def write_rest():
PASSWORD = '******'
AUTH_URL = 'http://10.50.2.123:5000/v2.0'
USERNAME = '******'
TENANT_NAME = 'admin'
auth = keystoneclient.auth.identity.v2.Password(auth_url=AUTH_URL,
username=USERNAME,
password=PASSWORD,
tenant_name=TENANT_NAME)
session = keystoneclient.session.Session(auth=auth)
congress = client.Client(session=session,
auth=None,
interface='publicURL',
service_type='policy',
region_name='RegionOne')
script_dir = os.path.dirname(os.path.realpath(__file__))
logfile = script_dir + '/log_os_connect.log'
logf = open(logfile, 'a')
logf.write(str(datetime.datetime.today()) + '\n')
logf.write(str(congress.list_datasources()) + '\n')
logf.write(str(datetime.datetime.today()) + '\n')
logf.write('\n==================================\n')
logf.close
def init_collectd(self):
write_debug(
"Compute node collectd monitor start at %s\n\n" %
datetime.now().isoformat(), "w", self.compute_user)
if self.inspector_type == 'sample':
self.inspector_url = ('http://%s:12345/events' % self.control_ip)
elif self.inspector_type == 'congress':
loader = loading.get_plugin_loader('password')
self.auth = loader.load_from_options(
auth_url=self.os_auth_url,
username=self.os_username,
password=self.os_password,
project_name=self.os_project_name,
user_domain_name=self.os_user_domain_name,
user_domain_id=self.os_user_domain_id,
project_domain_name=self.os_project_domain_name,
project_domain_id=self.os_project_domain_id)
self.sess = session.Session(auth=self.auth)
congress = client.Client(session=self.sess, service_type='policy')
ds = congress.list_datasources()['results']
doctor_ds = next(
(item for item in ds if item['driver'] == 'doctor'), None)
congress_endpoint = \
congress.httpclient.get_endpoint(auth=self.auth)
self.inspector_url = ('%s/v1/data-sources/%s/tables/events/rows' %
(congress_endpoint, doctor_ds['id']))
else:
sys.exit()
self.start_notifications = 1
def congress_client():
auth = keystoneclient.auth.identity.v2.Password(
auth_url=CONF.identity.uri,
username=CONF.identity.admin_username,
password=CONF.identity.admin_password,
tenant_name=CONF.identity.admin_tenant_name)
session = keystoneclient.session.Session(auth=auth)
return cclient.Client(session=session, service_type='policy')
def _create_client(self):
if not congress_client:
# congress client was not imported
raise ImportError("Import congresscliet error")
return congress_client.Client(
**auth_utils.get_session_client_parameters(
service_type='policy',
execution_session=self._execution_session))
def factory(keystone_client, auth_token):
auth = keystoneclient.auth.identity.v2.Token(
auth_url=cfg.CONF.keystone_authtoken.auth_uri,
tenant_name=keystone_client.tenant_name,
token=auth_token)
session = keystoneclient.session.Session(auth=auth)
return congress_client.Client(session=session,
service_type='policy')
def congress_client():
auth = identity.v3.Password(
auth_url=CONF.identity.uri_v3,
username=CONF.auth.admin_username,
password=CONF.auth.admin_password,
project_name=CONF.auth.admin_project_name,
user_domain_name=CONF.auth.admin_domain_name,
project_domain_name=CONF.auth.admin_domain_name)
session = ksasession.Session(auth=auth)
return cclient.Client(session=session, service_type='policy')
def create_client(self, port_num):
creds = self.admin_credentials()
auth = keystoneclient.auth.identity.v2.Password(
auth_url=CONF.identity.uri,
username=creds.username,
password=creds.password,
tenant_name=creds.tenant_name)
session = keystoneclient.session.Session(auth=auth)
return congress_client.Client(
session=session,
auth=None,
endpoint_override='http://127.0.0.1:%d' % port_num,
region_name=CONF.identity.region)
def _get_congress_client():
auth_url = 'http://16.111.37.119:5000/v2.0'
auth = keystoneclient.auth.identity.v2.Password(
auth_url="http://16.111.37.119:5000/v2.0",
username="******",
password="******",
tenant_name="admin")
session = keystoneclient.session.Session(auth=auth)
return client.Client(session=session,
auth=None,
interface='publicURL',
service_type='policy',
region_name='RegionOne')
def congressclient(request):
"""Instantiate Congress client."""
