Exemple #1
0
    def cert_rotate_amphora_flow(self):
        """Implement rotation for amphora's cert.

         1. Create a new certificate
         2. Upload the cert to amphora
         3. update the newly created certificate info to amphora
         4. update the cert_busy flag to be false after rotation

        :returns: The flow for updating an amphora
        """
        rotated_amphora_flow = linear_flow.Flow(
            constants.CERT_ROTATE_AMPHORA_FLOW)

        rotated_amphora_flow.add(lifecycle_tasks.AmphoraToErrorOnRevertTask(
            requires=constants.AMPHORA))

        # create a new certificate, the returned value is the newly created
        # certificate
        rotated_amphora_flow.add(cert_task.GenerateServerPEMTask(
            provides=constants.SERVER_PEM))

        # update it in amphora task
        rotated_amphora_flow.add(amphora_driver_tasks.AmphoraCertUpload(
            requires=(constants.AMPHORA, constants.SERVER_PEM)))

        # update the newly created certificate info to amphora
        rotated_amphora_flow.add(database_tasks.UpdateAmphoraDBCertExpiration(
            requires=(constants.AMPHORA_ID, constants.SERVER_PEM)))

        # update the cert_busy flag to be false after rotation
        rotated_amphora_flow.add(database_tasks.UpdateAmphoraCertBusyToFalse(
            requires=constants.AMPHORA))

        return rotated_amphora_flow
Exemple #2
0
    def get_create_amphora_for_lb_flow(self):
        """Creates a flow to create an amphora for a load balancer.

        This flow is used when there are no spare amphora available
        for a new load balancer.  It builds an amphora and allocates
        for the specific load balancer.

        :returns: The The flow for creating the amphora
        """
        create_amp_for_lb_flow = linear_flow.Flow(
            constants.CREATE_AMPHORA_FOR_LB_FLOW)
        create_amp_for_lb_flow.add(
            database_tasks.CreateAmphoraInDB(provides=constants.AMPHORA_ID))
        if self.REST_AMPHORA_DRIVER:
            create_amp_for_lb_flow.add(
                cert_task.GenerateServerPEMTask(provides=constants.SERVER_PEM))
            create_amp_for_lb_flow.add(
                compute_tasks.CertComputeCreate(
                    requires=(constants.AMPHORA_ID, constants.SERVER_PEM),
                    provides=constants.COMPUTE_ID))
        else:
            create_amp_for_lb_flow.add(
                compute_tasks.ComputeCreate(requires=constants.AMPHORA_ID,
                                            provides=constants.COMPUTE_ID))
        create_amp_for_lb_flow.add(
            database_tasks.UpdateAmphoraComputeId(
                requires=(constants.AMPHORA_ID, constants.COMPUTE_ID)))
        create_amp_for_lb_flow.add(
            database_tasks.MarkAmphoraBootingInDB(
                requires=(constants.AMPHORA_ID, constants.COMPUTE_ID)))
        wait_flow = linear_flow.Flow(
            constants.WAIT_FOR_AMPHORA,
            retry=retry.Times(CONF.controller_worker.amp_active_retries))
        wait_flow.add(
            compute_tasks.ComputeWait(requires=constants.COMPUTE_ID,
                                      provides=constants.COMPUTE_OBJ))
        wait_flow.add(
            database_tasks.UpdateAmphoraInfo(requires=(constants.AMPHORA_ID,
                                                       constants.COMPUTE_OBJ),
                                             provides=constants.AMPHORA))
        create_amp_for_lb_flow.add(wait_flow)
        create_amp_for_lb_flow.add(
            amphora_driver_tasks.AmphoraFinalize(requires=constants.AMPHORA))
        create_amp_for_lb_flow.add(
            database_tasks.MarkAmphoraAllocatedInDB(
                requires=(constants.AMPHORA, constants.LOADBALANCER_ID)))
        create_amp_for_lb_flow.add(
            database_tasks.ReloadAmphora(requires=constants.AMPHORA_ID,
                                         provides=constants.AMPHORA))
        create_amp_for_lb_flow.add(
            database_tasks.ReloadLoadBalancer(
                name=constants.RELOAD_LB_AFTER_AMP_ASSOC,
                requires=constants.LOADBALANCER_ID,
                provides=constants.LOADBALANCER))
        new_LB_net_subflow = self._lb_flows.get_new_LB_networking_subflow()
        create_amp_for_lb_flow.add(new_LB_net_subflow)
        create_amp_for_lb_flow.add(
            database_tasks.MarkLBActiveInDB(requires=constants.LOADBALANCER))

        return create_amp_for_lb_flow
Exemple #3
0
 def test_execute(self, mock_driver):
     dummy_cert = local.LocalCert('test_cert', 'test_key')
     mock_driver.generate_cert_key_pair.side_effect = [dummy_cert]
     c = cert_task.GenerateServerPEMTask()
     pem = c.execute('123')
     self.assertEqual(
         pem, dummy_cert.get_certificate() + dummy_cert.get_private_key())
     mock_driver.generate_cert_key_pair.assert_called_once_with(
         cn='123', validity=cert_task.CERT_VALIDITY)
Exemple #4
0
    def get_create_amphora_flow(self):
        """Creates a flow to create an amphora.

        :returns: The flow for creating the amphora
        """
        create_amphora_flow = linear_flow.Flow(constants.CREATE_AMPHORA_FLOW)
        create_amphora_flow.add(
            database_tasks.CreateAmphoraInDB(provides=constants.AMPHORA_ID))
        create_amphora_flow.add(
            lifecycle_tasks.AmphoraIDToErrorOnRevertTask(
                requires=constants.AMPHORA_ID))
        if self.REST_AMPHORA_DRIVER:
            create_amphora_flow.add(
                cert_task.GenerateServerPEMTask(provides=constants.SERVER_PEM))

            create_amphora_flow.add(
                database_tasks.UpdateAmphoraDBCertExpiration(
                    requires=(constants.AMPHORA_ID, constants.SERVER_PEM)))

            create_amphora_flow.add(
                compute_tasks.CertComputeCreate(
                    requires=(constants.AMPHORA_ID, constants.SERVER_PEM,
                              constants.BUILD_TYPE_PRIORITY),
                    provides=constants.COMPUTE_ID))
        else:
            create_amphora_flow.add(
                compute_tasks.ComputeCreate(
                    requires=(constants.AMPHORA_ID,
                              constants.BUILD_TYPE_PRIORITY),
                    provides=constants.COMPUTE_ID))
        create_amphora_flow.add(
            database_tasks.MarkAmphoraBootingInDB(
                requires=(constants.AMPHORA_ID, constants.COMPUTE_ID)))
        create_amphora_flow.add(
            compute_tasks.ComputeActiveWait(requires=(constants.COMPUTE_ID,
                                                      constants.AMPHORA_ID),
                                            provides=constants.COMPUTE_OBJ))
        create_amphora_flow.add(
            database_tasks.UpdateAmphoraInfo(requires=(constants.AMPHORA_ID,
                                                       constants.COMPUTE_OBJ),
                                             provides=constants.AMPHORA))
        create_amphora_flow.add(
            amphora_driver_tasks.AmphoraComputeConnectivityWait(
                requires=constants.AMPHORA))
        create_amphora_flow.add(
            database_tasks.ReloadAmphora(requires=constants.AMPHORA_ID,
                                         provides=constants.AMPHORA))
        create_amphora_flow.add(
            amphora_driver_tasks.AmphoraFinalize(requires=constants.AMPHORA))
        create_amphora_flow.add(
            database_tasks.MarkAmphoraReadyInDB(requires=constants.AMPHORA))

        return create_amphora_flow
Exemple #5
0
 def test_execute(self, mock_driver):
     key = utils.get_six_compatible_server_certs_key_passphrase()
     fer = fernet.Fernet(key)
     dummy_cert = local.LocalCert(
         utils.get_six_compatible_value('test_cert'),
         utils.get_six_compatible_value('test_key'))
     mock_driver.generate_cert_key_pair.side_effect = [dummy_cert]
     c = cert_task.GenerateServerPEMTask()
     pem = c.execute('123')
     self.assertEqual(
         fer.decrypt(pem),
         dummy_cert.get_certificate() + dummy_cert.get_private_key())
     mock_driver.generate_cert_key_pair.assert_called_once_with(
         cn='123', validity=cert_task.CERT_VALIDITY)
Exemple #6
0
    def get_create_amphora_flow(self):
        """Creates a flow to create an amphora.

