Merge "Added ability to use other services via HTTPS"
This commit is contained in:
commit
c18945a33f
@ -82,7 +82,7 @@
|
||||
#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
|
||||
|
||||
# List of logger=LEVEL pairs. (list value)
|
||||
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
|
||||
#default_log_levels = amqplib=WARN,qpid.messaging=INFO,stevedore=INFO,eventlet.wsgi.server=WARN,sqlalchemy=WARN,boto=WARN,suds=INFO,keystone=INFO,paramiko=WARN,requests=WARN,iso8601=WARN
|
||||
|
||||
# Enables or disables publication of error events. (boolean value)
|
||||
#publish_errors = false
|
||||
@ -388,9 +388,6 @@
|
||||
# Enables sending notifications to Ceilometer (boolean value)
|
||||
#enable_notifications = false
|
||||
|
||||
# Version of the Cinder API to use. (integer value)
|
||||
#cinder_api_version = 2
|
||||
|
||||
# Enables Sahara to use Keystone API v3. If that flag is disabled,
|
||||
# per-job clusters will not be terminated automatically. (boolean
|
||||
# value)
|
||||
@ -460,6 +457,24 @@
|
||||
#proxy_user_role_names = Member
|
||||
|
||||
|
||||
[cinder]
|
||||
|
||||
#
|
||||
# From sahara.config
|
||||
#
|
||||
|
||||
# Version of the Cinder API to use. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/cinder_api_version
|
||||
#api_version = 2
|
||||
|
||||
# Allow to perform insecure SSL requests to cinder. (boolean value)
|
||||
#api_insecure = false
|
||||
|
||||
# Location of ca certificates file to use for cinder client requests.
|
||||
# (string value)
|
||||
#ca_file = <None>
|
||||
|
||||
|
||||
[conductor]
|
||||
|
||||
#
|
||||
@ -575,6 +590,34 @@
|
||||
#db_max_retries = 20
|
||||
|
||||
|
||||
[heat]
|
||||
|
||||
#
|
||||
# From sahara.config
|
||||
#
|
||||
|
||||
# Allow to perform insecure SSL requests to heat. (boolean value)
|
||||
#api_insecure = false
|
||||
|
||||
# Location of ca certificates file to use for heat client requests.
|
||||
# (string value)
|
||||
#ca_file = <None>
|
||||
|
||||
|
||||
[keystone]
|
||||
|
||||
#
|
||||
# From sahara.config
|
||||
#
|
||||
|
||||
# Allow to perform insecure SSL requests to keystone. (boolean value)
|
||||
#api_insecure = false
|
||||
|
||||
# Location of ca certificates file to use for keystone client
|
||||
# requests. (string value)
|
||||
#ca_file = <None>
|
||||
|
||||
|
||||
[keystone_authtoken]
|
||||
|
||||
#
|
||||
@ -771,6 +814,34 @@
|
||||
#ringfile = /etc/oslo/matchmaker_ring.json
|
||||
|
||||
|
||||
[neutron]
|
||||
|
||||
#
|
||||
# From sahara.config
|
||||
#
|
||||
|
||||
# Allow to perform insecure SSL requests to neutron. (boolean value)
|
||||
#api_insecure = false
|
||||
|
||||
# Location of ca certificates file to use for neutron client requests.
|
||||
# (string value)
|
||||
#ca_file = <None>
|
||||
|
||||
|
||||
[nova]
|
||||
|
||||
#
|
||||
# From sahara.config
|
||||
#
|
||||
|
||||
# Allow to perform insecure SSL requests to nova. (boolean value)
|
||||
#api_insecure = false
|
||||
|
||||
# Location of ca certificates file to use for nova client requests.
|
||||
# (string value)
|
||||
#ca_file = <None>
|
||||
|
||||
|
||||
[oslo_concurrency]
|
||||
|
||||
#
|
||||
@ -841,3 +912,17 @@
|
||||
# Accept clients using either SSL or plain TCP (boolean value)
|
||||
# Deprecated group/name - [amqp1]/allow_insecure_clients
|
||||
#allow_insecure_clients = false
|
||||
|
||||
|
||||
[swift]