auth_url = getattr(settings, 'OPENSTACK_KEYSTONE_URL')
user = request.user
session = get_keystone_session(auth_url, user)
region_name = user.services_region
kwargs = {
'session': session,
'auth': None,
'interface': 'publicURL',
'service_type': 'policy',
'region_name': region_name
}
return congress_client.Client(**kwargs)
def _get_congress_client(self):
auth_url = '%s/v2.0' % (cfg.CONF.keystone_authtoken.auth_uri)
# auth_url='%s/v2.0'%(cfg.CONF.congress_driver.auth_uri)
auth = keystoneclient.auth.identity.v2.Password(
auth_url=auth_url,
username=cfg.CONF.congress_driver.congress_username,
password=cfg.CONF.congress_driver.congress_password,
tenant_name=cfg.CONF.congress_driver.congress_tenant)
session = keystoneclient.session.Session(auth=auth)
return client.Client(session=session,
auth=None,
interface='publicURL',
service_type='policy',
region_name='RegionOne')
def _get_congress_client ():
#auth_url='%s/v2.0'%(cfg.CONF.keystone_authtoken.auth_uri)
auth_url='http://16.111.37.119:5000/v2.0'
auth = keystoneclient.auth.identity.v2.Password(
auth_url="http://16.111.37.119:5000/v2.0", username="******",
password="******", tenant_name="admin")
#auth_url=auth_url,
#username=cfg.CONF.congress_driver.congress_username,
#password=cfg.CONF.congress_driver.congress_password,
#tenant_name=cfg.CONF.congress_driver.congress_tenant)
session = keystoneclient.session.Session(auth=auth)
return client.Client(session=session,
auth=None,
interface='publicURL',
service_type='policy',
region_name='RegionOne')
def configure(self, conf):
for node in conf.children:
if node.key == "Username":
username = node.values[0]
elif node.key == "Password":
password = node.values[0]
elif node.key == "TenantName":
tenant = node.values[0]
elif node.key == "AuthURL":
auth_url = node.values[0]
auth = keystoneclient.auth.identity.v2.Password(
auth_url=auth_url, username=username,
password=password, tenant_name=tenant)
session = keystoneclient.session.Session(auth=auth)
self.congress = client.Client(session=session,
auth=None,
interface='publicURL',
service_type='policy',
region_name='regionOne')
def congressclient(request):
"""Instantiate Congress client."""
auth_url = base.url_for(request, 'identity')
user = request.user
auth = keystoneclient.auth.identity.v2.Token(auth_url,
user.token.id,
tenant_id=user.tenant_id,
tenant_name=user.tenant_name)
session = keystoneclient.session.Session(auth=auth)
region_name = user.services_region
kwargs = {
'session': session,
'auth': None,
'interface': 'publicURL',
'service_type': 'policy',
'region_name': region_name
}
return congress_client.Client(**kwargs)
def __init__(self, args):
if args.inspector_type not in SUPPORTED_INSPECTOR_TYPES:
raise Exception("Inspector type '%s' not supported", args.inspector_type)
self.hostname = args.hostname
self.inspector_type = args.inspector_type
self.ip_addr = args.ip or socket.gethostbyname(self.hostname)
if self.inspector_type == 'sample':
self.inspector_url = 'http://127.0.0.1:12345/events'
elif self.inspector_type == 'congress':
auth=identity_auth.get_identity_auth()
self.session=session.Session(auth=auth)
congress = client.Client(session=self.session, service_type='policy')
ds = congress.list_datasources()['results']
doctor_ds = next((item for item in ds if item['driver'] == 'doctor'),
None)
congress_endpoint = congress.httpclient.get_endpoint(auth=auth)
self.inspector_url = ('%s/v1/data-sources/%s/tables/events/rows' %
(congress_endpoint, doctor_ds['id']))
def _initialize_tests(self):
"""Perform final initialization before tests get run."""
