From 08312c7fbffd18a426bdd9046a55c6335ae8e69d Mon Sep 17 00:00:00 2001 From: "Ruben S. Montero" Date: Thu, 8 Jul 2021 08:44:35 +0000 Subject: [PATCH 01/10] B #5453: DO ip_range, vpc name and inputs - ip_range is pick from 172.16.0.0/12 range using cluster ID - name is generated with vpc-one- - inputs preselect some droplet sizes (cherry picked from commit ee6b81f830bb617b3c2f129c7e798d04378dea0d) --- .../providers/digitalocean/do-ams3.yml | 6 ------ .../providers/digitalocean/do-lon1.yml | 6 ------ .../providers/digitalocean/do-nyc3.yml | 6 ------ .../providers/digitalocean/do-sfo3.yml | 6 ------ .../providers/digitalocean/do-sgp1.yml | 6 ------ .../provisions/digitalocean.d/inputs.yml | 21 ++++++++++++++++--- .../templates/digitalocean/cluster.erb | 9 ++++++-- 7 files changed, 25 insertions(+), 35 deletions(-) diff --git a/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-ams3.yml b/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-ams3.yml index 2f8dcc5e4d..77bb3b72b8 100644 --- a/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-ams3.yml +++ b/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-ams3.yml @@ -11,9 +11,3 @@ plain: connection: token: 'DigitalOcean token' region: 'ams3' - -inputs: - - name: 'digitalocean_droplet' - type: 'list' - options: - - 'centos-8-x64' diff --git a/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-lon1.yml b/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-lon1.yml index 224fdc9a44..3e18ea8b3a 100644 --- a/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-lon1.yml +++ b/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-lon1.yml @@ -11,9 +11,3 @@ plain: connection: token: 'DigitalOcean token' region: 'lon1' - -inputs: - - name: 'digitalocean_droplet' - type: 'list' - options: - - 'centos-8-x64' diff --git a/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-nyc3.yml b/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-nyc3.yml index 22c4179ec5..db4a1f7043 100644 --- a/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-nyc3.yml +++ b/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-nyc3.yml @@ -11,9 +11,3 @@ plain: connection: token: 'DigitalOcean token' region: 'nyc3' - -inputs: - - name: 'digitalocean_droplet' - type: 'list' - options: - - 'centos-8-x64' diff --git a/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-sfo3.yml b/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-sfo3.yml index 9af290621c..a57b1ab280 100644 --- a/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-sfo3.yml +++ b/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-sfo3.yml @@ -11,9 +11,3 @@ plain: connection: token: 'DigitalOcean token' region: 'sfo3' - -inputs: - - name: 'digitalocean_droplet' - type: 'list' - options: - - 'centos-8-x64' diff --git a/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-sgp1.yml b/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-sgp1.yml index 5ddb937588..3e8aa90bf6 100644 --- a/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-sgp1.yml +++ b/share/oneprovision/edge-clusters/virtual/providers/digitalocean/do-sgp1.yml @@ -11,9 +11,3 @@ plain: connection: token: 'DigitalOcean token' region: 'sgp1' - -inputs: - - name: 'digitalocean_droplet' - type: 'list' - options: - - 'centos-8-x64' diff --git a/share/oneprovision/edge-clusters/virtual/provisions/digitalocean.d/inputs.yml b/share/oneprovision/edge-clusters/virtual/provisions/digitalocean.d/inputs.yml index b564b19010..930a65a451 100644 --- a/share/oneprovision/edge-clusters/virtual/provisions/digitalocean.d/inputs.yml +++ b/share/oneprovision/edge-clusters/virtual/provisions/digitalocean.d/inputs.yml @@ -22,14 +22,29 @@ inputs: default: '1' - name: 'digitalocean_image' - type: text + type: list description: "Droplet host operating system" default: 'centos-8-x64' + options: + - 'centos-8-x64' - name: 'digitalocean_size' - type: text - description: "Droplet size" + type: list + description: "Size of droplet. Basic droplets start with s-, memory optimize with m- and CPU optimize are c-" default: 's-1vcpu-1gb' + options: + - 's-1vcpu-1gb' + - 's-1vcpu-2gb' + - 's-1vcpu-3gb' + - 's-2vcpu-2gb' + - 's-2vcpu-4gb' + - 's-4vcpu-8gb' + - 's-8vcpu-16gb' + - 'm-2vcpu-16gb' + - 'm-8vcpu-64gb' + - 'c-2' + - 'c-4' + - 'c-8' - name: 'one_hypervisor' type: list diff --git a/src/oneprovision/lib/terraform/providers/templates/digitalocean/cluster.erb b/src/oneprovision/lib/terraform/providers/templates/digitalocean/cluster.erb index 95d4457cab..af0fbf686f 100644 --- a/src/oneprovision/lib/terraform/providers/templates/digitalocean/cluster.erb +++ b/src/oneprovision/lib/terraform/providers/templates/digitalocean/cluster.erb @@ -1,5 +1,10 @@ resource "digitalocean_vpc" "device_<%= obj['ID'] %>" { - name = "vpc-digitalocean-<%= provision['REGION'] %>" + name = "vpc-one-<%= obj['ID'] %>" region = "<%= provision['REGION'] %>" - ip_range = "10.10.10.0/24" + <% + net_id = obj['ID'].to_i + id_h = (( net_id & 3840) >> 8) + 16 + id_l = net_id & 255 + %> + ip_range = "172.<%= id_h %>.<%= id_l %>.0/24" } From 2fef0c38231c83e3b3a9efc14694535d6d59eec1 Mon Sep 17 00:00:00 2001 From: Jan Orel Date: Thu, 8 Jul 2021 12:54:11 +0200 Subject: [PATCH 02/10] B #5444: Skip failed migration cleanup on SHARED (#1349) --- src/vmm_mad/remotes/kvm/migrate | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/vmm_mad/remotes/kvm/migrate b/src/vmm_mad/remotes/kvm/migrate index 0b7c1a9c0f..3a59c5dd4b 100755 --- a/src/vmm_mad/remotes/kvm/migrate +++ b/src/vmm_mad/remotes/kvm/migrate @@ -237,7 +237,9 @@ if [ $RC -ne 0 ]; then virsh --connect $QEMU_PROTOCOL://$DEST_HOST/system "${CLEAN_OP}" $DEPLOY_ID >/dev/null 2>&1 done - ssh $DEST_HOST "rm -rf $VM_DIR" + if [ "$SHARED" != "YES" ]; then + ssh $DEST_HOST "rm -rf $VM_DIR" + fi error_message "Could not migrate $DEPLOY_ID to $DEST_HOST" exit $RC From 5d5dd51db49a0e0db75b22311d35542f6a11bd68 Mon Sep 17 00:00:00 2001 From: Tino Vazquez Date: Thu, 8 Jul 2021 15:32:50 +0200 Subject: [PATCH 03/10] L #-: Enable rubocop GH action --- share/smoke_tests/tests/02-rubocop.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/share/smoke_tests/tests/02-rubocop.sh b/share/smoke_tests/tests/02-rubocop.sh index 4af593fcab..3fc6fd30a9 100755 --- a/share/smoke_tests/tests/02-rubocop.sh +++ b/share/smoke_tests/tests/02-rubocop.sh @@ -1,5 +1,4 @@ #!/bin/bash -xv -exit 0 # -------------------------------------------------------------------------- # # Copyright 2002-2021, OpenNebula Project, OpenNebula Systems # # # From acd1cc9469d5d3d7752653749cf4bc399eb9e615 Mon Sep 17 00:00:00 2001 From: Tino Vazquez Date: Thu, 8 Jul 2021 16:21:46 +0200 Subject: [PATCH 04/10] L #-: Disable Style/MixinUsage cop --- share/linters/.rubocop.