Merge "Use keystoneauth1 for cinder access"

2017-01-10 11:42:43 +00:00 · 2017-01-10 11:42:43 +00:00 · 19a8114ef9
parent 18bb72389d af24f14be5
commit 19a8114ef9
7 changed files with 63 additions and 21 deletions
--- a/devstack/local.conf.sample
+++ b/devstack/local.conf.sample
@ -9,4 +9,8 @@ SERVICE_PASSWORD=pass
 SERVICE_TOKEN=pass
 ADMIN_PASSWORD=pass

+# Install kuryr git master source code by default.
+# If you want to use stable kuryr lib, please comment out this line.
+LIBS_FROM_GIT=kuryr
+
 enable_plugin fuxi https://git.openstack.org/openstack/fuxi
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -54,10 +54,7 @@ function configure_fuxi {

    if is_service_enabled fuxi; then
        configure_auth_token_middleware $FUXI_CONFIG fuxi \
-            $FUXI_AUTH_CACHE_DIR keystone
-        iniset $FUXI_CONFIG keystone admin_user fuxi
-        iniset $FUXI_CONFIG keystone admin_password $SERVICE_PASSWORD
-        iniset $FUXI_CONFIG keystone admin_tenant_name $SERVICE_PROJECT_NAME
+            $FUXI_AUTH_CACHE_DIR cinder

        iniset $FUXI_CONFIG DEFAULT fuxi_port 7879
        iniset $FUXI_CONFIG DEFAULT my_ip $HOST_IP
@ -79,6 +76,10 @@ function configure_fuxi {
 if is_service_enabled fuxi; then

    if [[ "$1" == "stack" && "$2" == "install" ]]; then
+        if use_library_from_git "kuryr"; then
+            git_clone_by_name "kuryr"
+            setup_dev_lib "kuryr"
+        fi
        install_etcd_data_store
        setup_develop $FUXI_HOME

--- a/devstack/settings
+++ b/devstack/settings
@ -17,4 +17,8 @@ FUXI_DOCKER_ENGINE_PORT=${FUXI_DOCKER_ENGINE_PORT:-2375}
 FUXI_DOCKER_ENGINE_SOCKET_FILE=${FUXI_DOCKER_ENGINE_SOCKET_FILE:-/var/run/docker.sock}
 FUXI_ETCD_PORT=${FUXI_ETCD_PORT:-4001}

+GITREPO["kuryr"]=${KURYR_REPO:-${GIT_BASE}/openstack/kuryr.git}
+GITBRANCH["kuryr"]=${KURYR_BRANCH:-master}
+GITDIR["kuryr"]=$DEST/kuryr
+
 enable_service fuxi etcd-server docker-engine
--- a/fuxi/common/config.py
+++ b/fuxi/common/config.py
@ -12,6 +12,8 @@

 import os

+from kuryr.lib import config as kuryr_config
+from kuryr.lib import opts as kuryr_opts
 from oslo_config import cfg
 from oslo_log import log as logging

@ -45,31 +47,39 @@ default_opts = [
               default='/etc/fuxi/rootwrap.conf'),
 ]

-keystone_opts = [
+legacy_keystone_opts = [
    cfg.StrOpt('region',
               default=os.environ.get('REGION'),
-               help=_('The region that this machine belongs to.')),
+               help=_('The region that this machine belongs to.'),
+               deprecated_for_removal=True),
    cfg.StrOpt('auth_url',
               default=os.environ.get('IDENTITY_URL'),
-               help=_('The URL for accessing the identity service.')),
+               help=_('The URL for accessing the identity service.'),
+               deprecated_for_removal=True),
    cfg.StrOpt('admin_user',
               default=os.environ.get('SERVICE_USER'),
-               help=_('The username to auth with the identity service.')),
+               help=_('The username to auth with the identity service.'),
+               deprecated_for_removal=True),
    cfg.StrOpt('admin_tenant_name',
               default=os.environ.get('SERVICE_TENANT_NAME'),
-               help=_('The tenant name to auth with the identity service.')),
+               help=_('The tenant name to auth with the identity service.'),
+               deprecated_for_removal=True),
    cfg.StrOpt('admin_password',
               default=os.environ.get('SERVICE_PASSWORD'),
-               help=_('The password to auth with the identity service.')),
+               help=_('The password to auth with the identity service.'),
+               deprecated_for_removal=True),
    cfg.StrOpt('admin_token',
               default=os.environ.get('SERVICE_TOKEN'),
-               help=_('The admin token.')),
+               help=_('The admin token.'),
+               deprecated_for_removal=True),
    cfg.StrOpt('auth_ca_cert',
               default=os.environ.get('SERVICE_CA_CERT'),
-               help=_('The CA certification file.')),
+               help=_('The CA certification file.'),
+               deprecated_for_removal=True),
    cfg.BoolOpt('auth_insecure',
                default=True,
-                help=_("Turn off verification of the certificate for ssl.")),
+                help=_("Turn off verification of the certificate for ssl."),
+                deprecated_for_removal=True),
 ]

