[Openstack] Quantum and HTTPD

Adam Young ayoung at redhat.com
Thu Apr 12 17:16:45 UTC 2012 

On 04/12/2012 01:05 PM, Dan Wendlandt wrote:
> Hi Adam, cool stuff!
>
> Thanks for reporting the issues.  I'm in favor of both changes your 
> suggest.  Any interest on working on the openstack common stuff?  More 
> details inline.

I'll probably help out with common stuff across the board, especially 
WRT to running in HTTPD and PKI/Cert issues come up.  My sorter term 
goal is to harden an Essex deploy so that it can be used in places where 
the policies dictate SSL for all communications.

Thanks for validating what I saw.  Nice to know I don't have to beat my 
head against it for too long.

Any idea how mature the SSL support is that Quantum is using right now?

>
> Dan
>
> On Thu, Apr 12, 2012 at 8:26 AM, Adam Young <ayoung at redhat.com 
> <mailto:ayoung at redhat.com>> wrote:
>
>
>     from paste.deploy.loadwsgi  import loadapp
>     application = loadapp('config:/etc/quantum/quantum.conf', 'quantum')
>
>     But it fails due to issues finding the plugins (error log at the
>     end of the message). It deploys cleanly once I made the following
>     changes to quantum.
>
>     --- a/quantum/extensions/extensions.py
>     +++ b/quantum/extensions/extensions.py
>     @@ -538,8 +538,9 @@ class ResourceExtension(object):
>      # Returns the extention paths from a config entry and the __path__
>      # of quantum.extensions
>      def get_extensions_path(config=None):
>     -    paths = ':'.join(quantum.extensions.__path__)
>     -    if config:
>     -        paths = ':'.join([config.get('api_extensions_path', ''),
>     paths])
>     +#    paths = ':'.join(quantum.extensions.__path__)
>     +    paths = "//etc/quantum/plugins//"
>     +#    if config:
>     +#        paths = ':'.join([config.get('api_extensions_path', ''),
>     paths])
>
>          return paths
>
>     Without this, there is a spurious error message due to the leading
>     ':'  which puts a blank first element to the path.  It also fails
>     to find the extensions path regardless of values put into config
>     files etc.  It is this last issue which leads me to highly suggest
>     we push Quantum to get on the openstack-common bandwagon,  as its
>     Config file processing is confusing and,  I think, broken for the
>     general case.
>
>
> I'm a big proponent of using openstack common as much as possible in 
> Quantum.  Much of this existing code was ripped from nova/glance/etc. 
> and is probably now out of date.  I created a page in the wiki 
> identifying areas in quantum that are ripe for using openstack-common: 
> http://wiki.openstack.org/QuantumOpenstackCommon .  Config if right at 
> the top :)
>
>
>     The other issue which leads me to suspect this approach won't work
>     is the fact that the quantum command line client accepts a
>     hostname and a port,  but not an URL.  So,  while we could deploy
>     quantum behind HTTPD and port 443,  it would basically be the root
>     of the HTTP directory,  and we wouldn't be able to share the HTTPD
>     instance.  We couldn't do
>
>     https://hostname/quantum
>
>     and put it next to
>
>     https://hostname/keystone
>
>
>     Again, not without a code change.
>
>     Finally,  there seems to be some support for SSL in Quantum.  I
>     note that the quantum client has   the option
>
>     -s, --ssl             use ssl
>
>     which leads me to believe that it has been at least attempted.  It
>     may be that the quantum server would not be severely impacted by
>     the overhead of SSL in Python.
>
>
> The quantum client is going to get a complete re-write in Folsom, as 
> this is one of our key community projects listed on the wiki: 
> http://wiki.openstack.org/QuantumStarterBugs
>
> This new client will match other openstack clients in terms of 
> options, etc.  This should mean that you can specify the endpoint as a 
> URL, which should take care of both the SSL and the non-root issues, 
> if I'm understanding you correctly.
>
> Jason Koelker will be leading a session in the Quantum track on 
> redesigning the client, if folks are interested in helping out.
>
>
>
>
>
>     Here's the HTTP error log if I don't make the above change:
>
>
>     [Thu Apr 12 11:21:13 2012] [info] Initial (No.1) HTTPS request
>     received for chil
>     d 7 (server ayoungstack.bos.redhat.com:443
>     <http://ayoungstack.bos.redhat.com:443>)
>     [Thu Apr 12 11:21:13 2012] [info] [client 10.16.187.36] mod_wsgi
>     (pid=8747, proc
>     ess='', application='ayoungstack.bos.redhat.com
>     <http://ayoungstack.bos.redhat.com>|/quantum/api'): Loading WSGI scr
>     ipt '/var/www/cgi-bin/quantum/api'.
>     [Thu Apr 12 11:21:13 2012] [error]
>     ERROR:quantum.extensions.extensions:Extension
>      path "/etc/quantum/extension" doesn't exist!
>     [Thu Apr 12 11:21:13 2012] [error]
>     WARNING:quantum.extensions.extensions:extensi
>     on file portstats.py wasnt loaded due to cannot import name extensions
>     [Thu Apr 12 11:21:13 2012] [error]
>     WARNING:quantum.extensions.extensions:extensi
>     on Cisco Nova Tenant not supported by plugin
>     <quantum.plugins.openvswitch.ovs_qu
>     antum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
>     [Thu Apr 12 11:21:13 2012] [error]
>     WARNING:quantum.extensions.extensions:extensi
>     on Cisco Port Profile not supported by plugin
>     <quantum.plugins.openvswitch.ovs_q
>     uantum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
>     [Thu Apr 12 11:21:13 2012] [error]
>     WARNING:quantum.extensions.extensions:extensi
>     on Cisco Multiport not supported by plugin
>     <quantum.plugins.openvswitch.ovs_quan
>     tum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
>     [Thu Apr 12 11:21:13 2012] [error]
>     WARNING:quantum.extensions.extensions:Did not
>      find expected name "Extensions" in
>     /opt/stack/quantum/quantum/extensions/extens
>     ions.py
>
>
>     _______________________________________________
>     Mailing list: https://launchpad.net/~openstack
>     <https://launchpad.net/%7Eopenstack>
>     Post to     : openstack at lists.launchpad.net
>     <mailto:openstack at lists.launchpad.net>
>     Unsubscribe : https://launchpad.net/~openstack
>     <https://launchpad.net/%7Eopenstack>
>     More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> -- 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Dan Wendlandt
> Nicira, Inc: www.nicira.com <http://www.nicira.com>
> twitter: danwendlandt
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120412/7d136964/attachment.html>

More information about the Openstack mailing list