When using nginx to terminate TLS (like it's done in Bifrost), it's more
secure to use a Unix socket for communication, so that local users
cannot access plain text communication.
Change-Id: I37b762cca035b5855deb92635c29e8eb97a87c20
This patch splits API and conductor services for ironic-inspector.
Previous patch utilized lock from tooz coordinator, this patch adds
a coordinator wrapper for easier usage and further introduces group
interfaces.
Each conductor service will join a predefined group to mark it's
availability, on each request, API service will query members from
the group and randomly choose on of them, create desiginated topic
and deliver request to it.
The feature is tested with the memcached, file backend of tooz.
Other backends are not fully tested but may work as well, please
refer to tooz documentation for driver compatibilities[1].
[1] https://docs.openstack.org/tooz/latest/user/compatibility.html
Story: 2001842
Task: 30376
Change-Id: I419176cd6d44d74c066db275ef008fe8bb6ef37a
This patch is part of inspector HA work, which wraps inspector api into
oslo service.
oslo.service has also provided support to signal processing like SIGHUP or
SIGTERM, so these code were removed in this patch.
Deprecated current SSL cert/key options used by ironic-inspector, code
manually creates ssl context were removed. These options will be fed
from [ssl] section.
Change-Id: Ia5e16fcb9104556d62c90f5507f17b41f73a5208
Story: #2001842
Task: #12609
This patch is part of work splitting inspector api and worker.
The rpc server is wrapped into oslo.service, and launched from
api process.
Now api and worker belongs to separate thread, functional tests
use the fake messaging driver, while devstack jobs use rabbitmq.
Change-Id: Ie03d16f9d115c3561723463dea6a57d2a763bcc6
Story: #2001842
Task: #23109
Catch SIGTERM signal and call the signal handler method.
The signal handler then raises KeyboardInterrupt. The
KeyboardInterrupt won't be caught by any 'except Exception'
clauses.
Without this the service does not stop periodic workers,
tear down pxe filters etc as it is supposed to on shutdown.
NOTE: Calling shutdown() directly from the signal handler
causes the below error. This is why the signal handler
raises KeyboardInterrupt.
AssertionError: Cannot switch to MAINLOOP from MAINLOOP
Related-Bug: #1765700
Story: 2001890
Task: 14374
Change-Id: If0e24eae767b7806243fa4ae34fedb30ae9af25a
Adds oslo.messaging to ironic-inspector, and convert
inspect, abort and reapply to synchronized rpc calls.
This is the first step of API and worker seperation.
Change-Id: I15e86d7feb623b6b2889891b9700e5de6b3164cd
Story: #2001842
Task: # 12609
This adds signal handler to reload mutable configuration options
on SIGHUP.
It has to be done manually, because ironic-inspector doesn't use
oslo.service.
Change-Id: I38955fe9dbfd339df2a10dcbb55e996bf515034a
Story: #1585595
Task: #12543
This patch allows a periodic task to shut down the inspector upon a
(critical) failure. This is needed in case of a (future) PXE filter driver
malfunction to avoid inspector running with a broken filter.
The test_wsgi_service unit test module was refactored to address test
ordering dependency issues and to enhance the mocking.
Change-Id: I50e6408bf30416d8c7ff9e30be0e938cec12b7cd
Related-Bug: 1665666
Creates new WSGIService class which keeps base API sercice
initialization functionality and serve flask application. Also
it will configure application for wsgi container[1].
Also creates new `cmd` directory for storing console scripts.
[1] https://governance.openstack.org/tc/goals/pike/deploy-api-in-wsgi.html
Related-Bug: #1525218
Change-Id: Ia64228c47a79a3008d435e8323a964f2bc45dfa7