openstack
/
tripleo-common
Code Issues Proposed changes
tripleo-common/tripleo_common/utils/plan.py

464 lines
15 KiB
Python
Raw Blame History

# Copyright 2017 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import json
import logging
import os
import re
import requests
import sys
import tempfile
import yaml
from heatclient.common import template_utils
from heatclient import exc as heat_exc
import six
from swiftclient import exceptions as swiftexceptions
from tripleo_common import constants
from tripleo_common.image import kolla_builder
from tripleo_common.utils import passwords as password_utils
from tripleo_common.utils import swift as swiftutils
LOG = logging.getLogger(__name__)
LOG = logging.getLogger(__name__)
def update_in_env(swift, env, key, value='', delete_key=False):
"""Update plan environment."""
if delete_key:
try:
del env[key]
except KeyError:
pass
else:
try:
env[key].update(value)
except (KeyError, AttributeError):
env[key] = value
put_env(swift, env)
return env
def get_env(swift, name):
"""Get plan environment from Swift and convert it to a dictionary."""
env = yaml.safe_load(
swiftutils.get_object_string(swift, name, constants.PLAN_ENVIRONMENT)
)
# Ensure the name is correct, as it will be used to update the
# container later
if env.get('name') != name:
env['name'] = name
return env
def put_env(swift, env):
"""Convert given environment to yaml and upload it to Swift."""
swiftutils.put_object_string(
swift,
env['name'],
constants.PLAN_ENVIRONMENT,
yaml.safe_dump(env, default_flow_style=False)
)
def get_user_env(swift, container_name):
"""Get user environment from Swift convert it to a dictionary."""
return yaml.safe_load(
swiftutils.get_object_string(swift, container_name,
constants.USER_ENVIRONMENT))
def put_user_env(swift, container_name, env):
"""Convert given user environment to yaml and upload it to Swift."""
swiftutils.put_object_string(
swift,
container_name,
constants.USER_ENVIRONMENT,
yaml.safe_dump(env, default_flow_style=False)
)
def write_json_temp_file(data):
"""Writes the provided data to a json file and return the filename"""
with tempfile.NamedTemporaryFile(delete=False, mode='wb') as temp_file:
temp_file.write(json.dumps(data).encode('utf-8'))
return temp_file.name
def object_request(method, url, token):
"""Fetch an object with the provided token"""
response = requests.request(
method, url, headers={'X-Auth-Token': token})
response.raise_for_status()
return response.content
def process_environments_and_files(swift, env_paths):
"""Wrap process_multiple_environments_and_files with swift object fetch"""
def _env_path_is_object(env_path):
return env_path.startswith(swift.url)
# XXX this should belong in heatclient, but for the time being and backport
# purposes, let's do that here for now.
_cache = {}
def _object_request(method, url, token=swift.token):
if url not in _cache:
_cache[url] = object_request(method, url, token)
return _cache[url]
return template_utils.process_multiple_environments_and_files(
env_paths=env_paths,
env_path_is_object=_env_path_is_object,
object_request=_object_request)
def get_template_contents(swift, template_object):
"""Wrap get_template_contents with swift object fetch"""
def _object_request(method, url, token=swift.token):
return object_request(method, url, token)
return template_utils.get_template_contents(
template_object=template_object,
object_request=_object_request)
def build_env_paths(swift, container, plan_env):
environments = plan_env.get('environments', [])
env_paths = []
temp_env_paths = []
for env in environments:
if env.get('path'):
env_paths.append(os.path.join(swift.url, container, env['path']))
elif env.get('data'):
env_file = write_json_temp_file(env['data'])
temp_env_paths.append(env_file)
# create a dict to hold all user set params and merge
# them in the appropriate order
merged_params = {}
# merge generated passwords into params first
passwords = plan_env.get('passwords', {})
merged_params.update(passwords)
# derived parameters are merged before 'parameter defaults'
# so that user-specified values can override the derived values.
derived_params = plan_env.get('derived_parameters', {})
merged_params.update(derived_params)
# handle user set parameter values next in case a user has set
# a new value for a password parameter
params = plan_env.get('parameter_defaults', {})
merged_params = template_utils.deep_update(merged_params, params)
if merged_params:
env_temp_file = write_json_temp_file(
{'parameter_defaults': merged_params})
temp_env_paths.append(env_temp_file)
registry = plan_env.get('resource_registry', {})
if registry:
env_temp_file = write_json_temp_file(
{'resource_registry': registry})
temp_env_paths.append(env_temp_file)
env_paths.extend(temp_env_paths)
return env_paths, temp_env_paths
def create_plan_container(swift, plan_name):
if not pattern_validator(constants.PLAN_NAME_PATTERN, plan_name):
message = ("The plan name must "
"only contain letters, numbers or dashes")
raise RuntimeError(message)
# checks to see if a container with that name exists
if plan_name in [container["name"] for container in
swift.get_account()[1]]:
message = ("A container with the name %s already "
"exists.") % plan_name
raise RuntimeError(message)
default_container_headers = {constants.TRIPLEO_META_USAGE_KEY: 'plan'}
swift.put_container(plan_name, headers=default_container_headers)
def update_plan_environment(swift, environments,
container=constants.DEFAULT_CONTAINER_NAME):
env = get_env(swift, container)
for k, v in environments.items():
found = False
if {'path': k} in env['environments']:
found = True
if v:
if not found:
env['environments'].append({'path': k})
else:
if found:
env['environments'].remove({'path': k})
put_env(swift, env)
return env
def get_role_data(swift, container=constants.DEFAULT_CONTAINER_NAME):
try:
j2_role_file = swiftutils.get_object_string(
swift,
container,
constants.OVERCLOUD_J2_ROLES_NAME)
role_data = yaml.safe_load(j2_role_file)
except swiftexceptions.ClientException:
LOG.info("No %s file found, not filtering container images by role",
constants.OVERCLOUD_J2_ROLES_NAME)
role_data = None
return role_data
def default_image_params():
def ffunc(entry):
return entry
template_file = os.path.join(sys.prefix, 'share', 'tripleo-common',
'container-images',
'tripleo_containers.yaml.j2')
builder = kolla_builder.KollaImageBuilder([template_file])
result = builder.container_images_from_template(filter=ffunc)
params = {}
for entry in result:
imagename = entry.get('imagename', '')
if 'params' in entry:
for p in entry.pop('params'):
params[p] = imagename
return params
def update_plan_environment_with_image_parameters(
swift, container=constants.DEFAULT_CONTAINER_NAME,
with_roledata=True):
try:
# ensure every image parameter has a default value, even if prepare
# didn't return it
params = default_image_params()
if with_roledata:
plan_env = get_env(swift, container)
env_paths, temp_env_paths = build_env_paths(
swift, container, plan_env)
env_files, env = process_environments_and_files(
swift, env_paths)
role_data = get_role_data(swift)
image_params = kolla_builder.container_images_prepare_multi(
env, role_data, dry_run=True)
if image_params:
params.update(image_params)
except Exception as err:
LOG.exception("Error occurred while updating plan files.")
raise RuntimeError(six.text_type(err))
finally:
# cleanup any local temp files
if with_roledata:
for f in temp_env_paths:
os.remove(f)
try:
swiftutils.put_object_string(
swift,
container,
constants.CONTAINER_DEFAULTS_ENVIRONMENT,
yaml.safe_dump(
{'parameter_defaults': params},
default_flow_style=False
)
)
except swiftexceptions.ClientException as err:
err_msg = ("Error updating %s for plan %s: %s" % (
constants.CONTAINER_DEFAULTS_ENVIRONMENT, container, err))
LOG.exception(err_msg)
raise RuntimeError(err_msg)
environments = {constants.CONTAINER_DEFAULTS_ENVIRONMENT: True}
try:
env = update_plan_environment(swift, environments,
container=container)
except swiftexceptions.ClientException as err:
err_msg = ("Error updating environment for plan %s: %s" % (
container, err))
LOG.exception(err_msg)
raise RuntimeError(err_msg)
return env
def generate_passwords(swift=None, heat=None,
container=constants.DEFAULT_CONTAINER_NAME,
rotate_passwords=False, rotate_pw_list=None):
"""Generates passwords needed for Overcloud deployment
This method generates passwords. By default, this method respects
previously generated passwords and in stack environment.
If rotate_passwords is set to True, then passwords will be replaced as
follows:
- if password names are specified in the rotate_pw_list, then only those
passwords will be replaced.
- otherwise, all passwords not in the DO_NOT_ROTATE list (as they require
special handling, like KEKs and Fernet keys) will be replaced.
"""
if heat is None:
raise RuntimeError('Should provide orchestration client to fetch'
'stack environment')
if rotate_pw_list is None:
rotate_pw_list = []
try:
stack_env = heat.stacks.environment(
stack_id=container)
except heat_exc.HTTPNotFound:
stack_env = None
placement_extracted = False
try:
# We can't rely on the existence of PlacementPassword to
# determine if placement extraction has occured as it was added
# in stein while the service extraction was delayed to train.
# Inspect the endpoint map instead.
endpoint_res = heat.resources.get(container, 'EndpointMap')
endpoints = endpoint_res.attributes.get('endpoint_map', None)
placement_extracted = endpoints and 'PlacementPublic' in endpoints
except heat_exc.HTTPNotFound:
pass
passwords = password_utils.generate_passwords(
stack_env=stack_env,
rotate_passwords=rotate_passwords,
rotate_pw_list=rotate_pw_list)
# NOTE(ansmith): if rabbit password previously generated and
# stored, facilitate upgrade and use for oslo messaging in plan env
if 'RabbitPassword' in passwords:
for i in ('RpcPassword', 'NotifyPassword'):
if i not in passwords:
passwords[i] = passwords['RabbitPassword']
# NOTE(owalsh): placement previously used NovaPassword
# Default to the same password for PlacementPassword if it is an
# upgrade (i.e NovaPassword is set) so we do not need to update the
# password in keystone
if not placement_extracted and 'NovaPassword' in passwords:
LOG.debug('Setting PlacementPassword to NovaPassword')
passwords['PlacementPassword'] = passwords['NovaPassword']
return passwords
def update_plan_rotate_fernet_keys(swift,
container=constants.DEFAULT_CONTAINER_NAME):
try:
env = get_env(swift, container)
except swiftexceptions.ClientException as err:
err_msg = ("Error retrieving environment for plan %s: %s" % (
container, err))
LOG.exception(err_msg)
raise RuntimeError(err_msg)
parameter_defaults = env.get('parameter_defaults', {})
passwords = get_overriden_passwords(env.get(
'passwords', {}), parameter_defaults)
next_index = get_next_index(passwords['KeystoneFernetKeys'])
keys_map = rotate_keys(passwords['KeystoneFernetKeys'],
next_index)
max_keys = get_max_keys_value(parameter_defaults)
keys_map = purge_excess_keys(max_keys, keys_map)
env['passwords']['KeystoneFernetKeys'] = keys_map
try:
put_env(swift, env)
except swiftexceptions.ClientException as err:
err_msg = "Error uploading to container: %s" % err
LOG.exception(err_msg)
raise RuntimeError(err_msg)
return keys_map
def get_overriden_passwords(env_passwords, parameter_defaults):
for name in constants.PASSWORD_PARAMETER_NAMES:
if name in parameter_defaults:
env_passwords[name] = parameter_defaults[name]
return env_passwords
def get_key_index_from_path(path):
return int(path[path.rfind('/') + 1:])
def get_next_index(keys_map):
return get_key_index_from_path(
max(keys_map, key=get_key_index_from_path)) + 1
def get_key_path(index):
return password_utils.KEYSTONE_FERNET_REPO + str(index)
def rotate_keys(keys_map, next_index):
next_index_path = get_key_path(next_index)
zero_index_path = get_key_path(0)
# promote staged key to be new primary
keys_map[next_index_path] = keys_map[zero_index_path]
# Set new staged key
keys_map[zero_index_path] = {
'content': password_utils.create_keystone_credential()}
return keys_map
def get_max_keys_value(parameter_defaults):
# The number of max keys should always be positive. The minimum amount
# of keys is 3.
return max(parameter_defaults.get('KeystoneFernetMaxActiveKeys', 5), 3)
def purge_excess_keys(max_keys, keys_map):
current_repo_size = len(keys_map)
if current_repo_size <= max_keys:
return keys_map
key_paths = sorted(keys_map.keys(), key=get_key_index_from_path)
keys_to_be_purged = current_repo_size - max_keys
for key_path in key_paths[1:keys_to_be_purged + 1]:
del keys_map[key_path]
return keys_map
def pattern_validator(pattern, value):
LOG.debug('Validating %s with pattern %s', value, pattern)
if not re.match(pattern, value):
return False
return True
View Git Blame Copy Permalink