x
/
novajoin
Code Issues Proposed changes

Initial commit of REST/notification services 

This is based heavily on the WSGI code in cinder.

There are two services: a REST service and a notification
listener.

Currently both log only to stdout.

The configuration file join.conf controls the REST service.

nova configuration should look like this (assuming the REST
service is running on the nova compute host).

vendordata_providers = StaticJSON, DynamicJSON
vendordata_dynamic_targets = 'join@http://127.0.0.1:9999/v1/'
vendordata_driver = nova.api.metadata.vendordata_http.HTTPFileVendorData
vendordata_dynamic_connect_timeout = 5
vendordata_dynamic_read_timeout = 30
vendordata_jsonfile_path = /etc/nova/cloud-config.json

For the notification service like this:

notification_driver = messaging
notification_topic = notifications
notify_on_state_change = vm_state

Authentication is disabled in api-paste.ini for now.
This commit is contained in:
Rob Crittenden 2016-07-05 19:53:11 +00:00
parent 422e5e9ebf
commit 1c51140028
17 changed files with 1846 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@ -1,9 +1,24 @@
==== WARNING ====
These instructions are incomplete and DO NOT WORK
novajoin Package
==================
This Python package provides a hook in the OpenStack nova compute
service to manage host instantiation in an IPA server.
This Python package provides a vendordata plugin for the OpenStack nova
metadata service to manage host instantiation in an IPA server.
It consists of two services:
- REST service
- notification listener
The REST service will respond to dynamic requests from the nova metadata
server. This is used to add hosts into IPA.
The notification listener will handle instance delete requests and remove
the appropriate host from IPA.
Build
=====
@ -24,7 +39,7 @@ In this directory, run:
Configuration
=============
Run novajoin-install to install and configure the hooks on a
Run novajoin-install to install and configure the plugin on a
pre-installed nova server.
Pre-requisites
@ -58,10 +73,10 @@ The installer takes the following options:
password is obtained interactively
--password-file: the file containing the password for the principal.
Hook Configuration
Metadata REST Service Configuration
==================
The hook is configured in /etc/nova/ipaclient.conf in the DEFAULT
The REST service is configured in /etc/nova/ipaclient.conf in the DEFAULT
section. It provides the following options:
url: The JSON RPC URL to an IPA server, e.g. https://ipa.host.domain/ipa/json

29
files/api-paste.ini Normal file
View File

@ -0,0 +1,29 @@
[composite:join]
use = call:novajoin.base:root_app_factory
/v1: join_v1
[pipeline:join_v1]
pipeline = cors joinv1app
#[composite:join_v1]
#use = call:middleware:pipeline_factory_auth
##keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_ratelimit osapi_compute_app_legacy_v2
#keystone = cors authtoken join_v1
[app:joinv1app]
paste.app_factory = novajoin.join:Join.factory
[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = join
latent_allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID, X-Trace-Info, X-Trace-HMAC, OpenStack-Volume-microversion
latent_expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID, OpenStack-Volume-microversion
latent_allow_methods = GET, PUT, POST, DELETE, PATCH
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
oslo_config_project = join
auth_url = http://192.168.0.253:35357
auth_protocol=http
auth_host=192.168.0.253
auth_port=35357

2
files/cloud-config.json
View File

@ -1 +1 @@
{"cloud-init": "#cloud-config\nsystem_info:\n default_user:\n name: cloud-user\n plain_text_passwd: password\n lock_passwd: False\npackages:\n - python-simplejson\n - ipa-client\n - ipa-admintools\n - openldap-clients\nruncmd:\n - sh -x /tmp/setup-ipa-client.sh > /var/log/setup-ipa-client.sh.log 2>&1"}
{"cloud-init": "#cloud-config\npackages:\n - python-simplejson\n - ipa-client\n - ipa-admintools\n - openldap-clients\nwrite_files:\n - content: |\n #!/bin/sh\n \n # Get the instance hostname out of the metadata\n #data=`curl http://169.254.169.254/openstack/latest/meta_data.json 2>/dev/null`\n data=`curl http://169.254.169.254/openstack/2016-04-30/vendor_data2.json 2>/dev/null`\n if [[ $? != 0 ]] ; then\n echo \"Unable to retrieve metadata\"\n exit 1\n fi\n \n # Hacky, need to get the join value specifically\n fqdn=`echo $data | python -m json.tool | grep '\"hostname\"' | awk '{ print $2 }' | sed 's/,//' | sed 's/\"//g'`\n \n if [ -z \"$fqdn\" ]; then\n echo \"Unable to determine hostname\"\n exit 1\n fi\n \n # Hacky, also need to fetch join here\n otp=`echo $data | python -m json.tool | grep '\"ipaotp\"' | awk '{ print $2 }' | sed 's/,//' | sed 's/\"//g'`\n\n # run ipa-client-install\n ipa-client-install -U -w $otp --hostname $fqdn\n path: /root/setup-ipa-client.sh\n permissions: '0700'\n owner: root:root\nruncmd:\n- sh -x /root/setup-ipa-client.sh > /var/log/setup-ipa-client.log 2>&1"}

3
files/freeipa.json
View File

@ -7,7 +7,8 @@
"name": "OS::Glance::Image"
},
{
"name": "OS::Nova::Instance"
"name": "OS::Nova::Server",
"properties_target": "metadata"
}
],
"objects": [

24
files/join.conf Normal file
View File

@ -0,0 +1,24 @@
[DEFAULT]
join_listen_port = 9999
api_paste_config = /path/to/api-paste.ini
debug = True
auth_strategy=keystone
keytab = /path/to/krb5.keytab
url = https://ipa.example.com/ipa/json
service_name = HTTP@ipa.example.com
cacert = /etc/ipa/ca.crt
connect_retries = 1
[keystone_authtoken]
memcache_servers = 192.168.0.253:11211
signing_dir = /var/cache/nova
cafile = /path/to/ca-bundle.pem
auth_uri = http://192.168.0.253:5000
project_domain_id = default
project_name = service
user_domain_id = default
password = password
username = nova
auth_url = http://192.168.0.253:35357
auth_type = password

