Merge lp:~tribaal/charms/trusty/nova-compute/enable-api-rate-limiting into lp:~openstack-charmers-archive/charms/trusty/nova-compute/next
- Trusty Tahr (14.04)
- enable-api-rate-limiting
- Merge into next
Status: | Merged |
---|---|
Merged at revision: | 164 |
Proposed branch: | lp:~tribaal/charms/trusty/nova-compute/enable-api-rate-limiting |
Merge into: | lp:~openstack-charmers-archive/charms/trusty/nova-compute/next |
Diff against target: |
246 lines (+182/-1) 5 files modified
config.yaml (+10/-0) hooks/nova_compute_context.py (+9/-0) hooks/nova_compute_utils.py (+5/-0) templates/api-paste.ini (+141/-0) tests/basic_deployment.py (+17/-1) |
To merge this branch: | bzr merge lp:~tribaal/charms/trusty/nova-compute/enable-api-rate-limiting |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Liam Young (community) | Approve | ||
Review via email: mp+272884@code.launchpad.net |
Commit message
Description of the change
This branch introduces a new api-rate-
of the nova API by writing the passed value to the /etc/nova/
- 165. By Chris Glass
-
Forgot to check the output.
uosci-testing-bot (uosci-testing-bot) wrote : | # |
uosci-testing-bot (uosci-testing-bot) wrote : | # |
charm_unit_test #10295 nova-compute-next for tribaal mp272884
UNIT OK: passed
uosci-testing-bot (uosci-testing-bot) wrote : | # |
charm_lint_check #11090 nova-compute-next for tribaal mp272884
LINT OK: passed
Build: http://
uosci-testing-bot (uosci-testing-bot) wrote : | # |
charm_unit_test #10297 nova-compute-next for tribaal mp272884
UNIT OK: passed
uosci-testing-bot (uosci-testing-bot) wrote : | # |
charm_amulet_test #6896 nova-compute-next for tribaal mp272884
AMULET FAIL: amulet-test failed
AMULET Results (max last 2 lines):
make: *** [test] Error 1
ERROR:root:Make target returned non-zero.
Full amulet test output: http://
Build: http://
uosci-testing-bot (uosci-testing-bot) wrote : | # |
charm_lint_check #11151 nova-compute-next for tribaal mp272884
LINT OK: passed
Build: http://
Liam Young (gnuoy) wrote : | # |
nova-compute install hook fails on ./tests/
0 upgraded, 0 newly installed, 0 to remove and 19 not upgraded.
Traceback (most recent call last):
File "/var/lib/
main()
File "/var/lib/
hooks.
File "/var/lib/
self.
File "/var/lib/
set_
File "/var/lib/
incomplete_
File "/var/lib/
complete_ctxts = configs.
File "/var/lib/
for i in six.itervalues(
File "/var/lib/
self.context()
File "/var/lib/
ctxt.
TypeError: 'APIRateLimitin
- 166. By Chris Glass
-
Fixing iterable idiocy.
Liam Young (gnuoy) wrote : | # |
Manually ran amulet for trusty and precise. All good! Approved
uosci-testing-bot (uosci-testing-bot) wrote : | # |
charm_amulet_test #6926 nova-compute-next for tribaal mp272884
AMULET FAIL: amulet-test failed
AMULET Results (max last 2 lines):
make: *** [test] Error 1
ERROR:root:Make target returned non-zero.
Full amulet test output: http://
Build: http://
Ryan Beisner (1chb1n) wrote : | # |
fwiw ^ The re-run (with test enviro looking sound) says precise-icehouse didn't have nova-api service started on the nova-compute/0 unit.
Preview Diff
1 | === modified file 'config.yaml' | |||
2 | --- config.yaml 2015-09-28 07:56:16 +0000 | |||
3 | +++ config.yaml 2015-10-01 15:08:20 +0000 | |||
4 | @@ -265,3 +265,13 @@ | |||
5 | 265 | description: | | 265 | description: | |
6 | 266 | The pecentage of system memory to use for hugepages eg '10%' or the total | 266 | The pecentage of system memory to use for hugepages eg '10%' or the total |
7 | 267 | number of 2M hugepages - eg "1024". | 267 | number of 2M hugepages - eg "1024". |
8 | 268 | api-rate-limit-rules: | ||
9 | 269 | type: string | ||
10 | 270 | default: | ||
11 | 271 | description: | | ||
12 | 272 | The API rate-limit rules to use for the deployed nova API, if any. | ||
13 | 273 | Contents of this config options will be inserted in the api-paste.ini file | ||
14 | 274 | under the "filter:ratelimit" section as "limits". The syntax for these | ||
15 | 275 | rules is documented at | ||
16 | 276 | http://docs.openstack.org/kilo/config-reference/content/configuring-compute-API.html | ||
17 | 277 | |||
18 | 268 | 278 | ||
19 | === modified file 'hooks/nova_compute_context.py' | |||
20 | --- hooks/nova_compute_context.py 2015-09-28 16:28:13 +0000 | |||
21 | +++ hooks/nova_compute_context.py 2015-10-01 15:08:20 +0000 | |||
22 | @@ -496,3 +496,12 @@ | |||
23 | 496 | ctxt['host_ip'] = host_ip | 496 | ctxt['host_ip'] = host_ip |
24 | 497 | 497 | ||
25 | 498 | return ctxt | 498 | return ctxt |
26 | 499 | |||
27 | 500 | |||
28 | 501 | class APIRateLimitingContext(context.OSContextGenerator): | ||
29 | 502 | def __call__(self): | ||
30 | 503 | ctxt = {} | ||
31 | 504 | rate_rules = config('api-rate-limit-rules') | ||
32 | 505 | if rate_rules: | ||
33 | 506 | ctxt['api_rate_limit_rules'] = rate_rules | ||
34 | 507 | return ctxt | ||
35 | 499 | 508 | ||
36 | === modified file 'hooks/nova_compute_utils.py' | |||
37 | --- hooks/nova_compute_utils.py 2015-09-29 15:14:35 +0000 | |||
38 | +++ hooks/nova_compute_utils.py 2015-10-01 15:08:20 +0000 | |||
39 | @@ -74,6 +74,7 @@ | |||
40 | 74 | CEPH_CONF, | 74 | CEPH_CONF, |
41 | 75 | ceph_config_file, | 75 | ceph_config_file, |
42 | 76 | HostIPContext, | 76 | HostIPContext, |
43 | 77 | APIRateLimitingContext | ||
44 | 77 | ) | 78 | ) |
45 | 78 | 79 | ||
46 | 79 | CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt' | 80 | CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt' |
47 | @@ -150,6 +151,7 @@ | |||
48 | 150 | LIBVIRT_BIN = '/etc/default/libvirt-bin' | 151 | LIBVIRT_BIN = '/etc/default/libvirt-bin' |
49 | 151 | LIBVIRT_BIN_OVERRIDES = '/etc/init/libvirt-bin.override' | 152 | LIBVIRT_BIN_OVERRIDES = '/etc/init/libvirt-bin.override' |
50 | 152 | NOVA_CONF = '%s/nova.conf' % NOVA_CONF_DIR | 153 | NOVA_CONF = '%s/nova.conf' % NOVA_CONF_DIR |
51 | 154 | API_PASTE_INI = '%s/api-paste.ini' % NOVA_CONF_DIR | ||
52 | 153 | 155 | ||
53 | 154 | BASE_RESOURCE_MAP = { | 156 | BASE_RESOURCE_MAP = { |
54 | 155 | NOVA_CONF: { | 157 | NOVA_CONF: { |
55 | @@ -175,6 +177,9 @@ | |||
56 | 175 | HostIPContext(), | 177 | HostIPContext(), |
57 | 176 | context.LogLevelContext()], | 178 | context.LogLevelContext()], |
58 | 177 | }, | 179 | }, |
59 | 180 | API_PASTE_INI: { | ||
60 | 181 | 'services': ['nova-compute'], | ||
61 | 182 | 'contexts': [APIRateLimitingContext()]} | ||
62 | 178 | } | 183 | } |
63 | 179 | 184 | ||
64 | 180 | LIBVIRT_RESOURCE_MAP = { | 185 | LIBVIRT_RESOURCE_MAP = { |
65 | 181 | 186 | ||
66 | === added file 'templates/api-paste.ini' | |||
67 | --- templates/api-paste.ini 1970-01-01 00:00:00 +0000 | |||
68 | +++ templates/api-paste.ini 2015-10-01 15:08:20 +0000 | |||
69 | @@ -0,0 +1,141 @@ | |||
70 | 1 | ############################################################################### | ||
71 | 2 | # [ WARNING ] | ||
72 | 3 | # Configuration file maintained by Juju. Local changes may be overwritten. | ||
73 | 4 | ############################################################################### | ||
74 | 5 | ############ | ||
75 | 6 | # Metadata # | ||
76 | 7 | ############ | ||
77 | 8 | [composite:metadata] | ||
78 | 9 | use = egg:Paste#urlmap | ||
79 | 10 | /: meta | ||
80 | 11 | |||
81 | 12 | [pipeline:meta] | ||
