nova driver authentication
Change-Id: I321660750809128b9acf67341010d335a39e5eea
This commit is contained in:
parent
7c26c22829
commit
48981612af
|
@ -499,17 +499,15 @@ mgmt_driver = noop
|
||||||
|
|
||||||
[servicevm_nova]
|
[servicevm_nova]
|
||||||
# parameters for novaclient to talk to nova
|
# parameters for novaclient to talk to nova
|
||||||
#project_id =
|
region_name = RegionOne
|
||||||
#auth_url =
|
project_domain_id = default
|
||||||
#user_name =
|
project_name = service
|
||||||
#api_key =
|
user_domain_id = default
|
||||||
#ca_file =
|
password = service-password
|
||||||
#insecure =
|
username = nova
|
||||||
|
auth_url = http://127.0.0.1:35357
|
||||||
|
auth_plugin = password
|
||||||
|
|
||||||
project_id = admin
|
|
||||||
auth_url = http://198.175.107.121:5000/v2.0
|
|
||||||
user_name = admin
|
|
||||||
api_key = admin-password
|
|
||||||
|
|
||||||
[servicevm_agent]
|
[servicevm_agent]
|
||||||
# VM agent requires that an interface driver be set. Choose the one that best
|
# VM agent requires that an interface driver be set. Choose the one that best
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import oslo_i18n
|
||||||
|
|
||||||
|
_translators = oslo_i18n.TranslatorFactory(domain='tacker')
|
||||||
|
|
||||||
|
# The primary translation function using the well-known name "_"
|
||||||
|
_ = _translators.primary
|
||||||
|
|
||||||
|
# Translators for log levels.
|
||||||
|
#
|
||||||
|
# The abbreviated names are meant to reflect the usual use of a short
|
||||||
|
# name like '_'. The "L" is for "log" and the other letter comes from
|
||||||
|
# the level.
|
||||||
|
_LI = _translators.log_info
|
||||||
|
_LW = _translators.log_warning
|
||||||
|
_LE = _translators.log_error
|
||||||
|
_LC = _translators.log_critical
|
|
@ -22,68 +22,92 @@
|
||||||
|
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
from keystoneclient import auth as ks_auth
|
||||||
|
from keystoneclient.auth.identity import v2 as v2_auth
|
||||||
|
from keystoneclient import session as ks_session
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
|
||||||
from tacker.api.v1 import attributes
|
from tacker.api.v1 import attributes
|
||||||
|
from tacker.i18n import _LW
|
||||||
from tacker.openstack.common import log as logging
|
from tacker.openstack.common import log as logging
|
||||||
from tacker.vm.drivers import abstract_driver
|
from tacker.vm.drivers import abstract_driver
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
OPTS = [
|
|
||||||
cfg.StrOpt('project-id', default='',
|
|
||||||
help=_('project id used '
|
|
||||||
'by nova driver of service vm extension')),
|
|
||||||
cfg.StrOpt('auth-url', default='http://0.0.0.0:5000/v2.0',
|
|
||||||
help=_('auth URL used by nova driver of service vm extension')),
|
|
||||||
cfg.StrOpt('user-name', default='',
|
|
||||||
help=_('user name used '
|
|
||||||
'by nova driver of service vm extension')),
|
|
||||||
cfg.StrOpt('api-key', default='',
|
|
||||||
help=_('api-key used by nova driver of service vm extension')),
|
|
||||||
cfg.StrOpt('ca-file',
|
|
||||||
help=_('Optional CA cert file for nova driver to use in SSL'
|
|
||||||
' connections ')),
|
|
||||||
cfg.BoolOpt('insecure', default=False,
|
|
||||||
help=_("If set then the server's certificate will not "
|
|
||||||
"be verified by nova driver")),
|
|
||||||
]
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
CONF.register_opts(OPTS, group='servicevm_nova')
|
NOVA_API_VERSION = "2"
|
||||||
|
SERVICEVM_NOVA_CONF_SECTION = 'servicevm_nova'
|
||||||
|
ks_session.Session.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION)
|
||||||
|
ks_auth.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION)
|
||||||
|
OPTS = [
|
||||||
|
cfg.StrOpt('region_name',
|
||||||
|
help=_('Name of nova region to use. Useful if keystone manages'
|
||||||
|
' more than one region.')),
|
||||||
|
]
|
||||||
|
CONF.register_opts(OPTS, group=SERVICEVM_NOVA_CONF_SECTION)
|
||||||
_NICS = 'nics' # converted by novaclient => 'networks'
|
_NICS = 'nics' # converted by novaclient => 'networks'
|
||||||
_NET_ID = 'net-id' # converted by novaclient => 'uuid'
|
_NET_ID = 'net-id' # converted by novaclient => 'uuid'
|
||||||
_PORT_ID = 'port-id' # converted by novaclient => 'port'
|
_PORT_ID = 'port-id' # converted by novaclient => 'port'
|
||||||
_FILES = 'files'
|
_FILES = 'files'
|
||||||
|
|
||||||
|
|
||||||
|
class DefaultAuthPlugin(v2_auth.Password):
|
||||||
|
"""A wrapper around standard v2 user/pass to handle bypass url.
|
||||||
|
|
||||||
|
This is only necessary because novaclient doesn't support endpoint_override
|
||||||
|
yet - bug #1403329.
|
||||||
|
|
||||||
|
When this bug is fixed we can pass the endpoint_override to the client
|
||||||
|
instead and remove this class.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def __init__(self, **kwargs):
|
||||||
|
self._endpoint_override = kwargs.pop('endpoint_override', None)
|
||||||
|
super(DefaultAuthPlugin, self).__init__(**kwargs)
|
||||||
|
|
||||||
|
def get_endpoint(self, session, **kwargs):
|
||||||
|
if self._endpoint_override:
|
||||||
|
return self._endpoint_override
|
||||||
|
|
||||||
|
return super(DefaultAuthPlugin, self).get_endpoint(session, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
class DeviceNova(abstract_driver.DeviceAbstractDriver):
|
class DeviceNova(abstract_driver.DeviceAbstractDriver):
|
||||||
|
|
||||||
"""Nova driver of hosting device."""
|
"""Nova driver of hosting device."""
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
super(DeviceNova, self).__init__()
|
super(DeviceNova, self).__init__()
|
||||||
|
# avoid circular import
|
||||||
from novaclient import client
|
from novaclient import client
|
||||||
from novaclient import shell
|
|
||||||
self._novaclient = client
|
self._novaclient = client
|
||||||
self._novashell = shell
|
|
||||||
|
|
||||||
def _nova_client(self, token=None):
|
def _nova_client(self, token=None):
|
||||||
computeshell = self._novashell.OpenStackComputeShell()
|
auth = ks_auth.load_from_conf_options(cfg.CONF,
|
||||||
extensions = computeshell._discover_extensions("1.1")
|
SERVICEVM_NOVA_CONF_SECTION)
|
||||||
|
endpoint_override = None
|
||||||
|
|
||||||
kwargs = {
|
if not auth:
|
||||||
'project_id': CONF.servicevm_nova.project_id,
|
LOG.warning(_LW('Authenticating to nova using nova_admin_* options'
|
||||||
'auth_url': CONF.servicevm_nova.auth_url,
|
' is deprecated. This should be done using'
|
||||||
'service_type': 'compute',
|
' an auth plugin, like password'))
|
||||||
'username': CONF.servicevm_nova.user_name,
|
|
||||||
'api_key': CONF.servicevm_nova.api_key,
|
if cfg.CONF.nova_admin_tenant_id:
|
||||||
'extensions': extensions,
|
endpoint_override = "%s/%s" % (cfg.CONF.nova_url,
|
||||||
'cacert': CONF.servicevm_nova.ca_file,
|
cfg.CONF.nova_admin_tenant_id)
|
||||||
'insecure': CONF.servicevm_nova.insecure,
|
|
||||||
# 'http_log_debug': True,
|
auth = DefaultAuthPlugin(
|
||||||
}
|
auth_url=cfg.CONF.nova_admin_auth_url,
|
||||||
if token:
|
username=cfg.CONF.nova_admin_username,
|
||||||
kwargs['token'] = token
|
password=cfg.CONF.nova_admin_password,
|
||||||
LOG.debug(_('kwargs %s'), kwargs)
|
tenant_id=cfg.CONF.nova_admin_tenant_id,
|
||||||
return self._novaclient.Client("1.1", **kwargs)
|
tenant_name=cfg.CONF.nova_admin_tenant_name,
|
||||||
|
endpoint_override=endpoint_override)
|
||||||
|
|
||||||
|
session = ks_session.Session.load_from_conf_options(
|
||||||
|
cfg.CONF, SERVICEVM_NOVA_CONF_SECTION, auth=auth)
|
||||||
|
novaclient_cls = self._novaclient.get_client_class(NOVA_API_VERSION)
|
||||||
|
return novaclient_cls(session=session,
|
||||||
|
region_name=cfg.CONF.servicevm_nova.region_name)
|
||||||
|
|
||||||
def get_type(self):
|
def get_type(self):
|
||||||
return 'nova'
|
return 'nova'
|
||||||
|
|
Loading…
Reference in New Issue