def _eval_config():
global __CONFIG__
if not __CONFIG__:
try:
if sys.argv.index('-c') >= 0:
__CONFIG__ = Config(sys.argv[sys.argv.index('-c') + 1])
elif sys.argv.index('--config') >= 0:
__CONFIG__ = Config(sys.argv[sys.argv.index('--config') +
1])
except:
__CONFIG__ = Config(CONFIG_LOCATION)
return __CONFIG__
def __init__(self, *_args, **kwargs):
self.arg_parser = argparse.ArgumentParser()
controllers = self.arg_parser.add_subparsers(dest='action',
help='Shell commands')
service = controllers.add_parser(
'service', help='Start trigger monitoring service')
service.add_argument('-p',
'--pidfile',
dest='pidfile',
help='Daemonize process with the '
'given pid file')
service.add_argument('-c', '--config', help='Config file')
service.add_argument(
'action',
choices=['start', 'stop', 'restart', 'run'],
help='Apply action on the daemonized process\n'
'For the actions [start, stop, restart] - pass a pid file\n'
'Run - start process in debug mode\n')
exec_ = controllers.add_parser('exec', help='Execute cron job')
exec_.add_argument('job_name', help='Job name')
exec_.add_argument('-t', '--tags', help='Comma-separated tags')
exec_.add_argument('-e', '--env', help='Environment')
setattr(self, 'exec', self.run_job)
if _args:
self.args = self.arg_parser.parse_args(_args)
global CONFIG
if 'config' in kwargs:
CONFIG = Config(kwargs['config'])
def install():
print "Installing CloudRunner OpenStack Plugin"
from cloudrunner import CONFIG_LOCATION
from cloudrunner.util.config import Config
print "Found master config in %s" % CONFIG_LOCATION
config = Config(CONFIG_LOCATION)
config.update('Plugins', 'openstack',
'cloudrunner_server.plugins.auth.openstack_verifier')
config.reload()
print "Cloudrunner OpenStack configuration completed"
import os
from pecan import request
from pecan.core import abort
import zmq
from cloudrunner import VAR_DIR
from cloudrunner import CONFIG_LOCATION
from cloudrunner.util.config import Config
from cloudrunner_server.core.message import M, Dispatch, GetNodes
from cloudrunner.util.logconfig import configure_loggers
configure_loggers(logging.DEBUG, os.path.join(VAR_DIR, 'log',
'cr-rest-api.log'))
LOG = logging.getLogger()
CONFIG = Config(CONFIG_LOCATION)
CONTEXT = None
class Master(object):
def __init__(self, user, timeout=2):
self.timeout = timeout
self.proxy_uri = CONFIG.listen_uri or 'tcp://0.0.0.0:5559'
if not self.proxy_uri.startswith('tcp://'):
self.proxy_uri = 'tcp://' + self.proxy_uri
self.user = user
def close(self):
# cleaning up
# self.socket.close()
pass
'debug': DEBUG,
'errors': {
'__force_dict__': True
}
}
app['hooks'] = [
TransactionHook(model.start, model.start, model.commit, model.rollback,
model.clear)
]
if DEBUG:
app['hooks'].append(RequestViewerHook())
app['static_root'] = '%s/templates/' % APP_DIR
cr_config = Config(CONFIG_LOCATION)
schedule_manager = local_plugin_loader(cr_config.scheduler)()
REST_SERVER_URL = cr_config.rest_api_url or "http://localhost/rest/"
DASH_SERVER_URL = cr_config.dash_api_url or "http://localhost/"
zmq = {'server_uri': "tcp://0.0.0.0:5559"}
sqlalchemy = {
'echo': False,
'echo_pool': False,
'pool_recycle': 3600,
'encoding': 'utf-8'
