inmanta-module-openstack 5.0.0__tar.gz → 5.0.2__tar.gz

{inmanta_module_openstack-5.0.0 → inmanta_module_openstack-5.0.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: inmanta-module-openstack
-Version: 5.0.0
+Version: 5.0.2
 License: Apache 2.0
 Requires-Dist: inmanta-module-ssh
 Requires-Dist: inmanta-module-std

{inmanta_module_openstack-5.0.0 → inmanta_module_openstack-5.0.2}/inmanta_module_openstack.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: inmanta-module-openstack
-Version: 5.0.0
+Version: 5.0.2
 License: Apache 2.0
 Requires-Dist: inmanta-module-ssh
 Requires-Dist: inmanta-module-std

{inmanta_module_openstack-5.0.0 → inmanta_module_openstack-5.0.2}/inmanta_module_openstack.egg-info/SOURCES.txt

@@ -30,14 +30,18 @@ inmanta_plugins/openstack/model/_init.cf
 inmanta_plugins/openstack/network/__init__.py
 inmanta_plugins/openstack/network/floating_ip.py
 inmanta_plugins/openstack/network/network.py
+inmanta_plugins/openstack/network/network_port.py
 inmanta_plugins/openstack/network/qos_policy.py
 inmanta_plugins/openstack/network/router.py
 inmanta_plugins/openstack/network/router_port.py
 inmanta_plugins/openstack/network/security_group.py
 inmanta_plugins/openstack/network/subnet.py
 inmanta_plugins/openstack/network/subnet_v6.py
+inmanta_plugins/openstack/network/trunk_network.py
+inmanta_plugins/openstack/network/trunk_port.py
 inmanta_plugins/openstack/quota/__init__.py
 inmanta_plugins/openstack/quota/quota.py
+tests/test_block_devices.py
 tests/test_dependency_handling.py
 tests/test_examples.py
 tests/test_flavor.py
@@ -45,4 +49,5 @@ tests/test_image.py
 tests/test_keystone.py
 tests/test_neutron.py
 tests/test_nova.py
-tests/test_quota.py
+tests/test_quota.py
+tests/test_trunk.py

{inmanta_module_openstack-5.0.0 → inmanta_module_openstack-5.0.2}/inmanta_plugins/openstack/__init__.py

@@ -29,6 +29,7 @@ from inmanta.plugins import PluginException, plugin
 
 IMAGES = {}
 FIND_IMAGE_RESULT = {}
+IMAGE_SIZE_RESULT = {}
 
 LOGGER = logging.getLogger(__name__)
 
@@ -114,6 +115,39 @@ def find_image(
             conn.close()
 
 
+@plugin
+def image_size_gb(provider: "openstack::Provider", image_id: "string") -> "int":
+    """
+    Return the size of a Glance image in GB, rounded up.
+
+    :param provider: The OpenStack provider to connect to.
+    :param image_id: The Glance image ID (e.g. from std::getfact(image, "image_id")).
+    """
+
+    ident = (provider.name, image_id)
+    if ident in IMAGE_SIZE_RESULT:
+        return IMAGE_SIZE_RESULT[ident]
+
+    conn = openstack.connection.Connection(
+        auth_url=provider.connection_url,
+        username=provider.username,
+        password=provider.password,
+        project_name=provider.project_name,
+        user_domain_name=provider.user_domain_name,
+        project_domain_name=provider.project_domain_name,
+        verify_cert=provider.verify_cert,
+    )
+    try:
+        image = conn.image.get_image(image_id)
+        size_gb = math.ceil(image.size / (1024**3))
+        IMAGE_SIZE_RESULT[ident] = size_gb
+        return size_gb
+    except openstack.exceptions.ResourceNotFound:
+        raise PluginException(f"Image '{image_id}' not found in Glance.")
+    finally:
+        conn.close()
+
+
 FLAVORS = {}
 FIND_FLAVOR_RESULT = {}
 

{inmanta_module_openstack-5.0.0 → inmanta_module_openstack-5.0.2}/inmanta_plugins/openstack/common/base.py

@@ -239,6 +239,35 @@ class OpenStackHandler(CRUDHandler):
         routers = self._connection.network.routers(**query_params)
         return self.require_single_item(routers)
 
