Revision bd16bf3e
| b/Changelog | ||
|---|---|---|
| 173 | 173 |
'service-export-cyclades'. |
| 174 | 174 |
* Obsolete PUBLIC_USE_POOL setting, since Cyclades manages IP pool for all |
| 175 | 175 |
type of networks. |
| 176 |
* Encrypt / decrypt the instance id / hostname in the stats URL in |
|
| 177 |
snf-cyclades-app and snf-stats-app, using the 'CYCLADES_STATS_SECRET_KEY' |
|
| 178 |
and 'STATS_SECRET_KEY' respectively. |
|
| 179 |
* Add support for snf-vncauthproxy-1.5 and the setting |
|
| 180 |
'CYCLADES_VNCAUTHPROXY_OPTS', which configures the extra options / arguments |
|
| 181 |
needed by the newer version of snf-vncauthproxy. Support for older versions |
|
| 182 |
of snf-vncauthproxy has been dropped. See also the upgrade notes for Synnefo |
|
| 183 |
and snf-vncauthproxy-1.5. |
|
| 176 | 184 |
|
| 177 | 185 |
Pithos |
| 178 | 186 |
------ |
| ... | ... | |
| 342 | 350 |
of the pool of Pithos backends that are used by plankton. |
| 343 | 351 |
|
| 344 | 352 |
|
| 353 |
|
|
| 345 | 354 |
.. _Changelog-0.14: |
| 346 | 355 |
|
| 347 | 356 |
v0.14 |
| b/docs/upgrade/upgrade-0.15.rst | ||
|---|---|---|
| 161 | 161 |
file in the same way as above. |
| 162 | 162 |
|
| 163 | 163 |
|
| 164 |
v0.15 has also introduced the ``CYCLADES_STATS_SECRET_KEY`` and |
|
| 165 |
``STATS_SECRET_KEY`` settings. ``CYCLADES_STATS_SECRET_KEY`` in |
|
| 166 |
``20-snf-cyclades-app-api.conf`` is used by Cyclades to encrypt the instance id |
|
| 167 |
/ hostname in the URLs serving the VM stats. You should set it to a random |
|
| 168 |
value / string and make sure that it's the same as the ``STATS_SECRET_KEY`` |
|
| 169 |
setting (used to decrypt the instance hostname) in |
|
| 170 |
``20-snf-stats-settings.conf`` on your Stats host. |
|
| 171 |
|
|
| 164 | 172 |
3. Create floating IP pools |
| 165 | 173 |
=========================== |
| 166 | 174 |
|
| b/snf-cyclades-app/conf/20-snf-cyclades-app-api.conf | ||
|---|---|---|
| 85 | 85 |
#BACKEND_PER_USER = {}
|
| 86 | 86 |
# |
| 87 | 87 |
# |
| 88 |
## Encryption key for the instance hostname in the stat graphs URLs. Set it to |
|
| 89 |
## a random string and update the STATS_SECRET_KEY setting in the snf-stats-app |
|
| 90 |
## host (20-snf-stats-app-settings.conf) accordingly. |
|
| 91 |
#CYCLADES_STATS_SECRET_KEY = "secret key" |
|
| 92 |
# |
|
| 88 | 93 |
## URL templates for the stat graphs. |
| 89 | 94 |
## The API implementation replaces '%s' with the encrypted backend id. |
| 90 |
## FIXME: For now we do not encrypt the backend id. |
|
| 91 |
#CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png' |
|
| 92 |
#CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png' |
|
| 93 |
#NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png' |
|
| 94 |
#NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png' |
|
| 95 |
#CPU_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-bar/%s' |
|
| 96 |
#CPU_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-ts/%s' |
|
| 97 |
#NET_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/net-bar/stats/v1.0/%s' |
|
| 98 |
#NET_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/net-ts/%s' |
|
| 95 | 99 |
# |
| 96 | 100 |
## Recommended refresh period for server stats |
| 97 | 101 |
