Deprecate os-certificates

Coming out of the Nova midcycle we decided we really needed to
deprecate the os-certificates API and service. It is not used by any
of the rest of Nova. It's an API that requires a dedicated daemon to
be run. It's making Nova assume the responsibility for generating
secure certificates, even though it's not really managing entropy in
any sane way (which is why nova-cert is a service, so you could stick
these on all your computes so as to not run out of entropy).

Change-Id: I0ffa9200d8b4f52da4751e731aecffe09fd3d4be
This commit is contained in:
Sean Dague 2016-07-26 10:42:41 -04:00
parent 08c84ca7ab
commit 789edad0e8
4 changed files with 20 additions and 5 deletions

View File

@ -36,7 +36,6 @@
.. include:: os-assisted-volume-snapshots.inc .. include:: os-assisted-volume-snapshots.inc
.. include:: os-availability-zone.inc .. include:: os-availability-zone.inc
.. include:: os-cells.inc .. include:: os-cells.inc
.. include:: os-certificates.inc
.. include:: os-cloudpipe.inc .. include:: os-cloudpipe.inc
.. include:: os-consoles.inc .. include:: os-consoles.inc
.. include:: os-hosts.inc .. include:: os-hosts.inc
@ -50,6 +49,7 @@
.. include:: os-simple-tenant-usage.inc .. include:: os-simple-tenant-usage.inc
.. include:: os-server-external-events.inc .. include:: os-server-external-events.inc
.. include:: extensions.inc .. include:: extensions.inc
.. include:: os-certificates.inc
.. include:: os-networks.inc .. include:: os-networks.inc
.. include:: os-volumes.inc .. include:: os-volumes.inc
.. include:: images.inc .. include:: images.inc

View File

@ -6,13 +6,12 @@
Creates and shows details for a root certificate. Creates and shows details for a root certificate.
.. note:: .. warning::
This API existed solely because of the need to build euca bundles This API existed solely because of the need to build euca bundles
when Nova had an in tree EC2 API. It no longer interacts with any when Nova had an in tree EC2 API. It no longer interacts with any
parts of the system besides it's own certificate daemon. It should parts of the system besides it's own certificate daemon. It is
be considered vestigial, and will likely be deprecated and removed deprecated and will be removed in the near future.
in the near future.
Create Root Certificate Create Root Certificate
======================= =======================

View File

@ -17,10 +17,12 @@
import sys import sys
from oslo_log import log as logging from oslo_log import log as logging
from oslo_log import versionutils
from oslo_reports import guru_meditation_report as gmr from oslo_reports import guru_meditation_report as gmr
import nova.conf import nova.conf
from nova import config from nova import config
from nova.i18n import _LW
from nova import objects from nova import objects
from nova import service from nova import service
from nova import utils from nova import utils
@ -34,6 +36,11 @@ def main():
logging.setup(CONF, "nova") logging.setup(CONF, "nova")
utils.monkey_patch() utils.monkey_patch()
objects.register_all() objects.register_all()
log = logging.getLogger(__name__)
versionutils.report_deprecated_feature(
log,
_LW('The nova-cert service is deprecated and will be removed '
'in a future release.'))
gmr.TextGuruMeditation.setup_autorun(version) gmr.TextGuruMeditation.setup_autorun(version)

View File

@ -0,0 +1,9 @@
---
deprecations:
- The ``/os-certificates`` API is deprecated, as well as the
``nova-cert`` service which powers it. This is a vestigial part of
the Nova API that existed only for EC2 support, which is now
maintained out of tree. It does not interact with any of the rest
of nova, and should not just be used as a certificates as a
service, which is all it is currently good for.