13
novajoin/__init__.py Normal file
View File

@ -0,0 +1,13 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

747
novajoin/base.py Normal file
View File

@ -0,0 +1,747 @@
# Copyright 2010 United States Government as represented by the
# Administrator of the National Aeronautics and Space Administration.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import paste.urlmap
import routes
import webob.dec
from oslo_utils import excutils
from oslo_log import log
from oslo_serialization import jsonutils
from oslo_config import cfg
import six
import six.moves.urllib.parse as urlparse
import webob.exc
from novajoin import exception
from oslo_service import wsgi
from oslo_utils import strutils
CONF = cfg.CONF
LOG = log.getLogger(__name__)
# Drop all this extra kruft
SUPPORTED_CONTENT_TYPES = (
'application/json',
)
_MEDIA_TYPE_MAP = {
'application/json': 'json',
}
class Request(webob.Request):
def get_content_type(self):
"""Determine content type of the request body.
Does not do any body introspection, only checks header
"""
if "Content-Type" not in self.headers:
return None
allowed_types = SUPPORTED_CONTENT_TYPES
content_type = self.content_type
if content_type not in allowed_types:
raise exception.InvalidContentType(content_type=content_type)
return content_type
class Application(object):
@classmethod
def factory(cls, global_config, **local_config):
"""Used for paste app factories in paste.deploy config files.
Any local configuration (that is, values under the [app:APPNAME]
section of the paste config) will be passed into the `__init__` method
as kwargs.
A hypothetical configuration would look like:
[app:wadl]
latest_version = 1.3
paste.app_factory = cinder.api.fancy_api:Wadl.factory
which would result in a call to the `Wadl` class as
import cinder.api.fancy_api
fancy_api.Wadl(latest_version='1.3')
You could of course re-implement the `factory` method in subclasses,
but using the kwarg passing it shouldn't be necessary.
"""
return cls(**local_config)
def __call__(self, environ, start_response):
r"""Subclasses will probably want to implement __call__ like this:
@webob.dec.wsgify(RequestClass=Request)
def __call__(self, req):
# Any of the following objects work as responses:
# Option 1: simple string
res = 'message\n'
# Option 2: a nicely formatted HTTP exception page
res = exc.HTTPForbidden(explanation='Nice try')
# Option 3: a webob Response object (in case you need to play with
# headers, or you want to be treated like an iterable)
res = Response();
res.app_iter = open('somefile')
# Option 4: any wsgi app to be run next
res = self.application
# Option 5: you can get a Response object for a wsgi app, too, to
# play with headers etc
res = req.get_response(self.application)
# You can then just return your response...
return res
# ... or set req.response and return None.
req.response = res
See the end of http://pythonpaste.org/webob/modules/dec.html
for more info.
"""
raise NotImplementedError('You must implement __call__')
def root_app_factory(loader, global_conf, **local_conf):
return paste.urlmap.urlmap_factory(loader, global_conf, **local_conf)
class APIMapper(routes.Mapper):
def routematch(self, url=None, environ=None):
if url is "":
result = self._match("", environ)
return result[0], result[1]
return routes.Mapper.routematch(self, url, environ)
def connect(self, *args, **kwargs):
kwargs.setdefault('requirements', {})
if not kwargs['requirements'].get('format'):
kwargs['requirements']['format'] = 'json'
return routes.Mapper.connect(self, *args, **kwargs)
class ProjectMapper(APIMapper):
def resource(self, member_name, collection_name, **kwargs):
if 'parent_resource' not in kwargs:
kwargs['path_prefix'] = '{project_id}/'
else:
parent_resource = kwargs['parent_resource']
p_collection = parent_resource['collection_name']
p_member = parent_resource['member_name']
kwargs['path_prefix'] = '{project_id}/%s/:%s_id' % (p_collection,
p_member)
routes.Mapper.resource(self,
member_name,
collection_name,
**kwargs)
class APIRouter(wsgi.Router):
"""Routes requests on the API to the appropriate controller and method."""
ExtensionManager = None # override in subclasses
@classmethod
def factory(cls, global_config, **local_config):
"""Simple paste factory, :class:`cinder.wsgi.Router` doesn't have."""
return cls()
def __init__(self, ext_mgr=None):
mapper = ProjectMapper()
self.resources = {}
self._setup_routes(mapper, ext_mgr)
super(APIRouter, self).__init__(mapper)
def _setup_routes(self, mapper, ext_mgr):
raise NotImplementedError
class ActionDispatcher(object):
"""Maps method name to local methods through action name."""
def dispatch(self, *args, **kwargs):
"""Find and call local method."""
action = kwargs.pop('action', 'default')
action_method = getattr(self, six.text_type(action), self.default)
return action_method(*args, **kwargs)
def default(self, data):
raise NotImplementedError()
class TextDeserializer(ActionDispatcher):
"""Default request body deserialization."""
def deserialize(self, datastring, action='default'):
return self.dispatch(datastring, action=action)
def default(self, datastring):
return {}
class JSONDeserializer(TextDeserializer):
def _from_json(self, datastring):
try:
return jsonutils.loads(datastring)
except ValueError:
msg = "cannot understand JSON"
raise exception.MalformedRequestBody(reason=msg)
def default(self, datastring):
return {'body': self._from_json(datastring)}
class DictSerializer(ActionDispatcher):
"""Default request body serialization."""
def serialize(self, data, action='default'):
return self.dispatch(data, action=action)
def default(self, data):
return ""
class JSONDictSerializer(DictSerializer):
"""Default JSON request body serialization."""
def default(self, data):
return jsonutils.dump_as_bytes(data)
def action_peek_json(body):
"""Determine action to invoke."""
try:
decoded = jsonutils.loads(body)
except ValueError:
msg = "cannot understand JSON"
raise exception.MalformedRequestBody(reason=msg)
# Make sure there's exactly one key...
if len(decoded) != 1:
msg = "too many body keys"
raise exception.MalformedRequestBody(reason=msg)
# Return the action and the decoded body...
return list(decoded.keys())[0]
class ResponseObject(object):
"""Bundles a response object with appropriate serializers.
Object that app methods may return in order to bind alternate
serializers with a response object to be serialized. Its use is
optional.
"""
def __init__(self, obj, code=None, headers=None, **serializers):
"""Binds serializers with an object.
Takes keyword arguments akin to the @serializer() decorator
for specifying serializers. Serializers specified will be
given preference over default serializers or method-specific
serializers on return.
"""
self.obj = obj
self.serializers = serializers
self._default_code = 200
self._code = code
