Juju Charms Collection
nova-compute package

Merge lp:~cbjchen/charms/trusty/nova-compute/remove_stale_key into lp:~openstack-charmers-archive/charms/trusty/nova-compute/next

  1. Trusty Tahr (14.04)
  2. remove_stale_key
  3. Merge into next
Proposed by Liang Chen
Status: Merged
Merged at revision: 103
Proposed branch: lp:~cbjchen/charms/trusty/nova-compute/remove_stale_key
Merge into: lp:~openstack-charmers-archive/charms/trusty/nova-compute/next
Diff against target: 180 lines (+83/-9)
7 files modified
.pydevproject (+2/-2)
README.md (+7/-0)
config.yaml (+1/-1)
hooks/nova_compute_hooks.py (+8/-1)
hooks/nova_compute_utils.py (+11/-4)
tests/basic_deployment.py (+1/-1)
unit_tests/test_nova_compute_utils.py (+53/-0)
To merge this branch: bzr merge lp:~cbjchen/charms/trusty/nova-compute/remove_stale_key
Reviewer Review Type Date Requested Status
Edward Hope-Morley Approve
Review via email: mp+248949@code.launchpad.net

Description of the change

Clean up the keyring for glance after ceph service is destroyed and re-created like below,

1. break relation
2. destroy service
3. deploy new ceph service
4. add relation back

If old key exists, ensure_ceph_keyring will not store the newly retrieved key from ceph. There is another thing to be aware of for nova-compute node - stale libvirt secret key which will also be replaced with this patch. Though existing instances will not work anymore. There is nothing we can do in case the backend storage service(ceph) is destroyed. But this patch will at least make sure the nova-compute service continue to work.

To post a comment you must log in.
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #1783 nova-compute-next for cbjchen mp248949
    LINT FAIL: lint-test failed

LINT Results (max last 2 lines):
  hooks/nova_compute_utils.py:27:9: W291 trailing whitespace
  make: *** [lint] Error 1

Full lint test output: http://paste.ubuntu.com/10110137/
Build: http://10.245.162.77:8080/job/charm_lint_check/1783/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #1611 nova-compute-next for cbjchen mp248949
    UNIT FAIL: unit-test failed

UNIT Results (max last 2 lines):
  FAILED (SKIP=5, failures=1)
  make: *** [unit_test] Error 1

Full unit test output: http://paste.ubuntu.com/10110139/
Build: http://10.245.162.77:8080/job/charm_unit_test/1611/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #1803 nova-compute-next for cbjchen mp248949
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/1803/

Revision history for this message
Edward Hope-Morley (hopem) wrote :

I've deployed this along with the other ceph client changes and it all seems good. There is lint error but i'll fix when merging. Thanks Liang. +1

