Merge pull request #1 from grycap/devel

Merge Devel

INSTALL

@@ -5,8 +5,8 @@
 IM is based on python, so Python 2.4 or higher runtime and standard library must
 be installed in the system.
 
-It is also required to install the Python Lex & Yacc library (http://www.dabeaz.com/ply/).
-It is available in all of the main distributions as 'python-ply' package.
+It is also required to install the RADL parser (https://github.com/grycap/radl), available in pip
+as the 'RADL' package.
 
 1.2 OPTIONAL PACKAGES
 
@@ -38,48 +38,3 @@ xmlrpc_url=http://localhost:8899
 auth_file=auth.dat
 xmlrpc_ssl=no
 xmlrpc_ssl_ca_certs=/tmp/pki/ca-chain.pem
-
-1.4.1 AUTH FILE
-
-The authorization data is used to validate access to the components in the
-infrastructure. This file is composed of a set of "key - value" pairs,
-where the user specifies the authorization data for all the components and cloud
-deployments available. File auth.dat shows examples of authorization data.
-
-The list of "key" values that must be specified for each component are:
-
-* id: An optional field used to identify the virtual deployment. It must be unique
-      in the authorization data.
-* type: The type of the component. It can be any of the components of the
-        architecture, such as the "InfrastructureManager", "VMRC" or any of
-        the cloud deployments currently supported by the IM: OpenNebula, EC2,
-        OpenStack, OCCI or LibVirt.
-* username: The name of the user for the authentication. In the EC2 and OpenStack
-            cases it refers to the Access Key ID value. password: The password for
-            the authentication. In the EC2 and OpenStack cases it refers to the
-            Secret Access Key value.
-* host: The address to the server in format "address:port" to specify the cloud
-        deployment to access. In the EC2 and in the system components (IM and VMRC)
-        this field is not used.
-
-An example of the auth file:
-
-id = one; type = OpenNebula; host = osenserve:2633; username = user; password = pass
-type = InfrastructureManager; username = user; password = pass
-type = VMRC; host = http://server:8080/vmrc; username = user; password = pass
-id = ec2; type = EC2; username = ACCESS_KEY; password = SECRET_KEY
-id = oshost; type = OpenStack; host = oshost:8773; username = ACCESS_KEY; key = SECRET_KEY
-id = occi; type = OCCI; host = occiserver:4567; username = user; password = pass
-
-1.4.1 SECURITY
-
-Security is disabled by default, but it should be taken into account that it would
-be possible that someone that has local network access can "sniff" the traffic and
-get the messages with the IM with the authorisation data with the cloud providers.
-
-I can be activated both in the XMLRPC and REST APIs. Setting this variables:
-
-XMLRCP_SSL = True
-
-And then set the variables: XMLRCP_SSL_CA_CERTS to your CA certificates paths.
-

README

@@ -19,22 +19,6 @@ infrastructure. This file is composed of a set of "key - value" pairs,
 where the user specifies the authorization data for all the components and cloud
 deployments available. File auth.dat shows examples of authorization data.
 
-The list of "key" values that must be specified for each component are:
-
-- id: An optional field used to identify the virtual deployment. It must be unique
-      in the authorization data.
-- type: The type of the component. It can be any of the components of the
-        architecture, such as the "InfrastructureManager", "VMRC" or any of
-        the cloud deployments currently supported by the IM: OpenNebula, EC2,
-        OpenStack, OCCI or LibVirt.
-- username: The name of the user for the authentication. In the EC2 and OpenStack
-            cases it refers to the Access Key ID value. password: The password for
-            the authentication. In the EC2 and OpenStack cases it refers to the
-            Secret Access Key value.
-- host: The address to the server in format "address:port" to specify the cloud
-        deployment to access. In the EC2 and in the system components (IM and VMRC)
-        this field is not used.
-
 To avoid typing the parameters in all the client calls. The user can define a config
 file "im_client.cfg" in the current directory or a file ".im_client.cfg" in their 
 home directory. In the config file the user can specify the following parameters:

README.md

@@ -22,8 +22,8 @@ usage: client.py [-u|--xmlrpc-url <url>] [-a|--auth_file <filename>] operation o
 IM is based on python, so Python 2.4 or higher runtime and standard library must
 be installed in the system.
 
-It is also required to install the Python Lex & Yacc library (http://www.dabeaz.com/ply/).
-It is available in all of the main distributions as 'python-ply' package.
+It is also required to install the RADL parser (https://github.com/grycap/radl), available in pip
+as the 'RADL' package.
 
 1.2 OPTIONAL PACKAGES
 --------------
@@ -70,57 +70,89 @@ xmlrpc_ssl_ca_certs=/tmp/pki/ca-chain.pem
 
 ### 1.4.1 AUTH FILE
 
-The authorization data is used to validate access to the components in the
-infrastructure. This file is composed of a set of "key - value" pairs,
-where the user specifies the authorization data for all the components and cloud
-deployments available. File auth.dat shows examples of authorization data.
-
-The list of "key" values that must be specified for each component are:
-
-* id: An optional field used to identify the virtual deployment. It must be unique
-      in the authorization data.
-* type: The type of the component. It can be any of the components of the
-        architecture, such as the "InfrastructureManager", "VMRC" or any of
-        the cloud deployments currently supported by the IM: OpenNebula, EC2,
-        OpenStack, OCCI, LibCloud, GCE or LibVirt.
-* username: The name of the user for the authentication. In the EC2 and OpenStack
-            cases it refers to the Access Key ID value. password: The password for
-            the authentication. In the EC2 and OpenStack cases it refers to the
-            Secret Access Key value. In the GCE case it can refer to the CLIENT_ID
-            and CLIENT_SECRET (using Installed Application authentication) or
-            the SERVICE_ACCOUNT_EMAIL and RSA_PRIVATE_KEY (using the Service 
-            Account authentication)
-* host: The address to the server in format "address:port" to specify the cloud
-        deployment to access. In the EC2 or GCE and in the system components (IM and VMRC)
-        this field is not used.
+The authorization file stores in plain text the credentials to access the
+cloud providers, the IM service and the VMRC service. Each line of the file
+is composed by pairs of key and value separated by semicolon, and refers to a
+single credential. The key and value should be separated by " = ", that is
+**an equals sign preceded and followed by one white space at least**, like
+this::
+
+   id = id_value ; type = value_of_type ; username = value_of_username ; password = value_of_password 
+
+Values can contain "=", and "\\n" is replaced by carriage return. The available
+keys are:
+
+* ``type`` indicates the service that refers the credential. The services
+  supported are ``InfrastructureManager``, ``VMRC``, ``OpenNebula``, ``EC2``,, ``FogBow``, 
+  ``OpenStack``, ``OCCI``, ``LibCloud``, ``Docker``, ``GCE``, ``Azure``, ``Kubernetes`` and ``LibVirt``.
+
+* ``username`` indicates the user name associated to the credential. In EC2
+  it refers to the *Access Key ID*. In Azure it refers to the user 
+  Subscription ID. In GCE it refers to *Service Account’s Email Address*. 
+
+* ``password`` indicates the password associated to the credential. In EC2
+  it refers to the *Secret Access Key*. In GCE it refers to *Service 
+  Private Key*. See how to get it and how to extract the private key file from
+  `here info <https://cloud.google.com/storage/docs/authentication#service_accounts>`_).
+
+* ``tenant`` indicates the tenant associated to the credential.
+  This field is only used in the OpenStack plugin.
+
+* ``host`` indicates the address of the access point to the cloud provider.
+  This field is not used in IM and EC2 credentials.
+
+* ``proxy`` indicates the content of the proxy file associated to the credential.
+  To refer to a file you must use the function "file(/tmp/proxyfile.pem)" as shown in the example.
+  This field is only used in the OCCI plugin.
+
+* ``project`` indicates the project name associated to the credential.
+  This field is only used in the GCE plugin.
+
+* ``public_key`` indicates the content of the public key file associated to the credential.
+  To refer to a file you must use the function "file(cert.pem)" as shown in the example.
+  This field is only used in the Azure plugin. See how to get it
+  `here <https://msdn.microsoft.com/en-us/library/azure/gg551722.aspx>`_
+
+* ``private_key`` indicates the content of the private key file associated to the credential.
+  To refer to a file you must use the function "file(key.pem)" as shown in the example.
+  This field is only used in the Azure plugin. See how to get it
+  `here <https://msdn.microsoft.com/en-us/library/azure/gg551722.aspx>`_
+
+* ``id`` associates an identifier to the credential. The identifier should be
+  used as the label in the *deploy* section in the RADL.
+
+#### OpenStack addicional fields
+
+OpenStack has a set of addicional fields to access a cloud site:
+
+* ``auth_version`` the auth version used to connect with the Keystone server.
+  The possible values are: ``2.0_password`` or ``3.X_password``. The default value is ``2.0_password``.
+
+* ``base_url`` base URL to the OpenStack API endpoint. By default, the connector obtains API endpoint URL from the 
+  server catalog, but if this argument is provided, this step is skipped and the provided value is used directly.
+  The value is: http://cloud_server.com:8774/v2/<tenant_id>.
+
+* ``service_region`` the region of the cloud site (case sensitive). It is used to obtain  the API 
+  endpoint URL. The default value is: ``RegionOne``.
+
+* ``service_name`` the service name used to obtain the API endpoint URL. The default value is: ``Compute``.
+
+* ``auth_token`` token which is used for authentication. If this argument is provided, normal authentication 
+  flow is skipped and the OpenStack API endpoint is directly hit with the provided token. Normal authentication 
+  flow involves hitting the auth service (Keystone) with the provided username and password and requesting an
+  authentication token.
 
 An example of the auth file:
 
 ```
-id = one; type = OpenNebula; host = server:2633; username = user; password = pass
-type = InfrastructureManager; username = user; password = pass
-type = VMRC; host = http://server:8080/vmrc; username = user; password = pass
-id = ec2; type = EC2; username = ACESS_KEY; password = SECRET_KEY
-id = gce; type = GCE; username = CLIENT_ID; password = CLIENT_SECRET; project = project-name
-id = gce2; type = GCE; username = SERVICE_ACC_EMAIL; password = file(path_to_pem_file); project = project-name
-id = docker; type = Docker; host = server:2375
-id = occi; type = OCCI; host = server:8443; proxy = file(/tmp/proxy.pem)
-id = libcloud; type = LibCloud; driver = EC2; username = ACESS_KEY; password = SECRET_KEY
-
-```
-         
-### 1.4.2 SECURITY
-
-Security is disabled by default, but it should be taken into account that it would
-be possible that someone that has local network access can "sniff" the traffic and
-get the messages with the IM with the authorisation data with the cloud providers.
-
-I can be activated both in the XMLRPC and REST APIs. Setting this variables:
-
+id = one; type = OpenNebula; host = osenserver:2633; username = user; password = pass
+id = ost; type = OpenStack; host = https://ostserver:5000; username = user; password = pass; tenant = tenant
+id = im; type = InfrastructureManager; username = user; password = pass
+id = vmrc; type = VMRC; host = http://server:8080/vmrc; username = user; password = pass
+id = ec2; type = EC2; username = ACCESS_KEY; password = SECRET_KEY
+id = gce; type = GCE; username = username.apps.googleusercontent.com; password = pass; project = projectname
+id = docker; type = Docker; host = http://host:2375
+id = occi; type = OCCI; proxy = file(/tmp/proxy.pem); host = https://fc-one.i3m.upv.es:11443
+id = azure; type = Azure; username = subscription-id; public_key = file(cert.pem); private_key = file(key.pem)
+id = kub; type = Kubernetes; host = http://server:8080; username = user; password = pass
 ```
-XMLRCP_SSL = True
-```
-
-And then set the variables: XMLRCP_SSL_CA_CERTS to your CA certificates paths.
-
-

changelog

@@ -61,3 +61,6 @@ IM-client 1.4.2
     * Improve returned messages
     * Bugfix in sshvm function in VMs using a port different to 22
 
+IM-client 1.4.3
+    * Add GetVersion function
+    * Extract RADL as an external package

doc/source/client.rst

@@ -127,7 +127,7 @@ Values can contain "=", and "\\n" is replaced by carriage return. The available
 keys are:
 
 * ``type`` indicates the service that refers the credential. The services
-  supported are ``InfrastructureManager``, ``VMRC``, ``OpenNebula``, ``EC2``,
+  supported are ``InfrastructureManager``, ``VMRC``, ``OpenNebula``, ``EC2``,, ``FogBow``, 
   ``OpenStack``, ``OCCI``, ``LibCloud``, ``Docker``, ``GCE``, ``Azure``, ``Kubernetes`` and ``LibVirt``.
 
 * ``username`` indicates the user name associated to the credential. In EC2
@@ -164,15 +164,36 @@ keys are:
 
 * ``id`` associates an identifier to the credential. The identifier should be
   used as the label in the *deploy* section in the RADL.
+
+OpenStack addicional fields
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+OpenStack has a set of addicional fields to access a cloud site:
+
+* ``auth_version`` the auth version used to connect with the Keystone server.
+  The possible values are: ``2.0_password`` or ``3.X_password``. The default value is ``2.0_password``.
+
+* ``base_url`` base URL to the OpenStack API endpoint. By default, the connector obtains API endpoint URL from the 
+  server catalog, but if this argument is provided, this step is skipped and the provided value is used directly.
+  The value is: http://cloud_server.com:8774/v2/<tenant_id>.
+
+* ``service_region`` the region of the cloud site (case sensitive). It is used to obtain  the API 
+  endpoint URL. The default value is: ``RegionOne``.
+
+* ``service_name`` the service name used to obtain the API endpoint URL. The default value is: ``Compute``.
+
+* ``auth_token`` token which is used for authentication. If this argument is provided, normal authentication 
+  flow is skipped and the OpenStack API endpoint is directly hit with the provided token. Normal authentication 
+  flow involves hitting the auth service (Keystone) with the provided username and password and requesting an
+  authentication token.
 
 An example of the auth file::
 
    id = one; type = OpenNebula; host = osenserver:2633; username = user; password = pass
-   id = ost; type = OpenStack; host = ostserver:5000; username = user; password = pass; tenant = tenant
-   type = InfrastructureManager; username = user; password = pass
-   type = VMRC; host = http://server:8080/vmrc; username = user; password = pass
+   id = ost; type = OpenStack; host = https://ostserver:5000; username = user; password = pass; tenant = tenant
+   id = im; type = InfrastructureManager; username = user; password = pass
+   id = vmrc; type = VMRC; host = http://server:8080/vmrc; username = user; password = pass
    id = ec2; type = EC2; username = ACCESS_KEY; password = SECRET_KEY
-   id = oshost; type = OpenStack; host = oshost:8773; username = ACCESS_KEY; key = SECRET_KEY
    id = gce; type = GCE; username = username.apps.googleusercontent.com; password = pass; project = projectname
    id = docker; type = Docker; host = http://host:2375
    id = occi; type = OCCI; proxy = file(/tmp/proxy.pem); host = https://fc-one.i3m.upv.es:11443

im_client.py

@@ -23,7 +23,7 @@
 from optparse import OptionParser, Option, IndentedHelpFormatter
 import ConfigParser
 
-__version__ = "1.4.2"
+__version__ = "1.4.3"
 
 class PosOptionParser(OptionParser):
 	def format_help(self, formatter=None):
@@ -232,25 +232,27 @@ def get_input_params(radl):
 	parser.add_operation_help('startvm','<inf_id> <vm_id>')
 	parser.add_operation_help('stopvm','<inf_id> <vm_id>')
 	parser.add_operation_help('sshvm','<inf_id> <vm_id>')
+	parser.add_operation_help('getversion','')
 
 	(options, args) = parser.parse_args()
 
-	if options.auth_file is None:
-		parser.error("Auth file not specified")
-
-	auth_data = read_auth_data(options.auth_file)
-
-	if auth_data is None:
-		parser.error("Auth file with incorrect format.")
-
 	if len(args) < 1:
 		parser.error("operation not specified. Use --help to show all the available operations.")
 	operation = args[0].lower()
 	args = args[1:]
 
-	if (operation not in ["removeresource", "addresource", "create", "destroy", "getinfo", "list", "stop", "start", "alter", "getcontmsg", "getvminfo", "reconfigure","getradl","getvmcontmsg","stopvm","startvm", "sshvm","getstate"]):
+	if (operation not in ["removeresource", "addresource", "create", "destroy", "getinfo", "list", "stop", "start", "alter", "getcontmsg", "getvminfo", "reconfigure","getradl","getvmcontmsg","stopvm","startvm", "sshvm","getstate","getversion"]):
 		parser.error("operation not recognised.  Use --help to show all the available operations")
 
+	if (operation not in ["getversion"]):
+		if options.auth_file is None:
+			parser.error("Auth file not specified")
+
+		auth_data = read_auth_data(options.auth_file)
+
+		if auth_data is None:
+			parser.error("Auth file with incorrect format.")
+
 	if XMLRCP_SSL:
 		print "Secure connection with: " + options.xmlrpc
 		from springpython.remoting.xmlrpc import SSLClient
@@ -583,3 +585,12 @@ def get_input_params(radl):
 		else:
 			print "Error accessing VM: %s" % info
 			sys.exit(1)
+
+	elif operation == "getversion":
+		(success, version) = server.GetVersion()
+
+		if success:
+			print "IM service version: %s" % version
+		else:
+			print "ERROR getting IM service version: " + version
+			sys.exit(1)