Merge lp:~tribaal/charms/trusty/nova-compute/enable-api-rate-limiting into lp:~openstack-charmers-archive/charms/trusty/nova-compute/next

Proposed by Chris Glass on 2015-09-30
Status: Merged
Merged at revision: 164
Proposed branch: lp:~tribaal/charms/trusty/nova-compute/enable-api-rate-limiting
Merge into: lp:~openstack-charmers-archive/charms/trusty/nova-compute/next
Diff against target: 246 lines (+182/-1)
5 files modified
config.yaml (+10/-0)
hooks/nova_compute_context.py (+9/-0)
hooks/nova_compute_utils.py (+5/-0)
templates/api-paste.ini (+141/-0)
tests/basic_deployment.py (+17/-1)
To merge this branch: bzr merge lp:~tribaal/charms/trusty/nova-compute/enable-api-rate-limiting
Reviewer Review Type Date Requested Status
Liam Young 2015-09-30 Approve on 2015-10-01
Review via email: mp+272884@code.launchpad.net

Description of the change

This branch introduces a new api-rate-limit-rules charm config option controlling the rate-limiting
of the nova API by writing the passed value to the /etc/nova/api-paste.ini file.

To post a comment you must log in.
165. By Chris Glass on 2015-09-30

Forgot to check the output.

charm_lint_check #11089 nova-compute-next for tribaal mp272884
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/11089/

charm_unit_test #10295 nova-compute-next for tribaal mp272884
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/10295/

charm_lint_check #11090 nova-compute-next for tribaal mp272884
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/11090/

charm_unit_test #10297 nova-compute-next for tribaal mp272884
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/10297/

charm_amulet_test #6896 nova-compute-next for tribaal mp272884
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/12625830/
Build: http://10.245.162.77:8080/job/charm_amulet_test/6896/

charm_lint_check #11151 nova-compute-next for tribaal mp272884
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/11151/

Liam Young (gnuoy) wrote :

nova-compute install hook fails on ./tests/014-basic-precise-icehouse amulet test.

0 upgraded, 0 newly installed, 0 to remove and 19 not upgraded.
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-nova-compute-0/charm/hooks/install.real", line 434, in <module>
    main()
  File "/var/lib/juju/agents/unit-nova-compute-0/charm/hooks/install.real", line 428, in main
    hooks.execute(sys.argv)
  File "/var/lib/juju/agents/unit-nova-compute-0/charm/hooks/charmhelpers/core/hookenv.py", line 672, in execute
    self._hooks[hook_name]()
  File "/var/lib/juju/agents/unit-nova-compute-0/charm/hooks/charmhelpers/contrib/openstack/utils.py", line 777, in wrapped_f
    set_os_workload_status(configs, required_interfaces, charm_func)
  File "/var/lib/juju/agents/unit-nova-compute-0/charm/hooks/charmhelpers/contrib/openstack/utils.py", line 790, in set_os_workload_status
    incomplete_rel_data = incomplete_relation_data(configs, required_interfaces)
  File "/var/lib/juju/agents/unit-nova-compute-0/charm/hooks/charmhelpers/contrib/openstack/utils.py", line 920, in incomplete_relation_data
    complete_ctxts = configs.complete_contexts()
  File "/var/lib/juju/agents/unit-nova-compute-0/charm/hooks/charmhelpers/contrib/openstack/templating.py", line 295, in complete_contexts
    for i in six.itervalues(self.templates)]
  File "/var/lib/juju/agents/unit-nova-compute-0/charm/hooks/charmhelpers/contrib/openstack/templating.py", line 120, in complete_contexts
    self.context()
  File "/var/lib/juju/agents/unit-nova-compute-0/charm/hooks/charmhelpers/contrib/openstack/templating.py", line 107, in context
    ctxt.update(_ctxt)
TypeError: 'APIRateLimitingContext' object is not iterable

review: Needs Fixing
166. By Chris Glass on 2015-10-01

Fixing iterable idiocy.

Liam Young (gnuoy) wrote :

Manually ran amulet for trusty and precise. All good! Approved

review: Approve

charm_amulet_test #6926 nova-compute-next for tribaal mp272884
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/12633828/
Build: http://10.245.162.77:8080/job/charm_amulet_test/6926/

