def create_accounts(acct_driver, provider, users, rebuild=False, admin=False):
added = 0
for user in users:
# Then add the Openstack Identity
try:
id_exists = Identity.objects.filter(
created_by__username__iexact=user, provider=provider)
if id_exists:
if not rebuild:
continue
print "%s Exists -- Attempting an account rebuild" % user
new_identity = acct_driver.create_account(user, max_quota=admin)
# After identity is created, be sure to select one of the
# `public_routers` in provider to be given
# to the identity as a `router_name`
selected_router = provider.select_router()
Identity.update_credential(new_identity,
'router_name',
selected_router,
replace=True)
added += 1
if admin:
make_admin(user)
print "%s added as admin." % (user)
else:
print "%s added." % (user)
except Exception as e:
logger.exception("Problem creating account")
print "Problem adding %s." % (user)
logger.exception(e)
print e.message
print "Total users added:%s" % (added)
def redistribute_routers(provider_id, users=[], redistribute=False):
for provider in Provider.objects.filter(id=provider_id):
router_map = provider.get_router_distribution() # Print 'before'
instance_map = _get_instance_owner_map(provider, users=users)
if redistribute:
needs_router = provider.identity_set.all().order_by(
'created_by__username')
router_map = {key: 0 for key in router_map.keys()}
else:
needs_router = provider.missing_routers()
for identity in needs_router:
identity_user = identity.created_by.username
if users and identity_user not in users:
print "Skipping user %s" % identity_user
continue
instances = instance_map.get(identity_user, [])
if len(instances) > 0:
print "Skipping user %s - Reason: User has running instances" % identity_user
continue
# Select next available router for the identity
selected_router = provider.select_router(router_map)
# Save happens here:
Identity.update_credential(identity,
'router_name',
selected_router,
replace=True)
router_map[selected_router] += 1
provider.get_router_distribution() # Print 'after'
return
def create_accounts(acct_driver, provider, users, rebuild=False, admin=False):
added = 0
for user in users:
# Then add the Openstack Identity
try:
id_exists = Identity.objects.filter(
created_by__username__iexact=user,
provider=provider)
if id_exists:
if not rebuild:
continue
print "%s Exists -- Attempting an account rebuild" % user
new_identity = acct_driver.create_account(user, max_quota=admin)
# After identity is created, be sure to select one of the
# `public_routers` in provider to be given
# to the identity as a `router_name`
selected_router = provider.select_router()
Identity.update_credential(
new_identity, 'router_name', selected_router,
replace=True)
added += 1
if admin:
make_admin(user)
print "%s added as admin." % (user)
else:
print "%s added." % (user)
except Exception as e:
logger.exception("Problem creating account")
print "Problem adding %s." % (user)
logger.exception(e)
print e.message
print "Total users added:%s" % (added)
def redistribute_routers(provider_id, users=[], redistribute=False):
for provider in Provider.objects.filter(id=provider_id):
router_map = provider.get_router_distribution() # Print 'before'
instance_map = _get_instance_owner_map(provider, users=users)
if redistribute:
needs_router = provider.identity_set.all(
).order_by('created_by__username')
router_map = {key: 0 for key in router_map.keys()}
else:
needs_router = provider.missing_routers()
for identity in needs_router:
identity_user = identity.created_by.username
if users and identity_user not in users:
print "Skipping user %s" % identity_user
continue
instances = instance_map.get(identity_user, [])
if len(instances) > 0:
print "Skipping user %s - Reason: User has running instances" % identity_user
continue
# Select next available router for the identity
selected_router = provider.select_router(router_map)
# Save happens here:
Identity.update_credential(
identity, 'router_name', selected_router, replace=True
)
router_map[selected_router] += 1
provider.get_router_distribution() # Print 'after'
return
def get_queryset(self):
"""
Filter identities by user
"""
user = self.request.user
idents = Identity.shared_with_user(user)
if 'all_users' in self.request.GET:
idents = Identity.objects.all()
if 'username' in self.request.GET:
target_username = self.request.GET.get('username')
user = AtmosphereUser.objects.filter(username=target_username).first()
idents = Identity.shared_with_user(user)
return idents.filter(only_current_provider())
def get_queryset(self):
"""
Filter identities by current user
"""
user = self.request.user
idents = Identity.shared_with_user(user)
if user.is_admin():
if 'all_users' in self.request.GET:
idents = Identity.objects.all()
if 'username' in self.request.GET:
target_username = self.request.GET.get('username')
user = AtmosphereUser.objects.get(username=target_username)
idents = Identity.shared_with_user(user)
return idents.filter(only_current_provider())
def _create_identity(
self, provider_uuid, user, group, username, project_name, token
):
try:
provider = Provider.objects.get(uuid=provider_uuid)
except Provider.DoesNotExist:
raise serializers.ValidationError(
"Provider %s is invalid" % provider
)
