def build_services(status=None, paths=None, create_instance=False, node=None):
"""
Returns a list of all services of status matching the specified status.
If no status is specified, returns all services.
"""
if paths is None:
paths = []
errors = []
services = {}
if isinstance(paths, str):
paths = [paths]
if len(paths) == 0:
paths = list_services()
missing_paths = []
else:
local_paths = list_services()
missing_paths = sorted(list(set(paths) - set(local_paths)))
for m in missing_paths:
name, namespace, kind = split_path(m)
if create_instance:
services[m] = factory(kind)(name, namespace, node=node)
else:
# foreign service
services[m] = factory(kind)(name,
namespace,
node=node,
volatile=True)
paths = list(set(paths) & set(local_paths))
for path in paths:
name, namespace, kind = split_path(path)
try:
svc = factory(kind)(name, namespace, node=node)
except (ex.Error, ex.InitError, ValueError,
utilities.configparser.Error) as e:
errors.append("%s: %s" % (path, str(e)))
node.log.error(str(e))
continue
except ex.AbortAction:
continue
except:
import traceback
traceback.print_exc()
continue
services[svc.path] = svc
return [s for _, s in sorted(services.items())], errors
def volsvc(self):
volume = factory("vol")(name=self.volname,
namespace=self.svc.namespace,
node=self.svc.node)
if not volume.exists():
volume = factory("vol")(name=self.volname,
namespace=self.svc.namespace,
node=self.svc.node,
volatile=True)
try:
volume = self._configure_volume(volume)
except Exception as exc:
import traceback
traceback.print_exc()
return volume
def _install_data(self, kind):
for data in self.data_data(kind):
name, _, kind = split_path(data["obj"])
obj = factory(kind)(name,
namespace=self.svc.namespace,
volatile=True,
node=self.svc.node)
if not obj.exists():
self.log.warning(
"referenced %s %s does not exist: "
"expected data %s can not be installed in the volume",
kind, name, data["key"])
continue
keys = obj.resolve_key(data["key"])
if not keys and not is_glob(data["key"]):
self.log.warning(
"%s %s has no key %s. "
"expected data can not be installed in the volume", kind,
name, data["key"])
continue
self.log.debug("install ./%s/%s/%s in %s", kind, name, data["key"],
data["path"])
for key in keys:
obj.install_key(key,
data["path"],
uid=self.uid,
gid=self.gid,
mode=self.octal_mode,
dirmode=self.octal_dirmode)
def kind_environment_env(self, kind, mappings):
env = {}
if mappings is None:
return env
for mapping in mappings:
try:
var, val = mapping.split("=", 1)
except Exception as exc:
self.log.info("ignored %s environment mapping %s: %s", kind,
mapping, exc)
continue
try:
name, key = val.split("/", 1)
except Exception as exc:
self.log.info("ignored %s environment mapping %s: %s", kind,
mapping, exc)
continue
var = var.upper()
obj = factory(kind)(name,
namespace=self.svc.namespace,
volatile=True,
node=self.svc.node)
if not obj.exists():
self.log.info(
"ignored %s environment mapping %s: config %s does not exist",
kind, mapping, name)
continue
if key not in obj.data_keys():
self.log.info(
"ignored %s environment mapping %s: key %s does not exist",
kind, mapping, key)
continue
val = obj.decode_key(key)
env[var] = val
return env
def delete_volume(self, name, namespace=None):
volume = factory("vol")(name=name, namespace=namespace, node=self.node)
if not volume.exists():
self.log.info("volume does not exist")
return
self.log.info("delete volume %s", volume.path)
volume.action("delete", options={"wait": True, "unprovision": True, "time": "5m"})
def create_volume(self,
name,
namespace=None,
size=None,
access="rwo",
fmt=True,
nodes=None,
shared=False):
volume = factory("vol")(name=name, namespace=namespace, node=self.node)
if volume.exists():
self.log.info("volume %s already exists", name)
return volume
if nodes is None:
nodes = ""
self.log.info(
"create volume %s (pool name: %s, pool type: %s, "
