Primitives are python programs, responsible for instantiation of a Resource on Physical infrastructure.
They abstract the Hardware dependencies in the Pod.
Primitives is a layer above RCC(Reliable Communication Completion).
Primitives require Pod hardware parameters in a config.json file.
One or more Primitives involve to instantiate a Resource.
Information of the Resource supplied to the Primitives in the form of contract or params. The parameters structure is mentioned in each Primitive service below.
Every Primitive is developed individually such that no two Primitives interacts with each other.
The naming pattern of a Primitive is
<Noun>[_Noun].<Verb>[_SubVerb]
Each step is logged to PAT’s logging server(Optional).
There are 15 Primitives, such as follows:
- backup
Virtual Machine Backup
- bridgepri
Private/VLAN Bridge (KVM only)
- bridgepub
Public Subnet Bridge on PodNet
- firewall
Global NFtable Firewall on PodNet
- firewallns
Namespace NFtable Firewall on PodNet
- gpu
GPU
- hyperv
Virtual Machine on Windows hypervisor
- kvm
Virtual Machine on KVM hypervisor
- net
Global Network on PodNet
- netns
Namespace Network on PodNet
- storagekvm
Storage drives (QEMU images) on KVM
- rbd
RadOS Block Device on Ceph cluster
- snapshot
Virtual Machine Snapshot
- vpndyn
WireGuard Dynamic VPN
- vpns2s
StrongSwan Site to Site VPN
The following table lists various verbs, their states, and any associated sub-verbs:
Name |
State |
SubVerbs |
|---|---|---|
build |
2 |
overwrite |
quiesce |
12 |
|
restart |
13 |
|
scrub |
17 |
|
scrubprep |
14 |
|
updatequiesced |
16 |
attach, detach |
updaterunning |
11 |
attach, detach |
Primitives don’t have error codes, they report to driver if there was a problem
Response from a primitive will be success with optional payloads (warning/success) or failure with error message
All possible outcomes from primitives are:
Return values |
|---|
(True , Optional(success_payload)) |
(True, Optional(warning_payload)) |
(True, Optional(error_payload)) |
(False, error_payload) |
(True, ‘KVM #<kvm_id> already shut down’)
backup_hyperv.build
backup_hyperv.scrub
backup_hyperv.updatequiesced
backup_hyperv.updaterunning
backup_kvm.build
backup_kvm.scrub
backup_kvm.updatequiesced
backup_kvm.updaterunning
bridgepri.build
bridgepri.scrub
bridgepub.build
firewall.build
firewallns.build
gpu_kvm.updatequiesced_attach
gpu_kvm.updatequiesced_detach
hyperv.build
hyperv.quiesce
hyperv.restart
hyperv.scrub
hyperv.scrubprep
hyperv.updatequiesced
hyperv.updaterunning
kvm.build
kvm.quiesce
kvm.restart
kvm.scrub
kvm.scrubprep
kvm.updatequiesced
kvm.updaterunning
net.build_overwrite
netns.build
netns.scrub
rbd.build
rbd.scrub
rbd.updatequiesced
rbd.updaterunning
rbd_kvm.updatequiesced_attach
rbd_kvm.updatequiesced_detach
snapshot_hyperv.build
snapshot_hyperv.scrub
snapshot_hyperv.updatequiesced
snapshot_hyperv.updaterunning
snapshot_kvm.build
snapshot_kvm.scrub
snapshot_kvm.updatequiesced
snapshot_kvm.updaterunning
vpndyn.build
vpndny.scrub
vpns2s.build
vpns2s.scrub
Basic Usage: primitives.bridgepub.<verb>
build
IPv4 Public subnet bridge data for Namespace
public_subnet = { 'name': 'B123', # :type str, Namespace's Floating subnet bridge name 'address_range': '185.49.65.127/24', # :type str, network_ip/mask 'gateway': '185.49.65.1', # :type str, gateway of Floating subnet }
Basic Usage: primitives.firewall.<verb>
Basic Usage: primitives.firewallns.<verb>
Supported Verb
build
Firewall Rule Writing
firewall_rules = [ { 'action': 'drop', # string 'description': 'Drop all', # string 'destination': ['any'], # list of strings 'interface': {'in': '', 'out': ''}, # dictionary 'order': 1, # int 'port': ['any'], # list of strings 'protocol': 'any', # string 'source': ['any'], # list of strings 'version': 6, # int }, ]
action can be one of the following:
‘accept’ for allowing the traffic
‘drop’ for dropping the traffic
destination can be:
[‘any’] for all IPs
[‘8.8.8.8’, ‘91.103.1.3’] for a list of IPs
Interface is a dict object, firewall rule is
Inbound if only in key in dict
interface = {'in': 'public'} # Inbound
Outbound if only out key in dict
interface = {'out': 'management'} # Outbound
Forward if both in and out keys are in dict
interface = {'in': 'public', 'out': 'private'} # Forward
Value names of the keys in dict can only be one of the following:
public
management
private
port can be:
[‘any’] any: for all Ports
[‘10-20’, ‘22’] for a list of Ports and Port ranges
protocol can be one of the following:
‘tcp’
‘udp’
‘icmp4’
‘icmp6’
‘dns’
‘vpn’
‘any’ or an empty string
source can be:
[‘any’] any: for all IPs
[‘8.8.8.8’, ‘91.103.1.3’] for a list of IPs
version can be:
4 for IPv4
6 for IPv6
Global Services
These are the list of services applied common accross all the firewall rules. Supported service robosoc, is a CloudCIX inhouse developed security service that generates massive list of abusive IPs from various firewall system sources. To know more about RoboSOC Blocklist please visit https://robosoc.io
global_services = ['robosoc']
Basic Usage: primitives.net.<verb>
Basic Usage: primitives.netns.<verb>
Supported Verb
build_overwrite
PodNet interface’s data format
'public' = { 'ifname': 'eth0', # interface name as on the PodNet 'ips': [ {'network_address': '192.168.0.2', 'prefixlen': '24'}, # ip address with network_address {'network_address': '2a02:2078:9::142', 'prefixlen': '126'} # and prefixlen ], 'routes': [ {'to': 'default', 'via': '192.168.0.1'}, {'to': '::/0', 'via': '2a02:2078::141'}, ] }
Namespace object structure
namespace = { 'identifier': 'P123', # :type str, name of the Namespace 'ip4': { # :type object, public ip4 address 'subnet_id': 345, # :type int, public subnet id 'address': '91.103.0.5', # :type str, public network address of namespace 'mask': 25, # :type int, public subnet mask 'gateway': '91.103.0.1', # :type str, public subnet gateway } 'ip6': { # :type object, ip6 address 'address': '2a02:2078:9:fff0::2', # :type str, ipv6 network address of namespace 'mask': 64, # :type int, ipv6 subnet mask 'gateway': '2a02:2078:9:fff0::1', # :type int, ipv6 subnet gateway } 'networks': [{ # :type list, List of all the Namespace network objects 'vlan': '1001', # :type str, vlan number of the network in string 'private_address_range': '192.168.0.1/24', # :type str, subnet_ip/subnet_mask 'ip6_address_range': '2a02:2078:9:1003::1/64' # :type str, subnet_ip/subnet_mask }, ], }
Basic Usage: primitives.vpns2s.<verb>
Supported Verb
build
scrub