Ryan Beisner (1chb1n) wrote :

fwiw ^ The re-run (with test enviro looking sound) says precise-icehouse didn't have nova-api service started on the nova-compute/0 unit.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'config.yaml'
--- config.yaml 2015-09-28 07:56:16 +0000
+++ config.yaml 2015-10-01 15:08:20 +0000
@@ -265,3 +265,13 @@
265 description: |265 description: |
266 The pecentage of system memory to use for hugepages eg '10%' or the total266 The pecentage of system memory to use for hugepages eg '10%' or the total
267 number of 2M hugepages - eg "1024".267 number of 2M hugepages - eg "1024".
268 api-rate-limit-rules:
269 type: string
270 default:
271 description: |
272 The API rate-limit rules to use for the deployed nova API, if any.
273 Contents of this config options will be inserted in the api-paste.ini file
274 under the "filter:ratelimit" section as "limits". The syntax for these
275 rules is documented at
276 http://docs.openstack.org/kilo/config-reference/content/configuring-compute-API.html
277
268278
=== modified file 'hooks/nova_compute_context.py'
--- hooks/nova_compute_context.py 2015-09-28 16:28:13 +0000
+++ hooks/nova_compute_context.py 2015-10-01 15:08:20 +0000
@@ -496,3 +496,12 @@
496 ctxt['host_ip'] = host_ip496 ctxt['host_ip'] = host_ip
497497
498 return ctxt498 return ctxt
499
500
501class APIRateLimitingContext(context.OSContextGenerator):
502 def __call__(self):
503 ctxt = {}
504 rate_rules = config('api-rate-limit-rules')
505 if rate_rules:
506 ctxt['api_rate_limit_rules'] = rate_rules
507 return ctxt
499508
=== modified file 'hooks/nova_compute_utils.py'
--- hooks/nova_compute_utils.py 2015-09-29 15:14:35 +0000
+++ hooks/nova_compute_utils.py 2015-10-01 15:08:20 +0000
@@ -74,6 +74,7 @@
74 CEPH_CONF,74 CEPH_CONF,
75 ceph_config_file,75 ceph_config_file,
76 HostIPContext,76 HostIPContext,
77 APIRateLimitingContext
77)78)
7879
79CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt'80CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt'
@@ -150,6 +151,7 @@
150LIBVIRT_BIN = '/etc/default/libvirt-bin'151LIBVIRT_BIN = '/etc/default/libvirt-bin'
151LIBVIRT_BIN_OVERRIDES = '/etc/init/libvirt-bin.override'152LIBVIRT_BIN_OVERRIDES = '/etc/init/libvirt-bin.override'
152NOVA_CONF = '%s/nova.conf' % NOVA_CONF_DIR153NOVA_CONF = '%s/nova.conf' % NOVA_CONF_DIR
154API_PASTE_INI = '%s/api-paste.ini' % NOVA_CONF_DIR
153155
154BASE_RESOURCE_MAP = {156BASE_RESOURCE_MAP = {
155 NOVA_CONF: {157 NOVA_CONF: {
@@ -175,6 +177,9 @@
175 HostIPContext(),177 HostIPContext(),
176 context.LogLevelContext()],178 context.LogLevelContext()],
177 },179 },
180 API_PASTE_INI: {
181 'services': ['nova-compute'],
182 'contexts': [APIRateLimitingContext()]}
178}183}
179184
180LIBVIRT_RESOURCE_MAP = {185LIBVIRT_RESOURCE_MAP = {
181186
=== added file 'templates/api-paste.ini'
--- templates/api-paste.ini 1970-01-01 00:00:00 +0000
+++ templates/api-paste.ini 2015-10-01 15:08:20 +0000
@@ -0,0 +1,141 @@
1###############################################################################
2# [ WARNING ]
3# Configuration file maintained by Juju. Local changes may be overwritten.
4###############################################################################
5############
6# Metadata #
7############
8[composite:metadata]
9use = egg:Paste#urlmap
10/: meta
11
12[pipeline:meta]
13pipeline = ec2faultwrap logrequest metaapp
14
15[app:metaapp]
16paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
17
18#######
19# EC2 #
20#######
21
22[composite:ec2]
23use = egg:Paste#urlmap
24/: ec2cloud
25
26[composite:ec2cloud]
27use = call:nova.api.auth:pipeline_factory
28noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
29noauth2 = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
30keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor
31
32[filter:ec2faultwrap]
33paste.filter_factory = nova.api.ec2:FaultWrapper.factory
34
35[filter:logrequest]
36paste.filter_factory = nova.api.ec2:RequestLogging.factory
37
38[filter:ec2lockout]
39paste.filter_factory = nova.api.ec2:Lockout.factory
40
41[filter:ec2keystoneauth]
42paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory
43
44[filter:ec2noauth]
45paste.filter_factory = nova.api.ec2:NoAuth.factory
46
47[filter:cloudrequest]
48controller = nova.api.ec2.cloud.CloudController
49paste.filter_factory = nova.api.ec2:Requestify.factory
50
51[filter:authorizer]
52paste.filter_factory = nova.api.ec2:Authorizer.factory
53
54[filter:validator]
55paste.filter_factory = nova.api.ec2:Validator.factory
56
57[app:ec2executor]
58paste.app_factory = nova.api.ec2:Executor.factory
59
60#############
61# OpenStack #
62#############
63
64[composite:osapi_compute]
