def __init__(self, token, authURL='https://accounts.okeanos.grnet.gr/identity/v2.0'):
"""
:type authURL: str
:type token: str
"""
from kamaki.clients.utils import https
https.patch_ignore_ssl()
self.authURL = authURL
self.token = token
self.cycladesServiceType = CycladesClient.service_type
self.blockStorageServiceType = CycladesBlockStorageClient.service_type
self.astakosClient = AstakosClient(self.authURL, self.token)
endpointF = self.astakosClient.get_service_endpoints
self.cycladesEndpoint = endpointF(self.cycladesServiceType)[u'publicURL']
self.cycladesClient = CycladesClient(self.cycladesEndpoint, self.token)
self.blockStorageEndpoint = endpointF(self.blockStorageServiceType)[u'publicURL']
self.blockStorageClient = CycladesBlockStorageClient(self.blockStorageEndpoint, token)
flavorsById = {}
flavorsByName = {}
for flavor in self.cycladesClient.list_flavors():
_id = flavor[u'id']
name = flavor[u'name']
flavorsById[_id] = name
flavorsByName[name] = _id
self.flavorsById = flavorsById
self.flavorsByName = flavorsByName
def __init__(self,
token,
authURL='https://accounts.okeanos.grnet.gr/identity/v2.0'):
"""
:type authURL: str
:type token: str
"""
from kamaki.clients.utils import https
https.patch_ignore_ssl()
self.authURL = authURL
self.token = token
self.cycladesServiceType = CycladesClient.service_type
self.blockStorageServiceType = CycladesBlockStorageClient.service_type
self.astakosClient = AstakosClient(self.authURL, self.token)
endpointF = self.astakosClient.get_service_endpoints
self.cycladesEndpoint = endpointF(
self.cycladesServiceType)[u'publicURL']
self.cycladesClient = CycladesClient(self.cycladesEndpoint, self.token)
self.blockStorageEndpoint = endpointF(
self.blockStorageServiceType)[u'publicURL']
self.blockStorageClient = CycladesBlockStorageClient(
self.blockStorageEndpoint, token)
flavorsById = {}
flavorsByName = {}
for flavor in self.cycladesClient.list_flavors():
_id = flavor[u'id']
name = flavor[u'name']
flavorsById[_id] = name
flavorsByName[name] = _id
self.flavorsById = flavorsById
self.flavorsByName = flavorsByName
def main():
"""CLI entry point"""
# Check syntax
parser = argparse.ArgumentParser(description='Access your cloud keys')
parser.add_argument('--key-id', help='Get only a specific key')
parser.add_argument('--url',
help='Cloud authentication URL, can be set as OKPUB_URL env variable')
parser.add_argument('--token',
help='Cloud user token, can be set as OKPUB_TOKEN env variable')
parser.add_argument('--ca-certs',
help='Path to CA certificates for SSL, can be set as OKPUB_CA_CERTS '
'env variable')
parser.add_argument('--ignore-ssl',
action='store_true',
help='Ignore SSL (not recomended), ignores CA certificates path')
args = parser.parse_args()
url = args.url or OKPUB_URL
token = args.token or OKPUB_TOKEN
assert all([url, token]), 'Both URL and TOKEN required (-h for more)'
ca_certs = args.ca_certs or OKPUB_CA_CERTS
assert any([ca_certs, args.ignore_ssl]), (
'You should either set ca_certs or --ignore-ssl (-h for more)')
# Resolve SSL issue
from kamaki.clients.utils import https
if args.ignore_ssl:
https.patch_ignore_ssl()
else:
https.patch_with_certs(ca_certs)
# Initialize client
from okpub.client import KeyAPI
endpoint = KeyAPI.get_endpoint_url(url)
client = KeyAPI(endpoint, token)
# Get results and print
import json
from sys import stdout
if args.key_id:
r = client.get_public_key(args.key_id)
else:
r = client.list_public_keys()
stdout.write(json.dumps(r, indent=2))
stdout.write('\n')
stdout.flush()
def _kamaki_ssl(ignore_ssl=None):
"""Patch kamaki to use the correct CA certificates
Read kamaki's config file and decide if we are going to use
CA certificates and patch kamaki clients accordingly.
