openstack
/
magnum
Code Issues Proposed changes

Switch to uwsgi and enable named uri 

This patch brings Magnum in line with other services
by using uwsgi for the api service and replaces the use
of a custom api port with /container-infra.

- Switch to using uwsgi for functional tests.
- Use /container-infra instead of a custom api port.

Change-Id: Iab5b23b3874a46ccb5c942e64dc167258712bd31
This commit is contained in:
Erik Olof Gunnar Andersson 2021-01-05 20:07:03 -08:00
parent d614499825
commit fd79dd4fa6
1 changed files with 19 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
devstack/lib/magnum
View File

@ -50,20 +50,21 @@ MAGNUM_API_PASTE=$MAGNUM_CONF_DIR/api-paste.ini
MAGNUM_K8S_KEYSTONE_AUTH_DEFAULT_POLICY=$MAGNUM_CONF_DIR/k8s_keystone_auth_default_policy.json
MAGNUM_POLICY=$MAGNUM_CONF_DIR/policy.yaml
if is_ssl_enabled_service "magnum" || is_service_enabled tls-proxy; then
MAGNUM_SERVICE_PROTOCOL="https"
fi
MAGNUM_UWSGI=$MAGNUM_BIN_DIR/magnum-api-wsgi
MAGNUM_UWSGI_CONF=$MAGNUM_CONF_DIR/magnum-api-uwsgi.ini
# Public facing bits
MAGNUM_SERVICE_HOST=${MAGNUM_SERVICE_HOST:-$HOST_IP}
MAGNUM_SERVICE_PORT=${MAGNUM_SERVICE_PORT:-9511}
MAGNUM_SERVICE_PORT_INT=${MAGNUM_SERVICE_PORT_INT:-19511}
MAGNUM_SERVICE_PROTOCOL=${MAGNUM_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
MAGNUM_TRUSTEE_DOMAIN_ADMIN_PASSWORD=${MAGNUM_TRUSTEE_DOMAIN_ADMIN_PASSWORD:-secret}
MAGNUM_SWIFT_REGISTRY_CONTAINER=${MAGNUM_SWIFT_REGISTRY_CONTAINER:-docker_registry}
if is_service_enabled tls-proxy; then
MAGNUM_SERVICE_PROTOCOL="https"
fi
# Support entry points installation of console scripts
if [[ -d $MAGNUM_DIR/bin ]]; then
MAGNUM_BIN_DIR=$MAGNUM_DIR/bin
@ -86,6 +87,8 @@ function is_magnum_enabled {
# runs that a clean run would need to clean up
function cleanup_magnum {
sudo rm -rf $MAGNUM_STATE_PATH $MAGNUM_AUTH_CACHE_DIR $MAGNUM_CERTIFICATE_CACHE_DIR
sudo rm -f $(apache_site_config_for magnum-api)
remove_uwsgi_config "$MAGNUM_UWSGI_CONF" "$MAGNUM_UWSGI"
}
# configure_magnum() - Set config files, create data dirs, etc
@ -117,9 +120,9 @@ function create_magnum_accounts {
"container-infra" "Container Infrastructure Management Service")
get_or_create_endpoint $magnum_service \
"$REGION_NAME" \
"$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST:$MAGNUM_SERVICE_PORT/v1" \
"$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST:$MAGNUM_SERVICE_PORT/v1" \
"$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST:$MAGNUM_SERVICE_PORT/v1"
"$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST/container-infra/v1" \
"$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST/container-infra/v1" \
"$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST/container-infra/v1"
# Create for Kubernetes Keystone auth
get_or_create_role k8s_admin
@ -139,12 +142,11 @@ function create_magnum_conf {
iniset $MAGNUM_CONF database connection `database_connection_url magnum`
iniset $MAGNUM_CONF api host "$MAGNUM_SERVICE_HOST"
if is_service_enabled tls-proxy; then
iniset $MAGNUM_CONF api port "$MAGNUM_SERVICE_PORT_INT"
iniset $MAGNUM_CONF drivers verify_ca true
iniset $MAGNUM_CONF drivers openstack_ca_file $SSL_BUNDLE_FILE
else
iniset $MAGNUM_CONF api port "$MAGNUM_SERVICE_PORT"
iniset $MAGNUM_CONF drivers verify_ca false
fi
@ -195,8 +197,6 @@ function create_magnum_conf {
iniset $MAGNUM_CONF DEFAULT ssl_cert_file "$MAGNUM_SSL_CERT"
iniset $MAGNUM_CONF DEFAULT ssl_key_file "$MAGNUM_SSL_KEY"
iniset $MAGNUM_CONF DEFAULT enabled_ssl_apis "$MAGNUM_ENABLED_APIS"
fi
if is_service_enabled ceilometer; then
@ -234,6 +234,8 @@ function create_magnum_conf {
iniset $MAGNUM_CONF drivers send_cluster_metrics False
iniset $MAGNUM_CONF kubernetes keystone_auth_default_policy $MAGNUM_K8S_KEYSTONE_AUTH_DEFAULT_POLICY
write_uwsgi_config "$MAGNUM_UWSGI_CONF" "$MAGNUM_UWSGI" "/container-infra"
}
function create_api_paste_conf {
@ -333,48 +335,34 @@ function install_magnumclient {
# install_magnum() - Collect source and prepare
function install_magnum {
install_apache_uwsgi
git_clone $MAGNUM_REPO $MAGNUM_DIR $MAGNUM_BRANCH
setup_develop $MAGNUM_DIR
}
# start_magnum_api() - Start the API process ahead of other things
function start_magnum_api {
# Get right service port for testing
local service_port=$MAGNUM_SERVICE_PORT
local service_protocol=$MAGNUM_SERVICE_PROTOCOL
if is_service_enabled tls-proxy; then
service_port=$MAGNUM_SERVICE_PORT_INT
service_protocol="http"
fi
run_process magnum-api "$(which uwsgi) --procname-prefix magnum-api --ini $MAGNUM_UWSGI_CONF"
run_process magnum-api "$MAGNUM_BIN_DIR/magnum-api"
echo "Waiting for magnum-api to start..."
if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$MAGNUM_SERVICE_HOST:$service_port; then
if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$MAGNUM_SERVICE_HOST/container-infra; then
die $LINENO "magnum-api did not start"
fi
# Start proxies if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy magnum '*' $MAGNUM_SERVICE_PORT $MAGNUM_SERVICE_HOST $MAGNUM_SERVICE_PORT_INT &
fi
}
# configure_iptables_magnum() - Configure the IP table rules for Magnum
function configure_iptables_magnum {
if [ "$MAGNUM_CONFIGURE_IPTABLES" != "False" ]; then
ROUTE_TO_INTERNET=$(ip route get 8.8.8.8)
OBOUND_DEV=$(echo ${ROUTE_TO_INTERNET#*dev} | awk '{print $1}')
sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
# bay nodes will access magnum-api (port $MAGNUM_SERVICE_PORT) to get CA certificate.
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $MAGNUM_SERVICE_PORT -j ACCEPT || true
# allow access to keystone etc (http and https)
# allow access to magnum, keystone etc (http and https)
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true
fi
}
function configure_apache_magnum {
# Set redirection for kubernetes openstack cloud provider
# FIXME: When [1] is in kubernetes, we won't need the redirection anymore.
@ -414,7 +402,6 @@ EOF
enable_apache_mod rewrite
}
# start_magnum() - Start running processes, including screen
function start_magnum {