"access: %s, size: %s, format: %s, nodes: %s, shared: %s)",
volume.path, self.name, self.type, access, size, fmt, nodes,
shared)
self.configure_volume(volume,
fmt=fmt,
size=convert_size(size),
access=access,
nodes=nodes,
shared=shared)
volume.action("provision", options={"wait": True, "time": "5m"})
def ca(self):
capath = self.oget("DEFAULT", "ca")
name, namespace, kind = split_path(capath)
return factory("sec")(name,
namespace=namespace,
volatile=True,
node=self.node)
def on_create(self):
changes = []
has_ca = False
if not self.oget("DEFAULT", "cn"):
if self.namespace == "system":
changes.append("cn=%s" % self.name)
else:
changes.append("cn=%s" % self.fullname)
if self.namespace != "system":
try:
self.conf_get("DEFAULT", "validity")
except ex.OptNotFound:
changes.append("validity=%s" % DEFAULT_SACC_CERT_VALIDITY)
grant = "guest:" + self.namespace
changes.append("grant=%s" % grant)
if not self.oget("DEFAULT", "ca"):
capath = self.node.oget("cluster", "ca")
if capath is None:
capath = "system/sec/ca-" + self.node.cluster_name
name, namespace, kind = split_path(capath)
casec = factory("sec")(name,
namespace="system",
volatile=True,
log=self.log)
if casec.exists():
has_ca = True
changes.append("ca=%s" % capath)
else:
print("no cluster CA defined. skip certificate generation.")
if changes:
self.set_multi(changes)
if has_ca and "certificate" not in self.data_keys(
) and "private_key" in casec.data_keys():
self.gen_cert()
def init(self):
if self.username is not None and self.password is not None:
return
s = "array#" + self.head
try:
stype = self.node.oget(s, "type")
except Exception:
raise ex.Error("no array configuration for head %s"%self.head)
if stype != "nexenta":
raise ex.Error("array %s type is not nexanta" % self.head)
try:
self.username = self.node.oget(s, "username")
except Exception:
raise ex.Error("no username information for head %s"%self.head)
try:
self.password = self.node.oget(s, "password")
except Exception:
raise ex.Error("no password information for head %s"%self.head)
self.port = self.node.oget(s, "port")
try:
secname, namespace, _ = split_path(self.password)
self.password = factory("sec")(secname, namespace=namespace, volatile=True).decode_key("password")
except Exception as exc:
raise ex.Error("error decoding password: %s" % exc)
self.url = 'https://%(head)s:%(port)d/rest/nms/ <https://%(head)s:%(port)d/rest/nms/>'%dict(head=self.head, port=self.port)
def action(self, nodename, thr=None, **kwargs):
options = self.parse_options(kwargs)
if options.kind == "node":
obj = shared.NODE
elif options.kind:
obj = factory(options.kind)(name="dummy", node=shared.NODE, volatile=True)
else:
raise ex.HTTP(400, "A kind must be specified.")
return obj.full_kwstore.dump()
def action(self, nodename, thr=None, **kwargs):
options = self.parse_options(kwargs)
name, namespace, kind = split_path(options.path)
svc = factory(kind)(name=name, namespace=namespace, volatile=True)
data = {
"status": 0,
"data": [res.rid for res in svc.get_resources("task") if res.confirmation],
}
return data
def __init__(self, objects=None, node=None):
if objects is None:
objects = []
self.objects = objects
self.filtering = len(objects) > 0
if node:
self.node = node
else:
self.node = Node()
done = []
for s in self.node.conf_sections(cat="array"):
try:
name = self.node.oget(s, "name")
except Exception:
name = None
if not name:
name = s.split("#", 1)[-1]
if name in done:
continue
if self.filtering and name not in self.objects:
continue
try:
stype = self.node.oget(s, "type")
except:
continue
if stype != "hds":
continue
try:
bin = self.node.oget(s, 'bin')
jre_path = self.node.oget(s, 'jre_path')
url = self.node.oget(s, 'url')
username = self.node.oget(s, 'username')
password = self.node.oget(s, 'password')
except Exception as exc:
print("error parsing section %s: %s" % (s, exc),
file=sys.stderr)
continue
try:
secname, namespace, _ = split_path(password)
password = factory("sec")(secname,
namespace=namespace,
volatile=True).decode_key("password")
except Exception as exc:
print("error decoding password: %s", exc, file=sys.stderr)
continue
self.arrays.append(
Array(name,
url,
username,
password,
bin=bin,
jre_path=jre_path,
node=self.node))
done.append(name)
def __init__(self, objects=None, node=None):
if objects is None:
objects = []
self.objects = objects
self.filtering = len(objects) > 0
if node:
self.node = node
else:
self.node = Node()
done = []
for s in self.node.conf_sections(cat="array"):
name = s.split("#", 1)[-1]
if name in done:
continue
try:
stype = self.node.oget(s, "type")
except:
continue
if stype != "eva":
continue
try:
manager = self.node.oget(s, 'manager')
username = self.node.oget(s, 'username')
password = self.node.oget(s, 'password')
sssubin = self.node.oget(s, 'bin')
except Exception as exc:
print("error parsing section %s: %s" % (s, exc),
file=sys.stderr)
pass
try:
secname, namespace, _ = split_path(password)
password = factory("sec")(secname,
namespace=namespace,
volatile=True).decode_key("password")
except Exception as exc:
print("error decoding password: %s", exc, file=sys.stderr)
continue
out, err = sssu('ls system',
manager,
username,
password,
sssubin=sssubin)
_in = False
for line in out.split('\n'):
if 'Systems avail' in line:
_in = True
continue
if not _in:
continue
name = line.strip()
if self.filtering and name not in self.objects:
continue
self.arrays.append(
Eva(name, manager, username, password, sssubin=sssubin))
done.append(name)
def __init__(self, objects=None, node=None):
if objects is None:
objects = []
self.objects = objects
if len(objects) > 0:
self.filtering = True
else:
self.filtering = False
self.arrays = []
if node:
self.node = node
else:
self.node = Node()
done = []
for s in self.node.conf_sections(cat="array"):
name = s.split("#", 1)[-1]
if name in done:
continue
if self.filtering and name not in self.objects:
continue
try:
stype = self.node.oget(s, "type")
except:
continue
if stype != "centera":
continue
try:
server = self.node.oget(s, "server")
username = self.node.oget(s, "username")
password = self.node.oget(s, "password")
jcass_dir = self.node.oget(s, "jcass_dir")
java_bin = self.node.oget(s, "java_bin")
except:
print("error parsing section", s, file=sys.stderr)
try:
secname, namespace, _ = split_path(password)
password = factory("sec")(secname,
namespace=namespace,
volatile=True).decode_key("password")
except Exception as exc:
print("error decoding password: %s", exc, file=sys.stderr)
continue
self.arrays.append(
Centera(name,
server=server,
username=username,
password=password,
java_bin=java_bin,
jcass_dir=jcass_dir,
node=self.node))
done.append(name)
def test_raises_on_dup_destinations(mocker, osvc_path_tests,
volume_mounts):
mocker.patch.object(Volume, 'status', return_value=core.status.UP)
svc1 = Svc('svc1')
pool = Pool(name="dir1", node=Node())
for vol_name in ['vol1', 'vol2']:
pool.configure_volume(factory("vol")(name=vol_name))
svc1 += Volume(rid="#" + vol_name, name=vol_name)
container = ContainerDocker(rid='#dck1', volume_mounts=volume_mounts)
svc1 += container
with pytest.raises(ex.Error, match=r'same destination mount point'):
container.volume_options()
def postinstall(self, key=None):
"""
Refresh installed keys
"""
changed_volumes = set()
for path in list_services(namespace=self.namespace, kinds=["svc"]):
name, _, _ = split_path(path)
svc = factory("svc")(name, namespace=self.namespace, volatile=True, node=self.node, log=self.log)
for res in svc.get_resources("volume"):
if res.has_data(self.kind, self.path, key) and res._status() == core.status.UP:
installed = res._install_data(self.kind)
if installed:
changed_volumes.add(res.volsvc.path)
if res.volsvc.path in changed_volumes:
res.send_signals()
def __init__(self, objects=None, node=None):
if objects is None:
objects = []
self.objects = objects
self.filtering = len(objects) > 0
self.timeout = 10
if node:
self.node = node
else:
self.node = Node()
done = []
for s in self.node.conf_sections(cat="array"):
try:
name = self.node.oget(s, 'name')
except Exception:
name = None
if not name:
name = s.split("#", 1)[-1]
if name in done:
continue
if self.filtering and name not in self.objects:
continue
try:
stype = self.node.oget(s, "type")
except:
continue
if stype != "dorado":
continue
timeout = self.node.oget(s, "timeout")
try:
username = self.node.oget(s, "username")
password = self.node.oget(s, "password")
api = self.node.oget(s, "api")
except:
print("error parsing section", s, file=sys.stderr)
continue
try:
secname, namespace, _ = split_path(password)
password = factory("sec")(secname,
namespace=namespace,
volatile=True).decode_key("password")
except Exception as exc:
print("error decoding password: %s", exc, file=sys.stderr)
continue
self.arrays.append(
Dorado(name, api, username, password, timeout, node=self.node))
done.append(name)
def postinstall(self, key=None):
"""
Refresh installed keys
"""
for path in self.node.svcs_selector("*/svc/*",
namespace=self.namespace,
local=True):
name, _, _ = split_path(path)
svc = factory("svc")(name,
namespace=self.namespace,
volatile=True,
node=self.node,
log=self.log)
for vol in svc.get_resources("volume"):
if vol.has_data(self.kind, self.path,
key) and vol._status() == core.status.UP:
vol._install_data(self.kind)
def create_volume_locked(self):
volume = factory("vol")(name=self.volname,
namespace=self.svc.namespace,
node=self.svc.node)
if volume.exists():
self.log.info("volume %s already exists", self.volname)
data = volume.print_status_data(mon_data=True)
if not data or "cluster" not in data:
return volume
if not self.svc.node.get_pool(volume.pool):
raise ex.Error("pool %s not found on this node" % volume.pool)
if self.svc.options.leader and volume.topology == "failover" and \
(self.owned() or not self.claimed(volume)) and \
data["avail"] != "up":
cluster_avail = data["cluster"].get("avail")
if cluster_avail is None:
self.log.info(
"no take over decision, we are leader but unknown cluster avail for volume %s",
self.volname)
elif cluster_avail == "up":
self.log.info(
"volume %s is up on, peer, we are leader: take it over",
self.volname)
volume.action("takeover",
options={
"wait": True,
"time": 60
})
return volume
elif not self.svc.options.leader:
self.log.info(
"volume %s does not exist, we are not leader: wait its propagation",
self.volname)
self.wait_for_fn(
lambda: volume.exists(), 10, 1,
"non leader instance waited for too long for the volume to appear"
)
return volume
self.check_configure_requirements()
self.log.info(
"create new volume %s (pool name: %s, pool type: %s, "
"access: %s, size: %s, format: %s, shared: %s)", self.volname,
self.pool, self.pooltype, self.access,
print_size(self.size, unit="B",
compact=True), self.format, self.shared)
return self._configure_volume(volume)
def users(self, exclude=None):
exclude = exclude or []
users = []
for child in self.children:
if child in exclude:
continue
name, namespace, kind = split_path(child)
obj = factory(kind)(name=name,
namespace=self.namespace,
volatile=True,
node=self.node)
for res in obj.get_resources("volume"):
if res.name != self.name:
continue
if res.status() in (core.status.UP, core.status.STDBY_UP,
core.status.WARN):
users.append(child)
return users
def _data_status(self, kind):
for data in self.data_data(kind):
name, _, kind = split_path(data["obj"])
obj = factory(kind)(name,
namespace=self.svc.namespace,
volatile=True,
node=self.svc.node)
if not obj.exists():
self.status_log(
"referenced %s %s does not exist: "
"expected data %s can not be installed in the volume" %
(kind, name, data["key"]), "warn")
continue
keys = obj.resolve_key(data["key"])
if not keys and not is_glob(data["key"]):
self.status_log(
"%s %s has no key %s. "
"expected data can not be installed in the volume" %
(kind, name, data["key"]), "warn")
def __init__(self, objects=None, node=None):
if objects is None:
objects = []
self.objects = objects
self.filtering = len(objects) > 0
self.arrays = []
if node:
self.node = node
else:
self.node = Node()
done = []
for s in self.node.conf_sections(cat="array"):
name = s.split("#", 1)[-1]
if name in done:
continue
if self.filtering and name not in self.objects:
continue
try:
stype = self.node.oget(s, "type")
except:
continue
if stype != "netapp":
continue
kwargs = {"node": self.node}
for key in ("server", "username", "key"):
try:
kwargs[key] = self.node.oget(s, key)
except:
print("missing parameter: %s", s)
if "server" not in kwargs or "username" not in kwargs or "key" not in kwargs:
continue
try:
secname, namespace, _ = split_path(kwargs["password"])
kwargs["password"] = factory("sec")(
secname, namespace=namespace,
volatile=True).decode_key("password")
except Exception as exc:
print("error decoding password: %s", exc, file=sys.stderr)
continue
self.arrays.append(Netapp(s, **kwargs))
def test_mount_options_values_when_source_is_volume(
mocker, vol_options, container_options, expected_options):
mocker.patch.object(Volume, 'status', return_value=core.status.UP)
vol_name = 'vol-' + vol_options + '-' + container_options
Pool(name="dir1",
node=Node()).configure_volume(factory("vol")(name=vol_name),
access=vol_options)
svc1 = Svc('svc1')
vol = Volume(rid="#" + vol_name, name=vol_name, access=vol_options)
container = ContainerDocker(
rid='#dck1',
volume_mounts=[vol_name + '/src:/dst:' + container_options])
svc1 += vol
svc1 += container
assert container.volume_options() == [
vol.mount_point + '/src:/dst:' + expected_options
]
def configure_volume(self,
volume,
size=None,
fmt=True,
access="rwo",
shared=False,
nodes=None,
env=None):
if self.template is None:
raise ex.Error("pool#%s.template is not set" % self.name)
if not is_service(self.template):
raise ex.Error("%s template volume not found" % self.template)
name = self.default_disk_name(volume)
tname, tnamespace, tkind = split_path(self.template)
if tkind != "vol":
raise ex.Error("%s template kind is not vol")
svc = factory(tkind)(tname, tnamespace, volatile=True, node=self.node)
config = svc.print_config_data()
try:
del config["DEFAULT"]["disable"]
except KeyError:
pass
if "DEFAULT" not in config:
config["DEFAULT"] = {}
if "env" not in config:
config["env"] = {}
config["DEFAULT"]["pool"] = self.name
config["DEFAULT"]["access"] = access
if access in ("rox", "rwx"):
config["DEFAULT"]["topology"] = "flex"
config["DEFAULT"]["flex_min"] = 0
if nodes:
config["DEFAULT"]["nodes"] = nodes
config["env"]["size"] = size
if env:
config["env"].update(env)
self.node.install_svc_conf_from_data(volume.name, volume.namespace,
volume.kind, config)
def configure_volume(self, volume, size=None, fmt=True, access="rwo", shared=False, nodes=None, env=None):
name = self.default_disk_name(volume)
data = self.translate(name=name, size=size, fmt=fmt, shared=shared)
defaults = {
"rtype": "DEFAULT",
"pool": self.name,
"size": size,
"access": access,
}
if access in ("rox", "rwx"):
defaults["topology"] = "flex"
defaults["flex_min"] = 0
if nodes:
defaults["nodes"] = nodes
if self.status_schedule is not None:
defaults["status_schedule"] = self.status_schedule
data.append(defaults)
if env:
data.append(env)
volume._update(data)
self.disable_sync_internal(volume)
if volume.volatile:
return volume
return factory("vol")(name=volume.name, namespace=volume.namespace, node=self.node, volatile=volume.volatile)
def rbac_create_obj(self, path, cd, all_ns, thr=None, **kwargs):
errors = []
name, namespace, kind = split_path(path)
grants = thr.user_grants(all_ns | set([namespace]))
if namespace not in all_ns:
if namespace == "system":
errors.append(
"%s: create the new namespace system requires the root cluster role"
)
return errors
elif "squatter" not in grants:
errors.append(
"%s: create the new namespace %s requires the squatter cluster role"
% (path, namespace))
return errors
elif namespace not in grants["admin"]:
thr.usr.set_multi(["grant+=admin:%s" % namespace])
grants["admin"].add(namespace)
thr.rbac_requires(roles=["admin"],
namespaces=[namespace],
grants=grants,
**kwargs)
try:
orig_obj = factory(kind)(name,
namespace=namespace,
volatile=True,
node=shared.NODE)
except:
orig_obj = None
try:
obj = factory(kind)(name,
namespace=namespace,
volatile=True,
cd=cd,
node=shared.NODE)
except Exception as exc:
errors.append("%s: unbuildable config: %s" % (path, exc))
return errors
if kind == "vol":
errors.append("%s: volume create requires the root privilege" %
path)
elif kind == "ccfg":
errors.append(
"%s: cluster config create requires the root privilege" % path)
elif kind == "svc":
groups = ["disk", "fs", "app", "share", "sync"]
for r in obj.get_resources(groups):
if r.rid == "sync#i0":
continue
errors.append("%s: resource %s requires the root privilege" %
(path, r.rid))
for r in obj.get_resources("task"):
if r.type not in ("task.podman", "task.docker"):
errors.append(
"%s: resource %s type %s requires the root privilege" %
(path, r.rid, r.type))
for r in obj.get_resources("container"):
if r.type not in ("container.podman", "container.docker"):
errors.append(
"%s: resource %s type %s requires the root privilege" %
(path, r.rid, r.type))
for r in obj.get_resources("ip"):
if r.type not in ("ip.cni"):
errors.append(
"%s: resource %s type %s requires the root privilege" %
(path, r.rid, r.type))
for section, sdata in cd.items():
rtype = cd[section].get("type")
errors += thr.rbac_create_data_section(path,
section,
rtype,
sdata,
grants,
obj,
orig_obj,
all_ns,
thr=thr)
return errors
def __init__(self, objects=None, node=None):
if objects is None:
objects = []
self.objects = objects
if len(objects) > 0:
self.filtering = True
else:
self.filtering = False
self.arrays = []
if node:
self.node = node
else:
self.node = Node()
done = []
for s in self.node.conf_sections(cat="array"):
name = s.split("#", 1)[-1]
if name in done:
continue
if self.filtering and name not in self.objects:
continue
try:
stype = self.node.oget(s, "type")
except:
continue
if stype != "emcvnx":
continue
try:
method = self.node.oget(s, "method")
scope = self.node.oget(s, "scope")
spa = self.node.oget(s, "spa")
spb = self.node.oget(s, "spb")
username = self.node.oget(s, "username")
password = self.node.oget(s, "password")
except Exception as exc:
print("error parsing section %s: %s" % (s, exc),
file=sys.stderr)
continue
if method == "credentials":
if username is None or password is None:
print(
"error parsing section %s: username and password are mandatory"
% s,
file=sys.stderr)
continue
try:
secname, namespace, _ = split_path(password)
password = factory("sec")(
secname, namespace=namespace,
volatile=True).decode_key("password")
except Exception as exc:
print("error decoding password: %s", exc, file=sys.stderr)
continue
self.arrays.append(
EmcVnx(name,
method,
scope,
spa,
spb,
username=username,
password=password,
node=self.node))
done.append(name)
def create_volume_locked(self):
volume = factory("vol")(name=self.volname,
namespace=self.svc.namespace,
node=self.svc.node)
if volume.exists():
self.log.info("volume %s already exists", self.volname)
data = volume.print_status_data(mon_data=True)
if not data or "cluster" not in data:
return volume
if not self.svc.node.get_pool(volume.pool):
raise ex.Error("pool %s not found on this node" % volume.pool)
if self.svc.options.leader and volume.topology == "failover" and \
