9abe6254db
This spec was originally approved for Liberty but was not progressed due to lack of time. It is being picked up again for Newton. blueprint convert-consoles-to-objects Previously-approved: Liberty Change-Id: Id9eb5a14ca86a60380ab9c29eb5f8b46522a3c18
229 lines
6.5 KiB
ReStructuredText
229 lines
6.5 KiB
ReStructuredText
..
|
|
This work is licensed under a Creative Commons Attribution 3.0 Unported
|
|
License.
|
|
|
|
http://creativecommons.org/licenses/by/3.0/legalcode
|
|
|
|
=========================================
|
|
Convert Consoles To Use Objects Framework
|
|
=========================================
|
|
|
|
https://blueprints.launchpad.net/nova/+spec/convert-consoles-to-objects
|
|
|
|
Make consoles to use the objects framework -- the current console code
|
|
does not take advantage of the framework objects, instead it provides
|
|
some types (console/type.py) to handle them. These types do not
|
|
provide any features to handle versioning, RPC or any kind of methods
|
|
to make them useful.
|
|
|
|
|
|
Problem description
|
|
===================
|
|
|
|
The current code does not provide any mechanism to handle versioning.
|
|
Additionally, since RPC cannot handle classes derived from the Python object
|
|
type, we need to handle a dict "connect_info" between RPC calls and no
|
|
way is provided to share the state of the console across processes.
|
|
|
|
Another problem comes with the token, memcached is not a database and
|
|
cannot guarantee that the expire time will be respected, a token can
|
|
expire before that limit (eviction). By using the framework objects
|
|
we can get the opportunity to store the whole state of Console object
|
|
with a valid token in the database and share the state between
|
|
process.
|
|
|
|
For instance bug 1425640 needs to know when an user is connected to a
|
|
particular port from a number of perspectives: from the compute node, to
|
|
return the next port defined and not connected; from the proxy to
|
|
reject new connections on already connected port from the API to
|
|
let user informed no more port are available.
|
|
|
|
We will also enhance security by only storing a hash of tokens in the
|
|
database after to have returned the clean one to the users. Then when
|
|
users will request to connect a console the token passed will be
|
|
hashed and compared to the one stored in the database for validation.
|
|
|
|
A new option will be introduced "console_tokens_backend" wich will
|
|
allow operator to switch between different backends. The scope of this
|
|
spec will allow 2 backends (memcached, database) The memcached backend
|
|
will be implemented for legacy compatibility but in a deprecated
|
|
status, supported for one release.
|
|
|
|
Use Cases
|
|
----------
|
|
|
|
Developer can take advantage of using the framework objects when
|
|
adding a new console or features.
|
|
|
|
Project Priority
|
|
-----------------
|
|
|
|
None
|
|
|
|
Proposed change
|
|
===============
|
|
|
|
* Define a new ConsoleConnection object
|
|
* Convert drivers to return ConsoleConnection
|
|
* Remove using of the connect_info's dict
|
|
* Define schema and API to store ConsoleConnection object in database
|
|
* Update code to store ConsoleConnection with valid token in database
|
|
instead of a cache.
|
|
* Define a periodic task to clean expired object stored in database;
|
|
To balance the load and avoid blocking the database during too much
|
|
time each compute nodes will be responsible to clean connection_info
|
|
for guests they host.
|
|
* Fix bug 1425640
|
|
|
|
Alternatives
|
|
------------
|
|
|
|
Continue to use memcached as a backend will make the behavior of
|
|
connection information not previsible since objects can be
|
|
evicted. Also in order to fix issue 1425640 and 1455252 a scan has to
|
|
be done to list available ports which is difficult when using
|
|
memcached without add specific code to maintain a list of stored keys.
