def _create_session(self): if not winrm: raise CommandExecutionError( command='winrm', error='winrm not installed' ) winrm_url = '{0}://{1}:{2}/{3}'.format( self.session_config['protocol'], self.session_config['host'], self.session_config['port'], self.session_config['uri']) if is_kerberos_env(): # The change is simply setting the transport to kerberos # and setting the kerberos_hostname_override parameter # to the destination hostname. return winrm.Session( target=winrm_url, auth=(self.session_config['user'], None), transport='kerberos', kerberos_hostname_override=self.session_config['host']) else: return winrm.Session( target=winrm_url, auth=(self.session_config['user'], self.session_config['password']), transport=self.session_config['transport'])
def _validate_ssh_config(self): if not self.host: raise exceptions.AgentInstallerConfigurationError('Missing host') if not self.user: raise exceptions.AgentInstallerConfigurationError('Missing user') if not is_kerberos_env() and not self.password and not self.key: raise exceptions.AgentInstallerConfigurationError( 'Must specify either key or password')
def validate(session_config): def _validate(prop): value = session_config.get(prop) if not value: raise ValueError('Invalid {0}: {1}'.format(prop, value)) _validate('host') _validate('user') if not is_kerberos_env(): # no need to supply password in Kerberos env _validate('password')
def get_rest_client(client_profile=None, rest_host=None, rest_port=None, rest_protocol=None, rest_cert=None, username=None, password=None, tenant_name=None, trust_all=False, cluster=None, kerberos_env=None): if client_profile is None: client_profile = profile rest_host = rest_host or client_profile.manager_ip rest_port = rest_port or client_profile.rest_port rest_protocol = rest_protocol or client_profile.rest_protocol rest_cert = rest_cert or get_ssl_cert(client_profile) username = username or get_username(client_profile) password = password or get_password(client_profile) tenant_name = tenant_name or get_tenant_name(client_profile) trust_all = trust_all or get_ssl_trust_all() headers = get_auth_header(username, password) headers[constants.CLOUDIFY_TENANT_HEADER] = tenant_name cluster = client_profile.cluster if cluster is None else cluster kerberos_env = kerberos_env \ if kerberos_env is not None else client_profile.kerberos_env if kerberos_env is False \ or (kerberos_env is None and not is_kerberos_env()): if not username: raise CloudifyCliError('Command failed: Missing Username') if not password: raise CloudifyCliError('Command failed: Missing password') if cluster: client = CloudifyClusterClient(host=rest_host, port=rest_port, protocol=rest_protocol, headers=headers, cert=rest_cert, trust_all=trust_all, profile=client_profile, kerberos_env=kerberos_env) else: client = CloudifyClient(host=rest_host, port=rest_port, protocol=rest_protocol, headers=headers, cert=rest_cert, trust_all=trust_all, kerberos_env=kerberos_env) return client
def get_rest_client(client_profile=None, rest_host=None, rest_port=None, rest_protocol=None, rest_cert=None, username=None, password=None, tenant_name=None, trust_all=False, cluster=None, kerberos_env=None): if client_profile is None: client_profile = profile rest_host = rest_host or client_profile.manager_ip rest_port = rest_port or client_profile.rest_port rest_protocol = rest_protocol or client_profile.rest_protocol rest_cert = rest_cert or get_ssl_cert(client_profile) username = username or get_username(client_profile) password = password or get_password(client_profile) tenant_name = tenant_name or get_tenant_name(client_profile) trust_all = trust_all or get_ssl_trust_all() headers = get_auth_header(username, password) headers[constants.CLOUDIFY_TENANT_HEADER] = tenant_name cluster = cluster or is_cluster(client_profile) kerberos_env = kerberos_env \ if kerberos_env is not None else client_profile.kerberos_env if kerberos_env is False \ or (kerberos_env is None and not is_kerberos_env()): if not username: raise CloudifyCliError('Command failed: Missing Username') if not password: raise CloudifyCliError('Command failed: Missing password') if cluster: client = CloudifyClusterClient(host=rest_host, port=rest_port, protocol=rest_protocol, headers=headers, cert=rest_cert, trust_all=trust_all, profile=client_profile, kerberos_env=kerberos_env) else: client = CloudifyClient(host=rest_host, port=rest_port, protocol=rest_protocol, headers=headers, cert=rest_cert, trust_all=trust_all, kerberos_env=kerberos_env) return client
