Compare commits


1 commit

Author SHA1 Message Date
9410b7c56b Make VM order-able again 2020-04-18 13:51:31 +02:00
357 changed files with 2274 additions and 7411 deletions

.gitignore vendored
View file

@ -24,4 +24,3 @@ venv/

View file

@ -4,7 +4,7 @@ stages:
stage: test
image: fedora:latest
- postgres:latest
@ -12,7 +12,11 @@ run-tests:
coverage: /^TOTAL.+?(\d+\%)$/
- dnf install -y python3-devel python3-pip python3-coverage libpq-devel openldap-devel gcc chromium
- cd uncloud_django_based/uncloud
- pip install -r requirements.txt
- cp uncloud/ uncloud/
- coverage run --source='.' ./ test
- coverage report

View file

@ -1,62 +1,3 @@
# Uncloud
# ucloud
Cloud management platform, the ungleich way.
[![pipeline status](](
[![coverage report](](
## Useful commands
* `./ import-vat-rates path/to/csv`
* `./ make-admin username`
## Development setup
Install system dependencies:
* On Fedora, you will need the following packages: `python3-virtualenv python3-devel openldap-devel gcc chromium`
NOTE: you will need to configure a LDAP server and credentials for authentication. See `uncloud/`.
# Initialize virtualenv.
» virtualenv .venv
Using base prefix '/usr'
New python executable in /home/fnux/Workspace/ungleich/uncloud/uncloud/.venv/bin/python3
Also creating executable in /home/fnux/Workspace/ungleich/uncloud/uncloud/.venv/bin/python
Installing setuptools, pip, wheel...
# Enter virtualenv.
» source .venv/bin/activate
# Install dependencies.
» pip install -r requirements.txt
# Run migrations.
» ./ migrate
Operations to perform:
Apply all migrations: admin, auth, contenttypes, opennebula, sessions, uncloud_auth, uncloud_net, uncloud_pay, uncloud_service, uncloud_vm
Running migrations:
# Run webserver.
» ./ runserver
Watching for file changes with StatReloader
Performing system checks...
System check identified no issues (0 silenced).
May 07, 2020 - 10:17:08
Django version 3.0.6, using settings 'uncloud.settings'
Starting development server at
Quit the server with CONTROL-C.
### Note on PGSQL
If you want to use Postgres:
* Install on configure PGSQL on your base system.
* OR use a container! `podman run --rm -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust -it postgres:latest`
Checkout for the documentation of ucloud.

View file

@ -1,6 +0,0 @@
* Intro
This file lists issues that should be handled, are small and likely
not yet high prio.
* Issues
** TODO Register prefered address in User model
** TODO Allow to specify different recurring periods

View file

@ -1,18 +0,0 @@
dbhost=$1; shift
ssh -L5432:localhost:5432 "$dbhost" &
python "$@"
# command only needs to be active while manage command is running
# -T no pseudo terminal
# alternatively: commands output shell code
# ssh uncloud@dbhost "python --hostname xxx ..."

View file

@ -1,64 +0,0 @@
flush ruleset
table bridge filter {
chain prerouting {
type filter hook prerouting priority 0;
policy accept;
ibrname br100 jump netpublic
chain netpublic {
iifname vxlan100 jump from_uncloud
# Default blocks: router advertisements, dhcpv6, dhcpv4
icmpv6 type nd-router-advert drop
ip6 version 6 udp sport 547 drop
ip version 4 udp sport 67 drop
# Individual blocks
# iifname tap1 jump vm1
chain vm1 {
ether saddr != 02:00:f0:a9:c4:4e drop
ip6 saddr != 2a0a:e5c1:111:888:0:f0ff:fea9:c44e drop
chain from_uncloud {
# table ip6 filter {
# chain forward {
# type filter hook forward priority 0;
# # policy drop;
# ct state established,related accept;
# }
# }
# table ip filter {
# chain input {
# type filter hook input priority filter; policy drop;
# iif "lo" accept
# icmp type { echo-reply, destination-unreachable, source-quench, redirect, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply } accept
# ct state established,related accept
# tcp dport { 22 } accept
# log prefix "firewall-ipv4: "
# udp sport 67 drop
# }
# chain forward {
# type filter hook forward priority filter; policy drop;
# log prefix "firewall-ipv4: "
# }
# chain output {
# type filter hook output priority filter; policy accept;
# }
# }

View file

@ -1,24 +0,0 @@
vmid=$1; shift
export bridge=br100
$qemu -name uc${vmid} \
-machine pc,accel=${accel} \
-m ${memory} \
-smp ${cores} \
-uuid ${uuid} \
-drive file=alpine-virt-3.11.2-x86_64.iso,media=cdrom \
-drive file=alpine-virt-3.11.2-x86_64.iso,media=cdrom \
-netdev tap,id=netmain,script=./ \
-device virtio-net-pci,netdev=netmain,id=net0,mac=02:00:f0:a9:c4:4e

View file

@ -1,7 +0,0 @@
# For undoing/redoing everything
# Needed in special cases and needs to be avoided as soon as
# uncloud.version >= 1
for a in */migrations; do rm ${a}/*.py; done
for a in */migrations; do python makemigrations ${a%%/migrations}; done

doc/.gitignore vendored
View file

@ -1,2 +0,0 @@

View file

@ -1,85 +0,0 @@
* How to handle billing in general
** Manual test flow / setting up bills
- Needs orders
** Orders
- Orders are the heart of uncloud billing
- Have a starting date
- Have an ending date
- Orders are immutable
- Can usually not be cancelled / cancellation is not a refund
- Customer/user commits on a certain period -> gets discount
based on it
- Can be upgraded
- Create a new order
- We link the new order to the old order and say this one
replaces it
- If the price of the new order is HIGHER than the OLD order,
then we charge the difference until the end of the order period
- In the next billing run we set the OLD order to not to bill anymore
- And only the NEW order will be billed afterwards
- Can be downgraded in the next period (but not for this period)
- We create a new order, same as for upgrade
- The new order starts directly after the OLD order
- As the amount is LOWER than the OLD order, no additional charge is done
during this order period
- We might need to have an activate datetime
- When to implement this
- Order periods can be
*** Statuses
- NOT_TO_BILL: we use this to accelerate queries to the DB
*** Updating status of orders
- If has succeeding order and billing date is last month -> set inactive
** Bills
- Are always for a month
- Can be preliminary
*** Which orders to include
- Not the cancelled ones / not active ones
** Flows / Approach
*** Finding all orders for a bill
- Get all orders, state != NOT_TO_BILL; for each order do:
- is it a one time order?
- has it a bill assigned?
- yes: set to NOT_TO_BILL
- no:
- get_or_create_bill_for_this_month
- assign bill to this order
- set to NOT_TO_BILL
- is it a recurring order?
- if it has a REPLACING order:
- First of month
- Last of month
*** Handling replacement of orders
- The OLD order will appear in the month that it was cancelled on
the bill
- The OLD order needs to be set to NOT_TO_BILL after it was billed
the last time
- The NEW order will be added pro rata if the amount is higher in
the same month
- The NEW order will be used next month
**** Disabling the old order
- On billing run
- If order.replacement_order (naming!) is set
- if the order.replacement_order starts during THIS_MONTH
- add order to bill
- if NOT:
- the order was already replaced in a previous billing period
- set the order to NOT_TO_BILL
**** Billing the new order
- If order.previous_order
*** Handling multiple times a recurring order
- For each recurring order check the order.period
- Find out when it was billed last
- lookup latest bill
- Calculate how many times it has been used until 2359, last day
of month
- For preliminary bill: until
- Call the bill_end_datetime
- Getting duration: bill_end_datetime - order.last_billed
- Amount in seconds; duration_in_seconds
- Divide duration_in_seconds by order.period; amount_used:
- If >= 1: add amount_used * order.recurring_amount to bill

