openstack/charm-nova-cloud-controller
Code Issues Proposed changes

Remove `nova-consoleauth` package as of Train

Browse Source 
The Nova console authorization has been moved to the database
backend and the separate service and package is no longer
necessary.

Change-Id: I672ae9538dc687a1c868bf99001041a54241ec24
Closes-Bug: #1848478
This commit is contained in:
Frode Nordahl 2019-10-17 12:29:40 +02:00
parent 81860afeca
commit bf2cd49829
No known key found for this signature in database
GPG Key ID: 6A5D59A3BA48373F
4 changed files with 77 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hooks/nova_cc_common.py
View File

@ -30,20 +30,20 @@ API_PORTS = {
CONSOLE_CONFIG = { CONSOLE_CONFIG = {
'spice': { 'spice': {
'packages': ['nova-spiceproxy', 'nova-consoleauth'], 'packages': ['nova-spiceproxy'],
'services': ['nova-spiceproxy', 'nova-consoleauth'], 'services': ['nova-spiceproxy'],
'proxy-page': '/spice_auto.html', 'proxy-page': '/spice_auto.html',
'proxy-port': 6082, 'proxy-port': 6082,
}, },
'novnc': { 'novnc': {
'packages': ['nova-novncproxy', 'nova-consoleauth'], 'packages': ['nova-novncproxy'],
'services': ['nova-novncproxy', 'nova-consoleauth'], 'services': ['nova-novncproxy'],
'proxy-page': '/vnc_auto.html', 'proxy-page': '/vnc_auto.html',
'proxy-port': 6080, 'proxy-port': 6080,
}, },
'xvpvnc': { 'xvpvnc': {
'packages': ['nova-xvpvncproxy', 'nova-consoleauth'], 'packages': ['nova-xvpvncproxy'],
'services': ['nova-xvpvncproxy', 'nova-consoleauth'], 'services': ['nova-xvpvncproxy'],
'proxy-page': '/console', 'proxy-page': '/console',
'proxy-port': 6081, 'proxy-port': 6081,
}, },

2
hooks/nova_cc_hooks.py
View File

@ -292,7 +292,7 @@ def config_changed():
for rid in hookenv.relation_ids('ha'): for rid in hookenv.relation_ids('ha'):
ha_joined(rid) ha_joined(rid)
if (not ch_utils.is_unit_paused_set() and if (not ch_utils.is_unit_paused_set() and
ncc_utils.is_console_auth_enabled()): ncc_utils.is_consoleauth_enabled()):
ch_host.service_resume('nova-consoleauth') ch_host.service_resume('nova-consoleauth')
# call the policy overrides handler which will install any policy overrides # call the policy overrides handler which will install any policy overrides
policyd.maybe_do_policyd_overrides_on_config_changed( policyd.maybe_do_policyd_overrides_on_config_changed(

36
hooks/nova_cc_utils.py
View File

@ -222,9 +222,8 @@ CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt'
NOVA_SSH_DIR = '/etc/nova/compute_ssh/' NOVA_SSH_DIR = '/etc/nova/compute_ssh/'
SERIAL_CONSOLE = { SERIAL_CONSOLE = {
'packages': ['nova-serialproxy', 'nova-consoleauth', 'packages': ['nova-serialproxy', 'websockify'],
'websockify'], 'services': ['nova-serialproxy'],
'services': ['nova-serialproxy', 'nova-consoleauth'],
} }
@ -283,6 +282,9 @@ def resource_map(actual_services=True):
if is_serial_console_enabled(cmp_os_release): if is_serial_console_enabled(cmp_os_release):
_resource_map[NOVA_CONF]['services'] += SERIAL_CONSOLE['services'] _resource_map[NOVA_CONF]['services'] += SERIAL_CONSOLE['services']
if is_consoleauth_enabled(cmp_os_release):
_resource_map[NOVA_CONF]['services'] += ['nova-consoleauth']
# also manage any configs that are being updated by subordinates. # also manage any configs that are being updated by subordinates.
vmware_ctxt = ch_context.SubordinateConfigContext( vmware_ctxt = ch_context.SubordinateConfigContext(
interface='nova-vmware', service='nova', config_file=NOVA_CONF) interface='nova-vmware', service='nova', config_file=NOVA_CONF)
@ -404,6 +406,8 @@ def determine_packages():
packages.extend(common.console_attributes('packages')) packages.extend(common.console_attributes('packages'))
if is_serial_console_enabled(release): if is_serial_console_enabled(release):
packages.extend(SERIAL_CONSOLE['packages']) packages.extend(SERIAL_CONSOLE['packages'])
if is_consoleauth_enabled(release):
packages.extend(['nova-consoleauth'])
packages.extend( packages.extend(
ch_utils.token_cache_pkgs(source=hookenv.config('openstack-origin'))) ch_utils.token_cache_pkgs(source=hookenv.config('openstack-origin')))
if release >= 'rocky': if release >= 'rocky':
@ -558,14 +562,30 @@ def is_serial_console_enabled(cmp_os_release=None):
return hookenv.config('enable-serial-console') and cmp_os_release >= 'juno' return hookenv.config('enable-serial-console') and cmp_os_release >= 'juno'
def is_console_auth_enabled(): def is_consoleauth_enabled(cmp_os_release=None):
"""Determine whether console auth is enabled in this deploy """Determine whether the ``consoleauth`` service is enabled in this deploy
:returns: Whether console auth is enabled in this deploy Note that the fact that the service is enabled or not may not be tied to
the reality of Nova doing console access authorization.
Since OpenStack Rocky the console token authorization storage has been
moved to the database backend, and in OpenStack Train the service
was removed.
https://github.com/openstack/nova/blob/master/releasenotes/notes/deprecate-nova-consoleauth-ed6ccbc324a0fb10.yaml
:param cmp_os_release: Release comparison object.
:type cmp_os_release: charmhelpers.contrib.openstack.utils.
CompareOpenStackReleases
:returns: Whether ``consoleauth`` service is enabled in this deploy
:rtype: bool :rtype: bool
""" """
return bool(is_serial_console_enabled() or if not cmp_os_release:
hookenv.config('console-access-protocol')) release = ch_utils.os_release('nova-common')
cmp_os_release = ch_utils.CompareOpenStackReleases(release)
return cmp_os_release < 'train' and (bool(is_serial_console_enabled() or
hookenv.config(
'console-access-protocol')))
def is_db_initialised(): def is_db_initialised():

