def cert_rotate_amphora_flow(self): """Implement rotation for amphora's cert. 1. Create a new certificate 2. Upload the cert to amphora 3. update the newly created certificate info to amphora 4. update the cert_busy flag to be false after rotation :returns: The flow for updating an amphora """ rotated_amphora_flow = linear_flow.Flow( constants.CERT_ROTATE_AMPHORA_FLOW) rotated_amphora_flow.add(lifecycle_tasks.AmphoraToErrorOnRevertTask( requires=constants.AMPHORA)) # create a new certificate, the returned value is the newly created # certificate rotated_amphora_flow.add(cert_task.GenerateServerPEMTask( provides=constants.SERVER_PEM)) # update it in amphora task rotated_amphora_flow.add(amphora_driver_tasks.AmphoraCertUpload( requires=(constants.AMPHORA, constants.SERVER_PEM))) # update the newly created certificate info to amphora rotated_amphora_flow.add(database_tasks.UpdateAmphoraDBCertExpiration( requires=(constants.AMPHORA_ID, constants.SERVER_PEM))) # update the cert_busy flag to be false after rotation rotated_amphora_flow.add(database_tasks.UpdateAmphoraCertBusyToFalse( requires=constants.AMPHORA)) return rotated_amphora_flow
def get_create_amphora_for_lb_flow(self): """Creates a flow to create an amphora for a load balancer. This flow is used when there are no spare amphora available for a new load balancer. It builds an amphora and allocates for the specific load balancer. :returns: The The flow for creating the amphora """ create_amp_for_lb_flow = linear_flow.Flow( constants.CREATE_AMPHORA_FOR_LB_FLOW) create_amp_for_lb_flow.add( database_tasks.CreateAmphoraInDB(provides=constants.AMPHORA_ID)) if self.REST_AMPHORA_DRIVER: create_amp_for_lb_flow.add( cert_task.GenerateServerPEMTask(provides=constants.SERVER_PEM)) create_amp_for_lb_flow.add( compute_tasks.CertComputeCreate( requires=(constants.AMPHORA_ID, constants.SERVER_PEM), provides=constants.COMPUTE_ID)) else: create_amp_for_lb_flow.add( compute_tasks.ComputeCreate(requires=constants.AMPHORA_ID, provides=constants.COMPUTE_ID)) create_amp_for_lb_flow.add( database_tasks.UpdateAmphoraComputeId( requires=(constants.AMPHORA_ID, constants.COMPUTE_ID))) create_amp_for_lb_flow.add( database_tasks.MarkAmphoraBootingInDB( requires=(constants.AMPHORA_ID, constants.COMPUTE_ID))) wait_flow = linear_flow.Flow( constants.WAIT_FOR_AMPHORA, retry=retry.Times(CONF.controller_worker.amp_active_retries)) wait_flow.add( compute_tasks.ComputeWait(requires=constants.COMPUTE_ID, provides=constants.COMPUTE_OBJ)) wait_flow.add( database_tasks.UpdateAmphoraInfo(requires=(constants.AMPHORA_ID, constants.COMPUTE_OBJ), provides=constants.AMPHORA)) create_amp_for_lb_flow.add(wait_flow) create_amp_for_lb_flow.add( amphora_driver_tasks.AmphoraFinalize(requires=constants.AMPHORA)) create_amp_for_lb_flow.add( database_tasks.MarkAmphoraAllocatedInDB( requires=(constants.AMPHORA, constants.LOADBALANCER_ID))) create_amp_for_lb_flow.add( database_tasks.ReloadAmphora(requires=constants.AMPHORA_ID, provides=constants.AMPHORA)) create_amp_for_lb_flow.add( database_tasks.ReloadLoadBalancer( name=constants.RELOAD_LB_AFTER_AMP_ASSOC, requires=constants.LOADBALANCER_ID, provides=constants.LOADBALANCER)) new_LB_net_subflow = self._lb_flows.get_new_LB_networking_subflow() create_amp_for_lb_flow.add(new_LB_net_subflow) create_amp_for_lb_flow.add( database_tasks.MarkLBActiveInDB(requires=constants.LOADBALANCER)) return create_amp_for_lb_flow
