def start(self):
servicegroup.setup(CONF, self.binary, self.tg)
for endpoint in self.endpoints:
if hasattr(endpoint, 'init_containers'):
endpoint.init_containers(
context.get_admin_context(all_projects=True))
self.tg.add_dynamic_timer(
endpoint.run_periodic_tasks,
periodic_interval_max=CONF.periodic_interval_max,
context=context.get_admin_context(all_projects=True))
self._server.start()
def start(self):
servicegroup.setup(CONF, self.binary, self.tg)
periodic.setup(CONF, self.tg)
for endpoint in self.endpoints:
if isinstance(endpoint, compute_manager.Manager):
endpoint.init_containers(
context.get_admin_context(all_tenants=True))
self.tg.add_dynamic_timer(
endpoint.run_periodic_tasks,
periodic_interval_max=CONF.periodic_interval_max,
context=context.get_admin_context(all_tenants=True))
self._server.start()
def start(self):
servicegroup.setup(CONF, self.binary, self.tg)
for endpoint in self.endpoints:
if hasattr(endpoint, 'init_containers'):
endpoint.init_containers(
context.get_admin_context(all_projects=True))
self.tg.add_dynamic_timer(
endpoint.run_periodic_tasks,
periodic_interval_max=CONF.periodic_interval_max,
context=context.get_admin_context(all_projects=True)
)
self._server.start()
def _unbind_port(self, port_id):
port_req_body = {'port': {'device_id': '', 'device_owner': ''}}
port_req_body['port'][BINDING_HOST_ID] = None
try:
port = self.neutron_api.get_neutron_port(port_id)
except exception.PortNotFound:
LOG.debug('Unable to show port %s as it no longer '
'exists.', port_id)
return
except Exception:
# NOTE: In case we can't retrieve the binding:profile assume
# that they are empty
LOG.exception("Unable to get binding:profile for port '%s'",
port_id)
port_profile = {}
else:
port_profile = port.get(BINDING_PROFILE, {})
# NOTE: We're doing this to remove the binding information
# for the physical device but don't want to overwrite the other
# information in the binding profile.
for profile_key in ('pci_vendor_info', 'pci_slot'):
if profile_key in port_profile:
del port_profile[profile_key]
port_req_body['port'][BINDING_PROFILE] = port_profile
try:
# Requires admin creds to set port bindings
admin_context = zun_context.get_admin_context()
neutron_api = neutron.NeutronAPI(admin_context)
neutron_api.update_port(port_id, port_req_body)
except exception.PortNotFound:
LOG.debug('Unable to unbind port %s as it no longer '
'exists.', port_id)
except Exception:
LOG.exception("Unable to clear device ID for port '%s'", port_id)
def do_port_cleanup(self, addresses, port):
preserve_flag = addresses[0].get('preserve_on_delete')
port_id = port.get('id')
if preserve_flag:
port_req_body = {'port': {'device_id': '', 'device_owner': ''}}
port_req_body['port'][BINDING_HOST_ID] = None
port_req_body['port']['mac_address'] = port.get('mac_address')
port_req_body['port'][BINDING_PROFILE] = \
port.get(BINDING_PROFILE, {})
try:
# Requires admin creds to set port bindings
admin_context = zun_context.get_admin_context()
neutron_api = neutron.NeutronAPI(admin_context)
neutron_api.update_port(port_id, port_req_body)
except exception.PortNotFound:
LOG.debug(
'Unable to unbind port %s as it no longer '
'exists.', port_id)
except Exception:
LOG.exception("Unable to clear device ID for port '%s'",
port_id)
else:
try:
self.neutron_api.delete_port(port_id)
except exception.PortNotFound:
LOG.debug(
'Unable to delete port %s as it no longer '
'exists.', port_id)
def _write_cni_metadata(self, context, capsule, requested_networks):
neutron_api = neutron.NeutronAPI(context)
security_group_ids = utils.get_security_group_ids(
context, capsule.security_groups)
# TODO(hongbin): handle multiple nics
requested_network = requested_networks[0]
network_id = requested_network['network']
addresses, port = neutron_api.create_or_update_port(
capsule, network_id, requested_network, consts.DEVICE_OWNER_ZUN,
security_group_ids, set_binding_host=True)
capsule.addresses = {network_id: addresses}
neutron_api = neutron.NeutronAPI(zun_context.get_admin_context())
network = neutron_api.show_network(port['network_id'])['network']
subnets = {}
for fixed_ip in port['fixed_ips']:
subnet_id = fixed_ip['subnet_id']
subnets[subnet_id] = neutron_api.show_subnet(subnet_id)['subnet']
vif_plugin = port.get('binding:vif_type')
vif_obj = os_vif_util.neutron_to_osvif_vif(vif_plugin, port, network,
subnets)
state = objects.vif.VIFState(default_vif=vif_obj)
state_dict = state.obj_to_primitive()
capsule.cni_metadata = {consts.CNI_METADATA_VIF: state_dict}
capsule.save(context)
def new_websocket_client(self):
"""Called after a new WebSocket connection has been established."""
# Reopen the eventlet hub to make sure we don't share an epoll
# fd with parent and/or siblings, which would be bad
from eventlet import hubs
hubs.use_hub()
# The zun expected behavior is to have token
# passed to the method GET of the request
parse = urlparse.urlparse(self.path)
if parse.scheme not in ('http', 'https'):
# From a bug in urlparse in Python < 2.7.4 we cannot support
# special schemes (cf: https://bugs.python.org/issue9374)
if sys.version_info < (2, 7, 4):
raise exception.ZunException(
_("We do not support scheme '%s' under Python < 2.7.4, "
"please use http or https") % parse.scheme)
query = parse.query
token = urlparse.parse_qs(query).get("token", [""]).pop()
uuid = urlparse.parse_qs(query).get("uuid", [""]).pop()
exec_id = urlparse.parse_qs(query).get("exec_id", [""]).pop()
ctx = context.get_admin_context(all_projects=True)
if uuidutils.is_uuid_like(uuid):
container = objects.Container.get_by_uuid(ctx, uuid)
else:
container = objects.Container.get_by_name(ctx, uuid)
if exec_id:
self._new_exec_client(container, token, uuid, exec_id)
else:
self._new_websocket_client(container, token, uuid)
def _get_subnetpool(self, subnet):
# NOTE(kiennt): Elevate admin privilege to list all subnetpools
# across projects.
admin_context = zun_context.get_admin_context()
neutron_api = neutron.NeutronAPI(admin_context)
subnetpool_id = subnet.get('subnetpool_id')
if self._check_valid_subnetpool(neutron_api, subnetpool_id,
subnet['cidr']):
return subnetpool_id
# NOTE(kiennt): Subnetpool which was created by Kuryr-libnetwork
# will be tagged with subnet_id.
kwargs = {
'tags': [subnet['id']],
}
subnetpools = \
neutron_api.list_subnetpools(**kwargs).get('subnetpools', [])
if not subnetpools:
return None
elif len(subnetpools) > 1:
raise exception.ZunException(_(
'Multiple Neutron subnetpools exist with prefixes %s'),
subnet['cidr'])
else:
return subnetpools[0]['id']
def new_websocket_client(self):
"""Called after a new WebSocket connection has been established."""
# Reopen the eventlet hub to make sure we don't share an epoll
# fd with parent and/or siblings, which would be bad
from eventlet import hubs
hubs.use_hub()
# The zun expected behavior is to have token
# passed to the method GET of the request
parse = urlparse.urlparse(self.path)
if parse.scheme not in ('http', 'https'):
# From a bug in urlparse in Python < 2.7.4 we cannot support
# special schemes (cf: https://bugs.python.org/issue9374)
if sys.version_info < (2, 7, 4):
raise exception.ZunException(
_("We do not support scheme '%s' under Python < 2.7.4, "
"please use http or https") % parse.scheme)
query = parse.query
token = urlparse.parse_qs(query).get("token", [""]).pop()
uuid = urlparse.parse_qs(query).get("uuid", [""]).pop()
exec_id = urlparse.parse_qs(query).get("exec_id", [""]).pop()
ctx = context.get_admin_context(all_projects=True)
if uuidutils.is_uuid_like(uuid):
container = objects.Container.get_by_uuid(ctx, uuid)
else:
container = objects.Container.get_by_name(ctx, uuid)
if exec_id:
self._new_exec_client(container, token, uuid, exec_id)
else:
self._new_websocket_client(container, token, uuid)
def setUp(self):
super(TestProviderTree, self).setUp()
self.context = context.get_admin_context()
self.compute_node1 = utils.get_test_compute_node(
self.context, uuid=uuids.cn1, hostname='compute-node-1')
self.compute_node2 = utils.get_test_compute_node(
self.context, uuid=uuids.cn2, hostname='compute-node-2')
self.compute_nodes = [self.compute_node1, self.compute_node2]
def __init__(self, worker_id, registry):
super(CNIDaemonWatcherService, self).__init__(worker_id)
self.registry = registry
self.host = CONF.host
self.context = zun_context.get_admin_context(all_projects=True)
self.neutron_api = neutron.NeutronAPI(self.context)
self.periodic = periodics.PeriodicWorker.create(
[],
executor_factory=lambda: futures.ThreadPoolExecutor(max_workers=1))
def setup(binary, host):
if CONF.profiler.enabled:
profiler_initializer.init_from_conf(
conf=CONF,
context=context.get_admin_context().to_dict(),
project="zun",
service=binary,
host=host)
LOG.info('OSProfiler is enabled.')
def start(self):
servicegroup.setup(CONF, self.binary, self.tg)
periodic.setup(CONF, self.tg)
for endpoint in self.endpoints:
self.tg.add_dynamic_timer(
endpoint.run_periodic_tasks,
periodic_interval_max=CONF.periodic_interval_max,
context=context.get_admin_context(all_tenants=True))
self._server.start()
def setup(binary, host):
if profiler_initializer and CONF.profiler.enabled:
profiler_initializer.init_from_conf(
conf=CONF,
context=context.get_admin_context().to_dict(),
project="zun",
service=binary,
host=host)
LOG.info('OSProfiler is enabled.')
def _get_phynet_info(self, context, net_id):
# NOTE(hongbin): Use admin context here because non-admin users are
# unable to retrieve provider:* attributes.
admin_context = zun_context.get_admin_context()
neutron_api = neutron.NeutronAPI(admin_context)
network = neutron_api.show_network(net_id,
fields='provider:physical_network')
net = network.get('network')
phynet_name = net.get('provider:physical_network')
return phynet_name
def setUp(self):
super(PciDevTrackerTestCase, self).setUp()
self.fake_context = context.get_admin_context()
self.fake_devs = fake_db_devs[:]
self.stub_out('zun.db.api.get_all_pci_device_by_node',
self._fake_get_pci_devices)
# The fake_pci_whitelist must be called before creating the fake
# devices
patcher = pci_fakes.fake_pci_whitelist()
self.addCleanup(patcher.stop)
self._create_tracker(fake_db_devs[:])
def setUp(self):
super(PciDevTrackerTestCase, self).setUp()
self.fake_context = context.get_admin_context()
self.fake_devs = fake_db_devs[:]
self.stub_out('zun.db.api.get_all_pci_device_by_node',
self._fake_get_pci_devices)
# The fake_pci_whitelist must be called before creating the fake
# devices
patcher = pci_fakes.fake_pci_whitelist()
self.addCleanup(patcher.stop)
self._create_tracker(fake_db_devs[:])
def process_networking_config(self,
container,
requested_network,
host_config,
container_kwargs,
docker,
security_group_ids=None):
network_id = requested_network['network']
addresses, port = self.neutron_api.create_or_update_port(
container,
network_id,
requested_network,
consts.DEVICE_OWNER_ZUN,
security_group_ids,
set_binding_host=True)
container.addresses = {network_id: addresses}
admin_neutron_api = neutron.NeutronAPI(zun_context.get_admin_context())
network = admin_neutron_api.show_network(port['network_id'])['network']
subnets = {}
for fixed_ip in port['fixed_ips']:
subnet_id = fixed_ip['subnet_id']
subnets[subnet_id] = \
admin_neutron_api.show_subnet(subnet_id)['subnet']
vif_plugin = port.get('binding:vif_type')
vif_obj = os_vif_util.neutron_to_osvif_vif(vif_plugin, port, network,
subnets)
state = objects.vif.VIFState(default_vif=vif_obj)
state_dict = state.obj_to_primitive()
container.cni_metadata = {consts.CNI_METADATA_VIF: state_dict}
container.save(self.context)
host_config['network_mode'] = 'none'
container_kwargs['mac_address'] = port['mac_address']