|
||||
|
||||
#
|
||||
# From sahara.config
|
||||
#
|
||||
|
||||
# Allow to perform insecure SSL requests to swift. (boolean value)
|
||||
#api_insecure = false
|
||||
|
||||
# Location of ca certificates file to use for swift client requests.
|
||||
# (string value)
|
||||
#ca_file = <None>
|
||||
|
@ -125,6 +125,10 @@ def list_opts():
|
||||
from sahara.service.edp import job_utils
|
||||
from sahara.service import periodic
|
||||
from sahara.service import volumes
|
||||
from sahara.utils.openstack import heat
|
||||
from sahara.utils.openstack import neutron
|
||||
from sahara.utils.openstack import nova
|
||||
from sahara.utils.openstack import swift
|
||||
from sahara.utils import proxy
|
||||
|
||||
return [
|
||||
@ -136,7 +140,6 @@ def list_opts():
|
||||
plugins_base.opts,
|
||||
topology_helper.opts,
|
||||
sender.notifier_opts,
|
||||
cinder.opts,
|
||||
keystone.opts,
|
||||
remote.ssh_opts,
|
||||
sahara_main.opts,
|
||||
@ -146,6 +149,18 @@ def list_opts():
|
||||
proxy.opts)),
|
||||
(api.conductor_group.name,
|
||||
itertools.chain(api.conductor_opts)),
|
||||
(cinder.cinder_group.name,
|
||||
itertools.chain(cinder.opts)),
|
||||
(heat.heat_group.name,
|
||||
itertools.chain(heat.opts)),
|
||||
(neutron.neutron_group.name,
|
||||
itertools.chain(neutron.opts)),
|
||||
(nova.nova_group.name,
|
||||
itertools.chain(nova.opts)),
|
||||
(swift.swift_group.name,
|
||||
itertools.chain(swift.opts)),
|
||||
(keystone.keystone_group.name,
|
||||
itertools.chain(keystone.ssl_opts))
|
||||
]
|
||||
|
||||
|
||||
|
@ -39,7 +39,8 @@ opts = [
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.register_opts(opts)
|
||||
CONF.import_opt('cinder_api_version', 'sahara.utils.openstack.cinder')
|
||||
CONF.import_opt('api_version', 'sahara.utils.openstack.cinder',
|
||||
group='cinder')
|
||||
|
||||
|
||||
def attach_to_instances(instances):
|
||||
@ -87,7 +88,7 @@ def _attach_volumes_to_node(node_group, instance):
|
||||
|
||||
def _create_attach_volume(ctx, instance, size, volume_type, name=None,
|
||||
availability_zone=None):
|
||||
if CONF.cinder_api_version == 1:
|
||||
if CONF.cinder.api_version == 1:
|
||||
kwargs = {'size': size, 'display_name': name}
|
||||
else:
|
||||
kwargs = {'size': size, 'name': name}
|
||||
|
@ -47,7 +47,7 @@ class TestCinder(test_base.SaharaTestCase):
|
||||
@mock.patch('cinderclient.v2.client.Client')
|
||||
@mock.patch('cinderclient.v1.client.Client')
|
||||
def test_get_cinder_client_api_v1(self, patched1, patched2):
|
||||
self.override_config('cinder_api_version', 1)
|
||||
self.override_config('api_version', 1, group='cinder')
|
||||
patched1.return_value = FakeCinderClient(1)
|
||||
patched2.return_value = FakeCinderClient(2)
|
||||
|
||||
@ -57,7 +57,7 @@ class TestCinder(test_base.SaharaTestCase):
|
||||
@mock.patch('cinderclient.v2.client.Client')
|
||||
@mock.patch('cinderclient.v1.client.Client')
|
||||
def test_get_cinder_client_api_v2(self, patched1, patched2):
|
||||
self.override_config('cinder_api_version', 2)
|
||||
self.override_config('api_version', 2, group='cinder')
|
||||
patched1.return_value = FakeCinderClient(1)
|
||||
patched2.return_value = FakeCinderClient(2)
|
||||
|
||||
@ -65,11 +65,11 @@ class TestCinder(test_base.SaharaTestCase):
|
||||
self.assertEqual(2, client.client.api_version)
|
||||
|
||||
def test_cinder_bad_api_version(self):
|
||||
self.override_config('cinder_api_version', 0)
|
||||
self.override_config('api_version', 0, group='cinder')
|
||||
cinder.validate_config()
|
||||
|
||||
# Check bad version falls back to latest supported version
|
||||
self.assertEqual(2, main.CONF.cinder_api_version)
|
||||
self.assertEqual(2, main.CONF.cinder.api_version)
|
||||
|
||||
|
||||
class FakeCinderClient(object):
|
||||
|
@ -29,38 +29,53 @@ LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
opts = [
|
||||
cfg.IntOpt('cinder_api_version', default=2,
|
||||
help='Version of the Cinder API to use.')
