def create_accounts(acct_driver, provider, users, rebuild=False, admin=False): added = 0 for user in users: # Then add the Openstack Identity try: id_exists = Identity.objects.filter( created_by__username__iexact=user, provider=provider) if id_exists: if not rebuild: continue print "%s Exists -- Attempting an account rebuild" % user new_identity = acct_driver.create_account(user, max_quota=admin) # After identity is created, be sure to select one of the # `public_routers` in provider to be given # to the identity as a `router_name` selected_router = provider.select_router() Identity.update_credential(new_identity, 'router_name', selected_router, replace=True) added += 1 if admin: make_admin(user) print "%s added as admin." % (user) else: print "%s added." % (user) except Exception as e: logger.exception("Problem creating account") print "Problem adding %s." % (user) logger.exception(e) print e.message print "Total users added:%s" % (added)
def redistribute_routers(provider_id, users=[], redistribute=False): for provider in Provider.objects.filter(id=provider_id): router_map = provider.get_router_distribution() # Print 'before' instance_map = _get_instance_owner_map(provider, users=users) if redistribute: needs_router = provider.identity_set.all().order_by( 'created_by__username') router_map = {key: 0 for key in router_map.keys()} else: needs_router = provider.missing_routers() for identity in needs_router: identity_user = identity.created_by.username if users and identity_user not in users: print "Skipping user %s" % identity_user continue instances = instance_map.get(identity_user, []) if len(instances) > 0: print "Skipping user %s - Reason: User has running instances" % identity_user continue # Select next available router for the identity selected_router = provider.select_router(router_map) # Save happens here: Identity.update_credential(identity, 'router_name', selected_router, replace=True) router_map[selected_router] += 1 provider.get_router_distribution() # Print 'after' return
def create_accounts(acct_driver, provider, users, rebuild=False, admin=False): added = 0 for user in users: # Then add the Openstack Identity try: id_exists = Identity.objects.filter( created_by__username__iexact=user, provider=provider) if id_exists: if not rebuild: continue print "%s Exists -- Attempting an account rebuild" % user new_identity = acct_driver.create_account(user, max_quota=admin) # After identity is created, be sure to select one of the # `public_routers` in provider to be given # to the identity as a `router_name` selected_router = provider.select_router() Identity.update_credential( new_identity, 'router_name', selected_router, replace=True) added += 1 if admin: make_admin(user) print "%s added as admin." % (user) else: print "%s added." % (user) except Exception as e: logger.exception("Problem creating account") print "Problem adding %s." % (user) logger.exception(e) print e.message print "Total users added:%s" % (added)
def redistribute_routers(provider_id, users=[], redistribute=False): for provider in Provider.objects.filter(id=provider_id): router_map = provider.get_router_distribution() # Print 'before' instance_map = _get_instance_owner_map(provider, users=users) if redistribute: needs_router = provider.identity_set.all( ).order_by('created_by__username') router_map = {key: 0 for key in router_map.keys()} else: needs_router = provider.missing_routers() for identity in needs_router: identity_user = identity.created_by.username if users and identity_user not in users: print "Skipping user %s" % identity_user continue instances = instance_map.get(identity_user, []) if len(instances) > 0: print "Skipping user %s - Reason: User has running instances" % identity_user continue # Select next available router for the identity selected_router = provider.select_router(router_map) # Save happens here: Identity.update_credential( identity, 'router_name', selected_router, replace=True ) router_map[selected_router] += 1 provider.get_router_distribution() # Print 'after' return
