x/ranger-agent
Code Issues Proposed changes

upgrade to use keystone v3

Browse Source 
- Upgrade to keystone v3
- Modify oslo_messaging to replace deprecated get_transport

Change-Id: I1421d22d8280879d0e7a54519a45feb8a7fa00ef
This commit is contained in:
hosingh000 2018-02-21 13:45:47 -06:00 committed by MikeG451
parent 63633a04aa
commit bf1b738797
7 changed files with 57 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
etc/ord.conf
View File

@ -21,27 +21,24 @@ host = 0.0.0.0
# Port the bind the API server to
port = 9010
[ord_credentials]
auth_url = http://127.0.0.1:5000/v2.0
user_name = admin
password = devstack
tenant_name = admin
openstack_client_http_timeout = 360
https_insecure = False
[keystone_authtoken]
auth_type = password
auth_url = http://keystone-api.openstack.svc.cluster.local:80/v3
auth_version = v3
password = password
project_domain_name = Default
project_name = service
region_name = RegionOne
user_domain_name = Default
username = admin
[database]
connection = mysql+pymysql://root:devstack@127.0.0.1:3306/ord
max_retries = -1
[oslo_messaging_rabbit]
rabbit_userid = stackrabbit
rabbit_password = devstack
rabbit_hosts = 127.0.0.1
rabbit_port = 5672
[orm]
#This will assume the required ssh-keys are all already populated
orm_template_repo_url = git@127.0.0.1:/home/repo/ranger_repo.git
orm_template_repo_url = ssh://git@127.0.0.1:/home/repo/ranger_repo.git
#This is fake service call will be replaced with rds url
rds_listener_endpoint = http://127.0.0.1:8777/v1/rds/status
repo_pull_check_wait = 2

2
ord/api/app.py
View File

@ -83,7 +83,7 @@ def setup_app(pecan_config=None, extra_hooks=None):
guess_content_type_from_ext=False
)
transport = messaging.get_transport(cfg.CONF)
transport = messaging.get_rpc_transport(cfg.CONF)
target = messaging.Target(topic='ord-listener-q', server=cfg.CONF.host)
endpoints = [api.ListenerQueueHandler()]
server = messaging.get_rpc_server(transport,

