shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-24 02:03:52 +03:00
Code Releases Wiki Activity

Feature #2570: Improve CLI support for new group functionality

Browse Source
This commit is contained in:
Tino Vazquez 2013-12-20 12:14:44 +01:00
parent 9adf83c7d2
commit eb515a4756
6 changed files with 1082 additions and 481 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
install.sh
View File

@ -524,7 +524,6 @@ INSTALL_CLIENT_FILES=(
CLI_BIN_FILES:$BIN_LOCATION
CLI_LIB_FILES:$LIB_LOCATION/ruby/cli
ONE_CLI_LIB_FILES:$LIB_LOCATION/ruby/cli/one_helper
ETC_CLIENT_FILES:$ETC_LOCATION
OZONES_BIN_CLIENT_FILES:$BIN_LOCATION
OZONES_LIB_CLIENT_CLI_FILES:$LIB_LOCATION/ruby/cli
OZONES_LIB_CLIENT_CLI_HELPER_FILES:$LIB_LOCATION/ruby/cli/ozones_helper
@ -1172,8 +1171,7 @@ ONEDB_MIGRATOR_FILES="src/onedb/2.0_to_2.9.80.rb \
ETC_FILES="share/etc/oned.conf \
share/etc/defaultrc \
src/scheduler/etc/sched.conf \
src/cli/etc/group.default"
src/scheduler/etc/sched.conf"
VMWARE_ETC_FILES="src/vmm_mad/remotes/vmware/vmwarerc"
@ -1492,8 +1490,6 @@ CLI_CONF_FILES="src/cli/etc/onegroup.yaml \
src/cli/etc/onezone.yaml \
src/cli/etc/oneacct.yaml"
ETC_CLIENT_FILES="src/cli/etc/group.default"
#-----------------------------------------------------------------------------
# Sunstone files
#-----------------------------------------------------------------------------

49
src/cli/one_helper/onegroup_helper.rb
View File

@ -36,15 +36,29 @@ class OneGroupHelper < OpenNebulaHelper::OneHelper
puts "ID: #{group.id.to_s}"
end
puts "Creating default ACL rules from #{GROUP_DEFAULT}" if options[:verbose]
puts "Creating default ACL rules: #{GROUP_DEFAULT_ACLS}" if options[:verbose]
exit_code , msg = group.create_acls
exit_code , msg = group.create_default_acls
puts msg
puts msg if msg
exit_code
end
def create_complete_resource(group_hash)
group = factory
exit_code , msg = group.create(group_hash)
puts msg if msg
if OpenNebula.is_error?(exit_code)
puts exit_code.message if exit_code.message
return -1
else
return 0
end
end
def format_pool(options)
config_file = self.class.table_conf
@ -126,6 +140,35 @@ class OneGroupHelper < OpenNebulaHelper::OneHelper
table
end
# Parses a OpenNebula template string and turns it into a Hash
# @param [String] tmpl_str template
# @return [Hash, Zona::Error] Hash or Error
def parse_template(tmpl_str)
name_reg =/[\w\d_-]+/
variable_reg =/\s*(#{name_reg})\s*=\s*/
single_variable_reg =/^#{variable_reg}([^\[]+?)(#.*)?$/
tmpl = Hash.new
tmpl['user'] = Hash.new
tmpl_str.scan(single_variable_reg) do | m |
key = m[0].strip.downcase
value = m[1].strip
case key
when "admin_user_name"
tmpl['user']['name']=value
when "admin_user_password"
tmpl['user']['password']=value
when "admin_user_auth_driver"
tmpl['user']['auth_driver']=value
else
tmpl[key] = value
end
end
return tmpl
end
private
def factory(id=nil)

1180
src/cli/one_helper/onehost_helper.rb
View File

File diff suppressed because it is too large Load Diff

39
src/cli/onegroup
View File

@ -75,11 +75,44 @@ cmd=CommandParser::CmdParser.new(ARGV) do
create_desc = <<-EOT.unindent
Creates a new Group
TODO extend
EOT
command :create, create_desc, :name do
helper.create_resource(options) do |group|
group.allocate(args[0])
command :create, create_desc, [:file, nil], :options =>
OpenNebulaHelper::GROUP_OPTIONS do
if args[0] && !options.empty?
STDERR.puts "You can not use both template file and template"<<
" creation options."
next -1
end
if options && options[:admin_user]
if !options[:admin_passwd]
STDERR.puts "Admin user needs password"
next -1
end
admin_user=Hash.new
admin_user[:name] = options[:admin_user]
admin_user[:password] = options[:admin_passwd]
if options[:admin_driver]
admin_user[:auth_driver] = options[:admin_driver]
end
options[:user] = admin_user
end
if args[0]
helper.create_complete_resource(helper.parse_template(File.open(args[0]).read))
elsif !options.empty?
helper.create_complete_resource(options)
else
helper.create_resource(options) do |group|
group.allocate(args[0])
end
end
end