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/share/linters/.rubocop.yml b/share/linters/.rubocop.yml index 5888d63de3..e545f8628f 100644 --- a/share/linters/.rubocop.yml +++ b/share/linters/.rubocop.yml @@ -753,6 +753,9 @@ Style/QuotedSymbols: Style/HashConversion: Enabled: false +Style/MixinUsage: + Enabled: false + ###### # LINT ###### From ad5bd71d8e5acaf36ae408c2bb0c8ec87aff59b3 Mon Sep 17 00:00:00 2001 From: Ricardo Diaz Date: Thu, 8 Jul 2021 16:59:05 +0200 Subject: [PATCH 05/10] L #-: Autostart hook linting (#1351) --- share/hooks/autostart/host | 28 +++++++++++++--------------- share/hooks/autostart/vm | 29 +++++++++++++---------------- 2 files changed, 26 insertions(+), 31 deletions(-) diff --git a/share/hooks/autostart/host b/share/hooks/autostart/host index a51dc8a434..1f6d2450a3 100755 --- a/share/hooks/autostart/host +++ b/share/hooks/autostart/host @@ -71,7 +71,6 @@ require 'getoptlong' require 'base64' require 'open3' - ################################################################################ # Arguments ################################################################################ @@ -80,18 +79,16 @@ require 'open3' standard_input = STDIN.read ARGV.replace(standard_input.split(' ')) - raw_host_template = Base64.decode64(ARGV[0]) xml_host_template = Nokogiri::XML(raw_host_template) HOST_ID = xml_host_template.xpath('HOST/ID').text - ################################################################################ # Methods ################################################################################ -def log(msg, level="I") +def log(msg, level = 'I') File.open(LOG_FILE, 'a') do |f| msg.lines do |l| f.puts "[#{Time.now}][HOST #{HOST_ID}][#{level}] #{l}" @@ -100,11 +97,11 @@ def log(msg, level="I") end def log_error(msg) - log(msg, "E") + log(msg, 'E') end def exit_error - log_error("Exiting due to previous error.") + log_error('Exiting due to previous error.') exit(-1) end @@ -112,11 +109,11 @@ end # Main ################################################################################ -log "OpenNebula Autostart Host Hook launched" +log 'OpenNebula Autostart Host Hook launched' begin - client = Client.new() -rescue Exception => e + client = Client.new +rescue StandardError => e log_error e.to_s exit_error end @@ -125,11 +122,11 @@ host = OpenNebula::Host.new_with_id(HOST_ID, client) rc = host.info if OpenNebula.is_error?(rc) - log_error "#{rc.message}" + log_error rc.message.to_s exit_error end -log "#{host.name}" +log host.name.to_s # Iterate over guest VMs xml_host_template.xpath('HOST/VMS').text.split.each do |vm_id| @@ -143,7 +140,7 @@ xml_host_template.xpath('HOST/VMS').text.split.each do |vm_id| # Skip if VM AUTOSTART not enabled autostart = vm['USER_TEMPLATE/AUTOSTART'] - if !autostart || (autostart != "true" && autostart != "yes") + if !autostart || (autostart != 'true' && autostart != 'yes') log "vm #{vm_id}: skip: autostart not enabled" next end @@ -153,7 +150,7 @@ xml_host_template.xpath('HOST/VMS').text.split.each do |vm_id| # determine the state of active VMs, UNKNOWN state is kept. # Skip if LCM State is not UNKNOWN if vm.lcm_state_str != 'UNKNOWN' - log "vm #{vm_id}: skip: lcm_state (#{vm.lcm_state_str}) is not 'UNKNOWN'" + log "vm #{vm_id}: skip: lcm_state (#{vm.lcm_state_str}) is not UNKNOWN" next end @@ -173,8 +170,9 @@ xml_host_template.xpath('HOST/VMS').text.split.each do |vm_id| # Skip if action in last history record of guest is not 'none' last_action = vm["#{last_history_xpath}/ACTION"] last_action_str = OpenNebula::VirtualMachine.get_history_action(last_action) - if not %w{none live-migrate}.include?