65use = call:nova.api.openstack.urlmap:urlmap_factory
66/: oscomputeversions
67/v1.1: openstack_compute_api_v2
68/v2: openstack_compute_api_v2
69/v2.1: openstack_compute_api_v21
70/v3: openstack_compute_api_v3
71
72[composite:openstack_compute_api_v2]
73use = call:nova.api.auth:pipeline_factory
74noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2
75noauth2 = compute_req_id faultwrap sizelimit noauth2 ratelimit osapi_compute_app_v2
76keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2
77keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2
78
79[composite:openstack_compute_api_v21]
80use = call:nova.api.auth:pipeline_factory_v21
81noauth = compute_req_id faultwrap sizelimit noauth osapi_compute_app_v21
82noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
83keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
84
85[composite:openstack_compute_api_v3]
86use = call:nova.api.auth:pipeline_factory_v21
87noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3
88noauth2 = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3
89keystone = request_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3
90
91[filter:request_id]
92paste.filter_factory = oslo.middleware:RequestId.factory
93
94[filter:compute_req_id]
95paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory
96
97[filter:faultwrap]
98paste.filter_factory = nova.api.openstack:FaultWrapper.factory
99
100[filter:noauth]
101paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareOld.factory
102
103[filter:noauth2]
104paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
105
106[filter:noauth_v3]
107paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareV3.factory
108
109[filter:ratelimit]
110paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
111{% if api_rate_limit_rules -%}
112limits = {{ api_rate_limit_rules}}
113{% endif -%}
114
115[filter:sizelimit]
116paste.filter_factory = oslo.middleware:RequestBodySizeLimiter.factory
117
118[app:osapi_compute_app_v2]
119paste.app_factory = nova.api.openstack.compute:APIRouter.factory
120
121[app:osapi_compute_app_v21]
122paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory
123
124[app:osapi_compute_app_v3]
125paste.app_factory = nova.api.openstack.compute:APIRouterV3.factory
126
127[pipeline:oscomputeversions]
128pipeline = faultwrap oscomputeversionapp
129
130[app:oscomputeversionapp]
131paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
132
133##########
134# Shared #
135##########
136
137[filter:keystonecontext]
138paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
139
140[filter:authtoken]
141paste.filter_factory = keystonemiddleware.auth_token:filter_factory
0142
=== modified file 'tests/basic_deployment.py'
--- tests/basic_deployment.py 2015-07-21 18:02:54 +0000
+++ tests/basic_deployment.py 2015-10-01 15:08:20 +0000
@@ -68,7 +68,9 @@
68 def _configure_services(self):68 def _configure_services(self):
69 """Configure all of the services."""69 """Configure all of the services."""
70 nova_config = {'config-flags': 'auto_assign_floating_ip=False',70 nova_config = {'config-flags': 'auto_assign_floating_ip=False',
71 'enable-live-migration': 'False'}71 'enable-live-migration': 'False',
72 'api-rate-limit-rules':
73 '( POST, *, .*, 9999, MINUTE );'}
72 nova_cc_config = {}74 nova_cc_config = {}
73 if self.git:75 if self.git:
74 amulet_http_proxy = os.environ.get('AMULET_HTTP_PROXY')76 amulet_http_proxy = os.environ.get('AMULET_HTTP_PROXY')
@@ -466,6 +468,20 @@
466 message = "nova config error: {}".format(ret)468 message = "nova config error: {}".format(ret)
467 amulet.raise_status(amulet.FAIL, msg=message)469 amulet.raise_status(amulet.FAIL, msg=message)
468470
471 def test_api_paste_config(self):
472 """Check that the rate limiting is set on the nova api (for POSTs)."""
473 unit = self.nova_compute_sentry
474 conf = '/etc/nova/api-paste.ini'
475 section = "filter:ratelimit"
476 factory = ("nova.api.openstack.compute.limits:RateLimitingMiddleware"
477 ".factory")
478 expected = {"paste.filter_factory": factory,
479 "limits": "( POST, *, .*, 9999, MINUTE );"}
480 ret = u.validate_config_data(unit, conf, section, expected)
481 if ret:
482 message = "api paste config error: {}".format(ret)
483 amulet.raise_status(amulet.FAIL, msg=message)
484
469 def test_image_instance_create(self):485 def test_image_instance_create(self):
470 """Create an image/instance, verify they exist, and delete them."""486 """Create an image/instance, verify they exist, and delete them."""
471 # NOTE(coreycb): Skipping failing test on essex until resolved. essex487 # NOTE(coreycb): Skipping failing test on essex until resolved. essex

Subscribers

People subscribed via source and target branches