172
src/oca/ruby/opennebula/group.rb
View File

@ -35,12 +35,8 @@ module OpenNebula
# Flag for requesting connected user's group info
SELF = -1
#Default location for group ACL's
if ENV['ONE_LOCATION']
GROUP_DEFAULT = ENV['ONE_LOCATION'] + "/etc/group.default"
else
GROUP_DEFAULT = "/etc/one/group.default"
end
#Default resource ACL's for group for group ACL's
GROUP_DEFAULT_ACLS = "VM+NET+IMAGE+TEMPLATE"
# Creates a Group description with just its identifier
# this method should be used to create plain Group objects.
@ -64,42 +60,6 @@ module OpenNebula
super(xml,client)
end
#######################################################################
# Group utils
#######################################################################
# Creates ACLs for the group. The ACL rules are described in a file
def create_acls(filename = GROUP_DEFAULT)
if !File.readable?(filename)
return -1, "Cannot read deafult ACL file for group"
end
msg = String.new
File.open(filename).each_line{ |l|
next if l.match(/^#/)
rule = "@#{@pe_id} #{l}"
parse = OpenNebula::Acl.parse_rule(rule)
if OpenNebula.is_error?(parse)
return -1, "Error parsing rule #{rule}: #{parse.message}"
end
xml = OpenNebula::Acl.build_xml
acl = OpenNebula::Acl.new(xml, @client)
rc = acl.allocate(*parse)
if OpenNebula.is_error?(rc)
return -1, "Error creating rule #{rule}: #{rc.message}"
else
msg << "ACL_ID: #{acl.id}\n"
end
}
return 0, msg
end
#######################################################################
# XML-RPC Methods for the Group Object
@ -112,6 +72,107 @@ module OpenNebula
alias_method :info!, :info
def create(group_hash)
group_hash=Hash[group_hash.map{|(k,v)| [k.to_sym,v]}]
if group_hash[:user]
group_hash[:user]=Hash[group_hash[:user].map{|(k,v)|
[k.to_sym,v]}]
end
rc_alloc = self.allocate(group_hash[:name])
if OpenNebula.is_error?(rc_alloc)
return rc_alloc
end
# If we have resource providers, add them
if group_hash[:cluster_ids]
for cid in group_hash[:cluster_ids]
# TODO 0 is zone_id
self.add_provider({"zone_id"=>0, "cluster_id"=>cid.to_i})
end
end
rc, msg = create_default_acls(group_hash[:resources])
if OpenNebula.is_error?(rc)
self.delete
return -1, "Error creating ACL's #{acls}: #{rc.message}"
end
# Create admin group
if group_hash[:admin_group]
admin_group = OpenNebula::Group.new(OpenNebula::Group.build_xml,
@client)
rc_alloc = admin_group.allocate(group_hash[:admin_group])
if OpenNebula.is_error?(rc_alloc)
# Rollback
self.delete
return rc_alloc
end
# Create group admin user
if group_hash[:user] and group_hash[:user][:name] and
group_hash[:user][:password]
user = OpenNebula::User.new(OpenNebula::User.build_xml,
@client)
if !group_hash[:user][:auth_driver]
rc_alloc = user.allocate(group_hash[:user][:name],
group_hash[:user][:password])
else
rc_alloc = user.allocate(group_hash[:user][:name],
group_hash[:user][:password],
group_hash[:user][:auth_driver])
end
if OpenNebula.is_error?(rc_alloc)
# Rollback
admin_group.delete
self.delete
return rc_alloc
end
rc_alloc = user.chgrp(self.id)
if OpenNebula.is_error?(rc_alloc)
# Rollback
user.delete
admin_group.delete
self.delete
return rc_alloc
end
rc_alloc = user.addgroup(admin_group.id)
if OpenNebula.is_error?(rc_alloc)
# Rollback
user.delete
admin_group.delete
self.delete
return rc_alloc
end
# Set ACLs for group admin
acls = Array.new
acls << "@#{admin_group.id} USER/* CREATE"
acls << "@#{admin_group.id} USER/@#{self.id} " \
"USE+MANAGE+ADMIN"
acls << "@#{admin_group.id} " \
"VM+IMAGE+NET+TEMPLATE/@#{self.id} USE+MANAGE"
rc, tmp = create_group_acls(acls)
if OpenNebula.is_error?(rc)
user.delete
admin_group.delete
self.delete
return -1, "Error creating acl rules"
end
end
end
return rc_alloc
end
# Allocates a new Group in OpenNebula
#
# +groupname+ A string containing the name of the Group.
@ -158,6 +219,33 @@ module OpenNebula
return call(GROUP_METHODS[:del_provider], @pe_id, zone_id.to_i, cluster_id.to_i)
end
#######################################################################
# Group utils
#######################################################################
# Creates an acl array of acl strings. Returns true or error and
# a comma-separated list with the new acl ids
def create_group_acls(acls)
acls_ids = Array.new
rc = true
acls.each{|rule|
acl = OpenNebula::Acl.new(OpenNebula::Acl.build_xml,@client)
rc = acl.allocate(*OpenNebula::Acl.parse_rule(rule))
break if OpenNebula.is_error?(rc)
acls_ids << acl.id
}
return rc, acls_ids
end
def create_default_acls(resources=nil)
resources = GROUP_DEFAULT_ACLS if !resources
acls = Array.new
acls << "@#{self.id} #{resources}/* CREATE"
create_group_acls(acls)
end
# ---------------------------------------------------------------------
# Helpers to get information
# ---------------------------------------------------------------------

117
src/sunstone/models/OpenNebulaJSON/GroupJSON.rb
View File

@ -26,103 +26,7 @@ module OpenNebulaJSON
return group_hash
end
rc_alloc = self.allocate(group_hash['name'])
if OpenNebula.is_error?(rc_alloc)
return rc_alloc
end
# If we have resource providers, add them
if group_hash['cluster_ids']
for cid in group_hash['cluster_ids']
# TODO 0 is zone_id
self.add_provider({"zone_id"=>0, "cluster_id"=>cid.to_i})
end
else # No Resource provider
# This rule allows users in the group to deploy VMs
# in any host in the cloud
acls = Array.new
acls << "@#{self.id} HOST/* MANAGE"
rc, tmp = create_group_acls(acls)
if OpenNebula.is_error?(rc)
self.delete
return -1, "Error creating rule #{rule}: #{rc.message}"
end
end
# Set default ACLs for group
rc_acl, msg = self.create_acls
if rc_acl == -1
self.delete
return rc_acl
end
# Create admin group
if group_hash['admin_group']
admin_group = OpenNebula::Group.new(OpenNebula::Group.build_xml,
@client)
rc_alloc = admin_group.allocate(group_hash['admin_group'])
if OpenNebula.is_error?(rc_alloc)
# Rollback
self.delete
return rc_alloc
end
# Create group admin user
if group_hash['user'] and group_hash['user']['name'] and
group_hash['user']['password']
user = OpenNebula::User.new(OpenNebula::User.build_xml,
@client)
rc_alloc = user.allocate(group_hash['user']['name'],
group_hash['user']['password'],
group_hash['user']['auth_driver'])
if OpenNebula.is_error?(rc_alloc)
# Rollback
admin_group.delete
self.delete
return rc_alloc
end
rc_alloc = user.chgrp(self.id)
if OpenNebula.is_error?(rc_alloc)
# Rollback
user.delete
admin_group.delete
self.delete
return rc_alloc
end
rc_alloc = user.addgroup(admin_group.id)
if OpenNebula.is_error?(rc_alloc)
# Rollback
user.delete
admin_group.delete
self.delete
return rc_alloc
end
# Set ACLs for group admin
acls = Array.new
acls << "@#{admin_group.id} USER/* CREATE"
acls << "@#{admin_group.id} USER/@#{self.id} " \
"USE+MANAGE+ADMIN"
acls << "@#{admin_group.id} " \
"VM+IMAGE+TEMPLATE/@#{self.id} USE+MANAGE"
rc, tmp = create_group_acls(acls)
if OpenNebula.is_error?(rc)
self.delete
return -1, "Error creating acl rules"
end
end
end
return rc_alloc
super(group_hash)
end
def perform_action(template_json)
@ -160,24 +64,5 @@ module OpenNebulaJSON
def del_provider(params=Hash.new)
super(params['zone_id'].to_i, params['cluster_id'].to_i)
end
# Creates an acl array of acl strings. Returns true or error and
# a comma-separated list with the new acl ids
def create_group_acls(acls)
`echo "ACLS #{acls}" >> /tmp/uu`
acls_ids = Array.new
rc = true
acls.each{|rule|
acl = OpenNebula::Acl.new(OpenNebula::Acl.build_xml,@client)
rc = acl.allocate(*OpenNebula::Acl.parse_rule(rule))
break if OpenNebula.is_error?(rc)
acls_ids << acl.id
}
return rc, acls_ids
end
end
end