[openstack-dev] [oslo][keystone] oslo_config and wsgi middlewares

Michael Krotscheck krotscheck at gmail.com
Thu Aug 6 16:25:58 UTC 2015


Hi there!

The most recent version of the CORS middleware (~2.4) no longer requires
the use of Oslo.config, and supports pastedeploy. While using oslo.config
provides far better features - such as multiple origins - it doesn't
prevent you from using it in the paste pipeline. The documentation has been
updated to reflect this.

As for the "How do we proceed" question, I feel your question can be better
asked as: Do we support developers, or do we support operators? The
developer stance is that of architectural purity, of minimizing
dependencies, and of staying as true to default as possible. The Operator's
stance is that of simplified configuration, performance, good
documentation, and reliability.

I fall on the operators side, and as a result feel that we should be using
oslo.config for everything. One single configuration method across
services, consistent naming conventions, autogenerated with sane options,
with tooling and testing that makes it reliable. Special Snowflakes really
just add cognitive friction, documentation overhead, and noise.

I'm not saying oslo is perfect. I'm not saying that how oslo is used is
always correct. But we're fixing it, and consistency, in my mind, always
trumps ideology.

Michael

On Thu, Aug 6, 2015 at 9:02 AM Mehdi Abaakouk <sileht at sileht.net> wrote:

> Hi,
>
> I want to share with you some problems I have recently encountered with
> openstack middlewares and oslo.config.
>
> The issues
> ----------
>
> In project Gnocchi, I would use oslo.middleware.cors, I have expected to
> just put the name of the middleware to the wsgi pipeline, but I can't.
> The middlewares only works if you pass the oslo_config.cfg.ConfigOpts()
> object or via 'paste-deploy'... Gnocchi doesn't use paste-deploy, so
> I have to modify the code to load it...
> (For the keystonemiddleware, Gnocchi already have a special
> handling/hack to load it [1] and [2]).
> I don't want to write the same hack for each openstack middlewares.
>
>
> In project Aodh (ceilometer-alarm), we recently got an issue with
> keystonemiddleware since we remove the usage of the global object
> oslo_config.cfg.CONF. The middleware doesn't load its options from the
> config file of aodh anymore. Our authentication is broken.
> We can still pass them through paste-deploy configuration but this looks
> a method of the past. I still don't want to write a hack for each
> openstack middlewares.
>
>
> Then I have digged into other middlewares and applications to see how
> they handle their conf.
>
> oslo_middlewarre.sizelimit and oslo_middlewarre.ssl take options only
> via the global oslo_config.cfg.CONF. So they are unusable for application
> that doesn't use this global object.
>
> oslo_middleware.healthcheck take options as dict like any other python
> middleware. This is suitable for 'paste-deploy'. But doesn't allow
> configuration via oslo.config, doesn't have a strong config options
> type checking and co.
>
> Zaqar seems got same kind of issue about keystonemiddleware, and just
> write a hack to workaround the issue (monkeypatch the cfg.CONF of
> keystonemiddleware with their local version of the object [3] and then
> transform the loaded options into a dict to pass them via the legacy
> middleware dict options [4]) .
>
> Most applications, just still use the global object for the
> configuration and don't, yet, see those issues.
>
>
> All of that is really not consistent.
>
> This is confusing for developer to have some middlewares that need
> pre-setup,
> enforce them to rely on global python object, and some others not.
> This is confusing for deployer their can't do the configuration of
> middlewares in the same way for each middlewares and each projects.
>
> But keystonemiddleware, oslo.middleware.cors,... are supposed to be wsgi
> middlewares, something that is independant of the app.
> And this is not really the case.
>
> From my point of view and what wsgi looks like generally in python, the
> middleware object should be just MyMiddleware(app, options_as_dict),
> if the middleware want to rely to another configuration system it should
> do the setup/initialisation itself.
>
>
>
> So, how to solve that ?
> ------------------------
>
> Do you agree:
>
> * all openstack middlewares should load their options with oslo.config ?
>   this permits type checking and all other features it provides, it's cool
> :)
>   configuration in paste-deploy conf is thing of past
>
> * we must support local AND global oslo.config object ?
>   This is an application choice not something enforced by middleware.
>   The deployer experience should be the same in both case.
>
> * the middleware must be responsible of the section name in the
> oslo.config ?
>   Gnocchi/Zaqar hack have to hardcode the section name in their code,
>   this doesn't looks good.
>
> * we must support legacy python signature for WSGI object,
>   MyMiddleware(app, options_as_dict) ? To be able to use paste for
>   application/deployer that want it and not break already deployed things.
>
>
> I really think all our middlewares should be consistent:
>
> * to be usable by all applications without enforcing them to write crap
> around them.
> * and to made the deployer life easier.
>
>
> Possible solution:
> ------------------
>
> I have already started to work on something that do all of that for all
> middlewares [5], [6]
>
> The idea is, the middleware should create a oslo_config.cfg.ConfigOpts()
> (instead of rely on the global one) and load the configuration file of the
> application in. oslo.config will discover the file location just with the
> name of application as usual.
>
> So the middleware can now be loaded like this:
>
> code example:
>
>    app = MyMiddleware(app, {"oslo_config_project": "aodh"})
>
> paste-deploy example:
>
>    [filter:foobar]
>    paste.filter_factory = foobar:MyMiddleware.filter_factory
>    oslo_config_project = aodh
>
> oslo_config.cfg.ConfigOpts() will easly find the /etc/aodh/aodh.conf,
> This cut the hidden links between middleware and the application
> (through the global object).
>
> And of course if oslo_config_project is not provided, the middleware
> fallback the global oslo.config object.
> The middleware options can still be passed via the legacy dict.
> The backward compatibility is conserved.
>
> I have already tested that in Gnocchi and Aodh, and that solves all of
> my issues. Remove all hacks, the application doesn't need special pre
> setup. All our middleware become normal middleware but still can use
> oslo.config.
>
>
> WDYT ?
>
>
> Cheers,
>
> [1]
> https://github.com/openstack/gnocchi/blob/master/gnocchi/rest/app.py#L140
> [2]
> https://github.com/openstack/gnocchi/blob/master/gnocchi/service.py#L64-L73
> [3]
> https://github.com/openstack/zaqar/blob/87fd1aa93dafb64097f731dbd416c2eeb697d403/zaqar/transport/auth.py#L63
> [4]
> https://github.com/openstack/zaqar/blob/87fd1aa93dafb64097f731dbd416c2eeb697d403/zaqar/transport/auth.py#L70
> [5] https://review.openstack.org/#/c/208965/
> [6] https://review.openstack.org/#/c/209817/
>
>
> --
> Mehdi Abaakouk
> mail: sileht at sileht.net
> irc: sileht
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> W
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150806/202fab9a/attachment.html>


More information about the OpenStack-dev mailing list