← Back to team overview

openstack team mailing list archive

Quantum and HTTPD

 

Over the past day or so, I've made an effort to get Quantum running in HTTPD.

My rationale has been to provide:

1. Native SSL support
2. IPv6
3. Certificate based Authentication

My goal has been to do this all on Essex without changing the projects' python code base. I'm attempting to do this for all of the Openstack components, and since Quantum has no dependencies, it seemed a good next step after Keystone.


The obvious way to set it up should be to use a wsgi file with just


from paste.deploy.loadwsgi  import loadapp
application = loadapp('config:/etc/quantum/quantum.conf', 'quantum')

But it fails due to issues finding the plugins (error log at the end of the message). It deploys cleanly once I made the following changes to quantum.

--- a/quantum/extensions/extensions.py
+++ b/quantum/extensions/extensions.py
@@ -538,8 +538,9 @@ class ResourceExtension(object):
 # Returns the extention paths from a config entry and the __path__
 # of quantum.extensions
 def get_extensions_path(config=None):
-    paths = ':'.join(quantum.extensions.__path__)
-    if config:
-        paths = ':'.join([config.get('api_extensions_path', ''), paths])
+#    paths = ':'.join(quantum.extensions.__path__)
+    paths = "/etc/quantum/plugins/"
+#    if config:
+#        paths = ':'.join([config.get('api_extensions_path', ''), paths])

     return paths

Without this, there is a spurious error message due to the leading ':' which puts a blank first element to the path. It also fails to find the extensions path regardless of values put into config files etc. It is this last issue which leads me to highly suggest we push Quantum to get on the openstack-common bandwagon, as its Config file processing is confusing and, I think, broken for the general case.


The other issue which leads me to suspect this approach won't work is the fact that the quantum command line client accepts a hostname and a port, but not an URL. So, while we could deploy quantum behind HTTPD and port 443, it would basically be the root of the HTTP directory, and we wouldn't be able to share the HTTPD instance. We couldn't do

https://hostname/quantum

and put it next to

https://hostname/keystone


Again, not without a code change.

Finally, there seems to be some support for SSL in Quantum. I note that the quantum client has the option

-s, --ssl             use ssl

which leads me to believe that it has been at least attempted. It may be that the quantum server would not be severely impacted by the overhead of SSL in Python.



Here's the HTTP error log if I don't make the above change:


[Thu Apr 12 11:21:13 2012] [info] Initial (No.1) HTTPS request received for chil
d 7 (server ayoungstack.bos.redhat.com:443)
[Thu Apr 12 11:21:13 2012] [info] [client 10.16.187.36] mod_wsgi (pid=8747, proc ess='', application='ayoungstack.bos.redhat.com|/quantum/api'): Loading WSGI scr
ipt '/var/www/cgi-bin/quantum/api'.
[Thu Apr 12 11:21:13 2012] [error] ERROR:quantum.extensions.extensions:Extension
 path "/etc/quantum/extension" doesn't exist!
[Thu Apr 12 11:21:13 2012] [error] WARNING:quantum.extensions.extensions:extensi
on file portstats.py wasnt loaded due to cannot import name extensions
[Thu Apr 12 11:21:13 2012] [error] WARNING:quantum.extensions.extensions:extensi on Cisco Nova Tenant not supported by plugin <quantum.plugins.openvswitch.ovs_qu
antum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
[Thu Apr 12 11:21:13 2012] [error] WARNING:quantum.extensions.extensions:extensi on Cisco Port Profile not supported by plugin <quantum.plugins.openvswitch.ovs_q
uantum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
[Thu Apr 12 11:21:13 2012] [error] WARNING:quantum.extensions.extensions:extensi on Cisco Multiport not supported by plugin <quantum.plugins.openvswitch.ovs_quan
tum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
[Thu Apr 12 11:21:13 2012] [error] WARNING:quantum.extensions.extensions:Did not find expected name "Extensions" in /opt/stack/quantum/quantum/extensions/extens
ions.py


Follow ups