def delete_user(self, user):
kc = KeystoneCommands(username=self.inputs.stack_user,
password=self.inputs.stack_password,
tenant=self.inputs.project_name,
auth_url=self.auth_url,
insecure=self.insecure)
kc.delete_user(user)
def __init__(self, username, password, project_id, project_name,
auth_url, endpoint_type, region_name, scope, cert, key,
cacert, domain_name, insecure, logger):
self.logger = logger
prj = project_id.replace('-', '')
self._ks = KeystoneCommands(username=username,
password=password,
tenant=project_name,
domain_name=domain_name,
auth_url=auth_url,
region_name=region_name,
scope=scope,
cert=cert,
key=key,
cacert=cacert,
insecure=insecure,
logger=logger)
self._qh = neuc.Client(
'2.0',
session=self._ks.get_session(scope='project'),
region_name=region_name)
self._nh = novac.Client(
'2',
session=self._ks.get_session(scope='project'),
region_name=region_name)
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
logger=self.logger)
def add_user_to_project(self, user, project):
kc = KeystoneCommands(username= self.inputs.stack_user,
password= self.inputs.stack_password,
tenant= self.inputs.project_name,
auth_url= self.auth_url, insecure=self.insecure)
try:
kc.add_user_to_tenant(project, user, 'admin')
except Exception as e:
self.logger.info("%s user already added to project"%(user))
def add_user_to_project(self, user, project):
kc = KeystoneCommands(username=self.inputs.stack_user,
password=self.inputs.stack_password,
tenant=self.inputs.project_name,
auth_url=self.auth_url,
insecure=self.insecure)
try:
kc.add_user_to_tenant(project, user, 'admin')
except Exception as e:
self.logger.info("%s user already added to project" % (user))
def create_user(self, user, password):
kc = KeystoneCommands(username= self.inputs.stack_user,
password= self.inputs.stack_password,
tenant= self.inputs.project_name,
auth_url= self.auth_url, insecure=self.insecure)
try:
kc.create_user(user,password,email='',
tenant_name=self.inputs.stack_tenant,enabled=True)
except:
self.logger.info("%s user already created"%(self.user))
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
domain_name=self.domain_name,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
cert=self.keystone_certfile,
key=self.keystone_keyfile,
cacert=self.certbundle,
logger=self.logger,
scope=self.scope)
def create_user(self, user, password):
kc = KeystoneCommands(username=self.inputs.stack_user,
password=self.inputs.stack_password,
tenant=self.inputs.project_name,
auth_url=self.auth_url,
insecure=self.insecure)
try:
kc.create_user(user,
password,
email='',
tenant_name=self.inputs.stack_tenant,
enabled=True)
except:
self.logger.info("%s user already created" % (self.user))
def verify_service_enabled(self, service):
kc = KeystoneCommands(username= self.inputs.stack_user,
password= self.inputs.stack_password,
tenant= self.inputs.project_name,
auth_url= self.auth_url, insecure=self.insecure)
try:
for svc in kc.services_list():
if service in svc.name:
return True
else:
continue
return False
except Exception as e:
return False
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name)
def __init__(self, username, password, project_name, inputs, openstack_ip):
self.inputs = inputs
self.logger = self.inputs.logger
auth_url = os.getenv('OS_AUTH_URL') or \
'http://' + openstack_ip + ':5000/v2.0'
insecure = bool(os.getenv('OS_INSECURE', True))
kc = KeystoneCommands(username=username,
password=password,
tenant=project_name,
auth_url=auth_url,
insecure=insecure)
self.project_id = kc.get_id().replace('-', '')
self.obj = client.Client('2.0',
username=username,
password=password,
tenant_id=self.project_id,
auth_url=auth_url,
insecure=insecure)
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
domain_name=self.domain_name,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
cert=self.keystone_certfile,
key=self.keystone_keyfile,
cacert=self.certbundle,
logger=self.logger,
scope=self.scope)
class OpenstackAuth(OrchestratorAuth):
def __init__(self, user, passwd, project_name, inputs, logger):
self.inputs = inputs
self.user = user
self.passwd = passwd
self.project = project_name
self.logger = logger
self.insecure = bool(os.getenv('OS_INSECURE',True))
self.auth_url = os.getenv('OS_AUTH_URL') or \
'http://%s:5000/v2.0' % (self.inputs.openstack_ip)
self.domain = 'default-domain'
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username= self.user,
password= self.passwd,
tenant= self.project,
auth_url= self.auth_url,
