func (c *Config) loadAndValidate() error {
if c.EndpointType != "internal" && c.EndpointType != "internalURL" &&
c.EndpointType != "admin" && c.EndpointType != "adminURL" &&
c.EndpointType != "public" && c.EndpointType != "publicURL" &&
c.EndpointType != "" {
return fmt.Errorf("Invalid endpoint type provided")
}
ao := gophercloud.AuthOptions{
Username: c.Username,
UserID: c.UserID,
Password: c.Password,
APIKey: c.APIKey,
IdentityEndpoint: c.IdentityEndpoint,
TenantID: c.TenantID,
TenantName: c.TenantName,
DomainID: c.DomainID,
DomainName: c.DomainName,
}
client, err := openstack.NewClient(ao.IdentityEndpoint)
if err != nil {
return err
}
if c.CACertFile != "" {
caCert, err := ioutil.ReadFile(c.CACertFile)
if err != nil {
return err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
config := &tls.Config{
RootCAs: caCertPool,
}
transport := &http.Transport{TLSClientConfig: config}
client.HTTPClient.Transport = transport
}
if c.Insecure {
// Configure custom TLS settings.
config := &tls.Config{InsecureSkipVerify: true}
transport := &http.Transport{TLSClientConfig: config}
client.HTTPClient.Transport = transport
}
err = openstack.Authenticate(client, ao)
if err != nil {
return err
}
c.osClient = client
return nil
}
func newOpenStack(cfg Config) (*OpenStack, error) {
provider, err := openstack.NewClient(cfg.Global.AuthUrl)
if err != nil {
return nil, err
}
if cfg.Global.TrustId != "" {
authOptionsExt := trust.AuthOptionsExt{
TrustID: cfg.Global.TrustId,
AuthOptions: token3.AuthOptions{AuthOptions: cfg.toAuthOptions()},
}
err = trust.AuthenticateV3Trust(provider, authOptionsExt)
} else {
err = openstack.Authenticate(provider, cfg.toAuthOptions())
}
if err != nil {
return nil, err
}
id, err := readInstanceID()
if err != nil {
return nil, err
}
os := OpenStack{
provider: provider,
region: cfg.Global.Region,
lbOpts: cfg.LoadBalancer,
bsOpts: cfg.BlockStorage,
routeOpts: cfg.Route,
localInstanceID: id,
}
return &os, nil
}
func (os *OpenStack) TCPLoadBalancer() (cloudprovider.TCPLoadBalancer, bool) {
glog.V(4).Info("openstack.TCPLoadBalancer() called")
if err := openstack.Authenticate(os.provider, os.authOpts); err != nil {
glog.Warningf("Failed to reauthenticate: %v", err)
return nil, false
}
// TODO: Search for and support Rackspace loadbalancer API, and others.
network, err := openstack.NewNetworkV2(os.provider, gophercloud.EndpointOpts{
Region: os.region,
})
if err != nil {
glog.Warningf("Failed to find neutron endpoint: %v", err)
return nil, false
}
compute, err := openstack.NewComputeV2(os.provider, gophercloud.EndpointOpts{
Region: os.region,
})
if err != nil {
glog.Warningf("Failed to find compute endpoint: %v", err)
return nil, false
}
glog.V(1).Info("Claiming to support TCPLoadBalancer")
return &LoadBalancer{network, compute, os.lbOpts}, true
}
func authenticatedClient(options gophercloud.AuthOptions) (*gophercloud.ProviderClient, error) {
client, err := newClient(options.IdentityEndpoint)
if err != nil {
return nil, err
}
err = openstack.Authenticate(client, options)
if err != nil {
return nil, err
}
return client, nil
}
// AuthenticatedClient logs in to an OpenStack cloud found at the identity endpoint specified by options, acquires a
// token, and returns a Client instance that's ready to operate.
func (keystoneAuthenticator *KeystoneAuthenticator) AuthenticatedClient(options gophercloud.AuthOptions) (*gophercloud.ProviderClient, error) {
client, err := openstack.NewClient(options.IdentityEndpoint)
if err != nil {
return nil, err
}
if keystoneAuthenticator.transport != nil {
client.HTTPClient.Transport = keystoneAuthenticator.transport
}
err = openstack.Authenticate(client, options)
return client, err
}
func (c *GenericClient) Authenticate(d *Driver) error {
if c.Provider != nil {
return nil
}
log.WithFields(log.Fields{
"AuthUrl": d.AuthUrl,
"Insecure": d.Insecure,
"DomainID": d.DomainID,
"DomainName": d.DomainName,
"Username": d.Username,
"TenantName": d.TenantName,
"TenantID": d.TenantId,
}).Debug("Authenticating...")
opts := gophercloud.AuthOptions{
IdentityEndpoint: d.AuthUrl,
DomainID: d.DomainID,
DomainName: d.DomainName,
Username: d.Username,
Password: d.Password,
TenantName: d.TenantName,
TenantID: d.TenantId,
AllowReauth: true,
}
provider, err := openstack.NewClient(opts.IdentityEndpoint)
if err != nil {
return err
}
provider.UserAgent.Prepend(fmt.Sprintf("docker-machine/v%d", version.ApiVersion))
if d.Insecure {
// Configure custom TLS settings.
config := &tls.Config{InsecureSkipVerify: true}
transport := &http.Transport{TLSClientConfig: config}
provider.HTTPClient.Transport = transport
}
err = openstack.Authenticate(provider, opts)
if err != nil {
return err
}
c.Provider = provider
return nil
}
func (c *GenericClient) Authenticate(d *Driver) error {
if c.Provider != nil {
return nil
}
log.Debug("Authenticating...", map[string]interface{}{
"AuthUrl": d.AuthUrl,
"Insecure": d.Insecure,
"CaCert": d.CaCert,
"DomainID": d.DomainID,
"DomainName": d.DomainName,
"Username": d.Username,
"TenantName": d.TenantName,
"TenantID": d.TenantId,
})
opts := gophercloud.AuthOptions{
IdentityEndpoint: d.AuthUrl,
DomainID: d.DomainID,
DomainName: d.DomainName,
Username: d.Username,
Password: d.Password,
TenantName: d.TenantName,
TenantID: d.TenantId,
AllowReauth: true,
}
provider, err := openstack.NewClient(opts.IdentityEndpoint)
if err != nil {
return err
}
c.Provider = provider
c.Provider.UserAgent.Prepend(fmt.Sprintf("docker-machine/v%d", version.APIVersion))
err = c.SetTLSConfig(d)
if err != nil {
return err
}
err = openstack.Authenticate(c.Provider, opts)
if err != nil {
return err
}
return nil
}
// Instances returns an implementation of Instances for OpenStack.
func (os *OpenStack) Instances() (cloudprovider.Instances, bool) {
glog.V(4).Info("openstack.Instances() called")
if err := openstack.Authenticate(os.provider, os.authOpts); err != nil {
glog.Warningf("Failed to reauthenticate: %v", err)
return nil, false
}
compute, err := openstack.NewComputeV2(os.provider, gophercloud.EndpointOpts{
Region: os.region,
})
if err != nil {
glog.Warningf("Failed to find compute endpoint: %v", err)
return nil, false
}
pager := flavors.ListDetail(compute, nil)
flavor_to_resource := make(map[string]*api.NodeResources)
err = pager.EachPage(func(page pagination.Page) (bool, error) {
flavorList, err := flavors.ExtractFlavors(page)
if err != nil {
return false, err
}
for _, flavor := range flavorList {
rsrc := api.NodeResources{
Capacity: api.ResourceList{
api.ResourceCPU: *resource.NewQuantity(int64(flavor.VCPUs), resource.DecimalSI),
api.ResourceMemory: *resource.NewQuantity(int64(flavor.RAM)*MiB, resource.BinarySI),
"openstack.org/disk": *resource.NewQuantity(int64(flavor.Disk)*GB, resource.DecimalSI),
"openstack.org/rxTxFactor": *resource.NewMilliQuantity(int64(flavor.RxTxFactor)*1000, resource.DecimalSI),
"openstack.org/swap": *resource.NewQuantity(int64(flavor.Swap)*MiB, resource.BinarySI),
},
}
flavor_to_resource[flavor.ID] = &rsrc
}
return true, nil
})
if err != nil {
glog.Warningf("Failed to find compute flavors: %v", err)
return nil, false
}
glog.V(3).Infof("Found %v compute flavors", len(flavor_to_resource))
glog.V(1).Info("Claiming to support Instances")
return &Instances{compute, flavor_to_resource}, true
}
func (b *KeystoneAuthenticationBackend) Authenticate(username string, password string) (string, error) {
opts := gophercloud.AuthOptions{
IdentityEndpoint: b.AuthURL,
Username: username,
Password: password,
TenantName: b.Tenant,
}
provider, err := openstack.NewClient(b.AuthURL)
if err != nil {
return "", err
}
if err := openstack.Authenticate(provider, opts); err != nil {
return "", err
}
return provider.TokenID, nil
}
func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error {
if c.EndpointType != "internal" && c.EndpointType != "internalURL" &&
c.EndpointType != "admin" && c.EndpointType != "adminURL" &&
c.EndpointType != "public" && c.EndpointType != "publicURL" &&
c.EndpointType != "" {
return []error{fmt.Errorf("Invalid endpoint type provided")}
}
if c.Region == "" {
c.Region = os.Getenv("OS_REGION_NAME")
}
// Legacy RackSpace stuff. We're keeping this around to keep things BC.
if c.APIKey == "" {
c.APIKey = os.Getenv("SDK_API_KEY")
}
if c.Password == "" {
c.Password = os.Getenv("SDK_PASSWORD")
}
if c.Region == "" {
c.Region = os.Getenv("SDK_REGION")
}
if c.TenantName == "" {
c.TenantName = os.Getenv("SDK_PROJECT")
}
if c.Username == "" {
c.Username = os.Getenv("SDK_USERNAME")
}
// Get as much as possible from the end
ao, _ := openstack.AuthOptionsFromEnv()
// Override values if we have them in our config
overrides := []struct {
From, To *string
}{
{&c.Username, &ao.Username},
{&c.UserID, &ao.UserID},
{&c.Password, &ao.Password},
{&c.APIKey, &ao.APIKey},
{&c.IdentityEndpoint, &ao.IdentityEndpoint},
{&c.TenantID, &ao.TenantID},
{&c.TenantName, &ao.TenantName},
{&c.DomainID, &ao.DomainID},
{&c.DomainName, &ao.DomainName},
}
for _, s := range overrides {
if *s.From != "" {
*s.To = *s.From
}
}
// Build the client itself
client, err := openstack.NewClient(ao.IdentityEndpoint)
if err != nil {
return []error{err}
}
// If we have insecure set, then create a custom HTTP client that
// ignores SSL errors.
if c.Insecure {
config := &tls.Config{InsecureSkipVerify: true}
transport := &http.Transport{TLSClientConfig: config}
client.HTTPClient.Transport = transport
}
// Auth
err = openstack.Authenticate(client, ao)
if err != nil {
return []error{err}
}
c.osClient = client
return nil
}
func (c *Config) loadAndValidate() error {
if c.EndpointType != "internal" && c.EndpointType != "internalURL" &&
c.EndpointType != "admin" && c.EndpointType != "adminURL" &&
c.EndpointType != "public" && c.EndpointType != "publicURL" &&
c.EndpointType != "" {
return fmt.Errorf("Invalid endpoint type provided")
}
ao := gophercloud.AuthOptions{
Username: c.Username,
UserID: c.UserID,
Password: c.Password,
TokenID: c.Token,
APIKey: c.APIKey,
IdentityEndpoint: c.IdentityEndpoint,
TenantID: c.TenantID,
TenantName: c.TenantName,
DomainID: c.DomainID,
DomainName: c.DomainName,
}
client, err := openstack.NewClient(ao.IdentityEndpoint)
if err != nil {
return err
}
config := &tls.Config{}
if c.CACertFile != "" {
caCert, err := ioutil.ReadFile(c.CACertFile)
if err != nil {
return err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
config.RootCAs = caCertPool
}
if c.Insecure {
config.InsecureSkipVerify = true
}
if c.ClientCertFile != "" && c.ClientKeyFile != "" {
cert, err := tls.LoadX509KeyPair(c.ClientCertFile, c.ClientKeyFile)
if err != nil {
return err
}
config.Certificates = []tls.Certificate{cert}
config.BuildNameToCertificate()
}
transport := &http.Transport{TLSClientConfig: config}
client.HTTPClient.Transport = transport
err = openstack.Authenticate(client, ao)
if err != nil {
return err
}
c.osClient = client
return nil
}
