def main(): """ Using the keyname and public_key defined in settings Ensure that the keypair has been distributed to every identity on the provider. It is essential that all users carry the same keypair to allow Deployment access """ keyname = settings.ATMOSPHERE_KEYPAIR_NAME with open(settings.ATMOSPHERE_KEYPAIR_FILE, 'r') as pub_key_file: public_key = pub_key_file.read() print "Adding keypair: %s Contents: %s" % (keyname, public_key) os_providers = Provider.objects.filter(type__name="OpenStack") for prov in os_providers: count = 0 identities = Identity.objects.filter(provider=prov) os_accounts = OSAccountDriver(prov) for ident in identities: creds = os_accounts.parse_identity(ident) try: (keypair, created) = os_accounts.get_or_create_keypair( creds['username'], creds['password'], creds['tenant_name'], keyname, public_key) except KeystoneUnauthorized as exc: print "Could not create keypair for %s. Error message: %s"\ % (creds['username'], exc.message) if created: print "Created keypair %s for user %s"\ % (keypair, creds['username']) count += 1 print 'Keypairs added for %s accounts on %s' % (count, prov)
def main(): """ TODO: Add argparse, --delete : Deletes existing users in eucalyptus (Never use in PROD) """ euca = Provider.objects.get(location='Eucalyptus (retiring March 4)') euca_driver = EucaAccountDriver(euca) openstack = Provider.objects.get(location='iPlant Cloud - Tucson') os_driver = OSAccountDriver(openstack) all_users = euca_driver.list_users() # Sort by users all_values = sorted(all_users.values(), key=lambda user: user['username']) total = 0 for user_dict in all_values: id_exists = Identity.objects.filter( created_by__username=user_dict['username'], provider=euca) if not id_exists: euca_driver.create_account(user_dict) total += 1 print "Added to Eucalyptus: %s" % user_dict['username'] print "Total users added:%s" % total if include_openstack: print "Adding all eucalyptus users to openstack" total = 0 for user_dict in all_values: id_exists = Identity.objects.filter( created_by__username=user_dict['username'], provider=openstack) if not id_exists: os_driver.create_account(user_dict['username']) total += 1 print "Added to Openstack: %s" % user_dict['username'] print "Total users added to openstack:%s" % total
def update_password_for(prov, identities, dry_run=False, rebuild=False): count = 0 accounts = OSAccountDriver(prov) for ident in identities: creds = accounts.parse_identity(ident) username = creds['username'] password = creds['password'] # Represents the *SAVED* password. new_password = accounts.hashpass(username, strategy='salt_hashpass') if skip_change_password(accounts, username, password, new_password, dry_run=dry_run, rebuild=rebuild): print "Skipping user %s" % (username, ) continue # ASSERT: Saved Password is 'old' print "Changing password: %s (OLD:%s -> NEW:%s)" \ % (username, password, new_password), if dry_run: print "OK" count += 1 continue kwargs = {} if rebuild: old_password = get_old_password(accounts, username) kwargs.update({'old_password': old_password}) success = accounts.change_password(ident, new_password, **kwargs) if success: print "OK" count += 1 else: print "FAILED" print 'Changed passwords for %s accounts on %s' % (count, prov)
def main(): parser = argparse.ArgumentParser() parser.add_argument("--provider", type=int, help="Atmosphere provider ID" " to use.") parser.add_argument("image_ids", help="Image ID(s) to be repaired. (Comma-Separated)") args = parser.parse_args() if not args.provider: provider = Provider.objects.get(location='iPlant Cloud - Tucson') else: provider = Provider.objects.get(id=args.provider) images = args.image_ids.split(",") accounts = OSAccountDriver(provider) for image_id in images: mr = MachineRequest.objects.get(new_machine__instance_source__identifier=image_id) glance_image = accounts.get_image(image_id) if hasattr(glance_image, 'properties'): glance_image_properties = glance_image.properties else: glance_image_properties = dict(glance_image.items()) if 'kernel_id' not in glance_image_properties\ or 'ramdisk_id' not in glance_image_properties: print "Image %s (%s) is missing kernel and/or ramdisk ..." % (image_id, glance_image.name), fix_image(accounts, glance_image, mr)
def main(): """ TODO: Add argparse, --delete : Deletes existing users in openstack (Never use in PROD) """ openstack = Provider.objects.filter( type__name__iexact="openstack").order_by("id") if not openstack: raise Provider.DoesNotExist("No OpenStack Provider Found") openstack = openstack[0] os_driver = OSAccountDriver(openstack) found = 0 create = 0 usernames = os_driver.list_usergroup_names() quota_dict = {'cpu': 10, 'memory': 20, 'storage': 10, 'storage_count': 10} higher_quota = Quota.objects.get_or_create(**quota_dict)[0] for user in usernames: # Openstack account exists, but we need the identity. ident = os_driver.create_account(user) if is_staff(ident): im = ident.identity_membership.all()[0] # Disable time allocation im.allocation = None # Raise everybody's quota im.quota = higher_quota im.save() print "Total users added to atmosphere:%s" % len(usernames)
def main(): """ TODO: Add argparse, --delete : Deletes existing users in openstack (Never use in PROD) """ openstack = Provider.objects.filter( type__name__iexact="openstack").order_by("id") if not openstack: raise Provider.DoesNotExist("No OpenStack Provider Found") openstack = openstack[0] os_driver = OSAccountDriver(openstack) found = 0 create = 0 usernames = os_driver.list_usergroup_names() quota_dict = { 'cpu': 10, 'memory': 20, 'storage': 10, 'storage_count': 10 } higher_quota = Quota.objects.get_or_create(**quota_dict)[0] for user in usernames: # Openstack account exists, but we need the identity. ident = os_driver.create_account(user) if is_staff(ident): im = ident.identity_membership.all()[0] # Disable time allocation im.allocation = None # Raise everybody's quota im.quota = higher_quota im.save() print "Total users added to atmosphere:%s" % len(usernames)
def main(): for prov in Provider.objects.filter(type__name__icontains='openstack'): if not prov.is_active(): continue print "Importing machine membership for %s" % prov accounts = OSAccounts(prov) if not accounts: print "Aborting import: Could not retrieve OSAccounts driver "\ "for Provider %s" % prov continue admin_driver = get_admin_driver(prov) if not admin_driver: print "Aborting import: Could not retrieve admin_driver "\ "for Provider %s" % prov continue private_images = admin_driver.filter_machines( accounts.list_all_images(is_public=False), black_list=["eki-", "eri-", "ChromoSnapShot"]) public_images = admin_driver.filter_machines( accounts.list_all_images(is_public=True), black_list=["eki-", "eri-", "ChromoSnapShot"]) fix_public_images(public_images, prov, accounts) fix_private_images(private_images, prov, accounts) fix_private_images_without_repr(private_images, prov, accounts)
def update_password_for(prov, identities, dry_run=False, rebuild=False): count = 0 accounts = OSAccountDriver(prov) for ident in identities: creds = accounts.parse_identity(ident) username = creds["username"] password = creds["password"] # Represents the *SAVED* password. new_password = accounts.hashpass(username, strategy="salt_hashpass") if skip_change_password(accounts, username, password, new_password, dry_run=dry_run, rebuild=rebuild): print "Skipping user %s" % (username,) continue # ASSERT: Saved Password is 'old' print "Changing password: %s (OLD:%s -> NEW:%s)" % (username, password, new_password), if dry_run: print "OK" count += 1 continue kwargs = {} if rebuild: old_password = get_old_password(accounts, username) kwargs.update({"old_password": old_password}) success = accounts.change_password(ident, new_password, **kwargs) if success: print "OK" count += 1 else: print "FAILED" print "Changed passwords for %s accounts on %s" % (count, prov)
