// Licensed to the Apache Software Foundation (ASF) under one // or more contributor license agreements. See the NOTICE file // distributed with this work for additional information // regarding copyright ownership. The ASF licenses this file // to you under the Apache License, Version 2.0 (the // "License"); you may not use this file except in compliance // with the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, // software distributed under the License is distributed on an // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY // KIND, either express or implied. See the License for the // specific language governing permissions and limitations // under the License. package com.cloud.template; import java.net.MalformedURLException; import java.net.URISyntaxException; import java.net.URL; import java.util.ArrayList; import java.util.Arrays; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.UUID; import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.stream.Collectors; import javax.inject.Inject; import javax.naming.ConfigurationException; import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseCmd; import org.apache.cloudstack.api.BaseListTemplateOrIsoPermissionsCmd; import org.apache.cloudstack.api.BaseUpdateTemplateOrIsoCmd; import org.apache.cloudstack.api.BaseUpdateTemplateOrIsoPermissionsCmd; import org.apache.cloudstack.api.command.user.iso.DeleteIsoCmd; import org.apache.cloudstack.api.command.user.iso.ExtractIsoCmd; import org.apache.cloudstack.api.command.user.iso.GetUploadParamsForIsoCmd; import org.apache.cloudstack.api.command.user.iso.ListIsoPermissionsCmd; import org.apache.cloudstack.api.command.user.iso.RegisterIsoCmd; import org.apache.cloudstack.api.command.user.iso.UpdateIsoCmd; import org.apache.cloudstack.api.command.user.iso.UpdateIsoPermissionsCmd; import org.apache.cloudstack.api.command.user.template.CopyTemplateCmd; import org.apache.cloudstack.api.command.user.template.CreateTemplateCmd; import org.apache.cloudstack.api.command.user.template.DeleteTemplateCmd; import org.apache.cloudstack.api.command.user.template.ExtractTemplateCmd; import org.apache.cloudstack.api.command.user.template.GetUploadParamsForTemplateCmd; import org.apache.cloudstack.api.command.user.template.ListTemplatePermissionsCmd; import org.apache.cloudstack.api.command.user.template.RegisterTemplateCmd; import org.apache.cloudstack.api.command.user.template.RegisterVnfTemplateCmd; import org.apache.cloudstack.api.command.user.template.UpdateTemplateCmd; import org.apache.cloudstack.api.command.user.template.UpdateTemplatePermissionsCmd; import org.apache.cloudstack.api.command.user.template.UpdateVnfTemplateCmd; import org.apache.cloudstack.api.command.user.userdata.LinkUserDataToTemplateCmd; import org.apache.cloudstack.api.response.GetUploadParamsResponse; import org.apache.cloudstack.context.CallContext; import org.apache.cloudstack.engine.orchestration.service.VolumeOrchestrationService; import org.apache.cloudstack.engine.subsystem.api.storage.DataStore; import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager; import org.apache.cloudstack.engine.subsystem.api.storage.EndPoint; import org.apache.cloudstack.engine.subsystem.api.storage.EndPointSelector; import org.apache.cloudstack.engine.subsystem.api.storage.PrimaryDataStore; import org.apache.cloudstack.engine.subsystem.api.storage.Scope; import org.apache.cloudstack.engine.subsystem.api.storage.SnapshotDataFactory; import org.apache.cloudstack.engine.subsystem.api.storage.SnapshotInfo; import org.apache.cloudstack.engine.subsystem.api.storage.StorageCacheManager; import org.apache.cloudstack.engine.subsystem.api.storage.StorageStrategyFactory; import org.apache.cloudstack.engine.subsystem.api.storage.TemplateDataFactory; import org.apache.cloudstack.engine.subsystem.api.storage.TemplateInfo; import org.apache.cloudstack.engine.subsystem.api.storage.TemplateService; import org.apache.cloudstack.engine.subsystem.api.storage.TemplateService.TemplateApiResult; import org.apache.cloudstack.engine.subsystem.api.storage.VolumeDataFactory; import org.apache.cloudstack.engine.subsystem.api.storage.VolumeInfo; import org.apache.cloudstack.engine.subsystem.api.storage.ZoneScope; import org.apache.cloudstack.framework.async.AsyncCallFuture; import org.apache.cloudstack.framework.config.ConfigKey; import org.apache.cloudstack.framework.config.Configurable; import org.apache.cloudstack.framework.config.dao.ConfigurationDao; import org.apache.cloudstack.framework.messagebus.MessageBus; import org.apache.cloudstack.framework.messagebus.PublishScope; import org.apache.cloudstack.managed.context.ManagedContextRunnable; import org.apache.cloudstack.secstorage.dao.SecondaryStorageHeuristicDao; import org.apache.cloudstack.secstorage.heuristics.HeuristicType; import org.apache.cloudstack.snapshot.SnapshotHelper; import org.apache.cloudstack.storage.command.AttachCommand; import org.apache.cloudstack.storage.command.CommandResult; import org.apache.cloudstack.storage.command.DettachCommand; import org.apache.cloudstack.storage.command.TemplateOrVolumePostUploadCommand; import org.apache.cloudstack.storage.datastore.db.ImageStoreDao; import org.apache.cloudstack.storage.datastore.db.ImageStoreVO; import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao; import org.apache.cloudstack.storage.datastore.db.SnapshotDataStoreDao; import org.apache.cloudstack.storage.datastore.db.StoragePoolVO; import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao; import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreVO; import org.apache.cloudstack.storage.heuristics.HeuristicRuleHelper; import org.apache.cloudstack.storage.image.datastore.ImageStoreEntity; import org.apache.cloudstack.storage.template.VnfTemplateManager; import org.apache.cloudstack.storage.template.VnfTemplateUtils; import org.apache.cloudstack.storage.to.TemplateObjectTO; import org.apache.cloudstack.utils.imagestore.ImageStoreUtil; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.MapUtils; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; import com.cloud.agent.AgentManager; import com.cloud.agent.api.Answer; import com.cloud.agent.api.Command; import com.cloud.agent.api.ComputeChecksumCommand; import com.cloud.agent.api.storage.DestroyCommand; import com.cloud.agent.api.to.DataTO; import com.cloud.agent.api.to.DatadiskTO; import com.cloud.agent.api.to.DiskTO; import com.cloud.agent.api.to.NfsTO; import com.cloud.agent.api.to.VirtualMachineTO; import com.cloud.api.ApiDBUtils; import com.cloud.api.query.dao.UserVmJoinDao; import com.cloud.api.query.vo.UserVmJoinVO; import com.cloud.configuration.Config; import com.cloud.configuration.Resource.ResourceType; import com.cloud.dc.DataCenter; import com.cloud.dc.DataCenterVO; import com.cloud.dc.dao.DataCenterDao; import com.cloud.deploy.DeployDestination; import com.cloud.domain.Domain; import com.cloud.domain.dao.DomainDao; import com.cloud.event.ActionEvent; import com.cloud.event.EventTypes; import com.cloud.event.UsageEventUtils; import com.cloud.event.UsageEventVO; import com.cloud.event.dao.UsageEventDao; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.StorageUnavailableException; import com.cloud.host.HostVO; import com.cloud.host.dao.HostDao; import com.cloud.hypervisor.Hypervisor; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.hypervisor.HypervisorGuru; import com.cloud.hypervisor.HypervisorGuruManager; import com.cloud.projects.Project; import com.cloud.projects.ProjectManager; import com.cloud.storage.DataStoreRole; import com.cloud.storage.GuestOSVO; import com.cloud.storage.ImageStoreUploadMonitorImpl; import com.cloud.storage.LaunchPermissionVO; import com.cloud.storage.Snapshot; import com.cloud.storage.SnapshotVO; import com.cloud.storage.Storage; import com.cloud.storage.Storage.ImageFormat; import com.cloud.storage.Storage.TemplateType; import com.cloud.storage.StorageManager; import com.cloud.storage.StoragePool; import com.cloud.storage.StoragePoolHostVO; import com.cloud.storage.StoragePoolStatus; import com.cloud.storage.TemplateProfile; import com.cloud.storage.Upload; import com.cloud.storage.VMTemplateStoragePoolVO; import com.cloud.storage.VMTemplateStorageResourceAssoc; import com.cloud.storage.VMTemplateStorageResourceAssoc.Status; import com.cloud.storage.VMTemplateVO; import com.cloud.storage.VMTemplateZoneVO; import com.cloud.storage.Volume; import com.cloud.storage.VolumeApiService; import com.cloud.storage.VolumeVO; import com.cloud.storage.dao.GuestOSDao; import com.cloud.storage.dao.LaunchPermissionDao; import com.cloud.storage.dao.SnapshotDao; import com.cloud.storage.dao.StoragePoolHostDao; import com.cloud.storage.dao.VMTemplateDao; import com.cloud.storage.dao.VMTemplateDetailsDao; import com.cloud.storage.dao.VMTemplatePoolDao; import com.cloud.storage.dao.VMTemplateZoneDao; import com.cloud.storage.dao.VolumeDao; import com.cloud.template.TemplateAdapter.TemplateAdapterType; import com.cloud.template.VirtualMachineTemplate.BootloaderType; import com.cloud.user.Account; import com.cloud.user.AccountManager; import com.cloud.user.AccountService; import com.cloud.user.AccountVO; import com.cloud.user.ResourceLimitService; import com.cloud.user.User; import com.cloud.user.UserData; import com.cloud.user.dao.AccountDao; import com.cloud.uservm.UserVm; import com.cloud.utils.DateUtil; import com.cloud.utils.EncryptionUtil; import com.cloud.utils.EnumUtils; import com.cloud.utils.Pair; import com.cloud.utils.StringUtils; import com.cloud.utils.component.AdapterBase; import com.cloud.utils.component.ManagerBase; import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.db.DB; import com.cloud.utils.db.EntityManager; import com.cloud.utils.db.SearchCriteria; import com.cloud.utils.db.Transaction; import com.cloud.utils.db.TransactionCallbackNoReturn; import com.cloud.utils.db.TransactionStatus; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.UserVmVO; import com.cloud.vm.VMInstanceVO; import com.cloud.vm.VirtualMachine.State; import com.cloud.vm.VirtualMachineProfile; import com.cloud.vm.VirtualMachineProfileImpl; import com.cloud.vm.VmDetailConstants; import com.cloud.vm.dao.UserVmDao; import com.cloud.vm.dao.VMInstanceDao; import com.google.common.base.Joiner; import com.google.gson.Gson; import com.google.gson.GsonBuilder; public class TemplateManagerImpl extends ManagerBase implements TemplateManager, TemplateApiService, Configurable { @Inject private VMTemplateDao _tmpltDao; @Inject private TemplateDataStoreDao _tmplStoreDao; @Inject private VMTemplatePoolDao _tmpltPoolDao; @Inject private VMTemplateZoneDao _tmpltZoneDao; @Inject private VMInstanceDao _vmInstanceDao; @Inject private PrimaryDataStoreDao _poolDao; @Inject private StoragePoolHostDao _poolHostDao; @Inject private AccountDao _accountDao; @Inject private AgentManager _agentMgr; @Inject private AccountManager _accountMgr; @Inject private HostDao _hostDao; @Inject private DataCenterDao _dcDao; @Inject private UserVmDao _userVmDao; @Inject private VolumeDao _volumeDao; @Inject private SnapshotDao _snapshotDao; @Inject private ConfigurationDao _configDao; @Inject private DomainDao _domainDao; @Inject private GuestOSDao _guestOSDao; @Inject private StorageManager _storageMgr; @Inject private UsageEventDao _usageEventDao; @Inject private AccountService _accountService; @Inject private ResourceLimitService _resourceLimitMgr; @Inject private LaunchPermissionDao _launchPermissionDao; @Inject private ProjectManager _projectMgr; @Inject private VolumeDataFactory _volFactory; @Inject private TemplateDataFactory _tmplFactory; @Inject private SnapshotDataFactory _snapshotFactory; @Inject StorageStrategyFactory _storageStrategyFactory; @Inject private TemplateService _tmpltSvr; @Inject private DataStoreManager _dataStoreMgr; @Inject private VolumeOrchestrationService _volumeMgr; @Inject private EndPointSelector _epSelector; @Inject private UserVmJoinDao _userVmJoinDao; @Inject private SnapshotDataStoreDao _snapshotStoreDao; @Inject private ImageStoreDao _imgStoreDao; @Inject MessageBus _messageBus; @Inject private VMTemplateDetailsDao _tmpltDetailsDao; @Inject private HypervisorGuruManager _hvGuruMgr; private boolean _disableExtraction = false; private List _adapters; ExecutorService _preloadExecutor; @Inject private StorageCacheManager cacheMgr; @Inject private EndPointSelector selector; @Inject protected SnapshotHelper snapshotHelper; @Inject VnfTemplateManager vnfTemplateManager; @Inject private SecondaryStorageHeuristicDao secondaryStorageHeuristicDao; @Inject private HeuristicRuleHelper heuristicRuleHelper; private TemplateAdapter getAdapter(HypervisorType type) { TemplateAdapter adapter = null; if (type == HypervisorType.BareMetal) { adapter = AdapterBase.getAdapterByName(_adapters, TemplateAdapterType.BareMetal.getName()); } else { // Get template adapter according to hypervisor adapter = AdapterBase.getAdapterByName(_adapters, type.name()); // Otherwise, default to generic hypervisor template adapter if (adapter == null) { adapter = AdapterBase.getAdapterByName(_adapters, TemplateAdapterType.Hypervisor.getName()); } } if (adapter == null) { throw new CloudRuntimeException("Cannot find template adapter for " + type.toString()); } return adapter; } @Override @ActionEvent(eventType = EventTypes.EVENT_ISO_CREATE, eventDescription = "creating iso") public VirtualMachineTemplate registerIso(RegisterIsoCmd cmd) throws ResourceAllocationException { TemplateAdapter adapter = getAdapter(HypervisorType.None); TemplateProfile profile = adapter.prepare(cmd); VMTemplateVO template = adapter.create(profile); if (template != null) { CallContext.current().putContextParameter(VirtualMachineTemplate.class, template.getUuid()); return template; } else { throw new CloudRuntimeException("Failed to create ISO"); } } @Override @ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_CREATE, eventDescription = "creating template") public VirtualMachineTemplate registerTemplate(RegisterTemplateCmd cmd) throws URISyntaxException, ResourceAllocationException { Account account = CallContext.current().getCallingAccount(); if (cmd.getTemplateTag() != null) { if (!_accountService.isRootAdmin(account.getId())) { throw new PermissionDeniedException("Parameter templatetag can only be specified by a Root Admin, permission denied"); } } if (cmd.isRoutingType() != null) { if (!_accountService.isRootAdmin(account.getId())) { throw new PermissionDeniedException("Parameter isrouting can only be specified by a Root Admin, permission denied"); } } TemplateAdapter adapter = getAdapter(HypervisorType.getType(cmd.getHypervisor())); TemplateProfile profile = adapter.prepare(cmd); VMTemplateVO template = adapter.create(profile); if (template != null) { CallContext.current().putContextParameter(VirtualMachineTemplate.class, template.getUuid()); if (cmd instanceof RegisterVnfTemplateCmd) { vnfTemplateManager.persistVnfTemplate(template.getId(), (RegisterVnfTemplateCmd) cmd); } return template; } else { throw new CloudRuntimeException("Failed to create a template"); } } /** * Internal register template or ISO method - post local upload * @param adapter * @param profile */ private GetUploadParamsResponse registerPostUploadInternal(TemplateAdapter adapter, TemplateProfile profile) throws MalformedURLException { List payload = adapter.createTemplateForPostUpload(profile); if(CollectionUtils.isNotEmpty(payload)) { GetUploadParamsResponse response = new GetUploadParamsResponse(); /* * There can be one or more commands depending on the number of secondary stores the template needs to go to. Taking the first one to do the url upload. The * template will be propagated to the rest through copy by management server commands. */ TemplateOrVolumePostUploadCommand firstCommand = payload.get(0); String ssvmUrlDomain = _configDao.getValue(Config.SecStorageSecureCopyCert.key()); String protocol = VolumeApiService.UseHttpsToUpload.value() ? "https" : "http"; String url = ImageStoreUtil.generatePostUploadUrl(ssvmUrlDomain, firstCommand.getRemoteEndPoint(), firstCommand.getEntityUUID(), protocol); response.setPostURL(new URL(url)); // set the post url, this is used in the monitoring thread to determine the SSVM TemplateDataStoreVO templateStore = _tmplStoreDao.findByTemplate(firstCommand.getEntityId(), DataStoreRole.getRole(firstCommand.getDataToRole())); if (templateStore != null) { templateStore.setExtractUrl(url); _tmplStoreDao.persist(templateStore); } response.setId(UUID.fromString(firstCommand.getEntityUUID())); int timeout = ImageStoreUploadMonitorImpl.getUploadOperationTimeout(); DateTime currentDateTime = new DateTime(DateTimeZone.UTC); String expires = currentDateTime.plusMinutes(timeout).toString(); response.setTimeout(expires); String key = _configDao.getValue(Config.SSVMPSK.key()); /* * encoded metadata using the post upload config ssh key */ Gson gson = new GsonBuilder().create(); String metadata = EncryptionUtil.encodeData(gson.toJson(firstCommand), key); response.setMetadata(metadata); /* * signature calculated on the url, expiry, metadata. */ response.setSignature(EncryptionUtil.generateSignature(metadata + url + expires, key)); return response; } else { throw new CloudRuntimeException("Unable to register template."); } } @Override @ActionEvent(eventType = EventTypes.EVENT_ISO_CREATE, eventDescription = "creating post upload iso") public GetUploadParamsResponse registerIsoForPostUpload(GetUploadParamsForIsoCmd cmd) throws ResourceAllocationException, MalformedURLException { TemplateAdapter adapter = getAdapter(HypervisorType.None); TemplateProfile profile = adapter.prepare(cmd); return registerPostUploadInternal(adapter, profile); } @Override @ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_CREATE, eventDescription = "creating post upload template") public GetUploadParamsResponse registerTemplateForPostUpload(GetUploadParamsForTemplateCmd cmd) throws ResourceAllocationException, MalformedURLException { TemplateAdapter adapter = getAdapter(HypervisorType.getType(cmd.getHypervisor())); TemplateProfile profile = adapter.prepare(cmd); return registerPostUploadInternal(adapter, profile); } @Override public DataStore getImageStore(String storeUuid, Long zoneId, VolumeVO volume) { DataStore imageStore = null; if (storeUuid != null) { imageStore = _dataStoreMgr.getDataStore(storeUuid, DataStoreRole.Image); } else { imageStore = heuristicRuleHelper.getImageStoreIfThereIsHeuristicRule(zoneId, HeuristicType.VOLUME, volume); if (imageStore == null) { imageStore = _dataStoreMgr.getImageStoreWithFreeCapacity(zoneId); } } if (imageStore == null) { throw new CloudRuntimeException(String.format("Cannot find an image store for zone [%s].", zoneId)); } return imageStore; } @Override @ActionEvent(eventType = EventTypes.EVENT_ISO_EXTRACT, eventDescription = "extracting ISO", async = true) public String extract(ExtractIsoCmd cmd) { Account account = CallContext.current().getCallingAccount(); Long templateId = cmd.getId(); Long zoneId = cmd.getZoneId(); String url = cmd.getUrl(); String mode = cmd.getMode(); Long eventId = cmd.getStartEventId(); return extract(account, templateId, url, zoneId, mode, eventId, true); } @Override @ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_EXTRACT, eventDescription = "extracting template", async = true) public String extract(ExtractTemplateCmd cmd) { Account caller = CallContext.current().getCallingAccount(); Long templateId = cmd.getId(); Long zoneId = cmd.getZoneId(); String url = cmd.getUrl(); String mode = cmd.getMode(); Long eventId = cmd.getStartEventId(); VirtualMachineTemplate template = _tmpltDao.findById(templateId); if (template == null) { throw new InvalidParameterValueException("unable to find template with id " + templateId); } return extract(caller, templateId, url, zoneId, mode, eventId, false); } @Override public VirtualMachineTemplate prepareTemplate(long templateId, long zoneId, Long storageId) { VMTemplateVO vmTemplate = _tmpltDao.findById(templateId); if (vmTemplate == null) { throw new InvalidParameterValueException("Unable to find template id=" + templateId); } _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.OperateEntry, true, vmTemplate); if (storageId != null) { StoragePoolVO pool = _poolDao.findById(storageId); if (pool != null) { if (pool.getStatus() == StoragePoolStatus.Up && pool.getDataCenterId() == zoneId) { prepareTemplateInOneStoragePool(vmTemplate, pool); } else { logger.warn("Skip loading template " + vmTemplate.getId() + " into primary storage " + pool.getId() + " as either the pool zone " + pool.getDataCenterId() + " is different from the requested zone " + zoneId + " or the pool is currently not available."); } } } else { prepareTemplateInAllStoragePools(vmTemplate, zoneId); } return vmTemplate; } private String extract(Account caller, Long templateId, String url, Long zoneId, String mode, Long eventId, boolean isISO) { String desc = Upload.Type.TEMPLATE.toString(); if (isISO) { desc = Upload.Type.ISO.toString(); } if (!_accountMgr.isRootAdmin(caller.getId()) && _disableExtraction) { throw new PermissionDeniedException("Extraction has been disabled by admin"); } VMTemplateVO template = _tmpltDao.findById(templateId); if (template == null || template.getRemoved() != null) { throw new InvalidParameterValueException("Unable to find " + desc + " with id " + templateId); } if (template.getTemplateType() == Storage.TemplateType.PERHOST) { throw new InvalidParameterValueException("Unable to extract the " + desc + " " + template.getName() + " as it resides on host and not on SSVM"); } if (isISO) { if (template.getFormat() != ImageFormat.ISO) { throw new InvalidParameterValueException("Unsupported format, could not extract the ISO"); } } else { if (template.getFormat() == ImageFormat.ISO) { throw new InvalidParameterValueException("Unsupported format, could not extract the template"); } } if (zoneId != null && _dcDao.findById(zoneId) == null) { throw new IllegalArgumentException("Please specify a valid zone."); } if (!