From bf2cd49829e720a449898caa6c6e835f26b52e9e Mon Sep 17 00:00:00 2001 From: Frode Nordahl Date: Thu, 17 Oct 2019 12:29:40 +0200 Subject: [PATCH] Remove ``nova-consoleauth`` package as of Train The Nova console authorization has been moved to the database backend and the separate service and package is no longer necessary. Change-Id: I672ae9538dc687a1c868bf99001041a54241ec24 Closes-Bug: #1848478 --- hooks/nova_cc_common.py | 12 ++++---- hooks/nova_cc_hooks.py | 2 +- hooks/nova_cc_utils.py | 36 +++++++++++++++++----- unit_tests/test_nova_cc_utils.py | 51 ++++++++++++++++++++++++++------ 4 files changed, 77 insertions(+), 24 deletions(-) diff --git a/hooks/nova_cc_common.py b/hooks/nova_cc_common.py index 4abd7763..37f7bf29 100644 --- a/hooks/nova_cc_common.py +++ b/hooks/nova_cc_common.py @@ -30,20 +30,20 @@ API_PORTS = { CONSOLE_CONFIG = { 'spice': { - 'packages': ['nova-spiceproxy', 'nova-consoleauth'], - 'services': ['nova-spiceproxy', 'nova-consoleauth'], + 'packages': ['nova-spiceproxy'], + 'services': ['nova-spiceproxy'], 'proxy-page': '/spice_auto.html', 'proxy-port': 6082, }, 'novnc': { - 'packages': ['nova-novncproxy', 'nova-consoleauth'], - 'services': ['nova-novncproxy', 'nova-consoleauth'], + 'packages': ['nova-novncproxy'], + 'services': ['nova-novncproxy'], 'proxy-page': '/vnc_auto.html', 'proxy-port': 6080, }, 'xvpvnc': { - 'packages': ['nova-xvpvncproxy', 'nova-consoleauth'], - 'services': ['nova-xvpvncproxy', 'nova-consoleauth'], + 'packages': ['nova-xvpvncproxy'], + 'services': ['nova-xvpvncproxy'], 'proxy-page': '/console', 'proxy-port': 6081, }, diff --git a/hooks/nova_cc_hooks.py b/hooks/nova_cc_hooks.py index 02d87b87..02995326 100755 --- a/hooks/nova_cc_hooks.py +++ b/hooks/nova_cc_hooks.py @@ -292,7 +292,7 @@ def config_changed(): for rid in hookenv.relation_ids('ha'): ha_joined(rid) if (not ch_utils.is_unit_paused_set() and - ncc_utils.is_console_auth_enabled()): + ncc_utils.is_consoleauth_enabled()): ch_host.service_resume('nova-consoleauth') # call the policy overrides handler which will install any policy overrides policyd.maybe_do_policyd_overrides_on_config_changed( diff --git a/hooks/nova_cc_utils.py b/hooks/nova_cc_utils.py index de4b1e99..a31c5e48 100644 --- a/hooks/nova_cc_utils.py +++ b/hooks/nova_cc_utils.py @@ -222,9 +222,8 @@ CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt' NOVA_SSH_DIR = '/etc/nova/compute_ssh/' SERIAL_CONSOLE = { - 'packages': ['nova-serialproxy', 'nova-consoleauth', - 'websockify'], - 'services': ['nova-serialproxy', 'nova-consoleauth'], + 'packages': ['nova-serialproxy', 'websockify'], + 'services': ['nova-serialproxy'], } @@ -283,6 +282,9 @@ def resource_map(actual_services=True): if is_serial_console_enabled(cmp_os_release): _resource_map[NOVA_CONF]['services'] += SERIAL_CONSOLE['services'] + if is_consoleauth_enabled(cmp_os_release): + _resource_map[NOVA_CONF]['services'] += ['nova-consoleauth'] + # also manage any configs that are being updated by subordinates. vmware_ctxt = ch_context.SubordinateConfigContext( interface='nova-vmware', service='nova', config_file=NOVA_CONF) @@ -404,6 +406,8 @@ def determine_packages(): packages.extend(common.console_attributes('packages')) if is_serial_console_enabled(release): packages.extend(SERIAL_CONSOLE['packages']) + if is_consoleauth_enabled(release): + packages.extend(['nova-consoleauth']) packages.extend( ch_utils.token_cache_pkgs(source=hookenv.config('openstack-origin'))) if release >= 'rocky': @@ -558,14 +562,30 @@ def is_serial_console_enabled(cmp_os_release=None): return hookenv.config('enable-serial-console') and cmp_os_release >= 'juno' -def is_console_auth_enabled(): - """Determine whether console auth is enabled in this deploy +def is_consoleauth_enabled(cmp_os_release=None): + """Determine whether the ``consoleauth`` service is enabled in this deploy - :returns: Whether console auth is enabled in this deploy + Note that the fact that the service is enabled or not may not be tied to + the reality of Nova doing console access authorization. + + Since OpenStack Rocky the console token authorization storage has been + moved to the database backend, and in OpenStack Train the service + was removed. + + https://github.com/openstack/nova/blob/master/releasenotes/notes/deprecate-nova-consoleauth-ed6ccbc324a0fb10.yaml + + :param cmp_os_release: Release comparison object. + :type cmp_os_release: charmhelpers.contrib.openstack.utils. + CompareOpenStackReleases + :returns: Whether ``consoleauth`` service is enabled in this deploy :rtype: bool """ - return bool(is_serial_console_enabled() or - hookenv.config('console-access-protocol')) + if not cmp_os_release: + release = ch_utils.os_release('nova-common') + cmp_os_release = ch_utils.CompareOpenStackReleases(release) + return cmp_os_release < 'train' and (bool(is_serial_console_enabled() or + hookenv.config( + 'console-access-protocol'))) def is_db_initialised(): diff --git a/unit_tests/test_nova_cc_utils.py b/unit_tests/test_nova_cc_utils.py index 6de12c7b..faec57b6 100644 --- a/unit_tests/test_nova_cc_utils.py +++ b/unit_tests/test_nova_cc_utils.py @@ -278,6 +278,11 @@ class NovaCCUtilsTests(CharmTestCase): console_services = ['nova-xvpvncproxy', 'nova-consoleauth'] for service in console_services: self.assertIn(service, _map['/etc/nova/nova.conf']['services']) + self.os_release.return_value = 'train' + _map = utils.resource_map() + self.assertNotIn( + 'nova-consoleauth', + _map['/etc/nova/nova.conf']['services']) @patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext') def test_resource_map_console_novnc(self, subcontext): @@ -288,6 +293,11 @@ class NovaCCUtilsTests(CharmTestCase): console_services = ['nova-novncproxy', 'nova-consoleauth'] for service in console_services: self.assertIn(service, _map['/etc/nova/nova.conf']['services']) + self.os_release.return_value = 'train' + _map = utils.resource_map() + self.assertNotIn( + 'nova-consoleauth', + _map['/etc/nova/nova.conf']['services']) @patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext') def test_resource_map_console_vnc(self, subcontext): @@ -299,6 +309,11 @@ class NovaCCUtilsTests(CharmTestCase): 'nova-consoleauth'] for service in console_services: self.assertIn(service, _map['/etc/nova/nova.conf']['services']) + self.os_release.return_value = 'train' + _map = utils.resource_map() + self.assertNotIn( + 'nova-consoleauth', + _map['/etc/nova/nova.conf']['services']) def test_console_attributes_none(self): self.test_config.set('console-access-protocol', 'None') @@ -326,6 +341,11 @@ class NovaCCUtilsTests(CharmTestCase): console_services = ['nova-spiceproxy', 'nova-consoleauth'] for service in console_services: self.assertIn(service, _map['/etc/nova/nova.conf']['services']) + self.os_release.return_value = 'train' + _map = utils.resource_map() + self.assertNotIn( + 'nova-consoleauth', + _map['/etc/nova/nova.conf']['services']) @patch('charmhelpers.contrib.openstack.neutron.os_release') @patch('os.path.exists') @@ -419,8 +439,8 @@ class NovaCCUtilsTests(CharmTestCase): _servs = utils.common.console_attributes('services') _pkgs = utils.common.console_attributes('packages') _proxy_page = utils.common.console_attributes('proxy-page') - vnc_pkgs = ['nova-novncproxy', 'nova-xvpvncproxy', 'nova-consoleauth'] - vnc_servs = ['nova-novncproxy', 'nova-xvpvncproxy', 'nova-consoleauth'] + vnc_pkgs = ['nova-novncproxy', 'nova-xvpvncproxy'] + vnc_servs = ['nova-novncproxy', 'nova-xvpvncproxy'] self.assertEqual(_proto, 'vnc') self.assertEqual(sorted(_servs), sorted(vnc_servs)) self.assertEqual(sorted(_pkgs), sorted(vnc_pkgs)) @@ -472,6 +492,10 @@ class NovaCCUtilsTests(CharmTestCase): console_pkgs = ['nova-spiceproxy', 'nova-consoleauth'] for console_pkg in console_pkgs: self.assertIn(console_pkg, pkgs) + self.os_release.return_value = 'train' + pkgs = utils.determine_packages() + self.assertNotIn( + 'nova-consoleauth', pkgs) @patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext') def test_determine_packages_base_icehouse(self, subcontext): @@ -541,6 +565,9 @@ class NovaCCUtilsTests(CharmTestCase): console_pkgs = ['nova-serialproxy', 'nova-consoleauth'] for console_pkg in console_pkgs: self.assertIn(console_pkg, pkgs) + self.os_release.return_value = 'train' + pkgs = utils.determine_packages() + self.assertNotIn('nova-consoleauth', pkgs) @patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext') def test_determine_packages_serial_console_icehouse(self, subcontext): @@ -1409,28 +1436,34 @@ class NovaCCUtilsTests(CharmTestCase): utils.is_serial_console_enabled()) @patch.object(utils, 'is_serial_console_enabled') - def test_is_console_auth_enabled(self, is_serial_console_enabled): + def test_is_consoleauth_enabled(self, is_serial_console_enabled): + self.os_release.return_value = 'mitaka' is_serial_console_enabled.return_value = True self.test_config.set('console-access-protocol', 'vnc') self.assertTrue( - utils.is_console_auth_enabled()) + utils.is_consoleauth_enabled()) + self.os_release.return_value = 'train' + self.assertFalse( + utils.is_consoleauth_enabled()) @patch.object(utils, 'is_serial_console_enabled') - def test_is_console_auth_enabled_no_serial(self, - is_serial_console_enabled): + def test_is_consoleauth_enabled_no_serial(self, + is_serial_console_enabled): + self.os_release.return_value = 'mitaka' is_serial_console_enabled.return_value = False self.test_config.set('console-access-protocol', 'vnc') self.assertTrue( - utils.is_console_auth_enabled()) + utils.is_consoleauth_enabled()) @patch.object(utils, 'is_serial_console_enabled') - def test_is_console_auth_enabled_no_serial_no_console( + def test_is_consoleauth_enabled_no_serial_no_console( self, is_serial_console_enabled): + self.os_release.return_value = 'mitaka' is_serial_console_enabled.return_value = False self.test_config.set('console-access-protocol', None) self.assertFalse( - utils.is_console_auth_enabled()) + utils.is_consoleauth_enabled()) @patch.object(utils, 'get_cell_uuid') @patch('subprocess.check_output')