class OpenstackAuth(OrchestratorAuth):
def __init__(self,
username,
password,
project_name,
inputs=None,
logger=None,
auth_url=None,
region_name=None,
certfile=None,
keyfile=None,
cacert=None,
insecure=True,
domain_name=None,
scope='domain'):
self.inputs = inputs
self.user = username
self.passwd = password
self.project = project_name
self.scope = scope
self.logger = logger or contrail_logging.getLogger(__name__)
if inputs:
self.auth_url = inputs.auth_url
self.region_name = inputs.region_name
self.domain_name = domain_name or self.inputs.admin_domain
self.keystone_certfile = self.inputs.keystonecertfile
self.keystone_keyfile = self.inputs.keystonekeyfile
self.certbundle = self.inputs.certbundle
self.insecure = self.inputs.insecure
self.scope = 'project' if inputs.use_project_scoped_token else scope
else:
self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
self.region_name = region_name or os.getenv('OS_REGION_NAME')
self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME')
self.keystone_certfile = certfile
self.keystone_keyfile = keyfile
self.insecure = insecure
self.certbundle = cacert
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
domain_name=self.domain_name,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
cert=self.keystone_certfile,
key=self.keystone_keyfile,
cacert=self.certbundle,
logger=self.logger,
scope=self.scope)
def get_domain_id(self, name='Default'):
return self.keystone.get_domain_id(name)
def get_project_id(self, name=None, domain_id=None):
if not name or name == self.project:
return self.keystone.get_id()
return self.keystone.get_project_id(name, domain_id)
def get_session(self, scope='domain'):
return self.keystone.get_session(scope)
def get_client(self, scope='domain'):
return self.keystone.get_client(scope)
def get_endpoint(self, service, interface='public'):
return self.keystone.get_endpoint(service, interface)
def get_token(self):
return self.keystone.get_token()
def create_domain(self, domain_name):
return self.keystone.create_domain(domain_name)
def delete_domain(self, domain_name):
self.keystone.delete_domain(domain_name)
def update_domain(self, domain_id, domain_name, description, enabled):
return self.keystone.update_domain(domain_id=domain_id,
domain_name=domain_name,
description=description,
enabled=enabled)
def get_domain(self, domain_id):
return self.keystone.get_domain(domain_id=domain_id)
def create_project(self, name, domain_name=None):
return self.keystone.create_project(name, domain_name)
def delete_project(self, name):
self.keystone.delete_project(name)
def delete_user(self, user):
self.keystone.delete_user(user)
def create_user(self, user, password, tenant_name=None, domain_name=None):
try:
self.keystone.create_user(user,
password,
email='',
tenant_name=tenant_name
or self.inputs.stack_tenant,
enabled=True,
domain_name=domain_name)
except:
self.logger.info("%s user already present" % (self.user))
def get_user_id(self, user):
user_obj = self.keystone.get_user_dct(user)
return user_obj.id if user_obj else None
def create_role(self, role):
self.keystone.create_role(role)
def delete_role(self, role):
self.keystone.delete_role(role)
def add_user_to_domain(self, user, role='admin', domain=None):
try:
self.keystone.add_user_to_domain(user, role, domain)
except Exception as e:
self.logger.info("%s user already added to domain" % (user))
def add_user_to_project(self, user, project, role='admin'):
try:
self.keystone.add_user_to_tenant(project, user, role)
except Exception as e:
self.logger.info("%s user already added to project" % (user))
def remove_user_from_project(self, user, role, project):
try:
self.keystone.remove_user_role(user, role, project)
except Exception as e:
self.logger.exception("%s user already removed from project" %
(user))
def verify_service_enabled(self, service):
try:
for svc in self.keystone.services_list():
if service in svc.name:
return True
else:
continue
return False
except Exception as e:
return False
def get_auth_h(self):
return self.keystone
def create_user_group(self, group, domain_name):
try:
self.keystone.create_group(group, domain_name)
except Exception as e:
self.logger.info("%s user group already present" % (group))
def delete_group(self, name):
return self.keystone.delete_group(name=name)
def add_user_to_group(self, user, group):
try:
self.keystone.add_user_to_group(user, group)
except Exception as e:
self.logger.info("%s user already added to group %s" %
(user, group))
def remove_user_from_group(self, user, group):
try:
self.keystone.remove_user_from_group(user, group)
except Exception as e:
self.logger.info("%s user already removed from group %s" %
(user, group))
def add_group_to_domain(self, group, role='admin', domain=None):
try:
self.keystone.add_group_to_domain(group,
role='admin',
domain=domain)
except Exception as e:
self.logger.info("%s group already added to domain" %
(group, project))
def remove_group_from_domain(self, group, role, domain=None):
try:
self.keystone.remove_group_from_domain(group, role, domain=None)
except Exception as e:
self.logger.info("%s group already removed from domain" %
(group, domain))
def add_group_to_tenant(self, project, group, role='admin'):
try:
self.keystone.add_group_to_tenant(project, group, role='admin')
except Exception as e:
self.logger.info("%s group already added to project" %
(group, tenant))
def remove_group_from_tenant(self, project, group, role):
try:
self.keystone.remove_group_from_tenant(project, group, role)
except Exception as e:
self.logger.info("%s group already removed from project" %
(group, tenant))
def _create_prov_file(self):
''' Creates json data for a single node only.
