Browse Source

Make cinder work for Ocata

- cinder-api now runs under apache2 and no longer as systemd service
- cinder-volume needs explicit backend configuration
- don't install deprecated cinder v1 API endpoints
- clean up some config options

To be added in a follow-up:
- Make backend configuration more flexible
- Replace distro provided wsgi setup with our custom one

Change-Id: I77ac294fd8e1cd4e6bc39667ddfdea21c4daed8a
changes/46/451246/4
Jens Rosenboom 2 years ago
parent
commit
a3ba8685a7

+ 1
- 3
attributes/cinder_conf.rb View File

@@ -9,13 +9,11 @@ default['openstack']['block-storage']['conf'].tap do |conf|
9 9
   conf['DEFAULT']['glance_api_version'] = '2'
10 10
   conf['DEFAULT']['volume_group'] = 'cinder-volumes'
11 11
   conf['DEFAULT']['state_path'] = '/var/lib/cinder'
12
-  conf['keystone_authtoken']['auth_type'] = 'v3password'
12
+  conf['keystone_authtoken']['auth_type'] = 'password'
13 13
   conf['keystone_authtoken']['region_name'] = node['openstack']['region']
14 14
   conf['keystone_authtoken']['username'] = 'cinder'
15
-  conf['keystone_authtoken']['auth_version'] = node['openstack']['identity']['auth']['version']
16 15
   conf['keystone_authtoken']['project_name'] = 'service'
17 16
   conf['keystone_authtoken']['user_domain_name'] = 'Default'
18
-  conf['keystone_authtoken']['signing_dir'] = '/var/cache/cinder/api'
19 17
   conf['keystone_authtoken']['project_domain_name'] = 'Default'
20 18
 
21 19
   conf['oslo_concurrency']['lock_path'] = '/var/lib/cinder/tmp'

+ 3
- 16
recipes/api.rb View File

@@ -43,22 +43,9 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg|
43 43
   end
44 44
 end
45 45
 
46
-directory node['openstack']['block-storage']['conf']['keystone_authtoken']['signing_dir'] do
47
-  owner node['openstack']['block-storage']['user']
48
-  group node['openstack']['block-storage']['group']
49
-  recursive true
50
-  mode 00700
51
-end
52
-
53
-service 'cinder-api' do
54
-  service_name platform_options['cinder_api_service']
55
-  supports status: true, restart: true
56
-  action :enable
57
-  subscribes :restart, [
58
-    'template[/etc/cinder/cinder.conf]',
59
-    'remote_file[/etc/cinder/policy.json]'
60
-  ]
61
-end
46
+# Todo(jr): Runs via wsgi in apache2 now, need to find a nice way to
47
+# trigger apache2 restart. Also disable the default installed wsgi
48
+# service and use our template based setup
62 49
 
63 50
 execute 'cinder-manage db sync' do
64 51
   user node['openstack']['block-storage']['user']

+ 23
- 6
recipes/cinder-common.rb View File

@@ -48,11 +48,13 @@ end
48 48
 glance_api_endpoint = internal_endpoint 'image_api'
49 49
 cinder_api_bind = node['openstack']['bind_service']['all']['block-storage']
50 50
 cinder_api_bind_address = bind_address cinder_api_bind
51
-identity_endpoint = public_endpoint 'identity'
51
+identity_endpoint = internal_endpoint 'identity'
52
+identity_admin_endpoint = admin_endpoint 'identity'
52 53
 node.default['openstack']['block-storage']['conf_secrets']
53 54
   .[]('keystone_authtoken')['password'] =
54 55
   get_password 'service', 'openstack-block-storage'
55
-auth_url = auth_uri_transform(identity_endpoint.to_s, node['openstack']['api']['auth']['version'])
56
+auth_uri = identity_endpoint.to_s
57
+auth_url = identity_admin_endpoint.to_s
56 58
 
57 59
 directory '/etc/cinder' do
58 60
   group node['openstack']['block-storage']['group']
@@ -62,18 +64,32 @@ directory '/etc/cinder' do
62 64
 end
63 65
 