self._headers = headers or {}
self.serializer = None
self.media_type = None
def __getitem__(self, key):
"""Retrieves a header with the given name."""
return self._headers[key.lower()]
def __setitem__(self, key, value):
"""Sets a header with the given name to the given value."""
self._headers[key.lower()] = value
def __delitem__(self, key):
"""Deletes the header with the given name."""
del self._headers[key.lower()]
def _bind_method_serializers(self, meth_serializers):
"""Binds method serializers with the response object.
Binds the method serializers with the response object.
Serializers specified to the constructor will take precedence
over serializers specified to this method.
:param meth_serializers: A dictionary with keys mapping to
response types and values containing
serializer objects.
"""
# We can't use update because that would be the wrong
# precedence
for mtype, serializer in meth_serializers.items():
self.serializers.setdefault(mtype, serializer)
def get_serializer(self, content_type, default_serializers=None):
"""Returns the serializer for the wrapped object.
Returns the serializer for the wrapped object subject to the
indicated content type. If no serializer matching the content
type is attached, an appropriate serializer drawn from the
default serializers will be used. If no appropriate
serializer is available, raises InvalidContentType.
"""
default_serializers = default_serializers or {}
try:
mtype = _MEDIA_TYPE_MAP.get(content_type, content_type)
if mtype in self.serializers:
return mtype, self.serializers[mtype]
else:
return mtype, default_serializers[mtype]
except (KeyError, TypeError):
raise exception.InvalidContentType(content_type=content_type)
def preserialize(self, content_type, default_serializers=None):
"""Prepares the serializer that will be used to serialize.
Determines the serializer that will be used and prepares an
instance of it for later call. This allows the serializer to
be accessed by extensions for, e.g., template extension.
"""
mtype, serializer = self.get_serializer(content_type,
default_serializers)
self.media_type = mtype
self.serializer = serializer()
def attach(self, **kwargs):
"""Attach slave templates to serializers."""
if self.media_type in kwargs:
self.serializer.attach(kwargs[self.media_type])
def serialize(self, request, content_type, default_serializers=None):
"""Serializes the wrapped object.
Utility method for serializing the wrapped object. Returns a
webob.Response object.
"""
if self.serializer:
serializer = self.serializer
else:
_mtype, _serializer = self.get_serializer(content_type,
default_serializers)
serializer = _serializer()
response = webob.Response()
response.status_int = self.code
for hdr, value in self._headers.items():
response.headers[hdr] = six.text_type(value)
response.headers['Content-Type'] = six.text_type(content_type)
if self.obj is not None:
body = serializer.serialize(self.obj)
if isinstance(body, six.text_type):
body = body.encode('utf-8')
response.body = body
return response
@property
def code(self):
"""Retrieve the response status."""
return self._code or self._default_code
@property
def headers(self):
"""Retrieve the headers."""
return self._headers.copy()
class ResourceExceptionHandler(object):
"""Context manager to handle Resource exceptions.
Used when processing exceptions generated by API implementation
methods (or their extensions). Converts most exceptions to Fault
exceptions, with the appropriate logging.
"""
def __enter__(self):
return None
def __exit__(self, ex_type, ex_value, ex_traceback):
if not ex_value:
return True
if isinstance(ex_value, exception.NotAuthorized):
msg = six.text_type(ex_value)
raise Fault(webob.exc.HTTPForbidden(explanation=msg))
elif isinstance(ex_value, exception.Invalid):
raise Fault(exception.ConvertedException(
code=ex_value.code, explanation=six.text_type(ex_value)))
elif isinstance(ex_value, TypeError):
exc_info = (ex_type, ex_value, ex_traceback)
LOG.error(
'Exception handling resource: %s',
ex_value, exc_info=exc_info)
raise Fault(webob.exc.HTTPBadRequest())
elif isinstance(ex_value, Fault):
LOG.info("Fault thrown: %s", six.text_type(ex_value))
raise ex_value
elif isinstance(ex_value, webob.exc.HTTPException):
LOG.info("HTTP exception thrown: %s", six.text_type(ex_value))
raise Fault(ex_value)
LOG.info("HTTP exception thrown: %s", six.text_type(ex_value))
#raise Fault("something bad happened")
# We didn't handle the exception
return False
class Resource(Application):
support_api_request_version = False
def __init__(self, controller, action_peek=None, **deserializers):
"""Initialize Resource.
:param controller: object that implement methods created by routes lib
:param action_peek: dictionary of routines for peeking into an action
request body to determine the desired action
"""
self.controller = controller
default_deserializers = dict(json=JSONDeserializer)
default_deserializers.update(deserializers)
self.default_deserializers = default_deserializers
self.default_serializers = dict(json=JSONDictSerializer)
self.action_peek = dict(json=action_peek_json)
self.action_peek.update(action_peek or {})
# Copy over the actions dictionary
self.wsgi_actions = {}
if controller:
self.register_actions(controller)
# Save a mapping of extensions
self.wsgi_extensions = {}
self.wsgi_action_extensions = {}
def register_actions(self, controller):
"""Registers controller actions with this resource."""
actions = getattr(controller, 'wsgi_actions', {})
for key, method_name in actions.items():
self.wsgi_actions[key] = getattr(controller, method_name)
def register_extensions(self, controller):
"""Registers controller extensions with this resource."""
extensions = getattr(controller, 'wsgi_extensions', [])
for method_name, action_name in extensions:
# Look up the extending method
extension = getattr(controller, method_name)
if action_name:
# Extending an action...
if action_name not in self.wsgi_action_extensions:
self.wsgi_action_extensions[action_name] = []
self.wsgi_action_extensions[action_name].append(extension)
else:
# Extending a regular method
if method_name not in self.wsgi_extensions:
self.wsgi_extensions[method_name] = []
self.wsgi_extensions[method_name].append(extension)
def get_action_args(self, request_environment):
"""Parse dictionary created by routes library."""
# NOTE(Vek): Check for get_action_args() override in the
# controller
if hasattr(self.controller, 'get_action_args'):
return self.controller.get_action_args(request_environment)
try:
args = request_environment['wsgiorg.routing_args'][1].copy()
except (KeyError, IndexError, AttributeError):
return {}
try:
del args['controller']
except KeyError:
pass
try:
del args['format']
except KeyError:
pass
return args
def get_body(self, request):
params = urlparse.parse_qs(request.query_string)
if len(request.body) == 0:
