Juju Charms Collection
nova-cloud-controller package

Merge lp:~freyes/charms/trusty/nova-cloud-controller/single-nova-consoleauth into lp:~openstack-charmers-archive/charms/trusty/nova-cloud-controller/next

  1. Trusty Tahr (14.04)
  2. single-nova-consoleauth
  3. Merge into next
Proposed by Felipe Reyes
Status: Superseded
Proposed branch: lp:~freyes/charms/trusty/nova-cloud-controller/single-nova-consoleauth
Merge into: lp:~openstack-charmers-archive/charms/trusty/nova-cloud-controller/next
Diff against target: 250 lines (+170/-28) (has conflicts)
3 files modified
config.yaml (+14/-0)
hooks/nova_cc_hooks.py (+33/-2)
unit_tests/test_nova_cc_hooks.py (+123/-26)
Text conflict in config.yaml
To merge this branch: bzr merge lp:~freyes/charms/trusty/nova-cloud-controller/single-nova-consoleauth
Reviewer Review Type Date Requested Status
Billy Olsen Needs Fixing
Review via email: mp+250339@code.launchpad.net

This proposal has been superseded by a proposal from 2015-03-02.

Description of the change

Dear OpenStack Charmers,

This patch configures a new pacemaker resource that will allow to run a single instance of nova-consoleauth service when console-access-protocol is defined.

Specifically, nova-consoleauth is configured to run where the vip is allocated, with this patch this will be default behaviour. This is needed for environments where the memcached cannot (or doesn't want to) be related to nova-cloud-controller to share the authorization tokens across all the running instances.

Example output of 'sudo crm_mon -1' with this patch applied:

Last updated: Wed Feb 18 19:43:32 2015
Last change: Wed Feb 18 19:42:05 2015 via crmd on juju-xxx-machine-95
Stack: corosync
Current DC: juju-xxx-machine-97 (168102885) - partition with quorum
Version: 1.1.10-42f2063
3 Nodes configured
5 Resources configured

Online: [ juju-xxx-machine-95 juju-xxx-machine-96 juju-xxx-machine-97 ]

 Resource Group: grp_nova_vips
     res_nova_eth0_vip (ocf::heartbeat:IPaddr2): Started juju-xxx-machine-97
 Clone Set: cl_nova_haproxy [res_nova_haproxy]
     Started: [ juju-xxx-machine-95 juju-xxx-machine-96 juju-xxx-machine-97 ]
 res_nova_consoleauth (upstart:nova-consoleauth): Started juju-xxx-machine-97

This patch adds unit tests, but if an amulet test is needed I could add it.

Thanks,

To post a comment you must log in.
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #2119 nova-cloud-controller-next for freyes mp250339
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/2119/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #1909 nova-cloud-controller-next for freyes mp250339
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/1909/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #2028 nova-cloud-controller-next for freyes mp250339
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/2028/

Revision history for this message
Billy Olsen (billy-olsen) wrote :

Felipe,

Thanks for the submission. I haven't deployed this yet to try it out, but my concerns are around the upstart resources. Since we'll have a difference between systemd and upstart between vivid and previous releases I think we should be using an ocf file instead. There's already one that exists in https://github.com/madkiss/openstack-resource-agents/tree/master/ocf. Looks like its been awhile since its been touched so its either stable or not supported anymore. I think the openstack-resource-agents package also includes this, but I'm not sure as to its status (I believe its in universe).