insecure=self.insecure)
def get_project_id(self, domain_name=None, project_name=None):
if not project_name or project_name == self.project:
return self.keystone.get_id()
else:
return self.keystone.get_project_id(project_name)
def create_project(self, name):
return self.keystone.create_project(name)
def delete_project(self, name):
try:
self.keystone.delete_project(name)
except ks_exceptions.ClientException, e:
# TODO Remove this workaround
if 'Unable to add token to revocation list' in str(e):
self.logger.warn('Exception %s while deleting project' % (
str(e)))
def __init__(
self,
username,
password,
project_name,
inputs,
openstack_ip):
self.inputs = inputs
self.logger = self.inputs.logger
auth_url = os.getenv('OS_AUTH_URL') or \
'http://' + openstack_ip + ':5000/v2.0'
insecure = bool(os.getenv('OS_INSECURE', True))
kc = KeystoneCommands(username=username,
password=password,
tenant=project_name,
auth_url=auth_url,
insecure=insecure)
self.project_id = kc.get_id().replace('-','')
self.obj = client.Client('2.0', username=username,
password=password,
tenant_id=self.project_id,
auth_url=auth_url,
insecure=insecure)
class OpenstackAuth(OrchestratorAuth):
def __init__(self, user, passwd, project_name, inputs, logger):
self.inputs = inputs
self.user = user
self.passwd = passwd
self.project = project_name
self.logger = logger
self.insecure = bool(os.getenv('OS_INSECURE', True))
self.auth_url = os.getenv('OS_AUTH_URL') or \
'http://%s:5000/v2.0' % (self.inputs.openstack_ip)
self.domain = 'default-domain'
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
auth_url=self.auth_url,
insecure=self.insecure)
def get_project_id(self, domain_name=None, project_name=None):
if not project_name or project_name == self.project:
return self.keystone.get_id()
else:
return self.keystone.get_project_id(project_name)
def create_project(self, name):
return self.keystone.create_project(name)
def delete_project(self, name):
try:
self.keystone.delete_project(name)
except ks_exceptions.ClientException, e:
# TODO Remove this workaround
if 'Unable to add token to revocation list' in str(e):
self.logger.warn('Exception %s while deleting project' %
(str(e)))
def delete_user(self,user=None):
if user:
user = user
else:
user = self.user
insecure = bool(os.getenv('OS_INSECURE',True))
try:
self.auth_url = os.getenv('OS_AUTH_URL') or \
'http://' + self.inputs.openstack_ip + ':5000/v2.0'
self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password,
tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure)
except Exception as e:
self.logger.warn("Failed - Keystone client instance")
self.key_stone_clients.delete_user(user)
def setUpClass(cls):
super(BaseMultitenancyTest, cls).setUpClass()
cls.quantum_h= cls.connections.quantum_h
cls.nova_h = cls.connections.nova_h
cls.vnc_lib= cls.connections.vnc_lib
cls.agent_inspect= cls.connections.agent_inspect
cls.cn_inspect= cls.connections.cn_inspect
auth_url = os.getenv('OS_AUTH_URL') or \
'http://' + cls.inputs.auth_ip + ':5000/v2.0'
insecure = bool(os.getenv('OS_INSECURE',True))
cls.key_stone_clients = KeystoneCommands(
username=cls.inputs.admin_user,
password = cls.inputs.admin_password,
tenant = cls.inputs.admin_tenant,
auth_url=auth_url,
insecure=insecure)
def create_and_attach_user_to_tenant(self):
insecure = bool(os.getenv('OS_INSECURE',True))
try:
auth_url = os.getenv('OS_AUTH_URL') or \
'http://' + self.inputs.openstack_ip + ':5000/v2.0'
self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password,
tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure)
try:
self.key_stone_clients.create_user(self.user,self.password,email='',tenant_name=self.inputs.stack_tenant,enabled=True)
except:
self.logger.info("%s user already created"%(self.user))
try:
self.key_stone_clients.add_user_to_tenant(self.project_name,self.user , 'admin')
except Exception as e:
self.logger.info("%s user already added to project"%(self.user))
try:
self.key_stone_clients.add_user_to_tenant(self.project_name,'admin' , 'admin')
except Exception as e:
self.logger.info("Admin user already added to project")
time.sleep(4)
except Exception as e:
self.logger.info("Failed - Keystone client instance")
class OpenstackAuth(OrchestratorAuth):
def __init__(self, user, passwd, project_name,
inputs=None, logger=None, auth_url=None):
self.inputs = inputs
self.user = user
self.passwd = passwd
self.project = project_name
self.logger = logger or logging.getLogger(__name__)
