womax/nova
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change pipelib to work with projects

Browse Source
This commit is contained in:
Vishvananda Ishaya
2010-06-24 04:11:55 +01:00
committed by andy
parent 32850264fd
commit c0983f71f2
4 changed files with 41 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bin/nova-manage
+13 -13
View File
@@ -38,37 +38,37 @@ class VpnCommands(object):
self.pipe = pipelib.CloudPipe(cloud.CloudController())
def list(self):
print "%-12s\t" % 'user',
print "%-12s\t" % 'project',
print "%-12s\t" % 'ip:port',
print "%s" % 'state'
for user in self.manager.get_users():
print "%-12s\t" % user.name,
print "%s:%s\t" % (user.vpn_ip, user.vpn_port),
for project in self.manager.get_projects():
print "%-12s\t" % project.name,
print "%s:%s\t" % (project.vpn_ip, project.vpn_port),
vpn = self.__vpn_for(user.name)
vpn = self.__vpn_for(project.id)
if vpn:
print vpn['instance_id'],
print vpn['state']
else:
print None
def __vpn_for(self, username):
def __vpn_for(self, project_id):
for instance in self.instdir.all:
if (instance.state.has_key('image_id')
and instance['image_id'] == FLAGS.vpn_image_id
and not instance['state'] in ['shutting_down', 'shutdown']
and instance['owner_id'] == username):
and instance['project_id'] == project_id):
return instance
def spawn(self):
for u in reversed(self.manager.get_users()):
if not self.__vpn_for(u.id):
print 'spawning %s' % u.id
self.pipe.launch_vpn_instance(u.id)
for p in reversed(self.manager.get_projects()):
if not self.__vpn_for(p.id):
print 'spawning %s' % p.id
self.pipe.launch_vpn_instance(p.id)
time.sleep(10)
def run(self, username):
self.pipe.launch_vpn_instance(username)
def run(self, project_id):
self.pipe.launch_vpn_instance(project_id)
class UserCommands(object):
nova/auth/users.py
-3
View File
@@ -474,9 +474,6 @@ class UserManager(object):
signed_cert = crypto.sign_csr(csr, Project.safe_id(project))
return (private_key, signed_cert)
def sign_cert(self, csr, uid):
return crypto.sign_csr(csr, uid)
def __cert_subject(self, uid):
# FIXME(ja) - this should be pulled from a global configuration
return "/C=US/ST=California/L=Mountain View/O=Anso Labs/OU=Nova Dev/CN=%s-%s" % (uid, str(datetime.datetime.utcnow().isoformat()))
nova/cloudpipe/api.py
+6 -19
View File
@@ -35,36 +35,23 @@ class CloudPipeRequestHandler(tornado.web.RequestHandler):
def get(self, path):
path = self.request.path
_log.debug( "Cloudpipe path is %s" % path)
self.manager = users.UserManager.instance()
if path.endswith("/getca/"):
self.send_root_ca()
elif path.endswith("/getcert/"):
_log.debug( "Getting zip for %s" % (path[9:]))
try:
self.send_signed_zip(self.path[9:])
except Exception, err:
_log.debug('ERROR: %s\n' % str(err))
raise tornado.web.HTTPError(404)
self.finish()
def get_username_from_ip(self, ip):
def get_project_id_from_ip(self, ip):
cc = self.application.controllers['Cloud']
instance = cc.get_instance_by_ip(ip)
return instance['owner_id']
instance['project_id']
def send_root_ca(self):
_log.debug( "Getting root ca")
username = self.get_username_from_ip(self.request.remote_ip)
project_id = self.get_project_id_from_ip(self.request.remote_ip)
self.set_header("Content-Type", "text/plain")
self.write(crypto.fetch_ca(username))
def send_signed_zip(self, username):
self.set_header("Content-Type", "application/zip")
self.write(self.manager.get_signed_zip(username))
self.write(crypto.fetch_ca(project_id))
def post(self, *args, **kwargs):
self.manager = users.UserManager.instance()
username = self.get_username_from_ip(self.request.remote_ip)
project_id = self.get_project_id_from_ip(self.request.remote_ip)
cert = self.get_argument('cert', '')
self.write(self.manager.sign_cert(urllib.unquote(cert), username))
self.write(crypto.sign_csr(urllib.unquote(cert), project_id))
self.finish()
nova/cloudpipe/pipelib.py
+22 -12
View File
@@ -21,6 +21,7 @@ an instance with it.
import logging
import os
import tempfile
import base64
from zipfile import ZipFile, ZIP_DEFLATED
from nova import flags
@@ -39,9 +40,9 @@ class CloudPipe(object):
self.controller = cloud_controller
self.manager = users.UserManager.instance()
def launch_vpn_instance(self, username):
logging.debug( "Launching VPN for %s" % (username))
user = self.manager.get_user(username)
def launch_vpn_instance(self, project_id):
logging.debug( "Launching VPN for %s" % (project_id))
project = self.manager.get_project(project_id)
# Make a payload.zip
tmpfolder = tempfile.mkdtemp()
filename = "payload.zip"
@@ -51,26 +52,35 @@ class CloudPipe(object):
z.write(FLAGS.boot_script_template,'autorun.sh')
z.close()
self.setup_keypair(username)
key_name = self.setup_keypair(project.project_manager_id, project_id)
zippy = open(zippath, "r")
context = api.APIRequestContext(handler=None, user=user)
context = api.APIRequestContext(handler=None, user=project.project_manager, project=project)
reservation = self.controller.run_instances(context,
user_data=zippy.read().encode("base64"),
# run instances expects encoded userdata, it is decoded in the get_metadata_call
# autorun.sh also decodes the zip file, hence the double encoding
user_data=zippy.read().encode("base64").encode("base64"),
max_count=1,
min_count=1,
image_id=FLAGS.vpn_image_id,
key_name="vpn-key",
key_name=key_name,
security_groups=["vpn-secgroup"])
zippy.close()
def setup_keypair(self, username):
def setup_keypair(self, user_id, project_id):
key_name = '%s-key' % project_id
try:
private_key, fingerprint = self.manager.generate_key_pair(username, "vpn-key")
os.mkdir("%s/%s" % (FLAGS.keys_path, username))
private_key.save(os.path.abspath("%s/%s" % (FLAGS.keys_path, username)))
except:
private_key, fingerprint = self.manager.generate_key_pair(user_id, key_name)
try:
key_dir = os.path.join(FLAGS.keys_path, user_id)
os.makedirs(key_dir)
with open(os.path.join(key_dir, '%s.pem' % key_name),'w') as f:
f.write(private_key)
except:
pass
except exception.Duplicate:
pass
return key_name
# def setup_secgroups(self, username):
# conn = self.euca.connection_for(username)