View file

@ -1,327 +0,0 @@
* Bootstrap / Installation
** Pre-requisites by operating system
*** Alpine
apk add openldap-dev postgresql-dev libxml2-dev libxslt-dev
*** Debian/Devuan:
apt install postgresql-server-dev-all
** Creating a virtual environment / installing python requirements
*** Virtual env
To separate uncloud requirements, you can use a python virtual
env as follows:
python3 -m venv venv
. ./venv/bin/activate
Then install the requirements
pip install -r requirements.txt
** Setting up the the database
*** Install the database service
The database can run on the same host as uncloud, but can also run
a different server. Consult the usual postgresql documentation for
a secure configuration.
**** Alpine
apk add postgresql-server
rc-update add postgresql
rc-service postgresql start`
**** Debian/Devuan:
apt install postgresql
*** Create the database
Due to the use of the JSONField, postgresql is required.
To get started,
create a database and have it owned by the user that runs uncloud
(usually "uncloud"):
bridge:~# su - postgres
bridge:~$ psql
postgres=# create role uncloud login;
postgres=# create database uncloud owner nico;
*** Creating the schema
python migrate
** Bootstrap
- Login via a user so that the user object gets created
- Run the following (replace nicocustomer with the username)
python bootstrap-user --username nicocustomer
** Initialise the database
While it is not strictly required to add default values to the
database, it might significantly reduce the starting time with
To add the default database values run:
#+BEGIN_SRC shell
# Add local objects
python db-add-defaults
# Import VAT rates
python import-vat-rates
* Testing / CLI Access
Access via the commandline (CLI) can be done using curl or
httpie. In our examples we will use httpie.
** Checkout out the API
http localhost:8000/api/
** Authenticate via ldap user in password store
http --auth nicocustomer:$(pass ldap/nicocustomer) localhost:8000/api/
* Database
** uncloud clients access the data base from a variety of outside hosts
** So the postgresql data base needs to be remotely accessible
** Instead of exposing the tcp socket, we make postgresql bind to localhost via IPv6
*** ::1, port 5432
** Then we remotely connect to the database server with ssh tunneling
*** ssh -L5432:localhost:5432 uncloud-database-host
** Configuring your database for SSH based remote access
*** host all all ::1/128 trust
* URLs
- api/ - the rest API
* uncloud Products
** Product features
- Dependencies on other products
- Minimum parameters (min cpu, min ram, etc).
- Can also realise the dcl vm
- dualstack vm = VM + IPv4 + SSD
- Need to have a non-misguiding name for the "bare VM"
- Should support network boot (?)
** VPN
*** How to add a new VPN Host
**** Install wireguard to the host
**** Install uncloud to the host
**** Add `python vpn --hostname fqdn-of-this-host` to the crontab
**** Use the CLI to configure one or more VPN Networks for this host
*** Example of adding a VPN host at ungleich
**** Create a new dual stack alpine VM
**** Add it to DNS as
**** Route a /40 network to its IPv6 address
**** Install wireguard on it
**** TODO [#C] Enable wireguard on boot
**** TODO [#C] Create a new VPNPool on uncloud with
***** the network address (selecting from our existing pool)
***** the network size (/...)
***** the vpn host that provides the network (selecting the created VM)
***** the wireguard private key of the vpn host (using wg genkey)
***** http command
http -a nicoschottelius:$(pass
http://localhost:8000/admin/vpnpool/ network=2a0a:e5c1:200:: \
network_size=40 subnetwork_size=48
*** Example http commands / REST calls
**** creating a new vpn pool
http -a nicoschottelius:$(pass
http://localhost:8000/admin/vpnpool/ network_size=40
subnetwork_size=48 network=2a0a:e5c1:200:: wireguard_private_key=$(wg
**** Creating a new vpn network
*** Creating a VPN pool
http -a uncloudadmin:$(pass uncloudadmin) https://localhost:8000/v1/admin/vpnpool/ \
network=2a0a:e5c1:200:: network_size=40 subnetwork_size=48 \ wireguard_private_key=$(wg genkey)
This will create the VPNPool 2a0a:e5c1:200::/40 from which /48
networks will be used for clients.
VPNPools can only be managed by staff.
*** Managing VPNNetworks
To request a network as a client, use the following call:
http -a user:$(pass user) https://localhost:8000/v1/net/vpn/ \
network_size=48 \
wireguard_public_key=$(wg genkey | tee privatekey | wg pubkey)
VPNNetworks can be managed by all authenticated users.
* Developer Handbook
The following section describe decisions / architecture of
uncloud. These chapters are intended to be read by developers.
** Documentation
This documentation is written in org-mode. To compile it to
html/pdf, just open emacs and press *C-c C-e l p*.
** Models
*** Bill
Bills are summarising usage in a specific timeframe. Bills usually
spawn one month.
*** BillRecord
Bill records are used to model the usage of one order during the
*** Order
Orders register the intent of a user to buy something. They might
refer to a product. (???)
Order register the one time price and the recurring price. These
fields should be treated as immutable. If they need to be modified,
a new order that replaces the current order should be created.
**** Replacing orders
If an order is updated, a new order is created and points to the
old order. The old order stops one second before the new order
If a order has been replaced can be seen by its replaced_by count:
>>> Order.objects.get(id=1).replaced_by.count()
*** Product and Product Children
- A product describes something a user can buy
- A product inherits from the uncloud_pay.models.Product model to
get basic attributes
** Identifiers
*** Problem description
Identifiers can be integers, strings or other objects. They should
be unique.
*** Approach 1: integers
Integers are somewhat easy to remember, but also include
predictable growth, which might allow access to guessed hacking
(obivously proper permissions should prevent this).
*** Approach 2: random uuids
UUIDs are 128 bit integers. Python supports uuid.uuid4() for random
*** Approach 3: IPv6 addresses
uncloud heavily depends on IPv6 in the first place. uncloud could
use a /48 to identify all objects. Objects that have IPv6 addresses
on their own, don't need to draw from the system /48.
**** Possible Subnetworks
Assuming uncloud uses a /48 to represent all resources.
| Network | Name | Description |
| 2001:db8::/48 | uncloud network | All identifiers drawn from here |
| 2001:db8:1::/64 | VM network | Every VM has an IPv6 address in this network |
| 2001:db8:2::/64 | Bill network | Every bill has an IPv6 address |
| 2001:db8:3::/64 | Order network | Every order has an IPv6 address |
| 2001:db8:5::/64 | Product network | Every product (?) has an IPv6 address |
| 2001:db8:4::/64 | Disk network | Every disk is identified |
**** Tests
[15:47:37] black3.place6:~# rbd create -s 10G ssd/2a0a:e5c0:1::8
*** Decision
We use integers, because they are easy.
** Milestones :uncloud:
*** 1.1 (cleanup 1)
**** TODO Unify ValidationError, FieldError - define proper Exception
- What do we use for model errors
*** 1.0 (initial release)
**** TODO Initial Generic product support
- Product
***** TODO Recurring product support
****** TODO Support replacing orders for updates
****** DONE [#A] Finish split of bill creation
CLOSED: [2020-09-11 Fri 23:19]
****** TODO Test the new functions in the Order class
****** Define the correct order replacement logic
- recurringperiods are 30days
******* Case 1: downgrading
- User commits to 10 CHF for 30 days
- Wants to downgrade after 15 days to 5 CHF product
- Expected result:
- order 1: 10 CHF until +30days
- order 2: 5 CHF starting 30days + 1s
- Sum of the two orders is 15 CHF
- Question is
- when is the VM shutdown?
- a) instantly
- b) at the end of the cycle
- best solution
- user can choose between a ... b any time
******* Duration
- You cannot cancel the duration
- You can upgrade and with that cancel the duration
- The idea of a duration is that you commit for it
- If you want to commit lower (daily basis for instance) you
have higher per period prices
******* Case X
- User has VM with 2 Core / 2 GB RAM
- User modifies with to 1 core / 3 GB RAM
- We treat it as down/upgrade independent of the modifications
******* Case 2: upgrading after 1 day
- committed for 30 days
- upgrade after 1 day
- so first order will be charged for 1/30ths
******* Case 2: upgrading
- User commits to 10 CHF for 30 days
- Wants to upgrade after 15 days to 20 CHF product
- Order 1 : 1 VM with 2 Core / 2 GB / 10 SSD -- 10 CHF
- 30days period, stopped after 15, so quantity is 0.5 = 5 CHF
- Order 2 : 1 VM with 2 Core / 6 GB / 10 SSD -- 20 CHF
- after 15 days
- VM is upgraded instantly
- Expected result:
- order 1: 10 CHF until +15days = 0.5 units = 5 CHF
- order 2: 20 CHF starting 15days + 1s ... +30 days after
the 15 days -> 45 days = 1 unit = 20 CHF
- Total on bill: 25 CHF
******* Case 2: upgrading
- User commits to 10 CHF for 30 days
- Wants to upgrade after 15 days to 20 CHF product
- Expected result:
- order 1: 10 CHF until +30days = 1 units = 10 CHF
- order 2: 20 CHF starting 15days + 1s = 1 unit = 20 CHF
- Total on bill: 30 CHF
****** TODO Note: ending date not set if replaced by default (implicit!)
- Should the new order modify the old order on save()?
****** DONE Fix totally wrong bill dates in our test case
CLOSED: [2020-09-09 Wed 01:00]
- 2020 used instead of 2019
- Was due to existing test data ...
***** TODO Bill logic is still wrong
- Bill starting_date is the date of the first order
- However first encountered order does not have to be the
earliest in the bill!
- Bills should not have a duration
- Bills should only have a (unique) issue date
- We charge based on bill_records
- Last time charged issue date of the bill OR earliest date
after that
- Every bill generation checks all (relevant) orders
- add a flag "not_for_billing" or "closed"
- query on that flag
- verify it every time
***** TODO Generating bill for admins/staff

