def create_x509_cert(cert_dir, x509_req): # Load the CA cert ca_cert = crypto.load_certificate(crypto.FILETYPE_PEM, file_get_contents(os.path.join(cert_dir, "ca_cert.pem"))) # Load private key key = crypto.load_privatekey(crypto.FILETYPE_PEM, file_get_contents(os.path.join(cert_dir, "ca_key.pem"))) # Create new certificate newcert = crypto.X509() # Generate serial number serial = random.randint(1, 2048) newcert.set_serial_number(serial) # Valid for one year starting from now newcert.gmtime_adj_notAfter(60 * 60 * 24 * 365) newcert.gmtime_adj_notBefore(0) # Issuer, subject and public key newcert.set_issuer(ca_cert.get_subject()) newcert.set_subject(x509_req.get_subject()) newcert.set_pubkey(x509_req.get_pubkey()) # Sign newcert.sign(key, "md5") return crypto.dump_certificate(crypto.FILETYPE_PEM, newcert)
def get_cert_cname(cert_dir): """Return the CNAME value of director's certificate""" cert = crypto.load_certificate(crypto.FILETYPE_PEM, file_get_contents(os.path.join(cert_dir, "cert.pem"))) subject = cert.get_subject() return [ el[1] for el in subject.get_components() if el[0] == 'CN' ][0]
def get_cert_cname(cert_dir): """Return the CNAME value of director's certificate""" cert = crypto.load_certificate( crypto.FILETYPE_PEM, file_get_contents(os.path.join(cert_dir, "cert.pem"))) subject = cert.get_subject() return [el[1] for el in subject.get_components() if el[0] == 'CN'][0]
def create_x509_cert(cert_dir, x509_req): # Load the CA cert ca_cert = crypto.load_certificate(crypto.FILETYPE_PEM, file_get_contents(os.path.join(cert_dir, "ca_cert.pem"))) # Load private key key = crypto.load_privatekey(crypto.FILETYPE_PEM, file_get_contents(os.path.join(cert_dir, "ca_key.pem"))) # Generate serial number serial = random.randint(1, 2048) # Valid for one year starting from now not_before = 0 not_after = 60 * 60 * 24 * 365 newcert = x509.create_cert(x509_req, ca_cert, key, serial, not_before, not_after) return crypto.dump_certificate(crypto.FILETYPE_PEM, newcert)
def get_log(self, kwargs): """Return the contents of a logfile""" exp_params = [("filename", is_string, self.LOG_FILE)] try: filename = check_arguments(exp_params, kwargs) except Exception as ex: return HttpErrorResponse("%s" % ex) try: return HttpJsonResponse({"log": file_get_contents(filename)}) except: return HttpErrorResponse("Failed to read log file: '%s'" % filename)
def get_manager_log(self, kwargs): """Return logfile""" try: exp_params = [] check_arguments(exp_params, kwargs) except Exception as ex: return HttpErrorResponse("%s" % ex) try: return HttpJsonResponse({'log': file_get_contents(self.logfile)}) except: return HttpErrorResponse('Failed to read log')
def create_x509_cert(cert_dir, x509_req): # Load the CA cert ca_cert = crypto.load_certificate( crypto.FILETYPE_PEM, file_get_contents(os.path.join(cert_dir, "ca_cert.pem"))) # Load private key key = crypto.load_privatekey( crypto.FILETYPE_PEM, file_get_contents(os.path.join(cert_dir, "ca_key.pem"))) # Generate serial number serial = random.randint(1, 2048) # Valid for one year starting from now not_before = 0 not_after = 60 * 60 * 24 * 365 newcert = x509.create_cert(x509_req, ca_cert, key, serial, not_before, not_after) return crypto.dump_certificate(crypto.FILETYPE_PEM, newcert)
