def _create(self):
endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type')
management_url = self.url_for(service_type=self.COMPUTE,
endpoint_type=endpoint_type)
extensions = nc.discover_extensions(NOVACLIENT_VERSION)
args = {
'project_id': self.context.tenant_id,
'auth_url': self.context.auth_url,
'auth_token': self.auth_token,
'service_type': self.COMPUTE,
'username': None,
'api_key': None,
'extensions': extensions,
'endpoint_type': endpoint_type,
'http_log_debug': self._get_client_option(CLIENT_NAME,
'http_log_debug'),
'cacert': self._get_client_option(CLIENT_NAME, 'ca_file'),
'insecure': self._get_client_option(CLIENT_NAME, 'insecure')
}
client = nc.Client(NOVACLIENT_VERSION, **args)
client.client.set_management_url(management_url)
return client
def _create(self):
endpoint_type = self._get_client_option('nova', 'endpoint_type')
management_url = self.url_for(service_type=self.COMPUTE,
endpoint_type=endpoint_type)
if hasattr(nc, 'discover_extensions'):
extensions = nc.discover_extensions(NOVACLIENT_VERSION)
else:
# TODO(lyj): The else condition is for backward compatibility,
# once novaclient bump to a newer version with
# discover_extensions exists, this should be safely
# removed.
from novaclient import shell as novashell
computeshell = novashell.OpenStackComputeShell()
extensions = computeshell._discover_extensions(NOVACLIENT_VERSION)
args = {
'project_id': self.context.tenant,
'auth_url': self.context.auth_url,
'service_type': self.COMPUTE,
'username': None,
'api_key': None,
'extensions': extensions,
'endpoint_type': endpoint_type,
'http_log_debug': self._get_client_option('nova',
'http_log_debug'),
'cacert': self._get_client_option('nova', 'ca_file'),
'insecure': self._get_client_option('nova', 'insecure')
}
client = nc.Client(NOVACLIENT_VERSION, **args)
client.client.auth_token = self.auth_token
client.client.management_url = management_url
return client
def __init__(self):
auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')
session = ks_loading.load_session_from_conf_options(cfg.CONF,
'nova',
auth=auth)
extensions = [
ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
if ext.name == "server_external_events"
]
self.nclient = nova_client.Client(
NOVA_API_VERSION,
session=session,
region_name=cfg.CONF.nova.region_name,
endpoint_type=cfg.CONF.nova.endpoint_type,
extensions=extensions)
self.batch_notifier = batch_notifier.BatchNotifier(
cfg.CONF.send_events_interval, self.send_events)
# register callbacks for events pertaining resources affecting Nova
callback_resources = (
resources.FLOATING_IP,
resources.PORT,
)
for resource in callback_resources:
registry.subscribe(self._send_nova_notification, resource,
events.BEFORE_RESPONSE)
def make_client(instance):
"""Returns a compute service client."""
# Defer client import until we actually need them
from novaclient import client as nova_client
if _compute_api_version is not None:
version = _compute_api_version
else:
version = instance._api_version[API_NAME]
LOG.debug('Instantiating compute client for V%s', version)
# Set client http_log_debug to True if verbosity level is high enough
http_log_debug = utils.get_effective_log_level() <= logging.DEBUG
extensions = [
ext for ext in nova_client.discover_extensions(version)
if ext.name == "list_extensions"
]
# Remember interface only if it is set
kwargs = utils.build_kwargs_dict('endpoint_type', instance._interface)
client = nova_client.Client(version,
session=instance.session,
extensions=extensions,
http_log_debug=http_log_debug,
timings=instance.timing,
region_name=instance._region_name,
**kwargs)
return client
def __init__(self):
# FIXME(jamielennox): A notifier is being created for each Controller
# and each Notifier is handling it's own auth. That means that we are
# authenticating the exact same thing len(controllers) times. This
# should be an easy thing to optimize.
# FIXME(kevinbenton): remove this comment and the one above once the
# switch to pecan is complete since only one notifier is constructed
# in the pecan notification hook.
auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')
session = ks_loading.load_session_from_conf_options(
cfg.CONF,
'nova',
auth=auth)
extensions = [
ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
if ext.name == "server_external_events"]
self.nclient = nova_client.Client(
NOVA_API_VERSION,
session=session,
region_name=cfg.CONF.nova.region_name,
endpoint_type=cfg.CONF.nova.endpoint_type,
extensions=extensions)
self.batch_notifier = batch_notifier.BatchNotifier(
cfg.CONF.send_events_interval, self.send_events)
# register callbacks for events pertaining resources affecting Nova
callback_resources = (
resources.FLOATING_IP,
resources.PORT,
)
for resource in callback_resources:
registry.subscribe(self._send_nova_notification,
resource, events.BEFORE_RESPONSE)
def __init__(self):
auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')
session = ks_loading.load_session_from_conf_options(
cfg.CONF,
'nova',
auth=auth)
extensions = [
ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
if ext.name == "server_external_events"]
self.nclient = nova_client.Client(
NOVA_API_VERSION,
session=session,
region_name=cfg.CONF.nova.region_name,
endpoint_type=cfg.CONF.nova.endpoint_type,
extensions=extensions)
self.batch_notifier = batch_notifier.BatchNotifier(
cfg.CONF.send_events_interval, self.send_events)
# register callbacks for events pertaining resources affecting Nova
callback_resources = (
resources.FLOATING_IP,
resources.PORT,
)
for resource in callback_resources:
registry.subscribe(self._send_nova_notification,
resource, events.BEFORE_RESPONSE)
def _create(self):
endpoint_type = self._get_client_option('nova', 'endpoint_type')
management_url = self.url_for(service_type=self.COMPUTE,
endpoint_type=endpoint_type)
if hasattr(nc, 'discover_extensions'):
extensions = nc.discover_extensions(NOVACLIENT_VERSION)
else:
# TODO(lyj): The else condition is for backward compatibility,
# once novaclient bump to a newer version with
# discover_extensions exists, this should be safely
# removed.
from novaclient import shell as novashell
computeshell = novashell.OpenStackComputeShell()
extensions = computeshell._discover_extensions(NOVACLIENT_VERSION)
args = {
'project_id': self.context.tenant,
'auth_url': self.context.auth_url,
'service_type': self.COMPUTE,
'username': None,
'api_key': None,
'extensions': extensions,
'endpoint_type': endpoint_type,
'http_log_debug': self._get_client_option('nova',
'http_log_debug'),
'cacert': self._get_client_option('nova', 'ca_file'),
'insecure': self._get_client_option('nova', 'insecure')
}
client = nc.Client(NOVACLIENT_VERSION, **args)
client.client.auth_token = self.auth_token
client.client.management_url = management_url
return client
def create(context, conf):
conf.register_opts(nova_client_opts, group=SERVICE + '_client')
try:
url = utils.get_url(SERVICE,
context,
conf,
append_project_fmt='%(url)s/%(project)s')
except Exception:
LOG.error(_LE("Get nova service endpoint url failed."))
raise
LOG.info(_LI('Creating nova client with url %s.'), url)
extensions = nc.discover_extensions(NOVACLIENT_VERSION)
args = {
'project_id': context.project_id,
'auth_token': context.auth_token,
'extensions': extensions,
'cacert': conf.nova_client.nova_ca_cert_file,
'insecure': conf.nova_client.nova_auth_insecure,
}
client = nc.Client(NOVACLIENT_VERSION, **args)
client.client.set_management_url(url)
return client
def _create(self, version=None):
if not version:
# TODO(prazumovsky): remove all unexpected calls from tests and
# add default_version after that.
version = self.NOVA_API_VERSION
endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type')
extensions = nc.discover_extensions(version)
args = {
'session': self.context.keystone_session,
'extensions': extensions,
'endpoint_type': endpoint_type,
'service_type': self.COMPUTE,
'region_name': self._get_region_name(),
'http_log_debug': self._get_client_option(CLIENT_NAME,
'http_log_debug')
}
client = nc.Client(version, **args)
# NOTE: check for microversion availability
if version in self.validate_versions:
try:
client.versions.get_current()
except exceptions.NotAcceptable:
raise exception.InvalidServiceVersion(service=self.COMPUTE,
version=version)
return client
def make_client(instance):
"""Returns a compute service client."""
