def start(self): servicegroup.setup(CONF, self.binary, self.tg) for endpoint in self.endpoints: if hasattr(endpoint, 'init_containers'): endpoint.init_containers( context.get_admin_context(all_projects=True)) self.tg.add_dynamic_timer( endpoint.run_periodic_tasks, periodic_interval_max=CONF.periodic_interval_max, context=context.get_admin_context(all_projects=True)) self._server.start()
def start(self): servicegroup.setup(CONF, self.binary, self.tg) periodic.setup(CONF, self.tg) for endpoint in self.endpoints: if isinstance(endpoint, compute_manager.Manager): endpoint.init_containers( context.get_admin_context(all_tenants=True)) self.tg.add_dynamic_timer( endpoint.run_periodic_tasks, periodic_interval_max=CONF.periodic_interval_max, context=context.get_admin_context(all_tenants=True)) self._server.start()
def start(self): servicegroup.setup(CONF, self.binary, self.tg) for endpoint in self.endpoints: if hasattr(endpoint, 'init_containers'): endpoint.init_containers( context.get_admin_context(all_projects=True)) self.tg.add_dynamic_timer( endpoint.run_periodic_tasks, periodic_interval_max=CONF.periodic_interval_max, context=context.get_admin_context(all_projects=True) ) self._server.start()
def _unbind_port(self, port_id): port_req_body = {'port': {'device_id': '', 'device_owner': ''}} port_req_body['port'][BINDING_HOST_ID] = None try: port = self.neutron_api.get_neutron_port(port_id) except exception.PortNotFound: LOG.debug('Unable to show port %s as it no longer ' 'exists.', port_id) return except Exception: # NOTE: In case we can't retrieve the binding:profile assume # that they are empty LOG.exception("Unable to get binding:profile for port '%s'", port_id) port_profile = {} else: port_profile = port.get(BINDING_PROFILE, {}) # NOTE: We're doing this to remove the binding information # for the physical device but don't want to overwrite the other # information in the binding profile. for profile_key in ('pci_vendor_info', 'pci_slot'): if profile_key in port_profile: del port_profile[profile_key] port_req_body['port'][BINDING_PROFILE] = port_profile try: # Requires admin creds to set port bindings admin_context = zun_context.get_admin_context() neutron_api = neutron.NeutronAPI(admin_context) neutron_api.update_port(port_id, port_req_body) except exception.PortNotFound: LOG.debug('Unable to unbind port %s as it no longer ' 'exists.', port_id) except Exception: LOG.exception("Unable to clear device ID for port '%s'", port_id)
def do_port_cleanup(self, addresses, port): preserve_flag = addresses[0].get('preserve_on_delete') port_id = port.get('id') if preserve_flag: port_req_body = {'port': {'device_id': '', 'device_owner': ''}} port_req_body['port'][BINDING_HOST_ID] = None port_req_body['port']['mac_address'] = port.get('mac_address') port_req_body['port'][BINDING_PROFILE] = \ port.get(BINDING_PROFILE, {}) try: # Requires admin creds to set port bindings admin_context = zun_context.get_admin_context() neutron_api = neutron.NeutronAPI(admin_context) neutron_api.update_port(port_id, port_req_body) except exception.PortNotFound: LOG.debug( 'Unable to unbind port %s as it no longer ' 'exists.', port_id) except Exception: LOG.exception("Unable to clear device ID for port '%s'", port_id) else: try: self.neutron_api.delete_port(port_id) except exception.PortNotFound: LOG.debug( 'Unable to delete port %s as it no longer ' 'exists.', port_id)
def _write_cni_metadata(self, context, capsule, requested_networks): neutron_api = neutron.NeutronAPI(context) security_group_ids = utils.get_security_group_ids( context, capsule.security_groups) # TODO(hongbin): handle multiple nics requested_network = requested_networks[0] network_id = requested_network['network'] addresses, port = neutron_api.create_or_update_port( capsule, network_id, requested_network, consts.DEVICE_OWNER_ZUN, security_group_ids, set_binding_host=True) capsule.addresses = {network_id: addresses} neutron_api = neutron.NeutronAPI(zun_context.get_admin_context()) network = neutron_api.show_network(port['network_id'])['network'] subnets = {} for fixed_ip in port['fixed_ips']: subnet_id = fixed_ip['subnet_id'] subnets[subnet_id] = neutron_api.show_subnet(subnet_id)['subnet'] vif_plugin = port.get('binding:vif_type') vif_obj = os_vif_util.neutron_to_osvif_vif(vif_plugin, port, network, subnets) state = objects.vif.VIFState(default_vif=vif_obj) state_dict = state.obj_to_primitive() capsule.cni_metadata = {consts.CNI_METADATA_VIF: state_dict} capsule.save(context)
def new_websocket_client(self): """Called after a new WebSocket connection has been established.""" # Reopen the eventlet hub to make sure we don't share an epoll # fd with parent and/or siblings, which would be bad from eventlet import hubs hubs.use_hub() # The zun expected behavior is to have token # passed to the method GET of the request parse = urlparse.urlparse(self.path) if parse.scheme not in ('http', 'https'): # From a bug in urlparse in Python < 2.7.4 we cannot support # special schemes (cf: https://bugs.python.org/issue9374) if sys.version_info < (2, 7, 4): raise exception.ZunException( _("We do not support scheme '%s' under Python < 2.7.4, " "please use http or https") % parse.scheme) query = parse.query token = urlparse.parse_qs(query).get("token", [""]).pop() uuid = urlparse.parse_qs(query).get("uuid", [""]).pop() exec_id = urlparse.parse_qs(query).get("exec_id", [""]).pop() ctx = context.get_admin_context(all_projects=True) if uuidutils.is_uuid_like(uuid): container = objects.Container.get_by_uuid(ctx, uuid) else: container = objects.Container.get_by_name(ctx, uuid) if exec_id: self._new_exec_client(container, token, uuid, exec_id) else: self._new_websocket_client(container, token, uuid)
def _get_subnetpool(self, subnet): # NOTE(kiennt): Elevate admin privilege to list all subnetpools # across projects. admin_context = zun_context.get_admin_context() neutron_api = neutron.NeutronAPI(admin_context) subnetpool_id = subnet.get('subnetpool_id') if self._check_valid_subnetpool(neutron_api, subnetpool_id, subnet['cidr']): return subnetpool_id # NOTE(kiennt): Subnetpool which was created by Kuryr-libnetwork # will be tagged with subnet_id. kwargs = { 'tags': [subnet['id']], } subnetpools = \ neutron_api.list_subnetpools(**kwargs).get('subnetpools', []) if not subnetpools: return None elif len(subnetpools) > 1: raise exception.ZunException(_( 'Multiple Neutron subnetpools exist with prefixes %s'), subnet['cidr']) else: return subnetpools[0]['id']
def new_websocket_client(self): """Called after a new WebSocket connection has been established.""" # Reopen the eventlet hub to make sure we don't share an epoll # fd with parent and/or siblings, which would be bad from eventlet import hubs hubs.use_hub() # The zun expected behavior is to have token # passed to the method GET of the request parse = urlparse.urlparse(self.path) if parse.scheme not in ('http', 'https'): # From a bug in urlparse in Python < 2.7.4 we cannot support # special schemes (cf: https://bugs.python.org/issue9374) if sys.version_info < (2, 7, 4): raise exception.ZunException( _("We do not support scheme '%s' under Python < 2.7.4, " "please use http or https") % parse.scheme) query = parse.query token = urlparse.parse_qs(query).get("token", [""]).pop() uuid = urlparse.parse_qs(query).get("uuid", [""]).pop() exec_id = urlparse.parse_qs(query).get("exec_id", [""]).pop() ctx = context.get_admin_context(all_projects=True) if uuidutils.is_uuid_like(uuid): container = objects.Container.get_by_uuid(ctx, uuid) else: container = objects.Container.get_by_name(ctx, uuid) if exec_id: self._new_exec_client(container, token, uuid, exec_id) else: self._new_websocket_client(container, token, uuid)
def setUp(self): super(TestProviderTree, self).setUp() self.context = context.get_admin_context() self.compute_node1 = utils.get_test_compute_node( self.context, uuid=uuids.cn1, hostname='compute-node-1') self.compute_node2 = utils.get_test_compute_node( self.context, uuid=uuids.cn2, hostname='compute-node-2') self.compute_nodes = [self.compute_node1, self.compute_node2]
def __init__(self, worker_id, registry): super(CNIDaemonWatcherService, self).__init__(worker_id) self.registry = registry self.host = CONF.host self.context = zun_context.get_admin_context(all_projects=True) self.neutron_api = neutron.NeutronAPI(self.context) self.periodic = periodics.PeriodicWorker.create( [], executor_factory=lambda: futures.ThreadPoolExecutor(max_workers=1))
def setup(binary, host): if CONF.profiler.enabled: profiler_initializer.init_from_conf( conf=CONF, context=context.get_admin_context().to_dict(), project="zun", service=binary, host=host) LOG.info('OSProfiler is enabled.')
def start(self): servicegroup.setup(CONF, self.binary, self.tg) periodic.setup(CONF, self.tg) for endpoint in self.endpoints: self.tg.add_dynamic_timer( endpoint.run_periodic_tasks, periodic_interval_max=CONF.periodic_interval_max, context=context.get_admin_context(all_tenants=True)) self._server.start()
def setup(binary, host): if profiler_initializer and CONF.profiler.enabled: profiler_initializer.init_from_conf( conf=CONF, context=context.get_admin_context().to_dict(), project="zun", service=binary, host=host) LOG.info('OSProfiler is enabled.')
def _get_phynet_info(self, context, net_id): # NOTE(hongbin): Use admin context here because non-admin users are # unable to retrieve provider:* attributes. admin_context = zun_context.get_admin_context() neutron_api = neutron.NeutronAPI(admin_context) network = neutron_api.show_network(net_id, fields='provider:physical_network') net = network.get('network') phynet_name = net.get('provider:physical_network') return phynet_name
def setUp(self): super(PciDevTrackerTestCase, self).setUp() self.fake_context = context.get_admin_context() self.fake_devs = fake_db_devs[:] self.stub_out('zun.db.api.get_all_pci_device_by_node', self._fake_get_pci_devices) # The fake_pci_whitelist must be called before creating the fake # devices patcher = pci_fakes.fake_pci_whitelist() self.addCleanup(patcher.stop) self._create_tracker(fake_db_devs[:])
def setUp(self): super(PciDevTrackerTestCase, self).setUp() self.fake_context = context.get_admin_context() self.fake_devs = fake_db_devs[:] self.stub_out('zun.db.api.get_all_pci_device_by_node', self._fake_get_pci_devices) # The fake_pci_whitelist must be called before creating the fake # devices patcher = pci_fakes.fake_pci_whitelist() self.addCleanup(patcher.stop) self._create_tracker(fake_db_devs[:])
def process_networking_config(self, container, requested_network, host_config, container_kwargs, docker, security_group_ids=None): network_id = requested_network['network'] addresses, port = self.neutron_api.create_or_update_port( container, network_id, requested_network, consts.DEVICE_OWNER_ZUN, security_group_ids, set_binding_host=True) container.addresses = {network_id: addresses} admin_neutron_api = neutron.NeutronAPI(zun_context.get_admin_context()) network = admin_neutron_api.show_network(port['network_id'])['network'] subnets = {} for fixed_ip in port['fixed_ips']: subnet_id = fixed_ip['subnet_id'] subnets[subnet_id] = \ admin_neutron_api.show_subnet(subnet_id)['subnet'] vif_plugin = port.get('binding:vif_type') vif_obj = os_vif_util.neutron_to_osvif_vif(vif_plugin, port, network, subnets) state = objects.vif.VIFState(default_vif=vif_obj) state_dict = state.obj_to_primitive() container.cni_metadata = {consts.CNI_METADATA_VIF: state_dict} container.save(self.context) host_config['network_mode'] = 'none' container_kwargs['mac_address'] = port['mac_address'] # We manipulate entrypoint and command parameters in here. token = (container.entrypoint or []) + (container.command or []) new_command = ZUN_INIT + ' '.join(shlex.quote(t) for t in token) new_entrypoint = ['/bin/sh', '-c'] container_kwargs['entrypoint'] = new_entrypoint container_kwargs['command'] = [new_command]
def add_security_groups_to_ports(self, container, security_group_ids): container_id = container.get_sandbox_id() if not container_id: container_id = container.container_id port_ids = set() for addrs_list in container.addresses.values(): for addr in addrs_list: port_id = addr['port'] port_ids.add(port_id) search_opts = {'tenant_id': self.context.project_id} neutron_ports = self.neutron_api.list_ports(**search_opts).get( 'ports', []) neutron_ports = [p for p in neutron_ports if p['id'] in port_ids] for port in neutron_ports: if 'security_groups' not in port: port['security_groups'] = [] port['security_groups'].extend(security_group_ids) updated_port = {'security_groups': port['security_groups']} try: LOG.info( "Adding security group %(security_group_ids)s " "to port %(port_id)s", { 'security_group_ids': security_group_ids, 'port_id': port['id'] }) admin_context = zun_context.get_admin_context() neutron_api = neutron.NeutronAPI(admin_context) neutron_api.update_port(port['id'], {'port': updated_port}) except exceptions.NeutronClientException as e: exc_info = sys.exc_info() if e.status_code == 400: raise exception.SecurityGroupCannotBeApplied( six.text_type(e)) else: six.reraise(*exc_info) except Exception: with excutils.save_and_reraise_exception(): LOG.exception("Neutron Error:")
def setUp(self): cfg.CONF.set_override('db_type', 'sql') super(DbPciDeviceTestCase, self).setUp() self.admin_context = context.get_admin_context() self._compute_node = None self.ignored_keys = ['id', 'updated_at', 'created_at']
def setUp(self): super(DBQuotaTestCase, self).setUp() self.ctx = context.get_admin_context() self.project_id = 'fake_project_id' self.resource = 'containers' self.limit = 100
def new_websocket_client(self): """Called after a new WebSocket connection has been established.""" # Reopen the eventlet hub to make sure we don't share an epoll # fd with parent and/or siblings, which would be bad from eventlet import hubs hubs.use_hub() # The zun expected behavior is to have token # passed to the method GET of the request parse = urlparse.urlparse(self.path) if parse.scheme not in ('http', 'https'): # From a bug in urlparse in Python < 2.7.4 we cannot support # special schemes (cf: https://bugs.python.org/issue9374) if sys.version_info < (2, 7, 4): raise exception.ZunException( _("We do not support scheme '%s' under Python < 2.7.4, " "please use http or https") % parse.scheme) query = parse.query token = urlparse.parse_qs(query).get("token", [""]).pop() uuid = urlparse.parse_qs(query).get("uuid", [""]).pop() dbapi = db_api._get_dbdriver_instance() ctx = context.get_admin_context(all_tenants=True) if uuidutils.is_uuid_like(uuid): container = dbapi.get_container_by_uuid(ctx, uuid) else: container = dbapi.get_container_by_name(ctx, uuid) if token != container.websocket_token: raise exception.InvalidWebsocketToken(token) access_url = '%s?token=%s&uuid=%s' % (CONF.websocket_proxy.base_url, token, uuid) # Verify Origin expected_origin_hostname = self.headers.get('Host') if ':' in expected_origin_hostname: e = expected_origin_hostname if '[' in e and ']' in e: expected_origin_hostname = e.split(']')[0][1:] else: expected_origin_hostname = e.split(':')[0] expected_origin_hostnames = CONF.websocket_proxy.allowed_origins expected_origin_hostnames.append(expected_origin_hostname) origin_url = self.headers.get('Origin') # missing origin header indicates non-browser client which is OK if origin_url is not None: origin = urlparse.urlparse(origin_url) origin_hostname = origin.hostname origin_scheme = origin.scheme if origin_hostname == '' or origin_scheme == '': detail = _("Origin header not valid.") raise exception.ValidationError(detail) if origin_hostname not in expected_origin_hostnames: detail = _("Origin header does not match this host.") raise exception.ValidationError(detail) if not self.verify_origin_proto(access_url, origin_scheme): detail = _("Origin header protocol does not match this host.") raise exception.ValidationError(detail) if container.websocket_url: target_url = container.websocket_url escape = "~" close_wait = 0.5 wscls = WebSocketClient(host_url=target_url, escape=escape, close_wait=close_wait) wscls.connect() self.target = wscls else: raise exception.InvalidWebsocketUrl() # Start proxying try: self.do_proxy(self.target.ws) except Exception as e: if self.target.ws: self.target.ws.close() self.vmsg(_("%Websocket client or target closed")) raise
def create_or_update_port(self, container, network_name, requested_network, security_groups=None): if requested_network.get('port'): neutron_port_id = requested_network.get('port') neutron_port = self.neutron_api.get_neutron_port(neutron_port_id) # NOTE(hongbin): If existing port is specified, security_group_ids # is ignored because existing port already has security groups. # We might revisit this behaviour later. Alternatively, we could # either throw an exception or overwrite the port's security # groups. if not container.security_groups: container.security_groups = [] if neutron_port.get('security_groups'): for sg in neutron_port['security_groups']: if sg not in container.security_groups: container.security_groups += [sg] container.save(self.context) # update device_id in port port_req_body = {'port': {'device_id': container.uuid}} self.neutron_api.update_port(neutron_port_id, port_req_body) # If there is pci_request_id, it should be a sriov port. # populate pci related info. pci_request_id = requested_network.get('pci_request_id') if pci_request_id: self._populate_neutron_extension_values(container, pci_request_id, port_req_body) self._populate_pci_mac_address(container, pci_request_id, port_req_body) # NOTE(hongbin): Use admin context here because non-admin # context might not be able to update some attributes # (i.e. binding:profile). admin_context = zun_context.get_admin_context() neutron_api = neutron.NeutronAPI(admin_context) neutron_api.update_port(neutron_port_id, port_req_body) else: network = self.inspect_network(network_name) neutron_net_id = network['Options']['neutron.net.uuid'] port_dict = { 'network_id': neutron_net_id, 'tenant_id': self.context.project_id, 'device_id': container.uuid, } ip_addr = requested_network.get("v4-fixed-ip") or requested_network.\ get("v6-fixed-ip") if ip_addr: port_dict['fixed_ips'] = [{'ip_address': ip_addr}] if security_groups is not None: port_dict['security_groups'] = security_groups neutron_port = self.neutron_api.create_port({'port': port_dict}) neutron_port = neutron_port['port'] preserve_on_delete = requested_network['preserve_on_delete'] addresses = [] for fixed_ip in neutron_port['fixed_ips']: ip_address = fixed_ip['ip_address'] ip = ipaddress.ip_address(six.text_type(ip_address)) if ip.version == 4: addresses.append({ 'addr': ip_address, 'version': 4, 'port': neutron_port['id'], 'subnet_id': fixed_ip['subnet_id'], 'preserve_on_delete': preserve_on_delete }) else: addresses.append({ 'addr': ip_address, 'version': 6, 'port': neutron_port['id'], 'subnet_id': fixed_ip['subnet_id'], 'preserve_on_delete': preserve_on_delete }) return addresses, neutron_port
def handler(self, ctx): ctx = context.get_admin_context() func(self, ctx)
def setUp(self): super(DBQuotaClassesTestCase, self).setUp() self.ctx = context.get_admin_context() self.class_name = 'default' self.resource = 'containers' self.limit = 100
def handler(self, ctx): if ctx is None: ctx = context.get_admin_context(all_tenants=True) func(self, ctx)
def create_or_update_port(self, container, network_name, requested_network, security_groups=None): if requested_network.get('port'): neutron_port_id = requested_network.get('port') neutron_port = self.neutron_api.get_neutron_port(neutron_port_id) # update device_id in port port_req_body = {'port': {'device_id': container.uuid}} self.neutron_api.update_port(neutron_port_id, port_req_body) # If there is pci_request_id, it should be a sriov port. # populate pci related info. pci_request_id = requested_network.get('pci_request_id') if pci_request_id: self._populate_neutron_extension_values( container, pci_request_id, port_req_body) self._populate_pci_mac_address(container, pci_request_id, port_req_body) # NOTE(hongbin): Use admin context here because non-admin # context might not be able to update some attributes # (i.e. binding:profile). admin_context = zun_context.get_admin_context() neutron_api = neutron.NeutronAPI(admin_context) neutron_api.update_port(neutron_port_id, port_req_body) else: network = self.inspect_network(network_name) neutron_net_id = network['Options']['neutron.net.uuid'] port_dict = { 'network_id': neutron_net_id, 'tenant_id': self.context.project_id, 'device_id': container.uuid, } ip_addr = requested_network.get("fixed_ip") if ip_addr: port_dict['fixed_ips'] = [{'ip_address': ip_addr}] if security_groups is not None: port_dict['security_groups'] = security_groups neutron_port = self.neutron_api.create_port({'port': port_dict}) neutron_port = neutron_port['port'] preserve_on_delete = requested_network['preserve_on_delete'] addresses = [] for fixed_ip in neutron_port['fixed_ips']: ip_address = fixed_ip['ip_address'] ip = ipaddress.ip_address(six.text_type(ip_address)) if ip.version == 4: addresses.append({ 'addr': ip_address, 'version': 4, 'port': neutron_port['id'], 'subnet_id': fixed_ip['subnet_id'], 'preserve_on_delete': preserve_on_delete }) else: addresses.append({ 'addr': ip_address, 'version': 6, 'port': neutron_port['id'], 'subnet_id': fixed_ip['subnet_id'], 'preserve_on_delete': preserve_on_delete }) return addresses, neutron_port
def setUp(self): super(DbPciDeviceTestCase, self).setUp() self.admin_context = context.get_admin_context() self._compute_node = None self.ignored_keys = ['id', 'updated_at', 'created_at']
def __init__(self, registry): self.registry = registry self.host = CONF.host self.context = zun_context.get_admin_context(all_projects=True) self.neutron_api = neutron.NeutronAPI(self.context)
def _get_admin_client(self): if self.admin_client is None: context = zun_context.get_admin_context() self.admin_client = clients.OpenStackClients(context).neutron() return self.admin_client
def _get_admin_client(self): if self.admin_client is None: context = zun_context.get_admin_context() self.admin_client = clients.OpenStackClients(context).neutron() return self.admin_client
def test_request_context_sets_is_admin(self): ctxt = zun_context.get_admin_context() self.assertTrue(ctxt.is_admin)