credentials = {
"cred_key": username,
"cred_ex_project_name": project_name,
"cred_ex_force_auth_token": token
}
quota = None
# FIXME: In a different PR re-work quota to sync based on the values in OpenStack.
# otherwise the value assigned (default) will differ from the users _actual_ quota in openstack and artificially limit the account.
identity = Identity.build_account(
user.username, group.name, username, provider.location, quota,
**credentials
)
self.validate_token_with_driver(
provider_uuid, username, project_name, token
)
return identity
def create_os_provider():
provider_type = ProviderType.objects.get_or_create(name='OpenStack')[0]
platform_type = PlatformType.objects.get_or_create(name='KVM')[0]
identities = []
#TODO: Make platform_type a variable when we encounter a NON-KVM OStack..
for provider in secrets.TEST_PROVIDERS['openstack']:
try:
os_provider = Provider.objects.get(
virtualization=platform_type,
type=provider_type,
location=provider['label'])
except Provider.DoesNotExist:
os_provider = Provider.objects.create(
virtualization=platform_type,
type=provider_type, uuid=str(uuid4()),
location=provider['label'])
ProviderCredential.objects.get_or_create(key='auth_url',
value=provider['auth_url'], provider=os_provider)
ProviderCredential.objects.get_or_create(key='admin_url',
value=provider['admin_url'], provider=os_provider)
ProviderCredential.objects.get_or_create(key='router_name',
value=provider['default_router'], provider=os_provider)
ProviderCredential.objects.get_or_create(key='region_name',
value=provider['default_region'], provider=os_provider)
identity = Identity.create_identity(
provider['key'], provider['label'],
account_admin=True,
cred_key=provider['key'], cred_secret=provider['secret'],
cred_ex_tenant_name=provider['tenant_name'],
cred_ex_project_name=provider['tenant_name'])
identities.append(identity)
return identities[0]
def create_euca_provider():
provider_type = ProviderType.objects.get_or_create(name='Eucalyptus')[0]
platform_type = PlatformType.objects.get_or_create(name='Xen')[0]
euca = Provider.objects.get_or_create(location='EUCALYPTUS',
virtualization=platform_type,
type=provider_type)[0]
ProviderCredential.objects.get_or_create(
key='ec2_url', value=secrets.EUCA_EC2_URL, provider=euca)
ProviderCredential.objects.get_or_create(
key='s3_url', value=secrets.EUCA_S3_URL, provider=euca)
ProviderCredential.objects.get_or_create(
key='euca_cert_path', value=secrets.EUCALYPTUS_CERT_PATH,
provider=euca)
ProviderCredential.objects.get_or_create(
key='pk_path', value=secrets.EUCA_PRIVATE_KEY,
provider=euca)
ProviderCredential.objects.get_or_create(
key='ec2_cert_path', value=secrets.EC2_CERT_PATH,
provider=euca)
ProviderCredential.objects.get_or_create(
key='account_path', value='/services/Accounts',
provider=euca)
ProviderCredential.objects.get_or_create(
key='config_path', value='/services/Configuration',
provider=euca)
identity = Identity.create_identity('admin', euca.location,
account_admin=True,
cred_key=secrets.EUCA_ADMIN_KEY,
cred_secret=secrets.EUCA_ADMIN_SECRET)
return identity
def validate_input(self, user, data):
error_map = {}
name = data.get('name')
identity_uuid = data.get('identity')
source_alias = data.get('source_alias')
size_alias = data.get('size_alias')
if not name:
error_map['name'] = "This field is required."
if not identity_uuid:
error_map['identity'] = "This field is required."
if not source_alias:
error_map['source_alias'] = "This field is required."
if not size_alias:
error_map['size_alias'] = "This field is required."
if error_map:
raise Exception(error_map)
try:
identity = Identity.objects.get(uuid=identity_uuid)
# Staff or owner ONLY
if not user.is_staff and identity.created_by != user:
logger.error(
"User %s does not have permission to use identity %s" %
(user, identity))
raise Identity.DoesNotExist("You are not the owner")
except Identity.DoesNotExist:
error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid
raise Exception(error_map)
return
def ansible_deployment(
instance_ip, username, instance_id, playbooks_dir,
limit_playbooks=[], limit_hosts={}, extra_vars={},
raise_exception=True):
"""
Use service.ansible to deploy to an instance.
