Make cinder work for Ocata

- cinder-api now runs under apache2 and no longer as systemd service
- cinder-volume needs explicit backend configuration
- don't install deprecated cinder v1 API endpoints
- clean up some config options

To be added in a follow-up:
- Make backend configuration more flexible
- Replace distro provided wsgi setup with our custom one

Change-Id: I77ac294fd8e1cd4e6bc39667ddfdea21c4daed8a
This commit is contained in:
Jens Rosenboom 2017-03-29 08:18:27 +00:00
parent 8421080468
commit a3ba8685a7
9 changed files with 46 additions and 206 deletions

View File

@ -9,13 +9,11 @@ default['openstack']['block-storage']['conf'].tap do |conf|
conf['DEFAULT']['glance_api_version'] = '2'
conf['DEFAULT']['volume_group'] = 'cinder-volumes'
conf['DEFAULT']['state_path'] = '/var/lib/cinder'
conf['keystone_authtoken']['auth_type'] = 'v3password'
conf['keystone_authtoken']['auth_type'] = 'password'
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
conf['keystone_authtoken']['username'] = 'cinder'
conf['keystone_authtoken']['auth_version'] = node['openstack']['identity']['auth']['version']
conf['keystone_authtoken']['project_name'] = 'service'
conf['keystone_authtoken']['user_domain_name'] = 'Default'
conf['keystone_authtoken']['signing_dir'] = '/var/cache/cinder/api'
conf['keystone_authtoken']['project_domain_name'] = 'Default'
conf['oslo_concurrency']['lock_path'] = '/var/lib/cinder/tmp'

View File

@ -43,22 +43,9 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg|
end
end
directory node['openstack']['block-storage']['conf']['keystone_authtoken']['signing_dir'] do
owner node['openstack']['block-storage']['user']
group node['openstack']['block-storage']['group']
recursive true
mode 00700
end
service 'cinder-api' do
service_name platform_options['cinder_api_service']
supports status: true, restart: true
action :enable
subscribes :restart, [
'template[/etc/cinder/cinder.conf]',
'remote_file[/etc/cinder/policy.json]'
]
end
# Todo(jr): Runs via wsgi in apache2 now, need to find a nice way to
# trigger apache2 restart. Also disable the default installed wsgi
# service and use our template based setup
execute 'cinder-manage db sync' do
user node['openstack']['block-storage']['user']

View File

@ -48,11 +48,13 @@ end
glance_api_endpoint = internal_endpoint 'image_api'
cinder_api_bind = node['openstack']['bind_service']['all']['block-storage']
cinder_api_bind_address = bind_address cinder_api_bind
identity_endpoint = public_endpoint 'identity'
identity_endpoint = internal_endpoint 'identity'
identity_admin_endpoint = admin_endpoint 'identity'
node.default['openstack']['block-storage']['conf_secrets']
.[]('keystone_authtoken')['password'] =
get_password 'service', 'openstack-block-storage'
auth_url = auth_uri_transform(identity_endpoint.to_s, node['openstack']['api']['auth']['version'])
auth_uri = identity_endpoint.to_s
auth_url = identity_admin_endpoint.to_s
directory '/etc/cinder' do
group node['openstack']['block-storage']['group']
@ -62,18 +64,32 @@ directory '/etc/cinder' do
end
node.default['openstack']['block-storage']['conf'].tap do |conf|
conf['DEFAULT']['glance_host'] = glance_api_endpoint.host
conf['DEFAULT']['glance_port'] = glance_api_endpoint.port
conf['DEFAULT']['my_ip'] = cinder_api_bind_address
conf['DEFAULT']['glance_api_servers'] = "#{glance_api_endpoint.scheme}://#{glance_api_endpoint.host}:#{glance_api_endpoint.port}"
conf['DEFAULT']['glance_api_servers'] = glance_api_endpoint.to_s
conf['DEFAULT']['osapi_volume_listen'] = cinder_api_bind_address
conf['DEFAULT']['osapi_volume_listen_port'] = cinder_api_bind.port
conf['keystone_authtoken']['auth_uri'] = auth_uri
conf['keystone_authtoken']['auth_url'] = auth_url
end
# merge all config options and secrets to be used in the nova.conf.erb
# Todo(jr): Make this configurable depending on backend to be used
# This needs to be explicitly configured since Ocata
node.default['openstack']['block-storage']['conf'].tap do |conf|
conf['DEFAULT']['enabled_backends'] = 'lvm'
conf['lvm']['volume_driver'] = 'cinder.volume.drivers.lvm.LVMVolumeDriver'
conf['lvm']['volume_group'] = 'cinder-volumes'
conf['lvm']['iscsi_protocol'] = 'iscsi'
conf['lvm']['iscsi_helper'] = 'tgtadm'
end
# merge all config options and secrets to be used in the cinder.conf.erb
cinder_conf_options = merge_config_options 'block-storage'
service 'cinder-apache2' do
service_name 'apache2'
action :nothing
end
template '/etc/cinder/cinder.conf' do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
@ -83,6 +99,7 @@ template '/etc/cinder/cinder.conf' do
variables(
service_config: cinder_conf_options
)
notifies :restart, 'service[cinder-apache2]'
end
# delete all secrets saved in the attribute

View File

@ -99,40 +99,3 @@ openstack_user service_user do
connection_params connection_params
action :grant_domain
end
# --------------------- WORKAROUND --------------------------------------#
# Currently this bug is still open
# (https://bugs.launchpad.net/horizon/+bug/1415712) and we need to register and
# enable the cinder v1 api to make it available via the dashboard. This should
# be removed with the final mitaka release.
# openstack_identity_register 'Register Cinder V1 Volume Service' do
# auth_uri auth_uri
# bootstrap_token bootstrap_token
# service_name ((service_name).gsub(/v2/, ''))
# service_type ((service_type).gsub(/v2/, ''))
# service_description 'Cinder Volume Service V1'
# endpoint_region region
# endpoint_adminurl ((::URI.decode admin_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
# endpoint_internalurl ((::URI.decode internal_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
# endpoint_publicurl ((::URI.decode public_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
# action :create_service
# end
# Register Volume Service
openstack_service 'cinder' do
type 'volume'
connection_params connection_params
end
interfaces.each do |interface, res|
# Register VolumeV1 Endpoints
openstack_endpoint 'volume' do
service_name 'cinder'
interface interface.to_s
url (::URI.decode res[:url].to_s).gsub(/v2/, 'v1')
region region
connection_params connection_params
end
end
# --------------------- WORKAROUND --------------------------------------#

View File

@ -26,9 +26,5 @@ describe 'openstack-block-storage::api' do
expect(chef_run).to upgrade_package 'python-psycopg2'
expect(chef_run).not_to upgrade_package 'MySQL-python'
end
it 'starts cinder api on boot' do
expect(chef_run).to enable_service 'openstack-cinder-api'
end
end
end

View File

@ -12,16 +12,12 @@ describe 'openstack-block-storage::api' do
include_context 'block-storage-stubs'
include_examples 'common-logging'
include_examples 'creates_cinder_conf', 'service[cinder-api]', 'cinder', 'cinder'
include_examples 'creates_cinder_conf', 'service[cinder-apache2]', 'cinder', 'cinder'
it 'upgrades cinder api packages' do
expect(chef_run).to upgrade_package('cinder-api')
end
it 'starts cinder api on boot' do
expect(chef_run).to enable_service('cinder-api')
end
it 'upgrades mysql python package' do
expect(chef_run).to upgrade_package('python-mysqldb')
end
@ -33,18 +29,6 @@ describe 'openstack-block-storage::api' do
expect(chef_run).not_to upgrade_package('python-mysqldb')
end
describe '/var/cache/cinder/api' do
let(:dir) { chef_run.directory('/var/cache/cinder/api') }
it 'should create the directory' do
expect(chef_run).to create_directory(dir.name).with(
owner: 'cinder',
group: 'cinder',
mode: 00700
)
end
end
it 'runs db migrations' do
expect(chef_run).to run_execute('cinder-manage db sync').with(user: 'cinder', group: 'cinder')
end

