def create_cluster(values):
ctx = context.ctx()
cluster = conductor.cluster_create(ctx, values)
plugin = plugin_base.PLUGINS.get_plugin(cluster.plugin_name)
# update nodegroup image usernames
for nodegroup in cluster.node_groups:
conductor.node_group_update(
ctx, nodegroup,
{"image_username": INFRA.get_node_group_image_username(nodegroup)})
cluster = conductor.cluster_get(ctx, cluster)
# validating cluster
try:
cluster = conductor.cluster_update(ctx, cluster,
{"status": "Validating"})
LOG.info(g.format_cluster_status(cluster))
plugin.validate(cluster)
except Exception as e:
with excutils.save_and_reraise_exception():
cluster = conductor.cluster_update(ctx, cluster,
{"status": "Error",
"status_description": str(e)})
LOG.info(g.format_cluster_status(cluster))
context.spawn("cluster-creating-%s" % cluster.id,
_provision_cluster, cluster.id)
if CONF.use_identity_api_v3 and cluster.is_transient:
trusts.create_trust(cluster)
return conductor.cluster_get(ctx, cluster.id)
def test_create_trust(self, user_id_from_auth, project_id_from_auth,
client_from_auth):
project_id_from_auth.return_value = 'tenant_id'
user_id_from_auth.side_effect = ['trustor_id', 'trustee_id']
trustor = 'trustor_id'
trustee = 'trustee_id'
client = self._client()
client_from_auth.return_value = client
trust_id = trusts.create_trust(trustor, trustee,
"role_names")
client.trusts.create.assert_called_with(
trustor_user="******",
trustee_user="******",
impersonation=True,
role_names="role_names",
project="tenant_id",
allow_redelegation=False,
)
self.assertEqual("trust_id", trust_id)
user_id_from_auth.side_effect = ['trustor_id', 'trustee_id']
client = self._client()
client_from_auth.return_value = client
trust_id = trusts.create_trust(trustor, trustee, "role_names",
project_id='injected_project')
client.trusts.create.assert_called_with(trustor_user="******",
trustee_user="******",
impersonation=True,
role_names="role_names",
project="injected_project",
allow_redelegation=False)
self.assertEqual("trust_id", trust_id)
def create_cluster(values):
ctx = context.ctx()
cluster = conductor.cluster_create(ctx, values)
plugin = plugin_base.PLUGINS.get_plugin(cluster.plugin_name)
# update nodegroup image usernames
for nodegroup in cluster.node_groups:
conductor.node_group_update(
ctx, nodegroup,
{"image_username": INFRA.get_node_group_image_username(nodegroup)})
cluster = conductor.cluster_get(ctx, cluster)
# validating cluster
try:
cluster = conductor.cluster_update(ctx, cluster,
{"status": "Validating"})
LOG.info(g.format_cluster_status(cluster))
plugin.validate(cluster)
except Exception as e:
with excutils.save_and_reraise_exception():
cluster = conductor.cluster_update(ctx, cluster, {
"status": "Error",
"status_description": str(e)
})
LOG.info(g.format_cluster_status(cluster))
context.spawn("cluster-creating-%s" % cluster.id, _provision_cluster,
cluster.id)
if CONF.use_identity_api_v3 and cluster.is_transient:
trusts.create_trust(cluster)
return conductor.cluster_get(ctx, cluster.id)
def _provision_cluster(cluster_id):
ctx, cluster, plugin = _prepare_provisioning(cluster_id)
if CONF.use_identity_api_v3 and cluster.is_transient:
trusts.create_trust(cluster)
# updating cluster infra
cluster = conductor.cluster_update(ctx, cluster,
{"status": "InfraUpdating"})
LOG.info(g.format_cluster_status(cluster))
plugin.update_infra(cluster)
# creating instances and configuring them
cluster = conductor.cluster_get(ctx, cluster_id)
INFRA.create_cluster(cluster)
# configure cluster
cluster = conductor.cluster_update(ctx, cluster, {"status": "Configuring"})
LOG.info(g.format_cluster_status(cluster))
try:
plugin.configure_cluster(cluster)
except Exception as ex:
LOG.exception("Can't configure cluster '%s' (reason: %s)",
cluster.name, ex)
cluster = conductor.cluster_update(ctx, cluster, {"status": "Error"})
LOG.info(g.format_cluster_status(cluster))
return
# starting prepared and configured cluster
cluster = conductor.cluster_update(ctx, cluster, {"status": "Starting"})
LOG.info(g.format_cluster_status(cluster))
try:
plugin.start_cluster(cluster)
except Exception as ex:
LOG.exception("Can't start services for cluster '%s' (reason: %s)",
cluster.name, ex)
cluster = conductor.cluster_update(ctx, cluster, {"status": "Error"})
LOG.info(g.format_cluster_status(cluster))
return
# cluster is now up and ready
cluster = conductor.cluster_update(ctx, cluster, {"status": "Active"})
LOG.info(g.format_cluster_status(cluster))
# schedule execution pending job for cluster
for je in conductor.job_execution_get_all(ctx, cluster_id=cluster.id):
job_manager.run_job(je.id)
def _provision_cluster(cluster_id):
ctx, cluster, plugin = _prepare_provisioning(cluster_id)
if CONF.use_identity_api_v3 and cluster.is_transient:
trusts.create_trust(cluster)
# updating cluster infra
cluster = conductor.cluster_update(ctx, cluster,
{"status": "InfraUpdating"})
LOG.info(g.format_cluster_status(cluster))
plugin.update_infra(cluster)
# creating instances and configuring them
cluster = conductor.cluster_get(ctx, cluster_id)
