From 6a59009e64f727bcf3c67a8ae45a02e4137bfb99 Mon Sep 17 00:00:00 2001 From: WuKong Date: Wed, 19 Jul 2017 14:01:30 +0200 Subject: update moon_router Change-Id: Iafa79fce14d965dba2f21612eb9c2ae47599c6d7 Signed-off-by: WuKong --- moonv4/README.md | 93 +++-- moonv4/moon_router/Dockerfile | 11 + moonv4/moon_router/README.md | 18 + moonv4/moon_router/README.rst | 9 - moonv4/moon_router/moon_router/__init__.py | 6 + moonv4/moon_router/moon_router/__main__.py | 3 + moonv4/moon_router/moon_router/api/__init__.py | 0 moonv4/moon_router/moon_router/api/generic.py | 46 +++ moonv4/moon_router/moon_router/api/route.py | 467 ++++++++++++++++++++++ moonv4/moon_router/moon_router/messenger.py | 61 +++ moonv4/moon_router/moon_router/server.py | 59 +++ moonv4/moon_router/moon_secrouter/__init__.py | 6 - moonv4/moon_router/moon_secrouter/__main__.py | 3 - moonv4/moon_router/moon_secrouter/api/__init__.py | 0 moonv4/moon_router/moon_secrouter/api/generic.py | 46 --- moonv4/moon_router/moon_secrouter/api/route.py | 467 ---------------------- moonv4/moon_router/moon_secrouter/messenger.py | 61 --- moonv4/moon_router/moon_secrouter/server.py | 59 --- moonv4/moon_router/setup.py | 11 +- moonv4/templates/moon_keystone/README.md | 39 -- 20 files changed, 736 insertions(+), 729 deletions(-) create mode 100644 moonv4/moon_router/Dockerfile create mode 100644 moonv4/moon_router/README.md delete mode 100644 moonv4/moon_router/README.rst create mode 100644 moonv4/moon_router/moon_router/__init__.py create mode 100644 moonv4/moon_router/moon_router/__main__.py create mode 100644 moonv4/moon_router/moon_router/api/__init__.py create mode 100644 moonv4/moon_router/moon_router/api/generic.py create mode 100644 moonv4/moon_router/moon_router/api/route.py create mode 100644 moonv4/moon_router/moon_router/messenger.py create mode 100644 moonv4/moon_router/moon_router/server.py delete mode 100644 moonv4/moon_router/moon_secrouter/__init__.py delete mode 100644 moonv4/moon_router/moon_secrouter/__main__.py delete mode 100644 moonv4/moon_router/moon_secrouter/api/__init__.py delete mode 100644 moonv4/moon_router/moon_secrouter/api/generic.py delete mode 100644 moonv4/moon_router/moon_secrouter/api/route.py delete mode 100644 moonv4/moon_router/moon_secrouter/messenger.py delete mode 100644 moonv4/moon_router/moon_secrouter/server.py (limited to 'moonv4') diff --git a/moonv4/README.md b/moonv4/README.md index ba334a7d..8a729ad1 100644 --- a/moonv4/README.md +++ b/moonv4/README.md @@ -30,67 +30,94 @@ sudo gpasswd -a ${USER} docker sudo service docker restart ``` -## Launch MySql, RabbitMQ, Keystone containers -TODO: put all the containers to `dockerhub` -### moon_mysql:v4.1 +## Launch MySql, RabbitMQ, Keystone -### moon_rabbitmq:v4.1 +### Cleanup +```bash +docker container rm -f $(docker ps -a | grep moon | cut -d " " -f 1) 2>/dev/null +docker container rm -f messenger db keystone 2>/dev/null +``` -### moon_keystone:v4.1 + +### Internal Network Creation ```bash -docker container run -dti --net moon --hostname keystone --name keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 asteroide/keystone_mitaka:latest +docker network create -d bridge --subnet=172.88.88.0/16 --gateway=172.88.88.1 moon ``` -## Install Orchestrator -### Get the code +### MySql ```bash -git clone https://git.opnfv.org/moon -cd moon/moonv4 -export MOON_HOME=$(pwd) -sudo ln -s $(pwd)/conf /etc/moon +docker container run -dti --net=moon --hostname db --name db -e MYSQL_ROOT_PASSWORD=p4sswOrd1 -e MYSQL_DATABASE=moon -e MYSQL_USER=moon -e MYSQL_PASSWORD=p4sswOrd1 -p 3306:3306 mysql:latest ``` -### Start Orchestrator -To start the Moon platform, you have to run the Orchestrator. +### Rabbitmq +```bash +docker container run -dti --net=moon --hostname messenger --name messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=p4sswOrd1 -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -e RABBITMQ_HIPE_COMPILE=1 -p 5671:5671 -p 5672:5672 -p 8080:15672 rabbitmq:3-management +``` -TODO: put all Python packages to PIP +### moon_keystone ```bash -cd ${MOON_HOME}/moon_orchestrator -sudo apt install python3-venv -pyvenv tests/venv -. tests/venv/bin/activate -pip3 install -r requirements.txt --upgrade -pip3 install dist/moon_db-0.1.0.tar.gz --upgrade -pip3 install dist/moon_utilities-0.1.0.tar.gz --upgrade -pip3 install . --upgrade -moon_db_manager upgrade +docker container run -dti --net moon --hostname keystone --name keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 wukongsun/moon_keystone:mitaka ``` -### `/etc/moon/moon.conf` -- edit `dist_dir` variable -- check each `container` variable -Launch `Moon Orchestrator` +## Orchestrator +To start the Moon platform, you have to run the Orchestrator. + +### Installation +```bash +sudo pip3 install moon_db --upgrade +sudo pip3 install moon_utilities --upgrade +sudo pip3 install moon_orchestrator --upgrade +moon_db_manager upgrade +``` + +### Launch ```bash moon_orchestrator ``` ### Tests -In the Python venv ```bash -pip3 install pytest -cd ${MOON_HOME}/moon_interface/tests/apitests +sudo pip3 install pytest +cd /usr/lib/moon_orchestratr/moon_interface/tests/apitests pytest ``` + +## Launch consul, router, manager, interface + +### moon_consul +```bash +docker container run -dti --net moon --hostname consul --name consul wukongsun/moon_consul:v4.1 +``` + +### moon_router +```bash +docker container run -dti --net moon --hostname router --name router wukongsun/moon_router:v4.1 +``` + +### moon_manager +```bash +docker container run -dti --net moon --hostname manager --name manager wukongsun/moon_manager:v4.1 +``` + + +### moon_interface +```bash +docker container run -dti --net moon --hostname interface --name interface wukongsun/moon_interface:v4.1 +``` + + ## Log ### Get some logs ```bash docker ps +docker logs db docker logs messenger docker logs keystone -docker logs moon_router -docker logs moon_interface +docker logs router +docker logs manager +docker logs interface ``` diff --git a/moonv4/moon_router/Dockerfile b/moonv4/moon_router/Dockerfile new file mode 100644 index 00000000..c4b542b3 --- /dev/null +++ b/moonv4/moon_router/Dockerfile @@ -0,0 +1,11 @@ +FROM ubuntu:latest + +RUN apt update && apt install python3.5 python3-pip -y +RUN pip3 install moon_utilities moon_db + +ADD . /root +WORKDIR /root/ +RUN pip3 install -r