(last_action_str) - log "vm #{vm_id}: skip: last_action (#{last_action_str}) is not 'none' or 'live-migrate'" + if !%w[none live-migrate].include?(last_action_str) + log "vm #{vm_id}: skip: last_action (#{last_action_str}) "<< + 'is not none or live-migrate' next end diff --git a/share/hooks/autostart/vm b/share/hooks/autostart/vm index 0f11a30172..f19d6e4240 100755 --- a/share/hooks/autostart/vm +++ b/share/hooks/autostart/vm @@ -73,7 +73,6 @@ require 'getoptlong' require 'base64' require 'open3' - ################################################################################ # Arguments ################################################################################ @@ -82,18 +81,16 @@ require 'open3' standard_input = STDIN.read ARGV.replace(standard_input.split(' ')) - raw_vm_template = Base64.decode64(ARGV[0]) xml_vm_template = Nokogiri::XML(raw_vm_template) VM_ID = xml_vm_template.xpath('VM/ID').text - ################################################################################ # Methods ################################################################################ -def log(msg, level="I") +def log(msg, level = 'I') File.open(LOG_FILE, 'a') do |f| msg.lines do |l| f.puts "[#{Time.now}][VM #{VM_ID}][#{level}] #{l}" @@ -102,11 +99,11 @@ def log(msg, level="I") end def log_error(msg) - log(msg, "E") + log(msg, 'E') end def exit_error - log_error("Exiting due to previous error.") + log_error('Exiting due to previous error.') exit(-1) end @@ -114,11 +111,11 @@ end # Main ################################################################################ -log "OpenNebula Autostart VM Hook launched" +log 'OpenNebula Autostart VM Hook launched' begin - client = Client.new() -rescue Exception => e + client = Client.new +rescue StandardError => e log_error e.to_s exit_error end @@ -127,23 +124,23 @@ vm = OpenNebula::VirtualMachine.new_with_id(VM_ID, client) rc = vm.info if OpenNebula.is_error?(rc) - log_error "#{rc.message}" + log_error rc.message.to_s exit_error end -log "#{vm.name}" +log vm.name.to_s # Skip if AUTOSTART not enabled autostart = vm['USER_TEMPLATE/AUTOSTART'] -if !autostart || (autostart != "true" && autostart != "yes") - log "skip: autostart not enabled" +if !autostart || (autostart != 'true' && autostart != 'yes') + log 'skip: autostart not enabled' exit 0 end # ACTION in last history record of guest is equal to 'monitor' if an active VM # was powered off by monitor. # Skip if VM is not poweroff by monitor -last_action = vm["HISTORY_RECORDS/HISTORY[last()]/ACTION"] +last_action = vm['HISTORY_RECORDS/HISTORY[last()]/ACTION'] last_action_str = OpenNebula::VirtualMachine.get_history_action(last_action) if last_action_str != 'monitor' log "skip: last_action (#{last_action_str}) is not 'monitor'" @@ -151,9 +148,9 @@ if last_action_str != 'monitor' end # Autostart VM -log "resume" +log 'resume' rc = vm.resume -log_error "#{rc.message}" if OpenNebula.is_error?(rc) +log_error rc.message.to_s if OpenNebula.is_error?(rc) exit 0 From a238c3462dcaa7bc597af0bd2512ae1cb6eef22b Mon Sep 17 00:00:00 2001 From: Jan Orel Date: Fri, 9 Jul 2021 13:10:55 +0200 Subject: [PATCH 06/10] B #-: Don't puts "create" when making new bucket (#1354) --- src/market_mad/remotes/s3/S3.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/src/market_mad/remotes/s3/S3.rb b/src/market_mad/remotes/s3/S3.rb index fc6549c646..396017adab 100644 --- a/src/market_mad/remotes/s3/S3.rb +++ b/src/market_mad/remotes/s3/S3.rb @@ -35,7 +35,6 @@ class S3 :bucket => @bucket }) rescue Aws::S3::Errors::NotFound - puts "create" @client.create_bucket({ :bucket => @bucket }) From 11d2b2a938e6288fd5bfa13d3b3d611521bfd352 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Czern=C3=BD?= Date: Fri, 9 Jul 2021 13:20:47 +0200 Subject: [PATCH 07/10] B #5401: Ignore broken pipe error (#1353) (cherry picked from commit 1d52612c1060c4fcf775de8a5f35728918a9deee) --- src/mad/ruby/CommandManager.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/mad/ruby/CommandManager.rb b/src/mad/ruby/CommandManager.rb index 63bba32e19..fc621d55b1 100644 --- a/src/mad/ruby/CommandManager.rb +++ b/src/mad/ruby/CommandManager.rb @@ -169,8 +169,12 @@ private end } - i.write stdin_data - i.close + begin + i.write stdin_data + i.close + rescue Errno::EPIPE + # the cmd doesn't read the input, ignore error + end # blocking wait for process termination t.value From 03ddbc5af2f3a9ef40ac021d9c47fc2ed646b36d Mon Sep 17 00:00:00 2001 From: Jan Orel Date: Fri, 9 Jul 2021 13:35:23 +0200 Subject: [PATCH 08/10] L #-: Linting S3.rb (#1355) --- share/linters/.rubocop.yml | 1 - src/market_mad/remotes/s3/S3.rb | 105 +++++++++++++++++------------- src/market_mad/remotes/s3/monitor | 2 +- 3 files changed, 60 insertions(+), 48 deletions(-) diff --git a/share/linters/.rubocop.yml b/share/linters/.rubocop.yml index e545f8628f..5904c4063a 100644 --- a/share/linters/.rubocop.yml +++ b/share/linters/.rubocop.yml @@ -502,7 +502,6 @@ AllCops: - src/onedb/onedb_live.rb - src/onedb/onedb_backend.rb - src/onedb/sqlite2mysql.rb - - src/market_mad/remotes/s3/S3.rb - src/market_mad/one_market.rb - src/tm_mad/one_tm.rb - src/oca/ruby/opennebula/flow/grammar.rb diff --git a/src/market_mad/remotes/s3/S3.rb b/src/market_mad/remotes/s3/S3.rb index 396017adab..d889a1ecb3 100644 --- a/src/market_mad/remotes/s3/S3.rb +++ b/src/market_mad/remotes/s3/S3.rb @@ -1,3 +1,4 @@ +# rubocop:disable Naming/FileName # -------------------------------------------------------------------------- # # Copyright 2002-2021, OpenNebula Project, OpenNebula Systems # # # @@ -20,6 +21,7 @@ require 'aws-sdk-s3' # It can either handle simple or multipart uploads, but the logic to decide # which uploader to use is not included in this class. class S3 + attr_accessor :name, :client def initialize(h) @@ -31,13 +33,9 @@ class S3 # Implicit creation of the bucket begin - @client.head_bucket({ - :bucket => @bucket - }) + @client.head_bucket({ :bucket => @bucket }) rescue Aws::S3::Errors::NotFound - @client.create_bucket({ - :bucket => @bucket - }) + @client.create_bucket({ :bucket => @bucket }) end end @@ -45,39 +43,47 @@ class S3 @parts = [] @part_number = 1 - resp = @client.create_multipart_upload({ - :bucket => @bucket, - :key => @name - }) + resp = @client.create_multipart_upload( + { + :bucket => @bucket, + :key => @name + } + ) @upload_id = resp.upload_id end def complete_multipart_upload - @client.complete_multipart_upload({ - :bucket => @bucket, - :key => @name, - :upload_id => @upload_id, - :multipart_upload => {:parts => @parts} - }) + @client.complete_multipart_upload( + { + :bucket => @bucket, + :key => @name, + :upload_id => @upload_id, + :multipart_upload => { :parts => @parts } + } + ) end def abort_multipart_upload - @client.abort_multipart_upload({ - :upload_id => @upload_id, - :key => @name, - :bucket => @bucket - }) + @client.abort_multipart_upload( + { + :upload_id => @upload_id, + :key => @name, + :bucket => @bucket + } + ) end def upload_part(body) - resp = @client.upload_part({ - :body => body, - :upload_id => @upload_id, - :part_number => @part_number, - :key => @name, - :bucket => @bucket - }) + resp = @client.upload_part( + { + :body => body, + :upload_id => @upload_id, + :part_number => @part_number, + :key => @name, + :bucket => @bucket + } + ) @parts << { :etag => resp.etag, @@ -88,41 +94,48 @@ class S3 end def put_object(body) - @client.put_object({ - :body => body, - :bucket => @bucket, - :key => @name - }) + @client.put_object( + { + :body => body, + :bucket => @bucket, + :key => @name + + } + ) end def delete_object - @client.delete_object({ - :bucket => @bucket, - :key => @name - }) + @client.delete_object( + { + :bucket => @bucket, + :key => @name + } + ) end def exists? begin - !!@client.head_object({ - :bucket => @bucket, - :key => @name - }) + !@client.head_object( + { + :bucket => @bucket, + :key => @name + } + ).nil? rescue Aws::S3::Errors::NotFound false end end - def get_bucket_size - resp = @client.list_objects({ - bucket: @bucket - }) + def bucket_size + resp = @client.list_objects({ :bucket => @bucket }) size = 0 resp.contents.each do |o| size += o.size end - return size + size end + end +# rubocop:enable Naming/FileName diff --git a/src/market_mad/remotes/s3/monitor b/src/market_mad/remotes/s3/monitor index 94a559fcb3..aaed6266ce 100755 --- a/src/market_mad/remotes/s3/monitor +++ b/src/market_mad/remotes/s3/monitor @@ -99,7 +99,7 @@ s3 = S3.new(s3_config) s3.bucket = bucket -used_mb = (s3.get_bucket_size.to_f/1024/1024).ceil +used_mb = (s3.bucket_size.to_f/1024/1024).ceil free_mb = total_mb - used_mb puts < Date: Mon, 12 Jul 2021 16:33:33 +0200 Subject: [PATCH 09/10] M #~: Minor fix in xsd schema files (#1359) --- share/doc/xsd/api_info.xsd | 4 ++-- share/doc/xsd/hook_message_api.xsd | 2 +- share/doc/xsd/hook_message_state.xsd | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/share/doc/xsd/api_info.xsd b/share/doc/xsd/api_info.xsd index 72b625ca03..b25687364e 100644 --- a/share/doc/xsd/api_info.xsd +++ b/share/doc/xsd/api_info.xsd @@ -1,5 +1,5 @@ - + @@ -13,7 +13,7 @@ - + diff --git a/share/doc/xsd/hook_message_api.xsd b/share/doc/xsd/hook_message_api.xsd index db7a0640b2..0d5cc22309 100644 --- a/share/doc/xsd/hook_message_api.xsd +++ b/share/doc/xsd/hook_message_api.xsd @@ -6,7 +6,7 @@ - + diff --git a/share/doc/xsd/hook_message_state.xsd b/share/doc/xsd/hook_message_state.xsd index a02d755aab..9131c1e053 100644 --- a/share/doc/xsd/hook_message_state.xsd +++ b/share/doc/xsd/hook_message_state.xsd @@ -16,7 +16,7 @@ - + From fb5d0e16877d091c279b4e0dd58f88c7cef29e09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Czern=C3=BD?