From c1ec7d90fdea91d0453efecb68c1d27f333248a1 Mon Sep 17 00:00:00 2001 From: Megh Bhatt Date: Mon, 13 Jun 2016 19:26:54 -0700 Subject: [PATCH] 1. fabric changes for cloud admin access to contrail-analytics-api Use the multi tenancy flag and the orchestrator to decide to enable or disable cloud admin access to contrail-analytics-api Conflicts: fabfile/testbeds/testbed_multibox_example.py fabfile/testbeds/testbed_singlebox_example.py Partial-Bug: #1461175 (cherry picked from commit 4ef98bb9a1540495e1e99e6dcde480fd292de3d9) 2. Fabric changes to rename analytics_multi_tenancy to analytics_aaa_mode Rename analytics_multi_tenancy to analytics_aaa_mode which can have values "no-auth" and "cloud-admin-only". Also set it to "cloud-admin-only" by default Partial-Bug: #1599654 (cherry picked from commit 0e2b8dab64a704fe01415b71365e23e618e783a5) 3. Changes to bring analytics authenticated access in sync with config 1. Rename cloud-admin-only to cloud-admin for analytics AAA mode 2. Add parameter cloud_admin_role to allow users to set the cloud-admon role name in testbed.py Closes-Bug: #1607563 (cherry picked from commit c9c33da72474854ec0d4e12bbce593d278d7b378) Change-Id: I73ff8d47ccc2c693f4531cfc9d1b40eab16e70d7 --- fabfile/tasks/syslogs.py | 4 +++- fabfile/testbeds/testbed_multibox_example.py | 3 +++ fabfile/testbeds/testbed_singlebox_example.py | 3 +++ fabfile/utils/commandline.py | 13 ++++++++++++- fabfile/utils/multitenancy.py | 7 +++++++ 5 files changed, 28 insertions(+), 2 deletions(-) diff --git a/fabfile/tasks/syslogs.py b/fabfile/tasks/syslogs.py index 2c0438236..6b1bb4f2f 100644 --- a/fabfile/tasks/syslogs.py +++ b/fabfile/tasks/syslogs.py @@ -2,7 +2,7 @@ from fabfile.config import * from fabfile.utils.fabos import detect_ostype -from fabfile.utils.host import get_env_passwords +from fabfile.utils.host import get_env_passwords, get_authserver_credentials from fabric.contrib.files import exists @roles('all') @@ -76,6 +76,8 @@ def get_cassandra_logs(duration = None): uptime_min=str(duration) + 'm' print "Duration value is %s . Collecting Cassandra logs for %s" %(uptime_min,uptime_min) cmd = "/usr/bin/contrail-logs --last %s --all" %(uptime_min) + admin_user, admin_password = get_authserver_credentials() + cmd += " --admin-user %s --admin-password %s" % (admin_user, admin_password) with settings(warn_only=True): sudo("%s >> /var/log/cassandra_log_%s_%s.log" %(cmd,e,a)) sudo("gzip /var/log/cassandra_log_*" ) diff --git a/fabfile/testbeds/testbed_multibox_example.py b/fabfile/testbeds/testbed_multibox_example.py index e369252cb..ac3f66ca0 100644 --- a/fabfile/testbeds/testbed_multibox_example.py +++ b/fabfile/testbeds/testbed_multibox_example.py @@ -365,6 +365,9 @@ #To enable multi-tenancy feature #multi_tenancy = True +#To enable analytics multi-tenancy feature +#analytics_multi_tenancy = True + #To Enable prallel execution of task in multiple nodes #do_parallel = True diff --git a/fabfile/testbeds/testbed_singlebox_example.py b/fabfile/testbeds/testbed_singlebox_example.py index 794eab3b6..c859191fe 100644 --- a/fabfile/testbeds/testbed_singlebox_example.py +++ b/fabfile/testbeds/testbed_singlebox_example.py @@ -250,6 +250,9 @@ #To enable multi-tenancy feature #multi_tenancy = True +#To enable analytics multi-tenancy feature +#analytics_multi_tenancy = True + #To Enable prallel execution of task in multiple nodes #do_parallel = True diff --git a/fabfile/utils/commandline.py b/fabfile/utils/commandline.py index e6054d72f..ec4539d3d 100644 --- a/fabfile/utils/commandline.py +++ b/fabfile/utils/commandline.py @@ -190,6 +190,9 @@ def frame_vnc_config_cmd(host_string, cmd="setup-vnc-config"): if cassandra_user is not None: cmd += ' --cassandra_user %s' % (cassandra_user) cmd += ' --cassandra_password %s' % (cassandra_password) + cloud_admin_role = get_cloud_admin_role() + if cloud_admin_role: + cmd += " --cloud_admin_role %s" % cloud_admin_role return cmd def frame_vnc_vcenter_plugin_cmd(host_string, cmd="setup-vcenter-plugin"): @@ -531,7 +534,8 @@ def frame_vnc_collector_cmd(host_string, cmd='setup-vnc-collector'): if analytics_redis_password is not None: cmd += "--redis_password %s " % analytics_redis_password cmd += "--kafka_enabled %s" % get_kafka_enabled() - if get_orchestrator() == 'openstack': + orchestrator = get_orchestrator() + if orchestrator == 'openstack': # Pass keystone arguments in case for openstack orchestrator ks_admin_user, ks_admin_password = get_authserver_credentials() cmd += " --keystone_ip %s" % get_authserver_ip() @@ -552,5 +556,12 @@ def frame_vnc_collector_cmd(host_string, cmd='setup-vnc-collector'): cmd += " --cassandra_user %s" % cassandra_user cmd += " --cassandra_password %s" % cassandra_password + analytics_aaa_mode = get_analytics_aaa_mode() + if orchestrator != 'openstack': + analytics_aaa_mode = 'no-auth' + cmd += " --aaa_mode %s" % analytics_aaa_mode + cloud_admin_role = get_cloud_admin_role() + if cloud_admin_role: + cmd += " --cloud_admin_role %s" % cloud_admin_role return cmd diff --git a/fabfile/utils/multitenancy.py b/fabfile/utils/multitenancy.py index 4ad0dd81f..5e2ef4c9f 100644 --- a/fabfile/utils/multitenancy.py +++ b/fabfile/utils/multitenancy.py @@ -6,6 +6,13 @@ def get_mt_enable(): return getattr(testbed, 'multi_tenancy', True) #end _get_mt_ena +def get_analytics_aaa_mode(): + return getattr(testbed, 'analytics_aaa_mode', 'cloud-admin') +# end get_analytics_mt_enable + +def get_cloud_admin_role(): + return getattr(testbed, 'cloud_admin_role', '') + def get_mt_opts(): mt_opts = '' if get_mt_enable():