Migrate to keystoneauth1 and cinder v2 APIs
Recheck TLS support with Newton target Change-Id: I5625840a0373c7d03e1d0318648249dfea968871
This commit is contained in:
parent
859b2ad3c5
commit
ccb21107ed
|
@ -1,4 +1,4 @@
|
||||||
# Copyright 2014 Cisco Systems, Inc. All rights reserved.
|
# Copyright 2016 Cisco Systems, Inc. All rights reserved.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
# not use this file except in compliance with the License. You may obtain
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
@ -15,6 +15,9 @@
|
||||||
|
|
||||||
# Module for credentials in Openstack
|
# Module for credentials in Openstack
|
||||||
import getpass
|
import getpass
|
||||||
|
from keystoneauth1.identity import v2
|
||||||
|
from keystoneauth1.identity import v3
|
||||||
|
from keystoneauth1 import session
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
|
|
||||||
|
@ -22,31 +25,40 @@ import log as logging
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class Credentials(object):
|
class Credentials(object):
|
||||||
|
|
||||||
def get_credentials(self):
|
def get_session(self):
|
||||||
dct = {}
|
dct = {
|
||||||
dct['username'] = self.rc_username
|
'username': self.rc_username,
|
||||||
dct['password'] = self.rc_password
|
'password': self.rc_password,
|
||||||
dct['auth_url'] = self.rc_auth_url
|
'auth_url': self.rc_auth_url
|
||||||
if self.rc_identity_api_version == 3:
|
}
|
||||||
dct['project_name'] = self.rc_project_name
|
auth = None
|
||||||
dct['project_domain_name'] = self.rc_project_domain_name
|
|
||||||
dct['user_domain_name'] = self.rc_user_domain_name
|
|
||||||
else:
|
|
||||||
dct['tenant_name'] = self.rc_tenant_name
|
|
||||||
return dct
|
|
||||||
|
|
||||||
def _init_with_openrc_(self, openrc_contents):
|
if self.rc_identity_api_version == 3:
|
||||||
|
dct.update({
|
||||||
|
'project_name': self.rc_project_name,
|
||||||
|
'project_domain_name': self.rc_project_domain_name,
|
||||||
|
'user_domain_name': self.rc_user_domain_name
|
||||||
|
})
|
||||||
|
auth = v3.Password(**dct)
|
||||||
|
else:
|
||||||
|
dct.update({
|
||||||
|
'tenant_name': self.rc_tenant_name
|
||||||
|
})
|
||||||
|
auth = v2.Password(**dct)
|
||||||
|
return session.Session(auth=auth, verify=self.rc_cacert)
|
||||||
|
|
||||||
|
def __parse_openrc(self, file):
|
||||||
export_re = re.compile('export OS_([A-Z_]*)="?(.*)')
|
export_re = re.compile('export OS_([A-Z_]*)="?(.*)')
|
||||||
for line in openrc_contents.splitlines():
|
for line in file:
|
||||||
line = line.strip()
|
line = line.strip()
|
||||||
mstr = export_re.match(line.strip())
|
mstr = export_re.match(line)
|
||||||
if mstr:
|
if mstr:
|
||||||
# get rif of posible trailing double quote
|
# get rif of posible trailing double quote
|
||||||
# the first one was removed by the re
|
# the first one was removed by the re
|
||||||
name, value = mstr.group(1), mstr.group(2)
|
name = mstr.group(1)
|
||||||
|
value = mstr.group(2)
|
||||||
if value.endswith('"'):
|
if value.endswith('"'):
|
||||||
value = value[:-1]
|
value = value[:-1]
|
||||||
# get rid of password assignment
|
# get rid of password assignment
|
||||||
|
@ -61,7 +73,7 @@ class Credentials(object):
|
||||||
self.rc_identity_api_version = int(value)
|
self.rc_identity_api_version = int(value)
|
||||||
|
|
||||||
# now match against wanted variable names
|
# now match against wanted variable names
|
||||||
if name == 'USERNAME':
|
elif name == 'USERNAME':
|
||||||
self.rc_username = value
|
self.rc_username = value
|
||||||
elif name == 'AUTH_URL':
|
elif name == 'AUTH_URL':
|
||||||
self.rc_auth_url = value