def main(): parser = argparse.ArgumentParser() parser.add_argument("--provider", type=int, help="Atmosphere provider ID" " to use.") parser.add_argument("image_ids", help="Image ID(s) to be repaired. (Comma-Separated)") args = parser.parse_args() if not args.provider: provider = Provider.objects.get(location='iPlant Cloud - Tucson') else: provider = Provider.objects.get(id=args.provider) images = args.image_ids.split(",") accounts = OSAccountDriver(provider) for image_id in images: mr = MachineRequest.objects.get( new_machine__instance_source__identifier=image_id) glance_image = accounts.get_image(image_id) if hasattr(glance_image, 'properties'): glance_image_properties = glance_image.properties else: glance_image_properties = dict(glance_image.items()) if 'kernel_id' not in glance_image_properties\ or 'ramdisk_id' not in glance_image_properties: print "Image %s (%s) is missing kernel and/or ramdisk ..." % ( image_id, glance_image.name), fix_image(accounts, glance_image, mr)
def main(): """ Using the keyname and public_key defined in settings Ensure that the keypair has been distributed to every identity on the provider. It is essential that all users carry the same keypair to allow Deployment access """ keyname = settings.ATMOSPHERE_KEYPAIR_NAME with open(settings.ATMOSPHERE_KEYPAIR_FILE, "r") as pub_key_file: public_key = pub_key_file.read() print "Adding keypair: %s Contents: %s" % (keyname, public_key) os_providers = Provider.objects.filter(type__name="OpenStack") for prov in os_providers: count = 0 identities = Identity.objects.filter(provider=prov) os_accounts = OSAccountDriver(prov) for ident in identities: creds = os_accounts.parse_identity(ident) try: (keypair, created) = os_accounts.get_or_create_keypair( creds["username"], creds["password"], creds["tenant_name"], keyname, public_key ) except KeystoneUnauthorized as exc: print "Could not create keypair for %s. Error message: %s" % (creds["username"], exc.message) if created: print "Created keypair %s for user %s" % (keypair, creds["username"]) count += 1 print "Keypairs added for %s accounts on %s" % (count, prov)
def main(): parser = argparse.ArgumentParser() parser.add_argument("--provider", type=int, help="Atmosphere provider ID" " to use when importing users.") parser.add_argument("--users", help="LDAP usernames to import. (comma separated)") parser.add_argument("--admin", action="store_true", help="Users addded as admin and staff users.") args = parser.parse_args() users = None added = 0 if args.provider: provider = Provider.objects.get(id=args.provider) else: provider = Provider.objects.get(location='iPlant Cloud - Tucson') print "Using Provider: %s" % provider type_name = provider.type.name.lower() if type_name == 'openstack': acct_driver = OSAccountDriver(provider) elif type_name == 'eucalyptus': acct_driver = EucaAccountDriver(provider) else: raise Exception("Could not find an account driver for Provider with" " type:%s" % type_name) if not args.users: print "Retrieving all 'atmo-user' members in LDAP." users = get_members('atmo-user') else: users = args.users.split(",") for user in users: # Then add the Openstack Identity try: id_exists = Identity.objects.filter( created_by__username__iexact=user, provider=provider) if id_exists: continue acct_driver.create_account(user, max_quota=args.admin) added += 1 if args.admin: make_admin(user) print "%s added as admin." % (user) else: print "%s added." % (user) except Exception as e: logger.exception("Problem creating account") print "Problem adding %s." % (user) print e.message print "Total users added:%s" % (added)
def main(): parser = argparse.ArgumentParser() parser.add_argument("--provider", type=int, help="Atmosphere provider ID" " to use when importing users.") parser.add_argument("--users", help="LDAP usernames to import. (comma separated)") parser.add_argument("--admin", action="store_true", help="Users addded as admin and staff users.") args = parser.parse_args() users = None added = 0 if args.provider: provider = Provider.objects.get(id=args.provider) else: provider = Provider.objects.get(location='iPlant Cloud - Tucson') print "Using Provider: %s" % provider type_name = provider.type.name.lower() if type_name == 'openstack': acct_driver = OSAccountDriver(provider) elif type_name == 'eucalyptus': acct_driver = EucaAccountDriver(provider) else: raise Exception("Could not find an account driver for Provider with" " type:%s" % type_name) if not args.users: print "Retrieving all 'atmo-user' members in LDAP." users = get_members('atmo-user') else: users = args.users.split(",") for user in users: # Then add the Openstack Identity try: id_exists = Identity.objects.filter( created_by__username__iexact=user, provider=provider) if id_exists: continue acct_driver.create_account(user, max_quota=args.admin) added += 1 if args.admin: make_admin(user) print "%s added as admin." % (user) else: print "%s added." % (user) except Exception as e: print "Problem adding %s." % (user) print e.message print "Total users added:%s" % (added)
