openstack/nova
Code Issues Proposed changes

Merge "Fixes cloudpipe extension to work with keystone"

Browse Source
This commit is contained in:
Jenkins 2012-02-28 09:17:18 +00:00 committed by Gerrit Code Review
commit 54956b2138
10 changed files with 149 additions and 271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
bin/nova-manage
View File

@ -92,7 +92,6 @@ from nova import version
from nova import vsa
from nova.api.ec2 import ec2utils
from nova.auth import manager
from nova.cloudpipe import pipelib
from nova.compute import instance_types
from nova.compute import vm_states
from nova.db import migration
@ -132,65 +131,6 @@ class VpnCommands(object):
def __init__(self):
self.manager = manager.AuthManager()
self.pipe = pipelib.CloudPipe()
@args('--project', dest="project", metavar='<Project name>',
help='Project name')
def list(self, project=None):
"""Print a listing of the VPN data for one or all projects."""
print "WARNING: This method only works with deprecated auth"
print "%-12s\t" % 'project',
print "%-20s\t" % 'ip:port',
print "%-20s\t" % 'private_ip',
print "%s" % 'state'
if project:
projects = [self.manager.get_project(project)]
else:
projects = self.manager.get_projects()
# NOTE(vish): This hits the database a lot. We could optimize
# by getting all networks in one query and all vpns
# in aother query, then doing lookups by project
for project in projects:
print "%-12s\t" % project.name,
ipport = "%s:%s" % (project.vpn_ip, project.vpn_port)
print "%-20s\t" % ipport,
ctxt = context.get_admin_context()
vpn = db.instance_get_project_vpn(ctxt, project.id)
if vpn:
address = None
state = 'down'
if vpn.get('fixed_ip', None):
address = vpn['fixed_ip']['address']
if project.vpn_ip and utils.vpn_ping(project.vpn_ip,
project.vpn_port):
state = 'up'
print address,
print vpn['host'],
print ec2utils.id_to_ec2_id(vpn['id']),
print vpn['vm_state'],
print state
else:
print None
def spawn(self):
"""Run all VPNs."""
print "WARNING: This method only works with deprecated auth"
ctxt = context.get_admin_context()
for p in reversed(self.manager.get_projects()):
if self._vpn_for(ctxt, p.id):
print 'spawning %s' % p.id
self.pipe.launch_vpn_instance(p.id, p.project_manager_id)
time.sleep(10)
@args('--project', dest="project_id", metavar='<Project name>',
help='Project name')
@args('--user', dest="user_id", metavar='<user name>', help='User name')
def run(self, project_id, user_id):
"""Start the VPN for a given project and user."""
if not user_id:
print "WARNING: This method only works with deprecated auth"
user_id = self.manager.get_project(project_id).project_manager_id
self.pipe.launch_vpn_instance(project_id, user_id)
@args('--project', dest="project_id", metavar='<Project name>',
help='Project name')
@ -213,13 +153,6 @@ class VpnCommands(object):
{'vpn_public_address': ip,
'vpn_public_port': int(port)})
def _vpn_for(self, context, project_id):
"""Get the VPN instance for a project ID."""
for instance in db.instance_get_all_by_project(context, project_id):
if (instance['image_id'] == str(FLAGS.vpn_image_id)
and not instance['vm_state'] in [vm_states.DELETED]):
return instance
class ShellCommands(object):
def bpython(self):

2
etc/nova/policy.json
View File

@ -25,7 +25,7 @@
"compute_extension:admin_actions:migrate": [["rule:admin_api"]],
"compute_extension:aggregates": [["rule:admin_api"]],
"compute_extension:certificates": [],
"compute_extension:cloudpipe": [],
"compute_extension:cloudpipe": [["rule:admin_api"]],
"compute_extension:console_output": [],
"compute_extension:consoles": [],
"compute_extension:createserverext": [],