        Ideally that should be configurable in the
        config file - a db session needs to be placed
        into the flow

        :returns: The flow for creating the amphora
        """
        create_amphora_flow = linear_flow.Flow(constants.CREATE_AMPHORA_FLOW)
        create_amphora_flow.add(
            database_tasks.CreateAmphoraInDB(provides=constants.AMPHORA_ID))
        if self.REST_AMPHORA_DRIVER:
            create_amphora_flow.add(
                cert_task.GenerateServerPEMTask(provides=constants.SERVER_PEM))

            create_amphora_flow.add(
                database_tasks.UpdateAmphoraDBCertExpiration(
                    requires=(constants.AMPHORA_ID, constants.SERVER_PEM)))

            create_amphora_flow.add(
                compute_tasks.CertComputeCreate(
                    requires=(constants.AMPHORA_ID, constants.SERVER_PEM),
                    provides=constants.COMPUTE_ID))
        else:
            create_amphora_flow.add(
                compute_tasks.ComputeCreate(requires=constants.AMPHORA_ID,
                                            provides=constants.COMPUTE_ID))
        create_amphora_flow.add(
            database_tasks.MarkAmphoraBootingInDB(
                requires=(constants.AMPHORA_ID, constants.COMPUTE_ID)))
        create_amphora_flow.add(
            compute_tasks.ComputeWait(requires=constants.COMPUTE_ID,
                                      provides=constants.COMPUTE_OBJ))
        create_amphora_flow.add(
            database_tasks.UpdateAmphoraInfo(requires=(constants.AMPHORA_ID,
                                                       constants.COMPUTE_OBJ),
                                             provides=constants.AMPHORA))
        create_amphora_flow.add(
            database_tasks.ReloadAmphora(requires=constants.AMPHORA_ID,
                                         provides=constants.AMPHORA))
        create_amphora_flow.add(
            amphora_driver_tasks.AmphoraFinalize(requires=constants.AMPHORA))
        create_amphora_flow.add(
            database_tasks.MarkAmphoraReadyInDB(requires=constants.AMPHORA))

        return create_amphora_flow
Exemple #7
0
    def _get_create_amp_for_lb_subflow(self, prefix, role):
        """Create a new amphora for lb."""

        sf_name = prefix + '-' + constants.CREATE_AMP_FOR_LB_SUBFLOW
        create_amp_for_lb_subflow = linear_flow.Flow(sf_name)
        create_amp_for_lb_subflow.add(database_tasks.CreateAmphoraInDB(
            name=sf_name + '-' + constants.CREATE_AMPHORA_INDB,
            provides=constants.AMPHORA_ID))

        anti_affinity = CONF.nova.enable_anti_affinity

        if self.REST_AMPHORA_DRIVER:
            create_amp_for_lb_subflow.add(cert_task.GenerateServerPEMTask(
                name=sf_name + '-' + constants.GENERATE_SERVER_PEM,
                provides=constants.SERVER_PEM))

            create_amp_for_lb_subflow.add(
                database_tasks.UpdateAmphoraDBCertExpiration(
                    name=sf_name + '-' + constants.UPDATE_CERT_EXPIRATION,
                    requires=(constants.AMPHORA_ID, constants.SERVER_PEM)))

            if role in (constants.ROLE_BACKUP, constants.ROLE_MASTER
                        ) and anti_affinity:
                create_amp_for_lb_subflow.add(compute_tasks.CertComputeCreate(
                    name=sf_name + '-' + constants.CERT_COMPUTE_CREATE,
                    requires=(constants.AMPHORA_ID, constants.SERVER_PEM,
                              constants.SERVER_GROUP_ID),
                    provides=constants.COMPUTE_ID))
            else:
                create_amp_for_lb_subflow.add(compute_tasks.CertComputeCreate(
                    name=sf_name + '-' + constants.CERT_COMPUTE_CREATE,
                    requires=(constants.AMPHORA_ID, constants.SERVER_PEM),
                    provides=constants.COMPUTE_ID))
        else:

            if role in (constants.ROLE_BACKUP, constants.ROLE_MASTER
                        ) and anti_affinity:
                create_amp_for_lb_subflow.add(compute_tasks.ComputeCreate(
                    name=sf_name + '-' + constants.COMPUTE_CREATE,
                    requires=(constants.AMPHORA_ID, constants.SERVER_GROUP_ID),
                    provides=constants.COMPUTE_ID))
            else:
                create_amp_for_lb_subflow.add(compute_tasks.ComputeCreate(
                    name=sf_name + '-' + constants.COMPUTE_CREATE,
                    requires=constants.AMPHORA_ID,
                    provides=constants.COMPUTE_ID))

        create_amp_for_lb_subflow.add(database_tasks.UpdateAmphoraComputeId(
            name=sf_name + '-' + constants.UPDATE_AMPHORA_COMPUTEID,
            requires=(constants.AMPHORA_ID, constants.COMPUTE_ID)))
        create_amp_for_lb_subflow.add(database_tasks.MarkAmphoraBootingInDB(
            name=sf_name + '-' + constants.MARK_AMPHORA_BOOTING_INDB,
            requires=(constants.AMPHORA_ID, constants.COMPUTE_ID)))
        create_amp_for_lb_subflow.add(compute_tasks.ComputeWait(
            name=sf_name + '-' + constants.COMPUTE_WAIT,
            requires=constants.COMPUTE_ID,
            provides=constants.COMPUTE_OBJ))
        create_amp_for_lb_subflow.add(database_tasks.UpdateAmphoraInfo(
            name=sf_name + '-' + constants.UPDATE_AMPHORA_INFO,
            requires=(constants.AMPHORA_ID, constants.COMPUTE_OBJ),
            provides=constants.AMPHORA))
        create_amp_for_lb_subflow.add(amphora_driver_tasks.AmphoraFinalize(
            name=sf_name + '-' + constants.AMPHORA_FINALIZE,
            requires=constants.AMPHORA))
        create_amp_for_lb_subflow.add(
            database_tasks.MarkAmphoraAllocatedInDB(
                name=sf_name + '-' + constants.MARK_AMPHORA_ALLOCATED_INDB,
                requires=(constants.AMPHORA, constants.LOADBALANCER_ID)))
        create_amp_for_lb_subflow.add(database_tasks.ReloadAmphora(
            name=sf_name + '-' + constants.RELOAD_AMPHORA,
            requires=constants.AMPHORA_ID,
            provides=constants.AMPHORA))

        if role == constants.ROLE_MASTER:
            create_amp_for_lb_subflow.add(database_tasks.MarkAmphoraMasterInDB(
                name=sf_name + '-' + constants.MARK_AMP_MASTER_INDB,
                requires=constants.AMPHORA))
        elif role == constants.ROLE_BACKUP:
            create_amp_for_lb_subflow.add(database_tasks.MarkAmphoraBackupInDB(
                name=sf_name + '-' + constants.MARK_AMP_BACKUP_INDB,
                requires=constants.AMPHORA))
        elif role == constants.ROLE_STANDALONE:
            create_amp_for_lb_subflow.add(
                database_tasks.MarkAmphoraStandAloneInDB(
                    name=sf_name + '-' + constants.MARK_AMP_STANDALONE_INDB,
                    requires=constants.AMPHORA))

        return create_amp_for_lb_subflow
Exemple #8
0
    def get_failover_flow(self):
        """Creates a flow to failover a stale amphora

        :returns: The flow for amphora failover
        """

        failover_amphora_flow = linear_flow.Flow(
            constants.FAILOVER_AMPHORA_FLOW)
        failover_amphora_flow.add(
            network_tasks.RetrievePortIDsOnAmphoraExceptLBNetwork(
                requires=constants.AMPHORA, provides=constants.PORTS))
        failover_amphora_flow.add(
            network_tasks.FailoverPreparationForAmphora(
                requires=constants.AMPHORA))
        failover_amphora_flow.add(
            compute_tasks.ComputeDelete(requires=constants.AMPHORA))
        failover_amphora_flow.add(
            database_tasks.MarkAmphoraDeletedInDB(requires=constants.AMPHORA))
        failover_amphora_flow.add(
            database_tasks.CreateAmphoraInDB(provides=constants.AMPHORA_ID))
        failover_amphora_flow.add(
            database_tasks.GetUpdatedFailoverAmpNetworkDetailsAsList(
                requires=(constants.AMPHORA_ID, constants.AMPHORA),
                provides=constants.AMPS_DATA))
        if self.REST_AMPHORA_DRIVER:
            failover_amphora_flow.add(
                cert_task.GenerateServerPEMTask(provides=constants.SERVER_PEM))
            failover_amphora_flow.add(
                compute_tasks.CertComputeCreate(
                    requires=(constants.AMPHORA_ID, constants.SERVER_PEM),
                    provides=constants.COMPUTE_ID))
        else:
            failover_amphora_flow.add(
                compute_tasks.ComputeCreate(requires=constants.AMPHORA_ID,
                                            provides=constants.COMPUTE_ID))
        failover_amphora_flow.add(
            database_tasks.UpdateAmphoraComputeId(
                requires=(constants.AMPHORA_ID, constants.COMPUTE_ID)))
        failover_amphora_flow.add(
            database_tasks.AssociateFailoverAmphoraWithLBID(
                requires=(constants.AMPHORA_ID, constants.LOADBALANCER_ID)))
        failover_amphora_flow.add(
            database_tasks.MarkAmphoraBootingInDB(
                requires=(constants.AMPHORA_ID, constants.COMPUTE_ID)))
        wait_flow = linear_flow.Flow(
            constants.WAIT_FOR_AMPHORA,
            retry=retry.Times(CONF.controller_worker.amp_active_retries))
        wait_flow.add(
            compute_tasks.ComputeWait(requires=constants.COMPUTE_ID,
                                      provides=constants.COMPUTE_OBJ))
        wait_flow.add(
            database_tasks.UpdateAmphoraInfo(requires=(constants.AMPHORA_ID,
                                                       constants.COMPUTE_OBJ),
                                             provides=constants.AMPHORA))
        failover_amphora_flow.add(wait_flow)
        failover_amphora_flow.add(
            database_tasks.ReloadAmphora(requires=constants.AMPHORA_ID,
                                         provides=constants.FAILOVER_AMPHORA))
        failover_amphora_flow.add(
            amphora_driver_tasks.AmphoraFinalize(
                rebind={constants.AMPHORA: constants.FAILOVER_AMPHORA},
                requires=constants.AMPHORA))
        failover_amphora_flow.add(
            database_tasks.UpdateAmphoraVIPData(requires=constants.AMPS_DATA))
        failover_amphora_flow.add(
            database_tasks.ReloadLoadBalancer(
                requires=constants.LOADBALANCER_ID,
                provides=constants.LOADBALANCER))
        failover_amphora_flow.add(
            network_tasks.GetAmphoraeNetworkConfigs(
                requires=constants.LOADBALANCER,
                provides=constants.AMPHORAE_NETWORK_CONFIG))
        failover_amphora_flow.add(
            database_tasks.GetListenersFromLoadbalancer(
                requires=constants.LOADBALANCER, provides=constants.LISTENERS))
        failover_amphora_flow.add(
            database_tasks.GetVipFromLoadbalancer(
                requires=constants.LOADBALANCER, provides=constants.VIP))
        failover_amphora_flow.add(
            amphora_driver_tasks.ListenersUpdate(requires=(constants.LISTENERS,
                                                           constants.VIP)))
        failover_amphora_flow.add(
            amphora_driver_tasks.AmphoraPostVIPPlug(
                requires=(constants.LOADBALANCER,
                          constants.AMPHORAE_NETWORK_CONFIG)))
        failover_amphora_flow.add(
            network_tasks.GetMemberPorts(
                rebind={constants.AMPHORA: constants.FAILOVER_AMPHORA},
                requires=(constants.LOADBALANCER, constants.AMPHORA),
                provides=constants.MEMBER_PORTS))
        failover_amphora_flow.add(
            amphora_driver_tasks.AmphoraPostNetworkPlug(
                rebind={
                    constants.AMPHORA: constants.FAILOVER_AMPHORA,
                    constants.PORTS: constants.MEMBER_PORTS
                },
                requires=(constants.AMPHORA, constants.PORTS)))
        failover_amphora_flow.add(
            amphora_driver_tasks.ListenersStart(requires=(constants.LISTENERS,
                                                          constants.VIP)))
        failover_amphora_flow.add(
            database_tasks.MarkAmphoraAllocatedInDB(
                rebind={constants.AMPHORA: constants.FAILOVER_AMPHORA},
                requires=(constants.AMPHORA, constants.LOADBALANCER_ID)))

        return failover_amphora_flow