"""
config = kamaki_config.Config()
if ignore_ssl is None:
ignore_ssl = config.get("global", "ignore_ssl").lower() == "on"
ca_file = config.get("global", "ca_certs")
if ignore_ssl:
# Skip SSL verification
https.patch_ignore_ssl()
else:
# Use ca_certs path found in kamakirc
https.patch_with_certs(ca_file)
def _kamaki_ssl(ignore_ssl=None):
"""Patch kamaki to use the correct CA certificates
Read kamaki's config file and decide if we are going to use
CA certificates and patch kamaki clients accordingly.
"""
config = kamaki_config.Config()
if ignore_ssl is None:
ignore_ssl = config.get("global", "ignore_ssl").lower() == "on"
ca_file = config.get("global", "ca_certs")
if ignore_ssl:
# Skip SSL verification
https.patch_ignore_ssl()
else:
# Use ca_certs path found in kamakirc
https.patch_with_certs(ca_file)
def __init__(self, config, cloud=None, debug=False):
_setup_logging(debug, debug)
self.config = kamaki_config.Config(config)
self.cloud = cloud
if not self.cloud:
self.cloud = self.config.get("global", "default_cloud")
self.ignore_ssl = \
self.config.get("global", "ignore_ssl").lower() == "on"
self.ca_certs = \
self.config.get("global", "ca_certs")
https.patch_ignore_ssl(self.ignore_ssl)
if self.ca_certs is not None:
https.patch_with_certs(self.ca_certs)
self.auth_url = self.config.get_cloud(self.cloud, "url")
self.token = self.config.get_cloud(self.cloud, "token")
self.auth_client = AstakosClient(self.auth_url, self.token)
self.endpoints = None # lazyness
def run(settings):
"""Run the service"""
ldap_args = dict(ldap_url=settings.get('ldap_url'),
admin=settings.get('ldap_admin'),
password=settings.get('ldap_password'),
base_dn=settings.get('ldap_base_dn'))
pool_args = dict(
dbname=settings.get('pool_name'),
host=settings.get('pool_host'),
user=settings.get('pool_user'),
password=settings.get('pool_password'),
)
voms_args = dict([(k, v) for k, v in settings.items()
if k in ('voms_policy', 'voms_dir', 'ca_path',
'voms_api_lib')])
snf_certs = settings.get('snf_ca_certs', None)
vo_projects = settings.get('vo_projects', None)
if snf_certs:
https.patch_with_certs(snf_certs)
elif settings.get('snf_ignore_ssl', None):
https.patch_ignore_ssl()
snf_admin = identity.IdentityClient(settings['snf_auth_url'],
settings['snf_admin_token'])
snf_admin.authenticate()
server.ASTAVOMS_SERVER_SETTINGS.update(
dict(
ldap_args=ldap_args,
pool_args=pool_args,
vomsauth=authvoms.VomsAuth(**voms_args),
snf_admin=snf_admin,
vo_projects=vo_projects,
disable_voms_verification=settings.get(
'disable_voms_verification'),
))
server.app.config.from_object(server)
utils.setup_logger(server.logger,
debug=settings['debug'],
logfile=settings['logfile'])
server.app.run(host=settings.get('host'), port=settings.get('port'))
def patch_certs(cert_path=None):
"""
Patch http certificates or ignore_ssl() if no certificates ca be found
:param cert_path: Path to the certificate file
"""
if not defaults.CACERTS_DEFAULT_PATH:
if cert_path:
https.patch_with_certs(cert_path)
else:
try:
from ssl import get_default_verify_paths
cert_path = get_default_verify_paths().cafile or \
get_default_verify_paths().openssl_cafile
except:
pass
if cert_path:
https.patch_with_certs(cert_path)
else:
logger.warn("COULD NOT FIND ANY CERTIFICATES, PLEASE SET THEM IN YOUR "
".kamakirc global section, option ca_certs")
https.patch_ignore_ssl()
from kamaki.clients.utils import https https.patch_ignore_ssl()
from kamaki.cli.config import Config
import tabulate
try:
from kamaki.clients.utils import https
if Config().getboolean('global', 'ignore_ssl'):
https.patch_ignore_ssl()
else:
ca_file = Config().get('global', 'ca_certs')
if ca_file is None:
raise ValueError("ca_certs cannot be None")
https.patch_with_certs(ca_file)
except ImportError:
pass
def get_cloud_names():
return [cloud[0] for cloud in Config().items("cloud")]
def get_cloud_credentials(cloud_name):
"""Get cloud credentials from kamaki configuration file."""