View File

@ -51,33 +51,30 @@ describe 'openstack-block-storage::cinder-common' do
end
context 'keystone authtoken attributes with default values' do
it 'sets memcached server(s)' do
it 'does not set memcached server(s)' do
expect(chef_run).not_to render_file(file.name).with_content(/^memcached_servers = $/)
end
it 'sets memcache security strategy' do
it 'does not set memcache security strategy' do
expect(chef_run).not_to render_file(file.name).with_content(/^memcache_security_strategy = $/)
end
it 'sets memcache secret key' do
it 'does not set memcache secret key' do
expect(chef_run).not_to render_file(file.name).with_content(/^memcache_secret_key = $/)
end
it 'sets cafile' do
it 'does not set cafile' do
expect(chef_run).not_to render_file(file.name).with_content(/^cafile = $/)
end
end
context 'keystone authtoken attributes' do
it 'has signing_dir' do
node.set['openstack']['block-storage']['conf']['keystone_authtoken']['signing_dir'] = 'auth_cache_dir'
expect(chef_run).to render_file(file.name).with_content(/^signing_dir = auth_cache_dir$/)
end
context 'endpoint related' do
it 'has auth_uri' do
expect(chef_run).to render_file(file.name).with_content(%r{^auth_url = http://127.0.0.1:5000/v3$})
expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', %r{^auth_uri = http://127.0.0.1:5000/v3$})
end
it 'has auth_url' do
expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', %r{^auth_url = http://127.0.0.1:35357/v3$})
end
end
@ -85,43 +82,13 @@ describe 'openstack-block-storage::cinder-common' do
expect(chef_run).not_to render_file(file.name).with_content(/^auth_version = v2.0$/)
end
it 'has an admin tenant name' do
node.set['openstack']['block-storage']['conf']['keystone_authtoken']['admin_tenant_name'] = 'tenant_name'
expect(chef_run).to render_file(file.name).with_content(/^admin_tenant_name = tenant_name$/)
end
it 'has an admin user' do
node.set['openstack']['block-storage']['conf']['keystone_authtoken']['admin_user'] = 'username'
expect(chef_run).to render_file(file.name).with_content(/^admin_user = username$/)
end
it 'has an admin password' do
# (fgimenez) the get_password mocking is set in spec/spec_helper.rb
expect(chef_run).to render_file(file.name).with_content(/^password = cinder-pass$/)
expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', /^password = cinder-pass$/)
end
end
context 'template contents' do
context 'commonly named attributes' do
%w(debug verbose host notification_driver
osapi_volume_worker control_exchange).each do |attr_key|
it "has a #{attr_key} attribute" do
node.set['openstack']['block-storage']['conf']['DEFAULT'][attr_key] = "#{attr_key}_value"
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^#{attr_key} = #{attr_key}_value$/)
end
end
end
context 'backup swift backend contents' do
before do
node.set['openstack']['block-storage']['backup']['enabled'] = true
node.set['openstack']['block-storage']['backup']['driver'] = 'cinder.backup.drivers.swift'
end
end
it 'has a lock_path attribute' do
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_concurrency', %r{^lock_path = /var/lib/cinder/tmp})
end
@ -151,50 +118,22 @@ describe 'openstack-block-storage::cinder-common' do
.with_section_content('database', /^connection = sql_connection_value$/)
end
it 'has a slave db connection attribute' do
allow_any_instance_of(Chef::Recipe).to receive(:db_uri)
.and_return('sql_connection_value')
expect(chef_run).to render_config_file(file.name)
.with_section_content('database', /^connection = sql_connection_value$/)
end
it 'has a volume_driver attribute' do
node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'volume_driver_value'
expect(chef_run).to render_file(file.name).with_content(/^volume_driver = volume_driver_value$/)
end
it 'has a state_path attribute' do
node.set['openstack']['block-storage']['conf']['DEFAULT']['state_path'] = 'state_path_value'
expect(chef_run).to render_file(file.name).with_content(/^state_path = state_path_value$/)
end
context 'glance endpoint' do
it 'has a glance_api_servers attribute' do
expect(chef_run).to render_file(file.name).with_content(%r{^glance_api_servers = http://127.0.0.1:9292$})
end
it 'has a glance host attribute' do
expect(chef_run).to render_file(file.name).with_content(/^glance_host = 127.0.0.1$/)
end
it 'has a glance port attribute' do
expect(chef_run).to render_file(file.name).with_content(/^glance_port = 9292$/)
end
it 'has a glance_api_servers attribute' do
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', %r{^glance_api_servers = http://127.0.0.1:9292$})
end
context 'cinder endpoint' do
it 'has osapi_volume_listen set' do
expect(chef_run).to render_file(file.name).with_content(/^osapi_volume_listen = 127.0.0.1$/)
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^osapi_volume_listen = 127.0.0.1$/)
end
it 'has osapi_volume_listen_port set' do
expect(chef_run).to render_file(file.name).with_content(/^osapi_volume_listen_port = 8776$/)
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^osapi_volume_listen_port = 8776$/)
end
end
it 'has default transport_url/AMQP options set' do
[%r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$}].each do |line|
expect(chef_run).to render_file(file.name).with_content(line)
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
end
end
@ -204,22 +143,10 @@ describe 'openstack-block-storage::cinder-common' do
node.set['openstack']['mq']['block-storage']['rabbit']['ha'] = false
end
%w(host port).each do |attr|
it "has rabbit_#{attr} attribute" do
node.set['openstack']['block-storage']['conf']['oslo_messaging_rabbit']["rabbit_#{attr}"] = "rabbit_#{attr}_value"
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_#{attr} = rabbit_#{attr}_value$/)
end
end
it 'does not have a rabbit_hosts attribute' do
expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_hosts = /)
end
end
it 'has rabbit_virtual_host' do
node.set['openstack']['block-storage']['conf']['oslo_messaging_rabbit']['rabbit_virtual_host'] = 'vhost_value'
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_virtual_host = vhost_value$/)
end
end
context 'lvm settings' do
@ -243,11 +170,6 @@ describe 'openstack-block-storage::cinder-common' do
end
end
it 'has volume_driver attribute' do
node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'volume_driver_value'
expect(chef_run).to render_file(file.name).with_content(/^volume_driver = volume_driver_value$/)
end
context 'netapp ISCSI settings' do
before do
node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'cinder.volume.drivers.netapp.NetAppISCSIDriver'
@ -293,6 +215,7 @@ describe 'openstack-block-storage::cinder-common' do
end
end
end
it do
expect(chef_run).to run_ruby_block("delete all attributes in node['openstack']['block-storage']['conf_secrets']")
end