84
ord/client/client.py
View File

@ -14,39 +14,38 @@
from glanceclient import client as glance
from heatclient import client as heat
from keystoneclient import discover as keystone_discover
from keystoneclient.v2_0 import client as keystone_v2
from keystoneclient.auth.identity import v3
from keystoneclient import session as ksc_session
from keystoneclient.v3 import client as keystone_v3
from oslo_config import cfg
from ord.common import exceptions as exc
from ord.openstack.common import log as logging
# FIXME: we definetly must change this group name. It very confusing.
OPT_GROUP = cfg.OptGroup(name='ord_credentials', title='ORD Credentials')
OPT_GROUP = cfg.OptGroup(name='keystone_authtoken',
title='Keystone Configurations')
SERVICE_OPTS = [
cfg.StrOpt('project_id', default='',
help="project id used by nova driver of service vm extension"),
cfg.StrOpt('auth_url', default='http://0.0.0.0:5000/v2.0',
help="auth URL used by nova driver of service vm extension"),
cfg.StrOpt('user_name', default='',
help="user name used by nova driver of service vm extension"),
cfg.StrOpt('project_name', default='service',
help="project name used to stack heat resources"),
cfg.StrOpt('auth_url', default='',
help="auth url used by ranger agent to invoke keystone apis"),
cfg.StrOpt('username', default='',
help="user name used by ranger agent to invoke keystone apis"),
cfg.StrOpt('password', default='', secret=True,
help="password used by nova driver of service vm extension"),
cfg.StrOpt('tenant_name', default='',
help="tenant name used by nova driver of service vm "
"extension"),
cfg.FloatOpt("openstack_client_http_timeout", default=180.0,
help="HTTP timeout for any of OpenStack service in seconds"),
cfg.BoolOpt("https_insecure", default=False,
help="Use SSL for all OpenStack API interfaces"),
help="password used by ranger agent to invoke keystone apis"),
cfg.StrOpt('project_domain_name', default='default',
help="default project domain "
"used by ranger agent to invoke keystone apis"),
cfg.StrOpt('auth_version', default='v3', help="Keystone version"),
cfg.StrOpt("user_domain_name", default='default',
help="default project domain "
"used by ranger agent to invoke keystone apis"),
cfg.StrOpt("https_cacert", default=None,
help="Path to CA server certificate for SSL")
help="Path to CA server certificate for SSL"),
]
cfg.CONF.register_opts(SERVICE_OPTS, OPT_GROUP)
CONF = cfg.CONF.ord_credentials
CONF = cfg.CONF.keystone_authtoken
LOG = logging.getLogger(__name__)
@ -68,13 +67,17 @@ def cached(func):
def create_keystone_client(args):
discover = keystone_discover.Discover(auth_url=args['auth_url'])
for version_data in discover.version_data():
version = version_data['version']
if version[0] <= 2:
return keystone_v2.Client(**args)
elif version[0] == 3:
return keystone_v3.Client(**args)
auth = v3.Password(auth_url=args['auth_url'],
username=args['username'],
password=args['password'],
project_name=args['project_name'],
user_domain_name=args['user_domain_name'],
project_domain_name=args['project_domain_name'])
session = ksc_session.Session(auth=auth)
return keystone_v3.Client(session=session,
auth_url=args['auth_url'],
username=args['username'],
password=args['password'])
class Clients(object):
@ -90,15 +93,14 @@ class Clients(object):
def keystone(self):
"""Returns keystone Client."""
params = {
'username': CONF.user_name,
'username': CONF.username,
'password': CONF.password,
'auth_url': CONF.auth_url,
'project_name': CONF.project_name,
'user_domain_name': CONF.user_domain_name,
'project_domain_name': CONF.project_domain_name,
'https_cacert': CONF.https_cacert
}
if CONF.project_id:
params['tenant_id'] = CONF.project_id
else:
params['tenant_name'] = CONF.tenant_name
try:
client = create_keystone_client(params)
if client.auth_ref is None:
@ -119,16 +121,13 @@ class Clients(object):
attempt = 1
while attempt >= 0:
try:
heat_api_url = kc.service_catalog.url_for(
heat_api_url = kc.session.get_endpoint(
service_type='orchestration')
auth_token = kc.auth_token
timeout = CONF.openstack_client_http_timeout
client = heat.Client(version,
endpoint=heat_api_url,
token=auth_token,
timeout=timeout,
insecure=CONF.https_insecure,
cacert=CONF.https_cacert)
cacert=CONF.https_cacert,
token=auth_token)
return client, kc
except Exception as ex:
try:
@ -152,15 +151,12 @@ class Clients(object):
attempt = 1
while attempt >= 0:
try:
glance_api_url = kc.service_catalog.url_for(
glance_api_url = kc.session.get_endpoint(
service_type='image')
auth_token = kc.auth_token
timeout = CONF.openstack_client_http_timeout
client = glance.Client(version,
endpoint=glance_api_url,
token=auth_token,
timeout=timeout,
insecure=CONF.https_insecure,
cacert=CONF.https_cacert)
return client, kc
except Exception as ex:

2
ord/client/rpcapi.py
View File

@ -26,7 +26,7 @@ class RpcAPI(object):
super(RpcAPI, self).__init__()
self.target = messaging.Target(topic='ord-notifier-q')
self.transport = messaging.get_transport(cfg.CONF)
self.transport = messaging.get_rpc_transport(cfg.CONF)
self._client = messaging.RPCClient(self.transport, self.target)
def invoke_notifier_rpc(self, ctxt, payload):

2
ord/client/rpcengine.py
View File

@ -28,7 +28,7 @@ class RpcEngine(object):
super(RpcEngine, self).__init__()
try:
self.target = messaging.Target(topic='ord-listener-q')
self.transport = messaging.get_transport(cfg.CONF)
self.transport = messaging.get_rpc_transport(cfg.CONF)
self._client = messaging.RPCClient(self.transport, self.target)
except Exception as exception:
LOG.critical(

4
ord/engine/app.py
View File

@ -23,7 +23,7 @@ def start():
engine = Engine()
# start Notify message listener
transport = messaging.get_transport(cfg.CONF)
transport = messaging.get_rpc_transport(cfg.CONF)
target = messaging.Target(topic='ord-notifier-q', server=cfg.CONF.host)
@ -32,7 +32,7 @@ def start():
server = messaging.get_rpc_server(transport,
target,
endpoints,
executor='blocking')
executor='eventlet')
try:
server.start()

2
requirements.txt
View File

@ -4,7 +4,7 @@
#
pbr>=1.6
oslo.config>=3.14.0
oslo.messaging>=5.2.0
oslo.messaging>=5.29.0
oslo.serialization>=1.10.0
oslo.db>=4.10.0,!=4.13.1,!=4.13.2
oslo.log>=1.14.0