11
nova/api/openstack/common.py
View File

@ -304,6 +304,11 @@ def get_networks_for_instance_from_nw_info(nw_info):
return networks
def get_nw_info_for_instance(context, instance):
cached_nwinfo = instance['info_cache'].get('network_info') or []
return network_model.NetworkInfo.hydrate(cached_nwinfo)
def get_networks_for_instance(context, instance):
"""Returns a prepared nw_info list for passing into the view
builders
@ -315,11 +320,7 @@ def get_networks_for_instance(context, instance):
{'addr': '172.16.2.1', 'version': 4}]},
...}
"""
cached_nwinfo = instance['info_cache']['network_info']
if not cached_nwinfo:
return {}
nw_info = network_model.NetworkInfo.hydrate(cached_nwinfo)
nw_info = get_nw_info_for_instance(context, instance)
return get_networks_for_instance_from_nw_info(nw_info)

86
nova/api/openstack/compute/contrib/cloudpipe.py
View File

@ -16,6 +16,7 @@
import os
from nova.api.openstack import common
from nova.api.openstack import wsgi
from nova.api.openstack import xmlutil
from nova.api.openstack import extensions
@ -27,6 +28,7 @@ from nova import db
from nova import exception
from nova import flags
from nova import log as logging
from nova import network
from nova import utils
@ -54,6 +56,7 @@ class CloudpipeController(object):
def __init__(self):
self.compute_api = compute.API()
self.network_api = network.API()
self.auth_manager = manager.AuthManager()
self.cloudpipe = pipelib.CloudPipe()
self.setup()
@ -66,58 +69,76 @@ class CloudpipeController(object):
if not os.path.exists(FLAGS.keys_path):
os.makedirs(FLAGS.keys_path)
def _get_all_cloudpipes(self, context):
"""Get all cloudpipes"""
return [instance for instance in self.compute_api.get_all(context)
if instance['image_ref'] == str(FLAGS.vpn_image_id)
and instance['vm_state'] != vm_states.DELETED]
def _get_cloudpipe_for_project(self, context, project_id):
"""Get the cloudpipe instance for a project ID."""
# NOTE(todd): this should probably change to compute_api.get_all
# or db.instance_get_project_vpn
for instance in db.instance_get_all_by_project(context, project_id):
if (instance['image_id'] == str(FLAGS.vpn_image_id)
and instance['vm_state'] != vm_states.DELETED):
return instance
cloudpipes = self._get_all_cloudpipes(context) or [None]
return cloudpipes[0]
def _vpn_dict(self, project, vpn_instance):
rv = {'project_id': project.id,
'public_ip': project.vpn_ip,
'public_port': project.vpn_port}
if vpn_instance:
rv['instance_id'] = vpn_instance['uuid']
rv['created_at'] = utils.isotime(vpn_instance['created_at'])
address = vpn_instance.get('fixed_ip', None)
if address:
rv['internal_ip'] = address['address']
if project.vpn_ip and project.vpn_port:
if utils.vpn_ping(project.vpn_ip, project.vpn_port):
def _get_ip_and_port(self, instance):
pass
def _vpn_dict(self, context, project_id, instance):
elevated = context.elevated()
rv = {'project_id': project_id}
if not instance:
rv['state'] = 'pending'
return rv
rv['instance_id'] = instance['uuid']
rv['created_at'] = utils.isotime(instance['created_at'])
nw_info = common.get_nw_info_for_instance(elevated, instance)
if not nw_info:
return rv
vif = nw_info[0]
ips = [ip for ip in vif.fixed_ips() if ip['version'] == 4]
if ips:
rv['internal_ip'] = ips[0]['address']
network = self.network_api.get(elevated, vif['network']['id'])
if network:
vpn_ip = network['vpn_public_address']
vpn_port = network['vpn_public_port']
rv['public_ip'] = vpn_ip
rv['public_port'] = vpn_port
if vpn_ip and vpn_port:
if utils.vpn_ping(vpn_ip, vpn_port):
rv['state'] = 'running'
else:
rv['state'] = 'down'
else:
rv['state'] = 'invalid'
else:
rv['state'] = 'pending'
return rv
@wsgi.serializers(xml=CloudpipeTemplate)
def create(self, req, body):
"""Create a new cloudpipe instance, if none exists.
Parameters: {cloudpipe: {project_id: XYZ}}
Parameters: {cloudpipe: {'project_id': ''}}
"""
ctxt = req.environ['nova.context']
authorize(ctxt)
context = req.environ['nova.context']
authorize(context)
params = body.get('cloudpipe', {})
project_id = params.get('project_id', ctxt.project_id)
instance = self._get_cloudpipe_for_project(ctxt, project_id)
project_id = params.get('project_id', context.project_id)
# NOTE(vish): downgrade to project context. Note that we keep
# the same token so we can still talk to glance
context.project_id = project_id
context.user_id = 'project-vpn'
context.is_admin = False
context.roles = []
instance = self._get_cloudpipe_for_project(context, project_id)
if not instance:
proj = self.auth_manager.get_project(project_id)
user_id = proj.project_manager_id
try:
self.cloudpipe.launch_vpn_instance(project_id, user_id)
result = self.cloudpipe.launch_vpn_instance(context)
instance = result[0][0]
except db.NoMoreNetworks:
msg = _("Unable to claim IP for VPN instances, ensure it "
"isn't running, and try again in a few minutes")
raise exception.HTTPBadRequest(explanation=msg)
instance = self._get_cloudpipe_for_project(ctxt, proj)
return {'instance_id': instance['uuid']}
@wsgi.serializers(xml=CloudpipesTemplate)
@ -125,11 +146,8 @@ class CloudpipeController(object):
"""List running cloudpipe instances."""
context = req.environ['nova.context']
authorize(context)
vpns = []
# TODO(todd): could use compute_api.get_all with admin context?
for project in self.auth_manager.get_projects():
instance = self._get_cloudpipe_for_project(context, project.id)
vpns.append(self._vpn_dict(project, instance))
vpns = [self._vpn_dict(context, x['project_id'], x)
for x in self._get_all_cloudpipes(context)]
return {'cloudpipes': vpns}