cloud = dict(Config().items("cloud")).get(cloud_name)
if cloud is None:
raise ValueError("Kamaki config file does not contain '%s' cloud." %
cloud_name)
return cloud["url"], cloud["token"]
def get_server_cloud(server_name):
"""Get the server cloud from the server name."""
def _init_session(arguments, is_non_api=False):
"""
:returns: cloud name
"""
_help = arguments['help'].value
global _debug
_debug = arguments['debug'].value
_verbose_with_data = arguments['verbose_with_data'].value
_verbose = arguments['verbose'].value or _verbose_with_data
_cnf = arguments['config']
_setup_logging(_debug, _verbose, _verbose_with_data)
if _help or is_non_api:
return None
# Patch https for SSL Authentication
ca_file = arguments['ca_file'].value or _cnf.get('global', 'ca_certs')
ignore_ssl = arguments['ignore_ssl'].value or (_cnf.get(
'global', 'ignore_ssl').lower() == 'on')
if ca_file:
try:
https.patch_with_certs(ca_file)
except https.SSLUnicodeError as sslu:
raise CLIError(
'Failed to set CA certificates file %s' % ca_file,
importance=2,
details=[
'SSL module cannot handle non-ascii file names',
'Check the file path and consider moving and renaming',
'To set the new CA certificates path',
' kamaki config set ca_certs CA_FILE',
sslu,
])
else:
warn = red('CA certifications path not set (insecure) ')
kloger.warning(warn)
https.patch_ignore_ssl(ignore_ssl)
_check_config_version(_cnf.value)
_colors = _cnf.value.get('global', 'colors')
if not (stdout.isatty() and _colors == 'on'):
remove_colors()
cloud = arguments['cloud'].value or _cnf.value.get(
'global', 'default_cloud') or os.environ.get(DEF_CLOUD_ENV)
if not cloud:
num_of_clouds = len(_cnf.value.keys('cloud'))
if num_of_clouds == 1:
cloud = _cnf.value.keys('cloud')[0]
elif num_of_clouds > 1:
raise CLIError(
'Found %s clouds but none of them is set as default' %
(num_of_clouds),
importance=2,
details=[
'Please, choose one of the following cloud names:',
', '.join(_cnf.value.keys('cloud')),
'To see all cloud settings:',
' kamaki config get cloud.<cloud name>',
'To set a default cloud:',
' kamaki config set default_cloud <cloud name>',
' or set the %s enviroment variable' % DEF_CLOUD_ENV,
'To pick a cloud for the current session, use --cloud:',
' kamaki --cloud=<cloud name> ...'
])
if cloud not in _cnf.value.keys('cloud'):
raise CLIError('No cloud%s is configured' %
((' "%s"' % cloud) if cloud else ''),
importance=3,
details=[
'To configure a new cloud "%s", find and set the' %
(cloud or '<cloud name>'),
'single authentication URL and token:',
' kamaki config set cloud.%s.url <URL>' %
(cloud or '<cloud name>'),
' kamaki config set cloud.%s.token <t0k3n>' %
(cloud or '<cloud name>')
])
auth_args = dict()
for term in ('url', 'token'):
try:
auth_args[term] = _cnf.get_cloud(cloud, term)
except KeyError or IndexError:
auth_args[term] = ''
if not auth_args[term]:
raise CLIError('No authentication %s provided for cloud "%s"' %
(term.upper(), cloud),
importance=3,
details=[
'Set a %s for cloud %s:' %
(term.upper(), cloud),
' kamaki config set cloud.%s.%s <%s>' %
(cloud, term, term.upper())
])
return cloud
def _init_session(arguments, is_non_api=False):
"""
:returns: cloud name
"""
_help = arguments['help'].value
global _debug
_debug = arguments['debug'].value
_verbose = arguments['verbose'].value
_cnf = arguments['config']
_setup_logging(_debug, _verbose)
if _help or is_non_api:
return None
# Patch https for SSL Authentication
ca_file = arguments['ca_file'].value or _cnf.get('global', 'ca_certs')
ignore_ssl = arguments['ignore_ssl'].value or (
_cnf.get('global', 'ignore_ssl').lower() == 'on')
if ca_file:
try:
https.patch_with_certs(ca_file)
except https.SSLUnicodeError as sslu:
raise CLIError(
'Failed to set CA certificates file %s' % ca_file,
importance=2, details=[
'SSL module cannot handle non-ascii file names',
'Check the file path and consider moving and renaming',
'To set the new CA certificates path',
' kamaki config set ca_certs CA_FILE',
sslu, ])
else:
warn = red('CA certifications path not set (insecure) ')
kloger.warning(warn)
https.patch_ignore_ssl(ignore_ssl)
_check_config_version(_cnf.value)
_colors = _cnf.value.get('global', 'colors')
if not (stdout.isatty() and _colors == 'on'):
remove_colors()
cloud = arguments['cloud'].value or _cnf.value.get(
'global', 'default_cloud')
if not cloud:
num_of_clouds = len(_cnf.value.keys('cloud'))
if num_of_clouds == 1:
cloud = _cnf.value.keys('cloud')[0]
elif num_of_clouds > 1:
raise CLIError(
'Found %s clouds but none of them is set as default' % (
num_of_clouds),
importance=2, details=[
'Please, choose one of the following cloud names:',
', '.join(_cnf.value.keys('cloud')),
'To see all cloud settings:',
' kamaki config get cloud.<cloud name>',
'To set a default cloud:',
' kamaki config set default_cloud <cloud name>',
'To pick a cloud for the current session, use --cloud:',
' kamaki --cloud=<cloud name> ...'])
if cloud not in _cnf.value.keys('cloud'):
raise CLIError(
'No cloud%s is configured' % ((' "%s"' % cloud) if cloud else ''),
importance=3, details=[
'To configure a new cloud "%s", find and set the' % (
cloud or '<cloud name>'),
'single authentication URL and token:',
' kamaki config set cloud.%s.url <URL>' % (
cloud or '<cloud name>'),
' kamaki config set cloud.%s.token <t0k3n>' % (
cloud or '<cloud name>')])
auth_args = dict()
for term in ('url', 'token'):
try:
auth_args[term] = _cnf.get_cloud(cloud, term)
except KeyError or IndexError:
auth_args[term] = ''
if not auth_args[term]:
raise CLIError(
'No authentication %s provided for cloud "%s"' % (
term.upper(), cloud),
importance=3, details=[
'Set a %s for cloud %s:' % (term.upper(), cloud),