|
self.rc_auth_url = value
|
||||||
|
@ -73,39 +85,39 @@ class Credentials(object):
|
||||||
self.rc_region_name = value
|
self.rc_region_name = value
|
||||||
elif name == "PASSWORD":
|
elif name == "PASSWORD":
|
||||||
self.rc_password = value
|
self.rc_password = value
|
||||||
|
elif name == "USER_DOMAIN_NAME":
|
||||||
|
self.rc_user_domain_name = value
|
||||||
elif name == "PROJECT_NAME":
|
elif name == "PROJECT_NAME":
|
||||||
self.rc_project_name = value
|
self.rc_project_name = value
|
||||||
elif name == "PROJECT_DOMAIN_NAME":
|
elif name == "PROJECT_DOMAIN_NAME":
|
||||||
self.rc_project_domain_name = value
|
self.rc_project_domain_name = value
|
||||||
elif name == "USER_DOMAIN_NAME":
|
|
||||||
self.rc_user_domain_name = value
|
|
||||||
|
|
||||||
|
#
|
||||||
# Read a openrc file and take care of the password
|
# Read a openrc file and take care of the password
|
||||||
# The 2 args are passed from the command line and can be None
|
# The 2 args are passed from the command line and can be None
|
||||||
def __init__(self, openrc_file=None, openrc_contents=None, pwd=None, no_env=False):
|
#
|
||||||
|
def __init__(self, openrc_file, pwd, no_env):
|
||||||
self.rc_password = None
|
self.rc_password = None
|
||||||
self.rc_username = None
|
self.rc_username = None
|
||||||
self.rc_tenant_name = None
|
self.rc_tenant_name = None
|
||||||
self.rc_auth_url = None
|
self.rc_auth_url = None
|
||||||
self.rc_cacert = False
|
self.rc_cacert = None
|
||||||
self.rc_region_name = None
|
self.rc_region_name = None
|
||||||
self.rc_project_name = None
|
|
||||||
self.rc_project_domain_name = None
|
|
||||||
self.rc_user_domain_name = None
|
self.rc_user_domain_name = None
|
||||||
self.rc_identity_api_version = 2
|
self.rc_project_domain_name = None
|
||||||
self.openrc_contents = openrc_contents
|
self.rc_project_name = None
|
||||||
|
self.rc_identity_api_version = '2'
|
||||||
success = True
|
success = True
|
||||||
|
|
||||||
if openrc_file:
|
if openrc_file:
|
||||||
if os.path.exists(openrc_file):
|
if isinstance(openrc_file, str):
|
||||||
self.openrc_contents = open(openrc_file).read()
|
if os.path.exists(openrc_file):
|
||||||
|
self.__parse_openrc(open(openrc_file))
|
||||||
|
else:
|
||||||
|
LOG.error('Error: rc file does not exist %s', openrc_file)
|
||||||
|
success = False
|
||||||
else:
|
else:
|
||||||
LOG.error("rc file does not exist %s" % openrc_file)
|
self.__parse_openrc(openrc_file)
|
||||||
success = False
|
|
||||||
return
|
|
||||||
|
|
||||||
if self.openrc_contents:
|
|
||||||
self._init_with_openrc_(self.openrc_contents)
|
|
||||||
elif not no_env:
|
elif not no_env:
|
||||||
# no openrc file passed - we assume the variables have been
|
# no openrc file passed - we assume the variables have been
|
||||||
# sourced by the calling shell
|
# sourced by the calling shell
|
||||||
|
@ -122,10 +134,8 @@ class Credentials(object):
|
||||||
self.rc_username = os.environ['OS_USERNAME']
|
self.rc_username = os.environ['OS_USERNAME']
|
||||||
self.rc_auth_url = os.environ['OS_AUTH_URL']
|
self.rc_auth_url = os.environ['OS_AUTH_URL']
|
||||||
self.rc_tenant_name = os.environ['OS_TENANT_NAME']
|
self.rc_tenant_name = os.environ['OS_TENANT_NAME']
|
||||||
|
|
||||||
if 'OS_REGION_NAME' in os.environ:
|
if 'OS_REGION_NAME' in os.environ:
|
||||||
self.rc_region_name = os.environ['OS_REGION_NAME']
|
self.rc_region_name = os.environ['OS_REGION_NAME']
|
||||||
|
|
||||||
elif self.rc_identity_api_version == 3:
|
elif self.rc_identity_api_version == 3:
|
||||||
for varname in ['OS_USERNAME', 'OS_AUTH_URL', 'OS_PROJECT_NAME',
|
for varname in ['OS_USERNAME', 'OS_AUTH_URL', 'OS_PROJECT_NAME',
|
||||||
'OS_PROJECT_DOMAIN_NAME', 'OS_USER_DOMAIN_NAME']:
|
'OS_PROJECT_DOMAIN_NAME', 'OS_USER_DOMAIN_NAME']:
|
||||||
|
@ -136,12 +146,12 @@ class Credentials(object):
|
||||||
self.rc_username = os.environ['OS_USERNAME']
|
self.rc_username = os.environ['OS_USERNAME']
|
||||||
self.rc_auth_url = os.environ['OS_AUTH_URL']
|
self.rc_auth_url = os.environ['OS_AUTH_URL']
|
||||||
self.rc_project_name = os.environ['OS_PROJECT_NAME']
|
self.rc_project_name = os.environ['OS_PROJECT_NAME']
|
||||||
self.rc_project_domain_name = os.environ['OS_PROJECT_DOMAIN_NAME']
|
self.rc_project_domain_id = os.environ['OS_PROJECT_DOMAIN_NAME']
|
||||||
self.rc_user_domain_name = os.environ['OS_USER_DOMAIN_NAME']
|
self.rc_user_domain_id = os.environ['OS_USER_DOMAIN_NAME']
|
||||||
|
|
||||||
if 'OS_CACERT' in os.environ:
|
if 'OS_CACERT' in os.environ:
|
||||||
self.rc_cacert = os.environ['OS_CACERT']
|
self.rc_cacert = os.environ['OS_CACERT']
|
||||||
|
|
||||||
|
|
||||||
# always override with CLI argument if provided
|
# always override with CLI argument if provided
|
||||||
if pwd:
|
if pwd:
|
||||||
self.rc_password = pwd
|
self.rc_password = pwd
|
||||||
|
|
|
@ -56,10 +56,7 @@ import time
|
||||||
|
|
||||||
# openstack python clients
|
# openstack python clients
|
||||||
import cinderclient
|
import cinderclient
|
||||||
from keystoneclient.auth.identity import v2 as keystone_v2
|
|
||||||
from keystoneclient.auth.identity import v3 as keystone_v3
|
|
||||||
from keystoneclient import client as keystoneclient
|
from keystoneclient import client as keystoneclient
|
||||||
from keystoneclient import session
|
|
||||||
import neutronclient
|
import neutronclient
|
||||||
from novaclient.exceptions import NotFound
|
from novaclient.exceptions import NotFound
|
||||||
from tabulate import tabulate
|
from tabulate import tabulate
|
||||||
|
@ -472,11 +469,7 @@ class KbCleaners(object):
|
||||||
def __init__(self, creds_obj, resources, dryrun):
|
def __init__(self, creds_obj, resources, dryrun):
|
||||||
self.cleaners = []
|
self.cleaners = []
|
||||||
creds = creds_obj.get_credentials()
|
creds = creds_obj.get_credentials()
|
||||||
if creds_obj.rc_identity_api_version == 3:
|
sess = creds.get_session()
|
||||||
auth = keystone_v3.Password(**creds)
|
|
||||||
else:
|
|
||||||
auth = keystone_v2.Password(**creds)
|
|
||||||
sess = session.Session(auth=auth, verify=creds_obj.rc_cacert)
|
|
||||||
for cleaner_type in [StorageCleaner, ComputeCleaner, NetworkCleaner, KeystoneCleaner]:
|
for cleaner_type in [StorageCleaner, ComputeCleaner, NetworkCleaner, KeystoneCleaner]:
|
||||||
self.cleaners.append(cleaner_type(sess, resources, dryrun))
|
self.cleaners.append(cleaner_type(sess, resources, dryrun))
|
||||||
|
|
||||||
|
|
|
@ -25,8 +25,8 @@ import webbrowser
|
||||||
|
|
||||||
import base_compute
|
import base_compute
|
||||||
import base_network
|
import base_network
|
||||||
from glanceclient import client as glanceclient
|
|
||||||
import glanceclient.exc as glance_exception
|
import glanceclient.exc as glance_exception
|
||||||
|
from glanceclient.v2 import client as glanceclient
|
||||||
from kb_config import KBConfig
|
from kb_config import KBConfig
|
||||||
from kb_res_logger import KBResLogger
|
from kb_res_logger import KBResLogger
|
||||||
from kb_runner_base import KBException
|
from kb_runner_base import KBException
|
||||||
|
@ -35,10 +35,9 @@ from kb_runner_multicast import KBRunner_Multicast
|
||||||
from kb_runner_storage import KBRunner_Storage
|
from kb_runner_storage import KBRunner_Storage
