class OpenstackAuth(OrchestratorAuth): def __init__(self, username, password, project_name, inputs=None, logger=None, auth_url=None, region_name=None, certfile=None, keyfile=None, cacert=None, insecure=True, domain_name=None, scope='domain'): self.inputs = inputs self.user = username self.passwd = password self.project = project_name self.scope = scope self.logger = logger or contrail_logging.getLogger(__name__) if inputs: self.auth_url = inputs.auth_url self.region_name = inputs.region_name self.domain_name = domain_name or self.inputs.admin_domain self.keystone_certfile = self.inputs.keystonecertfile self.keystone_keyfile = self.inputs.keystonekeyfile self.certbundle = self.inputs.certbundle self.insecure = self.inputs.insecure self.scope = 'project' if inputs.use_project_scoped_token else scope else: self.auth_url = auth_url or os.getenv('OS_AUTH_URL') self.region_name = region_name or os.getenv('OS_REGION_NAME') self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME') self.keystone_certfile = certfile self.keystone_keyfile = keyfile self.insecure = insecure self.certbundle = cacert self.reauth() def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, domain_name=self.domain_name, auth_url=self.auth_url, insecure=self.insecure, region_name=self.region_name, cert=self.keystone_certfile, key=self.keystone_keyfile, cacert=self.certbundle, logger=self.logger, scope=self.scope) def get_domain_id(self, name='Default'): return self.keystone.get_domain_id(name) def get_project_id(self, name=None, domain_id=None): if not name or name == self.project: return self.keystone.get_id() return self.keystone.get_project_id(name, domain_id) def get_session(self, scope='domain'): return self.keystone.get_session(scope) def get_client(self, scope='domain'): return self.keystone.get_client(scope) def get_endpoint(self, service, interface='public'): return self.keystone.get_endpoint(service, interface) def get_token(self): return self.keystone.get_token() def create_domain(self, domain_name): return self.keystone.create_domain(domain_name) def delete_domain(self, domain_name): self.keystone.delete_domain(domain_name) def update_domain(self, domain_id, domain_name, description, enabled): return self.keystone.update_domain(domain_id=domain_id, domain_name=domain_name, description=description, enabled=enabled) def get_domain(self, domain_id): return self.keystone.get_domain(domain_id=domain_id) def create_project(self, name, domain_name=None): return self.keystone.create_project(name, domain_name) def delete_project(self, name): self.keystone.delete_project(name) def delete_user(self, user): self.keystone.delete_user(user) def create_user(self, user, password, tenant_name=None, domain_name=None): try: self.keystone.create_user(user, password, email='', tenant_name=tenant_name or self.inputs.stack_tenant, enabled=True, domain_name=domain_name) except: self.logger.info("%s user already present" % (self.user)) def get_user_id(self, user): user_obj = self.keystone.get_user_dct(user) return user_obj.id if user_obj else None def create_role(self, role): self.keystone.create_role(role) def delete_role(self, role): self.keystone.delete_role(role) def add_user_to_domain(self, user, role='admin', domain=None): try: self.keystone.add_user_to_domain(user, role, domain) except Exception as e: self.logger.info("%s user already added to domain" % (user)) def add_user_to_project(self, user, project, role='admin'): try: self.keystone.add_user_to_tenant(project, user, role) except Exception as e: self.logger.info("%s user already added to project" % (user)) def remove_user_from_project(self, user, role, project): try: self.keystone.remove_user_role(user, role, project) except Exception as e: self.logger.exception("%s user already removed from project" % (user)) def verify_service_enabled(self, service): try: for svc in self.keystone.services_list(): if service in svc.name: return True else: continue return False except Exception as e: return False def get_auth_h(self): return self.keystone def create_user_group(self, group, domain_name): try: self.keystone.create_group(group, domain_name) except Exception as e: self.logger.info("%s user group already present" % (group)) def delete_group(self, name): return self.keystone.delete_group(name=name) def add_user_to_group(self, user, group): try: self.keystone.add_user_to_group(user, group) except Exception as e: self.logger.info("%s user already added to group %s" % (user, group)) def remove_user_from_group(self, user, group): try: self.keystone.remove_user_from_group(user, group) except Exception as e: self.logger.info("%s user already removed from group %s" % (user, group)) def add_group_to_domain(self, group, role='admin', domain=None): try: self.keystone.add_group_to_domain(group, role='admin', domain=domain) except Exception as e: self.logger.info("%s group already added to domain" % (group, project)) def remove_group_from_domain(self, group, role, domain=None): try: self.keystone.remove_group_from_domain(group, role, domain=None) except Exception as e: self.logger.info("%s group already removed from domain" % (group, domain)) def add_group_to_tenant(self, project, group, role='admin'): try: self.keystone.add_group_to_tenant(project, group, role='admin') except Exception as e: self.logger.info("%s group already added to project" % (group, tenant)) def remove_group_from_tenant(self, project, group, role): try: self.keystone.remove_group_from_tenant(project, group, role) except Exception as e: self.logger.info("%s group already removed from project" % (group, tenant))
def _create_prov_file(self): ''' Creates json data for a single node only. Optional Env variables: openstack creds: * OS_USERNAME (default: admin) * OS_PASSWORD (default: contrail123) * OS_TENANT_NAME (default: admin) * OS_DOMAIN_NAME (default: default-domain) * OS_AUTH_URL (default: http://127.0.0.1:5000/v2.0) * OS_INSECURE (default: True) login creds: * USERNAME (default: root) * PASSWORD (default: c0ntrail123) contrail service: * DISCOVERY_IP (default: neutron-server ip fetched from keystone endpoint) ''' pattern = 'http[s]?://(?P<ip>\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?P<port>\d+)' if self.orchestrator.lower() != 'openstack': raise Exception('Please specify testbed info in $PARAMS_FILE ' 'under "Basic" section, keyword "provFile"') if self.orchestrator.lower() == 'openstack': auth_url = os.getenv('OS_AUTH_URL', None) or \ 'http://127.0.0.1:5000/v2.0' insecure = bool(os.getenv('OS_INSECURE', True)) keystone = KeystoneCommands(self.stack_user, self.stack_password, self.stack_tenant, auth_url, region_name=self.region_name, insecure=insecure, logger=self.logger) match = re.match(pattern, keystone.get_endpoint('identity')[0]) self.auth_ip = match.group('ip') self.auth_port = match.group('port') # Assume contrail-config runs in the same node as neutron-server discovery = os.getenv('DISCOVERY_IP', None) or \ (keystone and re.match(pattern, keystone.get_endpoint('network')[0]).group('ip')) ds_client = VerificationDsSrv(discovery) services = ds_client.get_ds_services().info cfgm = database = services['config'] collector = services['analytics'] bgp = services['control-node'] openstack = [self.auth_ip] if self.auth_ip else [] computes = self.get_computes(cfgm[0]) data = {'hosts': list()} hosts = cfgm + database + collector + bgp + computes + openstack username = os.getenv('USERNAME', 'root') password = os.getenv('PASSWORD', 'c0ntrail123') for host in set(hosts): with settings(host_string='%s@%s' % (username, host), password=password, warn_only=True): hname = run('hostname') hdict = { 'ip': host, 'data-ip': host, 'control-ip': host, 'username': username, 'password': password, 'name': hname, 'roles': [], } if host in cfgm: hdict['roles'].append({'type': 'cfgm'}) if host in collector: hdict['roles'].append({'type': 'collector'}) if host in database: hdict['roles'].append({'type': 'database'}) if host in bgp: hdict['roles'].append({'type': 'bgp'}) if host in computes: hdict['roles'].append({'type': 'compute'}) if host in openstack: hdict['roles'].append({'type': 'openstack'}) data['hosts'].append(hdict) tempfile = NamedTemporaryFile(delete=False) with open(tempfile.name, 'w') as fd: json.dump(data, fd) return tempfile.name
