[urgent]Adapt new Keystone URL

1. What is the problem?
Now Keystone uses uwsgi with proxy[1], and this is the default mode
in DevStack. In this case, the original URL with 5000/35357 port can
no longer be accessed, this change will lead to Trio2o gate/check
test always failure if no adaption is made in Trio2o configuration.

2. What is the solution to the problem?
Change Keystone public URL Trio2o uses from
http://host:5000/v3 to http://host/identity and
change Keystone admin URL Trio2o uses from
http://host:35357/v3 to http://host/identity

For tempest test, change http://host:5000/v2.0/
to http://host/identity and change identity version
from 2 to 3 in post_test_hook.sh.
In post_test_hook.sh, add admin_domain_name option.

This patch also fixes a mistake which was hidden before this Keystone
change. While generating Trio2o apache configuration file in our
DevStack script, TRIO2O_BIN in the template is not replaced by
the real value. So the directory access right is not correctly granted.
Before this Keystone change, Keystone apache configuration file will
grant right on the same directory, so we didn't notice this problem.

3. What features need to be implemented to the Trio2o
to realize the solution?
N/A

[1] https://github.com/openstack-dev/devstack/commit/
    6ed53156b6198e69d59d1cf3a3497e96f5b7a870
[2] https://github.com/openstack/neutron/commit/
    46d1a890e700dfa6e921387569f87f793ca4e8e9

Change-Id: I4e1e38b1c07f453fcf2cfed39a16342f235c06b1
This commit is contained in:
wenxiong zou 2017-05-10 18:14:16 +08:00
parent b2c436bfca
commit bc3c4b1699
11 changed files with 182 additions and 51 deletions

View File

@ -1,36 +0,0 @@
# Copyright 2015 Huawei Technologies Co., Ltd.
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sys
from oslo_config import cfg
from trio2o.db import core
from trio2o.db import migration_helpers
def main(argv=None, config_files=None):
core.initialize()
cfg.CONF(args=argv[2:],
project='trio2o',
default_config_files=config_files)
migration_helpers.find_migrate_repo()
migration_helpers.sync_repo(2)
if __name__ == '__main__':
config_file = sys.argv[1]
main(argv=sys.argv, config_files=[config_file])

View File

@ -117,6 +117,8 @@ function init_common_trio2o_conf {
iniset $conf_file DEFAULT use_syslog $SYSLOG
iniset $conf_file DEFAULT trio2o_db_connection `database_connection_url trio2o`
iniset $conf_file client auth_url http://$KEYSTONE_SERVICE_HOST/identity
iniset $conf_file client identity_url http://$KEYSTONE_SERVICE_HOST/identity/v3
iniset $conf_file client admin_username admin
iniset $conf_file client admin_password $ADMIN_PASSWORD
iniset $conf_file client admin_tenant demo
@ -196,6 +198,69 @@ function configure_trio2o_cinder_apigw {
fi
}
# configure_trio2o_api_wsgi() - Set WSGI config files
function configure_trio2o_api_wsgi {
local trio2o_api_apache_conf
local venv_path=""
local trio2o_bin_dir=""
local trio2o_ssl_listen="#"
trio2o_bin_dir=$(get_python_exec_prefix)
trio2o_api_apache_conf=$(apache_site_config_for trio2o-api)
if is_ssl_enabled_service "trio2o-api"; then
trio2o_ssl_listen=""
trio2o_ssl="SSLEngine On"
trio2o_certfile="SSLCertificateFile $TRIO2O_SSL_CERT"
trio2o_keyfile="SSLCertificateKeyFile $TRIO2O_SSL_KEY"
fi
# configure venv bin if VENV is used
if [[ ${USE_VENV} = True ]]; then
venv_path="python-path=${PROJECT_VENV["trio2o"]}/lib/$(python_version)/site-packages"
trio2o_bin_dir=${PROJECT_VENV["trio2o"]}/bin
fi
sudo cp $TRIO2O_API_APACHE_TEMPLATE $trio2o_api_apache_conf
sudo sed -e "
s|%TRIO2O_BIN%|$trio2o_bin_dir|g;
s|%PUBLICPORT%|$TRIO2O_API_PORT|g;
s|%APACHE_NAME%|$APACHE_NAME|g;
s|%PUBLICWSGI%|$trio2o_bin_dir/trio2o-api-wsgi|g;
s|%SSLENGINE%|$trio2o_ssl|g;
s|%SSLCERTFILE%|$trio2o_certfile|g;
s|%SSLKEYFILE%|$trio2o_keyfile|g;
s|%SSLLISTEN%|$trio2o_ssl_listen|g;
s|%USER%|$STACK_USER|g;
s|%VIRTUALENV%|$venv_path|g
s|%APIWORKERS%|$API_WORKERS|g
" -i $trio2o_api_apache_conf
}
# start_trio2o_api_wsgi() - Start the API processes ahead of other things
function start_trio2o_api_wsgi {
enable_apache_site trio2o-api
restart_apache_server
tail_log trio2o-api /var/log/$APACHE_NAME/trio2o-api.log
echo "Waiting for trio2o-api to start..."
if ! wait_for_service $SERVICE_TIMEOUT $TRIO2O_API_PROTOCOL://$TRIO2O_API_HOST/trio2o; then
die $LINENO "trio2o-api did not start"
fi
}
# stop_trio2o_api_wsgi() - Disable the api service and stop it.
function stop_trio2o_api_wsgi {
disable_apache_site trio2o-api
restart_apache_server
}
# cleanup_trio2o_api_wsgi() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_trio2o_api_wsgi {
sudo rm -f $(apache_site_config_for trio2o-api)
}
function configure_trio2o_xjob {
if is_service_enabled t-job ; then
echo "Configuring Trio2o xjob"
@ -275,38 +340,56 @@ elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
configure_trio2o_cinder_apigw
configure_trio2o_xjob
if [[ "$TRIO2O_DEPLOY_WITH_WSGI" == "True" ]]; then
configure_trio2o_api_wsgi
fi
echo export PYTHONPATH=\$PYTHONPATH:$TRIO2O_DIR >> $RC_DIR/.localrc.auto
setup_package $TRIO2O_DIR -e
recreate_database trio2o
python "$TRIO2O_DIR/cmd/manage.py" "$TRIO2O_API_CONF"
trio2o-db-manage --config-file="$TRIO2O_API_CONF" db_sync
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
echo_summary "Initializing Trio2o Service"
if [[ ${USE_VENV} = True ]]; then
PROJECT_VENV["trio2o"]=${TRIO2O_DIR}.venv
TRIO2O_BIN_DIR=${PROJECT_VENV["trio2o"]}/bin
else
TRIO2O_BIN_DIR=$(get_python_exec_prefix)
fi
if is_service_enabled t-api; then
create_trio2o_accounts
run_process t-api "python $TRIO2O_API --config-file $TRIO2O_API_CONF"
if [[ "$TRIO2O_DEPLOY_WITH_WSGI" == "True" ]]; then
start_trio2o_api_wsgi
else
run_process t-api "$TRIO2O_BIN_DIR/trio2o-api --config-file $TRIO2O_API_CONF"
fi
fi
if is_service_enabled t-ngw; then
create_nova_apigw_accounts
run_process t-ngw "python $TRIO2O_NOVA_APIGW --config-file $TRIO2O_NOVA_APIGW_CONF"
reconfigure_nova
run_process t-ngw "$TRIO2O_BIN_DIR/trio2o-nova-apigw --config-file $TRIO2O_NOVA_APIGW_CONF"
get_or_create_endpoint "compute" \
"$POD_REGION_NAME" \
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/"'$(tenant_id)s' \
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/"'$(tenant_id)s' \
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/"'$(tenant_id)s'
fi
if is_service_enabled t-cgw; then
create_cinder_apigw_accounts
run_process t-cgw "python $TRIO2O_CINDER_APIGW --config-file $TRIO2O_CINDER_APIGW_CONF"
run_process t-cgw "$TRIO2O_BIN_DIR/trio2o-cinder-apigw --config-file $TRIO2O_CINDER_APIGW_CONF"
get_or_create_endpoint "volumev2" \
"$POD_REGION_NAME" \
@ -317,14 +400,19 @@ elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
if is_service_enabled t-job; then
run_process t-job "python $TRIO2O_XJOB --config-file $TRIO2O_XJOB_CONF"
run_process t-job "$TRIO2O_BIN_DIR/trio2o-xjob --config-file $TRIO2O_XJOB_CONF"
fi
fi
if [[ "$1" == "unstack" ]]; then
if is_service_enabled t-api; then
stop_process t-api
if [[ "$TRIO2O_DEPLOY_WITH_WSGI" == "True" ]]; then
stop_trio2o_api_wsgi
clean_trio2o_api_wsgi
else
stop_process t-api
fi
fi
if is_service_enabled t-ngw; then

View File

@ -44,6 +44,14 @@ mapping_file = babel.cfg
output_file = trio2o/locale/trio2o.pot
[entry_points]
console_scripts =
trio2o-db-manage = trio2o.cmd.manage:main
trio2o-api = trio2o.cmd.api:main
trio2o-xjob = trio2o.cmd.xjob:main
trio2o-nova-apigw = trio2o.cmd.nova_apigw:main
trio2o-cinder-apigw = trio2o.cmd.cinder_apigw:main
oslo.config.opts =
trio2o.api = trio2o.api.opts:list_opts

0
trio2o/cmd/__init__.py Normal file
View File

68
trio2o/cmd/manage.py Normal file
View File

@ -0,0 +1,68 @@
# Copyright 2016 OpenStack Foundation.
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sys
from oslo_config import cfg
from oslo_log import log as logging
import pbr.version
from trio2o.db import core
from trio2o.db import migration_helpers
CONF = cfg.CONF
def do_db_version():
print(migration_helpers.db_version())
def do_db_sync():
migration_helpers.sync_repo(CONF.command.version)
def add_command_parsers(subparsers):
parser = subparsers.add_parser('db_version')
parser.set_defaults(func=do_db_version)
parser = subparsers.add_parser('db_sync')
parser.set_defaults(func=do_db_sync)
parser.add_argument('version', nargs='?')
command_opt = cfg.SubCommandOpt('command',
title='Commands',
help='Show available commands.',
handler=add_command_parsers)
def main():
core.initialize()
logging.register_options(CONF)
logging.setup(CONF, 'trio2o-db-manage')
CONF.register_cli_opt(command_opt)
version_info = pbr.version.VersionInfo('trio2o')
try:
CONF(sys.argv[1:], project='trio2o', prog='trio2o-db-manage',
version=version_info.version_string())
except RuntimeError as e:
sys.exit("ERROR: %s" % e)
try:
CONF.command.func()
except Exception as e:
sys.exit("ERROR: %s" % e)

View File

@ -35,10 +35,10 @@ from trio2o.db import models
client_opts = [
cfg.StrOpt('auth_url',
default='http://127.0.0.1:5000/v3',
default='http://127.0.0.1/identity',
help='keystone authorization url'),
cfg.StrOpt('identity_url',
default='http://127.0.0.1:35357/v3',
default='http://127.0.0.1/identity/v3',
help='keystone service url'),
cfg.BoolOpt('auto_refresh_endpoint',
default=False,
@ -229,6 +229,8 @@ class Client(object):
def _get_config_with_retry(self, cxt, filters, pod, service, retry):
conf_list = api.list_pod_service_configurations(cxt, filters)
if len(conf_list) > 1:
raise exceptions.EndpointNotUnique(pod, service)
if len(conf_list) == 0:
if not retry:
raise exceptions.EndpointNotFound(pod, service)
@ -293,7 +295,7 @@ class Client(object):
cxt, config_filters)
if len(config_list) > 1:
continue
raise exceptions.EndpointNotUnique(pod_id, service)
if len(config_list) == 1:
config_id = config_list[0]['service_id']
update_dict = {

View File

@ -70,10 +70,11 @@ source $DEVSTACK_DIR/functions
iniset $TEMPEST_CONF auth admin_username ${ADMIN_USERNAME:-"admin"}
iniset $TEMPEST_CONF auth admin_project_name admin
iniset $TEMPEST_CONF auth admin_password $OS_PASSWORD
iniset $TEMPEST_CONF identity auth_version v2
iniset $TEMPEST_CONF auth admin_domain_name default
iniset $TEMPEST_CONF identity auth_version v3
iniset $TEMPEST_CONF identity uri_v3 http://$SERVICE_HOST/identity/v3
iniset $TEMPEST_CONF identity uri http://$SERVICE_HOST:5000/v2.0/
iniset $TEMPEST_CONF identity-feature-enabled api_v2 True
iniset $TEMPEST_CONF identity uri $OS_AUTH_URL
iniset $TEMPEST_CONF identity-feature-enabled api_v3 True
iniset $TEMPEST_CONF compute region RegionOne
iniset $TEMPEST_CONF compute image_ref $image_id