def get_ironic_api_url():
"""Resolve Ironic API endpoint
either from config of from Keystone catalog.
"""
adapter_opts = {'session': _get_ironic_session()}
# NOTE(pas-ha) force 'none' auth plugin for noauth mode
if CONF.auth_strategy != 'keystone':
CONF.set_override('auth_type', 'none', group='service_catalog')
adapter_opts['auth'] = keystone.get_auth('service_catalog')
# TODO(pas-ha) remove in Rocky
# NOTE(pas-ha) if both set, the new options win
if CONF.conductor.api_url and not CONF.service_catalog.endpoint_override:
adapter_opts['endpoint_override'] = CONF.conductor.api_url
try:
ironic_api = keystone.get_endpoint('service_catalog', **adapter_opts)
except (exception.KeystoneFailure, exception.CatalogNotFound,
exception.KeystoneUnauthorized) as e:
raise exception.InvalidParameterValue(
_("Couldn't get the URL of the Ironic API service from the "
"configuration file or keystone catalog. Keystone error: "
"%s") % str(e))
# NOTE: we should strip '/' from the end because it might be used in
# hardcoded ramdisk script
ironic_api = ironic_api.rstrip('/')
return ironic_api
def get_client(token=None, context=None):
if not context:
context = ironic_context.RequestContext(auth_token=token)
# NOTE(pas-ha) neutronclient supports passing both session
# and the auth to client separately, makes things easier
session = _get_neutron_session()
service_auth = keystone.get_auth('neutron')
# TODO(pas-ha) remove in Rocky, always simply load from config
# 'noauth' then would correspond to 'auth_type=none' and
# 'endpoint_override'
adapter_params = {}
if (CONF.neutron.auth_strategy == 'noauth'
and CONF.neutron.auth_type is None):
CONF.set_override('auth_type', 'none', group='neutron')
if not CONF.neutron.endpoint_override:
adapter_params['endpoint_override'] = (CONF.neutron.url
or DEFAULT_NEUTRON_URL)
else:
if CONF.neutron.url and not CONF.neutron.endpoint_override:
adapter_params['endpoint_override'] = CONF.neutron.url
adapter = keystone.get_adapter('neutron', session=session,
auth=service_auth, **adapter_params)
endpoint = adapter.get_endpoint()
user_auth = None
if CONF.neutron.auth_type != 'none' and context.auth_token:
user_auth = keystone.get_service_auth(context, endpoint, service_auth)
return clientv20.Client(session=session,
auth=user_auth or service_auth,
endpoint_override=endpoint,
retries=CONF.neutron.retries,
global_request_id=context.global_id,
timeout=CONF.neutron.request_timeout)
def main():
service.prepare_service()
CONF.set_override('debug', False)
_assess_db_performance()
_assess_db_and_object_performance()
_assess_db_object_and_api_performance()
_report_conductors()
def get_client(token=None, context=None):
if not context:
context = ironic_context.RequestContext(auth_token=token)
# NOTE(pas-ha) neutronclient supports passing both session
# and the auth to client separately, makes things easier
session = _get_neutron_session()
service_auth = keystone.get_auth('neutron')
# TODO(pas-ha) remove in Rocky, always simply load from config
# 'noauth' then would correspond to 'auth_type=none' and
# 'endpoint_override'
adapter_params = {}
if (CONF.neutron.auth_strategy == 'noauth'
and CONF.neutron.auth_type is None):
CONF.set_override('auth_type', 'none', group='neutron')
if not CONF.neutron.endpoint_override:
adapter_params['endpoint_override'] = (CONF.neutron.url
or DEFAULT_NEUTRON_URL)
else:
if CONF.neutron.url and not CONF.neutron.endpoint_override:
adapter_params['endpoint_override'] = CONF.neutron.url
adapter = keystone.get_adapter('neutron', session=session,
auth=service_auth, **adapter_params)
endpoint = adapter.get_endpoint()
user_auth = None
if CONF.neutron.auth_type != 'none' and context.auth_token:
user_auth = keystone.get_service_auth(context, endpoint, service_auth)
return clientv20.Client(session=session,
auth=user_auth or service_auth,
endpoint_override=endpoint,
retries=CONF.neutron.retries,
global_request_id=context.global_id)
def wrapper(self, *args, **kwargs):
"""Wrapper around methods calls.
:param image_href: href that describes the location of an image
"""
if self.client:
return func(self, *args, **kwargs)
# TODO(pas-ha) remove in Rocky
session_params = {}
if CONF.glance.glance_api_insecure and not CONF.glance.insecure:
session_params['insecure'] = CONF.glance.glance_api_insecure
if CONF.glance.glance_cafile and not CONF.glance.cafile:
session_params['cacert'] = CONF.glance.glance_cafile
# NOTE(pas-ha) glanceclient uses Adapter-based SessionClient,
# so we can pass session and auth separately, makes things easier
session = _get_glance_session(**session_params)
# TODO(pas-ha) remove in Rocky
# NOTE(pas-ha) new option must win if configured
if (CONF.glance.glance_api_servers
and not CONF.glance.endpoint_override):
# NOTE(pas-ha) all the 2 methods have image_href as the first
# positional arg, but check in kwargs too
image_href = args[0] if args else kwargs.get('image_href')
url = service_utils.get_glance_api_server(image_href)
CONF.set_override('endpoint_override', url, group='glance')
# TODO(pas-ha) remove in Rocky
if CONF.glance.auth_strategy == 'noauth':
CONF.set_override('auth_type', 'none', group='glance')
service_auth = keystone.get_auth('glance')
# TODO(pas-ha) remove in Rocky
adapter_params = {}
if CONF.keystone.region_name and not CONF.glance.region_name:
adapter_params['region_name'] = CONF.keystone.region_name
adapter = keystone.get_adapter('glance',
session=session,
auth=service_auth,
**adapter_params)
self.endpoint = adapter.get_endpoint()
user_auth = None
# NOTE(pas-ha) our ContextHook removes context.auth_token in noauth
# case, so when ironic is in noauth but glance is not, we will not
# enter the next if-block and use auth from [glance] config section
if self.context.auth_token:
user_auth = keystone.get_service_auth(self.context, self.endpoint,
service_auth)
self.client = client.Client(self.version,
session=session,
auth=user_auth or service_auth,
endpoint_override=self.endpoint,
global_request_id=self.context.global_id)
return func(self, *args, **kwargs)
def test_serialize_entity_no_pin(self, mock_release_mapping):
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1],
enforce_type=True)
mock_release_mapping.__getitem__.return_value = {'objects': {}}
serializer = base.IronicObjectSerializer()
obj = MyObj(self.context)
primitive = serializer.serialize_entity(self.context, obj)
self.assertEqual('1.5', primitive['ironic_object.version'])
def test_get_changes_pinned_2versions(self, mock_release_mapping):
# obj_get_changes() is not affected by pinning
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.__getitem__.return_value = {
'objects': {
'MyObj': ['1.3', '1.4'],
}
}
self._test_get_changes(target_version='1.4')
def test_get_target_version_pinned_no_myobj(self, mock_release_mapping):
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.__getitem__.return_value = {
'objects': {
'NotMyObj': ['1.4'],
}
}
obj = MyObj(self.context)
self.assertEqual('1.5', obj.get_target_version())
def test_get_changes_pinned(self, mock_release_mapping):
# obj_get_changes() is not affected by pinning
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.__getitem__.return_value = {
'objects': {
'MyObj': '1.4',
}
}
self._test_get_changes(target_version='1.4')
def test_get_target_version_pinned_no_myobj(self, mock_release_mapping):
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.__getitem__.return_value = {
'objects': {
'NotMyObj': '1.4',
}
}
obj = MyObj(self.context)
self.assertEqual('1.5', obj.get_target_version())
def test_max_version_pinned(self, mock_release_mapping):
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.get.return_value = {
'api': '1.5',
'rpc': '1.4',
'objects': {
'MyObj': ['1.4'],
}
}
self.assertEqual('1.5', versions.max_version_string())
def test_get_target_version_pinned_bad(self, mock_release_mapping):
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.__getitem__.return_value = {
'objects': {
'MyObj': ['1.6'],
}
}
obj = MyObj(self.context)
self.assertRaises(object_exception.IncompatibleObjectVersion,
obj.get_target_version)
def test_get_target_version_pinned_bad(self, mock_release_mapping):
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.__getitem__.return_value = {
'objects': {
'MyObj': '1.6',
}
}
obj = MyObj(self.context)
self.assertRaises(object_exception.IncompatibleObjectVersion,
obj.get_target_version)
def test_max_version_pinned(self, mock_release_mapping):
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.get.return_value = {
'api': '1.5',
'rpc': '1.4',
'objects': {
'MyObj': ['1.4'],
}
}
self.assertEqual('1.5', versions.max_version_string())
def test_serialize_entity_invalid_pin(self, mock_release_mapping):
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.__getitem__.return_value = {
'objects': {
'MyObj': '1.6',
}
}
serializer = base.IronicObjectSerializer()
obj = MyObj(self.context)
self.assertRaises(object_exception.InvalidTargetVersion,
serializer.serialize_entity, self.context, obj)
def test_prepare_whole_disk_image_uefi(self, prepare_node_for_deploy_mock,
pxe_prepare_mock):
CONF.set_override('default_boot_option', 'netboot', 'deploy')
self.node.provision_state = states.DEPLOYING
self.node.save()
with task_manager.acquire(self.context, self.node.uuid,
shared=False) as task:
task.node.properties['capabilities'] = 'boot_mode:uefi'
task.node.driver_internal_info['is_whole_disk_image'] = True
task.driver.deploy.prepare(task)
prepare_node_for_deploy_mock.assert_called_once_with(task)
pxe_prepare_mock.assert_called_once_with(mock.ANY, task)
def wrapper(self, *args, **kwargs):
"""Wrapper around methods calls.
:param image_href: href that describes the location of an image
"""
if self.client:
return func(self, *args, **kwargs)
# TODO(pas-ha) remove in Rocky
session_params = {}
if CONF.glance.glance_api_insecure and not CONF.glance.insecure:
session_params['insecure'] = CONF.glance.glance_api_insecure
if CONF.glance.glance_cafile and not CONF.glance.cafile:
session_params['cacert'] = CONF.glance.glance_cafile
# NOTE(pas-ha) glanceclient uses Adapter-based SessionClient,
# so we can pass session and auth separately, makes things easier
session = _get_glance_session(**session_params)
# TODO(pas-ha) remove in Rocky
# NOTE(pas-ha) new option must win if configured
if (CONF.glance.glance_api_servers
and not CONF.glance.endpoint_override):
# NOTE(pas-ha) all the 2 methods have image_href as the first
# positional arg, but check in kwargs too
image_href = args[0] if args else kwargs.get('image_href')
url = service_utils.get_glance_api_server(image_href)
CONF.set_override('endpoint_override', url, group='glance')
# TODO(pas-ha) remove in Rocky
if CONF.glance.auth_strategy == 'noauth':
CONF.set_override('auth_type', 'none', group='glance')
service_auth = keystone.get_auth('glance')
adapter_params = {}
adapter = keystone.get_adapter('glance', session=session,
auth=service_auth, **adapter_params)
self.endpoint = adapter.get_endpoint()
user_auth = None
# NOTE(pas-ha) our ContextHook removes context.auth_token in noauth
# case, so when ironic is in noauth but glance is not, we will not
# enter the next if-block and use auth from [glance] config section
if self.context.auth_token:
user_auth = keystone.get_service_auth(self.context, self.endpoint,
service_auth)
self.client = client.Client(2, session=session,
auth=user_auth or service_auth,
endpoint_override=self.endpoint,
global_request_id=self.context.global_id)
return func(self, *args, **kwargs)
def test_deserialize_entity_pin_ignored(self, mock_release_mapping):
# Deserializing doesn't look at pinning
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.__getitem__.return_value = {
'objects': {
'MyTestObj': '1.0',
}
}
ser = base.IronicObjectSerializer()
@base.IronicObjectRegistry.register
class MyTestObj(MyObj):
VERSION = '1.1'
obj = MyTestObj(self.context)
primitive = obj.obj_to_primitive()
result = ser.deserialize_entity(self.context, primitive)
self.assertEqual('1.1', result.VERSION)
self.assertEqual('1.0', result.get_target_version())
self.assertFalse(mock_release_mapping.called)
def test_deserialize_entity_pin_ignored(self, mock_release_mapping):
# Deserializing doesn't look at pinning
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.__getitem__.return_value = {
'objects': {
'MyTestObj': ['1.0'],
}
}
ser = base.IronicObjectSerializer()
@base.IronicObjectRegistry.register
class MyTestObj(MyObj):
VERSION = '1.1'
obj = MyTestObj(self.context)
primitive = obj.obj_to_primitive()
result = ser.deserialize_entity(self.context, primitive)
self.assertEqual('1.1', result.VERSION)
self.assertEqual('1.0', result.get_target_version())
self.assertFalse(mock_release_mapping.called)
def test_serialize_entity_backport(self, mock_release_mapping):
"""Test single element serializer with backport."""
CONF.set_override('pin_release_version',
release_mappings.RELEASE_VERSIONS[-1])
mock_release_mapping.__getitem__.return_value = {
'objects': {
'MyObj': '1.4',
}
}
serializer = base.IronicObjectSerializer()
obj = MyObj(self.context)
obj.foo = 1
obj.bar = 'text'
obj.missing = 'textt'
primitive = serializer.serialize_entity(self.context, obj)
self.assertEqual('1.4', primitive['ironic_object.version'])
data = primitive['ironic_object.data']
self.assertEqual(1, data['foo'])
self.assertEqual('text', data['bar'])
self.assertNotIn('missing', data)
changes = primitive['ironic_object.changes']
self.assertEqual(set(['foo', 'bar']), set(changes))
def _get_client(context):
"""Helper to get inspector client instance."""
# NOTE(pas-ha) remove in Rocky
if CONF.auth_strategy != 'keystone':
CONF.set_override('auth_type', 'none', group='inspector')
service_auth = keystone.get_auth('inspector')
session = _get_inspector_session(auth=service_auth)
adapter_params = {}
if CONF.inspector.service_url and not CONF.inspector.endpoint_override:
adapter_params['endpoint_override'] = CONF.inspector.service_url
inspector_url = keystone.get_endpoint('inspector', session=session,
**adapter_params)
# TODO(pas-ha) investigate possibility of passing user context here,
# similar to what neutron/glance-related code does
# NOTE(pas-ha) ironic-inspector-client has no Adaper-based
# SessionClient, so we'll resolve inspector API form adapter loaded
# form config options
# TODO(pas-ha) rewrite when inspectorclient is based on ksa Adapter,
# also add global_request_id to the call
return client.ClientV1(api_version=INSPECTOR_API_VERSION,
session=session,
inspector_url=inspector_url)
def _get_client(context):
"""Helper to get inspector client instance."""
# NOTE(pas-ha) remove in Rocky
if CONF.auth_strategy != 'keystone':
CONF.set_override('auth_type', 'none', group='inspector')
service_auth = keystone.get_auth('inspector')
session = _get_inspector_session(auth=service_auth)
adapter_params = {}
if CONF.inspector.service_url and not CONF.inspector.endpoint_override:
adapter_params['endpoint_override'] = CONF.inspector.service_url
adapter = keystone.get_adapter('inspector', session=session,
**adapter_params)
inspector_url = adapter.get_endpoint()
# TODO(pas-ha) investigate possibility of passing user context here,
# similar to what neutron/glance-related code does
# NOTE(pas-ha) ironic-inspector-client has no Adaper-based
# SessionClient, so we'll resolve inspector API form adapter loaded
# form config options
# TODO(pas-ha) rewrite when inspectorclient is based on ksa Adapter,
# also add global_request_id to the call
return client.ClientV1(api_version=INSPECTOR_API_VERSION,
session=session,
inspector_url=inspector_url)
def test_max_version_not_pinned(self):
CONF.set_override('pin_release_version', None)
self.assertEqual(versions._MAX_VERSION_STRING,
versions.max_version_string())
def main():
service.prepare_service()
CONF.set_override('debug', False)
_create_test_nodes()
def test_max_version_not_pinned_in_release_mappings(self):
CONF.set_override('pin_release_version', None)
self.assertEqual(release_mappings.RELEASE_MAPPING['master']['api'],
versions.max_version_string())
def test_get_network_interface_use_field(self):
CONF.set_override('default_network_interface', None)
for nif in ('neutron', 'flat', 'noop'):
self.node.network_interface = nif
self.assertEqual(nif, self.node.network_interface)
def test_get_network_interface_use_conf(self):
for nif in ('neutron', 'flat', 'noop'):
CONF.set_override('default_network_interface', nif)
self.node = obj_utils.get_test_node(self.ctxt, **self.fake_node)
self.assertEqual(nif, self.node.network_interface)
def test_get_network_interface_use_dhcp_provider(self):
CONF.set_override('default_network_interface', None)
for dhcp, nif in (('neutron', 'flat'), ('none', 'noop')):
CONF.set_override('dhcp_provider', dhcp, 'dhcp')
self.node = obj_utils.get_test_node(self.ctxt, **self.fake_node)
self.assertEqual(nif, self.node.network_interface)
def test_max_version_not_pinned_in_release_mappings(self):
CONF.set_override('pin_release_version', None)
self.assertEqual(release_mappings.RELEASE_MAPPING['master']['api'],
versions.max_version_string())
def test_max_version_not_pinned(self):
CONF.set_override('pin_release_version', None)
self.assertEqual(versions._MAX_VERSION_STRING,
versions.max_version_string())