|
||||||
from kb_scheduler import KBScheduler
|
from kb_scheduler import KBScheduler
|
||||||
import kb_vm_agent
|
import kb_vm_agent
|
||||||
from keystoneclient.auth.identity import v2 as keystone_v2
|
|
||||||
from keystoneclient.auth.identity import v3 as keystone_v3
|
|
||||||
from keystoneclient import client as keystoneclient
|
from keystoneclient import client as keystoneclient
|
||||||
from keystoneclient import session
|
|
||||||
import log as logging
|
import log as logging
|
||||||
from novaclient import client as novaclient
|
from novaclient import client as novaclient
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
@ -56,19 +55,6 @@ __version__ = pbr.version.VersionInfo('kloudbuster').version_string_with_vcs()
|
||||||
class KBVMCreationException(Exception):
|
class KBVMCreationException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def create_auth_session(creds_obj):
|
|
||||||
"""
|
|
||||||
Return the authenticated session
|
|
||||||
"""
|
|
||||||
creds = creds_obj.get_credentials()
|
|
||||||
if creds_obj.rc_identity_api_version == 3:
|
|
||||||
auth = keystone_v3.Password(**creds)
|
|
||||||
else:
|
|
||||||
auth = keystone_v2.Password(**creds)
|
|
||||||
sess = session.Session(auth=auth, verify=creds_obj.rc_cacert)
|
|
||||||
|
|
||||||
return sess
|
|
||||||
|
|
||||||
class Kloud(object):
|
class Kloud(object):
|
||||||
def __init__(self, scale_cfg, cred, reusing_tenants,
|
def __init__(self, scale_cfg, cred, reusing_tenants,
|
||||||
testing_side=False, storage_mode=False, multicast_mode=False):
|
testing_side=False, storage_mode=False, multicast_mode=False):
|
||||||
|
@ -78,7 +64,7 @@ class Kloud(object):
|
||||||
self.reusing_tenants = reusing_tenants
|
self.reusing_tenants = reusing_tenants
|
||||||
self.storage_mode = storage_mode
|
self.storage_mode = storage_mode
|
||||||
self.multicast_mode = multicast_mode
|
self.multicast_mode = multicast_mode
|
||||||
self.osclient_session = create_auth_session(cred)
|
self.osclient_session = cred.get_session()
|
||||||
self.flavor_to_use = None
|
self.flavor_to_use = None
|
||||||
self.vm_up_count = 0
|
self.vm_up_count = 0
|
||||||
self.res_logger = KBResLogger()
|
self.res_logger = KBResLogger()
|
||||||
|
@ -92,10 +78,8 @@ class Kloud(object):
|
||||||
self.placement_az = scale_cfg['availability_zone'] \
|
self.placement_az = scale_cfg['availability_zone'] \
|
||||||
if scale_cfg['availability_zone'] else None
|
if scale_cfg['availability_zone'] else None
|
||||||
self.exc_info = None
|
self.exc_info = None
|
||||||
|
|
||||||
self.keystone = keystoneclient.Client(session=self.osclient_session,
|
self.keystone = keystoneclient.Client(session=self.osclient_session,
|
||||||
endpoint_type='publicURL')
|
endpoint_type='publicURL')
|
||||||
|
|
||||||
LOG.info("Creating kloud: " + self.prefix)
|
LOG.info("Creating kloud: " + self.prefix)
|
||||||
if self.placement_az:
|
if self.placement_az:
|
||||||
LOG.info('%s Availability Zone: %s' % (self.name, self.placement_az))
|
LOG.info('%s Availability Zone: %s' % (self.name, self.placement_az))
|
||||||
|
@ -299,7 +283,7 @@ class KloudBuster(object):
|
||||||
|
|
||||||
def get_hypervisor_list(self, cred):
|
def get_hypervisor_list(self, cred):
|
||||||
ret_list = []
|
ret_list = []
|
||||||
sess = create_auth_session(cred)
|
sess = cred.get_session()
|
||||||
nova_client = novaclient('2', endpoint_type='publicURL',
|
nova_client = novaclient('2', endpoint_type='publicURL',
|
||||||
http_log_debug=True, session=sess)
|
http_log_debug=True, session=sess)
|
||||||
for hypervisor in nova_client.hypervisors.list():
