class OpenstackDriver(OsVmMixin, OsVnMixin, OsSubnetMixin, OsPolicyMixin):
''' Api Driver class for Openstack Apis.
This class wraps/abstracts all openstack apis, nova, neutron, etc.
Any and all openstack libs calls must be added in this class.
Provides create, read, update and delete methods for resources.
Note: For resources defined in contrail-schema, the create & update
methods expect resource desc (kwargs) to be in-sync with structure
defined in contrail-schema (i.e, contrailv2 heat template).
'''
def __init__(self, username, password, project_id, project_name,
auth_url, endpoint_type, region_name, scope, cert, key,
cacert, domain_name, insecure, logger):
self.logger = logger
prj = project_id.replace('-', '')
self._ks = KeystoneCommands(username=username,
password=password,
tenant=project_name,
domain_name=domain_name,
auth_url=auth_url,
region_name=region_name,
scope=scope,
cert=cert,
key=key,
cacert=cacert,
insecure=insecure,
logger=logger)
self._qh = neuc.Client(
'2.0',
session=self._ks.get_session(scope='project'),
region_name=region_name)
self._nh = novac.Client(
'2',
session=self._ks.get_session(scope='project'),
region_name=region_name)
@property
def keystone_handle(self):
return self._ks
@property
def quantum_handle(self):
return self._qh
@property
def nova_handle(self):
return self._nh
def get_zones(self):
try:
zones = self._nh.availability_zones.list()
return filter(lambda x: x.zoneName != 'internal', zones)
except novaException.Forbidden:
return None
def get_hosts(self, zone=None):
computes = self._get_nova_services(binary='nova-compute')
if zone:
computes = filter(lambda x: x.zone == zone.zoneName, computes)
return computes
def _get_nova_services(self, **kwargs):
try:
svcs = self._nh.services.list(**kwargs)
svcs = filter(lambda x: x.state != 'down' and \
x.status != 'disabled', svcs)
return svcs
except novaException.Forbidden:
return None
def get_hypervisor(self, **kwargs):
if kwargs:
try:
return self._nh.hypervisors.find(**kwargs)
except novaException.NotFound:
return None
else:
return self._nh.hypervisors.list()
def get_flavor(self, name):
try:
return self._nh.flavors.find(name=name)
except novaException.NotFound:
return None
def create_flavor(self, name, vcpus, ram, disk):
self._nh.flavors.create(name=name, vcpus=vcpus, ram=ram, disk=disk)
flavor = self.get_flavor(name)
return flavor
def get_image(self, name_or_id):
try:
return self._nh.images.get(name_or_id)
except novaException.NotFound:
try:
return self._nh.images.find(name=name_or_id)
except novaException.NotFound:
return None
class OpenstackAuth(OrchestratorAuth):
def __init__(self,
username,
password,
project_name,
inputs=None,
logger=None,
auth_url=None,
region_name=None,
certfile=None,
keyfile=None,
cacert=None,
insecure=True,
domain_name=None,
scope='domain'):
self.inputs = inputs
self.user = username
self.passwd = password
self.project = project_name
self.scope = scope
self.logger = logger or contrail_logging.getLogger(__name__)
if inputs:
self.auth_url = inputs.auth_url
self.region_name = inputs.region_name
self.domain_name = domain_name or self.inputs.admin_domain
self.keystone_certfile = self.inputs.keystonecertfile
self.keystone_keyfile = self.inputs.keystonekeyfile
self.certbundle = self.inputs.certbundle
self.insecure = self.inputs.insecure
self.scope = 'project' if inputs.use_project_scoped_token else scope
else:
self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
self.region_name = region_name or os.getenv('OS_REGION_NAME')
self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME')
self.keystone_certfile = certfile
self.keystone_keyfile = keyfile
self.insecure = insecure
self.certbundle = cacert
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
domain_name=self.domain_name,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
cert=self.keystone_certfile,
key=self.keystone_keyfile,
cacert=self.certbundle,
logger=self.logger,
scope=self.scope)
def get_domain_id(self, name='Default'):
return self.keystone.get_domain_id(name)
def get_project_id(self, name=None, domain_id=None):
if not name or name == self.project:
return self.keystone.get_id()
return self.keystone.get_project_id(name, domain_id)
def get_session(self, scope='domain'):
return self.keystone.get_session(scope)
def get_client(self, scope='domain'):
return self.keystone.get_client(scope)
def get_endpoint(self, service, interface='public'):
return self.keystone.get_endpoint(service, interface)
def get_token(self):
return self.keystone.get_token()
def create_domain(self, domain_name):
return self.keystone.create_domain(domain_name)
def delete_domain(self, domain_name):
self.keystone.delete_domain(domain_name)
def update_domain(self, domain_id, domain_name, description, enabled):
return self.keystone.update_domain(domain_id=domain_id,
domain_name=domain_name,
description=description,
enabled=enabled)
def get_domain(self, domain_id):
return self.keystone.get_domain(domain_id=domain_id)
def create_project(self, name, domain_name=None):
return self.keystone.create_project(name, domain_name)
def delete_project(self, name):
self.keystone.delete_project(name)
def delete_user(self, user):
self.keystone.delete_user(user)
def create_user(self, user, password, tenant_name=None, domain_name=None):
try:
self.keystone.create_user(user,
password,
email='',
tenant_name=tenant_name
or self.inputs.stack_tenant,
enabled=True,
domain_name=domain_name)
except:
self.logger.info("%s user already present" % (self.user))
def get_user_id(self, user):
user_obj = self.keystone.get_user_dct(user)
return user_obj.id if user_obj else None
def create_role(self, role):
self.keystone.create_role(role)
def delete_role(self, role):
self.keystone.delete_role(role)
def add_user_to_domain(self, user, role='admin', domain=None):
try:
self.keystone.add_user_to_domain(user, role, domain)
except Exception as e:
self.logger.info("%s user already added to domain" % (user))
def add_user_to_project(self, user, project, role='admin'):
try:
self.keystone.add_user_to_tenant(project, user, role)
except Exception as e:
self.logger.info("%s user already added to project" % (user))
def remove_user_from_project(self, user, role, project):
try:
self.keystone.remove_user_role(user, role, project)
except Exception as e:
self.logger.exception("%s user already removed from project" %
(user))
def verify_service_enabled(self, service):
try:
for svc in self.keystone.services_list():
if service in svc.name:
return True
else:
continue
return False
except Exception as e:
return False
def get_auth_h(self):
return self.keystone
def create_user_group(self, group, domain_name):
try:
self.keystone.create_group(group, domain_name)
except Exception as e:
self.logger.info("%s user group already present" % (group))
def delete_group(self, name):
return self.keystone.delete_group(name=name)
def add_user_to_group(self, user, group):
try:
self.keystone.add_user_to_group(user, group)
except Exception as e:
self.logger.info("%s user already added to group %s" %
(user, group))
def remove_user_from_group(self, user, group):
try:
self.keystone.remove_user_from_group(user, group)
except Exception as e:
self.logger.info("%s user already removed from group %s" %
(user, group))
def add_group_to_domain(self, group, role='admin', domain=None):
try:
self.keystone.add_group_to_domain(group,
role='admin',
domain=domain)
except Exception as e:
self.logger.info("%s group already added to domain" %
(group, project))
def remove_group_from_domain(self, group, role, domain=None):
try:
self.keystone.remove_group_from_domain(group, role, domain=None)
except Exception as e:
self.logger.info("%s group already removed from domain" %
(group, domain))
def add_group_to_tenant(self, project, group, role='admin'):
try:
self.keystone.add_group_to_tenant(project, group, role='admin')
except Exception as e:
self.logger.info("%s group already added to project" %
(group, tenant))
def remove_group_from_tenant(self, project, group, role):
try:
self.keystone.remove_group_from_tenant(project, group, role)
except Exception as e:
self.logger.info("%s group already removed from project" %
(group, tenant))
class OpenstackAuth(OrchestratorAuth):
def __init__(self, username, password, project_name,
inputs=None, logger=None, auth_url=None, region_name=None,
certfile=None, keyfile=None, cacert=None, insecure=True, domain_name=None,scope='domain'):
self.inputs = inputs
self.user = username
self.passwd = password
self.project = project_name
self.scope = scope
self.logger = logger or contrail_logging.getLogger(__name__)
if inputs:
self.auth_url = inputs.auth_url
self.region_name = inputs.region_name
self.domain_name = domain_name or self.inputs.admin_domain
self.keystone_certfile = self.inputs.keystonecertfile
self.keystone_keyfile = self.inputs.keystonekeyfile
self.certbundle = self.inputs.certbundle
self.insecure = self.inputs.insecure
self.scope = 'project' if inputs.use_project_scoped_token else scope
else:
self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
self.region_name = region_name or os.getenv('OS_REGION_NAME')
self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME')