64 66
 node.default['openstack']['block-storage']['conf'].tap do |conf|
65
-  conf['DEFAULT']['glance_host'] = glance_api_endpoint.host
66
-  conf['DEFAULT']['glance_port'] = glance_api_endpoint.port
67 67
   conf['DEFAULT']['my_ip'] = cinder_api_bind_address
68
-  conf['DEFAULT']['glance_api_servers'] = "#{glance_api_endpoint.scheme}://#{glance_api_endpoint.host}:#{glance_api_endpoint.port}"
68
+  conf['DEFAULT']['glance_api_servers'] = glance_api_endpoint.to_s
69 69
   conf['DEFAULT']['osapi_volume_listen'] = cinder_api_bind_address
70 70
   conf['DEFAULT']['osapi_volume_listen_port'] = cinder_api_bind.port
71
+  conf['keystone_authtoken']['auth_uri'] = auth_uri
71 72
   conf['keystone_authtoken']['auth_url'] = auth_url
72 73
 end
73 74
 
74
-# merge all config options and secrets to be used in the nova.conf.erb
75
+# Todo(jr): Make this configurable depending on backend to be used
76
+# This needs to be explicitly configured since Ocata
77
+node.default['openstack']['block-storage']['conf'].tap do |conf|
78
+  conf['DEFAULT']['enabled_backends'] = 'lvm'
79
+  conf['lvm']['volume_driver'] = 'cinder.volume.drivers.lvm.LVMVolumeDriver'
80
+  conf['lvm']['volume_group'] = 'cinder-volumes'
81
+  conf['lvm']['iscsi_protocol'] = 'iscsi'
82
+  conf['lvm']['iscsi_helper'] = 'tgtadm'
83
+end
84
+
85
+# merge all config options and secrets to be used in the cinder.conf.erb
75 86
 cinder_conf_options = merge_config_options 'block-storage'
76 87
 
88
+service 'cinder-apache2' do
89
+  service_name 'apache2'
90
+  action :nothing
91
+end
92
+
77 93
 template '/etc/cinder/cinder.conf' do
78 94
   source 'openstack-service.conf.erb'
79 95
   cookbook 'openstack-common'
@@ -83,6 +99,7 @@ template '/etc/cinder/cinder.conf' do
83 99
   variables(
84 100
     service_config: cinder_conf_options
85 101
   )
102
+  notifies :restart, 'service[cinder-apache2]'
86 103
 end
87 104
 
88 105
 # delete all secrets saved in the attribute

+ 0
- 37
recipes/identity_registration.rb View File

@@ -99,40 +99,3 @@ openstack_user service_user do
99 99
   connection_params connection_params
100 100
   action :grant_domain
101 101
 end
102
-# --------------------- WORKAROUND --------------------------------------#
103
-# Currently this bug is still open
104
-# (https://bugs.launchpad.net/horizon/+bug/1415712) and we need to register and
105
-# enable the cinder v1 api to make it available via the dashboard. This should
106
-# be removed with the final mitaka release.
107
-
108
-# openstack_identity_register 'Register Cinder V1 Volume Service' do
109
-#   auth_uri auth_uri
110
-#   bootstrap_token bootstrap_token
111
-#   service_name ((service_name).gsub(/v2/, ''))
112
-#   service_type ((service_type).gsub(/v2/, ''))
113
-#   service_description 'Cinder Volume Service V1'
114
-#   endpoint_region region
115
-#   endpoint_adminurl ((::URI.decode admin_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
116
-#   endpoint_internalurl ((::URI.decode internal_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
117
-#   endpoint_publicurl ((::URI.decode public_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
118
-#   action :create_service
119
-# end
120
-
121
-# Register Volume Service
122
-openstack_service 'cinder' do
123
-  type 'volume'
124
-  connection_params connection_params
125
-end
126
-
127
-interfaces.each do |interface, res|
128
-  # Register VolumeV1 Endpoints
129
-  openstack_endpoint 'volume' do
130
-    service_name 'cinder'
131
-    interface interface.to_s
132
-    url (::URI.decode res[:url].to_s).gsub(/v2/, 'v1')
133
-    region region
134
-    connection_params connection_params
135
-  end
136
-end
137
-
138
-# --------------------- WORKAROUND --------------------------------------#

+ 0
- 4
spec/api-redhat_spec.rb View File

@@ -26,9 +26,5 @@ describe 'openstack-block-storage::api' do
26 26
       expect(chef_run).to upgrade_package 'python-psycopg2'
27 27
       expect(chef_run).not_to upgrade_package 'MySQL-python'
28 28
     end
29
-
30
-    it 'starts cinder api on boot' do
31
-      expect(chef_run).to enable_service 'openstack-cinder-api'
32
-    end
33 29
   end
34 30
 end

+ 1
- 17
spec/api_spec.rb View File

@@ -12,16 +12,12 @@ describe 'openstack-block-storage::api' do
12 12
 
13 13
     include_context 'block-storage-stubs'
14 14
     include_examples 'common-logging'
15
-    include_examples 'creates_cinder_conf', 'service[cinder-api]', 'cinder', 'cinder'
15
+    include_examples 'creates_cinder_conf', 'service[cinder-apache2]', 'cinder', 'cinder'
16 16
 
17 17
     it 'upgrades cinder api packages' do
18 18
       expect(chef_run).to upgrade_package('cinder-api')
19 19
     end
20 20
 
21
-    it 'starts cinder api on boot' do
22
-      expect(chef_run).to enable_service('cinder-api')
23
-    end
24
-
25 21
     it 'upgrades mysql python package' do
26 22
       expect(chef_run).to upgrade_package('python-mysqldb')
27 23
     end
@@ -33,18 +29,6 @@ describe 'openstack-block-storage::api' do
33 29
       expect(chef_run).not_to upgrade_package('python-mysqldb')
34 30
     end
35 31
 
36
-    describe '/var/cache/cinder/api' do
37
-      let(:dir) { chef_run.directory('/var/cache/cinder/api') }
38
-
39
-      it 'should create the directory' do
40
-        expect(chef_run).to create_directory(dir.name).with(
41
-          owner: 'cinder',
42
-          group: 'cinder',
43
-          mode: 00700
44
-        )
45
-      end
46
-    end
47
-
48 32
     it 'runs db migrations' do
49 33
       expect(chef_run).to run_execute('cinder-manage db sync').with(user: 'cinder', group: 'cinder')
50 34
     end

+ 15
- 92
spec/cinder_common_spec.rb View File

@@ -51,33 +51,30 @@ describe 'openstack-block-storage::cinder-common' do
51 51
       end
52 52
 
53 53
       context 'keystone authtoken attributes with default values' do
54
-        it 'sets memcached server(s)' do
54
+        it 'does not set memcached server(s)' do
55 55
           expect(chef_run).not_to render_file(file.name).with_content(/^memcached_servers = $/)
56 56
         end
57 57
 
58
-        it 'sets memcache security strategy' do
58
+        it 'does not set memcache security strategy' do
59 59
           expect(chef_run).not_to render_file(file.name).with_content(/^memcache_security_strategy = $/)
60 60
         end
61 61
 
62
-        it 'sets memcache secret key' do
62
+        it 'does not set memcache secret key' do
63 63
           expect(chef_run).not_to render_file(file.name).with_content(/^memcache_secret_key = $/)
64 64
         end
65 65
 
66
-        it 'sets cafile' do
66
+        it 'does not set cafile' do
67 67
           expect(chef_run).not_to render_file(file.name).with_content(/^cafile = $/)
68 68
         end
69 69
       end
70 70
 
71 71
       context 'keystone authtoken attributes' do
72
-        it 'has signing_dir' do
73
-          node.set['openstack']['block-storage']['conf']['keystone_authtoken']['signing_dir'] = 'auth_cache_dir'
74
-
75
-          expect(chef_run).to render_file(file.name).with_content(/^signing_dir = auth_cache_dir$/)
76
-        end
77
-
78 72
         context 'endpoint related' do
79 73
           it 'has auth_uri' do
80
-            expect(chef_run).to render_file(file.name).with_content(%r{^auth_url = http://127.0.0.1:5000/v3$})
74
+            expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', %r{^auth_uri = http://127.0.0.1:5000/v3$})
75
+          end
76
+          it 'has auth_url' do
77
+            expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', %r{^auth_url = http://127.0.0.1:35357/v3$})
81 78
           end
82 79
         end
83 80
 
@@ -85,43 +82,13 @@ describe 'openstack-block-storage::cinder-common' do
85 82
           expect(chef_run).not_to render_file(file.name).with_content(/^auth_version = v2.0$/)
86 83
         end
87 84
 
88
-        it 'has an admin tenant name' do
89
-          node.set['openstack']['block-storage']['conf']['keystone_authtoken']['admin_tenant_name'] = 'tenant_name'
90
-
91
-          expect(chef_run).to render_file(file.name).with_content(/^admin_tenant_name = tenant_name$/)
92
-        end
93
-
94
-        it 'has an admin user' do
95
-          node.set['openstack']['block-storage']['conf']['keystone_authtoken']['admin_user'] = 'username'
96
-
97
-          expect(chef_run).to render_file(file.name).with_content(/^admin_user = username$/)
98
-        end
99
-
100 85
         it 'has an admin password' do
101 86
           # (fgimenez) the get_password mocking is set in spec/spec_helper.rb
102
-          expect(chef_run).to render_file(file.name).with_content(/^password = cinder-pass$/)
87
+          expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', /^password = cinder-pass$/)
103 88
         end
104 89
       end
105 90
 