_accountMgr.isRootAdmin(caller.getId()) && !template.isExtractable()) { throw new InvalidParameterValueException("Unable to extract template id=" + templateId + " as it's not extractable"); } _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, template); List ssStores = _dataStoreMgr.getImageStoresByScope(new ZoneScope(null)); TemplateDataStoreVO tmpltStoreRef = null; ImageStoreEntity tmpltStore = null; if (ssStores != null) { for (DataStore store : ssStores) { tmpltStoreRef = _tmplStoreDao.findByStoreTemplate(store.getId(), templateId); if (tmpltStoreRef != null) { if (tmpltStoreRef.getDownloadState() == com.cloud.storage.VMTemplateStorageResourceAssoc.Status.DOWNLOADED) { tmpltStore = (ImageStoreEntity)store; if (tmpltStoreRef.getExtractUrl() != null) { return tmpltStoreRef.getExtractUrl(); } break; } } } } if (tmpltStore == null) { throw new InvalidParameterValueException("The " + desc + " has not been downloaded "); } // Check if the url already exists if(tmpltStoreRef.getExtractUrl() != null){ return tmpltStoreRef.getExtractUrl(); } // Handle NFS to S3 object store migration case, we trigger template sync from NFS to S3 during extract template or copy template _tmpltSvr.syncTemplateToRegionStore(templateId, tmpltStore); TemplateInfo templateObject = _tmplFactory.getTemplate(templateId, tmpltStore); String extractUrl = tmpltStore.createEntityExtractUrl(templateObject.getInstallPath(), template.getFormat(), templateObject); tmpltStoreRef.setExtractUrl(extractUrl); tmpltStoreRef.setExtractUrlCreated(DateUtil.now()); _tmplStoreDao.update(tmpltStoreRef.getId(), tmpltStoreRef); return extractUrl; } @Override public void prepareIsoForVmProfile(VirtualMachineProfile profile, DeployDestination dest) { UserVmVO vm = _userVmDao.findById(profile.getId()); if (vm.getIsoId() != null) { Map storageForDisks = dest.getStorageForDisks(); Long poolId = null; TemplateInfo template; if (MapUtils.isNotEmpty(storageForDisks)) { for (StoragePool storagePool : storageForDisks.values()) { if (poolId != null && storagePool.getId() != poolId) { throw new CloudRuntimeException("Cannot determine where to download iso"); } poolId = storagePool.getId(); } } template = prepareIso(vm.getIsoId(), vm.getDataCenterId(), dest.getHost().getId(), poolId); if (template == null){ logger.error("Failed to prepare ISO on secondary or cache storage"); throw new CloudRuntimeException("Failed to prepare ISO on secondary or cache storage"); } if (template.isBootable()) { profile.setBootLoaderType(BootloaderType.CD); } GuestOSVO guestOS = _guestOSDao.findById(template.getGuestOSId()); String displayName = null; if (guestOS != null) { displayName = guestOS.getDisplayName(); } TemplateObjectTO iso = (TemplateObjectTO)template.getTO(); iso.setDirectDownload(template.isDirectDownload()); iso.setGuestOsType(displayName); DiskTO disk = new DiskTO(iso, 3L, null, Volume.Type.ISO); profile.addDisk(disk); } else { TemplateObjectTO iso = new TemplateObjectTO(); iso.setFormat(ImageFormat.ISO); DiskTO disk = new DiskTO(iso, 3L, null, Volume.Type.ISO); profile.addDisk(disk); } } private void prepareTemplateInOneStoragePool(final VMTemplateVO template, final StoragePoolVO pool) { logger.info("Schedule to preload template " + template.getId() + " into primary storage " + pool.getId()); if (pool.getPoolType() == Storage.StoragePoolType.DatastoreCluster) { List childDataStores = _poolDao.listChildStoragePoolsInDatastoreCluster(pool.getId()); logger.debug("Schedule to preload template " + template.getId() + " into child datastores of DataStore cluster: " + pool.getId()); for (StoragePoolVO childDataStore : childDataStores) { prepareTemplateInOneStoragePoolInternal(template, childDataStore); } } else { prepareTemplateInOneStoragePoolInternal(template, pool); } } private void prepareTemplateInOneStoragePoolInternal(final VMTemplateVO template, final StoragePoolVO pool) { _preloadExecutor.execute(new ManagedContextRunnable() { @Override protected void runInContext() { try { reallyRun(); } catch (Throwable e) { logger.warn("Unexpected exception ", e); } } private void reallyRun() { logger.info("Start to preload template " + template.getId() + " into primary storage " + pool.getId()); StoragePool pol = (StoragePool)_dataStoreMgr.getPrimaryDataStore(pool.getId()); prepareTemplateForCreate(template, pol); logger.info("End of preloading template " + template.getId() + " into primary storage " + pool.getId()); } }); } public void prepareTemplateInAllStoragePools(final VMTemplateVO template, long zoneId) { List pools = _poolDao.listByStatus(StoragePoolStatus.Up); for (final StoragePoolVO pool : pools) { if (pool.getDataCenterId() == zoneId) { prepareTemplateInOneStoragePool(template, pool); } else { logger.info("Skip loading template " + template.getId() + " into primary storage " + pool.getId() + " as pool zone " + pool.getDataCenterId() + " is different from the requested zone " + zoneId); } } } @Override @DB public VMTemplateStoragePoolVO prepareTemplateForCreate(VMTemplateVO templ, StoragePool pool) { VMTemplateVO template = _tmpltDao.findById(templ.getId(), true); long poolId = pool.getId(); long templateId = template.getId(); VMTemplateStoragePoolVO templateStoragePoolRef = null; TemplateDataStoreVO templateStoreRef = null; templateStoragePoolRef = _tmpltPoolDao.findByPoolTemplate(poolId, templateId, null); if (templateStoragePoolRef != null) { templateStoragePoolRef.setMarkedForGC(false); _tmpltPoolDao.update(templateStoragePoolRef.getId(), templateStoragePoolRef); if (templateStoragePoolRef.getDownloadState() == Status.DOWNLOADED) { if (logger.isDebugEnabled()) { logger.debug("Template " + templateId + " has already been downloaded to pool " + poolId); } return templateStoragePoolRef; } } templateStoreRef = _tmplStoreDao.findByTemplateZoneDownloadStatus(templateId, pool.getDataCenterId(), VMTemplateStorageResourceAssoc.Status.DOWNLOADED); if (templateStoreRef == null) { logger.error("Unable to find a secondary storage host who has completely downloaded the template."); return null; } List vos = _poolHostDao.listByHostStatus(poolId, com.cloud.host.Status.Up); if (vos == null || vos.isEmpty()) { throw new CloudRuntimeException("Cannot download " + templateId + " to poolId " + poolId + " since there is no host in the Up state connected to this pool"); } if (templateStoragePoolRef == null) { if (logger.isDebugEnabled()) { logger.debug("Downloading template " + templateId + " to pool " + poolId); } DataStore srcSecStore = _dataStoreMgr.getDataStore(templateStoreRef.getDataStoreId(), DataStoreRole.Image); TemplateInfo srcTemplate = _tmplFactory.getTemplate(templateId, srcSecStore); AsyncCallFuture future = _tmpltSvr.prepareTemplateOnPrimary(srcTemplate, pool); try { TemplateApiResult result = future.get(); if (result.isFailed()) { logger.debug("prepare template failed:" + result.getResult()); return null; } return _tmpltPoolDao.findByPoolTemplate(poolId, templateId, null); } catch (Exception ex) { logger.debug("failed to copy template from image store:" + srcSecStore.getName() + " to primary storage"); } } return null; } @Override public String getChecksum(DataStore store, String templatePath, String algorithm) { EndPoint ep = _epSelector.select(store); ComputeChecksumCommand cmd = new ComputeChecksumCommand(store.getTO(), templatePath, algorithm); Answer answer = null; if (ep == null) { String errMsg = "No remote endpoint to send command, check if host or ssvm is down?"; logger.error(errMsg); answer = new Answer(cmd, false, errMsg); } else { answer = ep.sendMessage(cmd); } if (answer != null && answer.getResult()) { return answer.getDetails(); } return null; } @Override @DB public boolean resetTemplateDownloadStateOnPool(long templateStoragePoolRefId) { // have to use the same lock that prepareTemplateForCreate use to // maintain state consistency VMTemplateStoragePoolVO templateStoragePoolRef = _tmpltPoolDao.acquireInLockTable(templateStoragePoolRefId, 1200); if (templateStoragePoolRef == null) { logger.warn("resetTemplateDownloadStateOnPool failed - unable to lock TemplateStorgePoolRef " + templateStoragePoolRefId); return false; } try { templateStoragePoolRef.setTemplateSize(0); templateStoragePoolRef.setDownloadState(VMTemplateStorageResourceAssoc.Status.NOT_DOWNLOADED); _tmpltPoolDao.update(templateStoragePoolRefId, templateStoragePoolRef); } finally { _tmpltPoolDao.releaseFromLockTable(templateStoragePoolRefId); } return true; } @Override @DB public boolean copy(long userId, VMTemplateVO template, DataStore srcSecStore, DataCenterVO dstZone) throws StorageUnavailableException, ResourceAllocationException { long tmpltId = template.getId(); long dstZoneId = dstZone.getId(); // find all eligible image stores for the destination zone List dstSecStores = _dataStoreMgr.getImageStoresByScopeExcludingReadOnly(new ZoneScope(dstZoneId)); if (dstSecStores == null || dstSecStores.isEmpty()) { throw new StorageUnavailableException("Destination zone is not ready, no image store associated", DataCenter.class, dstZone.getId()); } AccountVO account = _accountDao.findById(template.getAccountId()); // find the size of the template to be copied TemplateDataStoreVO srcTmpltStore = _tmplStoreDao.findByStoreTemplate(srcSecStore.getId(), tmpltId); _resourceLimitMgr.checkResourceLimit(account, ResourceType.template); _resourceLimitMgr.checkResourceLimit(account, ResourceType.secondary_storage, new Long(srcTmpltStore.getSize()).longValue()); // Event details String copyEventType; if (template.getFormat().equals(ImageFormat.ISO)) { copyEventType = EventTypes.EVENT_ISO_COPY; } else { copyEventType = EventTypes.EVENT_TEMPLATE_COPY; } TemplateInfo srcTemplate = _tmplFactory.getTemplate(template.getId(), srcSecStore); // Copy will just find one eligible image store for the destination zone // and copy template there, not propagate to all image stores // for that zone for (DataStore dstSecStore : dstSecStores) { TemplateDataStoreVO dstTmpltStore = _tmplStoreDao.findByStoreTemplate(dstSecStore.getId(), tmpltId); if (dstTmpltStore != null && dstTmpltStore.getDownloadState() == Status.DOWNLOADED) { return true; // already downloaded on this image store } if (dstTmpltStore != null && dstTmpltStore.getDownloadState() != Status.DOWNLOAD_IN_PROGRESS) { _tmplStoreDao.removeByTemplateStore(tmpltId, dstSecStore.getId()); } AsyncCallFuture future = _tmpltSvr.copyTemplate(srcTemplate, dstSecStore); try { TemplateApiResult result = future.get(); if (result.isFailed()) { logger.debug("copy template failed for image store " + dstSecStore.getName() + ":" + result.getResult()); continue; // try next image store } _tmpltDao.addTemplateToZone(template, dstZoneId); if (account.getId() != Account.ACCOUNT_ID_SYSTEM) { UsageEventUtils.publishUsageEvent(copyEventType, account.getId(), dstZoneId, tmpltId, null, null, null, srcTmpltStore.getPhysicalSize(), srcTmpltStore.getSize(), template.getClass().getName(), template.getUuid()); } // Copy every Datadisk template that belongs to the template to Destination zone List dataDiskTemplates = _tmpltDao.listByParentTemplatetId(template.getId()); if (dataDiskTemplates != null && !dataDiskTemplates.isEmpty()) { for (VMTemplateVO dataDiskTemplate : dataDiskTemplates) { logger.debug("Copying " + dataDiskTemplates.size() + " for source template " + template.getId() + ". Copy all Datadisk templates to destination datastore " + dstSecStore.getName()); TemplateInfo srcDataDiskTemplate = _tmplFactory.getTemplate(dataDiskTemplate.getId(), srcSecStore); AsyncCallFuture dataDiskCopyFuture = _tmpltSvr.copyTemplate(srcDataDiskTemplate, dstSecStore); try { TemplateApiResult dataDiskCopyResult = dataDiskCopyFuture.get(); if (dataDiskCopyResult.isFailed()) { logger.error("Copy of datadisk template: " + srcDataDiskTemplate.getId() + " to image store: " + dstSecStore.getName() + " failed with error: " + dataDiskCopyResult.getResult() + " , will try copying the next one"); continue; // Continue to copy next Datadisk template } _tmpltDao.addTemplateToZone(dataDiskTemplate, dstZoneId); _resourceLimitMgr.incrementResourceCount(dataDiskTemplate.getAccountId(), ResourceType.secondary_storage, dataDiskTemplate.getSize()); } catch (Exception ex) { logger.error("Failed to copy datadisk template: " + srcDataDiskTemplate.getId() + " to image store: " + dstSecStore.getName() + " , will try copying the next one"); } } } } catch (Exception ex) { logger.debug("failed to copy template to image store:" + dstSecStore.getName() + " ,will try next one"); } } return true; } @Override @ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_COPY, eventDescription = "copying template", async = true) public VirtualMachineTemplate copyTemplate(CopyTemplateCmd cmd) throws StorageUnavailableException, ResourceAllocationException { Long templateId = cmd.getId(); Long userId = CallContext.current().getCallingUserId(); Long sourceZoneId = cmd.getSourceZoneId(); List destZoneIds = cmd.getDestinationZoneIds(); Account caller = CallContext.current().getCallingAccount(); // Verify parameters VMTemplateVO template = _tmpltDao.findById(templateId); if (template == null || template.getRemoved() != null) { throw new InvalidParameterValueException("Unable to find template with id"); } // Verify template is not Datadisk template if (template.getTemplateType().equals(TemplateType.DATADISK)) { throw new InvalidParameterValueException("Template " + template.getId() + " is of type Datadisk. Cannot copy Datadisk templates."); } if (sourceZoneId != null) { if (destZoneIds!= null && destZoneIds.contains(sourceZoneId)) { throw new InvalidParameterValueException("Please specify different source and destination zones."); } DataCenterVO sourceZone = _dcDao.findById(sourceZoneId); if (sourceZone == null) { throw new InvalidParameterValueException("Please specify a valid source zone."); } } Map dataCenterVOs = new HashMap(); for (Long destZoneId: destZoneIds) { DataCenterVO dstZone = _dcDao.findById(destZoneId); if (dstZone == null) { throw new InvalidParameterValueException("Please specify a valid destination zone."); } dataCenterVOs.put(destZoneId, dstZone); } _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, template); List failedZones = new ArrayList<>(); boolean success = false; if (template.getHypervisorType() == HypervisorType.BareMetal) { if (template.isCrossZones()) { logger.debug("Template " + templateId + " is cross-zone, don't need to copy"); return template; } for (Long destZoneId: destZoneIds) { if (!addTemplateToZone(template, destZoneId, sourceZoneId)) { failedZones.add(dataCenterVOs.get(destZoneId).getName()); } } } else { DataStore srcSecStore = null; if (sourceZoneId != null) { // template is on zone-wide secondary storage srcSecStore = getImageStore(sourceZoneId, templateId); } else { // template is on region store srcSecStore = getImageStore(templateId); } if (srcSecStore == null) { throw new InvalidParameterValueException("There is no template " + templateId + " ready on image store."); } if (template.isCrossZones()) { // sync template from cache store to region store if it is not there, for cases where we are going to migrate existing NFS to S3. _tmpltSvr.syncTemplateToRegionStore(templateId, srcSecStore); } for (Long destZoneId : destZoneIds) { DataStore dstSecStore = getImageStore(destZoneId, templateId); if (dstSecStore != null) { logger.debug("There is template " + templateId + " in secondary storage " + dstSecStore.getName() + " in zone " + destZoneId + " , don't need to copy"); continue; } if (!copy(userId, template, srcSecStore, dataCenterVOs.get(destZoneId))) { failedZones.add(dataCenterVOs.get(destZoneId).getName()); } else{ if (template.getSize() != null) { // increase resource count long accountId = template.getAccountId(); _resourceLimitMgr.incrementResourceCount(accountId, ResourceType.secondary_storage, template.getSize()); } } } } if ((destZoneIds != null) && (destZoneIds.size() > failedZones.size())){ if (!failedZones.isEmpty()) { logger.debug("There were failures when copying template to zones: " + StringUtils.listToCsvTags(failedZones)); } return template; } else { throw new CloudRuntimeException("Failed to copy template"); } } private boolean addTemplateToZone(VMTemplateVO template, long dstZoneId, long sourceZoneid) throws ResourceAllocationException{ long tmpltId = template.getId(); DataCenterVO dstZone = _dcDao.findById(dstZoneId); DataCenterVO sourceZone = _dcDao.findById(sourceZoneid); AccountVO account = _accountDao.findById(template.getAccountId()); _resourceLimitMgr.checkResourceLimit(account, ResourceType.template); try { _tmpltDao.addTemplateToZone(template, dstZoneId); return true; } catch (Exception ex) { logger.debug("failed to copy template from Zone: " + sourceZone.getUuid() + " to Zone: " + dstZone.getUuid()); } return false; } @Override public boolean delete(long userId, long templateId, Long zoneId) { VMTemplateVO template = _tmpltDao.findById(templateId); if (template == null || template.getRemoved() != null) { throw new InvalidParameterValueException("Please specify a valid template."); } TemplateAdapter adapter = getAdapter(template.getHypervisorType()); return adapter.delete(new TemplateProfile(userId, template, zoneId)); } @Override public List getUnusedTemplatesInPool(StoragePoolVO pool) { List unusedTemplatesInPool = new ArrayList(); List allTemplatesInPool = _tmpltPoolDao.listByPoolId(pool.getId()); for (VMTemplateStoragePoolVO templatePoolVO : allTemplatesInPool) { VMTemplateVO template = _tmpltDao.findByIdIncludingRemoved(templatePoolVO.getTemplateId()); // If this is a routing template, consider it in use if (template.getTemplateType() == TemplateType.SYSTEM) { continue; } // If the template is not yet downloaded to the pool, consider it in // use if (templatePoolVO.getDownloadState() != Status.DOWNLOADED) { continue; } if (template.getFormat() != ImageFormat.ISO && !_volumeDao.isAnyVolumeActivelyUsingTemplateOnPool(template.getId(), pool.getId())) { unusedTemplatesInPool.add(templatePoolVO); } } return unusedTemplatesInPool; } @Override @DB public void evictTemplateFromStoragePool(VMTemplateStoragePoolVO templatePoolVO) { // Need to hold the lock; otherwise, another thread may create a volume from the template at the same time. // Assumption here is that we will hold the same lock during create volume from template. VMTemplateStoragePoolVO templatePoolRef = _tmpltPoolDao.acquireInLockTable(templatePoolVO.getId()); if (templatePoolRef == null) { logger.debug("Can't aquire the lock for template pool ref: " + templatePoolVO.getId()); return; } PrimaryDataStore pool = (PrimaryDataStore)_dataStoreMgr.getPrimaryDataStore(templatePoolVO.getPoolId()); TemplateInfo template = _tmplFactory.getTemplateOnPrimaryStorage(templatePoolRef.getTemplateId(), pool, templatePoolRef.getDeploymentOption()); try { if (logger.isDebugEnabled()) { logger.debug("Evicting " + templatePoolVO); } if (pool.isManaged()) { // For managed store, just delete the template volume. AsyncCallFuture future = _tmpltSvr.deleteTemplateOnPrimary(template, pool); TemplateApiResult result = future.get(); if (result.isFailed()) { logger.debug("Failed to delete template " + template.getId() + " from storage pool " + pool.getId()); } else { // Remove the templatePoolVO. if (_tmpltPoolDao.remove(templatePoolVO.getId())) { logger.debug("Successfully evicted template " + template.getName() + " from storage pool " + pool.getName()); } } } else { DestroyCommand cmd = new DestroyCommand(pool, templatePoolVO); Answer answer = _storageMgr.sendToPool(pool, cmd); if (answer != null && answer.getResult()) { // Remove the templatePoolVO. if (_tmpltPoolDao.remove(templatePoolVO.getId())) { logger.debug("Successfully evicted template " + template.getName() + " from storage pool " + pool.getName()); } } else { logger.info("Will retry evict template " + template.getName() + " from storage pool " + pool.getName()); } } } catch (StorageUnavailableException | InterruptedException | ExecutionException e) { logger.info("Storage is unavailable currently. Will retry evicte template " + template.getName() + " from storage pool " + pool.getName()); } finally { _tmpltPoolDao.releaseFromLockTable(templatePoolRef.getId()); } } @Override public boolean start() { return true; } @Override public boolean stop() { return true; } @Override public boolean configure(String name, Map params) throws ConfigurationException { String disableExtraction = _configDao.getValue(Config.DisableExtraction.toString()); _disableExtraction = (disableExtraction == null) ? false : Boolean.parseBoolean(disableExtraction); _preloadExecutor = Executors.newFixedThreadPool(TemplatePreloaderPoolSize.value(), new NamedThreadFactory("Template-Preloader")); return true; } protected TemplateManagerImpl() { } @Override public boolean templateIsDeleteable(long templateId) { List userVmUsingIso = _userVmJoinDao.listActiveByIsoId(templateId); // check if there is any Vm using this ISO. We only need to check the // case where templateId is an ISO since // VM can be launched from ISO in secondary storage, while template will // always be copied to // primary storage before deploying VM. if (!userVmUsingIso.isEmpty()) { logger.debug("ISO " + templateId + " is not deleteable because it is attached to " + userVmUsingIso.size() + " VMs"); return false; } return true; } @Override @ActionEvent(eventType = EventTypes.EVENT_ISO_DETACH, eventDescription = "detaching ISO", async = true) public boolean detachIso(long vmId, boolean forced) { Account caller = CallContext.current().getCallingAccount(); Long userId = CallContext.current().getCallingUserId(); // Verify input parameters UserVmVO vmInstanceCheck = _userVmDao.findById(vmId); if (vmInstanceCheck == null) { throw new InvalidParameterValueException("Unable to find a virtual machine with id " + vmId); } UserVm userVM = _userVmDao.findById(vmId); if (userVM == null) { throw new InvalidParameterValueException("Please specify a valid VM."); } _accountMgr.checkAccess(caller, null, true, userVM); Long isoId = userVM.getIsoId(); if (isoId == null) { throw new InvalidParameterValueException("The specified VM has no ISO attached to it."); } CallContext.current().setEventDetails("Vm Id: " + userVM.getUuid() + " ISO Id: " + isoId); State vmState = userVM.getState(); if (vmState != State.Running && vmState != State.Stopped) { throw new InvalidParameterValueException("Please specify a VM that is either Stopped or Running."); } boolean result = attachISOToVM(vmId, userId, isoId, false, forced); // attach=false // => detach if (result) { return result; } else { throw new CloudRuntimeException("Failed to detach iso"); } } @Override @ActionEvent(eventType = EventTypes.EVENT_ISO_ATTACH, eventDescription = "attaching ISO", async = true) public boolean attachIso(long isoId, long vmId, boolean forced) { Account caller = CallContext.current().getCallingAccount(); Long userId = CallContext.current().getCallingUserId(); // Verify input parameters UserVmVO vm = _userVmDao.findById(vmId); if (vm == null) { throw new InvalidParameterValueException("Unable to find a virtual machine with id " + vmId); } VMTemplateVO iso = _tmpltDao.findById(isoId); if (iso == null || iso.getRemoved() != null) { throw new InvalidParameterValueException("Unable to find an ISO with id " + isoId); } if (!TemplateType.PERHOST.equals(iso.getTemplateType())) { VMTemplateZoneVO exists = _tmpltZoneDao.findByZoneTemplate(vm.getDataCenterId(), isoId); if (null == exists) { throw new InvalidParameterValueException("ISO is not available in the zone the VM is in."); } } // check permissions // check if caller has access to VM and ISO // and also check if the VM's owner has access to the ISO. _accountMgr.checkAccess(caller, null, false, iso, vm); Account vmOwner = _accountDao.findById(vm.getAccountId()); _accountMgr.checkAccess(vmOwner, null, false, iso, vm); State vmState = vm.getState(); if (vmState != State.Running && vmState != State.Stopped) { throw new InvalidParameterValueException("Please specify a VM that is either Stopped or Running."); } if (XS_TOOLS_ISO.equals(iso.getUniqueName()) && vm.getHypervisorType() != Hypervisor.HypervisorType.XenServer) { throw new InvalidParameterValueException("Cannot attach Xenserver PV drivers to incompatible hypervisor " + vm.getHypervisorType()); } if (VMWARE_TOOLS_ISO.equals(iso.getUniqueName()) && vm.getHypervisorType() != Hypervisor.HypervisorType.VMware) { throw new InvalidParameterValueException("Cannot attach VMware tools drivers to incompatible hypervisor " + vm.getHypervisorType()); } boolean result = attachISOToVM(vmId, userId, isoId, true, forced); if (result) { return result; } else { throw new CloudRuntimeException("Failed to attach iso"); } } // for ISO, we need to consider whether to copy to cache storage or not if it is not on NFS, since our hypervisor resource always assumes that they are in NFS @Override public TemplateInfo prepareIso(long isoId, long dcId, Long hostId, Long poolId) { TemplateInfo tmplt; boolean bypassed = false; if (_tmplFactory.isTemplateMarkedForDirectDownload(isoId)) { tmplt = _tmplFactory.getReadyBypassedTemplateOnPrimaryStore(isoId, poolId, hostId); bypassed = true; } else { tmplt = _tmplFactory.getReadyTemplateOnImageStore(isoId, dcId); } if (tmplt == null || tmplt.getFormat() != ImageFormat.ISO) { logger.warn("ISO: " + isoId + " does not exist in vm_template table"); return null; } if (!bypassed && tmplt.getDataStore() != null && !(tmplt.getDataStore().getTO() instanceof NfsTO)) { // if it is s3, need to download into cache storage first Scope destScope = new ZoneScope(dcId); TemplateInfo cacheData = (TemplateInfo)cacheMgr.createCacheObject(tmplt, destScope); if (cacheData == null) { logger.error("Failed in copy iso from S3 to cache storage"); return null; } return cacheData; } else { return tmplt; } } private boolean attachISOToVM(long vmId, long isoId, boolean attach, boolean forced) { UserVmVO vm = _userVmDao.findById(vmId); if (vm == null) { return false; } else if (vm.getState() != State.Running) { return true; } // prepare ISO ready to mount on hypervisor resource level TemplateInfo tmplt = prepareIso(isoId, vm.getDataCenterId(), vm.getHostId(), null); if (tmplt == null) { logger.error("Failed to prepare ISO ready to mount on hypervisor resource level"); throw new CloudRuntimeException("Failed to prepare ISO ready to mount on hypervisor resource level"); } String vmName = vm.getInstanceName(); HostVO host = _hostDao.findById(vm.getHostId()); if (host == null) { logger.warn("Host: " + vm.getHostId() + " does not exist"); return false; } DataTO isoTO = tmplt.getTO(); DiskTO disk = new DiskTO(isoTO, null, null, Volume.Type.ISO); HypervisorGuru hvGuru = _hvGuruMgr.getGuru(vm.getHypervisorType()); VirtualMachineProfile profile = new VirtualMachineProfileImpl(vm); VirtualMachineTO vmTO = hvGuru.implement(profile); Command cmd = null; if (attach) { cmd = new AttachCommand(disk, vmName, vmTO.getDetails()); ((AttachCommand)cmd).setForced(forced); } else { cmd = new DettachCommand(disk, vmName, vmTO.getDetails()); ((DettachCommand)cmd).setForced(forced); } Answer a = _agentMgr.easySend(vm.getHostId(), cmd); return (a != null && a.getResult()); } private boolean attachISOToVM(long vmId, long userId, long isoId, boolean attach, boolean forced) { UserVmVO vm = _userVmDao.findById(vmId); VMTemplateVO iso = _tmpltDao.findById(isoId); boolean success = attachISOToVM(vmId, isoId, attach, forced); if (success && attach) { vm.setIsoId(iso.getId()); _userVmDao.update(vmId, vm); } if (success && !attach) { vm.setIsoId(null); _userVmDao.update(vmId, vm); } return success; } @Override @ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_DELETE, eventDescription = "deleting template", async = true) public boolean deleteTemplate(DeleteTemplateCmd cmd) { Long templateId = cmd.getId(); Account caller = CallContext.current().getCallingAccount(); VMTemplateVO template = _tmpltDao.findById(templateId); if (template == null) { throw new InvalidParameterValueException("unable to find template with id " + templateId); } List vmInstanceVOList; if(cmd.getZoneId() != null) { vmInstanceVOList = _vmInstanceDao.listNonExpungedByZoneAndTemplate(cmd.getZoneId(), templateId); } else { vmInstanceVOList = _vmInstanceDao.listNonExpungedByTemplate(templateId); } if(!cmd.isForced() && CollectionUtils.isNotEmpty(vmInstanceVOList)) { final String message = String.format("Unable to delete template with id: %1$s because VM instances: [%2$s] are using it.", templateId, Joiner.on(",").join(vmInstanceVOList)); logger.warn(message); throw new InvalidParameterValueException(message); } _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, template); if (template.getFormat() == ImageFormat.ISO) { throw new InvalidParameterValueException("Please specify a valid template."); } VnfTemplateUtils.validateApiCommandParams(cmd, template); TemplateAdapter adapter = getAdapter(template.getHypervisorType()); TemplateProfile profile = adapter.prepareDelete(cmd); return adapter.delete(profile); } @Override @ActionEvent(eventType = EventTypes.EVENT_ISO_DELETE, eventDescription = "deleting iso", async = true) public boolean deleteIso(DeleteIsoCmd cmd) { Long templateId = cmd.getId(); Account caller = CallContext.current().getCallingAccount(); Long zoneId = cmd.getZoneId(); VMTemplateVO template = _tmpltDao.findById(templateId); if (template == null) { throw new InvalidParameterValueException("unable to find iso with id " + templateId); } _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, template); if (template.getFormat() != ImageFormat.ISO) { throw new InvalidParameterValueException("Please specify a valid iso."); } // check if there is any VM using this ISO. if (!templateIsDeleteable(templateId)) { throw new InvalidParameterValueException("Unable to delete iso, as it's used by other vms"); } if (zoneId != null && (_dataStoreMgr.getImageStoreWithFreeCapacity(zoneId) == null)) { throw new InvalidParameterValueException("Failed to find a secondary storage store in the specified zone."); } TemplateAdapter adapter = getAdapter(template.getHypervisorType()); TemplateProfile profile = adapter.prepareDelete(cmd); boolean result = adapter.delete(profile); if (result) { return true; } else { throw new CloudRuntimeException("Failed to delete ISO"); } } @Override public List listTemplatePermissions(BaseListTemplateOrIsoPermissionsCmd cmd) { Account caller = CallContext.current().getCallingAccount(); Long id = cmd.getId(); if (id.equals(Long.valueOf(1))) { throw new PermissionDeniedException("unable to list permissions for " + cmd.getMediaType() + " with id " + id); } VirtualMachineTemplate template = _tmpltDao.findById(id); if (template == null) { throw new InvalidParameterValueException("unable to find " + cmd.getMediaType() + " with id " + id); } if (cmd instanceof ListTemplatePermissionsCmd) { if (template.getFormat().equals(ImageFormat.ISO)) { throw new InvalidParameterValueException("Please provide a valid template"); } } else if (cmd instanceof ListIsoPermissionsCmd) { if (!template.getFormat().equals(ImageFormat.ISO)) { throw new InvalidParameterValueException("Please provide a valid iso"); } } if (!template.isPublicTemplate()) { _accountMgr.checkAccess(caller, null, true, template); } List accountNames = new ArrayList(); List permissions = _launchPermissionDao.findByTemplate(id); if ((permissions != null) && !permissions.isEmpty()) { for (LaunchPermissionVO permission : permissions) { Account acct = _accountDao.findById(permission.getAccountId()); accountNames.add(acct.getAccountName()); } } // also add the owner if not public if (!template.isPublicTemplate()) { Account templateOwner = _accountDao.findById(template.getAccountId()); accountNames.add(templateOwner.getAccountName()); } return accountNames; } @DB @Override public boolean updateTemplateOrIsoPermissions(BaseUpdateTemplateOrIsoPermissionsCmd cmd) { // Input validation final Long id = cmd.getId(); final Account caller = CallContext.current().getCallingAccount(); final User user = CallContext.current().getCallingUser(); List accountNames = cmd.getAccountNames(); List projectIds = cmd.getProjectIds(); Boolean isFeatured = cmd.isFeatured(); Boolean isPublic = cmd.isPublic(); Boolean isExtractable = cmd.isExtractable(); String operation = cmd.getOperation(); String mediaType = ""; VMTemplateVO template = _tmpltDao.findById(id); if (template == null) { throw new InvalidParameterValueException("unable to find " + mediaType + " with id " + id); } if (cmd instanceof UpdateTemplatePermissionsCmd) { mediaType = "template"; if (template.getFormat().equals(ImageFormat.ISO)) { throw new InvalidParameterValueException("Please provide a valid template"); } } if (cmd instanceof UpdateIsoPermissionsCmd) { mediaType = "iso"; if (!template.getFormat().equals(ImageFormat.ISO)) { throw new InvalidParameterValueException("Please provide a valid iso"); } } // convert projectIds to accountNames if (projectIds != null) { // CS-17842, initialize accountNames list if (accountNames == null) { accountNames = new ArrayList(); } for (Long projectId : projectIds) { Project project = _projectMgr.getProject(projectId); if (project == null) { throw new InvalidParameterValueException("Unable to find project by id " + projectId); } if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); } accountNames.add(_accountMgr.getAccount(project.getProjectAccountId()).getAccountName()); } } //_accountMgr.checkAccess(caller, AccessType.ModifyEntry, true, template); _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, template); //TODO: should we replace all ModifyEntry as OperateEntry? // If the template is removed throw an error. if (template.getRemoved() != null) { logger.error("unable to update permissions for " + mediaType + " with id " + id + " as it is removed "); throw new InvalidParameterValueException("unable to update permissions for " + mediaType + " with id " + id + " as it is removed "); } if (id.equals(Long.valueOf(1))) { throw new InvalidParameterValueException("unable to update permissions for " + mediaType + " with id " + id); } Long ownerId = template.getAccountId(); Account owner = _accountMgr.getAccount(ownerId); if (ownerId == null) { // if there is no owner of the template then it's probably already a // public template (or domain private template) so // publishing to individual users is irrelevant throw new