View file

@ -1,20 +0,0 @@
# Generated by Django 3.0.8 on 2020-08-01 23:32
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('uncloud_pay', '0003_auto_20200801_2332'),
('opennebula', '0001_initial'),
operations = [
field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, to='uncloud_pay.Order'),

View file

@ -1,23 +0,0 @@
# Generated by Django 3.1 on 2020-08-08 19:53
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('opennebula', '0002_auto_20200801_2332'),
operations = [
field=models.JSONField(blank=True, editable=False, null=True),

View file

@ -1,25 +0,0 @@
# Generated by Django 3.1 on 2020-09-28 18:58
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('opennebula', '0005_remove_vm_orders'),
operations = [

View file

@ -1,16 +0,0 @@
from rest_framework import viewsets, permissions
#from .models import VM
# from .serializers import OpenNebulaVMSerializer
# class VMViewSet(viewsets.ModelViewSet):
# permission_classes = [permissions.IsAuthenticated]
# serializer_class = OpenNebulaVMSerializer
# def get_queryset(self):
# if self.request.user.is_superuser:
# obj = VM.objects.all()
# else:
# obj = VM.objects.filter(owner=self.request.user)
# return obj

View file

View file

@ -1,3 +0,0 @@
FROM fedora:latest
RUN dnf install -y python3-devel python3-pip python3-coverage libpq-devel openldap-devel gcc chromium

