def get_params(self, context, cluster_template, cluster, **kwargs):
osc = self.get_osc(context)
extra_params = kwargs.pop('extra_params', {})
extra_params['trustee_domain_id'] = osc.keystone().trustee_domain_id
extra_params['trustee_user_id'] = cluster.trustee_user_id
extra_params['trustee_username'] = cluster.trustee_username
extra_params['trustee_password'] = cluster.trustee_password
extra_params['verify_ca'] = CONF.drivers.verify_ca
extra_params['openstack_ca'] = utils.get_openstack_ca()
# Only pass trust ID into the template if allowed by the config file
if CONF.trust.cluster_user_trust:
extra_params['trust_id'] = cluster.trust_id
else:
extra_params['trust_id'] = ""
kwargs = {
'service_type': 'identity',
'interface': CONF.trust.trustee_keystone_interface,
'version': 3
}
if CONF.trust.trustee_keystone_region_name:
kwargs['region_name'] = CONF.trust.trustee_keystone_region_name
extra_params['auth_url'] = osc.url_for(**kwargs).rstrip('/')
return super(BaseTemplateDefinition,
self).get_params(context, cluster_template, cluster,
extra_params=extra_params,
**kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs):
osc = self.get_osc(context)
# Add all the params from the cluster's nodegroups
self.add_nodegroup_params(cluster)
extra_params = kwargs.pop('extra_params', {})
extra_params['trustee_domain_id'] = osc.keystone().trustee_domain_id
extra_params['trustee_user_id'] = cluster.trustee_user_id
extra_params['trustee_username'] = cluster.trustee_username
extra_params['trustee_password'] = cluster.trustee_password
extra_params['verify_ca'] = CONF.drivers.verify_ca
extra_params['openstack_ca'] = utils.get_openstack_ca()
# Only pass trust ID into the template if allowed by the config file
if CONF.trust.cluster_user_trust:
extra_params['trust_id'] = cluster.trust_id
else:
extra_params['trust_id'] = ""
kwargs = {
'service_type': 'identity',
'interface': CONF.trust.trustee_keystone_interface,
'version': 3
}
if CONF.trust.trustee_keystone_region_name:
kwargs['region_name'] = CONF.trust.trustee_keystone_region_name
extra_params['auth_url'] = osc.url_for(**kwargs).rstrip('/')
return super(BaseTemplateDefinition,
self).get_params(context, cluster_template, cluster,
extra_params=extra_params,
**kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs):
osc = self.get_osc(context)
extra_params = kwargs.pop('extra_params', {})
extra_params['trustee_domain_id'] = osc.keystone().trustee_domain_id
extra_params['trustee_user_id'] = cluster.trustee_user_id
extra_params['trustee_username'] = cluster.trustee_username
extra_params['trustee_password'] = cluster.trustee_password
extra_params['verify_ca'] = CONF.drivers.verify_ca
extra_params['openstack_ca'] = utils.get_openstack_ca()
# Only pass trust ID into the template if allowed by the config file
if CONF.trust.cluster_user_trust:
extra_params['trust_id'] = cluster.trust_id
else:
extra_params['trust_id'] = ""
extra_params['auth_url'] = osc.url_for(
service_type='identity',
interface=CONF.trust.trustee_keystone_interface,
version=3)
return super(BaseTemplateDefinition,
self).get_params(context, cluster_template, cluster,
extra_params=extra_params,
**kwargs)
def test_get_openstasck_ca(self):
# openstack_ca_file is empty
self.assertEqual('', utils.get_openstack_ca())
# openstack_ca_file is set but the file doesn't exist
CONF.set_override('openstack_ca_file',
'/tmp/invalid-ca.pem',
group='drivers')
self.assertRaises(IOError, utils.get_openstack_ca)
# openstack_ca_file is set and the file exists
CONF.set_override('openstack_ca_file',
'/tmp/invalid-ca.pem',
group='drivers')
with mock.patch('magnum.common.utils.open',
mock.mock_open(read_data="CERT"), create=True):
self.assertEqual('CERT', utils.get_openstack_ca())
def test_get_openstasck_ca(self):