|
|
|
|
Data model impact
|
|
-----------------
|
|
|
|
A new ConsoleConnection model needs to be defined with attributes:
|
|
|
|
- instance: an instance which refer the console
|
|
- host: a string field to handle hostname
|
|
- port: an int field to handle service number
|
|
- token_hash: a string field to handle a token or null
|
|
- access_url: a string field to handle access or null
|
|
- options: a dict field to handle particular information like usetls,
|
|
internal_access_path, mode...
|
|
- expires: a date time to indicate when the token expires or null
|
|
|
|
The database schema ::
|
|
|
|
CREATE TABLE console_connection (
|
|
instance_uuid CHAR(36) NOT NULL,
|
|
host VARCHAR(255) NOT NULL,
|
|
port INT NOT NULL,
|
|
token_hash CHAR(40),
|
|
access_url VARCHAR(255),
|
|
options TEXT,
|
|
expires DATETIME,
|
|
|
|
PRIMARY KEY (instance_uuid, host, port),
|
|
INDEX (token, instance_uuid),
|
|
FOREIGN KEY (instance_uuid)
|
|
REFERENCES instances(uuid)
|
|
ON DELETE CASCADE
|
|
);
|
|
|
|
.. note::
|
|
|
|
No migration are expected from serialized dicts connection info
|
|
stored in memcached to the database, during the upgrade clients
|
|
already connected to consoles will keep their connections until
|
|
proxy will be restarted. At this step we expect to have the
|
|
consoleauth service to also have been restarted.
|
|
|
|
REST API impact
|
|
---------------
|
|
|
|
None
|
|
|
|
Security impact
|
|
---------------
|
|
|
|
In the point of view of tokens we can expect a better security since
|
|
currently tokens are stored in memcached which does not provide any
|
|
security layer. Now only hash of tokens will be stored in the database
|
|
also security policy will enhanced to be the same than other critical
|
|
components stored in database.
|
|
|
|
Notifications impact
|
|
--------------------
|
|
|
|
None
|
|
|
|
Other end user impact
|
|
---------------------
|
|
|
|
When proxyclient will be restartred users will be disconnected from
|
|
our consoles but should reconnect to it with the same token if not
|
|
already expired.
|
|
|
|
Performance Impact
|
|
------------------
|
|
|
|
The database load will increase but we can expect that with a minimal
|
|
impact for DBA.
|
|
|
|
Other deployer impact
|
|
---------------------
|
|
|
|
The consoleauth service must be restarted before proxy services. When
|
|
proxy will be restarted clients will be disconnected from consoles.
|
|
Memcached will continue to work as backend until a deprecated period
|
|
of one release operator are encouraged to switch on the database
|
|
backend (see option: console_tokens_backend).
|
|
|
|
Developer impact
|
|
----------------
|
|
|
|
None
|
|
|
|
Implementation
|
|
==============
|
|
|
|
Assignee(s)
|
|
-----------
|
|
|
|
Primary assignee:
|
|
PaulMurray
|
|
|
|
Other contributors:
|
|
sahid-ferdjaoui
|
|
|
|
Work Items
|
|
----------
|
|
|
|
* Convert code to use objects framework
|
|
* Update consoleauth to take advantage of the database to handle
|
|
tokens
|
|
* Fix bug 1425640
|
|
|
|
Dependencies
|
|
============
|
|
|
|
None
|
|
|
|
Testing
|
|
=======
|
|
|
|
The current code is already tested by functional and unit tests since
|
|
we do not provide any feature we can consider that the code will be
|
|
well covered by those tests.
|
|
|
|
The new version will be tested in the gate.
|
|
|
|
Documentation Impact
|
|
====================
|
|
|
|
None
|
|
|
|
References
|
|
==========
|
|
|
|
None
|
|
|
|
History
|
|
=======
|
|
|
|
.. list-table:: Revisions
|
|
:header-rows: 1
|
|
|
|
* - Release Name
|
|
- Description
|
|
* - Liberty
|
|
- Introduced
|
|
* - Newton
|
|
- Re-proposed
|