nova driver authentication
Change-Id: I321660750809128b9acf67341010d335a39e5eea
This commit is contained in:
parent
7c26c22829
commit
48981612af
|
@ -499,17 +499,15 @@ mgmt_driver = noop
|
|||
|
||||
[servicevm_nova]
|
||||
# parameters for novaclient to talk to nova
|
||||
#project_id =
|
||||
#auth_url =
|
||||
#user_name =
|
||||
#api_key =
|
||||
#ca_file =
|
||||
#insecure =
|
||||
region_name = RegionOne
|
||||
project_domain_id = default
|
||||
project_name = service
|
||||
user_domain_id = default
|
||||
password = service-password
|
||||
username = nova
|
||||
auth_url = http://127.0.0.1:35357
|
||||
auth_plugin = password
|
||||
|
||||
project_id = admin
|
||||
auth_url = http://198.175.107.121:5000/v2.0
|
||||
user_name = admin
|
||||
api_key = admin-password
|
||||
|
||||
[servicevm_agent]
|
||||
# VM agent requires that an interface driver be set. Choose the one that best
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import oslo_i18n
|
||||
|
||||
_translators = oslo_i18n.TranslatorFactory(domain='tacker')
|
||||
|
||||
# The primary translation function using the well-known name "_"
|
||||
_ = _translators.primary
|
||||
|
||||
# Translators for log levels.
|
||||
#
|
||||
# The abbreviated names are meant to reflect the usual use of a short
|
||||
# name like '_'. The "L" is for "log" and the other letter comes from
|
||||
# the level.
|
||||
_LI = _translators.log_info
|
||||
_LW = _translators.log_warning
|
||||
_LE = _translators.log_error
|
||||
_LC = _translators.log_critical
|
|
@ -22,68 +22,92 @@
|
|||
|
||||
import time
|
||||
|
||||
from keystoneclient import auth as ks_auth
|
||||
from keystoneclient.auth.identity import v2 as v2_auth
|
||||
from keystoneclient import session as ks_session
|
||||
from oslo_config import cfg
|
||||
|
||||
from tacker.api.v1 import attributes
|
||||
from tacker.i18n import _LW
|
||||
from tacker.openstack.common import log as logging
|
||||
from tacker.vm.drivers import abstract_driver
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
OPTS = [
|
||||
cfg.StrOpt('project-id', default='',
|
||||
help=_('project id used '
|
||||
'by nova driver of service vm extension')),
|
||||
cfg.StrOpt('auth-url', default='http://0.0.0.0:5000/v2.0',
|
||||
help=_('auth URL used by nova driver of service vm extension')),
|
||||
cfg.StrOpt('user-name', default='',
|
||||
help=_('user name used '
|
||||
'by nova driver of service vm extension')),
|
||||
cfg.StrOpt('api-key', default='',
|
||||
help=_('api-key used by nova driver of service vm extension')),
|
||||
cfg.StrOpt('ca-file',
|
||||
help=_('Optional CA cert file for nova driver to use in SSL'
|
||||
' connections ')),
|
||||
cfg.BoolOpt('insecure', default=False,
|
||||
help=_("If set then the server's certificate will not "
|
||||
"be verified by nova driver")),
|
||||
]
|
||||
CONF = cfg.CONF
|
||||
CONF.register_opts(OPTS, group='servicevm_nova')
|
||||
NOVA_API_VERSION = "2"
|
||||
SERVICEVM_NOVA_CONF_SECTION = 'servicevm_nova'
|
||||
ks_session.Session.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION)
|
||||
ks_auth.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION)
|
||||
OPTS = [
|
||||
cfg.StrOpt('region_name',
|
||||
help=_('Name of nova region to use. Useful if keystone manages'
|
||||
' more than one region.')),
|
||||
]
|
||||
CONF.register_opts(OPTS, group=SERVICEVM_NOVA_CONF_SECTION)
|
||||
_NICS = 'nics' # converted by novaclient => 'networks'
|
||||
_NET_ID = 'net-id' # converted by novaclient => 'uuid'
|
||||
_PORT_ID = 'port-id' # converted by novaclient => 'port'
|
||||
_FILES = 'files'
|
||||
|
||||
|
||||
class DefaultAuthPlugin(v2_auth.Password):
|
||||
"""A wrapper around standard v2 user/pass to handle bypass url.