|
||||
cfg.IntOpt('api_version', default=2,
|
||||
help='Version of the Cinder API to use.',
|
||||
deprecated_name='cinder_api_version'),
|
||||
cfg.BoolOpt('api_insecure',
|
||||
default=False,
|
||||
help='Allow to perform insecure SSL requests to cinder.'),
|
||||
cfg.StrOpt('ca_file',
|
||||
help='Location of ca certificates file to use for cinder '
|
||||
'client requests.')
|
||||
]
|
||||
|
||||
cinder_group = cfg.OptGroup(name='cinder',
|
||||
title='Cinder client options')
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.register_opts(opts)
|
||||
CONF.register_group(cinder_group)
|
||||
CONF.register_opts(opts, group=cinder_group)
|
||||
|
||||
|
||||
def validate_config():
|
||||
if CONF.cinder_api_version == 1:
|
||||
if CONF.cinder.api_version == 1:
|
||||
LOG.warn(_('The Cinder v1 API is deprecated and will be removed after '
|
||||
'the Juno release. You should set cinder_api_version=2 in '
|
||||
'the Juno release. You should set cinder.api_version=2 in '
|
||||
'your sahara.conf file.'))
|
||||
elif CONF.cinder_api_version != 2:
|
||||
elif CONF.cinder.api_version != 2:
|
||||
LOG.warn(_('Unsupported Cinder API version: %(bad)s. Please set a '
|
||||
'correct value for cinder_api_version in your sahara.conf '
|
||||
'correct value for cinder.api_version in your sahara.conf '
|
||||
'file (currently supported versions are: %(supported)s). '
|
||||
'Falling back to Cinder API version 2.'),
|
||||
{'bad': CONF.cinder_api_version, 'supported': [1, 2]})
|
||||
CONF.set_override('cinder_api_version', 2)
|
||||
{'bad': CONF.cinder.api_version, 'supported': [1, 2]})
|
||||
CONF.set_override('api_version', 2, group='cinder')
|
||||
|
||||
|
||||
def client():
|
||||
ctx = context.current()
|
||||
if CONF.cinder_api_version == 1:
|
||||
args = {
|
||||
'insecure': CONF.cinder.api_insecure,
|
||||
'cacert': CONF.cinder.ca_file
|
||||
}
|
||||
if CONF.cinder.api_version == 1:
|
||||
volume_url = base.url_for(ctx.service_catalog, 'volume')
|
||||
cinder = cinder_client_v1.Client(ctx.username, ctx.auth_token,
|
||||
ctx.tenant_id, volume_url)
|
||||
ctx.tenant_id, volume_url, **args)
|
||||
else:
|
||||
volume_url = base.url_for(ctx.service_catalog, 'volumev2')
|
||||
cinder = cinder_client_v2.Client(ctx.username, ctx.auth_token,
|
||||
ctx.tenant_id, volume_url)
|
||||
ctx.tenant_id, volume_url, **args)
|
||||
|
||||
cinder.client.auth_token = ctx.auth_token
|
||||
cinder.client.management_url = volume_url
|
||||
|
@ -28,8 +28,22 @@ from sahara.utils import general as g
|
||||
from sahara.utils.openstack import base
|
||||
from sahara.utils.openstack import neutron
|
||||
|
||||
opts = [
|
||||
cfg.BoolOpt('api_insecure',
|
||||
default=False,
|
||||
help='Allow to perform insecure SSL requests to heat.'),
|
||||
cfg.StrOpt('ca_file',
|
||||
help='Location of ca certificates file to use for heat '
|
||||
'client requests.')