LOG.debug("Empty body provided in request")
return None, params
try:
content_type = request.get_content_type()
except exception.InvalidContentType:
LOG.debug("Unrecognized Content-Type provided in request")
return None, ''
if not content_type:
LOG.debug("No Content-Type provided in request")
return None, ''
return content_type, request.body
def deserialize(self, meth, content_type, body):
meth_deserializers = getattr(meth, 'wsgi_deserializers', {})
try:
mtype = _MEDIA_TYPE_MAP.get(content_type, content_type)
if mtype in meth_deserializers:
deserializer = meth_deserializers[mtype]
else:
deserializer = self.default_deserializers[mtype]
except (KeyError, TypeError):
raise exception.InvalidContentType(content_type=content_type)
return deserializer().deserialize(body)
@webob.dec.wsgify(RequestClass=Request)
def __call__(self, request):
"""WSGI method that controls (de)serialization and method dispatch."""
LOG.info("%(method)s %(url)s",
{"method": request.method,
"url": request.url})
# Identify the action, its arguments, and the requested
# content type
action_args = self.get_action_args(request.environ)
action = action_args.pop('action', None)
content_type, body = self.get_body(request)
accept = 'application/json'
# NOTE(Vek): Splitting the function up this way allows for
# auditing by external tools that wrap the existing
# function. If we try to audit __call__(), we can
# run into troubles due to the @webob.dec.wsgify()
# decorator.
return self._process_stack(request, action, action_args,
content_type, body, accept)
def _process_stack(self, request, action, action_args,
content_type, body, accept):
"""Implement the processing stack."""
# Get the implementing method
try:
meth, extensions = self.get_method(request, action,
content_type, body)
except (AttributeError, TypeError):
return Fault(webob.exc.HTTPNotFound())
except KeyError as ex:
msg = "There is no such action: %s" % ex.args[0]
return Fault(webob.exc.HTTPBadRequest(explanation=msg))
except exception.MalformedRequestBody:
msg = "Malformed request body"
return Fault(webob.exc.HTTPBadRequest(explanation=msg))
if body:
msg = ("Action: '%(action)s', calling method: %(meth)s, body: "
"%(body)s") % {'action': action,
'body': six.text_type(body),
'meth': six.text_type(meth)}
LOG.debug(strutils.mask_password(msg))
else:
LOG.debug("Calling method '%(meth)s'",
{'meth': six.text_type(meth)})
# Now, deserialize the request body...
try:
if content_type:
contents = self.deserialize(meth, content_type, body)
else:
contents = body
except exception.InvalidContentType:
msg = "Unsupported Content-Type"
return Fault(webob.exc.HTTPBadRequest(explanation=msg))
except exception.MalformedRequestBody:
msg = "Malformed request body"
return Fault(webob.exc.HTTPBadRequest(explanation=msg))
# Update the action args
action_args.update(contents)
project_id = action_args.pop("project_id", None)
context = request.environ.get('cinder.context')
if context and project_id and (project_id != context.project_id):
msg = "Malformed request url"
return Fault(webob.exc.HTTPBadRequest(explanation=msg))
response = None
try:
with ResourceExceptionHandler():
action_result = self.dispatch(meth, request, action_args)
except Fault as ex:
response = ex
if not response:
# No exceptions; convert action_result into a
# ResponseObject
resp_obj = None
if isinstance(action_result, dict) or action_result is None:
resp_obj = ResponseObject(action_result)
elif isinstance(action_result, ResponseObject):
resp_obj = action_result
else:
response = action_result
# Run post-processing extensions
if resp_obj:
# Do a preserialize to set up the response object
serializers = getattr(meth, 'wsgi_serializers', {})
resp_obj._bind_method_serializers(serializers)
if hasattr(meth, 'wsgi_code'):
resp_obj._default_code = meth.wsgi_code
resp_obj.preserialize(accept, self.default_serializers)
if resp_obj:
response = resp_obj.serialize(request, accept,
self.default_serializers)
try:
msg_dict = dict(url=request.url, status=response.status_int)
msg = "%(url)s returned with HTTP %(status)d"
except AttributeError as e:
msg_dict = dict(url=request.url, e=e)
msg = "%(url)s returned a fault: %(e)s"
LOG.info(msg, msg_dict)
if hasattr(response, 'headers'):
for hdr, val in response.headers.items():
# Headers must be utf-8 strings
try:
# python 2.x
response.headers[hdr] = val.encode('utf-8')
except Exception:
# python 3.x
response.headers[hdr] = six.text_type(val)
return response
def get_method(self, request, action, content_type, body):
"""Look up the action-specific method and its extensions."""
# Look up the method
try:
if not self.controller:
meth = getattr(self, action)
else:
meth = getattr(self.controller, action)
except AttributeError as e:
with excutils.save_and_reraise_exception(e) as ctxt:
if (not self.wsgi_actions or action not in ['action',
'create',
'delete',
'update']):
LOG.exception('Get method error.')
else:
ctxt.reraise = False
else:
return meth, self.wsgi_extensions.get(action, [])
if action == 'action':
# OK, it's an action; figure out which action...
mtype = _MEDIA_TYPE_MAP.get(content_type)
action_name = self.action_peek[mtype](body)
LOG.debug("Action body: %s", body)
else:
action_name = action
# Look up the action method
return (self.wsgi_actions[action_name],
self.wsgi_action_extensions.get(action_name, []))
def dispatch(self, method, request, action_args):
"""Dispatch a call to the action-specific method."""
return method(req=request, **action_args)
class Fault(webob.exc.HTTPException):
"""Wrap webob.exc.HTTPException to provide API friendly response."""
_fault_names = {400: "badRequest",
401: "unauthorized",
403: "forbidden",
404: "itemNotFound",
405: "badMethod",
409: "conflictingRequest",
413: "overLimit",
415: "badMediaType",
501: "notImplemented",
503: "serviceUnavailable"}
def __init__(self, exc):
"""Create a Fault for the given webob.exc.exception."""
self.wrapped_exc = exc
self.status_int = exc.status_int
@webob.dec.wsgify(RequestClass=Request)
def __call__(self, req):
"""Generate a WSGI response based on the exception passed to ctor."""
# Replace the body with fault details.
code = self.wrapped_exc.status_int
fault_name = self._fault_names.get(code, "computeFault")
explanation = self.wrapped_exc.explanation
fault_data = {
fault_name: {
'code': code,
'message': explanation}}
if code == 413:
retry = self.wrapped_exc.headers.get('Retry-After', None)
if retry:
fault_data[fault_name]['retryAfter'] = retry
content_type = 'application/json'
serializer = {
'application/json': JSONDictSerializer(),
}[content_type]
body = serializer.serialize(fault_data)
if isinstance(body, six.text_type):
body = body.encode('utf-8')
self.wrapped_exc.body = body
self.wrapped_exc.content_type = content_type
return self.wrapped_exc
def __str__(self):
return self.wrapped_exc.__str__()