def updateTomcatCode(host, port, codeVersionId, filetype, filepath): params = { 'method': 'updateTomcatCode', 'codeVersionId': codeVersionId, 'filetype': filetype } if filetype != 'git': # File-based code uploads files = [('file', filepath, file_get_contents(filepath))] return _check(https.client.https_post(host, port, '/', params=params, files=files)) else: # For git-based code uploads, filepath contains the git revision params['revision'] = filepath return _check(https.client.https_post(host, port, '/', params=params))
def get_startup_script(self, kwargs): """Return contents of the currently defined startup script, if any""" exp_params = [('sid', is_in_list(self.httpsserver.instances.keys()))] try: service_id = check_arguments(exp_params, kwargs) except Exception as ex: return HttpErrorResponse("%s" % ex) basedir = self.config_parser.get('manager', 'CONPAAS_HOME') fullpath = os.path.join(basedir, str(service_id), 'startup.sh') try: return HttpJsonResponse(file_get_contents(fullpath)) except IOError: return HttpErrorResponse('No startup script')
def updateTomcatCode(host, port, codeVersionId, filetype, filepath): params = { 'method': 'updateTomcatCode', 'codeVersionId': codeVersionId, 'filetype': filetype } if filetype != 'git': # File-based code uploads files = [('file', filepath, file_get_contents(filepath))] return _check(https.client.https_post(host, port, '/', params, files=files)) # git-based code uploads do not need a FileUploadField. # Pass filepath as a dummy value for the 'file' parameter. params['file'] = filepath return _check(https.client.https_post(host, port, '/', params))
def updateTomcatCode(host, port, codeVersionId, filetype, filepath): params = { 'method': 'updateTomcatCode', 'codeVersionId': codeVersionId, 'filetype': filetype } if filetype != 'git': # File-based code uploads files = [('file', filepath, file_get_contents(filepath))] return _check( https.client.https_post(host, port, '/', params, files=files)) # git-based code uploads do not need a FileUploadField. # Pass filepath as a dummy value for the 'file' parameter. params['file'] = filepath return _check(https.client.https_post(host, port, '/', params))
def generate_certificate(cert_dir, uid, sid, role, email, cn, org): """Generates a new x509 certificate for a manager from scratch. Creates a key, a request and then the certificate.""" # Get CA cert ca_cert = file_get_contents(os.path.join(cert_dir, "ca_cert.pem")) # Generate keypair req_key = gen_rsa_keypair() # Generate certificate request x509_req = create_x509_req(req_key, uid, sid, org, email, cn, role) # Sign the request certificate = create_x509_cert(cert_dir, x509_req) return { 'ca_cert': ca_cert, 'key': crypto.dump_privatekey(crypto.FILETYPE_PEM, req_key), 'cert': certificate }
def generate_certificate(cert_dir, uid, sid, role, email, cn, org, ca_cert=None): """Generates a new x509 certificate for a manager from scratch. Creates a key, a request and then the certificate.""" # Get CA cert if ca_cert is None: ca_cert = file_get_contents(os.path.join(cert_dir, "ca_cert.pem")) # Generate keypair req_key = x509.gen_rsa_keypair() # Generate certificate request x509_req = x509.create_x509_req(req_key, userId=uid, serviceLocator=sid, O=org, emailAddress=email, CN=cn, role=role) # Sign the request certificate = create_x509_cert(cert_dir, x509_req) return { 'ca_cert': ca_cert, 'key': crypto.dump_privatekey(crypto.FILETYPE_PEM, req_key), 'cert': certificate }