def get_queryset(self): """ Filter identities by user """ user = self.request.user idents = Identity.shared_with_user(user) if 'all_users' in self.request.GET: idents = Identity.objects.all() if 'username' in self.request.GET: target_username = self.request.GET.get('username') user = AtmosphereUser.objects.filter(username=target_username).first() idents = Identity.shared_with_user(user) return idents.filter(only_current_provider())
def get_queryset(self): """ Filter identities by current user """ user = self.request.user idents = Identity.shared_with_user(user) if user.is_admin(): if 'all_users' in self.request.GET: idents = Identity.objects.all() if 'username' in self.request.GET: target_username = self.request.GET.get('username') user = AtmosphereUser.objects.get(username=target_username) idents = Identity.shared_with_user(user) return idents.filter(only_current_provider())
def _create_identity( self, provider_uuid, user, group, username, project_name, token ): try: provider = Provider.objects.get(uuid=provider_uuid) except Provider.DoesNotExist: raise serializers.ValidationError( "Provider %s is invalid" % provider ) credentials = { "cred_key": username, "cred_ex_project_name": project_name, "cred_ex_force_auth_token": token } quota = None # FIXME: In a different PR re-work quota to sync based on the values in OpenStack. # otherwise the value assigned (default) will differ from the users _actual_ quota in openstack and artificially limit the account. identity = Identity.build_account( user.username, group.name, username, provider.location, quota, **credentials ) self.validate_token_with_driver( provider_uuid, username, project_name, token ) return identity
def create_os_provider(): provider_type = ProviderType.objects.get_or_create(name='OpenStack')[0] platform_type = PlatformType.objects.get_or_create(name='KVM')[0] identities = [] #TODO: Make platform_type a variable when we encounter a NON-KVM OStack.. for provider in secrets.TEST_PROVIDERS['openstack']: try: os_provider = Provider.objects.get( virtualization=platform_type, type=provider_type, location=provider['label']) except Provider.DoesNotExist: os_provider = Provider.objects.create( virtualization=platform_type, type=provider_type, uuid=str(uuid4()), location=provider['label']) ProviderCredential.objects.get_or_create(key='auth_url', value=provider['auth_url'], provider=os_provider) ProviderCredential.objects.get_or_create(key='admin_url', value=provider['admin_url'], provider=os_provider) ProviderCredential.objects.get_or_create(key='router_name', value=provider['default_router'], provider=os_provider) ProviderCredential.objects.get_or_create(key='region_name', value=provider['default_region'], provider=os_provider) identity = Identity.create_identity( provider['key'], provider['label'], account_admin=True, cred_key=provider['key'], cred_secret=provider['secret'], cred_ex_tenant_name=provider['tenant_name'], cred_ex_project_name=provider['tenant_name']) identities.append(identity) return identities[0]
def create_euca_provider(): provider_type = ProviderType.objects.get_or_create(name='Eucalyptus')[0] platform_type = PlatformType.objects.get_or_create(name='Xen')[0] euca = Provider.objects.get_or_create(location='EUCALYPTUS', virtualization=platform_type, type=provider_type)[0] ProviderCredential.objects.get_or_create( key='ec2_url', value=secrets.EUCA_EC2_URL, provider=euca) ProviderCredential.objects.get_or_create( key='s3_url', value=secrets.EUCA_S3_URL, provider=euca) ProviderCredential.objects.get_or_create( key='euca_cert_path', value=secrets.EUCALYPTUS_CERT_PATH, provider=euca) ProviderCredential.objects.get_or_create( key='pk_path', value=secrets.EUCA_PRIVATE_KEY, provider=euca) ProviderCredential.objects.get_or_create( key='ec2_cert_path', value=secrets.EC2_CERT_PATH, provider=euca) ProviderCredential.objects.get_or_create( key='account_path', value='/services/Accounts', provider=euca) ProviderCredential.objects.get_or_create( key='config_path', value='/services/Configuration', provider=euca) identity = Identity.create_identity('admin', euca.location, account_admin=True, cred_key=secrets.EUCA_ADMIN_KEY, cred_secret=secrets.EUCA_ADMIN_SECRET) return identity
def validate_input(self, user, data): error_map = {} name = data.get('name') identity_uuid = data.get('identity') source_alias = data.get('source_alias') size_alias = data.get('size_alias') if not name: error_map['name'] = "This field is required." if not identity_uuid: error_map['identity'] = "This field is required." if not source_alias: error_map['source_alias'] = "This field is required." if not size_alias: error_map['size_alias'] = "This field is required." if error_map: raise Exception(error_map) try: identity = Identity.objects.get(uuid=identity_uuid) # Staff or owner ONLY if not user.is_staff and identity.created_by != user: logger.error( "User %s does not have permission to use identity %s" % (user, identity)) raise Identity.DoesNotExist("You are not the owner") except Identity.DoesNotExist: error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid raise Exception(error_map) return
def ansible_deployment( instance_ip, username, instance_id, playbooks_dir, limit_playbooks=[], limit_hosts={}, extra_vars={}, raise_exception=True): """ Use service.ansible to deploy to an instance. """ if not check_ansible(): return [] logger = create_instance_logger( deploy_logger, instance_ip, username, instance_id) hostname = build_host_name(instance_id, instance_ip) configure_ansible() if not limit_hosts: limit_hosts = {"hostname": hostname, "ip": instance_ip} host_file = settings.ANSIBLE_HOST_FILE identity = Identity.find_instance(instance_id) if identity: time_zone = identity.provider.timezone extra_vars.update({ "TIMEZONE": time_zone, }) extra_vars.update({ "ATMOUSERNAME": username, }) pbs = execute_playbooks( playbooks_dir, host_file, extra_vars, limit_hosts, logger=logger, limit_playbooks=limit_playbooks) if raise_exception: raise_playbook_errors(pbs, instance_ip, hostname) return pbs
def test_identity_permissions(self, user, identity_id, is_leader=False): identity_kwargs = {} if type(identity_id) == int: identity_kwargs = {'id': identity_id} else: identity_kwargs = {'uuid': identity_id} return Identity.shared_with_user( user, is_leader=is_leader).filter(**identity_kwargs).exists()
def get_queryset(self): """ Filter providers by current user """ user = self.request.user if (type(user) == AnonymousUser): return Identity.objects.none() identity_list = Identity.shared_with_user(user) return identity_list
def main(args): provider_id = args.provider redistribute = args.redistribute for provider in Provider.objects.filter(id=provider_id): router_map = provider.get_router_distribution() # Print 'before' if redistribute: needs_router = provider.identity_set.all() router_map = {key: 0 for key in router_map.keys()} else: needs_router = provider.missing_routers() for identity in needs_router: # Select next available router for the identity selected_router = provider.select_router(router_map) # Save happens here: Identity.update_credential(identity, 'router_name', selected_router, replace=True) router_map[selected_router] += 1 provider.get_router_distribution() # Print 'after' return
def _create_identity(self, provider_uuid, username, project_name, token): try: provider = Provider.objects.get(uuid=provider_uuid) except Provider.DoesNotExist: raise serializers.ValidationError("Provider %s is invalid" % provider) identity = Identity.create_identity( username, provider.location, cred_key=username, cred_ex_project_name=project_name, cred_ex_force_auth_token=token) # FIXME: In a different PR re-work quota to sync with the values in OpenStack. otherwise the value assigned (default) will differ from the users _actual_ quota in openstack. self.validate_token_with_driver(provider_uuid, username, project_name, token) return identity
