys_aux = dict() reals_weight_aux = dict() reals_aux['real'] = list() reals_prioritys_aux['reals_priority'] = list() reals_weight_aux['reals_weight'] = list() repeat = (len(vip_ports_pool) * len(reals['real'])) / len( reals['real']) execute_list = list() for x in range(repeat): execute_list.append((x + 1) * len(reals['real'])) for i in range(len(reals['real'])): for vippp in vip_ports_pool: reals_prioritys_aux['reals_priority'].append( reals_prioritys['reals_priority'][i]) if 'reals_weight' in reals_weights: reals_weight_aux['reals_weight'].append( reals_weights['reals_weight'][i]) server_pool = ServerPool.objects.get( vipporttopool__id=vippp.id, vipporttopool__requisicao_vip=vip) if 'id_ip' not in reals['real'][i]: id_ip = get_id_ip(reals['real'][i]) else: id_ip = reals['real'][i]['id_ip'] reals_aux['real'].append({ 'id_ip': id_ip, 'port_real': server_pool.default_port, 'real_name': reals['real'][i]['real_name'], 'port_vip': vippp.port_vip, u'real_ip': reals['real'][i]['real_ip'] }) vip_map['reals_prioritys'] = reals_prioritys_aux vip_map['reals_weights'] = reals_weight_aux vip_map['reals'] = reals_aux """ OLD CALLS - END """ # Check diff reals (reals_to_add, reals_to_rem, reals_to_stay) reals_to_add, reals_to_rem, reals_to_stay = diff_reals( variables_map, vip_map) reals_final = dict() reals_final['reals'] = list() reals_final['priorities'] = list() reals_final['weights'] = list() reals_error = list() removes = True error = False ############################################## # NOT MODIFIED - reals_to_stay # ############################################## for i in range(len(reals_to_stay['reals'])): real, priority, weight, id_ip, port_vip, port_real, new_call = get_variables( reals_to_stay, i, new_call) # Check ip type if is_valid_ipv4(real.get('real_ip')) is True: ip_type = IP_VERSION.IPv4[1] ip = Ip().get_by_pk(id_ip) else: ip_type = IP_VERSION.IPv6[1] ip = Ipv6().get_by_pk(id_ip) reals_final['reals'].append(reals_to_stay['reals'][i]) reals_final['priorities'].append( reals_to_stay['priorities'][i]) if reals_to_stay['weighted']: reals_final['weights'].append( reals_to_stay['weights'][i]) server_pool = ServerPool.objects.get( vipporttopool__port_vip=port_vip, vipporttopool__requisicao_vip=vip) if ip_type == IP_VERSION.IPv4[1]: server_pool_member = ServerPoolMember.objects.get( server_pool=server_pool, port_real=port_real, ip=id_ip) else: server_pool_member = ServerPoolMember.objects.get( server_pool=server_pool, port_real=port_real, ipv6=id_ip) server_pool_member.priority = priority server_pool_member.weight = weight server_pool_member.save(user, commit=True) ############################################# # ADD REALS - reals_to_add # ############################################# for i in range(len(reals_to_add['reals'])): real, priority, weight, id_ip, port_vip, port_real, new_call = get_variables( reals_to_add, i, new_call) if len(real.get('real_ip').split('.')) <= 1: ip_type = IP_VERSION.IPv6[1] ip = Ipv6().get_by_pk(id_ip) if new_call: command = VIP_REALS_v6_CREATE % ( vip.id, id_ip, port_real, port_vip) else: command = VIP_REAL_v6_CREATE % ( vip.id, real.get('real_name'), real.get('real_ip')) else: ip_type = IP_VERSION.IPv4[1] ip = Ip().get_by_pk(id_ip) if new_call: command = VIP_REALS_v4_CREATE % ( vip.id, id_ip, port_real, port_vip) else: command = VIP_REAL_v4_CREATE % ( vip.id, real.get('real_name'), real.get('real_ip')) self.log.info( '------------------- ADD ----------------------') self.log.info( 'Insert ServerPoolMember before execute script') add_reals_before_script(port_vip, vip, ip, ip_type, priority, weight, port_real, user) self.log.info('The insert has completed successfully') # if new_call or (i + 1) in execute_list: self.log.info('Execute script: %s' % command) code, stdout, stderr = exec_script(command) self.log.info('Script was executed and returned code %s' % code) if code != 0: removes = False error = True reals_error.append(real) self.log.info( 'Remove ServerPoolMember after execute