Browse Source

[urgent]Adapt new Keystone URL and mock _update_ips_for_port

1. What is the problem?
Now Keystone uses uwsgi with proxy[1], and this is the default mode
in DevStack. In this case, the original URL with 5000/35357 port can
no longer be accessed, this change will lead to Tricircle gate/check
test always failure if no adaption is made in Tricircle configuration.

After patch[2] merged, update mac address will also trigger ip updating
process. This is mainly for IPv6 address but the code logic doesn't
distinguish ip version. Some methods used by ip updating process are not
correctly simulated in FakeQuery so test_update_port test failed

2. What is the solution to the problem?
Change Keystone public URL Tricircle uses from
http://host:5000/v3 to http://host/identity and
change Keystone admin URL Tricircle uses from
http://host:35357/v3 to http://host/identity

This patch also fixes a mistake which was hidden before this Keystone
change. While generating Tricircle apache configuration file in our
DevStack script, TRICIRCLE_BIN in the template is not replaced by
the real value. So the directory access right is not correctly granted.
Before this Keystone change, Keystone apache configuration file will
grant right on the same directory, so we didn't notice this problem.

Since we don't support ip updating currently, one simple fix is to mock
_update_ips_for_port method.

3. What features need to be implemented to the Tricircle
to realize the solution?
No new features.

[1] https://github.com/openstack-dev/devstack/commit/
    6ed53156b6198e69d59d1cf3a3497e96f5b7a870
[2] https://github.com/openstack/neutron/commit/
    46d1a890e700dfa6e921387569f87f793ca4e8e9

Change-Id: I2b43c630eedff0f808c729da0ce9b819f02495dd
changes/20/458020/6
zhiyuan_cai 5 years ago
committed by joehuang
parent
commit
0d83bdca0a
  1. 17
      devstack/plugin.sh
  2. 8
      doc/source/configuration.rst
  3. 24
      doc/source/installation-manual.rst
  4. 4
      tricircle/common/client.py
  5. 9
      tricircle/tests/unit/network/test_central_plugin.py

17
devstack/plugin.sh

@ -51,6 +51,8 @@ function init_common_tricircle_conf {
iniset $conf_file DEFAULT use_syslog $SYSLOG
iniset $conf_file DEFAULT tricircle_db_connection `database_connection_url tricircle`
iniset $conf_file client auth_url http://$KEYSTONE_SERVICE_HOST/identity
iniset $conf_file client identity_url http://$KEYSTONE_SERVICE_HOST/identity/v3
iniset $conf_file client admin_username admin
iniset $conf_file client admin_password $ADMIN_PASSWORD
iniset $conf_file client admin_tenant demo
@ -65,8 +67,8 @@ function init_local_neutron_conf {
iniset $NEUTRON_CONF DEFAULT core_plugin tricircle.network.local_plugin.TricirclePlugin
iniset $NEUTRON_CONF client auth_url http://$KEYSTONE_SERVICE_HOST/identity/v3
iniset $NEUTRON_CONF client identity_url http://$KEYSTONE_SERVICE_HOST/identity_admin/v3
iniset $NEUTRON_CONF client auth_url http://$KEYSTONE_SERVICE_HOST/identity
iniset $NEUTRON_CONF client identity_url http://$KEYSTONE_SERVICE_HOST/identity/v3
iniset $NEUTRON_CONF client admin_username admin
iniset $NEUTRON_CONF client admin_password $ADMIN_PASSWORD
iniset $NEUTRON_CONF client admin_tenant demo
@ -317,6 +319,13 @@ elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
echo_summary "Initializing Tricircle Service"
if [[ ${USE_VENV} = True ]]; then
PROJECT_VENV["tricircle"]=${TRICIRCLE_DIR}.venv
TRICIRCLE_BIN_DIR=${PROJECT_VENV["tricircle"]}/bin
else
TRICIRCLE_BIN_DIR=$(get_python_exec_prefix)
fi
if is_service_enabled t-api; then
create_tricircle_accounts
@ -324,12 +333,12 @@ elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
if [[ "$TRICIRCLE_DEPLOY_WITH_WSGI" == "True" ]]; then
start_tricircle_api_wsgi
else
run_process t-api "tricircle-api --config-file $TRICIRCLE_API_CONF"
run_process t-api "$TRICIRCLE_BIN_DIR/tricircle-api --config-file $TRICIRCLE_API_CONF"
fi
fi
if is_service_enabled t-job; then
run_process t-job "tricircle-xjob --config-file $TRICIRCLE_XJOB_CONF"
run_process t-job "$TRICIRCLE_BIN_DIR/tricircle-xjob --config-file $TRICIRCLE_XJOB_CONF"
fi
fi