def ansible_deployment( instance_ip, username, instance_id, playbooks_dir, limit_playbooks=[], limit_hosts={}, extra_vars={}, raise_exception=True, debug=False, **runner_opts): """ Use service.ansible to deploy to an instance. """ if not check_ansible(): return [] # Expecting to be path-relative to the playbook path, so use basename if type(limit_playbooks) == str: limit_playbooks = limit_playbooks.split(",") if type(limit_playbooks) != list: raise Exception("Invalid 'limit_playbooks' argument (%s). Expected List" % limit_playbooks) limit_playbooks = [os.path.basename(filepath) for filepath in limit_playbooks] logger = create_instance_logger( deploy_logger, instance_ip, username, instance_id) hostname = build_host_name(instance_id, instance_ip) configure_ansible(debug=debug) if debug: runner_opts['verbosity'] = 4 if not limit_hosts: if hostname: limit_hosts = hostname else: limit_hosts = instance_ip host_file = settings.ANSIBLE_HOST_FILE identity = Identity.find_instance(instance_id) if identity: time_zone = identity.provider.timezone extra_vars.update({ "TIMEZONE": time_zone, }) shared_users = list(AtmosphereUser.users_for_instance(instance_id).values_list('username', flat=True)) if not shared_users: shared_users = [username] if username not in shared_users: shared_users.append(username) extra_vars.update({ "SHARED_USERS": shared_users, }) extra_vars.update({ "ATMOUSERNAME": username, }) pbs = execute_playbooks( playbooks_dir, host_file, extra_vars, limit_hosts, logger=logger, limit_playbooks=limit_playbooks, **runner_opts) if raise_exception: raise_playbook_errors(pbs, instance_id, instance_ip, hostname) return pbs
def allocation_source_overage_enforcement(allocation_source): all_user_instances = {} for user in allocation_source.all_users: all_user_instances[user.username] = [] #TODO: determine how this will work with project-sharing (i.e. that we aren't issue-ing multiple suspend/stop/etc. for shared instances for identity in Identity.shared_with_user(user): affected_instances = allocation_source_overage_enforcement_for( allocation_source, user, identity) user_instances = all_user_instances[user.username] user_instances.extend(affected_instances) all_user_instances[user.username] = user_instances return all_user_instances
def get_is_leader(self, identity): """ Returns true/false if the user requesting the object is the leader. """ user = None if self.context: if 'request' in self.context: user = self.context['request'].user elif 'user' in self.context: user = self.context['user'] if user == identity.created_by: return True return Identity.shared_with_user(user, is_leader=True).filter(id=identity.id).exists()
def get_is_leader(self, identity): """ Returns true/false if the user requesting the object is the leader. """ user = None if self.context: if 'request' in self.context: user = self.context['request'].user elif 'user' in self.context: user = self.context['user'] if user == identity.created_by: return True return Identity.shared_with_user( user, is_leader=True).filter(id=identity.id).exists()
def ansible_deployment(instance_ip, username, instance_id, playbooks_dir, limit_playbooks=[], limit_hosts={}, extra_vars={}, raise_exception=True, **runner_opts): """ Use service.ansible to deploy to an instance. """ if not check_ansible(): return [] # Expecting to be path-relative to the playbook path, so use basename limit_playbooks = [ os.path.basename(filepath) for filepath in limit_playbooks ] logger = create_instance_logger(deploy_logger, instance_ip, username, instance_id) hostname = build_host_name(instance_id, instance_ip) configure_ansible() if not limit_hosts: if hostname: limit_hosts = hostname else: limit_hosts = instance_ip host_file = settings.ANSIBLE_HOST_FILE identity = Identity.find_instance(instance_id) if identity: time_zone = identity.provider.timezone extra_vars.update({ "TIMEZONE": time_zone, }) extra_vars.update({ "ATMOUSERNAME": username, }) pbs = execute_playbooks(playbooks_dir, host_file, extra_vars, limit_hosts, logger=logger, limit_playbooks=limit_playbooks, **runner_opts) if raise_exception: raise_playbook_errors(pbs, instance_ip, hostname) return pbs
def _create_identity(self, provider_uuid, user, group, username, project_name, token): try: provider = Provider.objects.get(uuid=provider_uuid) except Provider.DoesNotExist: raise serializers.ValidationError("Provider %s is invalid" % provider) credentials = { "cred_key": username, "cred_ex_project_name": project_name, "cred_ex_force_auth_token": token } quota = None # FIXME: In a different PR re-work quota to sync based on the values in OpenStack. # otherwise the value assigned (default) will differ from the users _actual_ quota in openstack and artificially limit the account. identity = Identity.build_account( user.username, group.name, username, provider.location, quota, **credentials) self.validate_token_with_driver(provider_uuid, username, project_name, token) return identity
