<br><br><div class="gmail_quote">On Thu, Apr 12, 2012 at 10:16 AM, Adam Young <span dir="ltr"><<a href="mailto:ayoung@redhat.com">ayoung@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><div class="im">
On 04/12/2012 01:05 PM, Dan Wendlandt wrote:
<blockquote type="cite">Hi Adam, cool stuff!
<div><br>
</div>
<div>Thanks for reporting the issues. I'm in favor of both
changes your suggest. Any interest on working on the openstack
common stuff? More details inline.</div>
</blockquote>
<br></div>
I'll probably help out with common stuff across the board,
especially WRT to running in HTTPD and PKI/Cert issues come up. My
sorter term goal is to harden an Essex deploy so that it can be used
in places where the policies dictate SSL for all communications. <br>
<br>
Thanks for validating what I saw. Nice to know I don't have to beat
my head against it for too long.<br>
<br>
Any idea how mature the SSL support is that Quantum is using right
now?</div></blockquote><div><br></div><div>I do not. I don't know of any deployments using it right now. Its likely that we just have whatever code "came along for the ride" when the web framework was borrowed from nova/glance. Salvatore might know, as he did a lot of the heavy lifting on the Quantum API side. </div>
<div><br></div><div>Dan</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><div><div class="h5"><br>
<br>
<blockquote type="cite">
<div><br>
</div>
<div>
Dan<br>
<br>
<div class="gmail_quote">On Thu, Apr 12, 2012 at 8:26 AM, Adam
Young <span dir="ltr"><<a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div style="font-family:-moz-fixed;font-size:12px" lang="x-western"><br>
from paste.deploy.loadwsgi import loadapp <br>
application =
loadapp('config:/etc/quantum/quantum.conf', 'quantum') <br>
<br>
But it fails due to issues finding the plugins (error
log at the end of the message). It deploys cleanly once
I made the following changes to quantum.<br>
<br>
--- a/quantum/extensions/extensions.py <br>
+++ b/quantum/extensions/extensions.py <br>
@@ -538,8 +538,9 @@ class ResourceExtension(object): <br>
# Returns the extention paths from a config entry and
the __path__ <br>
# of quantum.extensions <br>
def get_extensions_path(config=None): <br>
- paths = ':'.join(quantum.extensions.__path__) <br>
- if config: <br>
- paths =
':'.join([config.get('api_extensions_path', ''), paths])
<br>
+# paths = ':'.join(quantum.extensions.__path__) <br>
+ paths = "<i><span>/</span>etc/quantum/plugins<span>/</span></i>"
<br>
+# if config: <br>
+# paths =
':'.join([config.get('api_extensions_path', ''), paths])
<br>
<br>
return paths <br>
<br>
Without this, there is a spurious error message due to
the leading ':' which puts a blank first element to the
path. It also fails to find the extensions path
regardless of values put into config files etc. It is
this last issue which leads me to highly suggest we push
Quantum to get on the openstack-common bandwagon, as
its Config file processing is confusing and, I think,
broken for the general case.
</div>
</div>
</blockquote>
<div><br>
</div>
<div>I'm a big proponent of using openstack common as much as
possible in Quantum. Much of this existing code was ripped
from nova/glance/etc. and is probably now out of date. I
created a page in the wiki identifying areas in quantum that
are ripe for using openstack-common: <a href="http://wiki.openstack.org/QuantumOpenstackCommon" target="_blank">http://wiki.openstack.org/QuantumOpenstackCommon</a>
. Config if right at the top :) </div>
<div><br>
</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div style="font-family:-moz-fixed;font-size:12px" lang="x-western"> <br>
The other issue which leads me to suspect this approach
won't work is the fact that the quantum command line
client accepts a hostname and a port, but not an URL.