View File

@ -60,22 +60,6 @@ describe 'openstack-block-storage::identity_registration' do
)
end
end
%w(admin internal public).each do |interface|
it "#{interface} with different service type/name and registers v1 endpoint" do
node.set['openstack']['block-storage']['service_name'] = 'cinder'
node.set['openstack']['block-storage']['service_type'] = 'volume'
expect(chef_run).to create_openstack_endpoint(
'volume'
).with(
service_name: 'cinder',
# interface: interface,
url: 'http://127.0.0.1:8776/v1/%(tenant_id)s',
region: 'RegionOne',
connection_params: connection_params
)
end
end
it 'with custom region override' do
node.set['openstack']['block-storage']['region'] = 'volumeRegion'
@ -116,14 +100,5 @@ describe 'openstack-block-storage::identity_registration' do
connection_params: connection_params
)
end
it 'registers cinder v1 volume service' do
expect(chef_run).to create_openstack_service(
'cinder'
).with(
connection_params: connection_params,
type: 'volume'
)
end
end
end

View File

@ -31,9 +31,6 @@ shared_context 'block-storage-stubs' do
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('db', anything)
.and_return('')
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('token', 'openstack_identity_bootstrap_token')
.and_return('bootstrap-token')
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('token', 'rbd_secret_uuid')
.and_return('b0ff3bba-e07b-49b1-beed-09a45552b1ad')
@ -111,14 +108,14 @@ shared_examples 'creates_cinder_conf' do |service, user, group, action = :restar
it do
[
/^auth_type = v3password$/,
/^auth_type = password$/,
/^region_name = RegionOne$/,
/^username = cinder/,
/^project_name = service$/,
/^user_domain_name = Default/,
/^project_domain_name = Default/,
%r{^signing_dir = /var/cache/cinder/api$},
%r{^auth_url = http://127.0.0.1:5000/v3$},
%r{^auth_uri = http://127.0.0.1:5000/v3$},
%r{^auth_url = http://127.0.0.1:35357/v3$},
/^password = cinder-pass$/
].each do |line|
expect(chef_run).to render_config_file(file.name)