|
||||
|
||||
This is only necessary because novaclient doesn't support endpoint_override
|
||||
yet - bug #1403329.
|
||||
|
||||
When this bug is fixed we can pass the endpoint_override to the client
|
||||
instead and remove this class.
|
||||
"""
|
||||
|
||||
def __init__(self, **kwargs):
|
||||
self._endpoint_override = kwargs.pop('endpoint_override', None)
|
||||
super(DefaultAuthPlugin, self).__init__(**kwargs)
|
||||
|
||||
def get_endpoint(self, session, **kwargs):
|
||||
if self._endpoint_override:
|
||||
return self._endpoint_override
|
||||
|
||||
return super(DefaultAuthPlugin, self).get_endpoint(session, **kwargs)
|
||||
|
||||
|
||||
class DeviceNova(abstract_driver.DeviceAbstractDriver):
|
||||
|
||||
"""Nova driver of hosting device."""
|
||||
|
||||
def __init__(self):
|
||||
super(DeviceNova, self).__init__()
|
||||
# avoid circular import
|
||||
from novaclient import client
|
||||
from novaclient import shell
|
||||
self._novaclient = client
|
||||
self._novashell = shell
|
||||
|
||||
def _nova_client(self, token=None):
|
||||
computeshell = self._novashell.OpenStackComputeShell()
|
||||
extensions = computeshell._discover_extensions("1.1")
|
||||
auth = ks_auth.load_from_conf_options(cfg.CONF,
|
||||
SERVICEVM_NOVA_CONF_SECTION)
|
||||
endpoint_override = None
|
||||
|
||||
kwargs = {
|
||||
'project_id': CONF.servicevm_nova.project_id,
|
||||
'auth_url': CONF.servicevm_nova.auth_url,
|
||||
'service_type': 'compute',
|
||||
'username': CONF.servicevm_nova.user_name,
|
||||
'api_key': CONF.servicevm_nova.api_key,
|
||||
'extensions': extensions,
|
||||
'cacert': CONF.servicevm_nova.ca_file,
|
||||
'insecure': CONF.servicevm_nova.insecure,
|
||||
# 'http_log_debug': True,
|
||||
}
|
||||
if token:
|
||||
kwargs['token'] = token
|
||||
LOG.debug(_('kwargs %s'), kwargs)
|
||||
return self._novaclient.Client("1.1", **kwargs)
|
||||
if not auth:
|
||||
LOG.warning(_LW('Authenticating to nova using nova_admin_* options'
|
||||
' is deprecated. This should be done using'
|
||||
' an auth plugin, like password'))
|
||||
|
||||
if cfg.CONF.nova_admin_tenant_id:
|
||||
endpoint_override = "%s/%s" % (cfg.CONF.nova_url,
|
||||
cfg.CONF.nova_admin_tenant_id)
|
||||
|
||||
auth = DefaultAuthPlugin(
|
||||
auth_url=cfg.CONF.nova_admin_auth_url,
|
||||
username=cfg.CONF.nova_admin_username,
|
||||
password=cfg.CONF.nova_admin_password,
|
||||
tenant_id=cfg.CONF.nova_admin_tenant_id,
|
||||
tenant_name=cfg.CONF.nova_admin_tenant_name,
|
||||
endpoint_override=endpoint_override)
|
||||
|
||||
session = ks_session.Session.load_from_conf_options(
|
||||
cfg.CONF, SERVICEVM_NOVA_CONF_SECTION, auth=auth)
|
||||
novaclient_cls = self._novaclient.get_client_class(NOVA_API_VERSION)
|
||||
return novaclient_cls(session=session,
|
||||
region_name=cfg.CONF.servicevm_nova.region_name)
|
||||
|
||||
def get_type(self):
|
||||
return 'nova'
|
||||
|
|
Loading…
Reference in New Issue