openstack
/
shade
Code Issues Proposed changes
shade/shade/operatorcloud.py

1727 lines
68 KiB
Python
Raw Permalink Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import jsonpatch
from ironicclient import client as ironic_client
from ironicclient import exceptions as ironic_exceptions
from shade.exc import * # noqa
from shade import openstackcloud
from shade import _tasks
from shade import _utils
class OperatorCloud(openstackcloud.OpenStackCloud):
"""Represent a privileged/operator connection to an OpenStack Cloud.
`OperatorCloud` is the entry point for all admin operations, regardless
of which OpenStack service those operations are for.
See the :class:`OpenStackCloud` class for a description of most options.
"""
def __init__(self, *args, **kwargs):
super(OperatorCloud, self).__init__(*args, **kwargs)
self._ironic_client = None
# Set the ironic API microversion to a known-good
# supported/tested with the contents of shade.
#
# Note(TheJulia): Defaulted to version 1.6 as the ironic
# state machine changes which will increment the version
# and break an automatic transition of an enrolled node
# to an available state. Locking the version is intended
# to utilize the original transition until shade supports
# calling for node inspection to allow the transition to
# take place automatically.
ironic_api_microversion = '1.6'
@property
def ironic_client(self):
if self._ironic_client is None:
self._ironic_client = self._get_client(
'baremetal', ironic_client.Client,
os_ironic_api_version=self.ironic_api_microversion)
return self._ironic_client
def list_nics(self):
with _utils.shade_exceptions("Error fetching machine port list"):
return self.manager.submitTask(_tasks.MachinePortList())
def list_nics_for_machine(self, uuid):
with _utils.shade_exceptions(
"Error fetching port list for node {node_id}".format(
node_id=uuid)):
return self.manager.submitTask(
_tasks.MachineNodePortList(node_id=uuid))
def get_nic_by_mac(self, mac):
try:
return self.manager.submitTask(
_tasks.MachineNodePortGet(port_id=mac))
except ironic_exceptions.ClientException:
return None
def list_machines(self):
return self.manager.submitTask(_tasks.MachineNodeList())
def get_machine(self, name_or_id):
"""Get Machine by name or uuid
Search the baremetal host out by utilizing the supplied id value
which can consist of a name or UUID.
:param name_or_id: A node name or UUID that will be looked up.
:returns: Dictonary representing the node found or None if no nodes
are found.
"""
try:
return self.manager.submitTask(
_tasks.MachineNodeGet(node_id=name_or_id))
except ironic_exceptions.ClientException:
return None
def get_machine_by_mac(self, mac):
"""Get machine by port MAC address
:param mac: Port MAC address to query in order to return a node.
:returns: Dictonary representing the node found or None
if the node is not found.
"""
try:
port = self.manager.submitTask(
_tasks.MachinePortGetByAddress(address=mac))
return self.manager.submitTask(
_tasks.MachineNodeGet(node_id=port.node_uuid))
except ironic_exceptions.ClientException:
return None
def inspect_machine(self, name_or_id, wait=False, timeout=3600):
"""Inspect a Barmetal machine
Engages the Ironic node inspection behavior in order to collect
metadata about the baremetal machine.
:param name_or_id: String representing machine name or UUID value in
order to identify the machine.
:param wait: Boolean value controlling if the method is to wait for
the desired state to be reached or a failure to occur.
:param timeout: Integer value, defautling to 3600 seconds, for the$
wait state to reach completion.
:returns: Dictonary representing the current state of the machine
upon exit of the method.
"""
return_to_available = False
machine = self.get_machine(name_or_id)
if not machine:
raise OpenStackCloudException(
"Machine inspection failed to find: %s." % name_or_id)
# NOTE(TheJulia): If in available state, we can do this, however
# We need to to move the host back to m
if "available" in machine['provision_state']:
return_to_available = True
# NOTE(TheJulia): Changing available machine to managedable state
# and due to state transitions we need to until that transition has
# completd.
self.node_set_provision_state(machine['uuid'], 'manage',
wait=True, timeout=timeout)
elif ("manage" not in machine['provision_state'] and
"inspect failed" not in machine['provision_state']):
raise OpenStackCloudException(
"Machine must be in 'manage' or 'available' state to "
"engage inspection: Machine: %s State: %s"
% (machine['uuid'], machine['provision_state']))
with _utils.shade_exceptions("Error inspecting machine"):
machine = self.node_set_provision_state(machine['uuid'], 'inspect')
if wait:
for count in _utils._iterate_timeout(
timeout,
"Timeout waiting for node transition to "
"target state of 'inspect'"):
machine = self.get_machine(name_or_id)
if "inspect failed" in machine['provision_state']:
raise OpenStackCloudException(
"Inspection of node %s failed, last error: %s"
% (machine['uuid'], machine['last_error']))
if "manageable" in machine['provision_state']:
break
if return_to_available:
machine = self.node_set_provision_state(
machine['uuid'], 'provide', wait=wait, timeout=timeout)
return(machine)
def register_machine(self, nics, wait=False, timeout=3600,
lock_timeout=600, **kwargs):
"""Register Baremetal with Ironic
Allows for the registration of Baremetal nodes with Ironic
and population of pertinant node information or configuration
to be passed to the Ironic API for the node.
This method also creates ports for a list of MAC addresses passed
in to be utilized for boot and potentially network configuration.
If a failure is detected creating the network ports, any ports
created are deleted, and the node is removed from Ironic.
:param list nics:
An array of MAC addresses that represent the
network interfaces for the node to be created.
Example::
[
{'mac': 'aa:bb:cc:dd:ee:01'},
{'mac': 'aa:bb:cc:dd:ee:02'}
]
:param wait: Boolean value, defaulting to false, to wait for the
node to reach the available state where the node can be
provisioned. It must be noted, when set to false, the
method will still wait for locks to clear before sending
the next required command.
:param timeout: Integer value, defautling to 3600 seconds, for the
wait state to reach completion.
:param lock_timeout: Integer value, defaulting to 600 seconds, for
locks to clear.
:param kwargs: Key value pairs to be passed to the Ironic API,
including uuid, name, chassis_uuid, driver_info,
parameters.
:raises: OpenStackCloudException on operation error.
:returns: Returns a dictonary representing the new
baremetal node.
"""
with _utils.shade_exceptions("Error registering machine with Ironic"):
machine = self.manager.submitTask(_tasks.MachineCreate(**kwargs))
created_nics = []
try:
for row in nics:
nic = self.manager.submitTask(
_tasks.MachinePortCreate(address=row['mac'],
node_uuid=machine['uuid']))
created_nics.append(nic.uuid)
except Exception as e:
self.log.debug("ironic NIC registration failed", exc_info=True)
# TODO(mordred) Handle failures here
try:
for uuid in created_nics:
try:
self.manager.submitTask(
_tasks.MachinePortDelete(
port_id=uuid))
except:
pass
finally:
self.manager.submitTask(
_tasks.MachineDelete(node_id=machine['uuid']))
raise OpenStackCloudException(
"Error registering NICs with the baremetal service: %s"
% str(e))
with _utils.shade_exceptions(
"Error transitioning node to available state"):
if wait:
for count in _utils._iterate_timeout(
timeout,
"Timeout waiting for node transition to "
"available state"):
machine = self.get_machine(machine['uuid'])
# Note(TheJulia): Per the Ironic state code, a node
# that fails returns to enroll state, which means a failed
# node cannot be determined at this point in time.
if machine['provision_state'] in ['enroll']:
self.node_set_provision_state(
machine['uuid'], 'manage')
elif machine['provision_state'] in ['manageable']:
self.node_set_provision_state(
machine['uuid'], 'provide')
elif machine['last_error'] is not None:
raise OpenStackCloudException(
"Machine encountered a failure: %s"
% machine['last_error'])
# Note(TheJulia): Earlier versions of Ironic default to
# None and later versions default to available up until
# the introduction of enroll state.
# Note(TheJulia): The node will transition through
# cleaning if it is enabled, and we will wait for
# completion.
elif machine['provision_state'] in ['available', None]:
break
else:
if machine['provision_state'] in ['enroll']:
self.node_set_provision_state(machine['uuid'], 'manage')
# Note(TheJulia): We need to wait for the lock to clear
# before we attempt to set the machine into provide state
# which allows for the transition to available.
for count in _utils._iterate_timeout(
lock_timeout,
"Timeout waiting for reservation to clear "
"before setting provide state"):
machine = self.get_machine(machine['uuid'])
if (machine['reservation'] is None and
machine['provision_state'] is not 'enroll'):
self.node_set_provision_state(
machine['uuid'], 'provide')
machine = self.get_machine(machine['uuid'])
break
elif machine['provision_state'] in [
'cleaning',
'available']:
break
elif machine['last_error'] is not None:
raise OpenStackCloudException(
"Machine encountered a failure: %s"
% machine['last_error'])
return machine
def unregister_machine(self, nics, uuid, wait=False, timeout=600):
"""Unregister Baremetal from Ironic
Removes entries for Network Interfaces and baremetal nodes
from an Ironic API
:param list nics: An array of strings that consist of MAC addresses
to be removed.
:param string uuid: The UUID of the node to be deleted.
:param wait: Boolean value, defaults to false, if to block the method
upon the final step of unregistering the machine.
:param timeout: Integer value, representing seconds with a default
value of 600, which controls the maximum amount of
time to block the method's completion on.
:raises: OpenStackCloudException on operation failure.
"""
machine = self.get_machine(uuid)
invalid_states = ['active', 'cleaning', 'clean wait', 'clean failed']
if machine['provision_state'] in invalid_states:
raise OpenStackCloudException(
"Error unregistering node '%s' due to current provision "
"state '%s'" % (uuid, machine['provision_state']))
for nic in nics:
with _utils.shade_exceptions(
"Error removing NIC {nic} from baremetal API for node "
"{uuid}".format(nic=nic, uuid=uuid)):
port = self.manager.submitTask(
_tasks.MachinePortGetByAddress(address=nic['mac']))
self.manager.submitTask(
_tasks.MachinePortDelete(port_id=port.uuid))
with _utils.shade_exceptions(
"Error unregistering machine {node_id} from the baremetal "
"API".format(node_id=uuid)):
self.manager.submitTask(
_tasks.MachineDelete(node_id=uuid))
if wait:
for count in _utils._iterate_timeout(
timeout,
"Timeout waiting for machine to be deleted"):
if not self.get_machine(uuid):
break
def patch_machine(self, name_or_id, patch):
"""Patch Machine Information
This method allows for an interface to manipulate node entries
within Ironic. Specifically, it is a pass-through for the
ironicclient.nodes.update interface which allows the Ironic Node
properties to be updated.
:param node_id: The server object to attach to.
:param patch:
The JSON Patch document is a list of dictonary objects
that comply with RFC 6902 which can be found at
https://tools.ietf.org/html/rfc6902.
Example patch construction::
patch=[]
patch.append({
'op': 'remove',
'path': '/instance_info'
})
patch.append({
'op': 'replace',
'path': '/name',
'value': 'newname'
})
patch.append({
'op': 'add',
'path': '/driver_info/username',
'value': 'administrator'
})
:raises: OpenStackCloudException on operation error.
:returns: Dictonary representing the newly updated node.
"""
with _utils.shade_exceptions(
"Error updating machine via patch operation on node "
"{node}".format(node=name_or_id)
):
return self.manager.submitTask(
_tasks.MachinePatch(node_id=name_or_id,
patch=patch,
http_method='PATCH'))
def update_machine(self, name_or_id, chassis_uuid=None, driver=None,
driver_info=None, name=None, instance_info=None,
instance_uuid=None, properties=None):
"""Update a machine with new configuration information
A user-friendly method to perform updates of a machine, in whole or
part.
:param string name_or_id: A machine name or UUID to be updated.
:param string chassis_uuid: Assign a chassis UUID to the machine.
NOTE: As of the Kilo release, this value
cannot be changed once set. If a user
attempts to change this value, then the
Ironic API, as of Kilo, will reject the
request.
:param string driver: The driver name for controlling the machine.
