def _on_project_create(self, project_id):
LOG.warning("Beginning wmf hooks for project creation: %s" % project_id)
roledict = self._get_role_dict()
if CONF.wmfhooks.observer_role_name not in roledict.keys():
LOG.error("Failed to find id for role %s" % CONF.wmfhooks.observer_role_name)
raise exception.NotImplemented()
if CONF.wmfhooks.admin_role_name not in roledict.keys():
LOG.error("Failed to find id for role %s" % CONF.wmfhooks.admin_role_name)
raise exception.NotImplemented()
if CONF.wmfhooks.user_role_name not in roledict.keys():
LOG.error("Failed to find id for role %s" % CONF.wmfhooks.user_role_name)
raise exception.NotImplemented()
self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.admin_user,
project_id,
roledict[CONF.wmfhooks.admin_role_name])
self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.admin_user,
project_id,
roledict[CONF.wmfhooks.user_role_name])
self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.observer_user,
project_id,
roledict[CONF.wmfhooks.observer_role_name])
# Use the nova api to set up security groups for the new project
auth = generic.Password(
auth_url=CONF.wmfhooks.auth_url,
username=CONF.wmfhooks.admin_user,
password=CONF.wmfhooks.admin_pass,
user_domain_name='Default',
project_domain_name='Default',
project_name=project_id)
session = keystone_session.Session(auth=auth)
client = nova_client.Client('2', session=session, connect_retries=5)
allgroups = client.security_groups.list()
defaultgroup = filter(lambda group: group.name == 'default', allgroups)
if defaultgroup:
groupid = defaultgroup[0].id
try:
client.security_group_rules.create(groupid,
ip_protocol='icmp',
from_port='-1',
to_port='-1',
cidr='0.0.0.0/0')
except (exceptions.ClientException):
LOG.warning("icmp security rule already exists.")
try:
client.security_group_rules.create(groupid,
ip_protocol='tcp',
from_port='22',
to_port='22',
cidr='10.0.0.0/8')
except (exceptions.ClientException):
LOG.warning("Port 22 security rule already exists.")
try:
client.security_group_rules.create(groupid,
ip_protocol='tcp',
from_port='5666',
to_port='5666',
cidr='10.0.0.0/8')
except (exceptions.ClientException):
LOG.warning("Port 5666 security rule already exists.")
try:
client.security_group_rules.create(groupid,
ip_protocol='tcp',
from_port='1',
to_port='65535',
cidr='',
group_id=groupid)
except (exceptions.ClientException):
LOG.warning("Project security rule for TCP already exists.")
try:
client.security_group_rules.create(groupid,
ip_protocol='udp',
from_port='1',
to_port='65535',
cidr='',
group_id=groupid)
except (exceptions.ClientException):
LOG.warning("Project security rule for UDP already exists.")
try:
client.security_group_rules.create(groupid,
ip_protocol='icmp',
from_port='1',
to_port='65535',
cidr='',
group_id=groupid)
except (exceptions.ClientException):
LOG.warning("Project security rule for ICMP already exists.")
else:
LOG.warning("Failed to find default security group in new project.")
assignments = self._get_current_assignments(project_id)
ldapgroups.sync_ldap_project_group(project_id, assignments)
# Set up default sudoers in ldap
ldapgroups.create_sudo_defaults(project_id)
def _on_member_update(self, project_id):
assignments = self._get_current_assignments(project_id)
ldapgroups.sync_ldap_project_group(project_id, assignments)
def _on_member_update(self, project_id, assignments=None):
if not assignments:
assignments = self._get_current_assignments(project_id)
ldapgroups.sync_ldap_project_group(project_id, assignments)
def _on_project_create(self, project_id):
LOG.warning("Beginning wmf hooks for project creation: %s" %
project_id)
roledict = self._get_role_dict()
if CONF.wmfhooks.observer_role_name not in roledict.keys():
LOG.error("Failed to find id for role %s" %
CONF.wmfhooks.observer_role_name)
raise exception.NotImplemented()
if CONF.wmfhooks.admin_role_name not in roledict.keys():
LOG.error("Failed to find id for role %s" %
CONF.wmfhooks.admin_role_name)
raise exception.NotImplemented()
if CONF.wmfhooks.user_role_name not in roledict.keys():
LOG.error("Failed to find id for role %s" %
CONF.wmfhooks.user_role_name)
raise exception.NotImplemented()
self.assignment_api.add_role_to_user_and_project(
CONF.wmfhooks.admin_user, project_id,
roledict[CONF.wmfhooks.admin_role_name])
self.assignment_api.add_role_to_user_and_project(
CONF.wmfhooks.admin_user, project_id,
roledict[CONF.wmfhooks.user_role_name])
self.assignment_api.add_role_to_user_and_project(
CONF.wmfhooks.observer_user, project_id,
roledict[CONF.wmfhooks.observer_role_name])
# Use the nova api to set up security groups for the new project
auth = generic.Password(auth_url=CONF.wmfhooks.auth_url,
username=CONF.wmfhooks.admin_user,
password=CONF.wmfhooks.admin_pass,
user_domain_name='Default',
project_domain_name='Default',
project_name=project_id)
session = keystone_session.Session(auth=auth)
client = nova_client.Client('2', session=session, connect_retries=5)
allgroups = client.security_groups.list()
defaultgroup = filter(lambda group: group.name == 'default', allgroups)
if defaultgroup:
groupid = defaultgroup[0].id
try:
client.security_group_rules.create(groupid,
ip_protocol='icmp',
from_port='-1',
to_port='-1',
cidr='0.0.0.0/0')
except (exceptions.ClientException):
LOG.warning("icmp security rule already exists.")
