CORD-2964 Implement new openstack models and steps
Change-Id: I32ac438e799f563b721e19ad7ebc8a033796c88e
diff --git a/xos/synchronizer/steps/newopenstacksyncstep.py b/xos/synchronizer/steps/newopenstacksyncstep.py
new file mode 100644
index 0000000..1e16b49
--- /dev/null
+++ b/xos/synchronizer/steps/newopenstacksyncstep.py
@@ -0,0 +1,69 @@
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from distutils.version import LooseVersion
+from synchronizers.new_base.syncstep import SyncStep
+
+class NewOpenStackSyncStep(SyncStep):
+ """ XOS Sync step for copying data to OpenStack
+ """
+
+ def __init__(self, *args, **kwargs):
+ # super() does not work here...
+ SyncStep.__init__(self, *args, **kwargs)
+
+ def connect_openstack_admin(self, service, required_version=None):
+ import openstack
+
+ if required_version:
+ if LooseVersion(openstack.version.__version__) < LooseVersion(required_version):
+ raise Exception("Insufficient OpenStack library version",
+ installed_version=openstack.version__version__,
+ required_version=required_version)
+
+ conn = openstack.connect(auth_url=service.auth_url,
+ project_name="admin",
+ username=service.admin_user,
+ password=service.admin_password,
+ user_domain_name="Default",
+ project_domain_name="Default")
+ return conn
+
+ def connect_openstack_slice(self, slice, required_version=None):
+ import openstack
+
+ trust_domain = slice.trust_domain
+ service = trust_domain.owner.leaf_model
+
+ if required_version:
+ if LooseVersion(openstack.version.__version__) < LooseVersion(required_version):
+ raise Exception("Insufficient OpenStack library version",
+ installed_version=openstack.version__version__,
+ required_version=required_version)
+
+ # This is not working yet...
+
+ conn = openstack.connect(auth_url=service.auth_url,
+ project_name=slice.name,
+ username=service.admin_user,
+ password=service.admin_password,
+ user_domain_name="Default",
+ project_domain_name=trust_domain.name)
+ return conn
+
+ # TODO(smbaker): This should be explained.
+ def __call__(self, **args):
+ return self.call(**args)
diff --git a/xos/synchronizer/steps/sync_controller_sites.yaml b/xos/synchronizer/steps/sync_controller_sites.yaml
index 729bc6a..7398ae1 100644
--- a/xos/synchronizer/steps/sync_controller_sites.yaml
+++ b/xos/synchronizer/steps/sync_controller_sites.yaml
@@ -31,4 +31,4 @@
interface: "admin"
name: "{{ project }}"
description: "{{ project_description }}"
-
+ domain: "{{ domain }}"
diff --git a/xos/synchronizer/steps/sync_controller_slices.yaml b/xos/synchronizer/steps/sync_controller_slices.yaml
index d224d5f..150179d 100644
--- a/xos/synchronizer/steps/sync_controller_slices.yaml
+++ b/xos/synchronizer/steps/sync_controller_slices.yaml
@@ -34,6 +34,7 @@
state: absent
{% else %}
description: "{{ project_description }}"
+ domain: "{{ domain }}"
{% for role in roles %}
- name: Create role "{{ role }}"
diff --git a/xos/synchronizer/steps/sync_controller_users.yaml b/xos/synchronizer/steps/sync_controller_users.yaml
index 17db144..853a585 100644
--- a/xos/synchronizer/steps/sync_controller_users.yaml
+++ b/xos/synchronizer/steps/sync_controller_users.yaml
@@ -32,6 +32,7 @@
name: "{{ name }}"
email: "{{ email }}"
password: "{{ password }}"
+ domain: "{{ domain }}"
- name: Create project for "{{ project }}"
os_project:
@@ -46,6 +47,7 @@
{%- endif %}
interface: "admin"
name: "{{ project }}"
+ domain: "{{ domain }}"
{% for role in roles %}
- name: Create role "{{ role }}"
diff --git a/xos/synchronizer/steps/sync_openstack_service.py b/xos/synchronizer/steps/sync_openstack_service.py
new file mode 100644
index 0000000..79e2df8
--- /dev/null
+++ b/xos/synchronizer/steps/sync_openstack_service.py
@@ -0,0 +1,32 @@
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from synchronizers.new_base.modelaccessor import OpenStackService
+from newopenstacksyncstep import NewOpenStackSyncStep
+
+class SyncOpenStackService(NewOpenStackSyncStep):
+ provides=[OpenStackService]
+ requested_interval=0
+ observes=OpenStackService