8
doc/source/configuration.rst

@ -39,14 +39,14 @@ Central Plugin.
- (String) user domain name of admin account, needed when auto_refresh_endpoint set to True.
* - ``admin_username`` = ``None``
- (String) username of admin account, needed when auto_refresh_endpoint set to True.
* - ``auth_url`` = ``http://127.0.0.1:5000/v3``
- (String) keystone authorization url, for example, http://$service_host:5000/v3
* - ``auth_url`` = ``http://127.0.0.1/identity``
- (String) keystone authorization url, for example, http://$service_host/identity
* - ``identity_url`` = ``http://127.0.0.1/identity/v3``
- (String) keystone service url, for example, http://$service_host/identity/v3
* - ``auto_refresh_endpoint`` = ``True``
- (Boolean) if set to True, endpoint will be automatically refreshed if timeout accessing endpoint.
* - ``bridge_cidr`` = ``100.0.0.0/9``
- (String) cidr pool of the bridge network, for example, 100.0.0.0/9
* - ``identity_url`` = ``http://127.0.0.1:35357/v3``
- (String) keystone service url, for example, http://$service_host:35357/v3
* - ``neutron_timeout`` = ``60``
- (Integer) timeout for neutron client in seconds.
* - ``top_region_name`` = ``None``

24
doc/source/installation-manual.rst

@ -64,9 +64,9 @@ Installation with Central Neutron Server
:header: "Option", "Description", "Example"
[DEFAULT] tricircle_db_connection, "database connection string for tricircle", mysql+pymysql://root:password@ 127.0.0.1/tricircle?charset=utf8
[DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@127.0.0.1:5672
[DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@ 127.0.0.1:5672
[keystone_authtoken] auth_type, "authentication method", password
[keystone_authtoken] auth_url, "keystone authorization url", http://$keystone_service_host/identity_admin
[keystone_authtoken] auth_url, "keystone authorization url", http://$keystone_service_host/identity
[keystone_authtoken] username, "username of service account, needed for password authentication", tricircle
[keystone_authtoken] password, "password of service account, needed for password authentication", password
[keystone_authtoken] user_domain_name, "user domain name of service account, needed for password authentication", Default
@ -76,8 +76,8 @@ Installation with Central Neutron Server
[keystone_authtoken] cafile, "A PEM encoded Certificate Authority to use when verifying HTTPs", /opt/stack/data/ca-bundle.pem
[keystone_authtoken] signing_dir, "Directory used to cache files related to PKI tokens", /var/cache/tricircle
[keystone_authtoken] memcached_servers, "Optionally specify a list of memcached server(s) to use for caching", $keystone_service_host:11211
[client] auth_url, "keystone authorization url", http://$keystone_service_host:5000/v3
[client] identity_url, "keystone service url", http://$keystone_service_host:35357/v3
[client] auth_url, "keystone authorization url", http://$keystone_service_host/identity
[client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3
[client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True
[client] top_region_name, "name of central region which client needs to access", CentralRegion
[client] admin_username, "username of admin account", admin
@ -116,9 +116,9 @@ Installation with Central Neutron Server
:header: "Option", "Description", "Example"
[DEFAULT] tricircle_db_connection, "database connection string for tricircle", mysql+pymysql://root:password@ 127.0.0.1/tricircle?charset=utf8
[DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@127.0.0.1:5672
[client] auth_url, "keystone authorization url", http://$keystone_service_host:5000/v3
[client] identity_url, "keystone service url", http://$keystone_service_host:35357/v3
[DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@ 127.0.0.1:5672
[client] auth_url, "keystone authorization url", http://$keystone_service_host/identity