An amulet test is always nice :-) We don't have anything in the way of the hacluster relation in our amulet tests at this point so I don't think its strictly a requirement (e.g. I wouldn't hold up the mp for it), but improvements are always welcomed.

review: Needs Fixing
lp:~freyes/charms/trusty/nova-cloud-controller/single-nova-consoleauth updated
148. By Felipe Reyes

pacemakr: use openstack resource agent instead of upstart

149. By Felipe Reyes

Fix unit test

150. By Felipe Reyes

Commit after merge

151. By Felipe Reyes

Fix lint errors

152. By Felipe Reyes

pcmkr: Delete resources when single-nova-consoleauth turned off

153. By Felipe Reyes

Remove pcmkr rules when single-nova-consoleauth is set to True

154. By Felipe Reyes

Commit after merge

155. By Felipe Reyes

Move code into its own function and it's called from config-changed, ha-relation-changed and upgrade-charm

156. By Felipe Reyes

fix lint warning

157. By Felipe Reyes

Commit after merge

158. By Felipe Reyes

nova-consoleauth set to manual only if there is a ha relation

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2015-02-19 04:30:13 +0000
3+++ config.yaml 2015-03-02 14:34:20 +0000
4@@ -320,9 +320,23 @@
5 juju-myservice-0
6 If you're running multiple environments with the same services in them
7 this allows you to differentiate between them.
8+<<<<<<< TREE
9 nagios_servicegroups:
10 default: ""
11 type: string
12 description: |
13 A comma-separated list of nagios servicegroups.
14 If left empty, the nagios_context will be used as the servicegroup
15+=======
16+ single-nova-consoleauth:
17+ type: boolean
18+ default: true
19+ description: |
20+ When this configuration is set to True, a single instance of
21+ nova-consoleauth service will be running, this allows users to always
22+ authenticate against the same instance and avoid authentications issues
23+ when the token used was stored in a different instance.
24+
25+ If memcached is being used to store the tokens, then it's recommended to
26+ change this configuration to False.
27+>>>>>>> MERGE-SOURCE
28
29=== modified file 'hooks/nova_cc_hooks.py'
30--- hooks/nova_cc_hooks.py 2015-02-19 04:29:22 +0000
31+++ hooks/nova_cc_hooks.py 2015-03-02 14:34:20 +0000
32@@ -171,6 +171,27 @@
33 [cluster_joined(rid) for rid in relation_ids('cluster')]
34 update_nrpe_config()
35
36+ if config('single-nova-consoleauth') and console_attributes('protocol'):
37+ colocations = {
38+ 'vip_consoleauth': 'inf: res_nova_consoleauth grp_nova_vips'
39+ }
40+ init_services = {
41+ 'res_nova_consoleauth': 'nova-consoleauth'
42+ }
43+ resources = {
44+ 'res_nova_consoleauth': 'ocf:openstack:nova-consoleauth'
45+ }
46+ resource_params = {
47+ 'res_nova_consoleauth': 'op monitor interval="5s"'
48+ }
49+
50+ for rid in relation_ids('ha'):
51+ relation_set(rid,
52+ init_services=init_services,
53+ resources=resources,
54+ resource_params=resource_params,
55+ colocations=colocations)
56+
57
58 @hooks.hook('amqp-relation-joined')
59 def amqp_joined(relation_id=None):
60@@ -636,7 +657,7 @@
61 'res_nova_haproxy': 'lsb:haproxy',
62 }
63 resource_params = {
64- 'res_nova_haproxy': 'op monitor interval="5s"'
65+ 'res_nova_haproxy': 'op monitor interval="5s"',
66 }
67
68 vip_group = []
69@@ -674,12 +695,22 @@
70 clones = {