+    def get_trunk(self, project_id=None, name=None, trunk_id=None):
+        """
+        Retrieve a trunk based on name or id
+        """
+        if not name and not trunk_id:
+            raise Exception("Either a name or an id needs to be provided.")
+
+        query_params = {}
+        if project_id:
+            query_params["project_id"] = project_id
+        if name:
+            query_params["name"] = name
+        if trunk_id:
+            query_params["id"] = trunk_id
+
+        trunks = self._connection.network.trunks(**query_params)
+        return self.require_single_item(trunks)
+
+    def get_port_by_name(self, name, project_id=None):
+        """
+        Retrieve a single neutron port by name, optionally scoped to a project
+        """
+        query_params = {"name": name}
+        if project_id:
+            query_params["project_id"] = project_id
+
+        ports = self._connection.network.ports(**query_params)
+        return self.require_single_item(ports)
+
     def get_domain(self, domain_name: str | None):
         """
         Retrieve the domain by name

{inmanta_module_openstack-5.0.0 → inmanta_module_openstack-5.0.2}/inmanta_plugins/openstack/compute/host_port.py

@@ -197,6 +197,10 @@ class HostPortHandler(OpenStackHandler):
             "admin_state_up": True,
             "name": resource.name,
             "network_id": self.network.id,
+            # Create the port in the resource's project. When the provider's auth
+            # project matches resource.project (the common case) this is a no-op;
+            # it only matters when an admin creates a port in another project.
+            "project_id": self.project_id,
         }
 
         if resource.address and not resource.dhcp:

{inmanta_module_openstack-5.0.0 → inmanta_module_openstack-5.0.2}/inmanta_plugins/openstack/compute/virtual_machine.py

@@ -29,6 +29,7 @@ from inmanta.agent.handler import (
 )
 from inmanta.execute import proxy
 from inmanta.resources import resource
+from openstack.exceptions import ResourceFailure, ResourceTimeout
 
 from inmanta_plugins.openstack.common.base import (
     NotUniqueException,
@@ -55,6 +56,7 @@ class VirtualMachine(OpenstackResource):
         "config_drive",
         "metadata",
         "personality",
+        "block_devices",
     )
     name: str
     flavor: str
@@ -67,6 +69,7 @@ class VirtualMachine(OpenstackResource):
     config_drive: bool
     metadata: dict[str, str]
     personality: dict[str, str]
+    block_devices: list[dict]
 
     @staticmethod
     def get_key_name(exporter, vm):
@@ -111,6 +114,27 @@ class VirtualMachine(OpenstackResource):
     def get_security_groups(_, vm):
         return sorted([v.name for v in vm.security_groups])
 
+    @staticmethod
+    def get_block_devices(_, vm):
+        result = []
+        for bd in vm.block_devices:
+            entry = {
+                "source_type": bd.source_type,
+                "destination_type": bd.destination_type,
+                "device_type": bd.device_type,
+                "boot_index": bd.boot_index,
+                "delete_on_termination": bd.delete_on_termination,
+            }
+            if bd.source_type != "blank":
+                # non-blank source types require a uuid
+                entry["uuid"] = bd.uuid
+            if bd.volume_size is not None:
+                entry["volume_size"] = bd.volume_size
+            if bd.disk_bus is not None:
+                entry["disk_bus"] = bd.disk_bus
+            result.append(entry)
+        return result
+
 
 @provider("openstack::VirtualMachine", name="openstack")
 class VirtualMachineHandler(OpenStackHandler):
@@ -196,6 +220,53 @@ class VirtualMachineHandler(OpenStackHandler):
         server = self.get_server_by_name(resource.name, project_id)
         return server is not None
 
+    def _raise_server_error(self, ctx: HandlerContext, log_message: str) -> None:
+        """Re-fetch self.server, log its Nova fault, and raise.
+
+        Used both when a server is found in ERROR state by read_resource and
+        when it transitions to ERROR during a build. Re-fetching is necessary
+        because the list API used by get_server_by_name may omit the fault body.
+        The ERROR-state server must be deleted (manually or via purge) before
+        Inmanta will attempt to recreate it.
+        """
+        server = self._connection.compute.get_server(self.server.id)
+        fault = getattr(server, "fault", None) or {}
+        msg = fault.get("message", "unknown error")
+        details = fault.get("details", "")
+        ctx.error(
+            log_message,
+            fault_message=msg,
+            fault_details=details,
+            server_id=self.server.id,
+        )
+        raise Exception(
+            f"Server {self.server.id} ({self.server.name}) is in ERROR state: {msg}"
+        ) from None
+
+    def _wait_for_active(self, ctx: HandlerContext, timeout: int = 600) -> None:
+        """Wait for self.server to reach ACTIVE, raise on ERROR or timeout."""
+        try:
+            self.server = self._connection.compute.wait_for_server(
+                self.server, wait=timeout
+            )
+        except ResourceFailure:
+            self._raise_server_error(ctx, "VM entered ERROR state during build")
+        except ResourceTimeout:
+            server = self._connection.compute.get_server(self.server.id)
+            status = getattr(server, "status", "unknown")
+            task_state = getattr(server, "task_state", "unknown")
+            ctx.error(
+                "Timed out waiting for VM to become ACTIVE",
+                timeout_seconds=timeout,
+                current_status=status,
+                current_task_state=task_state,
+                server_id=self.server.id,
+            )
+            raise Exception(
+                f"Server {self.server.id} did not reach ACTIVE within {timeout}s "
+                f"(status={status}, task_state={task_state})"
+            ) from None
+
     def read_resource(self, ctx: HandlerContext, resource: VirtualMachine) -> None:
         """
         This method will check what the status of the give resource is on
@@ -205,6 +276,11 @@ class VirtualMachineHandler(OpenStackHandler):
         if self.server is None:
             raise ResourcePurged()
 