self.keystone_certfile = certfile
self.keystone_keyfile = keyfile
self.insecure = insecure
self.certbundle = cacert
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
domain_name=self.domain_name,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
cert=self.keystone_certfile,
key=self.keystone_keyfile,
cacert=self.certbundle,
logger=self.logger,
scope=self.scope)
def get_domain_id(self, name='Default'):
return self.keystone.get_domain_id(name)
def get_project_id(self, name=None, domain_id=None):
if not name or name == self.project:
return self.keystone.get_id()
return self.keystone.get_project_id(name, domain_id)
def get_session(self,scope='domain'):
return self.keystone.get_session(scope)
def get_client(self,scope='domain'):
return self.keystone.get_client(scope)
def get_endpoint(self, service, interface='public'):
return self.keystone.get_endpoint(service, interface)
def get_token(self):
return self.keystone.get_token()
def create_domain(self,domain_name):
return self.keystone.create_domain(domain_name)
def delete_domain(self, domain_name):
self.keystone.delete_domain(domain_name)
def update_domain(self,domain_id, domain_name, description, enabled):
return self.keystone.update_domain(domain_id=domain_id, domain_name=domain_name,
description=description,enabled=enabled)
def get_domain(self,domain_id):
return self.keystone.get_domain(domain_id=domain_id)
def create_project(self, name, domain_name=None):
return self.keystone.create_project(name, domain_name)
def delete_project(self, name):
self.keystone.delete_project(name)
def delete_user(self, user):
self.keystone.delete_user(user)
def create_user(self, user, password, tenant_name=None, domain_name=None):
try:
self.keystone.create_user(user,password,email='',
tenant_name=tenant_name or self.inputs.stack_tenant,enabled=True,
domain_name=domain_name)
except:
self.logger.info("%s user already present"%(self.user))
def get_user_id(self, user):
user_obj = self.keystone.get_user_dct(user)
return user_obj.id if user_obj else None
def create_role(self, role):
self.keystone.create_role(role)
def delete_role(self, role):
self.keystone.delete_role(role)
def add_user_to_domain(self, user, role='admin', domain=None):
try:
self.keystone.add_user_to_domain(user, role, domain)
except Exception as e:
self.logger.info("%s user already added to domain"%(user))
def add_user_to_project(self, user, project, role='admin'):
try:
self.keystone.add_user_to_tenant(project, user, role)
except Exception as e:
self.logger.info("%s user already added to project"%(user))
def remove_user_from_project(self, user, role, project):
try:
self.keystone.remove_user_from_tenant(project, user, role)
except Exception as e:
self.logger.exception("%s user already removed from project"%(user))
def verify_service_enabled(self, service):
try:
for svc in self.keystone.services_list():
if service in svc.name:
return True
else:
continue
return False
except Exception as e:
return False
def get_auth_h(self):
return self.keystone
def create_user_group(self,group,domain_name):
try:
self.keystone.create_group(group,domain_name)
except Exception as e:
self.logger.info("%s user group already present"%(group))
def delete_group(self,name):
return self.keystone.delete_group(name=name)
def add_user_to_group(self,user,group):
try:
self.keystone.add_user_to_group(user, group)
except Exception as e:
self.logger.info("%s user already added to group %s"%(user, group))
def remove_user_from_group(self,user,group):
try:
self.keystone.remove_user_from_group(user, group)
except Exception as e:
self.logger.info("%s user already removed from group %s"%(user, group))
def add_group_to_domain(self,group, role='admin', domain=None):
try:
self.keystone.add_group_to_domain(group, role='admin', domain=domain)
except Exception as e:
self.logger.info("%s group already added to domain"%(group,project))
def remove_group_from_domain(self, group, role, domain=None):
try:
self.keystone.remove_group_from_domain(group, role, domain=None)
except Exception as e:
self.logger.info("%s group already removed from domain"%(group,domain))
def add_group_to_tenant(self, project, group, role='admin'):
try:
self.keystone.add_group_to_tenant(project, group, role='admin')
except Exception as e:
self.logger.info("%s group already added to project"%(group,tenant))
def remove_group_from_tenant(self,project, group, role):
try:
self.keystone.remove_group_from_tenant(project, group, role)
except Exception as e:
self.logger.info("%s group already removed from project"%(group,tenant))