InvalidParameterValueException("Update template permissions is an invalid operation on template " + template.getName()); } if (owner.getType() == Account.Type.PROJECT) { // if it is a project owned template/iso, the user must at least have access to be allowed to share it. _accountMgr.checkAccess(user, template); } // check configuration parameter(allow.public.user.templates) value for // the template owner boolean isAdmin = _accountMgr.isAdmin(caller.getId()); boolean allowPublicUserTemplates = AllowPublicUserTemplates.valueIn(template.getAccountId()); if (!isAdmin && !allowPublicUserTemplates && isPublic != null && isPublic) { throw new InvalidParameterValueException("Only private " + mediaType + "s can be created."); } if (accountNames != null) { if ((operation == null) || (!operation.equalsIgnoreCase("add") && !operation.equalsIgnoreCase("remove") && !operation.equalsIgnoreCase("reset"))) { throw new InvalidParameterValueException( "Invalid operation on accounts, the operation must be either 'add' or 'remove' in order to modify launch permissions." + " Given operation is: '" + operation + "'"); } } //Only admin or owner of the template should be able to change its permissions if (caller.getId() != ownerId && !isAdmin) { throw new InvalidParameterValueException("Unable to grant permission to account " + caller.getAccountName() + " as it is neither admin nor owner or the template"); } VMTemplateVO updatedTemplate = _tmpltDao.createForUpdate(); if (isPublic != null) { updatedTemplate.setPublicTemplate(isPublic.booleanValue()); } if (isFeatured != null) { updatedTemplate.setFeatured(isFeatured.booleanValue()); } if (isExtractable != null) { // Only Root admins and owners are allowed to change it for templates if (!template.getFormat().equals(ImageFormat.ISO) && caller.getId() != ownerId && !isAdmin) { throw new InvalidParameterValueException("Only ROOT admins and template owners are allowed to modify isExtractable attribute."); } else { // For Isos normal user can change it, as their are no derivatives. updatedTemplate.setExtractable(isExtractable.booleanValue()); } } _tmpltDao.update(template.getId(), updatedTemplate); //when operation is add/remove, accountNames can not be null if (("add".equalsIgnoreCase(operation) || "remove".equalsIgnoreCase(operation)) && accountNames == null) { throw new InvalidParameterValueException("Operation " + operation + " requires accounts or projectIds to be passed in"); } //Derive the domain id from the template owner as updateTemplatePermissions is not cross domain operation final Domain domain = _domainDao.findById(owner.getDomainId()); if ("add".equalsIgnoreCase(operation)) { final List accountNamesFinal = accountNames; final List accountIds = new ArrayList(); Transaction.execute(new TransactionCallbackNoReturn() { @Override public void doInTransactionWithoutResult(TransactionStatus status) { for (String accountName : accountNamesFinal) { Account permittedAccount = _accountDao.findActiveAccount(accountName, domain.getId()); if (permittedAccount != null) { if (permittedAccount.getId() == caller.getId()) { continue; // don't grant permission to the template // owner, they implicitly have permission } accountIds.add(permittedAccount.getId()); LaunchPermissionVO existingPermission = _launchPermissionDao.findByTemplateAndAccount(id, permittedAccount.getId()); if (existingPermission == null) { LaunchPermissionVO launchPermission = new LaunchPermissionVO(id, permittedAccount.getId()); _launchPermissionDao.persist(launchPermission); } } else { throw new InvalidParameterValueException("Unable to grant a launch permission to account " + accountName + " in domain id=" + domain.getUuid() + ", account not found. " + "No permissions updated, please verify the account names and retry."); } } } }); // add ACL permission in IAM Map permit = new HashMap(); permit.put(ApiConstants.ENTITY_TYPE, VirtualMachineTemplate.class); permit.put(ApiConstants.ENTITY_ID, id); permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry); permit.put(ApiConstants.ACCOUNTS, accountIds); _messageBus.publish(_name, EntityManager.MESSAGE_GRANT_ENTITY_EVENT, PublishScope.LOCAL, permit); } else if ("remove".equalsIgnoreCase(operation)) { List accountIds = new ArrayList(); for (String accountName : accountNames) { Account permittedAccount = _accountDao.findActiveAccount(accountName, domain.getId()); if (permittedAccount != null) { accountIds.add(permittedAccount.getId()); } } _launchPermissionDao.removePermissions(id, accountIds); // remove ACL permission in IAM Map permit = new HashMap(); permit.put(ApiConstants.ENTITY_TYPE, VirtualMachineTemplate.class); permit.put(ApiConstants.ENTITY_ID, id); permit.put(ApiConstants.ACCESS_TYPE, AccessType.UseEntry); permit.put(ApiConstants.ACCOUNTS, accountIds); _messageBus.publish(_name, EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, PublishScope.LOCAL, permit); } else if ("reset".equalsIgnoreCase(operation)) { // do we care whether the owning account is an admin? if the // owner is an admin, will we still set public to false? updatedTemplate = _tmpltDao.createForUpdate(); updatedTemplate.setPublicTemplate(false); updatedTemplate.setFeatured(false); _tmpltDao.update(template.getId(), updatedTemplate); _launchPermissionDao.removeAllPermissions(id); _messageBus.publish(_name, TemplateManager.MESSAGE_RESET_TEMPLATE_PERMISSION_EVENT, PublishScope.LOCAL, template.getId()); } return true; } @Override @DB @ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_CREATE, eventDescription = "creating template", async = true) public VirtualMachineTemplate createPrivateTemplate(CreateTemplateCmd command) throws CloudRuntimeException { final long templateId = command.getEntityId(); Long volumeId = command.getVolumeId(); Long snapshotId = command.getSnapshotId(); VMTemplateVO privateTemplate = null; final Long accountId = CallContext.current().getCallingAccountId(); SnapshotVO snapshot = null; VolumeVO volume = null; Account caller = CallContext.current().getCallingAccount(); boolean kvmSnapshotOnlyInPrimaryStorage = false; SnapshotInfo snapInfo = null; try { TemplateInfo tmplInfo = _tmplFactory.getTemplate(templateId, DataStoreRole.Image); long zoneId = 0; if (snapshotId != null) { snapshot = _snapshotDao.findById(snapshotId); if (command.getZoneId() == null) { VolumeVO snapshotVolume = _volumeDao.findByIdIncludingRemoved(snapshot.getVolumeId()); zoneId = snapshotVolume.getDataCenterId(); } else { zoneId = command.getZoneId(); } } else if (volumeId != null) { volume = _volumeDao.findById(volumeId); zoneId = volume.getDataCenterId(); } DataStore store = _dataStoreMgr.getImageStoreWithFreeCapacity(zoneId); if (store == null) { throw new CloudRuntimeException("cannot find an image store for zone " + zoneId); } AsyncCallFuture future = null; if (snapshotId != null) { DataStoreRole dataStoreRole = snapshotHelper.getDataStoreRole(snapshot); kvmSnapshotOnlyInPrimaryStorage = snapshotHelper.isKvmSnapshotOnlyInPrimaryStorage(snapshot, dataStoreRole); snapInfo = _snapshotFactory.getSnapshotWithRoleAndZone(snapshotId, dataStoreRole, zoneId); if (dataStoreRole == DataStoreRole.Image || kvmSnapshotOnlyInPrimaryStorage) { snapInfo = snapshotHelper.backupSnapshotToSecondaryStorageIfNotExists(snapInfo, dataStoreRole, snapshot, kvmSnapshotOnlyInPrimaryStorage); _accountMgr.checkAccess(caller, null, true, snapInfo); DataStore snapStore = snapInfo.getDataStore(); if (snapStore != null) { store = snapStore; // pick snapshot image store to create template } } future = _tmpltSvr.createTemplateFromSnapshotAsync(snapInfo, tmplInfo, store); } else if (volumeId != null) { VolumeInfo volInfo = _volFactory.getVolume(volumeId); if (volInfo == null) { throw new InvalidParameterValueException("No such volume exist"); } _accountMgr.checkAccess(caller, null, true, volInfo); future = _tmpltSvr.createTemplateFromVolumeAsync(volInfo, tmplInfo, store); } else { throw new CloudRuntimeException("Creating private Template need to specify snapshotId or volumeId"); } CommandResult result = null; try { result = future.get(); if (result.isFailed()) { privateTemplate = null; logger.debug("Failed to create template" + result.getResult()); throw new CloudRuntimeException("Failed to create template" + result.getResult()); } // create entries in template_zone_ref table if (_dataStoreMgr.isRegionStore(store)) { // template created on region store _tmpltSvr.associateTemplateToZone(templateId, null); } else { VMTemplateZoneVO templateZone = new VMTemplateZoneVO(zoneId, templateId, new Date()); _tmpltZoneDao.persist(templateZone); } privateTemplate = _tmpltDao.findById(templateId); TemplateDataStoreVO srcTmpltStore = _tmplStoreDao.findByStoreTemplate(store.getId(), templateId); UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_TEMPLATE_CREATE, privateTemplate.getAccountId(), zoneId, privateTemplate.getId(), privateTemplate.getName(), null, privateTemplate.getSourceTemplateId(), srcTmpltStore.getPhysicalSize(), privateTemplate.getSize()); _usageEventDao.persist(usageEvent); } catch (InterruptedException e) { logger.debug("Failed to create template", e); throw new CloudRuntimeException("Failed to create template", e); } catch (ExecutionException e) { logger.debug("Failed to create template", e); throw new CloudRuntimeException("Failed to create template", e); } } finally { if (privateTemplate == null) { final VolumeVO volumeFinal = volume; final SnapshotVO snapshotFinal = snapshot; Transaction.execute(new TransactionCallbackNoReturn() { @Override public void doInTransactionWithoutResult(TransactionStatus status) { // template_store_ref entries should have been removed using our // DataObject.processEvent command in case of failure, but clean // it up here to avoid // some leftovers which will cause removing template from // vm_template table fail. _tmplStoreDao.deletePrimaryRecordsForTemplate(templateId); // Remove the template_zone_ref record _tmpltZoneDao.deletePrimaryRecordsForTemplate(templateId); // Remove the template record _tmpltDao.expunge(templateId); // decrement resource count if (accountId != null) { _resourceLimitMgr.decrementResourceCount(accountId, ResourceType.template); _resourceLimitMgr.decrementResourceCount(accountId, ResourceType.secondary_storage, new Long(volumeFinal != null ? volumeFinal.getSize() : snapshotFinal.getSize())); } } }); } if (snapshotId != null) { snapshotHelper.expungeTemporarySnapshot(kvmSnapshotOnlyInPrimaryStorage, snapInfo); } } if (privateTemplate != null) { return privateTemplate; } else { throw new CloudRuntimeException("Failed to create a template"); } } @Override @ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_CREATE, eventDescription = "creating template", create = true) public VMTemplateVO createPrivateTemplateRecord(CreateTemplateCmd cmd, Account templateOwner) throws ResourceAllocationException { Account caller = CallContext.current().getCallingAccount(); boolean isAdmin = (_accountMgr.isAdmin(caller.getId())); _accountMgr.checkAccess(caller, null, true, templateOwner); String name = cmd.getTemplateName(); if ((org.apache.commons.lang3.StringUtils.isBlank(name) || (name.length() > VirtualMachineTemplate.MAXIMUM_TEMPLATE_NAME_LENGTH))) { throw new InvalidParameterValueException(String.format("Template name cannot be null and cannot be more %s characters", VirtualMachineTemplate.MAXIMUM_TEMPLATE_NAME_LENGTH)); } if (cmd.getTemplateTag() != null) { if (!