diff --git a/contrail_provisioning/collector/setup.py b/contrail_provisioning/collector/setup.py index 669d06f0..83f509ec 100755 --- a/contrail_provisioning/collector/setup.py +++ b/contrail_provisioning/collector/setup.py @@ -8,13 +8,9 @@ from contrail_provisioning.common.base import ContrailSetup from contrail_provisioning.collector.templates import contrail_query_engine_conf from contrail_provisioning.collector.templates import contrail_collector_conf -from contrail_provisioning.collector.templates import contrail_analytics_api_conf from contrail_provisioning.collector.templates import contrail_analytics_nodemgr_template from contrail_provisioning.collector.templates import redis_server_conf_template from contrail_provisioning.common.templates import contrail_database_template -from contrail_provisioning.collector.templates import contrail_collector_ini -from contrail_provisioning.collector.templates import contrail_query_engine_ini -from contrail_provisioning.collector.templates import contrail_analytics_api_ini class CollectorSetup(ContrailSetup): def __init__(self, args_str = None): @@ -34,7 +30,7 @@ def __init__(self, args_str = None): 'keystone_service_tenant_name' : 'service', 'keystone_auth_protocol': 'http', 'keystone_auth_port': '35357', - 'multi_tenancy': True, + 'aaa_mode': 'cloud-admin', } self.parse_args(args_str) @@ -88,8 +84,10 @@ def parse_args(self, args_str): help = "Connect to keystone in secure or insecure mode if in" + \ "https mode", default = 'False') - parser.add_argument("--multi_tenancy", help = "(Deprecated, defaults to True) Enforce resource permissions (implies token validation)", - action="store_true") + parser.add_argument("--aaa_mode", help="AAA mode", + choices=['no-auth', 'cloud-admin']) + parser.add_argument("--cloud_admin_role", + help="Name of cloud-admin role") parser.add_argument("--cassandra_user", help="Cassandra user name", default= None) parser.add_argument("--cassandra_password", help="Cassandra password", @@ -104,29 +102,35 @@ def fixup_config_files(self): self.fixup_contrail_topology() self.fixup_contrail_analytics_nodemgr() if not os.path.exists('/etc/contrail/contrail-keystone-auth.conf'): - self.fixup_keystone_auth_config_file() + self.fixup_keystone_auth_config_file(False) self.fixup_contrail_alarm_gen() - if self._args.cassandra_user is not None: - self.fixup_cassandra_config() - self.fixup_ini_files() + self.fixup_cassandra_config() + self.fixup_ini_files() - def fixup_ini_files(self): - collector_conf_files = ['/etc/contrail/contrail-collector.conf','/etc/contrail/contrail-database.conf'] - query_engine_conf_files = ['/etc/contrail/contrail-query-engine.conf','/etc/contrail/contrail-database.conf'] - analytics_api_conf_files = ['/etc/contrail/contrail-analytics-api.conf','/etc/contrail/contrail-database.conf'] - collector_template_vals = {'__contrail_collector_conf__': ' --conf_file '.join(collector_conf_files)} - query_engine_template_vals = {'__contrail_query_engine_conf__': ' --conf_file '.join(query_engine_conf_files)} - analytics_api_template_vals = {'__contrail_analytics_api_conf__': ' --conf_file '.join(analytics_api_conf_files)} - self._template_substitute_write(contrail_collector_ini.template, - collector_template_vals, self._temp_dir_name + '/contrail-collector.ini') - local("sudo mv %s/contrail-collector.ini /etc/contrail/supervisord_analytics_files/contrail-collector.ini" %(self._temp_dir_name)) - self._template_substitute_write(contrail_query_engine_ini.template, - query_engine_template_vals, self._temp_dir_name + '/contrail-query-engine.ini') - local("sudo mv %s/contrail-query-engine.ini /etc/contrail/supervisord_analytics_files/contrail-query-engine.ini" %(self._temp_dir_name)) - self._template_substitute_write(contrail_analytics_api_ini.template, - analytics_api_template_vals, self._temp_dir_name + '/contrail-analytics-api.ini') - local("sudo mv %s/contrail-analytics-api.ini /etc/contrail/supervisord_analytics_files/contrail-analytics-api.ini" %(self._temp_dir_name)) + def fixup_analytics_daemon_ini_file(self, daemon_name, conf_files=None): + dconf_files = [] + if conf_files: + dconf_files.extend(conf_files) + daemon_conf_file = '/etc/contrail/' + daemon_name + '.conf' + dconf_files.append(daemon_conf_file) + if self._args.cassandra_user: + database_conf = '/etc/contrail/contrail-database.conf' + dconf_files.append(database_conf) + ini_conf_cmd = ''.join([' --conf_file ' + conf_file for \ + conf_file in dconf_files]) + supervisor_dir = '/etc/contrail/supervisord_analytics_files' + bin_dir = '/usr/bin' + self.set_config(os.path.join(supervisor_dir, daemon_name + '.ini'), + 'program:' + daemon_name, 'command', + os.path.join(bin_dir, daemon_name) + ini_conf_cmd) + # end fixup_analytics_daemon_ini_file + def fixup_ini_files(self): + self.fixup_analytics_daemon_ini_file('contrail-collector') + self.fixup_analytics_daemon_ini_file('contrail-query-engine') + self.fixup_analytics_daemon_ini_file('contrail-analytics-api', + ['/etc/contrail/contrail-keystone-auth.conf']) + # end fixup_ini_files def fixup_cassandra_config(self): if self._args.cassandra_user: @@ -138,7 +142,7 @@ def fixup_cassandra_config(self): self._template_substitute_write(contrail_database_template.template, template_vals, self._temp_dir_name + '/contrail-collector-database.conf') local("sudo mv %s/contrail-collector-database.conf /etc/contrail/contrail-database.conf" %(self._temp_dir_name)) - + # end fixup_cassandra_config def fixup_contrail_alarm_gen(self): ALARM_GEN_CONF_FILE = '/etc/contrail/contrail-alarm-gen.conf' @@ -278,41 +282,54 @@ def fixup_contrail_query_engine(self): def fixup_contrail_analytics_api(self): ALARM_GEN_CONF_FILE = '/etc/contrail/contrail-alarm-gen.conf' conf_file = '/etc/contrail/contrail-analytics-api.conf' + with settings(warn_only=True): + local("[ -f %s ] || > %s" % (conf_file, conf_file)) rest_api_port = '8081' if self._args.internal_vip: rest_api_port = '9081' - template_vals = {'__contrail_log_file__' : '/var/log/contrail/contrail-analytics-api.log', - '__contrail_log_local__': '1', - '__contrail_log_category__': '', - '__contrail_log_level__': 'SYS_NOTICE', - '__contrail_redis_server_port__' : '6379', - '__contrail_redis_query_port__' : '6379', - '__contrail_http_server_port__' : '8090', - '__contrail_rest_api_port__' : rest_api_port, - '__contrail_host_ip__' : self._args.self_collector_ip, - '__contrail_discovery_ip__' : self._args.cfgm_ip, - '__contrail_discovery_port__' : 5998, - '__contrail_cassandra_server_list__' : ' '.join('%s:%s' % cassandra_server for cassandra_server in self.cassandra_server_list), - '__contrail_analytics_data_ttl__' : self._args.analytics_data_ttl, - '__contrail_config_audit_ttl__' : self._args.analytics_config_audit_ttl, - '__contrail_statistics_ttl__' : self._args.analytics_statistics_ttl, - '__contrail_flow_ttl__' : self._args.analytics_flow_ttl, - '__contrail_redis_password__' : ''} + config_vals = \ + { 'DEFAULTS' : { + 'log_file' : '/var/log/contrail/contrail-analytics-api.log', + 'log_local': 1, + 'log_category': '', + 'log_level': 'SYS_NOTICE', + 'http_server_port' : 8090, + 'rest_api_port' : rest_api_port, + 'host_ip' : self._args.self_collector_ip, + 'cassandra_server_list' : ' '.join('%s:%s' % cassandra_server for \ + cassandra_server in self.cassandra_server_list), + 'analytics_data_ttl' : self._args.analytics_data_ttl, + 'analytics_config_audit_ttl' : self._args.analytics_config_audit_ttl, + 'analytics_statistics_ttl' : self._args.analytics_statistics_ttl, + 'analytics_flow_ttl' : self._args.analytics_flow_ttl, + 'api_server' : self._args.cfgm_ip + ':8082', + 'aaa_mode' : self._args.aaa_mode, + }, + 'REDIS' : { + 'redis_server_port' : 6379, + 'redis_query_port' : 6379, + }, + 'DISCOVERY' : { + 'disc_server_ip' : self._args.cfgm_ip, + 'disc_server_port' : 5998, + }, + } if self._args.redis_password: - template_vals['__contrail_redis_password__'] = 'redis_password = '+ self._args.redis_password - self._template_substitute_write(contrail_analytics_api_conf.template, - template_vals, self._temp_dir_name + '/contrail-analytics-api.conf') - local("sudo mv %s/contrail-analytics-api.conf %s" % \ - (self._temp_dir_name, conf_file)) + config_vals['REDIS']['redis_password'] = self._args.redis_password + if self._args.cloud_admin_role: + config_vals['DEFAULTS']['cloud_admin_role'] = self._args.cloud_admin_role # pickup the number of partitions from alarmgen conf # if it isn't there, analytics-api conf should use defaults too try: pstr = self.get_config(ALARM_GEN_CONF_FILE, 'DEFAULTS', 'partitions') pint = int(pstr) - self.set_config(conf_file, 'DEFAULTS', 'partitions', pstr) + config_vals['DEFAULTS']['partitions'] = pstr except: - self.replace_in_file(conf_file, 'partitions', '') + config_vals['DEFAULTS']['partitions'] = '' + for section, parameter_values in config_vals.items(): + for parameter, value in parameter_values.items(): + self.set_config(conf_file, section, parameter, value) def load_redis_upstart_file(self): #copy the redis-server conf to init diff --git a/contrail_provisioning/collector/templates/contrail_analytics_api_conf.py b/contrail_provisioning/collector/templates/contrail_analytics_api_conf.py deleted file mode 100644 index 2439be67..00000000 --- a/contrail_provisioning/collector/templates/contrail_analytics_api_conf.py +++ /dev/null @@ -1,34 +0,0 @@ -import string - -template = string.Template(""" -[DEFAULTS] -host_ip = $__contrail_host_ip__ -cassandra_server_list=$__contrail_cassandra_server_list__ -#collectors = 127.0.0.1:8086 -http_server_port = $__contrail_http_server_port__ -rest_api_port = $__contrail_rest_api_port__ -rest_api_ip = 0.0.0.0 -log_local = $__contrail_log_local__ -log_level = $__contrail_log_level__ -log_category = $__contrail_log_category__ -log_file = $__contrail_log_file__ - -# Time-to-live in hours of the various data stored by collector into -# cassandra -# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl -# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl -# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl -analytics_data_ttl=$__contrail_analytics_data_ttl__ -analytics_config_audit_ttl=$__contrail_config_audit_ttl__ -analytics_statistics_ttl=$__contrail_statistics_ttl__ -analytics_flow_ttl=$__contrail_flow_ttl__ - -[DISCOVERY] -disc_server_ip = $__contrail_discovery_ip__ -disc_server_port = $__contrail_discovery_port__ - -[REDIS] -redis_server_port = $__contrail_redis_server_port__ -redis_query_port = $__contrail_redis_query_port__ -$__contrail_redis_password__ -""") diff --git a/contrail_provisioning/collector/templates/contrail_analytics_api_ini.py b/contrail_provisioning/collector/templates/contrail_analytics_api_ini.py deleted file mode 100644 index 2052abe4..00000000 --- a/contrail_provisioning/collector/templates/contrail_analytics_api_ini.py +++ /dev/null @@ -1,17 +0,0 @@ -import string - -template = string.Template(""" -[program:contrail-analytics-api] -command=/usr/bin/contrail-analytics-api --conf_file $__contrail_analytics_api_conf__ -priority=440 -autostart=true -killasgroup=true -stopsignal=KILL -stdout_capture_maxbytes=1MB -redirect_stderr=true -stdout_logfile=/var/log/contrail/contrail-analytics-api-stdout.log -stderr_logfile=/var/log/contrail/contrail-analytics-api-stderr.log -startsecs=5 -exitcodes=0 ; 'expected' exit codes for process (default 0,2) -user=contrail -""") diff --git a/contrail_provisioning/collector/templates/contrail_collector_ini.py b/contrail_provisioning/collector/templates/contrail_collector_ini.py deleted file mode 100644 index 5c52c81c..00000000 --- a/contrail_provisioning/collector/templates/contrail_collector_ini.py +++ /dev/null @@ -1,17 +0,0 @@ -import string - -template = string.Template(""" -[program:contrail-collector] -command=/usr/bin/contrail-collector --conf_file $__contrail_collector_conf__ -priority=420 -autostart=true -killasgroup=true -stopsignal=KILL -stdout_capture_maxbytes=1MB -redirect_stderr=true -stdout_logfile=/var/log/contrail/contrail-collector-stdout.log -stderr_logfile=/dev/null -startsecs=5 -exitcodes=0 ; 