requirements.txt +RUN pip3 install . + +CMD ["python3", "-m", "moon_router"] \ No newline at end of file diff --git a/moonv4/moon_router/README.md b/moonv4/moon_router/README.md new file mode 100644 index 00000000..91899b31 --- /dev/null +++ b/moonv4/moon_router/README.md @@ -0,0 +1,18 @@ +# Router: Core module for the Moon project + +This package contains the core module for the Moon project +It is designed to provide authorization features to all OpenStack components. + +For any other information, refer to the parent project: + + https://git.opnfv.org/moon + +## Build Image +```bash +docker image build -t wukongsun/moon_router:v4.1 . +``` + +## Push Image +```bash +docker push wukongsun/moon_router:v4.1 +``` \ No newline at end of file diff --git a/moonv4/moon_router/README.rst b/moonv4/moon_router/README.rst deleted file mode 100644 index ded4e99a..00000000 --- a/moonv4/moon_router/README.rst +++ /dev/null @@ -1,9 +0,0 @@ -Core module for the Moon project -================================ - -This package contains the core module for the Moon project -It is designed to provide authorization features to all OpenStack components. - -For any other information, refer to the parent project: - - https://git.opnfv.org/moon diff --git a/moonv4/moon_router/moon_router/__init__.py b/moonv4/moon_router/moon_router/__init__.py new file mode 100644 index 00000000..903c6518 --- /dev/null +++ b/moonv4/moon_router/moon_router/__init__.py @@ -0,0 +1,6 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +__version__ = "0.1.0" diff --git a/moonv4/moon_router/moon_router/__main__.py b/moonv4/moon_router/moon_router/__main__.py new file mode 100644 index 00000000..0d7a8fe6 --- /dev/null +++ b/moonv4/moon_router/moon_router/__main__.py @@ -0,0 +1,3 @@ +from moon_router.server import main + +main() diff --git a/moonv4/moon_router/moon_router/api/__init__.py b/moonv4/moon_router/moon_router/api/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/moonv4/moon_router/moon_router/api/generic.py b/moonv4/moon_router/moon_router/api/generic.py new file mode 100644 index 00000000..d066f715 --- /dev/null +++ b/moonv4/moon_router/moon_router/api/generic.py @@ -0,0 +1,46 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +from moon_utilities.security_functions import call + + +class Status(object): + """ + Retrieve the current status of all components. + """ + + __version__ = "0.1.0" + + def __get_status(self, ctx, args={}): + return {"status": "Running"} + + def get_status(self, ctx, args={}): + status = dict() + if "component_id" in ctx and ctx["component_id"] == "security_router": + return {"security_router": self.__get_status(ctx, args)} + elif "component_id" in ctx and ctx["component_id"]: + # TODO (dthom): check if component exist + status[ctx["component_id"]] = call(ctx["component_id"], ctx, "get_status", args=args) + else: + # TODO (dthom): must get the status of all containers + status["orchestrator"] = call("orchestrator", ctx, "get_status", args=args) + status["security_router"] = self.__get_status(ctx, args) + return status + + +class Logs(object): + """ + Retrieve the current status of all components. + """ + + __version__ = "0.1.0" + + def get_logs(self, ctx, args={}): + logs = dict() + logs["orchestrator"] = call("orchestrator", ctx, "get_logs", args=args) + # TODO (dthom): must get the logs of all containers + logs["security_router"] = {"error": "Not implemented", "ctx": ctx, "args": args} + return logs + + diff --git a/moonv4/moon_router/moon_router/api/route.py b/moonv4/moon_router/moon_router/api/route.py new file mode 100644 index 00000000..1a102abf --- /dev/null +++ b/moonv4/moon_router/moon_router/api/route.py @@ -0,0 +1,467 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import copy +import time +import itertools +from uuid import uuid4 +from oslo_log import log as logging +from moon_utilities.security_functions import call, notify +from oslo_config import cfg +from moon_router.api.generic import Status, Logs + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + +API = { + "orchestrator": ( + "add_container", + "delete_container", + "add_slave", + "get_slaves", + "delete_slave" + ), + # TODO (asteroide): need to check if some of those calls need (or not) to be called "update_" + "manager": ( + "get_subject_assignments", + "set_subject_assignment", + "delete_subject_assignment", + "get_object_assignments", + "set_object_assignment", + "delete_object_assignment", + "get_action_assignments", + "set_action_assignment", + "delete_action_assignment", + "get_subject_data", + "add_subject_data", + "delete_subject_data", + "get_object_data", + "add_object_data", + "delete_object_data", + "get_action_data", + "add_action_data", + "delete_action_data", + "get_subject_categories", + "set_subject_category", + "delete_subject_category", + "get_object_categories", + "set_object_category", + "delete_object_category", + "get_action_categories", + "set_action_category", + "delete_action_category", + "add_meta_rules", + "delete_meta_rules", + "get_meta_rules", + "set_meta_rules", + "get_models", + "add_model", + "delete_model", + "update_model", + "get_pdp", + "add_pdp", + "delete_pdp", + "update_pdp", + "get_subjects", + "set_subject", + "delete_subject", + "get_objects", + "set_object", + "delete_object", + "get_actions", + "set_action", + "delete_action", + "get_policies", + "add_policy", + "delete_policy", + "update_policy", + "get_subject_assignments", + "update_subject_assignment", + "delete_subject_assignment", + "get_object_assignments", + "update_object_assignment", + "delete_object_assignment", + "get_action_assignments", + "update_action_assignment", + "delete_action_assignment", + "get_rules", + "add_rule", + "delete_rule", + "update_from_master" + ), + "function": ( + "authz", + "return_authz", + ), +} + + +class Cache(object): + + # TODO (asteroide): set cache integer in CONF file + __UPDATE_INTERVAL = 10 + + __CONTAINERS = {} + __CONTAINERS_UPDATE = 0 + + __CONTAINER_CHAINING_UPDATE = 0 + __CONTAINER_CHAINING = {} + + __PDP = {} + __PDP_UPDATE = 0 + + __POLICIES = {} + __POLICIES_UPDATE = 0 + + __MODELS = {} + __MODELS_UPDATE = 0 + + __AUTHZ_REQUESTS = {} + + def update(self, component=None): + self.__update_container() + self.__update_pdp() + self.__update_policies() + self.__update_models() + for key, value in self.