71 'cl_nova_haproxy': 'res_nova_haproxy'
72 }
73+ colocations = {}
74+
75+ if config('single-nova-consoleauth') and console_attributes('protocol'):
76+ colocations['vip_consoleauth'] = ('inf: res_nova_consoleauth '
77+ 'grp_nova_vips')
78+ init_services['res_nova_consoleauth'] = 'nova-consoleauth'
79+ resources['res_nova_consoleauth'] = 'ocf:openstack:nova-consoleauth'
80+ resource_params['res_nova_consoleauth'] = 'op monitor interval="5s"'
81+
82 relation_set(init_services=init_services,
83 corosync_bindiface=cluster_config['ha-bindiface'],
84 corosync_mcastport=cluster_config['ha-mcastport'],
85 resources=resources,
86 resource_params=resource_params,
87- clones=clones)
88+ clones=clones,
89+ colocations=colocations)
90
91
92 @hooks.hook('ha-relation-changed')
93
94=== modified file 'unit_tests/test_nova_cc_hooks.py'
95--- unit_tests/test_nova_cc_hooks.py 2015-01-13 14:44:54 +0000
96+++ unit_tests/test_nova_cc_hooks.py 2015-03-02 14:34:20 +0000
97@@ -611,30 +611,127 @@
98 'by the neutron-server process.'
99 )
100
101- def test_ha_relation_joined_no_bound_ip(self):
102- self.get_hacluster_config.return_value = {
103- 'ha-bindiface': 'em0',
104- 'ha-mcastport': '8080',
105- 'vip': '10.10.10.10',
106- }
107- self.test_config.set('vip_iface', 'eth120')
108- self.test_config.set('vip_cidr', '21')
109- self.get_iface_for_address.return_value = None
110- self.get_netmask_for_address.return_value = None
111- hooks.ha_joined()
112- args = {
113- 'corosync_bindiface': 'em0',
114- 'corosync_mcastport': '8080',
115- 'init_services': {'res_nova_haproxy': 'haproxy'},
116- 'resources': {'res_nova_eth120_vip': 'ocf:heartbeat:IPaddr2',
117- 'res_nova_haproxy': 'lsb:haproxy'},
118- 'resource_params': {
119- 'res_nova_eth120_vip': 'params ip="10.10.10.10"'
120- ' cidr_netmask="21" nic="eth120"',
121- 'res_nova_haproxy': 'op monitor interval="5s"'},
122- 'clones': {'cl_nova_haproxy': 'res_nova_haproxy'}
123- }
124- self.relation_set.assert_has_calls([
125- call(groups={'grp_nova_vips': 'res_nova_eth120_vip'}),
126- call(**args),
127+ @patch('nova_cc_utils.config')
128+ def test_ha_relation_joined_no_bound_ip(self, config):
129+ self.get_hacluster_config.return_value = {
130+ 'ha-bindiface': 'em0',
131+ 'ha-mcastport': '8080',
132+ 'vip': '10.10.10.10',
133+ }
134+ self.test_config.set('vip_iface', 'eth120')
135+ self.test_config.set('vip_cidr', '21')
136+ config.return_value = None
137+ self.get_iface_for_address.return_value = None
138+ self.get_netmask_for_address.return_value = None
139+ hooks.ha_joined()
140+ args = {
141+ 'corosync_bindiface': 'em0',
142+ 'corosync_mcastport': '8080',
143+ 'init_services': {'res_nova_haproxy': 'haproxy'},
144+ 'resources': {'res_nova_eth120_vip': 'ocf:heartbeat:IPaddr2',
145+ 'res_nova_haproxy': 'lsb:haproxy'},
146+ 'resource_params': {
147+ 'res_nova_eth120_vip': 'params ip="10.10.10.10"'
148+ ' cidr_netmask="21" nic="eth120"',
149+ 'res_nova_haproxy': 'op monitor interval="5s"'},
150+ 'colocations': {},
151+ 'clones': {'cl_nova_haproxy': 'res_nova_haproxy'}
152+ }
153+ self.relation_set.assert_has_calls([
154+ call(groups={'grp_nova_vips': 'res_nova_eth120_vip'}),
155+ call(**args),
156+ ])
157+
158+ @patch('nova_cc_utils.config')
159+ def test_ha_relation_multi_consoleauth(self, config):
160+ self.get_hacluster_config.return_value = {
