def authenticate_keystone_user(self, keystone, user, password, tenant):
"""Authenticates a regular user with the keystone public endpoint."""
ep = keystone.service_catalog.url_for(service_type='identity',
endpoint_type='publicURL')
return keystone_client.Client(username=user,
password=password,
tenant_name=tenant,
auth_url=ep)
def authenticate_keystone_admin(self, keystone_sentry, user, password,
tenant):
"""Authenticates admin user with the keystone admin endpoint."""
unit = keystone_sentry
service_ip = unit.relation('shared-db',
'mysql:shared-db')['private-address']
ep = "http://{}:35357/v2.0".format(service_ip.strip().decode('utf-8'))
return keystone_client.Client(username=user, password=password,
tenant_name=tenant, auth_url=ep)
def authenticate_user(self):
"""Make sure the user has provided all of the authentication
info we need.
"""
if not self.options.os_token:
if not self.options.os_username:
raise exception.CommandError(
"You must provide a username via"
" either --os-username or env[OS_USERNAME]")
if not self.options.os_password:
raise exception.CommandError(
"You must provide a password via"
" either --os-password or env[OS_PASSWORD]")
if (not self.options.os_tenant_name
and not self.options.os_tenant_id):
raise exception.CommandError(
"You must provide a tenant_name or tenant_id via"
" --os-tenant-name, env[OS_TENANT_NAME]"
" --os-tenant-id, or via env[OS_TENANT_ID]")
if not self.options.os_auth_url:
raise exception.CommandError(
"You must provide an auth url via"
" either --os-auth-url or via env[OS_AUTH_URL]")
keystone = keystone_client.Client(
token=self.options.os_token,
auth_url=self.options.os_auth_url,
tenant_id=self.options.os_tenant_id,
tenant_name=self.options.os_tenant_name,
password=self.options.os_password,
region_name=self.options.os_region_name,
username=self.options.os_username,
insecure=self.options.insecure,
cert=self.options.os_cacert)
auth = keystone.authenticate()
if auth:
try:
kwstandby_url = keystone.service_catalog.url_for(
service_type='standby')
except keystone_exceptions.EndpointNotFound:
raise exception.NoKwstandbyEndpoint()
else:
raise exception.NotAuthorized("User %s is not authorized." %
self.options.os_username)
client = kwstandby_client.Client(1,
kwstandby_url=kwstandby_url,
auth_token=keystone.auth_token)
self.client = client
return
def main(args=None):
cfg = parse_args(args)
# Make the inventory of the OpenStack install
keystone = kc.Client(
username=cfg.os_username,
tenant_name=cfg.os_tenant_name,
password=cfg.os_password,
auth_url=cfg.os_auth_url,
)
endpoints = keystone.service_catalog.get_endpoints()
cli_surveil = sc.Client(cfg.api_url, version='1_0')
for ep in endpoints.get('identity', []):
cli_surveil.hosts.create(
host_name='OS_keystone_host_%s' % ep['id'],
use='linux-keystone',
address=urlparse.urlparse(ep['publicURL']).hostname,
custom_fields={
'_OS_AUTH_URL': ep['publicURL'],
'_OS_USERNAME': cfg.os_username,
'_OS_PASSWORD': cfg.os_password,
'_OS_TENANT_NAME': cfg.os_tenant_name,
'_KS_SERVICES': 'identity',
}
)
for ep in endpoints.get('image', []):
cli_surveil.hosts.create(
host_name='OS_glance_host_%s' % ep['id'],
use='linux-glance',
address=urlparse.urlparse(ep['publicURL']).hostname,
custom_fields={
'_OS_AUTH_URL': ep['publicURL'],
'_OS_USERNAME': cfg.os_username,
'_OS_PASSWORD': cfg.os_password,
'_OS_TENANT_NAME': cfg.os_tenant_name,
'_OS_GLANCE_URL': ep['publicURL'] + '/v1',
}
)
# Reload the surveil config
cli_surveil.reload_config()
def _authenticate_keystone_admin(self,
keystone_sentry,
user,
password,
tenant,
service_ip=None):
"""Authenticates admin user with the keystone admin endpoint.
This should be factored into:L
charmhelpers.contrib.openstack.amulet.utils.OpenStackAmuletUtils
"""
if not service_ip:
unit = keystone_sentry
service_ip = unit.relation('shared-db',
'mysql:shared-db')['private-address']
ep = "http://{}:35357/v2.0".format(service_ip.strip().decode('utf-8'))
return keystone_client.Client(username=user,
password=password,
tenant_name=tenant,
auth_url=ep)