Browse code
Run console proxies per cell instead of globally
Along with converting to the database backend for console token auth,
the console proxies need to run per cell instead of globally. This way,
the instance UUID isn't needed in the access url as users will be
handed an access url local to the cell their instances is in. With
console proxies sharded across cells, a large cloud will no longer have
a bottleneck of one console proxy for the entire deployment.
This also disables the novnc tempest tests with a TODO to re-enable
them once the nova patch series that converts from the nova-consoleauth
backend -> cell database backend lands.
Change-Id: I67894a31b887a93de26f3d2d8a1fa84be5b9ea89
melanie witt authored on 2017/07/19 07:29:41Showing 2 changed files
| ... | ... |
@@ -921,11 +921,46 @@ function start_nova_rest {
|
| 921 | 921 |
run_process n-api-meta "$NOVA_BIN_DIR/uwsgi --procname-prefix nova-api-meta --ini $NOVA_METADATA_UWSGI_CONF" |
| 922 | 922 |
fi |
| 923 | 923 |
|
| 924 |
- run_process n-novnc "$NOVA_BIN_DIR/nova-novncproxy --config-file $api_cell_conf --web $NOVNC_WEB_DIR" |
|
| 925 |
- run_process n-xvnc "$NOVA_BIN_DIR/nova-xvpvncproxy --config-file $api_cell_conf" |
|
| 926 |
- run_process n-spice "$NOVA_BIN_DIR/nova-spicehtml5proxy --config-file $api_cell_conf --web $SPICE_WEB_DIR" |
|
| 924 |
+ # nova-consoleauth always runs globally |
|
| 927 | 925 |
run_process n-cauth "$NOVA_BIN_DIR/nova-consoleauth --config-file $api_cell_conf" |
| 928 |
- run_process n-sproxy "$NOVA_BIN_DIR/nova-serialproxy --config-file $api_cell_conf" |
|
| 926 |
+ |
|
| 927 |
+ export PATH=$old_path |
|
| 928 |
+} |
|
| 929 |
+ |
|
| 930 |
+function enable_nova_console_proxies {
|
|
| 931 |
+ for i in $(seq 1 $NOVA_NUM_CELLS); do |
|
| 932 |
+ for srv in n-novnc n-xvnc n-spice n-sproxy; do |
|
| 933 |
+ if is_service_enabled $srv; then |
|
| 934 |
+ enable_service ${srv}-cell${i}
|
|
| 935 |
+ fi |
|
| 936 |
+ done |
|
| 937 |
+ done |
|
| 938 |
+} |
|
| 939 |
+ |
|
| 940 |
+function start_nova_console_proxies {
|
|
| 941 |
+ # Hack to set the path for rootwrap |
|
| 942 |
+ local old_path=$PATH |
|
| 943 |
+ # This is needed to find the nova conf |
|
| 944 |
+ export PATH=$NOVA_BIN_DIR:$PATH |
|
| 945 |
+ |
|
| 946 |
+ local api_cell_conf=$NOVA_CONF |
|
| 947 |
+ # console proxies run globally for singleconductor, else they run per cell |
|
| 948 |
+ if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
|
|
| 949 |
+ run_process n-novnc "$NOVA_BIN_DIR/nova-novncproxy --config-file $api_cell_conf --web $NOVNC_WEB_DIR" |
|
| 950 |
+ run_process n-xvnc "$NOVA_BIN_DIR/nova-xvpvncproxy --config-file $api_cell_conf" |
|
| 951 |
+ run_process n-spice "$NOVA_BIN_DIR/nova-spicehtml5proxy --config-file $api_cell_conf --web $SPICE_WEB_DIR" |
|
| 952 |
+ run_process n-sproxy "$NOVA_BIN_DIR/nova-serialproxy --config-file $api_cell_conf" |
|
| 953 |
+ else |
|
| 954 |
+ enable_nova_console_proxies |
|
| 955 |
+ for i in $(seq 1 $NOVA_NUM_CELLS); do |
|
| 956 |
+ local conf |
|
| 957 |
+ conf=$(conductor_conf $i) |
|
| 958 |
+ run_process n-novnc-cell${i} "$NOVA_BIN_DIR/nova-novncproxy --config-file $conf --web $NOVNC_WEB_DIR"
|
|
| 959 |
+ run_process n-xvnc-cell${i} "$NOVA_BIN_DIR/nova-xvpvncproxy --config-file $conf"