script if code != 0' ) remove_reals_after_script(port_vip, ip_type, vip, port_real, priority, weight, id_ip, user) self.log.info('The remove has completed successfully') else: reals_final['reals'].append(real) reals_final['priorities'].append( reals_to_add['priorities'][i]) if reals_to_add['weighted']: reals_final['weights'].append( reals_to_add['weights'][i]) self.log.info( '----------------- ADD END --------------------') ########################################## # REMOVE REALS - reals_to_rem # ########################################## if removes: for i in range(len(reals_to_rem['reals'])): real, priority, weight, id_ip, port_vip, port_real, new_call = get_variables( reals_to_rem, i, new_call) if len(real.get('real_ip').split('.')) <= 1: ip_type = IP_VERSION.IPv6[1] if new_call: command = VIP_REALS_v6_REMOVE % ( vip.id, id_ip, port_real, port_vip) else: command = VIP_REAL_v6_REMOVE % ( vip.id, real.get('real_name'), real.get('real_ip')) else: ip_type = IP_VERSION.IPv4[1] if new_call: command = VIP_REALS_v4_REMOVE % ( vip.id, id_ip, port_real, port_vip) else: command = VIP_REAL_v4_REMOVE % ( vip.id, real.get('real_name'), real.get('real_ip')) self.log.info( '------------------ REMOVE --------------------') self.log.info('Execute script: %s' % command) code, stdout, stderr = exec_script(command) self.log.info( 'script was executed and returned code %s' % code) if code != 0: error = True reals_error.append(real) reals_final['reals'].append(real) reals_final['priorities'].append( reals_to_rem['priorities'][i]) if reals_to_rem['weighted']: reals_final['weights'].append( reals_to_rem['weights'][i]) else: self.log.info( 'Remove ServerPoolMember after execute script') remove_reals_after_script(port_vip, ip_type, vip, port_real, priority, weight, id_ip, user) self.log.info( 'The remove has completed successfully') self.log.info( '---------------- REMOVE END ------------------') else: for i in range(len(reals_to_rem['reals'])): real = reals_to_rem['reals'][i] reals_final['reals'].append(real) reals_final['priorities'].append( reals_to_rem['priorities'][i]) if reals_to_add['weighted']: reals_final['weights'].append( reals_to_rem['weights'][i]) variables_map['reals'] = dict() variables_map['reals_prioritys'] = dict() variables_map['reals_weights'] = dict() if len(reals_final['reals']) > 0: variables_map['reals']['real'] = reals_final['reals'] variables_map['reals_prioritys'][ 'reals_priority'] = reals_final['priorities'] if reals_final['weights'] is not None: variables_map['reals_weights'][ 'reals_weight'] = reals_final['weights'] else: variables_map.pop('reals') variables_map.pop('reals_prioritys') variables_map.pop('reals_weights') # set variables vip.set_variables(variables_map) try: # If Priority changed if int(alter_priority) != 0: # gerador_vips -i <ID_REQUISICAO> --priority command = 'gerador_vips -i %d --priority' % vip.id # Logging self.log.info( '---------------- ALTER PRIORITY ------------------' ) self.log.info('Command: ' + command) # Execute script code, stdout, stderr = exec_script(command) self.log.info('Code returned: ' + str(code)) self.log.info('Stdout: ' + stdout) self.log.info( '-------------- ALTER PRIORITY END ----------------' ) # Script returned error while executing, rollback the # changes in database if code != 0: self.log.info('Code != 0, rollback changes') vip_old.save(user, commit=True) for sp in server_pools_old: sp.save(user, commit=True) for spm in server_pools_members_old: spm.save(user, commit=True) return self.response_error(2, stdout + stderr) except Exception, e: if isinstance(e, IntegrityError): # Duplicate value for Port Vip, Port Real and IP self.log.error(u'Failed to update the request vip.') return self.response_error(353) else: self.log.error(u'Failed to update the request vip.') raise RequisicaoVipsError( e, u'Failed to update the request vip') if error: # build return message vip_list = '' ip_list = '' for real in reals_error: vip_list = vip_list + real['real_name'] + ', ' ip_list = ip_list + real['real_ip'] + ', ' return self.response_error(333, vip_list[:-2], ip_list[:-2]) else: return self.response(dumps_networkapi({})) except XMLError, x: self.log.error(u'Error reading the XML request.') return self.response_error(3, x)
