Juju Charms Collection
nova-cloud-controller package

Merge lp:~freyes/charms/trusty/nova-cloud-controller/single-nova-consoleauth into lp:~openstack-charmers-archive/charms/trusty/nova-cloud-controller/next

  1. Trusty Tahr (14.04)
  2. single-nova-consoleauth
  3. Merge into next
Proposed by Felipe Reyes
Status: Superseded
Proposed branch: lp:~freyes/charms/trusty/nova-cloud-controller/single-nova-consoleauth
Merge into: lp:~openstack-charmers-archive/charms/trusty/nova-cloud-controller/next
Diff against target: 284 lines (+203/-28)
3 files modified
config.yaml (+11/-0)
hooks/nova_cc_hooks.py (+68/-2)
unit_tests/test_nova_cc_hooks.py (+124/-26)
To merge this branch: bzr merge lp:~freyes/charms/trusty/nova-cloud-controller/single-nova-consoleauth
Reviewer Review Type Date Requested Status
Billy Olsen Needs Fixing
Edward Hope-Morley Pending
Jorge Niedbalski Pending
Review via email: mp+252138@code.launchpad.net

This proposal supersedes a proposal from 2015-03-06.

This proposal has been superseded by a proposal from 2015-03-18.

Description of the change

Dear OpenStack Charmers,

This patch configures a new pacemaker resource that will allow to run a single instance of nova-consoleauth service when console-access-protocol is defined.

Specifically, nova-consoleauth is configured to run where the vip is allocated, with this patch this will be default behaviour. This is needed for environments where the memcached cannot (or doesn't want to) be related to nova-cloud-controller to share the authorization tokens across all the running instances.

Example output of 'sudo crm_mon -1' with this patch applied:

Last updated: Mon Mar 2 14:46:43 2015
Last change: Mon Mar 2 14:44:53 2015 via crm_resource on juju-freyes-machine-18
Stack: corosync
Current DC: juju-freyes-machine-18 (168103083) - partition with quorum
Version: 1.1.10-42f2063
3 Nodes configured
5 Resources configured

Online: [ juju-freyes-machine-16 juju-freyes-machine-17 juju-freyes-machine-18 ]

 Resource Group: grp_nova_vips
     res_nova_eth0_vip (ocf::heartbeat:IPaddr2): Started juju-freyes-machine-16
 Clone Set: cl_nova_haproxy [res_nova_haproxy]
     Started: [ juju-freyes-machine-16 juju-freyes-machine-17 juju-freyes-machine-18 ]
 res_nova_consoleauth (upstart:nova-consoleauth): Started juju-freyes-machine-16

$ python juju_rrun.py --service nova-cloud-controller 'sudo ps aux|grep nova-consoleauth'
---------- 16 nova-cloud-controller/0
---------- stdout ----------
nova 20773 1.2 7.0 312604 71312 ? Ss 14:44 0:02 /usr/bin/python /usr/bin/nova-consoleauth --config-file=/etc/nova/nova.conf
ubuntu 21188 0.0 0.6 134316 6836 ? Sl 14:47 0:00 juju-run nova-cloud-controller/0 sudo ps aux|grep nova-consoleauth
root 21195 0.0 0.0 8860 648 ? S 14:47 0:00 grep nova-consoleauth

---------- 17 nova-cloud-controller/1
---------- stdout ----------
ubuntu 20997 0.0 0.6 134316 6840 ? Sl 14:47 0:00 juju-run nova-cloud-controller/1 sudo ps aux|grep nova-consoleauth
root 21004 0.0 0.0 8860 648 ? S 14:47 0:00 grep nova-consoleauth

---------- 18 nova-cloud-controller/2
---------- stdout ----------
ubuntu 21325 0.0 0.8 134316 8888 ? Sl 14:47 0:00 juju-run nova-cloud-controller/2 sudo ps aux|grep nova-consoleauth
root 21332 0.0 0.0 8860 644 ? S 14:47 0:00 grep nova-consoleauth

Thanks,

To post a comment you must log in.
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_lint_check #2119 nova-cloud-controller-next for freyes mp250339
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/2119/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_unit_test #1909 nova-cloud-controller-next for freyes mp250339
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/1909/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_amulet_test #2028 nova-cloud-controller-next for freyes mp250339
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/2028/

Revision history for this message
Billy Olsen (billy-olsen) wrote : Posted in a previous version of this proposal

Felipe,

Thanks for the submission. I haven't deployed this yet to try it out, but my concerns are around the upstart resources. Since we'll have a difference between systemd and upstart between vivid and previous releases I think we should be using an ocf file instead. There's already one that exists in https://github.com/madkiss/openstack-resource-agents/tree/master/ocf. Looks like its been awhile since its been touched so its either stable or not supported anymore. I think the openstack-resource-agents package also includes this, but I'm not sure as to its status (I believe its in universe).

An amulet test is always nice :-) We don't have anything in the way of the hacluster relation in our amulet tests at this point so I don't think its strictly a requirement (e.g. I wouldn't hold up the mp for it), but improvements are always welcomed.

review: Needs Fixing
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_lint_check #2392 nova-cloud-controller-next for freyes mp251456
    LINT FAIL: lint-test failed

LINT Results (max last 2 lines):
  unit_tests/test_nova_cc_hooks.py:727:51: E502 the backslash is redundant between brackets
  make: *** [lint] Error 1

Full lint test output: http://paste.ubuntu.com/10520210/
Build: http://10.245.162.77:8080/job/charm_lint_check/2392/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_unit_test #2182 nova-cloud-controller-next for freyes mp251456
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/2182/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_amulet_test #2312 nova-cloud-controller-next for freyes mp251456
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/2312/

Revision history for this message
Billy Olsen (billy-olsen) wrote :

Felipe, thanks for the submission! Things look good. Approved.

review: Approve
Revision history for this message
Billy Olsen (billy-olsen) wrote :

Okay I spoke too soon. Everything looks good for enabling the single-nova-consoleauth and it works as expected while its running. However, if a user wishes to change from single-nova-consoleauth back to multi consoleauth then this patch doesn't actually:

1. remove the res_nova_consoleauth from the corosync/pacemaker configuration.
2. restart the services on nodes which the service is not running restoring the multi-consoleauth scenario.

Apologies for not chasing this scenario down sooner.

review: Needs Fixing
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #2493 nova-cloud-controller-next for freyes mp252138
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/2493/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #2283 nova-cloud-controller-next for freyes mp252138
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/2283/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #2365 nova-cloud-controller-next for freyes mp252138
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
  ERROR subprocess encountered error code 1
  make: *** [test] Error 1

Full amulet test output: http://paste.ubuntu.com/10553839/
Build: http://10.245.162.77:8080/job/charm_amulet_test/2365/

Revision history for this message
Felipe Reyes (freyes) wrote :

The amulet failure is:

  juju-test.conductor.14-basic-precise-icehouse DEBUG : Running 14-basic-precise-icehouse (tests/14-basic-precise-icehouse)
  2015-03-07 01:22:16 Starting deployment of osci-sv00
  2015-03-07 01:22:49 Deploying services...
[...]
  2015-03-07 01:23:13 Deploying service rabbitmq-server using local:precise/rabbitmq-server
  2015-03-07 01:34:08 The following units had errors:
  unit: rabbitmq-server/0: machine: 7 agent-state: error details: hook failed: "config-changed"

This isn't related to my change

lp:~freyes/charms/trusty/nova-cloud-controller/single-nova-consoleauth updated
152. By Felipe Reyes

pcmkr: Delete resources when single-nova-consoleauth turned off

Revision history for this message
Felipe Reyes (freyes) wrote :

> 1. remove the res_nova_consoleauth from the corosync/pacemaker configuration.
> 2. restart the services on nodes which the service is not running restoring
> the multi-consoleauth scenario.

Makes sense, I'll update the patch.

Thanks,

lp:~freyes/charms/trusty/nova-cloud-controller/single-nova-consoleauth updated
153. By Felipe Reyes

Remove pcmkr rules when single-nova-consoleauth is set to True

154. By Felipe Reyes

Commit after merge

155. By Felipe Reyes

Move code into its own function and it's called from config-changed, ha-relation-changed and upgrade-charm

