Exemple #1
0
def setup_keystone_ssl_certs_node(*nodes):
    default_certfile = '/etc/keystone/ssl/certs/keystone.pem'
    default_keyfile = '/etc/keystone/ssl/private/keystone.key'
    default_cafile = '/etc/keystone/ssl/certs/keystone_ca.pem'
    keystonecertbundle = get_keystone_cert_bundle()
    ssl_certs = ((get_keystone_certfile(), default_certfile),
                 (get_keystone_keyfile(), default_keyfile),
                 (get_keystone_cafile(), default_cafile))
    index = env.roledefs['openstack'].index(env.host_string) + 1
    for node in nodes:
        with settings(host_string=node, password=get_env_passwords(node)):
            for ssl_cert, default in ssl_certs:
                if ssl_cert == default:
                    # Clear old certificate
                    sudo('rm -f %s' % ssl_cert)
                    sudo('rm -f %s' % keystonecertbundle)
            for ssl_cert, default in ssl_certs:
                if ssl_cert == default:
                    openstack_host = env.roledefs['openstack'][0]
                    if index == 1:
                        if not exists(ssl_cert, use_sudo=True):
                            print "Creating keystone SSL certs in first openstack node"
                            subject_alt_names_mgmt = [hstr_to_ip(host)
                                                      for host in env.roledefs['openstack']]
                            subject_alt_names_ctrl = [hstr_to_ip(get_control_host_string(host))
                                                      for host in env.roledefs['openstack']]
                            subject_alt_names = subject_alt_names_mgmt + subject_alt_names_ctrl
                            if get_openstack_external_vip():
                                subject_alt_names.append(get_openstack_external_vip())
                            sudo('create-keystone-ssl-certs.sh %s %s' % (
                                    get_openstack_internal_vip() or
                                    hstr_to_ip(get_control_host_string(openstack_host)),
                                    ','.join(subject_alt_names)))
                    else:
                        with settings(host_string=openstack_host,
                                      password=get_env_passwords(openstack_host)):
                            while not exists(ssl_cert, use_sudo=True):
                                print "Wait for SSL certs to be created in first openstack"
                                sleep(0.1)
                            print "Get SSL cert(%s) from first openstack" % ssl_cert
                            tmp_dir= tempfile.mkdtemp()
                            tmp_fname = os.path.join(tmp_dir, os.path.basename(ssl_cert))
                            get_as_sudo(ssl_cert, tmp_fname)
                        print "Copy to this(%s) openstack node" % env.host_string 
                        sudo('mkdir -p /etc/keystone/ssl/certs/')
                        sudo('mkdir -p /etc/keystone/ssl/private/')
                        put(tmp_fname, ssl_cert, use_sudo=True)
                        os.remove(tmp_fname)
                elif os.path.isfile(ssl_cert): 
                    print "Certificate (%s) exists locally" % ssl_cert
                    put(ssl_cert, default, use_sudo=True)
                elif exists(ssl_cert, use_sudo=True): 
                    print "Certificate (%s) exists in openstack node" % ssl_cert
                    pass
                else:
                    raise RuntimeError("%s doesn't exists locally or in openstack node")
            if not exists(keystonecertbundle, use_sudo=True):
                ((certfile, _), (keyfile, _), (cafile, _)) = ssl_certs
                sudo('cat %s %s > %s' % (certfile, cafile, keystonecertbundle))
            sudo("chown -R keystone:keystone /etc/keystone/ssl")
def copy_keystone_ssl_certs_to_node(*nodes):
    ssl_certs = (get_keystone_certfile(),
                 get_keystone_cafile())
    openstack_host = env.roledefs['openstack'][0]
    for node in nodes:
        with settings(host_string=node, password=get_env_passwords(node)):
            for ssl_cert in ssl_certs:
                cert_file = '/etc/contrail/ssl/certs/%s' % os.path.basename(ssl_cert)
                # Clear old certificate
                sudo('rm -f %s' % cert_file)
                with settings(host_string=openstack_host,
                              password=get_env_passwords(openstack_host)):
                    tmp_fname = os.path.join('/tmp', os.path.basename(ssl_cert))
                    get_as_sudo(ssl_cert, tmp_fname)
                sudo("mkdir -p /etc/contrail/ssl/certs/")
                put(tmp_fname, cert_file, use_sudo=True)
                os.remove(tmp_fname)
                sudo("chown -R contrail:contrail /etc/contrail/ssl")
def setup_keystone_ssl_certs_node(*nodes):
    default_certfile = '/etc/keystone/ssl/certs/keystone.pem'
    default_keyfile = '/etc/keystone/ssl/private/keystone.key'
    default_cafile = '/etc/keystone/ssl/certs/keystone_ca.pem'
    ssl_certs = ((get_keystone_certfile(), default_certfile),
                 (get_keystone_keyfile(), default_keyfile),
                 (get_keystone_cafile(), default_cafile))
    index = env.roledefs['openstack'].index(env.host_string) + 1
    for node in nodes:
        with settings(host_string=node, password=get_env_passwords(node)):
            for ssl_cert, default in ssl_certs:
                if ssl_cert == default:
                    # Clear old certificate
                    sudo('rm -f %s' % ssl_cert)
            for ssl_cert, default in ssl_certs:
                if ssl_cert == default:
                    openstack_host = env.roledefs['openstack'][0]
                    if index == 1:
                        if not exists(ssl_cert, use_sudo=True):
                            print "Creating keystone SSL certs in first openstack node"
                            sudo('create-keystone-ssl-certs.sh %s' % (
                                    get_openstack_internal_vip() or hstr_to_ip(openstack_host)))
                    else:
                        with settings(host_string=openstack_host,
                                      password=get_env_passwords(openstack_host)):
                            while not exists(ssl_cert, use_sudo=True):
                                print "Wait for SSL certs to be created in first openstack"
                                sleep(0.1)
                            print "Get SSL cert(%s) from first openstack" % ssl_cert
                            tmp_fname = os.path.join('/tmp', os.path.basename(ssl_cert))
                            get_as_sudo(ssl_cert, tmp_fname)
                        print "Copy to this(%s) openstack node" % env.host_string 
                        put(tmp_fname, ssl_cert, use_sudo=True)
                        os.remove(tmp_fname)
                elif os.path.isfile(ssl_cert): 
                    print "Certificate (%s) exists locally" % ssl_cert
                    put(ssl_cert, default, use_sudo=True)
                elif exists(ssl_cert, use_sudo=True): 
                    print "Certificate (%s) exists in openstack node" % ssl_cert
                    pass
                else:
                    raise RuntimeError("%s doesn't exists locally or in openstack node")
                sudo("chown -R keystone:keystone /etc/keystone/ssl")
Exemple #4
0
def copy_keystone_ssl_certs_to_node(*nodes):
    ssl_certs = (get_keystone_certfile(),
                 get_keystone_cafile())
    openstack_host = env.roledefs['openstack'][0]
    for node in nodes:
        with settings(host_string=node, password=get_env_passwords(node)):
            for ssl_cert in ssl_certs:
                cert_file = '/etc/contrail/ssl/certs/%s' % os.path.basename(ssl_cert)
                # Clear old certificate
                sudo('rm -f %s' % cert_file)
                with settings(host_string=openstack_host,
                              password=get_env_passwords(openstack_host)):
                    tmp_dir= tempfile.mkdtemp()
                    tmp_fname = os.path.join(tmp_dir, os.path.basename(ssl_cert))
                    get_as_sudo(ssl_cert, tmp_fname)
                sudo("mkdir -p /etc/contrail/ssl/certs/")
                put(tmp_fname, cert_file, use_sudo=True)
                os.remove(tmp_fname)
                sudo("chown -R contrail:contrail /etc/contrail/ssl")
Exemple #5
0
def use_keystone_ssl_certs_in_node(*nodes):
    for node in nodes:
        execute('copy_keystone_ssl_certs_to_node', node)
        execute('copy_keystone_ssl_key_to_node', node)
        with settings(host_string=node, password=get_env_passwords(node)):
            cert_path = '/etc/contrail/ssl/certs/'
            ssl_certs = (get_keystone_certfile(),
                         get_keystone_cafile())
            for ssl_cert in ssl_certs:
                src = os.path.join(cert_path, os.path.basename(ssl_cert))
                dst = os.path.join(cert_path, os.path.basename(ssl_cert).replace('keystone', 'contrail'))
                sudo("cp %s %s" % (src, dst))

            key_path = '/etc/contrail/ssl/private/'
            ssl_key = get_keystone_keyfile()
            src_key = os.path.join(key_path, os.path.basename(ssl_key))
            dst_key = os.path.join(key_path, os.path.basename(ssl_key).replace('keystone', 'contrail'))
            sudo("cp %s %s" % (src_key, dst_key))

            certfile = '/etc/contrail/ssl/certs/contrail.pem'
            cafile = '/etc/contrail/ssl/certs/contrail_ca.pem'
            contrailcertbundle = get_apiserver_cert_bundle()
            sudo('cat %s %s > %s' % (certfile, cafile, contrailcertbundle))
            sudo("chown -R contrail:contrail /etc/contrail/ssl")
Exemple #6
0
def configure_test_env(contrail_fab_path='/opt/contrail/utils', test_dir='/contrail-test'):
    """
    Configure test environment by creating sanity_params.ini and sanity_testbed.json files
    """
    print "Configuring test environment"
    sys.path.insert(0, contrail_fab_path)
    from fabfile.config import testbed
    from fabfile.utils.host import get_openstack_internal_vip, \
        get_control_host_string, get_authserver_ip, get_admin_tenant_name, \
        get_authserver_port, get_env_passwords, get_authserver_credentials, \
        get_vcenter_ip, get_vcenter_port, get_vcenter_username, \
        get_vcenter_password, get_vcenter_datacenter, get_vcenter_compute, \
        get_authserver_protocol, get_region_name, get_contrail_internal_vip, \
        get_openstack_external_vip, get_contrail_external_vip, \
        get_apiserver_protocol, get_apiserver_certfile, get_apiserver_keyfile, \
        get_apiserver_cafile, get_keystone_insecure_flag, \
        get_apiserver_insecure_flag, get_keystone_certfile, get_keystone_keyfile, \
        get_keystone_cafile, get_keystone_version
    from fabfile.utils.multitenancy import get_mt_enable
    from fabfile.utils.interface import get_data_ip
    from fabfile.tasks.install import update_config_option, update_js_config
    from fabfile.utils.fabos import get_as_sudo
    logger = contrail_logging.getLogger(__name__)