# openstack_ca_file is empty
self.assertEqual('', utils.get_openstack_ca())
# openstack_ca_file is set but the file doesn't exist
CONF.set_override('openstack_ca_file',
'/tmp/invalid-ca.pem',
group='drivers')
self.assertRaises(IOError, utils.get_openstack_ca)
# openstack_ca_file is set and the file exists
CONF.set_override('openstack_ca_file',
'/tmp/invalid-ca.pem',
group='drivers')
with mock.patch('magnum.common.utils.open',
mock.mock_open(read_data="CERT"),
create=True):
self.assertEqual('CERT', utils.get_openstack_ca())
def get_params(self, context, cluster_template, cluster, **kwargs):
extra_params = kwargs.pop('extra_params', {})
extra_params['username'] = context.user_name
osc = self.get_osc(context)
extra_params['region_name'] = osc.cinder_region_name()
# set docker_volume_type
# use the configuration default if None provided
docker_volume_type = cluster.labels.get(
'docker_volume_type', CONF.cinder.default_docker_volume_type)
extra_params['docker_volume_type'] = docker_volume_type
extra_params['nodes_affinity_policy'] = \
CONF.cluster.nodes_affinity_policy
if cluster_template.network_driver == 'flannel':
extra_params["pods_network_cidr"] = \
cluster.labels.get('flannel_network_cidr', '10.100.0.0/16')
if cluster_template.network_driver == 'calico':
extra_params["pods_network_cidr"] = \
cluster.labels.get('calico_ipv4pool', '10.100.0.0/16')
label_list = [
'coredns_tag', 'kube_tag', 'container_infra_prefix',
'availability_zone', 'calico_tag', 'calico_kube_controllers_tag',
'calico_ipv4pool', 'calico_ipv4pool_ipip', 'etcd_tag',
'flannel_tag'
]
labels = self._get_relevant_labels(cluster, kwargs)
for label in label_list:
label_value = labels.get(label)
if label_value:
extra_params[label] = label_value
cert_manager_api = cluster.labels.get('cert_manager_api')
if strutils.bool_from_string(cert_manager_api):
extra_params['cert_manager_api'] = cert_manager_api
ca_cert = cert_manager.get_cluster_ca_certificate(cluster)
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase()).replace("\n", "\\n")
plain_openstack_ca = utils.get_openstack_ca()
encoded_openstack_ca = base64.b64encode(plain_openstack_ca.encode())
extra_params['openstack_ca_coreos'] = encoded_openstack_ca.decode()
return super(CoreOSK8sTemplateDefinition,
self).get_params(context,
cluster_template,
cluster,
extra_params=extra_params,
**kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs):
extra_params = kwargs.pop('extra_params', {})
extra_params['username'] = context.user_name
osc = self.get_osc(context)
extra_params['region_name'] = osc.cinder_region_name()
# set docker_volume_type
# use the configuration default if None provided
docker_volume_type = cluster.labels.get(
'docker_volume_type', CONF.cinder.default_docker_volume_type)
extra_params['docker_volume_type'] = docker_volume_type
extra_params['nodes_affinity_policy'] = \
CONF.cluster.nodes_affinity_policy
if cluster_template.network_driver == 'flannel':
extra_params["pods_network_cidr"] = \
cluster.labels.get('flannel_network_cidr', '10.100.0.0/16')
if cluster_template.network_driver == 'calico':
extra_params["pods_network_cidr"] = \
cluster.labels.get('calico_ipv4pool', '192.168.0.0/16')
label_list = ['coredns_tag',
'kube_tag', 'container_infra_prefix',
'availability_zone',
'calico_tag', 'calico_cni_tag',
'calico_kube_controllers_tag', 'calico_ipv4pool',
'etcd_tag', 'flannel_tag']
for label in label_list:
label_value = cluster.labels.get(label)
if label_value:
extra_params[label] = label_value
cert_manager_api = cluster.labels.get('cert_manager_api')
if strutils.bool_from_string(cert_manager_api):
extra_params['cert_manager_api'] = cert_manager_api
ca_cert = cert_manager.get_cluster_ca_certificate(cluster)
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase()).replace("\n", "\\n")