def conpaas_init_ssl_ctx(dir, role, uid=None, aid=None): cert_file = dir + '/cert.pem' key_file = dir + '/key.pem' ca_cert_file = dir + '/ca_cert.pem' if role == 'agent': verify_callback = _conpaas_callback_agent elif role == 'manager': verify_callback = _conpaas_callback_manager elif role == 'director': verify_callback = _conpaas_callback_director elif role == 'user': verify_callback = _conpaas_callback_user if uid == None: # Extract uid from the certificate itself uid = x509.get_x509_dn_field(file_get_contents(cert_file), 'UID') global __client_ctx, __uid, __aid __client_ctx = _init_context(SSL.SSLv23_METHOD, cert_file, key_file, ca_cert_file, verify_callback) __uid = uid __aid = aid
def conpaas_init_ssl_ctx(dir, role, uid=None, sid=None): cert_file = dir + '/cert.pem' key_file = dir + '/key.pem' ca_cert_file = dir + '/ca_cert.pem' if role == 'agent': verify_callback = _conpaas_callback_agent elif role == 'manager': verify_callback = _conpaas_callback_manager elif role == 'director': verify_callback = _conpaas_callback_director elif role == 'user': verify_callback = _conpaas_callback_user if uid == None: # Extract uid from the certificate itself uid = x509.get_x509_dn_field(file_get_contents(cert_file), 'UID') global __client_ctx, __uid, __sid __client_ctx = _init_context(SSL.SSLv23_METHOD, cert_file, key_file, ca_cert_file, verify_callback) __uid = uid __sid = sid
def upload_authorized_key(host, port, filepath): params = {'method': 'upload_authorized_key'} files = [('key', filepath, file_get_contents(filepath))] return _check(https.client.https_post(host, port, '/', params, files=files))
def upload_code_version(host, port, filepath): params = {'method': 'upload_code_version'} files = [('code', filepath, file_get_contents(filepath))] return _check(https.client.https_post(host, port, '/', params, files=files))
def _get_context_file(self, service_name, cloud): """Override default _get_context_file. Here we generate the context file for managers rather than for agents.""" conpaas_home = self.config_parser.get('conpaas', 'CONF_DIR') cloud_scripts_dir = os.path.join(conpaas_home, 'scripts', 'cloud') mngr_scripts_dir = os.path.join(conpaas_home, 'scripts', 'manager') mngr_cfg_dir = os.path.join(conpaas_home, 'config', 'manager') director = self.config_parser.get('director', 'DIRECTOR_URL') # Values to be passed to the context file template tmpl_values = {} # Get contextualization script for the cloud try: tmpl_values['cloud_script'] = file_get_contents( os.path.join(cloud_scripts_dir, cloud)) except IOError: tmpl_values['cloud_script'] = '' # Get manager setup file mngr_setup = file_get_contents( os.path.join(mngr_scripts_dir, 'manager-setup')) tmpl_values['mngr_setup'] = mngr_setup.replace('%DIRECTOR_URL%', director) # Get cloud config values from director.cfg cloud_sections = ['iaas'] if self.config_parser.has_option('iaas', 'OTHER_CLOUDS'): cloud_sections.extend( [cloud_name for cloud_name in self.config_parser.get('iaas', 'OTHER_CLOUDS').split(',') if self.config_parser.has_section(cloud_name)]) def __extract_cloud_cfg(section_name): tmpl_values['cloud_cfg'] += "["+section_name+"]\n" for key, value in self.config_parser.items(section_name): tmpl_values['cloud_cfg'] += key.upper() + " = " + value + "\n" tmpl_values['cloud_cfg'] = '' for section_name in cloud_sections: __extract_cloud_cfg(section_name) # Get manager config file mngr_cfg = file_get_contents( os.path.join(mngr_cfg_dir, 'default-manager.cfg')) # Add service-specific config file (if any) mngr_service_cfg = os.path.join(mngr_cfg_dir, service_name + '-manager.cfg') if os.path.isfile(mngr_service_cfg): mngr_cfg += file_get_contents(mngr_service_cfg) # Modify manager config file setting the required variables mngr_cfg = mngr_cfg.replace('%DIRECTOR_URL%', director) mngr_cfg = mngr_cfg.replace('%CONPAAS_SERVICE_TYPE%', service_name) mngr_cfg = mngr_cfg.replace('%CLOUD_NAME%', self.cloud_name); # mngr_cfg = mngr_cfg.replace('%CLOUD_TYPE%', cloud_type); cloud = self.get_cloud_by_name(self.cloud_name) # OpenNebula, EC2. etc mngr_cfg = mngr_cfg.replace('%CLOUD_TYPE%', self.config_parser.get(self.cloud_name, 'DRIVER')) if self.config_parser.has_option(self.cloud_name, 'INST_TYPE'): mngr_cfg = mngr_cfg.replace('%CLOUD_MACHINE_TYPE%', self.config_parser.get(self.cloud_name, 'INST_TYPE')) if self.config_parser.has_option(self.cloud_name, 'COST_PER_TIME'): mngr_cfg = mngr_cfg.replace('%CLOUD_COST_PER_TIME%', self.config_parser.get(self.cloud_name, 'COST_PER_TIME')) if self.config_parser.has_option(self.cloud_name, 'MAX_VMS'): mngr_cfg = mngr_cfg.replace('%CLOUD_MAX_VMS%', self.config_parser.get(self.cloud_name, 'MAX_VMS')) if self.config_parser.has_option('iaas', 'MAX_VMS_ALL_CLOUDS'): mngr_cfg = mngr_cfg.replace('%CLOUD_MAX_VMS_ALL_CLOUDS%', self.config_parser.get('iaas', 'MAX_VMS_ALL_CLOUDS')) # mngr_cfg = mngr_cfg.replace('%CLOUD_COST_PER_TIME%', cloud_cost_per_time); for option_name in 'SERVICE_ID', 'USER_ID', 'APP_ID': mngr_cfg = mngr_cfg.replace('%CONPAAS_' + option_name + '%', self.config_parser.get("manager", option_name)) # Check if we want to use IPOP. If so, add IPOP directives to manager # config file if self.config_parser.has_option('manager', 'IPOP_SUBNET'): ipop_subnet = self.config_parser.get('manager', 'IPOP_SUBNET') mngr_cfg += '\nIPOP_SUBNET = %s' % ipop_subnet ipop_network = IPNetwork(ipop_subnet).iter_hosts() # Skip the first IP address. IPOP uses it for internal purposes ipop_network.next() mngr_cfg += '\nIPOP_IP_ADDRESS = %s' % ipop_network.next() mngr_cfg += '\nIPOP_BASE_IP = %s' % self.config_parser.get( 'conpaas', 'VPN_BASE_NETWORK') mngr_cfg += '\nIPOP_NETMASK = %s' % self.config_parser.get( 'conpaas', 'VPN_NETMASK') if self.config_parser.has_option('conpaas', 'VPN_BOOTSTRAP_NODES'): mngr_cfg += '\nIPOP_BOOTSTRAP_NODES = %s' % self.config_parser.get( 'conpaas', 'VPN_BOOTSTRAP_NODES') tmpl_values['mngr_cfg'] = mngr_cfg # Add default manager startup script tmpl_values['mngr_start_script'] = file_get_contents( os.path.join(mngr_scripts_dir, 'default-manager-start')) # Or the service-specific one (if any) mngr_startup_scriptname = os.path.join( mngr_scripts_dir, service_name + '-manager-start') if os.path.isfile(mngr_startup_scriptname): tmpl_values['mngr_start_script'] = file_get_contents( mngr_startup_scriptname) # Get key and a certificate from CA mngr_certs = self._get_certificate(email="*****@*****.**", cn="ConPaaS", org="Contrail") tmpl_values['mngr_certs_cert'] = mngr_certs['cert'] tmpl_values['mngr_certs_key'] = mngr_certs['key'] tmpl_values['mngr_certs_ca_cert'] = mngr_certs['ca_cert'] # Concatenate the files return """%(cloud_script)s cat <<EOF > /tmp/cert.pem %(mngr_certs_cert)s EOF cat <<EOF > /tmp/key.pem %(mngr_certs_key)s EOF cat <<EOF > /tmp/ca_cert.pem %(mngr_certs_ca_cert)s EOF %(mngr_setup)s cat <<EOF > $ROOT_DIR/config.cfg %(cloud_cfg)s %(mngr_cfg)s EOF %(mngr_start_script)s""" % tmpl_values
def _get_context_file(self, service_name, cloud): """Override default _get_context_file. Here we generate the context file for managers rather than for agents.""" config_parser = self._Controller__config_parser conpaas_home = config_parser.get('conpaas', 'ROOT_DIR') cloud_scripts_dir = os.path.join(conpaas_home, 'scripts', 'cloud') mngr_scripts_dir = os.path.join(conpaas_home, 'scripts', 'manager') mngr_cfg_dir = os.path.join(conpaas_home, 'config', 'manager') frontend = config_parser.get('director', 'DIRECTOR_URL') # Values to be passed to the context file template tmpl_values = {} # Get contextualization script for the cloud tmpl_values['cloud_script'] = file_get_contents( os.path.join(cloud_scripts_dir, cloud)) # Get manager setup file mngr_setup = file_get_contents( os.path.join(mngr_scripts_dir,'manager-setup')) tmpl_values['mngr_setup'] = mngr_setup.replace('%FRONTEND_URL%', frontend) # Get cloud config values from director.cfg tmpl_values['cloud_cfg'] = "[iaas]\n" for key, value in config_parser.items("iaas"): tmpl_values['cloud_cfg'] += key.upper() + " = " + value + "\n" # Get manager config file mngr_cfg = file_get_contents( os.path.join(mngr_cfg_dir, 'default-manager.cfg')) # Add service-specific config file (if any) mngr_service_cfg = os.path.join(mngr_cfg_dir, service_name + '-manager.cfg') if os.path.isfile(mngr_service_cfg): mngr_cfg += file_get_contents(mngr_service_cfg) # Modify manager config file setting the required variables mngr_cfg = mngr_cfg.replace('%FRONTEND_URL%', frontend) mngr_cfg = mngr_cfg.replace('%CONPAAS_SERVICE_TYPE%', service_name) mngr_cfg = mngr_cfg.replace('%CONPAAS_SERVICE_ID%', config_parser.get("manager", "FE_SERVICE_ID")) mngr_cfg = mngr_cfg.replace('%CONPAAS_USER_ID%', config_parser.get("manager", "FE_USER_ID")) tmpl_values['mngr_cfg'] = mngr_cfg # Add default manager startup script tmpl_values['mngr_start_script'] = file_get_contents( os.path.join(mngr_scripts_dir, 'default-manager-start')) # Or the service-specific one (if any) mngr_startup_scriptname = os.path.join( mngr_scripts_dir, service_name + '-manager-start') if os.path.isfile(mngr_startup_scriptname): tmpl_values['mngr_start_script'] = file_get_contents( mngr_startup_scriptname) # Get key and a certificate from CA mngr_certs = self._get_certificate(email="*****@*****.**", cn="ConPaaS", org="Contrail") tmpl_values['mngr_certs_cert'] = mngr_certs['cert'] tmpl_values['mngr_certs_key'] = mngr_certs['key'] tmpl_values['mngr_certs_ca_cert'] = mngr_certs['ca_cert'] # Concatenate the files return """%(cloud_script)s cat <<EOF > /tmp/cert.pem %(mngr_certs_cert)s EOF cat <<EOF > /tmp/key.pem %(mngr_certs_key)s EOF cat <<EOF > /tmp/ca_cert.pem %(mngr_certs_ca_cert)s EOF %(mngr_setup)s cat <<EOF > $ROOT_DIR/config.cfg %(cloud_cfg)s %(mngr_cfg)s EOF %(mngr_start_script)s""" % tmpl_values
def _generate_context_file(self, cloud, context_replacement={}, startup_script=None): """Override default _get_context_file. Here we generate the context file for managers rather than for agents.""" cloud_type = cloud.get_cloud_type() conpaas_home = self.config_parser.get('conpaas', 'CONF_DIR') cloud_scripts_dir = os.path.join(conpaas_home, 'scripts', 'cloud') mngr_scripts_dir = os.path.join(conpaas_home, 'scripts', 'manager') director = self.config_parser.get('director', 'DIRECTOR_URL') # Values to be passed to the context file template tmpl_values = {} # Get contextualization script for the cloud try: tmpl_values['cloud_script'] = file_get_contents(os.path.join(cloud_scripts_dir, cloud_type)) except IOError: tmpl_values['cloud_script'] = '' # Get manager setup file mngr_setup = file_get_contents(os.path.join(mngr_scripts_dir, 'manager-setup')) mngr_setup = mngr_setup.replace('%DIRECTOR_URL%',director) tmpl_values['mngr_setup'] = mngr_setup tmpl_values['config'] = self.generate_config_file() # self.config # Add default manager startup script tmpl_values['mngr_start_script'] = file_get_contents(os.path.join(mngr_scripts_dir, 'default-manager-start')) # tmpl_values['mngr_vars_script'] = file_get_contents(os.path.join(mngr_scripts_dir, 'default-manager-vars')) # Get key and a certificate from CA mngr_certs = self._get_certificate(role="manager", email="*****@*****.**", cn="ConPaaS", org="Contrail") tmpl_values['mngr_certs_cert'] = mngr_certs['cert'] tmpl_values['mngr_certs_key'] = mngr_certs['key'] tmpl_values['mngr_certs_ca_cert'] = mngr_certs['ca_cert'] # Concatenate the files return """%(cloud_script)s cat <<EOF > /tmp/cert.pem %(mngr_certs_cert)s EOF cat <<EOF > /tmp/key.pem %(mngr_certs_key)s EOF cat <<EOF > /tmp/ca_cert.pem %(mngr_certs_ca_cert)s EOF %(mngr_setup)s cat <<EOF > $ROOT_DIR/config.cfg %(config)s EOF %(mngr_start_script)s """ % tmpl_values
def load_dump(host, port, mysqldump_path): params = {'method': 'load_dump'} files = [('mysqldump_file', mysqldump_path, file_get_contents(mysqldump_path))] return _check(https.client.https_post(host, port, '/', params, files=files))
def generate_config_file(self): # cloud_name = cloud.get_cloud_name() conpaas_home = self.config_parser.get('conpaas', 'CONF_DIR') mngr_cfg_dir = os.path.join(conpaas_home, 'config', 'manager') if self.config_parser.has_option('conpaas', 'DEPLOYMENT_NAME'): conpaas_deployment_name = self.config_parser.get('conpaas', 'DEPLOYMENT_NAME') else: conpaas_deployment_name = 'conpaas' # Get manager config file # TODO (genc): Don't forget about having two default manager files (delete one when done) # mngr_cfg = file_get_contents(os.path.join(mngr_cfg_dir, 'default-manager.cfg')) mngr_cfg = file_get_contents(os.path.join(mngr_cfg_dir, 'default-manager-new.cfg')) # Modify manager config file setting the required variables mngr_cfg = mngr_cfg.replace('%CONPAAS_DEPLOYMENT_NAME%', conpaas_deployment_name) # for option_name in 'SERVICE_ID', 'USER_ID', 'APP_ID': for option_name in 'USER_ID', 'APP_ID': mngr_cfg = mngr_cfg.replace('%CONPAAS_' + option_name + '%', self.config_parser.get("manager", option_name)) # COMMENT (genc): this part is commented because it is being used only by htc, not useful for the moment # mngr_cfg = mngr_cfg.replace('%CLOUD_NAME%', cloud_name); # # OpenNebula, EC2. etc # mngr_cfg = mngr_cfg.replace('%CLOUD_TYPE%', self.config_parser.get(cloud_name, 'DRIVER')) # if self.config_parser.has_option(cloud_name, 'INST_TYPE'): # mngr_cfg = mngr_cfg.replace('%CLOUD_MACHINE_TYPE%', self.config_parser.get(cloud_name, 'INST_TYPE')) # if self.config_parser.has_option(cloud_name, 'COST_PER_TIME'): # mngr_cfg = mngr_cfg.replace('%CLOUD_COST_PER_TIME%', self.config_parser.get(cloud_name, 'COST_PER_TIME')) # if self.config_parser.has_option(cloud_name, 'MAX_VMS'): # mngr_cfg = mngr_cfg.replace('%CLOUD_MAX_VMS%', self.config_parser.get(cloud_name, 'MAX_VMS')) # if self.config_parser.has_option('iaas', 'MAX_VMS_ALL_CLOUDS'): # mngr_cfg = mngr_cfg.replace('%CLOUD_MAX_VMS_ALL_CLOUDS%', self.config_parser.get('iaas', 'MAX_VMS_ALL_CLOUDS')) # # mngr_cfg = mngr_cfg.replace('%CLOUD_COST_PER_TIME%', cloud_cost_per_time); # COMMENT (genc): the IPOP part is commented until we have a working IPOP # # Check if we want to use IPOP. If so, add IPOP directives to manager # # config file # if self.config_parser.has_option('manager', 'IPOP_SUBNET'): # ipop_subnet = self.config_parser.get('manager', 'IPOP_SUBNET') # mngr_cfg += '\nIPOP_SUBNET = %s' % ipop_subnet # ipop_network = IPNetwork(ipop_subnet).iter_hosts() # # Skip the first IP address. IPOP uses it for internal purposes # ipop_network.next() # mngr_cfg += '\nIPOP_IP_ADDRESS = %s' % ipop_network.next() # mngr_cfg += '\nIPOP_BASE_IP = %s' % self.config_parser.get('conpaas', 'VPN_BASE_NETWORK') # mngr_cfg += '\nIPOP_NETMASK = %s' % self.config_parser.get('conpaas', 'VPN_NETMASK') # if self.config_parser.has_option('conpaas', 'VPN_BOOTSTRAP_NODES'): # mngr_cfg += '\nIPOP_BOOTSTRAP_NODES = %s' % self.config_parser.get('conpaas', 'VPN_BOOTSTRAP_NODES') return mngr_cfg
def _get_context_file(self, service_name, cloud): """Override default _get_context_file. Here we generate the context file for managers rather than for agents.""" conpaas_home = self.config_parser.get('conpaas', 'CONF_DIR') cloud_scripts_dir = os.path.join(conpaas_home, 'scripts', 'cloud') mngr_scripts_dir = os.path.join(conpaas_home, 'scripts', 'manager') mngr_cfg_dir = os.path.join(conpaas_home, 'config', 'manager') director = self.config_parser.get('director', 'DIRECTOR_URL') # Values to be passed to the context file template tmpl_values = {} # Get contextualization script for the cloud try: tmpl_values['cloud_script'] = file_get_contents( os.path.join(cloud_scripts_dir, cloud)) except IOError: tmpl_values['cloud_script'] = '' # Get manager setup file mngr_setup = file_get_contents( os.path.join(mngr_scripts_dir, 'manager-setup')) tmpl_values['mngr_setup'] = mngr_setup.replace('%DIRECTOR_URL%', director) # Get cloud config values from director.cfg cloud_sections = ['iaas'] if self.config_parser.has_option('iaas', 'OTHER_CLOUDS'): cloud_sections.extend([ cloud_name for cloud_name in self.config_parser.get( 'iaas', 'OTHER_CLOUDS').split(',') if self.config_parser.has_section(cloud_name) ]) def __extract_cloud_cfg(section_name): tmpl_values['cloud_cfg'] += "[" + section_name + "]\n" for key, value in self.config_parser.items(section_name): tmpl_values['cloud_cfg'] += key.upper() + " = " + value + "\n" tmpl_values['cloud_cfg'] = '' for section_name in cloud_sections: __extract_cloud_cfg(section_name) # Get manager config file mngr_cfg = file_get_contents( os.path.join(mngr_cfg_dir, 'default-manager.cfg')) # Add service-specific config file (if any) mngr_service_cfg = os.path.join(mngr_cfg_dir, service_name + '-manager.cfg') if