|
|
| 960 |
+ run_process n-spice-cell${i} "$NOVA_BIN_DIR/nova-spicehtml5proxy --config-file $conf --web $SPICE_WEB_DIR"
|
|
| 961 |
+ run_process n-sproxy-cell${i} "$NOVA_BIN_DIR/nova-serialproxy --config-file $conf"
|
|
| 962 |
+ done |
|
| 963 |
+ fi |
|
| 929 | 964 |
|
| 930 | 965 |
export PATH=$old_path |
| 931 | 966 |
} |
| ... | ... |
@@ -985,6 +1020,7 @@ function start_nova {
|
| 985 | 985 |
# this catches the cells v1 case early |
| 986 | 986 |
_set_singleconductor |
| 987 | 987 |
start_nova_rest |
| 988 |
+ start_nova_console_proxies |
|
| 988 | 989 |
start_nova_conductor |
| 989 | 990 |
start_nova_compute |
| 990 | 991 |
if is_service_enabled n-api; then |
| ... | ... |
@@ -1010,11 +1046,26 @@ function stop_nova_compute {
|
| 1010 | 1010 |
|
| 1011 | 1011 |
function stop_nova_rest {
|
| 1012 | 1012 |
# Kill the non-compute nova processes |
| 1013 |
- for serv in n-api n-api-meta n-net n-sch n-novnc n-xvnc n-cauth n-spice n-cell n-cell n-sproxy; do |
|
| 1013 |
+ for serv in n-api n-api-meta n-net n-sch n-cauth n-cell n-cell; do |
|
| 1014 | 1014 |
stop_process $serv |
| 1015 | 1015 |
done |
| 1016 | 1016 |
} |
| 1017 | 1017 |
|
| 1018 |
+function stop_nova_console_proxies {
|
|
| 1019 |
+ if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
|
|
| 1020 |
+ for srv in n-novnc n-xvnc n-spice n-sproxy; do |
|
| 1021 |
+ stop_process $srv |
|
| 1022 |
+ done |
|
| 1023 |
+ else |
|
| 1024 |
+ enable_nova_console_proxies |
|
| 1025 |
+ for i in $(seq 1 $NOVA_NUM_CELLS); do |
|
| 1026 |
+ for srv in n-novnc n-xvnc n-spice n-sproxy; do |
|
| 1027 |
+ stop_process ${srv}-cell${i}
|
|
| 1028 |
+ done |
|
| 1029 |
+ done |
|
| 1030 |
+ fi |
|
| 1031 |
+} |
|
| 1032 |
+ |
|
| 1018 | 1033 |
function stop_nova_conductor {
|
| 1019 | 1034 |
if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
|
| 1020 | 1035 |
stop_process n-cond |
| ... | ... |
@@ -1032,6 +1083,7 @@ function stop_nova_conductor {
|
| 1032 | 1032 |
# stop_nova() - Stop running processes |
| 1033 | 1033 |
function stop_nova {
|
| 1034 | 1034 |
stop_nova_rest |
| 1035 |
+ stop_nova_console_proxies |
|
| 1035 | 1036 |
stop_nova_conductor |
| 1036 | 1037 |
stop_nova_compute |
| 1037 | 1038 |
} |
| ... | ... |
@@ -386,7 +386,14 @@ function configure_tempest {
|
| 386 | 386 |
iniset $TEMPEST_CONFIG compute-feature-enabled volume_multiattach True |
| 387 | 387 |
fi |
| 388 | 388 |
|
| 389 |
- if is_service_enabled n-novnc; then |
|
| 389 |
+ # TODO(melwitt): If we're running per-cell console proxies, the novnc tests |
|
| 390 |
+ # won't work until the nova patch series lands that converts from the |
|
| 391 |
+ # nova-consoleauth backend -> cell database backend. So disable them unless |
|
| 392 |
+ # we're running Cells v1. Cells v1 will never support the cell database |
|
| 393 |
+ # backend, so it will always run with a global nova-consoleauth. |
|
| 394 |
+ # Once the patch that converts from the nova-consoleauth backend -> cell |
|
| 395 |
+ # database backend lands, we can re-enable the novnc tests for Cells v2. |
|
| 396 |
+ if is_service_enabled n-novnc && is_service_enabled n-cell; then |
|
| 390 | 397 |
iniset $TEMPEST_CONFIG compute-feature-enabled vnc_console True |
| 391 | 398 |
fi |
| 392 | 399 |
|