simplestreams

Merge ~gabriel-samfira/simplestreams:use-region-name into simplestreams:master

  1. Git
  2. lp:~gabriel-samfira/simplestreams
  3. use-region-name
  4. Merge into master
Proposed by Gabriel Samfira
Status: Needs review
Proposed branch: ~gabriel-samfira/simplestreams:use-region-name
Merge into: simplestreams:master
Diff against target: 54 lines (+10/-4)
2 files modified
simplestreams/mirrors/glance.py (+1/-1)
simplestreams/objectstores/swift.py (+9/-3)
Reviewer Review Type Date Requested Status
Erlon R. Cruz (community) Needs Fixing
simplestreams-dev Pending
Review via email: mp+452267@code.launchpad.net

Commit message

When using a multi-region shared keystone, we must pass in the region or at least an endpoint overide to the glance and keystone clients, otherwise the wrong region can be selected from the shared keystone session, as the same keystone is responsible for multiple regions.

To post a comment you must log in.
Revision history for this message
Erlon R. Cruz (sombrafam) wrote :

How did you test this change? I would expect code to add, parse, and store --region, but I don't see any.

review: Needs Fixing
Reply
Revision history for this message
Gabriel Samfira (gabriel-samfira) wrote :

Hi Erlon,

The code to add, parse and store region is already there:

https://git.launchpad.net/simplestreams/tree/bin/sstream-mirror-glance#n65

I tested it by deploying it and having it work as intended. In a multi-region shared keystone environment, with this patch, simplestreams uploaded the glance image to the correct region. Without it, it always attempted to connect to the glance endpoint from a different region.

Same for swift.

Reply
Revision history for this message
Gabriel Samfira (gabriel-samfira) wrote :

As a general rule, we must always either specify the region name, or filter endpoints based on region name, for any OpenStack client.

We cannot assume that there will always be only one region per cloud. We have 3 in the same keystone catalog, with more to follow.

The only (potential) exception to this rule is keystone itself. However, there are setups in which the keystone which serves as the authentication and authorization endpoint, may be different from the one we fetch the endpoints/catalog from.

So we must always specify the region name when instantiating OpenStack clients.

Reply

Unmerged commits

d3315c1... by Gabriel Samfira

Set region in swift and glance clients

When using a multi-region shared keystone, we must pass in the region or
at least an endpoint overide to the glance and keystone clients,
otherwise the wrong region can be selected from the shared keystone
session.

Signed-off-by: Gabriel Adrian Samfira <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/simplestreams/mirrors/glance.py b/simplestreams/mirrors/glance.py
2index b96f8eb..0e6f00c 100644
3--- a/simplestreams/mirrors/glance.py
4+++ b/simplestreams/mirrors/glance.py
5@@ -39,7 +39,7 @@ def get_glanceclient(version='1', **kwargs):
6 kskw = {k: kwargs.get(k) for k in pt if k in kwargs}
7 if kwargs.get('session'):
8 sess = kwargs.get('session')
9- return glanceclient.Client(version, session=sess)
10+ return glanceclient.Client(version, session=sess, endpoint=kwargs.get('endpoint', None))
11 else:
12 return glanceclient.Client(version, **kskw)
13
14diff --git a/simplestreams/objectstores/swift.py b/simplestreams/objectstores/swift.py
15index f2c0d5b..f05cd80 100644
16--- a/simplestreams/objectstores/swift.py
17+++ b/simplestreams/objectstores/swift.py
18@@ -31,6 +31,11 @@ def get_swiftclient(**kwargs):
19 nmap = {'endpoint': 'preauthurl', 'token': 'preauthtoken'}
20 pt = ('insecure', 'cacert')
21
22+ region = kwargs.get("region", None)
23+ os_opts = {
24+ "region_name": region,
25+ "endpoint": kwargs.get("endpoint", None),
26+ }
27 connargs = {v: kwargs.get(k) for k, v in nmap.items() if k in kwargs}
28 connargs.update({k: kwargs.get(k) for k in pt if k in kwargs})
29 if kwargs.get('session'):
30@@ -38,12 +43,13 @@ def get_swiftclient(**kwargs):
31 try:
32 # If session is available try it
33 return Connection(session=sess,
34- cacert=kwargs.get('cacert'))
35+ cacert=kwargs.get('cacert'),
36+ os_options=os_opts)
37 except TypeError:
38 # The edge case where session is availble but swiftclient is
39 # < 3.3.0. Use the old style method for Connection.
40 pass
41- return Connection(**connargs)
42+ return Connection(**connargs, os_options=os_opts)
43
44
45 class SwiftContentSource(cs.IteratorContentSource):
46@@ -71,7 +77,7 @@ class SwiftObjectStore(objectstores.ObjectStore):
47
48 conn_info = openstack.get_service_conn_info('object-store',
49 **self.keystone_creds)
50- self.swiftclient = get_swiftclient(**conn_info)
51+ self.swiftclient = get_swiftclient(**conn_info, region=region)
52
53 # http://docs.openstack.org/developer/swift/misc.html#acls
54 self.swiftclient.put_container(self.container,

Subscribers

People subscribed via source and target branches