[client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3
[client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True
[client] top_region_name, "name of central region which client needs to access", CentralRegion
[client] admin_username, "username of admin account", admin
@ -157,11 +157,11 @@ Installation with Central Neutron Server
[database] connection, "database connection string for central Neutron server", mysql+pymysql://root:password@ 127.0.0.1/neutron?charset=utf8
[DEFAULT] bind_port, "Port central Neutron server binds to", change to a different value rather than 9696 if you run central and local Neutron server in the same host
[DEFAULT] core_plugin, "core plugin central Neutron server uses", tricircle.network.central_plugin.TricirclePlugin
[DEFAULT] core_plugin, "core plugin central Neutron server uses", tricircle.network.central_plugin. TricirclePlugin
[DEFAULT] service_plugins, "service plugin central Neutron server uses", "(leave empty)"
[DEFAULT] tricircle_db_connection, "database connection string for tricircle", mysql+pymysql://root:password@ 127.0.0.1/tricircle?charset=utf8
[client] auth_url, "keystone authorization url", http://$keystone_service_host:5000/v3
[client] identity_url, "keystone service url", http://$keystone_service_host:35357/v3
[client] auth_url, "keystone authorization url", http://$keystone_service_host/identity
[client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3
[client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True
[client] top_region_name, "name of central region which client needs to access", CentralRegion
[client] admin_username, "username of admin account", admin
@ -226,8 +226,8 @@ Installation with Local Neutron Server
[DEFAULT] core_plugin, "core plugin local Neutron server uses", tricircle.network.local_plugin. TricirclePlugin
[DEFAULT] service_plugins, "service plugins local Neutron server uses", tricircle.network.local_l3_plugin. TricircleL3Plugin
[client] auth_url, "keystone authorization url", http://$keystone_service_host :5000/v3
[client] identity_url, "keystone service url", http://$keystone_service_host :35357/v3
[client] auth_url, "keystone authorization url", http://$keystone_service_host/identity
[client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3
[client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True
[client] top_region_name, "name of central region which client needs to access", CentralRegion
[client] admin_username, "username of admin account", admin

4
tricircle/common/client.py

@ -35,10 +35,10 @@ from tricircle.db import models
client_opts = [
cfg.StrOpt('auth_url',
default='http://127.0.0.1/identity/v3',
default='http://127.0.0.1/identity',
help='keystone authorization url'),
cfg.StrOpt('identity_url',
default='http://127.0.0.1/identity_admin/v3',
default='http://127.0.0.1/identity/v3',
help='keystone service url'),
cfg.BoolOpt('auto_refresh_endpoint',
default=False,

9
tricircle/tests/unit/network/test_central_plugin.py

@ -1285,6 +1285,13 @@ def fake_allocate_ips_for_port(self, context, port):
return [allocation]
def fake_update_ips_for_port(self, context, port, host,
original_ips, new_ips, mac):
# NOTE: remove this mock after we support ip updating
return ipam_pluggable_backend.IpamPluggableBackend.Changes(
add=[], original=[], remove=[])
@classmethod
def fake_get_instance(cls, subnet_pool, context):
return FakePool(subnet_pool, context)
@ -2267,6 +2274,8 @@ class PluginTest(unittest.TestCase,
self.assertEqual(bottom_subnet['enable_dhcp'],
body_copy['subnet']['enable_dhcp'])
@patch.object(ipam_pluggable_backend.IpamPluggableBackend,
'_update_ips_for_port', new=fake_update_ips_for_port)
@patch.object(directory, 'get_plugin', new=fake_get_plugin)
@patch.object(driver.Pool, 'get_instance', new=fake_get_instance)
@patch.object(_utils, 'filter_non_model_columns',

Loading…
Cancel
Save