# Access the sentries for inspecting service units
self.congress_sentry = self.d.sentry['congress'][0]
self.percona_cluster_sentry = self.d.sentry['percona-cluster'][0]
self.keystone_sentry = self.d.sentry['keystone'][0]
self.rabbitmq_sentry = self.d.sentry['rabbitmq-server'][0]
u.log.debug('openstack release val: {}'.format(
self._get_openstack_release()))
u.log.debug('openstack release str: {}'.format(
self._get_openstack_release_string()))
# Authenticate admin with keystone endpoint
self.keystone_session, self.keystone = u.get_default_keystone_session(
self.keystone_sentry,
openstack_release=self._get_openstack_release())
self.congress = congress_client.Client(session=self.keystone_session,
auth=None,
interface='publicURL',
service_type='policy',
region_name='RegionOne')
#
# Main Program:
#
if __name__ == "__main__":
# Create the congress client Instance
auth = keystoneclient.auth.identity.v2.Password(
auth_url="http://16.111.37.119:5000/v2.0", username="******",
password="******", tenant_name="admin")
session = keystoneclient.session.Session(auth=auth)
congress = client.Client(session=session,
auth=None,
interface='publicURL',
service_type='policy',
region_name='RegionOne')
# API to create the lable trees given the label tree hierarchy conf file
ltree_op = create_label_trees_from_tree_definitions (label_hierarchy_file)
#print ltree_op
# Display the label tree list
for ltree_each in ltree_op:
#print "\n#Label Tree for:", ltree_each['label_tree']['name']
print (ltree_each)
# Create the Datalog messages given the label tree hierarchy conf file
#create_datalog_policies (label_hierarchy_file)
def factory(keystone_client, auth_token):
auth = access.AccessInfoPlugin(keystone_client.auth_ref)
session = keystoneclient.session.Session(auth=auth)
return congress_client.Client(session=session,
service_type='policy')
def __call__(self, req):
if req.environ['REQUEST_METHOD'] != 'POST':
return self.application
raw_path = req.environ['RAW_PATH_INFO']
if "metadata" in raw_path:
return self.application
if "servers/action" in raw_path:
return self.application
flavor_ref = json.loads(req.body)['server']['flavorRef']
token = req.environ['HTTP_X_AUTH_TOKEN']
tenant_name = req.environ['HTTP_X_TENANT_NAME']
CONF = cfg.CONF
# obtain identity endpoint url
url = CONF.keystone_authtoken.auth_url
# obtain one of support keystone api versions
raw_versions = keystoneclient.discover.available_versions(url,
session=None)
version = raw_versions[-1]['id']
# assemble auth_url
auth_url = url + '/' + version
auth = keystoneclient.auth.identity.v2.Token(auth_url=auth_url,
token=token,
tenant_name=tenant_name)
session = keystoneclient.session.Session(auth=auth)
congress = client.Client(session=session,
auth=None,
interface='publicURL',
service_type='policy')
# Aggregating resource usage within domain level
domain = req.environ['HTTP_X_PROJECT_DOMAIN_NAME']
# obtain list of projects under this domain
k3_client = ksv3client.Client(session=session)
projects = k3_client.projects.list(domain=domain)
# obtain list of hosts under each of these projects
nova_c = nova.Client("2", session=session)
ram_p = 0
disk_p = 0
cpus_p = 0
for project in projects:
search_opts = {
'all_tenants': 1,
'tenant_id': project.id,
}
servers_p = nova_c.servers.list(search_opts=search_opts)
# locate flavor of each host
for server in servers_p:
info = nova_c.servers.get(server=server)
flavor_id = info._info['flavor']['id']
fd = nova_c.flavors.get(flavor=flavor_id)
ram_p += fd.ram
disk_p += fd.disk
disk_p += fd.ephemeral
cpus_p += fd.vcpus
# incrementally add each type of resource
# assemble query policy based on the data-usage
# with memory_p, disk_p and cpus_p
fd = nova_c.flavors.get(flavor=flavor_ref)
ram_p += fd.ram
disk_p += fd.disk
disk_p += fd.ephemeral
cpus_p += fd.vcpus
domain_resource = ("(" + domain + "," + str(ram_p) + "," +
str(disk_p) + "," + str(cpus_p) + ")")
validation_result = congress.execute_policy_action(
"classification",
"simulate",
False,
True,
{
'query': 'domain_resource_usage_exceeded (domain)',
# this needs to be defined in congress server
'action_policy': 'nova_quota_action',
'sequence': 'domain_resource+' + domain_resource
})
if validation_result["result"]:
messages = validation_result["result"]
if messages:
result_str = "\n ".join(map(str, messages))
msg = _("quota is not sufficient for this VM deployment"
).format("\n " + result_str)
LOG.error(msg)
LOG.debug(messages)
return webob.exc.HTTPUnauthorized(explanation=msg)
else:
LOG.info('Model valid')
return self.application
def congress_client(session):
return congressclient.Client(session=session, service_type='policy')