# We manipulate entrypoint and command parameters in here.
token = (container.entrypoint or []) + (container.command or [])
new_command = ZUN_INIT + ' '.join(shlex.quote(t) for t in token)
new_entrypoint = ['/bin/sh', '-c']
container_kwargs['entrypoint'] = new_entrypoint
container_kwargs['command'] = [new_command]
def add_security_groups_to_ports(self, container, security_group_ids):
container_id = container.get_sandbox_id()
if not container_id:
container_id = container.container_id
port_ids = set()
for addrs_list in container.addresses.values():
for addr in addrs_list:
port_id = addr['port']
port_ids.add(port_id)
search_opts = {'tenant_id': self.context.project_id}
neutron_ports = self.neutron_api.list_ports(**search_opts).get(
'ports', [])
neutron_ports = [p for p in neutron_ports if p['id'] in port_ids]
for port in neutron_ports:
if 'security_groups' not in port:
port['security_groups'] = []
port['security_groups'].extend(security_group_ids)
updated_port = {'security_groups': port['security_groups']}
try:
LOG.info(
"Adding security group %(security_group_ids)s "
"to port %(port_id)s", {
'security_group_ids': security_group_ids,
'port_id': port['id']
})
admin_context = zun_context.get_admin_context()
neutron_api = neutron.NeutronAPI(admin_context)
neutron_api.update_port(port['id'], {'port': updated_port})
except exceptions.NeutronClientException as e:
exc_info = sys.exc_info()
if e.status_code == 400:
raise exception.SecurityGroupCannotBeApplied(
six.text_type(e))
else:
six.reraise(*exc_info)
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception("Neutron Error:")
def setUp(self):
cfg.CONF.set_override('db_type', 'sql')
super(DbPciDeviceTestCase, self).setUp()
self.admin_context = context.get_admin_context()
self._compute_node = None
self.ignored_keys = ['id', 'updated_at', 'created_at']
def setUp(self):
super(DBQuotaTestCase, self).setUp()
self.ctx = context.get_admin_context()
self.project_id = 'fake_project_id'
self.resource = 'containers'
self.limit = 100
def new_websocket_client(self):
"""Called after a new WebSocket connection has been established."""
# Reopen the eventlet hub to make sure we don't share an epoll
# fd with parent and/or siblings, which would be bad
from eventlet import hubs
hubs.use_hub()
# The zun expected behavior is to have token
# passed to the method GET of the request
parse = urlparse.urlparse(self.path)
if parse.scheme not in ('http', 'https'):
# From a bug in urlparse in Python < 2.7.4 we cannot support
# special schemes (cf: https://bugs.python.org/issue9374)
if sys.version_info < (2, 7, 4):
raise exception.ZunException(
_("We do not support scheme '%s' under Python < 2.7.4, "
"please use http or https") % parse.scheme)
query = parse.query
token = urlparse.parse_qs(query).get("token", [""]).pop()
uuid = urlparse.parse_qs(query).get("uuid", [""]).pop()
dbapi = db_api._get_dbdriver_instance()
ctx = context.get_admin_context(all_tenants=True)
if uuidutils.is_uuid_like(uuid):
container = dbapi.get_container_by_uuid(ctx, uuid)
else:
container = dbapi.get_container_by_name(ctx, uuid)
if token != container.websocket_token:
raise exception.InvalidWebsocketToken(token)
access_url = '%s?token=%s&uuid=%s' % (CONF.websocket_proxy.base_url,
token, uuid)
# Verify Origin
expected_origin_hostname = self.headers.get('Host')
if ':' in expected_origin_hostname:
e = expected_origin_hostname
if '[' in e and ']' in e:
expected_origin_hostname = e.split(']')[0][1:]
else:
expected_origin_hostname = e.split(':')[0]
expected_origin_hostnames = CONF.websocket_proxy.allowed_origins
expected_origin_hostnames.append(expected_origin_hostname)
origin_url = self.headers.get('Origin')
# missing origin header indicates non-browser client which is OK
if origin_url is not None:
origin = urlparse.urlparse(origin_url)
origin_hostname = origin.hostname
origin_scheme = origin.scheme
if origin_hostname == '' or origin_scheme == '':
detail = _("Origin header not valid.")
