x
/
poppy
Code Issues Proposed changes
poppy/poppy/dns/rackspace/services.py

865 lines
35 KiB
Python
Raw Blame History

# Copyright (c) 2014 Rackspace, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import random
import re
try:
set
except NameError: # noqa pragma: no cover
from sets import Set as set # noqa pragma: no cover
from oslo_log import log
import pyrax.exceptions as exc
from poppy.dns import base
LOG = log.getLogger(__name__)
class ServicesController(base.ServicesBase):
def __init__(self, driver):
super(ServicesController, self).__init__(driver)
self.client = driver.client
def _get_subdomain(self, subdomain_name):
"""Returns a subdomain, if it does not exist, create it
:param subdomain_name
:return subdomain
"""
try:
LOG.info("Fetching DNS Record - {0}".format(subdomain_name))
subdomain = self.client.find(name=subdomain_name)
except exc.NotFound:
subdomain = self.client.create(
name=subdomain_name,
emailAddress=self._driver.rackdns_conf.email,
ttl=900)
return subdomain
def _create_cname_records(self, links):
"""Creates a subdomain
:param links: Access URLS from providers
:return dns_links: Map from provider access URL to DNS access URL
"""
cdn_domain_name = self._driver.rackdns_conf.url
shard_prefix = self._driver.rackdns_conf.shard_prefix
num_shards = self._driver.rackdns_conf.num_shards
# randomly select a shard
shard_id = random.randint(1, num_shards)
# ex. cdnXXX.altcdn.com
subdomain_name = '{0}{1}.{2}'.format(shard_prefix, shard_id,
cdn_domain_name)
# create CNAME record for adding
cname_records = []
dns_links = {}
shared_ssl_subdomain_name = None
for link in links:
# pick out shared ssl domains here
domain_name, certificate, old_operator_url = link
if certificate == "shared":
shared_ssl_subdomain_name = (
'.'.join(domain_name.split('.')[1:]))
# perform shared ssl cert logic
name = domain_name
else:
if old_operator_url is not None:
created_dns_links = self._create_preferred_cname_record(
domain_name,
certificate,
old_operator_url,
links[link]
)
dns_links.update(created_dns_links)
continue
else:
name = '{0}.{1}'.format(domain_name, subdomain_name)
cname_record = {'type': 'CNAME',
'name': name,
'data': links[link],
'ttl': 300}
dns_links[link] = {
'provider_url': links[link],
'operator_url': name
}
if certificate == "shared":
LOG.info("Creating Shared SSL DNS Record - {0}".format(name))
shared_ssl_subdomain = self._get_subdomain(
shared_ssl_subdomain_name)
shared_ssl_subdomain.add_records([cname_record])
else:
cname_records.append(cname_record)
# add the cname records
if len(cname_records) > 0:
subdomain = self._get_subdomain(subdomain_name)
LOG.info("Creating DNS Record - {0}".format(cname_records))
subdomain.add_records(cname_records)
return dns_links
def _create_preferred_cname_record(
self, domain_name, certificate, operator_url, provider_url):
"""Creates a CNAME chain with designated operator_url
:param domain_name: domain name that CNAME chain is created for
:param certificate: certificate type
:operator_url: The preferred operator url
:provider_url: provider url
:return dns_links: Map from provider access URL to DNS access URL
"""
shard_prefix = self._driver.rackdns_conf.shard_prefix
cdn_domain_name = self._driver.rackdns_conf.url
dns_links = {}
# verify sub-domain exists
regex_match = re.match(
r'^.*(' + shard_prefix + '[0-9]+\.' +
re.escape(cdn_domain_name) + ')$',
operator_url
)
my_sub_domain_name = regex_match.groups(-1)[0]
if my_sub_domain_name is None:
raise ValueError('Unable to parse old operator url')
# add to cname record
my_sub_domain = self._get_subdomain(my_sub_domain_name)
LOG.info(
"Updating dns record {0}. "
"CNAME create/update from {1} to {2}".format(
my_sub_domain_name,
operator_url,
provider_url
)
)
try:
old_dns_record = my_sub_domain.find_record('CNAME', operator_url)
except exc.DomainRecordNotFound:
my_sub_domain.add_records(
[{
'type': 'CNAME',
'name': operator_url,
'data': provider_url,
'ttl': 300
}]
)
else:
my_sub_domain.update_record(old_dns_record, data=provider_url)
dns_links[(domain_name, certificate, operator_url)] = {
'provider_url': provider_url,
'operator_url': operator_url
}
return dns_links
def _search_cname_record(self, access_url, shared_ssl_flag):
"""Search a CNAME record
:param access_url: DNS Access URL
:param shared_ssl_flag: flag indicating if this is a shared ssl domain
:return records: returns records, if any
"""
# extract shard name
if shared_ssl_flag:
suffix = self._driver.rackdns_conf.shared_ssl_domain_suffix
else:
suffix = self._driver.rackdns_conf.url
# Note: use rindex to find last occurrence of the suffix
shard_name = access_url[:access_url.rindex(suffix)-1].split('.')[-1]
subdomain_name = '.'.join([shard_name, suffix])
# for sharding is disabled, the suffix is the subdomain_name
if shared_ssl_flag and (
self._driver.rackdns_conf.shared_ssl_num_shards == 0):
subdomain_name = suffix
# get subdomain
subdomain = self.client.find(name=subdomain_name)
# search and find the CNAME record
LOG.info('Searching DNS records for : {0}'.format(subdomain))
name = access_url
record_type = 'CNAME'
records = self.client.search_records(subdomain, record_type, name)
return records
def _delete_cname_record(self, access_url, shared_ssl_flag):
"""Delete a CNAME record
:param access_url: DNS Access URL
:param shared_ssl_flag: flag indicating if this is a shared ssl domain
:return error_msg: returns error message, if any
"""
LOG.info('Attempting to delete DNS records for : {0}'.format(
access_url))
records = self._search_cname_record(access_url, shared_ssl_flag)
# delete the record
# we should get one record,
# or none if it has been deleted already
if not records:
LOG.error('DNS record already deleted: {0}'.format(access_url))
elif len(records) > 1:
error_msg = 'Multiple DNS records found: {0}'.format(access_url)
LOG.error(error_msg)
return error_msg
elif len(records) == 1:
LOG.info('Deleting DNS records for : {0}'.format(access_url))
records[0].delete()
return
def _change_cname_record(self, access_url, target_url, shared_ssl_flag):
"""Change a CNAME record
:param access_url: DNS Access URL
:param target_url: Operator Access URL
:param shared_ssl_flag: flag indicating if this is a shared ssl domain
:return error_msg: returns error message, if any
"""
records = self._search_cname_record(access_url, shared_ssl_flag)
# we should get one record, or none if it has been deleted already
if not records:
LOG.error('DNS record not found for: {0}'.format(access_url))
elif len(records) > 1:
LOG.error('Multiple DNS records found: {0}'.format(access_url))
elif len(records) == 1:
LOG.info('Updating DNS record for : {0}'.format(access_url))
records[0].update(data=target_url)
LOG.info('Updated DNS record for : {0}'.format(access_url))
return
def _generate_sharded_domain_name(self, shard_prefix, num_shards, suffix):
"""Generate a sharded domain name based on the scheme:
'{shard_prefix}{a random shard_id}.{suffix}'
:return A string of sharded domain name
"""
if num_shards == 0:
# shard disabled, just use the suffix
yield suffix
else:
# shard enabled, iterate through shards after
# randomly shuffling them
shard_ids = [i for i in range(1, num_shards + 1)]
random.shuffle(shard_ids)
for shard_id in shard_ids:
yield '{0}{1}.{2}'.format(shard_prefix, shard_id, suffix)
def generate_shared_ssl_domain_suffix(self):
"""Rackspace DNS scheme to generate a shared ssl domain suffix,
to be used with manager for shared ssl feature
:return A string of shared ssl domain name
"""
shared_ssl_domain_name = self._generate_sharded_domain_name(
self._driver.rackdns_conf.shared_ssl_shard_prefix,
self._driver.rackdns_conf.shared_ssl_num_shards,
self._driver.rackdns_conf.shared_ssl_domain_suffix)
return shared_ssl_domain_name
def create(self, responders):
"""Create CNAME record for a service.
