From c6cbfea94f51536b11e46bfe7053e1fb96c0a968 Mon Sep 17 00:00:00 2001 From: asteroide Date: Tue, 25 Jul 2017 18:18:05 +0200 Subject: Containerize the orchestrator and all components Change-Id: I9234c3d286e0a273c878bbac66efcd9696490900 --- moonv4/moon_authz/Dockerfile | 13 ++ moonv4/moon_interface/Dockerfile | 11 ++ moonv4/moon_manager/Dockerfile | 12 ++ moonv4/moon_manager/requirements.txt | 4 +- moonv4/moon_orchestrator/Dockerfile | 11 ++ moonv4/moon_orchestrator/conf/moon.conf | 167 +++++++++--------- .../moon_orchestrator/api/configuration.py | 4 +- .../moon_orchestrator/api/containers.py | 61 ++----- .../moon_orchestrator/api/slaves.py | 2 +- .../moon_orchestrator/moon_orchestrator/dockers.py | 192 --------------------- .../moon_orchestrator/messenger.py | 35 +--- .../moon_orchestrator/moon_orchestrator/scoper.py | 40 ----- .../moon_orchestrator/security_function.py | 56 ------ .../moon_orchestrator/security_interface.py | 45 ----- .../moon_orchestrator/security_manager.py | 56 ------ .../moon_orchestrator/security_policy.py | 56 ------ .../moon_orchestrator/security_router.py | 52 ------ .../moon_orchestrator/moon_orchestrator/server.py | 152 +++++++++------- moonv4/moon_router/Dockerfile | 2 +- 19 files changed, 243 insertions(+), 728 deletions(-) create mode 100644 moonv4/moon_authz/Dockerfile create mode 100644 moonv4/moon_interface/Dockerfile create mode 100644 moonv4/moon_manager/Dockerfile create mode 100644 moonv4/moon_orchestrator/Dockerfile delete mode 100644 moonv4/moon_orchestrator/moon_orchestrator/dockers.py delete mode 100644 moonv4/moon_orchestrator/moon_orchestrator/scoper.py delete mode 100644 moonv4/moon_orchestrator/moon_orchestrator/security_function.py delete mode 100644 moonv4/moon_orchestrator/moon_orchestrator/security_interface.py delete mode 100644 moonv4/moon_orchestrator/moon_orchestrator/security_manager.py delete mode 100644 moonv4/moon_orchestrator/moon_orchestrator/security_policy.py delete mode 100644 moonv4/moon_orchestrator/moon_orchestrator/security_router.py diff --git a/moonv4/moon_authz/Dockerfile b/moonv4/moon_authz/Dockerfile new file mode 100644 index 00000000..6ecc8f2d --- /dev/null +++ b/moonv4/moon_authz/Dockerfile @@ -0,0 +1,13 @@ +FROM ubuntu:latest + +ENV UUID=null + +RUN apt update && apt install python3.5 python3-pip -y +RUN pip3 install moon_utilities moon_db pip --upgrade + +ADD . /root +WORKDIR /root/ +RUN pip3 install -r requirements.txt +RUN pip3 install . + +CMD ["python3", "-m", "moon_authz"] \ No newline at end of file diff --git a/moonv4/moon_interface/Dockerfile b/moonv4/moon_interface/Dockerfile new file mode 100644 index 00000000..5bbe3df0 --- /dev/null +++ b/moonv4/moon_interface/Dockerfile @@ -0,0 +1,11 @@ +FROM ubuntu:latest + +RUN apt update && apt install python3.5 python3-pip -y +RUN pip3 install moon_utilities moon_db pip --upgrade + +ADD . /root +WORKDIR /root/ +RUN pip3 install -r requirements.txt +RUN pip3 install . + +CMD ["python3", "-m", "moon_interface"] \ No newline at end of file diff --git a/moonv4/moon_manager/Dockerfile b/moonv4/moon_manager/Dockerfile new file mode 100644 index 00000000..71b1954a --- /dev/null +++ b/moonv4/moon_manager/Dockerfile @@ -0,0 +1,12 @@ +FROM ubuntu:latest + +RUN apt update && apt install python3.5 python3-pip -y +RUN pip3 install moon_utilities moon_db pip --upgrade + +ADD . /root +WORKDIR /root/ +RUN pip3 install -r requirements.txt +RUN pip install dist/* --upgrade +RUN pip3 install . + +CMD ["python3", "-m", "moon_manager"] \ No newline at end of file diff --git a/moonv4/moon_manager/requirements.txt b/moonv4/moon_manager/requirements.txt index a919c625..7609c3d8 100644 --- a/moonv4/moon_manager/requirements.txt +++ b/moonv4/moon_manager/requirements.txt @@ -3,4 +3,6 @@ oslo.messaging oslo.config vine oslo.log -babel \ No newline at end of file +babel +moon_utilities +moon_db \ No newline at end of file diff --git a/moonv4/moon_orchestrator/Dockerfile b/moonv4/moon_orchestrator/Dockerfile new file mode 100644 index 00000000..9c1b4662 --- /dev/null +++ b/moonv4/moon_orchestrator/Dockerfile @@ -0,0 +1,11 @@ +FROM debian:latest + +RUN apt update && apt install python3.5 python3-pip -y +RUN pip3 install moon_utilities moon_db pip --upgrade + +ADD . /root +WORKDIR /root/ +RUN pip3 install -r requirements.txt +RUN pip3 install . + +CMD ["python3", "-m", "moon_orchestrator"] \ No newline at end of file diff --git a/moonv4/moon_orchestrator/conf/moon.conf b/moonv4/moon_orchestrator/conf/moon.conf index c0d1d14c..af059c28 100644 --- a/moonv4/moon_orchestrator/conf/moon.conf +++ b/moonv4/moon_orchestrator/conf/moon.conf @@ -1,87 +1,82 @@ -[DEFAULT] -# proxy URL -#proxy=http://172.28.16.30:3128 -proxy= -transport_url=rabbit://moon:p4sswOrd1@messenger:5672/moon -#transport_url=rabbit://moon:p4sswOrd@localhost:5672/moon +database: + url: mysql+pymysql://moon:p4sswOrd1@db/moon + driver: sql + +messenger: + url: rabbit://moon:p4sswOrd1@messenger:5672/moon + +docker: + url: tcp://172.88.88.1:2376 + network: moon + +slave: + name: + master: + url: + login: + password: + +openstack: + keystone: + url: http://keystone:5000/v3 + user: admin + password: p4ssw0rd + domain: default + project: admin + check_token: false + certificate: false + +plugins: + authz: wukongsun/moon_authz:v4.1_dev + session: asteroide/session:latest + +components: + interface: + port: 8081 + hostname: interface + bind: 0.0.0.0 + container: wukongsun/moon_interface:v4.1_dev + router: + container: wukongsun/moon_router:v4.1_dev + hostname: router + manager: + container: wukongsun/moon_manager:v4.1_dev + hostname: manager + orchestrator: + container: wukongsun/moon_orchestrator:v4.1_dev + hostname: orchestrator + port_start: 38001 + +logging: + version: 1 + + formatters: + brief: + format: "%(levelname)s %(name)s %(message)-30s" + custom: + format: "%(asctime)-15s %(levelname)s %(name)s %(message)s" + + handlers: + console: + class : logging.StreamHandler + formatter: brief + level : INFO + stream : ext://sys.stdout + file: + class : logging.handlers.RotatingFileHandler + formatter: custom + level : DEBUG + filename: /tmp/moon.log + maxBytes: 1048576 + backupCount: 3 + + loggers: + moon: + level: DEBUG + handlers: [console, file] + propagate: no + + root: + level: ERROR + handlers: [console] -debug=True - -# directory where the python packages can be found -dist_dir=/home/vdsq3226/projets/opnfv/moonv4/moon_orchestrator/dist -plugin_dir=/etc/moon/plugins - -docker_url=unix://var/run/docker.sock - -root_policy_directory=policy_root -policy_directory=/etc/moon/policies - -[slave] - -# name of the slave -# example slave_name=slave1 -slave_name= - -# URL of the RabbitMQ bus of the Master -# example: master_url=rabbit://moon:p4sswOrd1@master_messenger:5672/moon -master_url= - -# login name of the master administrator -# example: master_login=admin -master_login= - -# password of the master administrator -# example: master_password=p4ssw0rd -master_password= - -[database] - -# Database for that server (may be different from master to slave) -url=mysql+pymysql://moon:p4sswOrd1@db/moon -driver=sql - -[database_configuration] - -# Database for configuration elements (may be different from master to slave) -driver=memory -url= - -[orchestrator] -host=127.0.0.1 -port=38002 -container= - -[security_router] -host=172.18.0.10 - -# Name of the container to download (if empty build from scratch) -# example: container=moon/moon_secrouter:latest -container= - -[security_manager] -host=172.18.0.10 - -# Name of the container to download (if empty build from scratch) -# example: container=moon/moon_manager:latest -container= - -[interface] -host=172.18.0.11 -port=38001 -# Name of the container to download (if empty build from scratch) -# example: container=moon/moon_interface:latest -container= - -[security_function] -# Name of the container to download (if empty build from scratch) -# example: container=moon/moon_secfunction:latest -container= - -[keystone] -url=http://keystone:5000/v3 -user=admin -password=p4ssw0rd -domain=default -project=admin -check_token=False -server_crt=False diff --git a/moonv4/moon_orchestrator/moon_orchestrator/api/configuration.py b/moonv4/moon_orchestrator/moon_orchestrator/api/configuration.py index 36c1f60d..887a989b 100644 --- a/moonv4/moon_orchestrator/moon_orchestrator/api/configuration.py +++ b/moonv4/moon_orchestrator/moon_orchestrator/api/configuration.py @@ -6,10 +6,10 @@ import json from oslo_config import cfg from oslo_log import log as logging -from moon_db.core import IntraExtensionRootManager +# from moon_db.core import IntraExtensionRootManager from moon_db.core import ConfigurationManager -LOG = logging.getLogger(__name__) +LOG = logging.getLogger("moon.orchestrator.api.configuration") CONF = cfg.CONF diff --git a/moonv4/moon_orchestrator/moon_orchestrator/api/containers.py b/moonv4/moon_orchestrator/moon_orchestrator/api/containers.py index 2ed5b266..23acea5f 100644 --- a/moonv4/moon_orchestrator/moon_orchestrator/api/containers.py +++ b/moonv4/moon_orchestrator/moon_orchestrator/api/containers.py @@ -10,7 +10,7 @@ from oslo_log import log as logging # from moon_db.core import ConfigurationManager from moon_utilities.security_functions import call -LOG = logging.getLogger(__name__) +LOG = logging.getLogger("moon.orchestrator.api.containers") CONF = cfg.CONF @@ -28,38 +28,18 @@ class Containers(object): ctx={"user_id": "admin", "id": None})["pdps"].items(): self.add_container(ctx={"id": pdp_key, "pipeline": pdp_value["security_pipeline"]}) - # for _ext_id, _ext_value in self.