__PDP.items(): + LOG.info("Updating container_chaining with {}".format(value["keystone_project_id"])) + self.__update_container_chaining(value["keystone_project_id"]) + + @property + def authz_requests(self): + return self.__AUTHZ_REQUESTS + + def __update_pdp(self): + pdp = call("moon_manager", method="get_pdp", ctx={"user_id": "admin"}, args={}) + if not pdp["pdps"]: + LOG.info("Updating PDP through master") + pdp = call("moon_manager", method="get_pdp", + ctx={ + "user_id": "admin", + 'call_master': True + }, + args={}) + for _pdp in pdp["pdps"].values(): + if _pdp['keystone_project_id'] not in self.__CONTAINER_CHAINING: + self.__CONTAINER_CHAINING[_pdp['keystone_project_id']] = {} + # Note (asteroide): force update of chaining + self.__update_container_chaining(_pdp['keystone_project_id']) + for key, value in pdp["pdps"].items(): + self.__PDP[key] = value + + @property + def pdp(self): + current_time = time.time() + if self.__PDP_UPDATE + self.__UPDATE_INTERVAL < current_time: + self.__update_pdp() + self.__PDP_UPDATE = current_time + return self.__PDP + + def __update_policies(self): + policies = call("moon_manager", method="get_policies", ctx={"user_id": "admin"}, args={}) + for key, value in policies["policies"].items(): + self.__POLICIES[key] = value + + @property + def policies(self): + current_time = time.time() + if self.__POLICIES_UPDATE + self.__UPDATE_INTERVAL < current_time: + self.__update_policies() + self.__POLICIES_UPDATE = current_time + return self.__POLICIES + + def __update_models(self): + models = call("moon_manager", method="get_models", ctx={"user_id": "admin"}, args={}) + for key, value in models["models"].items(): + self.__MODELS[key] = value + + @property + def models(self): + current_time = time.time() + if self.__MODELS_UPDATE + self.__UPDATE_INTERVAL < current_time: + self.__update_models() + self.__MODELS_UPDATE = current_time + return self.__MODELS + + def __update_container(self): + containers = call("orchestrator", method="get_container", ctx={}, args={}) + for key, value in containers["containers"].items(): + self.__CONTAINERS[key] = value + + @property + def container_chaining(self): + current_time = time.time() + if self.__CONTAINER_CHAINING_UPDATE + self.__UPDATE_INTERVAL < current_time: + for key, value in self.pdp.items(): + self.__update_container_chaining(value["keystone_project_id"]) + self.__CONTAINER_CHAINING_UPDATE = current_time + return self.__CONTAINER_CHAINING + + def __update_container_chaining(self, keystone_project_id): + container_ids = [] + for pdp_id, pdp_value, in CACHE.pdp.items(): + LOG.info("pdp_id, pdp_value = {}, {}".format(pdp_id, pdp_value)) + if pdp_value: + if pdp_value["keystone_project_id"] == keystone_project_id: + for policy_id in pdp_value["security_pipeline"]: + model_id = CACHE.policies[policy_id]['model_id'] + LOG.info("model_id = {}".format(model_id)) + LOG.info("CACHE = {}".format(CACHE.models[model_id])) + for meta_rule_id in CACHE.models[model_id]["meta_rules"]: + LOG.info("CACHE.containers = {}".format(CACHE.containers)) + for container_id, container_values, in CACHE.containers.items(): + LOG.info("container_id, container_values = {}".format(container_id, container_values)) + for container_value in container_values: + LOG.info("container_value[\"meta_rule_id\"] == meta_rule_id = {} {}".format(container_value["meta_rule_id"], meta_rule_id)) + if container_value["meta_rule_id"] == meta_rule_id: + container_ids.append( + { + "container_id": container_value["container_id"], + "genre": container_value["genre"] + } + ) + break + self.__CONTAINER_CHAINING[keystone_project_id] = container_ids + + @property + def containers(self): + """intra_extensions cache + example of content : + { + "pdp_uuid1": "component_uuid1", + "pdp_uuid2": "component_uuid2", + } + :return: + """ + current_time = time.time() + if self.__CONTAINERS_UPDATE + self.__UPDATE_INTERVAL < current_time: + self.__update_container() + self.__CONTAINERS_UPDATE = current_time + return self.__CONTAINERS + + +CACHE = Cache() + + +class AuthzRequest: + + result = None + req_max_delay = 2 + + def __init__(self, ctx, args): + self.ctx = ctx + self.args = args + self.request_id = ctx["request_id"] + if self.ctx['id'] not in CACHE.container_chaining: + LOG.warning("Unknown Project ID {}".format(self.ctx['id'])) + # TODO (asteroide): add a better exception handler + raise Exception("Unknown Project ID {}".format(self.ctx['id'])) + self.container_chaining = CACHE.container_chaining[self.ctx['id']] + ctx["container_chaining"] = copy.deepcopy(self.container_chaining) + LOG.info("self.container_chaining={}".format(self.container_chaining)) + self.pdp_container = self.container_chaining[0]["container_id"] + self.run() + + def run(self): + notify(request_id=self.request_id, container_id=self.pdp_container, payload=self.ctx) + cpt = 0 + while cpt < self.req_max_delay*10: + time.sleep(0.1) + cpt += 1 + if CACHE.authz_requests[self.request_id]: + self.result = CACHE.authz_requests[self.request_id] + return + LOG.warning("Request {} has timed out".format(self.request_id)) + + def is_authz(self): + if not self.result: + return False + authz_results = [] + for key in self.result["pdp_set"]: + if "effect" in self.result["pdp_set"][key]: + if self.result["pdp_set"][key]["effect"] == "grant": + # the pdp is a authorization PDP and grant the request + authz_results.append(True) + elif self.result["pdp_set"][key]["effect"] == "passed": + # the pdp is not a authorization PDP (session or delegation) and had run normally + authz_results.append(True) + elif self.result["pdp_set"][key]["effect"] == "unset": + # the pdp is not a authorization PDP (session or delegation) and had not yep run + authz_results.append(True) + else: + # the pdp is (or not) a authorization PDP and had run badly + authz_results.append(False) + if list(itertools.accumulate(authz_results, lambda x, y: x & y))[-1]: + self.result["pdp_set"]["effect"] = "grant" + if self.result: + if "pdp_set" in self.result and self.result["pdp_set"]["effect"] == "grant": + return True + return False + + +class Router(object): + """ + Route requests to all components. + """ + + __version__ = "0.1.0" + cache_requests = {} + + def __init__(self, add_master_cnx): + if CONF.slave.slave_name and add_master_cnx: + result = call('security_router', method="route", + ctx={ + "name": CONF.slave.slave_name, + "description": CONF.slave.slave_name, + "call_master": True, + "method": "add_slave"}, args={}) + if "result" in result and not result["result"]: + LOG.error("An error occurred when sending slave name {} {}".format( + CONF.slave.slave_name, result + )) + self.slave_id = list(result['slaves'].keys())[0] + result = call('security_router', method="route", + ctx={ + "name": CONF.slave.slave_name, + "description": CONF.slave.slave_name, + "call_master": True, + "method": "get_slaves"}, args={}) + if "result" in result and not result["result"]: + LOG.error("An error occurred when receiving slave names {} {}".format( + CONF.slave.slave_name, result + )) + LOG.info("SLAVES: {}".format(result)) + + def delete(self): + if CONF.slave.slave_name and self.slave_id: + result = call('security_router', method="route", + ctx={ + "name": CONF.slave.slave_name, + "description": CONF.slave.slave_name, + "call_master": True, + "method": "delete_slave", + "id": self.slave_id}, args={}) + if "result" in result and not result["result"]: + LOG.error("An error occurred when sending slave name {} {}".format( + CONF.slave.slave_name, result + )) + LOG.info("SLAVE CONNECTION ENDED!") + LOG.info(result) + + @staticmethod + def check_pdp(ctx): + _ctx = copy.deepcopy(ctx) + keystone_id = _ctx.pop('id') + # LOG.info("_ctx {}".format(_ctx)) + ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) + # LOG.info("check_pdp {}".format(ext)) + if "error" in ext: + return False + keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) + if not ext['pdps'] or keystone_id not in keystone_id_list: + if CONF.slave.slave_name: + _ctx['call_master'] = True + # update from master if exist and test again + LOG.info("Need to update from master {}".format(keystone_id)) + ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) + if "error" in ext: + return False + keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) + if not ext['pdps'] or keystone_id not in keystone_id_list: + return False + else: + # Must update from Master + _ctx["keystone_id"] = keystone_id + _ctx["pdp_id"] = None + _ctx["security_pipeline"] = None + _ctx['call_master'] = False + pdp_value = {} + for pdp_id, pdp_value in ext["pdps"].items(): + if keystone_id == pdp_value["keystone_project_id"]: + _ctx["pdp_id"] = keystone_id + _ctx["security_pipeline"] = pdp_value["security_pipeline"] + break + call("moon_manager", method="update_from_master", ctx=_ctx, args=pdp_value) + CACHE.update() + return True + else: + # return False otherwise + return False + return True + + def send_update(self, api, ctx={}, args={}): + # TODO (asteroide): add threads here + if not CONF.slave.slave_name: + # Note (asteroide): + # if adding or setting an element: do nothing + # if updating or deleting an element: force deletion in the slave + if "update_" in api or "delete_" in api: + for slave_id, slave_dict in call("orchestrator", method="get_slaves", ctx={}, args={})['slaves'].items(): + LOG.info('send_update slave_id={}'.format(slave_id)) + LOG.info('send_update slave_dict={}'.format(slave_dict)) + ctx['method'] = api.replace("update", "delete") + # TODO (asteroide): force data_id to None to force the deletion in the slave + result = call("security_router_"+slave_dict['name'], method="route", ctx=ctx, args=args) + if "result" in result and not result["result"]: + LOG.error("An error occurred when sending update to {} {}".format( + "security_router_"+slave_dict['name'], result + )) + + def route(self, ctx, args): + """Route the request to the right endpoint + + :param ctx: dictionary depending of the real destination + :param args: dictionary depending of the real destination + :return: dictionary depending of the real destination + """ + if ctx["method"] == "get_status": + return Status().get_status(ctx=ctx, args=args) + if ctx["method"] == "get_logs": + return Logs().get_logs(ctx=ctx, args=args) + for component in API: + if ctx["method"] in API[component]: + if component == "orchestrator": + return call(component, method=ctx["method"], ctx=ctx, args=args) + if component == "manager": + result = call("moon_manager", method=ctx["method"], ctx=ctx, args=args) + if ctx["method"] == "get_pdp": + _ctx = copy.deepcopy(ctx) + _ctx["call_master"] = True + result2 = call("moon_manager", method=ctx["method"], ctx=_ctx, args=args) + result["pdps"].update(result2["pdps"]) + self.send_update(api=ctx["method"], ctx=ctx, args=args) + return result + if component == "function": + if ctx["method"] == "return_authz": + request_id = ctx["request_id"] + CACHE.authz_requests[request_id] = args + return args + elif self.check_pdp(ctx): + req_id = uuid4().hex + CACHE.authz_requests[req_id] = {} + ctx["request_id"] = req_id + req = AuthzRequest(ctx, args) + # result = copy.deepcopy(req.result) + if req.is_authz(): + return {"authz": True, + "pdp_id": ctx["id"], + "ctx": ctx, "args": args} + return {"authz": False, + "error": {'code': 403, 'title': 'Authz Error', + 'description': "The authz request is refused."}, + "pdp_id": ctx["id"], + "ctx": ctx, "args": args} + return {"result": False, + "error": {'code': 500, 'title': 'Moon Error', + 'description': "Function component not found."}, + "pdp_id": ctx["id"], + "ctx": ctx, "args": args} + + # TODO (asteroide): must raise an exception here ? + return {"result": False, + "error": {'code': 500, 'title': 'Moon Error', 'description': "Endpoint method not found."}, + "intra_extension_id": ctx["id"], + "ctx": ctx, "args": args} + diff --git a/moonv4/moon_router/moon_router/messenger.py b/moonv4/moon_router/moon_router/messenger.py new file mode 100644 index 00000000..46565c62 --- /dev/null +++ b/moonv4/moon_router/moon_router/messenger.py @@ -0,0 +1,61 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from oslo_config import cfg +import oslo_messaging +import time +from oslo_log import log as logging +from moon_router.api.generic import Status, Logs +from moon_router.api.route import Router +from moon_utilities.api import APIList + +LOG = logging.getLogger(__name__) + + +class Server: + + TOPIC = "security_router" + + def __init__(self, add_master_cnx=False): + if add_master_cnx and cfg.CONF.slave.master_url: + self.transport = oslo_messaging.get_transport(cfg.CONF, cfg.CONF.slave.master_url) + self.TOPIC = self.TOPIC + "_" + cfg.CONF.slave.slave_name + else: + self.transport = oslo_messaging.get_transport(cfg.CONF) + self.target = oslo_messaging.Target(topic=self.TOPIC, server='server1') + LOG.info("Starting MQ server with topic: {}".format(self.TOPIC)) + self.endpoints = [ + APIList((Status, Logs, Router)), + Status(), + Logs(), + Router(add_master_cnx) + ] + self.server = oslo_messaging.get_rpc_server(self.transport, self.target, self.endpoints, + executor='threading', + access_policy=oslo_messaging.DefaultRPCAccessPolicy) + self.