Browse Source

Add heat_launcher module to help launch heat-all

This module contains several classes to help launch heat-all
on:

 -baremetal (requires the heat-all binary to be installed locally)

 -docker containers

These classes will be use to help drive the new Undercloud
installer with Heat.

Change-Id: I1d6e6ef34af4c4671cc32d880c04b307895604fa
Co-Authored-By: Ian Main <imain@redhat.com>
changes/30/427530/4
Dan Prince 5 years ago
parent
commit
b999d83100
  1. 177
      tripleoclient/heat_launcher.py
  2. 93
      tripleoclient/noauth_policy.json

177
tripleoclient/heat_launcher.py

@ -0,0 +1,177 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
from __future__ import print_function
import os
import signal
import subprocess
import tempfile
class HeatBaseLauncher(object):
# The init function will need permission to touch these files
# and chown them accordingly for the heat user
def __init__(self, api_port, ks_port, container_image, user='heat'):
self.api_port = api_port
self.ks_port = ks_port
self.policy_file = os.path.join(os.path.dirname(__file__),
'noauth_policy.json')
self.install_tmp = tempfile.mkdtemp(prefix='undercloud_deploy-')
self.container_image = container_image
self.user = user
self.sql_db = os.path.join(self.install_tmp, 'heat.sqlite')
self.log_file = os.path.join(self.install_tmp, 'heat.log')
self.config_file = os.path.join(self.install_tmp, 'heat.conf')
self._write_heat_config(self.config_file,
self.sql_db,
self.log_file,
api_port,
ks_port,
self.policy_file)
uid = int(self.get_heat_uid())
gid = int(self.get_heat_gid())
os.chown(self.install_tmp, uid, gid)
os.chown(self.config_file, uid, gid)
def _write_heat_config(self, config_file, sqlite_db, log_file, api_port,
ks_port, policy_file):
heat_config = '''
[DEFAULT]
log_file = %(log_file)s
rpc_backend = fake
rpc_poll_timeout = 60
rpc_response_timeout = 600
deferred_auth_method = password
num_engine_workers=1
convergence_engine = false
default_deployment_signal_transport = HEAT_SIGNAL
max_nested_stack_depth = 6
[heat_all]
enabled_services = api,engine
[heat_api]
workers = 1
bind_host = 127.0.0.1
bind_port = %(api_port)s
[database]
connection = sqlite:///%(sqlite_db)s.db
[paste_deploy]
flavor = noauth
api_paste_config = /usr/share/heat/api-paste-dist.ini
[oslo_policy]
policy_file = %(policy_file)s
[clients_keystone]
auth_uri=http://127.0.0.1:%(ks_port)s
[keystone_authtoken]
auth_type = password
auth_url=http://127.0.0.1:%(ks_port)s
[yaql]
memory_quota=900000
limit_iterators=9000
''' % {'sqlite_db': sqlite_db, 'log_file': log_file,
'api_port': api_port, 'ks_port': ks_port,
'policy_file': policy_file}
with open(config_file, 'w') as temp_file:
temp_file.write(heat_config)
class HeatDockerLauncher(HeatBaseLauncher):
def __init__(self, api_port, ks_port, container_image, user='heat'):
super(HeatDockerLauncher, self).__init__(api_port, ks_port,
container_image, user)
def launch_heat(self):
subprocess.check_call(
['docker', 'run',
'--name', 'heat_all',
'--user', self.user,
'--net', 'host',
'--volume', '%(conf)s:/etc/heat/heat.conf' % {'conf':
self.config_file},
'--volume', '%(inst_tmp)s:%(inst_tmp)s:rw' % {'inst_tmp':
self.install_tmp},
'--volume', '%(pfile)s:%(pfile)s:ro' % {'pfile':
self.policy_file},
self.container_image, 'heat-all'])
def heat_db_sync(self):
subprocess.check_call([
'docker', 'run',
'--user', self.user,
'--volume', '%(conf)s:/etc/heat/heat.conf' % {'conf':
self.config_file},
'--volume', '%(inst_tmp)s:%(inst_tmp)s:rw' % {'inst_tmp':
self.install_tmp},
self.container_image,
'heat-manage', 'db_sync'])
def get_heat_uid(self):
p = subprocess.Popen([
'docker', 'run',
self.container_image,
'getent', 'passwd', '|', 'grep', self.user],
stdout=subprocess.PIPE)
return p.communicate()[0].rstrip().split(':')[2]
def get_heat_gid(self):
p = subprocess.Popen([
'docker', 'run',
self.container_image,
'getent', 'group', '|', 'grep', self.user],
stdout=subprocess.PIPE)
return p.communicate()[0].rstrip().split(':')[2]
def kill_heat(self, pid):
subprocess.check_call(['docker', 'rm', '-f', 'heat_all'])
class HeatNativeLauncher(HeatBaseLauncher):
def __init__(self, api_port, ks_port, container_image, user='heat'):
super(HeatNativeLauncher, self).__init__(api_port, ks_port,
container_image, user)
def launch_heat(self):
os.execvp('heat-all', ['heat-all', '--config-file', self.config_file])
def heat_db_sync(self):
subprocess.check_call(['heat-manage', '--config-file',
self.config_file, 'db_sync'])
def get_heat_uid(self):
p = subprocess.Popen(["getent", "passwd", "|", "grep", "heat"],
stdout=subprocess.PIPE)
return p.communicate()[0].rstrip().split(':')[2]
def get_heat_gid(self):
p = subprocess.Popen(["getent", "group", "|", "grep", "heat"],
stdout=subprocess.PIPE)
return p.communicate()[0].rstrip().split(':')[2]
def kill_heat(self, pid):
os.kill(pid, signal.SIGKILL)

