def create_project(self,
name,
manager_uid,
description=None,
member_uids=None):
if self.project_exists(name):
raise exception.Duplicate(
"Project can't be created because project %s already exists" %
name)
if not self.user_exists(manager_uid):
raise exception.NotFound(
"Project can't be created because manager %s doesn't exist" %
manager_uid)
manager_dn = self.__uid_to_dn(manager_uid)
# description is a required attribute
if description is None:
description = name
members = []
if member_uids != None:
for member_uid in member_uids:
if not self.user_exists(member_uid):
raise exception.NotFound(
"Project can't be created because user %s doesn't exist"
% member_uid)
members.append(self.__uid_to_dn(member_uid))
# always add the manager as a member because members is required
if not manager_dn in members:
members.append(manager_dn)
attr = [('objectclass', ['novaProject']), ('cn', [name]),
('description', [description]),
('projectManager', [manager_dn]), ('member', members)]
self.conn.add_s('cn=%s,%s' % (name, FLAGS.project_ldap_subtree), attr)
return self.__to_project(dict(attr))
def __create_group(self,
group_dn,
name,
uid,
description,
member_uids=None):
if self.group_exists(name):
raise exception.Duplicate(
"Group can't be created because group %s already exists" %
name)
members = []
if member_uids != None:
for member_uid in member_uids:
if not self.user_exists(member_uid):
raise exception.NotFound(
"Group can't be created because user %s doesn't exist"
% member_uid)
members.append(self.__uid_to_dn(member_uid))
dn = self.__uid_to_dn(uid)
if not dn in members:
members.append(dn)
attr = [('objectclass', ['groupOfNames']), ('cn', [name]),
('description', [description]), ('member', members)]
self.conn.add_s(group_dn, attr)
return self.__to_group(dict(attr))
def spawn(self, instance):
""" Create a new VM and start it."""
vm = self._lookup(instance.name)
if vm is not None:
raise exception.Duplicate(
_('Attempt to create duplicate vm %s') % instance.name)
user = manager.AuthManager().get_user(instance['user_id'])
project = manager.AuthManager().get_project(instance['project_id'])
#Fetch the file, assume it is a VHD file.
base_vhd_filename = os.path.join(FLAGS.instances_path, instance.name)
vhdfile = "%s.vhd" % (base_vhd_filename)
images.fetch(instance['image_id'], vhdfile, user, project)
try:
self._create_vm(instance)
self._create_disk(instance['name'], vhdfile)
self._create_nic(instance['name'], instance['mac_address'])
LOG.debug(_('Starting VM %s '), instance.name)
self._set_vm_state(instance['name'], 'Enabled')
LOG.info(_('Started VM %s '), instance.name)
except Exception as exn:
LOG.exception(_('spawn vm failed: %s'), exn)
self.destroy(instance)
def _create_vm(self, instance, vdi_uuid, network_info=None):
"""Create VM instance"""
instance_name = instance.name
vm_ref = VMHelper.lookup(self._session, instance_name)
if vm_ref is not None:
raise exception.Duplicate(
_('Attempted to create'
' non-unique name %s') % instance_name)
#ensure enough free memory is available
if not VMHelper.ensure_free_mem(self._session, instance):
LOG.exception(
_('instance %(instance_name)s: not enough free '
'memory') % locals())
db.instance_set_state(context.get_admin_context(), instance['id'],
power_state.SHUTDOWN)
return
user = AuthManager().get_user(instance.user_id)
project = AuthManager().get_project(instance.project_id)
# Are we building from a pre-existing disk?
vdi_ref = self._session.call_xenapi('VDI.get_by_uuid', vdi_uuid)
disk_image_type = VMHelper.determine_disk_image_type(instance)
kernel = None
if instance.kernel_id:
kernel = VMHelper.fetch_image(self._session, instance.id,
instance.kernel_id, user, project,
ImageType.KERNEL_RAMDISK)
ramdisk = None
if instance.ramdisk_id:
ramdisk = VMHelper.fetch_image(self._session, instance.id,
instance.ramdisk_id, user, project,
ImageType.KERNEL_RAMDISK)
use_pv_kernel = VMHelper.determine_is_pv(self._session, instance.id,
vdi_ref, disk_image_type,
instance.os_type)
vm_ref = VMHelper.create_vm(self._session, instance, kernel, ramdisk,
use_pv_kernel)
VMHelper.create_vbd(session=self._session,
vm_ref=vm_ref,
vdi_ref=vdi_ref,
userdevice=0,
bootable=True)
# TODO(tr3buchet) - check to make sure we have network info, otherwise
# create it now. This goes away once nova-multi-nic hits.
if network_info is None:
network_info = self._get_network_info(instance)
self.create_vifs(vm_ref, network_info)
self.inject_network_info(instance, vm_ref, network_info)
return vm_ref
def create(self, context, data):
"""Store the image data and return the new image id.
:raises: Duplicate if the image already exist.
"""
image_id = int(data['id'])
if self.images.get(image_id):
raise exception.Duplicate()
self.images[image_id] = copy.deepcopy(data)
def lookup(cls, session, name_label):
"""Look the instance i up, and returns it if available"""
vm_refs = session.get_xenapi().VM.get_by_name_label(name_label)
n = len(vm_refs)
if n == 0:
return None
elif n > 1:
raise exception.Duplicate(_('duplicate name found: %s') %
name_label)
else:
return vm_refs[0]
def save(self, session=None):
"""Save this object."""
if not session:
session = get_session()
session.add(self)
try:
session.flush()
except IntegrityError, e:
if str(e).endswith('is not unique'):
raise exception.Duplicate(str(e))
else:
raise
def create_project(self,
name,
manager_uid,
description=None,
member_uids=None):
"""Create a project"""
manager = db.user_get(context.get_admin_context(), manager_uid)
if not manager:
raise exception.NotFound(
_("Project can't be created because "
"manager %s doesn't exist") % manager_uid)
# description is a required attribute
if description is None:
description = name
# First, we ensure that all the given users exist before we go
# on to create the project. This way we won't have to destroy
# the project again because a user turns out to be invalid.
members = set([manager])
if member_uids != None:
for member_uid in member_uids:
member = db.user_get(context.get_admin_context(), member_uid)
if not member:
raise exception.NotFound(
_("Project can't be created "
"because user %s doesn't exist") % member_uid)
members.add(member)
values = {
'id': name,
'name': name,
'project_manager': manager['id'],
'description': description
}
try:
project = db.project_create(context.get_admin_context(), values)
except exception.Duplicate:
raise exception.Duplicate(
_("Project can't be created because "
"project %s already exists") % name)
for member in members:
db.project_add_member(context.get_admin_context(), project['id'],
member['id'])
# This looks silly, but ensures that the members element has been
# correctly populated
project_ref = db.project_get(context.get_admin_context(),
project['id'])
return self._db_project_to_auth_projectuser(project_ref)
def create_user(self, name, access_key, secret_key, is_admin):
"""Create a user"""
values = {
'id': name,
'access_key': access_key,
'secret_key': secret_key,
'is_admin': is_admin
}
try:
user_ref = db.user_create(context.get_admin_context(), values)
return self._db_user_to_auth_user(user_ref)
except exception.Duplicate, e:
raise exception.Duplicate(_('User %s already exists') % name)
def add_to_group(self, uid, group_dn):
if not self.user_exists(uid):
raise exception.NotFound(
"User %s can't be added to the group becuase the user doesn't exist"
% (uid, ))
if not self.group_exists(group_dn):
raise exception.NotFound("The group at dn %s doesn't exist" %
(group_dn, ))
if self.is_in_group(uid, group_dn):
raise exception.Duplicate(
"User %s is already a member of the group %s" %
(uid, group_dn))
attr = [(ldap.MOD_ADD, 'member', self.__uid_to_dn(uid))]
self.conn.modify_s(group_dn, attr)
def create_user(self, name, access_key, secret_key, is_admin):
"""Create a user"""
if self.__user_exists(name):
raise exception.Duplicate(_("LDAP user %s already exists") % name)
if FLAGS.ldap_user_modify_only:
if self.__ldap_user_exists(name):
# Retrieve user by name
user = self.__get_ldap_user(name)