51
unit_tests/test_nova_cc_utils.py
View File

@ -278,6 +278,11 @@ class NovaCCUtilsTests(CharmTestCase):
console_services = ['nova-xvpvncproxy', 'nova-consoleauth'] console_services = ['nova-xvpvncproxy', 'nova-consoleauth']
for service in console_services: for service in console_services:
self.assertIn(service, _map['/etc/nova/nova.conf']['services']) self.assertIn(service, _map['/etc/nova/nova.conf']['services'])
self.os_release.return_value = 'train'
_map = utils.resource_map()
self.assertNotIn(
'nova-consoleauth',
_map['/etc/nova/nova.conf']['services'])
@patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext') @patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext')
def test_resource_map_console_novnc(self, subcontext): def test_resource_map_console_novnc(self, subcontext):
@ -288,6 +293,11 @@ class NovaCCUtilsTests(CharmTestCase):
console_services = ['nova-novncproxy', 'nova-consoleauth'] console_services = ['nova-novncproxy', 'nova-consoleauth']
for service in console_services: for service in console_services:
self.assertIn(service, _map['/etc/nova/nova.conf']['services']) self.assertIn(service, _map['/etc/nova/nova.conf']['services'])
self.os_release.return_value = 'train'
_map = utils.resource_map()
self.assertNotIn(
'nova-consoleauth',
_map['/etc/nova/nova.conf']['services'])
@patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext') @patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext')
def test_resource_map_console_vnc(self, subcontext): def test_resource_map_console_vnc(self, subcontext):
@ -299,6 +309,11 @@ class NovaCCUtilsTests(CharmTestCase):
'nova-consoleauth'] 'nova-consoleauth']
for service in console_services: for service in console_services:
self.assertIn(service, _map['/etc/nova/nova.conf']['services']) self.assertIn(service, _map['/etc/nova/nova.conf']['services'])
self.os_release.return_value = 'train'
_map = utils.resource_map()
self.assertNotIn(
'nova-consoleauth',
_map['/etc/nova/nova.conf']['services'])
def test_console_attributes_none(self): def test_console_attributes_none(self):
self.test_config.set('console-access-protocol', 'None') self.test_config.set('console-access-protocol', 'None')
@ -326,6 +341,11 @@ class NovaCCUtilsTests(CharmTestCase):
console_services = ['nova-spiceproxy', 'nova-consoleauth'] console_services = ['nova-spiceproxy', 'nova-consoleauth']
for service in console_services: for service in console_services:
self.assertIn(service, _map['/etc/nova/nova.conf']['services']) self.assertIn(service, _map['/etc/nova/nova.conf']['services'])
self.os_release.return_value = 'train'
_map = utils.resource_map()
self.assertNotIn(
'nova-consoleauth',
_map['/etc/nova/nova.conf']['services'])
@patch('charmhelpers.contrib.openstack.neutron.os_release') @patch('charmhelpers.contrib.openstack.neutron.os_release')
@patch('os.path.exists') @patch('os.path.exists')
@ -419,8 +439,8 @@ class NovaCCUtilsTests(CharmTestCase):
_servs = utils.common.console_attributes('services') _servs = utils.common.console_attributes('services')
_pkgs = utils.common.console_attributes('packages') _pkgs = utils.common.console_attributes('packages')
_proxy_page = utils.common.console_attributes('proxy-page') _proxy_page = utils.common.console_attributes('proxy-page')
vnc_pkgs = ['nova-novncproxy', 'nova-xvpvncproxy', 'nova-consoleauth'] vnc_pkgs = ['nova-novncproxy', 'nova-xvpvncproxy']
vnc_servs = ['nova-novncproxy', 'nova-xvpvncproxy', 'nova-consoleauth'] vnc_servs = ['nova-novncproxy', 'nova-xvpvncproxy']
self.assertEqual(_proto, 'vnc') self.assertEqual(_proto, 'vnc')
self.assertEqual(sorted(_servs), sorted(vnc_servs)) self.assertEqual(sorted(_servs), sorted(vnc_servs))
self.assertEqual(sorted(_pkgs), sorted(vnc_pkgs)) self.assertEqual(sorted(_pkgs), sorted(vnc_pkgs))
@ -472,6 +492,10 @@ class NovaCCUtilsTests(CharmTestCase):
console_pkgs = ['nova-spiceproxy', 'nova-consoleauth'] console_pkgs = ['nova-spiceproxy', 'nova-consoleauth']
for console_pkg in console_pkgs: for console_pkg in console_pkgs:
self.assertIn(console_pkg, pkgs) self.assertIn(console_pkg, pkgs)
self.os_release.return_value = 'train'
pkgs = utils.determine_packages()
self.assertNotIn(
'nova-consoleauth', pkgs)
@patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext') @patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext')
def test_determine_packages_base_icehouse(self, subcontext): def test_determine_packages_base_icehouse(self, subcontext):
@ -541,6 +565,9 @@ class NovaCCUtilsTests(CharmTestCase):
console_pkgs = ['nova-serialproxy', 'nova-consoleauth'] console_pkgs = ['nova-serialproxy', 'nova-consoleauth']
for console_pkg in console_pkgs: for console_pkg in console_pkgs:
self.assertIn(console_pkg, pkgs) self.assertIn(console_pkg, pkgs)
self.os_release.return_value = 'train'
pkgs = utils.determine_packages()
self.assertNotIn('nova-consoleauth', pkgs)
@patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext') @patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext')
def test_determine_packages_serial_console_icehouse(self, subcontext): def test_determine_packages_serial_console_icehouse(self, subcontext):
@ -1409,28 +1436,34 @@ class NovaCCUtilsTests(CharmTestCase):
utils.is_serial_console_enabled()) utils.is_serial_console_enabled())
@patch.object(utils, 'is_serial_console_enabled') @patch.object(utils, 'is_serial_console_enabled')
def test_is_console_auth_enabled(self, is_serial_console_enabled): def test_is_consoleauth_enabled(self, is_serial_console_enabled):
self.os_release.return_value = 'mitaka'
is_serial_console_enabled.return_value = True is_serial_console_enabled.return_value = True
self.test_config.set('console-access-protocol', 'vnc') self.test_config.set('console-access-protocol', 'vnc')
self.assertTrue( self.assertTrue(
utils.is_console_auth_enabled()) utils.is_consoleauth_enabled())
self.os_release.return_value = 'train'
self.assertFalse(
utils.is_consoleauth_enabled())
@patch.object(utils, 'is_serial_console_enabled') @patch.object(utils, 'is_serial_console_enabled')
def test_is_console_auth_enabled_no_serial(self, def test_is_consoleauth_enabled_no_serial(self,
is_serial_console_enabled): is_serial_console_enabled):
self.os_release.return_value = 'mitaka'
is_serial_console_enabled.return_value = False is_serial_console_enabled.return_value = False
self.test_config.set('console-access-protocol', 'vnc') self.test_config.set('console-access-protocol', 'vnc')
self.assertTrue( self.assertTrue(
utils.is_console_auth_enabled()) utils.is_consoleauth_enabled())
@patch.object(utils, 'is_serial_console_enabled') @patch.object(utils, 'is_serial_console_enabled')
def test_is_console_auth_enabled_no_serial_no_console( def test_is_consoleauth_enabled_no_serial_no_console(
self, self,
is_serial_console_enabled): is_serial_console_enabled):
self.os_release.return_value = 'mitaka'
is_serial_console_enabled.return_value = False is_serial_console_enabled.return_value = False
self.test_config.set('console-access-protocol', None) self.test_config.set('console-access-protocol', None)
self.assertFalse( self.assertFalse(
utils.is_console_auth_enabled()) utils.is_consoleauth_enabled())
@patch.object(utils, 'get_cell_uuid') @patch.object(utils, 'get_cell_uuid')
@patch('subprocess.check_output') @patch('subprocess.check_output')