def _update_inter_ca_cert(data):
role = utils.get_distributed_cloud_role()
if role != constants.DISTRIBUTED_CLOUD_ROLE_SUBCLOUD:
raise wsme.exc.ClientSideError(
_("Update admin endpoint intermediate CA certificate is "
"supported on subclouds only"))
if not cutils.verify_ca_crt(data.root_ca_crt):
raise wsme.exc.ClientSideError(
_("Provided CA cert is invalid")
)
if not cutils.verify_intermediate_ca_cert(
data.root_ca_crt, data.sc_ca_cert):
raise wsme.exc.ClientSideError(
_("Provided intermediate CA cert is invalid")
)
pecan.request.rpcapi.update_intermediate_ca_certificate(
pecan.request.context,
data.root_ca_crt, data.sc_ca_cert, data.sc_ca_key)
LOG.info('Update admin endpoint intermediate CA certificate succeed')
res = RequestResult()
res.result = 'OK'
return res
def _update_admin_endpoint_cert(data):
role = utils.get_distributed_cloud_role()
if role not in [constants.DISTRIBUTED_CLOUD_ROLE_SUBCLOUD,
constants.DISTRIBUTED_CLOUD_ROLE_SYSTEMCONTROLLER]:
raise wsme.exc.ClientSideError(
_("Update admin endpoint certificate is supported "
"in Distributed Cloud only"))
pecan.request.rpcapi.update_admin_ep_certificate(
pecan.request.context)
res = RequestResult()
res.result = 'OK'
return res
def _create_mgmt_network_address(self, pool):
addresses = collections.OrderedDict()
addresses[constants.CONTROLLER_HOSTNAME] = None
addresses[constants.CONTROLLER_0_HOSTNAME] = None
addresses[constants.CONTROLLER_1_HOSTNAME] = None
addresses[constants.CONTROLLER_PLATFORM_NFS] = None
if pool.gateway_address is not None:
if utils.get_distributed_cloud_role() == \
constants.DISTRIBUTED_CLOUD_ROLE_SUBCLOUD:
# In subcloud configurations, the management gateway is used
# to communicate with the central cloud.
addresses[constants.SYSTEM_CONTROLLER_GATEWAY_IP_NAME] =\
pool.gateway_address
else:
addresses[constants.CONTROLLER_GATEWAY] =\
pool.gateway_address
return addresses
def import_load_metadata(self, load):
"""Import a new load using only the metadata. Only available to SX subcoulds."""
LOG.info("Load import metadata request received.")
err_msg = None
# Enforce system type restrictions
err_msg = _(
"Metadata load import is only available to simplex subclouds.")
if utils.get_system_mode() != constants.SYSTEM_MODE_SIMPLEX:
raise wsme.exc.ClientSideError(err_msg)
if utils.get_distributed_cloud_role(
) != constants.DISTRIBUTED_CLOUD_ROLE_SUBCLOUD:
raise wsme.exc.ClientSideError(err_msg)
self._check_existing_loads()
if load.software_version == load.compatible_version:
raise wsme.exc.ClientSideError(_("Invalid load software_version."))
if load.compatible_version != tsc.SW_VERSION:
raise wsme.exc.ClientSideError(
_("Load compatible_version does not match SW_VERSION."))
patch = load.as_dict()
self._new_load_semantic_checks(patch)
patch['state'] = constants.IMPORTED_METADATA_LOAD_STATE
patch['uuid'] = None
LOG.info("Load import metadata validated, creating new load: %s" %
patch)
try:
new_load = pecan.request.dbapi.load_create(patch)
except exception.SysinvException:
LOG.exception("Failure to create load")
raise wsme.exc.ClientSideError(_("Failure to create load"))
return load.convert_with_links(new_load)