From dd2d03e035ec553d6064398b58c09ff12156b7d4 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Tue, 4 Jun 2024 08:41:12 +0200 Subject: [PATCH 01/10] Fix context in ubuntu 24 --- contextualization/conf-ansible.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/contextualization/conf-ansible.yml b/contextualization/conf-ansible.yml index 1da87a2c..8e0b9e59 100644 --- a/contextualization/conf-ansible.yml +++ b/contextualization/conf-ansible.yml @@ -155,11 +155,26 @@ extra_args: --prefer-binary --break-system-packages when: ansible_python_version is version('3.11', '>=') - - name: Install cryptography & pyOpenSSL & pyyaml & wheel + - name: Install cryptography & pyOpenSSL in py3.11- pip: name: - cryptography>36.0.0,<39.0.0 - pyOpenSSL>20.0,<22.1.0 + executable: pip3 + extra_args: "{{ extra_args }}" + when: ansible_python_version is version('3.11', '<') + + - name: Install cryptography & pyOpenSSL in py3.11+ + pip: + name: cryptography>36.0.0 + name: pyOpenSSL>20.0 + executable: pip3 + extra_args: "{{ extra_args }}" + when: ansible_python_version is version('3.11', '>=') + + - name: Install pyyaml, wheel, paramiko and packaging + pip: + name: - wheel - pyyaml - paramiko>=2.9.5 From 3f34c81e1ec45d15e6f0dd9163e8388ccdbfbcaf Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Tue, 4 Jun 2024 09:50:26 +0200 Subject: [PATCH 02/10] Fix context in old distros --- contextualization/conf-ansible.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contextualization/conf-ansible.yml b/contextualization/conf-ansible.yml index 8e0b9e59..499614d2 100644 --- a/contextualization/conf-ansible.yml +++ b/contextualization/conf-ansible.yml @@ -125,6 +125,8 @@ pip: name: pip>18.0,<21.0 executable: pip3 + extra_args: --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-ho +st pypi.python.org when: ansible_python_version is version('3.7', '<') - name: Upgrade pip in py3.7-py3.8 From fed9cf0b7f2545f715ea415ef17fc9a0ac43f138 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Tue, 4 Jun 2024 09:55:38 +0200 Subject: [PATCH 03/10] Fix typo --- contextualization/conf-ansible.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/contextualization/conf-ansible.yml b/contextualization/conf-ansible.yml index 499614d2..6f84ac94 100644 --- a/contextualization/conf-ansible.yml +++ b/contextualization/conf-ansible.yml @@ -125,8 +125,7 @@ pip: name: pip>18.0,<21.0 executable: pip3 - extra_args: --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-ho -st pypi.python.org + extra_args: --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org when: ansible_python_version is version('3.7', '<') - name: Upgrade pip in py3.7-py3.8 From 5943edcdce1727e244e4905ac392d8e72318ea32 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Tue, 4 Jun 2024 09:58:12 +0200 Subject: [PATCH 04/10] Add comment --- contextualization/conf-ansible.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/contextualization/conf-ansible.yml b/contextualization/conf-ansible.yml index 6f84ac94..67a03f29 100644 --- a/contextualization/conf-ansible.yml +++ b/contextualization/conf-ansible.yml @@ -125,6 +125,7 @@ pip: name: pip>18.0,<21.0 executable: pip3 + # in some old distros we need to trust in the pypi to avoid SSL errors extra_args: --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org when: ansible_python_version is version('3.7', '<') From 9e732baaff1780ff503f765a970df909e6e151e6 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Tue, 4 Jun 2024 16:42:28 +0200 Subject: [PATCH 05/10] Add info about getting EGI token --- doc/source/REST.rst | 2 ++ doc/source/client.rst | 21 ++++++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/doc/source/REST.rst b/doc/source/REST.rst index d8f8f65d..56bda17f 100644 --- a/doc/source/REST.rst +++ b/doc/source/REST.rst @@ -14,6 +14,8 @@ using "\\n" as separator. If the content cannot be parsed successfully, or the u password are not valid, it is returned the HTTP error code 401. In case that Vault support has been configured (:ref:`vault-creds`) also a Bearer authorization header is supported, using the same access token to authenticate with the Vault server. +In case of using EGI Check-in authentication, see :ref:`egi-auth` to know how to get +a valid token. Next tables summaries the resources and the HTTP methods available. diff --git a/doc/source/client.rst b/doc/source/client.rst index b4601c31..2d96a01f 100644 --- a/doc/source/client.rst +++ b/doc/source/client.rst @@ -465,8 +465,10 @@ So the auth line will be like that:: id = ost; type = OpenStack; host = https://ostserver:5000; username = indigo-dc; tenant = oidc; password = iam_token_value; auth_version = 3.x_oidc_access_token -EGI FedCloud specific parameters -******************************* +.. _egi-auth: + +EGI Cloud Compute specific parameters +************************************* To use the EGI CheckIn to authenticate with a Keystone server properly configured the parameters are the following (see more info at `EGI Documentation `_): @@ -486,9 +488,22 @@ From IM version 1.10.2 the EGI connector is available and you can also use this id = egi; type = EGI; host = CESGA; vo = vo.access.egi.eu; token = egi_aai_token_value In this case the information needed to access the OpenStack API of the EGI FedCloud site will be obtained from -`AppDB REST API `_). This connector is recommended for non advanced users. If you +`AppDB REST API `_. This connector is recommended for non advanced users. If you can get the data to access the OpenStack API directly it is recommened to use it. +There are several ways to get the EGI AAI token: + +* One of them is using the `oidc-agent `_, configuring the + `EGI CheckIn as a provider `_. + Then you can get the token using the command keyworkd in the auth file:: + + token = command(oidc-token OIDC_ACCOUNT) + +* Another way is using the IM-Dashboard (:ref:`use-dashboard`). In the "Advanced" menu, the "Settings" + item enables getting the some configuration settings as the OIDC issuer or the current user's + access token. + + Open Telekom Cloud ++++++++++++++++++ From 869dfc7bdc64c261b4a7761971df685b68176f21 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Wed, 5 Jun 2024 09:52:02 +0200 Subject: [PATCH 06/10] Minor change --- doc/source/REST.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/source/REST.rst b/doc/source/REST.rst index 56bda17f..3334f41b 100644 --- a/doc/source/REST.rst +++ b/doc/source/REST.rst @@ -14,6 +14,7 @@ using "\\n" as separator. If the content cannot be parsed successfully, or the u password are not valid, it is returned the HTTP error code 401. In case that Vault support has been configured (:ref:`vault-creds`) also a Bearer authorization header is supported, using the same access token to authenticate with the Vault server. + In case of using EGI Check-in authentication, see :ref:`egi-auth` to know how to get a valid token. From 27da22ee222996b591640423228058b39ffe4510 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 6 Jun 2024 11:03:50 +0200 Subject: [PATCH 07/10] try to use default nets first --- IM/connectors/OpenStack.py | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/IM/connectors/OpenStack.py b/IM/connectors/OpenStack.py index 8c8ea47b..3b24348d 100644 --- a/IM/connectors/OpenStack.py +++ b/IM/connectors/OpenStack.py @@ -880,11 +880,22 @@ def get_ost_network_info(driver, pool_names): # let's assume that is not public ost_net.extra['is_public'] = False - # set the networks with the default work in its name first - res = ([ost_net for ost_net in ost_nets if "default" in ost_net.name] + - [ost_net for ost_net in ost_nets if "default" not in ost_net.name]) + # set first the networks with the default word in its name + # or with the "is_default" extra field set to True + # or with a tag "default" + first = [] + last = [] + for ost_net in ost_nets: + if ( + "default" in ost_net.name or + "is_default" in ost_net.extra and ost_net.extra['is_default'] or + "tags" in ost_net.extra and "default" in ost_net.extra['tags'] + ): + first.append(ost_net) + else: + last.append(ost_net) - return get_subnets, res + return get_subnets, first + last @staticmethod def map_networks(radl, ost_nets): From 578e73ff4750fb7f45a713dd15ffff590b9a1297 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 6 Jun 2024 11:05:11 +0200 Subject: [PATCH 08/10] use wait for --- IM/ConfManager.py | 4 ++-- IM/connectors/OpenNebula.py | 2 +- contextualization/basic.yml | 2 +- contextualization/conf-ansible.yml | 2 +- doc/source/xmlrpc.rst | 2 +- doc/swagger_api.yaml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/IM/ConfManager.py b/IM/ConfManager.py index 7bf2de34..c2494143 100644 --- a/IM/ConfManager.py +++ b/IM/ConfManager.py @@ -1100,7 +1100,7 @@ def wait_vm_running(self, vm, timeout): Arguments: - vm(:py:class:`IM.VirtualMachine`): VM to be running. - - timeout(int): Max time to wait the VM to be running. + - timeout(int): Max time to wait for the VM to be running. Returns: True if all the VMs are running or false otherwise """ delay = Config.CHECK_CTXT_PROCESS_INTERVAL @@ -1132,7 +1132,7 @@ def wait_vm_ssh_acccess(self, vm, timeout): Arguments: - vm(:py:class:`IM.VirtualMachine`): VM to check. - - timeout(int): Max time to wait the VM to be to have the SSH port opened. + - timeout(int): Max time to wait for the VM to be to have the SSH port opened. Returns: True if the VM have the SSH port open or false otherwise """ delay = 10 diff --git a/IM/connectors/OpenNebula.py b/IM/connectors/OpenNebula.py index 06dc9761..26357ac9 100644 --- a/IM/connectors/OpenNebula.py +++ b/IM/connectors/OpenNebula.py @@ -1069,7 +1069,7 @@ def alterVM(self, vm, radl, auth_data): if not success: return (False, info) - # TODO: wait the VM to be running + # TODO: wait for the VM to be running time.sleep(5) success, info = self.attach_new_disks(vm, system, session_id) diff --git a/contextualization/basic.yml b/contextualization/basic.yml index e894d98e..e0f4dbe2 100644 --- a/contextualization/basic.yml +++ b/contextualization/basic.yml @@ -10,7 +10,7 @@ ignore_errors: yes changed_when: false - - name: Wait the VM to boot + - name: Wait for the VM to boot raw: systemctl is-system-running --wait ignore_errors: yes changed_when: false diff --git a/contextualization/conf-ansible.yml b/contextualization/conf-ansible.yml index 67a03f29..d07659a6 100644 --- a/contextualization/conf-ansible.yml +++ b/contextualization/conf-ansible.yml @@ -20,7 +20,7 @@ ignore_errors: yes changed_when: false - - name: Wait the VM to boot + - name: Wait for the VM to boot raw: systemctl is-system-running --wait ignore_errors: yes changed_when: false diff --git a/doc/source/xmlrpc.rst b/doc/source/xmlrpc.rst index 3bbb37c3..e993811b 100644 --- a/doc/source/xmlrpc.rst +++ b/doc/source/xmlrpc.rst @@ -70,7 +70,7 @@ This is the list of method names: Create and configure an infrastructure with the requirements specified in the RADL document passed as string. Return the ID associated to the created - infrastructure. If ``async`` is set to ``True`` the call will not wait the VMs + infrastructure. If ``async`` is set to ``True`` the call will not wait forthe VMs to be created. ``GetInfrastructureInfo`` diff --git a/doc/swagger_api.yaml b/doc/swagger_api.yaml index 29cd8425..114b04d6 100644 --- a/doc/swagger_api.yaml +++ b/doc/swagger_api.yaml @@ -99,7 +99,7 @@ paths: in: query description: >- The async parameter is optional and is a flag to specify if the call - will not wait the VMs to be created. + will not wait for the VMs to be created. required: false schema: type: string From a835f422443b5b4c915a00f3221c55c4dceed9c5 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 6 Jun 2024 11:14:46 +0200 Subject: [PATCH 09/10] fix style --- IM/connectors/OpenStack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/IM/connectors/OpenStack.py b/IM/connectors/OpenStack.py index 3b24348d..b9ed19bf 100644 --- a/IM/connectors/OpenStack.py +++ b/IM/connectors/OpenStack.py @@ -890,7 +890,7 @@ def get_ost_network_info(driver, pool_names): "default" in ost_net.name or "is_default" in ost_net.extra and ost_net.extra['is_default'] or "tags" in ost_net.extra and "default" in ost_net.extra['tags'] - ): + ): first.append(ost_net) else: last.append(ost_net) From e370426b8f53c04528c21f8ba0dfcea1738f1d5d Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 6 Jun 2024 11:39:44 +0200 Subject: [PATCH 10/10] try to use default nets first --- IM/connectors/OpenStack.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/IM/connectors/OpenStack.py b/IM/connectors/OpenStack.py index b9ed19bf..9565478b 100644 --- a/IM/connectors/OpenStack.py +++ b/IM/connectors/OpenStack.py @@ -889,7 +889,8 @@ def get_ost_network_info(driver, pool_names): if ( "default" in ost_net.name or "is_default" in ost_net.extra and ost_net.extra['is_default'] or - "tags" in ost_net.extra and "default" in ost_net.extra['tags'] + "tags" in ost_net.extra and "default" in ost_net.extra['tags'] or + "description" in ost_net.extra and "default" in ost_net.extra['description'] ): first.append(ost_net) else: