mirror of
https://github.com/OpenNebula/one.git
synced 2025-03-21 14:50:08 +03:00
Merge branch 'feature-1112' of git.opennebula.org:one into feature-1112
This commit is contained in:
Ruben S. Montero
commit
666ffef04d
@ -205,6 +205,10 @@ public:
|
||||
|
||||
void request_execute(xmlrpc_c::paramList const& _paramList,
|
||||
RequestAttributes& att);
|
||||
|
||||
bool allocate_authorization(Template * obj_template,
|
||||
RequestAttributes& att,
|
||||
PoolObjectAuth * cluster_perms);
|
||||
};
|
||||
|
||||
/* ------------------------------------------------------------------------- */
|
||||
|
||||
@ -95,25 +95,10 @@ int Image::insert(SqlDB *db, string& error_str)
|
||||
string persistent_attr;
|
||||
string dev_prefix;
|
||||
string source_attr;
|
||||
string aname;
|
||||
string saved_id;
|
||||
|
||||
ostringstream oss;
|
||||
|
||||
// ------------------------------------------------------------------------
|
||||
// Check template for restricted attributes
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
if ( uid != 0 && gid != GroupPool::ONEADMIN_ID )
|
||||
{
|
||||
ImageTemplate *img_template = static_cast<ImageTemplate *>(obj_template);
|
||||
|
||||
if (img_template->check(aname))
|
||||
{
|
||||
goto error_restricted;
|
||||
}
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------
|
||||
// Check default image attributes
|
||||
// ---------------------------------------------------------------------
|
||||
@ -242,11 +227,6 @@ error_path_and_source:
|
||||
error_str = "Template malformed, PATH and SOURCE are mutually exclusive.";
|
||||
goto error_common;
|
||||
|
||||
error_restricted:
|
||||
oss << "Template includes a restricted attribute " << aname << ".";
|
||||
error_str = oss.str();
|
||||
goto error_common;
|
||||
|
||||
error_common:
|
||||
NebulaLog::log("IMG", Log::ERROR, error_str);
|
||||
return -1;
|
||||
|
||||
@ -27,6 +27,7 @@ ISCSIADM=iscsiadm
|
||||
LVCREATE=lvcreate
|
||||
LVREMOVE=lvremove
|
||||
LVS=lvs
|
||||
LN=ln
|
||||
MD5SUM=md5sum
|
||||
MKFS=mkfs
|
||||
MKISOFS=mkisofs
|
||||
@ -211,7 +212,7 @@ function mkfs_command {
|
||||
#This function executes $2 at $1 host and report error $3
|
||||
function ssh_exec_and_log
|
||||
{
|
||||
SSH_EXEC_ERR=`$SSH $1 bash -s 2>&1 1>/dev/null <<EOF
|
||||
SSH_EXEC_ERR=`$SSH $1 sh -s 2>&1 1>/dev/null <<EOF
|
||||
$2
|
||||
EOF`
|
||||
SSH_EXEC_RC=$?