|
||||
]
|
||||
|
||||
heat_group = cfg.OptGroup(name='heat',
|
||||
title='Heat client options')
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.register_group(heat_group)
|
||||
CONF.register_opts(opts, group=heat_group)
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
SSH_PORT = 22
|
||||
@ -38,7 +52,9 @@ SSH_PORT = 22
|
||||
def client():
|
||||
ctx = context.current()
|
||||
heat_url = base.url_for(ctx.service_catalog, 'orchestration')
|
||||
return heat_client.Client('1', heat_url, token=ctx.auth_token)
|
||||
return heat_client.Client('1', heat_url, token=ctx.auth_token,
|
||||
cert_file=CONF.heat.ca_file,
|
||||
insecure=CONF.heat.api_insecure)
|
||||
|
||||
|
||||
def get_stack(stack_name):
|
||||
|
@ -21,8 +21,7 @@ from sahara import context
|
||||
from sahara.utils.openstack import base
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
||||
# TODO(alazarev) Move to [keystone] section
|
||||
opts = [
|
||||
cfg.BoolOpt('use_identity_api_v3',
|
||||
default=True,
|
||||
@ -31,7 +30,23 @@ opts = [
|
||||
'per-job clusters will not be terminated '
|
||||
'automatically.')
|
||||
]
|
||||
|
||||
ssl_opts = [
|
||||
cfg.BoolOpt('api_insecure',
|
||||
default=False,
|
||||
help='Allow to perform insecure SSL requests to keystone.'),
|
||||
cfg.StrOpt('ca_file',
|
||||
help='Location of ca certificates file to use for keystone '
|
||||
'client requests.')
|
||||
]
|
||||
|
||||
keystone_group = cfg.OptGroup(name='keystone',
|
||||
title='Keystone client options')
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.register_group(keystone_group)
|
||||
CONF.register_opts(opts)
|
||||
CONF.register_opts(ssl_opts, group=keystone_group)
|
||||
|
||||
|
||||
def client():
|
||||
@ -58,7 +73,10 @@ def _client(username, password=None, token=None, tenant_name=None,
|
||||
'tenant_id': tenant_id,
|
||||
'trust_id': trust_id,
|
||||
'user_domain_name': domain_name,
|
||||
'auth_url': auth_url}
|
||||
'auth_url': auth_url,
|
||||
'cacert': CONF.keystone.ca_file,
|
||||
'insecure': CONF.keystone.api_insecure
|
||||
}
|
||||
|
||||
if CONF.use_identity_api_v3:
|
||||
keystone = keystone_client_v3.Client(**client_kwargs)
|
||||
|
@ -15,6 +15,7 @@
|
||||
|
||||
|
||||
from neutronclient.neutron import client as neutron_cli
|
||||
from oslo.config import cfg
|
||||
|
||||
from sahara import context
|
||||
from sahara import exceptions as ex
|
||||
@ -23,6 +24,22 @@ from sahara.openstack.common import log as logging
|
||||
from sahara.utils.openstack import base
|
||||
|
||||
|
||||
opts = [
|
||||
cfg.BoolOpt('api_insecure',
|
||||
default=False,
|
||||
help='Allow to perform insecure SSL requests to neutron.'),
|
||||
cfg.StrOpt('ca_file',
|
||||
help='Location of ca certificates file to use for neutron '
|
||||
'client requests.')
|
||||
]
|
||||
|
||||
neutron_group = cfg.OptGroup(name='neutron',
|
||||
title='Neutron client options')
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.register_group(neutron_group)
|
||||
CONF.register_opts(opts, group=neutron_group)
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
@ -33,7 +50,9 @@ def client():
|
||||
'tenant_name': ctx.tenant_name,
|
||||
'tenant_id': ctx.tenant_id,
|
||||
'token': ctx.auth_token,
|
||||
'endpoint_url': base.url_for(ctx.service_catalog, 'network')
|
||||
'endpoint_url': base.url_for(ctx.service_catalog, 'network'),
|
||||
'ca_cert': CONF.neutron.ca_file,
|
||||
'insecure': CONF.neutron.api_insecure
|
||||
}
|
||||
return neutron_cli.Client('2.0', **args)
|
||||
|
||||
@ -46,7 +65,9 @@ class NeutronClient(object):
|
||||
self.neutron = neutron_cli.Client('2.0',
|
||||
endpoint_url=uri,
|
||||
token=token,
|
||||
tenant_name=tenant_name)
|
||||
tenant_name=tenant_name,
|
||||
ca_cert=CONF.neutron.ca_file,
|
||||
insecure=CONF.neutron.api_insecure)
|
||||
self.network = network
|
||||
|
||||
def get_router(self):
|
||||
|
@ -15,12 +15,30 @@
|
||||
|
||||
from novaclient import exceptions as nova_ex
|
||||
from novaclient.v1_1 import client as nova_client
|
||||
from oslo.config import cfg
|
||||
|
||||
from sahara import context
|
||||
import sahara.utils.openstack.base as base
|
||||
from sahara.utils.openstack import images
|
||||
|
||||
|
||||
opts = [
|
||||
cfg.BoolOpt('api_insecure',
|
||||
default=False,
|
||||
help='Allow to perform insecure SSL requests to nova.'),
|
||||
cfg.StrOpt('ca_file',
|
||||
help='Location of ca certificates file to use for nova '
|
||||
'client requests.')
|
||||
]
|
||||
|
||||
nova_group = cfg.OptGroup(name='nova',
|
||||
title='Nova client options')
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.register_group(nova_group)
|
||||
CONF.register_opts(opts, group=nova_group)
|
||||
|
||||
|
||||
def client():
|
||||
ctx = context.current()
|
||||
auth_url = base.retrieve_auth_url()
|
||||
@ -29,7 +47,9 @@ def client():
|
||||
nova = nova_client.Client(username=ctx.username,
|
||||
api_key=None,
|
||||
project_id=ctx.tenant_id,
|
||||
auth_url=auth_url)
|
||||
auth_url=auth_url,
|
||||
cacert=CONF.nova.ca_file,
|
||||
insecure=CONF.nova.api_insecure)
|
||||
|
||||
nova.client.auth_token = ctx.auth_token
|
||||
nova.client.management_url = compute_url
|
||||
|
@ -13,12 +13,29 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from oslo.config import cfg
|
||||
import swiftclient
|
||||
|
||||
from sahara.swift import swift_helper as sh
|
||||
from sahara.swift import utils as su
|
||||
from sahara.utils.openstack import keystone as k
|
||||
|
||||
opts = [
|
||||
cfg.BoolOpt('api_insecure',
|
||||
default=False,
|
||||
help='Allow to perform insecure SSL requests to swift.'),
|
||||
cfg.StrOpt('ca_file',
|
||||
help='Location of ca certificates file to use for swift '
|
||||
'client requests.')
|
||||
]
|
||||
|
||||
swift_group = cfg.OptGroup(name='swift',
|
||||
title='Swift client options')
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.register_group(swift_group)
|
||||
CONF.register_opts(opts, group=swift_group)
|
||||
|
||||
|
||||
def client(username, password, trust_id=None):
|
||||
'''return a Swift client
|
||||
@ -36,7 +53,10 @@ def client(username, password, trust_id=None):
|
||||
:returns: A Swift client object
|
||||
|
||||
'''
|
||||
client_kwargs = dict(auth_version='2.0')
|
||||
client_kwargs = dict(
|
||||
auth_version='2.0',
|
||||
cacert=CONF.swift.ca_file,
|
||||
insecure=CONF.swift.api_insecure)
|
||||
if trust_id:
|
||||
proxyclient = k.client_for_proxy_user(username, password, trust_id)
|
||||
client_kwargs.update(preauthurl=su.retrieve_preauth_url(),
|
||||
|
Loading…
Reference in New Issue
Block a user