From 62899e470c56de162e31bf0921949208c3d837f5 Mon Sep 17 00:00:00 2001 From: Angel Luis Moya Gonzalez Date: Mon, 18 May 2020 17:31:26 +0200 Subject: [PATCH] F #4302: Relaxing NSX_STATUS to operate without credentials (#4754) Co-authored-by: mouyaq --- .../lib/nsx_driver/distributed_firewall.rb | 11 ++-- .../remotes/lib/nsx_driver/logical_switch.rb | 2 +- src/vnm_mad/remotes/vcenter/clean | 42 +++++++++++---- src/vnm_mad/remotes/vcenter/post | 16 +++--- src/vnm_mad/remotes/vcenter/pre | 54 ------------------- 5 files changed, 45 insertions(+), 80 deletions(-) diff --git a/src/vmm_mad/remotes/lib/nsx_driver/distributed_firewall.rb b/src/vmm_mad/remotes/lib/nsx_driver/distributed_firewall.rb index 4691b2fd0c..0cd34535c6 100644 --- a/src/vmm_mad/remotes/lib/nsx_driver/distributed_firewall.rb +++ b/src/vmm_mad/remotes/lib/nsx_driver/distributed_firewall.rb @@ -196,12 +196,10 @@ module NSXDriver vm = VCenterDriver::VirtualMachine .new_one(vi_client, deploy_id, one_vm) - # NSX Objects needed - ls = LogicalSwitch.new(@nsx_client) - # Search NSX Nics # First try to search only new attached NSX Nics - nsx_nics = ls.nsx_nics(template_xml, only_attached) + nsx_nics = NSXDriver::LogicalSwitch.nsx_nics(template_xml, + only_attached) # If there is no NSX Nics return if nsx_nics.empty? @@ -251,10 +249,9 @@ module NSXDriver vm_id = template_xml.xpath('/VM/ID').text vm_deploy_id = template_xml.xpath('/VM/DEPLOY_ID').text - # Search NSX Nics - ls = LogicalSwitch.new(@nsx_client) # First try to search only new attached NSX Nics - nsx_nics = ls.nsx_nics(template_xml, only_detached) + nsx_nics = NSXDriver::LogicalSwitch.nsx_nics(template_xml, + only_detached) # If there is no NSX Nics return if nsx_nics.empty? diff --git a/src/vmm_mad/remotes/lib/nsx_driver/logical_switch.rb b/src/vmm_mad/remotes/lib/nsx_driver/logical_switch.rb index a02dfd3036..7950624e5b 100644 --- a/src/vmm_mad/remotes/lib/nsx_driver/logical_switch.rb +++ b/src/vmm_mad/remotes/lib/nsx_driver/logical_switch.rb @@ -53,7 +53,7 @@ module NSXDriver # Return nsx nics of type NSX-V and NSX-T # If only_new_attached = true --> Only returns new attached nsx nics - def nsx_nics(template_xml, only_new_attached = true) + def self.nsx_nics(template_xml, only_new_attached = true) if only_new_attached == true nics = template_xml.xpath('//TEMPLATE/NIC[ATTACH="YES"]') else diff --git a/src/vnm_mad/remotes/vcenter/clean b/src/vnm_mad/remotes/vcenter/clean index 8c90a8c6ab..fa4714996c 100755 --- a/src/vnm_mad/remotes/vcenter/clean +++ b/src/vnm_mad/remotes/vcenter/clean @@ -69,19 +69,39 @@ end nsx_status = one_host['TEMPLATE/NSX_STATUS'] exit 0 if nsx_status.nil? -# Clear rules -nsx_client = NSXDriver::NSXClient.new_from_id(one_host['ID']) -dfw = NSXDriver::DistributedFirewall.new_child(nsx_client) +# Exit if there is no NSX_PASSWORD +nsx_password = one_host['TEMPLATE/NSX_PASSWORD'] +exit 0 if nsx_password.nil? -begin - dfw.clear_rules(template, modified?(template)) -rescue StandardError => e - OpenNebula.log_error('Error deleting security groups rules ' \ - "due to \"#{e.message}\"") - if VCenterDriver::CONFIG[:debug_information] - OpenNebula.error_message(e.backtrace) +# OpenNebula VM +vmid = template_xml.xpath('//VM/ID') +one_vm = VCenterDriver::VIHelper.one_item(OpenNebula::VirtualMachine, vmid) + +rc = one_vm.info +if OpenNebula.is_error?(rc) + err_msg = rc.message + raise err_msg +end + +# Get all modified or all NSX Nics +is_modified = modified?(template) +nsx_nics = NSXDriver::LogicalSwitch.nsx_nics(template_xml, + is_modified) +vm_state = one_vm.state_str +unless nsx_nics.empty? || (vm_state != 'POWEROFF') + begin + # Clear rules + nsx_client = NSXDriver::NSXClient.new_from_id(one_host['ID']) + dfw = NSXDriver::DistributedFirewall.new_child(nsx_client) + dfw.clear_rules(template, modified?