adt-image-mapper

Merge lp:~ev/adt-image-mapper/fresh-keystone-client into lp:adt-image-mapper

  1. fresh-keystone-client
  2. Merge into trunk
Proposed by Evan
Status: Merged
Approved by: Evan
Approved revision: 16
Merged at revision: 11
Proposed branch: lp:~ev/adt-image-mapper/fresh-keystone-client
Merge into: lp:adt-image-mapper
Diff against target: 58 lines (+23/-11)
1 file modified
adt_image_mapper/cloud.py (+23/-11)
To merge this branch: bzr merge lp:~ev/adt-image-mapper/fresh-keystone-client
Reviewer Review Type Date Requested Status
Francis Ginther Approve
Evan (community) Needs Resubmitting
Review via email: mp+253545@code.launchpad.net

Commit message

Do not cache glanceclient so we get a fresh keystone auth token with every call.

Description of the change

I don't think it should be acceptable to use a bare exception to treat any error in talking to glance as 'expired token'. We can either explicitly look for 401 (glanceclient.exc.HTTPUnauthorized) or just get a fresh auth token from keystone with each call.

I'm proposing the latter to get the discussion moving. Is there a risk in requesting fresh tokens?

To post a comment you must log in.
Revision history for this message
Celso Providelo (cprov) wrote :

Well, getting new token is just slow, as in *few* seconds ...

Revision history for this message
Paul Larson (pwlars) wrote :

It's true, I don't think we're going to be generating enough traffic to realize a huge gain from the caching. I figured it was good practice though, so I tried to preserve it. Checking for glanceclient.exc.HTTPUnauthorized is what I originally tried to do, but it doesn't come through as that exception. However, if it's true that this is fixed in the glanceclient that we just updated to, it could be that we can just revert my previous patch, keep the caching, and all will be happy.

Revision history for this message
Evan (ev) wrote :

I'll rework this with that as a comment explaining why we retry on 401
rather than just get a fresh token. Thank you.

Revision history for this message
Francis Ginther (fginther) wrote :

We could potentially see request storms, although with only one adt-cloud-service, this would be limited to one requester. So it would be more like a steady downpour then a storm. Not sure if this will have any adverse impact on the keystone or glance services. I would assume that they are robust enough to not fall over because we use it too much. Just thinking out loud.

Is it ok to immediately re-attempt the request, or do we need to add a delay.

candidate_image will also be None when there are no images matching the criteria (i.e. there are no vivid-i386 images available). This should be treated as a different failure mode.

review: Needs Fixing
Revision history for this message
Evan (ev) :
review: Needs Resubmitting
Revision history for this message
Francis Ginther (fginther) wrote :

approve, thanks for reworking the exception handling.

review: Approve
Revision history for this message
Ubuntu CI Bot (uci-bot) wrote :

Attempt to merge into lp:adt-image-mapper failed due to conflicts:

text conflict in adt_image_mapper/cloud.py

lp:~ev/adt-image-mapper/fresh-keystone-client updated
16. By Evan

Merge with trunk.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'adt_image_mapper/cloud.py'
2--- adt_image_mapper/cloud.py 2015-03-19 22:30:01 +0000
3+++ adt_image_mapper/cloud.py 2015-03-20 16:46:10 +0000
4@@ -16,6 +16,7 @@
5 #
6
7 import logging
8+import time
9
10 import keystoneclient
11 import glanceclient
12@@ -24,6 +25,10 @@
13 logger = logging.getLogger(__name__)
14
15
16+class CloudMapperException(Exception):
17+ pass
18+
19+
20 class CloudImageMapper(object):
21
22 def __init__(self, config):
23@@ -52,18 +57,25 @@
24 return candidate_image
25
26 def get_image_for_series(self, series_name, architecture):
27- logger.info("Searching for image with series=%r, arch=%r", series_name, architecture)
28+ logger.info("Searching for image with series=%r, arch=%r", series_name,
29+ architecture)
30 glance_client = self.get_glance_client()
31- try:
32- candidate_image = self._get_candidate_image(
33- glance_client, series_name, architecture)
34- except Exception as e:
35- logger.debug("The following exception is probably just the "
36- "token needing to be refreshed")
37- logger.exception("Exception caught:")
38- glance_client = self.get_glance_client(refresh=True)
39- candidate_image = self._get_candidate_image(
40- glance_client, series_name, architecture)
41+ glance_success = False
42+ glance_wait = 2
43+ for attempt in range(2,5):
44+ try:
45+ args = (glance_client, series_name, architecture)
46+ candidate_image = self._get_candidate_image(*args)
47+ glance_success = True
48+ except glanceclient.exc.HTTPUnauthorized:
49+ logger.exception("Error authenticating to Glance:")
50+ glance_client = self.get_glance_client(refresh=True)
51+ time.sleep(glance_wait)
52+ glance_wait *= attempt
53+ if not glance_success:
54+ msg = 'Failed to talk to Glance too many times.'
55+ raise CloudMapperException(msg)
56+
57 logger.info("Search finished, found image %s", candidate_image.name)
58 return candidate_image.name if candidate_image else None
59

Subscribers

People subscribed via source and target branches

to all changes: