def get_params(self, context, cluster_template, cluster, **kwargs): osc = self.get_osc(context) extra_params = kwargs.pop('extra_params', {}) extra_params['trustee_domain_id'] = osc.keystone().trustee_domain_id extra_params['trustee_user_id'] = cluster.trustee_user_id extra_params['trustee_username'] = cluster.trustee_username extra_params['trustee_password'] = cluster.trustee_password extra_params['verify_ca'] = CONF.drivers.verify_ca extra_params['openstack_ca'] = utils.get_openstack_ca() # Only pass trust ID into the template if allowed by the config file if CONF.trust.cluster_user_trust: extra_params['trust_id'] = cluster.trust_id else: extra_params['trust_id'] = "" kwargs = { 'service_type': 'identity', 'interface': CONF.trust.trustee_keystone_interface, 'version': 3 } if CONF.trust.trustee_keystone_region_name: kwargs['region_name'] = CONF.trust.trustee_keystone_region_name extra_params['auth_url'] = osc.url_for(**kwargs).rstrip('/') return super(BaseTemplateDefinition, self).get_params(context, cluster_template, cluster, extra_params=extra_params, **kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs): osc = self.get_osc(context) # Add all the params from the cluster's nodegroups self.add_nodegroup_params(cluster) extra_params = kwargs.pop('extra_params', {}) extra_params['trustee_domain_id'] = osc.keystone().trustee_domain_id extra_params['trustee_user_id'] = cluster.trustee_user_id extra_params['trustee_username'] = cluster.trustee_username extra_params['trustee_password'] = cluster.trustee_password extra_params['verify_ca'] = CONF.drivers.verify_ca extra_params['openstack_ca'] = utils.get_openstack_ca() # Only pass trust ID into the template if allowed by the config file if CONF.trust.cluster_user_trust: extra_params['trust_id'] = cluster.trust_id else: extra_params['trust_id'] = "" kwargs = { 'service_type': 'identity', 'interface': CONF.trust.trustee_keystone_interface, 'version': 3 } if CONF.trust.trustee_keystone_region_name: kwargs['region_name'] = CONF.trust.trustee_keystone_region_name extra_params['auth_url'] = osc.url_for(**kwargs).rstrip('/') return super(BaseTemplateDefinition, self).get_params(context, cluster_template, cluster, extra_params=extra_params, **kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs): osc = self.get_osc(context) extra_params = kwargs.pop('extra_params', {}) extra_params['trustee_domain_id'] = osc.keystone().trustee_domain_id extra_params['trustee_user_id'] = cluster.trustee_user_id extra_params['trustee_username'] = cluster.trustee_username extra_params['trustee_password'] = cluster.trustee_password extra_params['verify_ca'] = CONF.drivers.verify_ca extra_params['openstack_ca'] = utils.get_openstack_ca() # Only pass trust ID into the template if allowed by the config file if CONF.trust.cluster_user_trust: extra_params['trust_id'] = cluster.trust_id else: extra_params['trust_id'] = "" extra_params['auth_url'] = osc.url_for( service_type='identity', interface=CONF.trust.trustee_keystone_interface, version=3) return super(BaseTemplateDefinition, self).get_params(context, cluster_template, cluster, extra_params=extra_params, **kwargs)
def test_get_openstasck_ca(self): # openstack_ca_file is empty self.assertEqual('', utils.get_openstack_ca()) # openstack_ca_file is set but the file doesn't exist CONF.set_override('openstack_ca_file', '/tmp/invalid-ca.pem', group='drivers') self.assertRaises(IOError, utils.get_openstack_ca) # openstack_ca_file is set and the file exists CONF.set_override('openstack_ca_file', '/tmp/invalid-ca.pem', group='drivers') with mock.patch('magnum.common.utils.open', mock.mock_open(read_data="CERT"), create=True): self.assertEqual('CERT', utils.get_openstack_ca())
def get_params(self, context, cluster_template, cluster, **kwargs): extra_params = kwargs.pop('extra_params', {}) extra_params['username'] = context.user_name osc = self.get_osc(context) extra_params['region_name'] = osc.cinder_region_name() # set docker_volume_type # use the configuration default if None provided docker_volume_type = cluster.labels.get( 'docker_volume_type', CONF.cinder.default_docker_volume_type) extra_params['docker_volume_type'] = docker_volume_type extra_params['nodes_affinity_policy'] = \ CONF.cluster.nodes_affinity_policy if cluster_template.network_driver == 'flannel': extra_params["pods_network_cidr"] = \ cluster.labels.get('flannel_network_cidr', '10.100.0.0/16') if cluster_template.network_driver == 'calico': extra_params["pods_network_cidr"] = \ cluster.labels.get('calico_ipv4pool', '10.100.0.0/16') label_list = [ 'coredns_tag', 'kube_tag', 'container_infra_prefix', 'availability_zone', 'calico_tag', 'calico_kube_controllers_tag', 'calico_ipv4pool', 'calico_ipv4pool_ipip', 'etcd_tag', 'flannel_tag' ] labels = self._get_relevant_labels(cluster, kwargs) for label in label_list: label_value = labels.get(label) if label_value: extra_params[label] = label_value cert_manager_api = cluster.labels.get('cert_manager_api') if strutils.bool_from_string(cert_manager_api): extra_params['cert_manager_api'] = cert_manager_api ca_cert = cert_manager.get_cluster_ca_certificate(cluster) extra_params['ca_key'] = x509.decrypt_key( ca_cert.get_private_key(), ca_cert.get_private_key_passphrase()).replace("\n", "\\n") plain_openstack_ca = utils.get_openstack_ca() encoded_openstack_ca = base64.b64encode(plain_openstack_ca.encode()) extra_params['openstack_ca_coreos'] = encoded_openstack_ca.decode() return super(CoreOSK8sTemplateDefinition, self).get_params(context, cluster_template, cluster, extra_params=extra_params, **kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs): extra_params = kwargs.pop('extra_params', {}) extra_params['username'] = context.user_name osc = self.get_osc(context) extra_params['region_name'] = osc.cinder_region_name() # set docker_volume_type # use the configuration default if None provided docker_volume_type = cluster.labels.get( 'docker_volume_type', CONF.cinder.default_docker_volume_type) extra_params['docker_volume_type'] = docker_volume_type extra_params['nodes_affinity_policy'] = \ CONF.cluster.nodes_affinity_policy if cluster_template.network_driver == 'flannel': extra_params["pods_network_cidr"] = \ cluster.labels.get('flannel_network_cidr', '10.100.0.0/16') if cluster_template.network_driver == 'calico': extra_params["pods_network_cidr"] = \ cluster.labels.get('calico_ipv4pool', '192.168.0.0/16') label_list = ['coredns_tag', 'kube_tag', 'container_infra_prefix', 'availability_zone', 'calico_tag', 'calico_cni_tag', 'calico_kube_controllers_tag', 'calico_ipv4pool', 'etcd_tag', 'flannel_tag'] for label in label_list: label_value = cluster.labels.get(label) if label_value: extra_params[label] = label_value cert_manager_api = cluster.labels.get('cert_manager_api') if strutils.bool_from_string(cert_manager_api): extra_params['cert_manager_api'] = cert_manager_api ca_cert = cert_manager.get_cluster_ca_certificate(cluster) extra_params['ca_key'] = x509.decrypt_key( ca_cert.get_private_key(), ca_cert.get_private_key_passphrase()).replace("\n", "\\n") plain_openstack_ca = utils.get_openstack_ca() encoded_openstack_ca = base64.b64encode(plain_openstack_ca.encode()) extra_params['openstack_ca_coreos'] = encoded_openstack_ca.decode() return super(CoreOSK8sTemplateDefinition, self).get_params(context, cluster_template, cluster, extra_params=extra_params, **kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs): osc = self.get_osc(context) nodegroups = kwargs.pop('nodegroups', None) # Add all the params from the cluster's nodegroups self.add_nodegroup_params(cluster, nodegroups=nodegroups) extra_params = kwargs.pop('extra_params', {}) extra_params['trustee_domain_id'] = osc.keystone().trustee_domain_id extra_params['trustee_user_id'] = cluster.trustee_user_id extra_params['trustee_username'] = cluster.trustee_username extra_params['trustee_password'] = cluster.trustee_password extra_params['verify_ca'] = CONF.drivers.verify_ca extra_params['openstack_ca'] = utils.get_openstack_ca() ssh_public_key = nova.get_ssh_key(context, cluster.keypair) if ssh_public_key != "": extra_params['ssh_public_key'] = ssh_public_key # Only pass trust ID into the template if allowed by the config file if CONF.trust.cluster_user_trust: extra_params['trust_id'] = cluster.trust_id else: extra_params['trust_id'] = "" kwargs = { 'service_type': 'identity', 'interface': CONF.trust.trustee_keystone_interface, 'version': 3 } if CONF.trust.trustee_keystone_region_name: kwargs['region_name'] = CONF.trust.trustee_keystone_region_name # NOTE: Sometimes, version discovery fails when Magnum cannot talk to # Keystone via specified trustee_keystone_interface intended for # cluster instances either because it is not unreachable from the # controller or CA certs are missing for TLS enabled interface and the # returned auth_url may not be suffixed with /v3 in which case append # the url with the suffix so that instances can still talk to Keystone. auth_url = osc.url_for(**kwargs).rstrip('/') extra_params['auth_url'] = auth_url + ('' if auth_url.endswith('/v3') else '/v3') return super(BaseTemplateDefinition, self).get_params(context, cluster_template, cluster, extra_params=extra_params, **kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs): osc = self.get_osc(context) nodegroups = kwargs.pop('nodegroups', None) # Add all the params from the cluster's nodegroups self.add_nodegroup_params(cluster, nodegroups=nodegroups) extra_params = kwargs.pop('extra_params', {}) extra_params['trustee_domain_id'] = osc.keystone().trustee_domain_id extra_params['trustee_user_id'] = cluster.trustee_user_id extra_params['trustee_username'] = cluster.trustee_username extra_params['trustee_password'] = cluster.trustee_password extra_params['verify_ca'] = CONF.drivers.verify_ca extra_params['openstack_ca'] = utils.get_openstack_ca() ssh_public_key = nova.get_ssh_key(context, cluster.keypair) if ssh_public_key != "": extra_params['ssh_public_key'] = ssh_public_key # Only pass trust ID into the template if allowed by the config file if CONF.trust.cluster_user_trust: extra_params['trust_id'] = cluster.trust_id else: extra_params['trust_id'] = "" kwargs = { 'service_type': 'identity', 'interface': CONF.trust.trustee_keystone_interface, 'version': 3 } if CONF.trust.trustee_keystone_region_name: kwargs['region_name'] = CONF.trust.trustee_keystone_region_name extra_params['auth_url'] = osc.url_for(**kwargs).rstrip('/') return super(BaseTemplateDefinition, self).get_params(context, cluster_template, cluster, extra_params=extra_params, **kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs): extra_params = super(FCOSK8sTemplateDefinition, self).get_params(context, cluster_template, cluster, **kwargs) extra_params['openstack_ca'] = urlparse.quote(utils.get_openstack_ca()) return extra_params