From 1bdefbe59d6f933773cbc366c57c5887ebf18833 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Thu, 23 Aug 2018 11:22:53 +0200
Subject: [PATCH] IHA Default the compute endpoint check script to internal

Currently we instantiate a novaclient.client Client object without explicitely
passing any endpoint_type in kwargs. The Client object defaults to using
'publicURL': https://github.com/openstack/python-novaclient/blob/stable/queens/novaclient/client.py#L116

In some environments the access to publicURL is not desired and likely the wrong default.
So this needs to be a) configureable and b) default to internalURL when nothing is specified.

We make this configurable by leveraging the os_interface key in the
placement section of nova.conf as that is what specifies the endpoint
type since ocata: https://docs.openstack.org/releasenotes/nova/ocata.html#other-notes

We also check for the existance of the [placement]/valid_interface key
and will use that instead if it is present as it is the proper
recommended way to get this information as of queens (see
https://review.openstack.org/#/c/492247/). Since it is a list
of preferred endpoint URLs, we take the first one.

Tested by making sure via tcpdump that the internal_url was being hit
after restarting the nova_compute container with the patched code:
(overcloud) [stack@undercloud-0 ~]$ openstack endpoint list |grep comput
| 8ad225f34170467a84513c5b447662dc | regionOne | nova         | compute        | True    | admin     | http://172.17.1.16:8774/v2.1                   |
| 9a15e824601f43629b03ec99589c3d83 | regionOne | nova         | compute        | True    | internal  | http://172.17.1.16:8774/v2.1                   |
| c5b964700daf4abfac5060432debdbe3 | regionOne | nova         | compute        | True    | public    | https://10.0.0.101:13774/v2.1                  |

[root@compute-0 ~]# tcpdump -i any -nn host 172.17.1.16 and port 8774
09:29:57.824687 IP 172.17.1.10.37254 > 172.17.1.16.8774: Flags [S], seq 3520534439, win 29200, options [mss 1460,sackOK,TS val 564789919 ecr 0,nop,wscale 7], length 0
09:29:57.824946 ethertype IPv4, IP 172.17.1.16.8774 > 172.17.1.10.37254: Flags [S.], seq 3844540290, ack 3520534440, win 28960, options [mss 1460,sackOK,TS val 564810385 ecr 564789919,nop,wscale 7], length 0
09:29:57.824946 IP 172.17.1.16.8774 > 172.17.1.10.37254: Flags [S.], seq 3844540290, ack 3520534440, win 28960, options [mss 1460,sackOK,TS val 564810385 ecr 564789919,nop,wscale 7], length 0

Change-Id: Ifbb40e2a2222c229fd71eca2c4c36daa448e492d
Closes-Bug: #1788584
---
 .../tasks/instanceha/check-run-nova-compute   | 22 +++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/extraconfig/tasks/instanceha/check-run-nova-compute b/extraconfig/tasks/instanceha/check-run-nova-compute
index f79ed8345e..7c75aae851 100755
--- a/extraconfig/tasks/instanceha/check-run-nova-compute
+++ b/extraconfig/tasks/instanceha/check-run-nova-compute
@@ -95,6 +95,22 @@ def create_nova_connection(options):
     keystone_auth = loader.load_from_options(**kwargs)
     keystone_session = session.Session(auth=keystone_auth, verify=(not options["insecure"]))
 
+    nova_endpoint_type = 'internalURL'
+    # We default to internalURL but we allow this to be overridden via
+    # the [placement]/os_interface key.
+    if 'os_interface' in options and len(options["os_interface"]) == 1:
+        nova_endpoint_type = options["os_interface"][0]
+    # Via https://review.openstack.org/#/c/492247/ os_interface has been deprecatd in queens
+    # and we need to use 'valid_interfaces' which is a:
+    # "List of interfaces, in order of preference, for endpoint URL. (list value)"
+    # Since it is not explicitely set in nova.conf we still keep the check for os_interface
+    elif 'valid_interfaces' in options and len(options["valid_interfaces"]) >= 1:
+        nova_endpoint_type = options["valid_interfaces"][0]
+
+    # This mimicks the code in novaclient/shell.py
+    if nova_endpoint_type in ['internal', 'public', 'admin']:
+        nova_endpoint_type += 'URL'
+
     nova_versions = [ "2.23", "2" ]
     for version in nova_versions:
         clientargs = inspect.getargspec(client.Client).varargs
@@ -122,14 +138,16 @@ def create_nova_connection(options):
                                  insecure=options["insecure"],
                                  region_name=options["os_region_name"][0],
                                  session=keystone_session, auth=keystone_auth,
-                                 http_log_debug=options.has_key("verbose"))
+                                 http_log_debug=options.has_key("verbose"),
+                                 endpoint_type=nova_endpoint_type)
         else:
             # OSP >= Ocata
             # ArgSpec(args=['version'], varargs='args', keywords='kwargs', defaults=None)
             nova = client.Client(version,
                                  region_name=options["os_region_name"][0],
                                  session=keystone_session, auth=keystone_auth,
-                                 http_log_debug=options.has_key("verbose"))
+                                 http_log_debug=options.has_key("verbose"),
+                                 endpoint_type=nova_endpoint_type)
 
         try:
             nova.hypervisors.list()