#STATS_REFRESH_PERIOD = 60 |
| b/snf-cyclades-app/synnefo/api/servers.py | ||
|---|---|---|
| 687 | 687 |
|
| 688 | 688 |
log.debug('server_stats %s', server_id)
|
| 689 | 689 |
vm = util.get_vm(server_id, request.user_uniq) |
| 690 |
#secret = util.encrypt(vm.backend_vm_id) |
|
| 691 |
secret = vm.backend_vm_id # XXX disable backend id encryption |
|
| 690 |
secret = util.stats_encrypt(vm.backend_vm_id) |
|
| 692 | 691 |
|
| 693 | 692 |
stats = {
|
| 694 | 693 |
'serverRef': vm.id, |
| b/snf-cyclades-app/synnefo/api/util.py | ||
|---|---|---|
| 31 | 31 |
# interpreted as representing official policies, either expressed |
| 32 | 32 |
# or implied, of GRNET S.A. |
| 33 | 33 |
|
| 34 |
from base64 import b64encode, b64decode |
|
| 34 |
from base64 import urlsafe_b64encode, b64decode |
|
| 35 |
from urllib import quote |
|
| 35 | 36 |
from hashlib import sha256 |
| 36 | 37 |
from logging import getLogger |
| 37 | 38 |
from random import choice |
| ... | ... | |
| 118 | 119 |
return s + '\x00' * npad |
| 119 | 120 |
|
| 120 | 121 |
|
| 121 |
def encrypt(plaintext): |
|
| 122 |
def stats_encrypt(plaintext):
|
|
| 122 | 123 |
# Make sure key is 32 bytes long |
| 123 |
key = sha256(settings.SECRET_KEY).digest() |
|
| 124 |
key = sha256(settings.CYCLADES_STATS_SECRET_KEY).digest()
|
|
| 124 | 125 |
|
| 125 | 126 |
aes = AES.new(key) |
| 126 | 127 |
enc = aes.encrypt(zeropad(plaintext)) |
| 127 |
return b64encode(enc)
|
|
| 128 |
return quote(urlsafe_b64encode(enc))
|
|
| 128 | 129 |
|
| 129 | 130 |
|
| 130 | 131 |
def get_vm(server_id, user_id, for_update=False, non_deleted=False, |
| b/snf-cyclades-app/synnefo/app_settings/default/api.py | ||
|---|---|---|
| 84 | 84 |
BACKEND_PER_USER = {}
|
| 85 | 85 |
|
| 86 | 86 |
|
| 87 |
# Encryption key for the instance hostname in the stat graphs URLs. Set it to |
|
| 88 |
# a random string and update the STATS_SECRET_KEY setting in the snf-stats-app |
|
| 89 |
# host (20-snf-stats-app-settings.conf) accordingly. |
|
| 90 |
CYCLADES_STATS_SECRET_KEY = "secret_key" |
|
| 91 |
|
|
| 87 | 92 |
# URL templates for the stat graphs. |
| 88 | 93 |
# The API implementation replaces '%s' with the encrypted backend id. |
| 89 |
# FIXME: For now we do not encrypt the backend id. |
|
| 90 |
CPU_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-bar.png' |
|
| 91 |
CPU_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/cpu-ts.png' |
|
| 92 |
NET_BAR_GRAPH_URL = 'http://stats.synnefo.org/%s/net-bar.png' |
|
| 93 |
NET_TIMESERIES_GRAPH_URL = 'http://stats.synnefo.org/%s/net-ts.png' |
|
| 94 |
CPU_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-bar/%s' |
|
| 95 |
CPU_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/cpu-ts/%s' |
|
| 96 |
NET_BAR_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/net-bar/%s' |
|
| 97 |
NET_TIMESERIES_GRAPH_URL = 'http://stats.example.synnefo.org/stats/v1.0/net-ts/%s' |
|
| 94 | 98 |
|
| 95 | 99 |
# Recommended refresh period for server stats |
| 96 | 100 |
STATS_REFRESH_PERIOD = 60 |
| b/snf-stats-app/conf/20-snf-stats-app-settings.conf | ||
|---|---|---|
| 2 | 2 |
## |
| 3 | 3 |
## Top-level URL for deployment. |
| 4 | 4 |
#STATS_BASE_URL = "https://host:port/stats" |