def test_execute(self, mock_driver): dummy_cert = local.LocalCert('test_cert', 'test_key') mock_driver.generate_cert_key_pair.side_effect = [dummy_cert] c = cert_task.GenerateServerPEMTask() pem = c.execute('123') self.assertEqual( pem, dummy_cert.get_certificate() + dummy_cert.get_private_key()) mock_driver.generate_cert_key_pair.assert_called_once_with( cn='123', validity=cert_task.CERT_VALIDITY)
def get_create_amphora_flow(self): """Creates a flow to create an amphora. :returns: The flow for creating the amphora """ create_amphora_flow = linear_flow.Flow(constants.CREATE_AMPHORA_FLOW) create_amphora_flow.add( database_tasks.CreateAmphoraInDB(provides=constants.AMPHORA_ID)) create_amphora_flow.add( lifecycle_tasks.AmphoraIDToErrorOnRevertTask( requires=constants.AMPHORA_ID)) if self.REST_AMPHORA_DRIVER: create_amphora_flow.add( cert_task.GenerateServerPEMTask(provides=constants.SERVER_PEM)) create_amphora_flow.add( database_tasks.UpdateAmphoraDBCertExpiration( requires=(constants.AMPHORA_ID, constants.SERVER_PEM))) create_amphora_flow.add( compute_tasks.CertComputeCreate( requires=(constants.AMPHORA_ID, constants.SERVER_PEM, constants.BUILD_TYPE_PRIORITY), provides=constants.COMPUTE_ID)) else: create_amphora_flow.add( compute_tasks.ComputeCreate( requires=(constants.AMPHORA_ID, constants.BUILD_TYPE_PRIORITY), provides=constants.COMPUTE_ID)) create_amphora_flow.add( database_tasks.MarkAmphoraBootingInDB( requires=(constants.AMPHORA_ID, constants.COMPUTE_ID))) create_amphora_flow.add( compute_tasks.ComputeActiveWait(requires=(constants.COMPUTE_ID, constants.AMPHORA_ID), provides=constants.COMPUTE_OBJ)) create_amphora_flow.add( database_tasks.UpdateAmphoraInfo(requires=(constants.AMPHORA_ID, constants.COMPUTE_OBJ), provides=constants.AMPHORA)) create_amphora_flow.add( amphora_driver_tasks.AmphoraComputeConnectivityWait( requires=constants.AMPHORA)) create_amphora_flow.add( database_tasks.ReloadAmphora(requires=constants.AMPHORA_ID, provides=constants.AMPHORA)) create_amphora_flow.add( amphora_driver_tasks.AmphoraFinalize(requires=constants.AMPHORA)) create_amphora_flow.add( database_tasks.MarkAmphoraReadyInDB(requires=constants.AMPHORA)) return create_amphora_flow
def test_execute(self, mock_driver): key = utils.get_six_compatible_server_certs_key_passphrase() fer = fernet.Fernet(key) dummy_cert = local.LocalCert( utils.get_six_compatible_value('test_cert'), utils.get_six_compatible_value('test_key')) mock_driver.generate_cert_key_pair.side_effect = [dummy_cert] c = cert_task.GenerateServerPEMTask() pem = c.execute('123') self.assertEqual( fer.decrypt(pem), dummy_cert.get_certificate() + dummy_cert.get_private_key()) mock_driver.generate_cert_key_pair.assert_called_once_with( cn='123', validity=cert_task.CERT_VALIDITY)