self.insecure = bool(os.getenv('OS_INSECURE',True))
if inputs:
self.auth_url = 'http://%s:5000/v2.0' % (self.inputs.openstack_ip)
else:
self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
auth_url=self.auth_url,
insecure=self.insecure)
def get_project_id(self, name=None):
if not name or name == self.project:
return self.keystone.get_id()
return self.keystone.get_project_id(name)
def create_project(self, name):
return self.keystone.create_project(name)
def delete_project(self, name):
self.keystone.delete_project(name)
def delete_user(self, user):
self.keystone.delete_user(user)
def create_user(self, user, password):
try:
self.keystone.create_user(user,password,email='',
tenant_name=self.inputs.stack_tenant,enabled=True)
except:
self.logger.info("%s user already created"%(self.user))
def add_user_to_project(self, user, project, role='admin'):
try:
self.keystone.add_user_to_tenant(project, user, role)
except Exception as e:
self.logger.info("%s user already added to project"%(user))
def verify_service_enabled(self, service):
try:
for svc in self.keystone.services_list():
if service in svc.name:
return True
else:
continue
return False
except Exception as e:
return False
def get_auth_h(self):
return self.keystone
class IsolatedCreds(fixtures.Fixture):
def __init__(self,project_name,inputs,ini_file = None ,logger = None):
# self.project_name = project_name
self.project_name = get_random_name(project_name)
self.user = project_name
self.password = project_name
self.inputs = inputs
self.ini_file = ini_file
self.logger = logger
def setUp(self):
super(IsolatedCreds, self).setUp()
self.connections= ContrailConnections(self.inputs, self.logger)
self.vnc_lib= self.connections.vnc_lib
# self.logger= self.inputs.logger
def create_tenant(self):
self.project = None
time.sleep(4)
try:
self.project = project_test.ProjectFixture(project_name = self.project_name,
vnc_lib_h= self.vnc_lib,username= self.user,password= self.password,
connections= self.connections)
self.project.setUp()
except Exception as e:
self.logger.warn("got exception as %s"%(e))
finally:
return self.project
def delete_tenant(self):
self.project.cleanUp()
def delete_user(self,user=None):
if user:
user = user
else:
user = self.user
insecure = bool(os.getenv('OS_INSECURE',True))
try:
self.auth_url = os.getenv('OS_AUTH_URL') or \
'http://' + self.inputs.openstack_ip + ':5000/v2.0'
self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password,
tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure)
except Exception as e:
self.logger.warn("Failed - Keystone client instance")
self.key_stone_clients.delete_user(user)
def create_and_attach_user_to_tenant(self):
insecure = bool(os.getenv('OS_INSECURE',True))
try:
auth_url = os.getenv('OS_AUTH_URL') or \
'http://' + self.inputs.openstack_ip + ':5000/v2.0'
self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password,
tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure)
try:
self.key_stone_clients.create_user(self.user,self.password,email='',tenant_name=self.inputs.stack_tenant,enabled=True)
except:
self.logger.info("%s user already created"%(self.user))
try:
self.key_stone_clients.add_user_to_tenant(self.project_name,self.user , 'admin')
except Exception as e:
self.logger.info("%s user already added to project"%(self.user))
try:
self.key_stone_clients.add_user_to_tenant(self.project_name,'admin' , 'admin')
except Exception as e:
self.logger.info("Admin user already added to project")
time.sleep(4)
except Exception as e:
self.logger.info("Failed - Keystone client instance")
def get_inputs(self):
self.project_inputs= self.useFixture(ContrailTestInit(self.ini_file,
stack_user=self.project.username,
stack_password=self.project.password,
project_fq_name=['default-domain',self.project_name],logger = self.logger))
return self.project_inputs
def get_conections(self):
self.project_connections= ContrailConnections(self.project_inputs,project_name= self.project_name,
username=self.project.username
,password= self.project.password,
logger = self.logger)
return self.project_connections
def get_admin_inputs(self):
admin = AdminCreds(ADMIN_TENANT , self.inputs , self.ini_file , self.logger)
return admin.get_inputs()
def get_admin_connections(self):
admin = AdminCreds(ADMIN_TENANT , self.inputs , self.ini_file , self.logger)
return admin.get_conections()
def cleanUp(self):
super(IsolatedCreds, self).cleanUp()
def _create_prov_file(self):
''' Creates json data for a single node only.
Optional Env variables:
openstack creds:
* OS_USERNAME (default: admin)
* OS_PASSWORD (default: contrail123)
* OS_TENANT_NAME (default: admin)
* OS_DOMAIN_NAME (default: default-domain)
* OS_AUTH_URL (default: http://127.0.0.1:5000/v2.0)
* OS_INSECURE (default: True)
login creds:
* USERNAME (default: root)
* PASSWORD (default: c0ntrail123)
contrail service:
* DISCOVERY_IP (default: neutron-server ip fetched from keystone endpoint)
'''
pattern = 'http[s]?://(?P<ip>\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?P<port>\d+)'
if self.orchestrator.lower() != 'openstack':
raise Exception('Please specify testbed info in $PARAMS_FILE '
'under "Basic" section, keyword "provFile"')
if self.orchestrator.lower() == 'openstack':
auth_url = os.getenv('OS_AUTH_URL', None) or \
'http://127.0.0.1:5000/v2.0'
insecure = bool(os.getenv('OS_INSECURE', True))
keystone = KeystoneCommands(
self.stack_user,
self.stack_password,
self.stack_tenant,
auth_url,
region_name=self.region_name,
insecure=insecure,
logger=self.logger)
match = re.match(pattern, keystone.get_endpoint('identity')[0])
self.auth_ip = match.group('ip')
self.auth_port = match.group('port')
# Assume contrail-config runs in the same node as neutron-server
discovery = os.getenv('DISCOVERY_IP', None) or \
(keystone and re.match(pattern,
keystone.get_endpoint('network')[0]).group('ip'))
ds_client = VerificationDsSrv(discovery)
services = ds_client.get_ds_services().info
cfgm = database = services['config']
collector = services['analytics']
bgp = services['control-node']
openstack = [self.auth_ip] if self.auth_ip else []
computes = self.get_computes(cfgm[0])
data = {'hosts': list()}
hosts = cfgm + database + collector + bgp + computes + openstack
username = os.getenv('USERNAME', 'root')
password = os.getenv('PASSWORD', 'c0ntrail123')
for host in set(hosts):
with settings(
host_string='%s@%s' % (username, host),
password=password,
warn_only=True):
hname = run('hostname')
hdict = {
'ip': host,
'data-ip': host,
'control-ip': host,
'username': username,
'password': password,
'name': hname,
'roles': [],
}
if host in cfgm:
hdict['roles'].append({'type': 'cfgm'})
if host in collector:
hdict['roles'].append({'type': 'collector'})
if host in database:
hdict['roles'].append({'type': 'database'})
if host in bgp:
hdict['roles'].append({'type': 'bgp'})
if host in computes:
hdict['roles'].append({'type': 'compute'})
if host in openstack:
hdict['roles'].append({'type': 'openstack'})
data['hosts'].append(hdict)
tempfile = NamedTemporaryFile(delete=False)
with open(tempfile.name, 'w') as fd:
json.dump(data, fd)
return tempfile.name
def _create_prov_file(self):
''' Creates json data for a single node only.
