Juju Charms Collection
neutron-api-contrail package

Merge lp:~dmitriis/charms/trusty/neutron-api-contrail/trunk into lp:~sdn-charmers/charms/trusty/neutron-api-contrail/trunk

Trusty Tahr (14.04)
trunk
Merge into trunk

Proposed by Dmitrii Shcherbakov on 2017-03-17

Status:	Merged
Merged at revision:	16
Proposed branch:	lp:~dmitriis/charms/trusty/neutron-api-contrail/trunk
Merge into:	lp:~sdn-charmers/charms/trusty/neutron-api-contrail/trunk
Diff against target:	238 lines (+104/-31) 3 files modified hooks/neutron_api_contrail_hooks.py (+86/-25) hooks/neutron_api_contrail_utils.py (+12/-5) templates/ContrailPlugin.ini (+6/-1)
To merge this branch:	bzr merge lp:~dmitriis/charms/trusty/neutron-api-contrail/trunk
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Robert Ayres (community)		Approve on 2017-06-29
Ante Karamatić	2017-03-17	Pending
Review via email: mp+320153@code.launchpad.net

Description of the change

rbac support (rebased)

Revision history for this message

Bernhard Koessler (bkoessler) wrote on 2017-03-27:

you would also need to add the following to /etc/neutron/api-paste.ini:

[composite:neutronapi_v2_0]
keystone = user_token …

[filter:user_token] paste.filter_factory = neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory

Revision history for this message

Dmitrii Shcherbakov (dmitriis) wrote on 2017-03-27:

This is done in the neutron-api charm.

https://review.openstack.org/#/c/439270/

Best Regards,
Dmitrii Shcherbakov

*Dmitrii Shcherbakov * | *Canonical*
Field Software Engineer
<email address hidden>
IRC (freenode): Dmitrii-Sh

On Mon, Mar 27, 2017 at 12:57 PM, Bernhard Koessler <email address hidden>
wrote:

> you would also need to add the following to /etc/neutron/api-paste.ini:
>
> [composite:neutronapi_v2_0]
> keystone = user_token …
>
> [filter:user_token] paste.filter_factory = neutron_plugin_contrail.
> plugins.opencontrail.neutron_middleware:token_factory
>
> --
> https://code.launchpad.net/~dmitriis/charms/trusty/
> neutron-api-contrail/trunk/+merge/320153
> You are the owner of lp:~dmitriis/charms/trusty/
> neutron-api-contrail/trunk.
>

Revision history for this message

Robert Ayres (robert-ayres) wrote on 2017-05-23:

For this to get merged, please remove all the unnecessary formatting changes.

This diff should only contain the *actual* code changes.

Revision history for this message

Robert Ayres (robert-ayres) wrote on 2017-05-23:

Looks like r16 is PEP8 changes and r17 the RBAC changes.

To save effort, we can just look at merging r17 here.

Revision history for this message

Robert Ayres (robert-ayres) on 2017-06-29:

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Bilal Baqar

Dmitrii Shcherbakov

SDN Charmers

 === modified file 'hooks/neutron_api_contrail_hooks.py'
 --- hooks/neutron_api_contrail_hooks.py	2017-03-10 13:10:57 +0000
 +++ hooks/neutron_api_contrail_hooks.py	2017-03-17 09:27:11 +0000
@@ -11,7 +11,8 @@
      config,
      log,
      relation_get,
--    relation_set
++    relation_set,
++    relation_ids,
+ )
  from charmhelpers.core.host import (
@@ -31,28 +32,76 @@
      write_plugin_config
+ )
--PACKAGES = [ "neutron-plugin-contrail" ]
++PACKAGES = ["neutron-plugin-contrail"]
  hooks = Hooks()
  config = config()
++
  @hooks.hook("config-changed")
  def config_changed():
      pass
--@hooks.hook("contrail-api-relation-changed")
++
++def notify_neutron(rbac=relation_get('rbac')):
++    '''
++    Tell neutron to update its keystone middleware configuration
++    based upon the propagated configuration.
++    '''
++    rel = 'neutron-plugin-api-subordinate'
++
++    # pass a list of extra middleware with only a single
++    # item in this particular case
++    if rbac:
++        settings = {
++            'extra_middleware': [{
++                'name': 'user_token',
++                'type': 'filter',
++                'config': {
++                    'paste.filter_factory': 'neutron_plugin_contrail.plugins'
++                    '.opencontrail.neutron_middleware:token_factory'
++                }
++            }]
++        }
++    else:
++        settings = {
++            'extra_middleware': None
++        }
++    for rid in relation_ids(rel):
++        relation_set(relation_id=rid, relation_settings=settings)
++
++
++@hooks.hook("contrail-api-relation-joined",
++            "contrail-api-relation-changed")
  def contrail_api_changed():
--    if not relation_get("port"):
++    required_keys = ['port']
++    # only need to check for role availability if
++    # rbac is explicitly set
++    if relation_get('rbac'):
++        required_keys.append('cloud-admin-role')
++
++    if not all(relation_get(k) for k in required_keys):
          log("Relation not ready")
          return
      contrail_api_relation()
++    notify_neutron()
++
  @hooks.hook("contrail-api-relation-departed")
  @hooks.hook("contrail-api-relation-broken")
--@restart_on_change({"/etc/neutron/plugins/opencontrail/ContrailPlugin.ini": ["neutron-server"]})
++def contrail_api_broken():
++    contrail_api_relation()
++    # have to signal that we no longer have knowledge
++    # of rbac availability
++    notify_neutron(rbac=False)
++
++
++@restart_on_change(
++    {"/etc/neutron/plugins/opencontrail/ContrailPlugin.ini": ["neutron-server"]})
  def contrail_api_relation():
      write_plugin_config()
++
  @hooks.hook("identity-admin-relation-changed")
  def identity_admin_changed():
      if not relation_get("service_hostname"):
@@ -60,57 +109,69 @@
          return
      identity_admin_relation()
++
  @hooks.hook("identity-admin-relation-departed")
  @hooks.hook("identity-admin-relation-broken")
--@restart_on_change({"/etc/neutron/plugins/opencontrail/ContrailPlugin.ini": ["neutron-server"]})
++@restart_on_change(
++    {"/etc/neutron/plugins/opencontrail/ContrailPlugin.ini": ["neutron-server"]})
  def identity_admin_relation():
      write_plugin_config()
++
  @hooks.hook()
  def install():
      configure_sources(True, "install-sources", "install-keys")
      apt_upgrade(fatal=True, dist=True)
      apt_install(PACKAGES, fatal=True)
++
  def main():
      try:
          hooks.execute(sys.argv)
      except UnregisteredHookError as e:
          log("Unknown hook {} - skipping.".format(e))
--@hooks.hook("neutron-plugin-api-subordinate-relation-joined")
--def neutron_plugin_joined():
++
++@hooks.hook("neutron-plugin-api-subordinate-relation-changed")
++def neutron_plugin_changed():
      # create plugin config
      plugin = "neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2" \
               if version_compare(CONTRAIL_VERSION, "1.20~") >= 0 \
               else "neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_core.NeutronPluginContrailCoreV2"
      service_plugins = "neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2" \
                        if version_compare(CONTRAIL_VERSION, "3.0.2.0-34") >= 0 \
--                         and version_compare(OPENSTACK_VERSION, "2:7.0.0") >= 0 \