}
# under the License.
import logging
import os
from unittest import TestCase
import cloudrunner.plugins as plugins
from cloudrunner.util.config import Config
from cloudrunner.util.loader import load_plugins
CONF_FILE = os.path.join(os.path.dirname(__file__), 'test.conf')
_PLUGINS = [('common',
os.path.join(os.path.dirname(plugins.__file__),
"state/functions.py"))]
CONFIG = Config(CONF_FILE)
CONFIG.plugins.items = lambda: _PLUGINS
LOG = logging.getLogger("BaseTest")
class BaseTestCase(TestCase):
@classmethod
def setUpClass(cls):
load_plugins(CONFIG)
if hasattr(cls, 'fixture_class'):
cls.fixture_class()
if not hasattr(TestCase, 'assertIsNotNone'):
def _assertIsNotNone(cls, val):
cls.assertNotEqual(val, None)
def install():
print "Installing CloudRunner Keystone Plugin"
from cloudrunner import CONFIG_LOCATION
from cloudrunner.util.config import Config
print "Found master config in %s" % CONFIG_LOCATION
config = Config(CONFIG_LOCATION)
DEFAULT_URL = config.auth_url or "http://127.0.0.1:5000/v2.0"
print "Enter Keystone AUTH URL (Hit ENTER for default: %s)" % DEFAULT_URL
auth_url = raw_input('> ')
if not auth_url:
auth_url = DEFAULT_URL
DEFAULT_ADMIN_URL = auth_url.replace(':5000', ':35357')
print "Enter Keystone AUTH ADMIN URL (Hit ENTER for default: %s)" % \
DEFAULT_ADMIN_URL
admin_url = raw_input('> ')
if not admin_url:
admin_url = DEFAULT_ADMIN_URL
if config.auth_user:
print "Enter Keystone admin user (Hit ENTER for default: %s)" % \
config.auth_user
admin_user = raw_input('> ')
if not admin_user:
admin_user = config.auth_user
else:
print "Enter Keystone admin user:"******"Enter Keystone admin password (Hit ENTER for default: %s)" % \
config.auth_pass
admin_pass = raw_input('> ')
if not admin_pass:
admin_pass = config.auth_pass
else:
print "Enter Keystone admin password:"******"Testing connection to Keystone server:"
class ConfigMock(object):
def __init__(self, url, admin_url, user, password):
self.auth_url = url
self.auth_admin_url = admin_url
self.auth_user = user
self.auth_pass = password
self.auth_admin_tenant = None
self.auth_timeout = None
self.token_expiration = None
mock_config = ConfigMock(auth_url, admin_url, admin_user, admin_pass)
from cloudrunner_server.plugins.auth.keystone_auth import KeystoneAuth
auth = KeystoneAuth(mock_config)
try:
print "Loading tenants:"
for x in auth.list_orgs():
print x
except Unauthorized:
print "The plugin cannot reach the Keystone server. " \
"Configuration aborted. Check settings"
sys.exit(1)
config.update(
'General', 'auth',
'cloudrunner_server.plugins.auth.keystone_auth.KeystoneAuth')
config.update('General', 'auth_url', auth_url)
config.update('General', 'auth_admin_url', admin_url)
config.update('General', 'auth_user', admin_user)
config.update('General', 'auth_pass', admin_pass)
config.reload()
print "Keystone configuration completed"
def configure(self, overwrite=False, **kwargs):
config = Config(CONFIG_NODE_LOCATION)
conf_dir = os.path.abspath(os.path.dirname(CONFIG_NODE_LOCATION))
if not os.path.exists(conf_dir):
os.makedirs(conf_dir)
conf_dir = os.path.join(LIB_DIR, "cloudrunner_node")
key_size = int(config.security.key_size or 2048)
cert_dir = os.path.join(conf_dir, 'certs')
if not os.path.exists(cert_dir):
os.makedirs(cert_dir)
key_file = config.security.node_key
if key_file and os.path.exists(key_file) and not overwrite:
print("Node key file already exists in your config. "
"If you want to create new one - run\n"
"\tcloudrunner-node configure --overwrite\n"
"IMPORTANT! Please note that regenerating your key "
"and certificate will prevent the node from "
"connecting to the Master, if it already has "
"an approved certificate!")
exit(2)
crt_file = config.security.node_cert
if crt_file and os.path.exists(crt_file) and not overwrite:
print("Node certificate file already exists in your config. "
"If you still want to create new one - run\n"
"\tcloudrunner-node configure --overwrite\n"
"IMPORTANT! Please note that regenerating your key "
"and certificate will prevent the node from "
"connecting to the Master, if it already has "
"an approved certificate!")
