Revision bd16bf3e
b/Changelog | ||
---|---|---|
173 | 173 |
'service-export-cyclades'. |
174 | 174 |
* Obsolete PUBLIC_USE_POOL setting, since Cyclades manages IP pool for all |
175 | 175 |
type of networks. |
176 |
* Encrypt / decrypt the instance id / hostname in the stats URL in |
|
177 |
snf-cyclades-app and snf-stats-app, using the 'CYCLADES_STATS_SECRET_KEY' |
|
178 |
and 'STATS_SECRET_KEY' respectively. |
|
179 |
* Add support for snf-vncauthproxy-1.5 and the setting |
|
180 |
'CYCLADES_VNCAUTHPROXY_OPTS', which configures the extra options / arguments |
|
181 |
needed by the newer version of snf-vncauthproxy. Support for older versions |
|
182 |
of snf-vncauthproxy has been dropped. See also the upgrade notes for Synnefo |
|
183 |
and snf-vncauthproxy-1.5. |
|
176 | 184 |
|
177 | 185 |
Pithos |
178 | 186 |
------ |
... | ... | |
342 | 350 |
of the pool of Pithos backends that are used by plankton. |
343 | 351 |
|
344 | 352 |
|
353 |
|
|
345 | 354 |
.. _Changelog-0.14: |
346 | 355 |
|
347 | 356 |
v0.14 |
b/docs/upgrade/upgrade-0.15.rst | ||
---|---|---|
161 | 161 |
file in the same way as above. |
162 | 162 |
|
163 | 163 |
|
164 |
v0.15 has also introduced the ``CYCLADES_STATS_SECRET_KEY`` and |
|
165 |
``STATS_SECRET_KEY`` settings. ``CYCLADES_STATS_SECRET_KEY`` in |
|
166 |
``20-snf-cyclades-app-api.conf`` is used by Cyclades to encrypt the instance id |
|
167 |
/ hostname in the URLs serving the VM stats. You should set it to a random |
|
168 |
value / string and make sure that it's the same as the ``STATS_SECRET_KEY`` |
|
169 |
setting (used to decrypt the instance hostname) in |
|
170 |
``20-snf-stats-settings.conf`` on your Stats host. |
|
171 |
|
|
164 | 172 |
3. Create floating IP pools |
165 | 173 |
=========================== |
166 | 174 |
|
b/snf-cyclades-app/conf/20-snf-cyclades-app-api.conf | ||
---|---|---|
85 | 85 |
#BACKEND_PER_USER = {} |
86 | 86 |
# |
87 | 87 |
# |
88 |
## Encryption key for the instance hostname in the stat graphs URLs. Set it to |
|
89 |
## a random string and update the STATS_SECRET_KEY setting in the snf-stats-app |
|
90 |
## host (20-snf-stats-app-settings.conf) accordingly. |
|
91 |
#CYCLADES_STATS_SECRET_KEY = "secret key" |
|
92 |
# |
|
88 | 93 |
## URL templates for the stat graphs. |
89 | 94 |
## The API implementation replaces '%s' with the encrypted backend id. |
90 |
## FIXME: For now we do not encrypt the backend id. |
|
91 |
#CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png' |
|
92 |
#CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png' |
|
93 |
#NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png' |
|
94 |
#NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png' |
|
95 |
#CPU_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-bar/%s' |
|
96 |
#CPU_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-ts/%s' |
|
97 |
#NET_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/net-bar/stats/v1.0/%s' |
|
98 |
#NET_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/net-ts/%s' |
|
95 | 99 |
# |
96 | 100 |