def validate(session_config): def _validate(prop): value = session_config.get(prop) if not value: raise ValueError('Invalid {0}: {1}' .format(prop, value)) _validate('host') _validate('user') if not is_kerberos_env(): # no need to supply password in Kerberos env _validate('password')
def _set_env(self): env = {'host_string': self.host, 'port': self.port, 'user': self.user} if self.key: if self.key.startswith(RSA_PRIVATE_KEY_PREFIX): env['key'] = self.key else: env['key_filename'] = self.key if self.password: env['password'] = self.password if is_kerberos_env(): # For GSSAPI, the fabric env just needs to have # gss_auth and gss_kex set to True env['gss_auth'] = True env['gss_kex'] = True env.update(COMMON_ENV) return env
def _set_env(self): env = { 'host_string': self.host, 'port': self.port, 'user': self.user } if self.key: if self.key.startswith(RSA_PRIVATE_KEY_PREFIX): env['key'] = self.key else: env['key_filename'] = self.key if self.password: env['password'] = self.password if is_kerberos_env(): # For GSSAPI, the fabric env just needs to have # gss_auth and gss_kex set to True env['gss_auth'] = True env['gss_kex'] = True env.update(COMMON_ENV) return env
def _set_env(self): env = { 'host': self.host, 'port': self.port, 'user': self.user, 'connect_kwargs': {} } if self.key: if self.key.startswith(PRIVATE_KEY_PREFIX): env['connect_kwargs']['pkey'] = \ self._load_private_key(self.key) else: env['connect_kwargs']['key_filename'] = self.key if self.password: env['connect_kwargs']['password'] = self.password if is_kerberos_env(): # For GSSAPI, the fabric env just needs to have # gss_auth and gss_kex set to True env['gss_auth'] = True env['gss_kex'] = True env.update(COMMON_ENV) return env
def get_rest_client(client_profile=None, rest_host=None, rest_port=None, rest_protocol=None, rest_cert=None, username=None, password=None, tenant_name=None, trust_all=False, skip_version_check=False, cluster=None): if client_profile is None: client_profile = profile rest_host = rest_host or client_profile.manager_ip rest_port = rest_port or client_profile.rest_port rest_protocol = rest_protocol or client_profile.rest_protocol rest_cert = rest_cert or get_ssl_cert(client_profile) username = username or get_username(client_profile) password = password or get_password(client_profile) tenant_name = tenant_name or get_tenant_name(client_profile) trust_all = trust_all or get_ssl_trust_all() headers = get_auth_header(username, password) headers[constants.CLOUDIFY_TENANT_HEADER] = tenant_name cluster = cluster or client_profile.cluster if not is_kerberos_env(): if not username: raise CloudifyCliError('Command failed: Missing Username') if not password: raise CloudifyCliError('Command failed: Missing password') if cluster: client = CloudifyClusterClient( host=rest_host, port=rest_port, protocol=rest_protocol, headers=headers, cert=rest_cert, trust_all=trust_all, profile=client_profile) else: client = CloudifyClient( host=rest_host, port=rest_port, protocol=rest_protocol, headers=headers, cert=rest_cert, trust_all=trust_all) # TODO: Put back version check after we've solved the problem where # a new CLI is used with an older manager on `cfy upgrade`. if skip_version_check or True: return client cli_version, manager_version = get_cli_manager_versions(client) if cli_version == manager_version: return client elif not manager_version: return client else: raise CloudifyCliError( 'CLI and manager versions do not match\n' 'CLI Version: {0}\n' 'Manager Version: {1}'.format(cli_version, manager_version))