Add upgrade check, and json2yaml policy handling
Adds the ironic-inspector-status command as well with the requried upgrade check. Mostly based upon https://review.opendev.org/#/c/763262/ which is based upon https://review.opendev.org/#/c/748059/ Note: Also had to update the version of eventlet because existing minimum requirement was seemingly incompatible with prior versions and would prevent lower constraints testing to proceed due to issues with ``os`` being patched by eventlet. Change-Id: I1f479f834f1d79e9eeb591c58a52b6ab80c24534
This commit is contained in:
parent
379b8923e0
commit
901c816b23
|
@ -126,7 +126,8 @@ function inspector_iniset {
|
||||||
|
|
||||||
function install_inspector {
|
function install_inspector {
|
||||||
setup_develop $IRONIC_INSPECTOR_DIR
|
setup_develop $IRONIC_INSPECTOR_DIR
|
||||||
|
# Check if things look okay
|
||||||
|
ironic-inspector-status upgrade check
|
||||||
if [[ "$IRONIC_INSPECTOR_STANDALONE" == "False" ]]; then
|
if [[ "$IRONIC_INSPECTOR_STANDALONE" == "False" ]]; then
|
||||||
install_apache_wsgi
|
install_apache_wsgi
|
||||||
# NOTE(rpittau) since devstack doesn't install test-requirements
|
# NOTE(rpittau) since devstack doesn't install test-requirements
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
Command References
|
||||||
|
==================
|
||||||
|
|
||||||
|
Here are references for commands not elsewhere documented.
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
|
ironic-inspector-status
|
|
@ -0,0 +1,83 @@
|
||||||
|
=======================
|
||||||
|
ironic-inspector-status
|
||||||
|
=======================
|
||||||
|
|
||||||
|
Synopsis
|
||||||
|
========
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
ironic-inspector-status <category> <command> [<args>]
|
||||||
|
|
||||||
|
Description
|
||||||
|
===========
|
||||||
|
|
||||||
|
:program:`ironic-inspector-status` is a tool that provides routines for
|
||||||
|
checking the status of the ironic-inspector deployment.
|
||||||
|
|
||||||
|
Options
|
||||||
|
=======
|
||||||
|
|
||||||
|
The standard pattern for executing a :program:`ironic-inspector-status`
|
||||||
|
command is::
|
||||||
|
|
||||||
|
ironic-inspector-status <category> <command> [<args>]
|
||||||
|
|
||||||
|
Run without arguments to see a list of available command categories::
|
||||||
|
|
||||||
|
ironic-inspector-status
|
||||||
|
|
||||||
|
Categories are:
|
||||||
|
|
||||||
|
* ``upgrade``
|
||||||
|
|
||||||
|
Detailed descriptions are below.
|
||||||
|
|
||||||
|
You can also run with a category argument such as ``upgrade`` to see a list of
|
||||||
|
all commands in that category::
|
||||||
|
|
||||||
|
ironic-inspector-status upgrade
|
||||||
|
|
||||||
|
These sections describe the available categories and arguments for
|
||||||
|
:program:`ironic-inspector-status`.
|
||||||
|
|
||||||
|
Upgrade
|
||||||
|
~~~~~~~
|
||||||
|
|
||||||
|
.. _ironic-inspector-status-checks:
|
||||||
|
|
||||||
|
``ironic-status upgrade check``
|
||||||
|
Performs a release-specific readiness check before restarting services with
|
||||||
|
new code. This command expects to have complete configuration and access
|
||||||
|
to databases and services.
|
||||||
|
|
||||||
|
**Return Codes**
|
||||||
|
|
||||||
|
.. list-table::
|
||||||
|
:widths: 20 80
|
||||||
|
:header-rows: 1
|
||||||
|
|
||||||
|
* - Return code
|
||||||
|
- Description
|
||||||
|
* - 0
|
||||||
|
- All upgrade readiness checks passed successfully and there is nothing
|
||||||
|
to do.
|
||||||
|
* - 1
|
||||||
|
- At least one check encountered an issue and requires further
|
||||||
|
investigation. This is considered a warning but the upgrade may be OK.
|
||||||
|
* - 2
|
||||||
|
- There was an upgrade status check failure that needs to be
|
||||||
|
investigated. This should be considered something that stops an
|
||||||
|
upgrade.
|
||||||
|
* - 255
|
||||||
|
- An unexpected error occurred.
|
||||||
|
|
||||||
|
**History of Checks**
|
||||||
|
|
||||||
|
**Wallaby**
|
||||||
|
|
||||||
|
* Adds initial status check command as it was not previously needed
|
||||||
|
as the database structure and use of ironic-inspector's of
|
||||||
|
ironic-inspector did not require the command previously.
|
||||||
|
* Adds a check to validate the configured policy file is not JSON
|
||||||
|
based as JSON based policies have been deprecated.
|
|
@ -2,6 +2,16 @@
|
||||||
Policies
|
Policies
|
||||||
========
|
========
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
JSON formatted policy files were deprecated in the Wallaby development
|
||||||
|
cycle due to the Victoria deprecation by the ``olso.policy`` library.
|
||||||
|
Use the `oslopolicy-convert-json-to-yaml`__ tool
|
||||||
|
to convert the existing JSON to YAML formatted policy file in backward
|
||||||
|
compatible way.
|
||||||
|
|
||||||
|
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
|
||||||
|
|
||||||
|
|
||||||
The following is an overview of all available policies in **ironic inspector**.
|
The following is an overview of all available policies in **ironic inspector**.
|
||||||
For a sample configuration file, refer to :doc:`sample-policy`.
|
For a sample configuration file, refer to :doc:`sample-policy`.
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,7 @@ Using Ironic Inspector
|
||||||
:maxdepth: 2
|
:maxdepth: 2
|
||||||
|
|
||||||
install/index
|
install/index
|
||||||
|
cli/index
|
||||||
configuration/index
|
configuration/index
|
||||||
user/index
|
user/index
|
||||||
admin/index
|
admin/index
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
# Copyright (c) 2018 NEC, Corp.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import sys
|
||||||
|
|
||||||
|
from oslo_config import cfg
|
||||||
|
from oslo_upgradecheck import common_checks
|
||||||
|
from oslo_upgradecheck import upgradecheck
|
||||||
|
|
||||||
|
from ironic_inspector.common.i18n import _
|
||||||
|
import ironic_inspector.conf as conf
|
||||||
|
from ironic_inspector import policy # noqa Import for configuratiog loading.
|
||||||
|
|
||||||
|
CONF = conf.CONF
|
||||||
|
|
||||||
|
|
||||||
|
class Checks(upgradecheck.UpgradeCommands):
|
||||||
|
|
||||||
|
"""Upgrade checks for the ironic-status upgrade check command
|
||||||
|
|
||||||
|
Upgrade checks should be added as separate methods in this class
|
||||||
|
and added to _upgrade_checks tuple.
|
||||||
|
"""