def get_create_amphora_flow(self): """Creates a flow to create an amphora. Ideally that should be configurable in the config file - a db session needs to be placed into the flow :returns: The flow for creating the amphora """ create_amphora_flow = linear_flow.Flow(constants.CREATE_AMPHORA_FLOW) create_amphora_flow.add( database_tasks.CreateAmphoraInDB(provides=constants.AMPHORA_ID)) if self.REST_AMPHORA_DRIVER: create_amphora_flow.add( cert_task.GenerateServerPEMTask(provides=constants.SERVER_PEM)) create_amphora_flow.add( database_tasks.UpdateAmphoraDBCertExpiration( requires=(constants.AMPHORA_ID, constants.SERVER_PEM))) create_amphora_flow.add( compute_tasks.CertComputeCreate( requires=(constants.AMPHORA_ID, constants.SERVER_PEM), provides=constants.COMPUTE_ID)) else: create_amphora_flow.add( compute_tasks.ComputeCreate(requires=constants.AMPHORA_ID, provides=constants.COMPUTE_ID)) create_amphora_flow.add( database_tasks.MarkAmphoraBootingInDB( requires=(constants.AMPHORA_ID, constants.COMPUTE_ID))) create_amphora_flow.add( compute_tasks.ComputeWait(requires=constants.COMPUTE_ID, provides=constants.COMPUTE_OBJ)) create_amphora_flow.add( database_tasks.UpdateAmphoraInfo(requires=(constants.AMPHORA_ID, constants.COMPUTE_OBJ), provides=constants.AMPHORA)) create_amphora_flow.add( database_tasks.ReloadAmphora(requires=constants.AMPHORA_ID, provides=constants.AMPHORA)) create_amphora_flow.add( amphora_driver_tasks.AmphoraFinalize(requires=constants.AMPHORA)) create_amphora_flow.add( database_tasks.MarkAmphoraReadyInDB(requires=constants.AMPHORA)) return create_amphora_flow
def _get_create_amp_for_lb_subflow(self, prefix, role): """Create a new amphora for lb.""" sf_name = prefix + '-' + constants.CREATE_AMP_FOR_LB_SUBFLOW create_amp_for_lb_subflow = linear_flow.Flow(sf_name) create_amp_for_lb_subflow.add(database_tasks.CreateAmphoraInDB( name=sf_name + '-' + constants.CREATE_AMPHORA_INDB, provides=constants.AMPHORA_ID)) anti_affinity = CONF.nova.enable_anti_affinity if self.REST_AMPHORA_DRIVER: create_amp_for_lb_subflow.add(cert_task.GenerateServerPEMTask( name=sf_name + '-' + constants.GENERATE_SERVER_PEM, provides=constants.SERVER_PEM)) create_amp_for_lb_subflow.add( database_tasks.UpdateAmphoraDBCertExpiration( name=sf_name + '-' + constants.UPDATE_CERT_EXPIRATION, requires=(constants.AMPHORA_ID, constants.SERVER_PEM))) if role in (constants.ROLE_BACKUP, constants.ROLE_MASTER ) and anti_affinity: create_amp_for_lb_subflow.add(compute_tasks.CertComputeCreate( name=sf_name + '-' + constants.CERT_COMPUTE_CREATE, requires=(constants.AMPHORA_ID, constants.SERVER_PEM, constants.SERVER_GROUP_ID), provides=constants.COMPUTE_ID)) else: create_amp_for_lb_subflow.add(compute_tasks.CertComputeCreate( name=sf_name + '-' + constants.CERT_COMPUTE_CREATE, requires=(constants.AMPHORA_ID, constants.SERVER_PEM), provides=constants.COMPUTE_ID)) else: if role in (constants.ROLE_BACKUP, constants.ROLE_MASTER ) and anti_affinity: create_amp_for_lb_subflow.add(compute_tasks.ComputeCreate( name=sf_name + '-' + constants.COMPUTE_CREATE, requires=(constants.AMPHORA_ID, constants.SERVER_GROUP_ID), provides=constants.COMPUTE_ID)) else: create_amp_for_lb_subflow.add(compute_tasks.ComputeCreate( name=sf_name + '-' + constants.COMPUTE_CREATE, requires=constants.AMPHORA_ID, provides=constants.COMPUTE_ID)) create_amp_for_lb_subflow.add(database_tasks.UpdateAmphoraComputeId( name=sf_name + '-' + constants.UPDATE_AMPHORA_COMPUTEID, requires=(constants.AMPHORA_ID, constants.COMPUTE_ID))) create_amp_for_lb_subflow.add(database_tasks.MarkAmphoraBootingInDB( name=sf_name + '-' + constants.MARK_AMPHORA_BOOTING_INDB, requires=(constants.AMPHORA_ID, constants.COMPUTE_ID))) create_amp_for_lb_subflow.add(compute_tasks.ComputeWait( name=sf_name + '-' + constants.COMPUTE_WAIT, requires=constants.COMPUTE_ID, provides=constants.COMPUTE_OBJ)) create_amp_for_lb_subflow.add(database_tasks.UpdateAmphoraInfo( name=sf_name + '-' + constants.UPDATE_AMPHORA_INFO, requires=(constants.AMPHORA_ID, constants.COMPUTE_OBJ), provides=constants.AMPHORA)) create_amp_for_lb_subflow.add(amphora_driver_tasks.AmphoraFinalize( name=sf_name + '-' + constants.AMPHORA_FINALIZE, requires=constants.AMPHORA)) create_amp_for_lb_subflow.add( database_tasks.MarkAmphoraAllocatedInDB( name=sf_name + '-' + constants.MARK_AMPHORA_ALLOCATED_INDB, requires=(constants.AMPHORA, constants.LOADBALANCER_ID))) create_amp_for_lb_subflow.add(database_tasks.ReloadAmphora( name=sf_name + '-' + constants.RELOAD_AMPHORA, requires=constants.AMPHORA_ID, provides=constants.AMPHORA)) if role == constants.ROLE_MASTER: create_amp_for_lb_subflow.add(database_tasks.MarkAmphoraMasterInDB( name=sf_name + '-' + constants.MARK_AMP_MASTER_INDB, requires=constants.AMPHORA)) elif role == constants.ROLE_BACKUP: create_amp_for_lb_subflow.add(database_tasks.MarkAmphoraBackupInDB( name=sf_name + '-' + constants.MARK_AMP_BACKUP_INDB, requires=constants.AMPHORA)) elif role == constants.ROLE_STANDALONE: create_amp_for_lb_subflow.add( database_tasks.MarkAmphoraStandAloneInDB( name=sf_name + '-' + constants.MARK_AMP_STANDALONE_INDB, requires=constants.AMPHORA)) return create_amp_for_lb_subflow
def get_failover_flow(self): """Creates a flow to failover a stale amphora :returns: The flow for amphora failover """ failover_amphora_flow = linear_flow.Flow( constants.FAILOVER_AMPHORA_FLOW) failover_amphora_flow.add( network_tasks.RetrievePortIDsOnAmphoraExceptLBNetwork( requires=constants.AMPHORA, provides=constants.PORTS)) failover_amphora_flow.add( network_tasks.FailoverPreparationForAmphora( requires=constants.AMPHORA)) failover_amphora_flow.add( compute_tasks.ComputeDelete(requires=constants.AMPHORA)) failover_amphora_flow.add( database_tasks.MarkAmphoraDeletedInDB(requires=constants.AMPHORA)) failover_amphora_flow.add( database_tasks.CreateAmphoraInDB(provides=constants.AMPHORA_ID)) failover_amphora_flow.add( database_tasks.GetUpdatedFailoverAmpNetworkDetailsAsList( requires=(constants.AMPHORA_ID, constants.AMPHORA), provides=constants.AMPS_DATA)) if