    def validate_and_copy_file(filename, source_host):
        with settings(host_string='%s' %(source_host),
                      warn_only=True, abort_on_prompts=False):
            if exists(filename):
                filedir = os.path.dirname(filename)
                if not os.path.exists(filedir):
                    os.makedirs(filedir)
                get_as_sudo(filename, filename)
                return filename
            return ""

    cfgm_host = env.roledefs['cfgm'][0]
    auth_protocol = get_authserver_protocol()
    try:
        auth_server_ip = get_authserver_ip()
    except Exception:
        auth_server_ip = None
    auth_server_port = get_authserver_port()
    api_auth_protocol = get_apiserver_protocol()

    if api_auth_protocol == 'https':
        api_certfile = validate_and_copy_file(get_apiserver_certfile(), cfgm_host)
        api_keyfile = validate_and_copy_file(get_apiserver_keyfile(), cfgm_host)
        api_cafile = validate_and_copy_file(get_apiserver_cafile(), cfgm_host)
        api_insecure_flag = get_apiserver_insecure_flag()
    else:
       api_certfile = ""
       api_keyfile = ""
       api_cafile = ""
       api_insecure_flag = True

    cert_dir = os.path.dirname(api_certfile)
    if auth_protocol == 'https':
        keystone_cafile = validate_and_copy_file(cert_dir + '/' +\
                          os.path.basename(get_keystone_cafile()), cfgm_host)
        keystone_certfile = validate_and_copy_file(cert_dir + '/' +\
                          os.path.basename(get_keystone_certfile()), cfgm_host)
        keystone_keyfile = keystone_certfile
        keystone_insecure_flag = istrue(os.getenv('OS_INSECURE', \
                                 get_keystone_insecure_flag()))
    else:
        keystone_certfile = ""
        keystone_keyfile = ""
        keystone_cafile = ""
        keystone_insecure_flag = True

    with settings(warn_only=True), hide('everything'):
        with lcd(contrail_fab_path):
            if local('git branch').succeeded:
                fab_revision = local('git log --format="%H" -n 1', capture=True)
            else:
                with settings(host_string=cfgm_host), hide('everything'):
                   fab_revision = run('cat /opt/contrail/contrail_packages/VERSION')
        with lcd(test_dir):
            if local('git branch').succeeded:
                revision = local('git log --format="%H" -n 1', capture=True)
            else:
                with settings(host_string=cfgm_host), hide('everything'):
                    revision = run('cat /opt/contrail/contrail_packages/VERSION')

    sanity_testbed_dict = {
        'hosts': [],
        'vgw': [],
        'esxi_vms':[],
        'vcenter_servers':[],
        'hosts_ipmi': [],
        'tor':[],
        'sriov':[],
        'dpdk':[],
        'ns_agilio_vrouter':[],
    }

    sample_ini_file = test_dir + '/' + 'sanity_params.ini.sample'
    with open(sample_ini_file, 'r') as fd_sample_ini:
       contents_sample_ini = fd_sample_ini.read()
    sanity_ini_templ = string.Template(contents_sample_ini)

    if not getattr(env, 'test', None):
        env.test={}
    containers = env.test.get('containers')
    traffic_data = env.test.get('traffic_data')
    ixia_linux_host_ip = get_value_of_key(traffic_data, 'ixia_linux_host_ip')
    ixia_host_ip = get_value_of_key(traffic_data, 'ixia_host_ip')
    spirent_linux_host_ip = get_value_of_key(traffic_data, 'spirent_linux_host_ip')
    ixia_linux_username = get_value_of_key(traffic_data, 'ixia_linux_username')
    ixia_linux_password = get_value_of_key(traffic_data, 'ixia_linux_password')
    spirent_linux_username = get_value_of_key(traffic_data, 'spirent_linux_username')
    spirent_linux_password = get_value_of_key(traffic_data, 'spirent_linux_password')

    if env.get('orchestrator', 'openstack') == 'openstack':
        with settings(host_string = env.roledefs['openstack'][0]), hide('everything'):
            openstack_host_name = run("hostname")

    with settings(host_string = env.roledefs['cfgm'][0]), hide('everything'):
        cfgm_host_name = run("hostname")

    control_host_names = []
    for control_host in env.roledefs['control']:
        with settings(host_string = control_host), hide('everything'):
            host_name = run("hostname")
            control_host_names.append(host_name)

    cassandra_host_names = []
    if 'database' in env.roledefs.keys():
        for cassandra_host in env.roledefs['database']:
            with settings(host_string = cassandra_host), hide('everything'):
                host_name = run("hostname")
                cassandra_host_names.append(host_name)
    keystone_version = get_keystone_version()
    internal_vip = get_openstack_internal_vip()
    external_vip = get_openstack_external_vip()
    contrail_internal_vip = get_contrail_internal_vip()
    contrail_external_vip = get_contrail_external_vip()
    multi_role_test = False
    for host_string in env.roledefs['all']:
        if host_string in env.roledefs.get('test',[]):
            for role in env.roledefs.iterkeys():
                if role in ['test','all']:
                    continue
                if host_string in env.roledefs.get(role,[]):
                    multi_role_test=True
                    break
            if not multi_role_test:
                continue
        host_ip = host_string.split('@')[1]
        with settings(host_string = host_string), hide('everything'):
            try:
                host_name = run("hostname")
                host_fqname = run("hostname -f")
            except:
                logger.warn('Unable to login to %s'%host_ip)
                continue
        host_dict = {}