__get_pdp({"user_id": "admin"}, None)["intra_extensions"].items(): - # self.docker_manager.load(component="policy", uuid=_ext_id) - # # FIXME (asteroide): there may be other security_function here (delegation, ...) - # LOG.info("ADDING Containers {}".format(_ext_value)) - # self.docker_manager.load(component="function", uuid="{}_{}_{}".format("authz", "rbac_rule", _ext_id)) - - # def __get_pdp(self, ctx, args=None): - # """Get information about all pdp - # - # :param ctx: { - # "user_id": "uuid of a user", - # "id": "uuid of a tenant or an intra_extension" - # } - # :param args: {} - # :return: { - # "intra_extension_id": { - # "name": "name of the intra extension", - # "model": "model of the intra extension", - # "genre": "genre of the intra extension", - # "description": "description of the intra-extension" - # } - # } - # """ - # # TODO (asteroide): check if ctx["id"] is a tenant UUID or an intra_extension UUID. - # _ext = IntraExtensionRootManager.get_intra_extensions_dict(ctx["user_id"]) - # if ctx and "id" in ctx and ctx["id"]: - # if ctx["id"] in _ext: - # return {"pdp": {ctx["id"]: _ext[ctx["id"]]}} - # return {"error": "No pdp with id {}".format(ctx["id"])} - # return {"pdp": _ext} - def get_container(self, ctx, args=None): + """Get containers linked to an intra-extension + + :param ctx: { + "id": "intra_extension_uuid", + "keystone_project_id": "Keystone Project UUID" + } + :param args: {} + :return: { + "containers": {...}, + } + """ uuid = ctx.get("id") keystone_project_id = ctx.get("keystone_project_id") # _containers = self.docker_manager.get_component(uuid=uuid) @@ -75,7 +55,7 @@ class Containers(object): return {"containers": self.components} def add_container(self, ctx, args=None): - """Add containers linked to an intra-extension + """Add containers :param ctx: {"id": "intra_extension_uuid"} :param args: {} @@ -103,8 +83,10 @@ class Containers(object): for meta_rule in models[policy_value['model_id']]['meta_rules']: genre = policy_value['genre'] pre_container_id = "pdp:{}_metarule:{}_project:{}".format(ctx["id"], meta_rule, keystone_project_id) + container_data = {"pdp": ctx["id"], "metarule": meta_rule, "project": keystone_project_id} policy_component = self.docker_manager.load(component=genre, - uuid=pre_container_id) + uuid=pre_container_id, + container_data=container_data) self.components[ctx["id"]].append({ "meta_rule_id": meta_rule, "genre": policy_value['genre'], @@ -112,17 +94,6 @@ class Containers(object): "container_id": policy_value['genre']+"_"+hashlib.sha224(pre_container_id.encode("utf-8")).hexdigest() }) return {"containers": self.components[ctx["id"]]} - # function_components = [] - # for pdp in ctx['pdp_pipeline']: - # key, value = pdp.split(":") - # LOG.info("add_container {}:{}".format(key, value)) - # function_components.append(self.docker_manager.load(component="function", - # uuid="{}_{}_{}".format(key, value, ctx["id"]))) - # containers = dict() - # containers[policy_component.id] = policy_component.get_status() - # for component in function_components: - # containers[component.id] = component.get_status() - # return {"containers": containers} def delete_container(self, ctx, args=None): """Delete a container diff --git a/moonv4/moon_orchestrator/moon_orchestrator/api/slaves.py b/moonv4/moon_orchestrator/moon_orchestrator/api/slaves.py index 9142a830..3a16fea1 100644 --- a/moonv4/moon_orchestrator/moon_orchestrator/api/slaves.py +++ b/moonv4/moon_orchestrator/moon_orchestrator/api/slaves.py @@ -7,7 +7,7 @@ from oslo_config import cfg from oslo_log import log as logging from uuid import uuid4 -LOG = logging.getLogger(__name__) +LOG = logging.getLogger("moon.orchestrator.api.slaves") CONF = cfg.CONF diff --git a/moonv4/moon_orchestrator/moon_orchestrator/dockers.py b/moonv4/moon_orchestrator/moon_orchestrator/dockers.py deleted file mode 100644 index 3a754ea3..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/dockers.py +++ /dev/null @@ -1,192 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import json -import glob -import uuid -import shutil -import errno -from uuid import uuid4 -from oslo_config import cfg -from oslo_log import log as logging -from jinja2 import FileSystemLoader, Environment -from moon_utilities.options import get_docker_template_dir - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_orchestrator" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) -TEMPLATES_FOLDER = get_docker_template_dir() - - -class DockerBase: - - docker = None - image_id = None - tag = 'moon/component' - tmp_dir = os.path.join("/tmp", uuid.uuid4().hex) - name = "" - __build = """RUN mkdir -p /etc/moon/ -COPY conf /etc/moon/ -ADD dist/{py_pkg}.tar.gz /root -WORKDIR /root/{py_pkg} -RUN pip3 install --upgrade -r requirements.txt -RUN pip3 install --upgrade . -""" - - def __init__(self, - name, - run_cmd, - host=None, - build_cmd=None, - conf_file="", - id=None, - docker=None, - network_config=None, - tag="", - port=None - ): - self.conf_file = conf_file - self.docker = docker - self.network_config = network_config - self.name = name - self.id = id if id else name + "_" + uuid4().hex - self.tag = "moon/{}".format(name) - self.build_cmd = build_cmd if build_cmd else self.