self.REST_AMPHORA_DRIVER: failover_amphora_flow.add( cert_task.GenerateServerPEMTask(provides=constants.SERVER_PEM)) failover_amphora_flow.add( compute_tasks.CertComputeCreate( requires=(constants.AMPHORA_ID, constants.SERVER_PEM), provides=constants.COMPUTE_ID)) else: failover_amphora_flow.add( compute_tasks.ComputeCreate(requires=constants.AMPHORA_ID, provides=constants.COMPUTE_ID)) failover_amphora_flow.add( database_tasks.UpdateAmphoraComputeId( requires=(constants.AMPHORA_ID, constants.COMPUTE_ID))) failover_amphora_flow.add( database_tasks.AssociateFailoverAmphoraWithLBID( requires=(constants.AMPHORA_ID, constants.LOADBALANCER_ID))) failover_amphora_flow.add( database_tasks.MarkAmphoraBootingInDB( requires=(constants.AMPHORA_ID, constants.COMPUTE_ID))) wait_flow = linear_flow.Flow( constants.WAIT_FOR_AMPHORA, retry=retry.Times(CONF.controller_worker.amp_active_retries)) wait_flow.add( compute_tasks.ComputeWait(requires=constants.COMPUTE_ID, provides=constants.COMPUTE_OBJ)) wait_flow.add( database_tasks.UpdateAmphoraInfo(requires=(constants.AMPHORA_ID, constants.COMPUTE_OBJ), provides=constants.AMPHORA)) failover_amphora_flow.add(wait_flow) failover_amphora_flow.add( database_tasks.ReloadAmphora(requires=constants.AMPHORA_ID, provides=constants.FAILOVER_AMPHORA)) failover_amphora_flow.add( amphora_driver_tasks.AmphoraFinalize( rebind={constants.AMPHORA: constants.FAILOVER_AMPHORA}, requires=constants.AMPHORA)) failover_amphora_flow.add( database_tasks.UpdateAmphoraVIPData(requires=constants.AMPS_DATA)) failover_amphora_flow.add( database_tasks.ReloadLoadBalancer( requires=constants.LOADBALANCER_ID, provides=constants.LOADBALANCER)) failover_amphora_flow.add( network_tasks.GetAmphoraeNetworkConfigs( requires=constants.LOADBALANCER, provides=constants.AMPHORAE_NETWORK_CONFIG)) failover_amphora_flow.add( database_tasks.GetListenersFromLoadbalancer( requires=constants.LOADBALANCER, provides=constants.LISTENERS)) failover_amphora_flow.add( database_tasks.GetVipFromLoadbalancer( requires=constants.LOADBALANCER, provides=constants.VIP)) failover_amphora_flow.add( amphora_driver_tasks.ListenersUpdate(requires=(constants.LISTENERS, constants.VIP))) failover_amphora_flow.add( amphora_driver_tasks.AmphoraPostVIPPlug( requires=(constants.LOADBALANCER, constants.AMPHORAE_NETWORK_CONFIG))) failover_amphora_flow.add( network_tasks.GetMemberPorts( rebind={constants.AMPHORA: constants.FAILOVER_AMPHORA}, requires=(constants.LOADBALANCER, constants.AMPHORA), provides=constants.MEMBER_PORTS)) failover_amphora_flow.add( amphora_driver_tasks.AmphoraPostNetworkPlug( rebind={ constants.AMPHORA: constants.FAILOVER_AMPHORA, constants.PORTS: constants.MEMBER_PORTS }, requires=(constants.AMPHORA, constants.PORTS))) failover_amphora_flow.add( amphora_driver_tasks.ListenersStart(requires=(constants.LISTENERS, constants.VIP))) failover_amphora_flow.add( database_tasks.MarkAmphoraAllocatedInDB( rebind={constants.AMPHORA: constants.FAILOVER_AMPHORA}, requires=(constants.AMPHORA, constants.LOADBALANCER_ID))) return failover_amphora_flow