示例#1
0
def main():
    """
    Using the keyname and public_key defined in settings
    Ensure that the keypair has been distributed to every identity on the
    provider.
    It is essential that all users carry the same keypair to allow Deployment
    access
    """
    keyname = settings.ATMOSPHERE_KEYPAIR_NAME
    with open(settings.ATMOSPHERE_KEYPAIR_FILE, 'r') as pub_key_file:
        public_key = pub_key_file.read()
    print "Adding keypair: %s Contents: %s" % (keyname, public_key)
    os_providers = Provider.objects.filter(type__name="OpenStack")
    for prov in os_providers:
        count = 0
        identities = Identity.objects.filter(provider=prov)
        os_accounts = OSAccountDriver(prov)
        for ident in identities:
            creds = os_accounts.parse_identity(ident)
            try:
                (keypair, created) = os_accounts.get_or_create_keypair(
                    creds['username'], creds['password'], creds['tenant_name'],
                    keyname, public_key)
            except KeystoneUnauthorized as exc:
                print "Could not create keypair for %s. Error message: %s"\
                    % (creds['username'], exc.message)
            if created:
                print "Created keypair %s for user %s"\
                    % (keypair, creds['username'])
                count += 1
        print 'Keypairs added for %s accounts on %s' % (count, prov)
def main():
    """
    TODO: Add argparse, --delete : Deletes existing users in eucalyptus (Never use in PROD)
    """
    euca = Provider.objects.get(location='Eucalyptus (retiring March 4)')
    euca_driver = EucaAccountDriver(euca)
    openstack = Provider.objects.get(location='iPlant Cloud - Tucson')
    os_driver = OSAccountDriver(openstack)
    all_users = euca_driver.list_users()
    # Sort by users
    all_values = sorted(all_users.values(), key=lambda user: user['username'])
    total = 0
    for user_dict in all_values:
        id_exists = Identity.objects.filter(
            created_by__username=user_dict['username'],
            provider=euca)
        if not id_exists:
            euca_driver.create_account(user_dict)
            total += 1
            print "Added to Eucalyptus: %s" % user_dict['username']
    print "Total users added:%s" % total
    if include_openstack:
        print "Adding all eucalyptus users to openstack"
        total = 0
        for user_dict in all_values:
            id_exists = Identity.objects.filter(
                created_by__username=user_dict['username'],
                provider=openstack)
            if not id_exists:
                os_driver.create_account(user_dict['username'])
                total += 1
                print "Added to Openstack: %s" % user_dict['username']
        print "Total users added to openstack:%s" % total
def update_password_for(prov, identities, dry_run=False, rebuild=False):
    count = 0
    accounts = OSAccountDriver(prov)
    for ident in identities:
        creds = accounts.parse_identity(ident)
        username = creds['username']
        password = creds['password']  # Represents the *SAVED* password.
        new_password = accounts.hashpass(username, strategy='salt_hashpass')
        if skip_change_password(accounts,
                                username,
                                password,
                                new_password,
                                dry_run=dry_run,
                                rebuild=rebuild):
            print "Skipping user %s" % (username, )
            continue
        # ASSERT: Saved Password is 'old'
        print "Changing password: %s (OLD:%s -> NEW:%s)" \
            % (username, password, new_password),
        if dry_run:
            print "OK"
            count += 1
            continue
        kwargs = {}
        if rebuild:
            old_password = get_old_password(accounts, username)
            kwargs.update({'old_password': old_password})
        success = accounts.change_password(ident, new_password, **kwargs)
        if success:
            print "OK"
            count += 1
        else:
            print "FAILED"
    print 'Changed passwords for %s accounts on %s' % (count, prov)
def main():
    parser = argparse.ArgumentParser()
    parser.add_argument("--provider", type=int,
                        help="Atmosphere provider ID"
                        " to use.")
    parser.add_argument("image_ids",
                        help="Image ID(s) to be repaired. (Comma-Separated)")
    args = parser.parse_args()

    if not args.provider:
        provider = Provider.objects.get(location='iPlant Cloud - Tucson')
    else:
        provider = Provider.objects.get(id=args.provider)
    images = args.image_ids.split(",")

