function storage_auth_function($cmd, $appliance_id)
{
global $event;
global $OPENQRM_SERVER_BASE_DIR;
global $OPENQRM_SERVER_IP_ADDRESS;
global $OPENQRM_EXEC_PORT;
global $IMAGE_AUTHENTICATION_TABLE;
global $openqrm_server;
global $RootDir;
$appliance = new appliance();
$appliance->get_instance_by_id($appliance_id);
$image = new image();
$image->get_instance_by_id($appliance->imageid);
$image_name = $image->name;
$image_rootdevice = $image->rootdevice;
$storage = new storage();
$storage->get_instance_by_id($image->storageid);
$storage_resource = new resource();
$storage_resource->get_instance_by_id($storage->resource_id);
$storage_ip = $storage_resource->ip;
$deployment = new deployment();
$deployment->get_instance_by_type($image->type);
$deployment_type = $deployment->type;
$deployment_plugin_name = $deployment->storagetype;
$resource = new resource();
$resource->get_instance_by_id($appliance->resources);
$resource_mac = $resource->mac;
$resource_ip = $resource->ip;
// this is a hook for the cloud-plugin to be able
// to translate the internal to the external ip address
// for the nfs-mount authentication
/* if (file_exists("$RootDir/plugins/cloud/.running")) {
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-lvm-nfs-deployment-auth-hook.php", "Found Cloud enabled and running. Checking for CloudNAT", "", "", 0, 0, $appliance_id);
// special clouduser class
require_once "$RootDir/plugins/cloud/class/cloudconfig.class.php";
require_once "$RootDir/plugins/cloud/class/cloudnat.class.php";
// check if we have to cloudnat the ip address
$cn_conf = new cloudconfig();
$cn_nat_enabled = $cn_conf->get_value(18); // 18 is cloud_nat
if (!strcmp($cn_nat_enabled, "true")) {
$cn = new cloudnat();
$internal_resource_ip=$resource_ip;
$resource_ip = $cn->translate($resource_ip);
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-lvm-nfs-deployment-auth-hook.php", "Found CloudNAT enabled, translated $internal_resource_ip to $resource_ip", "", "", 0, 0, $appliance_id);
} else {
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-lvm-nfs-deployment-auth-hook.php", "Cloudnat is disabled, keeping $resource_ip", "", "", 0, 0, $appliance_id);
}
} else {
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-lvm-nfs-deployment-auth-hook.php", "Cloud is not enabled/running. Not checking for CloudNAT", "", "", 0, 0, $appliance_id);
}
*/
switch ($cmd) {
case "start":
// authenticate the rootfs / needs openqrm user + pass
$openqrm_admin_user = new user("openqrm");
$openqrm_admin_user->set_user();
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-lvm-nfs-deployment-auth-hook.php", "Authenticating {$image_name} / {$image_rootdevice} to resource {$resource_ip}", "", "", 0, 0, $appliance_id);
$auth_start_cmd = $OPENQRM_SERVER_BASE_DIR . "/openqrm/plugins/" . $deployment_plugin_name . "/bin/openqrm-" . $deployment_plugin_name . " auth -n " . $image_name . " -r " . $image_rootdevice . " -i " . $resource_ip . " -t lvm-nfs-deployment -u " . $openqrm_admin_user->name . " -p " . $openqrm_admin_user->password . " --openqrm-cmd-mode background";
$resource->send_command($storage_ip, $auth_start_cmd);
// authenticate the install-from-nfs export