def main(): """ TODO: Add argparse, --delete : Deletes existing users in openstack (Never use in PROD) """ openstack = Provider.objects.get(location='iPlant Cloud - Tucson') os_driver = OSAccountDriver(openstack) found = 0 create = 0 quota_dict = { 'cpu': 16, 'memory': 128, 'storage': 10, 'storage_count': 10 } higher_quota = Quota.objects.get_or_create(**quota_dict)[0] usernames = os_driver.list_usergroup_names() staff = get_staff_users() staff_users = sorted(list(set(staff) & set(usernames))) non_staff = sorted(list(set(usernames) - set(staff))) for user in non_staff: # Raise everybody's quota im_list = IdentityMembership.objects.filter( identity__created_by__username=user, identity__provider=openstack) if not im_list: print "Missing user:%s" % user continue im = im_list[0] if not im.allocation: print "User missing Allocation: %s" % user im.allocation = Allocation.default_allocation() im.save() # Ignore the quota set if you are above it.. if im.quota.cpu >= quota_dict["cpu"] \ or im.quota.memory >= quota_dict["memory"]: continue print "Existing Quota CPU:%s should be %s" % (im.quota.cpu, quota_dict["cpu"]) im.quota = higher_quota im.save() print 'Found non-staff user:%s -- Update quota and add allocation' % user # for user in staff_users: # # Openstack account exists, but we need the identity. # continue # continue # #Disable time allocation print "Total users added to atmosphere:%s" % len(usernames)
def set_provider_quota(identity_uuid, limit_dict=None): """ """ identity = Identity.objects.get(uuid=identity_uuid) if not identity.credential_set.all(): # Can't update quota if credentials arent set return if not limit_dict: limit_dict = _get_hard_limits(identity.provider) if identity.provider.get_type_name().lower() == 'openstack': driver = get_cached_driver(identity=identity) username = identity.created_by.username user_id = driver._connection._get_user_id() tenant_id = driver._connection._get_tenant_id() membership = IdentityMembership.objects.get( identity__uuid=identity_uuid, member__name=username) user_quota = membership.quota if user_quota: # Don't go above the hard-set limits per provider. if user_quota.cpu > limit_dict['cpu']: user_quota.cpu = limit_dict['cpu'] if user_quota.memory > limit_dict['ram']: user_quota.memory = limit_dict['ram'] # Use THESE values... values = {'cores': user_quota.cpu, 'ram': user_quota.memory * 1024} logger.info("Updating quota for %s to %s" % (username, values)) ad = AccountDriver(identity.provider) admin_driver = ad.admin_driver admin_driver._connection.ex_update_quota_for_user( tenant_id, user_id, values) return True
def export_to_file(self, filename=None): """ Depending on the ProviderType, appropriately generate 'export data' into an appropriate source-file """ provider_type = self.provider.type.name if provider_type.lower() == 'openstack': from service.accounts.openstack_manager import AccountDriver return AccountDriver.generate_openrc(self, filename) return None
def export(self): """ Depending on the ProviderType, appropriately generate 'export data', a dict. """ provider_type = self.provider.type.name if provider_type.lower() == 'openstack': from service.accounts.openstack_manager import AccountDriver return AccountDriver.export_identity(self) return None
def main(): """ TODO: Add argparse, --delete : Deletes existing users in openstack (Never use in PROD) """ openstack = Provider.objects.get(location='iPlant Cloud - Tucson') os_driver = OSAccountDriver(openstack) found = 0 create = 0 quota_dict = {'cpu': 16, 'memory': 128, 'storage': 10, 'storage_count': 10} higher_quota = Quota.objects.get_or_create(**quota_dict)[0] usernames = os_driver.list_usergroup_names() staff = get_staff_users() staff_users = sorted(list(set(staff) & set(usernames))) non_staff = sorted(list(set(usernames) - set(staff))) for user in non_staff: # Raise everybody's quota im_list = IdentityMembership.objects.filter( identity__created_by__username=user, identity__provider=openstack) if not im_list: print "Missing user:%s" % user continue im = im_list[0] if not im.allocation: print "User missing Allocation: %s" % user im.allocation = Allocation.default_allocation() im.save() # Ignore the quota set if you are above it.. if im.quota.cpu >= quota_dict["cpu"] \ or im.quota.memory >= quota_dict["memory"]: continue print "Existing Quota CPU:%s should be %s" % (im.quota.cpu, quota_dict["cpu"]) im.quota = higher_quota im.save() print 'Found non-staff user:%s -- Update quota and add allocation' % user # for user in staff_users: # # Openstack account exists, but we need the identity. # continue # continue # #Disable time allocation print "Total users added to atmosphere:%s" % len(usernames)
def update_password_for(prov, identities, rebuild=False): count = 0 accounts = OSAccountDriver(prov) for ident in identities: creds = accounts.parse_identity(ident) username = creds['username'] password = creds['password'] # Represents the *SAVED* password. new_password = accounts.hashpass(username) if skip_change_password( username, password, new_password, rebuild=rebuild): print "Skipping user %s" % (username,) continue # ASSERT: Saved Password is 'old' print "Changing password: %s (OLD:%s -> NEW:%s)" \ % (username, password, new_password) kwargs = {} if rebuild: old_password = get_old_password(username) kwargs.update({'old_password': old_password}) success = accounts.change_password( ident, new_password, **kwargs) if success: count += 1 print 'Changed passwords for %s accounts on %s' % (count, prov)
def main(): """ Generate openstack users then add them to the DB """ driver = AccountDriver(secrets.OPENSTACK_ARGS) # Build the admin driver for openstack first. driver.create_identity( secrets.OPENSTACK_ADMIN_KEY, secrets.OPENSTACK_ADMIN_SECRET, secrets.OPENSTACK_ADMIN_TENANT, True) success = 1 # Add the others # 'sgregory', 'jmatt', 'edwins', 'cjlarose','mlent'] core_services = ['atmo_test'] for username in core_services: try: password = driver.hashpass(username) user = driver.get_user(username) if not user: user = driver.create_user(username, usergroup=True) print 'New OStack User - %s Pass - %s' % (user.name, password) else: print 'Found OStack User - %s Pass - %s' % (user.name, password) # ASSERT: User exists on openstack, create an identity for them. ident = driver.create_identity( user.name, password, project_name=username) success += 1 print 'New OStack Identity - %s:%s' % (ident.id, ident) except Exception as e: print "Problem adding username: %s" % username print e raise print "Total users created:%s/%s" % (success, len(core_services))
def main(): """ Add a user to openstack. """ parser = argparse.ArgumentParser() parser.add_argument('users', type=str, nargs='+') args = parser.parse_args() openstack_prov = Provider.objects.get(location='iPlant Cloud - Tucson') driver = AccountDriver(openstack_prov) success = 0 for username in args.users: print "Adding username... %s" % username try: if not is_atmo_user(username): print "User is not in the atmo-user group.\n"\ + "User does not exist in Atmosphere." raise Exception("User does not exist in Atmosphere.") user = driver.get_user(username) if not user: identity = driver.create_account(username) credentials = identity.credential_set.all() print 'New OStack User - Credentials: %s ' % (credentials) send_new_provider_email(username, "Openstack") else: password = driver.hashpass(username) identity = driver.create_identity(user.name, password, project_name=username) credentials = identity.credential_set.all() print 'Found OStack User - Credentials: %s' % (credentials) # ASSERT: User exists on openstack, create an identity for them. success += 1 print 'New OStack Identity - %s:%s' % (identity.id, identity) except Exception as e: print "Problem adding username: %s" % username print e raise print "Total users created:%s/%s" % (success, len(args.users))