def _create_prov_file(self): ''' Creates json data for a single node only. Optional Env variables: openstack creds: * OS_USERNAME (default: admin) * OS_PASSWORD (default: contrail123) * OS_TENANT_NAME (default: admin) * OS_DOMAIN_NAME (default: default-domain) * OS_AUTH_URL (default: http://127.0.0.1:5000/v2.0) * OS_INSECURE (default: True) login creds: * USERNAME (default: root) * PASSWORD (default: c0ntrail123) contrail service: * DISCOVERY_IP (default: neutron-server ip fetched from keystone endpoint) ''' pattern = 'http[s]?://(?P<ip>\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?P<port>\d+)' if self.orchestrator.lower() != 'openstack': raise Exception('Please specify testbed info in $PARAMS_FILE ' 'under "Basic" section, keyword "provFile"') if self.orchestrator.lower() == 'openstack': auth_url = os.getenv('OS_AUTH_URL', None) or \ 'http://127.0.0.1:5000/v2.0' insecure = bool(os.getenv('OS_INSECURE', True)) keystone = KeystoneCommands( self.stack_user, self.stack_password, self.stack_tenant, auth_url, region_name=self.region_name, insecure=insecure, logger=self.logger) match = re.match(pattern, keystone.get_endpoint('identity')[0]) self.auth_ip = match.group('ip') self.auth_port = match.group('port') # Assume contrail-config runs in the same node as neutron-server discovery = os.getenv('DISCOVERY_IP', None) or \ (keystone and re.match(pattern, keystone.get_endpoint('network')[0]).group('ip')) ds_client = VerificationDsSrv(discovery) services = ds_client.get_ds_services().info cfgm = database = services['config'] collector = services['analytics'] bgp = services['control-node'] openstack = [self.auth_ip] if self.auth_ip else [] computes = self.get_computes(cfgm[0]) data = {'hosts': list()} hosts = cfgm + database + collector + bgp + computes + openstack username = os.getenv('USERNAME', 'root') password = os.getenv('PASSWORD', 'c0ntrail123') for host in set(hosts): with settings( host_string='%s@%s' % (username, host), password=password, warn_only=True): hname = run('hostname') hdict = { 'ip': host, 'data-ip': host, 'control-ip': host, 'username': username, 'password': password, 'name': hname, 'roles': [], } if host in cfgm: hdict['roles'].append({'type': 'cfgm'}) if host in collector: hdict['roles'].append({'type': 'collector'}) if host in database: hdict['roles'].append({'type': 'database'}) if host in bgp: hdict['roles'].append({'type': 'bgp'}) if host in computes: hdict['roles'].append({'type': 'compute'}) if host in openstack: hdict['roles'].append({'type': 'openstack'}) data['hosts'].append(hdict) tempfile = NamedTemporaryFile(delete=False) with open(tempfile.name, 'w') as fd: json.dump(data, fd) return tempfile.name
class OpenstackAuth(OrchestratorAuth): def __init__(self, username, password, project_name, inputs=None, logger=None, auth_url=None, region_name=None, certfile=None, keyfile=None, cacert=None, insecure=True, domain_name=None,scope='domain'): self.inputs = inputs self.user = username self.passwd = password self.project = project_name self.scope = scope self.logger = logger or contrail_logging.getLogger(__name__) if inputs: self.auth_url = inputs.auth_url self.region_name = inputs.region_name self.domain_name = domain_name or self.inputs.admin_domain self.keystone_certfile = self.inputs.keystonecertfile self.keystone_keyfile = self.inputs.keystonekeyfile self.certbundle = self.inputs.certbundle self.insecure = self.inputs.insecure self.scope = 'project' if inputs.use_project_scoped_token else scope else: self.auth_url = auth_url or os.getenv('OS_AUTH_URL') self.region_name = region_name or os.getenv('OS_REGION_NAME') self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME') self.keystone_certfile = certfile self.keystone_keyfile = keyfile self.insecure = insecure self.certbundle = cacert self.reauth() def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, domain_name=self.domain_name, auth_url=self.auth_url, insecure=self.insecure, region_name=self.region_name, cert=self.keystone_certfile, key=self.keystone_keyfile, cacert=self.certbundle, logger=self.logger, scope=self.scope) def