From 5326d7f76b48e93bd74d9539febe1f41bbf3f286 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Wed, 28 Jul 2010 22:41:49 -0700 Subject: Fix deprecation warning in AuthManager. __new__ isn't allowed to take args. --- nova/auth/manager.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'nova') diff --git a/nova/auth/manager.py b/nova/auth/manager.py index 2da53a736..2360c1a5c 100644 --- a/nova/auth/manager.py +++ b/nova/auth/manager.py @@ -24,7 +24,6 @@ import logging import os import shutil import string -import sys import tempfile import uuid import zipfile @@ -322,11 +321,10 @@ class AuthManager(object): need to be more accessible, such as vpn ips and ports. """ _instance=None - def __new__(cls, *args, **kwargs): + def __new__(cls): """Returns the AuthManager singleton""" if not cls._instance: - cls._instance = super(AuthManager, cls).__new__( - cls, *args, **kwargs) + cls._instance = super(AuthManager, cls).__new__(cls) return cls._instance def __init__(self, driver=None, *args, **kwargs): -- cgit From f8e7f79833b545a2812d0161f769271621fdf33c Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Wed, 28 Jul 2010 23:19:07 -0700 Subject: oops retry and add extra exception check --- nova/auth/manager.py | 2 +- nova/utils.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'nova') diff --git a/nova/auth/manager.py b/nova/auth/manager.py index 2360c1a5c..b690176bb 100644 --- a/nova/auth/manager.py +++ b/nova/auth/manager.py @@ -321,7 +321,7 @@ class AuthManager(object): need to be more accessible, such as vpn ips and ports. """ _instance=None - def __new__(cls): + def __new__(cls, *args, **kwargs): """Returns the AuthManager singleton""" if not cls._instance: cls._instance = super(AuthManager, cls).__new__(cls) diff --git a/nova/utils.py b/nova/utils.py index 0016b656e..0b23de7cd 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -41,7 +41,7 @@ def import_class(import_str): try: __import__(mod_str) return getattr(sys.modules[mod_str], class_str) - except (ImportError, AttributeError): + except (ImportError, ValueError, AttributeError): raise exception.NotFound('Class %s cannot be found' % class_str) def fetchfile(url, target): -- cgit From 16e89bad15f5665a5f46c0bdcdfab1b7f3df4039 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 29 Jul 2010 17:58:44 -0700 Subject: flag for libvirt type --- nova/compute/libvirt.xml.template | 2 +- nova/virt/libvirt_conn.py | 13 +++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) (limited to 'nova') diff --git a/nova/compute/libvirt.xml.template b/nova/compute/libvirt.xml.template index a763e8a4d..a17cd8fae 100644 --- a/nova/compute/libvirt.xml.template +++ b/nova/compute/libvirt.xml.template @@ -1,7 +1,7 @@ %(name)s - hvm + %(type)s %(basepath)s/kernel %(basepath)s/ramdisk root=/dev/vda1 console=ttyS0 diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index c545e4190..e37444f63 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -48,6 +48,10 @@ flags.DEFINE_string('libvirt_xml_template', utils.abspath('compute/libvirt.xml.template'), 'Libvirt XML Template') +flags.DEFINE_string('libvirt_type', + 'hvm', + 'Libvirt virtualization type (hvm, qemu, etc)') + def get_connection(read_only): # These are loaded late so that there's no need to install these # libraries when not using libvirt. @@ -235,6 +239,7 @@ class LibvirtConnection(object): # TODO(termie): lazy lazy hack because xml is annoying xml_info['nova'] = json.dumps(instance.datamodel.copy()) + xml_info['type'] = FLAGS.libvirt_type libvirt_xml = libvirt_xml % xml_info logging.debug("Finished the toXML method") @@ -255,7 +260,7 @@ class LibvirtConnection(object): """ Note that this function takes an instance ID, not an Instance, so that it can be called by monitor. - + Returns a list of all block devices for this domain. """ domain = self._conn.lookupByName(instance_id) @@ -298,7 +303,7 @@ class LibvirtConnection(object): """ Note that this function takes an instance ID, not an Instance, so that it can be called by monitor. - + Returns a list of all network interfaces for this instance. """ domain = self._conn.lookupByName(instance_id) @@ -341,7 +346,7 @@ class LibvirtConnection(object): """ Note that this function takes an instance ID, not an Instance, so that it can be called by monitor. - """ + """ domain = self._conn.lookupByName(instance_id) return domain.blockStats(disk) @@ -350,6 +355,6 @@ class LibvirtConnection(object): """ Note that this function takes an instance ID, not an Instance, so that it can be called by monitor. - """ + """ domain = self._conn.lookupByName(instance_id) return domain.interfaceStats(interface) -- cgit From 80b79a923bc6fb331daaf6960e6353c700b89c41 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Fri, 30 Jul 2010 11:19:03 -0700 Subject: use the right tag --- nova/compute/libvirt.xml.template | 5 ++--- nova/virt/libvirt_conn.py | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) (limited to 'nova') diff --git a/nova/compute/libvirt.xml.template b/nova/compute/libvirt.xml.template index a17cd8fae..307f9d03a 100644 --- a/nova/compute/libvirt.xml.template +++ b/nova/compute/libvirt.xml.template @@ -1,7 +1,7 @@ - + %(name)s - %(type)s + hvm %(basepath)s/kernel %(basepath)s/ramdisk root=/dev/vda1 console=ttyS0 @@ -12,7 +12,6 @@ %(memory_kb)s %(vcpus)s - /usr/bin/kvm diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index e37444f63..74ab1f895 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -25,7 +25,6 @@ import json import logging import os.path import shutil -import sys from twisted.internet import defer from twisted.internet import task @@ -49,8 +48,8 @@ flags.DEFINE_string('libvirt_xml_template', 'Libvirt XML Template') flags.DEFINE_string('libvirt_type', - 'hvm', - 'Libvirt virtualization type (hvm, qemu, etc)') + 'kvm', + 'Libvirt domain type (kvm, qemu, etc)') def get_connection(read_only): # These are loaded late so that there's no need to install these -- cgit From 1934cbb0413f074213b1aeeda605d9b49055c581 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Fri, 30 Jul 2010 15:19:41 -0700 Subject: Fixes access key passing in curl statement. --- nova/auth/manager.py | 4 ++++ nova/endpoint/images.py | 18 +++++++++++------- nova/virt/images.py | 14 +++++++++----- nova/virt/libvirt_conn.py | 16 ++++++++-------- 4 files changed, 32 insertions(+), 20 deletions(-) (limited to 'nova') diff --git a/nova/auth/manager.py b/nova/auth/manager.py index 2da53a736..ca9f4fc86 100644 --- a/nova/auth/manager.py +++ b/nova/auth/manager.py @@ -419,6 +419,10 @@ class AuthManager(object): raise exception.NotAuthorized('Signature does not match') return (user, project) + def get_access_key(self, user, project): + """Get an access key that includes user and project""" + return "%s:%s" % (User.safe_id(user), Project.safe_id(project)) + def is_superuser(self, user): """Checks for superuser status, allowing user to bypass rbac diff --git a/nova/endpoint/images.py b/nova/endpoint/images.py index 32f7cc228..fe7cb5d11 100644 --- a/nova/endpoint/images.py +++ b/nova/endpoint/images.py @@ -27,6 +27,7 @@ import urllib from nova import flags from nova import utils +from nova.auth import manager FLAGS = flags.FLAGS @@ -75,13 +76,16 @@ def deregister(context, image_id): query_args=qs({'image_id': image_id})) def conn(context): - return boto.s3.connection.S3Connection ( - aws_access_key_id=str('%s:%s' % (context.user.access, context.project.name)), - aws_secret_access_key=str(context.user.secret), - is_secure=False, - calling_format=boto.s3.connection.OrdinaryCallingFormat(), - port=FLAGS.s3_port, - host=FLAGS.s3_host) + access = manager.AuthManager().get_access_key(context.user, + context.project) + secret = str(context.user.secret) + calling = boto.s3.connection.OrdinaryCallingFormat() + return boto.s3.connection.S3Connection(aws_access_key_id=access, + aws_secret_access_key=secret, + is_secure=False, + calling_format=calling, + port=FLAGS.s3_port, + host=FLAGS.s3_host) def qs(params): diff --git a/nova/virt/images.py b/nova/virt/images.py index 92210e242..872eb6d6a 100644 --- a/nova/virt/images.py +++ b/nova/virt/images.py @@ -27,6 +27,7 @@ import time from nova import flags from nova import process from nova.auth import signer +from nova.auth import manager FLAGS = flags.FLAGS @@ -34,14 +35,14 @@ flags.DEFINE_bool('use_s3', True, 'whether to get images from s3 or use local copy') -def fetch(image, path, user): +def fetch(image, path, user, project): if FLAGS.use_s3: f = _fetch_s3_image else: f = _fetch_local_image - return f(image, path, user) + return f(image, path, user, project) -def _fetch_s3_image(image, path, user): +def _fetch_s3_image(image, path, user, project): url = _image_url('%s/image' % image) # This should probably move somewhere else, like e.g. a download_as @@ -51,8 +52,11 @@ def _fetch_s3_image(image, path, user): headers['Date'] = time.strftime("%a, %d %b %Y %H:%M:%S GMT", time.gmtime()) uri = '/' + url.partition('/')[2] - auth = signer.Signer(user.secret.encode()).s3_authorization(headers, 'GET', uri) - headers['Authorization'] = 'AWS %s:%s' % (user.access, auth) + access = manager.AuthManager().get_access_key(user, project) + signature = signer.Signer(user.secret.encode()).s3_authorization(headers, + 'GET', + uri) + headers['Authorization'] = 'AWS %s:%s' % (access, signature) cmd = ['/usr/bin/curl', '--silent', url] for (k,v) in headers.iteritems(): diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index c545e4190..b3d514add 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -25,7 +25,6 @@ import json import logging import os.path import shutil -import sys from twisted.internet import defer from twisted.internet import task @@ -187,12 +186,13 @@ class LibvirtConnection(object): f.close() user = manager.AuthManager().get_user(data['user_id']) + project = manager.AuthManager().get_project(data['project_id']) if not os.path.exists(basepath('disk')): - yield images.fetch(data['image_id'], basepath('disk-raw'), user) + yield images.fetch(data['image_id'], basepath('disk-raw'), user, project) if not os.path.exists(basepath('kernel')): - yield images.fetch(data['kernel_id'], basepath('kernel'), user) + yield images.fetch(data['kernel_id'], basepath('kernel'), user, project) if not os.path.exists(basepath('ramdisk')): - yield images.fetch(data['ramdisk_id'], basepath('ramdisk'), user) + yield images.fetch(data['ramdisk_id'], basepath('ramdisk'), user, project) execute = lambda cmd, input=None: \ process.simple_execute(cmd=cmd, @@ -255,7 +255,7 @@ class LibvirtConnection(object): """ Note that this function takes an instance ID, not an Instance, so that it can be called by monitor. - + Returns a list of all block devices for this domain. """ domain = self._conn.lookupByName(instance_id) @@ -298,7 +298,7 @@ class LibvirtConnection(object): """ Note that this function takes an instance ID, not an Instance, so that it can be called by monitor. - + Returns a list of all network interfaces for this instance. """ domain = self._conn.lookupByName(instance_id) @@ -341,7 +341,7 @@ class LibvirtConnection(object): """ Note that this function takes an instance ID, not an Instance, so that it can be called by monitor. - """ + """ domain = self._conn.lookupByName(instance_id) return domain.blockStats(disk) @@ -350,6 +350,6 @@ class LibvirtConnection(object): """ Note that this function takes an instance ID, not an Instance, so that it can be called by monitor. - """ + """ domain = self._conn.lookupByName(instance_id) return domain.interfaceStats(interface) -- cgit From 490a97783b97c5753692099c4d7f609e29a8f74e Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Fri, 30 Jul 2010 15:36:11 -0700 Subject: use user.access instead of user.id --- nova/auth/manager.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'nova') diff --git a/nova/auth/manager.py b/nova/auth/manager.py index ca9f4fc86..bf3a3556d 100644 --- a/nova/auth/manager.py +++ b/nova/auth/manager.py @@ -421,7 +421,9 @@ class AuthManager(object): def get_access_key(self, user, project): """Get an access key that includes user and project""" - return "%s:%s" % (User.safe_id(user), Project.safe_id(project)) + if not isinstance(user, User): + user = self.get_user(user) + return "%s:%s" % (user.access, Project.safe_id(project)) def is_superuser(self, user): """Checks for superuser status, allowing user to bypass rbac -- cgit