__build - self.run_cmd = run_cmd - self.host = host - self.docker_id = id - self.port = port - containers = self.docker.containers() - if self.id not in map(lambda x: x['Id'], containers): - self.create_container(tag) - self.run_docker() - else: - LOG.info("Component {} already running...".format(name)) - - def create_container(self, container=None): - if not container: - proxy = CONF.proxy - if CONF.proxy: - proxy = "ENV http_proxy {0}\nENV https_proxy {0}\n".format(CONF.proxy) - run = self.build_cmd.format( - py_pkg=self.__get_last_version_of_pkg(self.name).replace(".tar.gz", "").replace("dist/", ""), - port=self.port - ) - docker_str = self.__get_template().render(run=run, cmd=self.run_cmd, proxy=proxy) - self.__create_tmp_dir(docker_str) - self.create_docker(docker_str) - else: - self.tag = container - - def __create_tmp_dir(self, docker_str): - try: - os.mkdir(self.tmp_dir) - except OSError as e: - LOG.warning("Problem when creating temporary directory ({})".format(e)) - - try: - os.mkdir(os.path.join(self.tmp_dir, "dist")) - except OSError as e: - LOG.warning("Problem when creating temporary directory ({})".format(e)) - for _file in glob.glob("{}/*".format(CONF.dist_dir)): - LOG.info("Copying {}".format(_file)) - shutil.copy(_file, os.path.join(self.tmp_dir, "dist")) - - try: - # TODO: check the symbol link - shutil.copytree(os.path.dirname(self.conf_file), os.path.join(self.tmp_dir, "conf")) - except OSError as exc: - if exc.errno == errno.ENOTDIR: - shutil.copy(os.path.dirname(self.conf_file), os.path.join(self.tmp_dir, "conf")) - elif exc.errno == errno.EEXIST: - pass - else: - LOG.info("exc.errno = {}".format(exc.errno)) - raise - - open("{}/Dockerfile".format(self.tmp_dir), "w").write(docker_str) - - def __get_docker_network(self, name="moon"): - if self.host: - return self.docker.create_networking_config({ - name: self.docker.create_endpoint_config( - aliases=[self.id, ], - ipv4_address=self.host, - ) - }) - else: - return self.docker.create_networking_config({ - name: self.docker.create_endpoint_config( - aliases=[self.id, ] - ) - }) - - @staticmethod - def __get_last_version_of_pkg(name): - files = [] - for filename in glob.glob("{}/{}*".format(CONF.dist_dir, name)): - files.append(filename) - files.sort() - try: - return os.path.basename(files[-1]) - except Exception as e: - LOG.error("__get_last_version_of_pkg {}/{}*".format(CONF.dist_dir, name)) - raise e - - def run_docker(self): - LOG.info("run_docker hostname={}".format(self.id.replace("_", "-"))) - if self.port: - host_config = self.docker.create_host_config(port_bindings={ - self.port: self.port - }) - else: - host_config = self.docker.create_host_config() - - output = self.docker.create_container(image=self.tag, - command=list(self.run_cmd), - hostname=str(self.id.replace("_", "-"))[:63], - name=str(self.id), - networking_config=self.__get_docker_network(), - host_config=host_config - ) - container_data = self.docker.inspect_container(output['Id']) - name = container_data["Name"] - LOG.info("Running container {} with ID {}".format(self.tag, output)) - LOG.info("output id = {}".format(output['Id'])) - self.docker.start(container=output['Id']) - LOG.info("Running container output {}".format(self.docker.logs( - container=name, - # stdout=True, - # stderr=True - ).decode("utf-8"))) - self.name = name - self.docker_id = output['Id'] - - def create_docker(self, docker_str): - # f = BytesIO(docker_str.encode('utf-8')) - LOG.info("Building {}".format(self.tmp_dir)) - # TODO (dthom): halt on built errors (or emit a log) - _output = self.docker.build(path=self.tmp_dir, rm=True, tag=self.tag) - # _output = self.cli.build(fileobj=f, rm=True, tag=self.tag, stream=True) - for line in _output: - jline = json.loads(line.decode("utf-8")) - if "stream" in jline: - LOG.info("\033[33m" + jline["stream"].strip() + "\033[m") - else: - LOG.info("\033[33m" + str(jline).strip() + "\033[m") - else: - LOG.debug(_output) - LOG.info("tag = {}".format(self.tag)) - LOG.info("images = {}".format(self.docker.images(name=self.tag))) - self.image_id = self.docker.images(name=self.tag)[0]['Id'] - - @staticmethod - def __get_template(filename="template.dockerfile"): - simple_loader = FileSystemLoader(TEMPLATES_FOLDER) - env = Environment(loader=simple_loader) - return