45
novajoin/cache.py Normal file
View File

@ -0,0 +1,45 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sqlite3
class Cache(object):
def __init__(self):
self.conn = self._getconn()
self.conn.execute('''CREATE TABLE IF NOT EXISTS cache
(id TEXT PRIMARY KEY NOT NULL,
data TEXT NOT NULL);''')
self.conn.close()
def _getconn(self):
self.conn = sqlite3.connect('test.db')
def add(self, id, data):
self._getconn()
s = ("INSERT INTO cache (id, data) VALUES (\'{id}\', \'{data}\')".format(id=id, data=data));
self.conn.execute(s)
self.conn.commit()
self.conn.close()
def get(self, id):
data = None
self._getconn()
cursor = self.conn.execute("SELECT id, data from cache where id=\'%s\'" % id)
for row in cursor:
data = row[1]
self.conn.close()
return data

62
novajoin/config.py Normal file
View File

@ -0,0 +1,62 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_log import log
service_opts = [
cfg.StrOpt('join_listen',
default="0.0.0.0",
help='IP address to listen on'),
cfg.PortOpt('join_listen_port',
default=9090,
help='Port to listen on'),
cfg.StrOpt('url', default=None,
help='IPA JSON RPC URL (e.g. '
'https://ipa.host.domain/ipa/json)'),
cfg.StrOpt('keytab', default='/etc/krb5.keytab',
help='Kerberos client keytab file'),
cfg.StrOpt('service_name', default=None,
help='HTTP IPA Kerberos service name '
'(e.g. HTTP@ipa.host.domain)'),
cfg.StrOpt('domain', default='test',
help='Domain for new hosts'),
cfg.IntOpt('connect_retries', default=1,
help='How many times to attempt to retry '
'the connection to IPA before giving up'),
cfg.BoolOpt('project_subdomain', default=False,
help='Treat the project as a DNS subdomain '
'so a hostname would take the form: '
'instance.project.domain'),
cfg.BoolOpt('normalize_project', default=True,
help='Normalize the project name to be a valid DNS label'),
]
#CONF = cfg.ConfigOpts()
CONF = cfg.CONF
CONF.register_opts(service_opts)
log.register_options(CONF)
# CONF(sys.argv[1:], project='join', version='1.0.0')
# log.setup(CONF, 'join')
# launcher = process_launcher()
# server = WSGIService('join')
# launcher.launch_service(server, workers=server.workers)
# launcher.wait()
#
#
#if __name__ == '__main__':
# main()

130
novajoin/exception.py Normal file
View File

@ -0,0 +1,130 @@
# Copyright 2010 United States Government as represented by the
# Administrator of the National Aeronautics and Space Administration.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Join base exception handling. Based on exception.py from cinder project
"""
import sys
from oslo_log import log as logging
import six
import webob.exc
from webob.util import status_generic_reasons
from webob.util import status_reasons
LOG = logging.getLogger(__name__)
class ConvertedException(webob.exc.WSGIHTTPException):
def __init__(self, code=500, title="", explanation=""):
self.code = code
# There is a strict rule about constructing status line for HTTP:
# '...Status-Line, consisting of the protocol version followed by a
# numeric status code and its associated textual phrase, with each
# element separated by SP characters'
# (http://www.faqs.org/rfcs/rfc2616.html)
# 'code' and 'title' can not be empty because they correspond
# to numeric status code and its associated text
if title:
self.title = title
else:
try:
self.title = status_reasons[self.code]
except KeyError:
generic_code = self.code // 100
self.title = status_generic_reasons[generic_code]
self.explanation = explanation
super(ConvertedException, self).__init__()
class JoinException(Exception):
"""Base Join Exception
To correctly use this class, inherit from it and define
a 'message' property. That message will get printf'd
with the keyword arguments provided to the constructor.
"""
message = "An unknown exception occurred."
code = 500
headers = {}
safe = False
def __init__(self, message=None, **kwargs):
self.kwargs = kwargs
self.kwargs['message'] = message
if 'code' not in self.kwargs:
try:
self.kwargs['code'] = self.code
except AttributeError:
pass
for k, v in self.kwargs.items():
if isinstance(v, Exception):
self.kwargs[k] = six.text_type(v)
if self._should_format():
try:
message = self.message % kwargs
except Exception:
exc_info = sys.exc_info()
# kwargs doesn't match a variable in the message
# log the issue and the kwargs
LOG.exception('Exception in string format operation')
for name, value in kwargs.items():
LOG.error("%(name)s: %(value)s",
{'name': name, 'value': value})
message = self.message
elif isinstance(message, Exception):
message = six.text_type(message)
# NOTE(luisg): We put the actual message in 'msg' so that we can access
# it, because if we try to access the message via 'message' it will be
# overshadowed by the class' message attribute
self.msg = message
super(JoinException, self).__init__(message)
def _should_format(self):
return self.kwargs['message'] is None or '%(message)' in self.message
def __unicode__(self):
return six.text_type(self.msg)
class NotAuthorized(JoinException):
message = "Not authorized."
code = 403
class Invalid(JoinException):
message = "Unacceptable parameters."
code = 400
class InvalidInput(Invalid):
message = "Invalid input received: %(reason)s"
class InvalidContentType(Invalid):
message = "Invalid content type %(content_type)s."
class MalformedRequestBody(JoinException):
message = "Malformed message body: %(reason)s"

