[urgent]Adapt new Keystone URL
1. What is the problem? Now Keystone uses uwsgi with proxy[1], and this is the default mode in DevStack. In this case, the original URL with 5000/35357 port can no longer be accessed, this change will lead to Trio2o gate/check test always failure if no adaption is made in Trio2o configuration. 2. What is the solution to the problem? Change Keystone public URL Trio2o uses from http://host:5000/v3 to http://host/identity and change Keystone admin URL Trio2o uses from http://host:35357/v3 to http://host/identity For tempest test, change http://host:5000/v2.0/ to http://host/identity and change identity version from 2 to 3 in post_test_hook.sh. In post_test_hook.sh, add admin_domain_name option. This patch also fixes a mistake which was hidden before this Keystone change. While generating Trio2o apache configuration file in our DevStack script, TRIO2O_BIN in the template is not replaced by the real value. So the directory access right is not correctly granted. Before this Keystone change, Keystone apache configuration file will grant right on the same directory, so we didn't notice this problem. 3. What features need to be implemented to the Trio2o to realize the solution? N/A [1] https://github.com/openstack-dev/devstack/commit/ 6ed53156b6198e69d59d1cf3a3497e96f5b7a870 [2] https://github.com/openstack/neutron/commit/ 46d1a890e700dfa6e921387569f87f793ca4e8e9 Change-Id: I4e1e38b1c07f453fcf2cfed39a16342f235c06b1
This commit is contained in:
parent
b2c436bfca
commit
bc3c4b1699
@ -1,36 +0,0 @@
|
|||||||
# Copyright 2015 Huawei Technologies Co., Ltd.
|
|
||||||
# All Rights Reserved
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
|
|
||||||
import sys
|
|
||||||
|
|
||||||
from oslo_config import cfg
|
|
||||||
|
|
||||||
from trio2o.db import core
|
|
||||||
from trio2o.db import migration_helpers
|
|
||||||
|
|
||||||
|
|
||||||
def main(argv=None, config_files=None):
|
|
||||||
core.initialize()
|
|
||||||
cfg.CONF(args=argv[2:],
|
|
||||||
project='trio2o',
|
|
||||||
default_config_files=config_files)
|
|
||||||
migration_helpers.find_migrate_repo()
|
|
||||||
migration_helpers.sync_repo(2)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
|
||||||
config_file = sys.argv[1]
|
|
||||||
main(argv=sys.argv, config_files=[config_file])
|
|
@ -117,6 +117,8 @@ function init_common_trio2o_conf {
|
|||||||
iniset $conf_file DEFAULT use_syslog $SYSLOG
|
iniset $conf_file DEFAULT use_syslog $SYSLOG
|
||||||
iniset $conf_file DEFAULT trio2o_db_connection `database_connection_url trio2o`
|
iniset $conf_file DEFAULT trio2o_db_connection `database_connection_url trio2o`
|
||||||
|
|
||||||
|
iniset $conf_file client auth_url http://$KEYSTONE_SERVICE_HOST/identity
|
||||||
|
iniset $conf_file client identity_url http://$KEYSTONE_SERVICE_HOST/identity/v3
|
||||||
iniset $conf_file client admin_username admin
|
iniset $conf_file client admin_username admin
|
||||||
iniset $conf_file client admin_password $ADMIN_PASSWORD
|
iniset $conf_file client admin_password $ADMIN_PASSWORD
|
||||||
iniset $conf_file client admin_tenant demo
|
iniset $conf_file client admin_tenant demo
|
||||||
@ -196,6 +198,69 @@ function configure_trio2o_cinder_apigw {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# configure_trio2o_api_wsgi() - Set WSGI config files
|
||||||
|
function configure_trio2o_api_wsgi {
|
||||||
|
local trio2o_api_apache_conf
|
||||||
|
local venv_path=""
|
||||||
|
local trio2o_bin_dir=""
|
||||||
|
local trio2o_ssl_listen="#"
|
||||||
|
|
||||||
|
trio2o_bin_dir=$(get_python_exec_prefix)
|
||||||
|
trio2o_api_apache_conf=$(apache_site_config_for trio2o-api)
|
||||||
|
|
||||||
|
if is_ssl_enabled_service "trio2o-api"; then
|
||||||
|
trio2o_ssl_listen=""
|
||||||
|
trio2o_ssl="SSLEngine On"
|
||||||
|
trio2o_certfile="SSLCertificateFile $TRIO2O_SSL_CERT"
|
||||||
|
trio2o_keyfile="SSLCertificateKeyFile $TRIO2O_SSL_KEY"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# configure venv bin if VENV is used
|
||||||
|
if [[ ${USE_VENV} = True ]]; then
|
||||||
|
venv_path="python-path=${PROJECT_VENV["trio2o"]}/lib/$(python_version)/site-packages"
|
||||||
|
trio2o_bin_dir=${PROJECT_VENV["trio2o"]}/bin
|
||||||
|
fi
|
||||||
|
|
||||||
|
sudo cp $TRIO2O_API_APACHE_TEMPLATE $trio2o_api_apache_conf
|
||||||
|
sudo sed -e "
|
||||||
|
s|%TRIO2O_BIN%|$trio2o_bin_dir|g;
|
||||||
|
s|%PUBLICPORT%|$TRIO2O_API_PORT|g;
|
||||||
|
s|%APACHE_NAME%|$APACHE_NAME|g;
|
||||||
|
s|%PUBLICWSGI%|$trio2o_bin_dir/trio2o-api-wsgi|g;
|
||||||
|
s|%SSLENGINE%|$trio2o_ssl|g;
|
||||||
|
s|%SSLCERTFILE%|$trio2o_certfile|g;
|
||||||
|
s|%SSLKEYFILE%|$trio2o_keyfile|g;
|
||||||
|
s|%SSLLISTEN%|$trio2o_ssl_listen|g;
|
||||||
|
s|%USER%|$STACK_USER|g;
|
||||||
|
s|%VIRTUALENV%|$venv_path|g
|
||||||
|
s|%APIWORKERS%|$API_WORKERS|g
|
||||||
|
" -i $trio2o_api_apache_conf
|
||||||
|
}
|
||||||
|
|
||||||
|
# start_trio2o_api_wsgi() - Start the API processes ahead of other things
|
||||||
|
function start_trio2o_api_wsgi {
|
||||||
|
enable_apache_site trio2o-api
|
||||||
|
restart_apache_server
|
||||||
|
tail_log trio2o-api /var/log/$APACHE_NAME/trio2o-api.log
|
||||||
|
|
||||||
|
echo "Waiting for trio2o-api to start..."
|
||||||
|
if ! wait_for_service $SERVICE_TIMEOUT $TRIO2O_API_PROTOCOL://$TRIO2O_API_HOST/trio2o; then
|
||||||
|
die $LINENO "trio2o-api did not start"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# stop_trio2o_api_wsgi() - Disable the api service and stop it.
|
||||||
|
function stop_trio2o_api_wsgi {
|
||||||
|
disable_apache_site trio2o-api
|
||||||
|
restart_apache_server
|
||||||
|
}
|
||||||
|
|
||||||
|
# cleanup_trio2o_api_wsgi() - Remove residual data files, anything left over from previous
|
||||||
|
# runs that a clean run would need to clean up
|
||||||
|
function cleanup_trio2o_api_wsgi {
|
||||||
|
sudo rm -f $(apache_site_config_for trio2o-api)
|
||||||
|
}
|
||||||
|
|
||||||
function configure_trio2o_xjob {
|
function configure_trio2o_xjob {
|
||||||
if is_service_enabled t-job ; then
|
if is_service_enabled t-job ; then
|
||||||
echo "Configuring Trio2o xjob"
|
echo "Configuring Trio2o xjob"
|
||||||
@ -275,38 +340,56 @@ elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
|
|||||||
configure_trio2o_cinder_apigw
|
configure_trio2o_cinder_apigw
|
||||||
configure_trio2o_xjob
|
configure_trio2o_xjob
|
||||||
|
|
||||||
|
if [[ "$TRIO2O_DEPLOY_WITH_WSGI" == "True" ]]; then
|
||||||
|
configure_trio2o_api_wsgi
|
||||||
|
fi
|
||||||
|
|
||||||
echo export PYTHONPATH=\$PYTHONPATH:$TRIO2O_DIR >> $RC_DIR/.localrc.auto
|
echo export PYTHONPATH=\$PYTHONPATH:$TRIO2O_DIR >> $RC_DIR/.localrc.auto
|
||||||
|
|
||||||
setup_package $TRIO2O_DIR -e
|
setup_package $TRIO2O_DIR -e
|
||||||
|
|
||||||
recreate_database trio2o
|
recreate_database trio2o
|
||||||
python "$TRIO2O_DIR/cmd/manage.py" "$TRIO2O_API_CONF"
|
trio2o-db-manage --config-file="$TRIO2O_API_CONF" db_sync
|
||||||
|
|
||||||
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
||||||
echo_summary "Initializing Trio2o Service"
|
echo_summary "Initializing Trio2o Service"
|
||||||
|
|
||||||
|
if [[ ${USE_VENV} = True ]]; then
|
||||||
|
PROJECT_VENV["trio2o"]=${TRIO2O_DIR}.venv
|
||||||
|
TRIO2O_BIN_DIR=${PROJECT_VENV["trio2o"]}/bin
|
||||||
|
else
|
||||||
|
TRIO2O_BIN_DIR=$(get_python_exec_prefix)
|
||||||
|
fi
|
||||||
|
|
||||||
if is_service_enabled t-api; then
|
if is_service_enabled t-api; then
|
||||||
|
|
||||||
create_trio2o_accounts
|
create_trio2o_accounts
|
||||||
|
|
||||||
run_process t-api "python $TRIO2O_API --config-file $TRIO2O_API_CONF"
|
if [[ "$TRIO2O_DEPLOY_WITH_WSGI" == "True" ]]; then
|
||||||
|
start_trio2o_api_wsgi
|
||||||
|
else
|
||||||
|
run_process t-api "$TRIO2O_BIN_DIR/trio2o-api --config-file $TRIO2O_API_CONF"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if is_service_enabled t-ngw; then
|
if is_service_enabled t-ngw; then
|
||||||
|
|
||||||
create_nova_apigw_accounts
|
create_nova_apigw_accounts
|
||||||
|
|
||||||
run_process t-ngw "python $TRIO2O_NOVA_APIGW --config-file $TRIO2O_NOVA_APIGW_CONF"
|
run_process t-ngw "$TRIO2O_BIN_DIR/trio2o-nova-apigw --config-file $TRIO2O_NOVA_APIGW_CONF"
|
||||||
|
|
||||||
reconfigure_nova
|
|
||||||
|
|
||||||
|
get_or_create_endpoint "compute" \
|
||||||
|
"$POD_REGION_NAME" \
|
||||||
|
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/"'$(tenant_id)s' \
|
||||||
|
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/"'$(tenant_id)s' \
|
||||||
|
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/"'$(tenant_id)s'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if is_service_enabled t-cgw; then
|
if is_service_enabled t-cgw; then
|
||||||
|
|
||||||
create_cinder_apigw_accounts
|
create_cinder_apigw_accounts
|
||||||
|
|
||||||
run_process t-cgw "python $TRIO2O_CINDER_APIGW --config-file $TRIO2O_CINDER_APIGW_CONF"
|
run_process t-cgw "$TRIO2O_BIN_DIR/trio2o-cinder-apigw --config-file $TRIO2O_CINDER_APIGW_CONF"
|
||||||
|
|
||||||
get_or_create_endpoint "volumev2" \
|
get_or_create_endpoint "volumev2" \
|
||||||
"$POD_REGION_NAME" \
|
"$POD_REGION_NAME" \
|
||||||
@ -317,15 +400,20 @@ elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
|||||||
|
|
||||||
if is_service_enabled t-job; then
|
if is_service_enabled t-job; then
|
||||||
|
|
||||||
run_process t-job "python $TRIO2O_XJOB --config-file $TRIO2O_XJOB_CONF"
|
run_process t-job "$TRIO2O_BIN_DIR/trio2o-xjob --config-file $TRIO2O_XJOB_CONF"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "$1" == "unstack" ]]; then
|
if [[ "$1" == "unstack" ]]; then
|
||||||
|
|
||||||
if is_service_enabled t-api; then
|
if is_service_enabled t-api; then
|
||||||
|
if [[ "$TRIO2O_DEPLOY_WITH_WSGI" == "True" ]]; then
|
||||||
|
stop_trio2o_api_wsgi
|
||||||
|
clean_trio2o_api_wsgi
|
||||||
|
else
|
||||||
stop_process t-api
|
stop_process t-api
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if is_service_enabled t-ngw; then
|
if is_service_enabled t-ngw; then
|
||||||
stop_process t-ngw
|
stop_process t-ngw
|
||||||
|
@ -44,6 +44,14 @@ mapping_file = babel.cfg
|
|||||||
output_file = trio2o/locale/trio2o.pot
|
output_file = trio2o/locale/trio2o.pot
|
||||||
|
|
||||||
[entry_points]
|
[entry_points]
|
||||||
|
|
||||||
|
console_scripts =
|
||||||
|
trio2o-db-manage = trio2o.cmd.manage:main
|
||||||
|
trio2o-api = trio2o.cmd.api:main
|
||||||
|
trio2o-xjob = trio2o.cmd.xjob:main
|
||||||
|
trio2o-nova-apigw = trio2o.cmd.nova_apigw:main
|
||||||
|
trio2o-cinder-apigw = trio2o.cmd.cinder_apigw:main
|
||||||
|
|
||||||
oslo.config.opts =
|
oslo.config.opts =
|
||||||
|
|
||||||
trio2o.api = trio2o.api.opts:list_opts
|
trio2o.api = trio2o.api.opts:list_opts
|
||||||
|
0
trio2o/cmd/__init__.py
Normal file
0
trio2o/cmd/__init__.py
Normal file
68
trio2o/cmd/manage.py
Normal file
68
trio2o/cmd/manage.py
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
# Copyright 2016 OpenStack Foundation.
|
||||||
|
# All Rights Reserved
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
import sys
|
||||||
|
|
||||||
|
from oslo_config import cfg
|
||||||
|
from oslo_log import log as logging
|
||||||
|
|
||||||
|
import pbr.version
|
||||||
|
|
||||||
|
from trio2o.db import core
|
||||||
|
from trio2o.db import migration_helpers
|
||||||
|
|
||||||
|
CONF = cfg.CONF
|
||||||
|
|
||||||
|
|
||||||
|
def do_db_version():
|
||||||
|
print(migration_helpers.db_version())
|
||||||
|
|
||||||
|
|
||||||
|
def do_db_sync():
|
||||||
|
migration_helpers.sync_repo(CONF.command.version)
|
||||||
|
|
||||||
|
|
||||||
|
def add_command_parsers(subparsers):
|
||||||
|
parser = subparsers.add_parser('db_version')
|
||||||
|
parser.set_defaults(func=do_db_version)
|
||||||
|
|
||||||
|
parser = subparsers.add_parser('db_sync')
|
||||||
|
parser.set_defaults(func=do_db_sync)
|
||||||
|
parser.add_argument('version', nargs='?')
