def _test_generate_certificates(self,
expected_ca_name,
mock_cluster,
mock_generate_ca_cert,
mock_generate_client_cert):
expected_ca_password = '******'
expected_ca_cert = {
'private_key': 'ca_private_key', 'certificate': 'ca_certificate'}
expected_cert_ref = 'cert_ref'
expected_ca_cert_ref = 'ca-cert-ref'
mock_generate_ca_cert.return_value = (expected_ca_cert_ref,
expected_ca_cert,
expected_ca_password)
mock_generate_client_cert.return_value = expected_cert_ref
cert_manager.generate_certificates_to_cluster(mock_cluster)
self.assertEqual(expected_ca_cert_ref, mock_cluster.ca_cert_ref)
self.assertEqual(expected_cert_ref, mock_cluster.magnum_cert_ref)
mock_generate_ca_cert.assert_called_once_with(expected_ca_name,
context=None)
mock_generate_client_cert.assert_called_once_with(
expected_ca_name, expected_ca_cert, expected_ca_password,
context=None)
def _test_generate_certificates(self, expected_ca_name, mock_cluster,
mock_generate_ca_cert,
mock_generate_client_cert):
expected_ca_password = '******'
expected_ca_cert = {
'private_key': 'ca_private_key',
'certificate': 'ca_certificate'
}
expected_cert_ref = 'cert_ref'
expected_ca_cert_ref = 'ca-cert-ref'
mock_generate_ca_cert.return_value = (expected_ca_cert_ref,
expected_ca_cert,
expected_ca_password)
mock_generate_client_cert.return_value = expected_cert_ref
cert_manager.generate_certificates_to_cluster(mock_cluster)
self.assertEqual(expected_ca_cert_ref, mock_cluster.ca_cert_ref)
self.assertEqual(expected_cert_ref, mock_cluster.magnum_cert_ref)
mock_generate_ca_cert.assert_called_with(expected_ca_name,
context=None)
mock_generate_client_cert.assert_called_once_with(expected_ca_name,
expected_ca_cert,
expected_ca_password,
context=None)
def cluster_create(self, context, cluster, create_timeout):
LOG.debug('cluster_heat cluster_create')
osc = clients.OpenStackClients(context)
try:
# Create trustee/trust and set them to cluster
trust_manager.create_trustee_and_trust(osc, cluster)
# Generate certificate and set the cert reference to cluster
cert_manager.generate_certificates_to_cluster(cluster,
context=context)
conductor_utils.notify_about_cluster_operation(
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_PENDING)
created_stack = _create_stack(context, osc, cluster,
create_timeout)
except Exception as e:
cluster.status = fields.ClusterStatus.CREATE_FAILED
cluster.status_reason = six.text_type(e)
cluster.create()
conductor_utils.notify_about_cluster_operation(
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_FAILURE)
if isinstance(e, exc.HTTPBadRequest):
e = exception.InvalidParameterValue(message=six.text_type(e))
raise e
raise
cluster.stack_id = created_stack['stack']['id']
cluster.status = fields.ClusterStatus.CREATE_IN_PROGRESS
cluster.create()
self._poll_and_check(osc, cluster)
return cluster
def bay_create(self, context, bay, bay_create_timeout):
LOG.debug('bay_heat bay_create')
osc = clients.OpenStackClients(context)
try:
# Create trustee/trust and set them to bay
trust_manager.create_trustee_and_trust(osc, bay)
# Generate certificate and set the cert reference to bay
cert_manager.generate_certificates_to_cluster(bay, context=context)
conductor_utils.notify_about_bay_operation(
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_PENDING)
created_stack = _create_stack(context, osc, bay,
bay_create_timeout)
except Exception as e:
cert_manager.delete_certificates_from_cluster(bay, context=context)
trust_manager.delete_trustee_and_trust(osc, context, bay)
conductor_utils.notify_about_bay_operation(
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_FAILURE)
if isinstance(e, exc.HTTPBadRequest):
e = exception.InvalidParameterValue(message=six.text_type(e))
raise e
raise
bay.stack_id = created_stack['stack']['id']
bay.status = bay_status.CREATE_IN_PROGRESS
bay.create()
self._poll_and_check(osc, bay)
return bay
def cluster_create(self, context, cluster, master_count, node_count,
create_timeout):
LOG.debug('cluster_heat cluster_create')
osc = clients.OpenStackClients(context)
cluster.status = fields.ClusterStatus.CREATE_IN_PROGRESS
cluster.status_reason = None
cluster.create()
# Master nodegroup
master_ng = conductor_utils._get_nodegroup_object(context,
cluster,
master_count,
is_master=True)
master_ng.create()
# Minion nodegroup
minion_ng = conductor_utils._get_nodegroup_object(context,
cluster,
node_count,
is_master=False)
minion_ng.create()
try:
# Create trustee/trust and set them to cluster
trust_manager.create_trustee_and_trust(osc, cluster)
# Generate certificate and set the cert reference to cluster
cert_manager.generate_certificates_to_cluster(cluster,
context=context)
conductor_utils.notify_about_cluster_operation(
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_PENDING,
cluster)
# Get driver
cluster_driver = driver.Driver.get_driver_for_cluster(
context, cluster)
# Create cluster
cluster_driver.create_cluster(context, cluster, create_timeout)
cluster.save()
for ng in cluster.nodegroups:
ng.stack_id = cluster.stack_id
ng.save()
except Exception as e:
cluster.status = fields.ClusterStatus.CREATE_FAILED
cluster.status_reason = six.text_type(e)
cluster.save()
conductor_utils.notify_about_cluster_operation(
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_FAILURE,
cluster)
if isinstance(e, exc.HTTPBadRequest):
e = exception.InvalidParameterValue(message=six.text_type(e))
raise e
raise
return cluster
def cluster_create(self, context, cluster, master_count, node_count,
create_timeout):
LOG.debug('cluster_heat cluster_create')
osc = clients.OpenStackClients(context)
cluster.status = fields.ClusterStatus.CREATE_IN_PROGRESS
cluster.status_reason = None
cluster.create()
# Master nodegroup
master_ng = conductor_utils._get_nodegroup_object(
context, cluster, master_count, is_master=True)
master_ng.create()
# Minion nodegroup
minion_ng = conductor_utils._get_nodegroup_object(
context, cluster, node_count, is_master=False)
minion_ng.create()
try:
# Create trustee/trust and set them to cluster
trust_manager.create_trustee_and_trust(osc, cluster)
# Generate certificate and set the cert reference to cluster
cert_manager.generate_certificates_to_cluster(cluster,
context=context)
conductor_utils.notify_about_cluster_operation(
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_PENDING)
# Get driver
cluster_driver = driver.Driver.get_driver_for_cluster(context,
cluster)
# Create cluster
cluster_driver.create_cluster(context, cluster, create_timeout)
cluster.save()
except Exception as e:
cluster.status = fields.ClusterStatus.CREATE_FAILED
cluster.status_reason = six.text_type(e)
cluster.save()
conductor_utils.notify_about_cluster_operation(
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_FAILURE)
if isinstance(e, exc.HTTPBadRequest):
e = exception.InvalidParameterValue(message=six.text_type(e))
raise e
raise
return cluster
def rotate_ca_certificate(self, context, cluster):
LOG.info('start rotate_ca_certificate for cluster: %s', cluster.uuid)
allow_update_status = (fields.ClusterStatus.CREATE_COMPLETE,
fields.ClusterStatus.UPDATE_COMPLETE,
fields.ClusterStatus.RESUME_COMPLETE,
fields.ClusterStatus.RESTORE_COMPLETE,
fields.ClusterStatus.ROLLBACK_COMPLETE,
fields.ClusterStatus.SNAPSHOT_COMPLETE,
fields.ClusterStatus.CHECK_COMPLETE,
fields.ClusterStatus.ADOPT_COMPLETE)
if cluster.status not in allow_update_status:
conductor_utils.notify_about_cluster_operation(
context, taxonomy.ACTION_UPDATE, taxonomy.OUTCOME_FAILURE,
cluster)
operation = _('Updating a cluster when status is '
'"%s"') % cluster.status
raise exception.NotSupported(operation=operation)
try:
# re-generate the ca certs
cert_manager.generate_certificates_to_cluster(cluster,
context=context)
cluster_driver = driver.Driver.get_driver_for_cluster(
context, cluster)
cluster_driver.rotate_ca_certificate(context, cluster)
cluster.status = fields.ClusterStatus.UPDATE_IN_PROGRESS
cluster.status_reason = None
except Exception as e:
cluster.status = fields.ClusterStatus.UPDATE_FAILED
cluster.status_reason = six.text_type(e)
cluster.save()
conductor_utils.notify_about_cluster_operation(
context, taxonomy.ACTION_UPDATE, taxonomy.OUTCOME_FAILURE,
cluster)
if isinstance(e, exc.HTTPBadRequest):
e = exception.InvalidParameterValue(message=six.text_type(e))
raise e
raise
cluster.save()
return cluster
def cluster_create(self, context, cluster, create_timeout):
LOG.debug('cluster_heat cluster_create')
osc = clients.OpenStackClients(context)
try:
# Create trustee/trust and set them to cluster
trust_manager.create_trustee_and_trust(osc, cluster)
# Generate certificate and set the cert reference to cluster
cert_manager.generate_certificates_to_cluster(cluster,
context=context)
conductor_utils.notify_about_cluster_operation(
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_PENDING)
# Get driver
ct = conductor_utils.retrieve_cluster_template(context, cluster)
cluster_driver = driver.Driver.get_driver(ct.server_type,
ct.cluster_distro,
ct.coe)
# Create cluster
created_stack = cluster_driver.create_stack(context, osc, cluster,
create_timeout)
except Exception as e:
cluster.status = fields.ClusterStatus.CREATE_FAILED
cluster.status_reason = six.text_type(e)
cluster.create()
conductor_utils.notify_about_cluster_operation(
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_FAILURE)
if isinstance(e, exc.HTTPBadRequest):
e = exception.InvalidParameterValue(message=six.text_type(e))
raise e
raise
cluster.stack_id = created_stack['stack']['id']
cluster.status = fields.ClusterStatus.CREATE_IN_PROGRESS
cluster.create()
self._poll_and_check(osc, cluster, cluster_driver)
return cluster