+
+ def sync_record(self, service):
+ # nothing to do
+ pass
+
+ def delete_record(self, service):
+ # nothing to do
+ pass
+
diff --git a/xos/synchronizer/steps/sync_openstackserviceinstance.py b/xos/synchronizer/steps/sync_openstackserviceinstance.py
new file mode 100644
index 0000000..6ae91a1
--- /dev/null
+++ b/xos/synchronizer/steps/sync_openstackserviceinstance.py
@@ -0,0 +1,134 @@
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import base64
+import random
+import string
+
+from synchronizers.new_base.modelaccessor import OpenStackServiceInstance, Node, NetworkSlice, Flavor
+from newopenstacksyncstep import NewOpenStackSyncStep
+
+from xosconfig import Config
+from multistructlog import create_logger
+
+log = create_logger(Config().get('logging'))
+
+class SyncOpenStackServiceInstance(NewOpenStackSyncStep):
+ provides=[OpenStackServiceInstance]
+ requested_interval=0
+ observes=OpenStackServiceInstance
+
+ def get_connected_networks(self, instance):
+ xos_networks = [ns.network for ns in NetworkSlice.objects.filter(slice_id=instance.slice.id)]
+ return xos_networks
+
+ def get_user_data(self, instance):
+ pubkeys=[]
+
+ if instance.slice.creator and instance.slice.creator.public_key:
+ pubkeys.add(instance.slice.creator.public_key)
+
+ if instance.slice.service and instance.slice.service.public_key:
+ pubkeys.add(instance.slice.service.public_key)
+
+ userdata = '#cloud-config\n\n'
+# userdata += 'opencloud:\n slicename: "%s"\n hostname: "%s"\n restapi_hostname: "%s"\n restapi_port: "%s"\n' % (
+# instance.slice.name, instance.node.name, RESTAPI_HOSTNAME, str(RESTAPI_PORT))
+ userdata += 'ssh_authorized_keys:\n'
+ for key in pubkeys:
+ userdata += ' - %s\n' % key
+
+ log.info("generated userdata", userdata=userdata)
+
+ return userdata
+
+ def sync_record(self, instance):
+ slice = instance.slice
+ if not slice.trust_domain:
+ raise Exception("Instance's slice has no trust domain")
+
+ service = instance.slice.trust_domain.owner.leaf_model
+ #conn = self.connect_openstack_slice(slice)
+ conn = self.connect_openstack_admin(service)
+
+ os_domain = conn.identity.find_domain(slice.trust_domain.name)
+ os_project = conn.identity.find_project(slice.name, domain_id=os_domain.id)
+
+ os_instances = list(conn.compute.servers(name=instance.name, project_id=os_project.id))
+ if os_instances:
+ os_instance=os_instances[0]
+ log.info("Instance already exists in openstack", instance=instance)
+ else:
+ image_name = instance.image.name
+ image_id = conn.compute.find_image(image_name).id
+
+ if instance.flavor:
+ flavor_name = instance.flavor.name
+ else:
+ # pick a sensible default
+ flavor_name = "m1.small"
+ flavor_id = conn.compute.find_flavor(flavor_name).id
+
+ xos_networks = self.get_connected_networks(instance)
+ networks = []
+ for xos_network in xos_networks:
+ networks.append({"uuid": conn.network.find_network(xos_network.name).id})
+
+ # TODO(smbaker): No ssh keys specified
+
+ availability_zone="nova:%s" % instance.node.name
+
+ log.info("Creating Instance", instance=instance, image_id=image_id, flavor_id=flavor_id,
+ availability_zone=availability_zone,
+ networks=networks)
+
+ if not instance.admin_password:
+ instance.admin_password = ''.join(random.choice(string.ascii_lowercase + string.digits) for _ in range(8))
+ instance.save(update_fields=["admin_password"])
+
+ user_data = self.get_user_data(instance)
+
+ os_instance = conn.compute.create_server(name=instance.name,
+ image_id=image_id,
+ flavor_id=flavor_id,
+ project_domain_id=os_project.id,
+ availability_zone=availability_zone,
+ networks=networks,
+ config_drive=True,
+ user_data=base64.b64encode(user_data),
+ admin_password=instance.admin_password)
+
+ if os_instance.id != instance.backend_handle:
+ instance.backend_handle = os_instance.id
+ instance.save(update_fields=["backend_handle"])
+
+ def delete_record(self, instance):
+ slice = instance.slice
+ if not slice.trust_domain:
+ raise Exception("Instance's slice has no trust domain")
+