_accountService.isRootAdmin(caller.getId())) { throw new PermissionDeniedException("Parameter templatetag can only be specified by a Root Admin, permission denied"); } } // do some parameter defaulting Integer bits = cmd.getBits(); Boolean requiresHvm = cmd.getRequiresHvm(); Boolean passwordEnabled = cmd.isPasswordEnabled(); Boolean sshKeyEnabled = cmd.isSshKeyEnabled(); Boolean isPublic = cmd.isPublic(); Boolean featured = cmd.isFeatured(); int bitsValue = ((bits == null) ? 64 : bits.intValue()); boolean requiresHvmValue = ((requiresHvm == null) ? true : requiresHvm.booleanValue()); boolean passwordEnabledValue = ((passwordEnabled == null) ? false : passwordEnabled.booleanValue()); boolean sshKeyEnabledValue = ((sshKeyEnabled == null) ? false : sshKeyEnabled.booleanValue()); if (isPublic == null) { isPublic = Boolean.FALSE; } boolean isDynamicScalingEnabled = cmd.isDynamicallyScalable(); // check whether template owner can create public templates boolean allowPublicUserTemplates = AllowPublicUserTemplates.valueIn(templateOwner.getId()); final Long zoneId = cmd.getZoneId(); if (!isAdmin && !allowPublicUserTemplates && isPublic) { throw new PermissionDeniedException("Failed to create template " + name + ", only private templates can be created."); } Long volumeId = cmd.getVolumeId(); Long snapshotId = cmd.getSnapshotId(); if (zoneId != null && snapshotId == null) { throw new InvalidParameterValueException("Failed to create private template record, zone ID can only be specified together with snapshot ID."); } if ((volumeId == null) && (snapshotId == null)) { throw new InvalidParameterValueException("Failed to create private template record, neither volume ID nor snapshot ID were specified."); } if ((volumeId != null) && (snapshotId != null)) { throw new InvalidParameterValueException("Failed to create private template record, please specify only one of volume ID (" + volumeId + ") and snapshot ID (" + snapshotId + ")"); } HypervisorType hyperType; VolumeVO volume = null; SnapshotVO snapshot = null; VMTemplateVO privateTemplate = null; if (volumeId != null) { // create template from volume volume = _volumeDao.findById(volumeId); if (volume == null) { throw new InvalidParameterValueException("Failed to create private template record, unable to find volume " + volumeId); } // check permissions _accountMgr.checkAccess(caller, null, true, volume); // Don't support creating templates from encrypted volumes (yet) if (volume.getPassphraseId() != null) { throw new UnsupportedOperationException("Cannot create templates from encrypted volumes"); } // If private template is created from Volume, check that the volume // will not be active when the private template is // created if (!_volumeMgr.volumeInactive(volume)) { String msg = "Unable to create private template for volume: " + volume.getName() + "; volume is attached to a non-stopped VM, please stop the VM first"; if (logger.isInfoEnabled()) { logger.info(msg); } throw new CloudRuntimeException(msg); } hyperType = _volumeDao.getHypervisorType(volumeId); if (HypervisorType.LXC.equals(hyperType)) { throw new InvalidParameterValueException("Template creation is not supported for LXC volume: " + volumeId); } } else { // create template from snapshot snapshot = _snapshotDao.findById(snapshotId); if (snapshot == null) { throw new InvalidParameterValueException("Failed to create private template record, unable to find snapshot " + snapshotId); } // Volume could be removed so find including removed to record source template id. volume = _volumeDao.findByIdIncludingRemoved(snapshot.getVolumeId()); // Don't support creating templates from encrypted volumes (yet) if (volume != null && volume.getPassphraseId() != null) { throw new UnsupportedOperationException("Cannot create templates from snapshots of encrypted volumes"); } // check permissions _accountMgr.checkAccess(caller, null, true, snapshot); if (snapshot.getState() != Snapshot.State.BackedUp) { throw new InvalidParameterValueException("Snapshot id=" + snapshotId + " is not in " + Snapshot.State.BackedUp + " state yet and can't be used for template creation"); } /* * // bug #11428. Operation not supported if vmware and snapshots * parent volume = ROOT if(snapshot.getHypervisorType() == * HypervisorType.VMware && snapshotVolume.getVolumeType() == * Type.DATADISK){ throw new UnsupportedServiceException( * "operation not supported, snapshot with id " + snapshotId + * " is created from Data Disk"); } */ hyperType = snapshot.getHypervisorType(); } if (zoneId != null) { DataCenterVO zone = _dcDao.findById(zoneId); if (zone == null) { throw new InvalidParameterValueException("Failed to create private template record, invalid zone specified"); } if (DataCenter.Type.Edge.equals(zone.getType())) { throw new InvalidParameterValueException("Failed to create private template record, Edge zones do not support template creation from snapshots"); } } _resourceLimitMgr.checkResourceLimit(templateOwner, ResourceType.template); _resourceLimitMgr.checkResourceLimit(templateOwner, ResourceType.secondary_storage, new Long(volume != null ? volume.getSize() : snapshot.getSize()).longValue()); if (!isAdmin || featured == null) { featured = Boolean.FALSE; } Long guestOSId = cmd.getOsTypeId(); GuestOSVO guestOS = _guestOSDao.findById(guestOSId); if (guestOS == null) { throw new InvalidParameterValueException("GuestOS with ID: " + guestOSId + " does not exist."); } Long nextTemplateId = _tmpltDao.getNextInSequence(Long.class, "id"); String description = cmd.getDisplayText(); boolean isExtractable = false; Long sourceTemplateId = null; if (volume != null) { VMTemplateVO template = ApiDBUtils.findTemplateById(volume.getTemplateId()); isExtractable = template != null && template.isExtractable() && template.getTemplateType() != Storage.TemplateType.SYSTEM; if (volume.getIsoId() != null && volume.getIsoId() != 0) { sourceTemplateId = volume.getIsoId(); } else if (volume.getTemplateId() != null) { sourceTemplateId = volume.getTemplateId(); } } String templateTag = cmd.getTemplateTag(); if (templateTag != null) { if (logger.isDebugEnabled()) { logger.debug("Adding template tag: " + templateTag); } } privateTemplate = new VMTemplateVO(nextTemplateId, name, ImageFormat.RAW, isPublic, featured, isExtractable, TemplateType.USER, null, requiresHvmValue, bitsValue, templateOwner.getId(), null, description, passwordEnabledValue, guestOS.getId(), true, hyperType, templateTag, cmd.getDetails(), sshKeyEnabledValue, isDynamicScalingEnabled, false, false); if (sourceTemplateId != null) { if (logger.isDebugEnabled()) { logger.debug("This template is getting created from other template, setting source template Id to: " + sourceTemplateId); } } // for region wide storage, set cross zones flag List stores = _imgStoreDao.findRegionImageStores(); if (!CollectionUtils.isEmpty(stores)) { privateTemplate.setCrossZones(true); } privateTemplate.setSourceTemplateId(sourceTemplateId); VMTemplateVO template = _tmpltDao.persist(privateTemplate); // Increment the number of templates if (template != null) { Map details = new HashMap(); if (sourceTemplateId != null) { VMTemplateVO sourceTemplate = _tmpltDao.findById(sourceTemplateId); if (sourceTemplate != null && sourceTemplate.getDetails() != null) { details.putAll(sourceTemplate.getDetails()); } } if (volume != null) { Long vmId = volume.getInstanceId(); if (vmId != null) { UserVmVO userVm = _userVmDao.findById(vmId); if (userVm != null) { _userVmDao.loadDetails(userVm); Map vmDetails = userVm.getDetails(); vmDetails = vmDetails.entrySet() .stream() .filter(map -> map.getValue() != null) .collect(Collectors.toMap(map -> map.getKey(), map -> map.getValue())); details.putAll(vmDetails); } } } if (cmd.getDetails() != null) { details.remove(VmDetailConstants.ENCRYPTED_PASSWORD); // new password will be generated during vm deployment from password enabled template details.putAll(cmd.getDetails()); } if (!details.isEmpty()) { privateTemplate.setDetails(details); _tmpltDao.saveDetails(privateTemplate); } _resourceLimitMgr.incrementResourceCount(templateOwner.getId(), ResourceType.template); _resourceLimitMgr.incrementResourceCount(templateOwner.getId(), ResourceType.secondary_storage, new Long(volume != null ? volume.getSize() : snapshot.getSize())); } if (template != null) { CallContext.current().putContextParameter(VirtualMachineTemplate.class, template.getUuid()); return template; } else { throw new CloudRuntimeException("Failed to create a template"); } } @Override public Pair getAbsoluteIsoPath(long templateId, long dataCenterId) { TemplateDataStoreVO templateStoreRef = _tmplStoreDao.findByTemplateZoneDownloadStatus(templateId, dataCenterId, VMTemplateStorageResourceAssoc.Status.DOWNLOADED); if (templateStoreRef == null) { throw new CloudRuntimeException("Template " + templateId + " has not been completely downloaded to zone " + dataCenterId); } DataStore store = _dataStoreMgr.getDataStore(templateStoreRef.getDataStoreId(), DataStoreRole.Image); String isoPath = store.getUri() + "/" + templateStoreRef.getInstallPath(); return new Pair(isoPath, store.getUri()); } @Override public String getSecondaryStorageURL(long zoneId) { DataStore secStore = _dataStoreMgr.getImageStoreWithFreeCapacity(zoneId); if (secStore == null) { return null; } return secStore.getUri(); } // get the image store where a template in a given zone is downloaded to, // just pick one is enough. @Override public DataStore getImageStore(long zoneId, long tmpltId) { TemplateDataStoreVO tmpltStore = _tmplStoreDao.findByTemplateZoneDownloadStatus(tmpltId, zoneId, VMTemplateStorageResourceAssoc.Status.DOWNLOADED); if (tmpltStore != null) { return _dataStoreMgr.getDataStore(tmpltStore.getDataStoreId(), DataStoreRole.Image); } return null; } // get the region wide image store where a template is READY on, // just pick one is enough. @Override public DataStore getImageStore(long tmpltId) { TemplateDataStoreVO tmpltStore = _tmplStoreDao.findReadyByTemplate(tmpltId, DataStoreRole.Image); if (tmpltStore != null) { return _dataStoreMgr.getDataStore(tmpltStore.getDataStoreId(), DataStoreRole.Image); } return null; } @Override public Long getTemplateSize(long templateId, long zoneId) { if (_tmplStoreDao.isTemplateMarkedForDirectDownload(templateId)) { // check if template is marked for direct download return _tmplStoreDao.getReadyBypassedTemplate(templateId).getSize(); } TemplateDataStoreVO templateStoreRef = _tmplStoreDao.findByTemplateZoneDownloadStatus(templateId, zoneId, VMTemplateStorageResourceAssoc.Status.DOWNLOADED); if (templateStoreRef == null) { // check if it is ready on image cache stores templateStoreRef = _tmplStoreDao.findByTemplateZoneStagingDownloadStatus(templateId, zoneId, VMTemplateStorageResourceAssoc.Status.DOWNLOADED); if (templateStoreRef == null) { throw new CloudRuntimeException("Template " + templateId + " has not been completely downloaded to zone " + zoneId); } } return templateStoreRef.getSize(); } // find image store where this template is located @Override public List getImageStoreByTemplate(long templateId, Long zoneId) { // find all eligible image stores for this zone scope List