Merge branch 'x' of github.com:xarses/fuel-ng into x

2015-04-28 15:17:00 +02:00 · 2015-04-28 15:17:00 +02:00 · 27ae289cfd
commit 27ae289cfd
parent 1c9e116f4f cc8b0974e2
17 changed files with 1917 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,6 @@
 .vagrant

 tmp/
+
+#vim
+*.swp
--- a/x/handlers/base.py
+++ b/x/handlers/base.py
@ -43,6 +43,7 @@ class BaseHandler(object):

    def _make_args(self, resource):
        args = {'name': resource.name}
+        args['resource_dir'] = resource.base_dir
        args.update(resource.args)
        return args

--- a/x/resource.py
+++ b/x/resource.py
@ -31,7 +31,7 @@ class Resource(object):
        self.tags = tags or []

    def __repr__(self):
-        return ("Resource('name={0}', metadata={1}, args={2}, "
+        return ("Resource(name='{0}', metadata={1}, args={2}, "
                "base_dir='{3}', tags={4})").format(self.name,
                                                    json.dumps(self.metadata),
                                                    json.dumps(self.args_show()),
@ -113,6 +113,7 @@ class Resource(object):
        meta_file = os.path.join(self.base_dir, 'meta.yaml')
        with open(meta_file, 'w') as f:
            f.write(yaml.dump(metadata))
+            f.write(yaml.dump(metadata, default_flow_style=False))


 def create(name, base_path, dest_path, args, connections={}):
--- a/x/resources/keystone_config/actions/remove.yml
+++ b/x/resources/keystone_config/actions/remove.yml
@ -0,0 +1,4 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - file: path={{config_dir}} state=absent
--- a/x/resources/keystone_config/actions/run.yml
+++ b/x/resources/keystone_config/actions/run.yml
@ -0,0 +1,14 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  vars:
+    admin_token: {{admin_token}}
+    db_user: {{db_user}}
+    db_password: {{db_password}}
+    db_host: {{db_host}}
+    db_name: {{db_name}}
+  tasks:
+    - file: path={{config_dir}} state=directory
+    - template: src={{resource_dir}}/templates/keystone.conf dest={{config_dir}}/keystone.conf
+    - template: src={{resource_dir}}/templates/default_catalog.templates dest={{config_dir}}/default_catalog.templates
+    - template: src={{resource_dir}}/templates/logging.conf dest={{config_dir}}/logging.conf
+    - template: src={{resource_dir}}/templates/policy.json dest={{config_dir}}/policy.json
--- a/x/resources/keystone_config/meta.yaml
+++ b/x/resources/keystone_config/meta.yaml
@ -0,0 +1,13 @@
+id: keystone_config
+handler: ansible
+version: 1.0.0
+input:
+    config_dir:
+    admin_token:
+    db_user:
+    db_password:
+    db_host:
+    db_name:
+    ip:
+    ssh_key:
+    ssh_user:
--- a/x/resources/keystone_config/templates/default_catalog.templates
+++ b/x/resources/keystone_config/templates/default_catalog.templates
@ -0,0 +1,27 @@
+# config for templated.Catalog, using camelCase because I don't want to do
+# translations for keystone compat
+catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0
+catalog.RegionOne.identity.adminURL = http://localhost:$(admin_port)s/v2.0
+catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0
+catalog.RegionOne.identity.name = Identity Service
+
+# fake compute service for now to help novaclient tests work
+catalog.RegionOne.compute.publicURL = http://localhost:8774/v1.1/$(tenant_id)s
+catalog.RegionOne.compute.adminURL = http://localhost:8774/v1.1/$(tenant_id)s
+catalog.RegionOne.compute.internalURL = http://localhost:8774/v1.1/$(tenant_id)s
+catalog.RegionOne.compute.name = Compute Service
+
+catalog.RegionOne.volume.publicURL = http://localhost:8776/v1/$(tenant_id)s
+catalog.RegionOne.volume.adminURL = http://localhost:8776/v1/$(tenant_id)s
+catalog.RegionOne.volume.internalURL = http://localhost:8776/v1/$(tenant_id)s
+catalog.RegionOne.volume.name = Volume Service
+
+catalog.RegionOne.ec2.publicURL = http://localhost:8773/services/Cloud
+catalog.RegionOne.ec2.adminURL = http://localhost:8773/services/Admin
+catalog.RegionOne.ec2.internalURL = http://localhost:8773/services/Cloud
+catalog.RegionOne.ec2.name = EC2 Service
+
+catalog.RegionOne.image.publicURL = http://localhost:9292/v1
+catalog.RegionOne.image.adminURL = http://localhost:9292/v1
+catalog.RegionOne.image.internalURL = http://localhost:9292/v1
+catalog.RegionOne.image.name = Image Service
--- a/x/resources/keystone_config/templates/keystone.conf
+++ b/x/resources/keystone_config/templates/keystone.conf
--- a/x/resources/keystone_config/templates/logging.conf
+++ b/x/resources/keystone_config/templates/logging.conf
@ -0,0 +1,65 @@
+[loggers]
+keys=root,access
+
+[handlers]
+keys=production,file,access_file,devel
+
+[formatters]
+keys=minimal,normal,debug
+
+
+###########
+# Loggers #
+###########
+
+[logger_root]
+level=WARNING
+handlers=file
+
+[logger_access]
+level=INFO
+qualname=access
+handlers=access_file
+
+
+################
+# Log Handlers #
+################
+
+[handler_production]
+class=handlers.SysLogHandler
+level=ERROR
+formatter=normal
+args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
+
+[handler_file]
+class=handlers.WatchedFileHandler
+level=WARNING
+formatter=normal
+args=('error.log',)
+
+[handler_access_file]
+class=handlers.WatchedFileHandler
+level=INFO
+formatter=minimal
+args=('access.log',)
+
+[handler_devel]
+class=StreamHandler
+level=NOTSET
+formatter=debug
+args=(sys.stdout,)
+
+
+##################
+# Log Formatters #
+##################
+
+[formatter_minimal]
+format=%(message)s
+
+[formatter_normal]
+format=(%(name)s): %(asctime)s %(levelname)s %(message)s
+
+[formatter_debug]
+format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s
--- a/x/resources/keystone_config/templates/policy.json
+++ b/x/resources/keystone_config/templates/policy.json
@ -0,0 +1,171 @@
+{
+    "admin_required": "role:admin or is_admin:1",
+    "service_role": "role:service",
+    "service_or_admin": "rule:admin_required or rule:service_role",
+    "owner" : "user_id:%(user_id)s",
+    "admin_or_owner": "rule:admin_required or rule:owner",
+
+    "default": "rule:admin_required",
+
+    "identity:get_region": "",
+    "identity:list_regions": "",
+    "identity:create_region": "rule:admin_required",
+    "identity:update_region": "rule:admin_required",
+    "identity:delete_region": "rule:admin_required",
+
+    "identity:get_service": "rule:admin_required",
+    "identity:list_services": "rule:admin_required",
+    "identity:create_service": "rule:admin_required",
+    "identity:update_service": "rule:admin_required",
+    "identity:delete_service": "rule:admin_required",
+
+    "identity:get_endpoint": "rule:admin_required",
+    "identity:list_endpoints": "rule:admin_required",
+    "identity:create_endpoint": "rule:admin_required",
+    "identity:update_endpoint": "rule:admin_required",
+    "identity:delete_endpoint": "rule:admin_required",
+
+    "identity:get_domain": "rule:admin_required",
+    "identity:list_domains": "rule:admin_required",
+    "identity:create_domain": "rule:admin_required",
+    "identity:update_domain": "rule:admin_required",
+    "identity:delete_domain": "rule:admin_required",
+
+    "identity:get_project": "rule:admin_required",
+    "identity:list_projects": "rule:admin_required",
+    "identity:list_user_projects": "rule:admin_or_owner",
+    "identity:create_project": "rule:admin_required",
+    "identity:update_project": "rule:admin_required",
+    "identity:delete_project": "rule:admin_required",
+
+    "identity:get_user": "rule:admin_required",
+    "identity:list_users": "rule:admin_required",
+    "identity:create_user": "rule:admin_required",
+    "identity:update_user": "rule:admin_required",
+    "identity:delete_user": "rule:admin_required",
+    "identity:change_password": "rule:admin_or_owner",
+
+    "identity:get_group": "rule:admin_required",
+    "identity:list_groups": "rule:admin_required",
+    "identity:list_groups_for_user": "rule:admin_or_owner",
