aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_orchestrator
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/moon_orchestrator')
-rw-r--r--moonv4/moon_orchestrator/Dockerfile11
-rw-r--r--moonv4/moon_orchestrator/conf/moon.conf167
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/api/configuration.py4
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/api/containers.py61
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/api/slaves.py2
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/dockers.py192
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/messenger.py35
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/scoper.py40
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/security_function.py56
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/security_interface.py45
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/security_manager.py56
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/security_policy.py56
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/security_router.py52
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/server.py152
14 files changed, 203 insertions, 726 deletions
diff --git a/moonv4/moon_orchestrator/Dockerfile b/moonv4/moon_orchestrator/Dockerfile
new file mode 100644
index 00000000..9c1b4662
--- /dev/null
+++ b/moonv4/moon_orchestrator/Dockerfile
@@ -0,0 +1,11 @@
+FROM debian:latest
+
+RUN apt update && apt install python3.5 python3-pip -y
+RUN pip3 install moon_utilities moon_db pip --upgrade
+
+ADD . /root
+WORKDIR /root/
+RUN pip3 install -r requirements.txt
+RUN pip3 install .
+
+CMD ["python3", "-m", "moon_orchestrator"] \ No newline at end of file
diff --git a/moonv4/moon_orchestrator/conf/moon.conf b/moonv4/moon_orchestrator/conf/moon.conf
index c0d1d14c..af059c28 100644
--- a/moonv4/moon_orchestrator/conf/moon.conf
+++ b/moonv4/moon_orchestrator/conf/moon.conf
@@ -1,87 +1,82 @@
-[DEFAULT]
-# proxy URL
-#proxy=http://172.28.16.30:3128
-proxy=
-transport_url=rabbit://moon:p4sswOrd1@messenger:5672/moon
-#transport_url=rabbit://moon:p4sswOrd@localhost:5672/moon
+database:
+ url: mysql+pymysql://moon:p4sswOrd1@db/moon
+ driver: sql
+
+messenger:
+ url: rabbit://moon:p4sswOrd1@messenger:5672/moon
+
+docker:
+ url: tcp://172.88.88.1:2376
+ network: moon
+
+slave:
+ name:
+ master:
+ url:
+ login:
+ password:
+
+openstack:
+ keystone:
+ url: http://keystone:5000/v3
+ user: admin
+ password: p4ssw0rd
+ domain: default
+ project: admin
+ check_token: false
+ certificate: false
+
+plugins:
+ authz: wukongsun/moon_authz:v4.1_dev
+ session: asteroide/session:latest
+
+components:
+ interface:
+ port: 8081
+ hostname: interface
+ bind: 0.0.0.0
+ container: wukongsun/moon_interface:v4.1_dev
+ router:
+ container: wukongsun/moon_router:v4.1_dev
+ hostname: router
+ manager:
+ container: wukongsun/moon_manager:v4.1_dev
+ hostname: manager
+ orchestrator:
+ container: wukongsun/moon_orchestrator:v4.1_dev
+ hostname: orchestrator
+ port_start: 38001
+
+logging:
+ version: 1
+
+ formatters:
+ brief:
+ format: "%(levelname)s %(name)s %(message)-30s"
+ custom:
+ format: "%(asctime)-15s %(levelname)s %(name)s %(message)s"
+
+ handlers:
+ console:
+ class : logging.StreamHandler
+ formatter: brief
+ level : INFO
+ stream : ext://sys.stdout
+ file:
+ class : logging.handlers.RotatingFileHandler
+ formatter: custom
+ level : DEBUG
+ filename: /tmp/moon.log
+ maxBytes: 1048576
+ backupCount: 3
+
+ loggers:
+ moon:
+ level: DEBUG
+ handlers: [console, file]
+ propagate: no
+
+ root:
+ level: ERROR
+ handlers: [console]
-debug=True
-
-# directory where the python packages can be found
-dist_dir=/home/vdsq3226/projets/opnfv/moonv4/moon_orchestrator/dist
-plugin_dir=/etc/moon/plugins
-
-docker_url=unix://var/run/docker.sock
-
-root_policy_directory=policy_root
-policy_directory=/etc/moon/policies
-
-[slave]
-
-# name of the slave
-# example slave_name=slave1
-slave_name=
-
-# URL of the RabbitMQ bus of the Master
-# example: master_url=rabbit://moon:p4sswOrd1@master_messenger:5672/moon
-master_url=
-
-# login name of the master administrator
-# example: master_login=admin
-master_login=
-
-# password of the master administrator
-# example: master_password=p4ssw0rd
-master_password=
-
-[database]
-
-# Database for that server (may be different from master to slave)
-url=mysql+pymysql://moon:p4sswOrd1@db/moon
-driver=sql
-
-[database_configuration]
-
-# Database for configuration elements (may be different from master to slave)
-driver=memory
-url=
-
-[orchestrator]
-host=127.0.0.1
-port=38002
-container=
-
-[security_router]
-host=172.18.0.10
-
-# Name of the container to download (if empty build from scratch)
-# example: container=moon/moon_secrouter:latest
-container=
-
-[security_manager]
-host=172.18.0.10
-
-# Name of the container to download (if empty build from scratch)
-# example: container=moon/moon_manager:latest
-container=
-
-[interface]
-host=172.18.0.11
-port=38001
-# Name of the container to download (if empty build from scratch)
-# example: container=moon/moon_interface:latest
-container=
-
-[security_function]
-# Name of the container to download (if empty build from scratch)
-# example: container=moon/moon_secfunction:latest
-container=
-
-[keystone]
-url=http://keystone:5000/v3
-user=admin
-password=p4ssw0rd
-domain=default
-project=admin
-check_token=False
-server_crt=False
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/api/configuration.py b/moonv4/moon_orchestrator/moon_orchestrator/api/configuration.py
index 36c1f60d..887a989b 100644
--- a/moonv4/moon_orchestrator/moon_orchestrator/api/configuration.py
+++ b/moonv4/moon_orchestrator/moon_orchestrator/api/configuration.py
@@ -6,10 +6,10 @@
import json
from oslo_config import cfg
from oslo_log import log as logging
-from moon_db.core import IntraExtensionRootManager
+# from moon_db.core import IntraExtensionRootManager
from moon_db.core import ConfigurationManager
-LOG = logging.getLogger(__name__)
+LOG = logging.getLogger("moon.orchestrator.api.configuration")
CONF = cfg.CONF
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/api/containers.py b/moonv4/moon_orchestrator/moon_orchestrator/api/containers.py
index 2ed5b266..23acea5f 100644
--- a/moonv4/moon_orchestrator/moon_orchestrator/api/containers.py
+++ b/moonv4/moon_orchestrator/moon_orchestrator/api/containers.py
@@ -10,7 +10,7 @@ from oslo_log import log as logging
# from moon_db.core import ConfigurationManager
from moon_utilities.security_functions import call
-LOG = logging.getLogger(__name__)
+LOG = logging.getLogger("moon.orchestrator.api.containers")
CONF = cfg.CONF
@@ -28,38 +28,18 @@ class Containers(object):
ctx={"user_id": "admin", "id": None})["pdps"].items():
self.add_container(ctx={"id": pdp_key, "pipeline": pdp_value["security_pipeline"]})
- # for _ext_id, _ext_value in self.__get_pdp({"user_id": "admin"}, None)["intra_extensions"].items():
- # self.docker_manager.load(component="policy", uuid=_ext_id)
- # # FIXME (asteroide): there may be other security_function here (delegation, ...)
- # LOG.info("ADDING Containers {}".format(_ext_value))
- # self.docker_manager.load(component="function", uuid="{}_{}_{}".format("authz", "rbac_rule", _ext_id))
-
- # def __get_pdp(self, ctx, args=None):
- # """Get information about all pdp
- #
- # :param ctx: {
- # "user_id": "uuid of a user",
- # "id": "uuid of a tenant or an intra_extension"
- # }
- # :param args: {}
- # :return: {
- # "intra_extension_id": {
- # "name": "name of the intra extension",
- # "model": "model of the intra extension",
- # "genre": "genre of the intra extension",
- # "description": "description of the intra-extension"
- # }
- # }
- # """
- # # TODO (asteroide): check if ctx["id"] is a tenant UUID or an intra_extension UUID.
- # _ext = IntraExtensionRootManager.get_intra_extensions_dict(ctx["user_id"])
- # if ctx and "id" in ctx and ctx["id"]:
- # if ctx["id"] in _ext:
- # return {"pdp": {ctx["id"]: _ext[ctx["id"]]}}
- # return {"error": "No pdp with id {}".format(ctx["id"])}
- # return {"pdp": _ext}
-
def get_container(self, ctx, args=None):
+ """Get containers linked to an intra-extension
+
+ :param ctx: {
+ "id": "intra_extension_uuid",
+ "keystone_project_id": "Keystone Project UUID"
+ }
+ :param args: {}
+ :return: {
+ "containers": {...},
+ }
+ """
uuid = ctx.get("id")
keystone_project_id = ctx.get("keystone_project_id")
# _containers = self.docker_manager.get_component(uuid=uuid)
@@ -75,7 +55,7 @@ class Containers(object):
return {"containers": self.components}
def add_container(self, ctx, args=None):
- """Add containers linked to an intra-extension
+ """Add containers
:param ctx: {"id": "intra_extension_uuid"}
:param args: {}
@@ -103,8 +83,10 @@ class Containers(object):
for meta_rule in models[policy_value['model_id']]['meta_rules']:
genre = policy_value['genre']
pre_container_id = "pdp:{}_metarule:{}_project:{}".format(ctx["id"], meta_rule, keystone_project_id)
+ container_data = {"pdp": ctx["id"], "metarule": meta_rule, "project": keystone_project_id}
policy_component = self.docker_manager.load(component=genre,
- uuid=pre_container_id)
+ uuid=pre_container_id,
+ container_data=container_data)
self.components[ctx["id"]].append({
"meta_rule_id": meta_rule,
"genre": policy_value['genre'],
@@ -112,17 +94,6 @@ class Containers(object):
"container_id": policy_value['genre']+"_"+hashlib.sha224(pre_container_id.encode("utf-8")).hexdigest()
})
return {"containers": self.components[ctx["id"]]}
- # function_components = []
- # for pdp in ctx['pdp_pipeline']:
- # key, value = pdp.split(":")
- # LOG.info("add_container {}:{}".format(key, value))
- # function_components.append(self.docker_manager.load(component="function",
- # uuid="{}_{}_{}".format(key, value, ctx["id"])))
- # containers = dict()
- # containers[policy_component.id] = policy_component.get_status()
- # for component in function_components:
- # containers[component.id] = component.get_status()
- # return {"containers": containers}
def delete_container(self, ctx, args=None):
"""Delete a container
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/api/slaves.py b/moonv4/moon_orchestrator/moon_orchestrator/api/slaves.py
index 9142a830..3a16fea1 100644
--- a/moonv4/moon_orchestrator/moon_orchestrator/api/slaves.py
+++ b/moonv4/moon_orchestrator/moon_orchestrator/api/slaves.py
@@ -7,7 +7,7 @@ from oslo_config import cfg
from oslo_log import log as logging
from uuid import uuid4
-LOG = logging.getLogger(__name__)
+LOG = logging.getLogger("moon.orchestrator.api.slaves")
CONF = cfg.CONF
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/dockers.py b/moonv4/moon_orchestrator/moon_orchestrator/dockers.py
deleted file mode 100644
index 3a754ea3..00000000
--- a/moonv4/moon_orchestrator/moon_orchestrator/dockers.py
+++ /dev/null
@@ -1,192 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import json
-import glob
-import uuid
-import shutil
-import errno
-from uuid import uuid4
-from oslo_config import cfg
-from oslo_log import log as logging
-from jinja2 import FileSystemLoader, Environment
-from moon_utilities.options import get_docker_template_dir
-
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-DOMAIN = "moon_orchestrator"
-
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-TEMPLATES_FOLDER = get_docker_template_dir()
-
-
-class DockerBase:
-
- docker = None
- image_id = None
- tag = 'moon/component'
- tmp_dir = os.path.join("/tmp", uuid.uuid4().hex)
- name = ""
- __build = """RUN mkdir -p /etc/moon/
-COPY conf /etc/moon/
-ADD dist/{py_pkg}.tar.gz /root
-WORKDIR /root/{py_pkg}
-RUN pip3 install --upgrade -r requirements.txt
-RUN pip3 install --upgrade .
-"""
-
- def __init__(self,
- name,
- run_cmd,
- host=None,
- build_cmd=None,
- conf_file="",
- id=None,
- docker=None,
- network_config=None,
- tag="",
- port=None
- ):
- self.conf_file = conf_file
- self.docker = docker
- self.network_config = network_config
- self.name = name
- self.id = id if id else name + "_" + uuid4().hex
- self.tag = "moon/{}".format(name)
- self.build_cmd = build_cmd if build_cmd else self.__build
- self.run_cmd = run_cmd
- self.host = host
- self.docker_id = id
- self.port = port
- containers = self.docker.containers()
- if self.id not in map(lambda x: x['Id'], containers):
- self.create_container(tag)
- self.run_docker()
- else:
- LOG.info("Component {} already running...".format(name))
-
- def create_container(self, container=None):
- if not container:
- proxy = CONF.proxy
- if CONF.proxy:
- proxy = "ENV http_proxy {0}\nENV https_proxy {0}\n".format(CONF.proxy)
- run = self.build_cmd.format(
- py_pkg=self.__get_last_version_of_pkg(self.name).replace(".tar.gz", "").replace("dist/", ""),
- port=self.port
- )
- docker_str = self.__get_template().render(run=run, cmd=self.run_cmd, proxy=proxy)
- self.__create_tmp_dir(docker_str)
- self.create_docker(docker_str)
- else:
- self.tag = container
-
- def __create_tmp_dir(self, docker_str):
- try:
- os.mkdir(self.tmp_dir)
- except OSError as e:
- LOG.warning("Problem when creating temporary directory ({})".format(e))
-
- try:
- os.mkdir(os.path.join(self.tmp_dir, "dist"))
- except OSError as e:
- LOG.warning("Problem when creating temporary directory ({})".format(e))
- for _file in glob.glob("{}/*".format(CONF.dist_dir)):
- LOG.info("Copying {}".format(_file))
- shutil.copy(_file, os.path.join(self.tmp_dir, "dist"))
-
- try:
- # TODO: check the symbol link
- shutil.copytree(os.path.dirname(self.conf_file), os.path.join(self.tmp_dir, "conf"))
- except OSError as exc:
- if exc.errno == errno.ENOTDIR:
- shutil.copy(os.path.dirname(self.conf_file), os.path.join(self.tmp_dir, "conf"))
- elif exc.errno == errno.EEXIST:
- pass
- else:
- LOG.info("exc.errno = {}".format(exc.errno))
- raise
-
- open("{}/Dockerfile".format(self.tmp_dir), "w").write(docker_str)
-
- def __get_docker_network(self, name="moon"):
- if self.host:
- return self.docker.create_networking_config({
- name: self.docker.create_endpoint_config(
- aliases=[self.id, ],
- ipv4_address=self.host,
- )
- })
- else:
- return self.docker.create_networking_config({
- name: self.docker.create_endpoint_config(
- aliases=[self.id, ]
- )
- })
-
- @staticmethod
- def __get_last_version_of_pkg(name):
- files = []
- for filename in glob.glob("{}/{}*".format(CONF.dist_dir, name)):
- files.append(filename)
- files.sort()
- try:
- return os.path.basename(files[-1])
- except Exception as e:
- LOG.error("__get_last_version_of_pkg {}/{}*".format(CONF.dist_dir, name))
- raise e
-
- def run_docker(self):
- LOG.info("run_docker hostname={}".format(self.id.replace("_", "-")))
- if self.port:
- host_config = self.docker.create_host_config(port_bindings={
- self.port: self.port
- })
- else:
- host_config = self.docker.create_host_config()
-
- output = self.docker.create_container(image=self.tag,
- command=list(self.run_cmd),
- hostname=str(self.id.replace("_", "-"))[:63],
- name=str(self.id),
- networking_config=self.__get_docker_network(),
- host_config=host_config
- )
- container_data = self.docker.inspect_container(output['Id'])
- name = container_data["Name"]
- LOG.info("Running container {} with ID {}".format(self.tag, output))
- LOG.info("output id = {}".format(output['Id']))
- self.docker.start(container=output['Id'])
- LOG.info("Running container output {}".format(self.docker.logs(
- container=name,
- # stdout=True,
- # stderr=True
- ).decode("utf-8")))
- self.name = name
- self.docker_id = output['Id']
-
- def create_docker(self, docker_str):
- # f = BytesIO(docker_str.encode('utf-8'))
- LOG.info("Building {}".format(self.tmp_dir))
- # TODO (dthom): halt on built errors (or emit a log)
- _output = self.docker.build(path=self.tmp_dir, rm=True, tag=self.tag)
- # _output = self.cli.build(fileobj=f, rm=True, tag=self.tag, stream=True)
- for line in _output:
- jline = json.loads(line.decode("utf-8"))
- if "stream" in jline:
- LOG.info("\033[33m" + jline["stream"].strip() + "\033[m")
- else:
- LOG.info("\033[33m" + str(jline).strip() + "\033[m")
- else:
- LOG.debug(_output)
- LOG.info("tag = {}".format(self.tag))
- LOG.info("images = {}".format(self.docker.images(name=self.tag)))
- self.image_id = self.docker.images(name=self.tag)[0]['Id']
-
- @staticmethod
- def __get_template(filename="template.dockerfile"):
- simple_loader = FileSystemLoader(TEMPLATES_FOLDER)
- env = Environment(loader=simple_loader)
- return env.get_template(filename)
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/messenger.py b/moonv4/moon_orchestrator/moon_orchestrator/messenger.py
index 6b54255f..2b7b3866 100644
--- a/moonv4/moon_orchestrator/moon_orchestrator/messenger.py
+++ b/moonv4/moon_orchestrator/moon_orchestrator/messenger.py
@@ -3,28 +3,26 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-from oslo_config import cfg
import oslo_messaging
from oslo_log import log as logging
import time
from moon_utilities.api import APIList
-from moon_utilities.security_functions import call
-from moon_utilities.exceptions import RootPDPNotInitialized
+from moon_utilities import configuration
from oslo_config import cfg
from moon_orchestrator.api.generic import Status, Logs
-# from moon_orchestrator.api.configuration import Configuration
from moon_orchestrator.api.containers import Containers
from moon_orchestrator.api.slaves import Slaves
TOPIC = "orchestrator"
-LOG = logging.getLogger(__name__)
+LOG = logging.getLogger("moon.orchestrator.messenger")
CONF = cfg.CONF
class Server:
def __init__(self, containers, docker_manager, slaves):
+ cfg.CONF.transport_url = self.__get_transport_url()
self.CONTAINERS = containers
self.transport = oslo_messaging.get_transport(cfg.CONF)
self.target = oslo_messaging.Target(topic=TOPIC, server='server1')
@@ -37,39 +35,20 @@ class Server:
Status(),
Logs(),
Containers(self.docker_manager),
- # Configuration(),
Slaves(slaves)
]
self.server = oslo_messaging.get_rpc_server(self.transport, self.target, self.endpoints,
executor='threading',
access_policy=oslo_messaging.DefaultRPCAccessPolicy)
- # @staticmethod
- # def __check_root_pdp():
- # root_exist = False
- # for key, value in call("manager", ctx={"user_id": "admin"},
- # method="get_pdp", args={})["pdp"].items():
- # if value["name"] == CONF.root_policy_directory:
- # root_exist = True
- # if not root_exist:
- # ie = call("manager", ctx={"user_id": "admin"}, method="add_pdp",
- # args={
- # "name": "policy_root",
- # "model": CONF.root_policy_directory,
- # "genre": "admin",
- # "description": "policy_root"
- # })
- # if "result" in ie and not ie["result"]:
- # raise RootPDPNotInitialized
+ @staticmethod
+ def __get_transport_url():
+ messenger = configuration.get_configuration(configuration.MESSENGER)["messenger"]
+ return messenger['url']
def run(self):
try:
self.server.start()
- # try:
- # raise NotImplementedError
- # # self.__check_root_pdp()
- # except Exception as e:
- # LOG.error("Exception occurred when creating Root PDP: {}".format(e))
while True:
time.sleep(1)
except KeyboardInterrupt:
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/scoper.py b/moonv4/moon_orchestrator/moon_orchestrator/scoper.py
deleted file mode 100644
index ebfb12f8..00000000
--- a/moonv4/moon_orchestrator/moon_orchestrator/scoper.py
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-from oslo_config import cfg
-from oslo_log import log as logging
-import oslo_messaging
-from moon_orchestrator.dockers import DockerBase
-
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-DOMAIN = "moon_orchestrator"
-
-
-class Scoper(DockerBase):
-
- id = "moon_scoper"
-
- def __init__(self, conf_file="", docker=None, network_config=None):
- super(Scoper, self).__init__(
- name="moon_scoper",
- id=self.id,
- run_cmd=["python3", "-m", "moon_scoper"],
- host=CONF.scoper.host,
- conf_file=conf_file,
- docker=docker,
- network_config=network_config,
- tag=CONF.scoper.container
- )
-
- @staticmethod
- def get_status():
- transport = oslo_messaging.get_transport(CONF)
- target = oslo_messaging.Target(topic='scoper', version='1.0')
- client = oslo_messaging.RPCClient(transport, target)
- LOG.info("Calling Status on scoper component...")
- ret = client.call({"component_id": "scoper"}, 'get_status', args=None)
- LOG.info(ret)
- return ret
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/security_function.py b/moonv4/moon_orchestrator/moon_orchestrator/security_function.py
deleted file mode 100644
index 1b33ef60..00000000
--- a/moonv4/moon_orchestrator/moon_orchestrator/security_function.py
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import time
-from oslo_config import cfg
-from oslo_log import log as logging
-import oslo_messaging
-from moon_orchestrator.dockers import DockerBase
-
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-DOMAIN = "moon_orchestrator"
-
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-# TODO (dthom): select the right template folder
-TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers")
-
-
-class SecurityFunction(DockerBase):
-
- id = "moon_function"
- __build = """RUN mkdir -p /etc/moon/
-COPY conf /etc/moon/
-ADD dist/{py_pkg}.tar.gz /root
-WORKDIR /root/{py_pkg}
-RUN pip3 install -r requirements.txt
-RUN pip3 install .
-"""
-
- def __init__(self, intra_extension_id, conf_file="", docker=None, network_config=None):
- self.id = "moon_pdp_{}".format(intra_extension_id)
- super(SecurityFunction, self).__init__(
- name="moon_secfunction",
- run_cmd=["python3", "-m", "moon_secfunction", intra_extension_id],
- conf_file=conf_file,
- docker=docker,
- network_config=network_config,
- build_cmd=self.__build,
- id=self.id,
- tag=CONF.security_function.container
- )
- # note(asteroide): time to let the new docker boot
- time.sleep(3)
- self.get_status()
-
- def get_status(self):
- transport = oslo_messaging.get_transport(CONF)
- target = oslo_messaging.Target(topic=self.id, version='1.0')
- client = oslo_messaging.RPCClient(transport, target)
- LOG.info("Calling Status on {}".format(self.id))
- ret = client.call({"component_id": self.id}, 'get_status', args=None)
- LOG.info(ret)
- return ret
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/security_interface.py b/moonv4/moon_orchestrator/moon_orchestrator/security_interface.py
deleted file mode 100644
index 656c4340..00000000
--- a/moonv4/moon_orchestrator/moon_orchestrator/security_interface.py
+++ /dev/null
@@ -1,45 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-from oslo_config import cfg
-from oslo_log import log as logging
-from moon_orchestrator.dockers import DockerBase
-
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-DOMAIN = "moon_orchestrator"
-
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-# TODO (dthom): select the right template folder
-TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers")
-
-
-class SecurityInterface(DockerBase):
-
- id = "moon_interface"
- __build = """RUN mkdir -p /etc/moon/
- COPY conf /etc/moon/
- ADD dist/{py_pkg}.tar.gz /root
- WORKDIR /root/{py_pkg}
- RUN pip3 install -r requirements.txt
- RUN pip3 install .
- EXPOSE {port}
- """
-
- def __init__(self, conf_file="", docker=None, network_config=None):
- super(SecurityInterface, self).__init__(
- name="moon_interface",
- id=self.id,
- run_cmd=["python3", "-m", "moon_interface"],
- host=CONF.interface.host,
- conf_file=conf_file,
- docker=docker,
- network_config=network_config,
- tag=CONF.interface.container,
- build_cmd=self.__build,
- port=CONF.interface.port
- )
-
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/security_manager.py b/moonv4/moon_orchestrator/moon_orchestrator/security_manager.py
deleted file mode 100644
index c7dc4c63..00000000
--- a/moonv4/moon_orchestrator/moon_orchestrator/security_manager.py
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import time
-from oslo_config import cfg
-from oslo_log import log as logging
-import oslo_messaging
-from moon_orchestrator.dockers import DockerBase
-
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-DOMAIN = "moon_orchestrator"
-
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-# TODO (dthom): select the right template folder
-TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers")
-
-
-class SecurityManager(DockerBase):
-
- id = "moon_manager"
- __build = """RUN mkdir -p /etc/moon/
-COPY conf /etc/moon/
-ADD dist/{py_pkg}.tar.gz /root
-WORKDIR /root/{py_pkg}
-RUN pip3 install -r requirements.txt
-RUN pip3 install .
-"""
-
- def __init__(self, conf_file="", docker=None, network_config=None):
- self.id = "moon_manager"
- super(SecurityManager, self).__init__(
- name="moon_manager",
- run_cmd=["python3", "-m", "moon_manager"],
- conf_file=conf_file,
- docker=docker,
- network_config=network_config,
- build_cmd=self.__build,
- id=self.id,
- tag=CONF.security_manager.container
- )
- # note(asteroide): time to let the new docker boot
- time.sleep(3)
- self.get_status()
-
- def get_status(self):
- transport = oslo_messaging.get_transport(CONF)
- target = oslo_messaging.Target(topic=self.id, version='1.0')
- client = oslo_messaging.RPCClient(transport, target)
- LOG.info("Calling Status on {}".format(self.id))
- ret = client.call({"component_id": self.id}, 'get_status', args=None)
- LOG.info(ret)
- return ret
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/security_policy.py b/moonv4/moon_orchestrator/moon_orchestrator/security_policy.py
deleted file mode 100644
index 5cb1d51c..00000000
--- a/moonv4/moon_orchestrator/moon_orchestrator/security_policy.py
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import time
-from oslo_config import cfg
-from oslo_log import log as logging
-import oslo_messaging
-from moon_orchestrator.dockers import DockerBase
-
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-DOMAIN = "moon_orchestrator"
-
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-# TODO (dthom): select the right template folder
-TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers")
-
-
-class SecurityPolicy(DockerBase):
-
- id = "moon_secpolicy"
- __build = """RUN mkdir -p /etc/moon/
-COPY conf /etc/moon/
-ADD dist/{py_pkg}.tar.gz /root
-WORKDIR /root/{py_pkg}
-RUN pip3 install -r requirements.txt
-RUN pip3 install .
-"""
-
- def __init__(self, intra_extension_id, conf_file="", docker=None, network_config=None):
- self.id = "moon_secpolicy" + intra_extension_id
- super(SecurityPolicy, self).__init__(
- name="moon_secpolicy",
- run_cmd=["python3", "-m", "moon_secpolicy", intra_extension_id],
- conf_file=conf_file,
- docker=docker,
- network_config=network_config,
- build_cmd=self.__build,
- id="moon_secpolicy_{}".format(intra_extension_id),
- tag=CONF.security_policy.container
- )
- # note(asteroide): time to let the new docker boot
- time.sleep(3)
- self.get_status()
-
- def get_status(self):
- transport = oslo_messaging.get_transport(CONF)
- target = oslo_messaging.Target(topic=self.id, version='1.0')
- client = oslo_messaging.RPCClient(transport, target)
- LOG.info("Calling Status on {}".format(self.id))
- ret = client.call({"component_id": self.id}, 'get_status', args=None)
- LOG.info(ret)
- return ret
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/security_router.py b/moonv4/moon_orchestrator/moon_orchestrator/security_router.py
deleted file mode 100644
index 290ab111..00000000
--- a/moonv4/moon_orchestrator/moon_orchestrator/security_router.py
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import json
-import glob
-import uuid
-import shutil
-from oslo_config import cfg
-from oslo_log import log as logging
-import oslo_messaging
-from io import BytesIO
-from docker import Client
-from jinja2 import FileSystemLoader, Environment
-from moon_orchestrator.dockers import DockerBase
-
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-DOMAIN = "moon_orchestrator"
-
-__CWD__ = os.path.dirname(os.path.abspath(__file__))
-# TODO (dthom): select the right template folder
-TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers")
-
-
-class SecurityRouter(DockerBase):
-
- id = "moon_router"
-
- def __init__(self, conf_file="", docker=None, network_config=None):
- super(SecurityRouter, self).__init__(
- name="moon_secrouter",
- id=self.id,
- run_cmd=["python3", "-m", "moon_secrouter"],
- host=CONF.security_router.host,
- conf_file=conf_file,
- docker=docker,
- network_config=network_config,
- tag=CONF.security_router.container
- )
-
- @staticmethod
- def get_status():
- transport = oslo_messaging.get_transport(CONF)
- target = oslo_messaging.Target(topic='security_router', version='1.0')
- client = oslo_messaging.RPCClient(transport, target)
- LOG.info("Calling Status on security_server...")
- ret = client.call({"component_id": "security_router"}, 'get_status', args=None)
- LOG.info(ret)
- return ret
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/server.py b/moonv4/moon_orchestrator/moon_orchestrator/server.py
index c5a7d79b..170e541d 100644
--- a/moonv4/moon_orchestrator/moon_orchestrator/server.py
+++ b/moonv4/moon_orchestrator/moon_orchestrator/server.py
@@ -5,56 +5,31 @@
import sys
import os
-import signal
import hashlib
-from oslo_config import cfg
from oslo_log import log as logging
-import oslo_messaging
from docker import Client
import docker.errors as docker_errors
-from importlib.machinery import SourceFileLoader
-from moon_utilities import options
-from moon_orchestrator.security_router import SecurityRouter
-from moon_orchestrator.security_interface import SecurityInterface
-from moon_orchestrator.security_manager import SecurityManager
-from moon_orchestrator.security_function import SecurityFunction
-# from moon_orchestrator.security_policy import SecurityPolicy
-# from moon_orchestrator.security_function import SecurityFunction
+from moon_utilities import configuration, exceptions
from moon_orchestrator import messenger
-LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
+
+LOG = logging.getLogger("moon.orchestrator")
CONTAINERS = {}
SLAVES = {}
-docker = Client(base_url=CONF.docker_url)
+docker_conf = configuration.get_configuration("docker")['docker']
+docker = Client(base_url=docker_conf['url'])
+LOG.info("docker_url={}".format(docker_conf['url']))
+docker_network = docker_conf['network']
def kill_handler(signum, frame):
_exit(0)
-def create_docker_network(name="moon"):
-
- return docker.create_networking_config({
- name: docker.create_endpoint_config(),
- 'aliases': ['orchestrator', ]
- })
-
-
-def load_plugin(plugname):
- try:
- m = SourceFileLoader("scenario", os.path.join(CONF.plugin_dir, plugname+".py"))
- return m.load_module()
- except ImportError as e:
- LOG.error("Error in importing plugin {}".format(plugname))
- LOG.error("{}".format(e))
-
-
class DockerManager:
- @staticmethod
- def load(component, uuid):
+ def load(self, component, uuid=None, container_data=None):
"""Load a new docker mapping the component given
:param component: the name of the component (policy or function)
@@ -62,12 +37,77 @@ class DockerManager:
:return: the created component
"""
component_id = component+"_"+hashlib.sha224(uuid.encode("utf-8")).hexdigest()
- if component_id not in CONTAINERS:
- plug = load_plugin(component)
- LOG.info("Creating {} with id {}".format(component, uuid))
- component = plug.run(uuid, options.filename, docker=docker, network_config=create_docker_network())
- CONTAINERS[component_id] = component
- return component
+ plugins = configuration.get_plugins()
+ if component in plugins.keys():
+ components = configuration.get_components()
+ configuration.add_component(
+ name=component_id,
+ uuid=component_id,
+ port=configuration.increment_port(),
+ bind="0.0.0.0",
+ extra=container_data,
+ container=plugins[component]['container']
+ )
+ _command = plugins[component]['command']
+ try:
+ _index = _command.index("<UUID>")
+ _command[_index] = component_id
+ except ValueError:
+ pass
+ self.run(component_id, environment={"UUID": component_id})
+ CONTAINERS[component_id] = components.get(component_id)
+ CONTAINERS[component_id]["running"] = True
+ return CONTAINERS[component_id]
+
+ def load_all_containers(self):
+ LOG.info("Try to load all containers...")
