164 lines
6.4 KiB
Python
164 lines
6.4 KiB
Python
# Copyright 2014
|
|
# The Cloudscaling Group, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from cinderclient import client as cinderclient
|
|
from glanceclient import client as glanceclient
|
|
from keystoneauth1 import loading as ks_loading
|
|
from keystoneclient import client as keystoneclient
|
|
from neutronclient.v2_0 import client as neutronclient
|
|
from novaclient import api_versions as nova_api_versions
|
|
from novaclient import client as novaclient
|
|
from oslo_config import cfg
|
|
from oslo_log import log as logging
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
ec2_opts = [
|
|
cfg.StrOpt('nova_service_type',
|
|
default='compute',
|
|
help='Service type of Compute API, registered in Keystone '
|
|
'catalog. Should be v2.1 with microversion support. '
|
|
'If it is obsolete v2, a lot of useful EC2 compliant '
|
|
'instance properties will be unavailable.'),
|
|
cfg.StrOpt('cinder_service_type',
|
|
default='volumev3',
|
|
help='Service type of Volume API, registered in Keystone '
|
|
'catalog.'),
|
|
]
|
|
|
|
CONF = cfg.CONF
|
|
CONF.register_opts(ec2_opts)
|
|
|
|
GROUP_AUTHTOKEN = 'keystone_authtoken'
|
|
ks_loading.register_session_conf_options(CONF, GROUP_AUTHTOKEN)
|
|
ks_loading.register_auth_conf_options(CONF, GROUP_AUTHTOKEN)
|
|
|
|
|
|
# Nova API version with microversions support
|
|
REQUIRED_NOVA_API_VERSION = '2.1'
|
|
REQUIRED_NOVA_API_VERSION_ID = 'v%s' % REQUIRED_NOVA_API_VERSION
|
|
LEGACY_NOVA_API_VERSION = '2'
|
|
# Nova API's 2.3 microversion provides additional EC2 compliant instance
|
|
# properties
|
|
# Nova API's 2.10 microversion provides admin access to users keypairs,
|
|
# which allows metadata service to expose openssh part of an instance key
|
|
# Nova API's 2.32 microversion allows 'tag' field of bdm v2, which may be
|
|
# contained in image bdms, defined by users or autocreated with instance
|
|
# snapshot
|
|
REQUIRED_NOVA_API_MICROVERSION = '2.32'
|
|
_nova_api_version = None
|
|
|
|
|
|
def nova(context):
|
|
global _nova_api_version
|
|
if not _nova_api_version:
|
|
_nova_api_version = _get_nova_api_version(context)
|
|
clnt = novaclient.Client(_nova_api_version,
|
|
session=context.session,
|
|
service_type=CONF.nova_service_type)
|
|
# NOTE(ft): workaround for LP #1494116 bug
|
|
if not hasattr(clnt.client, 'last_request_id'):
|
|
setattr(clnt.client, 'last_request_id', None)
|
|
return clnt
|
|
|
|
|
|
def neutron(context):
|
|
return neutronclient.Client(session=context.session,
|
|
service_type='network')
|
|
|
|
|
|
def glance(context):
|
|
return glanceclient.Client(version='2', service_type='image',
|
|
session=context.session)
|
|
|
|
|
|
def cinder(context):
|
|
url = context.session.get_endpoint(service_type=CONF.cinder_service_type)
|
|
# TODO(jamielennox): This should be using proper version discovery from
|
|
# the cinder service rather than just inspecting the URL for certain string
|
|
# values.
|
|
version = cinderclient.get_volume_api_from_url(url)
|
|
return cinderclient.Client(version, session=context.session,
|
|
service_type=CONF.cinder_service_type)
|
|
|
|
|
|
def keystone(context):
|
|
url = context.session.get_endpoint(service_type='identity')
|
|
return keystoneclient.Client(auth_url=url,
|
|
session=context.session)
|
|
|
|
|
|
def _get_nova_api_version(context):
|
|
client = novaclient.Client(REQUIRED_NOVA_API_VERSION,
|
|
session=context.session,
|
|
service_type=CONF.nova_service_type)
|
|
|
|
required = nova_api_versions.APIVersion(REQUIRED_NOVA_API_MICROVERSION)
|
|
current = client.versions.get_current()
|
|
if not current:
|
|
logger.warning(
|
|
'Could not check Nova API version because no version '
|
|
'was found in Nova version list for url %(url)s of service '
|
|
'type "%(service_type)s". '
|
|
'Use v%(required_api_version)s Nova API.',
|
|
{'url': client.client.get_endpoint(),
|
|
'service_type': CONF.nova_service_type,
|
|
'required_api_version': REQUIRED_NOVA_API_MICROVERSION})
|
|
return REQUIRED_NOVA_API_MICROVERSION
|
|
if current.id != REQUIRED_NOVA_API_VERSION_ID:
|
|
logger.warning(
|
|
'Specified "%s" Nova service type does not support v2.1 API. '
|
|
'A lot of useful EC2 compliant instance properties '
|
|
'will be unavailable.', CONF.nova_service_type)
|
|
return LEGACY_NOVA_API_VERSION
|
|
if (nova_api_versions.APIVersion(current.version) < required):
|
|
logger.warning(
|
|
'Nova support v%(nova_api_version)s, '
|
|
'but v%(required_api_version)s is required. '
|
|
'A lot of useful EC2 compliant instance properties '
|
|
'will be unavailable.',
|
|
{'nova_api_version': current.version,
|
|
'required_api_version': REQUIRED_NOVA_API_MICROVERSION})
|
|
return current.version
|
|
logger.info('Provided Nova API version is v%(nova_api_version)s, '
|
|
'used one is v%(required_api_version)s',
|
|
{'nova_api_version': current.version,
|
|
'required_api_version': (
|
|
REQUIRED_NOVA_API_MICROVERSION)})
|
|
return REQUIRED_NOVA_API_MICROVERSION
|
|
|
|
|
|
_admin_session = None
|
|
|
|
|
|
def get_os_admin_session():
|
|
"""Create a context to interact with OpenStack as an administrator."""
|
|
# NOTE(ft): this is a singletone because keystone's session looks thread
|
|
# safe for both regular and token renewal requests
|
|
global _admin_session
|
|
if not _admin_session:
|
|
auth_plugin = ks_loading.load_auth_from_conf_options(
|
|
CONF, GROUP_AUTHTOKEN)
|
|
_admin_session = ks_loading.load_session_from_conf_options(
|
|
CONF, GROUP_AUTHTOKEN, auth=auth_plugin)
|
|
|
|
return _admin_session
|
|
|
|
|
|
def update_request_params_with_ssl(params):
|
|
verify = (CONF[GROUP_AUTHTOKEN].cafile or
|
|
not CONF[GROUP_AUTHTOKEN].insecure)
|
|
if verify is not True:
|
|
params['verify'] = verify
|