+        if self.server.status == "ERROR":
+            self._raise_server_error(
+                ctx, "Server is in ERROR state; delete it to allow redeployment"
+            )
+
         resource.purged = False
         self._connection.compute.fetch_server_security_groups(self.server)
         resource.security_groups = [sg["name"] for sg in self.server.security_groups]
@@ -227,7 +303,6 @@ class VirtualMachineHandler(OpenStackHandler):
         sg_list = self._build_sg_list(resource)
         args = dict(
             name=resource.name,
-            image_id=resource.image,
             flavor_id=flavor.id,
             networks=nics,
             security_groups=sg_list,
@@ -237,12 +312,17 @@ class VirtualMachineHandler(OpenStackHandler):
             metadata=resource.metadata,
             files=resource.personality,
         )
+        if resource.block_devices:
+            args["block_device_mapping_v2"] = list(resource.block_devices)
+        else:
+            args["image_id"] = resource.image
         ctx.info(
             f"Creating server with name {resource.name} and options",
             options=args,
         )
 
         self.server = self._connection.compute.create_server(**args)
+        self._wait_for_active(ctx)
 
         self._set_facts(ctx)
         # Note: attach/detach of interfaces handled by Neutron or by passing ports at creation time

{inmanta_module_openstack-5.0.0 → inmanta_module_openstack-5.0.2}/inmanta_plugins/openstack/identity/user.py

@@ -52,7 +52,8 @@ class UserHandler(OpenStackHandler):
 
         resource.purged = False
         resource.enabled = user.is_enabled
-        resource.email = user.email
+        if resource.email is not None:
+            resource.email = user.email
 
         self.user = user
         ctx.set_fact("user_id", user.id, expires=False)

{inmanta_module_openstack-5.0.0 → inmanta_module_openstack-5.0.2}/inmanta_plugins/openstack/image/image.py

@@ -17,7 +17,6 @@ Contact: code@inmanta.com
 """
 
 import contextlib
-import time
 from typing import Any, Optional
 from urllib import request as urllib_request
 
@@ -43,6 +42,7 @@ class Image(OpenstackAdminResource):
     fields = (
         "name",
         "uri",
+        "file",
         "container_format",
         "disk_format",
         "image_id",
@@ -57,6 +57,7 @@ class Image(OpenstackAdminResource):
     disk_format: str
     metadata: dict[str, Any]
     uri: Optional[str]
+    file: Optional[str]
     skip_on_deploy: bool
     purge_on_delete: bool
     visibility: str
@@ -67,15 +68,53 @@ class Image(OpenstackAdminResource):
 @provider("openstack::Image", name="openstack")
 class ImageHandler(OpenStackHandler):
     image: OSImage
+    # Glance image statuses: https://docs.openstack.org/glance/latest/user/statuses.html
+    FAILURE_STATUSES = ["killed", "deleted", "pending_delete", "deactivated"]
 
     def _get_metadata_property(self, key: str) -> Any:
-        # openstacksdk exposes custom/extra fields via the resource's "properties"
-        # dictionary rather than as direct attributes.
-        return getattr(self.image, "properties", {}).get(key)
+        # openstacksdk stores unknown/custom fields in the resource's "properties"
+        # dictionary (e.g. hw_cdrom_bus), but glance properties it declares as
+        # typed attributes (e.g. vm_mode, hw_disk_bus, hw_vif_model) are consumed
+        # out of that dictionary and only reachable as attributes. Check both.
+        properties = getattr(self.image, "properties", None) or {}
+        if key in properties:
+            return properties[key]
+        return getattr(self.image, key, None)
 
     def _resource_has_explicit_image_id(self, resource: Image) -> bool:
         return resource.image_id not in (None, "", "auto")
 
+    def _image_in_failed_state(self) -> bool:
+        if self.image.status in self.FAILURE_STATUSES:
+            return True
+        # Flag failed imports
+        return self.image.status == "queued" and bool(
+            self._get_metadata_property("os_glance_failed_import")
+        )
+
+    def _raise_image_error(self, ctx: handler.HandlerContext, log_message: str) -> None:
+        """Re-fetch self.image, log its failure details, and raise.
+
+        Used both when an image is found in a failed state by read_resource and
+        when it enters one while waiting for it to become active after create.
+        The failed image must be deleted (manually or via purge) before Inmanta
+        will attempt to recreate it.
+        """
+        self.image = self._connection.image.get_image(self.image.id)
+        failed_stores = self._get_metadata_property("os_glance_failed_import") or ""
+        ctx.error(
+            log_message,
+            image_status=self.image.status,
+            failed_import_stores=failed_stores,
+            image_id=self.image.id,
+        )
+        details = f"status={self.image.status}"
+        if failed_stores:
+            details += f", import failed for store(s): {failed_stores}"
+        raise Exception(
+            f"Image {self.image.id} ({self.image.name}) is in a failed state ({details})"
+        ) from None
+
     def _get_image(self, resource: Image) -> Optional[OSImage]:
         if self._resource_has_explicit_image_id(resource):
             try:
@@ -108,6 +147,11 @@ class ImageHandler(OpenStackHandler):
 
         self.image = image
 
+        if self._image_in_failed_state():
+            self._raise_image_error(
+                ctx, "Image is in a failed state; delete it to allow redeployment"
+            )
+
         if self._resource_has_explicit_image_id(resource):
             resource.image_id = self.image.id
 
@@ -139,12 +183,15 @@ class ImageHandler(OpenStackHandler):
                 "When using image_id to manage an existing image, the image must already exist in OpenStack."
             )
 
-        # URI is required to create a new image
-        if not resource.uri:
+        if not resource.uri and not resource.file:
             raise InvalidOperation(
-                "The 'uri' attribute is required when creating a new image. "
+                "Either 'uri' or 'file' is required when creating a new image. "
                 "To manage an existing image, specify its image_id."
             )
+        if resource.uri and resource.file:
+            raise InvalidOperation(
+                "Only one of 'uri' or 'file' can be specified when creating an image."
+            )
 
         # Discover import methods
         methods = self._import_methods()
@@ -159,7 +206,10 @@ class ImageHandler(OpenStackHandler):
         }
 
         metadata = dict(resource.metadata)
-        metadata["uri"] = resource.uri
+        if resource.uri:
+            metadata["uri"] = resource.uri
+        elif resource.file:
+            metadata["source_file"] = resource.file
         metadata["inmanta_managed_keys"] = ",".join(resource.metadata.keys())
 
         self.image = self._connection.image.create_image(
@@ -170,7 +220,7 @@ class ImageHandler(OpenStackHandler):
         ctx.set_fact("image_id", self.image.id, expires=False)
 
         # Import using whichever supported method
-        self._import_image_via_methods(resource.uri, set(methods))
+        self._import_image_via_methods(resource, set(methods))
 
         if resource.skip_on_deploy:
             raise SkipResource(
@@ -178,31 +228,45 @@ class ImageHandler(OpenStackHandler):
                 ", but not waiting for it to deploy, because skip_on_deploy is set"
             )
         else:
-            self._wait_for_image_to_become_active()
+            self._wait_for_image_to_become_active(ctx)
         ctx.set_created()
 
-    def _wait_for_image_to_become_active(self, timeout: int = 60) -> None:
-        """
-        Poll until the Openstack image backing this resource reaches `active`.
-
-        :param timeout: An exception is raised when the image doesn't enter the `active` state
-                        after this amount of seconds.
-        """
-        if timeout < 0:
-            raise ValueError(f"Timeout cannot be negative: {timeout}")
-
-        start = time.time()
-        image: Optional[OSImage] = None
-        while time.time() < start + timeout:
-            image = self._connection.image.get_image(self.image)
-            if image and image.status == "active":
-                return
-            time.sleep(0.1)
-
-        raise Exception(
-            f"A timeout occurred while waiting for image {self.image.name} to enter the `active` state "
-            f"(status={image.status if image else None})"
-        )
+    def _wait_for_image_to_become_active(
+        self, ctx: handler.HandlerContext, timeout: int = 60
+    ) -> None:
+        """Wait for self.image to reach `active`, raise on a failure status or timeout."""
+        try:
+            self.image = self._connection.image.wait_for_status(
+                self.image,
+                status="active",
+                failures=self.FAILURE_STATUSES,
+                interval=2,
+                wait=timeout,
+            )
+        except openstack.exceptions.ResourceFailure:
+            self._raise_image_error(
+                ctx,
+                "Image entered a failed state while waiting for it to become active",
+            )
+        except openstack.exceptions.ResourceTimeout:
+            # A failed interoperable image import returns the image to "queued"
+            # rather than a failure status, so it surfaces here instead of as
+            # a ResourceFailure.
+            self.image = self._connection.image.get_image(self.image.id)
+            if self._image_in_failed_state():
+                self._raise_image_error(
+                    ctx, "Image import failed while waiting for it to become active"
+                )
+            ctx.error(
+                "Timed out waiting for image to become active",
+                timeout_seconds=timeout,
+                current_status=self.image.status,
+                image_id=self.image.id,
+            )
+            raise Exception(
+                f"Image {self.image.id} ({self.image.name}) did not reach `active` "
+                f"within {timeout}s (status={self.image.status})"
+            ) from None
 
     def delete_resource(self, ctx: handler.HandlerContext, resource: Image) -> None:
         self._connection.image.delete_image(self.image, ignore_missing=True)
@@ -250,26 +314,53 @@ class ImageHandler(OpenStackHandler):
         ctx.set_updated()
 
     def _import_methods(self) -> set[str]:
-        """Return supported import methods ('web-download' / 'glance-direct')."""
+        """Return the interoperable import methods enabled on this cloud that we
+        support ('web-download' / 'glance-direct').
+
+        May be empty: a local file can still be uploaded directly, without any
+        import method (see _import_image_via_methods).
+        """
         info = self._connection.image.get_import_info()
         methods = set(
             info.import_methods["value"]
         )  # {'description','type','value':[...]}
-        supported = methods & {"web-download", "glance-direct"}
-
-        if not supported:
-            raise InvalidOperation(
-                "Glance image import is not usable on this cloud: "
-                f"enabled methods = {methods}. Need 'web-download' or 'glance-direct'."
-            )
-        return supported
-
-    def _import_image_via_methods(self, uri: str, methods: set[str]) -> None:
-        if "web-download" in methods:
-            self._connection.image.import_image(
-                self.image, method="web-download", uri=uri
-            )
-        elif "glance-direct" in methods:
-            with contextlib.closing(urllib_request.urlopen(uri)) as resp:
-                self._connection.image.stage_image(self.image, data=resp)  # streamed
-            self._connection.image.import_image(self.image, method="glance-direct")
+        return methods & {"web-download", "glance-direct"}
+
+    def _import_image_via_methods(self, resource: Image, methods: set[str]) -> None:
+        """Upload the image's data to glance.
+
+        FILE: a local file on the agent machine. Uploaded with the classic direct
+              data upload (PUT /v2/images/{id}/file), which is independent of the
+              interoperable image import API and the methods it enables. The
+              'glance-direct' import method is used instead when the cloud exposes
+              it (e.g. multi-store backends that disable direct upload).
+        URI:  a remote location. Instruct the cloud to download the image directly
+              from the URI ('web-download'), or stream it through the orchestrator
+              if 'glance-direct' is the only supported method.
+        """
+        if resource.file:
+            if "glance-direct" in methods:
+                with open(resource.file, "rb") as f:
+                    self._connection.image.stage_image(self.image, data=f)
+                self._connection.image.import_image(self.image, method="glance-direct")
+            else:
+                with open(resource.file, "rb") as f:
+                    response = self.image.upload(self._connection.image, data=f)
+                openstack.exceptions.raise_from_response(response)
+        elif resource.uri:
+            if "web-download" in methods:
+                self._connection.image.import_image(
+                    self.image, method="web-download", uri=resource.uri
+                )
+            elif "glance-direct" in methods:
+                with contextlib.closing(urllib_request.urlopen(resource.uri)) as resp:
+                    self._connection.image.stage_image(
+                        self.image, data=resp
+                    )  # streamed
+                self._connection.image.import_image(self.image, method="glance-direct")
+            else:
+                raise InvalidOperation(
+                    "Importing an image from a URI requires the 'web-download' or "
+                    "'glance-direct' import method, but neither is enabled on this "
+                    f"cloud (enabled methods: {methods})."
+                )