315
novajoin/ipa.py Normal file
View File

@ -0,0 +1,315 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
import time
import pprint
import requests
import uuid
import kerberos
import six
import re
from oslo_config import cfg
from oslo_log import log as logging
from oslo_serialization import jsonutils as json
CONF = cfg.CONF
LOG = logging.getLogger(__name__)
dns_regex = re.compile('[^0-9a-zA-Z]+')
class IPABaseError(Exception):
error_code = 500
error_type = 'unknown_ipa_error'
error_message = None
errors = None
def __init__(self, *args, **kwargs):
self.errors = kwargs.pop('errors', None)
self.object = kwargs.pop('object', None)
super(IPABaseError, self).__init__(*args, **kwargs)
if len(args) > 0 and isinstance(args[0], six.string_types):
self.error_message = args[0]
class IPAAuthError(IPABaseError):
error_type = 'authentication_error'
IPA_INVALID_DATA = 3009
IPA_NOT_FOUND = 4001
IPA_DUPLICATE = 4002
IPA_NO_DNS_RECORD = 4019
IPA_NO_CHANGES = 4202
class IPAUnknownError(IPABaseError):
pass
class IPACommunicationFailure(IPABaseError):
error_type = 'communication_failure'
class IPAInvalidData(IPABaseError):
error_type = 'invalid_data'
class IPADuplicateEntry(IPABaseError):
error_type = 'duplicate_entry'
ipaerror2exception = {
IPA_INVALID_DATA: {
'host': IPAInvalidData,
'dnsrecord': IPAInvalidData
},
IPA_NO_CHANGES: {
'host': None,
'dnsrecord': None
},
IPA_NO_DNS_RECORD: {
'host': None, # ignore - means already added
},
IPA_DUPLICATE: {
'host': IPADuplicateEntry,
'dnsrecord': IPADuplicateEntry
},
IPA_NOT_FOUND: {
'host': None, # ignore - means tried to delete non-existent host
}
}
class IPAAuth(requests.auth.AuthBase):
def __init__(self, keytab, service):
# store the kerberos credentials in memory rather than on disk
os.environ['KRB5CCNAME'] = "MEMORY:" + str(uuid.uuid4())
self.token = None
self.keytab = keytab
self.service = service
if self.keytab:
os.environ['KRB5_CLIENT_KTNAME'] = self.keytab
else:
LOG.warn('No IPA client kerberos keytab file given')
def __call__(self, request):
if not self.token:
self.refresh_auth()
request.headers['Authorization'] = 'negotiate ' + self.token
return request
def refresh_auth(self):
flags = kerberos.GSS_C_MUTUAL_FLAG | kerberos.GSS_C_SEQUENCE_FLAG
try:
(unused, vc) = kerberos.authGSSClientInit(self.service,
gssflags=flags)
except kerberos.GSSError as e:
LOG.error("caught kerberos exception %r" % e)
raise IPAAuthError(str(e))
try:
kerberos.authGSSClientStep(vc, "")
except kerberos.GSSError as e:
LOG.error("caught kerberos exception %r" % e)
raise IPAAuthError(str(e))
self.token = kerberos.authGSSClientResponse(vc)
class IPANovaJoinBase(object):
session = None
inject_files = []
@classmethod
def start(cls):
if not cls.session:
# set up session to share among all instances
cls.session = requests.Session()
cls.session.auth = IPAAuth(CONF.keytab, CONF.service_name)
xtra_hdrs = {'Content-Type': 'application/json',
'Referer': CONF.url}
cls.session.headers.update(xtra_hdrs)
cls.session.verify = True
def __init__(self):
IPANovaJoinBase.start()
self.session = IPANovaJoinBase.session
self.ntries = CONF.connect_retries
self.inject_files = IPANovaJoinBase.inject_files
def _ipa_error_to_exception(self, resp, ipareq):
exc = None
if resp['error'] is None:
return exc
errcode = resp['error']['code']
method = ipareq['method']
methtype = method.split('_')[0]
exclass = ipaerror2exception.get(errcode, {}).get(methtype,
IPAUnknownError)
if exclass:
LOG.debug("Error: ipa command [%s] returned error [%s]" %
(pprint.pformat(ipareq), pprint.pformat(resp)))
elif errcode: # not mapped
LOG.debug("Ignoring IPA error code %d for command %s: %s" %
(errcode, method, pprint.pformat(resp)))
return exclass
def _call_and_handle_error(self, ipareq):
need_reauth = False
while True:
status_code = 200
try:
if need_reauth:
self.session.auth.refresh_auth()
rawresp = self.session.post(CONF.url,
data=json.dumps(ipareq))
status_code = rawresp.status_code
except IPAAuthError:
status_code = 401
if status_code == 401:
if self.ntries == 0:
# persistent inability to auth
LOG.error("Error: could not authenticate to IPA - "
"please check for correct keytab file")
# reset for next time
self.ntries = CONF.connect_retries
raise IPACommunicationFailure()
else:
LOG.debug("Refresh authentication")
need_reauth = True
self.ntries -= 1
time.sleep(1)
else:
# successful - reset
self.ntries = CONF.connect_retries
break
try:
resp = json.loads(rawresp.text)
except ValueError:
# response was not json - some sort of error response
LOG.debug("Error: unknown error from IPA [%s]" % rawresp.text)
raise IPAUnknownError("unable to process response from IPA")
# raise the appropriate exception, if error
exclass = self._ipa_error_to_exception(resp, ipareq)
if exclass:
# could add additional info/message to exception here
raise exclass()
return resp
def _ipa_client_configured(self):
"""
Return boolean indicating whether this machine is enrolled
in IPA. This is a rather weak detection method but better
than nothing.
"""
return os.path.exists('/etc/ipa/default.conf')
class IPAClient(IPANovaJoinBase):
def add_host(self, hostname, ipaotp, metadata={}, system_metadata={}):
"""
If requested in the metadata, add a host to IPA. The assumption
is that hostname is already fully-qualified.
"""
LOG.debug('In IPABuildInstance')
if not self._ipa_client_configured():
LOG.debug('IPA is not configured')
return
enroll = metadata.get('ipa_enroll', '')
if enroll.lower() != 'true':
LOG.debug('IPA enrollment not requested')
return
ipareq = {'method': 'host_add', 'id': 0}
params = [hostname]
hostclass = metadata.get('ipa_hostclass', '')
location = metadata.get('ipa_host_location', '')
osdistro = system_metadata.get('image_os_distro', None)
osver = system_metadata.get('image_os_version', None)
# 'description': 'IPA host for %s' % inst.display_description,
hostargs = {
'description': 'IPA host for OpenStack',
'userpassword': ipaotp,
'force': True # we don't have an ip addr yet so
# use force to add anyway
}
if hostclass:
hostargs['userclass'] = hostclass
if osdistro or osver:
hostargs['nsosversion'] = '%s %s' % (osdistro, osver)
hostargs['nsosversion'] = hostargs['nsosversion'].strip()
if location:
hostargs['nshostlocation'] = location
ipareq['params'] = [params, hostargs]
self._call_and_handle_error(ipareq)
def delete_host(self, hostname, metadata={}):
"""
Delete a host from IPA and remove all related DNS entries.
"""
LOG.debug('In IPADeleteInstance')
if not self._ipa_client_configured():
LOG.debug('IPA is not configured')
return
# TODO: lookup instance in nova to get metadata to see if
# the host was enrolled. For now assume yes.
ipareq = {'method': 'host_del', 'id': 0}
params = [hostname]
args = {
'updatedns': True,
}
ipareq['params'] = [params, args]
self._call_and_handle_error(ipareq)
def add_ip(self, hostname, floating_ip):
"""
Add a floating IP to a given hostname.
"""
LOG.debug('In add_ip')
if not self._ipa_client_configured():
LOG.debug('IPA is not configured')
return
ipareq = {'method': 'dnsrecord_add', 'id': 0}
params = [{"__dns_name__": CONF.domain + "."},
{"__dns_name__": hostname}]
args = {'a_part_ip_address': floating_ip}
ipareq['params'] = [params, args]
self._call_and_handle_error(ipareq)
def remove_ip(self, hostname, floating_ip):
"""
Remove a floating IP from a given hostname.
"""
LOG.debug('In remove_ip')
if not self._ipa_client_configured():
LOG.debug('IPA is not configured')
return
LOG.debug('Current a no-op')