:param dict driver_info: The dictonary defining the configuration
that the driver will utilize to control
the machine. Permutations of this are
dependent upon the specific driver utilized.
:param string name: A human relatable name to represent the machine.
:param dict instance_info: A dictonary of configuration information
that conveys to the driver how the host
is to be configured when deployed.
be deployed to the machine.
:param string instance_uuid: A UUID value representing the instance
that the deployed machine represents.
:param dict properties: A dictonary defining the properties of a
machine.
:raises: OpenStackCloudException on operation error.
:returns: Dictonary containing a machine sub-dictonary consisting
of the updated data returned from the API update operation,
and a list named changes which contains all of the API paths
that received updates.
"""
machine = self.get_machine(name_or_id)
if not machine:
raise OpenStackCloudException(
"Machine update failed to find Machine: %s. " % name_or_id)
machine_config = {}
new_config = {}
try:
if chassis_uuid:
machine_config['chassis_uuid'] = machine['chassis_uuid']
new_config['chassis_uuid'] = chassis_uuid
if driver:
machine_config['driver'] = machine['driver']
new_config['driver'] = driver
if driver_info:
machine_config['driver_info'] = machine['driver_info']
new_config['driver_info'] = driver_info
if name:
machine_config['name'] = machine['name']
new_config['name'] = name
if instance_info:
machine_config['instance_info'] = machine['instance_info']
new_config['instance_info'] = instance_info
if instance_uuid:
machine_config['instance_uuid'] = machine['instance_uuid']
new_config['instance_uuid'] = instance_uuid
if properties:
machine_config['properties'] = machine['properties']
new_config['properties'] = properties
except KeyError as e:
self.log.debug(
"Unexpected machine response missing key %s [%s]" % (
e.args[0], name_or_id))
raise OpenStackCloudException(
"Machine update failed - machine [%s] missing key %s. "
"Potential API issue."
% (name_or_id, e.args[0]))
try:
patch = jsonpatch.JsonPatch.from_diff(machine_config, new_config)
except Exception as e:
raise OpenStackCloudException(
"Machine update failed - Error generating JSON patch object "
"for submission to the API. Machine: %s Error: %s"
% (name_or_id, str(e)))
with _utils.shade_exceptions(
"Machine update failed - patch operation failed on Machine "
"{node}".format(node=name_or_id)
):
if not patch:
return dict(
node=machine,
changes=None
)
else:
machine = self.patch_machine(machine['uuid'], list(patch))
change_list = []
for change in list(patch):
change_list.append(change['path'])
return dict(
node=machine,
changes=change_list
)
def validate_node(self, uuid):
with _utils.shade_exceptions():
ifaces = self.manager.submitTask(
_tasks.MachineNodeValidate(node_uuid=uuid))
if not ifaces.deploy or not ifaces.power:
raise OpenStackCloudException(
"ironic node %s failed to validate. "
"(deploy: %s, power: %s)" % (ifaces.deploy, ifaces.power))
def node_set_provision_state(self,
name_or_id,
state,
configdrive=None,
wait=False,
timeout=3600):
"""Set Node Provision State
Enables a user to provision a Machine and optionally define a
config drive to be utilized.
:param string name_or_id: The Name or UUID value representing the
baremetal node.
:param string state: The desired provision state for the
baremetal node.
:param string configdrive: An optional URL or file or path
representing the configdrive. In the
case of a directory, the client API
will create a properly formatted
configuration drive file and post the
file contents to the API for
deployment.
:param boolean wait: A boolean value, defaulted to false, to control
if the method will wait for the desire end state
to be reached before returning.
:param integer timeout: Integer value, defaulting to 3600 seconds,
representing the amount of time to wait for
the desire end state to be reached.
:raises: OpenStackCloudException on operation error.
:returns: Dictonary representing the current state of the machine
upon exit of the method.
"""
with _utils.shade_exceptions(
"Baremetal machine node failed change provision state to "
"{state}".format(state=state)
):
machine = self.manager.submitTask(
_tasks.MachineSetProvision(node_uuid=name_or_id,
state=state,
configdrive=configdrive))
if wait:
for count in _utils._iterate_timeout(
timeout,
"Timeout waiting for node transition to "
"target state of '%s'" % state):
machine = self.get_machine(name_or_id)
# NOTE(TheJulia): This performs matching if the requested
# end state matches the state the node has reached.
if state in machine['provision_state']:
break
# NOTE(TheJulia): This performs matching for cases where
# the reqeusted state action ends in available state.
if ("available" in machine['provision_state'] and
state in ["provide", "deleted"]):
break
else:
machine = self.get_machine(name_or_id)
return machine
def set_machine_maintenance_state(
self,
name_or_id,
state=True,
reason=None):
"""Set Baremetal Machine Maintenance State
Sets Baremetal maintenance state and maintenance reason.
:param string name_or_id: The Name or UUID value representing the
baremetal node.
:param boolean state: The desired state of the node. True being in
maintenance where as False means the machine
is not in maintenance mode. This value
defaults to True if not explicitly set.
:param string reason: An optional freeform string that is supplied to
the baremetal API to allow for notation as to why
the node is in maintenance state.
:raises: OpenStackCloudException on operation error.
:returns: None
"""
with _utils.shade_exceptions(
"Error setting machine maintenance state to {state} on node "
"{node}".format(state=state, node=name_or_id)
):
if state:
result = self.manager.submitTask(
_tasks.MachineSetMaintenance(node_id=name_or_id,
state='true',
maint_reason=reason))
else:
result = self.manager.submitTask(
_tasks.MachineSetMaintenance(node_id=name_or_id,
state='false'))
if result is not None:
raise OpenStackCloudException(
"Failed setting machine maintenance state to %s "
"on node %s. Received: %s" % (
state, name_or_id, result))
return None
def remove_machine_from_maintenance(self, name_or_id):
"""Remove Baremetal Machine from Maintenance State
Similarly to set_machine_maintenance_state, this method
removes a machine from maintenance state. It must be noted
that this method simpily calls set_machine_maintenace_state
for the name_or_id requested and sets the state to False.
:param string name_or_id: The Name or UUID value representing the
baremetal node.