|
||||||
|
|
||||||
|
|
||||||
|
command_opt = cfg.SubCommandOpt('command',
|
||||||
|
title='Commands',
|
||||||
|
help='Show available commands.',
|
||||||
|
handler=add_command_parsers)
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
core.initialize()
|
||||||
|
logging.register_options(CONF)
|
||||||
|
logging.setup(CONF, 'trio2o-db-manage')
|
||||||
|
CONF.register_cli_opt(command_opt)
|
||||||
|
version_info = pbr.version.VersionInfo('trio2o')
|
||||||
|
try:
|
||||||
|
CONF(sys.argv[1:], project='trio2o', prog='trio2o-db-manage',
|
||||||
|
version=version_info.version_string())
|
||||||
|
except RuntimeError as e:
|
||||||
|
sys.exit("ERROR: %s" % e)
|
||||||
|
|
||||||
|
try:
|
||||||
|
CONF.command.func()
|
||||||
|
except Exception as e:
|
||||||
|
sys.exit("ERROR: %s" % e)
|
@ -35,10 +35,10 @@ from trio2o.db import models
|
|||||||
|
|
||||||
client_opts = [
|
client_opts = [
|
||||||
cfg.StrOpt('auth_url',
|
cfg.StrOpt('auth_url',
|
||||||
default='http://127.0.0.1:5000/v3',
|
default='http://127.0.0.1/identity',
|
||||||
help='keystone authorization url'),
|
help='keystone authorization url'),
|
||||||
cfg.StrOpt('identity_url',
|
cfg.StrOpt('identity_url',
|
||||||
default='http://127.0.0.1:35357/v3',
|
default='http://127.0.0.1/identity/v3',
|
||||||
help='keystone service url'),
|
help='keystone service url'),
|
||||||
cfg.BoolOpt('auto_refresh_endpoint',
|
cfg.BoolOpt('auto_refresh_endpoint',
|
||||||
default=False,
|
default=False,
|
||||||
@ -229,6 +229,8 @@ class Client(object):
|
|||||||
|
|
||||||
def _get_config_with_retry(self, cxt, filters, pod, service, retry):
|
def _get_config_with_retry(self, cxt, filters, pod, service, retry):
|
||||||
conf_list = api.list_pod_service_configurations(cxt, filters)
|
conf_list = api.list_pod_service_configurations(cxt, filters)
|
||||||
|
if len(conf_list) > 1:
|
||||||
|
raise exceptions.EndpointNotUnique(pod, service)
|
||||||
if len(conf_list) == 0:
|
if len(conf_list) == 0:
|
||||||
if not retry:
|
if not retry:
|
||||||
raise exceptions.EndpointNotFound(pod, service)
|
raise exceptions.EndpointNotFound(pod, service)
|
||||||
@ -293,7 +295,7 @@ class Client(object):
|
|||||||
cxt, config_filters)
|
cxt, config_filters)
|
||||||
|
|
||||||
if len(config_list) > 1:
|
if len(config_list) > 1:
|
||||||
continue
|
raise exceptions.EndpointNotUnique(pod_id, service)
|
||||||
if len(config_list) == 1:
|
if len(config_list) == 1:
|
||||||
config_id = config_list[0]['service_id']
|
config_id = config_list[0]['service_id']
|
||||||
update_dict = {
|
update_dict = {
|
||||||
|
@ -70,10 +70,11 @@ source $DEVSTACK_DIR/functions
|
|||||||
iniset $TEMPEST_CONF auth admin_username ${ADMIN_USERNAME:-"admin"}
|
iniset $TEMPEST_CONF auth admin_username ${ADMIN_USERNAME:-"admin"}
|
||||||
iniset $TEMPEST_CONF auth admin_project_name admin
|
iniset $TEMPEST_CONF auth admin_project_name admin
|
||||||
iniset $TEMPEST_CONF auth admin_password $OS_PASSWORD
|
iniset $TEMPEST_CONF auth admin_password $OS_PASSWORD
|
||||||
iniset $TEMPEST_CONF identity auth_version v2
|
iniset $TEMPEST_CONF auth admin_domain_name default
|
||||||
|
iniset $TEMPEST_CONF identity auth_version v3
|
||||||
iniset $TEMPEST_CONF identity uri_v3 http://$SERVICE_HOST/identity/v3
|
iniset $TEMPEST_CONF identity uri_v3 http://$SERVICE_HOST/identity/v3
|
||||||
iniset $TEMPEST_CONF identity uri http://$SERVICE_HOST:5000/v2.0/
|
iniset $TEMPEST_CONF identity uri $OS_AUTH_URL
|
||||||
iniset $TEMPEST_CONF identity-feature-enabled api_v2 True
|
iniset $TEMPEST_CONF identity-feature-enabled api_v3 True
|
||||||
|
|
||||||
iniset $TEMPEST_CONF compute region RegionOne
|
iniset $TEMPEST_CONF compute region RegionOne
|
||||||
iniset $TEMPEST_CONF compute image_ref $image_id
|
iniset $TEMPEST_CONF compute image_ref $image_id
|
||||||
|
Loading…
Reference in New Issue
Block a user