Ejemplo n.º 1
0
    def _proxy_authenticate(self):
        """
        Use the auth helper to get config settings and keys
        Return True for success, False for failure

        Returns
        -------
        None

        Raises
        ------
        Exception
            The authentication using direct mode is noit possible
        """
        _logger.debug('_proxy_authenticate')
        if os.geteuid() != 0:
            raise Exception('Must be root to use Proxy authentication')

        sdk_user = OCIUtilsConfiguration.get('auth', 'oci_sdk_user')
        try:
            proxy = OCIAuthProxy(sdk_user)
            self._oci_config = proxy.get_config()
            self._identity_client = oci_sdk.identity.IdentityClient(
                self._oci_config)
            self._ons_client = oci_sdk.ons.NotificationDataPlaneClient(
                config=self._oci_config)
        except Exception as e:
            _logger.debug('Proxy authentication failed: %s', str(e))
            raise Exception('Proxy authentication failed') from e
Ejemplo n.º 2
0
    def get_auth_method(self, authentication_method=None):
        """
        Determine how (or if) we can authenticate. If auth_method is
        provided, and is not AUTO then test if the given auth_method works.
        Return one of oci_api.DIRECT, oci_api.PROXY, oci_api.IP or
        oci_api.NONE (IP is instance principals).

        Parameters
        ----------
        authentication_method : [NONE | DIRECT | PROXY | AUTO | IP]
            if specified, the authentication method to be tested.

        Returns
        -------
        One of the oci_api.DIRECT, oci_api.PROXY, oci_api.IP or oci_api.NONE,
        the authentication method which passed or NONE.
            [NONE | DIRECT | PROXY | AUTO | IP]
        """
        _logger.debug('_get_auth_method')
        if authentication_method is None:
            auth_method = OCIUtilsConfiguration.get('auth', 'auth_method')
        else:
            auth_method = authentication_method

        _logger.debug('auth method retrieved from conf: %s', auth_method)

        # order matters
        _auth_mechanisms = {
            DIRECT: self._direct_authenticate,
            IP: self._ip_authenticate,
            PROXY: self._proxy_authenticate
        }

        if auth_method in _auth_mechanisms.keys():
            # user specified something, respect that choice
            try:
                _logger.debug('Trying %s auth', auth_method)
                _auth_mechanisms[auth_method]()
                _logger.debug('%s auth ok', auth_method)
                return auth_method
            except Exception as e:
                _logger.debug(' %s auth has failed: %s', auth_method, str(e))
                return NONE

        _logger.debug('Nothing specified trying to find an auth method')
        for method in _auth_mechanisms:
            try:
                _logger.debug('Trying %s auth', method)
                _auth_mechanisms[method]()
                _logger.debug('%s auth ok', method)
                return method
            except Exception as e:
                _logger.debug('%s auth has failed: %s', method, str(e))

        # no options left
        return NONE
Ejemplo n.º 3
0
    def _run_sec_vnic_script(self, script_args):
        """
        Run secondary_vnic_all_configure.sh.

        Parameters
        ----------
        script_args: list of string
            Arguments to be passed to the script.

        Returns
        -------
        tuple
            (The exit code of the script, the output of the script)
        """
        true_val = ['true', 'True', 'TRUE']
        vf_net = OCIUtilsConfiguration.get('vnic', 'vf_net') in true_val
        if vf_net and '-s' not in script_args:
            _logger.debug(
                'Skipping execution of the secondary vnic script')
            return 0, 'Info: vf_net is enabled in the oci-utils configuration'
        all_args = [_secondary_vnic_all_configure_path]
        all_args += script_args
        if "-c" in script_args:
            if 'sshd' in self.vnic_info:
                if self.vnic_info['sshd']:
                    all_args += ['-r']
            if 'ns' in self.vnic_info:
                if self.vnic_info['ns'] is not None:
                    all_args += ['-n', self.vnic_info['ns']]
        if "-c" in script_args or "-s" in script_args:
            if 'exclude' in self.vnic_info:
                for exc in self.vnic_info['exclude']:
                    all_args += ['-X', exc]
            if 'sec_priv_ip' in self.vnic_info:
                for ipaddr, vnic_id in self.vnic_info['sec_priv_ip']:
                    all_args += ['-e', ipaddr, vnic_id]

        _logger.debug('Executing "%s"' % " ".join(all_args))
        try:
            output = subprocess.check_output(
                all_args, stderr=subprocess.STDOUT)
        except OSError:
            _logger.debug('failed to execute '
                          '/usr/libexec/secondary_vnic_all_configure.sh')
            return 404, 'failed to execute secondary VNIC script'
        except subprocess.CalledProcessError as e:
            _logger.debug('Error running command "%s":' % ' '.
                          join(all_args))
            _logger.error(e.output)
            return e.returncode, e.output

        return 0, output
Ejemplo n.º 4
0
def start_thread(name, repeat):
    """
    Start a specific thread.

    Parameters
    ----------
    name: str
        The name of the thread.
    repeat: bool
        Repeat the thread if set.

    Returns
    -------
    dict
        The thread object.
    """

    true_list = ['true', 'True', 'TRUE']

    if name == 'public_ip':
        is_enabled = OCIUtilsConfiguration.get('public_ip', 'enabled')
        if is_enabled not in true_list:
            return None
        refresh_interval = OCIUtilsConfiguration.get('public_ip', 'refresh_interval')
        th = OcidThread(name=name,
                        ocidfunc=public_ip_func,
                        context={},
                        sleeptime=int(refresh_interval),
                        repeat=repeat)
    elif name == 'iscsi':
        max_volumes = OCIUtilsConfiguration.get('iscsi', 'max_volumes')
        is_enabled = OCIUtilsConfiguration.get('iscsi', 'enabled')
        auto_detach = OCIUtilsConfiguration.get('iscsi', 'auto_detach') in true_list
        if is_enabled not in true_list:
            return None
        # oci-growfs
        auto_resize = OCIUtilsConfiguration.get('iscsi', 'auto_resize')
        if auto_resize in true_list:
            try:
                _ = subprocess.check_output(['/usr/libexec/oci-growfs', '-y'], stderr=subprocess.STDOUT)
            except Exception:
                pass

        scan_interval = OCIUtilsConfiguration.get('iscsi', 'scan_interval')
        th = OcidThread(name=name,
                        ocidfunc=iscsi_func,
                        context={'max_volumes': max_volumes, 'auto_detach': auto_detach, },
                        sleeptime=int(scan_interval),
                        repeat=repeat)
    elif name == 'vnic':
        is_enabled = OCIUtilsConfiguration.get('vnic', 'enabled')
        if is_enabled not in true_list:
            return None
        scan_interval = OCIUtilsConfiguration.get('vnic', 'scan_interval')
        __ocid_logger.debug('scan interval for vnics: %s', str(scan_interval))
        vf_net = OCIUtilsConfiguration.get('vnic', 'vf_net') in true_list
        th = OcidThread(name=name,
                        ocidfunc=vnic_func,
                        context={'vnic_utils': None,
                                 'vf_net': vf_net},
                        sleeptime=int(scan_interval),
                        repeat=repeat)
    else:
        __ocid_logger.error('Internal error: unknown thread: %s', name)
        return None

    th.start()
    return th