def handle_delete(self, request, user, *args, **kwargs): """Handles DELETE requests to remove VLAN by ID. URLs: /vlan/<id_vlan>/remove/ """ self.log.info('Remove VLAN by ID') CODE_MESSAGE_VLAN_ERROR = 369 try: # Commons Validations # User permission if not has_perm(user, AdminPermission.VLAN_MANAGEMENT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() # Business Validations # Load URL param vlan_id = kwargs.get('id_vlan') # Valid VLAN ID if not is_valid_int_greater_zero_param(vlan_id): self.log.error( u'Parameter id_vlan is invalid. Value: %s.', vlan_id) raise InvalidValueError(None, 'id_vlan', vlan_id) # Existing VLAN ID vlan = Vlan().get_by_pk(vlan_id) # Check permission group equipments equips_from_ipv4 = Equipamento.objects.filter( ipequipamento__ip__networkipv4__vlan=vlan_id, equipamentoambiente__is_router=1).distinct() equips_from_ipv6 = Equipamento.objects.filter( ipv6equipament__ip__networkipv6__vlan=vlan_id, equipamentoambiente__is_router=1).distinct() for equip in equips_from_ipv4: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() for equip in equips_from_ipv6: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() with distributedlock(LOCK_VLAN % vlan_id): # Business Rules if vlan.ativada: network_errors = [] for net4 in vlan.networkipv4_set.all(): if net4.active: try: command = settings.NETWORKIPV4_REMOVE % int(net4.id) code, stdout, stderr = exec_script(command) if code == 0: net4.deactivate(user, True) else: network_errors.append(str(net4.id)) except Exception, e: network_errors.append(str(net4.id)) pass for net6 in vlan.networkipv6_set.all(): if net6.active: try: command = settings.NETWORKIPV6_REMOVE % int(net6.id) code, stdout, stderr = exec_script(command) if code == 0: net6.deactivate(user, True) else: network_errors.append(str(net6.id)) except Exception, e: network_errors.append(str(net6.id)) pass if network_errors: raise VlanNetworkError( None, message=', '.join(network_errors)) else:
def handle_get(self, request, user, *args, **kwargs): """Rollback of the filter URLs: /vip/l7/<id_vip>/rollback/ """ self.log.info("Applies the last working filter to VIP") try: id_vip = kwargs.get('id_vip') # User is authorized if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) # Valid Vip ID if not is_valid_int_greater_zero_param(id_vip): self.log.error( u'The vip_id parameter is not a valid value: %s.', id_vip) raise InvalidValueError(None) # Get VIP data vip = RequisicaoVips.get_by_pk(id_vip) with distributedlock(LOCK_VIP % id_vip): # backup do vip vip_old = clone(vip) # Vip must be created if not vip.vip_criado: self.log.error( u'Filter can not be applied because VIP has not been created yet.') raise RequestVipsNotBeenCreatedError(None) # salva data do rollback, rollback para aplicado, passa o # aplicado para l7 vip.applied_l7_datetime = datetime.now().strftime( "%Y-%m-%d %H:%M:%S") # Set Applied With Rollback vip.filter_applied = vip_old.filter_rollback vip.rule_applied = vip_old.rule_rollback # Set Rollback With Applied vip.filter_rollback = vip_old.filter_applied vip.rule_rollback = vip_old.rule_applied vip.save(user, commit=True) # roda script command = 'gerador_vips -i %d --l7_filter_current' % vip.id code, stdout, stderr = exec_script(command) # code 0 = executou com sucesso if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = { 'stdout': stdout, 'stderr': stderr} map = dict() map['sucesso'] = success_map return self.response(dumps_networkapi(map)) else: # pega os dados anteriores e os salva no banco vip_old.save(user, commit=True) return self.response_error(2, stdout + stderr) except XMLError, x: self.log.error(u'Error reading the XML request.') return self.response_error(3, x)