# Defer client import until we actually need them
from novaclient import client as nova_client
if _compute_api_version is not None:
version = _compute_api_version
else:
version = instance._api_version[API_NAME]
from novaclient import api_versions
# convert to APIVersion object
version = api_versions.get_api_version(version)
if version.is_latest():
import novaclient
# NOTE(RuiChen): executing version discovery make sense, but that need
# an initialized REST client, it's not available now,
# fallback to use the max version of novaclient side.
version = novaclient.API_MAX_VERSION
LOG.debug('Instantiating compute client for %s', version)
compute_api = utils.get_client_class(
API_NAME,
version.ver_major,
COMPUTE_API_VERSIONS,
)
LOG.debug('Instantiating compute api: %s', compute_api)
# Set client http_log_debug to True if verbosity level is high enough
http_log_debug = utils.get_effective_log_level() <= logging.DEBUG
extensions = [ext for ext in nova_client.discover_extensions(version)
if ext.name == "list_extensions"]
# Remember interface only if it is set
kwargs = utils.build_kwargs_dict('endpoint_type', instance.interface)
client = nova_client.Client(
version,
session=instance.session,
extensions=extensions,
http_log_debug=http_log_debug,
timings=instance.timing,
region_name=instance.region_name,
**kwargs
)
client.api = compute_api(
session=instance.session,
service_type=COMPUTE_API_TYPE,
endpoint=instance.get_endpoint_for_service_type(
COMPUTE_API_TYPE,
region_name=instance.region_name,
interface=instance.interface,
)
)
return client
def make_client(instance):
"""Returns a compute service client."""
# Defer client import until we actually need them
from novaclient import client as nova_client
if _compute_api_version is not None:
version = _compute_api_version
else:
version = instance._api_version[API_NAME]
LOG.debug('Instantiating compute client for V%s', version)
# Set client http_log_debug to True if verbosity level is high enough
http_log_debug = utils.get_effective_log_level() <= logging.DEBUG
extensions = [ext for ext in nova_client.discover_extensions(version)
if ext.name == "list_extensions"]
# Remember interface only if it is set
kwargs = utils.build_kwargs_dict('endpoint_type', instance._interface)
client = nova_client.Client(
version,
session=instance.session,
extensions=extensions,
http_log_debug=http_log_debug,
timings=instance.timing,
region_name=instance._region_name,
**kwargs
)
return client
def __init__ (self, config, poolname):
self.config = config
self.blocks = {}
self.pool = poolname
controller_file = "~/.ipython/profile_default/security/ipcontroller-engine.json"
self.client = client.Client(api_versions.APIVersion("2.0"),
config['sites.jetstream']['OS_USERNAME'],
config['sites.jetstream']['OS_PASSWORD'],
project_id=config['sites.jetstream']['OS_PROJECT_ID'],
project_name=config['sites.jetstream']['OS_PROJECT_NAME'],
auth_url=config['sites.jetstream']['OS_AUTH_URL'],
insecure=False,
region_name=config['sites.jetstream']['OS_REGION_NAME'],
user_domain_name=config['sites.jetstream']['OS_USER_DOMAIN_NAME'])
api_version = api_versions.get_api_version("2.0")
api_version = api_versions.discover_version(self.client, api_version)
extensions = client.discover_extensions(api_version)
logger.debug(self.client.has_neutron())
self.server_manager = self.client.servers
try:
with open(os.path.expanduser(controller_file), 'r') as f:
self.engine_config = f.read()
except FileNotFoundError :
logger.error("No controller_file found at : %s. Cannot proceed", controller_file)
exit(-1)
except Exception as e :
logger.error("Caught exception while reading from the ipcontroller_engine.json")
raise e
try:
# Check if the authentication worked by forcing a call
self.server_manager.list()
except Exception as e:
logger.error("Caught exception : %s", e)
raise e
flavors = self.client.flavors.list()
try:
self.flavor = [ f for f in flavors
if f.name == config['sites.jetstream.{0}'.format(poolname)]['flavor']][0]
except Exception as e:
logger.error("Caught exception : ",e)
raise e
self.sec_groups = ast.literal_eval(config['sites.jetstream.{0}'.format(poolname)]['sec_groups'])
self.nics = ast.literal_eval(config['sites.jetstream.{0}'.format(poolname)]['nics'])
def test():
extensions = client.discover_extensions('1.1')
self.assertEqual(3, len(extensions))
names = sorted(['foo', 'bar', 'baz'])
sorted_extensions = sorted(extensions, key=lambda ext: ext.name)
for i in range(len(names)):
ext = sorted_extensions[i]
name = names[i]
self.assertEqual(ext.name, name)
self.assertTrue(inspect.ismodule(ext.module))
def __init__(self):
auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')
self.session = ks_loading.load_session_from_conf_options(
cfg.CONF,
'nova',
auth=auth)
self.extensions = [
ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
if ext.name == "server_external_events"]
self.batch_notifier = batch_notifier.BatchNotifier(
cfg.CONF.send_events_interval, self.send_events)
def __init__(self):
auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')
self.session = ks_loading.load_session_from_conf_options(
cfg.CONF,
'nova',
auth=auth)
self.extensions = [
ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
if ext.name == "server_external_events"]
self.batch_notifier = batch_notifier.BatchNotifier(
cfg.CONF.send_events_interval, self.send_events)
def _get_args(self, version):
endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type')
extensions = nc.discover_extensions(version)
return {
'session': self.context.keystone_session,
'extensions': extensions,
'endpoint_type': endpoint_type,
'service_type': self.COMPUTE,
'region_name': self._get_region_name(),
'http_log_debug': self._get_client_option(CLIENT_NAME,
'http_log_debug')
}
def _new_init(self, username, project_id, auth_url, region_name, password, os_auth_plugin, auth=None, verify=True, **kwargs):
if auth is None:
auth = {}
loader = keystoneauth1.loading.get_plugin_loader(os_auth_plugin or 'password')
self.client_kwargs = kwargs.copy()
self.kwargs = auth.copy()
if not self.extensions:
if hasattr(OpenStackComputeShell, '_discover_extensions'):
self.extensions = OpenStackComputeShell()._discover_extensions('2.0')
else:
self.extensions = client.discover_extensions('2.0')
for extension in self.extensions:
extension.run_hooks('__pre_parse_args__')
self.client_kwargs['extensions'] = self.extensions
self.kwargs['username'] = username
self.kwargs['project_name'] = project_id
self.kwargs['auth_url'] = auth_url
self.kwargs['password'] = password
if auth_url.endswith('3'):
self.kwargs['user_domain_name'] = kwargs.get('user_domain_name', 'default')
self.kwargs['project_domain_name'] = kwargs.get('project_domain_name', 'default')
self.client_kwargs['region_name'] = region_name
self.client_kwargs['service_type'] = 'compute'
if hasattr(self, 'extensions'):
# needs an object, not a dictionary
self.kwargstruct = KwargsStruct(**self.client_kwargs)
for extension in self.extensions:
extension.run_hooks('__post_parse_args__', self.kwargstruct)
self.client_kwargs = self.kwargstruct.__dict__
# Requires novaclient version >= 2.6.1
self.version = str(kwargs.get('version', 2))
self.client_kwargs = sanatize_novaclient(self.client_kwargs)
options = loader.load_from_options(**self.kwargs)
self.session = keystoneauth1.session.Session(auth=options, verify=verify)
conn = client.Client(version=self.version, session=self.session, **self.client_kwargs)
self.kwargs['auth_token'] = conn.client.session.get_token()
identity_service_type = kwargs.get('identity_service_type', 'identity')
self.catalog = conn.client.session.get('/auth/catalog', endpoint_filter={'service_type': identity_service_type}).json().get('catalog', [])
if conn.client.get_endpoint(service_type=identity_service_type).endswith('v3'):
self._v3_setup(region_name)
else:
self._v2_setup(region_name)
def __init__(self):
# FIXME(jamielennox): A notifier is being created for each Controller
# and each Notifier is handling it's own auth. That means that we are
# authenticating the exact same thing len(controllers) times. This
# should be an easy thing to optimize.
auth = ks_auth.load_from_conf_options(cfg.CONF, "nova")
session = ks_session.Session.load_from_conf_options(cfg.CONF, "nova", auth=auth)
extensions = [
ext for ext in nova_client.discover_extensions(NOVA_API_VERSION) if ext.name == "server_external_events"
]
self.nclient = nova_client.Client(
NOVA_API_VERSION, session=session, region_name=cfg.CONF.nova.region_name, extensions=extensions
)
self.batch_notifier = batch_notifier.BatchNotifier(cfg.CONF.send_events_interval, self.send_events)
def _create(self):
endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type')
extensions = nc.discover_extensions(NOVA_API_VERSION)
args = {
'session': self.context.keystone_session,
'extensions': extensions,
'interface': endpoint_type,
'service_type': self.COMPUTE,
'region_name': self._get_region_name(),
'http_log_debug': self._get_client_option(CLIENT_NAME,
'http_log_debug')
}
client = nc.Client(NOVA_API_VERSION, **args)
return client
def nova_notify(device_owner, device_id, port_id, event):
VERSION = "2"
# Docs say this, but this is not right:
# # TODO load of config here, note
# loader = loading.get_plugin_loader('password')
# auth = loader.Password(auth_url='http://127.0.0.1:35357',
# username='******',
# password='******',
# project_id='service')
# sess = session.Session(auth=auth)
# nova = nova_client.Client(VERSION, session=sess)
extensions = [ext for ext in nova_client.discover_extensions(VERSION) if ext.name == "server_external_events"]
nova = nova_client.Client(
VERSION, "nova", "iheartksl", "service", auth_url="http://127.0.0.1:5000/v2.0", extensions=extensions
)
nova.server_external_events.create(
[{"server_uuid": device_id, "name": event, "status": "completed", "tag": port_id}]
)
def _create(self, version=None):
version = self.os_context.version
extensions = nc.discover_extensions(version)
kwargs = self.os_context.to_dict()
kwargs.update(
{
'extensions': extensions,
'http_log_debug': self._get_client_option(self.CLIENT_NAME,
'http_log_debug')
}
)
kwargs.pop('version')
kwargs['api_key'] = kwargs.pop("password")
client = nc.Client(version, **kwargs)
return client
def _get_clients(self):
p_client = placement_client.PlacementAPIClient(cfg.CONF)
n_auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')
n_session = ks_loading.load_session_from_conf_options(
cfg.CONF,
'nova',
auth=n_auth)
extensions = [
ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
if ext.name == "server_external_events"]
n_client = nova_client.Client(
NOVA_API_VERSION,
session=n_session,
region_name=cfg.CONF.nova.region_name,
endpoint_type=cfg.CONF.nova.endpoint_type,
extensions=extensions)
return p_client, n_client
def __init__(self):
auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')
session = ks_loading.load_session_from_conf_options(
cfg.CONF,
'nova',
auth=auth)
extensions = [
ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
if ext.name == "server_external_events"]
self.nclient = nova_client.Client(
api_versions.APIVersion(NOVA_API_VERSION),
session=session,
region_name=cfg.CONF.nova.region_name,
endpoint_type=cfg.CONF.nova.endpoint_type,
extensions=extensions)
self.batch_notifier = batch_notifier.BatchNotifier(
cfg.CONF.send_events_interval, self.send_events)
def __init__(self):
# FIXME(jamielennox): A notifier is being created for each Controller
# and each Notifier is handling it's own auth. That means that we are
# authenticating the exact same thing len(controllers) times. This
# should be an easy thing to optimize.
auth = ks_auth.load_from_conf_options(cfg.CONF, 'nova')
endpoint_override = None
if not auth:
LOG.warning(
_LW('Authenticating to nova using nova_admin_* options'
' is deprecated. This should be done using'
' an auth plugin, like password'))
if cfg.CONF.nova_admin_tenant_id:
endpoint_override = "%s/%s" % (cfg.CONF.nova_url,
cfg.CONF.nova_admin_tenant_id)
auth = DefaultAuthPlugin(
auth_url=cfg.CONF.nova_admin_auth_url,
username=cfg.CONF.nova_admin_username,
password=cfg.CONF.nova_admin_password,
tenant_id=cfg.CONF.nova_admin_tenant_id,
tenant_name=cfg.CONF.nova_admin_tenant_name,
endpoint_override=endpoint_override)
session = ks_session.Session.load_from_conf_options(cfg.CONF,
'nova',
auth=auth)
extensions = [
ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
if ext.name == "server_external_events"
]
self.nclient = nova_client.Client(
NOVA_API_VERSION,
session=session,
region_name=cfg.CONF.nova.region_name,
extensions=extensions)
self.batch_notifier = batch_notifier.BatchNotifier(
cfg.CONF.send_events_interval, self.send_events)
def create(context, conf, **kwargs):
conf.register_opts(nova_client_opts, group=CONFIG_GROUP)
client_config = conf[CONFIG_GROUP]
url = utils.get_url(SERVICE,
context,
client_config,
append_project_fmt='%(url)s/%(project)s',
**kwargs)
LOG.debug('Creating nova client with url %s.', url)
extensions = nc.discover_extensions(NOVACLIENT_VERSION)
session = kwargs.get('session')
if session is None:
LOG.error('Creating nova client failed with url %s.', url)
raise exception.InvalidParameterValue(
err="The parameter session is None.")
return nc.Client(NOVACLIENT_VERSION,
extensions=extensions,
session=kwargs.get('session'),
endpoint_override=url)
def __init__(self):
# FIXME(jamielennox): A notifier is being created for each Controller
# and each Notifier is handling it's own auth. That means that we are
# authenticating the exact same thing len(controllers) times. This
# should be an easy thing to optimize.
auth = ks_auth.load_from_conf_options(cfg.CONF, 'nova')
endpoint_override = None
if not auth:
LOG.warning(_LW('Authenticating to nova using nova_admin_* options'
' is deprecated. This should be done using'
' an auth plugin, like password'))
if cfg.CONF.nova_admin_tenant_id:
endpoint_override = "%s/%s" % (cfg.CONF.nova_url,
cfg.CONF.nova_admin_tenant_id)
auth = DefaultAuthPlugin(
auth_url=cfg.CONF.nova_admin_auth_url,
username=cfg.CONF.nova_admin_username,
password=cfg.CONF.nova_admin_password,
tenant_id=cfg.CONF.nova_admin_tenant_id,
tenant_name=cfg.CONF.nova_admin_tenant_name,
endpoint_override=endpoint_override)
session = ks_session.Session.load_from_conf_options(cfg.CONF,
'nova',
auth=auth)
extensions = [
ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
if ext.name == "server_external_events"]
self.nclient = nova_client.Client(
NOVA_API_VERSION,
session=session,
region_name=cfg.CONF.nova.region_name,
extensions=extensions)
self.batch_notifier = batch_notifier.BatchNotifier(
cfg.CONF.send_events_interval, self.send_events)
def create(context, conf):
conf.register_opts(nova_client_opts, group=SERVICE + '_client')
try:
url = utils.get_url(SERVICE, context, conf, append_project=True)
except Exception:
LOG.error(_LE("Get nova service endpoint url failed."))
raise
LOG.info(_LI('Creating nova client with url %s.'), url)
extensions = nc.discover_extensions(NOVACLIENT_VERSION)
args = {
'project_id': context.project_id,
'auth_token': context.auth_token,
'extensions': extensions,
}
client = nc.Client(NOVACLIENT_VERSION, **args)
client.client.set_management_url(url)
return client
def create(context, conf):
conf.register_opts(nova_client_opts, group=SERVICE + "_client")
try:
url = utils.get_url(SERVICE, context, conf, append_project_fmt="%(url)s/%(project)s")
except Exception:
LOG.error(_LE("Get nova service endpoint url failed."))
raise
LOG.info(_LI("Creating nova client with url %s."), url)
extensions = nc.discover_extensions(NOVACLIENT_VERSION)
args = {
"project_id": context.project_id,
"auth_token": context.auth_token,
"extensions": extensions,
"cacert": conf.nova_client.nova_ca_cert_file,
"insecure": conf.nova_client.nova_auth_insecure,
}
client = nc.Client(NOVACLIENT_VERSION, **args)
client.client.set_management_url(url)
return client
def _create(self):
endpoint_type = self._get_client_option(CLIENT_NAME, "endpoint_type")
management_url = self.url_for(service_type=self.COMPUTE, endpoint_type=endpoint_type)
extensions = nc.discover_extensions(NOVACLIENT_VERSION)
args = {
"project_id": self.context.tenant_id,
"auth_url": self.context.auth_url,
"auth_token": self.auth_token,
"service_type": self.COMPUTE,
"username": None,
"api_key": None,
"extensions": extensions,
"endpoint_type": endpoint_type,
"http_log_debug": self._get_client_option(CLIENT_NAME, "http_log_debug"),
"cacert": self._get_client_option(CLIENT_NAME, "ca_file"),
"insecure": self._get_client_option(CLIENT_NAME, "insecure"),
}
client = nc.Client(NOVACLIENT_VERSION, **args)
client.client.set_management_url(management_url)
return client
def has_extension(self, context, extension, timeout=None):
try:
nova_exts = nova_client.discover_extensions(NOVA_API_VERSION)
except request_exceptions.Timeout:
raise exception.APITimeout(service='Nova')
return extension in [e.name for e in nova_exts]
'requests.'),
cfg.BoolOpt('nova_api_insecure',
default=False,
help='Allow to perform insecure SSL requests to nova'),
]
CONF = cfg.CONF
CONF.register_opts(nova_opts)
LOG = logging.getLogger(__name__)
# TODO(e0ne): Make Nova version configurable in Mitaka.
NOVA_API_VERSION = "2.1"
nova_extensions = [ext for ext in
nova_client.discover_extensions(NOVA_API_VERSION)
if ext.name in ("assisted_volume_snapshots",
"list_extensions")]
def novaclient(context, admin_endpoint=False, privileged_user=False,
timeout=None):
"""Returns a Nova client
@param admin_endpoint: If True, use the admin endpoint template from
configuration ('nova_endpoint_admin_template' and 'nova_catalog_info')
@param privileged_user: If True, use the account from configuration
(requires 'os_privileged_user_name', 'os_privileged_user_password' and
'os_privileged_user_tenant' to be set)
@param timeout: Number of seconds to wait for an answer before raising a
Timeout exception (None to disable)
def main(self, argv):
# Parse args once to find version and debug settings
parser = self.get_base_parser()
# NOTE(dtroyer): Hackery to handle --endpoint_type due to argparse
# thinking usage-list --end is ambiguous; but it
# works fine with only --endpoint-type present
# Go figure.
if "--endpoint_type" in argv:
spot = argv.index("--endpoint_type")
argv[spot] = "--endpoint-type"
(args, args_list) = parser.parse_known_args(argv)
self.setup_debugging(args.debug)
self.extensions = []
do_help = ("help" in argv) or not argv
# Discover available auth plugins
novaclient.auth_plugin.discover_auth_systems()
if not args.os_compute_api_version:
api_version = api_versions.get_api_version(DEFAULT_MAJOR_OS_COMPUTE_API_VERSION)
else:
api_version = api_versions.get_api_version(args.os_compute_api_version)
os_username = args.os_username
os_user_id = args.os_user_id
os_password = None # Fetched and set later as needed
os_tenant_name = args.os_tenant_name
os_tenant_id = args.os_tenant_id
os_auth_url = args.os_auth_url
os_region_name = args.os_region_name
os_auth_system = args.os_auth_system
endpoint_type = args.endpoint_type
insecure = args.insecure
service_type = args.service_type
service_name = args.service_name
volume_service_name = args.volume_service_name
bypass_url = args.bypass_url
os_cache = args.os_cache
cacert = args.os_cacert
timeout = args.timeout
keystone_session = None
keystone_auth = None
# We may have either, both or none of these.
# If we have both, we don't need USERNAME, PASSWORD etc.
# Fill in the blanks from the SecretsHelper if possible.
# Finally, authenticate unless we have both.
# Note if we don't auth we probably don't have a tenant ID so we can't
# cache the token.
auth_token = args.os_auth_token if args.os_auth_token else None
management_url = bypass_url if bypass_url else None
if os_auth_system and os_auth_system != "keystone":
auth_plugin = novaclient.auth_plugin.load_plugin(os_auth_system)
else:
auth_plugin = None
if not endpoint_type:
endpoint_type = DEFAULT_NOVA_ENDPOINT_TYPE
# This allow users to use endpoint_type as (internal, public or admin)
# just like other openstack clients (glance, cinder etc)
if endpoint_type in ["internal", "public", "admin"]:
endpoint_type += "URL"
if not service_type:
# Note(alex_xu): We need discover version first, so if there isn't
# service type specified, we use default nova service type.
service_type = DEFAULT_NOVA_SERVICE_TYPE
# If we have an auth token but no management_url, we must auth anyway.
# Expired tokens are handled by client.py:_cs_request
must_auth = not (auth_token and management_url)
# Do not use Keystone session for cases with no session support. The
# presence of auth_plugin means os_auth_system is present and is not
# keystone.
use_session = True
if auth_plugin or bypass_url or os_cache or volume_service_name:
use_session = False
# FIXME(usrleon): Here should be restrict for project id same as
# for os_username or os_password but for compatibility it is not.
if must_auth and not do_help:
if auth_plugin:
auth_plugin.parse_opts(args)
if not auth_plugin or not auth_plugin.opts:
if not os_username and not os_user_id:
raise exc.CommandError(
_(
"You must provide a username "
"or user id via --os-username, --os-user-id, "
"env[OS_USERNAME] or env[OS_USER_ID]"
)
)
if not any([args.os_tenant_name, args.os_tenant_id, args.os_project_id, args.os_project_name]):
raise exc.CommandError(
_(
"You must provide a project name or"
" project id via --os-project-name,"
" --os-project-id, env[OS_PROJECT_ID]"
" or env[OS_PROJECT_NAME]. You may"
" use os-project and os-tenant"
" interchangeably."
)
)
if not os_auth_url:
if os_auth_system and os_auth_system != "keystone":
os_auth_url = auth_plugin.get_auth_url()
if not os_auth_url:
raise exc.CommandError(
_(
"You must provide an auth url "
"via either --os-auth-url or env[OS_AUTH_URL] "
"or specify an auth_system which defines a "
"default url with --os-auth-system "
"or env[OS_AUTH_SYSTEM]"
)
)
project_id = args.os_project_id or args.os_tenant_id
project_name = args.os_project_name or args.os_tenant_name
if use_session:
# Not using Nova auth plugin, so use keystone
with utils.record_time(self.times, args.timings, "auth_url", args.os_auth_url):
keystone_session = ksession.Session.load_from_cli_options(args)
keystone_auth = self._get_keystone_auth(
keystone_session,
args.os_auth_url,
username=args.os_username,
user_id=args.os_user_id,
user_domain_id=args.os_user_domain_id,
user_domain_name=args.os_user_domain_name,
password=args.os_password,
auth_token=args.os_auth_token,
project_id=project_id,
project_name=project_name,
project_domain_id=args.os_project_domain_id,
project_domain_name=args.os_project_domain_name,
)
if not do_help and not any([args.os_tenant_id, args.os_tenant_name, args.os_project_id, args.os_project_name]):
raise exc.CommandError(
_(
"You must provide a project name or"
" project id via --os-project-name,"
" --os-project-id, env[OS_PROJECT_ID]"
" or env[OS_PROJECT_NAME]. You may"
" use os-project and os-tenant"
" interchangeably."
)
)
if not os_auth_url and not do_help:
raise exc.CommandError(_("You must provide an auth url " "via either --os-auth-url or env[OS_AUTH_URL]"))
# This client is just used to discover api version. Version API needn't
# microversion, so we just pass version 2 at here.
self.cs = client.Client(
api_versions.APIVersion("2.0"),
os_username,
os_password,
os_tenant_name,
tenant_id=os_tenant_id,
user_id=os_user_id,
auth_url=os_auth_url,
insecure=insecure,
region_name=os_region_name,
endpoint_type=endpoint_type,
extensions=self.extensions,
service_type=service_type,
service_name=service_name,
auth_system=os_auth_system,
auth_plugin=auth_plugin,
auth_token=auth_token,
volume_service_name=volume_service_name,
timings=args.timings,
bypass_url=bypass_url,
os_cache=os_cache,
http_log_debug=args.debug,
cacert=cacert,
timeout=timeout,
session=keystone_session,
auth=keystone_auth,
)
if not do_help:
if not api_version.is_latest():
if api_version > api_versions.APIVersion("2.0"):
if not api_version.matches(novaclient.API_MIN_VERSION, novaclient.API_MAX_VERSION):
raise exc.CommandError(
_(
"The specified version isn't supported by "
"client. The valid version range is '%(min)s' "
"to '%(max)s'"
)
% {
"min": novaclient.API_MIN_VERSION.get_string(),
"max": novaclient.API_MAX_VERSION.get_string(),
}
)
api_version = api_versions.discover_version(self.cs, api_version)
# build available subcommands based on version
self.extensions = client.discover_extensions(api_version)
self._run_extension_hooks("__pre_parse_args__")
subcommand_parser = self.get_subcommand_parser(api_version, do_help=do_help)
self.parser = subcommand_parser
if args.help or not argv:
subcommand_parser.print_help()
return 0
args = subcommand_parser.parse_args(argv)
self._run_extension_hooks("__post_parse_args__", args)
# Short-circuit and deal with help right away.
if args.func == self.do_help:
self.do_help(args)
return 0
elif args.func == self.do_bash_completion:
self.do_bash_completion(args)
return 0
if not args.service_type:
service_type = cliutils.get_service_type(args.func) or DEFAULT_NOVA_SERVICE_TYPE
if cliutils.isunauthenticated(args.func):
# NOTE(alex_xu): We need authentication for discover microversion.
# But the subcommands may needn't it. If the subcommand needn't,
# we clear the session arguements.
keystone_session = None
keystone_auth = None
# Recreate client object with discovered version.
self.cs = client.Client(
api_version,
os_username,
os_password,
os_tenant_name,
tenant_id=os_tenant_id,
user_id=os_user_id,
auth_url=os_auth_url,
insecure=insecure,
region_name=os_region_name,
endpoint_type=endpoint_type,
extensions=self.extensions,
service_type=service_type,
service_name=service_name,
auth_system=os_auth_system,
auth_plugin=auth_plugin,
auth_token=auth_token,
volume_service_name=volume_service_name,
timings=args.timings,
bypass_url=bypass_url,
os_cache=os_cache,
http_log_debug=args.debug,
cacert=cacert,
timeout=timeout,
session=keystone_session,
auth=keystone_auth,
)
# Now check for the password/token of which pieces of the
# identifying keyring key can come from the underlying client
if must_auth:
helper = SecretsHelper(args, self.cs.client)
self.cs.client.keyring_saver = helper
if auth_plugin and auth_plugin.opts and "os_password" not in auth_plugin.opts:
use_pw = False
else:
use_pw = True
tenant_id = helper.tenant_id
# Allow commandline to override cache
if not auth_token:
auth_token = helper.auth_token
if not management_url:
management_url = helper.management_url
if tenant_id and auth_token and management_url:
self.cs.client.tenant_id = tenant_id
self.cs.client.auth_token = auth_token
self.cs.client.management_url = management_url
self.cs.client.password_func = lambda: helper.password
elif use_pw:
# We're missing something, so auth with user/pass and save
# the result in our helper.
self.cs.client.password = helper.password
try:
# This does a couple of bits which are useful even if we've
# got the token + service URL already. It exits fast in that case.
if not cliutils.isunauthenticated(args.func):
if not use_session:
# Only call authenticate() if Nova auth plugin is used.
# If keystone is used, authentication is handled as part
# of session.
self.cs.authenticate()
except exc.Unauthorized:
raise exc.CommandError(_("Invalid OpenStack Nova credentials."))
except exc.AuthorizationFailure:
raise exc.CommandError(_("Unable to authorize user"))
args.func(self.cs, args)
if args.timings:
self._dump_timings(self.times + self.cs.get_timings())
def connect_to_cloudservers(region=None, context=None, verify_ssl=None, **kwargs):
"""Creates a client for working with cloud servers."""
context = context or identity
_cs_auth_plugin.discover_auth_systems()
id_type = get_setting("identity_type")
if id_type != "keystone":
auth_plugin = _cs_auth_plugin.load_plugin(id_type)
else:
auth_plugin = None
region = _safe_region(region, context=context)
mgt_url = _get_service_endpoint(context, "compute", region)
cloudservers = None
if not mgt_url:
# Service is not available
return
if verify_ssl is None:
insecure = not get_setting("verify_ssl")
else:
insecure = not verify_ssl
extensions = nc.discover_extensions("1.1")
cloudservers = _cs_client.Client(context.username, context.password,
project_id=context.tenant_id, auth_url=context.auth_endpoint,
auth_system=id_type, region_name=region, service_type="compute",
auth_plugin=auth_plugin, insecure=insecure, extensions=extensions,
http_log_debug=_http_debug, **kwargs)
agt = cloudservers.client.USER_AGENT
cloudservers.client.USER_AGENT = _make_agent_name(agt)
cloudservers.client.management_url = mgt_url
cloudservers.client.auth_token = context.token
cloudservers.exceptions = _cs_exceptions
# Add some convenience methods
cloudservers.list_images = cloudservers.images.list
cloudservers.list_flavors = cloudservers.flavors.list
cloudservers.list = cloudservers.servers.list
def list_base_images():
"""
Returns a list of all base images; excludes any images created
by this account.
"""
return [image for image in cloudservers.images.list()
if not hasattr(image, "server")]
def list_snapshots():
"""
Returns a list of all images created by this account; in other words, it
excludes all the base images.
"""
return [image for image in cloudservers.images.list()
if hasattr(image, "server")]
def find_images_by_name(expr):
"""
Returns a list of images whose name contains the specified expression.
The value passed is treated as a regular expression, allowing for more
specific searches than simple wildcards. The matching is done in a
case-insensitive manner.
"""
return [image for image in cloudservers.images.list()
if re.search(expr, image.name, re.I)]
cloudservers.list_base_images = list_base_images
cloudservers.list_snapshots = list_snapshots
cloudservers.find_images_by_name = find_images_by_name
cloudservers.identity = identity
return cloudservers
def main(self, argv):
# Parse args once to find version and debug settings
parser = self.get_base_parser(argv)
(args, args_list) = parser.parse_known_args(argv)
self.setup_debugging(args.debug)
self.extensions = []
do_help = args.help or not args_list or args_list[0] == 'help'
# bash-completion should not require authentication
skip_auth = do_help or (
'bash-completion' in argv)
if not args.os_compute_api_version:
api_version = api_versions.get_api_version(
DEFAULT_MAJOR_OS_COMPUTE_API_VERSION)
else:
api_version = api_versions.get_api_version(
args.os_compute_api_version)
os_username = args.os_username
os_user_id = args.os_user_id
os_password = None # Fetched and set later as needed
os_project_name = getattr(
args, 'os_project_name', getattr(args, 'os_tenant_name', None))
os_project_id = getattr(
args, 'os_project_id', getattr(args, 'os_tenant_id', None))
os_auth_url = args.os_auth_url
os_region_name = args.os_region_name
if "v2.0" not in os_auth_url:
# NOTE(andreykurilin): assume that keystone V3 is used and try to
# be more user-friendly, i.e provide default values for domains
if (not args.os_project_domain_id and
not args.os_project_domain_name):
setattr(args, "os_project_domain_id", "default")
if not args.os_user_domain_id and not args.os_user_domain_name:
setattr(args, "os_user_domain_id", "default")
os_project_domain_id = args.os_project_domain_id
os_project_domain_name = args.os_project_domain_name
os_user_domain_id = args.os_project_domain_id
os_user_domain_name = args.os_project_domain_name
endpoint_type = args.endpoint_type
insecure = args.insecure
service_type = args.service_type
service_name = args.service_name
endpoint_override = args.endpoint_override
os_cache = args.os_cache
cacert = args.os_cacert
cert = args.os_cert
timeout = args.timeout
keystone_session = None
keystone_auth = None
# We may have either, both or none of these.
# If we have both, we don't need USERNAME, PASSWORD etc.
# Fill in the blanks from the SecretsHelper if possible.
# Finally, authenticate unless we have both.
# Note if we don't auth we probably don't have a tenant ID so we can't
# cache the token.
auth_token = getattr(args, 'os_token', None)
if not endpoint_type:
endpoint_type = DEFAULT_NOVA_ENDPOINT_TYPE
# This allow users to use endpoint_type as (internal, public or admin)
# just like other openstack clients (glance, cinder etc)
if endpoint_type in ['internal', 'public', 'admin']:
endpoint_type += 'URL'
if not service_type:
# Note(alex_xu): We need discover version first, so if there isn't
# service type specified, we use default nova service type.
service_type = DEFAULT_NOVA_SERVICE_TYPE
# We should always auth unless we have a token and we're passing a
# specific endpoint
# Expired tokens are handled by client.py:_cs_request
must_auth = not (auth_token and endpoint_override)
# FIXME(usrleon): Here should be restrict for project id same as
# for os_username or os_password but for compatibility it is not.
if must_auth and not skip_auth:
if not os_username and not os_user_id:
raise exc.CommandError(
_("You must provide a username "
"or user ID via --os-username, --os-user-id, "
"env[OS_USERNAME] or env[OS_USER_ID]"))
if not any([os_project_name, os_project_id]):
raise exc.CommandError(_("You must provide a project name or"
" project ID via --os-project-name,"
" --os-project-id, env[OS_PROJECT_ID]"
" or env[OS_PROJECT_NAME]. You may"
" use os-project and os-tenant"
" interchangeably."))
if not os_auth_url:
raise exc.CommandError(
_("You must provide an auth url "
"via either --os-auth-url or env[OS_AUTH_URL]."))
with utils.record_time(self.times, args.timings,
'auth_url', args.os_auth_url):
keystone_session = (
loading.load_session_from_argparse_arguments(args))
keystone_auth = (
loading.load_auth_from_argparse_arguments(args))
if (not skip_auth and
not any([os_project_name, os_project_id])):
raise exc.CommandError(_("You must provide a project name or"
" project id via --os-project-name,"
" --os-project-id, env[OS_PROJECT_ID]"
" or env[OS_PROJECT_NAME]. You may"
" use os-project and os-tenant"
" interchangeably."))
if not os_auth_url and not skip_auth:
raise exc.CommandError(
_("You must provide an auth url "
"via either --os-auth-url or env[OS_AUTH_URL]"))
# This client is just used to discover api version. Version API needn't
# microversion, so we just pass version 2 at here.
self.cs = client.Client(
api_versions.APIVersion("2.0"),
os_username, os_password, project_id=os_project_id,
project_name=os_project_name, user_id=os_user_id,
auth_url=os_auth_url, insecure=insecure,
region_name=os_region_name, endpoint_type=endpoint_type,
extensions=self.extensions, service_type=service_type,
service_name=service_name, auth_token=auth_token,
timings=args.timings, endpoint_override=endpoint_override,
os_cache=os_cache, http_log_debug=args.debug,
cacert=cacert, cert=cert, timeout=timeout,
session=keystone_session, auth=keystone_auth,
logger=self.client_logger,
project_domain_id=os_project_domain_id,
project_domain_name=os_project_domain_name,
user_domain_id=os_user_domain_id,
user_domain_name=os_user_domain_name)
if not skip_auth:
if not api_version.is_latest():
if api_version > api_versions.APIVersion("2.0"):
if not api_version.matches(novaclient.API_MIN_VERSION,
novaclient.API_MAX_VERSION):
raise exc.CommandError(
_("The specified version isn't supported by "
"client. The valid version range is '%(min)s' "
"to '%(max)s'") % {
"min": novaclient.API_MIN_VERSION.get_string(),
"max": novaclient.API_MAX_VERSION.get_string()}
)
api_version = api_versions.discover_version(self.cs, api_version)
# build available subcommands based on version
self.extensions = client.discover_extensions(api_version)
self._run_extension_hooks('__pre_parse_args__')
subcommand_parser = self.get_subcommand_parser(
api_version, do_help=do_help, argv=argv)
self.parser = subcommand_parser
if args.help or not argv:
subcommand_parser.print_help()
return 0
args = subcommand_parser.parse_args(argv)
self._run_extension_hooks('__post_parse_args__', args)
# Short-circuit and deal with help right away.
if args.func == self.do_help:
self.do_help(args)
return 0
elif args.func == self.do_bash_completion:
self.do_bash_completion(args)
return 0
if not args.service_type:
service_type = (utils.get_service_type(args.func) or
DEFAULT_NOVA_SERVICE_TYPE)
if utils.isunauthenticated(args.func):
# NOTE(alex_xu): We need authentication for discover microversion.
# But the subcommands may needn't it. If the subcommand needn't,
# we clear the session arguments.
keystone_session = None
keystone_auth = None
# Recreate client object with discovered version.
self.cs = client.Client(
api_version,
os_username, os_password, os_project_name,
tenant_id=os_project_id, user_id=os_user_id,
auth_url=os_auth_url, insecure=insecure,
region_name=os_region_name, endpoint_type=endpoint_type,
extensions=self.extensions, service_type=service_type,
service_name=service_name, auth_token=auth_token,
timings=args.timings, endpoint_override=endpoint_override,
os_cache=os_cache, http_log_debug=args.debug,
cacert=cacert, cert=cert, timeout=timeout,
session=keystone_session, auth=keystone_auth,
project_domain_id=os_project_domain_id,
project_domain_name=os_project_domain_name,
user_domain_id=os_user_domain_id,
user_domain_name=os_user_domain_name)
# Now check for the password/token of which pieces of the
# identifying keyring key can come from the underlying client
if must_auth:
helper = SecretsHelper(args, self.cs.client)
self.cs.client.keyring_saver = helper
tenant_id = helper.tenant_id
# Allow commandline to override cache
if not auth_token:
auth_token = helper.auth_token
endpoint_override = endpoint_override or helper.management_url
if tenant_id and auth_token and endpoint_override:
self.cs.client.tenant_id = tenant_id
self.cs.client.auth_token = auth_token
self.cs.client.management_url = endpoint_override
self.cs.client.password_func = lambda: helper.password
else:
# We're missing something, so auth with user/pass and save
# the result in our helper.
self.cs.client.password = helper.password
args.func(self.cs, args)
if args.timings:
self._dump_timings(self.times + self.cs.get_timings())
def __init__(
self,
username,
project_id,
auth_url,
region_name=None,
password=None,
os_auth_plugin=None,
**kwargs
):
'''
Set up nova credentials
'''
self.kwargs = kwargs.copy()
if not self.extensions:
if hasattr(OpenStackComputeShell, '_discover_extensions'):
self.extensions = OpenStackComputeShell()._discover_extensions('2.0')
else:
self.extensions = client.discover_extensions('2.0')
for extension in self.extensions:
extension.run_hooks('__pre_parse_args__')
self.kwargs['extensions'] = self.extensions
self.kwargs['username'] = username
self.kwargs['project_id'] = project_id
self.kwargs['auth_url'] = auth_url
self.kwargs['region_name'] = region_name
self.kwargs['service_type'] = 'compute'
# used in novaclient extensions to see if they are rackspace or not, to know if it needs to load
# the hooks for that extension or not. This is cleaned up by sanatize_novaclient
self.kwargs['os_auth_url'] = auth_url
if os_auth_plugin is not None:
novaclient.auth_plugin.discover_auth_systems()
auth_plugin = novaclient.auth_plugin.load_plugin(os_auth_plugin)
self.kwargs['auth_plugin'] = auth_plugin
self.kwargs['auth_system'] = os_auth_plugin
if not self.kwargs.get('api_key', None):
self.kwargs['api_key'] = password
# This has to be run before sanatize_novaclient before extra variables are cleaned out.
if hasattr(self, 'extensions'):
# needs an object, not a dictionary
self.kwargstruct = KwargsStruct(**self.kwargs)
for extension in self.extensions:
extension.run_hooks('__post_parse_args__', self.kwargstruct)
self.kwargs = self.kwargstruct.__dict__
self.kwargs = sanatize_novaclient(self.kwargs)
# Requires novaclient version >= 2.6.1
self.kwargs['version'] = str(kwargs.get('version', 2))
conn = client.Client(**self.kwargs)
try:
conn.client.authenticate()
except novaclient.exceptions.AmbiguousEndpoints:
raise SaltCloudSystemExit(
"Nova provider requires a 'region_name' to be specified"
)
self.kwargs['auth_token'] = conn.client.auth_token
self.catalog = conn.client.service_catalog.catalog['access']['serviceCatalog']
if region_name is not None:
servers_endpoints = get_entry(self.catalog, 'type', 'compute')['endpoints']
self.kwargs['bypass_url'] = get_entry(
servers_endpoints,
'region',
region_name
)['publicURL']
self.compute_conn = client.Client(**self.kwargs)
volume_endpoints = get_entry(self.catalog, 'type', 'volume', raise_error=False).get('endpoints', {})
if volume_endpoints:
if region_name is not None:
self.kwargs['bypass_url'] = get_entry(
volume_endpoints,
'region',
region_name
)['publicURL']
self.volume_conn = client.Client(**self.kwargs)
if hasattr(self, 'extensions'):
self.expand_extensions()
else:
self.volume_conn = None
def __init__(self, username, project_id, auth_url, region_name=None, password=None, os_auth_plugin=None, **kwargs):
"""
Set up nova credentials
"""
self.kwargs = kwargs.copy()
if not self.extensions:
if hasattr(OpenStackComputeShell, "_discover_extensions"):
self.extensions = OpenStackComputeShell()._discover_extensions("2.0")
else:
self.extensions = client.discover_extensions("2.0")
for extension in self.extensions:
extension.run_hooks("__pre_parse_args__")
self.kwargs["extensions"] = self.extensions
self.kwargs["username"] = username
self.kwargs["project_id"] = project_id
self.kwargs["auth_url"] = auth_url
self.kwargs["region_name"] = region_name
self.kwargs["service_type"] = "compute"
# used in novaclient extensions to see if they are rackspace or not, to know if it needs to load
# the hooks for that extension or not. This is cleaned up by sanatize_novaclient
self.kwargs["os_auth_url"] = auth_url
if os_auth_plugin is not None:
novaclient.auth_plugin.discover_auth_systems()
auth_plugin = novaclient.auth_plugin.load_plugin(os_auth_plugin)
self.kwargs["auth_plugin"] = auth_plugin
self.kwargs["auth_system"] = os_auth_plugin
if not self.kwargs.get("api_key", None):
self.kwargs["api_key"] = password
# This has to be run before sanatize_novaclient before extra variables are cleaned out.
if hasattr(self, "extensions"):
# needs an object, not a dictionary
self.kwargstruct = KwargsStruct(**self.kwargs)
for extension in self.extensions:
extension.run_hooks("__post_parse_args__", self.kwargstruct)
self.kwargs = self.kwargstruct.__dict__
self.kwargs = sanatize_novaclient(self.kwargs)
# Requires novaclient version >= 2.6.1
self.kwargs["version"] = str(kwargs.get("version", 2))
conn = client.Client(**self.kwargs)
try:
conn.client.authenticate()
except novaclient.exceptions.AmbiguousEndpoints:
raise SaltCloudSystemExit("Nova provider requires a 'region_name' to be specified")
self.kwargs["auth_token"] = conn.client.auth_token
self.catalog = conn.client.service_catalog.catalog["access"]["serviceCatalog"]
if region_name is not None:
servers_endpoints = get_entry(self.catalog, "type", "compute")["endpoints"]
self.kwargs["bypass_url"] = get_entry(servers_endpoints, "region", region_name)["publicURL"]
self.compute_conn = client.Client(**self.kwargs)
volume_endpoints = get_entry(self.catalog, "type", "volume", raise_error=False).get("endpoints", {})
if volume_endpoints:
if region_name is not None:
self.kwargs["bypass_url"] = get_entry(volume_endpoints, "region", region_name)["publicURL"]
self.volume_conn = client.Client(**self.kwargs)
if hasattr(self, "extensions"):
self.expand_extensions()
else:
self.volume_conn = None
def __init__(self,
username,
project_id,
auth_url,
region_name=None,
password=None,
os_auth_plugin=None,
**kwargs):
'''
Set up nova credentials
'''
self.kwargs = kwargs.copy()
if not novaclient.base.Manager._hooks_map:
self.extensions = client.discover_extensions('1.1')
for extension in self.extensions:
extension.run_hooks('__pre_parse_args__')
self.kwargs['extensions'] = self.extensions
self.kwargs['username'] = username
self.kwargs['project_id'] = project_id
self.kwargs['auth_url'] = auth_url
self.kwargs['region_name'] = region_name
self.kwargs['service_type'] = 'compute'
# used in novaclient extensions to see if they are rackspace or not, to know if it needs to load
# the hooks for that extension or not. This is cleaned up by sanatize_novaclient
self.kwargs['os_auth_url'] = auth_url
if os_auth_plugin is not None:
novaclient.auth_plugin.discover_auth_systems()
auth_plugin = novaclient.auth_plugin.load_plugin(os_auth_plugin)
self.kwargs['auth_plugin'] = auth_plugin
self.kwargs['auth_system'] = os_auth_plugin
if not self.kwargs.get('api_key', None):
self.kwargs['api_key'] = password
# This has to be run before sanatize_novaclient before extra variables are cleaned out.
if hasattr(self, 'extensions'):
# needs an object, not a dictionary
self.kwargstruct = KwargsStruct(**self.kwargs)
for extension in self.extensions:
extension.run_hooks('__post_parse_args__', self.kwargstruct)
self.kwargs = self.kwargstruct.__dict__
self.kwargs = sanatize_novaclient(self.kwargs)
# Requires novaclient version >= 2.6.1
self.kwargs['version'] = str(kwargs.get('version', 2))
conn = client.Client(**self.kwargs)
try:
conn.client.authenticate()
except novaclient.exceptions.AmbiguousEndpoints:
raise SaltCloudSystemExit(
"Nova provider requires a 'region_name' to be specified")
self.kwargs['auth_token'] = conn.client.auth_token
self.catalog = conn.client.service_catalog.catalog['access'][
'serviceCatalog']
if region_name is not None:
servers_endpoints = get_entry(self.catalog, 'type',
'compute')['endpoints']
self.kwargs['bypass_url'] = get_entry(servers_endpoints, 'region',
region_name)['publicURL']
self.compute_conn = client.Client(**self.kwargs)
volume_endpoints = get_entry(self.catalog,
'type',
'volume',
raise_error=False).get('endpoints', {})
if volume_endpoints:
if region_name is not None:
self.kwargs['bypass_url'] = get_entry(volume_endpoints,
'region',
region_name)['publicURL']
self.volume_conn = client.Client(**self.kwargs)
if hasattr(self, 'extensions'):
self.expand_extensions()
else:
self.volume_conn = None
def main(self, argv):
# Parse args once to find version and debug settings
parser = self.get_base_parser(argv)
(args, args_list) = parser.parse_known_args(argv)
self.setup_debugging(args.debug)
self.extensions = []
do_help = args.help or not args_list or args_list[0] == 'help'
# bash-completion should not require authentication
skip_auth = do_help or (
'bash-completion' in argv)
if not args.os_compute_api_version:
api_version = api_versions.get_api_version(
DEFAULT_MAJOR_OS_COMPUTE_API_VERSION)
else:
api_version = api_versions.get_api_version(
args.os_compute_api_version)
auth_token = getattr(args, "os_token", None)
os_username = getattr(args, "os_username", None)
os_user_id = getattr(args, "os_user_id", None)
os_password = None # Fetched and set later as needed
os_project_name = getattr(
args, 'os_project_name', getattr(args, 'os_tenant_name', None))
os_project_id = getattr(
args, 'os_project_id', getattr(args, 'os_tenant_id', None))
os_auth_url = args.os_auth_url
os_region_name = args.os_region_name
if "v2.0" not in os_auth_url:
# NOTE(andreykurilin): assume that keystone V3 is used and try to
# be more user-friendly, i.e provide default values for domains
if (not args.os_project_domain_id and
not args.os_project_domain_name):
setattr(args, "os_project_domain_id", "default")
# os_user_domain_id is redundant in case of Token auth type
if not auth_token and (not args.os_user_domain_id and
not args.os_user_domain_name):
setattr(args, "os_user_domain_id", "default")
os_project_domain_id = args.os_project_domain_id
os_project_domain_name = args.os_project_domain_name
os_user_domain_id = getattr(args, "os_user_domain_id", None)
os_user_domain_name = getattr(args, "os_user_domain_name", None)
endpoint_type = args.endpoint_type
insecure = args.insecure
service_type = args.service_type
service_name = args.service_name
endpoint_override = args.endpoint_override
os_cache = args.os_cache
cacert = args.os_cacert
cert = args.os_cert
timeout = args.timeout
keystone_session = None
keystone_auth = None
if not endpoint_type:
endpoint_type = DEFAULT_NOVA_ENDPOINT_TYPE
# This allow users to use endpoint_type as (internal, public or admin)
# just like other openstack clients (glance, cinder etc)
if endpoint_type in ['internal', 'public', 'admin']:
endpoint_type += 'URL'
if not service_type:
# Note(alex_xu): We need discover version first, so if there isn't
# service type specified, we use default nova service type.
service_type = DEFAULT_NOVA_SERVICE_TYPE
# We should always auth unless we have a token and we're passing a
# specific endpoint
# Expired tokens are handled by client.py:_cs_request
must_auth = not (auth_token and endpoint_override)
# FIXME(usrleon): Here should be restrict for project id same as
# for os_username or os_password but for compatibility it is not.
if must_auth and not skip_auth:
if not any([auth_token, os_username, os_user_id]):
raise exc.CommandError(
_("You must provide a user name/id (via --os-username, "
"--os-user-id, env[OS_USERNAME] or env[OS_USER_ID]) or "
"an auth token (via --os-token)."))
if not any([os_project_name, os_project_id]):
raise exc.CommandError(_("You must provide a project name or"
" project ID via --os-project-name,"
" --os-project-id, env[OS_PROJECT_ID]"
" or env[OS_PROJECT_NAME]. You may"
" use os-project and os-tenant"
" interchangeably."))
if not os_auth_url:
raise exc.CommandError(
_("You must provide an auth url "
"via either --os-auth-url or env[OS_AUTH_URL]."))