exit(2)
cert_password = ''.join(
[random.choice(ascii_letters) for x in range(32)])
key_file = os.path.join(cert_dir, '%s.key' % self.node_id)
crt_file = os.path.join(cert_dir, '%s.crt' % self.node_id)
key = m.EVP.PKey()
rsa = m.RSA.gen_key(key_size, 65537, lambda: True)
key.assign_rsa(rsa)
rsa = None
print("Saving KEY file %s" % key_file)
key.save_key(key_file, callback=lambda x: cert_password)
os.chmod(key_file, stat.S_IREAD | stat.S_IWRITE)
req = m.X509.Request()
req.set_pubkey(key)
req.set_version(2)
subj = req.get_subject()
try:
import locale
l_c = locale.getdefaultlocale()
subj.C = l_c[0].rpartition('_')[-1]
except:
pass
if not subj.C or len(subj.C) != 2:
subj.C = "US"
subj.CN = kwargs.get("node_id") or self.node_id
subj.OU = 'DEFAULT'
if kwargs.get('tags') and isinstance(kwargs['tags'], list):
for tag in kwargs['tags']:
subj.GN = tag
req.sign(key, 'sha1')
assert req.verify(key)
assert req.verify(req.get_pubkey())
print("Certificate Subject %s" % subj)
if os.path.exists(crt_file):
# if crt file exists - remove it, as it cannot be used
# anymore with the key file
os.unlink(crt_file)
# Self-sign the certificate
x509 = m.X509.X509()
x509.set_version(2)
x509.set_serial_number(1)
now_t = long(time.time()) + time.timezone
ASN1_after = m.ASN1.ASN1_UTCTIME()
ASN1_after.set_time(now_t)
x509.set_not_before(ASN1_after)
ASN1_before = m.ASN1.ASN1_UTCTIME()
ASN1_before.set_time(now_t + 10 * 60 * 60 * 24 * 365)
x509.set_not_after(ASN1_before)
x509.set_pubkey(pkey=key)
x509.set_subject(subj)
issuer = m.X509.X509_Name()
issuer.CN = subj.CN
x509.set_issuer(issuer)
x509.set_pubkey(key)
x509.set_pubkey(x509.get_pubkey()) # Assert get/set work
x509.sign(key, 'sha1')
print("Saving cert file %s" % crt_file)
x509.save_pem(crt_file)
print("Updating config settings")
config.update('General', 'node_id', subj.CN)
if not kwargs.get("master_repl"):
config.update('General', 'master_repl', "0.0.0.0:5552")
if not kwargs.get("user_store"):
user_store = os.path.join(LIB_DIR, 'cloudrunner', 'user_store.db')
config.update('General', 'user_store', user_store)
config.update('General', 'work_dir', os.path.join(conf_dir, 'tmp'))
config.update('Security', 'node_key', key_file)
config.update('Security', 'node_cert', crt_file)
config.update('Security', 'cert_pass', cert_password)
if not config.plugins.items():
# No items yet
config.update('Plugins', 'state',
"cloudrunner.plugins.state.functions")
config.reload()
def install():
print "Installing CloudRunner Keystone Plugin"
from cloudrunner import CONFIG_LOCATION
from cloudrunner.util.config import Config
print "Found master config in %s" % CONFIG_LOCATION
config = Config(CONFIG_LOCATION)
DEFAULT_URL = config.auth_url or "http://127.0.0.1:5000/v2.0"
print "Enter Keystone AUTH URL (Hit ENTER for default: %s)" % DEFAULT_URL
auth_url = raw_input('> ')
if not auth_url:
auth_url = DEFAULT_URL
DEFAULT_ADMIN_URL = auth_url.replace(':5000', ':35357')
print "Enter Keystone AUTH ADMIN URL (Hit ENTER for default: %s)" % \
DEFAULT_ADMIN_URL
admin_url = raw_input('> ')
if not admin_url:
admin_url = DEFAULT_ADMIN_URL
if config.auth_user:
print "Enter Keystone admin user (Hit ENTER for default: %s)" % \
config.auth_user
admin_user = raw_input('> ')
if not admin_user:
admin_user = config.auth_user
else:
print "Enter Keystone admin user:"******"Enter Keystone admin password (Hit ENTER for default: %s)" % \
config.auth_pass
admin_pass = raw_input('> ')
if not admin_pass:
admin_pass = config.auth_pass
else:
print "Enter Keystone admin password:"******"Testing connection to Keystone server:"
class ConfigMock(object):
def __init__(self, url, admin_url, user, password):
self.auth_url = url
self.auth_admin_url = admin_url
self.auth_user = user
self.auth_pass = password
self.auth_admin_tenant = None
self.auth_timeout = None
self.token_expiration = None
mock_config = ConfigMock(auth_url, admin_url, admin_user, admin_pass)
from cloudrunner_server.plugins.auth.keystone_auth import KeystoneAuth
auth = KeystoneAuth(mock_config)
try:
print "Loading tenants:"
for x in auth.list_orgs():
print x
except Unauthorized:
print "The plugin cannot reach the Keystone server. " \
"Configuration aborted. Check settings"
sys.exit(1)
config.update('General', 'auth',
'cloudrunner_server.plugins.auth.keystone_auth.KeystoneAuth')
config.update('General', 'auth_url', auth_url)
config.update('General', 'auth_admin_url', admin_url)
config.update('General', 'auth_user', admin_user)
config.update('General', 'auth_pass', admin_pass)
config.reload()
print "Keystone configuration completed"
# * without the express permission of CloudRunner.io
# *******************************************************/
import logging
from mock import MagicMock, patch
import os
from unittest import TestCase
from sqlalchemy import create_engine
from sqlalchemy.pool import StaticPool
import cloudrunner.plugins as plugins
from cloudrunner.util.config import Config
from cloudrunner.util.loader import load_plugins
from cloudrunner_server.api.model import * # noqa
CONFIG = Config(os.path.join(os.path.dirname(__file__), 'test.config'))
LOG = logging.getLogger("BaseTest")
_plugins = [
('common',
os.path.join(os.path.dirname(plugins.__file__), "state/functions.py")),
]
CONFIG.plugins.items = lambda: _plugins
engine = None
util = MagicMock(timestamp=MagicMock(return_value=123456789),
cache=MagicMock())
class BaseTestCase(TestCase):
modules = {'cloudrunner_server.util': util}
def main():
parser = argparse.ArgumentParser(description='CloudRunner CLI tool')
_common = argparse.ArgumentParser(add_help=False)
_common.add_argument('-c', '--config', help="Config file")
commands = parser.add_subparsers(dest='controller', help='Commands')
def _eval_config():
global __CONFIG__
if not __CONFIG__:
try:
if sys.argv.index('-c') >= 0:
__CONFIG__ = Config(sys.argv[sys.argv.index('-c') + 1])
elif sys.argv.index('--config') >= 0:
__CONFIG__ = Config(sys.argv[sys.argv.index('--config') +
1])
except:
__CONFIG__ = Config(CONFIG_LOCATION)
return __CONFIG__
def _list_active_nodes(prefix, parsed_args, **kwargs):
global __ACT_NODES__
if not __ACT_NODES__:
_config = _eval_config()
__ACT_NODES__ = functions.CertController(_config).\
list_all_approved()
return (c for c in __ACT_NODES__ if c.startswith(prefix))
def _list_pending_nodes(prefix, parsed_args, **kwargs):
global __PEND_NODES__
if not __PEND_NODES__:
_config = _eval_config()
__PEND_NODES__ = functions.CertController(_config).list_pending()
return (c for c in __PEND_NODES__ if c.startswith(prefix))
def _list_sub_ca(prefix, parsed_args, **kwargs):
global __CA__
if not __CA__:
_config = _eval_config()
__CA__ = functions.CertController(_config).list_ca()
return (c[1] for c in __CA__ if c[1].startswith(prefix))
# Cert command
cert = commands.add_parser('cert',
parents=[_common],
help='Manage node certificates')
c_subcmd = cert.add_subparsers(dest='action', help='Cert actions help')
c_subcmd.add_parser('list', help='List all node certificates')
cert_sign = c_subcmd.add_parser('sign',
help='Sign a pending node certificate')
cert_sign.add_argument('nodes', nargs="+",
help='Node common names').completer = \
_list_pending_nodes
sign_opts = cert_sign.add_mutually_exclusive_group(required=True)
sign_opts.add_argument('--ca', help='Node organization/Sub-CA name').\
completer = _list_sub_ca
sign_opts.add_argument('--auto',
action='store_true',
help='Get organization from client request')
cert_ca = c_subcmd.add_parser('create_ca',
help='Create an organization CA certificate')
cert_ca.add_argument('ca', help='Org/Sub-CA name')
c_subcmd.add_parser('list_ca',
help='List organizations/'
'Sub-CA certificates')
cert_update_ca = c_subcmd.add_parser('update_ca', help='Update CA keys')
cert_update_ca.add_argument('ca', help='Org/Sub-CA name')
cert_update_ca.add_argument('-k', '--ca-key', help='Org/Sub-CA key file')
cert_update_ca.add_argument('-c', '--ca-cert', help='Org/Sub-CA cert file')
cert_auto_sign = c_subcmd.add_parser('autosign',
help='Automatically sign a node '
'certificate with the specified name,'
' when it arrives')
cert_auto_sign.add_argument('node', help='Node common name')
cert_auto_sign.add_argument(
'--expires',
default=20,
help='Set expiration of the auto-sign notice in minutes. '
'Default is %d(default) min')
cert_revoke = c_subcmd.add_parser('revoke',
help='Revoke already issued certificate')
cert_revoke.add_argument('nodes', nargs="+", help='Node common names').\
completer = _list_active_nodes
cert_revoke.add_argument('--ca', required=True,
help='Node organization/Sub-CA name').\
completer = _list_sub_ca
cert_revoke_ca = c_subcmd.add_parser('revoke_ca',
help='Revoke existing Sub-CA')
cert_revoke_ca.add_argument('ca',
help='Sub-CA name').completer = _list_sub_ca
cert_auto = c_subcmd.add_parser('autosign',
help='Automatically sign new cert request '
'in a limited time frame.')
cert_auto.add_argument('node', help='Node common name')
cert_auto.add_argument('-t',
'--timeout',
default=120,
help='Allowed time frame in seconds'
' to wait for node to make request.'
' Default is %(default)s sec.',
required=False)
clear_req = c_subcmd.add_parser('clear_req',
help='Clear pending node request')
clear_req.add_argument('nodes', nargs="+", help='Node common names').\
completer = _list_pending_nodes
clear_req.add_argument('--ca',
help='Node organization/Sub-CA name',
required=True).completer = _list_sub_ca
# Configure command
config = commands.add_parser('config',
parents=[_common],
help='Initial certificate configuration')
config_actions = config.add_subparsers(dest='action',
help='Manage CloudRunner dispatcher'
' configuration')
config_actions.add_parser('check',
help='Check if config is missing '
'and initiate fresh configuration')
config_new = config_actions.add_parser('create',
help='Create new configuration')
config_new.add_argument('-p',
'--path',
help='Create initial configuration'
' at the specified location. '
'This will make all currently '
'registered nodes to stop working'
'and all signed certificates will '
'be no longer valid',
required=False)
config_new.add_argument('-o',
'--overwrite',
action='store_true',
help='Overwrite any existing '
'configuration. Use with caution!',
required=False)
config_new.add_argument('-k',
'--key-size',
default=2048,
help='Default size of keys for '
'CA/Server. Default is %(default)s',
required=False)
config_actions.add_parser('show', help='Printing current configuration')
conf_set = config_actions.add_parser('set', help='Set config values')
conf_set.add_argument('Section.key=value', help='Section.key=value')
conf_get = config_actions.add_parser('get', help='Get config values')
conf_get.add_argument('Section.key', help='Section.key')
# Users command
def _list_users(prefix, parsed_args, **kwargs):
global __USERS__
if not __USERS__:
__USERS__ = []
_config = _eval_config()
for u in functions.UserController(_config, to_print=False).list():
if u[0] == functions.DATA:
__USERS__.extend(u[1])
return (c for c in __USERS__ if c.startswith(prefix))
def _list_org(prefix, parsed_args, **kwargs):
global __ORG__
if not __ORG__:
__ORG__ = []
_config = _eval_config()
for u in functions.UserController(_config,
to_print=False).list_orgs():
if u[0] == functions.DATA:
__ORG__.extend(u[1])
return (c[0] for c in __ORG__ if c[0].startswith(prefix))
def _list_tiers(prefix, parsed_args, **kwargs):
global __TIERS__
if not __TIERS__:
__TIERS__ = []
_config = _eval_config()
for u in functions.TierController(_config,
to_print=False).list_tiers():
if u[0] == functions.DATA:
__TIERS__.extend(u[1])
return (c[0] for c in __TIERS__ if c[0].startswith(prefix))
orgs = commands.add_parser('org',
parents=[_common],
help='Organization management')
orgs_actions = orgs.add_subparsers(dest='action',
help='Manage Organizations')
orgs_actions.add_parser('list', help='List all organizations')