:raises: OpenStackCloudException on operation error.
:returns: None
"""
self.set_machine_maintenance_state(name_or_id, False)
def _set_machine_power_state(self, name_or_id, state):
"""Set machine power state to on or off
This private method allows a user to turn power on or off to
a node via the Baremetal API.
:params string name_or_id: A string representing the baremetal
node to have power turned to an "on"
state.
:params string state: A value of "on", "off", or "reboot" that is
passed to the baremetal API to be asserted to
the machine. In the case of the "reboot" state,
Ironic will return the host to the "on" state.
:raises: OpenStackCloudException on operation error or.
:returns: None
"""
with _utils.shade_exceptions(
"Error setting machine power state to {state} on node "
"{node}".format(state=state, node=name_or_id)
):
power = self.manager.submitTask(
_tasks.MachineSetPower(node_id=name_or_id,
state=state))
if power is not None:
raise OpenStackCloudException(
"Failed setting machine power state %s on node %s. "
"Received: %s" % (state, name_or_id, power))
return None
def set_machine_power_on(self, name_or_id):
"""Activate baremetal machine power
This is a method that sets the node power state to "on".
:params string name_or_id: A string representing the baremetal
node to have power turned to an "on"
state.
:raises: OpenStackCloudException on operation error.
:returns: None
"""
self._set_machine_power_state(name_or_id, 'on')
def set_machine_power_off(self, name_or_id):
"""De-activate baremetal machine power
This is a method that sets the node power state to "off".
:params string name_or_id: A string representing the baremetal
node to have power turned to an "off"
state.
:raises: OpenStackCloudException on operation error.
:returns:
"""
self._set_machine_power_state(name_or_id, 'off')
def set_machine_power_reboot(self, name_or_id):
"""De-activate baremetal machine power
This is a method that sets the node power state to "reboot", which
in essence changes the machine power state to "off", and that back
to "on".
:params string name_or_id: A string representing the baremetal
node to have power turned to an "off"
state.
:raises: OpenStackCloudException on operation error.
:returns: None
"""
self._set_machine_power_state(name_or_id, 'reboot')
def activate_node(self, uuid, configdrive=None,
wait=False, timeout=1200):
self.node_set_provision_state(
uuid, 'active', configdrive, wait=wait, timeout=timeout)
def deactivate_node(self, uuid, wait=False,
timeout=1200):
self.node_set_provision_state(
uuid, 'deleted', wait=wait, timeout=timeout)
def set_node_instance_info(self, uuid, patch):
with _utils.shade_exceptions():
return self.manager.submitTask(
_tasks.MachineNodeUpdate(node_id=uuid, patch=patch))
def purge_node_instance_info(self, uuid):
patch = []
patch.append({'op': 'remove', 'path': '/instance_info'})
with _utils.shade_exceptions():
return self.manager.submitTask(
_tasks.MachineNodeUpdate(node_id=uuid, patch=patch))
@_utils.valid_kwargs('type', 'service_type', 'description')
def create_service(self, name, enabled=True, **kwargs):
"""Create a service.
:param name: Service name.
:param type: Service type. (type or service_type required.)
:param service_type: Service type. (type or service_type required.)
:param description: Service description (optional).
:param enabled: Whether the service is enabled (v3 only)
:returns: a dict containing the services description, i.e. the
following attributes::
- id: <service id>
- name: <service name>
- type: <service type>
- service_type: <service type>
- description: <service description>
:raises: ``OpenStackCloudException`` if something goes wrong during the
openstack API call.
"""
type_ = kwargs.pop('type', None)
service_type = kwargs.pop('service_type', None)
if self.cloud_config.get_api_version('identity').startswith('2'):
kwargs['service_type'] = type_ or service_type
else:
kwargs['type'] = type_ or service_type
kwargs['enabled'] = enabled
with _utils.shade_exceptions(
"Failed to create service {name}".format(name=name)
):
service = self.manager.submitTask(
_tasks.ServiceCreate(name=name, **kwargs)
)
return _utils.normalize_keystone_services([service])[0]
@_utils.valid_kwargs('name', 'enabled', 'type', 'service_type',
'description')
def update_service(self, name_or_id, **kwargs):
# NOTE(SamYaple): Service updates are only available on v3 api
if self.cloud_config.get_api_version('identity').startswith('2'):
raise OpenStackCloudUnavailableFeature(
'Unavailable Feature: Service update requires Identity v3'
)
# NOTE(SamYaple): Keystone v3 only accepts 'type' but shade accepts
# both 'type' and 'service_type' with a preference
# towards 'type'
type_ = kwargs.pop('type', None)
service_type = kwargs.pop('service_type', None)
if type_ or service_type:
kwargs['type'] = type_ or service_type
with _utils.shade_exceptions(
"Error in updating service {service}".format(service=name_or_id)
):
service = self.manager.submitTask(
_tasks.ServiceUpdate(service=name_or_id, **kwargs)
)
return _utils.normalize_keystone_services([service])[0]
def list_services(self):
"""List all Keystone services.
:returns: a list of dict containing the services description.
:raises: ``OpenStackCloudException`` if something goes wrong during the
openstack API call.
"""
with _utils.shade_exceptions():
services = self.manager.submitTask(_tasks.ServiceList())
return _utils.normalize_keystone_services(services)
def search_services(self, name_or_id=None, filters=None):
"""Search Keystone services.
:param name_or_id: Name or id of the desired service.
:param filters: a dict containing additional filters to use. e.g.
{'type': 'network'}.
:returns: a list of dict containing the services description.
:raises: ``OpenStackCloudException`` if something goes wrong during the
openstack API call.
"""
services = self.list_services()
return _utils._filter_list(services, name_or_id, filters)
def get_service(self, name_or_id, filters=None):
"""Get exactly one Keystone service.
:param name_or_id: Name or id of the desired service.
:param filters: a dict containing additional filters to use. e.g.
{'type': 'network'}
:returns: a dict containing the services description, i.e. the
following attributes::
- id: <service id>
- name: <service name>
- type: <service type>
- description: <service description>
:raises: ``OpenStackCloudException`` if something goes wrong during the
openstack API call or if multiple matches are found.
"""
return _utils._get_entity(self.search_services, name_or_id, filters)
def delete_service(self, name_or_id):
"""Delete a Keystone service.
:param name_or_id: Service name or id.
:returns: True if delete succeeded, False otherwise.
:raises: ``OpenStackCloudException`` if something goes wrong during
the openstack API call
"""
service = self.get_service(name_or_id=name_or_id)
if service is None:
self.log.debug("Service %s not found for deleting" % name_or_id)
return False
if self.cloud_config.get_api_version('identity').startswith('2'):
service_kwargs = {'id': service['id']}
else:
service_kwargs = {'service': service['id']}
with _utils.shade_exceptions("Failed to delete service {id}".format(
id=service['id'])):
self.manager.submitTask(_tasks.ServiceDelete(**service_kwargs))
return True
@_utils.valid_kwargs('public_url', 'internal_url', 'admin_url')
def create_endpoint(self, service_name_or_id, url=None, interface=None,
region=None, enabled=True, **kwargs):
"""Create a Keystone endpoint.
:param service_name_or_id: Service name or id for this endpoint.
:param url: URL of the endpoint
:param interface: Interface type of the endpoint
:param public_url: Endpoint public URL.
:param internal_url: Endpoint internal URL.
:param admin_url: Endpoint admin URL.
:param region: Endpoint region.
:param enabled: Whether the endpoint is enabled
NOTE: Both v2 (public_url, internal_url, admin_url) and v3
(url, interface) calling semantics are supported. But
you can only use one of them at a time.
:returns: a list of dicts containing the endpoint description.
:raises: OpenStackCloudException if the service cannot be found or if
something goes wrong during the openstack API call.
"""
public_url = kwargs.pop('public_url', None)
internal_url = kwargs.pop('internal_url', None)
admin_url = kwargs.pop('admin_url', None)
if (url or interface) and (public_url or internal_url or admin_url):
raise OpenStackCloudException(
"create_endpoint takes either url and interface OR"
" public_url, internal_url, admin_url")
service = self.get_service(name_or_id=service_name_or_id)
if service is None:
raise OpenStackCloudException("service {service} not found".format(
service=service_name_or_id))
endpoints = []
endpoint_args = []
if url:
urlkwargs = {}
if self.cloud_config.get_api_version('identity').startswith('2'):
if interface != 'public':
raise OpenStackCloudException(
"Error adding endpoint for service {service}."
" On a v2 cloud the url/interface API may only be"
" used for public url. Try using the public_url,"
" internal_url, admin_url parameters instead of"
" url and interface".format(
service=service_name_or_id))
urlkwargs['{}url'.format(interface)] = url
else:
urlkwargs['url'] = url
urlkwargs['interface'] = interface
endpoint_args.append(urlkwargs)
else:
expected_endpoints = {'public': public_url,
'internal': internal_url,
'admin': admin_url}
if self.cloud_config.get_api_version('identity').startswith('2'):
urlkwargs = {}
for interface, url in expected_endpoints.items():
if url:
urlkwargs['{}url'.format(interface)] = url
endpoint_args.append(urlkwargs)
else:
for interface, url in expected_endpoints.items():
if url:
urlkwargs = {}
urlkwargs['url'] = url
urlkwargs['interface'] = interface
endpoint_args.append(urlkwargs)
if self.cloud_config.get_api_version('identity').startswith('2'):
kwargs['service_id'] = service['id']
# Keystone v2 requires 'region' arg even if it is None
kwargs['region'] = region
else:
kwargs['service'] = service['id']
kwargs['enabled'] = enabled
if region is not None:
kwargs['region'] = region
with _utils.shade_exceptions(
"Failed to create endpoint for service"
" {service}".format(service=service['name'])
):
for args in endpoint_args:
# NOTE(SamYaple): Add shared kwargs to endpoint args
args.update(kwargs)
endpoint = self.manager.submitTask(
_tasks.EndpointCreate(**args)
)
endpoints.append(endpoint)
return endpoints
def list_endpoints(self):
"""List Keystone endpoints.
:returns: a list of dict containing the endpoint description.
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
# ToDo: support v3 api (dguerri)
with _utils.shade_exceptions("Failed to list endpoints"):
endpoints = self.manager.submitTask(_tasks.EndpointList())
return endpoints
def search_endpoints(self, id=None, filters=None):
"""List Keystone endpoints.
:param id: endpoint id.
:param filters: a dict containing additional filters to use. e.g.
{'region': 'region-a.geo-1'}
:returns: a list of dict containing the endpoint description. Each dict
contains the following attributes::
- id: <endpoint id>
- region: <endpoint region>
- public_url: <endpoint public url>
- internal_url: <endpoint internal url> (optional)
- admin_url: <endpoint admin url> (optional)
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
endpoints = self.list_endpoints()
return _utils._filter_list(endpoints, id, filters)
def get_endpoint(self, id, filters=None):
"""Get exactly one Keystone endpoint.
:param id: endpoint id.
:param filters: a dict containing additional filters to use. e.g.
{'region': 'region-a.geo-1'}
:returns: a dict containing the endpoint description. i.e. a dict
containing the following attributes::
- id: <endpoint id>
- region: <endpoint region>
- public_url: <endpoint public url>
- internal_url: <endpoint internal url> (optional)
- admin_url: <endpoint admin url> (optional)
"""
return _utils._get_entity(self.search_endpoints, id, filters)
def delete_endpoint(self, id):
"""Delete a Keystone endpoint.
:param id: Id of the endpoint to delete.
:returns: True if delete succeeded, False otherwise.
:raises: ``OpenStackCloudException`` if something goes wrong during
the openstack API call.
"""
# ToDo: support v3 api (dguerri)
endpoint = self.get_endpoint(id=id)
if endpoint is None:
self.log.debug("Endpoint %s not found for deleting" % id)
return False
if self.cloud_config.get_api_version('identity').startswith('2'):
endpoint_kwargs = {'id': endpoint['id']}
else:
endpoint_kwargs = {'endpoint': endpoint['id']}
with _utils.shade_exceptions("Failed to delete endpoint {id}".format(
id=id)):
self.manager.submitTask(_tasks.EndpointDelete(**endpoint_kwargs))
return True
def create_domain(
self, name, description=None, enabled=True):
"""Create a Keystone domain.
:param name: The name of the domain.
:param description: A description of the domain.
:param enabled: Is the domain enabled or not (default True).
:returns: a dict containing the domain description
:raise OpenStackCloudException: if the domain cannot be created
"""
with _utils.shade_exceptions("Failed to create domain {name}".format(
name=name)):
domain = self.manager.submitTask(_tasks.DomainCreate(
name=name,
description=description,
enabled=enabled))
return _utils.normalize_domains([domain])[0]
def update_domain(
self, domain_id, name=None, description=None, enabled=None):
with _utils.shade_exceptions(
"Error in updating domain {domain}".format(domain=domain_id)):
domain = self.manager.submitTask(_tasks.DomainUpdate(
domain=domain_id, name=name, description=description,
enabled=enabled))
return _utils.normalize_domains([domain])[0]
def delete_domain(self, domain_id):
"""Delete a Keystone domain.
:param domain_id: ID of the domain to delete.
:returns: None
:raises: ``OpenStackCloudException`` if something goes wrong during
the openstack API call.
"""
with _utils.shade_exceptions("Failed to delete domain {id}".format(
id=domain_id)):
# Deleting a domain is expensive, so disabling it first increases
# the changes of success
domain = self.update_domain(domain_id, enabled=False)
self.manager.submitTask(_tasks.DomainDelete(
domain=domain['id']))
def list_domains(self):
"""List Keystone domains.
:returns: a list of dicts containing the domain description.
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
with _utils.shade_exceptions("Failed to list domains"):
domains = self.manager.submitTask(_tasks.DomainList())
return _utils.normalize_domains(domains)
def search_domains(self, filters=None):
"""Search Keystone domains.
:param dict filters: A dict containing additional filters to use.
Keys to search on are id, name, enabled and description.
:returns: a list of dicts containing the domain description. Each dict
contains the following attributes::
- id: <domain id>
- name: <domain name>
- description: <domain description>
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
with _utils.shade_exceptions("Failed to list domains"):
domains = self.manager.submitTask(
_tasks.DomainList(**filters))
return _utils.normalize_domains(domains)
def get_domain(self, domain_id):
"""Get exactly one Keystone domain.
:param domain_id: domain id.
:returns: a dict containing the domain description, or None if not
found. Each dict contains the following attributes::
- id: <domain id>
- name: <domain name>
- description: <domain description>
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
with _utils.shade_exceptions(
"Failed to get domain "
"{domain_id}".format(domain_id=domain_id)
):
domain = self.manager.submitTask(
_tasks.DomainGet(domain=domain_id))
return _utils.normalize_domains([domain])[0]
@_utils.cache_on_arguments()
def list_groups(self):
"""List Keystone Groups.
:returns: A list of dicts containing the group description.
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
with _utils.shade_exceptions("Failed to list groups"):
groups = self.manager.submitTask(_tasks.GroupList())
return _utils.normalize_groups(groups)
def search_groups(self, name_or_id=None, filters=None):
"""Search Keystone groups.
:param name: Group name or id.
:param filters: A dict containing additional filters to use.
:returns: A list of dict containing the group description.
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
groups = self.list_groups()
return _utils._filter_list(groups, name_or_id, filters)
def get_group(self, name_or_id, filters=None):
"""Get exactly one Keystone group.
:param id: Group name or id.
:param filters: A dict containing additional filters to use.
:returns: A dict containing the group description.
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
return _utils._get_entity(self.search_groups, name_or_id, filters)
def create_group(self, name, description, domain=None):
"""Create a group.
:param string name: Group name.
:param string description: Group description.
:param string domain: Domain name or ID for the group.
:returns: A dict containing the group description.
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
with _utils.shade_exceptions(
"Error creating group {group}".format(group=name)
):
domain_id = None
if domain:
dom = self.get_domain(domain)
if not dom:
raise OpenStackCloudException(
"Creating group {group} failed: Invalid domain "
"{domain}".format(group=name, domain=domain)
)
domain_id = dom['id']
group = self.manager.submitTask(_tasks.GroupCreate(
name=name, description=description, domain=domain_id)
)
self.list_groups.invalidate(self)
return _utils.normalize_groups([group])[0]
def update_group(self, name_or_id, name=None, description=None):
"""Update an existing group
:param string name: New group name.
:param string description: New group description.
:returns: A dict containing the group description.
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
self.list_groups.invalidate(self)
group = self.get_group(name_or_id)
if group is None:
raise OpenStackCloudException(
"Group {0} not found for updating".format(name_or_id)
)
with _utils.shade_exceptions(
"Unable to update group {name}".format(name=name_or_id)
):
group = self.manager.submitTask(_tasks.GroupUpdate(
group=group['id'], name=name, description=description))
self.list_groups.invalidate(self)
return _utils.normalize_groups([group])[0]
def delete_group(self, name_or_id):
"""Delete a group
:param name_or_id: ID or name of the group to delete.
:returns: True if delete succeeded, False otherwise.
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
group = self.get_group(name_or_id)
if group is None:
self.log.debug(
"Group {0} not found for deleting".format(name_or_id))
return False
with _utils.shade_exceptions(
"Unable to delete group {name}".format(name=name_or_id)
):
self.manager.submitTask(_tasks.GroupDelete(group=group['id']))
self.list_groups.invalidate(self)
return True
def list_roles(self):
"""List Keystone roles.
:returns: a list of dicts containing the role description.
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
with _utils.shade_exceptions():
roles = self.manager.submitTask(_tasks.RoleList())
return roles
def search_roles(self, name_or_id=None, filters=None):
"""Seach Keystone roles.
:param string name: role name or id.
:param dict filters: a dict containing additional filters to use.
:returns: a list of dict containing the role description. Each dict
contains the following attributes::
- id: <role id>
- name: <role name>
- description: <role description>
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
roles = self.list_roles()
return _utils._filter_list(roles, name_or_id, filters)
def get_role(self, name_or_id, filters=None):
"""Get exactly one Keystone role.