 cinder_opts = [
@ -96,9 +106,17 @@ cinder_opts = [

 CONF = cfg.CONF
 CONF.register_opts(default_opts)
-CONF.register_opts(keystone_opts, group='keystone')
+CONF.register_opts(legacy_keystone_opts, group='keystone')
 CONF.register_opts(cinder_opts, group='cinder')

+CFG_GROUP = 'cinder'
+
+# Settting options for Keystone.
+kuryr_config.register_keystoneauth_opts(CONF, CFG_GROUP)
+CONF.set_default('auth_type', default='password', group=CFG_GROUP)
+
+keystone_auth_opts = kuryr_opts.get_keystoneauth_conf_options()
+
 # Setting oslo.log options for logging.
 logging.register_options(CONF)

--- a/fuxi/opts.py
+++ b/fuxi/opts.py
@ -21,5 +21,6 @@ from fuxi.common import config

 def list_fuxi_opts():
    return [('DEFAULT', itertools.chain(config.default_opts,)),
-            ('keystone', itertools.chain(config.keystone_opts,)),
-            ('cinder', itertools.chain(config.cinder_opts,)), ]
+            ('keystone', itertools.chain(config.legacy_keystone_opts,)),
+            ('cinder', itertools.chain(config.cinder_opts,)),
+            (config.CFG_GROUP, itertools.chain(config.keystone_auth_opts,)), ]
--- a/fuxi/utils.py
+++ b/fuxi/utils.py
@ -18,14 +18,12 @@ import socket
 import string
 import traceback

-from fuxi.common import constants
-from fuxi import exceptions
-from fuxi.i18n import _LW, _LE
-
 from cinderclient import client as cinder_client
 from cinderclient import exceptions as cinder_exception
+from keystoneauth1 import exceptions as ka_exception
 from keystoneauth1.session import Session
 from keystoneclient.auth import get_plugin_class
+from kuryr.lib import utils as kuryr_utils
 from novaclient import client as nova_client
 from novaclient import exceptions as nova_exception
 from os_brick import exception as brick_exception
@ -36,6 +34,11 @@ from oslo_utils import importutils
 from oslo_utils import uuidutils
 from werkzeug import exceptions as w_exceptions

+from fuxi.common import config
+from fuxi.common import constants
+from fuxi import exceptions
+from fuxi.i18n import _LW, _LE
+
 cloud_init_conf = '/var/lib/cloud/instances'

 CONF = cfg.CONF
@ -140,7 +143,7 @@ def _openstack_auth_from_config(**config):
    return plugin_class(**plugin_kwargs)


-def get_keystone_session(**kwargs):
+def get_legacy_keystone_session(**kwargs):
    keystone_conf = CONF.keystone
    config = {}
    config['auth_url'] = keystone_conf.auth_url
@ -158,6 +161,16 @@ def get_keystone_session(**kwargs):
    return Session(auth=_openstack_auth_from_config(**config), verify=verify)


+def get_keystone_session(**kwargs):
+    try:
+        conf_group = config.CFG_GROUP
+        auth_plugin = kuryr_utils.get_auth_plugin(conf_group)
+        session = kuryr_utils.get_keystone_session(conf_group, auth_plugin)
+        return session
+    except ka_exception.MissingRequiredOptions:
+        return get_legacy_keystone_session(**kwargs)
+
+
 def get_cinderclient(session=None, region=None, **kwargs):
    if not session:
        session = get_keystone_session(**kwargs)
--- a/requirements.txt
+++ b/requirements.txt
@ -7,6 +7,7 @@ pytz>=2013.6 # MIT
 Babel>=2.3.4 # BSD
 Flask!=0.11,<1.0,>=0.10 # BSD
 keystoneauth1>=2.16.0 # Apache-2.0
+kuryr-lib>=0.1.0 # Apache-2.0
 oslo.rootwrap>=5.0.0 # Apache-2.0
 oslo.concurrency>=3.8.0 # Apache-2.0
 oslo.config!=3.18.0,>=3.14.0 # Apache-2.0