uncloud/.gitignore vendored
View file

@ -1 +0,0 @@

View file

@ -1,243 +0,0 @@
from django.utils.translation import gettext_lazy as _
('AD', _('Andorra')),
('AE', _('United Arab Emirates')),
('AF', _('Afghanistan')),
('AG', _('Antigua & Barbuda')),
('AI', _('Anguilla')),
('AL', _('Albania')),
('AM', _('Armenia')),
('AN', _('Netherlands Antilles')),
('AO', _('Angola')),
('AQ', _('Antarctica')),
('AR', _('Argentina')),
('AS', _('American Samoa')),
('AT', _('Austria')),
('AU', _('Australia')),
('AW', _('Aruba')),
('AZ', _('Azerbaijan')),
('BA', _('Bosnia and Herzegovina')),
('BB', _('Barbados')),
('BD', _('Bangladesh')),
('BE', _('Belgium')),
('BF', _('Burkina Faso')),
('BG', _('Bulgaria')),
('BH', _('Bahrain')),
('BI', _('Burundi')),
('BJ', _('Benin')),
('BM', _('Bermuda')),
('BN', _('Brunei Darussalam')),
('BO', _('Bolivia')),
('BR', _('Brazil')),
('BS', _('Bahama')),
('BT', _('Bhutan')),
('BV', _('Bouvet Island')),
('BW', _('Botswana')),
('BY', _('Belarus')),
('BZ', _('Belize')),
('CA', _('Canada')),
('CC', _('Cocos (Keeling) Islands')),
('CF', _('Central African Republic')),
('CG', _('Congo')),
('CH', _('Switzerland')),
('CI', _('Ivory Coast')),
('CK', _('Cook Iislands')),
('CL', _('Chile')),
('CM', _('Cameroon')),
('CN', _('China')),
('CO', _('Colombia')),
('CR', _('Costa Rica')),
('CU', _('Cuba')),
('CV', _('Cape Verde')),
('CX', _('Christmas Island')),
('CY', _('Cyprus')),
('CZ', _('Czech Republic')),
('DE', _('Germany')),
('DJ', _('Djibouti')),
('DK', _('Denmark')),
('DM', _('Dominica')),
('DO', _('Dominican Republic')),
('DZ', _('Algeria')),
('EC', _('Ecuador')),
('EE', _('Estonia')),
('EG', _('Egypt')),
('EH', _('Western Sahara')),
('ER', _('Eritrea')),
('ES', _('Spain')),
('ET', _('Ethiopia')),
('FI', _('Finland')),
('FJ', _('Fiji')),
('FK', _('Falkland Islands (Malvinas)')),
('FM', _('Micronesia')),
('FO', _('Faroe Islands')),
('FR', _('France')),
('FX', _('France, Metropolitan')),
('GA', _('Gabon')),
('GB', _('United Kingdom (Great Britain)')),
('GD', _('Grenada')),
('GE', _('Georgia')),
('GF', _('French Guiana')),
('GH', _('Ghana')),
('GI', _('Gibraltar')),
('GL', _('Greenland')),
('GM', _('Gambia')),
('GN', _('Guinea')),
('GP', _('Guadeloupe')),
('GQ', _('Equatorial Guinea')),
('GR', _('Greece')),
('GS', _('South Georgia and the South Sandwich Islands')),
('GT', _('Guatemala')),
('GU', _('Guam')),
('GW', _('Guinea-Bissau')),
('GY', _('Guyana')),
('HK', _('Hong Kong')),
('HM', _('Heard & McDonald Islands')),
('HN', _('Honduras')),
('HR', _('Croatia')),
('HT', _('Haiti')),
('HU', _('Hungary')),
('ID', _('Indonesia')),
('IE', _('Ireland')),
('IL', _('Israel')),
('IN', _('India')),
('IO', _('British Indian Ocean Territory')),
('IQ', _('Iraq')),
('IR', _('Islamic Republic of Iran')),
('IS', _('Iceland')),
('IT', _('Italy')),
('JM', _('Jamaica')),
('JO', _('Jordan')),
('JP', _('Japan')),
('KE', _('Kenya')),
('KG', _('Kyrgyzstan')),
('KH', _('Cambodia')),
('KI', _('Kiribati')),
('KM', _('Comoros')),
('KN', _('St. Kitts and Nevis')),
('KP', _('Korea, Democratic People\'s Republic of')),
('KR', _('Korea, Republic of')),
('KW', _('Kuwait')),
('KY', _('Cayman Islands')),
('KZ', _('Kazakhstan')),
('LA', _('Lao People\'s Democratic Republic')),
('LB', _('Lebanon')),
('LC', _('Saint Lucia')),
('LI', _('Liechtenstein')),
('LK', _('Sri Lanka')),
('LR', _('Liberia')),
('LS', _('Lesotho')),
('LT', _('Lithuania')),
('LU', _('Luxembourg')),
('LV', _('Latvia')),
('LY', _('Libyan Arab Jamahiriya')),
('MA', _('Morocco')),
('MC', _('Monaco')),
('MD', _('Moldova, Republic of')),
('MG', _('Madagascar')),
('MH', _('Marshall Islands')),
('ML', _('Mali')),
('MN', _('Mongolia')),
('MM', _('Myanmar')),
('MO', _('Macau')),
('MP', _('Northern Mariana Islands')),
('MQ', _('Martinique')),
('MR', _('Mauritania')),
('MS', _('Monserrat')),
('MT', _('Malta')),
('MU', _('Mauritius')),
('MV', _('Maldives')),
('MW', _('Malawi')),
('MX', _('Mexico')),
('MY', _('Malaysia')),
('MZ', _('Mozambique')),
('NA', _('Namibia')),
('NC', _('New Caledonia')),
('NE', _('Niger')),
('NF', _('Norfolk Island')),
('NG', _('Nigeria')),
('NI', _('Nicaragua')),
('NL', _('Netherlands')),
('NO', _('Norway')),
('NP', _('Nepal')),
('NR', _('Nauru')),
('NU', _('Niue')),
('NZ', _('New Zealand')),
('OM', _('Oman')),
('PA', _('Panama')),
('PE', _('Peru')),
('PF', _('French Polynesia')),
('PG', _('Papua New Guinea')),
('PH', _('Philippines')),
('PK', _('Pakistan')),
('PL', _('Poland')),
('PM', _('St. Pierre & Miquelon')),
('PN', _('Pitcairn')),
('PR', _('Puerto Rico')),
('PT', _('Portugal')),
('PW', _('Palau')),
('PY', _('Paraguay')),
('QA', _('Qatar')),
('RE', _('Reunion')),
('RO', _('Romania')),
('RU', _('Russian Federation')),
('RW', _('Rwanda')),
('SA', _('Saudi Arabia')),
('SB', _('Solomon Islands')),
('SC', _('Seychelles')),
('SD', _('Sudan')),
('SE', _('Sweden')),
('SG', _('Singapore')),
('SH', _('St. Helena')),
('SI', _('Slovenia')),
('SJ', _('Svalbard & Jan Mayen Islands')),
('SK', _('Slovakia')),
('SL', _('Sierra Leone')),
('SM', _('San Marino')),
('SN', _('Senegal')),
('SO', _('Somalia')),
('SR', _('Suriname')),
('ST', _('Sao Tome & Principe')),
('SV', _('El Salvador')),
('SY', _('Syrian Arab Republic')),
('SZ', _('Swaziland')),
('TC', _('Turks & Caicos Islands')),
('TD', _('Chad')),
('TF', _('French Southern Territories')),
('TG', _('Togo')),
('TH', _('Thailand')),
('TJ', _('Tajikistan')),
('TK', _('Tokelau')),
('TM', _('Turkmenistan')),
('TN', _('Tunisia')),
('TO', _('Tonga')),
('TP', _('East Timor')),
('TR', _('Turkey')),
('TT', _('Trinidad & Tobago')),
('TV', _('Tuvalu')),
('TW', _('Taiwan, Province of China')),
('TZ', _('Tanzania, United Republic of')),
('UA', _('Ukraine')),
('UG', _('Uganda')),
('UM', _('United States Minor Outlying Islands')),
('US', _('United States of America')),
('UY', _('Uruguay')),
('UZ', _('Uzbekistan')),
('VA', _('Vatican City State (Holy See)')),
('VC', _('St. Vincent & the Grenadines')),
('VE', _('Venezuela')),
('VG', _('British Virgin Islands')),
('VI', _('United States Virgin Islands')),
('VN', _('Viet Nam')),
('VU', _('Vanuatu')),
('WF', _('Wallis & Futuna Islands')),
('WS', _('Samoa')),
('YE', _('Yemen')),
('YT', _('Mayotte')),
('YU', _('Yugoslavia')),
('ZA', _('South Africa')),
('ZM', _('Zambia')),
('ZR', _('Zaire')),
('ZW', _('Zimbabwe')),

View file

@ -1,6 +0,0 @@
from django.contrib import admin
from .models import UncloudProvider, UncloudNetwork
for m in [ UncloudProvider, UncloudNetwork ]:

View file

@ -1,43 +0,0 @@
import random
import string
from import BaseCommand
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth import get_user_model
from django.conf import settings
from uncloud_pay.models import BillingAddress, RecurringPeriod, Product
from uncloud.models import UncloudProvider, UncloudNetwork
class Command(BaseCommand):
help = 'Add standard uncloud values'
def add_arguments(self, parser):
def handle(self, *args, **options):
# Order matters, objects can be dependent on each other
pw_length = 32
# Only set password if the user did not exist before
admin_user = get_user_model().objects.get(username=settings.UNCLOUD_ADMIN_NAME)
except ObjectDoesNotExist:
random_password = ''.join(random.SystemRandom().choice(string.ascii_lowercase + string.digits) for _ in range(pw_length))
admin_user = get_user_model().objects.create_user(username=settings.UNCLOUD_ADMIN_NAME, password=random_password)
print(f"Created admin user '{admin_username}' with password '{random_password}'")

View file

@ -1,24 +0,0 @@
# Generated by Django 3.1 on 2020-10-11 19:59
from django.db import migrations, models
class Migration(migrations.Migration):
initial = True
dependencies = [
operations = [
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('starting_date', models.DateField()),
('ending_date', models.DateField(blank=True)),
('name', models.CharField(max_length=256)),
('address', models.TextField()),

View file

@ -1,18 +0,0 @@
# Generated by Django 3.1 on 2020-10-11 20:01
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('uncloud', '0001_initial'),
operations = [
field=models.DateField(blank=True, null=True),

View file

@ -1,27 +0,0 @@
# Generated by Django 3.1 on 2020-10-11 20:09
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('uncloud_net', '0010_auto_20201011_2009'),
('uncloud', '0002_auto_20201011_2001'),
operations = [
field=models.ForeignKey(default=0, on_delete=django.db.models.deletion.CASCADE, related_name='uncloudproviderbill', to='uncloud_net.uncloudnetwork'),
field=models.ForeignKey(default=0, on_delete=django.db.models.deletion.CASCADE, related_name='uncloudproviderreferral', to='uncloud_net.uncloudnetwork'),

File diff suppressed because one or more lines are too long

View file

@ -1,21 +0,0 @@
# Generated by Django 3.1 on 2020-10-12 17:32
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('uncloud_net', '0010_auto_20201011_2009'),
('uncloud', '0004_auto_20201011_2031'),
operations = [
field=models.ForeignKey(default=0, on_delete=django.db.models.deletion.CASCADE, related_name='uncloudprovidercoupon', to='uncloud_net.uncloudnetwork'),

View file

@ -1,40 +0,0 @@
# Generated by Django 3.1 on 2020-10-25 19:31
import django.core.validators
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('uncloud', '0005_uncloudprovider_coupon_network'),
operations = [
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('network_address', models.GenericIPAddressField(unique=True)),
('network_mask', models.IntegerField(validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(128)])),
('description', models.CharField(max_length=256)),
field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='uncloudproviderbill', to='uncloud.uncloudnetwork'),
field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='uncloudprovidercoupon', to='uncloud.uncloudnetwork'),
field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='uncloudproviderreferral', to='uncloud.uncloudnetwork'),

View file

@ -1,163 +0,0 @@
from django.db import models
from django.db.models import JSONField, Q
from django.utils import timezone
from django.utils.translation import gettext_lazy as _
from django.core.validators import MinValueValidator, MaxValueValidator
from uncloud import COUNTRIES
class UncloudModel(models.Model):
This class extends the standard model with an
extra_data field that can be used to include public,
but internal information.
For instance if you migrate from an existing virtualisation
framework to uncloud.
The extra_data attribute should be considered a hack and whenever
data is necessary for running uncloud, it should **not** be stored
in there.
extra_data = JSONField(editable=False, blank=True, null=True)
class Meta:
abstract = True
# See
class UncloudStatus(models.TextChoices):
PENDING = 'PENDING', _('Pending')
BEING_CREATED = 'BEING_CREATED', _('Being created')
SCHEDULED = 'SCHEDULED', _('Scheduled') # resource selected, waiting for dispatching
ACTIVE = 'ACTIVE', _('Active')
MODIFYING = 'MODIFYING', _('Modifying') # Resource is being changed
DELETED = 'DELETED', _('Deleted') # Resource has been deleted
DISABLED = 'DISABLED', _('Disabled') # Is usable, but cannot be used for new things
UNUSABLE = 'UNUSABLE', _('Unusable'), # Has some kind of error
# General address handling
class CountryField(models.CharField):
def __init__(self, *args, **kwargs):
kwargs.setdefault('choices', COUNTRIES)
kwargs.setdefault('default', 'CH')
kwargs.setdefault('max_length', 2)
super().__init__(*args, **kwargs)
def get_internal_type(self):
return "CharField"
class UncloudAddress(models.Model):
full_name = models.CharField(max_length=256)
organization = models.CharField(max_length=256, blank=True, null=True)
street = models.CharField(max_length=256)
city = models.CharField(max_length=256)
postal_code = models.CharField(max_length=64)
country = CountryField(blank=True)
class Meta:
abstract = True
# UncloudNetworks are used as identifiers - such they are a base of uncloud
class UncloudNetwork(models.Model):
Storing IP networks
network_address = models.GenericIPAddressField(null=False, unique=True)
network_mask = models.IntegerField(null=False,
description = models.CharField(max_length=256)
def populate_db_defaults(cls):
for net, desc in [
( "2a0a:e5c0:11::", "uncloud Billing" ),
( "2a0a:e5c0:11:1::", "uncloud Referral" ),
( "2a0a:e5c0:11:2::", "uncloud Coupon" )
obj, created = cls.objects.get_or_create(network_address=net,
defaults= {
'network_mask': 64,
'description': desc
def save(self, *args, **kwargs):
if not ':' in self.network_address and self.network_mask > 32:
raise FieldError("Mask cannot exceed 32 for IPv4")
super().save(*args, **kwargs)
def __str__(self):
return f"{self.network_address}/{self.network_mask} {self.description}"
# Who is running / providing this instance of uncloud?
class UncloudProvider(UncloudAddress):
A class resembling who is running this uncloud instance.
This might change over time so we allow starting/ending dates
This also defines the taxation rules.
starting/ending date define from when to when this is valid. This way
we can model address changes and have it correct in the bills.
# Meta:
# FIXMe: only allow non overlapping time frames -- how to define this as a constraint?
starting_date = models.DateField()
ending_date = models.DateField(blank=True, null=True)
billing_network = models.ForeignKey(UncloudNetwork, related_name="uncloudproviderbill", on_delete=models.CASCADE)
referral_network = models.ForeignKey(UncloudNetwork, related_name="uncloudproviderreferral", on_delete=models.CASCADE)
coupon_network = models.ForeignKey(UncloudNetwork, related_name="uncloudprovidercoupon", on_delete=models.CASCADE)
def get_provider(cls, when=None):
Find active provide at a certain time - if there was any
if not when:
when =
return cls.objects.get(Q(starting_date__gte=when, ending_date__lte=when) |
Q(starting_date__gte=when, ending_date__isnull=True))
def populate_db_defaults(cls):
obj, created = cls.objects.get_or_create(full_name="ungleich glarus ag",
street="Bahnhofstrasse 1",
billing_network=UncloudNetwork.objects.get(description="uncloud Billing"),
referral_network=UncloudNetwork.objects.get(description="uncloud Referral"),
coupon_network=UncloudNetwork.objects.get(description="uncloud Coupon")
def __str__(self):
return f"{self.full_name} {}"

View file

@ -1,14 +0,0 @@
<!doctype html>
<html lang="en">
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>{% block title %}Welcome to uncloud{% endblock %}</title>
{% block header %}{% endblock %}
{% block body %}{% endblock %}

View file

@ -1,80 +0,0 @@
"""uncloud URL Configuration
The `urlpatterns` list routes URLs to views. For more information please see:
from django.contrib import admin
from django.urls import path, include
from django.conf import settings
from django.conf.urls.static import static
from rest_framework import routers
from rest_framework.schemas import get_schema_view
#from opennebula import views as oneviews
from uncloud_auth import views as authviews
from uncloud_net import views as netviews
from uncloud_pay import views as payviews
from uncloud_vm import views as vmviews
from uncloud_service import views as serviceviews
router = routers.DefaultRouter()
# Beta endpoints
router.register(r'beta/vm', vmviews.NicoVMProductViewSet, basename='nicovmproduct')
# VM
router.register(r'v1/vm/snapshot', vmviews.VMSnapshotProductViewSet, basename='vmsnapshotproduct')
router.register(r'v1/vm/diskimage', vmviews.VMDiskImageProductViewSet, basename='vmdiskimageproduct')
router.register(r'v1/vm/disk', vmviews.VMDiskProductViewSet, basename='vmdiskproduct')
router.register(r'v1/vm/vm', vmviews.VMProductViewSet, basename='vmproduct')
# creates VM from os image
#router.register(r'vm/ipv6onlyvm', vmviews.VMProductViewSet, basename='vmproduct')
# ... AND adds IPv4 mapping
#router.register(r'vm/dualstackvm', vmviews.VMProductViewSet, basename='vmproduct')
# Services
router.register(r'v1/service/matrix', serviceviews.MatrixServiceProductViewSet, basename='matrixserviceproduct')
router.register(r'v1/service/generic', serviceviews.GenericServiceProductViewSet, basename='genericserviceproduct')
# Net
router.register(r'v1/net/vpn', netviews.VPNNetworkViewSet, basename='vpnnetwork')
router.register(r'v1/admin/vpnreservation', netviews.VPNNetworkReservationViewSet, basename='vpnnetreservation')
# Pay
router.register(r'v1/my/address', payviews.BillingAddressViewSet, basename='billingaddress')
router.register(r'v1/my/bill', payviews.BillViewSet, basename='bill')
router.register(r'v1/my/order', payviews.OrderViewSet, basename='order')
router.register(r'v1/my/payment', payviews.PaymentViewSet, basename='payment')
router.register(r'v1/my/payment-method', payviews.PaymentMethodViewSet, basename='payment-method')
# admin/staff urls
router.register(r'v1/admin/bill', payviews.AdminBillViewSet, basename='admin/bill')
router.register(r'v1/admin/payment', payviews.AdminPaymentViewSet, basename='admin/payment')
router.register(r'v1/admin/order', payviews.AdminOrderViewSet, basename='admin/order')
router.register(r'v1/admin/vmhost', vmviews.VMHostViewSet)
router.register(r'v1/admin/vmcluster', vmviews.VMClusterViewSet)
router.register(r'v1/admin/vpnpool', netviews.VPNPoolViewSet)
#router.register(r'v1/admin/opennebula', oneviews.VMViewSet, basename='opennebula')
# User/Account
router.register(r'v1/my/user', authviews.UserViewSet, basename='user')
router.register(r'v1/admin/user', authviews.AdminUserViewSet, basename='useradmin')
urlpatterns = [
path(r'api/', include(router.urls)),
# web/ = stuff to view in the browser
path('api-auth/', include('rest_framework.urls', namespace='rest_framework')), # for login to REST API
path('openapi', get_schema_view(
description="uncloud API",
), name='openapi-schema'),

View file

@ -1,21 +0,0 @@
from import BaseCommand
from django.contrib.auth import get_user_model
import sys
class Command(BaseCommand):
help = 'Give Admin rights to existing user'
def add_arguments(self, parser):
parser.add_argument('username', type=str)
parser.add_argument('--superuser', action='store_true')
def handle(self, *args, **options):
user = get_user_model().objects.get(username=options['username'])
user.is_staff = True
if options['superuser']:
user.is_superuser = True
print(f"{user.username} is now admin (superuser={user.is_superuser})")

View file

@ -1,18 +0,0 @@
# Generated by Django 3.1 on 2020-08-08 19:53
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('uncloud_auth', '0001_initial'),
operations = [
field=models.CharField(blank=True, max_length=150, verbose_name='first name'),

View file

@ -1,25 +0,0 @@
from django.contrib.auth import get_user_model
from rest_framework import serializers
from uncloud_pay import AMOUNT_DECIMALS, AMOUNT_MAX_DIGITS
from uncloud_pay.models import BillingAddress
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = get_user_model()
read_only_fields = [ 'username', 'balance', 'maximum_credit' ]
fields = read_only_fields + [ 'email', 'primary_billing_address' ]
def validate(self, data):
Ensure that the primary billing address belongs to the user
if 'primary_billing_address' in data:
if not data['primary_billing_address'].owner == self.instance:
raise serializers.ValidationError("Invalid data")
return data
class ImportUserSerializer(serializers.Serializer):
username = serializers.CharField()

View file

@ -1,54 +0,0 @@
from rest_framework import viewsets, permissions, status
from .serializers import *
from django_auth_ldap.backend import LDAPBackend
from rest_framework.decorators import action
from rest_framework.response import Response
class UserViewSet(viewsets.GenericViewSet):
permission_classes = [permissions.IsAuthenticated]
serializer_class = UserSerializer
def get_queryset(self):
return self.request.user
def list(self, request, format=None):
# This is a bit stupid: we have a user, we create a queryset by
# matching on the username. But I don't know a "nicer" way.
# Nico, 2020-03-18
user = request.user
serializer = self.get_serializer(user, context = {'request': request})
return Response(
def create(self, request):
Modify existing user data
user = request.user
serializer = self.get_serializer(user,
context = {'request': request},
return Response(
class AdminUserViewSet(viewsets.ReadOnlyModelViewSet):
permission_classes = [permissions.IsAdminUser]
def get_serializer_class(self):
if self.action == 'import_from_ldap':
return ImportUserSerializer
return UserSerializer
def get_queryset(self):
return get_user_model().objects.all()
@action(detail=False, methods=['post'], url_path='import_from_ldap')
def import_from_ldap(self, request, pk=None):
serializer = self.get_serializer(
ldap_username = serializer.validated_data.pop("username")
user = LDAPBackend().populate_user(ldap_username)
return Response(UserSerializer(user, context = {'request': request}).data)

View file

@ -10,7 +10,6 @@
| SSH -L tunnel | All nodes can use [::1]:5432 | SSH setup can be fragile |
| ssh djangohost | All DB ops locally | Code is only executed on django host |
| https + token | Rest alike / consistent access | Code is only executed on django host |
| from_django | Everything is on the django host | main host can become bottleneck |
** remote vs. local Django code execution
- If is executed locally (= on the client), it can
check/modify local configs
@ -20,9 +19,3 @@
- Remote execution (= on the primary django host) can acess the db
via unix socket
- However remote execution cannot check local state
** from_django
- might reuse existing methods like celery
- reduces the amount of things to be installed on the client to
almost zero
- follows the opennebula model
- has a single point of failurebin

View file

@ -0,0 +1,82 @@
## Introduction
This article describes how models relate to each other and what the
design ideas are. It is meant to prevent us from double implementing
something or changing something that is already solved.
## Products
A product is something someone can order. We might have "low level"
products that need to be composed (= higher degree of flexibility, but
more amount of details necessary) and "composed products" that present
some defaults or select other products automatically (f.i. a "dual
stack VM" can be a VM + a disk + an IPv4 address).
## Bills
Bills represent active orders of a month. Bills can be shown during a
month but only become definitive at the end of the month.
## Orders
When customer X order a (set) of product, it generates an order for billing
purposes. The ordered products point to that order and register an Order Record
at creation.
Orders and Order Records are assumed immutable => they are used to generate
bills and should not be mutated. If a product is updated (e.g. adding RAM to
VM), a new order should be generated.
The order MUST NOT be deleted when a product is deleted, as it is used for
billing (including past bills).
### Order record
Used to store billing details of a product at creation: will stay there even if
the product change (e.g. new pricing, updated) and act as some kind of archive.
Used to generate bills.
## Payment Methods
Users/customers can register payment methods.
## Sample flows / products
### A VM snapshot
A VM snapshot creates a snapshot of all disks attached to a VM to be
able to rollback the VM to a previous state.
Creating a VM snapshot (-product) creates a related order. Deleting a
VMSnapshotproduct sets the order to deleted.
### Object Storage
(tbd by Balazs)
### A "raw" VM
(tbd by Ahmed)
### An IPv6 only VM
(tbd by Ahmed)
### A dual stack VM
(tbd by Ahmed)
### A managed service (e.g. Matrix-as-a-Service)
Customer orders service with:
* Service-specific configuration: e.g. domain name for matrix
* VM configuration:
- Memory
- Disk (soon)
It creates a new Order with two products/records:
* Service itself (= management)
* Underlying VM

View file

@ -0,0 +1,8 @@
* uncloud clients access the data base from a variety of outside hosts
* So the postgresql data base needs to be remotely accessible
* Instead of exposing the tcp socket, we make postgresql bind to localhost via IPv6
** ::1, port 5432
* Then we remotely connect to the database server with ssh tunneling
** ssh -L5432:localhost:5432 uncloud-database-host
* Configuring your database for SSH based remote access
** host all all ::1/128 trust

View file

@ -0,0 +1,34 @@
## Introduction
This document describes how to create, modify or
delete a product and use it.
A product (like a VMSnapshotproduct) creates an order when ordered.
The "order" is used to combine products together.
Sub-products or related products link to the same order.
Each product has one (?) orderrecord
## How to delete a product (logic 1)
If a user want so delete (=cancel) a product, the following steps
should be taken:
* the associated order is set to cancelled
* the product itself is deleted
[above steps to be reviewed]
## How to delete a product (rest api)
http -a nicoschottelius:$(pass
-> does not delete the reservation.
### Deleting a VPN
When the product is deleted, the network must be marked as free.

View file

@ -0,0 +1,34 @@
* How to add a new VPN Host
** Install wireguard to the host
** Install uncloud to the host
** Add `python vpn --hostname fqdn-of-this-host` to the crontab
** Use the CLI to configure one or more VPN Networks for this host
* Example of adding a VPN host at ungleich
** Create a new dual stack alpine VM
** Add it to DNS as
** Route a /40 network to its IPv6 address
** Install wireguard on it
** TODO Enable wireguard on boot
** TODO Create a new VPNPool on uncloud with
*** the network address (selecting from our existing pool)
*** the network size (/...)
*** the vpn host that provides the network (selecting the created VM)
*** the wireguard private key of the vpn host (using wg genkey)
*** http command
http -a nicoschottelius:$(pass
http://localhost:8000/admin/vpnpool/ network=2a0a:e5c1:200:: \
network_size=40 subnetwork_size=48
* Example http commands / REST calls
** creating a new vpn pool
http -a nicoschottelius:$(pass
http://localhost:8000/admin/vpnpool/ network_size=40
subnetwork_size=48 network=2a0a:e5c1:200:: wireguard_private_key=$(wg
** Creating a new vpn network

View file

@ -0,0 +1,95 @@
## Install
### OS package requirements
apk add openldap-dev postgresql-dev
apt install postgresql-server-dev-all
### Python requirements
If you prefer using a venv, use:
python -m venv venv
. ./venv/bin/activate
Then install the requirements
pip install -r requirements.txt
### Database requirements
Due to the use of the JSONField, postgresql is required.
First create a role to be used:
postgres=# create role nico login;
Then create the database owner by the new role:
postgres=# create database uncloud owner nico;
Installing the postgresql service is os dependent, but some hints:
* Alpine: `apk add postgresql-server && rc-update add postgresql && rc-service postgresql start`
* Debian/Devuan: `apt install postgresql`
After postresql is started, apply the migrations:
python migrate
### Secrets
cp `uncloud/` to `uncloud/` and replace the
sample values with real values.
## Flows / Orders
### Creating a VMHost
### Creating a VM
* Create a VMHost
* Create a VM on a VMHost
### Creating a VM Snapshot
## Working Beta APIs
These APIs can be used for internal testing.
### URL Overview
http -a nicoschottelius:$(pass http://localhost:8000
### Snapshotting
http -a nicoschottelius:$(pass http://localhost:8000/vm/snapshot/ vm_uuid=$(uuidgen)

View file


Width:  |  Height:  |  Size: 398 KiB


Width:  |  Height:  |  Size: 398 KiB

View file

@ -1,9 +1,12 @@
import json
import uncloud.secrets as secrets
from xmlrpc.client import ServerProxy as RPCClient
from django_auth_ldap.backend import LDAPBackend
from import BaseCommand
from django.conf import settings
from xmltodict import parse
from opennebula.models import VM as VMModel
@ -16,9 +19,9 @@ class Command(BaseCommand):
def handle(self, *args, **options):
with RPCClient(settings.OPENNEBULA_URL) as rpc_client:
with RPCClient(secrets.OPENNEBULA_URL) as rpc_client:
success, response, *_ =
settings.OPENNEBULA_USER_PASS, -2, -1, -1, -1
secrets.OPENNEBULA_USER_PASS, -2, -1, -1, -1
if success:
vms = json.loads(json.dumps(parse(response)))['VM_POOL']['VM']

View file

@ -0,0 +1,28 @@
# Generated by Django 3.0.3 on 2020-02-23 17:12
from django.conf import settings
import django.contrib.postgres.fields.jsonb
from django.db import migrations, models
import django.db.models.deletion
import uuid
class Migration(migrations.Migration):
initial = True
dependencies = [
operations = [
('vmid', models.IntegerField(primary_key=True, serialize=False)),
('uuid', models.UUIDField(default=uuid.uuid4, editable=False, unique=True)),
('data', django.contrib.postgres.fields.jsonb.JSONField()),
('owner', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),

View file

@ -0,0 +1,27 @@
# Generated by Django 3.0.3 on 2020-02-25 13:35
from django.db import migrations, models
import uuid
class Migration(migrations.Migration):
dependencies = [
('opennebula', '0001_initial'),
operations = [
field=models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False, unique=True),

View file

@ -0,0 +1,19 @@
# Generated by Django 3.0.3 on 2020-02-25 14:28
from django.db import migrations, models
import uuid
class Migration(migrations.Migration):
dependencies = [
('opennebula', '0002_auto_20200225_1335'),
operations = [
field=models.CharField(default=uuid.uuid4, max_length=64, primary_key=True, serialize=False, unique=True),

View file

@ -1,4 +1,4 @@
# Generated by Django 3.1 on 2020-08-09 12:37
# Generated by Django 3.0.3 on 2020-02-25 18:16
from django.db import migrations, models
@ -6,18 +6,18 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('uncloud_pay', '0013_auto_20200809_1237'),
('opennebula', '0003_auto_20200808_1953'),
('opennebula', '0003_auto_20200225_1428'),
operations = [
field=models.IntegerField(default=42, primary_key=True, serialize=False),

View file

@ -1,7 +1,7 @@
import uuid
from django.db import models
from django.contrib.auth import get_user_model
from uncloud_pay.models import Product
from django.contrib.postgres.fields import JSONField
# ungleich specific
storage_class_mapping = {
@ -12,7 +12,8 @@ storage_class_mapping = {
class VM(models.Model):
vmid = models.IntegerField(primary_key=True)
data = models.JSONField()
owner = models.ForeignKey(get_user_model(), on_delete=models.CASCADE)
data = JSONField()
def uncloud_name(self):

View file

@ -0,0 +1,16 @@
from rest_framework import viewsets, permissions
from .models import VM
from .serializers import OpenNebulaVMSerializer
class VMViewSet(viewsets.ModelViewSet):
permission_classes = [permissions.IsAuthenticated]
serializer_class = OpenNebulaVMSerializer
def get_queryset(self):
if self.request.user.is_superuser:
obj = VM.objects.all()
obj = VM.objects.filter(owner=self.request.user)
return obj

View file

@ -0,0 +1 @@

View file

@ -1,8 +1,4 @@
import decimal
# Define DecimalField properties, used to represent amounts of money.
# Used in pay and auth
decimal.getcontext().prec = AMOUNT_DECIMALS

View file

@ -0,0 +1,35 @@
from django.db import models
from django.contrib.postgres.fields import JSONField
from django.utils.translation import gettext_lazy as _
class UncloudModel(models.Model):
This class extends the standard model with an
extra_data field that can be used to include public,
but internal information.
For instance if you migrate from an existing virtualisation
framework to uncloud.
The extra_data attribute should be considered a hack and whenever
data is necessary for running uncloud, it should **not** be stored
in there.
extra_data = JSONField(editable=False, blank=True, null=True)
class Meta:
abstract = True
# See
class UncloudStatus(models.TextChoices):
PENDING = 'PENDING', _('Pending')
BEING_CREATED = 'BEING_CREATED', _('Being created')
SCHEDULED = 'SCHEDULED', _('Scheduled') # resource selected, waiting for dispatching
ACTIVE = 'ACTIVE', _('Active')
MODIFYING = 'MODIFYING', _('Modifying') # Resource is being changed
DELETED = 'DELETED', _('Deleted') # Resource has been deleted
DISABLED = 'DISABLED', _('Disabled') # Is usable, but cannot be used for new things
UNUSABLE = 'UNUSABLE', _('Unusable'), # Has some kind of error

View file

@ -0,0 +1,21 @@
from import get_random_secret_key
# XML-RPC interface of opennebula
# user:pass for accessing opennebula
OPENNEBULA_USER_PASS = 'user:password'
# See
# Stripe (Credit Card payments)
# The django secret key