__is_alive = False + + def stop(self): + self.__is_alive = False + self.endpoints[-1].delete() + + def run(self): + try: + self.__is_alive = True + self.server.start() + while True: + if self.__is_alive: + time.sleep(1) + else: + break + except KeyboardInterrupt: + print("Stopping server by crtl+c") + except SystemExit: + print("Stopping server with SystemExit") + print("Stopping server") + + self.server.stop() + self.server.wait() + diff --git a/moonv4/moon_router/moon_router/server.py b/moonv4/moon_router/moon_router/server.py new file mode 100644 index 00000000..40e2b945 --- /dev/null +++ b/moonv4/moon_router/moon_router/server.py @@ -0,0 +1,59 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import os +import threading +import signal +from oslo_config import cfg +from oslo_log import log as logging +from moon_utilities import options # noqa +from moon_router.messenger import Server + + +class AsyncServer(threading.Thread): + + def __init__(self, add_master_cnx): + threading.Thread.__init__(self) + self.server = Server(add_master_cnx=add_master_cnx) + + def run(self): + self.server.run() + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF +DOMAIN = "moon_router" + +__CWD__ = os.path.dirname(os.path.abspath(__file__)) + +background_threads = [] + + +def stop_thread(): + for _t in background_threads: + _t.stop() + + +def main(): + global background_threads + LOG.info("Starting server with IP {}".format(CONF.security_router.host)) + signal.signal(signal.SIGALRM, stop_thread) + signal.signal(signal.SIGTERM, stop_thread) + signal.signal(signal.SIGABRT, stop_thread) + background_master = None + if CONF.slave.slave_name: + background_master = AsyncServer(add_master_cnx=True) + background_threads.append(background_master) + background_slave = AsyncServer(add_master_cnx=False) + background_threads.append(background_slave) + if CONF.slave.slave_name: + background_master.start() + background_slave.start() + if CONF.slave.slave_name: + background_master.join() + background_slave.join() + + +if __name__ == '__main__': + main() diff --git a/moonv4/moon_router/moon_secrouter/__init__.py b/moonv4/moon_router/moon_secrouter/__init__.py deleted file mode 100644 index 903c6518..00000000 --- a/moonv4/moon_router/moon_secrouter/__init__.py +++ /dev/null @@ -1,6 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -__version__ = "0.1.0" diff --git a/moonv4/moon_router/moon_secrouter/__main__.py b/moonv4/moon_router/moon_secrouter/__main__.py deleted file mode 100644 index 8ec695db..00000000 --- a/moonv4/moon_router/moon_secrouter/__main__.py +++ /dev/null @@ -1,3 +0,0 @@ -from moon_secrouter.server import main - -main() diff --git a/moonv4/moon_router/moon_secrouter/api/__init__.py b/moonv4/moon_router/moon_secrouter/api/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/moonv4/moon_router/moon_secrouter/api/generic.py b/moonv4/moon_router/moon_secrouter/api/generic.py deleted file mode 100644 index d066f715..00000000 --- a/moonv4/moon_router/moon_secrouter/api/generic.py +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -from moon_utilities.security_functions import call - - -class Status(object): - """ - Retrieve the current status of all components. - """ - - __version__ = "0.1.0" - - def __get_status(self, ctx, args={}): - return {"status": "Running"} - - def get_status(self, ctx, args={}): - status = dict() - if "component_id" in ctx and ctx["component_id"] == "security_router": - return {"security_router": self.__get_status(ctx, args)} - elif "component_id" in ctx and ctx["component_id"]: - # TODO (dthom): check if component exist - status[ctx["component_id"]] = call(ctx["component_id"], ctx, "get_status", args=args) - else: - # TODO (dthom): must get the status of all containers - status["orchestrator"] = call("orchestrator", ctx, "get_status", args=args) - status["security_router"] = self.__get_status(ctx, args) - return status - - -class Logs(object): - """ - Retrieve the current status of all components. - """ - - __version__ = "0.1.0" - - def get_logs(self, ctx, args={}): - logs = dict() - logs["orchestrator"] = call("orchestrator", ctx, "get_logs", args=args) - # TODO (dthom): must get the logs of all containers - logs["security_router"] = {"error": "Not implemented", "ctx": ctx, "args": args} - return logs - - diff --git a/moonv4/moon_router/moon_secrouter/api/route.py b/moonv4/moon_router/moon_secrouter/api/route.py deleted file mode 100644 index 2a2c54bc..00000000 --- a/moonv4/moon_router/moon_secrouter/api/route.py +++ /dev/null @@ -1,467 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import copy -import time -import itertools -from uuid import uuid4 -from oslo_log import log as logging -from moon_utilities.security_functions import call, notify -from oslo_config import cfg -from moon_secrouter.api.generic import Status, Logs - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF - -API = { - "orchestrator": ( - "add_container", - "delete_container", - "add_slave", - "get_slaves", - "delete_slave" - ), - # TODO (asteroide): need to check if some of those calls need (or not) to be called "update_" - "manager": ( - "get_subject_assignments", - "set_subject_assignment", - "delete_subject_assignment", - "get_object_assignments", - "set_object_assignment", - "delete_object_assignment", - "get_action_assignments", - "set_action_assignment", - "delete_action_assignment", - "get_subject_data", - "add_subject_data", - "delete_subject_data", - "get_object_data", - "add_object_data", - "delete_object_data", - "get_action_data", - "add_action_data", - "delete_action_data", - "get_subject_categories", - "set_subject_category", - "delete_subject_category", - "get_object_categories", - "set_object_category", - "delete_object_category", - "get_action_categories", - "set_action_category", - "delete_action_category", - "add_meta_rules", - "delete_meta_rules", - "get_meta_rules", - "set_meta_rules", - "get_models", - "add_model", - "delete_model", - "update_model", - "get_pdp", - "add_pdp", - "delete_pdp", - "update_pdp", - "get_subjects", - "set_subject", - "delete_subject", - "get_objects", - "set_object", - "delete_object", - "get_actions", - "set_action", - "delete_action", - "get_policies", - "add_policy", - "delete_policy", - "update_policy", - "get_subject_assignments", - "update_subject_assignment", - "delete_subject_assignment", - "get_object_assignments", - "update_object_assignment", - "delete_object_assignment", - "get_action_assignments", - "update_action_assignment", - "delete_action_assignment", - "get_rules", - "add_rule", - "delete_rule", - "update_from_master" - ), - "function": ( - "authz", - "return_authz", - ), -} - - -class Cache(object): - - # TODO (asteroide): set cache integer in CONF file - __UPDATE_INTERVAL = 10 - - __CONTAINERS = {} - __CONTAINERS_UPDATE = 0 - - __CONTAINER_CHAINING_UPDATE = 0 - __CONTAINER_CHAINING = {} - - __PDP = {} - __PDP_UPDATE = 0 - - __POLICIES = {} - __POLICIES_UPDATE = 0 - - __MODELS = {} - __MODELS_UPDATE = 0 - - __AUTHZ_REQUESTS = {} - - def update(self, component=None): - self.__update_container() - self.__update_pdp() - self.__update_policies() - self.__update_models() - for key, value in self.__PDP.items(): - LOG.info("Updating container_chaining with {}".format(value["keystone_project_id"])) - self.__update_container_chaining(value["keystone_project_id"]) - - @property - def authz_requests(self): - return self.__AUTHZ_REQUESTS - - def __update_pdp(self): - pdp = call("moon_manager", method="get_pdp", ctx={"user_id": "admin"}, args={}) - if not pdp["pdps"]: - LOG.info("Updating PDP through master") - pdp = call("moon_manager", method="get_pdp", - ctx={ - "user_id": "admin", - 'call_master': True - }, - args={}) - for _pdp in pdp["pdps"].values(): - if _pdp['keystone_project_id'] not in self.__CONTAINER_CHAINING: - self.__CONTAINER_CHAINING[_pdp['keystone_project_id']] = {} - # Note (asteroide): force update of chaining - self.__update_container_chaining(_pdp['keystone_project_id']) - for key, value in pdp["pdps"].items(): - self.__PDP[key] = value - - @property - def pdp(self): - current_time = time.time() - if self.__PDP_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_pdp() - self.__PDP_UPDATE = current_time - return self.__PDP - - def __update_policies(self): - policies = call("moon_manager", method="get_policies", ctx={"user_id": "admin"}, args={}) - for key, value in policies["policies"].items(): - self.__POLICIES[key] = value - - @property - def policies(self): - current_time = time.time() - if self.__POLICIES_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_policies() - self.__POLICIES_UPDATE = current_time - return self.__POLICIES - - def __update_models(self): - models = call("moon_manager", method="get_models", ctx={"user_id": "admin"}, args={}) - for key, value in models["models"].items(): - self.__MODELS[key] = value - - @property - def models(self): - current_time = time.time() - if self.__MODELS_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_models() - self.__MODELS_UPDATE = current_time - return self.__MODELS - - def __update_container(self): - containers = call("orchestrator", method="get_container", ctx={}, args={}) - for key, value in containers["containers"].items(): - self.__CONTAINERS[key] = value - - @property - def container_chaining(self): - current_time = time.time() - if self.__CONTAINER_CHAINING_UPDATE + self.__UPDATE_INTERVAL < current_time: - for key, value in self.pdp.items(): - self.__update_container_chaining(value["keystone_project_id"]) - self.__CONTAINER_CHAINING_UPDATE = current_time - return self.__CONTAINER_CHAINING - - def __update_container_chaining(self, keystone_project_id): - container_ids = [] - for pdp_id, pdp_value, in CACHE.pdp.items(): - LOG.info("pdp_id, pdp_value = {}, {}".format(pdp_id, pdp_value)) - if pdp_value: - if pdp_value["keystone_project_id"] == keystone_project_id: - for policy_id in pdp_value["security_pipeline"]: - model_id = CACHE.policies[policy_id]['model_id'] - LOG.info("model_id = {}".format(model_id)) - LOG.info("CACHE = {}".format(CACHE.models[model_id])) - for meta_rule_id in CACHE.models[model_id]["meta_rules"]: - LOG.info("CACHE.containers = {}".format(CACHE.containers)) - for container_id, container_values, in CACHE.containers.items(): - LOG.info("container_id, container_values = {}".format(container_id, container_values)) - for container_value in container_values: - LOG.info("container_value[\"meta_rule_id\"] == meta_rule_id = {} {}".format(container_value["meta_rule_id"], meta_rule_id)) - if container_value["meta_rule_id"] == meta_rule_id: - container_ids.append( - { - "container_id": container_value["container_id"], - "genre": container_value["genre"] - } - ) - break - self.__CONTAINER_CHAINING[keystone_project_id] = container_ids - - @property - def containers(self): - """intra_extensions cache - example of content : - { - "pdp_uuid1": "component_uuid1", - "pdp_uuid2": "component_uuid2", - } - :return: - """ - current_time = time.time() - if self.__CONTAINERS_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_container() - self.__CONTAINERS_UPDATE = current_time - return self.__CONTAINERS - - -CACHE = Cache() - - -class AuthzRequest: - - result = None - req_max_delay = 2 - - def __init__(self, ctx, args): - self.ctx = ctx - self.args = args - self.request_id = ctx["request_id"] - if self.ctx['id'] not in CACHE.container_chaining: - LOG.warning("Unknown Project ID {}".format(self.ctx['id'])) - # TODO (asteroide): add a better exception handler - raise Exception("Unknown Project ID {}".format(self.ctx['id'])) - self.container_chaining = CACHE.container_chaining[self.ctx['id']] - ctx["container_chaining"] = copy.deepcopy(self.container_chaining) - LOG.info("self.container_chaining={}".format(self.container_chaining)) - self.pdp_container = self.container_chaining[0]["container_id"] - self.run() - - def run(self): - notify(request_id=self.request_id, container_id=self.pdp_container, payload=self.ctx) - cpt = 0 - while cpt < self.req_max_delay*10: - time.sleep(0.1) - cpt += 1 - if CACHE.authz_requests[self.request_id]: - self.result = CACHE.authz_requests[self.request_id] - return - LOG.warning("Request {} has timed out".format(self.request_id)) - - def is_authz(self): - if not self.result: - return False - authz_results = [] - for key in self.result["pdp_set"]: - if "effect" in self.result["pdp_set"][key]: - if self.result["pdp_set"][key]["effect"] == "grant": - # the pdp is a authorization PDP and grant the request - authz_results.append(True) - elif self.result["pdp_set"][key]["effect"] == "passed": - # the pdp is not a authorization PDP (session or delegation) and had run normally - authz_results.append(True) - elif self.result["pdp_set"][key]["effect"] == "unset": - # the pdp is not a authorization PDP (session or delegation) and had not yep run - authz_results.append(True) - else: - # the pdp is (or not) a authorization PDP and had run badly - authz_results.append(False) - if list(itertools.accumulate(authz_results, lambda x, y: x & y))[-1]: - self.result["pdp_set"]["effect"] = "grant" - if self.result: - if "pdp_set" in self.result and self.result["pdp_set"]["effect"] == "grant": - return True - return False - - -class Router(object): - """ - Route requests to all components. - """ - - __version__ = "0.1.0" - cache_requests = {} - - def __init__(self, add_master_cnx): - if CONF.slave.slave_name and add_master_cnx: - result = call('security_router', method="route", - ctx={ - "name": CONF.slave.slave_name, - "description": CONF.slave.slave_name, - "call_master": True, - "method": "add_slave"}, args={}) - if "result" in result and not result["result"]: - LOG.error("An error occurred when sending slave name {} {}".format( - CONF.slave.slave_name, result - )) - self.slave_id = list(result['slaves'].keys())[0] - result = call('security_router', method="route", - ctx={ - "name": CONF.slave.slave_name, - "description": CONF.slave.slave_name, - "call_master": True, - "method": "get_slaves"}, args={}) - if "result" in result and not result["result"]: - LOG.error("An error occurred when receiving slave names {} {}".format( - CONF.slave.slave_name, result - )) - LOG.info("SLAVES: {}".format(result)) - - def delete(self): - if CONF.slave.slave_name and self.slave_id: - result = call('security_router', method="route", - ctx={ - "name": CONF.slave.slave_name, - "description": CONF.slave.slave_name, - "call_master": True, - "method": "delete_slave", - "id": self.slave_id}, args={}) - if "result" in result and not result["result"]: - LOG.error("An error occurred when sending slave name {} {}".format( - CONF.slave.slave_name, result - )) - LOG.info("SLAVE CONNECTION ENDED!") - LOG.info(result) - - @staticmethod - def check_pdp(ctx): - _ctx = copy.deepcopy(ctx) - keystone_id = _ctx.pop('id') - # LOG.info("_ctx {}".format(_ctx)) - ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) - # LOG.info("check_pdp {}".format(ext)) - if "error" in ext: - return False - keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) - if not ext['pdps'] or keystone_id not in keystone_id_list: - if CONF.slave.slave_name: - _ctx['call_master'] = True - # update from master if exist and test again - LOG.info("Need to update from master {}".format(keystone_id)) - ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) - if "error" in ext: - return False - keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) - if not ext['pdps'] or keystone_id not in keystone_id_list: - return False - else: - # Must update from Master - _ctx["keystone_id"] = keystone_id - _ctx["pdp_id"] = None - _ctx["security_pipeline"] = None - _ctx['call_master'] = False - pdp_value = {} - for pdp_id, pdp_value in ext["pdps"].items(): - if keystone_id == pdp_value["keystone_project_id"]: - _ctx["pdp_id"] = keystone_id - _ctx["security_pipeline"] = pdp_value["security_pipeline"] - break - call("moon_manager", method="update_from_master", ctx=_ctx, args=pdp_value) - CACHE.update() - return True - else: - # return False otherwise - return False - return True - - def send_update(self, api, ctx={}, args={}): - # TODO (asteroide): add threads here - if not CONF.slave.slave_name: - # Note (asteroide): - # if adding or setting an element: do nothing - # if updating or deleting an element: force deletion in the slave - if "update_" in api or "delete_" in api: - for slave_id, slave_dict in call("orchestrator", method="get_slaves", ctx={}, args={})['slaves'].items(): - LOG.info('send_update slave_id={}'.format(slave_id)) - LOG.info('send_update slave_dict={}'.format(slave_dict)) - ctx['method'] = api.replace("update", "delete") - # TODO (asteroide): force data_id to None to force the deletion in the slave - result = call("security_router_"+slave_dict['name'], method="route", ctx=ctx, args=args) - if "result" in result and not result["result"]: - LOG.error("An error occurred when sending update to {} {}".format( - "security_router_"+slave_dict['name'], result - )) - - def route(self, ctx, args): - """Route the request to the right endpoint - - :param ctx: dictionary depending of the real destination - :param args: dictionary depending of the real destination - :return: dictionary depending of the real destination - """ - if ctx["method"] == "get_status": - return Status().get_status(ctx=ctx, args=args) - if ctx["method"] == "get_logs": - return Logs().get_logs(ctx=ctx, args=args) - for component in API: - if ctx["method"] in API[component]: - if component == "orchestrator": - return call(component, method=ctx["method"], ctx=ctx, args=args) - if component == "manager": - result = call("moon_manager", method=ctx["method"], ctx=ctx, args=args) - if ctx["method"] == "get_pdp": - _ctx = copy.deepcopy(ctx) - _ctx["call_master"] = True - result2 = call("moon_manager", method=ctx["method"], ctx=_ctx, args=args) - result["pdps"].update(result2["pdps"]) - self.send_update(api=ctx["method"], ctx=ctx, args=args) - return result - if component == "function": - if ctx["method"] == "return_authz": - request_id = ctx["request_id"] - CACHE.authz_requests[request_id] = args - return args - elif self.check_pdp(ctx): - req_id = uuid4().hex - CACHE.authz_requests[req_id] = {} - ctx["request_id"] = req_id - req = AuthzRequest(ctx, args) - # result = copy.deepcopy(req.result) - if req.is_authz(): - return {"authz": True, - "pdp_id": ctx["id"], - "ctx": ctx, "args": args} - return {"authz": False, - "error": {'code': 403, 'title': 'Authz Error', - 'description': "The authz request is refused."