'expected' exit codes for process (default 0,2) -user=contrail -""") diff --git a/contrail_provisioning/collector/templates/contrail_query_engine_ini.py b/contrail_provisioning/collector/templates/contrail_query_engine_ini.py deleted file mode 100644 index 45c69176..00000000 --- a/contrail_provisioning/collector/templates/contrail_query_engine_ini.py +++ /dev/null @@ -1,17 +0,0 @@ -import string - -template = string.Template(""" -[program:contrail-query-engine] -command=/usr/bin/contrail-query-engine --conf_file $__contrail_query_engine_conf__ -priority=430 -autostart=true -killasgroup=true -stopsignal=KILL -stdout_capture_maxbytes=1MB -redirect_stderr=true -stdout_logfile=/var/log/contrail/contrail-query-engine-stdout.log -stderr_logfile=/dev/null -startsecs=5 -exitcodes=0 ; 'expected' exit codes for process (default 0,2) -user=contrail -""") diff --git a/contrail_provisioning/collector/upgrade.py b/contrail_provisioning/collector/upgrade.py index 2f467033..e4b5300c 100644 --- a/contrail_provisioning/collector/upgrade.py +++ b/contrail_provisioning/collector/upgrade.py @@ -60,7 +60,7 @@ def update_config(self): self.fixup_contrail_topology() # Create contrail-keystone-auth.conf if not os.path.exists('/etc/contrail/contrail-keystone-auth.conf'): - self.fixup_keystone_auth_config_file() + self.fixup_keystone_auth_config_file(False) # From 3.0: # 1. Alarmgen is enabled by default. @@ -126,6 +126,22 @@ def update_config(self): ' '.join('%s:%s' % (server.split(':')[0], '9042') for server \ in analytics_api_cass_server_list.split())) + # From 3.10: + # 1. contrail-analytics-api.conf provides access to only cloud admin + # role, API server VIP needs to be specified + # 2. contrail-keystone-auth.conf needs to be passed to + # contrail-analytics-api via contrail-analytics-api.ini + if (self._args.from_rel < LooseVersion('3.1') and + self._args.to_rel >= LooseVersion('3.1')): + analytics_api_conf = '/etc/contrail/contrail-analytics-api.conf' + self.set_config(analytics_api_conf, 'DEFAULTS', + 'aaa_mode', self._args.aaa_mode) + self.set_config(analytics_api_conf, 'DEFAULTS', 'api_server', + self._args.cfgm_ip + ':8082') + self.fixup_analytics_daemon_ini_file('contrail-analytics-api', + ['/etc/contrail/contrail-keystone-auth.conf']) + # end update_config + def main(): collector = CollectorUpgrade() collector.upgrade() diff --git a/contrail_provisioning/common/base.py b/contrail_provisioning/common/base.py index 389e126f..f36f0734 100644 --- a/contrail_provisioning/common/base.py +++ b/contrail_provisioning/common/base.py @@ -281,7 +281,7 @@ def setup_coredump(self): print "Ignoring failure when enabling kdump" print "Exception: %s" % str(e) - def fixup_keystone_auth_config_file(self): + def fixup_keystone_auth_config_file(self, configure_memcache): # Keystone auth config ini template_vals = { '__contrail_keystone_ip__': self._args.keystone_ip, @@ -291,7 +291,7 @@ def fixup_keystone_auth_config_file(self): '__contrail_ks_auth_protocol__': self._args.keystone_auth_protocol, '__contrail_ks_auth_port__': self._args.keystone_auth_port, '__keystone_insecure_flag__': self._args.keystone_insecure, - '__contrail_memcached_opt__': 'memcache_servers=127.0.0.1:11211' if self._args.multi_tenancy else '', + '__contrail_memcached_opt__': 'memcache_servers=127.0.0.1:11211' if configure_memcache else '', } self._template_substitute_write(contrail_keystone_auth_conf.template, template_vals, self._temp_dir_name + '/contrail-keystone-auth.conf') diff --git a/contrail_provisioning/config/openstack.py b/contrail_provisioning/config/openstack.py index 39019e5d..6758aa15 100755 --- a/contrail_provisioning/config/openstack.py +++ b/contrail_provisioning/config/openstack.py @@ -23,7 +23,7 @@ def __init__(self, config_args, args_str=None): def fixup_config_files(self): self.fixup_cassandra_config() - self.fixup_keystone_auth_config_file() + self.fixup_keystone_auth_config_file(self._args.multi_tenancy) self.fixup_ifmap_config_files() self.fixup_contrail_api_config_file() config_files = [