(template)) + rescue StandardError => e + OpenNebula.log_error('Error deleting security groups rules ' \ + "due to \"#{e.message}\"") + if VCenterDriver::CONFIG[:debug_information] + OpenNebula.error_message(e.backtrace) + end + exit 1 end - exit 1 end exit 0 diff --git a/src/vnm_mad/remotes/vcenter/post b/src/vnm_mad/remotes/vcenter/post index 062d2d0b9b..ffcf7b5435 100755 --- a/src/vnm_mad/remotes/vcenter/post +++ b/src/vnm_mad/remotes/vcenter/post @@ -53,7 +53,6 @@ end template = Base64.decode64(STDIN.read) deploy_id = ARGV[0] - template_xml = Nokogiri::XML(template) # OpenNebula host @@ -71,6 +70,10 @@ end nsx_status = one_host['TEMPLATE/NSX_STATUS'] exit 0 if nsx_status.nil? +# Exit if there is no NSX_PASSWORD +nsx_password = one_host['TEMPLATE/NSX_PASSWORD'] +exit 0 if nsx_password.nil? + # OpenNebula VM vmid = template_xml.xpath('//VM/ID') one_vm = VCenterDriver::VIHelper.one_item(OpenNebula::VirtualMachine, vmid) @@ -81,17 +84,16 @@ if OpenNebula.is_error?(rc) raise err_msg end -# NSX Objects -nsx_client = NSXDriver::NSXTClient.new_from_id(one_host['ID']) -dfw = NSXDriver::DistributedFirewall.new_child(nsx_client) -ls = NSXDriver::LogicalSwitch.new(nsx_client) - # Get all modified or all NSX Nics is_modified = modified?(template) -nsx_nics = ls.nsx_nics(template_xml, is_modified) +nsx_nics = NSXDriver::LogicalSwitch.nsx_nics(template_xml, + is_modified) vm_state = one_vm.state_str unless nsx_nics.empty? || (vm_state == 'POWEROFF') begin + # NSX Objects + nsx_client = NSXDriver::NSXTClient.new_from_id(one_host['ID']) + dfw = NSXDriver::DistributedFirewall.new_child(nsx_client) dfw.create_rules(deploy_id, template, is_modified) rescue StandardError => e dfw.clear_rules(template, is_modified) diff --git a/src/vnm_mad/remotes/vcenter/pre b/src/vnm_mad/remotes/vcenter/pre index c2199d9379..fef41023e8 100755 --- a/src/vnm_mad/remotes/vcenter/pre +++ b/src/vnm_mad/remotes/vcenter/pre @@ -15,59 +15,5 @@ # See the License for the specific language governing permissions and # # limitations under the License. # #--------------------------------------------------------------------------- # -# Define libraries location -ONE_LOCATION = ENV['ONE_LOCATION'] - -if !ONE_LOCATION - RUBY_LIB_LOCATION = '/usr/lib/one/ruby' - GEMS_LOCATION = '/usr/share/one/gems' - VMDIR = '/var/lib/one' - CONFIG_FILE = '/var/lib/one/config' -else - RUBY_LIB_LOCATION = ONE_LOCATION + '/lib/ruby' - GEMS_LOCATION = ONE_LOCATION + '/share/gems' - VMDIR = ONE_LOCATION + '/var' - CONFIG_FILE = ONE_LOCATION + '/var/config' -end - -if File.directory?(GEMS_LOCATION) - Gem.use_paths(GEMS_LOCATION) -end - -$LOAD_PATH << RUBY_LIB_LOCATION - -$LOAD_PATH << File.dirname(__FILE__) -$LOAD_PATH << File.join(File.dirname(__FILE__), '..') - -require 'vnmmad' -require 'nokogiri' -require 'opennebula' -require 'vcenter_driver' -require 'nsx_driver' - -template = Base64.decode64(STDIN.read) -template_xml = Nokogiri::XML(template) - -# Check Host exists -host_name = template_xml - .xpath('//HISTORY_RECORDS/HISTORY[last()]/HOSTNAME').text - -one_host = VCenterDriver::VIHelper - .find_by_name(OpenNebula::HostPool, host_name) -rc = one_host.info -if OpenNebula.is_error?(rc) - err_msg = rc.message - raise err_msg -end - -# Exit if there is no NSX -nsx_status = one_host['TEMPLATE/NSX_STATUS'] -exit 0 if nsx_status.nil? - -unless nsx_status == 'OK' - OpenNebula.log_error('NSX_STATUS is not OK') - OpenNebula.error_message('NSX_STATUS is not OK') - exit 1 -end exit 0