Optional Env variables:
openstack creds:
* OS_USERNAME (default: admin)
* OS_PASSWORD (default: contrail123)
* OS_TENANT_NAME (default: admin)
* OS_DOMAIN_NAME (default: default-domain)
* OS_AUTH_URL (default: http://127.0.0.1:5000/v2.0)
* OS_INSECURE (default: True)
login creds:
* USERNAME (default: root)
* PASSWORD (default: c0ntrail123)
contrail service:
* DISCOVERY_IP (default: neutron-server ip fetched from keystone endpoint)
'''
pattern = 'http[s]?://(?P<ip>\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?P<port>\d+)'
if self.orchestrator.lower() != 'openstack':
raise Exception('Please specify testbed info in $PARAMS_FILE '
'under "Basic" section, keyword "provFile"')
if self.orchestrator.lower() == 'openstack':
auth_url = os.getenv('OS_AUTH_URL', None) or \
'http://127.0.0.1:5000/v2.0'
insecure = bool(os.getenv('OS_INSECURE', True))
keystone = KeystoneCommands(self.stack_user,
self.stack_password,
self.stack_tenant,
auth_url,
region_name=self.region_name,
insecure=insecure,
logger=self.logger)
match = re.match(pattern, keystone.get_endpoint('identity')[0])
self.auth_ip = match.group('ip')
self.auth_port = match.group('port')
# Assume contrail-config runs in the same node as neutron-server
discovery = os.getenv('DISCOVERY_IP', None) or \
(keystone and re.match(pattern,
keystone.get_endpoint('network')[0]).group('ip'))
ds_client = VerificationDsSrv(discovery)
services = ds_client.get_ds_services().info
cfgm = database = services['config']
collector = services['analytics']
bgp = services['control-node']
openstack = [self.auth_ip] if self.auth_ip else []
computes = self.get_computes(cfgm[0])
data = {'hosts': list()}
hosts = cfgm + database + collector + bgp + computes + openstack
username = os.getenv('USERNAME', 'root')
password = os.getenv('PASSWORD', 'c0ntrail123')
for host in set(hosts):
with settings(host_string='%s@%s' % (username, host),
password=password,
warn_only=True):
hname = run('hostname')
hdict = {
'ip': host,
'data-ip': host,
'control-ip': host,
'username': username,
'password': password,
'name': hname,
'roles': [],
}
if host in cfgm:
hdict['roles'].append({'type': 'cfgm'})
if host in collector:
hdict['roles'].append({'type': 'collector'})
if host in database:
hdict['roles'].append({'type': 'database'})
if host in bgp:
hdict['roles'].append({'type': 'bgp'})
if host in computes:
hdict['roles'].append({'type': 'compute'})
if host in openstack:
hdict['roles'].append({'type': 'openstack'})
data['hosts'].append(hdict)
tempfile = NamedTemporaryFile(delete=False)
with open(tempfile.name, 'w') as fd:
json.dump(data, fd)
return tempfile.name
def _create_prov_file(self):
''' Creates json data for a single node only.