        host_dict['ip'] = host_ip
        host_dict['data-ip']= get_data_ip(host_string)[0]
        if host_dict['data-ip'] == host_string.split('@')[1]:
            host_dict['data-ip'] = get_data_ip(host_string)[0]
        host_dict['control-ip']= get_control_host_string(host_string).split('@')[1]

        host_dict['name'] = host_name
        host_dict['fqname'] = host_fqname
        host_dict['username'] = host_string.split('@')[0]
        host_dict['password'] =get_env_passwords(host_string)
        host_dict['roles'] = []

        if env.get('qos', {}):
            if host_string in env.qos.keys():
                role_dict = env.qos[host_string]
                host_dict['qos'] = role_dict
        if env.get('qos_niantic', {}):
            if host_string in env.qos_niantic.keys():
                role_dict = env.qos_niantic[host_string]
                host_dict['qos_niantic'] = role_dict

        if host_string in env.roledefs['openstack']:
            role_dict = {'type': 'openstack', 'params': {'cfgm': cfgm_host_name}}
            role_dict['container'] = get_container_name(containers, host_string, 'openstack')
            host_dict['roles'].append(role_dict)

        if host_string in env.roledefs['cfgm']:
            role_dict = {'type': 'cfgm', 'params': {'collector': host_name, 'cassandra': ' '.join(cassandra_host_names)}}
            role_dict['container'] = get_container_name(containers, host_string, 'controller')
            if env.get('orchestrator', 'openstack') == 'openstack':
                role_dict['openstack'] = openstack_host_name
            host_dict['roles'].append(role_dict)

        if host_string in env.roledefs['control']:
            role_dict = {'type': 'bgp', 'params': {'collector': cfgm_host_name, 'cfgm': cfgm_host_name}}
            role_dict['container'] = get_container_name(containers, host_string, 'controller')
            host_dict['roles'].append(role_dict)

        if 'database' in env.roledefs.keys() and host_string in env.roledefs['database']:
            role_dict = { 'type': 'database', 'params': {'cassandra': ' '.join(cassandra_host_names)} }
            role_dict['container'] = get_container_name(containers, host_string, 'analyticsdb')
            host_dict['roles'].append(role_dict)

        if not env.roledefs.get('compute'):
            env.roledefs['compute'] = []
        if host_string in env.roledefs['compute']:
            role_dict = {'type': 'compute', 'params': {'collector': cfgm_host_name, 'cfgm': cfgm_host_name}}
            role_dict['container'] = get_container_name(containers, host_string, 'agent')
            role_dict['params']['bgp'] = []
            if len(env.roledefs['control']) == 1:
                role_dict['params']['bgp'] = control_host_names
            else:
                for control_node in control_host_names:
                    role_dict['params']['bgp'].append(control_node)
               # role_dict['params']['bgp'].extend(control_host_names[randrange(len(env.roledefs['control']))])
            host_dict['roles'].append(role_dict)

        if host_string in env.roledefs.get('lb',[]):
            role_dict = {'type': 'lb', 'params': {'lb': host_name}}
            role_dict['container'] = get_container_name(containers, host_string, 'lb')
            host_dict['roles'].append(role_dict)

        if 'collector' in env.roledefs.keys() and host_string in env.roledefs['collector']:
            role_dict = { 'type': 'collector', 'params': {'cassandra': ' '.join(cassandra_host_names)} }
            role_dict['container'] = get_container_name(containers, host_string, 'analytics')
            host_dict['roles'].append(role_dict)

        if 'webui' in env.roledefs.keys() and host_string in env.roledefs['webui']:
            role_dict = { 'type': 'webui', 'params': {'cfgm': cfgm_host_name} }
            role_dict['container'] = get_container_name(containers, host_string, 'controller')
            host_dict['roles'].append(role_dict)

        # Kube managers
        if 'contrail-kubernetes' in env.roledefs.keys() and \
                host_string in env.roledefs['contrail-kubernetes']:
            role_dict = { 'type': 'contrail-kubernetes', 'params': {} }
            role_dict['container'] = get_container_name(containers,
                host_string, 'contrail-kube-manager')
            host_dict['roles'].append(role_dict)

        sanity_testbed_dict['hosts'].append(host_dict)
    if env.has_key('vgw'): sanity_testbed_dict['vgw'].append(env.vgw)

    #get sriov info
    if env.has_key('sriov'):
        sanity_testbed_dict['sriov'].append(env.sriov)

    #get dpdk info
    if env.has_key('dpdk'):
        sanity_testbed_dict['dpdk'].append(env.dpdk)

    #get k8s info
    sanity_testbed_dict['kubernetes'] = env.get('kubernetes', {})

   #get ns_agilio_vrouter info
    if env.has_key('ns_agilio_vrouter'):
        sanity_testbed_dict['ns_agilio_vrouter'].append(env.ns_agilio_vrouter)

    # Read ToR config
    sanity_tor_dict = {}
    if env.has_key('tor_agent'):
        sanity_testbed_dict['tor_agent'] = env.tor_agent

    # Read any tor-host config
    if env.has_key('tor_hosts'):
        sanity_testbed_dict['tor_hosts'] = env.tor_hosts

    if env.has_key('xmpp_auth_enable'):
        sanity_testbed_dict['xmpp_auth_enable'] = env.xmpp_auth_enable
    if env.has_key('xmpp_dns_auth_enable'):
        sanity_testbed_dict['xmpp_dns_auth_enable'] = env.xmpp_dns_auth_enable
    if env.has_key('metadata_ssl_enable'):
        sanity_testbed_dict['metadata_ssl_enable'] = env.metadata_ssl_enable

    if env.has_key('dm_mx'):
        sanity_testbed_dict['dm_mx'] = env.dm_mx

    # Read any MX config (as physical_router )
    if env.has_key('physical_routers'):
        sanity_testbed_dict['physical_routers'] = env.physical_routers

    esxi_hosts = getattr(testbed, 'esxi_hosts', None)
    if esxi_hosts:
        for esxi in esxi_hosts:
            host_dict = {}
            host_dict['ip'] = esxi_hosts[esxi]['ip']
            host_dict['data-ip'] = host_dict['ip']
            host_dict['control-ip'] = host_dict['ip']
            host_dict['name'] = esxi
            host_dict['username'] = esxi_hosts[esxi]['username']
            host_dict['password'] = esxi_hosts[esxi]['password']
            #Its used for vcenter only mode provosioning for contrail-vm
            #Its not needed for vcenter_gateway mode, hence might not be there in testbed.py
            if 'contrail_vm' in esxi_hosts[esxi]:
                host_dict['contrail_vm'] = esxi_hosts[esxi]['contrail_vm']['host']
            host_dict['roles'] = []
            host_dict['type'] = 'esxi'
            sanity_testbed_dict['hosts'].append(host_dict)
            sanity_testbed_dict['esxi_vms'].append(host_dict)

    vcenter_servers = env.get('vcenter_servers')
    if vcenter_servers:
        for vcenter in vcenter_servers:
            sanity_testbed_dict['vcenter_servers'].append(vcenter_servers[vcenter])

    orch = getattr(env, 'orchestrator', 'openstack')
    deployer = getattr(env, 'deployer', 'openstack')
    #get other orchestrators (vcenter etc) info if any
    slave_orch = None
    if env.has_key('other_orchestrators'):
        sanity_testbed_dict['other_orchestrators'] = env.other_orchestrators
        for k,v in env.other_orchestrators.items():
            if v['type'] == 'vcenter':
                slave_orch = 'vcenter'

    # get host ipmi list
    if env.has_key('hosts_ipmi'):
        sanity_testbed_dict['hosts_ipmi'].append(env.hosts_ipmi)

    # Setting slave orch to k8s when key present
    if env.has_key('kubernetes'):
        if  sanity_testbed_dict['kubernetes']['mode'] == 'nested':
            slave_orch = 'kubernetes'

    # generate json file and copy to cfgm
    sanity_testbed_json = json.dumps(sanity_testbed_dict)
    stack_user = os.getenv('STACK_USER', env.get('stack_user', env.test.get('stack_user', '')))
    stack_password = os.getenv('STACK_PASSWORD',
            env.test.get('stack_password',''))
    stack_tenant = os.getenv('STACK_TENANT', env.get('stack_tenant',
            env.test.get('stack_tenant', '')))
    stack_domain = os.getenv('STACK_DOMAIN',
            env.get('stack_domain', env.test.get('stack_domain', '')))
    use_project_scoped_token = env.test.get('use_project_scoped_token', '')
    if not env.has_key('domain_isolation'):
        env.domain_isolation = False
    if not env.has_key('cloud_admin_domain'):
        env.cloud_admin_domain = 'Default'
    if not env.has_key('cloud_admin_user'):
        env.cloud_admin_user = '******'
    if not env.has_key('cloud_admin_password'):
        env.cloud_admin_password = env.get('openstack_admin_password')
    domain_isolation = os.getenv('DOMAIN_ISOLATION',
            env.test.get('domain_isolation', env.domain_isolation))
    cloud_admin_domain = os.getenv('CLOUD_ADMIN_DOMAIN',
            env.test.get('cloud_admin_domain', env.cloud_admin_domain))
    cloud_admin_user = os.getenv('CLOUD_ADMIN_USER',
            env.test.get('cloud_admin_user', env.cloud_admin_user))
    cloud_admin_password = os.getenv('CLOUD_ADMIN_PASSWORD',
            env.test.get('cloud_admin_password', env.cloud_admin_password))
    tenant_isolation = os.getenv('TENANT_ISOLATION',
            env.test.get('tenant_isolation', ''))

    stop_on_fail = env.get('stop_on_fail', False)
    mail_to = os.getenv('MAIL_TO', env.test.get('mail_to', ''))
    log_scenario = env.get('log_scenario', 'Sanity')
    stack_region_name = get_region_name()
    admin_user, admin_password = get_authserver_credentials()
    if orch == 'kubernetes':
        admin_tenant = 'default'
    else:
        admin_tenant = get_admin_tenant_name()
    # Few hardcoded variables for sanity environment
    # can be removed once we move to python3 and configparser

    webserver_host = os.getenv('WEBSERVER_HOST',
            env.test.get('webserver_host',''))
    webserver_user = os.getenv('WEBSERVER_USER',
            env.test.get('webserver_user', ''))
    webserver_password = os.getenv('WEBSERVER_PASSWORD',
            env.test.get('webserver_password', ''))
    webserver_log_path = os.getenv('WEBSERVER_LOG_PATH',
            env.test.get('webserver_log_path', '/var/www/contrail-test-ci/logs/'))
    webserver_report_path = os.getenv('WEBSERVER_REPORT_PATH',
            env.test.get('webserver_report_path', '/var/www/contrail-test-ci/reports/'))
    webroot = os.getenv('WEBROOT', env.test.get('webroot', 'contrail-test-ci'))
    mail_server = os.getenv('MAIL_SERVER', env.test.get('mail_server', ''))
    mail_port = os.getenv('MAIL_PORT', env.test.get('mail_port', '25'))
    fip_pool_name = os.getenv('FIP_POOL_NAME',
            env.test.get('fip_pool_name', 'floating-ip-pool'))
    public_virtual_network = os.getenv('PUBLIC_VIRTUAL_NETWORK',
            env.test.get('public_virtual_network', 'public'))
    public_tenant_name = os.getenv('PUBLIC_TENANT_NAME',
            env.test.get('public_tenant_name', 'admin'))
    fixture_cleanup = os.getenv('FIXTURE_CLEANUP',
            env.test.get('fixture_cleanup', 'yes'))
    generate_html_report = os.getenv('GENERATE_HTML_REPORT',
            env.test.get('generate_html_report', 'True'))
    keypair_name = os.getenv('KEYPAIR_NAME',
            env.test.get('keypair_name', 'contrail_key'))
    mail_sender = os.getenv('MAIL_SENDER', env.test.get('mail_sender', '*****@*****.**'))
    discovery_ip = os.getenv('DISCOVERY_IP', env.test.get('discovery_ip', ''))
    config_api_ip = os.getenv('CONFIG_API_IP', env.test.get('config_api_ip', ''))
    analytics_api_ip = os.getenv('ANALYTICS_API_IP',
            env.test.get('analytics_api_ip', ''))
    discovery_port = os.getenv('DISCOVERY_PORT',
            env.test.get('discovery_port', ''))
    config_api_port = os.getenv('CONFIG_API_PORT',
            env.test.get('config_api_port', ''))
    analytics_api_port = os.getenv('ANALYTICS_API_PORT',
            env.test.get('analytics_api_port', ''))
    control_port = os.getenv('CONTROL_PORT', env.test.get('control_port', ''))
    dns_port = os.getenv('DNS_PORT', env.test.get('dns_port', ''))
    agent_port = os.getenv('AGENT_PORT', env.test.get('agent_port', ''))
    user_isolation = os.getenv('USER_ISOLATION',
            env.test.get('user_isolation', False if stack_user else True))
    neutron_username = os.getenv('NEUTRON_USERNAME',
            env.test.get('neutron_username', None))
    availability_zone = os.getenv('AVAILABILITY_ZONE',
            env.test.get('availability_zone', None))
    ci_flavor = os.getenv('CI_FLAVOR', env.test.get('ci_flavor', None))
    kube_config_file = env.test.get('kube_config_file',
                                     '/etc/kubernetes/admin.conf')
    openshift_src_config_file = env.test.get('openshift_src_config_file',
                                     '/root/.kube/config')
    use_devicemanager_for_md5 = getattr(testbed, 'use_devicemanager_for_md5', False)
    router_asn = getattr(testbed, 'router_asn', '')
    public_vn_rtgt = getattr(testbed, 'public_vn_rtgt', '')
    public_vn_subnet = getattr(testbed, 'public_vn_subnet', '')
    ext_routers = getattr(testbed, 'ext_routers', '')
    router_info = str(ext_routers)
    fabric_gw = getattr(testbed, 'fabric_gw', '')
    fabric_gw_info = str(fabric_gw)
    test_verify_on_setup = getattr(env, 'test_verify_on_setup', True)
    webui = getattr(testbed, 'webui', False)
    horizon = getattr(testbed, 'horizon', False)
    ui_config = getattr(testbed, 'ui_config', False)
    ui_browser = getattr(testbed, 'ui_browser', False)

    if not env.has_key('openstack'):
        env.openstack = {}
    if not env.has_key('cfgm'):
        env.cfgm = {}

    config_amqp_ip = env.openstack.get('amqp_host', '')
    if config_amqp_ip:
        config_amqp_ips = [config_amqp_ip]
    else:
        config_amqp_ips = []

    # If amqp details are in env.cfgm as well, use that
    config_amqp_port = env.cfgm.get('amqp_port', '5672')
    config_amqp_ips = env.cfgm.get('amqp_hosts', config_amqp_ips)

    key_filename = env.get('key_filename', '')
    pubkey_filename = env.get('pubkey_filename', '')

    vcenter_dc = ''
    if orch == 'vcenter' or slave_orch== 'vcenter':
        public_tenant_name='vCenter'

    if env.has_key('vcenter_servers'):
            if env.vcenter_servers:
                for vc in env.vcenter_servers:
                    for dc in env.vcenter_servers[vc]['datacenters']:
                        vcenter_dc = dc

    #global controller
    gc_host_mgmt = getattr(testbed, 'gc_host_mgmt', '')
    gc_host_control_data =  getattr(testbed, 'gc_host_control_data', '')
    gc_user_name = getattr(testbed, 'gc_user_name', '')
    gc_user_pwd = getattr(testbed, 'gc_user_pwd', '')
    keystone_password = getattr(testbed, 'keystone_password', '')

    sanity_params = sanity_ini_templ.safe_substitute(
        {'__testbed_json_file__'   : 'sanity_testbed.json',
         '__keystone_version__'    : keystone_version,
         '__use_project_scoped_token__': use_project_scoped_token,
         '__nova_keypair_name__'   : keypair_name,
         '__orch__'                : orch,
         '__deployer__'            : deployer,
         '__admin_user__'          : admin_user,
         '__admin_password__'      : admin_password,
         '__admin_tenant__'        : admin_tenant,
         '__domain_isolation__'    : domain_isolation,
         '__cloud_admin_domain__'  : cloud_admin_domain,
         '__cloud_admin_user__'    : cloud_admin_user,
         '__cloud_admin_password__': cloud_admin_password,
         '__tenant_isolation__'    : tenant_isolation,
         '__stack_user__'          : stack_user,
         '__stack_password__'      : stack_password,
         '__auth_ip__'             : auth_server_ip,
         '__auth_port__'           : auth_server_port,
         '__auth_protocol__'       : auth_protocol,
         '__stack_region_name__'   : stack_region_name,
         '__stack_tenant__'        : stack_tenant,
         '__stack_domain__'        : stack_domain,
         '__multi_tenancy__'       : get_mt_enable(),
         '__address_family__'      : get_address_family(),
         '__log_scenario__'        : log_scenario,
         '__generate_html_report__': generate_html_report,
         '__fixture_cleanup__'     : fixture_cleanup,
         '__key_filename__'        : key_filename,
         '__pubkey_filename__'     : pubkey_filename,
         '__webserver__'           : webserver_host,
         '__webserver_user__'      : webserver_user,
         '__webserver_password__'  : webserver_password,
         '__webserver_log_dir__'   : webserver_log_path,
         '__webserver_report_dir__': webserver_report_path,
         '__webroot__'             : webroot,
         '__mail_server__'         : mail_server,
         '__mail_port__'           : mail_port,
         '__sender_mail_id__'      : mail_sender,
         '__receiver_mail_id__'    : mail_to,
         '__http_proxy__'          : env.get('http_proxy', ''),
         '__ui_browser__'          : ui_browser,
         '__ui_config__'           : ui_config,
         '__horizon__'             : horizon,
         '__webui__'               : webui,
         '__devstack__'            : False,
         '__public_vn_rtgt__'      : public_vn_rtgt,
         '__router_asn__'          : router_asn,
         '__router_name_ip_tuples__': router_info,
         '__fabric_gw_name_ip_tuple__': fabric_gw_info,
         '__public_vn_name__'      : fip_pool_name,
         '__public_virtual_network__':public_virtual_network,
         '__public_tenant_name__'  :public_tenant_name,
         '__public_vn_subnet__'    : public_vn_subnet,
         '__test_revision__'       : revision,
         '__fab_revision__'        : fab_revision,
         '__test_verify_on_setup__': test_verify_on_setup,
         '__stop_on_fail__'        : stop_on_fail,
         '__ha_setup__'            : getattr(testbed, 'ha_setup', ''),
         '__ipmi_username__'       : getattr(testbed, 'ipmi_username', ''),
         '__ipmi_password__'       : getattr(testbed, 'ipmi_password', ''),
         '__contrail_internal_vip__' : contrail_internal_vip,
         '__contrail_external_vip__' : contrail_external_vip,
         '__internal_vip__'        : internal_vip,
         '__external_vip__'        : external_vip,
         '__vcenter_dc__'          : vcenter_dc,
         '__vcenter_server__'      : get_vcenter_ip(),
         '__vcenter_port__'        : get_vcenter_port(),
         '__vcenter_username__'    : get_vcenter_username(),
         '__vcenter_password__'    : get_vcenter_password(),
         '__vcenter_datacenter__'  : get_vcenter_datacenter(),
         '__vcenter_compute__'     : get_vcenter_compute(),
         '__use_devicemanager_for_md5__'       : use_devicemanager_for_md5,
         '__discovery_port__'      : discovery_port,
         '__config_api_port__'     : config_api_port,
         '__analytics_api_port__'  : analytics_api_port,
         '__control_port__'        : control_port,
         '__dns_port__'            : dns_port,
         '__vrouter_agent_port__'  : agent_port,
         '__discovery_ip__'        : discovery_ip,
         '__config_api_ip__'       : config_api_ip,
         '__analytics_api_ip__'    : analytics_api_ip,
         '__user_isolation__'      : user_isolation,
         '__neutron_username__'    : neutron_username,
         '__availability_zone__'   : availability_zone,
         '__ci_flavor__'           : ci_flavor,
         '__config_amqp_ips__'     : ','.join(config_amqp_ips),
         '__config_amqp_port__'    : config_amqp_port,
         '__api_auth_protocol__'   : api_auth_protocol,
         '__api_certfile__'        : api_certfile,
         '__api_keyfile__'         : api_keyfile,
         '__api_cafile__'          : api_cafile,
         '__api_insecure_flag__'   : api_insecure_flag,
         '__keystone_certfile__'   : keystone_certfile,
         '__keystone_keyfile__'    : keystone_keyfile,
         '__keystone_cafile__'     : keystone_cafile,
         '__keystone_insecure_flag__': keystone_insecure_flag,
         '__gc_host_mgmt__'        : gc_host_mgmt,
         '__gc_host_control_data__': gc_host_control_data,
         '__gc_user_name__'        : gc_user_name,
         '__gc_user_pwd__'         : gc_user_pwd,
         '__keystone_password__'   : keystone_password,
         '__slave_orch__'          : slave_orch,
	 '__ixia_linux_host_ip__'  : ixia_linux_host_ip,
	 '__ixia_host_ip__'        : ixia_host_ip,
	 '__spirent_linux_host_ip__': spirent_linux_host_ip,
	 '__ixia_linux_username__' : ixia_linux_username,
	 '__ixia_linux_password__' : ixia_linux_password,
	 '__spirent_linux_username__': spirent_linux_username,
	 '__spirent_linux_password__': spirent_linux_password,

