Merge "console: convert consoles code to use objects framework"
This commit is contained in:
Jenkins
212
specs/liberty/approved/convert-consoles-to-objects.rst
Normal file
212
specs/liberty/approved/convert-consoles-to-objects.rst
Normal file
@@ -0,0 +1,212 @@
|
||||
..
|
||||
This work is licensed under a Creative Commons Attribution 3.0 Unported
|
||||
License.
|
||||
|
||||
http://creativecommons.org/licenses/by/3.0/legalcode
|
||||
|
||||
=========================================
|
||||
Convert Consoles To Use Objects Framework
|
||||
=========================================
|
||||
|
||||
https://blueprints.launchpad.net/nova/+spec/convert-consoles-to-objects
|
||||
|
||||
Make consoles to use the objects framework -- the current console code
|
||||
does not take advantage of the framework objects, instead it provides
|
||||
some types (console/type.py) to handle them. These types do not
|
||||
provide any features to handle versioning, RPC or any kind of methods
|
||||
to make them useful.
|
||||
|
||||
|
||||
Problem description
|
||||
===================
|
||||
|
||||
The current code does not provide any mechanism to handle versioning.
|
||||
Additionally, since RPC cannot handle classes derived from the Python object
|
||||
type, we need to handle a dict "connect_info" between RPC calls and no
|
||||
way is provided to share the state of the console across processes.
|
||||
|
||||
Another problem comes with the token, memcached is not a database and
|
||||
cannot guarantee that the expire time will be respected, a token can
|
||||
expire before that limit (eviction). By using the framework objects
|
||||
we can get the opportunity to store the whole state of Console object
|
||||
with a valid token in the database and share the state between
|
||||
process.
|
||||
|
||||
For instance bug 1425640 needs to know when an user is connected to a
|
||||
particular port from a number of perspectives: from the compute node, to
|
||||
return the next port defined and not connected; from the proxy to
|
||||
reject new connections on already connected port from the API to
|
||||
let user informed no more port are available.
|
||||
|
||||
We will also enhance security by only storing SHA-1 of tokens in the
|
||||
database after to have returned the clean one to the users. Then when
|
||||
users will request to connect a console the token passed will be
|
||||
hashed and compared to the one stored in the database for validation.
|
||||
|
||||
A new option will be introduced "console_tokens_backend" wich will
|
||||
allow operator to switch between different backends. The scope of this
|
||||
spec will allow 2 backends (memcached, database) The memcached backend
|
||||
will be implemented for legacy compatibility but in a deprecated
|
||||
status, supported for one release.
|
||||
|
||||
Use Cases
|
||||
----------
|
||||
|
||||
Developer can take advantage of using the framework objects when
|
||||
adding a new console or features.
|
||||
|
||||
Project Priority
|
||||
-----------------
|
||||
|
||||
None
|
||||
|
||||
Proposed change
|
||||
===============
|
||||
|
||||
* Define a new ConsoleConnection object
|
||||
* Convert drivers to return ConsoleConnection
|
||||
* Remove using of the connect_info's dict
|
||||
* Define schema and API to store ConsoleConnection object in database
|
||||
* Update code to store ConsoleConnection with valid token in database
|
||||
instead of a cache.
|
||||
* Define a periodic task to clean expired object stored in database;
|
||||
To balance the load and avoid blocking the database during too much
|
||||
time each compute nodes will be responsible to clean connection_info
|
||||
for guests they host.
|
||||
* Fix bug 1425640
|
||||
|
||||
Alternatives
|
||||
------------
|
||||
|
||||
Continue to use memcached as a backend will make the behavior of
|
||||
connection information not previsible since objects can be
|
||||
evicted. Also in order to fix issue 1425640 and 1455252 a scan has to
|
||||
be done to list available ports which is difficult when using
|
||||
memcached without add specific code to maintain a list of stored keys.
|
||||
|
||||
Data model impact
|
||||
-----------------
|
||||
|
||||
A new ConsoleConnection model needs to be defined with attributes:
|
||||
|
||||
- instance: an instance which refer the console
|
||||
- host: a string field to handle hostname
|
||||
- port: an int field to handle service number
|
||||
- token_hash: a string field to handle a token or null
|
||||
- access_url: a string field to handle access or null
|
||||
- options: a dict field to handle particular information like usetls,
|
||||
internal_access_path, mode...
|
||||
- expires: a date time to indicate when the token expires or null
|
||||
|
||||
The database schema ::
|
||||
|
||||
CREATE TABLE console_connection (
|
||||
instance_uuid CHAR(36) NOT NULL,
|
||||
host VARCHAR(255) NOT NULL,
|
||||
port INT NOT NULL,
|
||||
token_hash CHAR(40),
|
||||
access_url VARCHAR(255),
|
||||
options TEXT,
|
||||
expires DATETIME,
|
||||
|
||||
PRIMARY KEY (instance_uuid, host, port),
|
||||
INDEX (token, instance_uuid),
|
||||
FOREIGN KEY (instance_uuid)
|
||||
REFERENCES instances(uuid)
|
||||
ON DELETE CASCADE
|
||||
);
|
||||
|
||||
.. note::
|
||||
|
||||
No migration are expected from serialized dicts connection info
|
||||
stored in memcached to the database, during the upgrade clients
|
||||
already connected to consoles will keep their connections until
|
||||
proxy will be restarted. At this step we expect to have the
|
||||
consoleauth service to also have been restarted. Users precedently
|
||||
disconnected can reuse the same token to reconnect the consoles if
|
||||
not already expired.
|
||||
|
||||
REST API impact
|
||||
---------------
|
||||
|
||||
None
|
||||
|
||||
Security impact
|
||||
---------------
|
||||
|
||||
In the point of view of tokens we can expect a better security since
|
||||
currently tokens are stored in memcached which does not provide any
|
||||
security layer. Now only hash of tokens will be stored in the database
|
||||
also security policy will enhanced to be the same than other critical
|
||||
components stored in database.
|
||||
|
||||
Notifications impact
|
||||
--------------------
|
||||
|
||||
None
|
||||
|
||||
Other end user impact
|
||||
---------------------
|
||||
|
||||
When proxyclient will be restartred users will be disconnected from
|
||||
our consoles but should reconnect to it with the same token if not
|
||||
already expired.
|
||||
|
||||
Performance Impact
|
||||
------------------
|
||||
|
||||
The database load will increase but we can expect that with a minimal
|
||||
impact for DBA.
|
||||
|
||||
Other deployer impact
|
||||
---------------------
|
||||
|
||||
The consoleauth service must be restarted before proxy services. When
|
||||
proxy will be restarted clients will be disconnected from consoles.
|
||||
Memcached will continue to work as backend until a deprecated period
|
||||
of one release operator are encouraged to switch on the database
|
||||
backend (see option: console_tokens_backend).
|
||||
|
||||
Developer impact
|
||||
----------------
|
||||
|
||||
None
|
||||
|
||||
Implementation
|
||||
==============
|
||||
|
||||
Assignee(s)
|
||||
-----------
|
||||
|
||||
Primary assignee:
|
||||
sahid-ferdjaoui
|
||||
|
||||
Work Items
|
||||
----------
|
||||
|
||||
* Convert code to use objects framework
|
||||
* Update consoleauth to take advantage of the database to handle
|
||||
tokens
|
||||
* Fix bug 1425640
|
||||
|
||||
Dependencies
|
||||
============
|
||||
|
||||
None
|
||||
|
||||
Testing
|
||||
=======
|
||||
|
||||
The current code is already tested by functional and unit tests since
|
||||
we do not provide any feature we can consider that the code will be
|
||||
well covered by tests.
|
||||
|
||||
Documentation Impact
|
||||
====================
|
||||
|
||||
None
|
||||
|
||||
References
|
||||
==========
|
||||
|
||||
None
|
||||
Reference in New Issue
Block a user