106 91
       context 'template contents' do
107
-        context 'commonly named attributes' do
108
-          %w(debug verbose host notification_driver
109
-             osapi_volume_worker control_exchange).each do |attr_key|
110
-            it "has a #{attr_key} attribute" do
111
-              node.set['openstack']['block-storage']['conf']['DEFAULT'][attr_key] = "#{attr_key}_value"
112
-
113
-              expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^#{attr_key} = #{attr_key}_value$/)
114
-            end
115
-          end
116
-        end
117
-
118
-        context 'backup swift backend contents' do
119
-          before do
120
-            node.set['openstack']['block-storage']['backup']['enabled'] = true
121
-            node.set['openstack']['block-storage']['backup']['driver'] = 'cinder.backup.drivers.swift'
122
-          end
123
-        end
124
-
125 92
         it 'has a lock_path attribute' do
126 93
           expect(chef_run).to render_config_file(file.name).with_section_content('oslo_concurrency', %r{^lock_path = /var/lib/cinder/tmp})
127 94
         end
@@ -151,50 +118,22 @@ describe 'openstack-block-storage::cinder-common' do
151 118
             .with_section_content('database', /^connection = sql_connection_value$/)
152 119
         end
153 120
 
154
-        it 'has a slave db connection attribute' do
155
-          allow_any_instance_of(Chef::Recipe).to receive(:db_uri)
156
-            .and_return('sql_connection_value')
157
-
158
-          expect(chef_run).to render_config_file(file.name)
159
-            .with_section_content('database', /^connection = sql_connection_value$/)
160
-        end
161
-
162
-        it 'has a volume_driver attribute' do
163
-          node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'volume_driver_value'
164
-          expect(chef_run).to render_file(file.name).with_content(/^volume_driver = volume_driver_value$/)
165
-        end
166
-
167
-        it 'has a state_path attribute' do
168
-          node.set['openstack']['block-storage']['conf']['DEFAULT']['state_path'] = 'state_path_value'
169
-          expect(chef_run).to render_file(file.name).with_content(/^state_path = state_path_value$/)
170
-        end
171
-
172
-        context 'glance endpoint' do
173
-          it 'has a glance_api_servers attribute' do
174
-            expect(chef_run).to render_file(file.name).with_content(%r{^glance_api_servers = http://127.0.0.1:9292$})
175
-          end
176
-
177
-          it 'has a glance host attribute' do
178
-            expect(chef_run).to render_file(file.name).with_content(/^glance_host = 127.0.0.1$/)
179
-          end
180
-
181
-          it 'has a glance port attribute' do
182
-            expect(chef_run).to render_file(file.name).with_content(/^glance_port = 9292$/)
183
-          end
121
+        it 'has a glance_api_servers attribute' do
122
+          expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', %r{^glance_api_servers = http://127.0.0.1:9292$})
184 123
         end
185 124
 
186 125
         context 'cinder endpoint' do
187 126
           it 'has osapi_volume_listen set' do
188
-            expect(chef_run).to render_file(file.name).with_content(/^osapi_volume_listen = 127.0.0.1$/)
127
+            expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^osapi_volume_listen = 127.0.0.1$/)
189 128
           end
190 129
 
191 130
           it 'has osapi_volume_listen_port set' do
192
-            expect(chef_run).to render_file(file.name).with_content(/^osapi_volume_listen_port = 8776$/)
131
+            expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^osapi_volume_listen_port = 8776$/)
193 132
           end
194 133
         end
195 134
         it 'has default transport_url/AMQP options set' do
196 135
           [%r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$}].each do |line|
197
-            expect(chef_run).to render_file(file.name).with_content(line)
136
+            expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
198 137
           end
199 138
         end
200 139
 
@@ -204,22 +143,10 @@ describe 'openstack-block-storage::cinder-common' do
204 143
               node.set['openstack']['mq']['block-storage']['rabbit']['ha'] = false
205 144
             end
206 145
 
