Browse Source

nova driver authentication

Change-Id: I321660750809128b9acf67341010d335a39e5eea
changes/89/173189/1
Isaku Yamahata 7 years ago
parent
commit
48981612af
  1. 20
      etc/tacker/tacker.conf
  2. 30
      tacker/i18n.py
  3. 100
      tacker/vm/drivers/nova/nova.py

20
etc/tacker/tacker.conf

@ -499,17 +499,15 @@ mgmt_driver = noop
[servicevm_nova]
# parameters for novaclient to talk to nova
#project_id =
#auth_url =
#user_name =
#api_key =
#ca_file =
#insecure =
project_id = admin
auth_url = http://198.175.107.121:5000/v2.0
user_name = admin
api_key = admin-password
region_name = RegionOne
project_domain_id = default
project_name = service
user_domain_id = default
password = service-password
username = nova
auth_url = http://127.0.0.1:35357
auth_plugin = password
[servicevm_agent]
# VM agent requires that an interface driver be set. Choose the one that best

30
tacker/i18n.py

@ -0,0 +1,30 @@
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import oslo_i18n
_translators = oslo_i18n.TranslatorFactory(domain='tacker')
# The primary translation function using the well-known name "_"
_ = _translators.primary
# Translators for log levels.
#
# The abbreviated names are meant to reflect the usual use of a short
# name like '_'. The "L" is for "log" and the other letter comes from
# the level.
_LI = _translators.log_info
_LW = _translators.log_warning
_LE = _translators.log_error
_LC = _translators.log_critical

100
tacker/vm/drivers/nova/nova.py

@ -22,68 +22,92 @@
import time
from keystoneclient import auth as ks_auth
from keystoneclient.auth.identity import v2 as v2_auth
from keystoneclient import session as ks_session
from oslo_config import cfg
from tacker.api.v1 import attributes
from tacker.i18n import _LW
from tacker.openstack.common import log as logging
from tacker.vm.drivers import abstract_driver
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
NOVA_API_VERSION = "2"
SERVICEVM_NOVA_CONF_SECTION = 'servicevm_nova'
ks_session.Session.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION)
ks_auth.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION)
OPTS = [
cfg.StrOpt('project-id', default='',
help=_('project id used '
'by nova driver of service vm extension')),
cfg.StrOpt('auth-url', default='http://0.0.0.0:5000/v2.0',
help=_('auth URL used by nova driver of service vm extension')),
cfg.StrOpt('user-name', default='',
help=_('user name used '
'by nova driver of service vm extension')),
cfg.StrOpt('api-key', default='',
help=_('api-key used by nova driver of service vm extension')),
cfg.StrOpt('ca-file',
help=_('Optional CA cert file for nova driver to use in SSL'
' connections ')),
cfg.BoolOpt('insecure', default=False,
help=_("If set then the server's certificate will not "
"be verified by nova driver")),
cfg.StrOpt('region_name',
help=_('Name of nova region to use. Useful if keystone manages'
' more than one region.')),
]
CONF = cfg.CONF
CONF.register_opts(OPTS, group='servicevm_nova')
CONF.register_opts(OPTS, group=SERVICEVM_NOVA_CONF_SECTION)
_NICS = 'nics' # converted by novaclient => 'networks'
_NET_ID = 'net-id' # converted by novaclient => 'uuid'
_PORT_ID = 'port-id' # converted by novaclient => 'port'
_FILES = 'files'
class DefaultAuthPlugin(v2_auth.Password):
"""A wrapper around standard v2 user/pass to handle bypass url.
This is only necessary because novaclient doesn't support endpoint_override
yet - bug #1403329.
When this bug is fixed we can pass the endpoint_override to the client
instead and remove this class.
"""
def __init__(self, **kwargs):
self._endpoint_override = kwargs.pop('endpoint_override', None)
super(DefaultAuthPlugin, self).__init__(**kwargs)
def get_endpoint(self, session, **kwargs):
if self._endpoint_override:
return self._endpoint_override
return super(DefaultAuthPlugin, self).get_endpoint(session, **kwargs)
class DeviceNova(abstract_driver.DeviceAbstractDriver):
"""Nova driver of hosting device."""
def __init__(self):
super(DeviceNova, self).__init__()
# avoid circular import
from novaclient import client
from novaclient import shell
self._novaclient = client
self._novashell = shell
def _nova_client(self, token=None):
computeshell = self._novashell.OpenStackComputeShell()
extensions = computeshell._discover_extensions("1.1")
kwargs = {
'project_id': CONF.servicevm_nova.project_id,
'auth_url': CONF.servicevm_nova.auth_url,
'service_type': 'compute',
'username': CONF.servicevm_nova.user_name,
'api_key': CONF.servicevm_nova.api_key,
'extensions': extensions,
'cacert': CONF.servicevm_nova.ca_file,
'insecure': CONF.servicevm_nova.insecure,
# 'http_log_debug': True,
}
if token:
kwargs['token'] = token
LOG.debug(_('kwargs %s'), kwargs)
return self._novaclient.Client("1.1", **kwargs)
auth = ks_auth.load_from_conf_options(cfg.CONF,
SERVICEVM_NOVA_CONF_SECTION)
endpoint_override = None
if not auth:
LOG.warning(_LW('Authenticating to nova using nova_admin_* options'
' is deprecated. This should be done using'
' an auth plugin, like password'))
if cfg.CONF.nova_admin_tenant_id:
endpoint_override = "%s/%s" % (cfg.CONF.nova_url,
cfg.CONF.nova_admin_tenant_id)
auth = DefaultAuthPlugin(
auth_url=cfg.CONF.nova_admin_auth_url,
username=cfg.CONF.nova_admin_username,
password=cfg.CONF.nova_admin_password,
tenant_id=cfg.CONF.nova_admin_tenant_id,
tenant_name=cfg.CONF.nova_admin_tenant_name,
endpoint_override=endpoint_override)
session = ks_session.Session.load_from_conf_options(
cfg.CONF, SERVICEVM_NOVA_CONF_SECTION, auth=auth)
novaclient_cls = self._novaclient.get_client_class(NOVA_API_VERSION)
return novaclient_cls(session=session,
region_name=cfg.CONF.servicevm_nova.region_name)
def get_type(self):
return 'nova'

Loading…
Cancel
Save