def add_auth_middleware(app):
"""Add authentication middleware to Flask application.
:param app: application.
"""
auth_conf = {key: conf.get('discoverd', value)
for (key, value) in zip(MIDDLEWARE_ARGS, OS_ARGS)}
auth_conf['delay_auth_decision'] = True
auth_conf['identity_uri'] = conf.get('discoverd', 'identity_uri')
app.wsgi_app = auth_token.AuthProtocol(app.wsgi_app, auth_conf)
def main(): # pragma: no cover
old_args = config_shim(sys.argv)
parser = argparse.ArgumentParser(description='''Hardware introspection
service for OpenStack Ironic.
''')
parser.add_argument('--config-file', dest='config', required=True)
# if parse_args is passed None it uses sys.argv instead.
args = parser.parse_args(old_args)
conf.read(args.config)
debug = conf.getboolean('discoverd', 'debug')
logging.basicConfig(level=logging.DEBUG if debug else logging.INFO)
for third_party in ('urllib3.connectionpool',
'keystonemiddleware.auth_token',
'requests.packages.urllib3.connectionpool'):
logging.getLogger(third_party).setLevel(logging.WARNING)
logging.getLogger('ironicclient.common.http').setLevel(
logging.INFO if debug else logging.ERROR)
if old_args:
LOG.warning('"ironic-discoverd <config-file>" syntax is deprecated use'
' "ironic-discoverd --config-file <config-file>" instead')
init()
app.run(debug=debug,
host=conf.get('discoverd', 'listen_address'),
port=conf.getint('discoverd', 'listen_port'))
def main(): # pragma: no cover
old_args = config_shim(sys.argv)
parser = argparse.ArgumentParser(description='''Hardware introspection
service for OpenStack Ironic.
''')
parser.add_argument('--config-file', dest='config', required=True)
# if parse_args is passed None it uses sys.argv instead.
args = parser.parse_args(old_args)
conf.read(args.config)
debug = conf.getboolean('discoverd', 'debug')
logging.basicConfig(level=logging.DEBUG if debug else logging.INFO)
logging.getLogger('urllib3.connectionpool').setLevel(logging.WARNING)
logging.getLogger('requests.packages.urllib3.connectionpool').setLevel(
logging.WARNING)
logging.getLogger('ironicclient.common.http').setLevel(
logging.INFO if debug else logging.ERROR)
if old_args:
LOG.warning('"ironic-discoverd <config-file>" syntax is deprecated use'
' "ironic-discoverd --config-file <config-file>" instead')
init()
app.run(debug=debug,
host=conf.get('discoverd', 'listen_address'),
port=conf.getint('discoverd', 'listen_port'))
def check_is_admin(token):
"""Check whether the token is from a user with the admin role.
:param token: Keystone authentication token.
:raises: keystoneclient.exceptions.Unauthorized if the user does not have
the admin role in the tenant provided in the admin_tenant_name option.
"""
kc = keystone.Client(token=token,
tenant_name=conf.get('discoverd',
'admin_tenant_name'),
auth_url=conf.get('discoverd', 'os_auth_url'))
if "admin" not in [role.name
for role in kc.roles.roles_for_user(
kc.user_id,
tenant=kc.tenant_id)]:
raise keystone_exc.Unauthorized()
def init():
"""Initialize firewall management.
Must be called one on start-up.
"""
global INTERFACE
INTERFACE = conf.get('discoverd', 'dnsmasq_interface')
_clean_up(CHAIN)
# Not really needed, but helps to validate that we have access to iptables
_iptables('-N', CHAIN)
def init():
"""Initialize firewall management.
Must be called one on start-up.
"""
if not conf.getboolean('discoverd', 'manage_firewall'):
return
global INTERFACE
INTERFACE = conf.get('discoverd', 'dnsmasq_interface')
_clean_up(CHAIN)
# Not really needed, but helps to validate that we have access to iptables
_iptables('-N', CHAIN)
def init():
"""Initialize the database."""
global _DB_NAME
_DB_NAME = conf.get('discoverd', 'database', default='').strip()
if not _DB_NAME:
LOG.critical('Configuration option discoverd.database should be set')
sys.exit(1)
db_dir = os.path.dirname(_DB_NAME)
if db_dir and not os.path.exists(db_dir):
os.makedirs(db_dir)
sqlite3.connect(_DB_NAME).executescript(_SCHEMA)
def init():
"""Initialize the database."""
global _DB_NAME
_DB_NAME = conf.get('discoverd', 'database', default='').strip()
if not _DB_NAME:
LOG.critical('Configuration option discoverd.database should be set')
sys.exit(1)
db_dir = os.path.dirname(_DB_NAME)
if db_dir and not os.path.exists(db_dir):
os.makedirs(db_dir)
sqlite3.connect(_DB_NAME).executescript(_SCHEMA)
def init():
"""Initialize the database."""
global _DB_NAME
_DB_NAME = conf.get('discoverd', 'database').strip()
if not _DB_NAME:
# We can't use in-memory, so we create a temporary file
fd, _DB_NAME = tempfile.mkstemp(prefix='discoverd-')
os.close(fd)
def cleanup():
if os.path.exists(_DB_NAME):
os.unlink(_DB_NAME)
atexit.register(cleanup)
sqlite3.connect(_DB_NAME).executescript(_SCHEMA)
def processing_hooks_manager(*args):
"""Create a Stevedore extension manager for processing hooks.
:param args: arguments to pass to the hooks constructor.
"""
global _HOOKS_MGR
if _HOOKS_MGR is None:
names = [x.strip()
for x in conf.get('discoverd', 'processing_hooks').split(',')
if x.strip()]
_HOOKS_MGR = named.NamedExtensionManager('ironic_discoverd.hooks',
names=names,
invoke_on_load=True,
invoke_args=args,
name_order=True)
return _HOOKS_MGR
def processing_hooks_manager(*args):
"""Create a Stevedore extension manager for processing hooks.
:param args: arguments to pass to the hooks constructor.
"""
global _HOOKS_MGR
if _HOOKS_MGR is None:
names = [
x.strip()
for x in conf.get('discoverd', 'processing_hooks').split(',')
if x.strip()
]
_HOOKS_MGR = named.NamedExtensionManager('ironic_discoverd.hooks',
names=names,
invoke_on_load=True,
invoke_args=args,
name_order=True)
return _HOOKS_MGR
def get_daisy_client():
"""Get Daisy client instance."""
endpoint = conf.get('discoverd', 'daisy_url')
return daisy_client.Client(version=1, endpoint=endpoint)
def get_client(): # pragma: no cover
"""Get Ironic client instance."""
#args = dict((k, conf.get('discoverd', k)) for k in OS_ARGS)
args = dict({'os_auth_token': conf.get('discoverd', 'os_auth_token'),
'ironic_url': conf.get('discoverd', 'ironic_url')})
return client.get_client(1, **args)
def get_client(): # pragma: no cover
"""Get Ironic client instance."""
args = dict((k, conf.get('discoverd', k)) for k in OS_ARGS)
return client.get_client(1, **args)