openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #09966
Quantum and HTTPD
Over the past day or so, I've made an effort to get Quantum running in
HTTPD.
My rationale has been to provide:
1. Native SSL support
2. IPv6
3. Certificate based Authentication
My goal has been to do this all on Essex without changing the projects'
python code base. I'm attempting to do this for all of the Openstack
components, and since Quantum has no dependencies, it seemed a good
next step after Keystone.
The obvious way to set it up should be to use a wsgi file with just
from paste.deploy.loadwsgi import loadapp
application = loadapp('config:/etc/quantum/quantum.conf', 'quantum')
But it fails due to issues finding the plugins (error log at the end of
the message). It deploys cleanly once I made the following changes to
quantum.
--- a/quantum/extensions/extensions.py
+++ b/quantum/extensions/extensions.py
@@ -538,8 +538,9 @@ class ResourceExtension(object):
# Returns the extention paths from a config entry and the __path__
# of quantum.extensions
def get_extensions_path(config=None):
- paths = ':'.join(quantum.extensions.__path__)
- if config:
- paths = ':'.join([config.get('api_extensions_path', ''), paths])
+# paths = ':'.join(quantum.extensions.__path__)
+ paths = "/etc/quantum/plugins/"
+# if config:
+# paths = ':'.join([config.get('api_extensions_path', ''), paths])
return paths
Without this, there is a spurious error message due to the leading ':'
which puts a blank first element to the path. It also fails to find the
extensions path regardless of values put into config files etc. It is
this last issue which leads me to highly suggest we push Quantum to get
on the openstack-common bandwagon, as its Config file processing is
confusing and, I think, broken for the general case.
The other issue which leads me to suspect this approach won't work is
the fact that the quantum command line client accepts a hostname and a
port, but not an URL. So, while we could deploy quantum behind HTTPD
and port 443, it would basically be the root of the HTTP directory,
and we wouldn't be able to share the HTTPD instance. We couldn't do
https://hostname/quantum
and put it next to
https://hostname/keystone
Again, not without a code change.
Finally, there seems to be some support for SSL in Quantum. I note
that the quantum client has the option
-s, --ssl use ssl
which leads me to believe that it has been at least attempted. It may
be that the quantum server would not be severely impacted by the
overhead of SSL in Python.
Here's the HTTP error log if I don't make the above change:
[Thu Apr 12 11:21:13 2012] [info] Initial (No.1) HTTPS request received
for chil
d 7 (server ayoungstack.bos.redhat.com:443)
[Thu Apr 12 11:21:13 2012] [info] [client 10.16.187.36] mod_wsgi
(pid=8747, proc
ess='', application='ayoungstack.bos.redhat.com|/quantum/api'): Loading
WSGI scr
ipt '/var/www/cgi-bin/quantum/api'.
[Thu Apr 12 11:21:13 2012] [error]
ERROR:quantum.extensions.extensions:Extension
path "/etc/quantum/extension" doesn't exist!
[Thu Apr 12 11:21:13 2012] [error]
WARNING:quantum.extensions.extensions:extensi
on file portstats.py wasnt loaded due to cannot import name extensions
[Thu Apr 12 11:21:13 2012] [error]
WARNING:quantum.extensions.extensions:extensi
on Cisco Nova Tenant not supported by plugin
<quantum.plugins.openvswitch.ovs_qu
antum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
[Thu Apr 12 11:21:13 2012] [error]
WARNING:quantum.extensions.extensions:extensi
on Cisco Port Profile not supported by plugin
<quantum.plugins.openvswitch.ovs_q
uantum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
[Thu Apr 12 11:21:13 2012] [error]
WARNING:quantum.extensions.extensions:extensi
on Cisco Multiport not supported by plugin
<quantum.plugins.openvswitch.ovs_quan
tum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
[Thu Apr 12 11:21:13 2012] [error]
WARNING:quantum.extensions.extensions:Did not
find expected name "Extensions" in
/opt/stack/quantum/quantum/extensions/extens
ions.py
Follow ups