[RFC V2 0/3] Implement integrity verification: verify template integrity
From: ShaoHe Feng <shaohef@linux.vnet.ibm.com> Implement integrity verification: verify template integrity, update API.md Sometimes, user create a template, but networks, cdrom, disks or storagepool will change later. So users can not create a vm from this template successfully. It is necessary to check some paramenters of template. ShaoHe Feng (3): Implement integrity verification: verify template integrity, update API.md Implement integrity verification: verify template integrity in backend add a new method to get iso info for VMTemplate class docs/API.md | 4 ++++ src/kimchi/control/templates.py | 1 + src/kimchi/mockmodel.py | 2 +- src/kimchi/model/templates.py | 32 +++++++++++++++++++++++++++++++- src/kimchi/vmtemplate.py | 22 +++++++++++----------- 5 files changed, 48 insertions(+), 13 deletions(-) -- 1.8.4.2
From: ShaoHe Feng <shaohef@linux.vnet.ibm.com> Sometimes, user create a template, but networks, cdrom, disks or storagepool will change later. So users can not create a vm from this template successfully. It is necessary to check some paramenters of template. This patch will check the follow paramenters of template. networks: check networks exists. cdrom: check cdrom is available. disks: check the volume is available. This patch does not check the storagepool exists. waiting for royce's disks patch. Signed-off-by: ShaoHe Feng <shaohef@linux.vnet.ibm.com> --- docs/API.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/API.md b/docs/API.md index fff740d..7940cf2 100644 --- a/docs/API.md +++ b/docs/API.md @@ -249,6 +249,10 @@ A interface represents available network interface on VM. Independent Computing Environments * null: Graphics is disabled or type not supported * listen: The network which the vnc/spice server listens on. + * invalid: A dict indicates which paramenters of this template are invalid. + * networks *(optional)*: A list of invalid network names. + * cdrom *(optional)*: A list of invalid cdrom names. + * disks *(optional)*: A list of invalid volume names. * **DELETE**: Remove the Template * **POST**: *See Template Actions* -- 1.8.4.2
In my opinion, the 'invalid' is a return value with failure reason when the user tries to create a VM from an existing template. Why should it be a parameter of POST method to '/vms'? Do you expect it is be used to as a return value of GET method of '/vms'? 2014/2/19 18:06, shaohef@linux.vnet.ibm.com:
From: ShaoHe Feng <shaohef@linux.vnet.ibm.com>
Sometimes, user create a template, but networks, cdrom, disks or storagepool will change later. So users can not create a vm from this template successfully. It is necessary to check some paramenters of template.
This patch will check the follow paramenters of template. networks: check networks exists. cdrom: check cdrom is available. disks: check the volume is available.
This patch does not check the storagepool exists. waiting for royce's disks patch.
Signed-off-by: ShaoHe Feng <shaohef@linux.vnet.ibm.com> --- docs/API.md | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/docs/API.md b/docs/API.md index fff740d..7940cf2 100644 --- a/docs/API.md +++ b/docs/API.md @@ -249,6 +249,10 @@ A interface represents available network interface on VM. Independent Computing Environments * null: Graphics is disabled or type not supported * listen: The network which the vnc/spice server listens on. + * invalid: A dict indicates which paramenters of this template are invalid. + * networks *(optional)*: A list of invalid network names. + * cdrom *(optional)*: A list of invalid cdrom names. + * disks *(optional)*: A list of invalid volume names.
* **DELETE**: Remove the Template * **POST**: *See Template Actions*
From: ShaoHe Feng <shaohef@linux.vnet.ibm.com> update controller, mockmodel and model Signed-off-by: ShaoHe Feng <shaohef@linux.vnet.ibm.com> --- src/kimchi/control/templates.py | 1 + src/kimchi/mockmodel.py | 2 +- src/kimchi/model/templates.py | 32 +++++++++++++++++++++++++++++++- 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/src/kimchi/control/templates.py b/src/kimchi/control/templates.py index 8135e32..3f1dc7a 100644 --- a/src/kimchi/control/templates.py +++ b/src/kimchi/control/templates.py @@ -46,6 +46,7 @@ class Template(Resource): def data(self): return {'name': self.ident, 'icon': self.info['icon'], + 'invalid': self.info['invalid'], 'os_distro': self.info['os_distro'], 'os_version': self.info['os_version'], 'cpus': self.info['cpus'], diff --git a/src/kimchi/mockmodel.py b/src/kimchi/mockmodel.py index a0e5120..68525cb 100644 --- a/src/kimchi/mockmodel.py +++ b/src/kimchi/mockmodel.py @@ -207,7 +207,7 @@ class MockModel(object): def template_lookup(self, name): t = self._get_template(name) - return t.info + return t.invalid_integrity() def template_delete(self, name): try: diff --git a/src/kimchi/model/templates.py b/src/kimchi/model/templates.py index 5d09813..8089beb 100644 --- a/src/kimchi/model/templates.py +++ b/src/kimchi/model/templates.py @@ -21,6 +21,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA import copy +import os import libvirt @@ -83,7 +84,7 @@ class TemplateModel(object): def lookup(self, name): t = self.get_template(name, self.objstore, self.conn) - return t.info + return t.invalid_integrity() def clone(self, name): # set default name @@ -171,6 +172,35 @@ class LibvirtVMTemplate(VMTemplate): if not network.isActive(): raise InvalidParameter("KCHTMPL0007E", {'network': name, 'template': self.name}) + def invalid_integrity(self): + invalid = {} + # invalid networks integrity + conn = self.conn.get() + networks = [net.name() for net in conn.listAllNetworks()] + invalid_networks = list(set(self.info['networks']) - set(networks)) + if invalid_networks: + invalid['networks'] = invalid_networks + + # invalid iso integrity + # FIXME when we support multiples cdrom devices + iso = self.info['cdrom'] + try: + self.get_iso_info(iso) + except Exception: + invalid['cdrom'] = iso + + # invalid disks integrity + volumes = [] + for disk in self.info['disks']: + volume = disk.get("volume") + if volume is not None and os.path.exists(volume): + volumes.append(volume) + if volumes: + invalid['disks'] = volumes + + self.info['invalid'] = invalid + + return self.info def _get_storage_path(self): pool = self._storage_validate() -- 1.8.4.2
From: ShaoHe Feng <shaohef@linux.vnet.ibm.com> move the related code about get iso info to a new function. Then template integrity can make use of it. Signed-off-by: ShaoHe Feng <shaohef@linux.vnet.ibm.com> --- src/kimchi/vmtemplate.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/kimchi/vmtemplate.py b/src/kimchi/vmtemplate.py index 5767a13..a11ddd0 100644 --- a/src/kimchi/vmtemplate.py +++ b/src/kimchi/vmtemplate.py @@ -56,20 +56,10 @@ class VMTemplate(object): iso = args.get('cdrom', '') if scan and len(iso) > 0: - - iso_prefixes = ['/', 'http', 'https', 'ftp', 'ftps', 'tftp'] - if len(filter(iso.startswith, iso_prefixes)) == 0: - raise InvalidParameter("KCHTMPL0006E", {'param': iso}) - + iso_distro, iso_version = self.get_iso_info(iso) if not iso.startswith('/'): self.info.update({'iso_stream': True}) - try: - iso_img = IsoImage(iso) - iso_distro, iso_version = iso_img.probe() - except IsoFormatError: - raise InvalidParameter("KCHISO0001E", {'filename': iso}) - # Fetch defaults based on the os distro and version os_distro = args.get('os_distro', iso_distro) os_version = args.get('os_version', iso_version) @@ -84,6 +74,16 @@ class VMTemplate(object): args['graphics'] = graphics self.info.update(args) + def get_iso_info(self, iso): + iso_prefixes = ['/', 'http', 'https', 'ftp', 'ftps', 'tftp'] + if len(filter(iso.startswith, iso_prefixes)) == 0: + raise InvalidParameter("KCHTMPL0006E", {'param': iso}) + try: + iso_img = IsoImage(iso) + return iso_img.probe() + except IsoFormatError: + raise InvalidParameter("KCHISO0001E", {'filename': iso}) + def _get_cdrom_xml(self, libvirt_stream, qemu_stream_dns): bus = self.info['cdrom_bus'] dev = "%s%s" % (self._bus_to_dev[bus], -- 1.8.4.2
participants (2)
-
shaohef@linux.vnet.ibm.com -
Shu Ming