Juju Charms Collection
nova-compute package

Merge lp:~cbjchen/charms/trusty/nova-compute/remove_stale_key into lp:~openstack-charmers-archive/charms/trusty/nova-compute/next

  1. Trusty Tahr (14.04)
  2. remove_stale_key
  3. Merge into next
Proposed by Liang Chen
Status: Merged
Merged at revision: 103
Proposed branch: lp:~cbjchen/charms/trusty/nova-compute/remove_stale_key
Merge into: lp:~openstack-charmers-archive/charms/trusty/nova-compute/next
Diff against target: 180 lines (+83/-9)
7 files modified
.pydevproject (+2/-2)
README.md (+7/-0)
config.yaml (+1/-1)
hooks/nova_compute_hooks.py (+8/-1)
hooks/nova_compute_utils.py (+11/-4)
tests/basic_deployment.py (+1/-1)
unit_tests/test_nova_compute_utils.py (+53/-0)
To merge this branch: bzr merge lp:~cbjchen/charms/trusty/nova-compute/remove_stale_key
Reviewer Review Type Date Requested Status
Edward Hope-Morley Approve
Review via email: mp+248949@code.launchpad.net

Description of the change

Clean up the keyring for glance after ceph service is destroyed and re-created like below,

1. break relation
2. destroy service
3. deploy new ceph service
4. add relation back

If old key exists, ensure_ceph_keyring will not store the newly retrieved key from ceph. There is another thing to be aware of for nova-compute node - stale libvirt secret key which will also be replaced with this patch. Though existing instances will not work anymore. There is nothing we can do in case the backend storage service(ceph) is destroyed. But this patch will at least make sure the nova-compute service continue to work.

To post a comment you must log in.
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #1783 nova-compute-next for cbjchen mp248949
    LINT FAIL: lint-test failed

LINT Results (max last 2 lines):
  hooks/nova_compute_utils.py:27:9: W291 trailing whitespace
  make: *** [lint] Error 1

Full lint test output: http://paste.ubuntu.com/10110137/
Build: http://10.245.162.77:8080/job/charm_lint_check/1783/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #1611 nova-compute-next for cbjchen mp248949
    UNIT FAIL: unit-test failed

UNIT Results (max last 2 lines):
  FAILED (SKIP=5, failures=1)
  make: *** [unit_test] Error 1

Full unit test output: http://paste.ubuntu.com/10110139/
Build: http://10.245.162.77:8080/job/charm_unit_test/1611/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #1803 nova-compute-next for cbjchen mp248949
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/1803/

Revision history for this message
Edward Hope-Morley (hopem) wrote :

I've deployed this along with the other ceph client changes and it all seems good. There is lint error but i'll fix when merging. Thanks Liang. +1