Optional Env variables:
openstack creds:
* OS_USERNAME (default: admin)
* OS_PASSWORD (default: contrail123)
* OS_TENANT_NAME (default: admin)
* OS_DOMAIN_NAME (default: default-domain)
* OS_AUTH_URL (default: http://127.0.0.1:5000/v2.0)
* OS_INSECURE (default: True)
login creds:
* USERNAME (default: root)
* PASSWORD (default: c0ntrail123)
contrail service:
* DISCOVERY_IP (default: neutron-server ip fetched from keystone endpoint)
'''
pattern = 'http[s]?://(?P<ip>\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?P<port>\d+)'
if self.orchestrator.lower() != 'openstack':
raise Exception('Please specify testbed info in $PARAMS_FILE '
'under "Basic" section, keyword "provFile"')
if self.orchestrator.lower() == 'openstack':
auth_url = os.getenv('OS_AUTH_URL', None) or \
'http://127.0.0.1:5000/v2.0'
insecure = bool(os.getenv('OS_INSECURE', True))
keystone = KeystoneCommands(self.stack_user,
self.stack_password,
self.stack_tenant,
auth_url,
region_name=self.region_name,
insecure=insecure,
logger=self.logger)
match = re.match(pattern, keystone.get_endpoint('identity')[0])
self.auth_ip = match.group('ip')
self.auth_port = match.group('port')
# Assume contrail-config runs in the same node as neutron-server
discovery = os.getenv('DISCOVERY_IP', None) or \
(keystone and re.match(pattern,
keystone.get_endpoint('network')[0]).group('ip'))
ds_client = VerificationDsSrv(discovery)
services = ds_client.get_ds_services().info
cfgm = database = services['config']
collector = services['analytics']
bgp = services['control-node']
openstack = [self.auth_ip] if self.auth_ip else []
computes = self.get_computes(cfgm[0])
data = {'hosts': list()}
hosts = cfgm + database + collector + bgp + computes + openstack
username = os.getenv('USERNAME', 'root')
password = os.getenv('PASSWORD', 'c0ntrail123')
for host in set(hosts):
with settings(host_string='%s@%s' % (username, host),
password=password,
warn_only=True):
hname = run('hostname')
hdict = {
'ip': host,
'data-ip': host,
'control-ip': host,
'username': username,
'password': password,
'name': hname,
'roles': [],
}
if host in cfgm:
hdict['roles'].append({'type': 'cfgm'})
if host in collector:
hdict['roles'].append({'type': 'collector'})
if host in database:
hdict['roles'].append({'type': 'database'})
if host in bgp:
hdict['roles'].append({'type': 'bgp'})
if host in computes:
hdict['roles'].append({'type': 'compute'})
if host in openstack:
hdict['roles'].append({'type': 'openstack'})
data['hosts'].append(hdict)
tempfile = NamedTemporaryFile(delete=False)
with open(tempfile.name, 'w') as fd:
json.dump(data, fd)
return tempfile.name
class OpenstackAuth(OrchestratorAuth):
def __init__(self,
user,
passwd,
project_name,
inputs=None,
logger=None,
auth_url=None,
region_name=None):
self.inputs = inputs
self.user = user
self.passwd = passwd
self.project = project_name
self.logger = logger or contrail_logging.getLogger(__name__)
self.insecure = bool(os.getenv('OS_INSECURE', True))
if inputs:
self.auth_url = inputs.auth_url
self.region_name = inputs.region_name
else:
self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
self.region_name = region_name or os.getenv('OS_REGION_NAME')
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
logger=self.logger)
def get_project_id(self, name=None):
if not name or name == self.project:
return self.keystone.get_id()
return self.keystone.get_project_id(name)
def create_project(self, name):
return self.keystone.create_project(name)
def delete_project(self, name):
self.keystone.delete_project(name)
def delete_user(self, user):
self.keystone.delete_user(user)
def create_user(self, user, password):
try:
self.keystone.create_user(user,
password,
email='',
tenant_name=self.inputs.stack_tenant,
enabled=True)
except:
self.logger.info("%s user already present" % (self.user))
def add_user_to_project(self, user, project, role='admin'):
try:
self.keystone.add_user_to_tenant(project, user, role)
except Exception as e:
self.logger.info("%s user already added to project" % (user))
def verify_service_enabled(self, service):
try:
for svc in self.keystone.services_list():
if service in svc.name:
return True
else:
continue
return False
except Exception as e:
return False
def get_auth_h(self):
return self.keystone
class OpenstackAuth(OrchestratorAuth):
def __init__(self, username, password, project_name,
inputs=None, logger=None, auth_url=None, region_name=None,
certfile=None, keyfile=None, cacert=None, insecure=True, domain_name=None,scope='domain'):
self.inputs = inputs
self.user = username
self.passwd = password
self.project = project_name
self.scope = scope
self.logger = logger or contrail_logging.getLogger(__name__)
if inputs:
self.auth_url = inputs.auth_url
self.region_name = inputs.region_name
self.domain_name = domain_name or self.inputs.admin_domain
self.keystone_certfile = self.inputs.keystonecertfile
self.keystone_keyfile = self.inputs.keystonekeyfile
self.certbundle = self.inputs.certbundle
self.insecure = self.inputs.insecure
self.scope = 'project' if inputs.use_project_scoped_token else scope
else:
self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
self.region_name = region_name or os.getenv('OS_REGION_NAME')
self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME')
self.keystone_certfile = certfile
self.keystone_keyfile = keyfile
self.insecure = insecure
self.certbundle = cacert
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
domain_name=self.domain_name,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
cert=self.keystone_certfile,
key=self.keystone_keyfile,
cacert=self.certbundle,
logger=self.logger,
scope=self.scope)
def get_domain_id(self, name='Default'):
return self.keystone.get_domain_id(name)
def get_project_id(self, name=None, domain_id=None):
if not name or name == self.project:
return self.keystone.get_id()
return self.keystone.get_project_id(name, domain_id)
def get_session(self,scope='domain'):
return self.keystone.get_session(scope)
def get_client(self,scope='domain'):
return self.keystone.get_client(scope)
def get_endpoint(self, service, interface='public'):
return self.keystone.get_endpoint(service, interface)
def get_token(self):
return self.keystone.get_token()
def create_domain(self,domain_name):
return self.keystone.create_domain(domain_name)
def delete_domain(self, domain_name):
self.keystone.delete_domain(domain_name)
def update_domain(self,domain_id, domain_name, description, enabled):
return self.keystone.update_domain(domain_id=domain_id, domain_name=domain_name,
description=description,enabled=enabled)
def get_domain(self,domain_id):
return self.keystone.get_domain(domain_id=domain_id)
def create_project(self, name, domain_name=None):
return self.keystone.create_project(name, domain_name)
def delete_project(self, name):
self.keystone.delete_project(name)
def delete_user(self, user):
self.keystone.delete_user(user)
def create_user(self, user, password, tenant_name=None, domain_name=None):
try:
self.keystone.create_user(user,password,email='',
tenant_name=tenant_name or self.inputs.stack_tenant,enabled=True,
domain_name=domain_name)
except:
self.logger.info("%s user already present"%(self.user))
def get_user_id(self, user):
user_obj = self.keystone.get_user_dct(user)
return user_obj.id if user_obj else None
def create_role(self, role):
self.keystone.create_role(role)
def delete_role(self, role):
self.keystone.delete_role(role)
def add_user_to_domain(self, user, role='admin', domain=None):
try:
self.keystone.add_user_to_domain(user, role, domain)
except Exception as e:
self.logger.info("%s user already added to domain"%(user))
def add_user_to_project(self, user, project, role='admin'):
try:
self.keystone.add_user_to_tenant(project, user, role)
except Exception as e:
self.logger.info("%s user already added to project"%(user))
def remove_user_from_project(self, user, role, project):
try:
self.keystone.remove_user_from_tenant(project, user, role)
except Exception as e:
self.logger.exception("%s user already removed from project"%(user))
def verify_service_enabled(self, service):
try:
for svc in self.keystone.services_list():
if service in svc.name:
return True
else:
continue
return False
except Exception as e:
return False
def get_auth_h(self):
return self.keystone
def create_user_group(self,group,domain_name):
try:
self.keystone.create_group(group,domain_name)
except Exception as e:
self.logger.info("%s user group already present"%(group))
def delete_group(self,name):
return self.keystone.delete_group(name=name)
def add_user_to_group(self,user,group):
try:
self.keystone.add_user_to_group(user, group)
except Exception as e:
self.logger.info("%s user already added to group %s"%(user, group))
def remove_user_from_group(self,user,group):
try:
self.keystone.remove_user_from_group(user, group)
except Exception as e:
self.logger.info("%s user already removed from group %s"%(user, group))
def add_group_to_domain(self,group, role='admin', domain=None):
try:
self.keystone.add_group_to_domain(group, role='admin', domain=domain)
except Exception as e:
self.logger.info("%s group already added to domain"%(group,project))
def remove_group_from_domain(self, group, role, domain=None):
try:
self.keystone.remove_group_from_domain(group, role, domain=None)
except Exception as e:
self.logger.info("%s group already removed from domain"%(group,domain))
def add_group_to_tenant(self, project, group, role='admin'):
try:
self.keystone.add_group_to_tenant(project, group, role='admin')
except Exception as e:
self.logger.info("%s group already added to project"%(group,tenant))
def remove_group_from_tenant(self,project, group, role):
try:
self.keystone.remove_group_from_tenant(project, group, role)
except Exception as e:
self.logger.info("%s group already removed from project"%(group,tenant))
class OpenstackAuth(OrchestratorAuth):
def __init__(self,
username,
password,
project_name,
inputs=None,
logger=None,
auth_url=None,
region_name=None,
certfile=None,
keyfile=None,
cacert=None,
insecure=True,
domain_name=None,
scope='domain'):
self.inputs = inputs
self.user = username
self.passwd = password
self.project = project_name
self.scope = scope
self.logger = logger or contrail_logging.getLogger(__name__)
if inputs:
self.auth_url = inputs.auth_url
self.region_name = inputs.region_name
self.domain_name = domain_name or self.inputs.admin_domain
self.keystone_certfile = self.inputs.keystonecertfile
self.keystone_keyfile = self.inputs.keystonekeyfile
self.certbundle = self.inputs.certbundle
self.insecure = self.inputs.insecure
self.scope = 'project' if inputs.use_project_scoped_token else scope
else:
self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
self.region_name = region_name or os.getenv('OS_REGION_NAME')
self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME')
self.keystone_certfile = certfile
self.keystone_keyfile = keyfile
self.insecure = insecure
self.certbundle = cacert
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
domain_name=self.domain_name,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
cert=self.keystone_certfile,
key=self.keystone_keyfile,
cacert=self.certbundle,
logger=self.logger,
scope=self.scope)
def get_domain_id(self, name='Default'):
return self.keystone.get_domain_id(name)
def get_project_id(self, name=None, domain_id=None):
if not name or name == self.project:
return self.keystone.get_id()
return self.keystone.get_project_id(name, domain_id)
def get_session(self, scope='domain'):
return self.keystone.get_session(scope)
def get_client(self, scope='domain'):
return self.keystone.get_client(scope)
def get_endpoint(self, service, interface='public'):
return self.keystone.get_endpoint(service, interface)
def get_token(self):
return self.keystone.get_token()
def create_domain(self, domain_name):
return self.keystone.create_domain(domain_name)
def delete_domain(self, domain_name):
self.keystone.delete_domain(domain_name)
def update_domain(self, domain_id, domain_name, description, enabled):
return self.keystone.update_domain(domain_id=domain_id,
domain_name=domain_name,
description=description,
enabled=enabled)
def get_domain(self, domain_id):
return self.keystone.get_domain(domain_id=domain_id)
def create_project(self, name, domain_name=None):
return self.keystone.create_project(name, domain_name)
def delete_project(self, name):
self.keystone.delete_project(name)
def delete_user(self, user):
self.keystone.delete_user(user)
def create_user(self, user, password, tenant_name=None, domain_name=None):
try:
self.keystone.create_user(user,
password,
email='',
tenant_name=tenant_name
or self.inputs.stack_tenant,
enabled=True,
domain_name=domain_name)
except:
self.logger.info("%s user already present" % (self.user))
def get_user_id(self, user):
user_obj = self.keystone.get_user_dct(user)
return user_obj.id if user_obj else None
def create_role(self, role):
self.keystone.create_role(role)
def delete_role(self, role):
self.keystone.delete_role(role)
def add_user_to_domain(self, user, role='admin', domain=None):
try:
self.keystone.add_user_to_domain(user, role, domain)
except Exception as e:
self.logger.info("%s user already added to domain" % (user))
def add_user_to_project(self, user, project, role='admin'):
try:
self.keystone.add_user_to_tenant(project, user, role)
except Exception as e:
self.logger.info("%s user already added to project" % (user))
def remove_user_from_project(self, user, role, project):
try:
self.keystone.remove_user_role(user, role, project)
except Exception as e:
self.logger.exception("%s user already removed from project" %
(user))
def verify_service_enabled(self, service):
try:
