kotovalexarian-likes-github/fog--fog
1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00
Code Releases Activity
fog--fog/lib/fog/vsphere/compute.rb

185 lines
7 KiB
Ruby
Raw Normal View History

(#9241) Add SSL verification Without this patch we were blindly trusting the remote end of our API connection is who they claim to be. This is an insecure state because we leave ourselves open to a man in the middle attack. This patch adds a vsphere_expected_pubkey_hash setting for the Vsphere provider. This setting is expected to be the SHA256 hex digest string of the PEM encoded text of the RSA public key. The first time an end user connects this string is displayed to them in the error message. They need simply copy and paste it into ~/.fog to securely connect to the remote end. For example: :vspherebadpw: :vsphere_server: vc01.acme.lan :vsphere_username: api_login :vsphere_password: badpassword :vsphere_expected_pubkey_hash: 431dd...
2011-08-30 15:25:28 -04:00
require 'digest/sha2'
(#9241) Add skeleton VMware vSphere platform support This patch adds a compute service to fog setting the stage to model VMware virtual machines using Fog. The patch adds support for: rdebug -- fog vsphere >>> connection = Fog::Compute.new(:provider => :vsphere) The connection to the VMware API is implemented along with authentication using an username and password. The connection is not fully secured with this patch because no validation of the SSL certificate is implemented. Raw API requests are working with this patch, but none of the API requests have associated Fog models or collections.
2011-08-29 23:04:04 -04:00
module Fog
module Compute
class Vsphere < Fog::Service
requires :vsphere_username, :vsphere_password, :vsphere_server
recognizes :vsphere_port, :vsphere_path, :vsphere_ns
(#9241) Add SSL verification Without this patch we were blindly trusting the remote end of our API connection is who they claim to be. This is an insecure state because we leave ourselves open to a man in the middle attack. This patch adds a vsphere_expected_pubkey_hash setting for the Vsphere provider. This setting is expected to be the SHA256 hex digest string of the PEM encoded text of the RSA public key. The first time an end user connects this string is displayed to them in the error message. They need simply copy and paste it into ~/.fog to securely connect to the remote end. For example: :vspherebadpw: :vsphere_server: vc01.acme.lan :vsphere_username: api_login :vsphere_password: badpassword :vsphere_expected_pubkey_hash: 431dd...
2011-08-30 15:25:28 -04:00
recognizes :vsphere_rev, :vsphere_ssl, :vsphere_expected_pubkey_hash
(#9241) Add skeleton VMware vSphere platform support This patch adds a compute service to fog setting the stage to model VMware virtual machines using Fog. The patch adds support for: rdebug -- fog vsphere >>> connection = Fog::Compute.new(:provider => :vsphere) The connection to the VMware API is implemented along with authentication using an username and password. The connection is not fully secured with this patch because no validation of the SSL certificate is implemented. Raw API requests are working with this patch, but none of the API requests have associated Fog models or collections.
2011-08-29 23:04:04 -04:00
(#9241) Add model for Fog::Compute[:vsphere].servers This patch adds a request list_virtual_machines which is responsible for making an API connection and returning a raw "response" object from the API. Model instances of a Server (compute resource) are returned as a collection through the "all" method. The Fog framework calls all on the instance of the collection.
2011-09-01 18:10:57 -04:00
model_path 'fog/vsphere/models/compute'
model :server
collection :servers
(#9241) Add current_time request Without this patch, no actual API calls are being made through the Fog layer to the underlying rbvmobi later and ultimately to the vSphere target API. This patch adds a simple current_time request which is similar to a "ping" The layers and API are exercised fully using this simple API call to retrieve the current time on the remote system. This provides: >> Fog::Compute[:vsphere].current_time Tue Aug 30 20:46:27 UTC 2011 >> Fog::Compute[:vsphere].requests [:current_time]
2011-08-30 16:44:31 -04:00
request_path 'fog/vsphere/requests/compute'
request :current_time
Refactor requests to return simple hashes and add unit tests This massive commit refactors all of the request methods on the Fog::Compute[:vsphere] instance to return simple hashes. The behavior before this commit returned full vmware object references which was a problem because it was difficult to unit test. With this patch, it is much easier to add and maintain Mock implementations of the request methods. This makes adding behavior tests for the server model much easier. In addition, test coverage using Shindo has been added. Previously there was little test coverage of the behavior. To run the tests: shindont tests/vsphere/
2011-09-10 16:27:52 -04:00
request :find_vm_by_ref
(#9241) Add model for Fog::Compute[:vsphere].servers This patch adds a request list_virtual_machines which is responsible for making an API connection and returning a raw "response" object from the API. Model instances of a Server (compute resource) are returned as a collection through the "all" method. The Fog framework calls all on the instance of the collection.
2011-09-01 18:10:57 -04:00
request :list_virtual_machines
(#9421) Add start, stop, reboot server model methods This patch implements the start, stop and reboot methods for the Server model instances. These server model methods share common names with the AWS server model. This patch also implements the API requests required to control the power state of a VMware Virtual Machine. The requests default to issuing shutdown and reboot commands to the guest operating system itself. However, if force is set to true for power_off and reboot, then the VM is powered off or reset at the virtual hardware layer.
2011-09-02 14:04:24 -04:00
request :vm_power_off
request :vm_power_on
request :vm_reboot
(#9241) Add vm_clone API request Without this patch we have no way to clone a new VM from a template. This patch adds the vm_clone request which takes an instance uuid as the source template to clone from an a name parameter which is the new VM's name. The clone operation is handled asynchronously as a vSphere task object. The clone request does not return a handle for this task, which may make it difficult to monitor the progress of the clone operation from Fog. A future enhancement may be to clone and return the task object itself to monitor progress.
2011-09-06 19:46:42 -04:00
request :vm_clone
This patch allows the ability to create 'blank' vms in vsphere
2012-01-11 21:35:55 -05:00
request :vm_create
(#9241) Add destroy API request and model action Without this patch we have no way to completely destroy a server instance. This patch adds a vm_destroy API request and implements the destroy method on the server model. The vSphere API requires the server to be in a poweredOff state. The model action and the request do not verify this is the case before issuing the command.
2011-09-06 19:41:37 -04:00
request :vm_destroy
add host based vmotion
2012-02-24 23:47:41 -05:00
request :vm_migrate
[vsphere] (#10644) Add servers filter to improve clone performance The behavior without this patch is that the performance of the vm_clone operation in unacceptably slow for VMware vCenter deployments with multiple hundreds of virtual machines. Performance is unacceptable because the vm_clone operation makes multiple API calls to list _all_ of the VM's in the inventory. This patch eliminates the need to list all VM's by adding path and folder filters to limit our API calls to subtrees of the VMware inventory. = API Changes = * New datacenters request that caches the Datacenter objects for the life of the process. * New clone() method on the server model that returns a server model of the new VM even if it is not yet done cloning. * Ability to limit collections to inventory paths by passing the * 'folder' filter to the servers collection. For example: `conn = Fog::Compute[:vsphere]; conn.servers('path' => '/Datacenters/DC1/vm/Templates')` this filter will greatly reduce the number of SOAP API calls by limiting the server models in the collection to only those in the Templates inventory folder. Note, this is not recursive yet. = Tests = Tests have been updated. The vm_clone request no longer takes an instance_uuid because we cannot actually use this to search the inventory efficiently. Instead, the vm_clone request now requires a path attribute to allow Fog to search only a subset of the inventory.
2011-11-10 19:01:22 -05:00
request :datacenters
add vm reconfiguration functions for memory cpu / generic spec
2012-01-31 14:43:45 -05:00
request :vm_reconfig_hardware
request :vm_reconfig_memory
request :vm_reconfig_cpus
[vsphere] adds support to get and set vnc console
2012-03-28 06:34:36 -04:00
request :vm_config_vnc
Refactor requests to return simple hashes and add unit tests This massive commit refactors all of the request methods on the Fog::Compute[:vsphere] instance to return simple hashes. The behavior before this commit returned full vmware object references which was a problem because it was difficult to unit test. With this patch, it is much easier to add and maintain Mock implementations of the request methods. This makes adding behavior tests for the server model much easier. In addition, test coverage using Shindo has been added. Previously there was little test coverage of the behavior. To run the tests: shindont tests/vsphere/
2011-09-10 16:27:52 -04:00
module Shared
attr_reader :vsphere_is_vcenter
attr_reader :vsphere_rev
Add vsphere_server connection attribute Without this patch it was difficult to figure out from the outside what vSphere server Fog connected to. The application using Fog should be able to easily print out the connection information without breaking the encapsulation Fog provides. This patch makes the connected vSphere server hostname and API username an attribute of the connection instance. The tests have been updated to validate these attribute accessor methods.
2011-09-12 18:50:49 -04:00
attr_reader :vsphere_server
attr_reader :vsphere_username
Refactor requests to return simple hashes and add unit tests This massive commit refactors all of the request methods on the Fog::Compute[:vsphere] instance to return simple hashes. The behavior before this commit returned full vmware object references which was a problem because it was difficult to unit test. With this patch, it is much easier to add and maintain Mock implementations of the request methods. This makes adding behavior tests for the server model much easier. In addition, test coverage using Shindo has been added. Previously there was little test coverage of the behavior. To run the tests: shindont tests/vsphere/
2011-09-10 16:27:52 -04:00
Optimize vSphere convert_vm_mob_ref_to_attr_hash This patch reduces the number of round trips to the vSphere API by using the `collect!` method on the ManagedObject, vm_mob_ref, which retrieves most of the properties in one request. For the remaining properties: hypervisor and mac_addresses, we still need to make additional requests. Overall this patch provides a nice speed improvement for the `convert_vm_mob_ref_to_attr_hash` method.
2011-10-18 00:46:30 -04:00
ATTR_TO_PROP = {
:id => 'config.instanceUuid',
:name => 'name',
:uuid => 'config.uuid',
:instance_uuid => 'config.instanceUuid',
:hostname => 'summary.guest.hostName',
:operatingsystem => 'summary.guest.guestFullName',
:ipaddress => 'guest.ipAddress',
:power_state => 'runtime.powerState',
:connection_state => 'runtime.connectionState',
(#10570) Use nil in-place of missing attributes Without this patch, `Fog::Compute::Vsphere#convert_vm_mob_ref_to_attr_hash` method produces unhandled exceptions during VMware cloning and listing operations. The root cause of these exceptions are based on the fact that some VMware virtual machine attributes: hypervisor name, and macaddress, are not available until the cloning process has finished. These exceptions can be triggered when external events take place within the VMware infrastructure such as end-users cloning machines via some other VMware management tool. This patch solves the problem by catching any exceptions that occur during attribute lookups for both the hypervisor name and the virtual machine macaddress, and setting them to nil. This patch also removes the host attribute from the hash generated by the `Fog::Compute::Vsphere#convert_vm_mob_ref_to_attr_hash` method. The hypervisor attribute is added instead, which is an alias to host. This patch changes the behaviour of the `Fog::Compute::Vsphere#convert_vm_mob_ref_to_attr_hash` method by catching exceptions for missing attributes, and setting them to nil.
2011-11-07 07:08:54 -05:00
:hypervisor => 'runtime.host',
Optimize vSphere convert_vm_mob_ref_to_attr_hash This patch reduces the number of round trips to the vSphere API by using the `collect!` method on the ManagedObject, vm_mob_ref, which retrieves most of the properties in one request. For the remaining properties: hypervisor and mac_addresses, we still need to make additional requests. Overall this patch provides a nice speed improvement for the `convert_vm_mob_ref_to_attr_hash` method.
2011-10-18 00:46:30 -04:00
:tools_state => 'guest.toolsStatus',
:tools_version => 'guest.toolsVersionStatus',
:is_a_template => 'config.template',
[vsphere] adds memory and cpu server attributes
2012-03-28 04:20:27 -04:00
:memory_mb => 'config.hardware.memoryMB',
:cpus => 'config.hardware.numCPU',
Optimize vSphere convert_vm_mob_ref_to_attr_hash This patch reduces the number of round trips to the vSphere API by using the `collect!` method on the ManagedObject, vm_mob_ref, which retrieves most of the properties in one request. For the remaining properties: hypervisor and mac_addresses, we still need to make additional requests. Overall this patch provides a nice speed improvement for the `convert_vm_mob_ref_to_attr_hash` method.
2011-10-18 00:46:30 -04:00
}
Refactor requests to return simple hashes and add unit tests This massive commit refactors all of the request methods on the Fog::Compute[:vsphere] instance to return simple hashes. The behavior before this commit returned full vmware object references which was a problem because it was difficult to unit test. With this patch, it is much easier to add and maintain Mock implementations of the request methods. This makes adding behavior tests for the server model much easier. In addition, test coverage using Shindo has been added. Previously there was little test coverage of the behavior. To run the tests: shindont tests/vsphere/
2011-09-10 16:27:52 -04:00
# Utility method to convert a VMware managed object into an attribute hash.
# This should only really be necessary for the real class.
# This method is expected to be called by the request methods
# in order to massage VMware Managed Object References into Attribute Hashes.
def convert_vm_mob_ref_to_attr_hash(vm_mob_ref)
return nil unless vm_mob_ref
Optimize vSphere convert_vm_mob_ref_to_attr_hash This patch reduces the number of round trips to the vSphere API by using the `collect!` method on the ManagedObject, vm_mob_ref, which retrieves most of the properties in one request. For the remaining properties: hypervisor and mac_addresses, we still need to make additional requests. Overall this patch provides a nice speed improvement for the `convert_vm_mob_ref_to_attr_hash` method.
2011-10-18 00:46:30 -04:00
props = vm_mob_ref.collect! *ATTR_TO_PROP.values.uniq
(#10570) Use nil in-place of missing attributes Without this patch, `Fog::Compute::Vsphere#convert_vm_mob_ref_to_attr_hash` method produces unhandled exceptions during VMware cloning and listing operations. The root cause of these exceptions are based on the fact that some VMware virtual machine attributes: hypervisor name, and macaddress, are not available until the cloning process has finished. These exceptions can be triggered when external events take place within the VMware infrastructure such as end-users cloning machines via some other VMware management tool. This patch solves the problem by catching any exceptions that occur during attribute lookups for both the hypervisor name and the virtual machine macaddress, and setting them to nil. This patch also removes the host attribute from the hash generated by the `Fog::Compute::Vsphere#convert_vm_mob_ref_to_attr_hash` method. The hypervisor attribute is added instead, which is an alias to host. This patch changes the behaviour of the `Fog::Compute::Vsphere#convert_vm_mob_ref_to_attr_hash` method by catching exceptions for missing attributes, and setting them to nil.
2011-11-07 07:08:54 -05:00
# NOTE: Object.tap is in 1.8.7 and later.
# Here we create the hash object that this method returns, but first we need
# to add a few more attributes that require additional calls to the vSphere
# API. The hypervisor name and mac_addresses attributes may not be available
# so we need catch any exceptions thrown during lookup and set them to nil.
#
[vsphere] adds memory and cpu server attributes
2012-03-28 04:20:27 -04:00
# The use of the "tap" method here is a convenience, it allows us to update the
# hash object without explicitly returning the hash at the end of the method.
Optimize vSphere convert_vm_mob_ref_to_attr_hash This patch reduces the number of round trips to the vSphere API by using the `collect!` method on the ManagedObject, vm_mob_ref, which retrieves most of the properties in one request. For the remaining properties: hypervisor and mac_addresses, we still need to make additional requests. Overall this patch provides a nice speed improvement for the `convert_vm_mob_ref_to_attr_hash` method.
2011-10-18 00:46:30 -04:00
Hash[ATTR_TO_PROP.map { |k,v| [k.to_s, props[v]] }].tap do |attrs|
attrs['id'] ||= vm_mob_ref._ref
attrs['mo_ref'] = vm_mob_ref._ref
(#10570) Use nil in-place of missing attributes Without this patch, `Fog::Compute::Vsphere#convert_vm_mob_ref_to_attr_hash` method produces unhandled exceptions during VMware cloning and listing operations. The root cause of these exceptions are based on the fact that some VMware virtual machine attributes: hypervisor name, and macaddress, are not available until the cloning process has finished. These exceptions can be triggered when external events take place within the VMware infrastructure such as end-users cloning machines via some other VMware management tool. This patch solves the problem by catching any exceptions that occur during attribute lookups for both the hypervisor name and the virtual machine macaddress, and setting them to nil. This patch also removes the host attribute from the hash generated by the `Fog::Compute::Vsphere#convert_vm_mob_ref_to_attr_hash` method. The hypervisor attribute is added instead, which is an alias to host. This patch changes the behaviour of the `Fog::Compute::Vsphere#convert_vm_mob_ref_to_attr_hash` method by catching exceptions for missing attributes, and setting them to nil.
2011-11-07 07:08:54 -05:00
# The name method "magically" appears after a VM is ready and
# finished cloning.
if attrs['hypervisor'].kind_of?(RbVmomi::VIM::HostSystem) then
# If it's not ready, set the hypervisor to nil
attrs['hypervisor'] = attrs['hypervisor'].name rescue nil
end
# This inline rescue catches any standard error. While a VM is
# cloning, a call to the macs method will throw and NoMethodError
attrs['mac_addresses'] = vm_mob_ref.macs rescue nil
Adding a path attribute to the vm_mob_ref hash This patch adds a new `path` attribute to the vm_mob_ref hash returned by the `convert_vm_mob_ref_to_attr_hash` method. In order to support the new `path` attribute, this patch also adds a new `get_folder_path` method to the `list_virtual_machines` vsphere module.
2011-10-28 10:10:37 -04:00
attrs['path'] = get_folder_path(vm_mob_ref.parent)
Refactor requests to return simple hashes and add unit tests This massive commit refactors all of the request methods on the Fog::Compute[:vsphere] instance to return simple hashes. The behavior before this commit returned full vmware object references which was a problem because it was difficult to unit test. With this patch, it is much easier to add and maintain Mock implementations of the request methods. This makes adding behavior tests for the server model much easier. In addition, test coverage using Shindo has been added. Previously there was little test coverage of the behavior. To run the tests: shindont tests/vsphere/
2011-09-10 16:27:52 -04:00
end
end
end
(#9241) Add current_time request Without this patch, no actual API calls are being made through the Fog layer to the underlying rbvmobi later and ultimately to the vSphere target API. This patch adds a simple current_time request which is similar to a "ping" The layers and API are exercised fully using this simple API call to retrieve the current time on the remote system. This provides: >> Fog::Compute[:vsphere].current_time Tue Aug 30 20:46:27 UTC 2011 >> Fog::Compute[:vsphere].requests [:current_time]
2011-08-30 16:44:31 -04:00
(#9241) Add skeleton VMware vSphere platform support This patch adds a compute service to fog setting the stage to model VMware virtual machines using Fog. The patch adds support for: rdebug -- fog vsphere >>> connection = Fog::Compute.new(:provider => :vsphere) The connection to the VMware API is implemented along with authentication using an username and password. The connection is not fully secured with this patch because no validation of the SSL certificate is implemented. Raw API requests are working with this patch, but none of the API requests have associated Fog models or collections.
2011-08-29 23:04:04 -04:00
class Mock
Refactor requests to return simple hashes and add unit tests This massive commit refactors all of the request methods on the Fog::Compute[:vsphere] instance to return simple hashes. The behavior before this commit returned full vmware object references which was a problem because it was difficult to unit test. With this patch, it is much easier to add and maintain Mock implementations of the request methods. This makes adding behavior tests for the server model much easier. In addition, test coverage using Shindo has been added. Previously there was little test coverage of the behavior. To run the tests: shindont tests/vsphere/
2011-09-10 16:27:52 -04:00
include Shared
(#9241) Add skeleton VMware vSphere platform support This patch adds a compute service to fog setting the stage to model VMware virtual machines using Fog. The patch adds support for: rdebug -- fog vsphere >>> connection = Fog::Compute.new(:provider => :vsphere) The connection to the VMware API is implemented along with authentication using an username and password. The connection is not fully secured with this patch because no validation of the SSL certificate is implemented. Raw API requests are working with this patch, but none of the API requests have associated Fog models or collections.
2011-08-29 23:04:04 -04:00
def initialize(options={})
(#10570) Update `Fog::Compute::Vsphere` tests Update `Fog::Compute::Vsphere` tests to reflect the way the `Fog::Compute::Vsphere#convert_vm_mob_ref_to_attr_hash` method currently converts a `RbVmomi::VIM::ManagedObject` object to a hash. Without this patch, tests related to converting an instance of `RbVmomi::VIM::ManagedObject` to a hash will raise an exception: NoMethodError: undefined method `collect!' for Hash; causing the test to fail. This patch solves the problem by mocking `RbVmomi::VIM::ManagedObject` with a new `MockManagedObject` class, which provides a `collect!` method, and the `_ref` and `parent` attributes. This patch renames fake_vm to fake_vm_mob_ref in order to provide a more descriptive name for what's actually being tested. The `Fog::Compute::Vshpere::Mock` class has been updated to require the rbvmomi library, which prevents an `NameError` exception from being raised due to the `Fog::Compute::Vsphere::Shared::RbVmomi` constant not being initialized. The `Fog::Compute::Vshpere::Mock` class has been updated with a `get_folder_path` method, which prevents a `NoMethodError` exception from being raised due to the `get_folder_path` method being undefined.
2011-11-08 00:47:27 -05:00
require 'rbvmomi'
(#9241) Add test skeleton framework Without this patch the change set currently has no framework for testing the Vsphere provider. This patch doesn't actually test anything, but does add the skeleton code to being testing mocked versions of other code. Particularly, we're going to take the approach of completely mocking the @connection instance variable of the Compute instance. This will allow us to set expectations and return things from the underlying vmware API library.
2011-08-30 17:55:21 -04:00
@vsphere_username = options[:vsphere_username]
Refactor requests to return simple hashes and add unit tests This massive commit refactors all of the request methods on the Fog::Compute[:vsphere] instance to return simple hashes. The behavior before this commit returned full vmware object references which was a problem because it was difficult to unit test. With this patch, it is much easier to add and maintain Mock implementations of the request methods. This makes adding behavior tests for the server model much easier. In addition, test coverage using Shindo has been added. Previously there was little test coverage of the behavior. To run the tests: shindont tests/vsphere/
2011-09-10 16:27:52 -04:00
@vsphere_password = 'REDACTED'
(#9241) Add test skeleton framework Without this patch the change set currently has no framework for testing the Vsphere provider. This patch doesn't actually test anything, but does add the skeleton code to being testing mocked versions of other code. Particularly, we're going to take the approach of completely mocking the @connection instance variable of the Compute instance. This will allow us to set expectations and return things from the underlying vmware API library.
2011-08-30 17:55:21 -04:00
@vsphere_server = options[:vsphere_server]
@vsphere_expected_pubkey_hash = options[:vsphere_expected_pubkey_hash]
Refactor requests to return simple hashes and add unit tests This massive commit refactors all of the request methods on the Fog::Compute[:vsphere] instance to return simple hashes. The behavior before this commit returned full vmware object references which was a problem because it was difficult to unit test. With this patch, it is much easier to add and maintain Mock implementations of the request methods. This makes adding behavior tests for the server model much easier. In addition, test coverage using Shindo has been added. Previously there was little test coverage of the behavior. To run the tests: shindont tests/vsphere/
2011-09-10 16:27:52 -04:00
@vsphere_is_vcenter = true
@vsphere_rev = '4.0'
(#9241) Add skeleton VMware vSphere platform support This patch adds a compute service to fog setting the stage to model VMware virtual machines using Fog. The patch adds support for: rdebug -- fog vsphere >>> connection = Fog::Compute.new(:provider => :vsphere) The connection to the VMware API is implemented along with authentication using an username and password. The connection is not fully secured with this patch because no validation of the SSL certificate is implemented. Raw API requests are working with this patch, but none of the API requests have associated Fog models or collections.
2011-08-29 23:04:04 -04:00
end
end
class Real
Refactor requests to return simple hashes and add unit tests This massive commit refactors all of the request methods on the Fog::Compute[:vsphere] instance to return simple hashes. The behavior before this commit returned full vmware object references which was a problem because it was difficult to unit test. With this patch, it is much easier to add and maintain Mock implementations of the request methods. This makes adding behavior tests for the server model much easier. In addition, test coverage using Shindo has been added. Previously there was little test coverage of the behavior. To run the tests: shindont tests/vsphere/
2011-09-10 16:27:52 -04:00
include Shared
(#9241) Add SSL verification Without this patch we were blindly trusting the remote end of our API connection is who they claim to be. This is an insecure state because we leave ourselves open to a man in the middle attack. This patch adds a vsphere_expected_pubkey_hash setting for the Vsphere provider. This setting is expected to be the SHA256 hex digest string of the PEM encoded text of the RSA public key. The first time an end user connects this string is displayed to them in the error message. They need simply copy and paste it into ~/.fog to securely connect to the remote end. For example: :vspherebadpw: :vsphere_server: vc01.acme.lan :vsphere_username: api_login :vsphere_password: badpassword :vsphere_expected_pubkey_hash: 431dd...
2011-08-30 15:25:28 -04:00
(#9241) Add skeleton VMware vSphere platform support This patch adds a compute service to fog setting the stage to model VMware virtual machines using Fog. The patch adds support for: rdebug -- fog vsphere >>> connection = Fog::Compute.new(:provider => :vsphere) The connection to the VMware API is implemented along with authentication using an username and password. The connection is not fully secured with this patch because no validation of the SSL certificate is implemented. Raw API requests are working with this patch, but none of the API requests have associated Fog models or collections.
2011-08-29 23:04:04 -04:00
def initialize(options={})
require 'rbvmomi'
@vsphere_username = options[:vsphere_username]
@vsphere_password = options[:vsphere_password]
@vsphere_server = options[:vsphere_server]
@vsphere_port = options[:vsphere_port] || 443
@vsphere_path = options[:vsphere_path] || '/sdk'
@vsphere_ns = options[:vsphere_ns] || 'urn:vim25'
@vsphere_rev = options[:vsphere_rev] || '4.0'
@vsphere_ssl = options[:vsphere_ssl] || true
(#9241) Add SSL verification Without this patch we were blindly trusting the remote end of our API connection is who they claim to be. This is an insecure state because we leave ourselves open to a man in the middle attack. This patch adds a vsphere_expected_pubkey_hash setting for the Vsphere provider. This setting is expected to be the SHA256 hex digest string of the PEM encoded text of the RSA public key. The first time an end user connects this string is displayed to them in the error message. They need simply copy and paste it into ~/.fog to securely connect to the remote end. For example: :vspherebadpw: :vsphere_server: vc01.acme.lan :vsphere_username: api_login :vsphere_password: badpassword :vsphere_expected_pubkey_hash: 431dd...
2011-08-30 15:25:28 -04:00
@vsphere_expected_pubkey_hash = options[:vsphere_expected_pubkey_hash]
(#9241) Add skeleton VMware vSphere platform support This patch adds a compute service to fog setting the stage to model VMware virtual machines using Fog. The patch adds support for: rdebug -- fog vsphere >>> connection = Fog::Compute.new(:provider => :vsphere) The connection to the VMware API is implemented along with authentication using an username and password. The connection is not fully secured with this patch because no validation of the SSL certificate is implemented. Raw API requests are working with this patch, but none of the API requests have associated Fog models or collections.
2011-08-29 23:04:04 -04:00
@vsphere_must_reauthenticate = false
(#9241) Add SSL verification Without this patch we were blindly trusting the remote end of our API connection is who they claim to be. This is an insecure state because we leave ourselves open to a man in the middle attack. This patch adds a vsphere_expected_pubkey_hash setting for the Vsphere provider. This setting is expected to be the SHA256 hex digest string of the PEM encoded text of the RSA public key. The first time an end user connects this string is displayed to them in the error message. They need simply copy and paste it into ~/.fog to securely connect to the remote end. For example: :vspherebadpw: :vsphere_server: vc01.acme.lan :vsphere_username: api_login :vsphere_password: badpassword :vsphere_expected_pubkey_hash: 431dd...
2011-08-30 15:25:28 -04:00
@connection = nil
# This is a state variable to allow digest validation of the SSL cert
bad_cert = false
loop do
begin
@connection = RbVmomi::VIM.new :host => @vsphere_server,
:port => @vsphere_port,
:path => @vsphere_path,
:ns => @vsphere_ns,
:rev => @vsphere_rev,
:ssl => @vsphere_ssl,
:insecure => bad_cert
break
rescue OpenSSL::SSL::SSLError
raise if bad_cert
bad_cert = true
end
end
if bad_cert then
validate_ssl_connection
end
(#9241) Add skeleton VMware vSphere platform support This patch adds a compute service to fog setting the stage to model VMware virtual machines using Fog. The patch adds support for: rdebug -- fog vsphere >>> connection = Fog::Compute.new(:provider => :vsphere) The connection to the VMware API is implemented along with authentication using an username and password. The connection is not fully secured with this patch because no validation of the SSL certificate is implemented. Raw API requests are working with this patch, but none of the API requests have associated Fog models or collections.
2011-08-29 23:04:04 -04:00
# Negotiate the API revision
if not options[:vsphere_rev]
rev = @connection.serviceContent.about.apiVersion
@connection.rev = [ rev, ENV['FOG_VSPHERE_REV'] || '4.1' ].min
end
@vsphere_is_vcenter = @connection.serviceContent.about.apiType == "VirtualCenter"
Add vsphere_server connection attribute Without this patch it was difficult to figure out from the outside what vSphere server Fog connected to. The application using Fog should be able to easily print out the connection information without breaking the encapsulation Fog provides. This patch makes the connected vSphere server hostname and API username an attribute of the connection instance. The tests have been updated to validate these attribute accessor methods.
2011-09-12 18:50:49 -04:00
@vsphere_rev = @connection.rev
(#9241) Add skeleton VMware vSphere platform support This patch adds a compute service to fog setting the stage to model VMware virtual machines using Fog. The patch adds support for: rdebug -- fog vsphere >>> connection = Fog::Compute.new(:provider => :vsphere) The connection to the VMware API is implemented along with authentication using an username and password. The connection is not fully secured with this patch because no validation of the SSL certificate is implemented. Raw API requests are working with this patch, but none of the API requests have associated Fog models or collections.
2011-08-29 23:04:04 -04:00
authenticate
end
private
def authenticate
begin
@connection.serviceContent.sessionManager.Login :userName => @vsphere_username,
:password => @vsphere_password
rescue RbVmomi::VIM::InvalidLogin => e
raise Fog::Vsphere::Errors::ServiceError, e.message
end
end
(#9241) Add SSL verification Without this patch we were blindly trusting the remote end of our API connection is who they claim to be. This is an insecure state because we leave ourselves open to a man in the middle attack. This patch adds a vsphere_expected_pubkey_hash setting for the Vsphere provider. This setting is expected to be the SHA256 hex digest string of the PEM encoded text of the RSA public key. The first time an end user connects this string is displayed to them in the error message. They need simply copy and paste it into ~/.fog to securely connect to the remote end. For example: :vspherebadpw: :vsphere_server: vc01.acme.lan :vsphere_username: api_login :vsphere_password: badpassword :vsphere_expected_pubkey_hash: 431dd...
2011-08-30 15:25:28 -04:00
# Verify a SSL certificate based on the hashed public key
def validate_ssl_connection
pubkey = @connection.http.peer_cert.public_key
pubkey_hash = Digest::SHA2.hexdigest(pubkey.to_s)
expected_pubkey_hash = @vsphere_expected_pubkey_hash
if pubkey_hash != expected_pubkey_hash then
raise Fog::Vsphere::Errors::SecurityError, "The remote system presented a public key with hash #{pubkey_hash} but we're expecting a hash of #{expected_pubkey_hash || '<unset>'}. If you are sure the remote system is authentic set vsphere_expected_pubkey_hash: <the hash printed in this message> in ~/.fog"
end
end
(#9241) Add skeleton VMware vSphere platform support This patch adds a compute service to fog setting the stage to model VMware virtual machines using Fog. The patch adds support for: rdebug -- fog vsphere >>> connection = Fog::Compute.new(:provider => :vsphere) The connection to the VMware API is implemented along with authentication using an username and password. The connection is not fully secured with this patch because no validation of the SSL certificate is implemented. Raw API requests are working with this patch, but none of the API requests have associated Fog models or collections.
2011-08-29 23:04:04 -04:00
end
end
end
end
Copy permalink