imageStores = _dataStoreMgr.getImageStoresByScope(new ZoneScope(zoneId)); if (imageStores == null || imageStores.size() == 0) { return null; } List stores = new ArrayList(); for (DataStore store : imageStores) { // check if the template is stored there List storeTmpl = _tmplStoreDao.listByTemplateStore(templateId, store.getId()); if (storeTmpl != null && storeTmpl.size() > 0) { stores.add(store); } } return stores; } @Override @ActionEvent(eventType = EventTypes.EVENT_ISO_UPDATE, eventDescription = "updating iso", async = false) public VMTemplateVO updateTemplate(UpdateIsoCmd cmd) { return updateTemplateOrIso(cmd); } @Override @ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_UPDATE, eventDescription = "updating template", async = false) public VMTemplateVO updateTemplate(UpdateTemplateCmd cmd) { return updateTemplateOrIso(cmd); } private VMTemplateVO updateTemplateOrIso(BaseUpdateTemplateOrIsoCmd cmd) { Long id = cmd.getId(); String name = cmd.getTemplateName(); String displayText = cmd.getDisplayText(); String format = cmd.getFormat(); Long guestOSId = cmd.getOsTypeId(); Boolean passwordEnabled = cmd.getPasswordEnabled(); Boolean sshKeyEnabled = cmd.isSshKeyEnabled(); Boolean isDynamicallyScalable = cmd.isDynamicallyScalable(); Boolean isRoutingTemplate = cmd.isRoutingType(); Boolean bootable = cmd.getBootable(); Boolean requiresHvm = cmd.getRequiresHvm(); Integer sortKey = cmd.getSortKey(); Map details = cmd.getDetails(); Account account = CallContext.current().getCallingAccount(); boolean cleanupDetails = cmd.isCleanupDetails(); // verify that template exists VMTemplateVO template = _tmpltDao.findById(id); if (template == null || template.getRemoved() != null) { InvalidParameterValueException ex = new InvalidParameterValueException("unable to find template/iso with specified id"); ex.addProxyObject(String.valueOf(id), "templateId"); throw ex; } long oldGuestOSId = template.getGuestOSId(); verifyTemplateId(id); // do a permission check _accountMgr.checkAccess(account, AccessType.OperateEntry, true, template); if (cmd.isRoutingType() != null) { if (!_accountService.isRootAdmin(account.getId())) { throw new PermissionDeniedException("Parameter isrouting can only be specified by a Root Admin, permission denied"); } } // update template type TemplateType templateType = null; String templateTag = null; if (cmd instanceof UpdateTemplateCmd) { boolean isAdmin = _accountMgr.isAdmin(account.getId()); templateType = validateTemplateType(cmd, isAdmin, template.isCrossZones()); if (cmd instanceof UpdateVnfTemplateCmd) { VnfTemplateUtils.validateApiCommandParams(cmd, template); vnfTemplateManager.updateVnfTemplate(template.getId(), (UpdateVnfTemplateCmd) cmd); } templateTag = ((UpdateTemplateCmd)cmd).getTemplateTag(); } // update is needed if any of the fields below got filled by the user boolean updateNeeded = !(name == null && displayText == null && format == null && guestOSId == null && passwordEnabled == null && bootable == null && sshKeyEnabled == null && requiresHvm == null && sortKey == null && isDynamicallyScalable == null && isRoutingTemplate == null && templateType == null && templateTag == null && (! cleanupDetails && details == null) //update details in every case except this one ); if (!updateNeeded) { return template; } template = _tmpltDao.findById(id); if (name != null) { template.setName(name); } if (displayText != null) { template.setDisplayText(displayText); } if (sortKey != null) { template.setSortKey(sortKey); } ImageFormat imageFormat = null; if (format != null) { try { imageFormat = ImageFormat.valueOf(format.toUpperCase()); } catch (IllegalArgumentException e) { throw new InvalidParameterValueException("Image format: " + format + " is incorrect. Supported formats are " + EnumUtils.listValues(ImageFormat.values())); } template.setFormat(imageFormat); } if (guestOSId != null) { GuestOSVO guestOS = _guestOSDao.findById(guestOSId); if (guestOS == null) { throw new InvalidParameterValueException("Please specify a valid guest OS ID."); } else { template.setGuestOSId(guestOSId); } if (guestOSId != oldGuestOSId) { // vm guest os type need to be updated if template guest os id changes. SearchCriteria sc = _vmInstanceDao.createSearchCriteria(); sc.addAnd("templateId", SearchCriteria.Op.EQ, id); sc.addAnd("state", SearchCriteria.Op.NEQ, State.Expunging); List vms = _vmInstanceDao.search(sc, null); if (vms != null && !vms.isEmpty()) { for (VMInstanceVO vm: vms) { vm.setGuestOSId(guestOSId); _vmInstanceDao.update(vm.getId(), vm); } } } } if (passwordEnabled != null) { template.setEnablePassword(passwordEnabled); } if (sshKeyEnabled != null) { template.setEnableSshKey(sshKeyEnabled); } if (bootable != null) { template.setBootable(bootable); } if (requiresHvm != null) { template.setRequiresHvm(requiresHvm); } if (isDynamicallyScalable != null) { template.setDynamicallyScalable(isDynamicallyScalable); } if (isRoutingTemplate != null) { if (isRoutingTemplate) { template.setTemplateType(TemplateType.ROUTING); } else if (templateType != null) { template.setTemplateType(templateType); } else { template.setTemplateType(TemplateType.USER); } } else if (templateType != null) { template.setTemplateType(templateType); } if (templateTag != null) { template.setTemplateTag(org.apache.commons.lang3.StringUtils.trimToNull(templateTag)); } validateDetails(template, details); if (cleanupDetails) { template.setDetails(null); _tmpltDetailsDao.removeDetails(id); } else if (details != null && !details.isEmpty()) { template.setDetails(details); _tmpltDao.saveDetails(template); } _tmpltDao.update(id, template); return _tmpltDao.findById(id); } @Override public TemplateType validateTemplateType(BaseCmd cmd, boolean isAdmin, boolean isCrossZones) { if (!(cmd instanceof UpdateTemplateCmd) && !(cmd instanceof RegisterTemplateCmd)) { return null; } TemplateType templateType = null; String newType = null; Boolean isRoutingType = null; if (cmd instanceof UpdateTemplateCmd) { newType = ((UpdateTemplateCmd)cmd).getTemplateType(); isRoutingType = ((UpdateTemplateCmd)cmd).isRoutingType(); } else if (cmd instanceof RegisterTemplateCmd) { newType = ((RegisterTemplateCmd)cmd).getTemplateType(); isRoutingType = ((RegisterTemplateCmd)cmd).isRoutingType(); } if (newType != null) { try { templateType = TemplateType.valueOf(newType.toUpperCase()); } catch (IllegalArgumentException ex) { throw new InvalidParameterValueException(String.format("Please specify a valid templatetype: %s", org.apache.commons.lang3.StringUtils.join(",", TemplateType.values()))); } } if (templateType != null) { if (isRoutingType != null && (TemplateType.ROUTING.equals(templateType) != isRoutingType)) { throw new InvalidParameterValueException("Please specify a valid templatetype (consistent with isrouting parameter)."); } else if ((templateType == TemplateType.SYSTEM || templateType == TemplateType.BUILTIN) && !isCrossZones) { throw new InvalidParameterValueException("System and Builtin templates must be cross zone."); } else if ((cmd instanceof RegisterVnfTemplateCmd || cmd instanceof UpdateVnfTemplateCmd) && !TemplateType.VNF.equals(templateType)) { throw new InvalidParameterValueException("The template type must be VNF for VNF templates, but the actual type is " + templateType); } } else if (cmd instanceof RegisterTemplateCmd) { boolean isRouting = Boolean.TRUE.equals(isRoutingType); templateType = (cmd instanceof RegisterVnfTemplateCmd) ? TemplateType.VNF : (isRouting ? TemplateType.ROUTING : TemplateType.USER); } if (templateType != null && !isAdmin && !Arrays.asList(TemplateType.USER, TemplateType.VNF).contains(templateType)) { if (cmd instanceof RegisterTemplateCmd) { throw new InvalidParameterValueException(String.format("Users can not register template with template type %s.", templateType)); } else if (cmd instanceof UpdateTemplateCmd) { throw new InvalidParameterValueException(String.format("Users can not update template to template type %s.", templateType)); } } return templateType; } void validateDetails(VMTemplateVO template, Map details) { if (MapUtils.isEmpty(details)) { return; } String bootMode = details.get(ApiConstants.BootType.UEFI.toString()); if (bootMode == null) { return; } if (template.isDeployAsIs()) { String msg = String.format("Deploy-as-is template %s [%s] can not have the UEFI setting. Settings are read directly from the template", template.getName(), template.getUuid()); throw new InvalidParameterValueException(msg); } try { String mode = bootMode.trim().toUpperCase(); ApiConstants.BootMode.valueOf(mode); details.put(ApiConstants.BootType.UEFI.toString(), mode); return; } catch (IllegalArgumentException e) { String msg = String.format("Invalid %s: %s specified. Valid values are: %s", ApiConstants.BOOT_MODE, bootMode, Arrays.toString(ApiConstants.BootMode.values())); logger.error(msg); throw new InvalidParameterValueException(msg); } } void verifyTemplateId(Long id) { // Don't allow to modify system template if (id.equals(Long.valueOf(1))) { InvalidParameterValueException ex = new InvalidParameterValueException("Unable to update template/iso of specified id"); ex.addProxyObject(String.valueOf(id), "templateId"); throw ex; } } @Override public String getConfigComponentName() { return TemplateManager.class.getSimpleName(); } @Override public ConfigKey[] getConfigKeys() { return new ConfigKey[] {AllowPublicUserTemplates, TemplatePreloaderPoolSize}; } public List getTemplateAdapters() { return _adapters; } @Inject public void setTemplateAdapters(List adapters) { _adapters = adapters; } @Override public List getTemplateDisksOnImageStore(Long templateId, DataStoreRole role, String configurationId) { TemplateInfo templateObject = _tmplFactory.getTemplate(templateId, role); if (templateObject == null) { String msg = String.format("Could not find template %s downloaded on store with role %s", templateId, role.toString()); logger.error(msg); throw new CloudRuntimeException(msg); } return _tmpltSvr.getTemplateDatadisksOnImageStore(templateObject, configurationId); } @Override public VirtualMachineTemplate linkUserDataToTemplate(LinkUserDataToTemplateCmd cmd) { Long templateId = cmd.getTemplateId(); Long isoId = cmd.getIsoId(); Long userDataId = cmd.getUserdataId(); UserData.UserDataOverridePolicy overridePolicy = cmd.getUserdataPolicy(); Account caller = CallContext.current().getCallingAccount(); if (templateId != null && isoId != null) { throw new InvalidParameterValueException("Both template ID and ISO ID are passed, API accepts only one"); } if (templateId == null && isoId == null) { throw new InvalidParameterValueException("Atleast one of template ID or ISO ID needs to be passed"); } VMTemplateVO template = null; if (templateId != null) { template = _tmpltDao.findById(templateId); } else { template = _tmpltDao.findById(isoId); } if (template == null) { throw new InvalidParameterValueException(String.format("unable to find template/ISO with id %s", templateId == null? isoId : templateId)); } _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, template); template.setUserDataId(userDataId); if (userDataId != null) { template.setUserDataLinkPolicy(overridePolicy); } else { template.setUserDataLinkPolicy(null); } _tmpltDao.update(template.getId(), template); return _tmpltDao.findById(template.getId()); } }