jenkins-bot has submitted this change and it was merged.
Change subject: Modify ldap schema for hosts.
......................................................................
Modify ldap schema for hosts.
Previously all the DNS names for a given IP had an arbitrary dn constructed
out of the first DNS name used for that IP. That was producing various
bugs when we tried to manipulate other names other than the lucky first
name.
Now there are two different dn types for hosts. For private/internal
hosts, the dn is of the form dc=<instanceid>.<domain>,ou=hosts, etc.
For public/floating IP hosts, the dn is of the form dc=<ip>,ou-hosts,
etc.
This patch simplifies host accessor and searcher methods accordingly.
Domain objects are now managed internally by host objects, and Domain
args have been removed from the host object interface.
Change-Id: Ia604df3317e7ba92240f02e8ae3dd0776b17ca4b
---
M nova/OpenStackNovaHost.php
M nova/OpenStackNovaSudoer.php
M special/SpecialNovaAddress.php
3 files changed, 130 insertions(+), 135 deletions(-)
Approvals:
Ryan Lane: Looks good to me, approved
jenkins-bot: Verified
diff --git a/nova/OpenStackNovaHost.php b/nova/OpenStackNovaHost.php
index d93f359..5215736 100644
--- a/nova/OpenStackNovaHost.php
+++ b/nova/OpenStackNovaHost.php
@@ -8,16 +8,25 @@
*/
class OpenStackNovaHost {
+ /**
+ * @var bool
+ */
+ var $private;
/**
* @var string
*/
- var $searchvalue;
+ var $hostname;
/**
* @var string
*/
var $hostDN;
+
+ /**
+ * @var string
+ */
+ var $ip;
/**
* @var mixed
@@ -27,15 +36,20 @@
/**
* @var OpenStackNovaDomain
*/
- var $domain;
+ var $domainCache;
/**
- * @param $hostname
- * @param $domain
+ * @param $instanceid
+ * @param $ip
+ * (specify $instanceid for private, $ip for public)
*/
- function __construct( $hostname, $domain ) {
- $this->searchvalue = $hostname;
- $this->domain = $domain;
+ function __construct( $private, $instanceid, $ip ) {
+ global $wgAuth;
+
+ $this->private = $private;
+ $this->hostname = $instanceid;
+ $this->domainCache = null;
+ $this->ip = $ip;
OpenStackNovaLdapConnection::connect();
$this->fetchHostInfo();
}
@@ -47,10 +61,16 @@
*/
function fetchHostInfo() {
global $wgAuth;
+ global $wgOpenStackManagerLDAPInstanceBaseDN;
- $this->searchvalue = $wgAuth->getLdapEscapedString(
$this->searchvalue );
- $fqdn = $this->searchvalue . '.' .
$this->domain->getFullyQualifiedDomainName();
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $this->domain->domainDN, '(|(associateddomain=' . $fqdn .
')(cnamerecord=' . $fqdn . ')(dc=' . $this->searchvalue . '))' );
+ $this->hostname = $wgAuth->getLdapEscapedString(
$this->hostname );
+ if ( $this->private ) {
+ $fqdn = $this->hostname . '.' .
$this->getDomain()->getFullyQualifiedDomainName();
+ $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $fqdn . '))'
);
+ } else {
+ $this->ip = $wgAuth->getLdapEscapedString( $this->ip );
+ $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $this->ip .
')' );
+ }
$this->hostInfo = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
if ( $this->hostInfo["count"] == "0" ) {
$this->hostInfo = null;
@@ -103,7 +123,19 @@
* @return OpenStackNovaDomain
*/
function getDomain() {
- return $this->domain;
+ global $wgAuth;
+
+ if ( ! $this->domainCache ) {
+ if ( $this->private ) {
+ $this->domainCache =
OpenStackNovaDomain::getDomainByInstanceId( $this->hostname );
+ } else {
+ $this->domainCache =
OpenStackNovaDomain::getDomainByHostIP( $this->ip );
+ }
+ }
+ if (! $this->domainCache ) {
+ $wgAuth->printDebug( "Looked up domain but domainCache is
still empty.", NONSENSITIVE );
+ }
+ return $this->domainCache;
}
/**
@@ -123,7 +155,7 @@
* @return string
*/
function getFullyQualifiedHostName() {
- return $this->getHostName() . '.' .
$this->domain->getFullyQualifiedDomainName();
+ return $this->getHostName() . '.' .
$this->getDomain()->getFullyQualifiedDomainName();
}
/**
@@ -269,7 +301,7 @@
array_shift( $associateddomains );
$index = array_search( $fqdn, $associateddomains );
if ( $index === false ) {
- $wgAuth->printDebug( "Failed to find ip address
in arecords list", NONSENSITIVE );
+ $wgAuth->printDebug( "Failed to find $fqdn in
associateddomain list", NONSENSITIVE );
return false;
}
unset( $associateddomains[$index] );
@@ -281,7 +313,7 @@
$success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->hostDN, $values );
if ( $success ) {
$wgAuth->printDebug( "Successfully removed
$fqdn from $this->hostDN", NONSENSITIVE );
- $this->domain->updateSOA();
+ $this->getDomain()->updateSOA();
$this->fetchHostInfo();
return true;
} else {
@@ -319,7 +351,7 @@
$success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->hostDN, $values );
if ( $success ) {
$wgAuth->printDebug( "Successfully removed $ip
from $this->hostDN", NONSENSITIVE );
- $this->domain->updateSOA();
+ $this->getDomain()->updateSOA();
$this->fetchHostInfo();
return true;
} else {
@@ -351,7 +383,7 @@
$success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->hostDN, $values );
if ( $success ) {
$wgAuth->printDebug( "Successfully added $fqdn to
$this->hostDN", NONSENSITIVE );
- $this->domain->updateSOA();
+ $this->getDomain()->updateSOA();
$this->fetchHostInfo();
return true;
} else {
@@ -380,7 +412,7 @@
$success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->hostDN, $values );
if ( $success ) {
$wgAuth->printDebug( "Successfully added $ip to
$this->hostDN", NONSENSITIVE );
- $this->domain->updateSOA();
+ $this->getDomain()->updateSOA();
$this->fetchHostInfo();
return true;
} else {
@@ -402,7 +434,7 @@
$success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->hostDN, $values );
if ( $success ) {
$wgAuth->printDebug( "Successfully set $ip on
$this->hostDN", NONSENSITIVE );
- $this->domain->updateSOA();
+ $this->getDomain()->updateSOA();
$this->fetchHostInfo();
return true;
} else {
@@ -420,8 +452,27 @@
* @param $domain
* @return OpenStackNovaHost
*/
- static function getHostByName( $hostname, $domain ) {
- $host = new OpenStackNovaHost( $hostname, $domain );
+ static function getPrivateHost( $hostname ) {
+ $host = new OpenStackNovaHost( true, $hostname, null );
+ if ( $host->hostInfo ) {
+ return $host;
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Get a public host by the host's ip. Returns
+ * null if the entry does not exist.
+ *
+ * @static
+ * @param $ip
+ * @return OpenStackNovaHost
+ */
+ static function getHostByPublicIP( $ip ) {
+ global $wgAuth;
+
+ $host = new OpenStackNovaHost( false, null, $ip );
if ( $host->hostInfo ) {
return $host;
} else {
@@ -437,72 +488,30 @@
* @return OpenStackNovaHost
*/
static function getHostByInstanceId( $instanceid ) {
- $domain = OpenStackNovaDomain::getDomainByInstanceId(
$instanceid );
- if ( $domain ) {
- return self::getHostByName( $instanceid, $domain );
- } else {
- return null;
- }
+ return self::getPrivateHost( $instanceid );
}
/**
- * Get a host by ip address and an OpenStackNovaDomain. Returns null if
- * the entry does not exist.
- *
- * @static
- * @param $ip
- * @return null|OpenStackNovaHost
- */
- static function getHostByIP( $ip ) {
- global $wgAuth;
- global $wgOpenStackManagerLDAPInstanceBaseDN;
-
- $domain = OpenStackNovaDomain::getDomainByHostIP( $ip );
- if ( ! $domain ) {
- return null;
- }
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(arecord=' . $ip .
')' );
- $hostInfo = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
- if ( $hostInfo["count"] == "0" ) {
- return null;
- } else {
- array_shift( $hostInfo );
- $hostname = $hostInfo[0]['dc'][0];
- $host = OpenStackNovaHost::getHostByName( $hostname,
$domain );
- return $host;
- }
- }
-
- /**
- * Get all host entries that have the specified IP address assigned.
Returns
- * an empty array if none are found.
+ * Get private host entries that has the specified IP address assigned.
Returns
+ * null if none is found.
*
* @static
* @param $ip
* @return array
*/
- static function getHostsByIP( $ip ) {
+ static function getHostByPrivateIP( $ip ) {
global $wgAuth;
global $wgOpenStackManagerLDAPInstanceBaseDN;
$result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(arecord=' . $ip .
')' );
- $hostsInfo = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
- if ( $hostsInfo["count"] == "0" ) {
- return array();
+ $hostInfo = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
+ if ( $hostInfo["count"] == "0" ) {
+ return null;
} else {
- $hosts = array();
- array_shift( $hostsInfo );
- foreach ( $hostsInfo as $host ) {
- $hostname = $host['dc'][0];
- $domainname = explode( '.',
$host['associateddomain'][0] );
- $domainname = $domainname[1];
- $domain = OpenStackNovaDomain::getDomainByName(
$domainname );
- $hostObject = OpenStackNovaHost::getHostByName(
$hostname, $domain );
- if ( $hostObject ) {
- $hosts[] = $hostObject;
- }
- }
- return $hosts;
+ $host = $hotsInfo[0];
+ $hostname = $host['dc'][0];
+ $hostObject = OpenStackNovaHost::getHostByInstanceId(
$hostname );
+ return $hostObject;
}
}
@@ -527,7 +536,7 @@
# First entry is always a count
array_shift( $entries );
foreach ( $entries as $entry ) {
- $hosts[] = new OpenStackNovaHost(
$entry['dc'][0], $domain );
+ $hosts[] = new OpenStackNovaHost( true,
$entry['dc'][0], null );
}
}
}
@@ -544,9 +553,12 @@
function deleteHost() {
global $wgAuth;
+ # Grab the domain now, before we delete the entry and it's no
longer there to grab.
+ $domain = $this->getDomain();
+
$success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $this->hostDN );
if ( $success ) {
- $this->getDomain()->updateSOA();
+ $domain->updateSOA();
$wgAuth->printDebug( "Successfully deleted host " .
$this->getHostName(), NONSENSITIVE );
return true;
} else {
@@ -583,7 +595,8 @@
$ip = null;
}
$domainname = $domain->getFullyQualifiedDomainName();
- $host = OpenStackNovaHost::getHostByName( $hostname, $domain );
+ $fqdn = $instanceid . '.' . $domainname;
+ $host = OpenStackNovaHost::getHostByInstanceId( $instanceid );
if ( $host ) {
$wgAuth->printDebug( "Failed to add host $hostname as
the DNS entry already exists", NONSENSITIVE );
return null;
@@ -592,7 +605,7 @@
$hostEntry['objectclass'][] = 'dcobject';
$hostEntry['objectclass'][] = 'dnsdomain';
$hostEntry['objectclass'][] = 'domainrelatedobject';
- $hostEntry['dc'] = $instanceid;
+ $hostEntry['dc'] = $fqdn;
# $hostEntry['l'] = $instance->getInstanceAvailabilityZone();
if ( $ip ) {
$hostEntry['arecord'] = $ip;
@@ -625,15 +638,15 @@
$hostEntry['puppetvar'][] = 'instanceproject=' .
$project;
$hostEntry['puppetvar'][] = 'instancename=' . $hostname;
}
- $dn = 'dc=' . $instanceid . ',dc=' . $domain->getDomainName() .
',' . $wgOpenStackManagerLDAPInstanceBaseDN;
+ $dn = 'dc=' . $fqdn . ',' .
$wgOpenStackManagerLDAPInstanceBaseDN;
$success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $dn, $hostEntry );
if ( $success ) {
$domain->updateSOA();
$wgAuth->printDebug( "Successfully added host
$hostname", NONSENSITIVE );
- return new OpenStackNovaHost( $hostname, $domain );
+ return new OpenStackNovaHost( false, $hostname, null );
} else {
- $wgAuth->printDebug( "Failed to add host $hostname",
NONSENSITIVE );
+ $wgAuth->printDebug( "Failed to add host $hostname with
dn of $dn", NONSENSITIVE );
return null;
}
}
@@ -656,7 +669,7 @@
OpenStackNovaLdapConnection::connect();
$domainname = $domain->getFullyQualifiedDomainName();
- $host = OpenStackNovaHost::getHostByName( $hostname, $domain );
+ $host = OpenStackNovaHost::getHostByPublicIP( $ip );
if ( $host ) {
$wgAuth->printDebug( "Failed to add public host
$hostname as the DNS entry already exists", NONSENSITIVE );
return null;
@@ -665,18 +678,18 @@
$hostEntry['objectclass'][] = 'dcobject';
$hostEntry['objectclass'][] = 'dnsdomain';
$hostEntry['objectclass'][] = 'domainrelatedobject';
- $hostEntry['dc'] = $hostname;
+ $hostEntry['dc'] = $ip;
$hostEntry['arecord'] = $ip;
$hostEntry['associateddomain'][] = $hostname . '.' .
$domainname;
- $dn = 'dc=' . $hostname . ',dc=' . $domain->getDomainName() .
',' . $wgOpenStackManagerLDAPInstanceBaseDN;
+ $dn = 'dc=' . $ip . ',' . $wgOpenStackManagerLDAPInstanceBaseDN;
$success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $dn, $hostEntry );
if ( $success ) {
$domain->updateSOA();
$wgAuth->printDebug( "Successfully added public host
$hostname", NONSENSITIVE );
- return new OpenStackNovaHost( $hostname, $domain );
+ return new OpenStackNovaHost( false, null, $ip );
} else {
- $wgAuth->printDebug( "Failed to add public host
$hostname", NONSENSITIVE );
+ $wgAuth->printDebug( "Failed to add public host
$hostname with dn = $dn", NONSENSITIVE );
return null;
}
}
diff --git a/nova/OpenStackNovaSudoer.php b/nova/OpenStackNovaSudoer.php
index cc05e1d..f2e5353 100644
--- a/nova/OpenStackNovaSudoer.php
+++ b/nova/OpenStackNovaSudoer.php
@@ -161,13 +161,10 @@
// For good measure, put the display name in
there too.
// modern instances identify themselves that
way.
list ( $name, $domain ) = explode( '.', $host );
- $domainobj =
OpenStackNovaDomain::getDomainByName( $domain );
- if ( $domainobj ) {
- $hostobj =
OpenStackNovaHost::getHostByName( $name, $domainobj );
- if ( $hostobj ) {
- $displayfqdn =
$hostobj->getFullyQualifiedDisplayName();
- $sudoer['sudohost'][] =
$displayfqdn;
- }
+ $hostobj =
OpenStackNovaHost::getHostByInstanceId( $name );
+ if ( $hostobj ) {
+ $displayfqdn =
$hostobj->getFullyQualifiedDisplayName();
+ $sudoer['sudohost'][] = $displayfqdn;
}
}
}
@@ -303,7 +300,7 @@
list ( $name, $domain ) = explode( '.', $host );
$domainobj =
OpenStackNovaDomain::getDomainByName( $domain );
if ( $domainobj ) {
- $hostobj =
OpenStackNovaHost::getHostByName( $name, $domainobj );
+ $hostobj =
OpenStackNovaHost::getHostByInstanceId( $name );
if ( $hostobj ) {
$displayfqdn =
$hostobj->getFullyQualifiedDisplayName();
$sudoer['sudohost'][] =
$displayfqdn;
diff --git a/special/SpecialNovaAddress.php b/special/SpecialNovaAddress.php
index 1b3c7e6..79aab7c 100644
--- a/special/SpecialNovaAddress.php
+++ b/special/SpecialNovaAddress.php
@@ -337,7 +337,7 @@
return false;
}
$id = $this->getRequest()->getText( 'id' );
- $domain = $this->getRequest()->getText( 'domain' );
+ $fqdn = $this->getRequest()->getText( 'fqdn' );
$hostname = $this->getRequest()->getText( 'hostname' );
if ( ! $this->getRequest()->wasPosted() ) {
$address = $this->userNova->getAddress( $id );
@@ -360,10 +360,10 @@
'default' => $id,
'name' => 'id',
);
- $addressInfo['domain'] = array(
+ $addressInfo['fqdn'] = array(
'type' => 'hidden',
- 'default' => $domain,
- 'name' => 'domain',
+ 'default' => $fqdn,
+ 'name' => 'fqdn',
);
$addressInfo['hostname'] = array(
'type' => 'hidden',
@@ -467,27 +467,23 @@
$this->pushResourceColumn( $addressRow, '' );
$this->pushResourceColumn( $addressRow, '' );
}
- $hosts = OpenStackNovaHost::getHostsByIP( $ip );
- if ( $hosts ) {
- $hostArr = array();
- foreach ( $hosts as $host ) {
- $domain = $host->getDomain();
- $fqdns = $host->getAssociatedDomains();
- foreach ( $fqdns as $fqdn ) {
- $hostname = explode( '.', $fqdn
);
- $hostname = $hostname[0];
- $link = $this->createActionLink(
-
'openstackmanager-removehost-action',
- array(
- 'action' =>
'removehost',
- 'id' => $id,
'project' => $projectName,
- 'region' =>
$region,
- 'domain' =>
$domain->getDomainName(),
- 'hostname' =>
$hostname
- )
- );
- $hostArr[] = htmlentities(
$fqdn ) . ' ' . $link;
- }
+ $host = OpenStackNovaHost::getHostByPublicIP( $ip );
+ if ( $host ) {
+ $fqdns = $host->getAssociatedDomains();
+ foreach ( $fqdns as $fqdn ) {
+ $hostname = explode( '.', $fqdn );
+ $hostname = $hostname[0];
+ $link = $this->createActionLink(
+
'openstackmanager-removehost-action',
+ array(
+ 'action' =>
'removehost',
+ 'id' => $id, 'project'
=> $projectName,
+ 'region' => $region,
+ 'fqdn' => $fqdn,
+ 'hostname' => $hostname
+ )
+ );
+ $hostArr[] = htmlentities( $fqdn ) . '
' . $link;
}
$this->pushRawResourceColumn( $addressRow,
$this->createResourceList( $hostArr ) );
} else {
@@ -592,8 +588,8 @@
$outputPage->addWikiMsg(
'openstackmanager-cannotreleaseaddress', $ip );
return true;
}
- $hosts = OpenStackNovaHost::getHostsByIP( $ip );
- if ( $hosts ) {
+ $host = OpenStackNovaHost::getHostByPublicIP( $ip );
+ if ( $host ) {
$outputPage->addWikiMsg(
'openstackmanager-cannotreleaseaddress', $ip );
return true;
}
@@ -696,18 +692,9 @@
$hostname = $formData['hostname'];
$domain = $formData['domain'];
$domain = OpenStackNovaDomain::getDomainByName( $domain );
- $hostbyname = OpenStackNovaHost::getHostByName( $hostname,
$domain );
- $hostbyip = OpenStackNovaHost::getHostByIP( $ip );
+ $hostbyip = OpenStackNovaHost::getHostByPublicIP( $ip );
- if ( $hostbyname ) {
- # We need to add an arecord, if the arecord doesn't
already exist
- $success = $hostbyname->addARecord( $ip );
- if ( $success ) {
- $outputPage->addWikiMsg(
'openstackmanager-addedhost', $hostname, $ip );
- } else {
- $outputPage->addWikiMsg(
'openstackmanager-addhostfailed', $hostname, $ip );
- }
- } elseif ( $hostbyip ) {
+ if ( $hostbyip ) {
# We need to add an associateddomain, if the
associateddomain doesn't already exist
$success = $hostbyip->addAssociatedDomain( $hostname .
'.' . $domain->getFullyQualifiedDomainName() );
if ( $success ) {
@@ -749,11 +736,9 @@
}
$ip = $address->getPublicIp();
$hostname = $formData['hostname'];
- $domain = $formData['domain'];
- $domain = OpenStackNovaDomain::getDomainByName( $domain );
- $host = OpenStackNovaHost::getHostByName( $hostname, $domain );
+ $fqdn = $formData['fqdn'];
+ $host = OpenStackNovaHost::getHostByPublicIP( $ip );
if ( $host ) {
- $fqdn = $hostname . '.' .
$domain->getFullyQualifiedDomainName();
$records = $host->getAssociatedDomains();
if ( count( $records ) > 1 ) {
# We need to keep the host, but remove the fqdn
--
To view, visit https://gerrit.wikimedia.org/r/84546
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia604df3317e7ba92240f02e8ae3dd0776b17ca4b
Gerrit-PatchSet: 5
Gerrit-Project: mediawiki/extensions/OpenStackManager
Gerrit-Branch: master
Gerrit-Owner: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Ryan Lane <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
