def _proxy_authenticate(self):
"""
Use the auth helper to get config settings and keys
Return True for success, False for failure
Returns
-------
None
Raises
------
Exception
The authentication using direct mode is noit possible
"""
_logger.debug('_proxy_authenticate')
if os.geteuid() != 0:
raise Exception('Must be root to use Proxy authentication')
sdk_user = OCIUtilsConfiguration.get('auth', 'oci_sdk_user')
try:
proxy = OCIAuthProxy(sdk_user)
self._oci_config = proxy.get_config()
self._identity_client = oci_sdk.identity.IdentityClient(
self._oci_config)
self._ons_client = oci_sdk.ons.NotificationDataPlaneClient(
config=self._oci_config)
except Exception as e:
_logger.debug('Proxy authentication failed: %s', str(e))
raise Exception('Proxy authentication failed') from e
def get_auth_method(self, authentication_method=None):
"""
Determine how (or if) we can authenticate. If auth_method is
provided, and is not AUTO then test if the given auth_method works.
Return one of oci_api.DIRECT, oci_api.PROXY, oci_api.IP or
oci_api.NONE (IP is instance principals).
Parameters
----------
authentication_method : [NONE | DIRECT | PROXY | AUTO | IP]
if specified, the authentication method to be tested.
Returns
-------
One of the oci_api.DIRECT, oci_api.PROXY, oci_api.IP or oci_api.NONE,
the authentication method which passed or NONE.
[NONE | DIRECT | PROXY | AUTO | IP]
"""
_logger.debug('_get_auth_method')
if authentication_method is None:
auth_method = OCIUtilsConfiguration.get('auth', 'auth_method')
else:
auth_method = authentication_method
_logger.debug('auth method retrieved from conf: %s', auth_method)
# order matters
_auth_mechanisms = {
DIRECT: self._direct_authenticate,
IP: self._ip_authenticate,
PROXY: self._proxy_authenticate
}
if auth_method in _auth_mechanisms.keys():
# user specified something, respect that choice
try:
_logger.debug('Trying %s auth', auth_method)
_auth_mechanisms[auth_method]()
_logger.debug('%s auth ok', auth_method)
return auth_method
except Exception as e:
_logger.debug(' %s auth has failed: %s', auth_method, str(e))
return NONE
_logger.debug('Nothing specified trying to find an auth method')
for method in _auth_mechanisms:
try:
_logger.debug('Trying %s auth', method)
_auth_mechanisms[method]()
_logger.debug('%s auth ok', method)
return method
except Exception as e:
_logger.debug('%s auth has failed: %s', method, str(e))
# no options left
return NONE
def _run_sec_vnic_script(self, script_args):
"""
Run secondary_vnic_all_configure.sh.
Parameters
----------
script_args: list of string
Arguments to be passed to the script.
Returns
-------
tuple
(The exit code of the script, the output of the script)
"""
true_val = ['true', 'True', 'TRUE']
vf_net = OCIUtilsConfiguration.get('vnic', 'vf_net') in true_val
if vf_net and '-s' not in script_args:
_logger.debug(
'Skipping execution of the secondary vnic script')
return 0, 'Info: vf_net is enabled in the oci-utils configuration'
all_args = [_secondary_vnic_all_configure_path]
all_args += script_args
if "-c" in script_args:
if 'sshd' in self.vnic_info:
if self.vnic_info['sshd']:
all_args += ['-r']
if 'ns' in self.vnic_info:
if self.vnic_info['ns'] is not None:
all_args += ['-n', self.vnic_info['ns']]
if "-c" in script_args or "-s" in script_args:
if 'exclude' in self.vnic_info:
for exc in self.vnic_info['exclude']:
all_args += ['-X', exc]
if 'sec_priv_ip' in self.vnic_info:
for ipaddr, vnic_id in self.vnic_info['sec_priv_ip']:
all_args += ['-e', ipaddr, vnic_id]
_logger.debug('Executing "%s"' % " ".join(all_args))
try:
output = subprocess.check_output(
all_args, stderr=subprocess.STDOUT)
except OSError:
_logger.debug('failed to execute '
'/usr/libexec/secondary_vnic_all_configure.sh')
return 404, 'failed to execute secondary VNIC script'
except subprocess.CalledProcessError as e:
_logger.debug('Error running command "%s":' % ' '.
join(all_args))
_logger.error(e.output)
return e.returncode, e.output
return 0, output
def start_thread(name, repeat):
"""
Start a specific thread.
Parameters
----------
name: str
The name of the thread.
repeat: bool
Repeat the thread if set.
Returns
-------
dict
The thread object.
"""
true_list = ['true', 'True', 'TRUE']
if name == 'public_ip':
is_enabled = OCIUtilsConfiguration.get('public_ip', 'enabled')
if is_enabled not in true_list:
return None
refresh_interval = OCIUtilsConfiguration.get('public_ip', 'refresh_interval')
th = OcidThread(name=name,
ocidfunc=public_ip_func,
context={},
sleeptime=int(refresh_interval),
repeat=repeat)
elif name == 'iscsi':
max_volumes = OCIUtilsConfiguration.get('iscsi', 'max_volumes')
is_enabled = OCIUtilsConfiguration.get('iscsi', 'enabled')
auto_detach = OCIUtilsConfiguration.get('iscsi', 'auto_detach') in true_list
if is_enabled not in true_list:
return None
# oci-growfs
auto_resize = OCIUtilsConfiguration.get('iscsi', 'auto_resize')
if auto_resize in true_list:
try:
_ = subprocess.check_output(['/usr/libexec/oci-growfs', '-y'], stderr=subprocess.STDOUT)
except Exception:
pass
scan_interval = OCIUtilsConfiguration.get('iscsi', 'scan_interval')
th = OcidThread(name=name,
ocidfunc=iscsi_func,
context={'max_volumes': max_volumes, 'auto_detach': auto_detach, },
sleeptime=int(scan_interval),
repeat=repeat)
elif name == 'vnic':
is_enabled = OCIUtilsConfiguration.get('vnic', 'enabled')
if is_enabled not in true_list:
return None
scan_interval = OCIUtilsConfiguration.get('vnic', 'scan_interval')
__ocid_logger.debug('scan interval for vnics: %s', str(scan_interval))
vf_net = OCIUtilsConfiguration.get('vnic', 'vf_net') in true_list
th = OcidThread(name=name,
ocidfunc=vnic_func,
context={'vnic_utils': None,
'vf_net': vf_net},
sleeptime=int(scan_interval),
repeat=repeat)
else:
__ocid_logger.error('Internal error: unknown thread: %s', name)
return None
th.start()
return th