' kamaki config set cloud.%s.%s <%s>' % (
cloud, term, term.upper())])
return cloud
def __init__(self, auth_url, auth_token, container, local_root_path,
*args, **kwargs):
check_encoding()
auth_url = utils.to_unicode(auth_url)
auth_token = utils.to_unicode(auth_token)
container = utils.to_unicode(container)
local_root_path = utils.to_unicode(local_root_path)
self.auth_url = utils.normalize_standard_suffix(auth_url)
self.auth_token = auth_token
self.container = utils.normalize_standard_suffix(container)
self.ignore_ssl = kwargs.get("ignore_ssl", False)
if self.ignore_ssl:
https.patch_ignore_ssl()
elif kwargs.get('ca_certs', None):
https.patch_with_certs(kwargs['ca_certs'])
self.endpoint = self._get_pithos_client(
auth_url, auth_token, container)
container_exists = self.check_container_exists(container)
home_dir = utils.to_unicode(os.path.expanduser('~'))
default_settings_path = join_path(home_dir, GLOBAL_SETTINGS_NAME)
self.settings_path = utils.to_unicode(
kwargs.get("agkyra_path", default_settings_path))
self.create_dir(self.settings_path, mode=stat.S_IRWXU)
self.instances_path = join_path(self.settings_path, INSTANCES_NAME)
self.create_dir(self.instances_path)
self.local_root_path = utils.normalize_local_suffix(local_root_path)
local_root_path_exists = os.path.isdir(self.local_root_path)
self.cache_name = utils.to_unicode(
kwargs.get("cache_name", DEFAULT_CACHE_NAME))
self.cache_path = join_path(self.local_root_path, self.cache_name)
self.cache_hide_name = utils.to_unicode(
kwargs.get("cache_hide_name", DEFAULT_CACHE_HIDE_NAME))
self.cache_hide_path = join_path(self.cache_path, self.cache_hide_name)
self.cache_stage_name = utils.to_unicode(
kwargs.get("cache_stage_name", DEFAULT_CACHE_STAGE_NAME))
self.cache_stage_path = join_path(self.cache_path,
self.cache_stage_name)
self.cache_fetch_name = utils.to_unicode(
kwargs.get("cache_fetch_name", DEFAULT_CACHE_FETCH_NAME))
self.cache_fetch_path = join_path(self.cache_path,
self.cache_fetch_name)
self.user_id = self.endpoint.account
self.instance = get_instance(
[self.auth_url, self.user_id,
self.container, self.local_root_path])
self.instance_path = join_path(self.instances_path, self.instance)
self.create_dir(self.instance_path)
self.dbname = utils.to_unicode(kwargs.get("dbname", DEFAULT_DBNAME))
self.full_dbname = join_path(self.instance_path, self.dbname)
self.syncer_dbtuple = common.DBTuple(
dbtype=database.SyncerDB,
dbname=self.full_dbname)
db_existed = os.path.isfile(self.full_dbname)
if not db_existed:
database.initialize(self.syncer_dbtuple)
self.mtime_lag = 0
self.case_insensitive = False
if not db_existed:
self.set_localfs_enabled(True)
self.create_local_dirs()
self.set_pithos_enabled(True)
if not container_exists:
self.mk_container(container)
else:
if not local_root_path_exists:
self.set_localfs_enabled(False)
else:
self.create_local_dirs()
if not container_exists:
self.set_pithos_enabled(False)
self.heartbeat = ThreadSafeDict()
self.action_max_wait = kwargs.get("action_max_wait",
DEFAULT_ACTION_MAX_WAIT)
self.pithos_list_interval = kwargs.get("pithos_list_interval",
DEFAULT_PITHOS_LIST_INTERVAL)
self.connection_retry_limit = kwargs.get(
"connection_retry_limit", DEFAULT_CONNECTION_RETRY_LIMIT)
self.endpoint.CONNECTION_RETRY_LIMIT = self.connection_retry_limit
self.max_alive_sync_threads = kwargs.get(
"max_alive_sync_threads", DEFAULT_MAX_ALIVE_SYNC_THREADS)