82 | 13 | pipeline = ec2faultwrap logrequest metaapp | ||
83 | 14 | |||
84 | 15 | [app:metaapp] | ||
85 | 16 | paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory | ||
86 | 17 | |||
87 | 18 | ####### | ||
88 | 19 | # EC2 # | ||
89 | 20 | ####### | ||
90 | 21 | |||
91 | 22 | [composite:ec2] | ||
92 | 23 | use = egg:Paste#urlmap | ||
93 | 24 | /: ec2cloud | ||
94 | 25 | |||
95 | 26 | [composite:ec2cloud] | ||
96 | 27 | use = call:nova.api.auth:pipeline_factory | ||
97 | 28 | noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor | ||
98 | 29 | noauth2 = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor | ||
99 | 30 | keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor | ||
100 | 31 | |||
101 | 32 | [filter:ec2faultwrap] | ||
102 | 33 | paste.filter_factory = nova.api.ec2:FaultWrapper.factory | ||
103 | 34 | |||
104 | 35 | [filter:logrequest] | ||
105 | 36 | paste.filter_factory = nova.api.ec2:RequestLogging.factory | ||
106 | 37 | |||
107 | 38 | [filter:ec2lockout] | ||
108 | 39 | paste.filter_factory = nova.api.ec2:Lockout.factory | ||
109 | 40 | |||
110 | 41 | [filter:ec2keystoneauth] | ||
111 | 42 | paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory | ||
112 | 43 | |||
113 | 44 | [filter:ec2noauth] | ||
114 | 45 | paste.filter_factory = nova.api.ec2:NoAuth.factory | ||
115 | 46 | |||
116 | 47 | [filter:cloudrequest] | ||
117 | 48 | controller = nova.api.ec2.cloud.CloudController | ||
118 | 49 | paste.filter_factory = nova.api.ec2:Requestify.factory | ||
119 | 50 | |||
120 | 51 | [filter:authorizer] | ||
121 | 52 | paste.filter_factory = nova.api.ec2:Authorizer.factory | ||
122 | 53 | |||
123 | 54 | [filter:validator] | ||
124 | 55 | paste.filter_factory = nova.api.ec2:Validator.factory | ||
125 | 56 | |||
126 | 57 | [app:ec2executor] | ||
127 | 58 | paste.app_factory = nova.api.ec2:Executor.factory | ||
128 | 59 | |||
129 | 60 | ############# | ||
130 | 61 | # OpenStack # | ||
131 | 62 | ############# | ||
132 | 63 | |||
133 | 64 | [composite:osapi_compute] | ||
134 | 65 | use = call:nova.api.openstack.urlmap:urlmap_factory | ||
135 | 66 | /: oscomputeversions | ||
136 | 67 | /v1.1: openstack_compute_api_v2 | ||
137 | 68 | /v2: openstack_compute_api_v2 | ||
138 | 69 | /v2.1: openstack_compute_api_v21 | ||
139 | 70 | /v3: openstack_compute_api_v3 | ||
140 | 71 | |||
141 | 72 | [composite:openstack_compute_api_v2] | ||
142 | 73 | use = call:nova.api.auth:pipeline_factory | ||
143 | 74 | noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2 | ||
144 | 75 | noauth2 = compute_req_id faultwrap sizelimit noauth2 ratelimit osapi_compute_app_v2 | ||
145 | 76 | keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2 | ||
146 | 77 | keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2 | ||
147 | 78 | |||
148 | 79 | [composite:openstack_compute_api_v21] | ||
149 | 80 | use = call:nova.api.auth:pipeline_factory_v21 | ||
150 | 81 | noauth = compute_req_id faultwrap sizelimit noauth osapi_compute_app_v21 | ||
151 | 82 | noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21 | ||
152 | 83 | keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21 | ||
153 | 84 | |||
154 | 85 | [composite:openstack_compute_api_v3] | ||
155 | 86 | use = call:nova.api.auth:pipeline_factory_v21 | ||
156 | 87 | noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3 | ||
157 | 88 | noauth2 = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3 | ||
158 | 89 | keystone = request_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3 | ||
159 | 90 | |||
160 | 91 | [filter:request_id] | ||
161 | 92 | paste.filter_factory = oslo.middleware:RequestId.factory | ||
162 | 93 | |||
163 | 94 | [filter:compute_req_id] | ||
164 | 95 | paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory | ||
165 | 96 | |||
166 | 97 | [filter:faultwrap] | ||
167 | 98 | paste.filter_factory = nova.api.openstack:FaultWrapper.factory | ||
168 | 99 | |||
169 | 100 | [filter:noauth] | ||
170 | 101 | paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareOld.factory | ||
171 | 102 | |||
172 | 103 | [filter:noauth2] | ||
173 | 104 | paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory | ||
174 | 105 | |||
