As per the weekly meeting today [1] we have agreed to add a new section to the spec template for changes that affect the IPA ramdisk. [1] http://eavesdrop.openstack.org/meetings/ironic/2016/ironic.2016-05-23-17.00.log.txt Change-Id: I0f62e233dc7f2ad3e9940439f8ad7740de5e65c9
5.0 KiB
HTTP(S) proxy support for agent images downloading
https://bugs.launchpad.net/ironic/+bug/1526222
This adds support of proxy configuration for images downloading by agent.
Problem description
Currently Ironic Python Agent (IPA) is able to download images via direct HTTP(S) links, but it does not support proxy configuration. If IPA will support proxy configuration for image downloading user can place caching proxies in the same physical network segments as nodes for reducing owerall network traffic and deploying time. There are two different types of image sources when Ironic does deploy with IPA: Glance UUID and HTTP(S) URL. When HTTP(s) URLs are used so we can simply utilize HTTP(S) proxy configuration parameter, additional Ironic features are not needed. When we use Glance UUIDs there is a problem with Swift temporary URLs, because current time is used for temporary URLs calculation. In the proxy servers requests with query string parameters are cached separately for each unique query string, therefore if Swift temp URL's are used images can not be cached efficiently on the proxy server side.
Proposed change
Three new optional parameters: image_http_proxy
,
image_https_proxy
and image_no_proxy
will be
added to agent deploy driver. First two parameters are strings with
format "PROTOCOL://PROXY_IP:PROXY_PORT". image_no_proxy
is
a list of comma-separated URLs that should be excluded from proxying.
New behavior of agent deploy driver methods:
get_properties() - returns description of new parameters.
validate() - validate new parameter(s) (if present).
continue_deploy() - add "proxies" and "no_proxy" keys in the "image_info" dict if parameter(s) present:
proxies = {'http': 'http://192.168.0.2:8080', 'https': 'https://192.168.0.3:4444'} no_proxy='192.168.1.5,10.0.0.3'
If "proxies" key is present IPA adds a parameter to requests.get() method. Requests library supports "no_proxy" only as environment variable, not as a get() parameter. If "no_proxy" parameter is set agent should add it to Python's "os.environ" before get() call.
Swift Temporary URL changes:
For caching proxies different URLs are mapped to different files in
the cache. Therefore caching of Swift Temporary URLs for images should
be implemented on the conductor. When a temporary URL for image is
created agent driver stores it into the cache with UUID of Glance image
as a key. Agent driver uses URL from cache for same UUIDs and checks
expiration of temporary URLs. New integer config parameter
swift_temp_url_cachetime
will be added to
glance
group. If it greater than zero agent driver enables
caching of URL's and use it's value for new temp URL duration.
Notes about proxy service:
- Proxy should support HTTP/1.1 chunked transfer encoding.
- For SSL image URLs proxy should be configured for termination of SSL connection from client on the proxy side.
- Caching of large files should be enabled on the proxy.
Alternatives
None
Data model impact
None
State Machine Impact
None
REST API impact
None
Client (CLI) impact
None
RPC API impact
None
Driver API impact
None
Nova driver impact
None
Ramdisk impact
N/A
Security impact
Decrypting of HTTPS data on the proxy server side is not recommended for images which contain confidential information.
Other end user impact
None
Scalability impact
Proxy support for image downloading by agent can improve scalability (reduce network traffic and time of deploy) in proper configured environment.
Performance Impact
None
Other deployer impact
- New optional parameters will be added for agent deploy driver in the
node.driver_info:
image_http_proxy
,image_https_proxy
,image_no_proxy
. - A new config option
swift_temp_url_cachetime
will be added inglance
group. - Deployer must install and configure proxy service(s).
Developer impact
None
Implementation
Assignee(s)
- Primary assignee:
-
yuriyz
Work Items
- Implement proxy parameters for IPA deploy driver.
- Implement Swift Temporary URLs cache.
- Add unit tests.
Dependencies
None
Testing
Unittests will be added.
Upgrades and Backwards Compatibility
None
Documentation Impact
Usage of agent's proxy configuration will be documented.