On Thu, Apr 12, 2012 at 10:16 AM, Adam Young <ayo...@redhat.com> wrote:
> On 04/12/2012 01:05 PM, Dan Wendlandt wrote: > > Hi Adam, cool stuff! > > Thanks for reporting the issues. I'm in favor of both changes your > suggest. Any interest on working on the openstack common stuff? More > details inline. > > > I'll probably help out with common stuff across the board, especially WRT > to running in HTTPD and PKI/Cert issues come up. My sorter term goal is to > harden an Essex deploy so that it can be used in places where the policies > dictate SSL for all communications. > > Thanks for validating what I saw. Nice to know I don't have to beat my > head against it for too long. > > Any idea how mature the SSL support is that Quantum is using right now? > I do not. I don't know of any deployments using it right now. Its likely that we just have whatever code "came along for the ride" when the web framework was borrowed from nova/glance. Salvatore might know, as he did a lot of the heavy lifting on the Quantum API side. Dan > > > > Dan > > On Thu, Apr 12, 2012 at 8:26 AM, Adam Young <ayo...@redhat.com> wrote: > >> >> from paste.deploy.loadwsgi import loadapp >> application = loadapp('config:/etc/quantum/quantum.conf', 'quantum') >> >> But it fails due to issues finding the plugins (error log at the end of >> the message). It deploys cleanly once I made the following changes to >> quantum. >> >> --- a/quantum/extensions/extensions.py >> +++ b/quantum/extensions/extensions.py >> @@ -538,8 +538,9 @@ class ResourceExtension(object): >> # Returns the extention paths from a config entry and the __path__ >> # of quantum.extensions >> def get_extensions_path(config=None): >> - paths = ':'.join(quantum.extensions.__path__) >> - if config: >> - paths = ':'.join([config.get('api_extensions_path', ''), paths]) >> +# paths = ':'.join(quantum.extensions.__path__) >> + paths = "*/etc/quantum/plugins/*" >> +# if config: >> +# paths = ':'.join([config.get('api_extensions_path', ''), >> paths]) >> >> return paths >> >> Without this, there is a spurious error message due to the leading ':' >> which puts a blank first element to the path. It also fails to find the >> extensions path regardless of values put into config files etc. It is this >> last issue which leads me to highly suggest we push Quantum to get on the >> openstack-common bandwagon, as its Config file processing is confusing >> and, I think, broken for the general case. >> > > I'm a big proponent of using openstack common as much as possible in > Quantum. Much of this existing code was ripped from nova/glance/etc. and > is probably now out of date. I created a page in the wiki identifying > areas in quantum that are ripe for using openstack-common: > http://wiki.openstack.org/QuantumOpenstackCommon . Config if right at > the top :) > > > >> >> The other issue which leads me to suspect this approach won't work is the >> fact that the quantum command line client accepts a hostname and a port, >> but not an URL. So, while we could deploy quantum behind HTTPD and port >> 443, it would basically be the root of the HTTP directory, and we >> wouldn't be able to share the HTTPD instance. We couldn't do >> >> https://hostname/quantum >> >> and put it next to >> >> https://hostname/keystone >> >> >> Again, not without a code change. >> >> Finally, there seems to be some support for SSL in Quantum. I note that >> the quantum client has the option >> >> -s, --ssl use ssl >> >> which leads me to believe that it has been at least attempted. It may be >> that the quantum server would not be severely impacted by the overhead of >> SSL in Python. >> > > The quantum client is going to get a complete re-write in Folsom, as > this is one of our key community projects listed on the wiki: > http://wiki.openstack.org/QuantumStarterBugs > > This new client will match other openstack clients in terms of options, > etc. This should mean that you can specify the endpoint as a URL, which > should take care of both the SSL and the non-root issues, if I'm > understanding you correctly. > > Jason Koelker will be leading a session in the Quantum track on > redesigning the client, if folks are interested in helping out. > > > > >> >> >> >> Here's the HTTP error log if I don't make the above change: >> >> >> [Thu Apr 12 11:21:13 2012] [info] Initial (No.1) HTTPS request received >> for chil >> d 7 (server ayoungstack.bos.redhat.com:443) >> [Thu Apr 12 11:21:13 2012] [info] [client 10.16.187.36] mod_wsgi >> (pid=8747, proc >> ess='', application='ayoungstack.bos.redhat.com|/quantum/api'): Loading >> WSGI scr >> ipt '/var/www/cgi-bin/quantum/api'. >> [Thu Apr 12 11:21:13 2012] [error] >> ERROR:quantum.extensions.extensions:Extension >> path "/etc/quantum/extension" doesn't exist! >> [Thu Apr 12 11:21:13 2012] [error] >> WARNING:quantum.extensions.extensions:extensi >> on file portstats.py wasnt loaded due to cannot import name extensions >> [Thu Apr 12 11:21:13 2012] [error] >> WARNING:quantum.extensions.extensions:extensi >> on Cisco Nova Tenant not supported by plugin >> <quantum.plugins.openvswitch.ovs_qu >> antum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450> >> [Thu Apr 12 11:21:13 2012] [error] >> WARNING:quantum.extensions.extensions:extensi >> on Cisco Port Profile not supported by plugin >> <quantum.plugins.openvswitch.ovs_q >> uantum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450> >> [Thu Apr 12 11:21:13 2012] [error] >> WARNING:quantum.extensions.extensions:extensi >> on Cisco Multiport not supported by plugin >> <quantum.plugins.openvswitch.ovs_quan >> tum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450> >> [Thu Apr 12 11:21:13 2012] [error] >> WARNING:quantum.extensions.extensions:Did not >> find expected name "Extensions" in >> /opt/stack/quantum/quantum/extensions/extens >> ions.py >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Dan Wendlandt > Nicira, Inc: www.nicira.com > twitter: danwendlandt > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dan Wendlandt Nicira, Inc: www.nicira.com twitter: danwendlandt ~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp