1. fabric changes for cloud admin access to contrail-analytics-api

Use the multi tenancy flag and the orchestrator to decide to enable or disable cloud admin access to contrail-analytics-api Conflicts: fabfile/testbeds/testbed_multibox_example.py fabfile/testbeds/testbed_singlebox_example.py Partial-Bug: #1461175 (cherry picked from commit 4ef98bb) 2. Fabric changes to rename analytics_multi_tenancy to analytics_aaa_mode Rename analytics_multi_tenancy to analytics_aaa_mode which can have values "no-auth" and "cloud-admin-only". Also set it to "cloud-admin-only" by default Partial-Bug: #1599654 (cherry picked from commit 0e2b8da) 3. Changes to bring analytics authenticated access in sync with config 1. Rename cloud-admin-only to cloud-admin for analytics AAA mode 2. Add parameter cloud_admin_role to allow users to set the cloud-admon role name in testbed.py Closes-Bug: #1607563 (cherry picked from commit c9c33da) Change-Id: I73ff8d47ccc2c693f4531cfc9d1b40eab16e70d7
Juniper · Aug 22, 2016 · c1ec7d9 · c1ec7d9
1 parent f9eaf67
commit c1ec7d9
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 2 deletions.
diff --git a/fabfile/tasks/syslogs.py b/fabfile/tasks/syslogs.py
@@ -2,7 +2,7 @@
 
 from fabfile.config import *
 from fabfile.utils.fabos import detect_ostype
-from fabfile.utils.host import get_env_passwords
+from fabfile.utils.host import get_env_passwords, get_authserver_credentials
 from fabric.contrib.files import exists
 
 @roles('all')
@@ -76,6 +76,8 @@ def get_cassandra_logs(duration = None):
         uptime_min=str(duration) + 'm'
         print "Duration value is %s . Collecting Cassandra logs for %s" %(uptime_min,uptime_min)
     cmd = "/usr/bin/contrail-logs --last %s --all" %(uptime_min)
+    admin_user, admin_password = get_authserver_credentials()
+    cmd += " --admin-user %s --admin-password %s" % (admin_user, admin_password)
     with settings(warn_only=True):
         sudo("%s >> /var/log/cassandra_log_%s_%s.log" %(cmd,e,a))
         sudo("gzip /var/log/cassandra_log_*" )

diff --git a/fabfile/testbeds/testbed_multibox_example.py b/fabfile/testbeds/testbed_multibox_example.py
@@ -365,6 +365,9 @@
 #To enable multi-tenancy feature
 #multi_tenancy = True
 
+#To enable analytics multi-tenancy feature
+#analytics_multi_tenancy = True
+
 #To Enable prallel execution of task in multiple nodes
 #do_parallel = True
 

diff --git a/fabfile/testbeds/testbed_singlebox_example.py b/fabfile/testbeds/testbed_singlebox_example.py
@@ -250,6 +250,9 @@
 #To enable multi-tenancy feature
 #multi_tenancy = True
 
+#To enable analytics multi-tenancy feature
+#analytics_multi_tenancy = True
+
 #To Enable prallel execution of task in multiple nodes
 #do_parallel = True
 

diff --git a/fabfile/utils/commandline.py b/fabfile/utils/commandline.py
@@ -190,6 +190,9 @@ def frame_vnc_config_cmd(host_string, cmd="setup-vnc-config"):
     if cassandra_user is not None:
         cmd += ' --cassandra_user %s' % (cassandra_user)
         cmd += ' --cassandra_password %s' % (cassandra_password)
+    cloud_admin_role = get_cloud_admin_role()
+    if cloud_admin_role:
+        cmd += " --cloud_admin_role %s" % cloud_admin_role
     return cmd
 
 def frame_vnc_vcenter_plugin_cmd(host_string, cmd="setup-vcenter-plugin"):
@@ -531,7 +534,8 @@ def frame_vnc_collector_cmd(host_string, cmd='setup-vnc-collector'):
     if analytics_redis_password is not None:
         cmd += "--redis_password %s " % analytics_redis_password
     cmd += "--kafka_enabled %s" % get_kafka_enabled()
-    if get_orchestrator() == 'openstack':
+    orchestrator = get_orchestrator()
+    if orchestrator == 'openstack':
         # Pass keystone arguments in case for openstack orchestrator
         ks_admin_user, ks_admin_password = get_authserver_credentials()
         cmd += " --keystone_ip %s" % get_authserver_ip()
@@ -552,5 +556,12 @@ def frame_vnc_collector_cmd(host_string, cmd='setup-vnc-collector'):
         cmd += " --cassandra_user %s" % cassandra_user
         cmd += " --cassandra_password %s" % cassandra_password
 
+    analytics_aaa_mode = get_analytics_aaa_mode()
+    if orchestrator != 'openstack':
+        analytics_aaa_mode = 'no-auth'
+    cmd += " --aaa_mode %s" % analytics_aaa_mode
+    cloud_admin_role = get_cloud_admin_role()
+    if cloud_admin_role:
+        cmd += " --cloud_admin_role %s" % cloud_admin_role
     return cmd
 
diff --git a/fabfile/utils/multitenancy.py b/fabfile/utils/multitenancy.py
@@ -6,6 +6,13 @@ def get_mt_enable():
     return getattr(testbed, 'multi_tenancy', True)
 #end _get_mt_ena
 
+def get_analytics_aaa_mode():
+    return getattr(testbed, 'analytics_aaa_mode', 'cloud-admin')
+# end get_analytics_mt_enable
+
+def get_cloud_admin_role():
+    return getattr(testbed, 'cloud_admin_role', '')
+
 def get_mt_opts():
     mt_opts = ''
     if get_mt_enable():