plain_openstack_ca = utils.get_openstack_ca()
encoded_openstack_ca = base64.b64encode(plain_openstack_ca.encode())
extra_params['openstack_ca_coreos'] = encoded_openstack_ca.decode()
return super(CoreOSK8sTemplateDefinition,
self).get_params(context, cluster_template, cluster,
extra_params=extra_params,
**kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs):
osc = self.get_osc(context)
nodegroups = kwargs.pop('nodegroups', None)
# Add all the params from the cluster's nodegroups
self.add_nodegroup_params(cluster, nodegroups=nodegroups)
extra_params = kwargs.pop('extra_params', {})
extra_params['trustee_domain_id'] = osc.keystone().trustee_domain_id
extra_params['trustee_user_id'] = cluster.trustee_user_id
extra_params['trustee_username'] = cluster.trustee_username
extra_params['trustee_password'] = cluster.trustee_password
extra_params['verify_ca'] = CONF.drivers.verify_ca
extra_params['openstack_ca'] = utils.get_openstack_ca()
ssh_public_key = nova.get_ssh_key(context, cluster.keypair)
if ssh_public_key != "":
extra_params['ssh_public_key'] = ssh_public_key
# Only pass trust ID into the template if allowed by the config file
if CONF.trust.cluster_user_trust:
extra_params['trust_id'] = cluster.trust_id
else:
extra_params['trust_id'] = ""
kwargs = {
'service_type': 'identity',
'interface': CONF.trust.trustee_keystone_interface,
'version': 3
}
if CONF.trust.trustee_keystone_region_name:
kwargs['region_name'] = CONF.trust.trustee_keystone_region_name
# NOTE: Sometimes, version discovery fails when Magnum cannot talk to
# Keystone via specified trustee_keystone_interface intended for
# cluster instances either because it is not unreachable from the
# controller or CA certs are missing for TLS enabled interface and the
# returned auth_url may not be suffixed with /v3 in which case append
# the url with the suffix so that instances can still talk to Keystone.
auth_url = osc.url_for(**kwargs).rstrip('/')
extra_params['auth_url'] = auth_url + ('' if auth_url.endswith('/v3')
else '/v3')
return super(BaseTemplateDefinition,
self).get_params(context,
cluster_template,
cluster,
extra_params=extra_params,
**kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs):
osc = self.get_osc(context)
nodegroups = kwargs.pop('nodegroups', None)
# Add all the params from the cluster's nodegroups
self.add_nodegroup_params(cluster, nodegroups=nodegroups)
extra_params = kwargs.pop('extra_params', {})
extra_params['trustee_domain_id'] = osc.keystone().trustee_domain_id
extra_params['trustee_user_id'] = cluster.trustee_user_id
extra_params['trustee_username'] = cluster.trustee_username
extra_params['trustee_password'] = cluster.trustee_password
extra_params['verify_ca'] = CONF.drivers.verify_ca
extra_params['openstack_ca'] = utils.get_openstack_ca()
ssh_public_key = nova.get_ssh_key(context, cluster.keypair)
if ssh_public_key != "":
extra_params['ssh_public_key'] = ssh_public_key
# Only pass trust ID into the template if allowed by the config file
if CONF.trust.cluster_user_trust:
extra_params['trust_id'] = cluster.trust_id
else:
extra_params['trust_id'] = ""
kwargs = {
'service_type': 'identity',
'interface': CONF.trust.trustee_keystone_interface,
'version': 3
}
if CONF.trust.trustee_keystone_region_name:
kwargs['region_name'] = CONF.trust.trustee_keystone_region_name
extra_params['auth_url'] = osc.url_for(**kwargs).rstrip('/')
return super(BaseTemplateDefinition,
self).get_params(context,
cluster_template,
cluster,
extra_params=extra_params,
**kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs):
extra_params = super(FCOSK8sTemplateDefinition,
self).get_params(context, cluster_template,
cluster, **kwargs)
extra_params['openstack_ca'] = urlparse.quote(utils.get_openstack_ca())
return extra_params