153
novajoin/join.py Normal file
View File

@ -0,0 +1,153 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import uuid
import logging
import webob.exc
from oslo_serialization import jsonutils
from oslo_config import cfg
from novajoin.ipa import IPAClient
from novajoin import base
from novajoin import cache
CONF = cfg.CONF
LOG = logging.getLogger(__name__)
def create_version_resource():
return base.Resource(VersionsController())
def create_join_resource():
return base.Resource(JoinController())
def response(code):
"""Attaches response code to a method.
This decorator associates a response code with a method. Note
that the function attributes are directly manipulated; the method
is not wrapped.
"""
def decorator(func):
func.wsgi_code = code
return func
return decorator
class Versions(base.APIRouter):
"""Route versions requests."""
def _setup_routes(self, mapper, ext_mgr):
self.resources['versions'] = create_version_resource()
mapper.connect('versions', '/',
controller=self.resources['versions'],
action='all')
mapper.redirect('', '/')
class Join(base.APIRouter):
"""Route join requests."""
def _setup_routes(self, mapper, ext_mgr):
self.resources['join'] = create_join_resource()
mapper.connect('join', '/',
controller=self.resources['join'],
action='create')
mapper.redirect('', '/')
class Controller(object):
"""Default controller."""
_view_builder_class = None
def __init__(self, view_builder=None):
"""Initialize controller with a view builder instance."""
if view_builder:
self._view_builder = view_builder
else:
self._view_builder = None
class VersionsController(Controller):
def __init__(self):
super(VersionsController, self).__init__(None)
@response(300)
def all(self, req, body=None):
"""Return all known versions."""
if body:
return {'views': '%s' % body.get('foo', '')}
return {'views': 'foo'}
class JoinController(Controller):
def __init__(self):
super(JoinController, self).__init__(None)
self.uuidcache = cache.Cache()
@response(200)
def create(self, req, body=None):
"""Generate the OTP, register it with IPA"""
if not body:
raise base.Fault(webob.exc.HTTPBadRequest())
project_id = body.get('project-id')
instance_id = body.get('instance-id')
image_id = body.get('image-id')
user_data = body.get('user-data')
hostname = body.get('hostname')
metadata = body.get('metadata')
system_metadata = body.get('system_metadata')
enroll = metadata.get('ipa_enroll', '')
if enroll.lower() != 'true':
LOG.debug('IPA enrollment not requested')
return {}
if instance_id:
data = self.uuidcache.get(instance_id)
if data:
return jsonutils.loads(data)
data = {}
ipaotp = uuid.uuid4().hex
data['ipaotp'] = ipaotp
if hostname:
if CONF.project_subdomain:
hostname = '%s.%s.%s' % (hostname, project, CONF.domain)
else:
hostname = '%s.%s' % (hostname, CONF.domain)
data['hostname'] = hostname
if instance_id:
try:
self.uuidcache.add(instance_id, jsonutils.dumps(data))
ipaclient = IPAClient()
ipaclient.add_host(data['hostname'], ipaotp, metadata,
system_metadata)
except Exception as e:
LOG.error('caching or adding host failed %s', e)
return data