org_add = orgs_actions.add_parser('create', help='Create new organization')
org_add.add_argument('name', help='Organization name')
org_add.add_argument('tier', help='Tier name')
org_remove = orgs_actions.add_parser('remove',
help='Remove organization/Sub-CA')
org_remove.add_argument('name', help='Organization/Sub-CA name').\
completer = _list_org
org_activate = orgs_actions.add_parser('activate',
help='Activate organization')
org_activate.add_argument('name', help='Organization name').\
completer = _list_org
org_deactivate = orgs_actions.add_parser('deactivate',
help='Deactivate organization')
org_deactivate.add_argument('name', help='Organization name').\
completer = _list_org
org_tier = orgs_actions.add_parser(
'assign_tier', help='Assign usage tier to Organization')
org_tier.add_argument('name', help='Organization name').\
completer = _list_org
org_tier.add_argument('tier', help='Tier name').\
completer = _list_tiers
users = commands.add_parser('users',
parents=[_common],
help='User management')
users_actions = users.add_subparsers(dest='action',
help='Manage CloudRunner users')
users_actions.add_parser('list', help='List all users')
users_actions.add_parser('list_orgs', help='List all organizations')
users_add = users_actions.add_parser('create', help='Create new user')
users_add.add_argument('username', help='User name')
users_add.add_argument('password', help='Auth password')
users_add.add_argument('--org', required=True, help='Organization')
users_perm = users_actions.add_parser('add_perm',
help='Create new auth permission')
users_perm.add_argument('username',
help='User name').completer = _list_users
users_perm.add_argument('permission', help="Permission name")
users_perms = users_actions.add_parser('permissions',
help='List permissions for user')
users_perms.add_argument('username',
help='User name').completer = _list_users
users_rm_perm = users_actions.add_parser('rm_perm',
help='Remove permission for user')
users_rm_perm.add_argument('username',
help='User name').completer = _list_users
users_rm_perm.add_argument('permission', help="Permission name")
users_remove = users_actions.add_parser('remove', help='Create new user')
users_remove.add_argument('username', help='User name')
tiers = commands.add_parser('tiers',
parents=[_common],
help='Usage tier management')
tiers_actions = tiers.add_subparsers(dest='action',
help='Manage Usage Tiers')
tiers_actions.add_parser('list', help='List all usage tiers')
tier_add = tiers_actions.add_parser('create', help='Create new usage tier')
tier_add.add_argument('name', help='Tier name')
tier_add.add_argument('title', help='Tier title')
tier_add.add_argument(
'description',
help='Tier description',
)
tier_add.add_argument('--total_repos',
help='Tier total repos',
required=True)
tier_add.add_argument('--external_repos',
help='Tier external repos',
required=True,
action='store_true')
tier_add.add_argument('--nodes', help='Tier max nodes', required=True)
tier_add.add_argument('--users', help='Tier max users', required=True)
tier_add.add_argument('--groups', help='Tier max groups', required=True)
tier_add.add_argument('--roles', help='Tier max roles', required=True)
tier_add.add_argument('--max_timeout',
help='Tier max timeout',
required=True)
tier_add.add_argument('--max_concurrent_tasks',
help='Tier max tasks',
required=True)
tier_add.add_argument('--log_retention_days',
help='Tier log retention days',
required=True)
tier_add.add_argument('--cron_jobs', help='Tier cron jobs', required=True)
tier_add.add_argument('--api_keys', help='Api keys', required=True)
tier_add.add_argument('--deployments', help='Deployments', required=True)
tier_add.add_argument('--cloud_profiles',
help='Cloud profiles',
required=True)
tier_edit = tiers_actions.add_parser('edit', help='Edit usage tier')
tier_edit.add_argument('name', help='Tier name').completer = _list_tiers
tier_edit.add_argument('--title', help='Tier title')
tier_edit.add_argument(
'--description',
help='Tier description',
)
tier_edit.add_argument('--total_repos', help='Tier total repos')
tier_edit.add_argument('--external_repos',
help='Tier external repos',
choices=['1', '0'],
default=None)
tier_edit.add_argument('--nodes', help='Tier max nodes')
tier_edit.add_argument('--users', help='Tier max users')
tier_edit.add_argument('--groups', help='Tier max groups')
tier_edit.add_argument('--roles', help='Tier max roles')
tier_edit.add_argument('--max_timeout', help='Tier max timeout')
tier_edit.add_argument('--max_concurrent_tasks', help='Tier max tasks')
tier_edit.add_argument('--log_retention_days',
help='Tier log retention days')
tier_edit.add_argument('--cron_jobs', help='Tier cron jobs')
tier_edit.add_argument('--api_keys', help='Api keys')
tier_remove = tiers_actions.add_parser('remove', help='Remove usage tier')
tier_remove.add_argument('name', help='Tier name').completer = _list_tiers
try:
argcomplete.autocomplete(parser)
except:
pass
args = parser.parse_args()
kwargs = vars(args)
action = kwargs.pop("action")
controller = kwargs.pop("controller")
_config = kwargs.pop("config")
class OrgController(object):
def __init__(self, config):
self.cont = functions.UserController(config)
def create(self, name, tier, **kwargs):
return self.cont.create_org(name, tier)
def activate(self, name, **kwargs):
return self.cont.activate_org(name)
def deactivate(self, name, **kwargs):
return self.cont.deactivate_org(name)
def list(self, **kwargs):
return self.cont.list_orgs()
def assign_tier(self, name, tier):
return self.cont.assign_tier(name, tier)
def remove(self, name, **kwargs):
return self.cont.remove_org(name)
controllers = {
'cert': functions.CertController,
'init': functions.ConfigController,
'config': functions.ConfigController,
'users': functions.UserController,
'tiers': functions.TierController,
'org': OrgController
}
config = Config(_config or CONFIG_LOCATION)
printers = {
functions.TAG: lambda *args: colors.yellow(*args, bold=1),
functions.DATA: colors.blue,
functions.ERR: lambda *args: colors.red(*args, bold=1),
functions.NOTE: colors.grey,
functions.EMPTY: colors.blue,
}
try:
items = getattr(controllers[controller](config), action)(**kwargs)
if not items:
return
for line in items:
_type, printables = line
if isinstance(printables, (list, tuple)):
for i in range(len(printables)):
if isinstance(printables[i], list):
printables[i] = '\n'.join(
concat(p) for p in printables[i])
printables = [concat(p) for p in printables]
print printers[_type]('\n'.join([p for p in printables]))
else:
print printables
except Exception, ex:
print colors.red("%r" % ex)
def configure(self, overwrite=False, **kwargs):
config = Config(CONFIG_NODE_LOCATION)
conf_dir = os.path.abspath(os.path.dirname(CONFIG_NODE_LOCATION))
if not os.path.exists(conf_dir):
os.makedirs(conf_dir)
conf_dir = os.path.join(LIB_DIR, "cloudrunner_node")
key_size = int(config.security.key_size or 2048)
cert_dir = os.path.join(conf_dir, 'certs')
if not os.path.exists(cert_dir):
os.makedirs(cert_dir)
key_file = config.security.node_key
if key_file and os.path.exists(key_file) and not overwrite:
print("Node key file already exists in your config. "
"If you want to create new one - run\n"
"\tcloudrunner-node configure --overwrite\n"
"IMPORTANT! Please note that regenerating your key "
"and certificate will prevent the node from "
"connecting to the Master, if it already has "
"an approved certificate!")
exit(2)
crt_file = config.security.node_cert
if crt_file and os.path.exists(crt_file) and not overwrite:
print("Node certificate file already exists in your config. "
"If you still want to create new one - run\n"
"\tcloudrunner-node configure --overwrite\n"
"IMPORTANT! Please note that regenerating your key "
"and certificate will prevent the node from "
"connecting to the Master, if it already has "
"an approved certificate!")
exit(2)
cert_password = ''.join([random.choice(ascii_letters)
for x in range(32)])
key_file = os.path.join(cert_dir, '%s.key' % self.node_id)
crt_file = os.path.join(cert_dir, '%s.crt' % self.node_id)
key = m.EVP.PKey()
rsa = m.RSA.gen_key(key_size, 65537, lambda: True)
key.assign_rsa(rsa)
rsa = None
print("Saving KEY file %s" % key_file)
key.save_key(key_file, callback=lambda x: cert_password)
os.chmod(key_file, stat.S_IREAD | stat.S_IWRITE)
req = m.X509.Request()
req.set_pubkey(key)
req.set_version(2)
subj = req.get_subject()
try:
import locale
l_c = locale.getdefaultlocale()
subj.C = l_c[0].rpartition('_')[-1]
except:
pass
if not subj.C or len(subj.C) != 2:
subj.C = "US"
subj.CN = kwargs.get("node_id") or self.node_id
subj.OU = 'DEFAULT'
if kwargs.get('tags') and isinstance(kwargs['tags'], list):
for tag in kwargs['tags']:
subj.GN = tag
req.sign(key, 'sha1')
assert req.verify(key)
assert req.verify(req.get_pubkey())
print("Certificate Subject %s" % subj)
if os.path.exists(crt_file):
# if crt file exists - remove it, as it cannot be used
# anymore with the key file
os.unlink(crt_file)
# Self-sign the certificate
x509 = m.X509.X509()
x509.set_version(2)
x509.set_serial_number(1)
now_t = long(time.time()) + time.timezone
ASN1_after = m.ASN1.ASN1_UTCTIME()
ASN1_after.set_time(now_t)
x509.set_not_before(ASN1_after)
ASN1_before = m.ASN1.ASN1_UTCTIME()
ASN1_before.set_time(now_t + 10 * 60 * 60 * 24 * 365)
x509.set_not_after(ASN1_before)
x509.set_pubkey(pkey=key)
x509.set_subject(subj)
issuer = m.X509.X509_Name()
issuer.CN = subj.CN
x509.set_issuer(issuer)
x509.set_pubkey(key)
x509.set_pubkey(x509.get_pubkey()) # Assert get/set work
x509.sign(key, 'sha1')
print("Saving cert file %s" % crt_file)
x509.save_pem(crt_file)
print("Updating config settings")
config.update('General', 'node_id', subj.CN)
if not kwargs.get("master_repl"):
config.update('General', 'master_repl', "0.0.0.0:5552")
if not kwargs.get("user_store"):
user_store = os.path.join(LIB_DIR, 'cloudrunner', 'user_store.db')
config.update('General', 'user_store', user_store)
config.update('General', 'work_dir', os.path.join(conf_dir, 'tmp'))
config.update('Security', 'node_key', key_file)
config.update('Security', 'node_cert', crt_file)
config.update('Security', 'cert_pass', cert_password)
if not config.plugins.items():
# No items yet
config.update('Plugins', 'state',
"cloudrunner.plugins.state.functions")
config.reload()
import logging
try:
from collections import OrderedDict
except ImportError:
# python 2.6 or earlier, use backport
from ordereddict import OrderedDict
from cloudrunner import CONFIG_NODE_LOCATION
from cloudrunner import NODE_LOG_LOCATION
from cloudrunner import LIB_DIR
from cloudrunner.util.cert_store import CertStore
from cloudrunner.util.loader import load_plugins
from cloudrunner.util.logconfig import configure_loggers
from cloudrunner.util.config import Config
CONFIG = Config(CONFIG_NODE_LOCATION)
if CONFIG.verbose_level:
configure_loggers(getattr(logging, CONFIG.verbose_level, 'INFO'),
NODE_LOG_LOCATION)
else:
configure_loggers(logging.DEBUG if CONFIG.verbose else logging.INFO,
NODE_LOG_LOCATION)
try:
import argcomplete
except ImportError:
pass
import argparse
import msgpack
import os
import signal
from pecan.hooks import TransactionHook
from cloudrunner import CONFIG_LOCATION
from cloudrunner.util.config import Config
from cloudrunner_server.tests.base import CONFIG
from cloudrunner.util.loader import local_plugin_loader
import cloudrunner_server.api
from cloudrunner_server.api import model
from cloudrunner_server.api.base import SseRenderer
DEBUG = False
# DEBUG = True
# Server Specific Configurations
if os.environ.get('CR_CONFIG'):
cr_config = Config(os.environ.get('CR_CONFIG'))
else:
cr_config = Config(CONFIG_LOCATION)
REST_SERVER_URL = "https://localhost/rest/"
DASH_SERVER_URL = cr_config.dash_api_url or "http://localhost/"
APP_DIR = cloudrunner_server.api.__path__[0]
# Pecan Application Configurations
app = {
'root': 'cloudrunner_server.api.controllers.main.Main',
'modules': ['cloudrunner_server.api'],
'template_path': '%s/templates/rest/' % APP_DIR,
'custom_renderers': {
'sse': SseRenderer,