:param id: role name or id.
:param filters: a dict containing additional filters to use.
:returns: a single dict containing the role description. Each dict
contains the following attributes::
- id: <role id>
- name: <role name>
- description: <role description>
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
return _utils._get_entity(self.search_roles, name_or_id, filters)
def _keystone_v2_role_assignments(self, user, project=None,
role=None, **kwargs):
with _utils.shade_exceptions("Failed to list role assignments"):
roles = self.manager.submitTask(
_tasks.RolesForUser(user=user, tenant=project)
)
ret = []
for tmprole in roles:
if role is not None and role != tmprole.id:
continue
ret.append({
'role': {
'id': tmprole.id
},
'scope': {
'project': {
'id': project,
}
},
'user': {
'id': user,
}
})
return ret
def list_role_assignments(self, filters=None):
"""List Keystone role assignments
:param dict filters: Dict of filter conditions. Acceptable keys are::
- 'user' (string) - User ID to be used as query filter.
- 'group' (string) - Group ID to be used as query filter.
- 'project' (string) - Project ID to be used as query filter.
- 'domain' (string) - Domain ID to be used as query filter.
- 'role' (string) - Role ID to be used as query filter.
- 'os_inherit_extension_inherited_to' (string) - Return inherited
role assignments for either 'projects' or 'domains'
- 'effective' (boolean) - Return effective role assignments.
- 'include_subtree' (boolean) - Include subtree
'user' and 'group' are mutually exclusive, as are 'domain' and
'project'.
NOTE: For keystone v2, only user, project, and role are used.
Project and user are both required in filters.
:returns: a list of dicts containing the role assignment description.
Contains the following attributes::
- id: <role id>
- user|group: <user or group id>
- project|domain: <project or domain id>
:raises: ``OpenStackCloudException``: if something goes wrong during
the openstack API call.
"""
if not filters:
filters = {}
if self.cloud_config.get_api_version('identity').startswith('2'):
if filters.get('project') is None or filters.get('user') is None:
raise OpenStackCloudException(
"Must provide project and user for keystone v2"
)
assignments = self._keystone_v2_role_assignments(**filters)
else:
with _utils.shade_exceptions("Failed to list role assignments"):
assignments = self.manager.submitTask(
_tasks.RoleAssignmentList(**filters)
)
return _utils.normalize_role_assignments(assignments)
def create_flavor(self, name, ram, vcpus, disk, flavorid="auto",
ephemeral=0, swap=0, rxtx_factor=1.0, is_public=True):
"""Create a new flavor.
:param name: Descriptive name of the flavor
:param ram: Memory in MB for the flavor
:param vcpus: Number of VCPUs for the flavor
:param disk: Size of local disk in GB
:param flavorid: ID for the flavor (optional)
:param ephemeral: Ephemeral space size in GB
:param swap: Swap space in MB
:param rxtx_factor: RX/TX factor
:param is_public: Make flavor accessible to the public
:returns: A dict describing the new flavor.
:raises: OpenStackCloudException on operation error.
"""
with _utils.shade_exceptions("Failed to create flavor {name}".format(
name=name)):
flavor = self.manager.submitTask(
_tasks.FlavorCreate(name=name, ram=ram, vcpus=vcpus, disk=disk,
flavorid=flavorid, ephemeral=ephemeral,
swap=swap, rxtx_factor=rxtx_factor,
is_public=is_public)
)
return _utils.normalize_flavors([flavor])[0]
def delete_flavor(self, name_or_id):
"""Delete a flavor
:param name_or_id: ID or name of the flavor to delete.
:returns: True if delete succeeded, False otherwise.
:raises: OpenStackCloudException on operation error.
"""
flavor = self.get_flavor(name_or_id)
if flavor is None:
self.log.debug(
"Flavor {0} not found for deleting".format(name_or_id))
return False
with _utils.shade_exceptions("Unable to delete flavor {name}".format(
name=name_or_id)):
self.manager.submitTask(_tasks.FlavorDelete(flavor=flavor['id']))
return True
def set_flavor_specs(self, flavor_id, extra_specs):
"""Add extra specs to a flavor
:param string flavor_id: ID of the flavor to update.
:param dict extra_specs: Dictionary of key-value pairs.
:raises: OpenStackCloudException on operation error.
:raises: OpenStackCloudResourceNotFound if flavor ID is not found.
"""
try:
self.manager.submitTask(
_tasks.FlavorSetExtraSpecs(
id=flavor_id, json=dict(extra_specs=extra_specs)))
except Exception as e:
raise OpenStackCloudException(
"Unable to set flavor specs: {0}".format(str(e))
)
def unset_flavor_specs(self, flavor_id, keys):
"""Delete extra specs from a flavor
:param string flavor_id: ID of the flavor to update.
:param list keys: List of spec keys to delete.
:raises: OpenStackCloudException on operation error.
:raises: OpenStackCloudResourceNotFound if flavor ID is not found.
"""
for key in keys:
try:
self.manager.submitTask(
_tasks.FlavorUnsetExtraSpecs(id=flavor_id, key=key))
except Exception as e:
raise OpenStackCloudException(
"Unable to delete flavor spec {0}: {0}".format(
key, str(e)))
def _mod_flavor_access(self, action, flavor_id, project_id):
"""Common method for adding and removing flavor access
"""
with _utils.shade_exceptions("Error trying to {action} access from "
"flavor ID {flavor}".format(
action=action, flavor=flavor_id)):
if action == 'add':
self.manager.submitTask(
_tasks.FlavorAddAccess(flavor=flavor_id,
tenant=project_id)
)
elif action == 'remove':
self.manager.submitTask(
_tasks.FlavorRemoveAccess(flavor=flavor_id,
tenant=project_id)
)
def add_flavor_access(self, flavor_id, project_id):
"""Grant access to a private flavor for a project/tenant.
:param string flavor_id: ID of the private flavor.
:param string project_id: ID of the project/tenant.
:raises: OpenStackCloudException on operation error.
"""
self._mod_flavor_access('add', flavor_id, project_id)
def remove_flavor_access(self, flavor_id, project_id):
"""Revoke access from a private flavor for a project/tenant.