}, - "pdp_id": ctx["id"], - "ctx": ctx, "args": args} - return {"result": False, - "error": {'code': 500, 'title': 'Moon Error', - 'description': "Function component not found."}, - "pdp_id": ctx["id"], - "ctx": ctx, "args": args} - - # TODO (asteroide): must raise an exception here ? - return {"result": False, - "error": {'code': 500, 'title': 'Moon Error', 'description': "Endpoint method not found."}, - "intra_extension_id": ctx["id"], - "ctx": ctx, "args": args} - diff --git a/moonv4/moon_router/moon_secrouter/messenger.py b/moonv4/moon_router/moon_secrouter/messenger.py deleted file mode 100644 index 52e5c341..00000000 --- a/moonv4/moon_router/moon_secrouter/messenger.py +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from oslo_config import cfg -import oslo_messaging -import time -from oslo_log import log as logging -from moon_secrouter.api.generic import Status, Logs -from moon_secrouter.api.route import Router -from moon_utilities.api import APIList - -LOG = logging.getLogger(__name__) - - -class Server: - - TOPIC = "security_router" - - def __init__(self, add_master_cnx=False): - if add_master_cnx and cfg.CONF.slave.master_url: - self.transport = oslo_messaging.get_transport(cfg.CONF, cfg.CONF.slave.master_url) - self.TOPIC = self.TOPIC + "_" + cfg.CONF.slave.slave_name - else: - self.transport = oslo_messaging.get_transport(cfg.CONF) - self.target = oslo_messaging.Target(topic=self.TOPIC, server='server1') - LOG.info("Starting MQ server with topic: {}".format(self.TOPIC)) - self.endpoints = [ - APIList((Status, Logs, Router)), - Status(), - Logs(), - Router(add_master_cnx) - ] - self.server = oslo_messaging.get_rpc_server(self.transport, self.target, self.endpoints, - executor='threading', - access_policy=oslo_messaging.DefaultRPCAccessPolicy) - self.__is_alive = False - - def stop(self): - self.__is_alive = False - self.endpoints[-1].delete() - - def run(self): - try: - self.__is_alive = True - self.server.start() - while True: - if self.__is_alive: - time.sleep(1) - else: - break - except KeyboardInterrupt: - print("Stopping server by crtl+c") - except SystemExit: - print("Stopping server with SystemExit") - print("Stopping server") - - self.server.stop() - self.server.wait() - diff --git a/moonv4/moon_router/moon_secrouter/server.py b/moonv4/moon_router/moon_secrouter/server.py deleted file mode 100644 index 16f6ea9c..00000000 --- a/moonv4/moon_router/moon_secrouter/server.py +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import threading -import signal -from oslo_config import cfg -from oslo_log import log as logging -from moon_utilities import options # noqa -from moon_secrouter.messenger import Server - - -class AsyncServer(threading.Thread): - - def __init__(self, add_master_cnx): - threading.Thread.__init__(self) - self.server = Server(add_master_cnx=add_master_cnx) - - def run(self): - self.server.run() - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_secrouter" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) - -background_threads = [] - - -def stop_thread(): - for _t in background_threads: - _t.stop() - - -def main(): - global background_threads - LOG.info("Starting server with IP {}".format(CONF.security_router.host)) - signal.signal(signal.SIGALRM, stop_thread) - signal.signal(signal.SIGTERM, stop_thread) - signal.signal(signal.SIGABRT, stop_thread) - background_master = None - if CONF.slave.slave_name: - background_master = AsyncServer(add_master_cnx=True) - background_threads.append(background_master) - background_slave = AsyncServer(add_master_cnx=False) - background_threads.append(background_slave) - if CONF.slave.slave_name: - background_master.start() - background_slave.start() - if CONF.slave.slave_name: - background_master.join() - background_slave.join() - - -if __name__ == '__main__': - main() diff --git a/moonv4/moon_router/setup.py b/moonv4/moon_router/setup.py index 0c3b61ba..aabe8349 100644 --- a/moonv4/moon_router/setup.py +++ b/moonv4/moon_router/setup.py @@ -4,14 +4,14 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. from setuptools import setup, find_packages -import moon_secrouter +import moon_router setup( - name='moon_secrouter', + name='moon_router', - version=moon_secrouter.__version__, + version=moon_router.__version__, packages=find_packages(), @@ -21,7 +21,7 @@ setup( description="", - long_description=open('README.rst').read(), + long_description=open('README.md').read(), # install_requires= , @@ -40,8 +40,7 @@ setup( entry_points={ 'console_scripts': [ - 'moon_secrouter = moon_secrouter.server:main', + 'moon_router = moon_router.server:main', ], } - ) diff --git a/moonv4/templates/moon_keystone/README.md b/moonv4/templates/moon_keystone/README.md index cf77a74a..7027324e 100644 --- a/moonv4/templates/moon_keystone/README.md +++ b/moonv4/templates/moon_keystone/README.md @@ -13,45 +13,6 @@ docker build --build-arg https_proxy=http://proxy:3128 --build-arg http_proxy=ht ``` -## Setup an execution environment - -### clean up if necessary -```bash -docker container rm -f $(docker ps -a | grep moon | cut -d " " -f 1) 2>/dev/null -docker container rm -f messenger db keystone 2>/dev/null -``` - -### create a network -```bash -docker network create -d bridge --subnet=172.18.0.0/16 --gateway=172.18.0.1 moon -``` - -### Start RabbitMQ -TODO: use our own container -```bash -docker container run -dti --net=moon --hostname messenger --name messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=p4sswOrd1 -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -e RABBITMQ_HIPE_COMPILE=1 -p 5671:5671 -p 5672:5672 -p 8080:15672 rabbitmq:3-management -``` - - -### Start MySQL server -TODO: user our own containter -```bash -docker container run -dti --net=moon --hostname db --name db -e MYSQL_ROOT_PASSWORD=p4sswOrd1 -e MYSQL_DATABASE=moon -e MYSQL_USER=moon -e MYSQL_PASSWORD=p4sswOrd1 -p 3306:3306 mysql:latest -``` - -## launch a Keystone container -TODO: user our own containter -```bash -docker container run -dti --net moon --hostname keystone --name keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 keystone:mitaka -``` - -## check -### log -```bash -docker logs keystone -f -``` - - ### access to the container ```bash docker container exec -ti keystone /bin/bash -- cgit 1.2.3-korg