39
novajoin/middleware.py Normal file
View File

@ -0,0 +1,39 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""
Common Auth Middleware.
"""
from oslo_config import cfg
from oslo_log import log as logging
CONF = cfg.CONF
LOG = logging.getLogger(__name__)
def pipeline_factory(loader, global_conf, **local_conf):
"""A paste pipeline replica that keys off of auth_strategy."""
pipeline = local_conf[CONF.auth_strategy]
if not CONF.api_rate_limit:
limit_name = CONF.auth_strategy + '_nolimit'
pipeline = local_conf.get(limit_name, pipeline)
pipeline = pipeline.split()
filters = [loader.get_filter(n) for n in pipeline[:-1]]
app = loader.get_app(pipeline[-1])
filters.reverse()
for filter in filters:
app = filter(app)
return app

109
novajoin/notifications.py Normal file
View File

@ -0,0 +1,109 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# To enable in nova, put this into [DEFAULT]
# notification_driver = messaging
# notification_topic = notifications
# notify_on_state_change = vm_state
import time
import json
import oslo_messaging
from oslo_serialization import jsonutils
from oslo_log import log as logging
import config
import cache
from ipa import IPAClient
CONF = config.CONF
LOG = logging.getLogger(__name__)
class NotificationEndpoint(object):
filter_rule = oslo_messaging.notify.filter.NotificationFilter(
publisher_id='^compute.*|^network.*',
event_type='^compute.instance.create.end|' \
'^compute.instance.delete.end|' \
'^network.floating_ip.(dis)?associate',)
def __init__(self):
self.uuidcache = cache.Cache()
self.ipaclient = IPAClient()
def info(self, ctxt, publisher_id, event_type, payload, metadata):
LOG.debug('notification:')
LOG.debug(json.dumps(payload, indent=4))
LOG.debug("publisher: %s, event: %s, metadata: %s", publisher_id,
event_type, metadata)
if event_type == 'compute.instance.create.end':
LOG.info("Add new host")
elif event_type == 'compute.instance.delete.end':
LOG.info("Delete host")
hostname = payload.get('hostname')
# FIXME: Don't re-calculate the hostname, fetch it from somewhere
project = 'foo'
if CONF.project_subdomain:
hostname = '%s.%s.%s' % (hostname, project, CONF.domain)
else:
hostname = '%s.%s' % (hostname, CONF.domain)
self.ipaclient.delete_host(hostname, {})
elif event_type == 'network.floating_ip.associate':
floating_ip = payload.get('floating_ip')
LOG.info("Associate floating IP %s" % floating_ip)
entry = self.uuidcache.get(payload.get('instance_id'))
if entry:
data = jsonutils.loads(entry)
self.ipaclient.add_ip(data.get('hostname'), floating_ip)
else:
LOG.error("Could not resolve %s into a hostname",
payload.get('instance_id'))
elif event_type == 'network.floating_ip.disassociate':
floating_ip = payload.get('floating_ip')
LOG.info("Disassociate floating IP %s" % floating_ip)
entry = self.uuidcache.get(payload.get('instance_id'))
if entry:
data = jsonutils.loads(entry)
self.ipaclient.remove_ip(data.get('hostname'), floating_ip)
else:
LOG.error("Could not resolve %s into a hostname",
payload.get('instance_id'))
else:
LOG.error("Status update or unknown")
def main():
CONF(default_config_files=['join.conf'])
logging.setup(CONF, 'join')
transport = oslo_messaging.get_transport(CONF)
targets = [ oslo_messaging.Target(topic='notifications') ]
endpoints = [ NotificationEndpoint() ]
server = oslo_messaging.get_notification_listener(transport, targets, endpoints)
LOG.info("Starting")
server.start()
try:
while True:
time.sleep(1)
except KeyboardInterrupt:
LOG.info("Stopping, be patient")
server.stop()
server.wait()

113
novajoin/wsgi.py Normal file
View File

@ -0,0 +1,113 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sys
from oslo_concurrency import processutils
from oslo_config import cfg
from oslo_service import service
from oslo_service import wsgi
from oslo_log import log
from novajoin import config
from novajoin import exception
CONF = config.CONF
LOG = log.getLogger(__name__)
class WSGIService(service.ServiceBase):
"""Provides ability to launch API from a 'paste' configuration."""
def __init__(self, name, loader=None):
"""Initialize, but do not start the WSGI server.
:param name: The name of the WSGI server given to the loader.
:param loader: Loads the WSGI application using the given name.
:returns: None
"""
self.name = name
self.loader = loader or wsgi.Loader(CONF)
self.app = self.loader.load_app(name)
self.host = getattr(CONF, '%s_listen' % name, "0.0.0.0")
self.port = getattr(CONF, '%s_listen_port' % name, 0)
self.workers = (getattr(CONF, '%s_workers' % name, None) or
processutils.get_worker_count())
if self.workers and self.workers < 1:
worker_name = '%s_workers' % name
msg = ("%(worker_name)s value of %(workers)d is invalid, "
"must be greater than 0." %
{'worker_name': worker_name,
'workers': self.workers})
raise exception.InvalidInput(msg)
self.server = wsgi.Server(CONF,
name,
self.app,
host=self.host,
port=self.port)
def start(self):
"""Start serving this service using loaded configuration.
Also, retrieve updated port number in case '0' was passed in, which
indicates a random port should be used.
:returns: None
"""
self.server.start()
self.port = self.server.port
print "Starting on port %d" % self.port
def stop(self):
"""Stop serving this API.
:returns: None
"""
self.server.stop()
def wait(self):
"""Wait for the service to stop serving this API.
:returns: None
"""
self.server.wait()
def reset(self):
"""Reset server greenpool size to default.
:returns: None
"""
self.server.reset()
def process_launcher():
return service.ProcessLauncher(CONF)
def main():
# CONF(sys.argv[1:], project='join', version='1.0.0')
CONF(default_config_files=['join.conf'])
log.setup(CONF, 'join')
launcher = process_launcher()
server = WSGIService('join')
launcher.launch_service(server, workers=server.workers)
launcher.wait()

22
scripts/join-notify.py Normal file
View File

@ -0,0 +1,22 @@
#!/usr/bin/python
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sys
from novajoin.notifications import main
if __name__ == "__main__":
sys.exit(main())

22
scripts/join-server.py Normal file
View File

@ -0,0 +1,22 @@
#!/usr/bin/python
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sys
from novajoin.wsgi import main
if __name__ == "__main__":
sys.exit(main())