self.messager = Messager()
def __init__(self, auth_url, auth_token, container, local_root_path, *args,
**kwargs):
check_encoding()
auth_url = utils.to_unicode(auth_url)
auth_token = utils.to_unicode(auth_token)
container = utils.to_unicode(container)
local_root_path = utils.to_unicode(local_root_path)
self.auth_url = utils.normalize_standard_suffix(auth_url)
self.auth_token = auth_token
self.container = utils.normalize_standard_suffix(container)
self.ignore_ssl = kwargs.get("ignore_ssl", False)
if self.ignore_ssl:
https.patch_ignore_ssl()
elif kwargs.get('ca_certs', None):
https.patch_with_certs(kwargs['ca_certs'])
self.endpoint = self._get_pithos_client(auth_url, auth_token,
container)
container_exists = self.check_container_exists(container)
home_dir = utils.to_unicode(os.path.expanduser('~'))
default_settings_path = join_path(home_dir, GLOBAL_SETTINGS_NAME)
self.settings_path = utils.to_unicode(
kwargs.get("agkyra_path", default_settings_path))
self.create_dir(self.settings_path, mode=stat.S_IRWXU)
self.instances_path = join_path(self.settings_path, INSTANCES_NAME)
self.create_dir(self.instances_path)
self.local_root_path = utils.normalize_local_suffix(local_root_path)
local_root_path_exists = os.path.isdir(self.local_root_path)
self.cache_name = utils.to_unicode(
kwargs.get("cache_name", DEFAULT_CACHE_NAME))
self.cache_path = join_path(self.local_root_path, self.cache_name)
self.cache_hide_name = utils.to_unicode(
kwargs.get("cache_hide_name", DEFAULT_CACHE_HIDE_NAME))
self.cache_hide_path = join_path(self.cache_path, self.cache_hide_name)
self.cache_stage_name = utils.to_unicode(
kwargs.get("cache_stage_name", DEFAULT_CACHE_STAGE_NAME))
self.cache_stage_path = join_path(self.cache_path,
self.cache_stage_name)
self.cache_fetch_name = utils.to_unicode(
kwargs.get("cache_fetch_name", DEFAULT_CACHE_FETCH_NAME))
self.cache_fetch_path = join_path(self.cache_path,
self.cache_fetch_name)
self.user_id = self.endpoint.account
self.instance = get_instance([
self.auth_url, self.user_id, self.container, self.local_root_path
])
self.instance_path = join_path(self.instances_path, self.instance)
self.create_dir(self.instance_path)
self.dbname = utils.to_unicode(kwargs.get("dbname", DEFAULT_DBNAME))
self.full_dbname = join_path(self.instance_path, self.dbname)
self.syncer_dbtuple = common.DBTuple(dbtype=database.SyncerDB,
dbname=self.full_dbname)
db_existed = os.path.isfile(self.full_dbname)
if not db_existed:
database.initialize(self.syncer_dbtuple)
self.mtime_lag = 0
self.case_insensitive = False
if not db_existed:
self.set_localfs_enabled(True)
self.create_local_dirs()
self.set_pithos_enabled(True)
if not container_exists:
self.mk_container(container)
else:
if not local_root_path_exists:
self.set_localfs_enabled(False)
else:
self.create_local_dirs()
if not container_exists:
self.set_pithos_enabled(False)
self.heartbeat = ThreadSafeDict()
self.action_max_wait = kwargs.get("action_max_wait",
DEFAULT_ACTION_MAX_WAIT)
self.pithos_list_interval = kwargs.get("pithos_list_interval",
DEFAULT_PITHOS_LIST_INTERVAL)
self.connection_retry_limit = kwargs.get(
"connection_retry_limit", DEFAULT_CONNECTION_RETRY_LIMIT)
self.endpoint.CONNECTION_RETRY_LIMIT = self.connection_retry_limit
self.max_alive_sync_threads = kwargs.get(
"max_alive_sync_threads", DEFAULT_MAX_ALIVE_SYNC_THREADS)
self.messager = Messager()