## Recommended refresh period for server stats |
97 | 101 |
#STATS_REFRESH_PERIOD = 60 |
b/snf-cyclades-app/synnefo/api/servers.py | ||
---|---|---|
687 | 687 |
|
688 | 688 |
log.debug('server_stats %s', server_id) |
689 | 689 |
vm = util.get_vm(server_id, request.user_uniq) |
690 |
#secret = util.encrypt(vm.backend_vm_id) |
|
691 |
secret = vm.backend_vm_id # XXX disable backend id encryption |
|
690 |
secret = util.stats_encrypt(vm.backend_vm_id) |
|
692 | 691 |
|
693 | 692 |
stats = { |
694 | 693 |
'serverRef': vm.id, |
b/snf-cyclades-app/synnefo/api/util.py | ||
---|---|---|
31 | 31 |
# interpreted as representing official policies, either expressed |
32 | 32 |
# or implied, of GRNET S.A. |
33 | 33 |
|
34 |
from base64 import b64encode, b64decode |
|
34 |
from base64 import urlsafe_b64encode, b64decode |
|
35 |
from urllib import quote |
|
35 | 36 |
from hashlib import sha256 |
36 | 37 |
from logging import getLogger |
37 | 38 |
from random import choice |
... | ... | |
118 | 119 |
return s + '\x00' * npad |
119 | 120 |
|
120 | 121 |
|
121 |
def encrypt(plaintext): |
|
122 |
def stats_encrypt(plaintext):
|
|
122 | 123 |
# Make sure key is 32 bytes long |
123 |
key = sha256(settings.SECRET_KEY).digest() |
|
124 |
key = sha256(settings.CYCLADES_STATS_SECRET_KEY).digest()
|
|
124 | 125 |
|
125 | 126 |
aes = AES.new(key) |
126 | 127 |
enc = aes.encrypt(zeropad(plaintext)) |
127 |
return b64encode(enc)
|
|
128 |
return quote(urlsafe_b64encode(enc))
|
|
128 | 129 |
|
129 | 130 |
|
130 | 131 |
def get_vm(server_id, user_id, for_update=False, non_deleted=False, |
b/snf-cyclades-app/synnefo/app_settings/default/api.py | ||
---|---|---|
84 | 84 |
BACKEND_PER_USER = {} |
85 | 85 |
|
86 | 86 |
|
87 |
# Encryption key for the instance hostname in the stat graphs URLs. Set it to |
|
88 |
# a random string and update the STATS_SECRET_KEY setting in the snf-stats-app |
|
89 |
# host (20-snf-stats-app-settings.conf) accordingly. |
|
90 |
CYCLADES_STATS_SECRET_KEY = "secret_key" |
|
91 |
|
|
87 | 92 |
# URL templates for the stat graphs. |
88 | 93 |
# The API implementation replaces '%s' with the encrypted backend id. |
89 |
# FIXME: For now we do not encrypt the backend id. |
|
90 |
CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png' |
|
91 |
CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png' |
|
92 |
NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png' |
|
93 |
NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png' |
|
94 |
CPU_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-bar/%s' |
|
95 |
CPU_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-ts/%s' |
|
96 |
NET_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/net-bar/%s' |
|
97 |
NET_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/net-ts/%s' |
|
94 | 98 |
|
95 | 99 |
# Recommended refresh period for server stats |
96 | 100 |
STATS_REFRESH_PERIOD = 60 |
b/snf-stats-app/conf/20-snf-stats-app-settings.conf | ||
---|---|---|
2 | 2 |
## |
3 | 3 |
## Top-level URL for deployment. |
4 | 4 |
#STATS_BASE_URL = "https://host:port/stats" |