44
nova/cloudpipe/pipelib.py
View File

@ -27,7 +27,10 @@ import string
import tempfile
import zipfile
from nova import context
# NOTE(vish): cloud is only for the _gen_key functionality
from nova.api.ec2 import cloud
from nova import compute
from nova.compute import instance_types
from nova import crypto
from nova import db
from nova import exception
@ -35,12 +38,12 @@ from nova import flags
from nova import log as logging
from nova.openstack.common import cfg
from nova import utils
# TODO(eday): Eventually changes these to something not ec2-specific
from nova.api.ec2 import cloud
from nova.api.ec2 import ec2utils
cloudpipe_opts = [
cfg.StrOpt('vpn_instance_type',
default='m1.tiny',
help=_('Instance type for vpn instances')),
cfg.StrOpt('boot_script_template',
default=utils.abspath('cloudpipe/bootscript.template'),
help=_('Template for cloudpipe instance boot script')),
@ -61,7 +64,7 @@ LOG = logging.getLogger(__name__)
class CloudPipe(object):
def __init__(self):
self.controller = cloud.CloudController()
self.compute_api = compute.API()
def get_encoded_zip(self, project_id):
# Make a payload.zip
@ -100,22 +103,21 @@ class CloudPipe(object):
return encoded
def launch_vpn_instance(self, project_id, user_id):
LOG.debug(_("Launching VPN for %s") % (project_id))
ctxt = context.RequestContext(user_id=user_id,
project_id=project_id)
key_name = self.setup_key_pair(ctxt)
group_name = self.setup_security_group(ctxt)
ec2_id = ec2utils.image_ec2_id(FLAGS.vpn_image_id)
reservation = self.controller.run_instances(ctxt,
user_data=self.get_encoded_zip(project_id),
max_count=1,
min_count=1,
instance_type='m1.tiny',
image_id=ec2_id,
key_name=key_name,
security_group=[group_name])
def launch_vpn_instance(self, context):
LOG.debug(_("Launching VPN for %s") % (context.project_id))
key_name = self.setup_key_pair(context)
group_name = self.setup_security_group(context)
instance_type = instance_types.get_instance_type_by_name(
FLAGS.vpn_instance_type)
instance_name = '%s%s' % (context.project_id, FLAGS.vpn_key_suffix)
user_data = self.get_encoded_zip(context.project_id)
return self.compute_api.create(context,
instance_type,
FLAGS.vpn_image_id,
display_name=instance_name,
user_data=user_data,
key_name=key_name,
security_group=[group_name])
def setup_security_group(self, context):
group_name = '%s%s' % (context.project_id, FLAGS.vpn_key_suffix)

