From bedaeab074eaf4193cdb0d8eebeb2fe89c76a8bf Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Tue, 16 Apr 2019 10:51:49 +0100 Subject: [PATCH] nova-status: Remove consoleauth workaround check We're going to be removing the configuration option so the advice from this check will no longer make sense. Part of blueprint remove-consoleauth Change-Id: I5c7e54259857d9959f5a2dfb99102602a0cf9bb7 Signed-off-by: Stephen Finucane --- nova/cmd/status.py | 79 --------- nova/tests/unit/cmd/test_status.py | 166 ------------------ ...s-check-consoleauths-5df5c2e91749eefc.yaml | 5 + 3 files changed, 5 insertions(+), 245 deletions(-) create mode 100644 releasenotes/notes/remove-nova-status-check-consoleauths-5df5c2e91749eefc.yaml diff --git a/nova/cmd/status.py b/nova/cmd/status.py index 242cbbbbc372..c0eaa072542e 100644 --- a/nova/cmd/status.py +++ b/nova/cmd/status.py @@ -386,83 +386,6 @@ class UpgradeCommands(upgradecheck.UpgradeCommands): return upgradecheck.Result(upgradecheck.Code.FAILURE, msg) return upgradecheck.Result(upgradecheck.Code.SUCCESS) - def _check_console_auths(self): - """Checks for console usage and warns with info for rolling upgrade. - - Iterates all cells checking to see if the nova-consoleauth service is - non-deleted/non-disabled and whether there are any console token auths - in that cell database. If there is a nova-consoleauth service being - used and no console token auths in the cell database, emit a warning - telling the user to set [workarounds]enable_consoleauth = True if they - are performing a rolling upgrade. - """ - # If the operator has already enabled the workaround, we don't need - # to check anything. - if CONF.workarounds.enable_consoleauth: - return upgradecheck.Result(upgradecheck.Code.SUCCESS) - - # We need to check cell0 for nova-consoleauth service records because - # it's possible a deployment could have services stored in the cell0 - # database, if they've defaulted their [database]connection in - # nova.conf to cell0. - mappings = self._get_cell_mappings() - - if not mappings: - # There are no cell mappings so we can't determine this, just - # return a warning. The cellsv2 check would have already failed - # on this. - msg = (_('Unable to check consoles without cell mappings.')) - return upgradecheck.Result(upgradecheck.Code.WARNING, msg) - - ctxt = nova_context.get_admin_context() - # If we find a non-deleted, non-disabled nova-consoleauth service in - # any cell, we will assume the deployment is using consoles. - using_consoles = False - for mapping in mappings: - with nova_context.target_cell(ctxt, mapping) as cctxt: - # Check for any non-deleted, non-disabled nova-consoleauth - # service. - meta = MetaData(bind=db_session.get_engine(context=cctxt)) - services = Table('services', meta, autoload=True) - consoleauth_service_record = ( - select([services.c.id]).select_from(services).where(and_( - services.c.binary == 'nova-consoleauth', - services.c.deleted == 0, - services.c.disabled == false())).execute().first()) - if consoleauth_service_record: - using_consoles = True - break - - if using_consoles: - # If the deployment is using consoles, we can only be certain the - # upgrade is complete if each compute service is >= Rocky and - # supports storing console token auths in the database backend. - for mapping in mappings: - # Skip cell0 as no compute services should be in it. - if mapping.is_cell0(): - continue - # Get the minimum nova-compute service version in this - # cell. - with nova_context.target_cell(ctxt, mapping) as cctxt: - min_version = self._get_min_service_version( - cctxt, 'nova-compute') - # We could get None for the minimum version in the case of - # new install where there are no computes. If there are - # compute services, they should all have versions. - if min_version is not None and min_version < 35: - msg = _("One or more cells were found which have " - "nova-compute services older than Rocky. " - "Please set the " - "'[workarounds]enable_consoleauth' " - "configuration option to 'True' on your " - "console proxy host if you are performing a " - "rolling upgrade to enable consoles to " - "function during a partial upgrade.") - return upgradecheck.Result(upgradecheck.Code.WARNING, - msg) - - return upgradecheck.Result(upgradecheck.Code.SUCCESS) - def _check_cinder(self): """Checks to see that the cinder API is available at a given minimum microversion. @@ -507,8 +430,6 @@ class UpgradeCommands(upgradecheck.UpgradeCommands): (_('Ironic Flavor Migration'), _check_ironic_flavor_migration), # Added in Rocky (_('Request Spec Migration'), _check_request_spec_migration), - # Added in Stein (but also useful going back to Rocky) - (_('Console Auths'), _check_console_auths), # Added in Train (_('Cinder API'), _check_cinder), ) diff --git a/nova/tests/unit/cmd/test_status.py b/nova/tests/unit/cmd/test_status.py index 0d821d7b8416..be11c79140e7 100644 --- a/nova/tests/unit/cmd/test_status.py +++ b/nova/tests/unit/cmd/test_status.py @@ -617,172 +617,6 @@ class TestUpgradeCheckRequestSpecMigration(test.NoDBTestCase): self.cell_mappings['cell2'].uuid, result.details) -class TestUpgradeCheckConsoles(test.NoDBTestCase): - """Tests for the nova-status upgrade check for consoles.""" - - # We'll setup the database ourselves because we need to use cells fixtures - # for multiple cell mappings. - USES_DB_SELF = True - - # This will create three cell mappings: cell0, cell1 (default) and cell2 - NUMBER_OF_CELLS = 2 - - def setUp(self): - super(TestUpgradeCheckConsoles, self).setUp() - self.output = StringIO() - self.useFixture(fixtures.MonkeyPatch('sys.stdout', self.output)) - # We always need the API DB to be setup. - self.useFixture(nova_fixtures.Database(database='api')) - self.cmd = status.UpgradeCommands() - - @staticmethod - def _create_service_in_cell(ctxt, cell, binary, is_deleted=False, - disabled=False, version=None, - create_token_auth=False): - with context.target_cell(ctxt, cell) as cctxt: - service = objects.Service(context=cctxt, binary=binary, - disabled=disabled, host='dontcare') - if version: - service.version = version - service.create() - - if is_deleted: - service.destroy() - - if create_token_auth: - # We have to create an instance in order to create a token - # auth. - inst = objects.Instance(context=cctxt, - uuid=uuidutils.generate_uuid()) - inst.create() - auth = objects.ConsoleAuthToken(context=cctxt, - console_type='novnc', - host='hostname', port=6080, - instance_uuid=inst.uuid) - auth.authorize(CONF.consoleauth.token_ttl) - - return service - - def test_check_workaround_enabled(self): - """This is a 'success' case since the console auths check is - ignored when the workaround is already enabled. - """ - self.flags(enable_consoleauth=True, group='workarounds') - result = self.cmd._check_console_auths() - self.assertEqual(upgradecheck.Code.SUCCESS, result.code) - - def test_deleted_disabled_consoleauth(self): - """Tests that services other than nova-consoleauth and deleted/disabled - nova-consoleauth services are filtered out. - """ - self._setup_cells() - ctxt = context.get_admin_context() - - # Create a compute service in cell1. - self._create_service_in_cell(ctxt, self.cell_mappings['cell1'], - 'nova-compute') - # Create a deleted consoleauth service in cell1. - self._create_service_in_cell(ctxt, self.cell_mappings['cell1'], - 'nova-consoleauth', is_deleted=True) - # Create a compute service in cell2. - self._create_service_in_cell(ctxt, self.cell_mappings['cell2'], - 'nova-compute') - # Create a disabled consoleauth service in cell2. - self._create_service_in_cell(ctxt, self.cell_mappings['cell2'], - 'nova-consoleauth', disabled=True) - - result = self.cmd._check_console_auths() - self.assertEqual(upgradecheck.Code.SUCCESS, result.code) - - def test_consoleauth_with_upgrade_not_started(self): - """Tests the scenario where the deployment is using consoles but has no - compute services >= Rocky, i.e. a not started upgrade. - """ - self._setup_cells() - ctxt = context.get_admin_context() - - # Create a deleted consoleauth service in cell1. - self._create_service_in_cell(ctxt, self.cell_mappings['cell1'], - 'nova-consoleauth', is_deleted=True) - # Create a live consoleauth service in cell0. (Asserts we check cell0). - self._create_service_in_cell(ctxt, self.cell_mappings['cell0'], - 'nova-consoleauth') - # Create Queens compute services in the cells. - for cell in ['cell1', 'cell2']: - self._create_service_in_cell(ctxt, self.cell_mappings[cell], - 'nova-compute', version=30) - - result = self.cmd._check_console_auths() - self.assertEqual(upgradecheck.Code.WARNING, result.code) - - def test_consoleauth_with_upgrade_complete(self): - """Tests the scenario where the deployment is using consoles and has - all compute services >= Rocky in every cell database, i.e. a completed - upgrade. - """ - self._setup_cells() - ctxt = context.get_admin_context() - - # Create a live consoleauth service in cell1 with token auth. - self._create_service_in_cell(ctxt, self.cell_mappings['cell1'], - 'nova-consoleauth', - create_token_auth=True) - - # Create a live consoleauth service in cell2 with token auth. - self._create_service_in_cell(ctxt, self.cell_mappings['cell2'], - 'nova-consoleauth', - create_token_auth=True) - - # Create Rocky compute services in the cells. - for cell in ['cell1', 'cell2']: - self._create_service_in_cell(ctxt, self.cell_mappings[cell], - 'nova-compute', version=35) - - # Create a Queens compute service in cell0. This not actually valid, - # we do it to assert that we skip cell0 when checking service versions. - self._create_service_in_cell(ctxt, self.cell_mappings['cell0'], - 'nova-compute', version=30) - - result = self.cmd._check_console_auths() - self.assertEqual(upgradecheck.Code.SUCCESS, result.code) - - def test_consoleauth_with_upgrade_partial(self): - """Tests the scenario where the deployment is using consoles and has - compute services >= Rocky in at least one, but not all, cell databases, - i.e. a partial upgrade. - """ - self._setup_cells() - ctxt = context.get_admin_context() - - # Create a live consoleauth service in cell1. - self._create_service_in_cell(ctxt, self.cell_mappings['cell1'], - 'nova-consoleauth') - - # Create a live consoleauth service in cell2 with token auth. - self._create_service_in_cell(ctxt, self.cell_mappings['cell2'], - 'nova-consoleauth', - create_token_auth=True) - - # Create a Queens compute service in cell1. - self._create_service_in_cell(ctxt, self.cell_mappings['cell1'], - 'nova-compute', version=30) - - # Create a Rocky compute service in cell2. - self._create_service_in_cell(ctxt, self.cell_mappings['cell2'], - 'nova-compute', version=35) - - result = self.cmd._check_console_auths() - - self.assertEqual(upgradecheck.Code.WARNING, result.code) - self.assertIn("One or more cells were found which have nova-compute " - "services older than Rocky. " - "Please set the '[workarounds]enable_consoleauth' " - "configuration option to 'True' on your console proxy " - "host if you are performing a rolling upgrade to enable " - "consoles to function during a partial upgrade.", - result.details) - - class TestUpgradeCheckCinderAPI(test.NoDBTestCase): def setUp(self): diff --git a/releasenotes/notes/remove-nova-status-check-consoleauths-5df5c2e91749eefc.yaml b/releasenotes/notes/remove-nova-status-check-consoleauths-5df5c2e91749eefc.yaml new file mode 100644 index 000000000000..e2dbae7b0811 --- /dev/null +++ b/releasenotes/notes/remove-nova-status-check-consoleauths-5df5c2e91749eefc.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + A check for the use of the ``nova-consoleauth`` service, added to the + ``nova-status upgrade check`` CLI in Rocky, is now removed.