try:
client.security_group_rules.create(groupid,
ip_protocol='tcp',
from_port='22',
to_port='22',
cidr='10.0.0.0/8')
except (exceptions.ClientException):
LOG.warning("Port 22 security rule already exists.")
try:
client.security_group_rules.create(groupid,
ip_protocol='tcp',
from_port='5666',
to_port='5666',
cidr='10.0.0.0/8')
except (exceptions.ClientException):
LOG.warning("Port 5666 security rule already exists.")
try:
client.security_group_rules.create(groupid,
ip_protocol='tcp',
from_port='1',
to_port='65535',
cidr='',
group_id=groupid)
except (exceptions.ClientException):
LOG.warning("Project security rule for TCP already exists.")
try:
client.security_group_rules.create(groupid,
ip_protocol='udp',
from_port='1',
to_port='65535',
cidr='',
group_id=groupid)
except (exceptions.ClientException):
LOG.warning("Project security rule for UDP already exists.")
try:
client.security_group_rules.create(groupid,
ip_protocol='icmp',
from_port='1',
to_port='65535',
cidr='',
group_id=groupid)
except (exceptions.ClientException):
LOG.warning("Project security rule for ICMP already exists.")
else:
LOG.warning(
"Failed to find default security group in new project.")
assignments = self._get_current_assignments(project_id)
ldapgroups.sync_ldap_project_group(project_id, assignments)
# Set up default sudoers in ldap
ldapgroups.create_sudo_defaults(project_id)
self._create_project_page(project_id)
def _on_project_create(self, project_id):
LOG.warning("Beginning wmf hooks for project creation: %s" % project_id)
roledict = self._get_role_dict()
if CONF.wmfhooks.observer_role_name not in roledict.keys():
LOG.error("Failed to find id for role %s" % CONF.wmfhooks.observer_role_name)
raise exception.NotImplemented()
if CONF.wmfhooks.admin_role_name not in roledict.keys():
LOG.error("Failed to find id for role %s" % CONF.wmfhooks.admin_role_name)
raise exception.NotImplemented()
if CONF.wmfhooks.user_role_name not in roledict.keys():
LOG.error("Failed to find id for role %s" % CONF.wmfhooks.user_role_name)
raise exception.NotImplemented()
LOG.warning("Adding default users to project %s" % project_id)
self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.admin_user,
project_id,
roledict[CONF.wmfhooks.admin_role_name])
self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.admin_user,
project_id,
roledict[CONF.wmfhooks.user_role_name])
self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.observer_user,
project_id,
roledict[CONF.wmfhooks.observer_role_name])
LOG.warning("Adding security groups to project %s" % project_id)
# Use the neutron api to set up security groups for the new project
auth = v3.Password(
auth_url=CONF.wmfhooks.auth_url,
username=CONF.wmfhooks.admin_user,
password=CONF.wmfhooks.admin_pass,
user_domain_name='Default',
project_domain_name='Default',
project_name=project_id)
session = keystone_session.Session(auth=auth)
client = neutron_client.Client(session=session, connect_retries=5)
allgroups = client.list_security_groups()['security_groups']
defaultgroup = filter(lambda group: group['name'] == 'default', allgroups)
if defaultgroup:
groupid = defaultgroup[0]["id"]
try:
client.create_security_group_rule(
KeystoneHooks._security_group_dict(groupid,
'icmp',
-1,
-1,
cidr='0.0.0.0/0'))
except (exceptions.NeutronClientException):
LOG.warning("icmp security rule already exists.")
try:
client.create_security_group_rule(
KeystoneHooks._security_group_dict(groupid,
'tcp',
22,
22,
cidr='172.16.0.0/21'))
except (exceptions.NeutronClientException):
LOG.warning("Port 22 security rule already exists.")
try:
client.create_security_group_rule(
KeystoneHooks._security_group_dict(groupid,
'tcp',
22,
22,
group=groupid))
except (exceptions.NeutronClientException):
LOG.warning("Project security rule for TCP already exists.")
try:
client.create_security_group_rule(
KeystoneHooks._security_group_dict(groupid,
'udp',
1,
65535,
group=groupid))
except (exceptions.NeutronClientException):
LOG.warning("Project security rule for UDP already exists.")
try:
client.create_security_group_rule(
KeystoneHooks._security_group_dict(groupid,
'icmp',
-1,
-1,
group=groupid))
except (exceptions.NeutronClientException):
LOG.warning("Project security rule for ICMP already exists.")
else:
LOG.warning("Failed to find default security group in new project.")
LOG.warning("Syncing membership with ldap for project %s" % project_id)
assignments = self._get_current_assignments(project_id)
ldapgroups.sync_ldap_project_group(project_id, assignments)
LOG.warning("Setting up default sudoers in ldap for project %s" % project_id)
# Set up default sudoers in ldap
ldapgroups.create_sudo_defaults(project_id)
self._create_project_page(project_id)
# This bit will take a while:
LOG.warning("Creating default designate domain for project %s" % project_id)
designatemakedomain.createDomain(
CONF.wmfhooks.auth_url,
CONF.wmfhooks.admin_user,
CONF.wmfhooks.admin_pass,
project_id,
'{}.wmflabs.org.'.format(project_id),
'wmflabsdotorg'
)
LOG.warning("Completed wmf hooks for project creation: %s" % project_id)
