From 0d83bdca0a8e88a24e48112d6d68d71d4585411e Mon Sep 17 00:00:00 2001 From: zhiyuan_cai Date: Wed, 19 Apr 2017 16:59:06 +0800 Subject: [PATCH] [urgent]Adapt new Keystone URL and mock _update_ips_for_port 1. What is the problem? Now Keystone uses uwsgi with proxy[1], and this is the default mode in DevStack. In this case, the original URL with 5000/35357 port can no longer be accessed, this change will lead to Tricircle gate/check test always failure if no adaption is made in Tricircle configuration. After patch[2] merged, update mac address will also trigger ip updating process. This is mainly for IPv6 address but the code logic doesn't distinguish ip version. Some methods used by ip updating process are not correctly simulated in FakeQuery so test_update_port test failed 2. What is the solution to the problem? Change Keystone public URL Tricircle uses from http://host:5000/v3 to http://host/identity and change Keystone admin URL Tricircle uses from http://host:35357/v3 to http://host/identity This patch also fixes a mistake which was hidden before this Keystone change. While generating Tricircle apache configuration file in our DevStack script, TRICIRCLE_BIN in the template is not replaced by the real value. So the directory access right is not correctly granted. Before this Keystone change, Keystone apache configuration file will grant right on the same directory, so we didn't notice this problem. Since we don't support ip updating currently, one simple fix is to mock _update_ips_for_port method. 3. What features need to be implemented to the Tricircle to realize the solution? No new features. [1] https://github.com/openstack-dev/devstack/commit/ 6ed53156b6198e69d59d1cf3a3497e96f5b7a870 [2] https://github.com/openstack/neutron/commit/ 46d1a890e700dfa6e921387569f87f793ca4e8e9 Change-Id: I2b43c630eedff0f808c729da0ce9b819f02495dd --- devstack/plugin.sh | 17 +++++++++---- doc/source/configuration.rst | 8 +++---- doc/source/installation-manual.rst | 24 +++++++++---------- tricircle/common/client.py | 4 ++-- .../tests/unit/network/test_central_plugin.py | 9 +++++++ 5 files changed, 40 insertions(+), 22 deletions(-) diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 19be6fd5..810ac546 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -51,6 +51,8 @@ function init_common_tricircle_conf { iniset $conf_file DEFAULT use_syslog $SYSLOG iniset $conf_file DEFAULT tricircle_db_connection `database_connection_url tricircle` + iniset $conf_file client auth_url http://$KEYSTONE_SERVICE_HOST/identity + iniset $conf_file client identity_url http://$KEYSTONE_SERVICE_HOST/identity/v3 iniset $conf_file client admin_username admin iniset $conf_file client admin_password $ADMIN_PASSWORD iniset $conf_file client admin_tenant demo @@ -65,8 +67,8 @@ function init_local_neutron_conf { iniset $NEUTRON_CONF DEFAULT core_plugin tricircle.network.local_plugin.TricirclePlugin - iniset $NEUTRON_CONF client auth_url http://$KEYSTONE_SERVICE_HOST/identity/v3 - iniset $NEUTRON_CONF client identity_url http://$KEYSTONE_SERVICE_HOST/identity_admin/v3 + iniset $NEUTRON_CONF client auth_url http://$KEYSTONE_SERVICE_HOST/identity + iniset $NEUTRON_CONF client identity_url http://$KEYSTONE_SERVICE_HOST/identity/v3 iniset $NEUTRON_CONF client admin_username admin iniset $NEUTRON_CONF client admin_password $ADMIN_PASSWORD iniset $NEUTRON_CONF client admin_tenant demo @@ -317,6 +319,13 @@ elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then elif [[ "$1" == "stack" && "$2" == "extra" ]]; then echo_summary "Initializing Tricircle Service" + if [[ ${USE_VENV} = True ]]; then + PROJECT_VENV["tricircle"]=${TRICIRCLE_DIR}.venv + TRICIRCLE_BIN_DIR=${PROJECT_VENV["tricircle"]}/bin + else + TRICIRCLE_BIN_DIR=$(get_python_exec_prefix) + fi + if is_service_enabled t-api; then create_tricircle_accounts @@ -324,12 +333,12 @@ elif [[ "$1" == "stack" && "$2" == "extra" ]]; then if [[ "$TRICIRCLE_DEPLOY_WITH_WSGI" == "True" ]]; then start_tricircle_api_wsgi else - run_process t-api "tricircle-api --config-file $TRICIRCLE_API_CONF" + run_process t-api "$TRICIRCLE_BIN_DIR/tricircle-api --config-file $TRICIRCLE_API_CONF" fi fi if is_service_enabled t-job; then - run_process t-job "tricircle-xjob --config-file $TRICIRCLE_XJOB_CONF" + run_process t-job "$TRICIRCLE_BIN_DIR/tricircle-xjob --config-file $TRICIRCLE_XJOB_CONF" fi fi diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index ff6fe48c..864920f8 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -39,14 +39,14 @@ Central Plugin. - (String) user domain name of admin account, needed when auto_refresh_endpoint set to True. * - ``admin_username`` = ``None`` - (String) username of admin account, needed when auto_refresh_endpoint set to True. - * - ``auth_url`` = ``http://127.0.0.1:5000/v3`` - - (String) keystone authorization url, for example, http://$service_host:5000/v3 + * - ``auth_url`` = ``http://127.0.0.1/identity`` + - (String) keystone authorization url, for example, http://$service_host/identity + * - ``identity_url`` = ``http://127.0.0.1/identity/v3`` + - (String) keystone service url, for example, http://$service_host/identity/v3 * - ``auto_refresh_endpoint`` = ``True`` - (Boolean) if set to True, endpoint will be automatically refreshed if timeout accessing endpoint. * - ``bridge_cidr`` = ``100.0.0.0/9`` - (String) cidr pool of the bridge network, for example, 100.0.0.0/9 - * - ``identity_url`` = ``http://127.0.0.1:35357/v3`` - - (String) keystone service url, for example, http://$service_host:35357/v3 * - ``neutron_timeout`` = ``60`` - (Integer) timeout for neutron client in seconds. * - ``top_region_name`` = ``None`` diff --git a/doc/source/installation-manual.rst b/doc/source/installation-manual.rst index 6873ce61..30346e5a 100644 --- a/doc/source/installation-manual.rst +++ b/doc/source/installation-manual.rst @@ -64,9 +64,9 @@ Installation with Central Neutron Server :header: "Option", "Description", "Example" [DEFAULT] tricircle_db_connection, "database connection string for tricircle", mysql+pymysql://root:password@ 127.0.0.1/tricircle?charset=utf8 - [DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@127.0.0.1:5672 + [DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@ 127.0.0.1:5672 [keystone_authtoken] auth_type, "authentication method", password - [keystone_authtoken] auth_url, "keystone authorization url", http://$keystone_service_host/identity_admin + [keystone_authtoken] auth_url, "keystone authorization url", http://$keystone_service_host/identity [keystone_authtoken] username, "username of service account, needed for password authentication", tricircle [keystone_authtoken] password, "password of service account, needed for password authentication", password [keystone_authtoken] user_domain_name, "user domain name of service account, needed for password authentication", Default @@ -76,8 +76,8 @@ Installation with Central Neutron Server [keystone_authtoken] cafile, "A PEM encoded Certificate Authority to use when verifying HTTPs", /opt/stack/data/ca-bundle.pem [keystone_authtoken] signing_dir, "Directory used to cache files related to PKI tokens", /var/cache/tricircle [keystone_authtoken] memcached_servers, "Optionally specify a list of memcached server(s) to use for caching", $keystone_service_host:11211 - [client] auth_url, "keystone authorization url", http://$keystone_service_host:5000/v3 - [client] identity_url, "keystone service url", http://$keystone_service_host:35357/v3 + [client] auth_url, "keystone authorization url", http://$keystone_service_host/identity + [client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3 [client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True [client] top_region_name, "name of central region which client needs to access", CentralRegion [client] admin_username, "username of admin account", admin @@ -116,9 +116,9 @@ Installation with Central Neutron Server :header: "Option", "Description", "Example" [DEFAULT] tricircle_db_connection, "database connection string for tricircle", mysql+pymysql://root:password@ 127.0.0.1/tricircle?charset=utf8 - [DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@127.0.0.1:5672 - [client] auth_url, "keystone authorization url", http://$keystone_service_host:5000/v3 - [client] identity_url, "keystone service url", http://$keystone_service_host:35357/v3 + [DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@ 127.0.0.1:5672 + [client] auth_url, "keystone authorization url", http://$keystone_service_host/identity + [client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3 [client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True [client] top_region_name, "name of central region which client needs to access", CentralRegion [client] admin_username, "username of admin account", admin @@ -157,11 +157,11 @@ Installation with Central Neutron Server [database] connection, "database connection string for central Neutron server", mysql+pymysql://root:password@ 127.0.0.1/neutron?charset=utf8 [DEFAULT] bind_port, "Port central Neutron server binds to", change to a different value rather than 9696 if you run central and local Neutron server in the same host - [DEFAULT] core_plugin, "core plugin central Neutron server uses", tricircle.network.central_plugin.TricirclePlugin + [DEFAULT] core_plugin, "core plugin central Neutron server uses", tricircle.network.central_plugin. TricirclePlugin [DEFAULT] service_plugins, "service plugin central Neutron server uses", "(leave empty)" [DEFAULT] tricircle_db_connection, "database connection string for tricircle", mysql+pymysql://root:password@ 127.0.0.1/tricircle?charset=utf8 - [client] auth_url, "keystone authorization url", http://$keystone_service_host:5000/v3 - [client] identity_url, "keystone service url", http://$keystone_service_host:35357/v3 + [client] auth_url, "keystone authorization url", http://$keystone_service_host/identity + [client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3 [client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True [client] top_region_name, "name of central region which client needs to access", CentralRegion [client] admin_username, "username of admin account", admin @@ -226,8 +226,8 @@ Installation with Local Neutron Server [DEFAULT] core_plugin, "core plugin local Neutron server uses", tricircle.network.local_plugin. TricirclePlugin [DEFAULT] service_plugins, "service plugins local Neutron server uses", tricircle.network.local_l3_plugin. TricircleL3Plugin - [client] auth_url, "keystone authorization url", http://$keystone_service_host :5000/v3 - [client] identity_url, "keystone service url", http://$keystone_service_host :35357/v3 + [client] auth_url, "keystone authorization url", http://$keystone_service_host/identity + [client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3 [client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True [client] top_region_name, "name of central region which client needs to access", CentralRegion [client] admin_username, "username of admin account", admin diff --git a/tricircle/common/client.py b/tricircle/common/client.py index 25fdc8b1..87d0ab78 100644 --- a/tricircle/common/client.py +++ b/tricircle/common/client.py @@ -35,10 +35,10 @@ from tricircle.db import models client_opts = [ cfg.StrOpt('auth_url', - default='http://127.0.0.1/identity/v3', + default='http://127.0.0.1/identity', help='keystone authorization url'), cfg.StrOpt('identity_url', - default='http://127.0.0.1/identity_admin/v3', + default='http://127.0.0.1/identity/v3', help='keystone service url'), cfg.BoolOpt('auto_refresh_endpoint', default=False, diff --git a/tricircle/tests/unit/network/test_central_plugin.py b/tricircle/tests/unit/network/test_central_plugin.py index 97fa1e54..3031ab69 100644 --- a/tricircle/tests/unit/network/test_central_plugin.py +++ b/tricircle/tests/unit/network/test_central_plugin.py @@ -1285,6 +1285,13 @@ def fake_allocate_ips_for_port(self, context, port): return [allocation] +def fake_update_ips_for_port(self, context, port, host, + original_ips, new_ips, mac): + # NOTE: remove this mock after we support ip updating + return ipam_pluggable_backend.IpamPluggableBackend.Changes( + add=[], original=[], remove=[]) + + @classmethod def fake_get_instance(cls, subnet_pool, context): return FakePool(subnet_pool, context) @@ -2267,6 +2274,8 @@ class PluginTest(unittest.TestCase, self.assertEqual(bottom_subnet['enable_dhcp'], body_copy['subnet']['enable_dhcp']) + @patch.object(ipam_pluggable_backend.IpamPluggableBackend, + '_update_ips_for_port', new=fake_update_ips_for_port) @patch.object(directory, 'get_plugin', new=fake_get_plugin) @patch.object(driver.Pool, 'get_instance', new=fake_get_instance) @patch.object(_utils, 'filter_non_model_columns',