++        and version_compare(OPENSTACK_VERSION, "2:7.0.0") >= 0 \
                        else " "
--    extensions = [ "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions" ]
++    extensions = [
++        "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions"]
      if version_compare(CONTRAIL_VERSION, "3.0.2.0-34") >= 0 \
         and version_compare(OPENSTACK_VERSION, "2:7.0.0") >= 0:
--        extensions.append("/usr/lib/python2.7/dist-packages/neutron_lbaas/extensions")
++        extensions.append(
++            "/usr/lib/python2.7/dist-packages/neutron_lbaas/extensions")
      conf = {
--      "neutron-api": {
--        "/etc/neutron/neutron.conf": {
--          "sections": {
--            "DEFAULT": [
--              ("api_extensions_path", ":".join(extensions))
--            ]
--          }
++        "neutron-api": {
++            "/etc/neutron/neutron.conf": {
++                "sections": {
++                    "DEFAULT": [
++                        ("api_extensions_path", ":".join(extensions))
++                    ]
++                }
++            }
+         }
--      }
+     }
--    settings = { "neutron-plugin": "contrail",
--                 "core-plugin": plugin,
--                 "neutron-plugin-config": "/etc/neutron/plugins/opencontrail/ContrailPlugin.ini",
--                 "service-plugins": service_plugins,
--                 "quota-driver": "neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver",
--                 "subordinate_configuration": json.dumps(conf) }
++    settings = {
++        "neutron-plugin": "contrail",
++        "core-plugin": plugin,
++        "neutron-plugin-config": "/etc/neutron/plugins/opencontrail/ContrailPlugin.ini",
++        "service-plugins": service_plugins,
++        "quota-driver": "neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver",
++        "subordinate_configuration": json.dumps(conf)}
      relation_set(relation_settings=settings)
++    for rid in relation_ids('contrail-api'):
++        notify_neutron(relation_get(rid=rid, attribute='rbac'))
++
++
  @hooks.hook("upgrade-charm")
  def upgrade_charm():
      write_plugin_config()
 === modified file 'hooks/neutron_api_contrail_utils.py'
 --- hooks/neutron_api_contrail_utils.py	2017-03-10 13:10:57 +0000
 +++ hooks/neutron_api_contrail_utils.py	2017-03-17 09:27:11 +0000
@@ -14,6 +14,7 @@
  apt_pkg.init()
++
  def dpkg_version(pkg):
      try:
          return check_output(["dpkg-query", "-f", "${Version}\\n", "-W", pkg]).rstrip()
@@ -24,12 +25,18 @@
  OPENSTACK_VERSION = dpkg_version("neutron-server")
  def contrail_api_ctx():
--    ctxs = [ { "api_server": vip if vip \
--                 else gethostbyname(relation_get("private-address", unit, rid)),
--               "api_port": port }
++    ctxs = [{"api_server": vip if vip
++             else gethostbyname(relation_get("private-address", unit, rid)),
++             "api_port": port,
++             "rbac": rbac,
++             "cloud_admin_role": adminrole}
               for rid in relation_ids("contrail-api")
--             for unit, port, vip in
--             ((unit, relation_get("port", unit, rid), relation_get("vip", unit, rid))
++             for unit, port, vip, rbac, adminrole in
++             ((unit,
++               relation_get("port", unit, rid),
++               relation_get("vip", unit, rid),
++               relation_get("rbac", unit, rid),
++               relation_get("cloud-admin-role", unit, rid))
                for unit in related_units(rid))
               if port ]
      return ctxs[0] if ctxs else {}
 === modified file 'templates/ContrailPlugin.ini'
 --- templates/ContrailPlugin.ini	2017-01-31 13:04:53 +0000
 +++ templates/ContrailPlugin.ini	2017-03-17 09:27:11 +0000
@@ -6,7 +6,12 @@
  [APISERVER]
  api_server_ip = {{ api_server }}
  api_server_port = {{ api_port }}
--multi_tenancy = True
++
++{% if rbac -%}
++aaa_mode = rbac
++cloud_admin_role = {{ cloud_admin_role }}
++
++{% endif %}
  [KEYSTONE]
  admin_user = {{ admin_user }}

Juju Charms Collectionneutron-api-contrail package

Merge lp:~dmitriis/charms/trusty/neutron-api-contrail/trunk into lp:~sdn-charmers/charms/trusty/neutron-api-contrail/trunk

Commit message

Description of the change

Preview Diff

Subscribers

Juju Charms Collection
neutron-api-contrail package