"""
if not check_ansible():
return []
logger = create_instance_logger(
deploy_logger,
instance_ip,
username,
instance_id)
hostname = build_host_name(instance_id, instance_ip)
configure_ansible()
if not limit_hosts:
limit_hosts = {"hostname": hostname, "ip": instance_ip}
host_file = settings.ANSIBLE_HOST_FILE
identity = Identity.find_instance(instance_id)
if identity:
time_zone = identity.provider.timezone
extra_vars.update({
"TIMEZONE": time_zone,
})
extra_vars.update({
"ATMOUSERNAME": username,
})
pbs = execute_playbooks(
playbooks_dir, host_file, extra_vars, limit_hosts,
logger=logger, limit_playbooks=limit_playbooks)
if raise_exception:
raise_playbook_errors(pbs, instance_ip, hostname)
return pbs
def test_identity_permissions(self, user, identity_id, is_leader=False):
identity_kwargs = {}
if type(identity_id) == int:
identity_kwargs = {'id': identity_id}
else:
identity_kwargs = {'uuid': identity_id}
return Identity.shared_with_user(
user, is_leader=is_leader).filter(**identity_kwargs).exists()
def get_queryset(self):
"""
Filter providers by current user
"""
user = self.request.user
if (type(user) == AnonymousUser):
return Identity.objects.none()
identity_list = Identity.shared_with_user(user)
return identity_list
def main(args):
provider_id = args.provider
redistribute = args.redistribute
for provider in Provider.objects.filter(id=provider_id):
router_map = provider.get_router_distribution() # Print 'before'
if redistribute:
needs_router = provider.identity_set.all()
router_map = {key: 0 for key in router_map.keys()}
else:
needs_router = provider.missing_routers()
for identity in needs_router:
# Select next available router for the identity
selected_router = provider.select_router(router_map)
# Save happens here:
Identity.update_credential(identity, 'router_name', selected_router, replace=True)
router_map[selected_router] += 1
provider.get_router_distribution() # Print 'after'
return
def _create_identity(self, provider_uuid, username, project_name, token):
try:
provider = Provider.objects.get(uuid=provider_uuid)
except Provider.DoesNotExist:
raise serializers.ValidationError("Provider %s is invalid" % provider)
identity = Identity.create_identity(
username, provider.location,
cred_key=username, cred_ex_project_name=project_name, cred_ex_force_auth_token=token)
# FIXME: In a different PR re-work quota to sync with the values in OpenStack. otherwise the value assigned (default) will differ from the users _actual_ quota in openstack.
self.validate_token_with_driver(provider_uuid, username, project_name, token)
return identity
def ansible_deployment(
instance_ip, username, instance_id, playbooks_dir,
limit_playbooks=[], limit_hosts={}, extra_vars={},
raise_exception=True, debug=False, **runner_opts):
"""
Use service.ansible to deploy to an instance.
"""
if not check_ansible():
return []
# Expecting to be path-relative to the playbook path, so use basename
if type(limit_playbooks) == str:
limit_playbooks = limit_playbooks.split(",")
if type(limit_playbooks) != list:
raise Exception("Invalid 'limit_playbooks' argument (%s). Expected List" % limit_playbooks)
limit_playbooks = [os.path.basename(filepath) for filepath in limit_playbooks]
logger = create_instance_logger(
deploy_logger,
instance_ip,
username,
instance_id)
hostname = build_host_name(instance_id, instance_ip)
configure_ansible(debug=debug)
if debug:
runner_opts['verbosity'] = 4
if not limit_hosts:
if hostname:
limit_hosts = hostname
else:
limit_hosts = instance_ip
host_file = settings.ANSIBLE_HOST_FILE
identity = Identity.find_instance(instance_id)
if identity:
time_zone = identity.provider.timezone
extra_vars.update({
"TIMEZONE": time_zone,
})
shared_users = list(AtmosphereUser.users_for_instance(instance_id).values_list('username', flat=True))
if not shared_users:
shared_users = [username]
if username not in shared_users:
shared_users.append(username)
extra_vars.update({
"SHARED_USERS": shared_users,
})
extra_vars.update({
"ATMOUSERNAME": username,
})
pbs = execute_playbooks(
playbooks_dir, host_file, extra_vars, limit_hosts,
logger=logger, limit_playbooks=limit_playbooks, **runner_opts)
if raise_exception:
raise_playbook_errors(pbs, instance_id, instance_ip, hostname)
return pbs
def allocation_source_overage_enforcement(allocation_source):
all_user_instances = {}
for user in allocation_source.all_users:
all_user_instances[user.username] = []
#TODO: determine how this will work with project-sharing (i.e. that we aren't issue-ing multiple suspend/stop/etc. for shared instances
for identity in Identity.shared_with_user(user):
affected_instances = allocation_source_overage_enforcement_for(
allocation_source, user, identity)
user_instances = all_user_instances[user.username]
user_instances.extend(affected_instances)
all_user_instances[user.username] = user_instances
return all_user_instances
def allocation_source_overage_enforcement(allocation_source):
all_user_instances = {}
for user in allocation_source.all_users:
all_user_instances[user.username] = []
#TODO: determine how this will work with project-sharing (i.e. that we aren't issue-ing multiple suspend/stop/etc. for shared instances
for identity in Identity.shared_with_user(user):
affected_instances = allocation_source_overage_enforcement_for(
allocation_source, user, identity)
user_instances = all_user_instances[user.username]
user_instances.extend(affected_instances)
all_user_instances[user.username] = user_instances
return all_user_instances
def get_is_leader(self, identity):
"""
Returns true/false if the user requesting the object is the leader.
"""
user = None
if self.context:
if 'request' in self.context:
user = self.context['request'].user
elif 'user' in self.context:
user = self.context['user']
if user == identity.created_by:
return True
return Identity.shared_with_user(user, is_leader=True).filter(id=identity.id).exists()
def main(args):
provider_id = args.provider
redistribute = args.redistribute
for provider in Provider.objects.filter(id=provider_id):
router_map = provider.get_router_distribution() # Print 'before'
if redistribute:
needs_router = provider.identity_set.all()
router_map = {key: 0 for key in router_map.keys()}
else:
needs_router = provider.missing_routers()
for identity in needs_router:
# Select next available router for the identity
selected_router = provider.select_router(router_map)
# Save happens here:
Identity.update_credential(identity,
'router_name',
selected_router,
replace=True)
router_map[selected_router] += 1
provider.get_router_distribution() # Print 'after'
return
def get_is_leader(self, identity):
"""
Returns true/false if the user requesting the object is the leader.
"""
user = None
if self.context:
if 'request' in self.context:
user = self.context['request'].user
elif 'user' in self.context:
user = self.context['user']
if user == identity.created_by:
return True
return Identity.shared_with_user(
user, is_leader=True).filter(id=identity.id).exists()
def ansible_deployment(instance_ip,
username,
instance_id,
playbooks_dir,
limit_playbooks=[],
limit_hosts={},
extra_vars={},
raise_exception=True,
**runner_opts):
"""
Use service.ansible to deploy to an instance.
"""
if not check_ansible():
return []
# Expecting to be path-relative to the playbook path, so use basename
limit_playbooks = [
os.path.basename(filepath) for filepath in limit_playbooks
]
logger = create_instance_logger(deploy_logger, instance_ip, username,
instance_id)
hostname = build_host_name(instance_id, instance_ip)
configure_ansible()
if not limit_hosts:
if hostname:
limit_hosts = hostname
else:
limit_hosts = instance_ip
host_file = settings.ANSIBLE_HOST_FILE
identity = Identity.find_instance(instance_id)
if identity:
time_zone = identity.provider.timezone
extra_vars.update({
"TIMEZONE": time_zone,
})
extra_vars.update({
"ATMOUSERNAME": username,
})
pbs = execute_playbooks(playbooks_dir,
host_file,
extra_vars,
limit_hosts,
logger=logger,
limit_playbooks=limit_playbooks,
**runner_opts)
if raise_exception:
raise_playbook_errors(pbs, instance_ip, hostname)
return pbs
def _create_identity(self, provider_uuid, user, group, username, project_name, token):
try:
provider = Provider.objects.get(uuid=provider_uuid)
except Provider.DoesNotExist:
raise serializers.ValidationError("Provider %s is invalid" % provider)
credentials = {
"cred_key": username,
"cred_ex_project_name": project_name,
"cred_ex_force_auth_token": token
}
quota = None
# FIXME: In a different PR re-work quota to sync based on the values in OpenStack.
# otherwise the value assigned (default) will differ from the users _actual_ quota in openstack and artificially limit the account.