def __create_vip(self, vip_id, user): # Valid vip ID if not is_valid_int_greater_zero_param(vip_id): self.log.error(u'Parameter id_vip is invalid. Value: %s.', vip_id) raise InvalidValueError(None, 'id_vip', vip_id) with distributedlock(LOCK_VIP % vip_id): # Vip must exists in database vip = RequisicaoVips.get_by_pk(vip_id) # Equipment permissions if vip.ip is not None: for ip_equipment in vip.ip.ipequipamento_set.all(): if not has_perm( user, AdminPermission.VIP_CREATE_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): return self.not_authorized() if vip.ipv6 is not None: for ip_equipment in vip.ipv6.ipv6equipament_set.all(): if not has_perm( user, AdminPermission.VIP_CREATE_SCRIPT, AdminPermission.WRITE_OPERATION, None, ip_equipment.equipamento_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): return self.not_authorized() # Must be validated if not vip.validado: return self.response_error(191, vip_id) # Must be created if vip.vip_criado: return self.response_error(192, vip_id) # Business Rules # Make command command = VIP_CREATE % (vip.id) # Execute command code, stdout, stderr = exec_script(command) if code == 0: success_map = dict() success_map['codigo'] = '%04d' % code success_map['descricao'] = {'stdout': stdout, 'stderr': stderr} vip.rule_applied = vip.rule vip.filter_applied = vip.l7_filter vip.l7_filter = None vip.rule = None vip.filter_valid = False vip.vip_criado = 1 vip.save() # SYNC_VIP old_to_new(vip) server_pools = ServerPool.objects.filter( vipporttopool__requisicao_vip=vip.id) for server_pool in server_pools: if not server_pool.pool_created: server_pool.pool_created = 1 server_pool.save() map = dict() map['sucesso'] = success_map else: return self.response_error(2, stdout + stderr) # Return XML return self.response(dumps_networkapi(map))
def save_server_pool_member(user, sp, list_server_pool_member): list_pool_member = list() old_priorities_list = list() # Remove empty values from list id_pool_member_noempty = [x['id_pool_member'] for x in list_server_pool_member if x['id_pool_member'] != ''] #exclue server pool member del_smp = sp.serverpoolmember_set.exclude(id__in=id_pool_member_noempty) if del_smp: for obj in del_smp: obj.delete(user) #execute script remove real if pool already created #commit transaction after each successful script call if sp.pool_created: command = settings.POOL_REAL_REMOVE % (obj.server_pool_id, obj.ip_id if obj.ip else obj.ipv6_id, obj.port_real) code, _, _ = exec_script(command) if code != 0: raise exceptions.ScriptCreatePoolException() transaction.commit() if list_server_pool_member: apply_new_priorities = False for dic in list_server_pool_member: # ip_object = None ipv6_object = None if len(dic['ip']) <= 15: ip_object = Ip.get_by_pk(dic['id']) else: ipv6_object = Ipv6.get_by_pk(dic['id']) id_pool = sp.id id_ip = ip_object and ip_object.id or ipv6_object and ipv6_object.id port_ip = dic['port_real'] if dic['id_pool_member']: spm = ServerPoolMember.objects.get(id=dic['id_pool_member']) spm.server_pool = sp spm.identifier = dic['nome_equips'] spm.ip = ip_object spm.ipv6 = ipv6_object spm.weight = dic['weight'] spm.limit = sp.default_limit old_spm_priority = spm.priority old_priorities_list.append(old_spm_priority) spm.priority = dic['priority'] spm.port_real = dic['port_real'] spm.save(user) if(old_spm_priority != spm.priority and sp.pool_created): apply_new_priorities = True else: spm = ServerPoolMember(server_pool=sp, identifier=dic['nome_equips'], ip=ip_object, ipv6=ipv6_object, priority=dic['priority'], weight=dic['weight'], limit=sp.default_limit, port_real=dic['port_real']) spm.save(user) old_priorities_list.append(dic['priority']) #execute script to create real if pool already created #commits transaction. Rolls back if script returns error if sp.pool_created: transaction.commit() #def prepare_and_save(self, server_pool, ip, ip_type, priority, weight, port_real, user, commit=False): #spm.prepare_and_save(sp, ip_object, IP_VERSION.IPv4[1], dic['priority'], dic['weight'], dic['port_real'], user, True) command = settings.POOL_REAL_CREATE % (id_pool, id_ip, port_ip) code, _, _ = exec_script(command) if code != 0: spm.delete(user) transaction.commit() raise exceptions.ScriptCreatePoolException() #if sp.healthcheck_id: # spm.healthcheck = sp.healthcheck list_pool_member.append(spm) #Applies new priority in pool - only 1 script run for all members if(apply_new_priorities): transaction.commit() command = settings.POOL_MEMBER_PRIORITIES % (sp.id) code, _, _ = exec_script(command) if code != 0: for i in len(old_priorities_list): list_pool_member[i].priority = old_priorities_list[i] list_pool_member[i].save(user) transaction.commit() raise exceptions.ScriptAlterPriorityPoolMembersException() return list_pool_member
def handle_post(self, request, user, *args, **kwargs): '''Treat POST requests to run script creation for vlan and networks URL: vlan/v4/create/ or vlan/v6/create/ ''' try: # Generic method for v4 and v6 network_version = kwargs.get('network_version') # Commons Validations # User permission if not has_perm(user, AdminPermission.VLAN_MANAGEMENT, AdminPermission.WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() # Business Validations # Load XML data xml_map, attrs_map = loads(request.raw_post_data) # XML data format networkapi_map = xml_map.get('networkapi') if networkapi_map is None: msg = u'There is no value to the networkapi tag of XML request.' self.log.error(msg) return self.response_error(3, msg) vlan_map = networkapi_map.get('vlan') if vlan_map is None: msg = u'There is no value to the vlan tag of XML request.' self.log.error(msg) return self.response_error(3, msg) # Get XML data network_ip_id = vlan_map.get('id_network_ip') # Valid network_ip ID if not is_valid_int_greater_zero_param(network_ip_id): self.log.error( u'Parameter id_network_ip is invalid. Value: %s.', network_ip_id) raise InvalidValueError(None, 'id_network_ip', network_ip_id) # Network must exists in database if IP_VERSION.IPv4[0] == network_version: network_ip = NetworkIPv4().get_by_pk(network_ip_id) else: network_ip = NetworkIPv6().get_by_pk(network_ip_id) # Vlan must be active if Network is if network_ip.active: return self.response_error(299) # Check permission group equipments equips_from_ipv4 = Equipamento.objects.filter( ipequipamento__ip__networkipv4__vlan=network_ip.vlan.id, equipamentoambiente__is_router=1) equips_from_ipv6 = Equipamento.objects.filter( ipv6equipament__ip__networkipv6__vlan=network_ip.vlan.id, equipamentoambiente__is_router=1) for equip in equips_from_ipv4: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() for equip in equips_from_ipv6: # User permission if not has_perm(user, AdminPermission.EQUIPMENT_MANAGEMENT, AdminPermission.WRITE_OPERATION, None, equip.id, AdminPermission.EQUIP_WRITE_OPERATION): self.log.error( u'User does not have permission to perform the operation.') return self.not_authorized() # Business Rules success_map = dict() # If Vlan is not active, need to be created before network if not network_ip.vlan.ativada: # Make command vlan_command = VLAN_CREATE % (network_ip.vlan.id) # Execute command code, stdout, stderr = exec_script(vlan_command) if code == 0: # After execute script, change to activated network_ip.vlan.activate(user) vlan_success = dict() vlan_success['codigo'] = '%04d' % code vlan_success['descricao'] = { 'stdout': stdout, 'stderr': stderr} success_map['vlan'] = vlan_success else: return self.response_error(2, stdout + stderr) # Make command to create Network if IP_VERSION.IPv4[0] == network_version: command = NETWORKIPV4_CREATE % (network_ip.id) description_to_queue = queue_keys.VLAN_CREATE_NETWORK_IPV4 else: command = NETWORKIPV6_CREATE % (network_ip.id) description_to_queue = queue_keys.VLAN_CREATE_NETWORK_IPV6 # Execute command code, stdout, stderr = exec_script(command) if code == 0: # After execute script, change the Network to activated network_ip.activate(user) network_success = dict() network_success['codigo'] = '%04d' % code network_success['descricao'] = { 