charm-keystone/hooks/utils.py

#!/usr/bin/python
from pdb import *
import subprocess
import sys
import json
import os

keystone_conf = "/etc/keystone/keystone.conf"
stored_passwd = "/var/lib/keystone/keystone.passwd"

def execute(cmd, die=False):
    p = subprocess.Popen(cmd.split(" "),
                         stdout=subprocess.PIPE,
                         stdin=subprocess.PIPE,
                         stderr=subprocess.PIPE)
    stdout=""
    stderr=""
    for l in iter(p.stdout.readline, ''):
        print l.strip('\n')
        sys.stdout.flush()
        stdout += l
    for l in iter(p.stderr.readline, ''):
        print l.strip('\n')
        sys.stdout.flush()
        stderr += l
    p.communicate()
    rc = p.returncode
    if die and rc != 0:
        error_out("ERROR: command %s return non-zero.\n" % cmd)
    return (stdout, stderr, rc)


def juju_log(msg):
    execute("juju-log \"%s\"" % msg)

def error_out(msg):
    juju_log("FATAL ERROR: %s" % msg)
    exit(1)

def config_get():
    output = execute("config-get --format json")[0]
    config = json.loads(output)
    # make sure no config element is blank after config-get
    for c in config.keys():
       if not config[c]:
            error_out("ERROR: Config option has no paramter: %s" % c)
    # tack on our private address and ip
    hostname = execute("unit-get private-address")[0].strip()
    ip = execute("dig +short %s" % hostname, die=True)[0].strip()
    config["hostname"] = hostname
    config["ip"] = ip
    return config

def relation_set(relation_data):
    for k in  relation_data:
        execute("relation-set %s=%s" % (k, relation_data[k]), die=True)

def relation_get(relation_data):
    """ takes a list of options to query from the relation
        returns a k,v dict of the results. 
        leave empty responses out of the results as they haven't yet been
        set on the other end. caller expects
        len(results.keys()) == len(relation_data)
    """
    results = {}
    for r in relation_data:
        result = execute("relation-get %s" % r, die=True)[0].strip('\n')
        if result != "":
           results[r] = result
    return results

def keystone_conf_update(opt, val):
    f = open(keystone_conf, "r+")
    orig = f.readlines()
    new = ""
    found = False
    for l in orig:
        if l.split(' ')[0] == opt:
            juju_log("Updating %s, setting %s = %s" % (keystone_conf, opt, val))
            new += "%s = %s\n" % (opt, val)
            found  = True
        else:
            new += l
    # insert a new value at the top of the file, after the 'DEFAULT' header so
    # as not to muck up paste deploy configuration later in the file 
    if not found:
        juju_log("Adding new config option %s = %s" % (opt, val))
        header = new.index("[DEAFULT]\n")
        new.insert((header+1), "%s = %s\n" % (key, value))
    f.seek(0)
    f.truncate()
    for l in new:
        f.write(l)
    f.close

def create_service_entry(manager, service_name, service_type,
                         service_desc, owner=None):
    """ Add a new service entry to keystone if one does not already exist """
    for service in manager.api.list_services():
        if service[1] == service_name:
            juju_log("Service entry for '%s' already exists." % service_name)
            return
    manager.api.add_service(name=service_name,
                            type=service_type,
                            desc=service_desc, owner_id=owner)
    juju_log("Created new service entry '%s'" % service_name)

def create_endpoint_template(manager, region, service,  public_url,
                             admin_url, internal_url):
    """ Create a new endpoint template for service if one does not already
        exist matching name *and* region """
    for endpoint in manager.api.list_endpoint_templates():
        if endpoint[1] == service and  endpoint[3] == region:
            juju_log("Endpoint template already exists for '%s' in '%s'"
                      % (service, region))
            return
    manager.api.add_endpoint_template(region=region, service=service,
                             public_url=public_url, admin_url=admin_url,
                             internal_url=internal_url, enabled=1, is_global=1,
                             version_id=None, version_list=None,
                             version_info=None)
    juju_log("Created new endpoint template for '%s' in '%s'"
              % (region, service))

def create_tenant(manager, name):
    """ creates a tenant if it does not already exist """
    tenants = manager.api.list_tenants()
    if not tenants or name not in map(lambda t: t[1], tenants):
        manager.api.add_tenant(name=name)
        juju_log("Created new tenant: %s" % name)
        return
    juju_log("Tenant '%s' already exists." % name)

def create_user(manager, name, password, tenant):
    """ creates a user if it doesn't already exist, as a member of tenant """
    users = manager.api.list_users()
    if not users and name not in map(lambda u: u[1], users):
        manager.api.add_user(name=name, password=password, tenant=tenant)
        juju_log("Created new user '%s'" % name)
        return
    juju_log("A user named '%s' already exists" % name)

def create_role(manager, name, user):
    """ creates a role if it doesn't already exist. grants role to user """
    roles = manager.api.list_roles()
    if not roles and name not in map(lambda r: r[1], roles):
        manager.api.add_role(name=name)
        juju_log("Created new role '%s'" % name)
    juju_log("A role named '%s' already exists" % name)
    # TODO Doesn't seem to be anyway of querying current role assignments?
    manager.api.grant_role(name, user)
    juju_log("Granted role '%s' to '%s'" % (name, user))