|
||||
@ -232,7 +233,7 @@ EOF`
|
||||
#Creates path ($2) at $1
|
||||
function ssh_make_path
|
||||
{
|
||||
SSH_EXEC_ERR=`$SSH $1 bash -s 2>&1 1>/dev/null <<EOF
|
||||
SSH_EXEC_ERR=`$SSH $1 sh -s 2>&1 1>/dev/null <<EOF
|
||||
if [ ! -d $2 ]; then
|
||||
mkdir -p $2
|
||||
fi
|
||||
|
||||
@ -76,9 +76,28 @@ bool VirtualMachineAllocate::allocate_authorization(
|
||||
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
string t64;
|
||||
string aname;
|
||||
|
||||
VirtualMachineTemplate * ttmpl = static_cast<VirtualMachineTemplate *>(tmpl);
|
||||
|
||||
// Check template for restricted attributes
|
||||
|
||||
if ( att.uid != 0 && att.gid != GroupPool::ONEADMIN_ID )
|
||||
{
|
||||
if (ttmpl->check(aname))
|
||||
{
|
||||
ostringstream oss;
|
||||
|
||||
oss << "VM Template includes a restricted attribute " << aname;
|
||||
|
||||
failure_response(AUTHORIZATION,
|
||||
authorization_error(oss.str(), att),
|
||||
att);
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
ar.add_create_auth(auth_object, tmpl->to_xml(t64));
|
||||
|
||||
VirtualMachine::set_auth_request(att.uid, ar, ttmpl);
|
||||
@ -98,6 +117,39 @@ bool VirtualMachineAllocate::allocate_authorization(
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
bool ImageAllocate::allocate_authorization(
|
||||
Template * tmpl,
|
||||
RequestAttributes& att,
|
||||
PoolObjectAuth * cluster_perms)
|
||||
{
|
||||
string aname;
|
||||
|
||||
ImageTemplate * itmpl = static_cast<ImageTemplate *>(tmpl);
|
||||
|
||||
// Check template for restricted attributes
|
||||
|
||||
if ( att.uid != 0 && att.gid != GroupPool::ONEADMIN_ID )
|
||||
{
|
||||
if (itmpl->check(aname))
|
||||
{
|
||||
ostringstream oss;
|
||||
|
||||
oss << "Template includes a restricted attribute " << aname;
|
||||
|
||||
failure_response(AUTHORIZATION,
|
||||
authorization_error(oss.str(), att),
|
||||
att);
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return RequestManagerAllocate::allocate_authorization(tmpl, att, cluster_perms);
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params,
|
||||
RequestAttributes& att)
|
||||
{
|
||||
|
||||
@ -39,6 +39,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList
|
||||
VMTemplate * rtmpl;
|
||||
|
||||
string error_str;
|
||||
string aname;
|
||||
|
||||
rtmpl = tpool->get(id,true);
|
||||
|
||||
@ -57,6 +58,26 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList
|
||||
|
||||
rtmpl->unlock();
|
||||
|
||||
// Check template for restricted attributes, but only if the Template owner
|
||||
// is not oneadmin
|
||||
|
||||
if ( perms.uid != 0 && perms.gid != GroupPool::ONEADMIN_ID )
|
||||
{
|
||||
if (tmpl->check(aname))
|
||||
{
|
||||
ostringstream oss;
|
||||
|
||||
oss << "VM Template includes a restricted attribute " << aname;
|
||||
|
||||
failure_response(AUTHORIZATION,
|
||||
authorization_error(oss.str(), att),
|
||||
att);
|
||||
|
||||
delete tmpl;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
tmpl->erase("NAME");
|
||||
tmpl->set(new SingleAttribute("NAME",name));
|
||||
|
||||
|
||||
@ -73,6 +73,9 @@ exec_and_log "$MKISOFS -o $ISO_FILE -J -R $ISO_DIR" "Error creating iso fs"
|
||||
|
||||
exec_and_log "$SCP $ISO_FILE $DST" "Error copying context ISO to $DST"
|
||||
|
||||
# Creates symbolic link to add a .iso suffix, needed for VMware CDROMs
|
||||
ssh_exec_and_log $DST_HOST "$LN -s $DST_PATH $DST_PATH.iso" "Error creating ISO symbolic link"
|
||||
|
||||
rm -rf $ISO_DIR > /dev/null 2>&1
|
||||
|
||||
exit 0
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
# limitations under the License. #
|
||||
#--------------------------------------------------------------------------- #
|
||||
|
||||
# ln fe:SOURCE host:remote_system_ds/disk.i size
|
||||
# ln fe:SOURCE host:remote_system_ds/disk.i
|
||||
# - fe is the front-end hostname
|
||||
# - SOURCE is the path of the disk image in the form DS_BASE_PATH/disk
|
||||
# - host is the target host to deploy the VM
|
||||
@ -43,16 +43,41 @@ DST_PATH=`arg_path $DST`
|
||||
DST_HOST=`arg_host $DST`
|
||||
DST_DIR=`dirname $DST_PATH`
|
||||
|
||||
ssh_make_path $DST_HOST $DST_DIR
|
||||
|
||||
#-------------------------------------------------------------------------------
|
||||
# Link (ln) SRC into DST
|
||||
#-------------------------------------------------------------------------------
|
||||
|
||||
log "Linking $SRC_PATH in $DST"