for svc in self.keystone.services_list():
if service in svc.name:
return True
else:
continue
return False
except Exception as e:
return False
def get_auth_h(self):
return self.keystone
def create_user_group(self, group, domain_name):
try:
self.keystone.create_group(group, domain_name)
except Exception as e:
self.logger.info("%s user group already present" % (group))
def delete_group(self, name):
return self.keystone.delete_group(name=name)
def add_user_to_group(self, user, group):
try:
self.keystone.add_user_to_group(user, group)
except Exception as e:
self.logger.info("%s user already added to group %s" %
(user, group))
def remove_user_from_group(self, user, group):
try:
self.keystone.remove_user_from_group(user, group)
except Exception as e:
self.logger.info("%s user already removed from group %s" %
(user, group))
def add_group_to_domain(self, group, role='admin', domain=None):
try:
self.keystone.add_group_to_domain(group,
role='admin',
domain=domain)
except Exception as e:
self.logger.info("%s group already added to domain" %
(group, project))
def remove_group_from_domain(self, group, role, domain=None):
try:
self.keystone.remove_group_from_domain(group, role, domain=None)
except Exception as e:
self.logger.info("%s group already removed from domain" %
(group, domain))
def add_group_to_tenant(self, project, group, role='admin'):
try:
self.keystone.add_group_to_tenant(project, group, role='admin')
except Exception as e:
self.logger.info("%s group already added to project" %
(group, tenant))
def remove_group_from_tenant(self, project, group, role):
try:
self.keystone.remove_group_from_tenant(project, group, role)
except Exception as e:
self.logger.info("%s group already removed from project" %
(group, tenant))
class OpenstackDriver(OsVmMixin, OsVnMixin, OsSubnetMixin, OsPolicyMixin):
''' Api Driver class for Openstack Apis.
This class wraps/abstracts all openstack apis, nova, neutron, etc.
Any and all openstack libs calls must be added in this class.
Provides create, read, update and delete methods for resources.
Note: For resources defined in contrail-schema, the create & update
methods expect resource desc (kwargs) to be in-sync with structure
defined in contrail-schema (i.e, contrailv2 heat template).
'''
def __init__(self, username, password, project_id, project_name,
auth_url, endpoint_type, region_name, scope, cert, key,
cacert, domain_name, insecure, logger):
self.logger = logger
prj = project_id.replace('-', '')
self._ks = KeystoneCommands(username=username,
password=password,
tenant=project_name,
domain_name=domain_name,
auth_url=auth_url,
region_name=region_name,
scope=scope,
cert=cert,
key=key,
cacert=cacert,
insecure=insecure,
logger=logger)
self._qh = neuc.Client(
'2.0',
session=self._ks.get_session(scope='project'),
region_name=region_name)
self._nh = novac.Client(
'2',
session=self._ks.get_session(scope='project'),
region_name=region_name)
@property
def keystone_handle(self):
return self._ks
@property
def quantum_handle(self):
return self._qh
@property
def nova_handle(self):
return self._nh
def get_zones(self):
try:
zones = self._nh.availability_zones.list()
return filter(lambda x: x.zoneName != 'internal', zones)
except novaException.Forbidden:
return None
def get_hosts(self, zone=None):
computes = self._get_nova_services(binary='nova-compute')
if zone:
computes = filter(lambda x: x.zone == zone.zoneName, computes)
return computes
def _get_nova_services(self, **kwargs):
try:
svcs = self._nh.services.list(**kwargs)
svcs = filter(lambda x: x.state != 'down' and \
x.status != 'disabled', svcs)
return svcs
except novaException.Forbidden:
return None
def get_hypervisor(self, **kwargs):
if kwargs:
try:
return self._nh.hypervisors.find(**kwargs)
except novaException.NotFound:
return None
else:
return self._nh.hypervisors.list()
def get_flavor(self, name):
try:
return self._nh.flavors.find(name=name)
except novaException.NotFound:
return None
def create_flavor(self, name, vcpus, ram, disk):
self._nh.flavors.create(name=name, vcpus=vcpus, ram=ram, disk=disk)
flavor = self.get_flavor(name)
return flavor
def get_image(self, name_or_id):
try:
return self._nh.images.get(name_or_id)
except novaException.NotFound:
try:
return self._nh.images.find(name=name_or_id)
except novaException.NotFound:
return None
def delete_user(self, user):
kc = KeystoneCommands(username= self.inputs.stack_user,
password= self.inputs.stack_password,
tenant= self.inputs.project_name,
auth_url= self.auth_url, insecure=self.insecure)
kc.delete_user(user)