env.get_template(filename) diff --git a/moonv4/moon_orchestrator/moon_orchestrator/messenger.py b/moonv4/moon_orchestrator/moon_orchestrator/messenger.py index 6b54255f..2b7b3866 100644 --- a/moonv4/moon_orchestrator/moon_orchestrator/messenger.py +++ b/moonv4/moon_orchestrator/moon_orchestrator/messenger.py @@ -3,28 +3,26 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -from oslo_config import cfg import oslo_messaging from oslo_log import log as logging import time from moon_utilities.api import APIList -from moon_utilities.security_functions import call -from moon_utilities.exceptions import RootPDPNotInitialized +from moon_utilities import configuration from oslo_config import cfg from moon_orchestrator.api.generic import Status, Logs -# from moon_orchestrator.api.configuration import Configuration from moon_orchestrator.api.containers import Containers from moon_orchestrator.api.slaves import Slaves TOPIC = "orchestrator" -LOG = logging.getLogger(__name__) +LOG = logging.getLogger("moon.orchestrator.messenger") CONF = cfg.CONF class Server: def __init__(self, containers, docker_manager, slaves): + cfg.CONF.transport_url = self.__get_transport_url() self.CONTAINERS = containers self.transport = oslo_messaging.get_transport(cfg.CONF) self.target = oslo_messaging.Target(topic=TOPIC, server='server1') @@ -37,39 +35,20 @@ class Server: Status(), Logs(), Containers(self.docker_manager), - # Configuration(), Slaves(slaves) ] self.server = oslo_messaging.get_rpc_server(self.transport, self.target, self.endpoints, executor='threading', access_policy=oslo_messaging.DefaultRPCAccessPolicy) - # @staticmethod - # def __check_root_pdp(): - # root_exist = False - # for key, value in call("manager", ctx={"user_id": "admin"}, - # method="get_pdp", args={})["pdp"].items(): - # if value["name"] == CONF.root_policy_directory: - # root_exist = True - # if not root_exist: - # ie = call("manager", ctx={"user_id": "admin"}, method="add_pdp", - # args={ - # "name": "policy_root", - # "model": CONF.root_policy_directory, - # "genre": "admin", - # "description": "policy_root" - # }) - # if "result" in ie and not ie["result"]: - # raise RootPDPNotInitialized + @staticmethod + def __get_transport_url(): + messenger = configuration.get_configuration(configuration.MESSENGER)["messenger"] + return messenger['url'] def run(self): try: self.server.start() - # try: - # raise NotImplementedError - # # self.__check_root_pdp() - # except Exception as e: - # LOG.error("Exception occurred when creating Root PDP: {}".format(e)) while True: time.sleep(1) except KeyboardInterrupt: diff --git a/moonv4/moon_orchestrator/moon_orchestrator/scoper.py b/moonv4/moon_orchestrator/moon_orchestrator/scoper.py deleted file mode 100644 index ebfb12f8..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/scoper.py +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from oslo_config import cfg -from oslo_log import log as logging -import oslo_messaging -from moon_orchestrator.dockers import DockerBase - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_orchestrator" - - -class Scoper(DockerBase): - - id = "moon_scoper" - - def __init__(self, conf_file="", docker=None, network_config=None): - super(Scoper, self).__init__( - name="moon_scoper", - id=self.id, - run_cmd=["python3", "-m", "moon_scoper"], - host=CONF.scoper.host, - conf_file=conf_file, - docker=docker, - network_config=network_config, - tag=CONF.scoper.container - ) - - @staticmethod - def get_status(): - transport = oslo_messaging.get_transport(CONF) - target = oslo_messaging.Target(topic='scoper', version='1.0') - client = oslo_messaging.RPCClient(transport, target) - LOG.info("Calling Status on scoper component...") - ret = client.call({"component_id": "scoper"}, 'get_status', args=None) - LOG.info(ret) - return ret diff --git a/moonv4/moon_orchestrator/moon_orchestrator/security_function.py b/moonv4/moon_orchestrator/moon_orchestrator/security_function.py deleted file mode 100644 index 1b33ef60..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/security_function.py +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import time -from oslo_config import cfg -from oslo_log import log as logging -import oslo_messaging -from moon_orchestrator.dockers import DockerBase - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_orchestrator" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) -# TODO (dthom): select the right template folder -TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers") - - -class SecurityFunction(DockerBase): - - id = "moon_function" - __build = """RUN mkdir -p /etc/moon/ -COPY conf /etc/moon/ -ADD dist/{py_pkg}.tar.gz /root -WORKDIR /root/{py_pkg} -RUN pip3 install -r requirements.txt -RUN pip3 install . -""" - - def __init__(self, intra_extension_id, conf_file="", docker=None, network_config=None): - self.id = "moon_pdp_{}".format(intra_extension_id) - super(SecurityFunction, self).__init__( - name="moon_secfunction", - run_cmd=["python3", "-m", "moon_secfunction", intra_extension_id], - conf_file=conf_file, - docker=docker, - network_config=network_config, - build_cmd=self.__build, - id=self.id, - tag=CONF.security_function.container - ) - # note(asteroide): time to let the new docker boot - time.sleep(3) - self.get_status() - - def get_status(self): - transport = oslo_messaging.get_transport(CONF) - target = oslo_messaging.Target(topic=self.id, version='1.0') - client = oslo_messaging.RPCClient(transport, target) - LOG.info("Calling Status on {}".format(self.id)) - ret = client.call({"component_id": self.id}, 'get_status', args=None) - LOG.info(ret) - return ret diff --git a/moonv4/moon_orchestrator/moon_orchestrator/security_interface.py b/moonv4/moon_orchestrator/moon_orchestrator/security_interface.py deleted file mode 100644 index 656c4340..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/security_interface.py +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -from oslo_config import cfg -from oslo_log import log as logging -from moon_orchestrator.dockers import DockerBase - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_orchestrator" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) -# TODO (dthom): select the right template folder -TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers") - - -class SecurityInterface(DockerBase): - - id = "moon_interface" - __build = """RUN mkdir -p /etc/moon/ - COPY conf /etc/moon/ - ADD dist/{py_pkg}.tar.gz /root - WORKDIR /root/{py_pkg} - RUN pip3 install -r requirements.txt - RUN pip3 install . - EXPOSE {port} - """ - - def __init__(self, conf_file="", docker=None, network_config=None): - super(SecurityInterface, self).__init__( - name="moon_interface", - id=self.id, - run_cmd=["python3", "-m", "moon_interface"], - host=CONF.interface.host, - conf_file=conf_file, - docker=docker, - network_config=network_config, - tag=CONF.interface.container, - build_cmd=self.__build, - port=CONF.interface.port - ) - diff --git a/moonv4/moon_orchestrator/moon_orchestrator/security_manager.py b/moonv4/moon_orchestrator/moon_orchestrator/security_manager.py deleted file mode 100644 index c7dc4c63..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/security_manager.py +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import time -from oslo_config import cfg -from oslo_log import log as logging -import oslo_messaging -from moon_orchestrator.dockers import DockerBase - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_orchestrator" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) -# TODO (dthom): select the right template folder -TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers") - - -class SecurityManager(DockerBase): - - id = "moon_manager" - __build = """RUN mkdir -p /etc/moon/ -COPY conf /etc/moon/ -ADD dist/{py_pkg}.tar.gz /root -WORKDIR /root/{py_pkg} -RUN pip3 install -r requirements.txt -RUN pip3 install . -""" - - def __init__(self, conf_file="", docker=None, network_config=None): - self.id = "moon_manager" - super(SecurityManager, self).__init__( - name="moon_manager", - run_cmd=["python3", "-m", "moon_manager"], - conf_file=conf_file, - docker=docker, - network_config=network_config, - build_cmd=self.__build, - id=self.id, - tag=CONF.security_manager.container - ) - # note(asteroide): time to let the new docker boot - time.sleep(3) - self.get_status() - - def get_status(self): - transport = oslo_messaging.get_transport(CONF) - target = oslo_messaging.Target(topic=self.id, version='1.0') - client = oslo_messaging.RPCClient(transport, target) - LOG.info("Calling Status on {}".format(self.id)) - ret = client.call({"component_id": self.id}, 'get_status', args=None) - LOG.info(ret) - return ret diff --git a/moonv4/moon_orchestrator/moon_orchestrator/security_policy.py b/moonv4/moon_orchestrator/moon_orchestrator/security_policy.py deleted file mode 100644 index 5cb1d51c..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/security_policy.py +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import time -from oslo_config import cfg -from oslo_log import log as logging -import oslo_messaging -from moon_orchestrator.dockers import DockerBase - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_orchestrator" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) -# TODO (dthom): select the right template folder -TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers") - - -class SecurityPolicy(DockerBase): - - id = "moon_secpolicy" - __build = """RUN mkdir -p /etc/moon/ -COPY conf /etc/moon/ -ADD dist/{py_pkg}.tar.gz /root -WORKDIR /root/{py_pkg} -RUN pip3 install -r requirements.txt -RUN pip3 install . -""" - - def __init__(self, intra_extension_id, conf_file="", docker=None, network_config=None): - self.id = "moon_secpolicy" + intra_extension_id - super(SecurityPolicy, self).