93
tripleoclient/noauth_policy.json

@ -0,0 +1,93 @@
{
"context_is_admin": "@",
"deny_stack_user": "@",
"deny_everybody": "@",
"cloudformation:ListStacks": "rule:deny_stack_user",
"cloudformation:CreateStack": "rule:deny_stack_user",
"cloudformation:DescribeStacks": "rule:deny_stack_user",
"cloudformation:DeleteStack": "rule:deny_stack_user",
"cloudformation:UpdateStack": "rule:deny_stack_user",
"cloudformation:CancelUpdateStack": "rule:deny_stack_user",
"cloudformation:DescribeStackEvents": "rule:deny_stack_user",
"cloudformation:ValidateTemplate": "rule:deny_stack_user",
"cloudformation:GetTemplate": "rule:deny_stack_user",
"cloudformation:EstimateTemplateCost": "rule:deny_stack_user",
"cloudformation:DescribeStackResource": "",
"cloudformation:DescribeStackResources": "rule:deny_stack_user",
"cloudformation:ListStackResources": "rule:deny_stack_user",
"cloudwatch:DeleteAlarms": "rule:deny_stack_user",
"cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user",
"cloudwatch:DescribeAlarms": "rule:deny_stack_user",
"cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user",
"cloudwatch:DisableAlarmActions": "rule:deny_stack_user",
"cloudwatch:EnableAlarmActions": "rule:deny_stack_user",
"cloudwatch:GetMetricStatistics": "rule:deny_stack_user",
"cloudwatch:ListMetrics": "rule:deny_stack_user",
"cloudwatch:PutMetricAlarm": "rule:deny_stack_user",
"cloudwatch:PutMetricData": "",
"cloudwatch:SetAlarmState": "rule:deny_stack_user",
"actions:action": "rule:deny_stack_user",
"build_info:build_info": "rule:deny_stack_user",
"events:index": "rule:deny_stack_user",
"events:show": "rule:deny_stack_user",
"resource:index": "rule:deny_stack_user",
"resource:metadata": "",
"resource:signal": "",
"resource:mark_unhealthy": "rule:deny_stack_user",
"resource:show": "rule:deny_stack_user",
"stacks:abandon": "rule:deny_stack_user",
"stacks:create": "rule:deny_stack_user",
"stacks:delete": "rule:deny_stack_user",
"stacks:detail": "rule:deny_stack_user",
"stacks:export": "rule:deny_stack_user",
"stacks:generate_template": "rule:deny_stack_user",
"stacks:global_index": "rule:deny_everybody",
"stacks:index": "rule:deny_stack_user",
"stacks:list_resource_types": "rule:deny_stack_user",
"stacks:list_template_versions": "rule:deny_stack_user",
"stacks:list_template_functions": "rule:deny_stack_user",
"stacks:lookup": "",
"stacks:preview": "rule:deny_stack_user",
"stacks:resource_schema": "rule:deny_stack_user",
"stacks:show": "rule:deny_stack_user",
"stacks:template": "rule:deny_stack_user",
"stacks:environment": "rule:deny_stack_user",
"stacks:files": "rule:deny_stack_user",
"stacks:update": "rule:deny_stack_user",
"stacks:update_patch": "rule:deny_stack_user",
"stacks:preview_update": "rule:deny_stack_user",
"stacks:preview_update_patch": "rule:deny_stack_user",
"stacks:validate_template": "rule:deny_stack_user",
"stacks:snapshot": "rule:deny_stack_user",
"stacks:show_snapshot": "rule:deny_stack_user",
"stacks:delete_snapshot": "rule:deny_stack_user",
"stacks:list_snapshots": "rule:deny_stack_user",
"stacks:restore_snapshot": "rule:deny_stack_user",
"stacks:list_outputs": "rule:deny_stack_user",
"stacks:show_output": "rule:deny_stack_user",
"software_configs:global_index": "rule:deny_everybody",
"software_configs:index": "rule:deny_stack_user",
"software_configs:create": "rule:deny_stack_user",
"software_configs:show": "rule:deny_stack_user",
"software_configs:delete": "rule:deny_stack_user",
"software_deployments:index": "rule:deny_stack_user",
"software_deployments:create": "rule:deny_stack_user",
"software_deployments:show": "rule:deny_stack_user",
"software_deployments:update": "rule:deny_stack_user",
"software_deployments:delete": "rule:deny_stack_user",
"software_deployments:metadata": "",
"service:index": "rule:context_is_admin",
"resource_types:OS::Nova::Flavor": "rule:context_is_admin",
"resource_types:OS::Cinder::EncryptedVolumeType": "rule:context_is_admin",
"resource_types:OS::Cinder::VolumeType": "rule:context_is_admin",
"resource_types:OS::Manila::ShareType": "rule:context_is_admin",
"resource_types:OS::Neutron::QoSPolicy": "rule:context_is_admin",
"resource_types:OS::Neutron::QoSBandwidthLimitRule": "rule:context_is_admin",
"resource_types:OS::Nova::HostAggregate": "rule:context_is_admin"
}
Loading…
Cancel
Save