def generate_admin_token(manager, config):
    """ generate and add an admin token """
    import random
    token = random.randrange(1000000000000, 9999999999999)
    manager.api.add_token(token, config["admin-user"], "admin", config["token-expiry"])
    juju_log("Generated and added new random admin token.")
    return token

def ensure_initial_admin(config):
    """ Ensures the minimum admin stuff exists in whatever database we're using.
        This and the helper functions it calls are meant to be idempotent and
        run during install as well as during db-changed.  This will maintain
        the admin tenant, user, role, service entry and endpoint across every
        datastore we might use. 
        TODO: Maybe seperate endpoint + service entry create to its own function?
    """
    import manager
    create_tenant(manager, "admin")

    passwd = ""
    if os.path.isfile(stored_passwd):
        juju_log("Loading stored passwd from %s" % stored_passwd)
        passwd = open(stored_passwd, 'r').readline().strip('\n')
    if passwd == "":
        juju_log("Generating new passwd for user: %s" % config["admin-user"])
        passwd = execute("pwgen -c 16 1", die=True)[0]
        open(stored_passwd, 'w+').writelines("%s\n" % passwd)

    create_user(manager, config["admin-user"], passwd, tenant="admin")
    create_role(manager, "Admin", config["admin-user"])
    create_service_entry(manager, "keystone",
                         "identity", "Keystone Identity Service")
    # following documentation here, perhaps we should be using juju
    # public/private addresses for public/internal urls.
    public_url = "http://%s:%s/v2.0" % (config["ip"], config["service-port"])
    admin_url = "http://%s:%s/v2.0" % (config["ip"], config["admin-port"])
    internal_url = "http://%s:%s/v2.0" % (config["ip"], config["service-port"])
    create_endpoint_template(manager, "RegionOne", "keystone", public_url,
                             admin_url, internal_url)
init 2011-12-08 09:52:12 -08:00			`#!/usr/bin/python`
			`from pdb import *`
			`import subprocess`
			`import sys`
			`import json`
			`import os`

			`keystone_conf = "/etc/keystone/keystone.conf"`
			`stored_passwd = "/var/lib/keystone/keystone.passwd"`

			`def execute(cmd, die=False):`
			`p = subprocess.Popen(cmd.split(" "),`
			`stdout=subprocess.PIPE,`
			`stdin=subprocess.PIPE,`
			`stderr=subprocess.PIPE)`
			`stdout=""`
			`stderr=""`
			`for l in iter(p.stdout.readline, ''):`
			`print l.strip('\n')`
			`sys.stdout.flush()`
			`stdout += l`
			`for l in iter(p.stderr.readline, ''):`
			`print l.strip('\n')`
			`sys.stdout.flush()`
			`stderr += l`
			`p.communicate()`
			`rc = p.returncode`
			`if die and rc != 0:`
			`error_out("ERROR: command %s return non-zero.\n" % cmd)`
			`return (stdout, stderr, rc)`


			`def juju_log(msg):`
			`execute("juju-log \"%s\"" % msg)`

			`def error_out(msg):`
			`juju_log("FATAL ERROR: %s" % msg)`
			`exit(1)`

			`def config_get():`
			`output = execute("config-get --format json")[0]`
			`config = json.loads(output)`
			`# make sure no config element is blank after config-get`
			`for c in config.keys():`
			`if not config[c]:`
			`error_out("ERROR: Config option has no paramter: %s" % c)`
			`# tack on our private address and ip`
			`hostname = execute("unit-get private-address")[0].strip()`
			`ip = execute("dig +short %s" % hostname, die=True)[0].strip()`
			`config["hostname"] = hostname`
			`config["ip"] = ip`
			`return config`

			`def relation_set(relation_data):`
			`for k in relation_data:`
			`execute("relation-set %s=%s" % (k, relation_data[k]), die=True)`

			`def relation_get(relation_data):`
			`""" takes a list of options to query from the relation`
			`returns a k,v dict of the results.`
			`leave empty responses out of the results as they haven't yet been`
			`set on the other end. caller expects`
			`len(results.keys()) == len(relation_data)`
			`"""`
			`results = {}`
			`for r in relation_data:`
			`result = execute("relation-get %s" % r, die=True)[0].strip('\n')`
			`if result != "":`
			`results[r] = result`
			`return results`

			`def keystone_conf_update(opt, val):`
			`f = open(keystone_conf, "r+")`
			`orig = f.readlines()`
			`new = ""`
			`found = False`
			`for l in orig:`
			`if l.split(' ')[0] == opt:`
			`juju_log("Updating %s, setting %s = %s" % (keystone_conf, opt, val))`
			`new += "%s = %s\n" % (opt, val)`
			`found = True`
			`else:`
			`new += l`
			`# insert a new value at the top of the file, after the 'DEFAULT' header so`
			`# as not to muck up paste deploy configuration later in the file`
			`if not found:`
			`juju_log("Adding new config option %s = %s" % (opt, val))`
			`header = new.index("[DEAFULT]\n")`
			`new.insert((header+1), "%s = %s\n" % (key, value))`
			`f.seek(0)`
			`f.truncate()`
			`for l in new:`
			`f.write(l)`
			`f.close`

			`def create_service_entry(manager, service_name, service_type,`
			`service_desc, owner=None):`
			`""" Add a new service entry to keystone if one does not already exist """`
			`for service in manager.api.list_services():`
			`if service[1] == service_name:`
			`juju_log("Service entry for '%s' already exists." % service_name)`
			`return`
			`manager.api.add_service(name=service_name,`
			`type=service_type,`
			`desc=service_desc, owner_id=owner)`
			`juju_log("Created new service entry '%s'" % service_name)`

			`def create_endpoint_template(manager, region, service, public_url,`
			`admin_url, internal_url):`
			`""" Create a new endpoint template for service if one does not already`
			`exist matching name and region """`
			`for endpoint in manager.api.list_endpoint_templates():`
			`if endpoint[1] == service and endpoint[3] == region:`
			`juju_log("Endpoint template already exists for '%s' in '%s'"`
			`% (service, region))`
			`return`
			`manager.api.add_endpoint_template(region=region, service=service,`
			`public_url=public_url, admin_url=admin_url,`
			`internal_url=internal_url, enabled=1, is_global=1,`
			`version_id=None, version_list=None,`
			`version_info=None)`
			`juju_log("Created new endpoint template for '%s' in '%s'"`
			`% (region, service))`

			`def create_tenant(manager, name):`
			`""" creates a tenant if it does not already exist """`
			`tenants = manager.api.list_tenants()`
			`if not tenants or name not in map(lambda t: t[1], tenants):`
			`manager.api.add_tenant(name=name)`
			`juju_log("Created new tenant: %s" % name)`
			`return`
			`juju_log("Tenant '%s' already exists." % name)`

			`def create_user(manager, name, password, tenant):`
			`""" creates a user if it doesn't already exist, as a member of tenant """`
			`users = manager.api.list_users()`
			`if not users and name not in map(lambda u: u[1], users):`
			`manager.api.add_user(name=name, password=password, tenant=tenant)`
			`juju_log("Created new user '%s'" % name)`
			`return`
			`juju_log("A user named '%s' already exists" % name)`

			`def create_role(manager, name, user):`
			`""" creates a role if it doesn't already exist. grants role to user """`
			`roles = manager.api.list_roles()`
			`if not roles and name not in map(lambda r: r[1], roles):`
			`manager.api.add_role(name=name)`
			`juju_log("Created new role '%s'" % name)`
			`juju_log("A role named '%s' already exists" % name)`
			`# TODO Doesn't seem to be anyway of querying current role assignments?`
			`manager.api.grant_role(name, user)`
			`juju_log("Granted role '%s' to '%s'" % (name, user))`

			`def generate_admin_token(manager, config):`
			`""" generate and add an admin token """`
			`import random`
			`token = random.randrange(1000000000000, 9999999999999)`
			`manager.api.add_token(token, config["admin-user"], "admin", config["token-expiry"])`
			`juju_log("Generated and added new random admin token.")`
			`return token`

			`def ensure_initial_admin(config):`
			`""" Ensures the minimum admin stuff exists in whatever database we're using.`
			`This and the helper functions it calls are meant to be idempotent and`
			`run during install as well as during db-changed. This will maintain`
			`the admin tenant, user, role, service entry and endpoint across every`
			`datastore we might use.`
			`TODO: Maybe seperate endpoint + service entry create to its own function?`
			`"""`
			`import manager`
			`create_tenant(manager, "admin")`

			`passwd = ""`
			`if os.path.isfile(stored_passwd):`
			`juju_log("Loading stored passwd from %s" % stored_passwd)`
			`passwd = open(stored_passwd, 'r').readline().strip('\n')`
			`if passwd == "":`
			`juju_log("Generating new passwd for user: %s" % config["admin-user"])`
			`passwd = execute("pwgen -c 16 1", die=True)[0]`
			`open(stored_passwd, 'w+').writelines("%s\n" % passwd)`

			`create_user(manager, config["admin-user"], passwd, tenant="admin")`
			`create_role(manager, "Admin", config["admin-user"])`
			`create_service_entry(manager, "keystone",`
			`"identity", "Keystone Identity Service")`
			`# following documentation here, perhaps we should be using juju`
			`# public/private addresses for public/internal urls.`
			`public_url = "http://%s:%s/v2.0" % (config["ip"], config["service-port"])`
			`admin_url = "http://%s:%s/v2.0" % (config["ip"], config["admin-port"])`
			`internal_url = "http://%s:%s/v2.0" % (config["ip"], config["service-port"])`
			`create_endpoint_template(manager, "RegionOne", "keystone", public_url,`
			`admin_url, internal_url)`