get_domain_id(self, name='Default'): return self.keystone.get_domain_id(name) def get_project_id(self, name=None, domain_id=None): if not name or name == self.project: return self.keystone.get_id() return self.keystone.get_project_id(name, domain_id) def get_session(self,scope='domain'): return self.keystone.get_session(scope) def get_client(self,scope='domain'): return self.keystone.get_client(scope) def get_endpoint(self, service, interface='public'): return self.keystone.get_endpoint(service, interface) def get_token(self): return self.keystone.get_token() def create_domain(self,domain_name): return self.keystone.create_domain(domain_name) def delete_domain(self, domain_name): self.keystone.delete_domain(domain_name) def update_domain(self,domain_id, domain_name, description, enabled): return self.keystone.update_domain(domain_id=domain_id, domain_name=domain_name, description=description,enabled=enabled) def get_domain(self,domain_id): return self.keystone.get_domain(domain_id=domain_id) def create_project(self, name, domain_name=None): return self.keystone.create_project(name, domain_name) def delete_project(self, name): self.keystone.delete_project(name) def delete_user(self, user): self.keystone.delete_user(user) def create_user(self, user, password, tenant_name=None, domain_name=None): try: self.keystone.create_user(user,password,email='', tenant_name=tenant_name or self.inputs.stack_tenant,enabled=True, domain_name=domain_name) except: self.logger.info("%s user already present"%(self.user)) def get_user_id(self, user): user_obj = self.keystone.get_user_dct(user) return user_obj.id if user_obj else None def create_role(self, role): self.keystone.create_role(role) def delete_role(self, role): self.keystone.delete_role(role) def add_user_to_domain(self, user, role='admin', domain=None): try: self.keystone.add_user_to_domain(user, role, domain) except Exception as e: self.logger.info("%s user already added to domain"%(user)) def add_user_to_project(self, user, project, role='admin'): try: self.keystone.add_user_to_tenant(project, user, role) except Exception as e: self.logger.info("%s user already added to project"%(user)) def remove_user_from_project(self, user, role, project): try: self.keystone.remove_user_from_tenant(project, user, role) except Exception as e: self.logger.exception("%s user already removed from project"%(user)) def verify_service_enabled(self, service): try: for svc in self.keystone.services_list(): if service in svc.name: return True else: continue return False except Exception as e: return False def get_auth_h(self): return self.keystone def create_user_group(self,group,domain_name): try: self.keystone.create_group(group,domain_name) except Exception as e: self.logger.info("%s user group already present"%(group)) def delete_group(self,name): return self.keystone.delete_group(name=name) def add_user_to_group(self,user,group): try: self.keystone.add_user_to_group(user, group) except Exception as e: self.logger.info("%s user already added to group %s"%(user, group)) def remove_user_from_group(self,user,group): try: self.keystone.remove_user_from_group(user, group) except Exception as e: self.logger.info("%s user already removed from group %s"%(user, group)) def add_group_to_domain(self,group, role='admin', domain=None): try: self.keystone.add_group_to_domain(group, role='admin', domain=domain) except Exception as e: self.logger.info("%s group already added to domain"%(group,project)) def remove_group_from_domain(self, group, role, domain=None): try: self.keystone.remove_group_from_domain(group, role, domain=None) except Exception as e: self.logger.info("%s group already removed from domain"%(group,domain)) def add_group_to_tenant(self, project, group, role='admin'): try: self.keystone.add_group_to_tenant(project, group, role='admin') except Exception as e: self.logger.info("%s group already added to project"%(group,tenant)) def remove_group_from_tenant(self,project, group, role): try: self.keystone.remove_group_from_tenant(project, group, role) except Exception as e: self.logger.info("%s group already removed from project"%(group,tenant))