Optional Env variables:
openstack creds:
* OS_USERNAME (default: admin)
* OS_PASSWORD (default: contrail123)
* OS_TENANT_NAME (default: admin)
* OS_DOMAIN_NAME (default: default-domain)
* OS_AUTH_URL (default: http://127.0.0.1:5000/v2.0)
* OS_INSECURE (default: True)
login creds:
* USERNAME (default: root)
* PASSWORD (default: c0ntrail123)
contrail service:
* DISCOVERY_IP (default: neutron-server ip fetched from keystone endpoint)
'''
pattern = 'http[s]?://(?P<ip>\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?P<port>\d+)'
if self.orchestrator.lower() != 'openstack':
raise Exception('Please specify testbed info in $PARAMS_FILE '
'under "Basic" section, keyword "provFile"')
if self.orchestrator.lower() == 'openstack':
auth_url = os.getenv('OS_AUTH_URL', None) or \
'http://127.0.0.1:5000/v2.0'
insecure = bool(os.getenv('OS_INSECURE', True))
keystone = KeystoneCommands(
self.stack_user,
self.stack_password,
self.stack_tenant,
auth_url,
region_name=self.region_name,
insecure=insecure,
logger=self.logger)
match = re.match(pattern, keystone.get_endpoint('identity')[0])
self.auth_ip = match.group('ip')
self.auth_port = match.group('port')
# Assume contrail-config runs in the same node as neutron-server
discovery = os.getenv('DISCOVERY_IP', None) or \
(keystone and re.match(pattern,
keystone.get_endpoint('network')[0]).group('ip'))
ds_client = VerificationDsSrv(discovery)
services = ds_client.get_ds_services().info
cfgm = database = services['config']
collector = services['analytics']
bgp = services['control-node']
openstack = [self.auth_ip] if self.auth_ip else []
computes = self.get_computes(cfgm[0])
data = {'hosts': list()}
hosts = cfgm + database + collector + bgp + computes + openstack
username = os.getenv('USERNAME', 'root')
password = os.getenv('PASSWORD', 'c0ntrail123')
for host in set(hosts):
with settings(
host_string='%s@%s' % (username, host),
password=password,
warn_only=True):
hname = run('hostname')
hdict = {
'ip': host,
'data-ip': host,
'control-ip': host,
'username': username,
'password': password,
'name': hname,
'roles': [],
}
if host in cfgm:
hdict['roles'].append({'type': 'cfgm'})
if host in collector:
hdict['roles'].append({'type': 'collector'})
if host in database:
hdict['roles'].append({'type': 'database'})
if host in bgp:
hdict['roles'].append({'type': 'bgp'})
if host in computes:
hdict['roles'].append({'type': 'compute'})
if host in openstack:
hdict['roles'].append({'type': 'openstack'})
data['hosts'].append(hdict)
tempfile = NamedTemporaryFile(delete=False)
with open(tempfile.name, 'w') as fd:
json.dump(data, fd)
return tempfile.name
class OpenstackAuth(OrchestratorAuth):
def __init__(self, username, password, project_name,
inputs=None, logger=None, auth_url=None, region_name=None,
certfile=None, keyfile=None, cacert=None, insecure=True, domain_name=None,scope='domain'):
self.inputs = inputs
self.user = username
self.passwd = password
self.project = project_name
self.scope = scope
self.logger = logger or contrail_logging.getLogger(__name__)
if inputs:
self.auth_url = inputs.auth_url
self.region_name = inputs.region_name
self.domain_name = domain_name or self.inputs.admin_domain
self.keystone_certfile = self.inputs.keystonecertfile
self.keystone_keyfile = self.inputs.keystonekeyfile
self.certbundle = self.inputs.certbundle
self.insecure = self.inputs.insecure
self.scope = 'project' if inputs.use_project_scoped_token else scope
else:
self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
self.region_name = region_name or os.getenv('OS_REGION_NAME')
self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME')
self.keystone_certfile = certfile
self.keystone_keyfile = keyfile
self.insecure = insecure
self.certbundle = cacert
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
domain_name=self.domain_name,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
cert=self.keystone_certfile,
key=self.keystone_keyfile,
cacert=self.certbundle,
logger=self.logger,
scope=self.scope)
def get_domain_id(self, name='Default'):
return self.keystone.get_domain_id(name)