$run_disable_deployment_export = 0;
$install_from_nfs_param = trim($image->get_deployment_parameter("IMAGE_INSTALL_FROM_NFS"));
if (strlen($install_from_nfs_param)) {
// storage -> resource -> auth
$ip_storage_id = $deployment->parse_deployment_parameter("id", $install_from_nfs_param);
$ip_storage_ip = $deployment->parse_deployment_parameter("ip", $install_from_nfs_param);
$ip_image_rootdevice = $deployment->parse_deployment_parameter("path", $install_from_nfs_param);
$ip_storage = new storage();
$ip_storage->get_instance_by_id($ip_storage_id);
$ip_storage_resource = new resource();
$ip_storage_resource->get_instance_by_id($ip_storage->resource_id);
$op_storage_ip = $ip_storage_resource->ip;
$ip_deployment = new deployment();
$ip_deployment->get_instance_by_id($ip_storage->type);
$ip_deployment_type = $ip_deployment->type;
$ip_deployment_plugin_name = $ip_deployment->storagetype;
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-lvm-nfs-deployment-auth-hook.php", "Install-from-NFS: Authenticating {$resource_ip} on storage id {$ip_storage_id}:{$ip_storage_ip}:{$ip_image_rootdevice}", "", "", 0, 0, $appliance_id);
$auth_install_from_nfs_start_cmd = $OPENQRM_SERVER_BASE_DIR . "/openqrm/plugins/" . $ip_deployment_plugin_name . "/bin/openqrm-" . $ip_deployment_plugin_name . " auth -r " . $ip_image_rootdevice . " -i " . $resource_ip . " -t " . $ip_deployment_type . " --openqrm-cmd-mode background";
$resource->send_command($ip_storage_ip, $auth_install_from_nfs_start_cmd);
$run_disable_deployment_export = 1;
}
// authenticate the transfer-to-nfs export
$transfer_from_nfs_param = trim($image->get_deployment_parameter("IMAGE_TRANSFER_TO_NFS"));
if (strlen($transfer_from_nfs_param)) {
// storage -> resource -> auth
$tp_storage_id = $deployment->parse_deployment_parameter("id", $transfer_from_nfs_param);
$tp_storage_ip = $deployment->parse_deployment_parameter("ip", $transfer_from_nfs_param);
$tp_image_rootdevice = $deployment->parse_deployment_parameter("path", $transfer_from_nfs_param);
$tp_storage = new storage();
$tp_storage->get_instance_by_id($tp_storage_id);
$tp_storage_resource = new resource();
$tp_storage_resource->get_instance_by_id($tp_storage->resource_id);
$op_storage_ip = $tp_storage_resource->ip;
$tp_deployment = new deployment();
$tp_deployment->get_instance_by_id($tp_storage->type);
$tp_deployment_type = $tp_deployment->type;
$tp_deployment_plugin_name = $tp_deployment->storagetype;
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-lvm-nfs-deployment-auth-hook.php", "Transfer-to-NFS: Authenticating {$resource_ip} on storage id {$tp_storage_id}:{$tp_storage_ip}:{$tp_image_rootdevice}", "", "", 0, 0, $appliance_id);
$auth_install_from_nfs_start_cmd = $OPENQRM_SERVER_BASE_DIR . "/openqrm/plugins/" . $tp_deployment_plugin_name . "/bin/openqrm-" . $tp_deployment_plugin_name . " auth -r " . $tp_image_rootdevice . " -i " . $resource_ip . " -t " . $tp_deployment_type . " --openqrm-cmd-mode background";
$resource->send_command($tp_storage_ip, $auth_install_from_nfs_start_cmd);
$run_disable_deployment_export = 1;
}
// do we need to disable the install-from/transfer-to-nfs exports ?
if ($run_disable_deployment_export == 1) {
$image_authentication = new image_authentication();
$ia_id = (int) str_replace(".", "", str_pad(microtime(true), 15, "0"));
$image_auth_ar = array('ia_id' => $ia_id, 'ia_image_id' => $appliance->imageid, 'ia_resource_id' => $appliance->resources, 'ia_auth_type' => 1);
$image_authentication->add($image_auth_ar);
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-lvm-nfs-deployment-auth-hook.php", "Registered image {$appliance->imageid} for de-authentication the deployment exports when resource {$appliance->resources} is fully up.", "", "", 0, 0, $appliance_id);
}
break;
case "stop":
$image_authentication = new image_authentication();
$ia_id = (int) str_replace(".", "", str_pad(microtime(true), 15, "0"));
$image_auth_ar = array('ia_id' => $ia_id, 'ia_image_id' => $appliance->imageid, 'ia_resource_id' => $appliance->resources, 'ia_auth_type' => 0);
$image_authentication->add($image_auth_ar);
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-lvm-nfs-deployment-auth-hook.php", "Registered image {$appliance->imageid} for de-authentication the root-fs exports when resource {$appliance->resources} is idle again.", "", "", 0, 0, $appliance_id);
break;
}
}
function storage_auth_function($cmd, $appliance_id)
{
global $event;
global $OPENQRM_SERVER_BASE_DIR;
global $OPENQRM_SERVER_IP_ADDRESS;
global $OPENQRM_EXEC_PORT;
global $IMAGE_AUTHENTICATION_TABLE;
global $openqrm_server;
$appliance = new appliance();
$appliance->get_instance_by_id($appliance_id);
$image = new image();
$image->get_instance_by_id($appliance->imageid);
$image_name = $image->name;
$image_rootdevice = $image->rootdevice;
$storage = new storage();
$storage->get_instance_by_id($image->storageid);
$storage_resource = new resource();
$storage_resource->get_instance_by_id($storage->resource_id);
$storage_ip = $storage_resource->ip;
$deployment = new deployment();
$deployment->get_instance_by_type($image->type);
$deployment_type = $deployment->type;
$deployment_plugin_name = $deployment->storagetype;
$resource = new resource();
$resource->get_instance_by_id($appliance->resources);
$resource_mac = $resource->mac;
$resource_ip = $resource->ip;
switch ($cmd) {
case "start":
// authenticate the rootfs / needs openqrm user + pass
$openqrm_admin_user = new user("openqrm");
$openqrm_admin_user->set_user();
// generate a password for the image
$image_password = $image->generatePassword(12);
$image_deployment_parameter = $image->deployment_parameter;
$image->set_deployment_parameters("IMAGE_ISCSI_AUTH", $image_password);
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-iscsi-deployment-auth-hook.php", "Authenticating {$image_name} / {$image_rootdevice} to resource {$resource_mac} with password {$image_password}", "", "", 0, 0, $appliance_id);
$auth_start_cmd = $OPENQRM_SERVER_BASE_DIR . "/openqrm/plugins/" . $deployment_plugin_name . "/bin/openqrm-" . $deployment_plugin_name . " auth -n " . $image_name . " -r " . $image_rootdevice . " -i " . $image_password . " -u " . $openqrm_admin_user->name . " -p " . $openqrm_admin_user->password . " --openqrm-cmd-mode background";
$resource->send_command($storage_ip, $auth_start_cmd);
// authenticate the install-from-nfs export
$run_disable_deployment_export = 0;
$install_from_nfs_param = trim($image->get_deployment_parameter("IMAGE_INSTALL_FROM_NFS"));
if (strlen($install_from_nfs_param)) {
// storage -> resource -> auth
$ip_storage_id = $deployment->parse_deployment_parameter("id", $install_from_nfs_param);
$ip_storage_ip = $deployment->parse_deployment_parameter("ip", $install_from_nfs_param);
$ip_image_rootdevice = $deployment->parse_deployment_parameter("path", $install_from_nfs_param);
$ip_storage = new storage();
$ip_storage->get_instance_by_id($ip_storage_id);
$ip_storage_resource = new resource();
$ip_storage_resource->get_instance_by_id($ip_storage->resource_id);
$op_storage_ip = $ip_storage_resource->ip;
$ip_deployment = new deployment();
$ip_deployment->get_instance_by_id($ip_storage->type);
$ip_deployment_type = $ip_deployment->type;
$ip_deployment_plugin_name = $ip_deployment->storagetype;
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-iscsi-deployment-auth-hook.php", "Install-from-NFS: Authenticating {$resource_ip} on storage id {$ip_storage_id}:{$ip_storage_ip}:{$ip_image_rootdevice}", "", "", 0, 0, $appliance_id);
$auth_install_from_nfs_start_cmd = $OPENQRM_SERVER_BASE_DIR . "/openqrm/plugins/" . $ip_deployment_plugin_name . "/bin/openqrm-" . $ip_deployment_plugin_name . " auth -r " . $ip_image_rootdevice . " -i " . $resource_ip . " -t " . $ip_deployment_type . " --openqrm-cmd-mode background";
$resource->send_command($ip_storage_ip, $auth_install_from_nfs_start_cmd);
$run_disable_deployment_export = 1;
}
// authenticate the transfer-to-nfs export
$transfer_from_nfs_param = trim($image->get_deployment_parameter("IMAGE_TRANSFER_TO_NFS"));
if (strlen($transfer_from_nfs_param)) {
// storage -> resource -> auth
$tp_storage_id = $deployment->parse_deployment_parameter("id", $transfer_from_nfs_param);
$tp_storage_ip = $deployment->parse_deployment_parameter("ip", $transfer_from_nfs_param);
$tp_image_rootdevice = $deployment->parse_deployment_parameter("path", $transfer_from_nfs_param);
$tp_storage = new storage();
$tp_storage->get_instance_by_id($tp_storage_id);
$tp_storage_resource = new resource();
$tp_storage_resource->get_instance_by_id($tp_storage->resource_id);
$op_storage_ip = $tp_storage_resource->ip;
$tp_deployment = new deployment();
$tp_deployment->get_instance_by_id($tp_storage->type);
$tp_deployment_type = $tp_deployment->type;
$tp_deployment_plugin_name = $tp_deployment->storagetype;
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-iscsi-deployment-auth-hook.php", "Transfer-to-NFS: Authenticating {$resource_ip} on storage id {$tp_storage_id}:{$tp_storage_ip}:{$tp_image_rootdevice}", "", "", 0, 0, $appliance_id);
$auth_install_from_nfs_start_cmd = $OPENQRM_SERVER_BASE_DIR . "/openqrm/plugins/" . $tp_deployment_plugin_name . "/bin/openqrm-" . $tp_deployment_plugin_name . " auth -r " . $tp_image_rootdevice . " -i " . $resource_ip . " -t " . $tp_deployment_type . " --openqrm-cmd-mode background";
$resource->send_command($tp_storage_ip, $auth_install_from_nfs_start_cmd);
$run_disable_deployment_export = 1;
}
// do we need to disable the install-from/transfer-to-nfs exports ?
if ($run_disable_deployment_export == 1) {
$image_authentication = new image_authentication();
$ia_id = (int) str_replace(".", "", str_pad(microtime(true), 15, "0"));
$image_auth_ar = array('ia_id' => $ia_id, 'ia_image_id' => $appliance->imageid, 'ia_resource_id' => $appliance->resources, 'ia_auth_type' => 1);
$image_authentication->add($image_auth_ar);
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-iscsi-deployment-auth-hook.php", "Registered image {$appliance->imageid} for de-authentication the deployment exports when resource {$appliance->resources} is fully up.", "", "", 0, 0, $appliance_id);
}
break;
case "stop":
$image_authentication = new image_authentication();
$ia_id = (int) str_replace(".", "", str_pad(microtime(true), 15, "0"));
$image_auth_ar = array('ia_id' => $ia_id, 'ia_image_id' => $appliance->imageid, 'ia_resource_id' => $appliance->resources, 'ia_auth_type' => 0);
$image_authentication->add($image_auth_ar);
$event->log("storage_auth_function", $_SERVER['REQUEST_TIME'], 5, "openqrm-iscsi-deployment-auth-hook.php", "Registered image {$appliance->imageid} for de-authentication the root-fs exports when resource {$appliance->resources} is idle again.", "", "", 0, 0, $appliance_id);
break;
}
}
