class OpenstackDriver(OsVmMixin, OsVnMixin, OsSubnetMixin, OsPolicyMixin): ''' Api Driver class for Openstack Apis. This class wraps/abstracts all openstack apis, nova, neutron, etc. Any and all openstack libs calls must be added in this class. Provides create, read, update and delete methods for resources. Note: For resources defined in contrail-schema, the create & update methods expect resource desc (kwargs) to be in-sync with structure defined in contrail-schema (i.e, contrailv2 heat template). ''' def __init__(self, username, password, project_id, project_name, auth_url, endpoint_type, region_name, scope, cert, key, cacert, domain_name, insecure, logger): self.logger = logger prj = project_id.replace('-', '') self._ks = KeystoneCommands(username=username, password=password, tenant=project_name, domain_name=domain_name, auth_url=auth_url, region_name=region_name, scope=scope, cert=cert, key=key, cacert=cacert, insecure=insecure, logger=logger) self._qh = neuc.Client( '2.0', session=self._ks.get_session(scope='project'), region_name=region_name) self._nh = novac.Client( '2', session=self._ks.get_session(scope='project'), region_name=region_name) @property def keystone_handle(self): return self._ks @property def quantum_handle(self): return self._qh @property def nova_handle(self): return self._nh def get_zones(self): try: zones = self._nh.availability_zones.list() return filter(lambda x: x.zoneName != 'internal', zones) except novaException.Forbidden: return None def get_hosts(self, zone=None): computes = self._get_nova_services(binary='nova-compute') if zone: computes = filter(lambda x: x.zone == zone.zoneName, computes) return computes def _get_nova_services(self, **kwargs): try: svcs = self._nh.services.list(**kwargs) svcs = filter(lambda x: x.state != 'down' and \ x.status != 'disabled', svcs) return svcs except novaException.Forbidden: return None def get_hypervisor(self, **kwargs): if kwargs: try: return self._nh.hypervisors.find(**kwargs) except novaException.NotFound: return None else: return self._nh.hypervisors.list() def get_flavor(self, name): try: return self._nh.flavors.find(name=name) except novaException.NotFound: return None def create_flavor(self, name, vcpus, ram, disk): self._nh.flavors.create(name=name, vcpus=vcpus, ram=ram, disk=disk) flavor = self.get_flavor(name) return flavor def get_image(self, name_or_id): try: return self._nh.images.get(name_or_id) except novaException.NotFound: try: return self._nh.images.find(name=name_or_id) except novaException.NotFound: return None
class OpenstackAuth(OrchestratorAuth): def __init__(self, username, password, project_name, inputs=None, logger=None, auth_url=None, region_name=None, certfile=None, keyfile=None, cacert=None, insecure=True, domain_name=None, scope='domain'): self.inputs = inputs self.user = username self.passwd = password self.project = project_name self.scope = scope self.logger = logger or contrail_logging.getLogger(__name__) if inputs: self.auth_url = inputs.auth_url self.region_name = inputs.region_name self.domain_name = domain_name or self.inputs.admin_domain self.keystone_certfile = self.inputs.keystonecertfile self.keystone_keyfile = self.inputs.keystonekeyfile self.certbundle = self.inputs.certbundle self.insecure = self.inputs.insecure self.scope = 'project' if inputs.use_project_scoped_token else scope else: self.auth_url = auth_url or os.getenv('OS_AUTH_URL') self.region_name = region_name or os.getenv('OS_REGION_NAME') self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME') self.keystone_certfile = certfile self.keystone_keyfile = keyfile self.insecure = insecure self.certbundle = cacert self.reauth() def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, domain_name=self.domain_name, auth_url=self.auth_url, insecure=self.insecure, region_name=self.region_name, cert=self.keystone_certfile, key=self.keystone_keyfile, cacert=self.certbundle, logger=self.logger, scope=self.scope) def get_domain_id(self, name='Default'): return self.keystone.get_domain_id(name) def get_project_id(self, name=None, domain_id=None): if not name or name == self.project: return self.keystone.get_id() return self.keystone.get_project_id(name, domain_id) def get_session(self, scope='domain'): return self.keystone.get_session(scope) def get_client(self, scope='domain'): return self.keystone.get_client(scope) def get_endpoint(self, service, interface='public'): return self.keystone.get_endpoint(service, interface) def get_token(self): return self.keystone.get_token() def create_domain(self, domain_name): return self.keystone.create_domain(domain_name) def delete_domain(self, domain_name): self.keystone.delete_domain(domain_name) def update_domain(self, domain_id, domain_name, description, enabled): return self.keystone.update_domain(domain_id=domain_id, domain_name=domain_name, description=description, enabled=enabled) def get_domain(self, domain_id): return self.keystone.get_domain(domain_id=domain_id) def create_project(self, name, domain_name=None): return self.keystone.create_project(name, domain_name) def delete_project(self, name): self.keystone.delete_project(name) def delete_user(self, user): self.keystone.delete_user(user) def create_user(self, user, password, tenant_name=None, domain_name=None): try: self.keystone.create_user(user, password, email='', tenant_name=tenant_name or self.inputs.stack_tenant, enabled=True, domain_name=domain_name) except: self.logger.info("%s user already present" % (self.user)) def get_user_id(self, user): user_obj = self.keystone.get_user_dct(user) return user_obj.id if user_obj else None def create_role(self, role): self.keystone.create_role(role) def delete_role(self, role): self.keystone.delete_role(role) def add_user_to_domain(self, user, role='admin', domain=None): try: self.keystone.add_user_to_domain(user, role, domain) except Exception as e: self.logger.info("%s user already added to domain" % (user)) def add_user_to_project(self, user, project, role='admin'): try: self.keystone.add_user_to_tenant(project, user, role) except Exception as e: self.logger.info("%s user already added to project" % (user)) def remove_user_from_project(self, user, role, project): try: self.keystone.remove_user_role(user, role, project) except Exception as e: self.logger.exception("%s user already removed from project" % (user)) def verify_service_enabled(self, service): try: for svc in self.keystone.services_list(): if service in svc.name: return True else: continue return False except Exception as e: return False def get_auth_h(self): return self.keystone def create_user_group(self, group, domain_name): try: self.keystone.create_group(group, domain_name) except Exception as e: self.logger.info("%s user group already present" % (group)) def delete_group(self, name): return self.keystone.delete_group(name=name) def add_user_to_group(self, user, group): try: self.keystone.add_user_to_group(user, group) except Exception as e: self.logger.info("%s user already added to group %s" % (user, group)) def remove_user_from_group(self, user, group): try: self.keystone.remove_user_from_group(user, group) except Exception as e: self.logger.info("%s user already removed from group %s" % (user, group)) def add_group_to_domain(self, group, role='admin', domain=None): try: self.keystone.add_group_to_domain(group, role='admin', domain=domain) except Exception as e: self.logger.info("%s group already added to domain" % (group, project)) def remove_group_from_domain(self, group, role, domain=None): try: self.keystone.remove_group_from_domain(group, role, domain=None) except Exception as e: self.logger.info("%s group already removed from domain" % (group, domain)) def add_group_to_tenant(self, project, group, role='admin'): try: self.keystone.add_group_to_tenant(project, group, role='admin') except Exception as e: self.logger.info("%s group already added to project" % (group, tenant)) def remove_group_from_tenant(self, project, group, role): try: self.keystone.remove_group_from_tenant(project, group, role) except Exception as e: self.logger.info("%s group already removed from project" % (group, tenant))
class OpenstackAuth(OrchestratorAuth): def __init__(self, username, password, project_name, inputs=None, logger=None, auth_url=None, region_name=None, certfile=None, keyfile=None, cacert=None, insecure=True, domain_name=None,scope='domain'): self.inputs = inputs self.user = username self.passwd = password self.project = project_name self.scope = scope self.logger = logger or contrail_logging.getLogger(__name__) if inputs: self.auth_url = inputs.auth_url self.region_name = inputs.region_name self.domain_name = domain_name or self.inputs.admin_domain self.keystone_certfile = self.inputs.keystonecertfile self.keystone_keyfile = self.inputs.keystonekeyfile self.certbundle = self.inputs.certbundle self.insecure = self.inputs.insecure self.scope = 'project' if inputs.use_project_scoped_token else scope else: self.auth_url = auth_url or os.getenv('OS_AUTH_URL') self.region_name = region_name or os.getenv('OS_REGION_NAME') self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME') self.keystone_certfile = certfile self.keystone_keyfile = keyfile self.insecure = insecure self.certbundle = cacert self.reauth() def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, domain_name=self.domain_name, auth_url=self.auth_url, insecure=self.insecure, region_name=self.region_name, cert=self.keystone_certfile, key=self.keystone_keyfile, cacert=self.certbundle, logger=self.logger, scope=self.scope) def get_domain_id(self, name='Default'): return self.keystone.get_domain_id(name) def get_project_id(self, name=None, domain_id=None): if not name or name == self.project: return self.keystone.get_id() return self.keystone.get_project_id(name, domain_id) def get_session(self,scope='domain'): return self.keystone.get_session(scope) def get_client(self,scope='domain'): return self.keystone.get_client(scope) def get_endpoint(self, service, interface='public'): return self.keystone.get_endpoint(service, interface) def get_token(self): return self.keystone.get_token() def create_domain(self,domain_name): return self.keystone.create_domain(domain_name) def delete_domain(self, domain_name): self.keystone.delete_domain(domain_name) def update_domain(self,domain_id, domain_name, description, enabled): return self.keystone.update_domain(domain_id=domain_id, domain_name=domain_name, description=description,enabled=enabled) def get_domain(self,domain_id): return self.keystone.get_domain(domain_id=domain_id) def create_project(self, name, domain_name=None): return self.keystone.create_project(name, domain_name) def delete_project(self, name): self.keystone.delete_project(name) def delete_user(self, user): self.keystone.delete_user(user) def create_user(self, user, password, tenant_name=None, domain_name=None): try: self.keystone.create_user(user,password,email='', tenant_name=tenant_name or self.inputs.stack_tenant,enabled=True, domain_name=domain_name) except: self.logger.info("%s user already present"%(self.user)) def get_user_id(self, user): user_obj = self.keystone.get_user_dct(user) return user_obj.id if user_obj else None def create_role(self, role): self.keystone.create_role(role) def delete_role(self, role): self.keystone.delete_role(role) def add_user_to_domain(self, user, role='admin', domain=None): try: self.keystone.add_user_to_domain(user, role, domain) except Exception as e: self.logger.info("%s user already added to domain"%(user)) def add_user_to_project(self, user, project, role='admin'): try: self.keystone.add_user_to_tenant(project, user, role) except Exception as e: self.logger.info("%s user already added to project"%(user)) def remove_user_from_project(self, user, role, project): try: self.keystone.remove_user_from_tenant(project, user, role) except Exception as e: self.logger.exception("%s user already removed from project"%(user)) def verify_service_enabled(self, service): try: for svc in self.keystone.services_list(): if service in svc.name: return True else: continue return False except Exception as e: return False def get_auth_h(self): return self.keystone def create_user_group(self,group,domain_name): try: self.keystone.create_group(group,domain_name) except Exception as e: self.logger.info("%s user group already present"%(group)) def delete_group(self,name): return self.keystone.delete_group(name=name) def add_user_to_group(self,user,group): try: self.keystone.add_user_to_group(user, group) except Exception as e: self.logger.info("%s user already added to group %s"%(user, group)) def remove_user_from_group(self,user,group): try: self.keystone.remove_user_from_group(user, group) except Exception as e: self.logger.info("%s user already removed from group %s"%(user, group)) def add_group_to_domain(self,group, role='admin', domain=None): try: self.keystone.add_group_to_domain(group, role='admin', domain=domain) except Exception as e: self.logger.info("%s group already added to domain"%(group,project)) def remove_group_from_domain(self, group, role, domain=None): try: self.keystone.remove_group_from_domain(group, role, domain=None) except Exception as e: self.logger.info("%s group already removed from domain"%(group,domain)) def add_group_to_tenant(self, project, group, role='admin'): try: self.keystone.add_group_to_tenant(project, group, role='admin') except Exception as e: self.logger.info("%s group already added to project"%(group,tenant)) def remove_group_from_tenant(self,project, group, role): try: self.keystone.remove_group_from_tenant(project, group, role) except Exception as e: self.logger.info("%s group already removed from project"%(group,tenant))