= Date: Tue, 13 Jul 2021 09:28:18 +0200 Subject: [PATCH 10/10] B #3610: Fix failure response for disk-attach (#1352) (cherry picked from commit d4f5a8bdf63f5168f6aa68f61313bb82bd9f5ba1) --- include/RequestManagerVirtualMachine.h | 7 +-- src/rm/RequestManagerVirtualMachine.cc | 82 ++++++++++++-------------- 2 files changed, 41 insertions(+), 48 deletions(-) diff --git a/include/RequestManagerVirtualMachine.h b/include/RequestManagerVirtualMachine.h index 56cef39408..f5bcea0260 100644 --- a/include/RequestManagerVirtualMachine.h +++ b/include/RequestManagerVirtualMachine.h @@ -47,6 +47,7 @@ protected: virtual void request_execute(xmlrpc_c::paramList const& _paramList, RequestAttributes& att) = 0; + // Authorize the request, set failure_response message bool vm_authorization(int id, ImageTemplate * tmpl, VirtualMachineTemplate* vtmpl, @@ -55,16 +56,12 @@ protected: PoolObjectAuth * ds_perm, PoolObjectAuth * img_perm); + // Check user and group quotas. Do not set failure_response on failure bool quota_resize_authorization( Template * deltas, RequestAttributes& att, PoolObjectAuth& vm_perms); - bool quota_resize_authorization( - int oid, - Template * deltas, - RequestAttributes& att); - int get_host_information( int hid, std::string& name, diff --git a/src/rm/RequestManagerVirtualMachine.cc b/src/rm/RequestManagerVirtualMachine.cc index c798c39689..1afd38319a 100644 --- a/src/rm/RequestManagerVirtualMachine.cc +++ b/src/rm/RequestManagerVirtualMachine.cc @@ -100,32 +100,6 @@ bool RequestManagerVirtualMachine::vm_authorization( /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -bool RequestManagerVirtualMachine::quota_resize_authorization( - int oid, - Template * deltas, - RequestAttributes& att) -{ - PoolObjectAuth vm_perms; - auto vmpool = Nebula::instance().get_vmpool(); - - if (auto vm = vmpool->get_ro(oid)) - { - vm->get_permissions(vm_perms); - } - else - { - att.resp_obj = PoolObjectSQL::VM; - att.resp_id = oid; - failure_response(NO_EXISTS, att); - return false; - } - - return quota_resize_authorization(deltas, att, vm_perms); -} - -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - bool RequestManagerVirtualMachine::quota_resize_authorization( Template * deltas, RequestAttributes& att, @@ -155,8 +129,6 @@ bool RequestManagerVirtualMachine::quota_resize_authorization( att.resp_msg = oss.str(); - failure_response(AUTHORIZATION, att); - return false; } @@ -180,8 +152,6 @@ bool RequestManagerVirtualMachine::quota_resize_authorization( att.resp_msg = oss.str(); - failure_response(AUTHORIZATION, att); - group.reset(); quota_rollback(deltas, Quotas::VM, att_tmp); @@ -1742,7 +1712,7 @@ void VirtualMachineAttach::request_execute( // ------------------------------------------------------------------------- // Check if the VM is a Virtual Router // ------------------------------------------------------------------------- - if ( auto vm = get_vm(id, att) ) + if ( auto vm = pool->get_ro(id) ) { if ( !vm->hasHistory() ) { @@ -1762,6 +1732,11 @@ void VirtualMachineAttach::request_execute( } else { + att.resp_id = id; + att.resp_obj = PoolObjectSQL::VM; + + failure_response(NO_EXISTS, att); + return; } @@ -1789,6 +1764,7 @@ void