Merge "Use keystoneauth1 for cinder access"
This commit is contained in:
commit
19a8114ef9
|
@ -9,4 +9,8 @@ SERVICE_PASSWORD=pass
|
||||||
SERVICE_TOKEN=pass
|
SERVICE_TOKEN=pass
|
||||||
ADMIN_PASSWORD=pass
|
ADMIN_PASSWORD=pass
|
||||||
|
|
||||||
|
# Install kuryr git master source code by default.
|
||||||
|
# If you want to use stable kuryr lib, please comment out this line.
|
||||||
|
LIBS_FROM_GIT=kuryr
|
||||||
|
|
||||||
enable_plugin fuxi https://git.openstack.org/openstack/fuxi
|
enable_plugin fuxi https://git.openstack.org/openstack/fuxi
|
||||||
|
|
|
@ -54,10 +54,7 @@ function configure_fuxi {
|
||||||
|
|
||||||
if is_service_enabled fuxi; then
|
if is_service_enabled fuxi; then
|
||||||
configure_auth_token_middleware $FUXI_CONFIG fuxi \
|
configure_auth_token_middleware $FUXI_CONFIG fuxi \
|
||||||
$FUXI_AUTH_CACHE_DIR keystone
|
$FUXI_AUTH_CACHE_DIR cinder
|
||||||
iniset $FUXI_CONFIG keystone admin_user fuxi
|
|
||||||
iniset $FUXI_CONFIG keystone admin_password $SERVICE_PASSWORD
|
|
||||||
iniset $FUXI_CONFIG keystone admin_tenant_name $SERVICE_PROJECT_NAME
|
|
||||||
|
|
||||||
iniset $FUXI_CONFIG DEFAULT fuxi_port 7879
|
iniset $FUXI_CONFIG DEFAULT fuxi_port 7879
|
||||||
iniset $FUXI_CONFIG DEFAULT my_ip $HOST_IP
|
iniset $FUXI_CONFIG DEFAULT my_ip $HOST_IP
|
||||||
|
@ -79,6 +76,10 @@ function configure_fuxi {
|
||||||
if is_service_enabled fuxi; then
|
if is_service_enabled fuxi; then
|
||||||
|
|
||||||
if [[ "$1" == "stack" && "$2" == "install" ]]; then
|
if [[ "$1" == "stack" && "$2" == "install" ]]; then
|
||||||
|
if use_library_from_git "kuryr"; then
|
||||||
|
git_clone_by_name "kuryr"
|
||||||
|
setup_dev_lib "kuryr"
|
||||||
|
fi
|
||||||
install_etcd_data_store
|
install_etcd_data_store
|
||||||
setup_develop $FUXI_HOME
|
setup_develop $FUXI_HOME
|
||||||
|
|
||||||
|
|
|
@ -17,4 +17,8 @@ FUXI_DOCKER_ENGINE_PORT=${FUXI_DOCKER_ENGINE_PORT:-2375}
|
||||||
FUXI_DOCKER_ENGINE_SOCKET_FILE=${FUXI_DOCKER_ENGINE_SOCKET_FILE:-/var/run/docker.sock}
|
FUXI_DOCKER_ENGINE_SOCKET_FILE=${FUXI_DOCKER_ENGINE_SOCKET_FILE:-/var/run/docker.sock}
|
||||||
FUXI_ETCD_PORT=${FUXI_ETCD_PORT:-4001}
|
FUXI_ETCD_PORT=${FUXI_ETCD_PORT:-4001}
|
||||||
|
|
||||||
|
GITREPO["kuryr"]=${KURYR_REPO:-${GIT_BASE}/openstack/kuryr.git}
|
||||||
|
GITBRANCH["kuryr"]=${KURYR_BRANCH:-master}
|
||||||
|
GITDIR["kuryr"]=$DEST/kuryr
|
||||||
|
|
||||||
enable_service fuxi etcd-server docker-engine
|
enable_service fuxi etcd-server docker-engine
|
||||||
|
|
|
@ -12,6 +12,8 @@
|
||||||
|
|
||||||
import os
|
import os
|
||||||
|
|
||||||
|
from kuryr.lib import config as kuryr_config
|
||||||
|
from kuryr.lib import opts as kuryr_opts
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
|
|
||||||
|
@ -45,31 +47,39 @@ default_opts = [
|
||||||
default='/etc/fuxi/rootwrap.conf'),
|
default='/etc/fuxi/rootwrap.conf'),
|
||||||
]
|
]
|
||||||
|
|
||||||
keystone_opts = [
|
legacy_keystone_opts = [
|
||||||
cfg.StrOpt('region',
|
cfg.StrOpt('region',
|
||||||
default=os.environ.get('REGION'),
|
default=os.environ.get('REGION'),
|
||||||
help=_('The region that this machine belongs to.')),
|
help=_('The region that this machine belongs to.'),
|
||||||
|
deprecated_for_removal=True),
|
||||||
cfg.StrOpt('auth_url',
|
cfg.StrOpt('auth_url',
|
||||||
default=os.environ.get('IDENTITY_URL'),
|
default=os.environ.get('IDENTITY_URL'),
|
||||||
help=_('The URL for accessing the identity service.')),
|
help=_('The URL for accessing the identity service.'),
|
||||||
|
deprecated_for_removal=True),
|
||||||
cfg.StrOpt('admin_user',
|
cfg.StrOpt('admin_user',
|
||||||
default=os.environ.get('SERVICE_USER'),
|
default=os.environ.get('SERVICE_USER'),
|
||||||
help=_('The username to auth with the identity service.')),
|
help=_('The username to auth with the identity service.'),
|
||||||
|
deprecated_for_removal=True),
|
||||||
cfg.StrOpt('admin_tenant_name',
|
cfg.StrOpt('admin_tenant_name',
|
||||||
default=os.environ.get('SERVICE_TENANT_NAME'),
|
default=os.environ.get('SERVICE_TENANT_NAME'),
|
||||||
help=_('The tenant name to auth with the identity service.')),
|
help=_('The tenant name to auth with the identity service.'),
|
||||||
|
deprecated_for_removal=True),
|
||||||
cfg.StrOpt('admin_password',
|
cfg.StrOpt('admin_password',
|
||||||
default=os.environ.get('SERVICE_PASSWORD'),
|
default=os.environ.get('SERVICE_PASSWORD'),
|
||||||
help=_('The password to auth with the identity service.')),
|
help=_('The password to auth with the identity service.'),
|
||||||
|
deprecated_for_removal=True),
|
||||||
cfg.StrOpt('admin_token',
|
cfg.StrOpt('admin_token',
|
||||||
default=os.environ.get('SERVICE_TOKEN'),
|
default=os.environ.get('SERVICE_TOKEN'),
|
||||||
help=_('The admin token.')),
|
help=_('The admin token.'),
|
||||||
|
deprecated_for_removal=True),
|
||||||
cfg.StrOpt('auth_ca_cert',
|
cfg.StrOpt('auth_ca_cert',
|
||||||
default=os.environ.get('SERVICE_CA_CERT'),
|
default=os.environ.get('SERVICE_CA_CERT'),
|
||||||
help=_('The CA certification file.')),
|
help=_('The CA certification file.'),
|
||||||
|
deprecated_for_removal=True),
|
||||||
cfg.BoolOpt('auth_insecure',
|
cfg.BoolOpt('auth_insecure',
|
||||||
default=True,
|
default=True,
|
||||||
help=_("Turn off verification of the certificate for ssl.")),
|
help=_("Turn off verification of the certificate for ssl."),
|
||||||
|
deprecated_for_removal=True),
|
||||||
]
|
]
|
||||||
|
|
||||||
cinder_opts = [
|
cinder_opts = [
|
||||||
|
@ -96,9 +106,17 @@ cinder_opts = [
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
CONF.register_opts(default_opts)
|
CONF.register_opts(default_opts)
|
||||||
CONF.register_opts(keystone_opts, group='keystone')
|
CONF.register_opts(legacy_keystone_opts, group='keystone')
|
||||||
CONF.register_opts(cinder_opts, group='cinder')
|
CONF.register_opts(cinder_opts, group='cinder')
|
||||||
|
|
||||||
|
CFG_GROUP = 'cinder'
|
||||||
|
|
||||||
|
# Settting options for Keystone.
|
||||||
|
kuryr_config.register_keystoneauth_opts(CONF, CFG_GROUP)
|
||||||
|
CONF.set_default('auth_type', default='password', group=CFG_GROUP)
|
||||||
|
|
||||||
|
keystone_auth_opts = kuryr_opts.get_keystoneauth_conf_options()
|
||||||
|
|
||||||
# Setting oslo.log options for logging.
|
# Setting oslo.log options for logging.
|
||||||
logging.register_options(CONF)
|
logging.register_options(CONF)
|
||||||
|
|
||||||
|
|
|
@ -21,5 +21,6 @@ from fuxi.common import config
|
||||||
|
|
||||||
def list_fuxi_opts():
|
def list_fuxi_opts():
|
||||||
return [('DEFAULT', itertools.chain(config.default_opts,)),
|
return [('DEFAULT', itertools.chain(config.default_opts,)),
|
||||||
('keystone', itertools.chain(config.keystone_opts,)),
|
('keystone', itertools.chain(config.legacy_keystone_opts,)),
|
||||||
('cinder', itertools.chain(config.cinder_opts,)), ]
|
('cinder', itertools.chain(config.cinder_opts,)),
|
||||||
|
(config.CFG_GROUP, itertools.chain(config.keystone_auth_opts,)), ]
|
||||||
|
|
|
@ -18,14 +18,12 @@ import socket
|
||||||
import string
|
import string
|
||||||
import traceback
|
import traceback
|
||||||
|
|
||||||
from fuxi.common import constants
|
|
||||||
from fuxi import exceptions
|
|
||||||
from fuxi.i18n import _LW, _LE
|
|
||||||
|
|
||||||
from cinderclient import client as cinder_client
|
from cinderclient import client as cinder_client
|
||||||
from cinderclient import exceptions as cinder_exception
|
from cinderclient import exceptions as cinder_exception
|
||||||
|
from keystoneauth1 import exceptions as ka_exception
|
||||||
from keystoneauth1.session import Session
|
from keystoneauth1.session import Session
|
||||||
from keystoneclient.auth import get_plugin_class
|
from keystoneclient.auth import get_plugin_class
|
||||||
|
from kuryr.lib import utils as kuryr_utils
|
||||||
from novaclient import client as nova_client
|
from novaclient import client as nova_client
|
||||||
from novaclient import exceptions as nova_exception
|
from novaclient import exceptions as nova_exception
|
||||||
from os_brick import exception as brick_exception
|
from os_brick import exception as brick_exception
|
||||||
|
@ -36,6 +34,11 @@ from oslo_utils import importutils
|
||||||
from oslo_utils import uuidutils
|
from oslo_utils import uuidutils
|
||||||
from werkzeug import exceptions as w_exceptions
|
from werkzeug import exceptions as w_exceptions
|
||||||
|
|
||||||
|
from fuxi.common import config
|
||||||
|
from fuxi.common import constants
|
||||||
|
from fuxi import exceptions
|
||||||
|
from fuxi.i18n import _LW, _LE
|
||||||
|
|
||||||
cloud_init_conf = '/var/lib/cloud/instances'
|
cloud_init_conf = '/var/lib/cloud/instances'
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
|
@ -140,7 +143,7 @@ def _openstack_auth_from_config(**config):
|
||||||
return plugin_class(**plugin_kwargs)
|
return plugin_class(**plugin_kwargs)
|
||||||
|
|
||||||
|
|
||||||
def get_keystone_session(**kwargs):
|
def get_legacy_keystone_session(**kwargs):
|
||||||
keystone_conf = CONF.keystone
|
keystone_conf = CONF.keystone
|
||||||
config = {}
|
config = {}
|
||||||
config['auth_url'] = keystone_conf.auth_url
|
config['auth_url'] = keystone_conf.auth_url
|
||||||
|
@ -158,6 +161,16 @@ def get_keystone_session(**kwargs):
|
||||||
return Session(auth=_openstack_auth_from_config(**config), verify=verify)
|
return Session(auth=_openstack_auth_from_config(**config), verify=verify)
|
||||||
|
|
||||||
|
|
||||||
|
def get_keystone_session(**kwargs):
|
||||||
|
try:
|
||||||
|
conf_group = config.CFG_GROUP
|
||||||
|
auth_plugin = kuryr_utils.get_auth_plugin(conf_group)
|
||||||
|
session = kuryr_utils.get_keystone_session(conf_group, auth_plugin)
|
||||||
|
return session
|
||||||
|
except ka_exception.MissingRequiredOptions:
|
||||||
|
return get_legacy_keystone_session(**kwargs)
|
||||||
|
|
||||||
|
|
||||||
def get_cinderclient(session=None, region=None, **kwargs):
|
def get_cinderclient(session=None, region=None, **kwargs):
|
||||||
if not session:
|
if not session:
|
||||||
session = get_keystone_session(**kwargs)
|
session = get_keystone_session(**kwargs)
|
||||||
|
|
|
@ -7,6 +7,7 @@ pytz>=2013.6 # MIT
|
||||||
Babel>=2.3.4 # BSD
|
Babel>=2.3.4 # BSD
|
||||||
Flask!=0.11,<1.0,>=0.10 # BSD
|
Flask!=0.11,<1.0,>=0.10 # BSD
|
||||||
keystoneauth1>=2.16.0 # Apache-2.0
|
keystoneauth1>=2.16.0 # Apache-2.0
|
||||||
|
kuryr-lib>=0.1.0 # Apache-2.0
|
||||||
oslo.rootwrap>=5.0.0 # Apache-2.0
|
oslo.rootwrap>=5.0.0 # Apache-2.0
|
||||||
oslo.concurrency>=3.8.0 # Apache-2.0
|
oslo.concurrency>=3.8.0 # Apache-2.0
|
||||||
oslo.config!=3.18.0,>=3.14.0 # Apache-2.0
|
oslo.config!=3.18.0,>=3.14.0 # Apache-2.0
|
||||||
|
|
Loading…
Reference in New Issue