| 5 |
# |
|
| 5 |
|
|
| 6 |
## This key is used to decrypt the instance id / hostname in tha stats graph |
|
| 7 |
## URL. It should be set to the same value that is used by Cyclades to encrypt |
|
| 8 |
## the hostname (CYCLADES_STATS_SECRET_KEY). |
|
| 9 |
#STATS_SECRET_KEY = "secret key" |
|
| 10 |
|
|
| 6 | 11 |
## Image properties |
| 7 | 12 |
#IMAGE_WIDTH = 210 |
| 8 | 13 |
#WIDTH = 68 |
| b/snf-stats-app/setup.py | ||
|---|---|---|
| 59 | 59 |
'py-rrdtool', |
| 60 | 60 |
'Django>=1.4, <1.5', |
| 61 | 61 |
'snf-django-lib', |
| 62 |
'pycrypto>=2.1.0', |
|
| 62 | 63 |
] |
| 63 | 64 |
|
| 64 | 65 |
setup( |
| b/snf-stats-app/synnefo_stats/grapher.py | ||
|---|---|---|
| 43 | 43 |
|
| 44 | 44 |
import rrdtool |
| 45 | 45 |
|
| 46 |
from Crypto.Cipher import AES |
|
| 47 |
from base64 import urlsafe_b64decode |
|
| 48 |
from hashlib import sha256 |
|
| 49 |
|
|
| 46 | 50 |
from synnefo_stats import settings |
| 47 | 51 |
|
| 48 | 52 |
from synnefo.util.text import uenc |
| ... | ... | |
| 196 | 200 |
outfname += "-net.png" |
| 197 | 201 |
|
| 198 | 202 |
rrdtool.graph(outfname, "-s", "-1d", "-e", "-20s", |
| 199 |
#"-t", "Network traffic", |
|
| 200 | 203 |
"--units", "si", |
| 201 | 204 |
"-v", "Bits/s", |
| 202 |
#"--lazy", |
|
| 203 | 205 |
"COMMENT:\t\t\tAverage network traffic\\n", |
| 204 | 206 |
"DEF:rx=%s:rx:AVERAGE" % fname, |
| 205 | 207 |
"DEF:tx=%s:tx:AVERAGE" % fname, |
| ... | ... | |
| 218 | 220 |
outfname += "-net-weekly.png" |
| 219 | 221 |
|
| 220 | 222 |
rrdtool.graph(outfname, "-s", "-1w", "-e", "-20s", |
| 221 |
#"-t", "Network traffic", |
|
| 222 | 223 |
"--units", "si", |
| 223 | 224 |
"-v", "Bits/s", |
| 224 |
#"--lazy", |
|
| 225 | 225 |
"COMMENT:\t\t\tAverage network traffic\\n", |
| 226 | 226 |
"DEF:rx=%s:rx:AVERAGE" % fname, |
| 227 | 227 |
"DEF:tx=%s:tx:AVERAGE" % fname, |
| ... | ... | |
| 235 | 235 |
return read_file(outfname) |
| 236 | 236 |
|
| 237 | 237 |
|
| 238 |
def decrypt(secret): |
|
| 239 |
# Make sure key is 32 bytes long |
|
| 240 |
key = sha256(settings.STATS_SECRET_KEY).digest() |
|
| 241 |
|
|
| 242 |
aes = AES.new(key) |
|
| 243 |
return aes.decrypt(urlsafe_b64decode(secret)).rstrip('\x00')
|
|
| 244 |
|
|
| 245 |
|
|
| 238 | 246 |
available_graph_types = {
|
| 239 | 247 |
'cpu-bar': draw_cpu_bar, |
| 240 | 248 |
'net-bar': draw_net_bar, |
| ... | ... | |
| 248 | 256 |
@api_method(http_method='GET', token_required=False, user_required=False, |
| 249 | 257 |
format_allowed=False, logger=log) |
| 250 | 258 |
def grapher(request, graph_type, hostname): |
| 259 |
hostname = decrypt(uenc(hostname)) |
|
| 251 | 260 |
fname = uenc(os.path.join(settings.RRD_PREFIX, hostname)) |
| 252 | 261 |
if not os.path.isdir(fname): |
| 253 | 262 |
raise faults.ItemNotFound('No such instance')
|
| b/snf-stats-app/synnefo_stats/settings.py | ||
|---|---|---|
| 1 | 1 |
## -*- coding: utf-8 -*- |
| 2 | 2 |
from django.conf import settings |
| 3 | 3 |
|
| 4 |
STATS_SECRET_KEY = getattr(settings, 'STATS_SECRET_KEY', "secret key") |
|
| 5 |
|
|
| 4 | 6 |
# Image properties |
| 5 | 7 |
IMAGE_WIDTH = getattr(settings, 'IMAGE_WIDTH', 210) |
| 6 | 8 |
WIDTH = getattr(settings, 'WIDTH', 68) |
Also available in: Unified diff