INFRA.create_cluster(cluster)
# configure cluster
cluster = conductor.cluster_update(ctx, cluster, {"status": "Configuring"})
LOG.info(g.format_cluster_status(cluster))
try:
plugin.configure_cluster(cluster)
except Exception as ex:
LOG.exception("Can't configure cluster '%s' (reason: %s)",
cluster.name, ex)
cluster = conductor.cluster_update(ctx, cluster, {"status": "Error"})
LOG.info(g.format_cluster_status(cluster))
return
# starting prepared and configured cluster
cluster = conductor.cluster_update(ctx, cluster, {"status": "Starting"})
LOG.info(g.format_cluster_status(cluster))
try:
plugin.start_cluster(cluster)
except Exception as ex:
LOG.exception("Can't start services for cluster '%s' (reason: %s)",
cluster.name, ex)
cluster = conductor.cluster_update(ctx, cluster, {"status": "Error"})
LOG.info(g.format_cluster_status(cluster))
return
# cluster is now up and ready
cluster = conductor.cluster_update(ctx, cluster, {"status": "Active"})
LOG.info(g.format_cluster_status(cluster))
# schedule execution pending job for cluster
for je in conductor.job_execution_get_all(ctx, cluster_id=cluster.id):
job_manager.run_job(je.id)
def test_delete_trust(self, trust, auth_for_admin, client_from_auth):
client = self._client()
client_from_auth.return_value = client
trust.return_value = 'test_id'
trustor_auth = mock.Mock()
trustee_auth = mock.Mock()
auth_for_admin.return_value = trustee_auth
trust_id = trusts.create_trust(trustor_auth, trustee_auth,
"role_names")
trusts.delete_trust(trustee_auth, trust_id)
client.trusts.delete.assert_called_with(trust_id)
def test_create_trust(self):
trustor = self._trustor()
trustee = mock.Mock(user_id="trustee_id")
trust_id = trusts.create_trust(trustor, trustee,
"role_names", expires=True)
trustor.trusts.create.assert_called_with(
trustor_user="******",
trustee_user="******",
impersonation=True,
role_names="role_names",
project="tenant_id",
expires_at=mock.ANY
)
self.assertEqual("trust_id", trust_id)
def create_proxy_user_for_job_execution(job_execution):
'''Creates a proxy user and adds the credentials to the job execution
:param job_execution: The job execution model to update
'''
username = '******'.format(job_execution.id)
password = key_manager.store_secret(proxy_user_create(username))
current_user = k.auth()
proxy_user = k.auth_for_proxy(username, password)
trust_id = t.create_trust(trustor=current_user,
trustee=proxy_user,
role_names=CONF.proxy_user_role_names)
update = {'job_configs': job_execution.job_configs.to_dict()}
update['job_configs']['proxy_configs'] = {
'proxy_username': username,
'proxy_password': password,
'proxy_trust_id': trust_id
}
conductor.job_execution_update(context.ctx(), job_execution, update)
def create_proxy_user_for_job_execution(job_execution):
'''Creates a proxy user and adds the credentials to the job execution
:param job_execution: The job execution model to update
'''
username = '******'.format(job_execution.id)
password = key_manager.store_secret(proxy_user_create(username))
current_user = k.auth()
proxy_user = k.auth_for_proxy(username, password)
trust_id = t.create_trust(trustor=current_user,
trustee=proxy_user,
role_names=CONF.proxy_user_role_names)
update = {'job_configs': job_execution.job_configs.to_dict()}
update['job_configs']['proxy_configs'] = {
'proxy_username': username,
'proxy_password': password,
'proxy_trust_id': trust_id
}
conductor.job_execution_update(context.ctx(), job_execution, update)
def create_proxy_user_for_cluster(cluster):
'''Creates a proxy user and adds the credentials to the cluster
:param cluster: The cluster model to update
'''
if cluster.cluster_configs.get('proxy_configs'):
return cluster
username = '******'.format(cluster.id)
password = key_manager.store_secret(proxy_user_create(username))
current_user = k.auth()
proxy_user = k.auth_for_proxy(username, password)
trust_id = t.create_trust(trustor=current_user,
trustee=proxy_user,
role_names=CONF.proxy_user_role_names)
update = {'cluster_configs': cluster.cluster_configs.to_dict()}
update['cluster_configs']['proxy_configs'] = {
'proxy_username': username,
'proxy_password': password,
'proxy_trust_id': trust_id
}
return conductor.cluster_update(context.ctx(), cluster, update)
def create_proxy_user_for_cluster(cluster):
'''Creates a proxy user and adds the credentials to the cluster
:param cluster: The cluster model to update
'''
if cluster.cluster_configs.get('proxy_configs'):
return cluster
username = '******'.format(cluster.id)
password = key_manager.store_secret(proxy_user_create(username))
current_user = k.auth()
proxy_user = k.auth_for_proxy(username, password)
trust_id = t.create_trust(trustor=current_user,
trustee=proxy_user,
role_names=CONF.proxy_user_role_names)
update = {'cluster_configs': cluster.cluster_configs.to_dict()}
update['cluster_configs']['proxy_configs'] = {
'proxy_username': username,
'proxy_password': password,
'proxy_trust_id': trust_id
}
return conductor.cluster_update(context.ctx(), cluster, update)