|
||||
# Is it a file or a folder (VMware)?
|
||||
if [ -d `arg_path $SRC` ]; then
|
||||
ssh_make_path $DST_HOST $DST_PATH
|
||||
|
||||
# It's a folder, make links for all elements
|
||||
SRC_FOLDER_NAME=`basename $SRC_PATH`
|
||||
SRC_WITH_NO_FOLDER=`dirname $SRC_PATH`
|
||||
SRC_DS_NAME=`basename $SRC_WITH_NO_FOLDER`
|
||||
REL_SRC_PATH="../../../$SRC_DS_NAME/$SRC_FOLDER_NAME"
|
||||
|
||||
log "Link all files in $SRC_PATH to $DST_PATH"
|
||||
|
||||
LINK_SCRIPT=$(cat <<EOF
|
||||
for file in \$(cd $DST_DIR ; find $SRC_PATH -type f); do
|
||||
FNAME=\$(basename \$file)
|
||||
(cd $DST_PATH ; ln -sf $REL_SRC_PATH/\$FNAME $DST_PATH/$FNAME)
|
||||
done
|
||||
EOF
|
||||
)
|
||||
ssh_exec_and_log $DST_HOST "$LINK_SCRIPT" "Could not link dir files from source DS to system DS"
|
||||
else
|
||||
ssh_make_path $DST_HOST $DST_DIR
|
||||
|
||||
# Just link a file
|
||||
log "Linking $SRC_PATH in $DST"
|
||||
|
||||
ssh_exec_and_log $DST_HOST \
|
||||
"cd $DST_DIR; ln -s $SRC_PATH $DST_PATH" \
|
||||
"Error linking $SRC to $DST"
|
||||
fi
|
||||
|
||||
ssh_exec_and_log $DST_HOST \
|
||||
"cd $DST_DIR; ln -s $SRC_PATH $DST_PATH" \
|
||||
"Error linking $SRC to $DST"
|
||||
|
||||
exit 0
|
||||
|
||||
|
||||
@ -58,6 +58,6 @@ http://*)
|
||||
|
||||
*)
|
||||
log "Cloning $SRC in $DST_PATH"
|
||||
exec_and_log "$SCP $SRC $DST" "Error copying $SRC to $DST"
|
||||
exec_and_log "$SCP -r $SRC $DST" "Error copying $SRC to $DST"
|
||||
;;
|
||||
esac
|
||||
|
||||
@ -49,6 +49,6 @@ SRC_HOST=`arg_host $SRC`
|
||||
# Move the image back to the datastore
|
||||
#-------------------------------------------------------------------------------
|
||||
log "Moving $SRC_PATH to datastore as $DST_PATH"
|
||||
exec_and_log "$SCP $SRC $DST" "Error copying $SRC to $DST"
|
||||
exec_and_log "$SCP -r $SRC $DST" "Error copying $SRC to $DST"
|
||||
|
||||
exit 0
|
||||
|
||||
@ -70,3 +70,18 @@ function is_disk
|
||||
echo "0"
|
||||
fi
|
||||
}
|
||||
|
||||
#Makes path src ($1) relative to dst ($2)
|
||||
function make_relative {
|
||||
src=$1
|
||||
dst=$2
|
||||
|
||||
common=$dst
|
||||
|
||||
while [ -z "`echo $src | grep -E "^$common"`" ]; do
|
||||
common=`dirname $common`
|
||||
dots="../$dots"
|
||||
done
|
||||
|
||||
echo $dots${src#$common/}
|
||||
}
|
||||
|
||||
@ -198,26 +198,9 @@ int VirtualMachine::insert(SqlDB * db, string& error_str)
|
||||
int rc;
|
||||
string name;
|
||||
|
||||
SingleAttribute * attr;
|
||||
string aname;
|
||||
string value;
|
||||
|
||||
ostringstream oss;
|
||||
|
||||
// ------------------------------------------------------------------------
|
||||
// Check template for restricted attributes
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
if ( uid != 0 && gid != GroupPool::ONEADMIN_ID )
|
||||
{
|
||||
VirtualMachineTemplate *vt =
|
||||
static_cast<VirtualMachineTemplate *>(obj_template);
|
||||
|
||||
if (vt->check(aname))
|
||||
{
|
||||
goto error_restricted;
|
||||
}
|
||||
}
|
||||
SingleAttribute * attr;
|
||||
string value;
|
||||
ostringstream oss;
|
||||
|
||||
// ------------------------------------------------------------------------
|
||||
// Set a name if the VM has not got one and VM_ID
|
||||
@ -327,11 +310,6 @@ error_leases_rollback:
|
||||
release_network_leases();
|
||||
goto error_common;
|
||||
|
||||
error_restricted:
|
||||
oss << "VM Template includes a restricted attribute " << aname << ".";
|
||||
error_str = oss.str();
|
||||
goto error_common;
|
||||
|
||||
error_name_length:
|
||||
oss << "NAME is too long; max length is 128 chars.";
|
||||
error_str = oss.str();
|
||||
|
||||
@ -222,19 +222,19 @@ int LibVirtDriver::deployment_description_vmware(
|
||||
{
|
||||
file << "\t\t<disk type='block' device='disk'>" << endl;
|
||||
file << "\t\t\t<source file=[" << datastore << "] " << vm->get_oid()
|
||||
<< "/images/disk." << i << "'/>" << endl;
|
||||
<< "/disk." << i << "'/>" << endl;
|
||||
}
|
||||
else if ( type == "CDROM" )
|
||||
{
|
||||
file << "\t\t<disk type='file' device='cdrom'>" << endl;
|
||||
file << "\t\t\t<source file=[" << datastore << "] " << vm->get_oid()
|
||||
<< "/images/disk." << i << ".iso'/>" << endl;
|
||||
<< "/disk." << i << ".iso'/>" << endl;
|
||||
}
|
||||
else
|
||||
{
|
||||
file << "\t\t<disk type='file' device='disk'>" << endl
|
||||
<< "\t\t\t<source file='[" << datastore <<"] " << vm->get_oid()
|
||||
<< "/images/disk." << i << "/disk.vmdk'/>" << endl;
|
||||
<< "/disk." << i << "/disk.vmdk'/>" << endl;
|
||||
}
|
||||
|
||||
file << "\t\t\t<target dev='" << target << "'";
|
||||
|
||||
@ -28,8 +28,9 @@ MEMORY = 256
|
||||
OS = [ ARCH = i686 ]
|
||||
DISK = [ DRIVER = file ]
|
||||
|
||||
# Name of the datastore in the remote VMware hypervisors
|
||||
# mounting $ONE_LOCATION/var exported as a nfs share
|
||||
# by the OpenNebula front-end
|
||||
# Name of the system datastore in the remote VMware hypervisors
|
||||
# mounting DATASTORE_LOCATION/var/datastore/0 exported as a nfs share
|
||||
# by the OpenNebula front-end. This would need to be changed
|
||||
# *only* with custom TM drivers
|
||||
|
||||
DATASTORE = images
|
||||
DATASTORE = 0
|
||||
|
||||
@ -165,7 +165,8 @@ class VMwareDriver
|
||||
def restore(checkpoint)
|
||||
begin
|
||||
# Define the VM
|
||||
dfile = File.dirname(File.dirname(checkpoint)) + "/deployment.0"
|
||||
dfile = VAR_LOCATION + "/" +
|
||||
File.basename(File.dirname(checkpoint)) + "/deployment.0"
|
||||
rescue => e
|
||||
OpenNebula.log_error("Cannot open checkpoint #{e.message}")
|
||||
exit -1
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user