5 |
# |
|
5 |
|
|
6 |
## This key is used to decrypt the instance id / hostname in tha stats graph |
|
7 |
## URL. It should be set to the same value that is used by Cyclades to encrypt |
|
8 |
## the hostname (CYCLADES_STATS_SECRET_KEY). |
|
9 |
#STATS_SECRET_KEY = "secret key" |
|
10 |
|
|
6 | 11 |
## Image properties |
7 | 12 |
#IMAGE_WIDTH = 210 |
8 | 13 |
#WIDTH = 68 |
b/snf-stats-app/setup.py | ||
---|---|---|
59 | 59 |
'py-rrdtool', |
60 | 60 |
'Django>=1.4, <1.5', |
61 | 61 |
'snf-django-lib', |
62 |
'pycrypto>=2.1.0', |
|
62 | 63 |
] |
63 | 64 |
|
64 | 65 |
setup( |
b/snf-stats-app/synnefo_stats/grapher.py | ||
---|---|---|
43 | 43 |
|
44 | 44 |
import rrdtool |
45 | 45 |
|
46 |
from Crypto.Cipher import AES |
|
47 |
from base64 import urlsafe_b64decode |
|
48 |
from hashlib import sha256 |
|
49 |
|
|
46 | 50 |
from synnefo_stats import settings |
47 | 51 |
|
48 | 52 |
from synnefo.util.text import uenc |
... | ... | |
196 | 200 |
outfname += "-net.png" |
197 | 201 |
|
198 | 202 |
rrdtool.graph(outfname, "-s", "-1d", "-e", "-20s", |
199 |
#"-t", "Network traffic", |
|
200 | 203 |
"--units", "si", |
201 | 204 |
"-v", "Bits/s", |
202 |
#"--lazy", |
|
203 | 205 |
"COMMENT:\t\t\tAverage network traffic\\n", |
204 | 206 |
"DEF:rx=%s:rx:AVERAGE" % fname, |
205 | 207 |
"DEF:tx=%s:tx:AVERAGE" % fname, |
... | ... | |
218 | 220 |
outfname += "-net-weekly.png" |
219 | 221 |
|
220 | 222 |
rrdtool.graph(outfname, "-s", "-1w", "-e", "-20s", |
221 |
#"-t", "Network traffic", |
|
222 | 223 |
"--units", "si", |
223 | 224 |
"-v", "Bits/s", |
224 |
#"--lazy", |
|
225 | 225 |
"COMMENT:\t\t\tAverage network traffic\\n", |
226 | 226 |
"DEF:rx=%s:rx:AVERAGE" % fname, |
227 | 227 |
"DEF:tx=%s:tx:AVERAGE" % fname, |
... | ... | |
235 | 235 |
return read_file(outfname) |
236 | 236 |
|
237 | 237 |
|
238 |
def decrypt(secret): |
|
239 |
# Make sure key is 32 bytes long |
|
240 |
key = sha256(settings.STATS_SECRET_KEY).digest() |
|
241 |
|
|
242 |
aes = AES.new(key) |
|
243 |
return aes.decrypt(urlsafe_b64decode(secret)).rstrip('\x00') |
|
244 |
|
|
245 |
|
|
238 | 246 |
available_graph_types = { |
239 | 247 |
'cpu-bar': draw_cpu_bar, |
240 | 248 |
'net-bar': draw_net_bar, |
... | ... | |
248 | 256 |
@api_method(http_method='GET', token_required=False, user_required=False, |
249 | 257 |
format_allowed=False, logger=log) |
250 | 258 |
def grapher(request, graph_type, hostname): |
259 |
hostname = decrypt(uenc(hostname)) |
|
251 | 260 |
fname = uenc(os.path.join(settings.RRD_PREFIX, hostname)) |
252 | 261 |
if not os.path.isdir(fname): |
253 | 262 |
raise faults.ItemNotFound('No such instance') |
b/snf-stats-app/synnefo_stats/settings.py | ||
---|---|---|
1 | 1 |
## -*- coding: utf-8 -*- |
2 | 2 |
from django.conf import settings |
3 | 3 |
|
4 |
STATS_SECRET_KEY = getattr(settings, 'STATS_SECRET_KEY', "secret key") |
|
5 |
|
|
4 | 6 |
# Image properties |
5 | 7 |
IMAGE_WIDTH = getattr(settings, 'IMAGE_WIDTH', 210) |
6 | 8 |
WIDTH = getattr(settings, 'WIDTH', 68) |
Also available in: Unified diff