raise exception.ValidationError(detail)
if origin_hostname not in expected_origin_hostnames:
detail = _("Origin header does not match this host.")
raise exception.ValidationError(detail)
if not self.verify_origin_proto(access_url, origin_scheme):
detail = _("Origin header protocol does not match this host.")
raise exception.ValidationError(detail)
if container.websocket_url:
target_url = container.websocket_url
escape = "~"
close_wait = 0.5
wscls = WebSocketClient(host_url=target_url,
escape=escape,
close_wait=close_wait)
wscls.connect()
self.target = wscls
else:
raise exception.InvalidWebsocketUrl()
# Start proxying
try:
self.do_proxy(self.target.ws)
except Exception as e:
if self.target.ws:
self.target.ws.close()
self.vmsg(_("%Websocket client or target closed"))
raise
def create_or_update_port(self, container, network_name,
requested_network, security_groups=None):
if requested_network.get('port'):
neutron_port_id = requested_network.get('port')
neutron_port = self.neutron_api.get_neutron_port(neutron_port_id)
# NOTE(hongbin): If existing port is specified, security_group_ids
# is ignored because existing port already has security groups.
# We might revisit this behaviour later. Alternatively, we could
# either throw an exception or overwrite the port's security
# groups.
if not container.security_groups:
container.security_groups = []
if neutron_port.get('security_groups'):
for sg in neutron_port['security_groups']:
if sg not in container.security_groups:
container.security_groups += [sg]
container.save(self.context)
# update device_id in port
port_req_body = {'port': {'device_id': container.uuid}}
self.neutron_api.update_port(neutron_port_id, port_req_body)
# If there is pci_request_id, it should be a sriov port.
# populate pci related info.
pci_request_id = requested_network.get('pci_request_id')
if pci_request_id:
self._populate_neutron_extension_values(container,
pci_request_id,
port_req_body)
self._populate_pci_mac_address(container,
pci_request_id,
port_req_body)