So, while we could deploy quantum behind HTTPD and port
443, it would basically be the root of the HTTP
directory, and we wouldn't be able to share the HTTPD
instance. We couldn't do <br>
<br>
<a href="https://hostname/quantum" target="_blank">https://hostname/quantum</a>
<br>
<br>
and put it next to <br>
<br>
<a href="https://hostname/keystone" target="_blank">https://hostname/keystone</a>
<br>
<br>
<br>
Again, not without a code change. <br>
<br>
Finally, there seems to be some support for SSL in
Quantum. I note that the quantum client has the
option <br>
<br>
-s, --ssl use ssl <br>
<br>
which leads me to believe that it has been at least
attempted. It may be that the quantum server would not
be severely impacted by the overhead of SSL in Python.<br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>The quantum client is going to get a complete re-write in
Folsom, as this is one of our key community projects listed
on the wiki: <a href="http://wiki.openstack.org/QuantumStarterBugs" target="_blank">http://wiki.openstack.org/QuantumStarterBugs</a></div>
<div><br>
</div>
<div>This new client will match other openstack clients in
terms of options, etc. This should mean that you can
specify the endpoint as a URL, which should take care of
both the SSL and the non-root issues, if I'm understanding
you correctly. </div>
<div><br>
</div>
<div>Jason Koelker will be leading a session in the Quantum
track on redesigning the client, if folks are interested in
helping out. </div>
<div><br>
</div>
<div><br>
</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div style="font-family:-moz-fixed;font-size:12px" lang="x-western"> <br>
<br>
<br>
Here's the HTTP error log if I don't make the above
change:<br>
<br>
<br>
[Thu Apr 12 11:21:13 2012] [info] Initial (No.1) HTTPS
request received for chil<br>
d 7 (server <a href="http://ayoungstack.bos.redhat.com:443" target="_blank">ayoungstack.bos.redhat.com:443</a>)<br>
[Thu Apr 12 11:21:13 2012] [info] [client 10.16.187.36]
mod_wsgi (pid=8747, proc<br>
ess='', application='<a href="http://ayoungstack.bos.redhat.com" target="_blank">ayoungstack.bos.redhat.com</a>|/quantum/api'):
Loading WSGI scr<br>
ipt '/var/www/cgi-bin/quantum/api'.<br>
[Thu Apr 12 11:21:13 2012] [error]
ERROR:quantum.extensions.extensions:Extension<br>
path "/etc/quantum/extension" doesn't exist!<br>
[Thu Apr 12 11:21:13 2012] [error]
WARNING:quantum.extensions.extensions:extensi<br>
on file portstats.py wasnt loaded due to cannot import
name extensions<br>
[Thu Apr 12 11:21:13 2012] [error]
WARNING:quantum.extensions.extensions:extensi<br>
on Cisco Nova Tenant not supported by plugin
<quantum.plugins.openvswitch.ovs_qu<br>
antum_plugin.OVSQuantumPlugin object at
0x7f1fae80e450><br>
[Thu Apr 12 11:21:13 2012] [error]
WARNING:quantum.extensions.extensions:extensi<br>
on Cisco Port Profile not supported by plugin
<quantum.plugins.openvswitch.ovs_q<br>
uantum_plugin.OVSQuantumPlugin object at
0x7f1fae80e450><br>
[Thu Apr 12 11:21:13 2012] [error]
WARNING:quantum.extensions.extensions:extensi<br>
on Cisco Multiport not supported by plugin
<quantum.plugins.openvswitch.ovs_quan<br>
tum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450><br>
[Thu Apr 12 11:21:13 2012] [error]
WARNING:quantum.extensions.extensions:Did not<br>
find expected name "Extensions" in
/opt/stack/quantum/quantum/extensions/extens<br>
ions.py<br>
<br>
</div>
</div>
<br>
_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
Dan Wendlandt
<div>Nicira, Inc: <a href="http://www.nicira.com" target="_blank">www.nicira.com</a><br>
<div>twitter: danwendlandt<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
</div>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>Dan Wendlandt <div>Nicira, Inc: <a href="http://www.nicira.com" target="_blank">www.nicira.com</a><br><div>twitter: danwendlandt<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~<br></div></div><br>