'stdout': stdout, 'stderr': stderr} success_map['network'] = network_success else: return self.response_error(2, stdout + stderr) map = dict() map['sucesso'] = success_map vlan_obj = network_ip.vlan # Send to Queue queue_manager = QueueManager() serializer = VlanSerializer(vlan_obj) data_to_queue = serializer.data data_to_queue.update({'description': description_to_queue}) queue_manager.append({'action': description_to_queue,'kind': queue_keys.VLAN_KEY,'data': data_to_queue}) queue_manager.send() # Return XML return self.response(dumps_networkapi(map)) except InvalidValueError, e: return self.response_error(269, e.param, e.value)
def administrate_real(self, user, vip_id, equip_id, ip_id, operation, network_version, port_vip=None, port_real=None): # Valid VIP ID if not is_valid_int_greater_zero_param(vip_id): self.log.error(u'The vip_id parameter is not a valid value: %s.', vip_id) raise InvalidValueError(None, 'vip_id', vip_id) # Valid Equipament ID if not is_valid_int_greater_zero_param(equip_id): self.log.error(u'The equip_id parameter is not a valid value: %s.', equip_id) raise InvalidValueError(None, 'equip_id', equip_id) # Valid IP ID if not is_valid_int_greater_zero_param(ip_id): self.log.error(u'The ip_id parameter is not a valid value: %s.', ip_id) raise InvalidValueError(None, 'ip_id', ip_id) # Valid operation if operation not in ['add', 'del', 'ena', 'dis', 'chk']: self.log.error( u'The operation parameter is not a valid value: %s.', operation) raise InvalidValueError(None, 'operation', operation) # Valid network version if network_version not in ['v4', 'v6']: self.log.error( u'The network_version parameter is not a valid value: %s.', network_version) raise InvalidValueError(None, 'network_version', network_version) # User permission if (operation == 'chk'): if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.READ_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) else: if not has_perm(user, AdminPermission.VIP_ALTER_SCRIPT, AdminPermission.WRITE_OPERATION, None, equip_id, AdminPermission.EQUIP_UPDATE_CONFIG_OPERATION): self.log.error( u'User does not have permission to perform the operation.') raise UserNotAuthorizedError(None) # new_call = True - New calls for Add/Del/Enable/Disable/Check with new params (Port Vip and Port Real) # new_call = False = Old calls for compatibility new_call = False if port_vip is not None and port_real is not None: # Valid ports if not is_valid_int_greater_zero_param(port_vip): self.log.error( u'The port_vip parameter is not a valid value: %s.', port_vip) raise InvalidValueError(None, 'port_vip', port_vip) if not is_valid_int_greater_zero_param(port_real): self.log.error( u'The port_vip parameter is not a valid value: %s.', port_real) raise InvalidValueError(None, 'port_real', port_real) new_call = True # Find Request VIP by ID to check if it exist vip = RequisicaoVips.get_by_pk(vip_id) # Get variables variables_map = vip.variables_to_map() # Valid variables # vip.set_variables(variables_map) evip = EnvironmentVip.get_by_values(variables_map.get('finalidade'), variables_map.get('cliente'), variables_map.get('ambiente')) # Valid network_version - IPv4 if network_version == IP_VERSION.IPv4[0]: # Find IpEquipamento to check if it exist IpEquip = IpEquipamento().get_by_ip_equipment(ip_id, equip_id) real_name = IpEquip.equipamento.nome end_ip = '%s.%s.%s.%s' % (IpEquip.ip.oct1, IpEquip.ip.oct2, IpEquip.ip.oct3, IpEquip.ip.oct4) # Valid Real RequisicaoVips.valid_real_server(end_ip, IpEquip.equipamento, evip, False) # Valid network_version - IPv6 elif network_version == IP_VERSION.IPv6[0]: # Find Ipv6Equipament to check if it exist Ipv6Equip = Ipv6Equipament().get_by_ip_equipment(ip_id, equip_id) real_name = Ipv6Equip.equipamento.nome end_ip = '%s:%s:%s:%s:%s:%s:%s:%s' % ( Ipv6Equip.ip.block1, Ipv6Equip.ip.block2, Ipv6Equip.ip.block3, Ipv6Equip.ip.block4, Ipv6Equip.ip.block5, Ipv6Equip.ip.block6, Ipv6Equip.ip.block7, Ipv6Equip.ip.block8) # Valid Real RequisicaoVips.valid_real_server(end_ip, Ipv6Equip.equipamento, evip, False) if (operation == 'chk'): if IP_VERSION.IPv4[0] == network_version: if new_call: command = VIP_REALS_v4_CHECK % (vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v4_CHECK % (vip_id, real_name, end_ip) else: if new_call: command = VIP_REALS_v6_CHECK % (vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v6_CHECK % (vip_id, real_name, end_ip) else: with distributedlock(LOCK_VIP_IP_EQUIP % (vip_id, ip_id, equip_id)): if (operation == 'add'): if IP_VERSION.IPv4[0] == network_version: if new_call: command = VIP_REALS_v4_CREATE % ( vip_id, ip_id, port_real, port_vip) ServerPoolMember().save_specified_port( vip_id, port_vip, IpEquip.ip, IP_VERSION.IPv4[1], port_real, user) else: command = VIP_REAL_v4_CREATE % (vip_id, real_name, end_ip) ServerPoolMember().save_with_default_port( vip_id, IpEquip.ip, IP_VERSION.IPv4[1], user) else: if new_call: command = VIP_REALS_v6_CREATE % ( vip_id, ip_id, port_real, port_vip) ServerPoolMember().save_specified_port( vip_id, port_vip, Ipv6Equip.ip, IP_VERSION.IPv6[1], port_real, user) else: command = VIP_REAL_v6_CREATE % (vip_id, real_name, end_ip) ServerPoolMember().save_with_default_port( vip_id, Ipv6Equip.ip, IP_VERSION.IPv6[1], user) elif (operation == 'del'): if IP_VERSION.IPv4[0] == network_version: if new_call: command = VIP_REALS_v4_REMOVE % ( vip_id, ip_id, port_real, port_vip) pool_members = ServerPoolMember.objects.filter( ip=ip_id, server_pool__vipporttopool__requisicao_vip__id= vip_id, server_pool__vipporttopool__port_vip=port_vip, port_real=port_real) [ pool_member.delete() for pool_member in pool_members ] else: command = VIP_REAL_v4_REMOVE % (vip_id, real_name, end_ip) pool_members = ServerPoolMember.objects.filter( ip=ip_id, server_pool__vipporttopool__requisicao_vip__id= vip_id) [ pool_member.delete() for pool_member in pool_members ] else: if new_call: command = VIP_REALS_v6_REMOVE % ( vip_id, ip_id, port_real, port_vip) pool_members = ServerPoolMember.objects.filter( ipv6=ip_id, server_pool__vipporttopool__requisicao_vip__id= vip_id, server_pool__vipporttopool__port_vip=port_vip, port_real=port_real) [ pool_member.delete() for pool_member in pool_members ] else: command = VIP_REAL_v6_REMOVE % (vip_id, real_name, end_ip) pool_members = ServerPoolMember.objects.filter( ipv6=ip_id, server_pool__vipporttopool__requisicao_vip__id= vip_id) [ pool_member.delete() for pool_member in pool_members ] elif (operation == 'ena'): if IP_VERSION.IPv4[0] == network_version: if new_call: command = VIP_REALS_v4_ENABLE % ( vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v4_ENABLE % (vip_id, real_name, end_ip) else: if new_call: command = VIP_REALS_v6_ENABLE % ( vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v6_ENABLE % (vip_id, real_name, end_ip) elif (operation == 'dis'): if IP_VERSION.IPv4[0] == network_version: if new_call: command = VIP_REALS_v4_DISABLE % ( vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v4_DISABLE % (vip_id, real_name, end_ip) else: if new_call: command = VIP_REALS_v6_DISABLE % ( vip_id, ip_id, port_real, port_vip) else: command = VIP_REAL_v6_DISABLE % (vip_id, real_name, end_ip) self.log.info(command) # Execute script code, stdout, stderr = exec_script(command) self.log.info(stdout) map = dict() success_map = dict() # Return XML if code == 0: success_map['codigo'] = '%04d' % code success_map['descricao'] = {'stdout': stdout, 'stderr': stderr} map['sucesso'] = success_map return self.response(dumps_networkapi(map)) elif code == 12: success_map['codigo'] = '0' success_map['descricao'] = {'stdout': '0', 'stderr': ''} map['sucesso'] = success_map self.rollback_changes(operation, new_call, network_version, vip_id, ip_id, port_real, port_vip, real_name, end_ip, user) return self.response(dumps_networkapi(map)) else: self.rollback_changes(operation, new_call, network_version, vip_id, ip_id, port_real, port_vip, real_name, end_ip, user) return self.response_error(2, stdout + stderr)