This is a method of using wsgi-intercept to provide a context
manager that allows talking to placement over requests, but without
a network. It is a quick and dirty way to talk to and make changes
in the placement database where the only network traffic is with the
placement database.
This is expected to be useful in the creation of tools for
performing fast forward upgrades where each compute node may need to
"migrate" its resource providers, inventory and allocations in the
face of changing representations of hardware (for example
pre-existing VGPUs being represented as nested providers) but would
like to do so when all non-database services are stopped. A system
like this would allow code on the compute node to update the
placement database, using well known HTTP interactions, without the
placement service being up.
The basic idea is that we spin up the WSGI stack with no auth,
configured using whatever already loaded CONF we happen to have
available. That CONF points to the placement database and all the
usual stuff. The context manager provides a keystoneauth1 Adapter
class that operates as a client for accessing placement. The full
WSGI stack is brought up because we need various bits of middleware
to help ensure that policy calls don't explode and so JSON
validation is in place.
In this model everything else is left up to the caller: constructing
the JSON, choosing which URIs to call with what methods (see
test_direct for minimal examples that ought to give an idea of what
real callers could expect).
To make things friendly in the nova context and ease creation of fast
forward upgrade tools, SchedulerReportClient is tweaked to take an
optional adapter kwarg on construction. If specified, this is used
instead of creating one with get_ksa_adapter(), using settings from
[placement] conf.
Doing things in this way draws a clear line between the placement parts
and the nova parts while keeping the nova parts straightforward.
NoAuthReportClient is replaced with a base test class,
test_report_client.SchedulerReportClientTestBase. This provides an
_interceptor() context manager which is a wrapper around
PlacementDirect, but instead of producing an Adapter, it produces a
SchedulerReportClient (which has been passed the Adapter provided by
PlacementDirect). test_resource_tracker and test_report_client are
updated accordingly.
Caveats to be aware of:
* This is (intentionally) set up to circumvent authentication and
authorization. If you have access to the necessary database
connection string, then you are good to go. That's what we want,
right?
* CONF construction being left up to the caller is on purpose
because right now placement itself is not super flexible in this
area and flexibility is desired here.
This is not (by a long shot) the only way to do this. Other options
include:
* Constructing a WSGI environ that has all the necessary bits to
allow calling the methods in the handlers directly (as python
commands). This would duplicate a fair bit of the middleware and
seems error prone, because it's hard to discern what parts of the
environ need to be filled. It's also weird for data input: we need
to use a BytesIO to pass in data on PUTs and POSTs.
* Using either the WSGI environ or wsgi-intercept models but wrap it
with a pythonic library that exposes a "pretty" interface to
callers. Something like:
placement.direct.allocations.update(consumer_uuid, {data})
* Creating a python library that assembles the necessary data for
calling the methods in the resource provider objects and exposing
that to:
a) the callers who want this direct stuff
b) the existing handlers in placement (which remain responsible
for json manipulation and validation and microversion handling,
and marshal data appropriately for the python lib)
I've chosen the simplest thing as a starting point because it gives
us something to talk over and could solve the immediate problem. If
we were to eventually pursue the 4th option, I would hope that we
had some significant discussion before doing so as I think it is a)
harder than it might seem at first glance, b) likely to lead to many
asking "why bother with the http interface at all?". Both require
thought.
Partially implements blueprint reshape-provider-tree
Co-Authored-By: Eric Fried <efried@us.ibm.com>
Change-Id: I075785abcd4f4a8e180959daeadf215b9cd175c8
43cc59abe2