    accounts = OSAccountDriver(provider)
    for image_id in images:
        mr = MachineRequest.objects.get(new_machine__instance_source__identifier=image_id)
        glance_image = accounts.get_image(image_id)
        if hasattr(glance_image, 'properties'):
            glance_image_properties = glance_image.properties
        else:
            glance_image_properties = dict(glance_image.items())
        if 'kernel_id' not in glance_image_properties\
                or 'ramdisk_id' not in glance_image_properties:
            print "Image %s (%s) is missing kernel and/or ramdisk ..." % (image_id, glance_image.name),
            fix_image(accounts, glance_image, mr)
def main():
    """
    TODO: Add argparse, --delete : Deletes existing users in openstack (Never use in PROD)
    """
    openstack = Provider.objects.filter(
        type__name__iexact="openstack").order_by("id")
    if not openstack:
        raise Provider.DoesNotExist("No OpenStack Provider Found")
    openstack = openstack[0]
    os_driver = OSAccountDriver(openstack)
    found = 0
    create = 0
    usernames = os_driver.list_usergroup_names()
    quota_dict = {'cpu': 10, 'memory': 20, 'storage': 10, 'storage_count': 10}
    higher_quota = Quota.objects.get_or_create(**quota_dict)[0]
    for user in usernames:
        # Openstack account exists, but we need the identity.
        ident = os_driver.create_account(user)
        if is_staff(ident):
            im = ident.identity_membership.all()[0]
            # Disable time allocation
            im.allocation = None
        # Raise everybody's quota
        im.quota = higher_quota
        im.save()
    print "Total users added to atmosphere:%s" % len(usernames)
def main():
    """
    TODO: Add argparse, --delete : Deletes existing users in openstack (Never use in PROD)
    """
    openstack = Provider.objects.filter(
        type__name__iexact="openstack").order_by("id")
    if not openstack:
        raise Provider.DoesNotExist("No OpenStack Provider Found")
    openstack = openstack[0]
    os_driver = OSAccountDriver(openstack)
    found = 0
    create = 0
    usernames = os_driver.list_usergroup_names()
    quota_dict = {
        'cpu': 10,
        'memory': 20,
        'storage': 10,
        'storage_count': 10
    }
    higher_quota = Quota.objects.get_or_create(**quota_dict)[0]
    for user in usernames:
        # Openstack account exists, but we need the identity.
        ident = os_driver.create_account(user)
        if is_staff(ident):
            im = ident.identity_membership.all()[0]
            # Disable time allocation
            im.allocation = None
        # Raise everybody's quota
        im.quota = higher_quota
        im.save()
    print "Total users added to atmosphere:%s" % len(usernames)
def main():
    for prov in Provider.objects.filter(type__name__icontains='openstack'):
        if not prov.is_active():
            continue
        print "Importing machine membership for %s" % prov
        accounts = OSAccounts(prov)
        if not accounts:
            print "Aborting import: Could not retrieve OSAccounts driver "\
                "for Provider %s" % prov
            continue
        admin_driver = get_admin_driver(prov)
        if not admin_driver:
            print "Aborting import: Could not retrieve admin_driver "\
                "for Provider %s" % prov
            continue

        private_images = admin_driver.filter_machines(
            accounts.list_all_images(is_public=False),
            black_list=["eki-", "eri-", "ChromoSnapShot"])

        public_images = admin_driver.filter_machines(
            accounts.list_all_images(is_public=True),
            black_list=["eki-", "eri-", "ChromoSnapShot"])