161+ 'ha-bindiface': 'em0',
162+ 'ha-mcastport': '8080',
163+ 'vip': '10.10.10.10',
164+ }
165+ self.test_config.set('vip_iface', 'eth120')
166+ self.test_config.set('vip_cidr', '21')
167+ self.test_config.set('single-nova-consoleauth', False)
168+ config.return_value = 'novnc'
169+ self.get_iface_for_address.return_value = None
170+ self.get_netmask_for_address.return_value = None
171+ hooks.ha_joined()
172+ args = {
173+ 'corosync_bindiface': 'em0',
174+ 'corosync_mcastport': '8080',
175+ 'init_services': {'res_nova_haproxy': 'haproxy'},
176+ 'resources': {'res_nova_eth120_vip': 'ocf:heartbeat:IPaddr2',
177+ 'res_nova_haproxy': 'lsb:haproxy'},
178+ 'resource_params': {
179+ 'res_nova_eth120_vip': 'params ip="10.10.10.10"'
180+ ' cidr_netmask="21" nic="eth120"',
181+ 'res_nova_haproxy': 'op monitor interval="5s"'},
182+ 'colocations': {},
183+ 'clones': {'cl_nova_haproxy': 'res_nova_haproxy'}
184+ }
185+ self.relation_set.assert_has_calls([
186+ call(groups={'grp_nova_vips': 'res_nova_eth120_vip'}),
187+ call(**args),
188+ ])
189+
190+ @patch('nova_cc_utils.config')
191+ def test_ha_relation_single_consoleauth(self, config):
192+ self.get_hacluster_config.return_value = {
193+ 'ha-bindiface': 'em0',
194+ 'ha-mcastport': '8080',
195+ 'vip': '10.10.10.10',
196+ }
197+ self.test_config.set('vip_iface', 'eth120')
198+ self.test_config.set('vip_cidr', '21')
199+ config.return_value = 'novnc'
200+ self.get_iface_for_address.return_value = None
201+ self.get_netmask_for_address.return_value = None
202+ hooks.ha_joined()
203+ args = {
204+ 'corosync_bindiface': 'em0',
205+ 'corosync_mcastport': '8080',
206+ 'init_services': {'res_nova_haproxy': 'haproxy',
207+ 'res_nova_consoleauth': 'nova-consoleauth'},
208+ 'resources': {'res_nova_eth120_vip': 'ocf:heartbeat:IPaddr2',
209+ 'res_nova_haproxy': 'lsb:haproxy',
210+ 'res_nova_consoleauth': \
211+ 'ocf:openstack:nova-consoleauth'},
212+ 'resource_params': {
213+ 'res_nova_eth120_vip': 'params ip="10.10.10.10"'
214+ ' cidr_netmask="21" nic="eth120"',
215+ 'res_nova_haproxy': 'op monitor interval="5s"',
216+ 'res_nova_consoleauth': 'op monitor interval="5s"'},
217+ 'colocations': {
218+ 'vip_consoleauth': 'inf: res_nova_consoleauth grp_nova_vips'
219+ },
220+ 'clones': {'cl_nova_haproxy': 'res_nova_haproxy'}
221+ }
222+ self.relation_set.assert_has_calls([
223+ call(groups={'grp_nova_vips': 'res_nova_eth120_vip'}),
224+ call(**args),
225+ ])
226+
227+ @patch('nova_cc_hooks.configure_https')
228+ @patch('nova_cc_utils.config')
229+ def test_config_changed_single_consoleauth(self, config, *args):
230+ config.return_value = 'novnc'
231+ rids = {'ha': ['ha:1']}
232+
233+ def f(r):
234+ return rids.get(r, [])
235+
236+ self.relation_ids.side_effect = f
237+ hooks.config_changed()
238+ args = {
239+ 'init_services': {'res_nova_consoleauth': 'nova-consoleauth'},
240+ 'resources': {'res_nova_consoleauth': \
241+ 'ocf:openstack:nova-consoleauth'},
242+ 'resource_params': {
243+ 'res_nova_consoleauth': 'op monitor interval="5s"'},
244+ 'colocations': {
245+ 'vip_consoleauth': 'inf: res_nova_consoleauth grp_nova_vips'
246+ }
247+ }
248+ self.relation_set.assert_has_calls([
249+ call(v, **args) for v in rids['ha']
250 ])

Subscribers

People subscribed via source and target branches