salt/modules/nova.py
# -*- coding: utf-8 -*-
'''
Module for handling OpenStack Nova calls
:depends: - novaclient Python module
:configuration: This module is not usable until the user, password, tenant, and
auth URL are specified either in a pillar or in the minion's config file.
For example:
.. code-block:: yaml
keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
# Optional
keystone.region_name: 'RegionOne'
If configuration for multiple OpenStack accounts is required, they can be
set up as different configuration profiles:
For example:
.. code-block:: yaml
openstack1:
keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
openstack2:
keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.auth_url: 'http://127.0.0.2:5000/v2.0/'
With this configuration in place, any of the nova functions can make use of
a configuration profile by declaring it explicitly.
For example:
.. code-block:: bash
salt '*' nova.flavor_list profile=openstack1
Configured options can be overridden by use of dictionary of particular options.
For example:
.. code-block:: bash
salt '*' nova.flavor_list profile=openstack1 keystone_api_args='{"tenant": "SomeTenant"}'
To use keystoneauth1 instead of keystoneclient, include the `use_keystoneauth`
option in the pillar or minion config.
.. note::
This is required to use keystone v3 as for authentication.
.. code-block:: yaml
keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.auth_url: 'http://127.0.0.1:5000'
keystone.use_keystoneauth: True
keystone.region_name: RegionOne
keystone.project_id: befcf35ea5094743b81ee12fb43484f5
keystone.user_domain_name: Default
# Optional
keystone.verify: '/path/to/custom/certs/ca-bundle.crt'
.. note::
Auto detection of API version is added so there is no need to add /v3
to auth_url.
.. note::
By default the nova module will attempt to verify its connection
utilizing the system certificates. If you need to verify against
another bundle of CA certificates or want to skip verification
altogether you will need to specify the `verify` option. You can
specify True or False to verify (or not) against system certificates, a
path to a bundle or CA certs to check against, or None to allow
keystoneauth to search for the certificates on its own. (defaults to
True)
'''
from __future__ import absolute_import, unicode_literals, print_function
# Import python libs
import logging
# Import salt libs
try:
import salt.utils.openstack.nova as suon
HAS_NOVA = True
except ImportError as exc:
HAS_NOVA = False
# Get logging started
log = logging.getLogger(__name__)
# Function alias to not shadow built-ins
__func_alias__ = {
'list_': 'list'
}
# Define the module's virtual name
__virtualname__ = 'nova'
def __virtual__():
'''
Only load this module if nova
is installed on this minion.
'''
if HAS_NOVA:
return __virtualname__
return (False, 'The nova execution module failed to load: '
'only available if nova client is installed.')
__opts__ = {}
def _auth(profile=None, **kwargs):
'''
Set up nova credentials
'''
keystone_api_args = None
if kwargs is not None:
if kwargs.get('keystone_api_args') is not None:
keystone_api_args = kwargs['keystone_api_args']
if profile:
credentials = __salt__['config.option'](profile)
user = credentials['keystone.user']
password = credentials['keystone.password']
tenant = credentials['keystone.tenant']
auth_url = credentials['keystone.auth_url']
region_name = credentials.get('keystone.region_name', None)
api_key = credentials.get('keystone.api_key', None)
os_auth_system = credentials.get('keystone.os_auth_system', None)
use_keystoneauth = credentials.get('keystone.use_keystoneauth', False)
else:
user = __salt__['config.option']('keystone.user')
password = __salt__['config.option']('keystone.password')
tenant = __salt__['config.option']('keystone.tenant')
auth_url = __salt__['config.option']('keystone.auth_url')
region_name = __salt__['config.option']('keystone.region_name')
api_key = __salt__['config.option']('keystone.api_key')
os_auth_system = __salt__['config.option']('keystone.os_auth_system')
use_keystoneauth = __salt__['config.option']('keystone.use_keystoneauth')
# Override pillar settings with settings provided by module argument
if keystone_api_args:
user = keystone_api_args.get('user', user)
password = keystone_api_args.get('password', password)
tenant = keystone_api_args.get('tenant', tenant)
auth_url = keystone_api_args.get('auth_url', auth_url)
region_name = keystone_api_args.get('region_name', region_name)
api_key = keystone_api_args.get('api_key', api_key)
os_auth_system = keystone_api_args.get('os_auth_system', os_auth_system)
use_keystoneauth = keystone_api_args.get('use_keystoneauth', use_keystoneauth)
if use_keystoneauth is True:
if profile:
credentials = __salt__['config.option'](profile)
project_id = credentials.get('keystone.project_id', None)
project_name = credentials.get('keystone.project_name', None)
user_domain_name = credentials.get('keystone.user_domain_name', None)
project_domain_name = credentials.get('keystone.project_domain_name', None)
verify = credentials.get('keystone.verify', None)
else:
project_id = __salt__['config.option']('keystone.project_id')
project_name = __salt__['config.option']('keystone.project_name')
user_domain_name = __salt__['config.option']('keystone.user_domain_name')
project_domain_name = __salt__['config.option']('keystone.project_domain_name')
verify = __salt__['config.option']('keystone.verify')
# Override pillar settings with settings provided by module argument
if keystone_api_args:
project_id = keystone_api_args.get('project_id', project_id)
project_name = keystone_api_args.get('project_name', project_name)
user_domain_name = keystone_api_args.get('user_domain_name', user_domain_name)
project_domain_name = keystone_api_args.get('project_domain_name', project_domain_name)
verify = keystone_api_args.get('verify', verify)
send_kwargs = {
'username': user,
'password': password,
'project_id': project_id,
'auth_url': auth_url,
'region_name': region_name,
'use_keystoneauth': use_keystoneauth,
'verify': verify,
'project_name': project_name,
'project_domain_name': project_domain_name,
'user_domain_name': user_domain_name
}
else:
send_kwargs = {
'username': user,
'password': password,
'api_key': api_key,
'project_id': tenant,
'auth_url': auth_url,
'region_name': region_name,
'os_auth_plugin': os_auth_system
}
log.debug('SEND_KWARGS: %s', send_kwargs)
return suon.SaltNova(**send_kwargs)
def boot(name, flavor_id=0, image_id=0, profile=None, timeout=300, **kwargs):
'''
Boot (create) a new instance
name
Name of the new instance (must be first)
flavor_id
Unique integer ID for the flavor
image_id
Unique integer ID for the image
timeout
How long to wait, after creating the instance, for the provider to
return information about it (default 300 seconds).
.. versionadded:: 2014.1.0
CLI Example:
.. code-block:: bash
salt '*' nova.boot myinstance flavor_id=4596 image_id=2
The flavor_id and image_id are obtained from nova.flavor_list and
nova.image_list
.. code-block:: bash
salt '*' nova.flavor_list
salt '*' nova.image_list
'''
conn = _auth(profile, **kwargs)
return conn.boot(name, flavor_id, image_id, timeout)
def volume_list(search_opts=None, profile=None, **kwargs):
'''
List storage volumes
search_opts
Dictionary of search options
profile
Profile to use
CLI Example:
.. code-block:: bash
salt '*' nova.volume_list search_opts='{"display_name": "myblock"}' profile=openstack
'''
conn = _auth(profile, **kwargs)
return conn.volume_list(search_opts=search_opts)
def volume_show(name, profile=None, **kwargs):
'''
Create a block storage volume
name
Name of the volume
profile
Profile to use
CLI Example:
.. code-block:: bash
salt '*' nova.volume_show myblock profile=openstack
'''
conn = _auth(profile, **kwargs)
return conn.volume_show(name)
def volume_create(name, size=100, snapshot=None, voltype=None, profile=None, **kwargs):
'''
Create a block storage volume
name
Name of the new volume (must be first)
size
Volume size
snapshot
Block storage snapshot id
voltype
Type of storage
profile
Profile to build on
CLI Example:
.. code-block:: bash
salt '*' nova.volume_create myblock size=300 profile=openstack
'''
conn = _auth(profile, **kwargs)
return conn.volume_create(
name,
size,
snapshot,
voltype
)
def volume_delete(name, profile=None, **kwargs):
'''
Destroy the volume
name
Name of the volume
profile
Profile to build on
CLI Example:
.. code-block:: bash
salt '*' nova.volume_delete myblock profile=openstack
'''
conn = _auth(profile, **kwargs)
