Merge "console: convert consoles code to use objects framework"

2015-07-06 13:22:00 +00:00
parent 443ecda926 ff183eff15
commit f53230f46b
1 changed files with 212 additions and 0 deletions
--- a/specs/liberty/approved/convert-consoles-to-objects.rst
+++ b/specs/liberty/approved/convert-consoles-to-objects.rst
@@ -0,0 +1,212 @@
 ..
 This work is licensed under a Creative Commons Attribution 3.0 Unported
 License.
 http://creativecommons.org/licenses/by/3.0/legalcode
 =========================================
 Convert Consoles To Use Objects Framework
 =========================================
 https://blueprints.launchpad.net/nova/+spec/convert-consoles-to-objects
 Make consoles to use the objects framework -- the current console code
 does not take advantage of the framework objects, instead it provides
 some types (console/type.py) to handle them. These types do not
 provide any features to handle versioning, RPC or any kind of methods
 to make them useful.
 Problem description
 ===================
 The current code does not provide any mechanism to handle versioning.
 Additionally, since RPC cannot handle classes derived from the Python object
 type, we need to handle a dict "connect_info" between RPC calls and no
 way is provided to share the state of the console across processes.
 Another problem comes with the token, memcached is not a database and
 cannot guarantee that the expire time will be respected, a token can
 expire before that limit (eviction). By using the framework objects
 we can get the opportunity to store the whole state of Console object
 with a valid token in the database and share the state between
 process.
 For instance bug 1425640 needs to know when an user is connected to a
 particular port from a number of perspectives: from the compute node, to
 return the next port defined and not connected; from the proxy to
 reject new connections on already connected port from the API to
 let user informed no more port are available.
 We will also enhance security by only storing SHA-1 of tokens in the
 database after to have returned the clean one to the users. Then when
 users will request to connect a console the token passed will be
 hashed and compared to the one stored in the database for validation.
 A new option will be introduced "console_tokens_backend" wich will
 allow operator to switch between different backends. The scope of this
 spec will allow 2 backends (memcached, database) The memcached backend
 will be implemented for legacy compatibility but in a deprecated
 status, supported for one release.
 Use Cases
 ----------
 Developer can take advantage of using the framework objects when
 adding a new console or features.
 Project Priority
 -----------------
 None
 Proposed change
 ===============
 * Define a new ConsoleConnection object
 * Convert drivers to return ConsoleConnection
 * Remove using of the connect_info's dict
 * Define schema and API to store ConsoleConnection object in database
 * Update code to store ConsoleConnection with valid token in database
  instead of a cache.
 * Define a periodic task to clean expired object stored in database;
  To balance the load and avoid blocking the database during too much
  time each compute nodes will be responsible to clean connection_info
  for guests they host.
 * Fix bug 1425640
 Alternatives
 ------------
 Continue to use memcached as a backend will make the behavior of
 connection information not previsible since objects can be
 evicted. Also in order to fix issue 1425640 and 1455252 a scan has to
 be done to list available ports which is difficult when using
 memcached without add specific code to maintain a list of stored keys.
 Data model impact
 -----------------
 A new ConsoleConnection model needs to be defined with attributes:
 - instance: an instance which refer the console
 - host: a string field to handle hostname
 - port: an int field to handle service number
 - token_hash: a string field to handle a token or null
 - access_url: a string field to handle access or null
 - options: a dict field to handle particular information like usetls,
  internal_access_path, mode...
 - expires: a date time to indicate when the token expires or null
 The database schema ::
    CREATE TABLE console_connection (
         instance_uuid CHAR(36) NOT NULL,
         host VARCHAR(255) NOT NULL,
         port INT NOT NULL,
         token_hash CHAR(40),
         access_url VARCHAR(255),
         options TEXT,
         expires DATETIME,
         PRIMARY KEY (instance_uuid, host, port),
         INDEX (token, instance_uuid),
         FOREIGN KEY (instance_uuid)
           REFERENCES instances(uuid)
           ON DELETE CASCADE
    );
 .. note::
    No migration are expected from serialized dicts connection info
    stored in memcached to the database, during the upgrade clients
    already connected to consoles will keep their connections until
    proxy will be restarted. At this step we expect to have the
    consoleauth service to also have been restarted. Users precedently
    disconnected can reuse the same token to reconnect the consoles if
    not already expired.
 REST API impact
 ---------------
 None
 Security impact
 ---------------
 In the point of view of tokens we can expect a better security since
 currently tokens are stored in memcached which does not provide any
 security layer. Now only hash of tokens will be stored in the database
 also security policy will enhanced to be the same than other critical
 components stored in database.
 Notifications impact
 --------------------
 None
 Other end user impact
 ---------------------
 When proxyclient will be restartred users will be disconnected from
 our consoles but should reconnect to it with the same token if not
 already expired.
 Performance Impact
 ------------------
 The database load will increase but we can expect that with a minimal
 impact for DBA.
 Other deployer impact
 ---------------------
 The consoleauth service must be restarted before proxy services. When
 proxy will be restarted clients will be disconnected from consoles.
 Memcached will continue to work as backend until a deprecated period
 of one release operator are encouraged to switch on the database
 backend (see option: console_tokens_backend).
 Developer impact
 ----------------
 None
 Implementation
 ==============
 Assignee(s)
 -----------
 Primary assignee:
  sahid-ferdjaoui
 Work Items
 ----------
 * Convert code to use objects framework
 * Update consoleauth to take advantage of the database to handle
  tokens
 * Fix bug 1425640
 Dependencies
 ============
 None
 Testing
 =======
 The current code is already tested by functional and unit tests since
 we do not provide any feature we can consider that the code will be
 well covered by tests.
 Documentation Impact
 ====================
 None
 References
 ==========
 None