# NOTE(hongbin): Use admin context here because non-admin
# context might not be able to update some attributes
# (i.e. binding:profile).
admin_context = zun_context.get_admin_context()
neutron_api = neutron.NeutronAPI(admin_context)
neutron_api.update_port(neutron_port_id, port_req_body)
else:
network = self.inspect_network(network_name)
neutron_net_id = network['Options']['neutron.net.uuid']
port_dict = {
'network_id': neutron_net_id,
'tenant_id': self.context.project_id,
'device_id': container.uuid,
}
ip_addr = requested_network.get("v4-fixed-ip") or requested_network.\
get("v6-fixed-ip")
if ip_addr:
port_dict['fixed_ips'] = [{'ip_address': ip_addr}]
if security_groups is not None:
port_dict['security_groups'] = security_groups
neutron_port = self.neutron_api.create_port({'port': port_dict})
neutron_port = neutron_port['port']
preserve_on_delete = requested_network['preserve_on_delete']
addresses = []
for fixed_ip in neutron_port['fixed_ips']:
ip_address = fixed_ip['ip_address']
ip = ipaddress.ip_address(six.text_type(ip_address))
if ip.version == 4:
addresses.append({
'addr': ip_address,
'version': 4,
'port': neutron_port['id'],
'subnet_id': fixed_ip['subnet_id'],
'preserve_on_delete': preserve_on_delete
})
else:
addresses.append({
'addr': ip_address,
'version': 6,
'port': neutron_port['id'],
'subnet_id': fixed_ip['subnet_id'],
'preserve_on_delete': preserve_on_delete
})
return addresses, neutron_port
def handler(self, ctx):
ctx = context.get_admin_context()
func(self, ctx)
def setUp(self):
super(DBQuotaClassesTestCase, self).setUp()
self.ctx = context.get_admin_context()
self.class_name = 'default'
self.resource = 'containers'
self.limit = 100
def handler(self, ctx):
if ctx is None:
ctx = context.get_admin_context(all_tenants=True)
func(self, ctx)
def create_or_update_port(self,
container,
network_name,
requested_network,
security_groups=None):
if requested_network.get('port'):
neutron_port_id = requested_network.get('port')
neutron_port = self.neutron_api.get_neutron_port(neutron_port_id)
# update device_id in port
port_req_body = {'port': {'device_id': container.uuid}}
self.neutron_api.update_port(neutron_port_id, port_req_body)
# If there is pci_request_id, it should be a sriov port.
# populate pci related info.
pci_request_id = requested_network.get('pci_request_id')
if pci_request_id:
self._populate_neutron_extension_values(
container, pci_request_id, port_req_body)
self._populate_pci_mac_address(container, pci_request_id,
port_req_body)
# NOTE(hongbin): Use admin context here because non-admin
# context might not be able to update some attributes
# (i.e. binding:profile).
admin_context = zun_context.get_admin_context()
neutron_api = neutron.NeutronAPI(admin_context)
neutron_api.update_port(neutron_port_id, port_req_body)
else:
network = self.inspect_network(network_name)
neutron_net_id = network['Options']['neutron.net.uuid']
port_dict = {
'network_id': neutron_net_id,
'tenant_id': self.context.project_id,
'device_id': container.uuid,
}
ip_addr = requested_network.get("fixed_ip")
if ip_addr:
port_dict['fixed_ips'] = [{'ip_address': ip_addr}]
if security_groups is not None:
port_dict['security_groups'] = security_groups
neutron_port = self.neutron_api.create_port({'port': port_dict})
neutron_port = neutron_port['port']
preserve_on_delete = requested_network['preserve_on_delete']
addresses = []
for fixed_ip in neutron_port['fixed_ips']:
ip_address = fixed_ip['ip_address']
ip = ipaddress.ip_address(six.text_type(ip_address))
if ip.version == 4:
addresses.append({
'addr': ip_address,
'version': 4,
'port': neutron_port['id'],
'subnet_id': fixed_ip['subnet_id'],
'preserve_on_delete': preserve_on_delete
})
else:
addresses.append({
'addr': ip_address,
'version': 6,
'port': neutron_port['id'],
'subnet_id': fixed_ip['subnet_id'],
'preserve_on_delete': preserve_on_delete
})
return addresses, neutron_port
def setUp(self):
super(DbPciDeviceTestCase, self).setUp()
self.admin_context = context.get_admin_context()
self._compute_node = None
self.ignored_keys = ['id', 'updated_at', 'created_at']
def __init__(self, registry):
self.registry = registry
self.host = CONF.host
self.context = zun_context.get_admin_context(all_projects=True)
self.neutron_api = neutron.NeutronAPI(self.context)
def _get_admin_client(self):
if self.admin_client is None:
context = zun_context.get_admin_context()
self.admin_client = clients.OpenStackClients(context).neutron()
return self.admin_client
def _get_admin_client(self):
if self.admin_client is None:
context = zun_context.get_admin_context()
self.admin_client = clients.OpenStackClients(context).neutron()
return self.admin_client
def test_request_context_sets_is_admin(self):
ctxt = zun_context.get_admin_context()
self.assertTrue(ctxt.is_admin)