os.path.isfile(mngr_service_cfg): mngr_cfg += file_get_contents(mngr_service_cfg) # Modify manager config file setting the required variables mngr_cfg = mngr_cfg.replace('%DIRECTOR_URL%', director) mngr_cfg = mngr_cfg.replace('%CONPAAS_SERVICE_TYPE%', service_name) mngr_cfg = mngr_cfg.replace('%CLOUD_NAME%', self.cloud_name) # mngr_cfg = mngr_cfg.replace('%CLOUD_TYPE%', cloud_type); cloud = self.get_cloud_by_name(self.cloud_name) # OpenNebula, EC2. etc mngr_cfg = mngr_cfg.replace( '%CLOUD_TYPE%', self.config_parser.get(self.cloud_name, 'DRIVER')) if self.config_parser.has_option(self.cloud_name, 'INST_TYPE'): mngr_cfg = mngr_cfg.replace( '%CLOUD_MACHINE_TYPE%', self.config_parser.get(self.cloud_name, 'INST_TYPE')) if self.config_parser.has_option(self.cloud_name, 'COST_PER_TIME'): mngr_cfg = mngr_cfg.replace( '%CLOUD_COST_PER_TIME%', self.config_parser.get(self.cloud_name, 'COST_PER_TIME')) if self.config_parser.has_option(self.cloud_name, 'MAX_VMS'): mngr_cfg = mngr_cfg.replace( '%CLOUD_MAX_VMS%', self.config_parser.get(self.cloud_name, 'MAX_VMS')) if self.config_parser.has_option('iaas', 'MAX_VMS_ALL_CLOUDS'): mngr_cfg = mngr_cfg.replace( '%CLOUD_MAX_VMS_ALL_CLOUDS%', self.config_parser.get('iaas', 'MAX_VMS_ALL_CLOUDS')) # mngr_cfg = mngr_cfg.replace('%CLOUD_COST_PER_TIME%', cloud_cost_per_time); for option_name in 'SERVICE_ID', 'USER_ID', 'APP_ID': mngr_cfg = mngr_cfg.replace( '%CONPAAS_' + option_name + '%', self.config_parser.get("manager", option_name)) # Check if we want to use IPOP. If so, add IPOP directives to manager # config file if self.config_parser.has_option('manager', 'IPOP_SUBNET'): ipop_subnet = self.config_parser.get('manager', 'IPOP_SUBNET') mngr_cfg += '\nIPOP_SUBNET = %s' % ipop_subnet ipop_network = IPNetwork(ipop_subnet).iter_hosts() # Skip the first IP address. IPOP uses it for internal purposes ipop_network.next() mngr_cfg += '\nIPOP_IP_ADDRESS = %s' % ipop_network.next() mngr_cfg += '\nIPOP_BASE_IP = %s' % self.config_parser.get( 'conpaas', 'VPN_BASE_NETWORK') mngr_cfg += '\nIPOP_NETMASK = %s' % self.config_parser.get( 'conpaas', 'VPN_NETMASK') if self.config_parser.has_option('conpaas', 'VPN_BOOTSTRAP_NODES'): mngr_cfg += '\nIPOP_BOOTSTRAP_NODES = %s' % self.config_parser.get( 'conpaas', 'VPN_BOOTSTRAP_NODES') tmpl_values['mngr_cfg'] = mngr_cfg # Add default manager startup script tmpl_values['mngr_start_script'] = file_get_contents( os.path.join(mngr_scripts_dir, 'default-manager-start')) # Or the service-specific one (if any) mngr_startup_scriptname = os.path.join(mngr_scripts_dir, service_name + '-manager-start') if os.path.isfile(mngr_startup_scriptname): tmpl_values['mngr_start_script'] = file_get_contents( mngr_startup_scriptname) # Get key and a certificate from CA mngr_certs = self._get_certificate(email="*****@*****.**", cn="ConPaaS", org="Contrail") tmpl_values['mngr_certs_cert'] = mngr_certs['cert'] tmpl_values['mngr_certs_key'] = mngr_certs['key'] tmpl_values['mngr_certs_ca_cert'] = mngr_certs['ca_cert'] # Concatenate the files return """%(cloud_script)s cat <<EOF > /tmp/cert.pem %(mngr_certs_cert)s EOF cat <<EOF > /tmp/key.pem %(mngr_certs_key)s EOF cat <<EOF > /tmp/ca_cert.pem %(mngr_certs_ca_cert)s EOF %(mngr_setup)s cat <<EOF > $ROOT_DIR/config.cfg %(cloud_cfg)s %(mngr_cfg)s EOF %(mngr_start_script)s""" % tmpl_values