+ service = slice.trust_domain.owner.leaf_model
+ conn = self.connect_openstack_admin(service)
+
+ os_domain = conn.identity.find_domain(slice.trust_domain.name)
+ os_project = conn.identity.find_project(slice.name, domain_id=os_domain.id)
+
+ os_instances = list(conn.compute.servers(name=instance.name, project_id=os_project.id))
+ if (not os_instances):
+ log.info("Instance already does not exist in openstack", instance=instance)
+ else:
+ os_instance=os_instances[0]
+ log.info("Deleting Instance", instance=instance, os_id=os_instance.id)
+ conn.compute.delete_server(os_instance.id)
diff --git a/xos/synchronizer/steps/sync_principal.py b/xos/synchronizer/steps/sync_principal.py
new file mode 100644
index 0000000..9b401a9
--- /dev/null
+++ b/xos/synchronizer/steps/sync_principal.py
@@ -0,0 +1,75 @@
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from synchronizers.new_base.modelaccessor import TrustDomain, Principal
+from newopenstacksyncstep import NewOpenStackSyncStep
+
+from xosconfig import Config
+from multistructlog import create_logger
+
+log = create_logger(Config().get('logging'))
+
+class SyncPrincipal(NewOpenStackSyncStep):
+ provides=[Principal]
+ requested_interval=0
+ observes=Principal
+
+ def fetch_pending(self, deleted):
+ """ Figure out which Principals are interesting to the OpenStack synchronizer. It's necessary to filter as we're
+ synchronizing a core model, and we only want to synchronize trust domains that will exist within
+ OpenStack.
+ """
+ objs = super(SyncPrincipal, self).fetch_pending(deleted)
+ for obj in objs[:]:
+ # If the Principal isn't in a TrustDomain, then the OpenStack synchronizer can't do anything with it
+ if not obj.trust_domain:
+ objs.remove(obj)
+ continue
+
+ # If the TrustDomain isn't part of the OpenStack service, then it's someone else's trust domain
+ if "OpenStackService" not in obj.trust_domain.owner.leaf_model.class_names:
+ objs.remove(obj)
+ return objs
+
+ def sync_record(self, principal):
+ service = principal.trust_domain.owner.leaf_model
+ conn = self.connect_openstack_admin(service)
+
+ os_domain = conn.identity.find_domain(principal.trust_domain.name)
+
+ os_user = conn.identity.find_user(principal.name, domain_id=os_domain.id)
+ if (os_user):
+ log.info("Principal already exists in openstack", principal=principal)
+ else:
+ log.info("Creating Principal", principal=principal)
+ os_user = conn.identity.create_user(name=principal.name, domain_id=os_domain.id)
+
+ if os_user.id != principal.backend_handle:
+ principal.backend_handle = os_user.id
+ principal.save(update_fields=["backend_handle"])
+
+ def delete_record(self, principal):
+ service = principal.trust_domain.owner.leaf_model
+ conn = self.connect_openstack_admin(service)
+
+ os_domain = conn.identity.find_domain(principal.trust_domain.name)
+
+ os_user = conn.identity.find_user(principal.name, domain_id=os_domain.id)
+ if (not os_user):
+ log.info("Principal already does not exist in openstack", principal=principal)
+ else:
+ log.info("Deleting Principal", principal=principal, os_id=os_domain.id)
+ conn.identity.delete_user(os_user.id)
diff --git a/xos/synchronizer/steps/sync_slice.py b/xos/synchronizer/steps/sync_slice.py
new file mode 100644
index 0000000..81ca6dc
--- /dev/null
+++ b/xos/synchronizer/steps/sync_slice.py
@@ -0,0 +1,76 @@
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from synchronizers.new_base.ansible_helper import *
+from synchronizers.new_base.modelaccessor import Slice
+from newopenstacksyncstep import NewOpenStackSyncStep
+
+from xosconfig import Config
+from multistructlog import create_logger
+
+log = create_logger(Config().get('logging'))
+
+class SyncSlice(NewOpenStackSyncStep):
+ provides=[Slice]
+ requested_interval=0
+ observes=Slice
+
+ def fetch_pending(self, deleted):
+ """ Figure out which Principals are interesting to the OpenStack synchronizer. It's necessary to filter as we're
+ synchronizing a core model, and we only want to synchronize trust domains that will exist within
+ OpenStack.