2
nova/crypto.py
View File

@ -265,7 +265,7 @@ def generate_vpn_files(project_id):
# this will be changed to be launched by a real user. At
# that point we will can delete this helper method.
key, csr = generate_x509_cert('project-vpn', project_id, 2048)
with open(key_fn, 'f') as keyfile:
with open(key_fn, 'w') as keyfile:
keyfile.write(key)
with open(crt_fn, 'w') as crtfile:
crtfile.write(csr)

10
nova/db/api.py
View File

@ -642,11 +642,6 @@ def instance_get_floating_address(context, instance_id):
return IMPL.instance_get_floating_address(context, instance_id)
def instance_get_project_vpn(context, project_id):
"""Get a vpn instance by project or return None."""
return IMPL.instance_get_project_vpn(context, project_id)
def instance_get_all_hung_in_rebooting(context, reboot_window):
"""Get all instances stuck in a rebooting state."""
return IMPL.instance_get_all_hung_in_rebooting(context, reboot_window)
@ -873,11 +868,6 @@ def network_get_index(context, network_id):
return IMPL.network_get_index(context, network_id)
def network_get_vpn_ip(context, network_id):
"""Get non-conflicting index for network."""
return IMPL.network_get_vpn_ip(context, network_id)
def network_set_cidr(context, network_id, cidr):
"""Set the Classless Inner Domain Routing for the network."""
return IMPL.network_set_cidr(context, network_id, cidr)

8
nova/db/sqlalchemy/api.py
View File

@ -1659,14 +1659,6 @@ def instance_get_all_by_reservation(context, reservation_id):
all()
@require_admin_context
def instance_get_project_vpn(context, project_id):
return _instance_get_all_query(context).\
filter_by(project_id=project_id).\
filter_by(image_ref=str(FLAGS.vpn_image_id)).\
first()
# NOTE(jkoelker) This is only being left here for compat with floating
# ips. Currently the network_api doesn't return floaters
# in network_info. Once it starts return the model. This

180
nova/tests/api/openstack/compute/contrib/test_cloudpipe.py
View File

@ -14,58 +14,34 @@
# under the License.
import datetime
import json
import webob
from lxml import etree
from nova.api import auth
from nova.api.openstack import compute
from nova.api.openstack import common
from nova.api.openstack import wsgi
from nova.api.openstack.compute.contrib import cloudpipe
from nova import context
from nova import db
from nova import flags
from nova import test
from nova.tests.api.openstack import fakes
from nova.tests import fake_network
from nova import utils
EMPTY_INSTANCE_LIST = True
FLAGS = flags.FLAGS
class FakeProject(object):
def __init__(self, id, name, manager, desc, members, ip, port):
self.id = id
self.name = name
self.project_manager_id = manager
self.description = desc
self.member_ids = members
self.vpn_ip = ip
self.vpn_port = port
def fake_vpn_instance():
return {'id': 7, 'image_id': FLAGS.vpn_image_id, 'vm_state': 'active',
return {'id': 7, 'image_ref': FLAGS.vpn_image_id, 'vm_state': 'active',
'created_at': utils.parse_strtime('1981-10-20T00:00:00.000000'),
'uuid': 7777}
'uuid': 7777, 'project_id': 'fake'}
def fake_vpn_instance_low_id():
return {'id': 4, 'image_id': FLAGS.vpn_image_id, 'vm_state': 'active',
'created_at': utils.parse_strtime('1981-10-20T00:00:00.000000')}
def compute_api_get_all_empty(context):
return []
def fake_project():
proj = FakeProject(1, '1', 'fakeuser', '', [1], '127.0.0.1', 22)
return proj
def db_instance_get_all_by_project(self, project_id):
if EMPTY_INSTANCE_LIST:
return []
else:
def compute_api_get_all(context):
return [fake_vpn_instance()]
@ -74,112 +50,88 @@ def db_security_group_exists(context, project_id, group_name):
return True
def pipelib_launch_vpn_instance(self, project_id, user_id):
global EMPTY_INSTANCE_LIST
EMPTY_INSTANCE_LIST = False
def auth_manager_get_project(self, project_id):
return fake_project()
def auth_manager_get_projects(self):
return [fake_project()]
def utils_vpn_ping(addr, port, timoeout=0.05, session_id=None):
return True
def better_not_call_this(*args, **kwargs):
raise Exception("You should not have done that")
class FakeAuthManager(object):
def get_projects(self):
return [fake_project()]
def get_project(self, project_id):
return fake_project()
class CloudpipeTest(test.TestCase):
def setUp(self):
super(CloudpipeTest, self).setUp()
self.app = fakes.wsgi_app()
inner_app = compute.APIRouter()
self.context = context.RequestContext('fake', 'fake', is_admin=True)
self.app = auth.InjectContext(self.context, inner_app)
route = inner_app.map.match('/1234/os-cloudpipe')
self.controller = route['controller'].controller
fakes.stub_out_networking(self.stubs)
fakes.stub_out_rate_limiting(self.stubs)
self.stubs.Set(db, "instance_get_all_by_project",
db_instance_get_all_by_project)
self.controller = cloudpipe.CloudpipeController()
self.stubs.Set(self.controller.compute_api, "get_all",
compute_api_get_all_empty)
self.stubs.Set(db, "security_group_exists",
db_security_group_exists)
self.stubs.SmartSet(self.controller.cloudpipe, "launch_vpn_instance",
pipelib_launch_vpn_instance)
#self.stubs.SmartSet(self.controller.auth_manager, "get_project",
# auth_manager_get_project)
#self.stubs.SmartSet(self.controller.auth_manager, "get_projects",
# auth_manager_get_projects)
# NOTE(todd): The above code (just setting the stub, not invoking it)
# causes failures in AuthManagerLdapTestCase. So use a fake object.
self.controller.auth_manager = FakeAuthManager()
self.stubs.Set(utils, 'vpn_ping', utils_vpn_ping)
global EMPTY_INSTANCE_LIST
EMPTY_INSTANCE_LIST = True
def test_cloudpipe_list_none_running(self):
"""Should still get an entry per-project, just less descriptive."""
req = webob.Request.blank('/fake/os-cloudpipe')
res = req.get_response(self.app)
self.assertEqual(res.status_int, 200)
res_dict = json.loads(res.body)
response = {'cloudpipes': [{'project_id': 1, 'public_ip': '127.0.0.1',
'public_port': 22, 'state': 'pending'}]}
def test_cloudpipe_list_no_network(self):