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file '.pydevproject'
--- .pydevproject 2013-11-17 21:48:39 +0000
+++ .pydevproject 2015-02-06 18:21:32 +0000
@@ -3,7 +3,7 @@
3<pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property>3<pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property>
4<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Default</pydev_property>4<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Default</pydev_property>
5<pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">5<pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
6<path>/nova-compute/hooks</path>6<path>/nova-compute-charm/hooks</path>
7<path>/nova-compute/unit_tests</path>7<path>/nova-compute-charm/unit_tests</path>
8</pydev_pathproperty>8</pydev_pathproperty>
9</pydev_project>9</pydev_project>
1010
=== added file 'README.md'
--- README.md 1970-01-01 00:00:00 +0000
+++ README.md 2015-02-06 18:21:32 +0000
@@ -0,0 +1,7 @@
1=====================
2nova-compute
3=====================
4
5Compute node for Openstack nova.
6
7
08
=== modified file 'config.yaml'
--- config.yaml 2014-12-15 11:38:06 +0000
+++ config.yaml 2015-02-06 18:21:32 +0000
@@ -124,7 +124,7 @@
124 this allows you to differentiate between them.124 this allows you to differentiate between them.
125 disable-neutron-security-groups:125 disable-neutron-security-groups:
126 type: boolean126 type: boolean
127 default:127 default: False
128 description: |128 description: |
129 Disable neutron based security groups - setting this configuration option129 Disable neutron based security groups - setting this configuration option
130 will override any settings configured via the nova-cloud-controller charm.130 will override any settings configured via the nova-cloud-controller charm.
131131
=== modified file 'hooks/nova_compute_hooks.py'
--- hooks/nova_compute_hooks.py 2015-01-12 12:04:00 +0000
+++ hooks/nova_compute_hooks.py 2015-02-06 18:21:32 +0000
@@ -34,6 +34,7 @@
34 ensure_ceph_keyring,34 ensure_ceph_keyring,
35 CephBrokerRq,35 CephBrokerRq,
36 CephBrokerRsp,36 CephBrokerRsp,
37 delete_keyring,
37)38)
38from charmhelpers.payload.execd import execd_preinstall39from charmhelpers.payload.execd import execd_preinstall
39from nova_compute_utils import (40from nova_compute_utils import (
@@ -282,8 +283,14 @@
282 log("Request(s) sent to Ceph broker (rid=%s)" % (rid))283 log("Request(s) sent to Ceph broker (rid=%s)" % (rid))
283284
284285
286@hooks.hook('ceph-relation-broken')
287def ceph_broken():
288 service = service_name()
289 delete_keyring(service=service)
290 CONFIGS.write_all()
291
292
285@hooks.hook('amqp-relation-broken',293@hooks.hook('amqp-relation-broken',
286 'ceph-relation-broken',
287 'image-service-relation-broken',294 'image-service-relation-broken',
288 'shared-db-relation-broken',295 'shared-db-relation-broken',
289 'pgsql-db-relation-broken')296 'pgsql-db-relation-broken')
290297
=== modified file 'hooks/nova_compute_utils.py'
--- hooks/nova_compute_utils.py 2014-12-16 17:28:40 +0000
+++ hooks/nova_compute_utils.py 2015-02-06 18:21:32 +0000
@@ -23,7 +23,8 @@
23 related_units,23 related_units,
24 relation_ids,24 relation_ids,
25 relation_get,25 relation_get,
26 DEBUG26 DEBUG,
27 INFO
27)28)
2829
29from charmhelpers.contrib.openstack.neutron import neutron_plugin_attribute30from charmhelpers.contrib.openstack.neutron import neutron_plugin_attribute
@@ -448,9 +449,15 @@
448def create_libvirt_secret(secret_file, secret_uuid, key):449def create_libvirt_secret(secret_file, secret_uuid, key):
449 uri = LIBVIRT_URIS[config('virt-type')]450 uri = LIBVIRT_URIS[config('virt-type')]
450 if secret_uuid in check_output(['virsh', '-c', uri, 'secret-list']):451 if secret_uuid in check_output(['virsh', '-c', uri, 'secret-list']):
451 log('Libvirt secret already exists for uuid %s.' % secret_uuid,452 old_key = check_output(['virsh', '-c', uri, 'secret-get-value',
452 level=DEBUG)453 secret_uuid])
453 return454 if old_key == key:
455 log('Libvirt secret already exists for uuid %s.' % secret_uuid,
456 level=DEBUG)
457 return
458 else:
459 log('Libvirt secret changed for uuid %s.' % secret_uuid,
460 level=INFO)
454 log('Defining new libvirt secret for uuid %s.' % secret_uuid)461 log('Defining new libvirt secret for uuid %s.' % secret_uuid)
455 cmd = ['virsh', '-c', uri, 'secret-define', '--file', secret_file]462 cmd = ['virsh', '-c', uri, 'secret-define', '--file', secret_file]
456 check_call(cmd)463 check_call(cmd)
457464
=== modified file 'tests/basic_deployment.py'
--- tests/basic_deployment.py 2014-09-30 20:31:36 +0000
+++ tests/basic_deployment.py 2015-02-06 18:21:32 +0000
@@ -20,7 +20,7 @@
20class NovaBasicDeployment(OpenStackAmuletDeployment):20class NovaBasicDeployment(OpenStackAmuletDeployment):
21 """Amulet tests on a basic nova compute deployment."""21 """Amulet tests on a basic nova compute deployment."""
2222
23 def __init__(self, series=None, openstack=None, source=None, stable=False):23 def __init__(self, series=None, openstack=None, source=None, stable=True):
24 """Deploy the entire test environment."""24 """Deploy the entire test environment."""
25 super(NovaBasicDeployment, self).__init__(series, openstack, source, stable)25 super(NovaBasicDeployment, self).__init__(series, openstack, source, stable)
26 self._add_services()26 self._add_services()
2727
=== modified file 'unit_tests/test_nova_compute_utils.py'
--- unit_tests/test_nova_compute_utils.py 2014-12-15 10:28:47 +0000
+++ unit_tests/test_nova_compute_utils.py 2015-02-06 18:21:32 +0000
@@ -1,6 +1,7 @@
1import itertools1import itertools
2import tempfile2import tempfile
33
4import nova_compute_context as compute_context
4import nova_compute_utils as utils5import nova_compute_utils as utils
56
6from mock import (7from mock import (
@@ -322,3 +323,55 @@
322 utils.disable_shell('dummy')323 utils.disable_shell('dummy')
323 _check_call.assert_called_with(['usermod', '-s', '/bin/false',324 _check_call.assert_called_with(['usermod', '-s', '/bin/false',
324 'dummy'])325 'dummy'])
326
327 @patch.object(utils, 'check_call')
328 @patch.object(utils, 'check_output')
329 def test_create_libvirt_key(self, _check_output, _check_call):
330 key = 'AQCR2dRUaFQSOxAAC5fr79sLL3d7wVvpbbRFMg=='
331 self.test_config.set('virt-type', 'kvm')
332 utils.create_libvirt_secret(utils.CEPH_SECRET,
333 compute_context.CEPH_SECRET_UUID, key)
334 _check_output.assert_called_with(['virsh', '-c',
335 utils.LIBVIRT_URIS['kvm'],
336 'secret-list'])
337 _check_call.assert_called_with(['virsh', '-c',
338 utils.LIBVIRT_URIS['kvm'],
339 'secret-set-value', '--secret',
340 compute_context.CEPH_SECRET_UUID,
341 '--base64', key])
342
343 @patch.object(utils, 'check_call')
344 @patch.object(utils, 'check_output')
345 def test_create_libvirt_key_existing(self, _check_output, _check_call):
346 key = 'AQCR2dRUaFQSOxAAC5fr79sLL3d7wVvpbbRFMg=='
347 self.test_config.set('virt-type', 'kvm')
348 _check_output.side_effect = [compute_context.CEPH_SECRET_UUID, key]
349 utils.create_libvirt_secret(utils.CEPH_SECRET,
350 compute_context.CEPH_SECRET_UUID, key)
351 expected = [call(['virsh', '-c',
352 utils.LIBVIRT_URIS['kvm'], 'secret-list']),
353 call(['virsh', '-c',
354 utils.LIBVIRT_URIS['kvm'], 'secret-get-value',
355 compute_context.CEPH_SECRET_UUID])]
356 _check_output.assert_has_calls(expected)
357
358 @patch.object(utils, 'check_call')
359 @patch.object(utils, 'check_output')
360 def test_create_libvirt_key_stale(self, _check_output, _check_call):
361 key = 'AQCR2dRUaFQSOxAAC5fr79sLL3d7wVvpbbRFMg=='
362 old_key = 'CCCCCdRUaFQSOxAAC5fr79sLL3d7wVvpbbRFMg=='
363 self.test_config.set('virt-type', 'kvm')
364 _check_output.side_effect = [compute_context.CEPH_SECRET_UUID, old_key]
365 utils.create_libvirt_secret(utils.CEPH_SECRET,
366 compute_context.CEPH_SECRET_UUID, key)
367 expected = [call(['virsh', '-c',
368 utils.LIBVIRT_URIS['kvm'], 'secret-list']),
369 call(['virsh', '-c',
370 utils.LIBVIRT_URIS['kvm'], 'secret-get-value',
371 compute_context.CEPH_SECRET_UUID])]
372 _check_output.assert_has_calls(expected)
373 _check_call.assert_any_call(['virsh', '-c',
374 utils.LIBVIRT_URIS['kvm'],
375 'secret-set-value', '--secret',
376 compute_context.CEPH_SECRET_UUID,
377 '--base64', key])

Subscribers

People subscribed via source and target branches