+ current_containers = [item["Names"][0] for item in docker.containers()]
+ components = configuration.get_components()
+ containers_not_running = []
+ for c_name in (
+ '/keystone',
+ '/consul',
+ '/db',
+ '/messenger'
+ ):
+ if c_name not in current_containers:
+ containers_not_running.append(c_name)
+ if containers_not_running:
+ raise exceptions.ContainerMissing(
+ "Following containers are missing: {}".format(", ".join(containers_not_running)))
+ for c_name in (
+ '/interface',
+ '/manager',
+ '/router'):
+ if c_name not in current_containers:
+ LOG.info("Starting container {}...".format(c_name))
+ self.run(c_name.strip("/"))
+ else:
+ LOG.info("Container {} already running...".format(c_name))
+ CONTAINERS[c_name] = components.get(c_name.strip("/"))
+ CONTAINERS[c_name]["running"] = True
+
+ def run(self, name, environment=None):
+ components = configuration.get_components()
+ if name in components:
+ image = components[name]['container']
+ params = {
+ 'image': image,
+ 'name': name,
+ 'hostname': name,
+ 'detach': True,
+ 'host_config': docker.create_host_config(network_mode=docker_network)
+ }
+ if 'port' in components[name] and components[name]['port']:
+ params["ports"] = [components[name]['port'], ]
+ params["host_config"] = docker.create_host_config(
+ network_mode=docker_network,
+ port_bindings={components[name]['port']: components[name]['port']}
+ )
+ if environment:
+ params["environment"] = environment
+ container = docker.create_container(**params)
+ docker.start(container=container.get('Id'))
@staticmethod
def get_component(uuid=None):
@@ -114,32 +154,14 @@ def __save_pid():
def server():
- # TODO (asteroide): need to add some options:
- # --foreground: run in foreground
- __save_pid()
- LOG.info("Starting server with IP {}".format(CONF.orchestrator.host))
-
- docker_manager = DockerManager()
-
- network_config = create_docker_network()
- LOG.info("Creating Router")
- router = SecurityRouter(options.filename, docker=docker, network_config=network_config)
- CONTAINERS[router.id] = router
+ configuration.init_logging()
+ conf = configuration.add_component("orchestrator", "orchestrator")
+ LOG.info("Starting main server {}".format(conf["components/orchestrator"]["hostname"]))
- LOG.info("Creating Manager")
- manager = SecurityManager(options.filename, docker=docker, network_config=network_config)
- CONTAINERS[manager.id] = manager
-
- LOG.info("Creating Interface")
- interface = SecurityInterface(options.filename, docker=docker, network_config=network_config)
- CONTAINERS[interface.id] = interface
+ docker_manager = DockerManager()
- try:
- router.get_status()
- except oslo_messaging.rpc.client.RemoteError as e:
- LOG.error("Cannot check status of remote container!")
- _exit(1, e)
+ docker_manager.load_all_containers()
serv = messenger.Server(containers=CONTAINERS, docker_manager=docker_manager, slaves=SLAVES)
try:
serv.run()
@@ -148,11 +170,7 @@ def server():
def main():
- signal.signal(signal.SIGTERM, kill_handler)
- signal.signal(signal.SIGHUP, kill_handler)
- newpid = os.fork()
- if newpid == 0:
- server()
+ server()
if __name__ == '__main__':