(self.owned() or not self.claimed(volume)) and \
data["avail"] != "up":
cluster_avail = data["cluster"].get("avail")
if cluster_avail is None:
self.log.info(
"no take over decision, we are leader but unknown cluster avail for volume %s",
self.volname)
elif cluster_avail == "up":
self.log.info(
"volume %s is up on, peer, we are leader: take it over",
self.volname)
volume.action("takeover",
options={
"wait": True,
"time": 60
})
return volume
elif not self.svc.options.leader:
self.log.info(
"volume %s does not exist, we are not leader: wait its propagation",
self.volname)
self.wait_for_fn(
lambda: volume.exists(), 10, 1,
"non leader instance waited for too long for the "
"volume to appear")
return volume
self.log.info(
"create new volume %s (pool name: %s, pool type: %s, "
"access: %s, size: %s, format: %s, shared: %s)", self.volname,
self.pool, self.pooltype, self.access,
print_size(self.size, unit="B",
compact=True), self.format, self.shared)
pool = self.svc.node.find_pool(poolname=self.pool,
pooltype=self.pooltype,
access=self.access,
size=self.size,
fmt=self.format,
shared=self.shared)
if pool is None:
raise ex.Error("could not find a pool matching criteria")
pool.log = self.log
try:
nodes = self.svc._get("DEFAULT.nodes")
except ex.OptNotFound:
nodes = None
env = {}
for mapping in pool.volume_env:
try:
src, dst = mapping.split(":", 1)
except Exception:
continue
args = src.split(".", 1)
val = self.svc.oget(*args)
if val is None:
raise ex.Error("missing mapped key in %s: %s" %
(self.svc.path, mapping))
if is_string(val) and ".." in val:
raise ex.Error(
"the '..' substring is forbidden in volume env keys: %s=%s"
% (mapping, val))
env[dst] = val
pool.configure_volume(volume,
fmt=self.format,
size=self.size,
access=self.access,
nodes=nodes,
shared=self.shared,
env=env)
volume = factory("vol")(name=self.volname,
namespace=self.svc.namespace,
node=self.svc.node)
return volume
def gen_cert(self):
data = {}
for key in ("cn", "c", "st", "l", "o", "ou", "email", "alt_names",
"bits", "validity", "ca"):
val = self.oget("DEFAULT", key)
if val is not None:
data[key] = val
ca = data.get("ca")
casec = None
if ca is not None:
casecname, canamespace, _ = split_path(ca)
casec = factory("sec")(casecname,
namespace=canamespace,
log=self.log,
volatile=True)
if not casec.exists():
raise ex.Error("ca secret %s does not exist" % ca)
for key in ("crt", "key", "csr"):
data[key] = self.tempfilename()
if "alt_names" in data:
data["cnf"] = self.tempfilename()
try:
add_data = []
if casec:
for key, kw in (("cacrt", "certificate"), ("cakey",
"private_key")):
if kw not in casec.data_keys():
continue
data[key] = self.tempfilename()
buff = bdecode(casec.decode_key(kw))
with open(data[key], "w") as ofile:
ofile.write(buff)
gen_cert(log=self.log, **data)
with open(data["key"], "r") as ofile:
buff = ofile.read()
fullpem = ""
fullpem += buff
add_data.append(("private_key", buff))
if data.get("crt") is not None:
with open(data["crt"], "r") as ofile:
buff = ofile.read()
add_data.append(("certificate", buff))
if data.get("csr") is not None:
with open(data["csr"], "r") as ofile:
buff = ofile.read()
add_data.append(("certificate_signing_request", buff))
if data.get("cakey") is None:
with open(data["crt"], "r") as ofile:
buff = ofile.read()
fullpem += buff
add_data.append(("certificate_chain", buff))
else:
# merge cacrt and crt
with open(data["crt"], "r") as ofile:
buff = ofile.read()
with open(data["cacrt"], "r") as ofile:
buff += ofile.read()
fullpem += buff
add_data.append(("certificate_chain", buff))
add_data.append(("fullpem", fullpem))
self._add_keys(add_data)
finally:
for key in ("crt", "key", "cacrt", "cakey", "csr", "cnf"):
if key not in data:
continue
try:
os.unlink(data[key])
except Exception:
pass
def volsvc(self):
return factory("vol")(name=self.volname,
namespace=self.svc.namespace,
node=self.svc.node)