__init__( - name="moon_secpolicy", - run_cmd=["python3", "-m", "moon_secpolicy", intra_extension_id], - conf_file=conf_file, - docker=docker, - network_config=network_config, - build_cmd=self.__build, - id="moon_secpolicy_{}".format(intra_extension_id), - tag=CONF.security_policy.container - ) - # note(asteroide): time to let the new docker boot - time.sleep(3) - self.get_status() - - def get_status(self): - transport = oslo_messaging.get_transport(CONF) - target = oslo_messaging.Target(topic=self.id, version='1.0') - client = oslo_messaging.RPCClient(transport, target) - LOG.info("Calling Status on {}".format(self.id)) - ret = client.call({"component_id": self.id}, 'get_status', args=None) - LOG.info(ret) - return ret diff --git a/moonv4/moon_orchestrator/moon_orchestrator/security_router.py b/moonv4/moon_orchestrator/moon_orchestrator/security_router.py deleted file mode 100644 index 290ab111..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/security_router.py +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import json -import glob -import uuid -import shutil -from oslo_config import cfg -from oslo_log import log as logging -import oslo_messaging -from io import BytesIO -from docker import Client -from jinja2 import FileSystemLoader, Environment -from moon_orchestrator.dockers import DockerBase - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_orchestrator" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) -# TODO (dthom): select the right template folder -TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers") - - -class SecurityRouter(DockerBase): - - id = "moon_router" - - def __init__(self, conf_file="", docker=None, network_config=None): - super(SecurityRouter, self).__init__( - name="moon_secrouter", - id=self.id, - run_cmd=["python3", "-m", "moon_secrouter"], - host=CONF.security_router.host, - conf_file=conf_file, - docker=docker, - network_config=network_config, - tag=CONF.security_router.container - ) - - @staticmethod - def get_status(): - transport = oslo_messaging.get_transport(CONF) - target = oslo_messaging.Target(topic='security_router', version='1.0') - client = oslo_messaging.RPCClient(transport, target) - LOG.info("Calling Status on security_server...") - ret = client.call({"component_id": "security_router"}, 'get_status', args=None) - LOG.info(ret) - return ret diff --git a/moonv4/moon_orchestrator/moon_orchestrator/server.py b/moonv4/moon_orchestrator/moon_orchestrator/server.py index c5a7d79b..170e541d 100644 --- a/moonv4/moon_orchestrator/moon_orchestrator/server.py +++ b/moonv4/moon_orchestrator/moon_orchestrator/server.py @@ -5,56 +5,31 @@ import sys import os -import signal import hashlib -from oslo_config import cfg from oslo_log import log as logging -import oslo_messaging from docker import Client import docker.errors as docker_errors -from importlib.machinery import SourceFileLoader -from moon_utilities import options -from moon_orchestrator.security_router import SecurityRouter -from moon_orchestrator.security_interface import SecurityInterface -from moon_orchestrator.security_manager import SecurityManager -from moon_orchestrator.security_function import SecurityFunction -# from moon_orchestrator.security_policy import SecurityPolicy -# from moon_orchestrator.security_function import SecurityFunction +from moon_utilities import configuration, exceptions from moon_orchestrator import messenger -LOG = logging.getLogger(__name__) -CONF = cfg.CONF + +LOG = logging.getLogger("moon.orchestrator") CONTAINERS = {} SLAVES = {} -docker = Client(base_url=CONF.docker_url) +docker_conf = configuration.get_configuration("docker")['docker'] +docker = Client(base_url=docker_conf['url']) +LOG.info("docker_url={}".format(docker_conf['url'])) +docker_network = docker_conf['network'] def kill_handler(signum, frame): _exit(0) -def create_docker_network(name="moon"): - - return docker.create_networking_config({ - name: docker.create_endpoint_config(), - 'aliases': ['orchestrator', ] - }) - - -def load_plugin(plugname): - try: - m = SourceFileLoader("scenario", os.path.join(CONF.plugin_dir, plugname+".py")) - return m.load_module() - except ImportError as e: - LOG.error("Error in importing plugin {}".format(plugname)) - LOG.error("{}".format(e)) - - class DockerManager: - @staticmethod - def load(component, uuid): + def load(self, component, uuid=None, container_data=None): """Load a new docker mapping the component given :param component: the name of the