        fix_public_images(public_images, prov, accounts)
        fix_private_images(private_images, prov, accounts)
        fix_private_images_without_repr(private_images, prov, accounts)
def update_password_for(prov, identities, dry_run=False, rebuild=False):
    count = 0
    accounts = OSAccountDriver(prov)
    for ident in identities:
        creds = accounts.parse_identity(ident)
        username = creds["username"]
        password = creds["password"]  # Represents the *SAVED* password.
        new_password = accounts.hashpass(username, strategy="salt_hashpass")
        if skip_change_password(accounts, username, password, new_password, dry_run=dry_run, rebuild=rebuild):
            print "Skipping user %s" % (username,)
            continue
        # ASSERT: Saved Password is 'old'
        print "Changing password: %s (OLD:%s -> NEW:%s)" % (username, password, new_password),
        if dry_run:
            print "OK"
            count += 1
            continue
        kwargs = {}
        if rebuild:
            old_password = get_old_password(accounts, username)
            kwargs.update({"old_password": old_password})
        success = accounts.change_password(ident, new_password, **kwargs)
        if success:
            print "OK"
            count += 1
        else:
            print "FAILED"
    print "Changed passwords for %s accounts on %s" % (count, prov)
示例#9
0
def main():
    for prov in Provider.objects.filter(type__name__icontains='openstack'):
        if not prov.is_active():
            continue
        print "Importing machine membership for %s" % prov
        accounts = OSAccounts(prov)
        if not accounts:
            print "Aborting import: Could not retrieve OSAccounts driver "\
                "for Provider %s" % prov
            continue
        admin_driver = get_admin_driver(prov)
        if not admin_driver:
            print "Aborting import: Could not retrieve admin_driver "\
                "for Provider %s" % prov
            continue

        private_images = admin_driver.filter_machines(
            accounts.list_all_images(is_public=False),
            black_list=["eki-", "eri-", "ChromoSnapShot"])

        public_images = admin_driver.filter_machines(
            accounts.list_all_images(is_public=True),
            black_list=["eki-", "eri-", "ChromoSnapShot"])

        fix_public_images(public_images, prov, accounts)
        fix_private_images(private_images, prov, accounts)
        fix_private_images_without_repr(private_images, prov, accounts)
def main():
    parser = argparse.ArgumentParser()
    parser.add_argument("--provider",
                        type=int,
                        help="Atmosphere provider ID"
                        " to use.")
    parser.add_argument("image_ids",
                        help="Image ID(s) to be repaired. (Comma-Separated)")
    args = parser.parse_args()

    if not args.provider:
        provider = Provider.objects.get(location='iPlant Cloud - Tucson')
    else:
        provider = Provider.objects.get(id=args.provider)
    images = args.image_ids.split(",")

