We recently patched the openstackclient code to increase the number
of retries when running commands[1], but I think what we really wanted
was to increase the amount of time to wait on each retry.
The original approach did help somewhat, but it is doing so by just
racing more times. Instead, it would be better to win the race more
often.
This is mostly a CI or developer environment issue where we are
deploying with the minimal amount of computing resources to get
a functioning cloud.
[1] https://git.openstack.org/cgit/openstack/puppet-openstacklib/commit/?id=489099632446b1903986549e5feb80b509f9b77d
Change-Id: I0707165a9e8054c1b3e0ad299604356cecc9f99f
This is useful when the user (a puppet provider) is expecting a error.
With this it doesn't have to wait for the long retry cycle to have its
error back. This replace the awkward mechanism in
self.request_without_retry which was dynamically mangling
request_timeout and disabled even legit retry.
Examples of such function are self.fetch_user, self.fetch_project in the
keystone provider.
Change-Id: I589da0100ad3ccf3abf17ac8b26c827793ace484
Related-Bug: 1597357
It may be useful to be able to execute a command without a retry.
A good use case is provider in [1], where the keystone_user resource try
to get an user by fetching it. It is expected to fail when the user is
absent. With the current implementation, it will takes 60 seconds for
the provider to give up on the user.
[1] https://review.openstack.org/299301
Closes-Bug: #1563898
Change-Id: I5b334e3ffd26df4ba8584d77a5e41b56e73536c8
Give non-retry calls the full timeout seconds to finish and also
don't log that you're going to retry them when you are not.
Change-Id: I51cbe3905b55f035718245b45bfc34536b8ce602
Sometimes openstackclient can hang if Keystone
API fails to respond to requests.
This patch adds retries to work around these
situations.
* Retry and timeouts for openstack command
-'command_timeout=20':
after this timeout openstack command is retried
untill the request_timeout.
(The value of command_timeout parameter was updated
from 10 to 20 as it was observed that "10" value is
not enough when sytem was overloaded.)
-'request_timeout=60':
timeout of the entire request.
-'retry_sleep=3':
interval between command retries
* Does not retry non-idempotent actions.
* Improve specs
Change-Id: Ifd8ae1b00321366e3a54fd6fe4a68db46bb743c7
Workflow to find credentials details from:
1. The environment variables (ENV['OS_*'])
2. If not enough, credentials available from the environment RC file
to be used. Default RC file must be in current user homedir: ~/openrc
- Adds module Puppet::Provider::Openstack::Auth providing class methods for
providers instead of relying on superclass inheritance.
As discussed [1], this purposefully removes the possibility to pass authenti-
cation details as parameters to Puppet resources instances.
- Wraps credentials information with object:
Puppet::Provider::Openstack::Credentials
- The credentials information is used in a withenv block
Review for puppet-keystone needs to be merged at same time:
https://review.openstack.org/#/c/181299/
[1] http://lists.openstack.org/pipermail/openstack-dev/2015-May/063352.html
Change-Id: If628f4ad95f3aac3392475d4ea6857fb858f8755
Implements: blueprint auth-restructure
The default domain (id 'default', name 'Default') is where the V2
tenants/users are defined. So V3, which is now the default API's version
can and should be used. Beeing able to use V3 domains needs to be
supported by specifying the domain name for a project/user.
This patch :
- Adds project and user domain names
- Renames tenant (v2) as project (v3)
- Renames os-auth-url to os-url, when using an authicated token against a
service url, to distinct them from each other, as in OSC
(opentackclient)
- Updates newparam(:auth) accordingly to describe v2/v3 credential
examples
Note: Keystone API v2 is deprecated [1]
[1] http://docs.openstack.org/developer/keystone/http-api.html#should-i-use-v2-0-or-v3
Change-Id: I72f79129a6875eb433eeb8a62f928e7210db134a
When parsing the response from the OpenStack client values (like
keystone tenant descriptions) can have embedded newline. To avoid this
issue, we drop lines that don't start with a double quoted value until
the first one we find.
Change-Id: Ie952161b503d2c46637e6a6e1c83b2dfce1c03a7
This patch abandons the use of the Aviator library for interacting with
the openstack APIs in favor of the universal openstack client[1]. This
work has already been implemented in the keystone module. This patch
moves that work into openstacklib in order to make it available for the
other modules.
[1] https://wiki.openstack.org/wiki/OpenStackClient
Change-Id: I68705c28955a54e26d98f1de718016691c64e4b1