|
||||||
|
|
||||||
|
# A tuple of check tuples of (<name of check>, <check function>).
|
||||||
|
# The name of the check will be used in the output of this command.
|
||||||
|
# The check function takes no arguments and returns an
|
||||||
|
# oslo_upgradecheck.upgradecheck.Result object with the appropriate
|
||||||
|
# oslo_upgradecheck.upgradecheck.Code and details set. If the
|
||||||
|
# check function hits warnings or failures then those should be stored
|
||||||
|
# in the returned Result's "details" attribute. The
|
||||||
|
# summary will be rolled up at the end of the check() method.
|
||||||
|
_upgrade_checks = (
|
||||||
|
# Added in Wallaby to raise visibility of the Victoria deprecation
|
||||||
|
# of oslo.policy's json policy support.
|
||||||
|
(_('Policy File JSON to YAML Migration'),
|
||||||
|
(common_checks.check_policy_json, {'conf': CONF})),
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
return upgradecheck.main(
|
||||||
|
cfg.CONF, project='ironic', upgrade_command=Checks())
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
sys.exit(main())
|
|
@ -16,12 +16,21 @@ import sys
|
||||||
|
|
||||||
from oslo_concurrency import lockutils
|
from oslo_concurrency import lockutils
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
from oslo_policy import opts
|
||||||
from oslo_policy import policy
|
from oslo_policy import policy
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
|
|
||||||
_ENFORCER = None
|
_ENFORCER = None
|
||||||
|
|
||||||
|
|
||||||
|
# TODO(gmann): Remove setting the default value of config policy_file
|
||||||
|
# once oslo_policy change the default value to 'policy.yaml'.
|
||||||
|
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||||
|
DEFAULT_POLICY_FILE = 'policy.yaml'
|
||||||
|
opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
|
||||||
|
|
||||||
|
|
||||||
default_policies = [
|
default_policies = [
|
||||||
policy.RuleDefault(
|
policy.RuleDefault(
|
||||||
'is_admin',
|
'is_admin',
|
||||||
|
@ -154,10 +163,11 @@ def init_enforcer(policy_file=None, rules=None,
|
||||||
|
|
||||||
if _ENFORCER:
|
if _ENFORCER:
|
||||||
return
|
return
|
||||||
_ENFORCER = policy.Enforcer(CONF, policy_file=policy_file,
|
_ENFORCER = policy.Enforcer(
|
||||||
rules=rules,
|
CONF, policy_file=policy_file,
|
||||||
default_rule=default_rule,
|
rules=rules,
|
||||||
use_conf=use_conf)
|
default_rule=default_rule,
|
||||||
|
use_conf=use_conf)
|
||||||
_ENFORCER.register_defaults(list_policies())
|
_ENFORCER.register_defaults(list_policies())
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -21,8 +21,8 @@ from ironic_inspector import policy as inspector_policy
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
|
|
||||||
policy_data = """{
|
policy_data = """
|
||||||
}
|
---
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
@ -31,7 +31,7 @@ class PolicyFixture(fixtures.Fixture):
|
||||||
super(PolicyFixture, self).setUp()
|
super(PolicyFixture, self).setUp()
|
||||||
self.policy_dir = self.useFixture(fixtures.TempDir())
|
self.policy_dir = self.useFixture(fixtures.TempDir())
|
||||||
self.policy_file_name = os.path.join(self.policy_dir.path,
|
self.policy_file_name = os.path.join(self.policy_dir.path,
|
||||||
'policy.json')
|
'policy.yaml')
|
||||||
with open(self.policy_file_name, 'w') as policy_file:
|
with open(self.policy_file_name, 'w') as policy_file:
|
||||||
policy_file.write(policy_data)
|
policy_file.write(policy_data)
|
||||||
policy_opts.set_defaults(CONF)
|
policy_opts.set_defaults(CONF)
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The default value of ``[oslo_policy] policy_file`` config option has been
|
||||||
|
changed from ``policy.json`` to ``policy.yaml``.
|
||||||
|
Operators who are utilizing customized policy files or previously generated
|
||||||
|
static policy files (which are not needed by default), should generate
|
||||||
|
new policy files and modify them to meet their needs in the event of
|
||||||
|
any new policies or rules have been added.
|
||||||
|
Please consult the `oslopolicy-convert-json-to-yaml <https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
|
||||||
|
tool to convert a JSON to YAML formatted policy file in
|
||||||
|
backward compatible way.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
Use of legacy policy files was deprecated by the ``oslo.policy`` library
|
||||||
|
during the Victoria development cycle. As a result, this deprecation is
|
||||||
|
being noted in the Wallaby with an anticipated future removal of support
|
||||||
|
by ``oslo.policy``. As such operators will need to convert to YAML policy
|
||||||
|
files. Please see the upgrade notes for details on migration of any
|
||||||
|
custom policy files.
|
|
@ -4,7 +4,7 @@
|
||||||
automaton>=1.9.0 # Apache-2.0
|
automaton>=1.9.0 # Apache-2.0
|
||||||
alembic>=1.4.2 # MIT
|
alembic>=1.4.2 # MIT
|
||||||
construct>=2.9.39 # MIT
|
construct>=2.9.39 # MIT
|
||||||
eventlet!=0.18.3,!=0.20.1,>=0.18.2 # MIT
|
eventlet>=0.26.0 # MIT
|
||||||
Flask>=1.1.0 # BSD
|
Flask>=1.1.0 # BSD
|
||||||
futurist>=1.2.0 # Apache-2.0
|
futurist>=1.2.0 # Apache-2.0
|
||||||
ironic-lib>=4.3.0 # Apache-2.0
|
ironic-lib>=4.3.0 # Apache-2.0
|
||||||
|
@ -18,18 +18,19 @@ pytz>=2013.6 # MIT
|
||||||
PyYAML>=5.3.1
|
PyYAML>=5.3.1
|
||||||
openstacksdk>=0.40.0 # Apache-2.0
|
openstacksdk>=0.40.0 # Apache-2.0
|
||||||
oslo.concurrency>=3.26.0 # Apache-2.0
|
oslo.concurrency>=3.26.0 # Apache-2.0
|
||||||
oslo.config>=5.2.0 # Apache-2.0
|
oslo.config>=6.8.0 # Apache-2.0
|
||||||
oslo.context>=2.19.2 # Apache-2.0
|
oslo.context>=2.19.2 # Apache-2.0
|
||||||
oslo.db>=6.0.0 # Apache-2.0
|
oslo.db>=6.0.0 # Apache-2.0
|
||||||
oslo.i18n>=3.15.3 # Apache-2.0
|
oslo.i18n>=3.15.3 # Apache-2.0
|
||||||
oslo.log>=3.36.0 # Apache-2.0
|
oslo.log>=3.36.0 # Apache-2.0
|
||||||
oslo.messaging>=5.32.0 # Apache-2.0
|
oslo.messaging>=5.32.0 # Apache-2.0
|
||||||
oslo.middleware>=3.31.0 # Apache-2.0
|
oslo.middleware>=3.31.0 # Apache-2.0
|
||||||
oslo.policy>=1.30.0 # Apache-2.0
|
oslo.policy>=3.6.0 # Apache-2.0
|
||||||
oslo.rootwrap>=5.8.0 # Apache-2.0
|
oslo.rootwrap>=5.8.0 # Apache-2.0
|
||||||
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
||||||
oslo.service!=1.28.1,>=1.24.0 # Apache-2.0
|
oslo.service!=1.28.1,>=1.24.0 # Apache-2.0
|
||||||
oslo.utils>=3.33.0 # Apache-2.0
|
oslo.upgradecheck>=1.2.0 # Apache-2.0
|
||||||
|
oslo.utils>=4.5.0 # Apache-2.0
|
||||||
tenacity>=6.2.0 # Apache-2.0
|
tenacity>=6.2.0 # Apache-2.0
|
||||||
stevedore>=1.20.0 # Apache-2.0
|
stevedore>=1.20.0 # Apache-2.0
|
||||||
SQLAlchemy>=1.2.19 # MIT
|
SQLAlchemy>=1.2.19 # MIT
|
||||||
|
|
|
@ -33,6 +33,7 @@ console_scripts =
|
||||||
ironic-inspector-conductor = ironic_inspector.cmd.conductor:main
|
ironic-inspector-conductor = ironic_inspector.cmd.conductor:main
|
||||||
ironic-inspector-rootwrap = oslo_rootwrap.cmd:main
|
ironic-inspector-rootwrap = oslo_rootwrap.cmd:main
|
||||||
ironic-inspector-migrate-data = ironic_inspector.cmd.migration:main
|
ironic-inspector-migrate-data = ironic_inspector.cmd.migration:main
|
||||||
|
ironic-inspector-status = ironic_inspector.cmd.status:main
|
||||||
wsgi_scripts =
|
wsgi_scripts =
|
||||||
ironic-inspector-api-wsgi = ironic_inspector.cmd.wsgi:initialize_wsgi_app
|
ironic-inspector-api-wsgi = ironic_inspector.cmd.wsgi:initialize_wsgi_app
|
||||||
ironic_inspector.hooks.processing =
|
ironic_inspector.hooks.processing =
|
||||||
|
|
Loading…
Reference in New Issue