156. By Felipe Reyes

fix lint warning

157. By Felipe Reyes

Commit after merge

158. By Felipe Reyes

nova-consoleauth set to manual only if there is a ha relation

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2015-02-19 04:30:13 +0000
3+++ config.yaml 2015-03-18 03:44:48 +0000
4@@ -326,3 +326,14 @@
5 description: |
6 A comma-separated list of nagios servicegroups.
7 If left empty, the nagios_context will be used as the servicegroup
8+ single-nova-consoleauth:
9+ type: boolean
10+ default: true
11+ description: |
12+ When this configuration is set to True, a single instance of
13+ nova-consoleauth service will be running, this allows users to always
14+ authenticate against the same instance and avoid authentications issues
15+ when the token used was stored in a different instance.
16+
17+ If memcached is being used to store the tokens, then it's recommended to
18+ change this configuration to False.
19
20=== modified file 'hooks/nova_cc_hooks.py'
21--- hooks/nova_cc_hooks.py 2015-02-19 04:29:22 +0000
22+++ hooks/nova_cc_hooks.py 2015-03-18 03:44:48 +0000
23@@ -120,6 +120,9 @@
24
25 hooks = Hooks()
26 CONFIGS = register_configs()
27+COLO_CONSOLEAUTH = 'inf: res_nova_consoleauth grp_nova_vips'
28+AGENT_CONSOLEAUTH = 'ocf:openstack:nova-consoleauth'
29+AGENT_CA_PARAMS = 'op monitor interval="5s"'
30
31
32 @hooks.hook()
33@@ -171,6 +174,60 @@
34 [cluster_joined(rid) for rid in relation_ids('cluster')]
35 update_nrpe_config()
36
37+ relids = relation_ids('ha')
38+ if len(relids) != 1:
39+ log('Related to {} ha services'.format(len(relids)), level='DEBUG')
40+ ha_relid = None
41+ data = {}
42+ else:
43+ ha_relid = relids[0]
44+ data = relation_get(rid=ha_relid) or {}
45+
46+ if config('single-nova-consoleauth') and console_attributes('protocol'):
47+ data.setdefault('delete_resources', [])
48+ for item in ['vip_consoleauth', 'res_nova_consoleauth']:
49+ if item in data['delete_resources']:
50+ data['delete_resources'].remove(item)
51+
52+ # the new pcmkr resources have to be added to the existing ones
53+ data.setdefault('colocations', {})
54+ data['colocations']['vip_consoleauth'] = COLO_CONSOLEAUTH
55+
56+ data.setdefault('init_services', {})
57+ data['init_services']['res_nova_consoleauth'] = 'nova-consoleauth'
58+
59+ data.setdefault('resources', {})
60+ data['resources']['res_nova_consoleauth'] = AGENT_CONSOLEAUTH
61+
62+ data.setdefault('resource_params', {})
63+ data['resource_params']['res_nova_consoleauth'] = AGENT_CA_PARAMS
64+
65+ for rid in relation_ids('ha'):
66+ relation_set(rid,
67+ **data)
68+ elif (not config('single-nova-consoleauth')
69+ and console_attributes('protocol')):
70+ data.setdefault('delete_resources', [])
71+ for item in ['vip_consoleauth', 'res_nova_consoleauth']:
72+ if item not in data['delete_resources']:
73+ data['delete_resources'].append(item)
74+
75+ # remove them from the rel, so they aren't recreated
76+ data.setdefault('colocations', {})
77+ data['colocations'].pop('vip_consoleauth', None)
78+
79+ data.setdefault('init_services', {})
80+ data['init_services'].pop('res_nova_consoleauth', None)
81+
82+ data.setdefault('resources', {})
83+ data['resources'].pop('res_nova_consoleauth', None)
84+
85+ data.setdefault('resource_params', {})
86+ data['resource_params'].pop('res_nova_consoleauth', None)
87+
88+ for rid in relation_ids('ha'):
89+ relation_set(rid, **data)
90+
91
92 @hooks.hook('amqp-relation-joined')
93 def amqp_joined(relation_id=None):
94@@ -636,7 +693,7 @@
95 'res_nova_haproxy': 'lsb:haproxy',
96 }
97 resource_params = {
98- 'res_nova_haproxy': 'op monitor interval="5s"'
99+ 'res_nova_haproxy': 'op monitor interval="5s"',
100 }
101
102 vip_group = []
103@@ -674,12 +731,21 @@
104 clones = {
105 'cl_nova_haproxy': 'res_nova_haproxy'
106 }
107+ colocations = {}
108+
109+ if config('single-nova-consoleauth') and console_attributes('protocol'):
110+ colocations['vip_consoleauth'] = COLO_CONSOLEAUTH
111+ init_services['res_nova_consoleauth'] = 'nova-consoleauth'
112+ resources['res_nova_consoleauth'] = AGENT_CONSOLEAUTH
113+ resource_params['res_nova_consoleauth'] = AGENT_CA_PARAMS
114+
115 relation_set(init_services=init_services,
116 corosync_bindiface=cluster_config['ha-bindiface'],
117 corosync_mcastport=cluster_config['ha-mcastport'],
118 resources=resources,
119 resource_params=resource_params,
120- clones=clones)
121+ clones=clones,
122+ colocations=colocations)
123
124
125 @hooks.hook('ha-relation-changed')
126
127=== modified file 'unit_tests/test_nova_cc_hooks.py'
128--- unit_tests/test_nova_cc_hooks.py 2015-01-13 14:44:54 +0000
129+++ unit_tests/test_nova_cc_hooks.py 2015-03-18 03:44:48 +0000
130@@ -611,30 +611,128 @@
131 'by the neutron-server process.'
132 )
133
134- def test_ha_relation_joined_no_bound_ip(self):
135- self.get_hacluster_config.return_value = {
136- 'ha-bindiface': 'em0',
137- 'ha-mcastport': '8080',
138- 'vip': '10.10.10.10',
139- }
140- self.test_config.set('vip_iface', 'eth120')
141- self.test_config.set('vip_cidr', '21')
142- self.get_iface_for_address.return_value = None
143- self.get_netmask_for_address.return_value = None
144- hooks.ha_joined()
145- args = {
146- 'corosync_bindiface': 'em0',
147- 'corosync_mcastport': '8080',
148- 'init_services': {'res_nova_haproxy': 'haproxy'},
149- 'resources': {'res_nova_eth120_vip': 'ocf:heartbeat:IPaddr2',
150- 'res_nova_haproxy': 'lsb:haproxy'},
151- 'resource_params': {
152- 'res_nova_eth120_vip': 'params ip="10.10.10.10"'
153- ' cidr_netmask="21" nic="eth120"',
154- 'res_nova_haproxy': 'op monitor interval="5s"'},
155- 'clones': {'cl_nova_haproxy': 'res_nova_haproxy'}
156- }
157- self.relation_set.assert_has_calls([
158- call(groups={'grp_nova_vips': 'res_nova_eth120_vip'}),
159- call(**args),
160+ @patch('nova_cc_utils.config')
161+ def test_ha_relation_joined_no_bound_ip(self, config):
162+ self.get_hacluster_config.return_value = {
163+ 'ha-bindiface': 'em0',
164+ 'ha-mcastport': '8080',
165+ 'vip': '10.10.10.10',
166+ }
167+ self.test_config.set('vip_iface', 'eth120')
168+ self.test_config.set('vip_cidr', '21')
169+ config.return_value = None
170+ self.get_iface_for_address.return_value = None
171+ self.get_netmask_for_address.return_value = None
172+ hooks.ha_joined()
173+ args = {
174+ 'corosync_bindiface': 'em0',
175+ 'corosync_mcastport': '8080',
176+ 'init_services': {'res_nova_haproxy': 'haproxy'},
177+ 'resources': {'res_nova_eth120_vip': 'ocf:heartbeat:IPaddr2',
178+ 'res_nova_haproxy': 'lsb:haproxy'},
179+ 'resource_params': {
180+ 'res_nova_eth120_vip': 'params ip="10.10.10.10"'
181+ ' cidr_netmask="21" nic="eth120"',
182+ 'res_nova_haproxy': 'op monitor interval="5s"'},
183+ 'colocations': {},
184+ 'clones': {'cl_nova_haproxy': 'res_nova_haproxy'}
185+ }
186+ self.relation_set.assert_has_calls([
187+ call(groups={'grp_nova_vips': 'res_nova_eth120_vip'}),
188+ call(**args),
189+ ])
190+
191+ @patch('nova_cc_utils.config')
192+ def test_ha_relation_multi_consoleauth(self, config):
193+ self.get_hacluster_config.return_value = {
194+ 'ha-bindiface': 'em0',
195+ 'ha-mcastport': '8080',
196+ 'vip': '10.10.10.10',
197+ }
198+ self.test_config.set('vip_iface', 'eth120')
199+ self.test_config.set('vip_cidr', '21')
200+ self.test_config.set('single-nova-consoleauth', False)
201+ config.return_value = 'novnc'
202+ self.get_iface_for_address.return_value = None
203+ self.get_netmask_for_address.return_value = None
204+ hooks.ha_joined()
205+ args = {
206+ 'corosync_bindiface': 'em0',
207+ 'corosync_mcastport': '8080',
208+ 'init_services': {'res_nova_haproxy': 'haproxy'},
209+ 'resources': {'res_nova_eth120_vip': 'ocf:heartbeat:IPaddr2',
210+ 'res_nova_haproxy': 'lsb:haproxy'},
211+ 'resource_params': {
212+ 'res_nova_eth120_vip': 'params ip="10.10.10.10"'
213+ ' cidr_netmask="21" nic="eth120"',
214+ 'res_nova_haproxy': 'op monitor interval="5s"'},
215+ 'colocations': {},
216+ 'clones': {'cl_nova_haproxy': 'res_nova_haproxy'}
217+ }
218+ self.relation_set.assert_has_calls([
219+ call(groups={'grp_nova_vips': 'res_nova_eth120_vip'}),
220+ call(**args),
221+ ])
222+
223+ @patch('nova_cc_utils.config')
224+ def test_ha_relation_single_consoleauth(self, config):
225+ self.get_hacluster_config.return_value = {
226+ 'ha-bindiface': 'em0',
227+ 'ha-mcastport': '8080',
228+ 'vip': '10.10.10.10',
229+ }
230+ self.test_config.set('vip_iface', 'eth120')
231+ self.test_config.set('vip_cidr', '21')
232+ config.return_value = 'novnc'
233+ self.get_iface_for_address.return_value = None
234+ self.get_netmask_for_address.return_value = None
235+ hooks.ha_joined()
236+ args = {
237+ 'corosync_bindiface': 'em0',
238+ 'corosync_mcastport': '8080',
239+ 'init_services': {'res_nova_haproxy': 'haproxy',
240+ 'res_nova_consoleauth': 'nova-consoleauth'},
241+ 'resources': {'res_nova_eth120_vip': 'ocf:heartbeat:IPaddr2',
242+ 'res_nova_haproxy': 'lsb:haproxy',
243+ 'res_nova_consoleauth':
244+ 'ocf:openstack:nova-consoleauth'},
245+ 'resource_params': {
246+ 'res_nova_eth120_vip': 'params ip="10.10.10.10"'
247+ ' cidr_netmask="21" nic="eth120"',
248+ 'res_nova_haproxy': 'op monitor interval="5s"',
249+ 'res_nova_consoleauth': 'op monitor interval="5s"'},
250+ 'colocations': {
251+ 'vip_consoleauth': 'inf: res_nova_consoleauth grp_nova_vips'
252+ },
253+ 'clones': {'cl_nova_haproxy': 'res_nova_haproxy'}
254+ }
255+ self.relation_set.assert_has_calls([
256+ call(groups={'grp_nova_vips': 'res_nova_eth120_vip'}),
257+ call(**args),
258+ ])
259+
260+ @patch('nova_cc_hooks.configure_https')
261+ @patch('nova_cc_utils.config')
262+ def test_config_changed_single_consoleauth(self, config, *args):
263+ config.return_value = 'novnc'
264+ rids = {'ha': ['ha:1']}
265+
266+ def f(r):
267+ return rids.get(r, [])
268+
269+ self.relation_ids.side_effect = f
270+ hooks.config_changed()
271+ args = {
272+ 'delete_resources': [],
273+ 'init_services': {'res_nova_consoleauth': 'nova-consoleauth'},
274+ 'resources': {'res_nova_consoleauth':
275+ 'ocf:openstack:nova-consoleauth'},
276+ 'resource_params': {
277+ 'res_nova_consoleauth': 'op monitor interval="5s"'},
278+ 'colocations': {
279+ 'vip_consoleauth': 'inf: res_nova_consoleauth grp_nova_vips'
280+ }
281+ }
282+ self.relation_set.assert_has_calls([
283+ call(v, **args) for v in rids['ha']
284 ])

Subscribers

People subscribed via source and target branches