def get_project_id(self, name=None, domain_id=None):
if not name or name == self.project:
return self.keystone.get_id()
return self.keystone.get_project_id(name, domain_id)
def get_session(self,scope='domain'):
return self.keystone.get_session(scope)
def get_client(self,scope='domain'):
return self.keystone.get_client(scope)
def get_endpoint(self, service, interface='public'):
return self.keystone.get_endpoint(service, interface)
def get_token(self):
return self.keystone.get_token()
def create_domain(self,domain_name):
return self.keystone.create_domain(domain_name)
def delete_domain(self, domain_name):
self.keystone.delete_domain(domain_name)
def update_domain(self,domain_id, domain_name, description, enabled):
return self.keystone.update_domain(domain_id=domain_id, domain_name=domain_name,
description=description,enabled=enabled)
def get_domain(self,domain_id):
return self.keystone.get_domain(domain_id=domain_id)
def create_project(self, name, domain_name=None):
return self.keystone.create_project(name, domain_name)
def delete_project(self, name):
self.keystone.delete_project(name)
def delete_user(self, user):
self.keystone.delete_user(user)
def create_user(self, user, password, tenant_name=None, domain_name=None):
try:
self.keystone.create_user(user,password,email='',
tenant_name=tenant_name or self.inputs.stack_tenant,enabled=True,
domain_name=domain_name)
except:
self.logger.info("%s user already present"%(self.user))
def get_user_id(self, user):
user_obj = self.keystone.get_user_dct(user)
return user_obj.id if user_obj else None
def create_role(self, role):
self.keystone.create_role(role)
def delete_role(self, role):
self.keystone.delete_role(role)
def add_user_to_domain(self, user, role='admin', domain=None):
try:
self.keystone.add_user_to_domain(user, role, domain)
except Exception as e:
self.logger.info("%s user already added to domain"%(user))
def add_user_to_project(self, user, project, role='admin'):
try:
self.keystone.add_user_to_tenant(project, user, role)
except Exception as e:
self.logger.info("%s user already added to project"%(user))
def remove_user_from_project(self, user, role, project):
try:
self.keystone.remove_user_from_tenant(project, user, role)
except Exception as e:
self.logger.exception("%s user already removed from project"%(user))
def verify_service_enabled(self, service):
try:
for svc in self.keystone.services_list():
if service in svc.name:
return True
else:
continue
return False
except Exception as e:
return False
def get_auth_h(self):
return self.keystone
def create_user_group(self,group,domain_name):
try:
self.keystone.create_group(group,domain_name)
except Exception as e:
self.logger.info("%s user group already present"%(group))
def delete_group(self,name):
return self.keystone.delete_group(name=name)
def add_user_to_group(self,user,group):
try:
self.keystone.add_user_to_group(user, group)
except Exception as e:
self.logger.info("%s user already added to group %s"%(user, group))
def remove_user_from_group(self,user,group):
try:
self.keystone.remove_user_from_group(user, group)
except Exception as e:
self.logger.info("%s user already removed from group %s"%(user, group))
def add_group_to_domain(self,group, role='admin', domain=None):
try:
self.keystone.add_group_to_domain(group, role='admin', domain=domain)
except Exception as e:
self.logger.info("%s group already added to domain"%(group,project))
def remove_group_from_domain(self, group, role, domain=None):
try:
self.keystone.remove_group_from_domain(group, role, domain=None)
except Exception as e:
self.logger.info("%s group already removed from domain"%(group,domain))
def add_group_to_tenant(self, project, group, role='admin'):
try:
self.keystone.add_group_to_tenant(project, group, role='admin')
except Exception as e:
self.logger.info("%s group already added to project"%(group,tenant))
def remove_group_from_tenant(self,project, group, role):
try:
self.keystone.remove_group_from_tenant(project, group, role)
except Exception as e:
self.logger.info("%s group already removed from project"%(group,tenant))