175 | 106 | [filter:noauth_v3] | ||
176 | 107 | paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareV3.factory | ||
177 | 108 | |||
178 | 109 | [filter:ratelimit] | ||
179 | 110 | paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory | ||
180 | 111 | {% if api_rate_limit_rules -%} | ||
181 | 112 | limits = {{ api_rate_limit_rules}} | ||
182 | 113 | {% endif -%} | ||
183 | 114 | |||
184 | 115 | [filter:sizelimit] | ||
185 | 116 | paste.filter_factory = oslo.middleware:RequestBodySizeLimiter.factory | ||
186 | 117 | |||
187 | 118 | [app:osapi_compute_app_v2] | ||
188 | 119 | paste.app_factory = nova.api.openstack.compute:APIRouter.factory | ||
189 | 120 | |||
190 | 121 | [app:osapi_compute_app_v21] | ||
191 | 122 | paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory | ||
192 | 123 | |||
193 | 124 | [app:osapi_compute_app_v3] | ||
194 | 125 | paste.app_factory = nova.api.openstack.compute:APIRouterV3.factory | ||
195 | 126 | |||
196 | 127 | [pipeline:oscomputeversions] | ||
197 | 128 | pipeline = faultwrap oscomputeversionapp | ||
198 | 129 | |||
199 | 130 | [app:oscomputeversionapp] | ||
200 | 131 | paste.app_factory = nova.api.openstack.compute.versions:Versions.factory | ||
201 | 132 | |||
202 | 133 | ########## | ||
203 | 134 | # Shared # | ||
204 | 135 | ########## | ||
205 | 136 | |||
206 | 137 | [filter:keystonecontext] | ||
207 | 138 | paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory | ||
208 | 139 | |||
209 | 140 | [filter:authtoken] | ||
210 | 141 | paste.filter_factory = keystonemiddleware.auth_token:filter_factory | ||
211 | 0 | 142 | ||
212 | === modified file 'tests/basic_deployment.py' | |||
213 | --- tests/basic_deployment.py 2015-07-21 18:02:54 +0000 | |||
214 | +++ tests/basic_deployment.py 2015-10-01 15:08:20 +0000 | |||
215 | @@ -68,7 +68,9 @@ | |||
216 | 68 | def _configure_services(self): | 68 | def _configure_services(self): |
217 | 69 | """Configure all of the services.""" | 69 | """Configure all of the services.""" |
218 | 70 | nova_config = {'config-flags': 'auto_assign_floating_ip=False', | 70 | nova_config = {'config-flags': 'auto_assign_floating_ip=False', |
220 | 71 | 'enable-live-migration': 'False'} | 71 | 'enable-live-migration': 'False', |
221 | 72 | 'api-rate-limit-rules': | ||
222 | 73 | '( POST, *, .*, 9999, MINUTE );'} | ||
223 | 72 | nova_cc_config = {} | 74 | nova_cc_config = {} |
224 | 73 | if self.git: | 75 | if self.git: |
225 | 74 | amulet_http_proxy = os.environ.get('AMULET_HTTP_PROXY') | 76 | amulet_http_proxy = os.environ.get('AMULET_HTTP_PROXY') |
226 | @@ -466,6 +468,20 @@ | |||
227 | 466 | message = "nova config error: {}".format(ret) | 468 | message = "nova config error: {}".format(ret) |
228 | 467 | amulet.raise_status(amulet.FAIL, msg=message) | 469 | amulet.raise_status(amulet.FAIL, msg=message) |
229 | 468 | 470 | ||
230 | 471 | def test_api_paste_config(self): | ||
231 | 472 | """Check that the rate limiting is set on the nova api (for POSTs).""" | ||
232 | 473 | unit = self.nova_compute_sentry | ||
233 | 474 | conf = '/etc/nova/api-paste.ini' | ||
234 | 475 | section = "filter:ratelimit" | ||
235 | 476 | factory = ("nova.api.openstack.compute.limits:RateLimitingMiddleware" | ||
236 | 477 | ".factory") | ||
237 | 478 | expected = {"paste.filter_factory": factory, | ||
238 | 479 | "limits": "( POST, *, .*, 9999, MINUTE );"} | ||
239 | 480 | ret = u.validate_config_data(unit, conf, section, expected) | ||
240 | 481 | if ret: | ||
241 | 482 | message = "api paste config error: {}".format(ret) | ||
242 | 483 | amulet.raise_status(amulet.FAIL, msg=message) | ||
243 | 484 | |||
244 | 469 | def test_image_instance_create(self): | 485 | def test_image_instance_create(self): |
245 | 470 | """Create an image/instance, verify they exist, and delete them.""" | 486 | """Create an image/instance, verify they exist, and delete them.""" |
246 | 471 | # NOTE(coreycb): Skipping failing test on essex until resolved. essex | 487 | # NOTE(coreycb): Skipping failing test on essex until resolved. essex |
charm_lint_check #11089 nova-compute-next for tribaal mp272884
LINT OK: passed
Build: http:// 10.245. 162.77: 8080/job/ charm_lint_ check/11089/