component (policy or function) @@ -62,12 +37,77 @@ class DockerManager: :return: the created component """ component_id = component+"_"+hashlib.sha224(uuid.encode("utf-8")).hexdigest() - if component_id not in CONTAINERS: - plug = load_plugin(component) - LOG.info("Creating {} with id {}".format(component, uuid)) - component = plug.run(uuid, options.filename, docker=docker, network_config=create_docker_network()) - CONTAINERS[component_id] = component - return component + plugins = configuration.get_plugins() + if component in plugins.keys(): + components = configuration.get_components() + configuration.add_component( + name=component_id, + uuid=component_id, + port=configuration.increment_port(), + bind="0.0.0.0", + extra=container_data, + container=plugins[component]['container'] + ) + _command = plugins[component]['command'] + try: + _index = _command.index("") + _command[_index] = component_id + except ValueError: + pass + self.run(component_id, environment={"UUID": component_id}) + CONTAINERS[component_id] = components.get(component_id) + CONTAINERS[component_id]["running"] = True + return CONTAINERS[component_id] + + def load_all_containers(self): + LOG.info("Try to load all containers...") + current_containers = [item["Names"][0] for item in docker.containers()] + components = configuration.get_components() + containers_not_running = [] + for c_name in ( + '/keystone', + '/consul', + '/db', + '/messenger' + ): + if c_name not in current_containers: + containers_not_running.append(c_name) + if containers_not_running: + raise exceptions.ContainerMissing( + "Following containers are missing: {}".format(", ".join(containers_not_running))) + for c_name in ( + '/interface', + '/manager', + '/router'): + if c_name not in current_containers: + LOG.info("Starting container {}...".format(c_name)) + self.run(c_name.strip("/")) + else: + LOG.info("Container {} already running...".format(c_name)) + CONTAINERS[c_name] = components.get(c_name.strip("/")) + CONTAINERS[c_name]["running"] = True + + def run(self, name, environment=None): + components = configuration.get_components() + if name in components: + image = components[name]['container'] + params = { + 'image': image, + 'name': name, + 'hostname': name, + 'detach': True, + 'host_config': docker.create_host_config(network_mode=docker_network) + } + if 'port' in components[name] and components[name]['port']: + params["ports"] = [components[name]['port'], ] + params["host_config"] = docker.create_host_config( + network_mode=docker_network, + port_bindings={components[name]['port']: components[name]['port']} + ) + if environment: + params["environment"] = environment + container = docker.create_container(**params) + docker.start(container=container.get('Id')) @staticmethod def get_component(uuid=None): @@ -114,32 +154,14 @@ def __save_pid(): def server(): - # TODO (asteroide): need to add some options: - # --foreground: run in foreground - __save_pid() - LOG.info("Starting server with IP {}".format(CONF.orchestrator.host)) - - docker_manager = DockerManager() - - network_config = create_docker_network() - LOG.info("Creating Router") - router = SecurityRouter(options.filename, docker=docker, network_config=network_config) - CONTAINERS[router.id] = router + configuration.init_logging() + conf = configuration.add_component("orchestrator", "orchestrator") + LOG.info("Starting main server {}".format(conf["components/orchestrator"]["hostname"])) - LOG.info("Creating Manager") - manager = SecurityManager(options.filename, docker=docker, network_config=network_config) - CONTAINERS[manager.id] = manager - - LOG.info("Creating Interface") - interface = SecurityInterface(options.filename, docker=docker, network_config=network_config) - CONTAINERS[interface.id] = interface + docker_manager = DockerManager() - try: - router.get_status() - except oslo_messaging.rpc.client.RemoteError as e: - LOG.error("Cannot check status of remote container!") - _exit(1, e) + docker_manager.load_all_containers() serv = messenger.Server(containers=CONTAINERS, docker_manager=docker_manager, slaves=SLAVES) try: serv.run() @@ -148,11 +170,7 @@ def server(): def main(): - signal.signal(signal.SIGTERM, kill_handler) - signal.signal(signal.SIGHUP, kill_handler) - newpid = os.fork() - if newpid == 0: - server() + server() if __name__ == '__main__': diff --git a/moonv4/moon_router/Dockerfile b/moonv4/moon_router/Dockerfile index c4b542b3..d871defa 100644 --- a/moonv4/moon_router/Dockerfile +++ b/moonv4/moon_router/Dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:latest RUN apt update && apt install python3.5 python3-pip -y -RUN pip3 install moon_utilities moon_db +RUN pip3 install moon_utilities moon_db pip --upgrade ADD . /root WORKDIR /root/ -- cgit 1.2.3-korg