+ """
+ objs = super(SyncSlice, self).fetch_pending(deleted)
+ for obj in objs[:]:
+ # If the Slice isn't in a TrustDomain, then the OpenStack synchronizer can't do anything with it
+ if not obj.trust_domain:
+ objs.remove(obj)
+ continue
+
+ # If the TrustDomain isn't part of the OpenStack service, then it's someone else's trust domain
+ if "OpenStackService" not in obj.trust_domain.owner.leaf_model.class_names:
+ objs.remove(obj)
+ return objs
+
+ def sync_record(self, slice):
+ service = slice.trust_domain.owner.leaf_model
+ conn = self.connect_openstack_admin(service)
+
+ os_domain = conn.identity.find_domain(slice.trust_domain.name)
+
+ os_slice = conn.identity.find_project(slice.name, domain_id=os_domain.id)
+ if os_slice:
+ log.info("Slice already exists in openstack", slice=slice)
+ else:
+ log.info("Creating Slice", slice=slice)
+ os_slice = conn.identity.create_project(name=slice.name, domain_id=os_domain.id)
+
+ if os_slice.id != slice.backend_handle:
+ slice.backend_handle = os_slice.id
+ slice.save(update_fields=["backend_handle"])
+
+ def delete_record(self, slice):
+ service = slice.trust_domain.owner.leaf_model
+ conn = self.connect_openstack_admin(service)
+
+ os_domain = conn.identity.find_domain(slice.trust_domain.name)
+
+ os_slice = conn.identity.find_project(slice.name, domain_id=os_domain.id)
+ if (not os_slice):
+ log.info("Slice already does not exist in openstack", slice=slice)
+ else:
+ log.info("Deleting Slice", slice=slice, os_id=os_slice.id)
+ conn.identity.delete_project(os_slice.id)
diff --git a/xos/synchronizer/steps/sync_trustdomain.py b/xos/synchronizer/steps/sync_trustdomain.py
new file mode 100644
index 0000000..67bf752
--- /dev/null
+++ b/xos/synchronizer/steps/sync_trustdomain.py
@@ -0,0 +1,70 @@
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from synchronizers.new_base.ansible_helper import *
+from synchronizers.new_base.modelaccessor import TrustDomain
+from newopenstacksyncstep import NewOpenStackSyncStep
+
+from xosconfig import Config
+from multistructlog import create_logger
+
+log = create_logger(Config().get('logging'))
+
+class SyncTrustDomain(NewOpenStackSyncStep):
+ provides=[TrustDomain]
+ requested_interval=0
+ observes=TrustDomain
+
+ def fetch_pending(self, deleted):
+ """ Figure out which TrustDomains are interesting to the OpenStack synchronizer. It's necessary to filter as
+ we're synchronizing a core model, and we only want to synchronize trust domains that will exist within
+ OpenStack.
+ """
+ objs = super(SyncTrustDomain, self).fetch_pending(deleted)
+ for obj in objs[:]:
+ # If the TrustDomain isn't part of the OpenStack service, then it's someone else's trust domain
+ if "OpenStackService" not in obj.owner.leaf_model.class_names:
+ objs.remove(obj)
+ return objs
+
+ def sync_record(self, trust_domain):
+ service = trust_domain.owner.leaf_model
+ conn = self.connect_openstack_admin(service)
+
+ os_domain = conn.identity.find_domain(trust_domain.name)
+ if (os_domain):
+ log.info("Trust Domain already exists in openstack", trust_domain=trust_domain)
+ else:
+ log.info("Creating Trust Domain", trust_domain=trust_domain)
+ os_domain = conn.identity.create_domain(name=trust_domain.name)
+
+ if os_domain.id != trust_domain.backend_handle:
+ trust_domain.backend_handle = os_domain.id
+ trust_domain.save(update_fields=["backend_handle"])
+
+ def delete_record(self, trust_domain):
+ service = trust_domain.owner.leaf_model
+ conn = self.connect_openstack_admin(service)
+
+ os_domain = conn.identity.find_domain(trust_domain.name)
+ if (not os_domain):
+ log.info("Trust Domain already does not exist in openstack", trust_domain=trust_domain)
+ else:
+ if os_domain.is_enabled:
+ log.info("Disabling Trust Domain", trust_domain=trust_domain, os_id=os_domain.id)
+ os_domain=conn.identity.update_domain(os_domain.id, enabled=False)
+ log.info("Deleting Trust Domain", trust_domain=trust_domain, os_id=os_domain.id)
+ conn.identity.delete_domain(os_domain.id)