[urgent]Adapt new Keystone URL and mock _update_ips_for_port

1. What is the problem? Now Keystone uses uwsgi with proxy[1], and this is the default mode in DevStack. In this case, the original URL with 5000/35357 port can no longer be accessed, this change will lead to Tricircle gate/check test always failure if no adaption is made in Tricircle configuration. After patch[2] merged, update mac address will also trigger ip updating process. This is mainly for IPv6 address but the code logic doesn't distinguish ip version. Some methods used by ip updating process are not correctly simulated in FakeQuery so test_update_port test failed 2. What is the solution to the problem? Change Keystone public URL Tricircle uses from http://host:5000/v3 to http://host/identity and change Keystone admin URL Tricircle uses from http://host:35357/v3 to http://host/identity This patch also fixes a mistake which was hidden before this Keystone change. While generating Tricircle apache configuration file in our DevStack script, TRICIRCLE_BIN in the template is not replaced by the real value. So the directory access right is not correctly granted. Before this Keystone change, Keystone apache configuration file will grant right on the same directory, so we didn't notice this problem. Since we don't support ip updating currently, one simple fix is to mock _update_ips_for_port method. 3. What features need to be implemented to the Tricircle to realize the solution? No new features. [1] https://github.com/openstack-dev/devstack/commit/ 6ed53156b6198e69d59d1cf3a3497e96f5b7a870 [2] https://github.com/openstack/neutron/commit/ 46d1a890e700dfa6e921387569f87f793ca4e8e9 Change-Id: I2b43c630eedff0f808c729da0ce9b819f02495dd
2017-04-19 16:59:06 +08:00 · 2017-04-19 16:59:06 +08:00 · 0d83bdca0a
parent e88f7588d9
commit 0d83bdca0a
5 changed files with 40 additions and 22 deletions
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -51,6 +51,8 @@ function init_common_tricircle_conf {
    iniset $conf_file DEFAULT use_syslog $SYSLOG
    iniset $conf_file DEFAULT tricircle_db_connection `database_connection_url tricircle`

+    iniset $conf_file client auth_url http://$KEYSTONE_SERVICE_HOST/identity
+    iniset $conf_file client identity_url http://$KEYSTONE_SERVICE_HOST/identity/v3
    iniset $conf_file client admin_username admin
    iniset $conf_file client admin_password $ADMIN_PASSWORD
    iniset $conf_file client admin_tenant demo
@ -65,8 +67,8 @@ function init_local_neutron_conf {

    iniset $NEUTRON_CONF DEFAULT core_plugin tricircle.network.local_plugin.TricirclePlugin

-    iniset $NEUTRON_CONF client auth_url http://$KEYSTONE_SERVICE_HOST/identity/v3
-    iniset $NEUTRON_CONF client identity_url http://$KEYSTONE_SERVICE_HOST/identity_admin/v3
+    iniset $NEUTRON_CONF client auth_url http://$KEYSTONE_SERVICE_HOST/identity
+    iniset $NEUTRON_CONF client identity_url http://$KEYSTONE_SERVICE_HOST/identity/v3
    iniset $NEUTRON_CONF client admin_username admin
    iniset $NEUTRON_CONF client admin_password $ADMIN_PASSWORD
    iniset $NEUTRON_CONF client admin_tenant demo
@ -317,6 +319,13 @@ elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
 elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
    echo_summary "Initializing Tricircle Service"

+    if [[ ${USE_VENV} = True ]]; then
+        PROJECT_VENV["tricircle"]=${TRICIRCLE_DIR}.venv
+        TRICIRCLE_BIN_DIR=${PROJECT_VENV["tricircle"]}/bin
+    else
+        TRICIRCLE_BIN_DIR=$(get_python_exec_prefix)
+    fi
+
    if is_service_enabled t-api; then

        create_tricircle_accounts
@ -324,12 +333,12 @@ elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
        if [[ "$TRICIRCLE_DEPLOY_WITH_WSGI" == "True" ]]; then
            start_tricircle_api_wsgi
        else
-            run_process t-api "tricircle-api --config-file $TRICIRCLE_API_CONF"
+            run_process t-api "$TRICIRCLE_BIN_DIR/tricircle-api --config-file $TRICIRCLE_API_CONF"
        fi
    fi

    if is_service_enabled t-job; then
-        run_process t-job "tricircle-xjob --config-file $TRICIRCLE_XJOB_CONF"
+        run_process t-job "$TRICIRCLE_BIN_DIR/tricircle-xjob --config-file $TRICIRCLE_XJOB_CONF"
    fi
 fi

--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@ -39,14 +39,14 @@ Central Plugin.
     - (String) user domain name of admin account, needed when auto_refresh_endpoint set to True.
   * - ``admin_username`` = ``None``
     - (String) username of admin account, needed when auto_refresh_endpoint set to True.
-   * - ``auth_url`` = ``http://127.0.0.1:5000/v3``
-     - (String) keystone authorization url, for example, http://$service_host:5000/v3
+   * - ``auth_url`` = ``http://127.0.0.1/identity``
+     - (String) keystone authorization url, for example, http://$service_host/identity
+   * - ``identity_url`` = ``http://127.0.0.1/identity/v3``
+     - (String) keystone service url, for example, http://$service_host/identity/v3
   * - ``auto_refresh_endpoint`` = ``True``
     - (Boolean) if set to True, endpoint will be automatically refreshed if timeout accessing endpoint.
   * - ``bridge_cidr`` = ``100.0.0.0/9``
     - (String) cidr pool of the bridge network, for example, 100.0.0.0/9
-   * - ``identity_url`` = ``http://127.0.0.1:35357/v3``
-     - (String) keystone service url, for example, http://$service_host:35357/v3
   * - ``neutron_timeout`` = ``60``
     - (Integer) timeout for neutron client in seconds.
   * - ``top_region_name`` = ``None``
--- a/doc/source/installation-manual.rst
+++ b/doc/source/installation-manual.rst
@ -64,9 +64,9 @@ Installation with Central Neutron Server
   :header: "Option", "Description", "Example"

   [DEFAULT] tricircle_db_connection, "database connection string for tricircle", mysql+pymysql://root:password@ 127.0.0.1/tricircle?charset=utf8
-   [DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@127.0.0.1:5672
+   [DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@ 127.0.0.1:5672
   [keystone_authtoken] auth_type, "authentication method", password
-   [keystone_authtoken] auth_url, "keystone authorization url", http://$keystone_service_host/identity_admin
+   [keystone_authtoken] auth_url, "keystone authorization url", http://$keystone_service_host/identity
   [keystone_authtoken] username, "username of service account, needed for password authentication", tricircle
   [keystone_authtoken] password, "password of service account, needed for password authentication", password
   [keystone_authtoken] user_domain_name, "user domain name of service account, needed for password authentication", Default
@ -76,8 +76,8 @@ Installation with Central Neutron Server
   [keystone_authtoken] cafile, "A PEM encoded Certificate Authority to use when verifying HTTPs", /opt/stack/data/ca-bundle.pem
   [keystone_authtoken] signing_dir, "Directory used to cache files related to PKI tokens", /var/cache/tricircle
   [keystone_authtoken] memcached_servers, "Optionally specify a list of memcached server(s) to use for caching", $keystone_service_host:11211
-   [client] auth_url, "keystone authorization url", http://$keystone_service_host:5000/v3
-   [client] identity_url, "keystone service url", http://$keystone_service_host:35357/v3
+   [client] auth_url, "keystone authorization url", http://$keystone_service_host/identity
+   [client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3
   [client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True
   [client] top_region_name, "name of central region which client needs to access", CentralRegion
   [client] admin_username, "username of admin account", admin
@ -116,9 +116,9 @@ Installation with Central Neutron Server
   :header: "Option", "Description", "Example"

   [DEFAULT] tricircle_db_connection, "database connection string for tricircle", mysql+pymysql://root:password@ 127.0.0.1/tricircle?charset=utf8
-   [DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@127.0.0.1:5672
-   [client] auth_url, "keystone authorization url", http://$keystone_service_host:5000/v3
-   [client] identity_url, "keystone service url", http://$keystone_service_host:35357/v3
+   [DEFAULT] transport_url, "a URL representing the used messaging driver and its full configuration", rabbit://user:password@ 127.0.0.1:5672
+   [client] auth_url, "keystone authorization url", http://$keystone_service_host/identity
+   [client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3
   [client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True
   [client] top_region_name, "name of central region which client needs to access", CentralRegion
   [client] admin_username, "username of admin account", admin
@ -157,11 +157,11 @@ Installation with Central Neutron Server

     [database] connection, "database connection string for central Neutron server", mysql+pymysql://root:password@ 127.0.0.1/neutron?charset=utf8
     [DEFAULT] bind_port, "Port central Neutron server binds to", change to a different value rather than 9696 if you run central and local Neutron server in the same host
-     [DEFAULT] core_plugin, "core plugin central Neutron server uses", tricircle.network.central_plugin.TricirclePlugin
+     [DEFAULT] core_plugin, "core plugin central Neutron server uses", tricircle.network.central_plugin. TricirclePlugin
     [DEFAULT] service_plugins, "service plugin central Neutron server uses", "(leave empty)"
     [DEFAULT] tricircle_db_connection, "database connection string for tricircle", mysql+pymysql://root:password@ 127.0.0.1/tricircle?charset=utf8
-     [client] auth_url, "keystone authorization url", http://$keystone_service_host:5000/v3
-     [client] identity_url, "keystone service url", http://$keystone_service_host:35357/v3
+     [client] auth_url, "keystone authorization url", http://$keystone_service_host/identity
+     [client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3
     [client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True
     [client] top_region_name, "name of central region which client needs to access", CentralRegion
     [client] admin_username, "username of admin account", admin
@ -226,8 +226,8 @@ Installation with Local Neutron Server

     [DEFAULT] core_plugin, "core plugin local Neutron server uses", tricircle.network.local_plugin. TricirclePlugin
     [DEFAULT] service_plugins, "service plugins local Neutron server uses", tricircle.network.local_l3_plugin. TricircleL3Plugin
-     [client] auth_url, "keystone authorization url", http://$keystone_service_host :5000/v3
-     [client] identity_url, "keystone service url", http://$keystone_service_host :35357/v3
+     [client] auth_url, "keystone authorization url", http://$keystone_service_host/identity
+     [client] identity_url, "keystone service url", http://$keystone_service_host/identity/v3
     [client] auto_refresh_endpoint, "if set to True, endpoint will be automatically refreshed if timeout accessing", True
     [client] top_region_name, "name of central region which client needs to access", CentralRegion
     [client] admin_username, "username of admin account", admin
--- a/tricircle/common/client.py
+++ b/tricircle/common/client.py
@ -35,10 +35,10 @@ from tricircle.db import models

 client_opts = [
    cfg.StrOpt('auth_url',
-               default='http://127.0.0.1/identity/v3',
+               default='http://127.0.0.1/identity',
               help='keystone authorization url'),
    cfg.StrOpt('identity_url',
-               default='http://127.0.0.1/identity_admin/v3',
+               default='http://127.0.0.1/identity/v3',
               help='keystone service url'),
    cfg.BoolOpt('auto_refresh_endpoint',
                default=False,
--- a/tricircle/tests/unit/network/test_central_plugin.py
+++ b/tricircle/tests/unit/network/test_central_plugin.py
@ -1285,6 +1285,13 @@ def fake_allocate_ips_for_port(self, context, port):
            return [allocation]


+def fake_update_ips_for_port(self, context, port, host,
+                             original_ips, new_ips, mac):
+    # NOTE: remove this mock after we support ip updating
+    return ipam_pluggable_backend.IpamPluggableBackend.Changes(
+        add=[], original=[], remove=[])
+
+
@classmethod
 def fake_get_instance(cls, subnet_pool, context):
    return FakePool(subnet_pool, context)
@ -2267,6 +2274,8 @@ class PluginTest(unittest.TestCase,
        self.assertEqual(bottom_subnet['enable_dhcp'],
                         body_copy['subnet']['enable_dhcp'])

+    @patch.object(ipam_pluggable_backend.IpamPluggableBackend,
+                  '_update_ips_for_port', new=fake_update_ips_for_port)
    @patch.object(directory, 'get_plugin', new=fake_get_plugin)
    @patch.object(driver.Pool, 'get_instance', new=fake_get_instance)
    @patch.object(_utils, 'filter_non_model_columns',