:param responders: responders from providers
:return dns_links: Map from provider urls to DNS urls
"""
providers = []
for responder in responders:
for provider in responder:
providers.append(provider)
for responder in responders:
for provider_name in responder:
if 'error' in responder[provider_name]:
error_msg = responder[provider_name]['error_detail']
error_dict = {
'error_msg': error_msg
}
return self.responder.failed(providers, error_dict)
# gather the provider urls and cname them
links = {}
for responder in responders:
for provider_name in responder:
for link in responder[provider_name]['links']:
if link['rel'] == 'access_url':
# We need to distinguish shared ssl domains in
# which case the we will use different shard prefix and
# and shard number
links[(
link['domain'],
link.get('certificate', None),
None # new link no pref operator url
)] = link['href']
# create CNAME records
try:
dns_links = self._create_cname_records(links)
except Exception as e:
msg = 'Rackspace DNS Exception: {0}'.format(e)
error = {
'error_msg': msg,
'error_class': e.__class__
}
LOG.error(msg)
return self.responder.failed(providers, error)
# gather the CNAMED links
dns_details = {}
for responder in responders:
for provider_name in responder:
access_urls = []
for link in responder[provider_name]['links']:
if link['rel'] == 'access_url':
access_url = {
'domain': link['domain'],
'provider_url': dns_links[(
link['domain'],
link.get('certificate', None),
None
)]['provider_url'],
'operator_url': dns_links[(
link['domain'],
link.get('certificate', None),
None
)]['operator_url']}
# Need to indicate if this access_url is a shared ssl
# access url, since its has different shard_prefix and
# num_shard
if link.get('certificate', None) == 'shared':
access_url['shared_ssl_flag'] = True
access_urls.append(access_url)
dns_details[provider_name] = {'access_urls': access_urls}
return self.responder.created(dns_details)
def delete(self, provider_details):
"""Delete CNAME records for a service.
:param provider_details
:return dns_details: Map from provider_name to delete errors
"""
providers = []
for provider in provider_details:
providers.append(provider)
dns_details = {}
error_msg = ''
error_class = None
for provider_name in provider_details:
access_urls = provider_details[provider_name].access_urls
for access_url in access_urls:
if 'operator_url' in access_url:
try:
msg = self._delete_cname_record(
access_url['operator_url'],
access_url.get('shared_ssl_flag', False))
if msg:
error_msg += msg
except exc.NotFound as e:
LOG.error('Can not access the subdomain. Please make '
'sure it exists and you have permissions '
'to CDN subdomain {0}'.format(e))
error_msg = (error_msg + 'Can not access subdomain . '
'Exception: {0}'.format(e))
error_class = e.__class__
except Exception as e:
LOG.error('Rackspace DNS Exception: {0}'.format(e))
error_msg += 'Rackspace DNS ' \
'Exception: {0}'.format(e)
error_class = e.__class__
# format the error message for this provider
if not error_msg:
dns_details[provider_name] = self.responder.deleted({})
# format the error message
if error_msg:
error = {
'error_msg': error_msg,
'error_class': error_class
}
return self.responder.failed(providers, error)
return dns_details
def _update_added_domains(self, responders, added_domains):
"""Update added domains."""
# if no domains are added, return
dns_details = {}
if not added_domains:
for responder in responders:
for provider_name in responder:
dns_details[provider_name] = {'access_urls': []}
return dns_details
providers = []
for responder in responders:
for provider in responder:
providers.append(provider)
# gather the provider links for the added domains
links = {}
for responder in responders:
for provider_name in responder:
for link in responder[provider_name]['links']:
domain_added = (link['rel'] == 'access_url' and
link['domain'] in added_domains)
if domain_added:
links[(
link['domain'],
link.get('certificate', None),
link.get('old_operator_url', None)
)] = link['href']
# create CNAME records for added domains
try:
dns_links = self._create_cname_records(links)
except Exception as e:
error_msg = 'Rackspace DNS Exception: {0}'.format(e)
error_class = e.__class__
error = {
'error_msg': error_msg,
'error_class': error_class
}
LOG.error(error_msg)
return self.responder.failed(providers, error)
# gather the CNAMED links for added domains
for responder in responders:
for provider_name in responder:
access_urls = []
for link in responder[provider_name]['links']:
if link['domain'] in added_domains:
access_url = {
'domain': link['domain'],
'provider_url':
dns_links[(link['domain'],
link.get('certificate', None),
link.get('old_operator_url', None)
)]['provider_url'],
'operator_url':
dns_links[(link['domain'],
link.get('certificate', None),
link.get('old_operator_url', None)
)]['operator_url']}
# Need to indicate if this access_url is a shared ssl
# access url, since its has different shard_prefix and
# num_shard
if link.get('certificate', None) == 'shared':
access_url['shared_ssl_flag'] = True
access_urls.append(access_url)
dns_details[provider_name] = {'access_urls': access_urls}
return dns_details
def _update_removed_domains(self, provider_details, removed_domains):
"""Update removed domains."""
# if no domains are removed, return
dns_details = {}
if not removed_domains:
for provider_name in provider_details:
dns_details[provider_name] = {'access_urls': []}
return dns_details
providers = []
for provider in provider_details:
providers.append(provider)
# delete the records for deleted domains
error_msg = ''
error_class = None
for provider_name in provider_details:
provider_detail = provider_details[provider_name]
for access_url in provider_detail.access_urls:
# log delivery access url does not have domain field
if 'domain' in access_url and (
access_url['domain'] not in removed_domains):
continue
try:
msg = self._delete_cname_record(access_url['operator_url'],
access_url.get(
'shared_ssl_flag',
False))
if msg:
error_msg = error_msg + msg
except exc.NotFound as e:
LOG.error('Can not access the subdomain. Please make sure'
' it exists and you have permissions to CDN '
'subdomain {0}'.format(e))
error_msg = (error_msg + 'Can not access subdomain. '
'Exception: {0}'.format(e))
error_class = e.__class__
except Exception as e:
LOG.error('Exception: {0}'.format(e))
error_msg = error_msg + 'Exception: {0}'.format(e)
error_class = e.__class__
# format the success message for this provider
if not error_msg:
dns_details[provider_name] = self.responder.deleted({})
# format the error message
if error_msg:
error_dict = {
'error_msg': error_msg,
'error_class': error_class
}
return self.responder.failed(providers, error_dict)
return dns_details
def update(self, service_old, service_updates, responders):
"""Update CNAME records for a service.
:param service_old: previous service state
:param service_updates: updates to service state
:param responders: responders from providers
:return dns_details: Map from provider_name to update errors
"""
# get old domains
old_domains = set()
old_access_urls_map = {}
project_id = service_old.project_id
service_id = service_old.service_id
provider_details = service_old.provider_details
for provider_name in provider_details:
provider_detail = provider_details[provider_name]
access_urls = provider_detail.access_urls
old_access_urls_map[provider_name] = {'access_urls': access_urls}
for access_url in access_urls:
if 'domain' in access_url:
old_domains.add(access_url['domain'])
# if there is a provider error, don't try dns update
for responder in responders:
for provider_name in responder:
if 'error' in responder[provider_name]:
return old_access_urls_map
# get new_domains
new_domains = set()
for responder in responders:
for provider_name in responder:
links = responder[provider_name]['links']
for link in links:
new_domains.add(link['domain'])
# find http -> https+san upgrade domains
upgraded_domains = set()
for domain in service_updates.domains:
for old_domain in service_old.domains:
if old_domain.domain == domain.domain:
if (
old_domain.protocol == 'http' and
domain.protocol == 'https' and
domain.certificate == 'san'
):
upgraded_domains.add(domain.domain)
break
# if domains have not been updated, return
if not service_updates.domains:
return old_access_urls_map
# force dns update when we encounter an upgraded domain
common_domains = new_domains.intersection(old_domains)
for domain_name in common_domains:
upgrade = False
for responder in responders:
for provider_name in responder:
links = responder[provider_name]['links']
for link in links:
if (
link['domain'] == domain_name and
link.get('certificate', None) == 'san' and
link['href'] is not None and
link['old_operator_url'] is not None
):
upgrade = True
if upgrade is True:
old_domains.remove(domain_name)
# if the old set of domains is the same as new set of domains return
if old_domains == new_domains:
return old_access_urls_map
# get the list of added, removed and common domains
added_domains = new_domains.difference(old_domains)
removed_domains = old_domains.difference(new_domains)
common_domains = new_domains.intersection(old_domains)
# prevent dns records for upgrade domains from being deleted
retain_domains = removed_domains.intersection(upgraded_domains)
removed_domains = removed_domains.difference(retain_domains)
LOG.info("Added Domains : {0} on service_id : {1} "
"for project_id: {2}".format(added_domains,
service_id,
project_id))
LOG.info("Removed Domains : {0} on service_id : {1} "
"for project_id: {2}".format(removed_domains,
service_id,
project_id))
LOG.info("Common Domains : {0} on service_id : {1} "
"for project_id: {2}".format(common_domains,
service_id,
project_id))
# add new domains
dns_links = self._update_added_domains(responders, added_domains)
# remove CNAME records for deleted domains
provider_details = service_old.provider_details
self._update_removed_domains(provider_details, removed_domains)
providers = []
for responder in responders:
for provider in responder:
providers.append(provider)
# in case of DNS error, return
for provider_name in dns_links:
if 'error' in dns_links[provider_name]:
error_msg = dns_links[provider_name]['error_detail']
error_dict = {
'error_msg': error_msg
}
if 'error_class' in dns_links[provider_name]:
error_dict['error_class'] = \
dns_links[provider_name]['error_class']
return self.responder.failed(providers, error_dict)
# gather the CNAMED links and remove stale links
dns_details = {}
for responder in responders:
for provider_name in responder:
provider_detail = service_old.provider_details[provider_name]
old_access_urls = provider_detail.access_urls
new_access_urls = dns_links[provider_name]['access_urls']
access_urls = []
for link in responder[provider_name]['links']:
if link['domain'] in removed_domains:
continue
elif link['domain'] in added_domains:
# iterate through new access urls and get access url
operator_url = None
for new_access_url in new_access_urls:
if new_access_url['domain'] == link['domain']:
operator_url = new_access_url['operator_url']
break
access_url = {
'domain': link['domain'],
'provider_url': link['href'],
'operator_url': operator_url}
# if it is a shared ssl access url, we need to store it
if new_access_url.get('shared_ssl_flag', False):
access_url['shared_ssl_flag'] = True
access_urls.append(access_url)
elif link['domain'] in common_domains:
# iterate through old access urls and get access url
operator_url = None
old_access_url = None
for old_access_url in old_access_urls:
if old_access_url['domain'] == link['domain']:
operator_url = old_access_url['operator_url']
break
access_url = {
'domain': link['domain'],
'provider_url': link['href'],
'operator_url': operator_url}
# if it is a shared ssl access url, we need to store it
if old_access_url.get('shared_ssl_flag', False):
access_url['shared_ssl_flag'] = True
access_urls.append(access_url)
# find upgraded domains and create placeholders for them
for domain in service_updates.domains:
is_upgrade = False
for old_domain in service_old.domains:
if old_domain.domain == domain.domain:
if (
old_domain.protocol == 'http' and
domain.protocol == 'https' and
domain.certificate == 'san'
):
is_upgrade = True
break
if is_upgrade is True:
old_access_url_for_domain = (
service_old.provider_details.values()[0].