VirtualMachineAttach::request_execute( { failure_response(ec, att); } + } /* -------------------------------------------------------------------------- */ @@ -1799,17 +1775,35 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id, { Nebula& nd = Nebula::instance(); DispatchManager * dm = nd.get_dm(); + VirtualMachinePool * vmpool = nd.get_vmpool(); PoolObjectAuth vm_perms; - int rc; bool volatile_disk; // ------------------------------------------------------------------------- // Authorize the operation & check quotas // ------------------------------------------------------------------------- - if (vm_authorization(id, 0, &tmpl, att, 0, 0, 0) == false) + if (auto vm = vmpool->get_ro(id)) { + vm->get_permissions(vm_perms); + } + else + { + att.resp_id = id; + att.resp_obj = PoolObjectSQL::VM; + return NO_EXISTS; + } + + AuthRequest ar(att.uid, att.group_ids); + + ar.add_auth(AuthRequest::MANAGE, vm_perms); + + VirtualMachine::set_auth_request(att.uid, ar, &tmpl, true); + + if (UserPool::authorize(ar) == -1) + { + att.resp_msg = ar.message; return AUTHORIZATION; } @@ -1824,14 +1818,14 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id, } } - if ( auto vm = get_vm(id, att) ) + if ( auto vm = vmpool->get(id) ) { - vm->get_permissions(vm_perms); - volatile_disk = set_volatile_disk_info(vm.get(), vm->get_ds_id(), tmpl); } else { + att.resp_id = id; + att.resp_obj = PoolObjectSQL::VM; return NO_EXISTS; } @@ -1842,23 +1836,22 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id, deltas.add("VMS", 0); - if (quota_resize_authorization(id, &deltas, att_quota) == false) + if (quota_resize_authorization(&deltas, att_quota, vm_perms) == false) { + att.resp_msg = std::move(att_quota.resp_msg); return AUTHORIZATION; } if (volatile_disk == false) { - if ( quota_authorization(&tmpl, Quotas::IMAGE, att_quota) == false ) + if ( quota_authorization(&tmpl, Quotas::IMAGE, att_quota, att.resp_msg) == false ) { quota_rollback(&deltas, Quotas::VM, att_quota); return AUTHORIZATION; } } - rc = dm->attach(id, &tmpl, att, att.resp_msg); - - if ( rc != 0 ) + if ( dm->attach(id, &tmpl, att, att.resp_msg) != 0 ) { quota_rollback(&deltas, Quotas::VM, att_quota); @@ -2110,6 +2103,7 @@ void VirtualMachineResize::request_execute(xmlrpc_c::paramList const& paramList, if (quota_resize_authorization(&deltas, att, vm_perms) == false) { + failure_response(AUTHORIZATION, att); return; } @@ -2803,7 +2797,7 @@ void VirtualMachineDiskSnapshotCreate::request_execute( if ( !vm_deltas.empty() ) { - if (!quota_resize_authorization(id, &vm_deltas, vm_att_quota)) + if (!quota_resize_authorization(&vm_deltas, vm_att_quota, vm_perms)) { if ( img_ds_quota ) { @@ -2815,6 +2809,7 @@ void VirtualMachineDiskSnapshotCreate::request_execute( quota_rollback(&ds_deltas, Quotas::DATASTORE, vm_att_quota); } + failure_response(AUTHORIZATION, vm_att_quota); return; } } @@ -3286,7 +3281,7 @@ void VirtualMachineDiskResize::request_execute( if ( !vm_deltas.empty() ) { - if (!quota_resize_authorization(id, &vm_deltas, vm_att_quota)) + if (!quota_resize_authorization(&vm_deltas, vm_att_quota, vm_perms)) { if ( img_ds_quota ) { @@ -3298,6 +3293,7 @@ void VirtualMachineDiskResize::request_execute( quota_rollback(&ds_deltas, Quotas::DATASTORE, vm_att_quota); } + failure_response(AUTHORIZATION, vm_att_quota); return; } }