View file

@ -13,30 +13,41 @@
import os
import ldap
from import get_random_secret_key
# Uncommitted file with secrets
import uncloud.secrets
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
# Uncommitted file with local settings i.e logging
from uncloud.local_settings import LOGGING, DATABASES
except ModuleNotFoundError:
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': uncloud.secrets.POSTGRESQL_DB_NAME,
'HOST': os.environ.get('DATABASE_HOST', '::1'),
'USER': os.environ.get('DATABASE_USER', 'postgres'),
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
# Quick-start development settings - unsuitable for production
# See
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = uncloud.secrets.SECRET_KEY
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
# Application definition
@ -112,12 +123,7 @@ AUTH_PASSWORD_VALIDATORS = [
AUTH_LDAP_USER_SEARCH = LDAPSearch("dc=example,dc=com",
"first_name": "givenName",
@ -125,6 +131,13 @@ AUTH_LDAP_USER_ATTR_MAP = {
"email": "mail"
AUTH_LDAP_USER_SEARCH = LDAPSearch("dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
# AUTH/Django
@ -145,6 +158,7 @@ REST_FRAMEWORK = {
# Internationalization
@ -163,31 +177,3 @@ USE_TZ = True
STATIC_URL = '/static/'
STATICFILES_DIRS = [ os.path.join(BASE_DIR, "static") ]
# XML-RPC interface of opennebula
# user:pass for accessing opennebula
OPENNEBULA_USER_PASS = 'user:password'
# Stripe (Credit Card payments)
# The django secret key
# required for hardcopy / pdf rendering:
CHROME_PATH = '/usr/bin/chromium-browser'
# Username that is created by default and owns the configuration objects
UNCLOUD_ADMIN_NAME = "uncloud-admin"
# Overwrite settings with local settings, if existing
from uncloud.local_settings import *
except (ModuleNotFoundError, ImportError):

View file

@ -0,0 +1,88 @@
"""uncloud URL Configuration
The `urlpatterns` list routes URLs to views. For more information please see:
Function views
1. Add an import: from my_app import views
2. Add a URL to urlpatterns: path('', views.home, name='home')
Class-based views
1. Add an import: from other_app.views import Home
2. Add a URL to urlpatterns: path('', Home.as_view(), name='home')
Including another URLconf
1. Import the include() function: from django.urls import include, path
2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
from django.contrib import admin
from django.urls import path, include
from django.conf import settings
from django.conf.urls.static import static
from rest_framework import routers
from rest_framework.schemas import get_schema_view
from opennebula import views as oneviews
from uncloud_auth import views as authviews
from uncloud_net import views as netviews
from uncloud_pay import views as payviews
from uncloud_vm import views as vmviews
from uncloud_service import views as serviceviews
router = routers.DefaultRouter()
# VM
router.register(r'vm/snapshot', vmviews.VMSnapshotProductViewSet, basename='vmsnapshotproduct')
router.register(r'vm/diskimage', vmviews.VMDiskImageProductViewSet, basename='vmdiskimageproduct')
router.register(r'vm/disk', vmviews.VMDiskProductViewSet, basename='vmdiskproduct')
router.register(r'vm/vm', vmviews.VMProductViewSet, basename='vmproduct')
# creates VM from os image
#router.register(r'vm/ipv6onlyvm', vmviews.VMProductViewSet, basename='vmproduct')
# ... AND adds IPv4 mapping
#router.register(r'vm/dualstackvm', vmviews.VMProductViewSet, basename='vmproduct')
# Services
router.register(r'service/matrix', serviceviews.MatrixServiceProductViewSet, basename='matrixserviceproduct')
router.register(r'service/generic', serviceviews.GenericServiceProductViewSet, basename='genericserviceproduct')
# Net
router.register(r'net/vpn', netviews.VPNNetworkViewSet, basename='vpnnet')
router.register(r'net/vpnreservation', netviews.VPNNetworkReservationViewSet, basename='vpnnetreservation')
# Pay
router.register(r'address', payviews.BillingAddressViewSet, basename='address')
router.register(r'bill', payviews.BillViewSet, basename='bill')
router.register(r'order', payviews.OrderViewSet, basename='order')
router.register(r'payment', payviews.PaymentViewSet, basename='payment')
router.register(r'payment-method', payviews.PaymentMethodViewSet, basename='payment-method')
# admin/staff urls
router.register(r'admin/bill', payviews.AdminBillViewSet, basename='admin/bill')
router.register(r'admin/payment', payviews.AdminPaymentViewSet, basename='admin/payment')
router.register(r'admin/order', payviews.AdminOrderViewSet, basename='admin/order')
router.register(r'admin/vmhost', vmviews.VMHostViewSet)
router.register(r'admin/vmcluster', vmviews.VMClusterViewSet)
router.register(r'admin/vpnpool', netviews.VPNPoolViewSet)
router.register(r'admin/opennebula', oneviews.VMViewSet, basename='opennebula')
# User/Account
router.register(r'user', authviews.UserViewSet, basename='user')
urlpatterns = [
path('', include(router.urls)),
# web/ = stuff to view in the browser
path('web/pdf/', payviews.MyPDFView.as_view(), name='pdf'),
path('api-auth/', include('rest_framework.urls', namespace='rest_framework')), # for login to REST API
path('openapi', get_schema_view(
description="uncloud API",
), name='openapi-schema'),

View file

@ -1,8 +1,7 @@
# Generated by Django 3.0.6 on 2020-08-01 16:38
# Generated by Django 3.0.3 on 2020-03-03 16:49
import django.contrib.auth.models
import django.contrib.auth.validators
import django.core.validators
from django.db import migrations, models
import django.utils.timezone
@ -30,7 +29,6 @@ class Migration(migrations.Migration):
('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
('date_joined', models.DateTimeField(, verbose_name='date joined')),
('maximum_credit', models.DecimalField(decimal_places=2, default=0.0, max_digits=10, validators=[django.core.validators.MinValueValidator(0)])),
('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.Group', verbose_name='groups')),
('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.Permission', verbose_name='user permissions')),

View file

@ -1,4 +1,4 @@
# Generated by Django 3.1 on 2020-09-28 19:45
# Generated by Django 3.0.3 on 2020-03-18 13:43
import django.core.validators
from django.db import migrations, models
@ -7,18 +7,19 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('uncloud_pay', '0023_auto_20200928_1944'),
('uncloud_auth', '0001_initial'),
operations = [
field=models.CharField(choices=[('CHF', 'Swiss Franc'), ('EUR', 'Euro'), ('USD', 'US Dollar')], default='CHF', max_length=32),
field=models.DecimalField(decimal_places=2, default=0.0, max_digits=10, validators=[django.core.validators.MinValueValidator(0)]),

View file

@ -0,0 +1,23 @@
# Generated by Django 3.0.3 on 2020-03-18 13:45
import django.core.validators
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('uncloud_auth', '0002_auto_20200318_1343'),
operations = [
field=models.DecimalField(decimal_places=2, default=0.0, max_digits=10, validators=[django.core.validators.MinValueValidator(0)]),

View file

@ -2,7 +2,8 @@ from django.contrib.auth.models import AbstractUser
from django.db import models
from django.core.validators import MinValueValidator
from uncloud_pay import AMOUNT_DECIMALS, AMOUNT_MAX_DIGITS
from uncloud_pay.models import get_balance_for_user
class User(AbstractUser):
@ -17,9 +18,6 @@ class User(AbstractUser):
# @property
# def primary_billing_address(self):
def balance(self):
return get_balance_for_user(self)

View file

@ -0,0 +1,15 @@
from django.contrib.auth import get_user_model
from rest_framework import serializers
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = get_user_model()
fields = ['username', 'email', 'balance', 'maximum_credit' ]
balance = serializers.DecimalField(max_digits=AMOUNT_MAX_DIGITS,

View file

@ -0,0 +1,17 @@
from rest_framework import viewsets, permissions, status
from .serializers import *
class UserViewSet(viewsets.ReadOnlyModelViewSet):
serializer_class = UserSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
if self.request.user.is_superuser:
obj = get_user_model().objects.all()
# This is a bit stupid: we have a user, we create a queryset by
# matching on the username. But I don't know a "nicer" way.
# Nico, 2020-03-18
obj = get_user_model().objects.filter(username=self.request.user.username)
return obj

Some files were not shown because too many files have changed in this diff Show more