+    "identity:create_group": "rule:admin_required",
+    "identity:update_group": "rule:admin_required",
+    "identity:delete_group": "rule:admin_required",
+    "identity:list_users_in_group": "rule:admin_required",
+    "identity:remove_user_from_group": "rule:admin_required",
+    "identity:check_user_in_group": "rule:admin_required",
+    "identity:add_user_to_group": "rule:admin_required",
+
+    "identity:get_credential": "rule:admin_required",
+    "identity:list_credentials": "rule:admin_required",
+    "identity:create_credential": "rule:admin_required",
+    "identity:update_credential": "rule:admin_required",
+    "identity:delete_credential": "rule:admin_required",
+
+    "identity:ec2_get_credential": "rule:admin_or_owner",
+    "identity:ec2_list_credentials": "rule:admin_or_owner",
+    "identity:ec2_create_credential": "rule:admin_or_owner",
+    "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
+
+    "identity:get_role": "rule:admin_required",
+    "identity:list_roles": "rule:admin_required",
+    "identity:create_role": "rule:admin_required",
+    "identity:update_role": "rule:admin_required",
+    "identity:delete_role": "rule:admin_required",
+
+    "identity:check_grant": "rule:admin_required",
+    "identity:list_grants": "rule:admin_required",
+    "identity:create_grant": "rule:admin_required",
+    "identity:revoke_grant": "rule:admin_required",
+
+    "identity:list_role_assignments": "rule:admin_required",
+
+    "identity:get_policy": "rule:admin_required",
+    "identity:list_policies": "rule:admin_required",
+    "identity:create_policy": "rule:admin_required",
+    "identity:update_policy": "rule:admin_required",
+    "identity:delete_policy": "rule:admin_required",
+
+    "identity:check_token": "rule:admin_required",
+    "identity:validate_token": "rule:service_or_admin",
+    "identity:validate_token_head": "rule:service_or_admin",
+    "identity:revocation_list": "rule:service_or_admin",
+    "identity:revoke_token": "rule:admin_or_owner",
+
+    "identity:create_trust": "user_id:%(trust.trustor_user_id)s",
+    "identity:get_trust": "rule:admin_or_owner",
+    "identity:list_trusts": "",
+    "identity:list_roles_for_trust": "",
+    "identity:check_role_for_trust": "",
+    "identity:get_role_for_trust": "",
+    "identity:delete_trust": "",
+
+    "identity:create_consumer": "rule:admin_required",
+    "identity:get_consumer": "rule:admin_required",
+    "identity:list_consumers": "rule:admin_required",
+    "identity:delete_consumer": "rule:admin_required",
+    "identity:update_consumer": "rule:admin_required",
+
+    "identity:authorize_request_token": "rule:admin_required",
+    "identity:list_access_token_roles": "rule:admin_required",
+    "identity:get_access_token_role": "rule:admin_required",
+    "identity:list_access_tokens": "rule:admin_required",
+    "identity:get_access_token": "rule:admin_required",
+    "identity:delete_access_token": "rule:admin_required",
+
+    "identity:list_projects_for_endpoint": "rule:admin_required",
+    "identity:add_endpoint_to_project": "rule:admin_required",
+    "identity:check_endpoint_in_project": "rule:admin_required",
+    "identity:list_endpoints_for_project": "rule:admin_required",
+    "identity:remove_endpoint_from_project": "rule:admin_required",
+
+    "identity:create_endpoint_group": "rule:admin_required",
+    "identity:list_endpoint_groups": "rule:admin_required",
+    "identity:get_endpoint_group": "rule:admin_required",
+    "identity:update_endpoint_group": "rule:admin_required",
+    "identity:delete_endpoint_group": "rule:admin_required",
+    "identity:list_projects_associated_with_endpoint_group": "rule:admin_required",
+    "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required",
+    "identity:list_endpoint_groups_for_project": "rule:admin_required",
+    "identity:add_endpoint_group_to_project": "rule:admin_required",
+    "identity:remove_endpoint_group_from_project": "rule:admin_required",
+
+    "identity:create_identity_provider": "rule:admin_required",
+    "identity:list_identity_providers": "rule:admin_required",
+    "identity:get_identity_providers": "rule:admin_required",
+    "identity:update_identity_provider": "rule:admin_required",
+    "identity:delete_identity_provider": "rule:admin_required",
+
+    "identity:create_protocol": "rule:admin_required",
+    "identity:update_protocol": "rule:admin_required",
+    "identity:get_protocol": "rule:admin_required",
+    "identity:list_protocols": "rule:admin_required",
+    "identity:delete_protocol": "rule:admin_required",
+
+    "identity:create_mapping": "rule:admin_required",
+    "identity:get_mapping": "rule:admin_required",
+    "identity:list_mappings": "rule:admin_required",
+    "identity:delete_mapping": "rule:admin_required",
+    "identity:update_mapping": "rule:admin_required",
+
+    "identity:get_auth_catalog": "",
+    "identity:get_auth_projects": "",
+    "identity:get_auth_domains": "",
+
+    "identity:list_projects_for_groups": "",
+    "identity:list_domains_for_groups": "",
+
+    "identity:list_revoke_events": "",
+
+    "identity:create_policy_association_for_endpoint": "rule:admin_required",
+    "identity:check_policy_association_for_endpoint": "rule:admin_required",
+    "identity:delete_policy_association_for_endpoint": "rule:admin_required",
+    "identity:create_policy_association_for_service": "rule:admin_required",
+    "identity:check_policy_association_for_service": "rule:admin_required",
+    "identity:delete_policy_association_for_service": "rule:admin_required",
+    "identity:create_policy_association_for_region_and_service": "rule:admin_required",
+    "identity:check_policy_association_for_region_and_service": "rule:admin_required",
+    "identity:delete_policy_association_for_region_and_service": "rule:admin_required",
+    "identity:get_policy_for_endpoint": "rule:admin_required",
+    "identity:list_endpoints_for_policy": "rule:admin_required"
+}
--- a/x/resources/keystone_service/actions/remove.yml
+++ b/x/resources/keystone_service/actions/remove.yml
--- a/x/resources/keystone_service/actions/run.yml
+++ b/x/resources/keystone_service/actions/run.yml
--- a/x/resources/keystone_service/meta.yaml
+++ b/x/resources/keystone_service/meta.yaml
@ -4,8 +4,8 @@ version: 1.0.0
 input:
    image: kollaglue/centos-rdo-keystone
    config_dir:
-    admin_port:
    port:
+    admin_port:
    ip:
    ssh_key:
    ssh_user:
--- a/x/resources/keystone_user/actions/remove.yml
+++ b/x/resources/keystone_user/actions/remove.yml
@ -0,0 +1,6 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - name: keystone user
+    - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ user={{user_name}} tenant={{tenant_name}} state=absent
+    - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ tenant={{tenant_name}} state=absent
--- a/x/resources/keystone_user/actions/run.yml
+++ b/x/resources/keystone_user/actions/run.yml
@ -0,0 +1,6 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - name: keystone user
+    - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ tenant={{tenant_name}} state=present
+    - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ user={{user_name}} password={{user_password}} tenant={{tenant_name}} state=present
--- a/x/resources/keystone_user/meta.yaml
+++ b/x/resources/keystone_user/meta.yaml
@ -0,0 +1,14 @@
+id: keystone_user
+handler: ansible
+version: 1.0.0
+input:
+    keystone_host:
+    keystone_port:
+    login_user:
+    login_token:
+    user_name:
+    user_password:
+    tenant_name:
+    ip:
+    ssh_key:
+    ssh_user:
--- a/x/resources/mariadb_user/actions/run.yml
+++ b/x/resources/mariadb_user/actions/run.yml
@ -6,6 +6,7 @@
        name: {{name}}
        password: {{password}}
        priv: {{db}}.*:ALL
+        host: '%'
        state: present
        login_user: root
        login_password: {{login_password}}