        })

    ini_file = test_dir + '/' + 'sanity_params.ini'
    testbed_json_file = test_dir + '/' + 'sanity_testbed.json'
    with open(ini_file, 'w') as ini:
        ini.write(sanity_params)

    with open(testbed_json_file,'w') as tb:
        tb.write(sanity_testbed_json)

    # Create /etc/contrail/openstackrc
    if not os.path.exists('/etc/contrail'):
        os.makedirs('/etc/contrail')

    keycertbundle = None
    if keystone_cafile and keystone_keyfile and keystone_certfile:
        bundle = '/tmp/keystonecertbundle.pem'
        certs = [keystone_certfile, keystone_keyfile, keystone_cafile]
        keycertbundle = utils.getCertKeyCaBundle(bundle, certs)

    with open('/etc/contrail/openstackrc','w') as rc:
        rc.write("export OS_USERNAME=%s\n" % admin_user)
        rc.write("export OS_PASSWORD=%s\n" % admin_password)
        rc.write("export OS_TENANT_NAME=%s\n" % admin_tenant)
        rc.write("export OS_REGION_NAME=%s\n" % stack_region_name)
        rc.write("export OS_AUTH_URL=%s://%s:%s/v2.0\n" % (auth_protocol,
                                                           auth_server_ip,
                                                           auth_server_port))
        rc.write("export OS_CACERT=%s\n" % keycertbundle)
        rc.write("export OS_CERT=%s\n" % keystone_certfile)
        rc.write("export OS_KEY=%s\n" % keystone_keyfile)
        rc.write("export OS_INSECURE=%s\n" % keystone_insecure_flag)
        rc.write("export OS_NO_CACHE=1\n")

    # Write vnc_api_lib.ini - this is required for vnc_api to connect to keystone
    config = ConfigParser.ConfigParser()
    config.optionxform = str
    vnc_api_ini = '/etc/contrail/vnc_api_lib.ini'
    if os.path.exists(vnc_api_ini):
        config.read(vnc_api_ini)

    if 'auth' not in config.sections():
        config.add_section('auth')

    config.set('auth','AUTHN_TYPE', 'keystone')
    config.set('auth','AUTHN_PROTOCOL', auth_protocol)
    config.set('auth','AUTHN_SERVER', auth_server_ip)
    config.set('auth','AUTHN_PORT', auth_server_port)
    if keystone_version == 'v3':
        config.set('auth','AUTHN_URL', '/v3/auth/tokens')
    else:
        config.set('auth','AUTHN_URL', '/v2.0/tokens')

    if api_auth_protocol == 'https':
        if 'global' not in config.sections():
            config.add_section('global')
        config.set('global','certfile', api_certfile)
        config.set('global','cafile', api_cafile)
        config.set('global','keyfile', api_keyfile)
        config.set('global','insecure',api_insecure_flag)

    if auth_protocol == 'https':
        if 'auth' not in config.sections():
            config.add_section('auth')
        config.set('auth','certfile', keystone_certfile)
        config.set('auth','cafile', keystone_cafile)
        config.set('auth','keyfile', keystone_keyfile)
        config.set('auth','insecure', keystone_insecure_flag)

    with open(vnc_api_ini,'w') as f:
        config.write(f)

    # Get kube config file to the testrunner node
    if orch == 'kubernetes' or slave_orch == 'kubernetes':
        if not os.path.exists(kube_config_file):
            dir_name = os.path.dirname(kube_config_file)
            if not os.path.exists(dir_name):
                os.makedirs(dir_name)
            with settings(host_string = env.kubernetes['master']):
                if deployer == 'openshift' :
                    get(openshift_src_config_file, kube_config_file)
                else:
                    get(kube_config_file, kube_config_file)


    # If webui = True, in testbed, setup webui for sanity
    if webui:
        sku = get_build_sku(cfgm_host)
        update_config_option('openstack', '/etc/keystone/keystone.conf',
                             'token', 'expiration',
                             '86400','keystone', sku)
        update_js_config('webui', '/etc/contrail/config.global.js',
                         'contrail-webui', container=is_container_env)