207
-            %w(host port).each do |attr|
208
-              it "has rabbit_#{attr} attribute" do
209
-                node.set['openstack']['block-storage']['conf']['oslo_messaging_rabbit']["rabbit_#{attr}"] = "rabbit_#{attr}_value"
210
-                expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_#{attr} = rabbit_#{attr}_value$/)
211
-              end
212
-            end
213
-
214 146
             it 'does not have a rabbit_hosts attribute' do
215 147
               expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_hosts = /)
216 148
             end
217 149
           end
218
-
219
-          it 'has rabbit_virtual_host' do
220
-            node.set['openstack']['block-storage']['conf']['oslo_messaging_rabbit']['rabbit_virtual_host'] = 'vhost_value'
221
-            expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_virtual_host = vhost_value$/)
222
-          end
223 150
         end
224 151
 
225 152
         context 'lvm settings' do
@@ -243,11 +170,6 @@ describe 'openstack-block-storage::cinder-common' do
243 170
           end
244 171
         end
245 172
 
246
-        it 'has volume_driver attribute' do
247
-          node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'volume_driver_value'
248
-          expect(chef_run).to render_file(file.name).with_content(/^volume_driver = volume_driver_value$/)
249
-        end
250
-
251 173
         context 'netapp ISCSI settings' do
252 174
           before do
253 175
             node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'cinder.volume.drivers.netapp.NetAppISCSIDriver'
@@ -293,6 +215,7 @@ describe 'openstack-block-storage::cinder-common' do
293 215
         end
294 216
       end
295 217
     end
218
+
296 219
     it do
297 220
       expect(chef_run).to run_ruby_block("delete all attributes in node['openstack']['block-storage']['conf_secrets']")
298 221
     end

+ 0
- 25
spec/identity_registration_spec.rb View File

@@ -60,22 +60,6 @@ describe 'openstack-block-storage::identity_registration' do
60 60
           )
61 61
         end
62 62
       end
63
-      %w(admin internal public).each do |interface|
64
-        it "#{interface} with different service type/name and registers v1 endpoint" do
65
-          node.set['openstack']['block-storage']['service_name'] = 'cinder'
66
-          node.set['openstack']['block-storage']['service_type'] = 'volume'
67
-
68
-          expect(chef_run).to create_openstack_endpoint(
69
-            'volume'
70
-          ).with(
71
-            service_name: 'cinder',
72
-            # interface: interface,
73
-            url: 'http://127.0.0.1:8776/v1/%(tenant_id)s',
74
-            region: 'RegionOne',
75
-            connection_params: connection_params
76
-          )
77
-        end
78
-      end
79 63
 
80 64
       it 'with custom region override' do
81 65
         node.set['openstack']['block-storage']['region'] = 'volumeRegion'
@@ -116,14 +100,5 @@ describe 'openstack-block-storage::identity_registration' do
116 100
         connection_params: connection_params
117 101
       )
118 102
     end
119
-
120
-    it 'registers cinder v1 volume service' do
121
-      expect(chef_run).to create_openstack_service(
122
-        'cinder'
123
-      ).with(
124
-        connection_params: connection_params,
125
-        type: 'volume'
126
-      )
127
-    end
128 103
   end
129 104
 end

+ 3
- 6
spec/spec_helper.rb View File

@@ -31,9 +31,6 @@ shared_context 'block-storage-stubs' do
31 31
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
32 32
       .with('db', anything)
33 33
       .and_return('')
34
-    allow_any_instance_of(Chef::Recipe).to receive(:get_password)
35
-      .with('token', 'openstack_identity_bootstrap_token')
36
-      .and_return('bootstrap-token')
37 34
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
38 35
       .with('token', 'rbd_secret_uuid')
39 36
       .and_return('b0ff3bba-e07b-49b1-beed-09a45552b1ad')
@@ -111,14 +108,14 @@ shared_examples 'creates_cinder_conf' do |service, user, group, action = :restar
111 108
 
112 109
     it do
113 110
       [
114
-        /^auth_type = v3password$/,
111
+        /^auth_type = password$/,
115 112
         /^region_name = RegionOne$/,
116 113
         /^username = cinder/,
117 114
         /^project_name = service$/,
118 115
         /^user_domain_name = Default/,
119 116
         /^project_domain_name = Default/,
120
-        %r{^signing_dir = /var/cache/cinder/api$},
121
-        %r{^auth_url = http://127.0.0.1:5000/v3$},
117
+        %r{^auth_uri = http://127.0.0.1:5000/v3$},
118
+        %r{^auth_url = http://127.0.0.1:35357/v3$},
122 119
         /^password = cinder-pass$/
123 120
       ].each do |line|
124 121
         expect(chef_run).to render_config_file(file.name)

Loading…
Cancel
Save