identity = Identity.build_account(
user.username, group.name, username, provider.location, quota, **credentials)
self.validate_token_with_driver(provider_uuid, username, project_name, token)
return identity
def validate_input(self, user, data):
error_map = {}
name = data.get('name')
identity_uuid = data.get('identity')
source_alias = data.get('source_alias')
size_alias = data.get('size_alias')
allocation_source_id = data.get('allocation_source_id')
project_uuid = data.get('project')
if not name:
error_map['name'] = "This field is required."
if not project_uuid:
error_map['project'] = "This field is required."
try:
user.all_projects().filter(uuid=project_uuid)
except ValueError:
error_map['project'
] = "Properly formed hexadecimal UUID string required."
if not identity_uuid:
error_map['identity'] = "This field is required."
if not source_alias:
error_map['source_alias'] = "This field is required."
if not size_alias:
error_map['size_alias'] = "This field is required."
if not allocation_source_id:
error_map['allocation_source_id'] = "This field is required."
if error_map:
raise Exception(error_map)
try:
identity = Identity.objects.get(uuid=identity_uuid)
# Staff or owner ONLY
if not user.is_staff and identity.created_by != user:
logger.error(
"User %s does not have permission to use identity %s" %
(user, identity)
)
raise Identity.DoesNotExist("You are not the owner")
except Identity.DoesNotExist:
error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid
raise Exception(error_map)
return
def ansible_deployment(
instance_ip, username, instance_id, playbooks_dir, limit_playbooks=[], limit_hosts={}, extra_vars={}
):
"""
Use service.ansible to deploy to an instance.
"""
if not check_ansible():
return []
logger = create_instance_logger(deploy_logger, instance_ip, username, instance_id)
hostname = build_host_name(instance_id, instance_ip)
configure_ansible()
if not limit_hosts:
limit_hosts = {"hostname": hostname, "ip": instance_ip}
host_file = settings.ANSIBLE_HOST_FILE
identity = Identity.find_instance(instance_id)
if identity:
time_zone = identity.provider.timezone
extra_vars.update({"TIMEZONE": time_zone})
extra_vars.update({"ATMOUSERNAME": username})
pbs = execute_playbooks(
playbooks_dir, host_file, extra_vars, limit_hosts, logger=logger, limit_playbooks=limit_playbooks
)
raise_playbook_errors(pbs, instance_ip, hostname)
return pbs
def ansible_deployment(instance_ip,
username,
instance_id,
playbooks_dir,
limit_playbooks=[],
limit_hosts={},
extra_vars={},
raise_exception=True,
debug=False,
**runner_opts):
"""
Use service.ansible to deploy to an instance.
"""
if not check_ansible():
return []
# Expecting to be path-relative to the playbook path, so use basename
if type(limit_playbooks) == str:
limit_playbooks = limit_playbooks.split(",")
if type(limit_playbooks) != list:
raise Exception(
"Invalid 'limit_playbooks' argument (%s). Expected List" %
limit_playbooks)
limit_playbooks = [
os.path.basename(filepath) for filepath in limit_playbooks
]
logger = create_instance_logger(deploy_logger, instance_ip, username,
instance_id)
hostname = build_host_name(instance_id, instance_ip)
configure_ansible(debug=debug)
if debug:
runner_opts['verbosity'] = 4
if not limit_hosts:
if hostname:
limit_hosts = hostname
else:
limit_hosts = instance_ip
host_file = settings.ANSIBLE_HOST_FILE
identity = Identity.find_instance(instance_id)
if identity:
time_zone = identity.provider.timezone
extra_vars.update({
"TIMEZONE": time_zone,
})
shared_users = list(
AtmosphereUser.users_for_instance(instance_id).values_list('username',
flat=True))
if not shared_users:
shared_users = [username]
if username not in shared_users:
shared_users.append(username)
extra_vars.update({
"SHARED_USERS": shared_users,
})
extra_vars.update({
"ATMOUSERNAME": username,
})
pbs = execute_playbooks(playbooks_dir,
host_file,
extra_vars,
limit_hosts,
logger=logger,
limit_playbooks=limit_playbooks,
**runner_opts)
if raise_exception:
raise_playbook_errors(pbs, instance_id, instance_ip, hostname)
return pbs
