From bf1b738797940f590342daaa858ee3616fba5f93 Mon Sep 17 00:00:00 2001 From: hosingh000 Date: Wed, 21 Feb 2018 13:45:47 -0600 Subject: [PATCH] upgrade to use keystone v3 - Upgrade to keystone v3 - Modify oslo_messaging to replace deprecated get_transport Change-Id: I1421d22d8280879d0e7a54519a45feb8a7fa00ef --- etc/ord.conf | 25 ++++++------ ord/api/app.py | 2 +- ord/client/client.py | 84 ++++++++++++++++++++--------------------- ord/client/rpcapi.py | 2 +- ord/client/rpcengine.py | 2 +- ord/engine/app.py | 4 +- requirements.txt | 2 +- 7 files changed, 57 insertions(+), 64 deletions(-) diff --git a/etc/ord.conf b/etc/ord.conf index 1f25bed..8e26cbc 100755 --- a/etc/ord.conf +++ b/etc/ord.conf @@ -21,27 +21,24 @@ host = 0.0.0.0 # Port the bind the API server to port = 9010 -[ord_credentials] -auth_url = http://127.0.0.1:5000/v2.0 -user_name = admin -password = devstack -tenant_name = admin -openstack_client_http_timeout = 360 -https_insecure = False +[keystone_authtoken] +auth_type = password +auth_url = http://keystone-api.openstack.svc.cluster.local:80/v3 +auth_version = v3 +password = password +project_domain_name = Default +project_name = service +region_name = RegionOne +user_domain_name = Default +username = admin [database] connection = mysql+pymysql://root:devstack@127.0.0.1:3306/ord max_retries = -1 -[oslo_messaging_rabbit] -rabbit_userid = stackrabbit -rabbit_password = devstack -rabbit_hosts = 127.0.0.1 -rabbit_port = 5672 - [orm] #This will assume the required ssh-keys are all already populated -orm_template_repo_url = git@127.0.0.1:/home/repo/ranger_repo.git +orm_template_repo_url = ssh://git@127.0.0.1:/home/repo/ranger_repo.git #This is fake service call will be replaced with rds url rds_listener_endpoint = http://127.0.0.1:8777/v1/rds/status repo_pull_check_wait = 2 diff --git a/ord/api/app.py b/ord/api/app.py index 65bf5f1..fa35e18 100644 --- a/ord/api/app.py +++ b/ord/api/app.py @@ -83,7 +83,7 @@ def setup_app(pecan_config=None, extra_hooks=None): guess_content_type_from_ext=False ) - transport = messaging.get_transport(cfg.CONF) + transport = messaging.get_rpc_transport(cfg.CONF) target = messaging.Target(topic='ord-listener-q', server=cfg.CONF.host) endpoints = [api.ListenerQueueHandler()] server = messaging.get_rpc_server(transport, diff --git a/ord/client/client.py b/ord/client/client.py index 82a5297..29aab48 100644 --- a/ord/client/client.py +++ b/ord/client/client.py @@ -14,39 +14,38 @@ from glanceclient import client as glance from heatclient import client as heat -from keystoneclient import discover as keystone_discover -from keystoneclient.v2_0 import client as keystone_v2 +from keystoneclient.auth.identity import v3 +from keystoneclient import session as ksc_session from keystoneclient.v3 import client as keystone_v3 from oslo_config import cfg from ord.common import exceptions as exc from ord.openstack.common import log as logging - -# FIXME: we definetly must change this group name. It very confusing. -OPT_GROUP = cfg.OptGroup(name='ord_credentials', title='ORD Credentials') +OPT_GROUP = cfg.OptGroup(name='keystone_authtoken', + title='Keystone Configurations') SERVICE_OPTS = [ - cfg.StrOpt('project_id', default='', - help="project id used by nova driver of service vm extension"), - cfg.StrOpt('auth_url', default='http://0.0.0.0:5000/v2.0', - help="auth URL used by nova driver of service vm extension"), - cfg.StrOpt('user_name', default='', - help="user name used by nova driver of service vm extension"), + cfg.StrOpt('project_name', default='service', + help="project name used to stack heat resources"), + cfg.StrOpt('auth_url', default='', + help="auth url used by ranger agent to invoke keystone apis"), + cfg.StrOpt('username', default='', + help="user name used by ranger agent to invoke keystone apis"), cfg.StrOpt('password', default='', secret=True, - help="password used by nova driver of service vm extension"), - cfg.StrOpt('tenant_name', default='', - help="tenant name used by nova driver of service vm " - "extension"), - cfg.FloatOpt("openstack_client_http_timeout", default=180.0, - help="HTTP timeout for any of OpenStack service in seconds"), - cfg.BoolOpt("https_insecure", default=False, - help="Use SSL for all OpenStack API interfaces"), + help="password used by ranger agent to invoke keystone apis"), + cfg.StrOpt('project_domain_name', default='default', + help="default project domain " + "used by ranger agent to invoke keystone apis"), + cfg.StrOpt('auth_version', default='v3', help="Keystone version"), + cfg.StrOpt("user_domain_name", default='default', + help="default project domain " + "used by ranger agent to invoke keystone apis"), cfg.StrOpt("https_cacert", default=None, - help="Path to CA server certificate for SSL") + help="Path to CA server certificate for SSL"), ] cfg.CONF.register_opts(SERVICE_OPTS, OPT_GROUP) -CONF = cfg.CONF.ord_credentials +CONF = cfg.CONF.keystone_authtoken LOG = logging.getLogger(__name__) @@ -68,13 +67,17 @@ def cached(func): def create_keystone_client(args): - discover = keystone_discover.Discover(auth_url=args['auth_url']) - for version_data in discover.version_data(): - version = version_data['version'] - if version[0] <= 2: - return keystone_v2.Client(**args) - elif version[0] == 3: - return keystone_v3.Client(**args) + auth = v3.Password(auth_url=args['auth_url'], + username=args['username'], + password=args['password'], + project_name=args['project_name'], + user_domain_name=args['user_domain_name'], + project_domain_name=args['project_domain_name']) + session = ksc_session.Session(auth=auth) + return keystone_v3.Client(session=session, + auth_url=args['auth_url'], + username=args['username'], + password=args['password']) class Clients(object): @@ -90,15 +93,14 @@ class Clients(object): def keystone(self): """Returns keystone Client.""" params = { - 'username': CONF.user_name, + 'username': CONF.username, 'password': CONF.password, 'auth_url': CONF.auth_url, + 'project_name': CONF.project_name, + 'user_domain_name': CONF.user_domain_name, + 'project_domain_name': CONF.project_domain_name, + 'https_cacert': CONF.https_cacert } - - if CONF.project_id: - params['tenant_id'] = CONF.project_id - else: - params['tenant_name'] = CONF.tenant_name try: client = create_keystone_client(params) if client.auth_ref is None: @@ -119,16 +121,13 @@ class Clients(object): attempt = 1 while attempt >= 0: try: - heat_api_url = kc.service_catalog.url_for( + heat_api_url = kc.session.get_endpoint( service_type='orchestration') auth_token = kc.auth_token - timeout = CONF.openstack_client_http_timeout client = heat.Client(version, endpoint=heat_api_url, - token=auth_token, - timeout=timeout, - insecure=CONF.https_insecure, - cacert=CONF.https_cacert) + cacert=CONF.https_cacert, + token=auth_token) return client, kc except Exception as ex: try: @@ -152,15 +151,12 @@ class Clients(object): attempt = 1 while attempt >= 0: try: - glance_api_url = kc.service_catalog.url_for( + glance_api_url = kc.session.get_endpoint( service_type='image') auth_token = kc.auth_token - timeout = CONF.openstack_client_http_timeout client = glance.Client(version, endpoint=glance_api_url, token=auth_token, - timeout=timeout, - insecure=CONF.https_insecure, cacert=CONF.https_cacert) return client, kc except Exception as ex: diff --git a/ord/client/rpcapi.py b/ord/client/rpcapi.py index 97de1da..3c70f97 100644 --- a/ord/client/rpcapi.py +++ b/ord/client/rpcapi.py @@ -26,7 +26,7 @@ class RpcAPI(object): super(RpcAPI, self).__init__() self.target = messaging.Target(topic='ord-notifier-q') - self.transport = messaging.get_transport(cfg.CONF) + self.transport = messaging.get_rpc_transport(cfg.CONF) self._client = messaging.RPCClient(self.transport, self.target) def invoke_notifier_rpc(self, ctxt, payload): diff --git a/ord/client/rpcengine.py b/ord/client/rpcengine.py index 93b3d0f..b1c862b 100644 --- a/ord/client/rpcengine.py +++ b/ord/client/rpcengine.py @@ -28,7 +28,7 @@ class RpcEngine(object): super(RpcEngine, self).__init__() try: self.target = messaging.Target(topic='ord-listener-q') - self.transport = messaging.get_transport(cfg.CONF) + self.transport = messaging.get_rpc_transport(cfg.CONF) self._client = messaging.RPCClient(self.transport, self.target) except Exception as exception: LOG.critical( diff --git a/ord/engine/app.py b/ord/engine/app.py index 5fad680..39d6d03 100644 --- a/ord/engine/app.py +++ b/ord/engine/app.py @@ -23,7 +23,7 @@ def start(): engine = Engine() # start Notify message listener - transport = messaging.get_transport(cfg.CONF) + transport = messaging.get_rpc_transport(cfg.CONF) target = messaging.Target(topic='ord-notifier-q', server=cfg.CONF.host) @@ -32,7 +32,7 @@ def start(): server = messaging.get_rpc_server(transport, target, endpoints, - executor='blocking') + executor='eventlet') try: server.start() diff --git a/requirements.txt b/requirements.txt index 52a0f0a..5716c32 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,7 @@ # pbr>=1.6 oslo.config>=3.14.0 -oslo.messaging>=5.2.0 +oslo.messaging>=5.29.0 oslo.serialization>=1.10.0 oslo.db>=4.10.0,!=4.13.1,!=4.13.2 oslo.log>=1.14.0