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file '.pydevproject'
2--- .pydevproject 2013-11-17 21:48:39 +0000
3+++ .pydevproject 2015-02-06 18:21:32 +0000
4@@ -3,7 +3,7 @@
5 <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property>
6 <pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Default</pydev_property>
7 <pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
8-<path>/nova-compute/hooks</path>
9-<path>/nova-compute/unit_tests</path>
10+<path>/nova-compute-charm/hooks</path>
11+<path>/nova-compute-charm/unit_tests</path>
12 </pydev_pathproperty>
13 </pydev_project>
14
15=== added file 'README.md'
16--- README.md 1970-01-01 00:00:00 +0000
17+++ README.md 2015-02-06 18:21:32 +0000
18@@ -0,0 +1,7 @@
19+=====================
20+nova-compute
21+=====================
22+
23+Compute node for Openstack nova.
24+
25+
26
27=== modified file 'config.yaml'
28--- config.yaml 2014-12-15 11:38:06 +0000
29+++ config.yaml 2015-02-06 18:21:32 +0000
30@@ -124,7 +124,7 @@
31 this allows you to differentiate between them.
32 disable-neutron-security-groups:
33 type: boolean
34- default:
35+ default: False
36 description: |
37 Disable neutron based security groups - setting this configuration option
38 will override any settings configured via the nova-cloud-controller charm.
39
40=== modified file 'hooks/nova_compute_hooks.py'
41--- hooks/nova_compute_hooks.py 2015-01-12 12:04:00 +0000
42+++ hooks/nova_compute_hooks.py 2015-02-06 18:21:32 +0000
43@@ -34,6 +34,7 @@
44 ensure_ceph_keyring,
45 CephBrokerRq,
46 CephBrokerRsp,
47+ delete_keyring,
48 )
49 from charmhelpers.payload.execd import execd_preinstall
50 from nova_compute_utils import (
51@@ -282,8 +283,14 @@
52 log("Request(s) sent to Ceph broker (rid=%s)" % (rid))
53
54
55+@hooks.hook('ceph-relation-broken')
56+def ceph_broken():
57+ service = service_name()
58+ delete_keyring(service=service)
59+ CONFIGS.write_all()
60+
61+
62 @hooks.hook('amqp-relation-broken',
63- 'ceph-relation-broken',
64 'image-service-relation-broken',
65 'shared-db-relation-broken',
66 'pgsql-db-relation-broken')
67
68=== modified file 'hooks/nova_compute_utils.py'
69--- hooks/nova_compute_utils.py 2014-12-16 17:28:40 +0000
70+++ hooks/nova_compute_utils.py 2015-02-06 18:21:32 +0000
71@@ -23,7 +23,8 @@
72 related_units,
73 relation_ids,
74 relation_get,
75- DEBUG
76+ DEBUG,
77+ INFO
78 )
79
80 from charmhelpers.contrib.openstack.neutron import neutron_plugin_attribute
81@@ -448,9 +449,15 @@
82 def create_libvirt_secret(secret_file, secret_uuid, key):
83 uri = LIBVIRT_URIS[config('virt-type')]
84 if secret_uuid in check_output(['virsh', '-c', uri, 'secret-list']):
85- log('Libvirt secret already exists for uuid %s.' % secret_uuid,
86- level=DEBUG)
87- return
88+ old_key = check_output(['virsh', '-c', uri, 'secret-get-value',
89+ secret_uuid])
90+ if old_key == key:
91+ log('Libvirt secret already exists for uuid %s.' % secret_uuid,
92+ level=DEBUG)
93+ return
94+ else:
95+ log('Libvirt secret changed for uuid %s.' % secret_uuid,
96+ level=INFO)
97 log('Defining new libvirt secret for uuid %s.' % secret_uuid)
98 cmd = ['virsh', '-c', uri, 'secret-define', '--file', secret_file]
99 check_call(cmd)
100
101=== modified file 'tests/basic_deployment.py'
102--- tests/basic_deployment.py 2014-09-30 20:31:36 +0000
103+++ tests/basic_deployment.py 2015-02-06 18:21:32 +0000
104@@ -20,7 +20,7 @@
105 class NovaBasicDeployment(OpenStackAmuletDeployment):
106 """Amulet tests on a basic nova compute deployment."""
107
108- def __init__(self, series=None, openstack=None, source=None, stable=False):
109+ def __init__(self, series=None, openstack=None, source=None, stable=True):
110 """Deploy the entire test environment."""
111 super(NovaBasicDeployment, self).__init__(series, openstack, source, stable)
112 self._add_services()
113
114=== modified file 'unit_tests/test_nova_compute_utils.py'
115--- unit_tests/test_nova_compute_utils.py 2014-12-15 10:28:47 +0000
116+++ unit_tests/test_nova_compute_utils.py 2015-02-06 18:21:32 +0000
117@@ -1,6 +1,7 @@
118 import itertools
119 import tempfile
120
121+import nova_compute_context as compute_context
122 import nova_compute_utils as utils
123
124 from mock import (
125@@ -322,3 +323,55 @@
126 utils.disable_shell('dummy')
127 _check_call.assert_called_with(['usermod', '-s', '/bin/false',
128 'dummy'])
129+
130+ @patch.object(utils, 'check_call')
131+ @patch.object(utils, 'check_output')
132+ def test_create_libvirt_key(self, _check_output, _check_call):
133+ key = 'AQCR2dRUaFQSOxAAC5fr79sLL3d7wVvpbbRFMg=='
134+ self.test_config.set('virt-type', 'kvm')
135+ utils.create_libvirt_secret(utils.CEPH_SECRET,
136+ compute_context.CEPH_SECRET_UUID, key)
137+ _check_output.assert_called_with(['virsh', '-c',
138+ utils.LIBVIRT_URIS['kvm'],
139+ 'secret-list'])
140+ _check_call.assert_called_with(['virsh', '-c',
141+ utils.LIBVIRT_URIS['kvm'],
142+ 'secret-set-value', '--secret',
143+ compute_context.CEPH_SECRET_UUID,
144+ '--base64', key])
145+
146+ @patch.object(utils, 'check_call')
147+ @patch.object(utils, 'check_output')
148+ def test_create_libvirt_key_existing(self, _check_output, _check_call):
149+ key = 'AQCR2dRUaFQSOxAAC5fr79sLL3d7wVvpbbRFMg=='
150+ self.test_config.set('virt-type', 'kvm')
151+ _check_output.side_effect = [compute_context.CEPH_SECRET_UUID, key]
152+ utils.create_libvirt_secret(utils.CEPH_SECRET,
153+ compute_context.CEPH_SECRET_UUID, key)
154+ expected = [call(['virsh', '-c',
155+ utils.LIBVIRT_URIS['kvm'], 'secret-list']),
156+ call(['virsh', '-c',
157+ utils.LIBVIRT_URIS['kvm'], 'secret-get-value',
158+ compute_context.CEPH_SECRET_UUID])]
159+ _check_output.assert_has_calls(expected)
160+
161+ @patch.object(utils, 'check_call')
162+ @patch.object(utils, 'check_output')
163+ def test_create_libvirt_key_stale(self, _check_output, _check_call):
164+ key = 'AQCR2dRUaFQSOxAAC5fr79sLL3d7wVvpbbRFMg=='
165+ old_key = 'CCCCCdRUaFQSOxAAC5fr79sLL3d7wVvpbbRFMg=='
166+ self.test_config.set('virt-type', 'kvm')
167+ _check_output.side_effect = [compute_context.CEPH_SECRET_UUID, old_key]
168+ utils.create_libvirt_secret(utils.CEPH_SECRET,
169+ compute_context.CEPH_SECRET_UUID, key)
170+ expected = [call(['virsh', '-c',
171+ utils.LIBVIRT_URIS['kvm'], 'secret-list']),
172+ call(['virsh', '-c',
173+ utils.LIBVIRT_URIS['kvm'], 'secret-get-value',
174+ compute_context.CEPH_SECRET_UUID])]
175+ _check_output.assert_has_calls(expected)
176+ _check_call.assert_any_call(['virsh', '-c',
177+ utils.LIBVIRT_URIS['kvm'],
178+ 'secret-set-value', '--secret',
179+ compute_context.CEPH_SECRET_UUID,
180+ '--base64', key])

Subscribers

People subscribed via source and target branches