get_domain_access_url(domain.domain))
# add placeholder access url for upgraded domain
# the access_url dict here should be missing an entry
# for http san domain since provider url is
# determined only after an ssl cert is provisioned
access_urls.append({
'domain': domain.domain,
'provider_url': None,
'operator_url': None,
'old_operator_url': old_access_url_for_domain[
'operator_url'
]
})
# keep log_delivery urls intact when both old and new
# services have log_delivery enabled
if (
service_old.log_delivery.enabled is True and
service_updates.log_delivery.enabled is True
):
for old_access_url in old_access_urls:
if 'log_delivery' in old_access_url:
access_urls.append(old_access_url)
dns_details[provider_name] = {'access_urls': access_urls}
return self.responder.updated(dns_details)
def gather_cname_links(self, service_obj):
provider_details = service_obj.provider_details
dns_details = {}
for provider_name in provider_details:
access_urls = []
for link in provider_details[provider_name].access_urls:
# if this is a log delivery URL, don't add
if 'log_delivery' in link:
continue
access_url = {
'domain': link['domain'],
'provider_url': link['provider_url'],
'operator_url': link['operator_url']
}
# Need to indicate if this access_url is a shared ssl
# access url, since its has different shard_prefix and
# num_shard
if link.get('shared_ssl_flag', None):
access_url['shared_ssl_flag'] = True
else:
access_url['shared_ssl_flag'] = False
access_urls.append(access_url)
dns_details[provider_name] = {'access_urls': access_urls}
return dns_details
def enable(self, service_obj):
dns_details = self.gather_cname_links(service_obj)
try:
for provider_name in dns_details:
access_urls = dns_details[provider_name]['access_urls']
for access_url in access_urls:
provider_url = access_url['provider_url']
operator_url = access_url['operator_url']
shared_ssl_flag = access_url['shared_ssl_flag']
self._change_cname_record(operator_url,
provider_url,
shared_ssl_flag)
except Exception as e:
error_msg = 'Rackspace DNS Exception: {0}'.format(e)
error_class = e.__class__
error = {
'error_msg': error_msg,
'error_class': error_class
}
LOG.error(error_msg)
return self.responder.failed(dns_details.keys(), error)
else:
return self.responder.updated(dns_details)
def disable(self, service_obj):
dns_details = self.gather_cname_links(service_obj)
try:
provider_url = self._driver.rackdns_conf.url_404
for provider_name in dns_details:
access_urls = dns_details[provider_name]['access_urls']
for access_url in access_urls:
operator_url = access_url['operator_url']
shared_ssl_flag = access_url['shared_ssl_flag']
self._change_cname_record(operator_url,
provider_url,
shared_ssl_flag)
except Exception as e:
error_msg = 'Rackspace DNS Exception: {0}'.format(e)
error_class = e.__class__
error = {
'error_msg': error_msg,
'error_class': error_class
}
LOG.error(error_msg)
return self.responder.failed(dns_details.keys(), error)
else:
return self.responder.updated(dns_details)
def modify_cname(self, access_url, new_cert):
self._change_cname_record(access_url=access_url,
target_url=new_cert, shared_ssl_flag=False)
def is_shard_full(self, shard_name):
count = 0
try:
shard_domain = self.client.find(name=shard_name)
except exc.NotFound:
LOG.error("Shards not configured properly, could not find {0}.")
return True
records = shard_domain.list_records(limit=100)
count += len(records)
# Loop until all records are printed
while True:
try:
records = self.client.list_records_next_page()
count += len(records)
except exc.NoMoreResults:
break
LOG.info(
"There were a total of {0} record(s) for {1}.".format(
count,
shard_name
))
if count >= self._driver.rackdns_conf.records_limit:
return True
else:
return False
View Git Blame Copy Permalink