return conn.volume_delete(name)
def volume_detach(name, profile=None, timeout=300, **kwargs):
'''
Attach a block storage volume
name
Name of the new volume to attach
server_name
Name of the server to detach from
profile
Profile to build on
CLI Example:
.. code-block:: bash
salt '*' nova.volume_detach myblock profile=openstack
'''
conn = _auth(profile, **kwargs)
return conn.volume_detach(
name,
timeout
)
def volume_attach(name,
server_name,
device='/dev/xvdb',
profile=None,
timeout=300, **kwargs):
'''
Attach a block storage volume
name
Name of the new volume to attach
server_name
Name of the server to attach to
device
Name of the device on the server
profile
Profile to build on
CLI Example:
.. code-block:: bash
salt '*' nova.volume_attach myblock slice.example.com profile=openstack
salt '*' nova.volume_attach myblock server.example.com device='/dev/xvdb' profile=openstack
'''
conn = _auth(profile, **kwargs)
return conn.volume_attach(
name,
server_name,
device,
timeout
)
def suspend(instance_id, profile=None, **kwargs):
'''
Suspend an instance
instance_id
ID of the instance to be suspended
CLI Example:
.. code-block:: bash
salt '*' nova.suspend 1138
'''
conn = _auth(profile, **kwargs)
return conn.suspend(instance_id)
def resume(instance_id, profile=None, **kwargs):
'''
Resume an instance
instance_id
ID of the instance to be resumed
CLI Example:
.. code-block:: bash
salt '*' nova.resume 1138
'''
conn = _auth(profile, **kwargs)
return conn.resume(instance_id)
def lock(instance_id, profile=None, **kwargs):
'''
Lock an instance
instance_id
ID of the instance to be locked
CLI Example:
.. code-block:: bash
salt '*' nova.lock 1138
'''
conn = _auth(profile, **kwargs)
return conn.lock(instance_id)
def delete(instance_id, profile=None, **kwargs):
'''
Delete an instance
instance_id
ID of the instance to be deleted
CLI Example:
.. code-block:: bash
salt '*' nova.delete 1138
'''
conn = _auth(profile, **kwargs)
return conn.delete(instance_id)
def flavor_list(profile=None, **kwargs):
'''
Return a list of available flavors (nova flavor-list)
CLI Example:
.. code-block:: bash
salt '*' nova.flavor_list
'''
filters = kwargs.get('filter', {})
conn = _auth(profile, **kwargs)
return conn.flavor_list(**filters)
def flavor_create(name, # pylint: disable=C0103
flavor_id=0, # pylint: disable=C0103
ram=0,
disk=0,
vcpus=1,
is_public=True,
profile=None, **kwargs):
'''
Add a flavor to nova (nova flavor-create). The following parameters are
required:
name
Name of the new flavor (must be first)
flavor_id
Unique integer ID for the new flavor
ram
Memory size in MB
disk
Disk size in GB
vcpus
Number of vcpus
is_public
Whether flavor is public. Default is True.
CLI Example:
.. code-block:: bash
salt '*' nova.flavor_create myflavor flavor_id=6 ram=4096 disk=10 vcpus=1
'''
conn = _auth(profile, **kwargs)
return conn.flavor_create(
name,
flavor_id,
ram,
disk,
vcpus,
is_public
)
def flavor_delete(flavor_id, profile=None, **kwargs): # pylint: disable=C0103
'''
Delete a flavor from nova by id (nova flavor-delete)
CLI Example:
.. code-block:: bash
salt '*' nova.flavor_delete 7
'''
conn = _auth(profile, **kwargs)
return conn.flavor_delete(flavor_id)
def flavor_access_list(flavor_id, profile=None, **kwargs):
'''
Return a list of project IDs assigned to flavor ID
CLI Example:
.. code-block:: bash
salt '*' nova.flavor_access_list flavor_id=ID
'''
conn = _auth(profile, **kwargs)
return conn.flavor_access_list(flavor_id=flavor_id, **kwargs)
def flavor_access_add(flavor_id, project_id, profile=None, **kwargs):
'''
Add a project to the flavor access list
CLI Example:
.. code-block:: bash
salt '*' nova.flavor_access_add flavor_id=fID project_id=pID
'''
conn = _auth(profile, **kwargs)
return conn.flavor_access_add(flavor_id, project_id)
def flavor_access_remove(flavor_id, project_id, profile=None, **kwargs):
'''
Remove a project from the flavor access list
CLI Example:
.. code-block:: bash
salt '*' nova.flavor_access_remove flavor_id=fID project_id=pID
'''
conn = _auth(profile, **kwargs)
return conn.flavor_access_remove(flavor_id, project_id)
def keypair_list(profile=None, **kwargs):
'''
Return a list of available keypairs (nova keypair-list)
CLI Example:
.. code-block:: bash
salt '*' nova.keypair_list
'''
conn = _auth(profile, **kwargs)
return conn.keypair_list()
def keypair_add(name, pubfile=None, pubkey=None, profile=None, **kwargs):
'''
Add a keypair to nova (nova keypair-add)
CLI Examples:
.. code-block:: bash
salt '*' nova.keypair_add mykey pubfile='/home/myuser/.ssh/id_rsa.pub'
salt '*' nova.keypair_add mykey pubkey='ssh-rsa <key> myuser@mybox'
'''
conn = _auth(profile, **kwargs)
return conn.keypair_add(
name,
pubfile,
pubkey
)
def keypair_delete(name, profile=None, **kwargs):
'''
Add a keypair to nova (nova keypair-delete)
CLI Example:
.. code-block:: bash
salt '*' nova.keypair_delete mykey
'''
conn = _auth(profile, **kwargs)
return conn.keypair_delete(name)
def image_list(name=None, profile=None, **kwargs):
'''
Return a list of available images (nova images-list + nova image-show)
If a name is provided, only that image will be displayed.
CLI Examples:
.. code-block:: bash
salt '*' nova.image_list
salt '*' nova.image_list myimage
'''
conn = _auth(profile, **kwargs)
return conn.image_list(name)
def image_meta_set(image_id=None,
name=None,
profile=None,
**kwargs): # pylint: disable=C0103
'''
Sets a key=value pair in the metadata for an image (nova image-meta set)
CLI Examples:
.. code-block:: bash
salt '*' nova.image_meta_set 6f52b2ff-0b31-4d84-8fd1-af45b84824f6 cheese=gruyere
salt '*' nova.image_meta_set name=myimage salad=pasta beans=baked
'''
conn = _auth(profile, **kwargs)
return conn.image_meta_set(
image_id,
name,
**kwargs
)
def image_meta_delete(image_id=None, # pylint: disable=C0103
name=None,
keys=None,
profile=None, **kwargs):
'''
Delete a key=value pair from the metadata for an image
(nova image-meta set)
CLI Examples:
.. code-block:: bash
salt '*' nova.image_meta_delete 6f52b2ff-0b31-4d84-8fd1-af45b84824f6 keys=cheese
salt '*' nova.image_meta_delete name=myimage keys=salad,beans
'''
conn = _auth(profile, **kwargs)
return conn.image_meta_delete(
image_id,
name,
keys
)
def list_(profile=None, **kwargs):
'''
To maintain the feel of the nova command line, this function simply calls
the server_list function.
CLI Example:
.. code-block:: bash
salt '*' nova.list
'''
return server_list(profile=profile, **kwargs)
def server_list(profile=None, **kwargs):
'''
Return list of active servers
CLI Example:
.. code-block:: bash
salt '*' nova.server_list
'''
conn = _auth(profile, **kwargs)
return conn.server_list()
def show(server_id, profile=None, **kwargs):
'''
To maintain the feel of the nova command line, this function simply calls
the server_show function.
CLI Example:
.. code-block:: bash
salt '*' nova.show
'''
return server_show(server_id, profile, **kwargs)
def server_list_detailed(profile=None, **kwargs):
'''
Return detailed list of active servers
CLI Example:
.. code-block:: bash
salt '*' nova.server_list_detailed
'''
conn = _auth(profile, **kwargs)
return conn.server_list_detailed()
def server_show(server_id, profile=None, **kwargs):
'''
Return detailed information for an active server
CLI Example:
.. code-block:: bash
salt '*' nova.server_show <server_id>
'''
conn = _auth(profile, **kwargs)
return conn.server_show(server_id)
def secgroup_create(name, description, profile=None, **kwargs):
'''
Add a secgroup to nova (nova secgroup-create)
CLI Example:
.. code-block:: bash
salt '*' nova.secgroup_create mygroup 'This is my security group'
'''
conn = _auth(profile, **kwargs)
return conn.secgroup_create(name, description)
def secgroup_delete(name, profile=None, **kwargs):
'''
Delete a secgroup to nova (nova secgroup-delete)
CLI Example:
.. code-block:: bash
salt '*' nova.secgroup_delete mygroup
'''
conn = _auth(profile, **kwargs)
return conn.secgroup_delete(name)
def secgroup_list(profile=None, **kwargs):
'''
Return a list of available security groups (nova items-list)
CLI Example:
.. code-block:: bash
salt '*' nova.secgroup_list
'''
conn = _auth(profile, **kwargs)
return conn.secgroup_list()
def server_by_name(name, profile=None, **kwargs):
'''
Return information about a server
name
Server Name
CLI Example:
.. code-block:: bash
salt '*' nova.server_by_name myserver profile=openstack
'''
conn = _auth(profile, **kwargs)
return conn.server_by_name(name)
#The following is a list of functions that need to be incorporated in the
#nova module. This list should be updated as functions are added.
#
#absolute-limits Print a list of absolute limits for a user
#actions Retrieve server actions.
#add-fixed-ip Add new IP address to network.
#add-floating-ip Add a floating IP address to a server.
#aggregate-add-host Add the host to the specified aggregate.
#aggregate-create Create a new aggregate with the specified details.
#aggregate-delete Delete the aggregate by its id.
#aggregate-details Show details of the specified aggregate.
#aggregate-list Print a list of all aggregates.
#aggregate-remove-host
# Remove the specified host from the specified aggregate.
#aggregate-set-metadata
# Update the metadata associated with the aggregate.
#aggregate-update Update the aggregate's name and optionally
# availability zone.
#cloudpipe-create Create a cloudpipe instance for the given project
#cloudpipe-list Print a list of all cloudpipe instances.
#console-log Get console log output of a server.
#credentials Show user credentials returned from auth
#describe-resource Show details about a resource
#diagnostics Retrieve server diagnostics.
#dns-create Create a DNS entry for domain, name and ip.
#dns-create-private-domain
# Create the specified DNS domain.
#dns-create-public-domain
# Create the specified DNS domain.
#dns-delete Delete the specified DNS entry.
#dns-delete-domain Delete the specified DNS domain.
#dns-domains Print a list of available dns domains.
#dns-list List current DNS entries for domain and ip or domain
# and name.
#endpoints Discover endpoints that get returned from the
# authenticate services
#floating-ip-create Allocate a floating IP for the current tenant.
#floating-ip-delete De-allocate a floating IP.
#floating-ip-list List floating ips for this tenant.
#floating-ip-pool-list
# List all floating ip pools.
#get-vnc-console Get a vnc console to a server.
#host-action Perform a power action on a host.
#host-update Update host settings.
#image-create Create a new image by taking a snapshot of a running
# server.
#image-delete Delete an image.
#live-migration Migrates a running instance to a new machine.
#meta Set or Delete metadata on a server.
#migrate Migrate a server.
#pause Pause a server.
#rate-limits Print a list of rate limits for a user
#reboot Reboot a server.
#rebuild Shutdown, re-image, and re-boot a server.
#remove-fixed-ip Remove an IP address from a server.
#remove-floating-ip Remove a floating IP address from a server.
#rename Rename a server.
#rescue Rescue a server.
#resize Resize a server.
#resize-confirm Confirm a previous resize.
#resize-revert Revert a previous resize (and return to the previous
# VM).
#root-password Change the root password for a server.
#secgroup-add-group-rule
# Add a source group rule to a security group.
#secgroup-add-rule Add a rule to a security group.
#secgroup-delete-group-rule
# Delete a source group rule from a security group.
#secgroup-delete-rule
# Delete a rule from a security group.
#secgroup-list-rules
# List rules for a security group.
#ssh SSH into a server.
#unlock Unlock a server.
#unpause Unpause a server.
#unrescue Unrescue a server.
#usage-list List usage data for all tenants
#volume-list List all the volumes.
#volume-snapshot-create
# Add a new snapshot.
#volume-snapshot-delete
# Remove a snapshot.
#volume-snapshot-list
# List all the snapshots.
#volume-snapshot-show
# Show details about a snapshot.
#volume-type-create Create a new volume type.
#volume-type-delete Delete a specific flavor
#volume-type-list Print a list of available 'volume types'.
#x509-create-cert Create x509 cert for a user in tenant
#x509-get-root-cert Fetches the x509 root cert.