|
for hypervisor in nova_client.hypervisors.list():
|
||||||
|
@ -310,7 +294,7 @@ class KloudBuster(object):
|
||||||
|
|
||||||
def get_az_list(self, cred):
|
def get_az_list(self, cred):
|
||||||
ret_list = []
|
ret_list = []
|
||||||
sess = create_auth_session(cred)
|
sess = cred.get_session()
|
||||||
nova_client = novaclient('2', endpoint_type='publicURL',
|
nova_client = novaclient('2', endpoint_type='publicURL',
|
||||||
http_log_debug=True, session=sess)
|
http_log_debug=True, session=sess)
|
||||||
for az in nova_client.availability_zones.list():
|
for az in nova_client.availability_zones.list():
|
||||||
|
@ -323,14 +307,14 @@ class KloudBuster(object):
|
||||||
|
|
||||||
def check_and_upload_images(self, retry_count=150):
|
def check_and_upload_images(self, retry_count=150):
|
||||||
retry = 0
|
retry = 0
|
||||||
creds_list = [create_auth_session(self.server_cred),
|
creds_list = [self.server_cred.get_session(),
|
||||||
create_auth_session(self.client_cred)]
|
self.client_cred.get_session()]
|
||||||
creds_dict = dict(zip(['Server kloud', 'Client kloud'], creds_list))
|
creds_dict = dict(zip(['Server kloud', 'Client kloud'], creds_list))
|
||||||
img_name_dict = dict(zip(['Server kloud', 'Client kloud'],
|
img_name_dict = dict(zip(['Server kloud', 'Client kloud'],
|
||||||
[self.server_cfg.image_name, self.client_cfg.image_name]))
|
[self.server_cfg.image_name, self.client_cfg.image_name]))
|
||||||
|
|
||||||
for kloud, sess in creds_dict.items():
|
for kloud, sess in creds_dict.items():
|
||||||
glance_client = glanceclient.Client('1', session=sess)
|
glance_client = glanceclient.Client('2', session=sess)
|
||||||
try:
|
try:
|
||||||
# Search for the image
|
# Search for the image
|
||||||
img = glance_client.images.list(filters={'name': img_name_dict[kloud]}).next()
|
img = glance_client.images.list(filters={'name': img_name_dict[kloud]}).next()
|
||||||
|
|
|
@ -2,19 +2,29 @@
|
||||||
# of appearance. Changing the order has an impact on the overall integration
|
# of appearance. Changing the order has an impact on the overall integration
|
||||||
# process, which may cause wedges in the gate later.
|
# process, which may cause wedges in the gate later.
|
||||||
|
|
||||||
pbr>=1.3
|
|
||||||
Babel>=1.3
|
|
||||||
|
|
||||||
futures>=3.0.5
|
|
||||||
python-openstackclient>=2.2.0
|
|
||||||
python-neutronclient>=4.0.0
|
|
||||||
attrdict>=2.0.0
|
|
||||||
hdrhistogram>=0.3.1
|
|
||||||
oslo.log>=1.0.0
|
|
||||||
pecan>=0.9.0
|
|
||||||
redis>=2.10.3
|
|
||||||
tabulate>=0.7.3
|
|
||||||
pytz>=2016.4
|
pytz>=2016.4
|
||||||
|
pbr>=3.0.1
|
||||||
|
Babel>=2.3.4
|
||||||
|
|
||||||
|
futures>=3.1.1
|
||||||
|
python-cinderclient>=2.0.1
|
||||||
|
python-glanceclient>=2.6.0
|
||||||
|
python-openstackclient>=3.11.0
|
||||||
|
python-neutronclient>=6.2.0
|
||||||
|
# migrate security group API to neutron client before moving to nova client 8.0.0
|
||||||
|
python-novaclient<8.0.0
|
||||||
|
python-keystoneclient>=3.10.0
|
||||||
|
attrdict>=2.0.0
|
||||||
|
hdrhistogram>=0.5.2
|
||||||
|
# ipaddress is required to get TLS working
|
||||||
|
# otherwise certificates with numeric IP addresses in the ServerAltName field will fail
|
||||||
|
ipaddress>= 1.0.16
|
||||||
|
oslo.config>=4.1.1
|
||||||
|
oslo.log>=3.26.1
|
||||||
|
pecan>=1.2.1
|
||||||
|
redis>=2.10.5
|
||||||
|
tabulate>=0.7.7
|
||||||
|
pyyaml>=3.12
|
||||||
|
|
||||||
# Workaround for pip install failed on RHEL/CentOS
|
# Workaround for pip install failed on RHEL/CentOS
|
||||||
functools32>=3.2.3
|
functools32>=3.2.3
|
||||||
|
|
Loading…
Reference in New Issue