    accounts = OSAccountDriver(provider)
    for image_id in images:
        mr = MachineRequest.objects.get(
            new_machine__instance_source__identifier=image_id)
        glance_image = accounts.get_image(image_id)
        if hasattr(glance_image, 'properties'):
            glance_image_properties = glance_image.properties
        else:
            glance_image_properties = dict(glance_image.items())
        if 'kernel_id' not in glance_image_properties\
                or 'ramdisk_id' not in glance_image_properties:
            print "Image %s (%s) is missing kernel and/or ramdisk ..." % (
                image_id, glance_image.name),
            fix_image(accounts, glance_image, mr)
def main():
    """
    Using the keyname and public_key defined in settings
    Ensure that the keypair has been distributed to every identity on the
    provider.
    It is essential that all users carry the same keypair to allow Deployment
    access
    """
    keyname = settings.ATMOSPHERE_KEYPAIR_NAME
    with open(settings.ATMOSPHERE_KEYPAIR_FILE, "r") as pub_key_file:
        public_key = pub_key_file.read()
    print "Adding keypair: %s Contents: %s" % (keyname, public_key)
    os_providers = Provider.objects.filter(type__name="OpenStack")
    for prov in os_providers:
        count = 0
        identities = Identity.objects.filter(provider=prov)
        os_accounts = OSAccountDriver(prov)
        for ident in identities:
            creds = os_accounts.parse_identity(ident)
            try:
                (keypair, created) = os_accounts.get_or_create_keypair(
                    creds["username"], creds["password"], creds["tenant_name"], keyname, public_key
                )
            except KeystoneUnauthorized as exc:
                print "Could not create keypair for %s. Error message: %s" % (creds["username"], exc.message)
            if created:
                print "Created keypair %s for user %s" % (keypair, creds["username"])
                count += 1
        print "Keypairs added for %s accounts on %s" % (count, prov)
示例#12
0
def main():
    parser = argparse.ArgumentParser()
    parser.add_argument("--provider", type=int,
                        help="Atmosphere provider ID"
                        " to use when importing users.")
    parser.add_argument("--users",
                        help="LDAP usernames to import. (comma separated)")
    parser.add_argument("--admin", action="store_true",
                        help="Users addded as admin and staff users.")
    args = parser.parse_args()
    users = None
    added = 0
    if args.provider:
        provider = Provider.objects.get(id=args.provider)
    else:
        provider = Provider.objects.get(location='iPlant Cloud - Tucson')
    print "Using Provider: %s" % provider
    type_name = provider.type.name.lower()
    if type_name == 'openstack':
        acct_driver = OSAccountDriver(provider)
    elif type_name == 'eucalyptus':
        acct_driver = EucaAccountDriver(provider)
    else:
        raise Exception("Could not find an account driver for Provider with"
                        " type:%s" % type_name)
    if not args.users:
        print "Retrieving all 'atmo-user' members in LDAP."
        users = get_members('atmo-user')
    else:
        users = args.users.split(",")
    for user in users:
        # Then add the Openstack Identity
        try:
            id_exists = Identity.objects.filter(
                created_by__username__iexact=user,
                provider=provider)
            if id_exists:
                continue
            acct_driver.create_account(user, max_quota=args.admin)
            added += 1
            if args.admin:
                make_admin(user)
                print "%s added as admin." % (user)
            else:
                print "%s added." % (user)
        except Exception as e:
            logger.exception("Problem creating account")
            print "Problem adding %s." % (user)
            print e.message
    print "Total users added:%s" % (added)
示例#13
0
def main():
    parser = argparse.ArgumentParser()
    parser.add_argument("--provider",
                        type=int,
                        help="Atmosphere provider ID"
                        " to use when importing users.")
    parser.add_argument("--users",
                        help="LDAP usernames to import. (comma separated)")
    parser.add_argument("--admin",
                        action="store_true",
                        help="Users addded as admin and staff users.")
    args = parser.parse_args()
    users = None
    added = 0
    if args.provider:
        provider = Provider.objects.get(id=args.provider)
    else:
        provider = Provider.objects.get(location='iPlant Cloud - Tucson')
    print "Using Provider: %s" % provider
    type_name = provider.type.name.lower()
    if type_name == 'openstack':
        acct_driver = OSAccountDriver(provider)
    elif type_name == 'eucalyptus':
        acct_driver = EucaAccountDriver(provider)
    else:
        raise Exception("Could not find an account driver for Provider with"
                        " type:%s" % type_name)
    if not args.users:
        print "Retrieving all 'atmo-user' members in LDAP."
        users = get_members('atmo-user')
    else:
        users = args.users.split(",")
    for user in users:
        # Then add the Openstack Identity
        try:
            id_exists = Identity.objects.filter(
                created_by__username__iexact=user, provider=provider)
            if id_exists:
                continue
            acct_driver.create_account(user, max_quota=args.admin)
            added += 1
            if args.admin:
                make_admin(user)
                print "%s added as admin." % (user)
            else:
                print "%s added." % (user)
        except Exception as e:
            print "Problem adding %s." % (user)
            print e.message
    print "Total users added:%s" % (added)
def main():
    """
    TODO: Add argparse, --delete : Deletes existing users in openstack (Never use in PROD)
    """
    openstack = Provider.objects.get(location='iPlant Cloud - Tucson')
    os_driver = OSAccountDriver(openstack)
    found = 0
    create = 0
    quota_dict = {
        'cpu': 16,
        'memory': 128,
        'storage': 10,
        'storage_count': 10
    }
    higher_quota = Quota.objects.get_or_create(**quota_dict)[0]

    usernames = os_driver.list_usergroup_names()
    staff = get_staff_users()

    staff_users = sorted(list(set(staff) & set(usernames)))
    non_staff = sorted(list(set(usernames) - set(staff)))
    for user in non_staff:
        # Raise everybody's quota
        im_list = IdentityMembership.objects.filter(
            identity__created_by__username=user,
            identity__provider=openstack)
        if not im_list:
            print "Missing user:%s" % user
            continue
        im = im_list[0]
        if not im.allocation:
            print "User missing Allocation: %s" % user
            im.allocation = Allocation.default_allocation()
            im.save()
        # Ignore the quota set if you are above it..
        if im.quota.cpu >= quota_dict["cpu"] \
                or im.quota.memory >= quota_dict["memory"]:
            continue
        print "Existing Quota CPU:%s should be %s" % (im.quota.cpu, quota_dict["cpu"])
        im.quota = higher_quota
        im.save()
        print 'Found non-staff user:%s -- Update quota and add allocation' % user
    # for user in staff_users:
    #    # Openstack account exists, but we need the identity.
    #        continue
    #        continue
    #    #Disable time allocation
    print "Total users added to atmosphere:%s" % len(usernames)
示例#15
0
def set_provider_quota(identity_uuid, limit_dict=None):
    """
    """
    identity = Identity.objects.get(uuid=identity_uuid)
    if not identity.credential_set.all():
        # Can't update quota if credentials arent set
        return
    if not limit_dict:
        limit_dict = _get_hard_limits(identity.provider)
    if identity.provider.get_type_name().lower() == 'openstack':
        driver = get_cached_driver(identity=identity)
        username = identity.created_by.username
        user_id = driver._connection._get_user_id()
        tenant_id = driver._connection._get_tenant_id()
        membership = IdentityMembership.objects.get(
            identity__uuid=identity_uuid, member__name=username)
        user_quota = membership.quota
        if user_quota:
            # Don't go above the hard-set limits per provider.
            if user_quota.cpu > limit_dict['cpu']:
                user_quota.cpu = limit_dict['cpu']
            if user_quota.memory > limit_dict['ram']:
                user_quota.memory = limit_dict['ram']
            # Use THESE values...
            values = {'cores': user_quota.cpu, 'ram': user_quota.memory * 1024}
            logger.info("Updating quota for %s to %s" % (username, values))
            ad = AccountDriver(identity.provider)
            admin_driver = ad.admin_driver
            admin_driver._connection.ex_update_quota_for_user(
                tenant_id, user_id, values)
    return True
示例#16
0
 def export_to_file(self, filename=None):
     """
     Depending on the ProviderType, appropriately
     generate 'export data' into an appropriate source-file
     """
     provider_type = self.provider.type.name
     if provider_type.lower() == 'openstack':
         from service.accounts.openstack_manager import AccountDriver
         return AccountDriver.generate_openrc(self, filename)
     return None
 def export_to_file(self, filename=None):
     """
     Depending on the ProviderType, appropriately
     generate 'export data' into an appropriate source-file
     """
     provider_type = self.provider.type.name
     if provider_type.lower() == 'openstack':
         from service.accounts.openstack_manager import AccountDriver
         return AccountDriver.generate_openrc(self, filename)
     return None
 def export(self):
     """
     Depending on the ProviderType, appropriately
     generate 'export data', a dict.
     """
     provider_type = self.provider.type.name
     if provider_type.lower() == 'openstack':
         from service.accounts.openstack_manager import AccountDriver
         return AccountDriver.export_identity(self)
     return None
示例#19
0
 def export(self):
     """
     Depending on the ProviderType, appropriately
     generate 'export data', a dict.
     """
     provider_type = self.provider.type.name
     if provider_type.lower() == 'openstack':
         from service.accounts.openstack_manager import AccountDriver
         return AccountDriver.export_identity(self)
     return None
def main():
    """
    TODO: Add argparse, --delete : Deletes existing users in openstack (Never use in PROD)
    """
    openstack = Provider.objects.get(location='iPlant Cloud - Tucson')
    os_driver = OSAccountDriver(openstack)
    found = 0
    create = 0
    quota_dict = {'cpu': 16, 'memory': 128, 'storage': 10, 'storage_count': 10}
    higher_quota = Quota.objects.get_or_create(**quota_dict)[0]

    usernames = os_driver.list_usergroup_names()
    staff = get_staff_users()