def validate_input(self, user, data): error_map = {} name = data.get('name') identity_uuid = data.get('identity') source_alias = data.get('source_alias') size_alias = data.get('size_alias') allocation_source_id = data.get('allocation_source_id') project_uuid = data.get('project') if not name: error_map['name'] = "This field is required." if not project_uuid: error_map['project'] = "This field is required." try: user.all_projects().filter(uuid=project_uuid) except ValueError: error_map['project' ] = "Properly formed hexadecimal UUID string required." if not identity_uuid: error_map['identity'] = "This field is required." if not source_alias: error_map['source_alias'] = "This field is required." if not size_alias: error_map['size_alias'] = "This field is required." if not allocation_source_id: error_map['allocation_source_id'] = "This field is required." if error_map: raise Exception(error_map) try: identity = Identity.objects.get(uuid=identity_uuid) # Staff or owner ONLY if not user.is_staff and identity.created_by != user: logger.error( "User %s does not have permission to use identity %s" % (user, identity) ) raise Identity.DoesNotExist("You are not the owner") except Identity.DoesNotExist: error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid raise Exception(error_map) return
def ansible_deployment( instance_ip, username, instance_id, playbooks_dir, limit_playbooks=[], limit_hosts={}, extra_vars={} ): """ Use service.ansible to deploy to an instance. """ if not check_ansible(): return [] logger = create_instance_logger(deploy_logger, instance_ip, username, instance_id) hostname = build_host_name(instance_id, instance_ip) configure_ansible() if not limit_hosts: limit_hosts = {"hostname": hostname, "ip": instance_ip} host_file = settings.ANSIBLE_HOST_FILE identity = Identity.find_instance(instance_id) if identity: time_zone = identity.provider.timezone extra_vars.update({"TIMEZONE": time_zone}) extra_vars.update({"ATMOUSERNAME": username}) pbs = execute_playbooks( playbooks_dir, host_file, extra_vars, limit_hosts, logger=logger, limit_playbooks=limit_playbooks ) raise_playbook_errors(pbs, instance_ip, hostname) return pbs
def ansible_deployment(instance_ip, username, instance_id, playbooks_dir, limit_playbooks=[], limit_hosts={}, extra_vars={}, raise_exception=True, debug=False, **runner_opts): """ Use service.ansible to deploy to an instance. """ if not check_ansible(): return [] # Expecting to be path-relative to the playbook path, so use basename if type(limit_playbooks) == str: limit_playbooks = limit_playbooks.split(",") if type(limit_playbooks) != list: raise Exception( "Invalid 'limit_playbooks' argument (%s). Expected List" % limit_playbooks) limit_playbooks = [ os.path.basename(filepath) for filepath in limit_playbooks ] logger = create_instance_logger(deploy_logger, instance_ip, username, instance_id) hostname = build_host_name(instance_id, instance_ip) configure_ansible(debug=debug) if debug: runner_opts['verbosity'] = 4 if not limit_hosts: if hostname: limit_hosts = hostname else: limit_hosts = instance_ip host_file = settings.ANSIBLE_HOST_FILE identity = Identity.find_instance(instance_id) if identity: time_zone = identity.provider.timezone extra_vars.update({ "TIMEZONE": time_zone, }) shared_users = list( AtmosphereUser.users_for_instance(instance_id).values_list('username', flat=True)) if not shared_users: shared_users = [username] if username not in shared_users: shared_users.append(username) extra_vars.update({ "SHARED_USERS": shared_users, }) extra_vars.update({ "ATMOUSERNAME": username, }) pbs = execute_playbooks(playbooks_dir, host_file, extra_vars, limit_hosts, logger=logger, limit_playbooks=limit_playbooks, **runner_opts) if raise_exception: raise_playbook_errors(pbs, instance_id, instance_ip, hostname) return pbs