def common_get_nw_info_for_instance(context, instance):
return {}
self.stubs.Set(common, "get_nw_info_for_instance",
common_get_nw_info_for_instance)
self.stubs.Set(self.controller.compute_api, "get_all",
compute_api_get_all)
req = fakes.HTTPRequest.blank('/v2/fake/os-cloudpipe')
res_dict = self.controller.index(req)
response = {'cloudpipes': [{'project_id': 'fake',
'instance_id': 7777,
'created_at': '1981-10-20T00:00:00Z'}]}
self.assertEqual(res_dict, response)
def test_cloudpipe_list(self):
global EMPTY_INSTANCE_LIST
EMPTY_INSTANCE_LIST = False
req = webob.Request.blank('/fake/os-cloudpipe')
res = req.get_response(self.app)
self.assertEqual(res.status_int, 200)
res_dict = json.loads(res.body)
response = {'cloudpipes': [{'project_id': 1, 'public_ip': '127.0.0.1',
'public_port': 22, 'state': 'running',
'instance_id': 7777,
'created_at': '1981-10-20T00:00:00Z'}]}
self.assertEqual(res_dict, response)
def network_api_get(context, network_id):
return {'vpn_public_address': '127.0.0.1',
'vpn_public_port': 22}
def common_get_nw_info_for_instance(context, instance):
return fake_network.fake_get_instance_nw_info(self.stubs,
spectacular=True)
self.stubs.Set(common, "get_nw_info_for_instance",
common_get_nw_info_for_instance)
self.stubs.Set(self.controller.network_api, "get",
network_api_get)
self.stubs.Set(self.controller.compute_api, "get_all",
compute_api_get_all)
req = fakes.HTTPRequest.blank('/v2/fake/os-cloudpipe')
res_dict = self.controller.index(req)
response = {'cloudpipes': [{'project_id': 'fake',
'internal_ip': '192.168.1.100',
'public_ip': '127.0.0.1',
'public_port': 22,
'state': 'running',
'instance_id': 7777,
'created_at': '1981-10-20T00:00:00Z'}]}
self.assertDictEqual(res_dict, response)
def test_cloudpipe_create(self):
def launch_vpn_instance(context):
return ([fake_vpn_instance()], 'fake-reservation')
self.stubs.Set(self.controller.cloudpipe, 'launch_vpn_instance',
launch_vpn_instance)
body = {'cloudpipe': {'project_id': 1}}
req = webob.Request.blank('/fake/os-cloudpipe')
req.method = 'POST'
req.body = json.dumps(body)
req.headers['Content-Type'] = 'application/json'
res = req.get_response(self.app)
self.assertEqual(res.status_int, 200)
res_dict = json.loads(res.body)
req = fakes.HTTPRequest.blank('/v2/fake/os-cloudpipe')
res_dict = self.controller.create(req, body)
response = {'instance_id': 7777}
self.assertEqual(res_dict, response)
def test_cloudpipe_create_already_running(self):
global EMPTY_INSTANCE_LIST
EMPTY_INSTANCE_LIST = False
self.stubs.SmartSet(self.controller.cloudpipe, 'launch_vpn_instance',
better_not_call_this)
def launch_vpn_instance(*args, **kwargs):
self.fail("Method should not have been called")
self.stubs.Set(self.controller.cloudpipe, 'launch_vpn_instance',
launch_vpn_instance)
self.stubs.Set(self.controller.compute_api, "get_all",
compute_api_get_all)
body = {'cloudpipe': {'project_id': 1}}
req = webob.Request.blank('/fake/os-cloudpipe')
req.method = 'POST'
req.body = json.dumps(body)
req.headers['Content-Type'] = 'application/json'
res = req.get_response(self.app)
self.assertEqual(res.status_int, 200)
res_dict = json.loads(res.body)
req = fakes.HTTPRequest.blank('/v2/fake/os-cloudpipe')
res_dict = self.controller.create(req, body)
response = {'instance_id': 7777}
self.assertEqual(res_dict, response)

10
nova/tests/test_db_api.py
View File

@ -58,16 +58,6 @@ class DbApiTestCase(test.TestCase):
self.project_id = 'fake'
self.context = context.RequestContext(self.user_id, self.project_id)
def test_instance_get_project_vpn(self):
values = {'instance_type_id': FLAGS.default_instance_type,
'image_ref': FLAGS.vpn_image_id,
'project_id': self.project_id,
}
instance = db.instance_create(self.context, values)
result = db.instance_get_project_vpn(self.context.elevated(),
self.project_id)
self.assertEqual(instance['id'], result['id'])
def test_instance_get_all_by_filters(self):
args = {'reservation_id': 'a', 'image_ref': 1, 'host': 'host1'}
inst1 = db.instance_create(self.context, args)