    staff_users = sorted(list(set(staff) & set(usernames)))
    non_staff = sorted(list(set(usernames) - set(staff)))
    for user in non_staff:
        # Raise everybody's quota
        im_list = IdentityMembership.objects.filter(
            identity__created_by__username=user, identity__provider=openstack)
        if not im_list:
            print "Missing user:%s" % user
            continue
        im = im_list[0]
        if not im.allocation:
            print "User missing Allocation: %s" % user
            im.allocation = Allocation.default_allocation()
            im.save()
        # Ignore the quota set if you are above it..
        if im.quota.cpu >= quota_dict["cpu"] \
                or im.quota.memory >= quota_dict["memory"]:
            continue
        print "Existing Quota CPU:%s should be %s" % (im.quota.cpu,
                                                      quota_dict["cpu"])
        im.quota = higher_quota
        im.save()
        print 'Found non-staff user:%s -- Update quota and add allocation' % user
    # for user in staff_users:
    #    # Openstack account exists, but we need the identity.
    #        continue
    #        continue
    #    #Disable time allocation
    print "Total users added to atmosphere:%s" % len(usernames)
def update_password_for(prov, identities, rebuild=False):
        count = 0
        accounts = OSAccountDriver(prov)
        for ident in identities:
            creds = accounts.parse_identity(ident)
            username = creds['username']
            password = creds['password']  # Represents the *SAVED* password.
            new_password = accounts.hashpass(username)
            if skip_change_password(
                    username, password, new_password, rebuild=rebuild):
                print "Skipping user %s" % (username,)
                continue
            # ASSERT: Saved Password is 'old'
            print "Changing password: %s (OLD:%s -> NEW:%s)" \
                % (username, password, new_password)
            kwargs = {}
            if rebuild:
                old_password = get_old_password(username)
                kwargs.update({'old_password': old_password})
            success = accounts.change_password(
                ident, new_password, **kwargs)
            if success:
                count += 1
        print 'Changed passwords for %s accounts on %s' % (count, prov)
示例#22
0
def main():
    """
    Generate openstack users then add them to the DB
    """
    driver = AccountDriver(secrets.OPENSTACK_ARGS)
    # Build the admin driver for openstack first.
    driver.create_identity(
        secrets.OPENSTACK_ADMIN_KEY,
        secrets.OPENSTACK_ADMIN_SECRET,
        secrets.OPENSTACK_ADMIN_TENANT,
        True)
    success = 1
    # Add the others
    # 'sgregory', 'jmatt', 'edwins', 'cjlarose','mlent']
    core_services = ['atmo_test']
    for username in core_services:
        try:
            password = driver.hashpass(username)
            user = driver.get_user(username)
            if not user:
                user = driver.create_user(username, usergroup=True)
                print 'New OStack User - %s Pass - %s' % (user.name, password)
            else:
                print 'Found OStack User - %s Pass - %s' % (user.name, password)
            # ASSERT: User exists on openstack, create an identity for them.
            ident = driver.create_identity(
                user.name,
                password,
                project_name=username)
            success += 1
            print 'New OStack Identity - %s:%s' % (ident.id, ident)
        except Exception as e:
            print "Problem adding username: %s" % username
            print e
            raise

    print "Total users created:%s/%s" % (success, len(core_services))
示例#23
0
def main():
    """
    Add a user to openstack.
    """
    parser = argparse.ArgumentParser()
    parser.add_argument('users', type=str, nargs='+')
    args = parser.parse_args()
    openstack_prov = Provider.objects.get(location='iPlant Cloud - Tucson')
    driver = AccountDriver(openstack_prov)
    success = 0
    for username in args.users:
        print "Adding username... %s" % username
        try:
            if not is_atmo_user(username):
                print "User is not in the atmo-user group.\n"\
                    + "User does not exist in Atmosphere."
                raise Exception("User does not exist in Atmosphere.")
            user = driver.get_user(username)
            if not user:
                identity = driver.create_account(username)
                credentials = identity.credential_set.all()
                print 'New OStack User - Credentials: %s ' % (credentials)
                send_new_provider_email(username, "Openstack")
            else:
                password = driver.hashpass(username)
                identity = driver.create_identity(user.name,
                                                  password,
                                                  project_name=username)
                credentials = identity.credential_set.all()
                print 'Found OStack User - Credentials: %s' % (credentials)
            # ASSERT: User exists on openstack, create an identity for them.
            success += 1
            print 'New OStack Identity - %s:%s' % (identity.id, identity)
        except Exception as e:
            print "Problem adding username: %s" % username
            print e
            raise

    print "Total users created:%s/%s" % (success, len(args.users))