:param string flavor_id: ID of the private flavor.
:param string project_id: ID of the project/tenant.
:raises: OpenStackCloudException on operation error.
"""
self._mod_flavor_access('remove', flavor_id, project_id)
def create_role(self, name):
"""Create a Keystone role.
:param string name: The name of the role.
:returns: a dict containing the role description
:raise OpenStackCloudException: if the role cannot be created
"""
with _utils.shade_exceptions():
role = self.manager.submitTask(
_tasks.RoleCreate(name=name)
)
return role
def delete_role(self, name_or_id):
"""Delete a Keystone role.
:param string id: Name or id of the role to delete.
:returns: True if delete succeeded, False otherwise.
:raises: ``OpenStackCloudException`` if something goes wrong during
the openstack API call.
"""
role = self.get_role(name_or_id)
if role is None:
self.log.debug(
"Role {0} not found for deleting".format(name_or_id))
return False
with _utils.shade_exceptions("Unable to delete role {name}".format(
name=name_or_id)):
self.manager.submitTask(_tasks.RoleDelete(role=role['id']))
return True
def _get_grant_revoke_params(self, role, user=None, group=None,
project=None, domain=None):
role = self.get_role(role)
if role is None:
return {}
data = {'role': role.id}
# domain and group not available in keystone v2.0
keystone_version = self.cloud_config.get_api_version('identity')
is_keystone_v2 = keystone_version.startswith('2')
filters = {}
if not is_keystone_v2 and domain:
filters['domain_id'] = data['domain'] = \
self.get_domain(domain)['id']
if user:
data['user'] = self.get_user(user, filters=filters)
if project:
# drop domain in favor of project
data.pop('domain', None)
data['project'] = self.get_project(project, filters=filters)
if not is_keystone_v2 and group:
data['group'] = self.get_group(group, filters=filters)
return data
def grant_role(self, name_or_id, user=None, group=None,
project=None, domain=None, wait=False, timeout=60):
"""Grant a role to a user.
:param string name_or_id: The name or id of the role.
:param string user: The name or id of the user.
:param string group: The name or id of the group. (v3)
:param string project: The name or id of the project.
:param string domain: The id of the domain. (v3)
:param bool wait: Wait for role to be granted
:param int timeout: Timeout to wait for role to be granted
NOTE: for wait and timeout, sometimes granting roles is not
instantaneous for granting roles.
NOTE: project is required for keystone v2
:returns: True if the role is assigned, otherwise False
:raise OpenStackCloudException: if the role cannot be granted
"""
data = self._get_grant_revoke_params(name_or_id, user, group,
project, domain)
filters = data.copy()
if not data:
raise OpenStackCloudException(
'Role {0} not found.'.format(name_or_id))
if data.get('user') is not None and data.get('group') is not None:
raise OpenStackCloudException(
'Specify either a group or a user, not both')
if data.get('user') is None and data.get('group') is None:
raise OpenStackCloudException(
'Must specify either a user or a group')
if self.cloud_config.get_api_version('identity').startswith('2') and \
data.get('project') is None:
raise OpenStackCloudException(
'Must specify project for keystone v2')
if self.list_role_assignments(filters=filters):
self.log.debug('Assignment already exists')
return False
with _utils.shade_exceptions(
"Error granting access to role: {0}".format(
data)):
if self.cloud_config.get_api_version('identity').startswith('2'):
data['tenant'] = data.pop('project')
self.manager.submitTask(_tasks.RoleAddUser(**data))
else:
if data.get('project') is None and data.get('domain') is None:
raise OpenStackCloudException(
'Must specify either a domain or project')
self.manager.submitTask(_tasks.RoleGrantUser(**data))
if wait:
for count in _utils._iterate_timeout(
timeout,
"Timeout waiting for role to be granted"):
if self.list_role_assignments(filters=filters):
break
return True
def revoke_role(self, name_or_id, user=None, group=None,
project=None, domain=None, wait=False, timeout=60):
"""Revoke a role from a user.
:param string name_or_id: The name or id of the role.
:param string user: The name or id of the user.
:param string group: The name or id of the group. (v3)
:param string project: The name or id of the project.
:param string domain: The id of the domain. (v3)
:param bool wait: Wait for role to be revoked
:param int timeout: Timeout to wait for role to be revoked
NOTE: for wait and timeout, sometimes revoking roles is not
instantaneous for revoking roles.
NOTE: project is required for keystone v2
:returns: True if the role is revoke, otherwise False
:raise OpenStackCloudException: if the role cannot be removed
"""
data = self._get_grant_revoke_params(name_or_id, user, group,
project, domain)
filters = data.copy()
if not data:
raise OpenStackCloudException(
'Role {0} not found.'.format(name_or_id))
if data.get('user') is not None and data.get('group') is not None:
raise OpenStackCloudException(
'Specify either a group or a user, not both')
if data.get('user') is None and data.get('group') is None:
raise OpenStackCloudException(
'Must specify either a user or a group')
if self.cloud_config.get_api_version('identity').startswith('2') and \
data.get('project') is None:
raise OpenStackCloudException(
'Must specify project for keystone v2')
if not self.list_role_assignments(filters=filters):
self.log.debug('Assignment does not exist')
return False
with _utils.shade_exceptions(
"Error revoking access to role: {0}".format(
data)):
if self.cloud_config.get_api_version('identity').startswith('2'):
data['tenant'] = data.pop('project')
self.manager.submitTask(_tasks.RoleRemoveUser(**data))
else:
if data.get('project') is None \
and data.get('domain') is None:
raise OpenStackCloudException(
'Must specify either a domain or project')
self.manager.submitTask(_tasks.RoleRevokeUser(**data))
if wait:
for count in _utils._iterate_timeout(
timeout,
"Timeout waiting for role to be revoked"):
if not self.list_role_assignments(filters=filters):
break
return True
def list_hypervisors(self):
"""List all hypervisors
:returns: A list of hypervisor dicts.
"""
with _utils.shade_exceptions("Error fetching hypervisor list"):
return self.manager.submitTask(_tasks.HypervisorList())
View Git Blame Copy Permalink