# Entry could be malformed, test for missing attrs.
# Malformed entries are useless, replace attributes found.
attr = []
if 'secretKey' in user.keys():
attr.append(
(self.ldap.MOD_REPLACE, 'secretKey', [secret_key]))
else:
attr.append((self.ldap.MOD_ADD, 'secretKey', [secret_key]))
if 'accessKey' in user.keys():
attr.append(
(self.ldap.MOD_REPLACE, 'accessKey', [access_key]))
else:
attr.append((self.ldap.MOD_ADD, 'accessKey', [access_key]))
if LdapDriver.isadmin_attribute in user.keys():
attr.append(
(self.ldap.MOD_REPLACE, LdapDriver.isadmin_attribute,
[str(is_admin).upper()]))
else:
attr.append(
(self.ldap.MOD_ADD, LdapDriver.isadmin_attribute,
[str(is_admin).upper()]))
self.conn.modify_s(self.__uid_to_dn(name), attr)
return self.get_user(name)
else:
raise exception.NotFound(
_("LDAP object for %s doesn't exist") % name)
else:
attr = [
('objectclass', [
'person', 'organizationalPerson', 'inetOrgPerson',
'novaUser'
]),
('ou', [FLAGS.ldap_user_unit]),
(FLAGS.ldap_user_id_attribute, [name]),
('sn', [name]),
(FLAGS.ldap_user_name_attribute, [name]),
('secretKey', [secret_key]),
('accessKey', [access_key]),
(LdapDriver.isadmin_attribute, [str(is_admin).upper()]),
]
self.conn.add_s(self.__uid_to_dn(name), attr)
return self.__to_user(dict(attr))
def generate_key_pair(self, user, key_name):
# generating key pair is slow so delay generation
# until after check
user = User.safe_id(user)
with LDAPWrapper() as conn:
if not conn.user_exists(user):
raise exception.NotFound("User %s doesn't exist" % user)
if conn.key_pair_exists(user, key_name):
raise exception.Duplicate("The keypair %s already exists" %
key_name)
private_key, public_key, fingerprint = crypto.generate_key_pair()
self.create_key_pair(User.safe_id(user), key_name, public_key,
fingerprint)
return private_key, fingerprint
def create(self, context, metadata, data=None):
"""Store the image data and return the new image id.
:raises: Duplicate if the image already exist.
"""
image_id = str(metadata.get('id', utils.gen_uuid()))
metadata['id'] = image_id
if image_id in self.images:
raise exception.Duplicate()
self.images[image_id] = copy.deepcopy(metadata)
if data:
self._imagedata[image_id] = data.read()
return self.images[image_id]
def __add_to_group(self, uid, group_dn):
"""Add user to group"""
if not self.__user_exists(uid):
raise exception.NotFound(
_("User %s can't be added to the group "
"because the user doesn't exist") % uid)
if not self.__group_exists(group_dn):
raise exception.NotFound(
_("The group at dn %s doesn't exist") % group_dn)
if self.__is_in_group(uid, group_dn):
raise exception.Duplicate(
_("User %(uid)s is already a member of "
"the group %(group_dn)s") % locals())
attr = [(self.ldap.MOD_ADD, 'member', self.__uid_to_dn(uid))]
self.conn.modify_s(group_dn, attr)
def create_user(self, name, access_key, secret_key, is_admin):
if self.user_exists(name):
raise exception.Duplicate("LDAP user %s already exists" % name)
attr = [
('objectclass',
['person', 'organizationalPerson', 'inetOrgPerson', 'novaUser']),
('ou', [FLAGS.user_unit]),
('uid', [name]),
('sn', [name]),
('cn', [name]),
('secretKey', [secret_key]),
('accessKey', [access_key]),
('isAdmin', [str(is_admin).upper()]),
]
self.conn.add_s(self.__uid_to_dn(name), attr)
return self.__to_user(dict(attr))
def create(self, context, metadata, data=None):
"""Store the image data and return the new image id.
:raises: Duplicate if the image already exist.
"""
try:
image_id = metadata['id']
except KeyError:
while True:
image_id = random.randint(0, 2**31 - 1)
if not self.images.get(str(image_id)):
break
image_id = str(image_id)
if self.images.get(image_id):
raise exception.Duplicate()
metadata['id'] = image_id
self.images[image_id] = copy.deepcopy(metadata)
return self.images[image_id]
def create_project(self,
name,
manager_uid,
description=None,
member_uids=None):
"""Create a project"""
if self.__project_exists(name):
raise exception.Duplicate(
_("Project can't be created because "
"project %s already exists") % name)
if not self.__user_exists(manager_uid):
raise exception.NotFound(
_("Project can't be created because "
"manager %s doesn't exist") % manager_uid)
manager_dn = self.__uid_to_dn(manager_uid)
# description is a required attribute
if description is None:
description = name
members = []
if member_uids is not None:
for member_uid in member_uids:
if not self.__user_exists(member_uid):
raise exception.NotFound(
_("Project can't be created "
"because user %s doesn't exist") % member_uid)
members.append(self.__uid_to_dn(member_uid))
# always add the manager as a member because members is required
if not manager_dn in members:
members.append(manager_dn)
attr = [('objectclass', [LdapDriver.project_objectclass]),
('cn', [name]), ('description', [description]),
(LdapDriver.project_attribute, [manager_dn]),
('member', members)]
dn = self.__project_to_dn(name, search=False)
self.conn.add_s(dn, attr)
return self.__to_project(dict(attr))