# TODO(Shilpasd): need to provide support in python - novaclient
# for required options for below default auth type plugins:
# 1. v3oidcclientcredential
# 2. v3oidcpassword
# 3. v3oidcauthcode
# 4. v3oidcaccesstoken
# 5. v3oauth1
# 6. v3fedkerb
# 7. v3adfspassword
# 8. v3samlpassword
# 9. v3applicationcredential
# TODO(Shilpasd): need to provide support in python - novaclient
# for below extra keystoneauth auth type plugins:
# We will need to add code to support discovering of versions
# supported by the keystone service based on the auth_url similar
# to the one supported by glanceclient.
# 1. v3password
# 2. v3token
# 3. v3kerberos
# 4. v3totp
with utils.record_time(self.times, args.timings,
'auth_url', args.os_auth_url):
keystone_session = (
loading.load_session_from_argparse_arguments(args))
keystone_auth = (
loading.load_auth_from_argparse_arguments(args))
if (not skip_auth and
not any([os_project_name, os_project_id])):
raise exc.CommandError(_("You must provide a project name or"
" project id via --os-project-name,"
" --os-project-id, env[OS_PROJECT_ID]"
" or env[OS_PROJECT_NAME]. You may"
" use os-project and os-tenant"
" interchangeably."))
if not os_auth_url and not skip_auth:
raise exc.CommandError(
_("You must provide an auth url "
"via either --os-auth-url or env[OS_AUTH_URL]"))
additional_kwargs = {}
if osprofiler_profiler:
additional_kwargs["profile"] = args.profile
# This client is just used to discover api version. Version API needn't
# microversion, so we just pass version 2 at here.
self.cs = client.Client(
api_versions.APIVersion("2.0"),
os_username, os_password, project_id=os_project_id,
project_name=os_project_name, user_id=os_user_id,
auth_url=os_auth_url, insecure=insecure,
region_name=os_region_name, endpoint_type=endpoint_type,
extensions=self.extensions, service_type=service_type,
service_name=service_name, auth_token=auth_token,
timings=args.timings, endpoint_override=endpoint_override,
os_cache=os_cache, http_log_debug=args.debug,
cacert=cacert, cert=cert, timeout=timeout,
session=keystone_session, auth=keystone_auth,
logger=self.client_logger,
project_domain_id=os_project_domain_id,
project_domain_name=os_project_domain_name,
user_domain_id=os_user_domain_id,
user_domain_name=os_user_domain_name,
**additional_kwargs)
if not skip_auth:
if not api_version.is_latest():
if api_version > api_versions.APIVersion("2.0"):
if not api_version.matches(novaclient.API_MIN_VERSION,
novaclient.API_MAX_VERSION):
raise exc.CommandError(
_("The specified version isn't supported by "
"client. The valid version range is '%(min)s' "
"to '%(max)s'") % {
"min": novaclient.API_MIN_VERSION.get_string(),
"max": novaclient.API_MAX_VERSION.get_string()}
)
api_version = api_versions.discover_version(self.cs, api_version)
# build available subcommands based on version
self.extensions = client.discover_extensions(api_version)
self._run_extension_hooks('__pre_parse_args__')
subcommand_parser = self.get_subcommand_parser(
api_version, do_help=do_help, argv=argv)
self.parser = subcommand_parser
if args.help or not argv:
subcommand_parser.print_help()
return 0
args = subcommand_parser.parse_args(argv)
self._run_extension_hooks('__post_parse_args__', args)
# Short-circuit and deal with help right away.
if args.func == self.do_help:
self.do_help(args)
return 0
elif args.func == self.do_bash_completion:
self.do_bash_completion(args)
return 0
if not args.service_type:
service_type = (utils.get_service_type(args.func) or
DEFAULT_NOVA_SERVICE_TYPE)
if utils.isunauthenticated(args.func):
# NOTE(alex_xu): We need authentication for discover microversion.
# But the subcommands may needn't it. If the subcommand needn't,
# we clear the session arguments.
keystone_session = None
keystone_auth = None
# Recreate client object with discovered version.
self.cs = client.Client(
api_version,
os_username, os_password, project_id=os_project_id,
project_name=os_project_name, user_id=os_user_id,
auth_url=os_auth_url, insecure=insecure,
region_name=os_region_name, endpoint_type=endpoint_type,
extensions=self.extensions, service_type=service_type,
service_name=service_name, auth_token=auth_token,
timings=args.timings, endpoint_override=endpoint_override,
os_cache=os_cache, http_log_debug=args.debug,
cacert=cacert, cert=cert, timeout=timeout,
session=keystone_session, auth=keystone_auth,
project_domain_id=os_project_domain_id,
project_domain_name=os_project_domain_name,
user_domain_id=os_user_domain_id,
user_domain_name=os_user_domain_name)
args.func(self.cs, args)
if osprofiler_profiler and args.profile:
trace_id = osprofiler_profiler.get().get_base_id()
print("To display trace use the command:\n\n"
" osprofiler trace show --html %s " % trace_id)
if args.timings:
self._dump_timings(self.times + self.cs.get_timings())
help='Location of ca certificates file to use for nova client '
'requests.'),
cfg.BoolOpt('nova_api_insecure',
default=False,
help='Allow to perform insecure SSL requests to nova'),
]
CONF = cfg.CONF
CONF.register_opts(nova_opts)
LOG = logging.getLogger(__name__)
# TODO(e0ne): Make Nova version configurable in Mitaka.
NOVA_API_VERSION = 2
nova_extensions = [ext for ext in nova_client.discover_extensions(2)
if ext.name in ("assisted_volume_snapshots",
"list_extensions")]
def novaclient(context, admin_endpoint=False, privileged_user=False,
timeout=None):
"""Returns a Nova client
@param admin_endpoint: If True, use the admin endpoint template from
configuration ('nova_endpoint_admin_template' and 'nova_catalog_info')
@param privileged_user: If True, use the account from configuration
(requires 'os_privileged_user_name', 'os_privileged_user_password' and
'os_privileged_user_tenant' to be set)
@param timeout: Number of seconds to wait for an answer before raising a
Timeout exception (None to disable)
cfg.StrOpt("os_region_name", help="Region name of this node"),
cfg.StrOpt(
"nova_ca_certificates_file", help="Location of ca certificates file to use for nova client " "requests."
),
cfg.BoolOpt("nova_api_insecure", default=False, help="Allow to perform insecure SSL requests to nova"),
]
CONF = cfg.CONF
CONF.register_opts(nova_opts)
LOG = logging.getLogger(__name__)
# TODO(e0ne): Make Nova version configurable in Mitaka.
NOVA_API_VERSION = 2
nova_extensions = [ext for ext in nova_client.discover_extensions(2) if ext.name == "assisted_volume_snapshots"]
def novaclient(context, admin_endpoint=False, privileged_user=False, timeout=None):
"""Returns a Nova client
@param admin_endpoint: If True, use the admin endpoint template from
configuration ('nova_endpoint_admin_template' and 'nova_catalog_info')
@param privileged_user: If True, use the account from configuration
(requires 'os_privileged_user_name', 'os_privileged_user_password' and
'os_privileged_user_tenant' to be set)
@param timeout: Number of seconds to wait for an answer before raising a
Timeout exception (None to disable)
"""
# FIXME: the novaclient ServiceCatalog object is mis-named.
# It actually contains the entire access blob.
def has_extension(self, context, extension, timeout=None):
try:
nova_exts = nova_client.discover_extensions(NOVA_API_VERSION)
except request_exceptions.Timeout:
raise exception.APITimeout(service="Nova")
return extension in [e.name for e in nova_exts]