← Back to team overview

openstack team mailing list archive

Re: Quantum and HTTPD

 

On 04/12/2012 01:05 PM, Dan Wendlandt wrote:
Hi Adam, cool stuff!

Thanks for reporting the issues. I'm in favor of both changes your suggest. Any interest on working on the openstack common stuff? More details inline.

I'll probably help out with common stuff across the board, especially WRT to running in HTTPD and PKI/Cert issues come up. My sorter term goal is to harden an Essex deploy so that it can be used in places where the policies dictate SSL for all communications.

Thanks for validating what I saw. Nice to know I don't have to beat my head against it for too long.

Any idea how mature the SSL support is that Quantum is using right now?


Dan

On Thu, Apr 12, 2012 at 8:26 AM, Adam Young <ayoung@xxxxxxxxxx <mailto:ayoung@xxxxxxxxxx>> wrote:


    from paste.deploy.loadwsgi  import loadapp
    application = loadapp('config:/etc/quantum/quantum.conf', 'quantum')

    But it fails due to issues finding the plugins (error log at the
    end of the message). It deploys cleanly once I made the following
    changes to quantum.

    --- a/quantum/extensions/extensions.py
    +++ b/quantum/extensions/extensions.py
    @@ -538,8 +538,9 @@ class ResourceExtension(object):
     # Returns the extention paths from a config entry and the __path__
     # of quantum.extensions
     def get_extensions_path(config=None):
    -    paths = ':'.join(quantum.extensions.__path__)
    -    if config:
    -        paths = ':'.join([config.get('api_extensions_path', ''),
    paths])
    +#    paths = ':'.join(quantum.extensions.__path__)
    +    paths = "//etc/quantum/plugins//"
    +#    if config:
    +#        paths = ':'.join([config.get('api_extensions_path', ''),
    paths])

         return paths

    Without this, there is a spurious error message due to the leading
    ':'  which puts a blank first element to the path.  It also fails
    to find the extensions path regardless of values put into config
    files etc.  It is this last issue which leads me to highly suggest
    we push Quantum to get on the openstack-common bandwagon,  as its
    Config file processing is confusing and,  I think, broken for the
    general case.


I'm a big proponent of using openstack common as much as possible in Quantum. Much of this existing code was ripped from nova/glance/etc. and is probably now out of date. I created a page in the wiki identifying areas in quantum that are ripe for using openstack-common: http://wiki.openstack.org/QuantumOpenstackCommon . Config if right at the top :)


    The other issue which leads me to suspect this approach won't work
    is the fact that the quantum command line client accepts a
    hostname and a port,  but not an URL.  So,  while we could deploy
    quantum behind HTTPD and port 443,  it would basically be the root
    of the HTTP directory,  and we wouldn't be able to share the HTTPD
    instance.  We couldn't do

    https://hostname/quantum

    and put it next to

    https://hostname/keystone


    Again, not without a code change.

    Finally,  there seems to be some support for SSL in Quantum.  I
    note that the quantum client has   the option

    -s, --ssl             use ssl

    which leads me to believe that it has been at least attempted.  It
    may be that the quantum server would not be severely impacted by
    the overhead of SSL in Python.


The quantum client is going to get a complete re-write in Folsom, as this is one of our key community projects listed on the wiki: http://wiki.openstack.org/QuantumStarterBugs

This new client will match other openstack clients in terms of options, etc. This should mean that you can specify the endpoint as a URL, which should take care of both the SSL and the non-root issues, if I'm understanding you correctly.

Jason Koelker will be leading a session in the Quantum track on redesigning the client, if folks are interested in helping out.





    Here's the HTTP error log if I don't make the above change:


    [Thu Apr 12 11:21:13 2012] [info] Initial (No.1) HTTPS request
    received for chil
    d 7 (server ayoungstack.bos.redhat.com:443
    <http://ayoungstack.bos.redhat.com:443>)
    [Thu Apr 12 11:21:13 2012] [info] [client 10.16.187.36] mod_wsgi
    (pid=8747, proc
    ess='', application='ayoungstack.bos.redhat.com
    <http://ayoungstack.bos.redhat.com>|/quantum/api'): Loading WSGI scr
    ipt '/var/www/cgi-bin/quantum/api'.
    [Thu Apr 12 11:21:13 2012] [error]
    ERROR:quantum.extensions.extensions:Extension
     path "/etc/quantum/extension" doesn't exist!
    [Thu Apr 12 11:21:13 2012] [error]
    WARNING:quantum.extensions.extensions:extensi
    on file portstats.py wasnt loaded due to cannot import name extensions
    [Thu Apr 12 11:21:13 2012] [error]
    WARNING:quantum.extensions.extensions:extensi
    on Cisco Nova Tenant not supported by plugin
    <quantum.plugins.openvswitch.ovs_qu
    antum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
    [Thu Apr 12 11:21:13 2012] [error]
    WARNING:quantum.extensions.extensions:extensi
    on Cisco Port Profile not supported by plugin
    <quantum.plugins.openvswitch.ovs_q
    uantum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
    [Thu Apr 12 11:21:13 2012] [error]
    WARNING:quantum.extensions.extensions:extensi
    on Cisco Multiport not supported by plugin
    <quantum.plugins.openvswitch.ovs_quan
    tum_plugin.OVSQuantumPlugin object at 0x7f1fae80e450>
    [Thu Apr 12 11:21:13 2012] [error]
    WARNING:quantum.extensions.extensions:Did not
     find expected name "Extensions" in
    /opt/stack/quantum/quantum/extensions/extens
    ions.py


    _______________________________________________
    Mailing list: https://launchpad.net/~openstack
    <https://launchpad.net/%7Eopenstack>
    Post to     : openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
    Unsubscribe : https://launchpad.net/~openstack
    <https://launchpad.net/%7Eopenstack>
    More help   : https://help.launchpad.net/ListHelp




--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dan Wendlandt
Nicira, Inc: www.nicira.com <http://www.nicira.com>
twitter: danwendlandt
~~~~~~~~~~~~~~~~~~~~~~~~~~~



Follow ups

References