yahoo-eng-team team mailing list archive

[OpenStack Infra <1734491@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/523403
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=b2e02f5147d79eaf4fd935507590fec5a0ba7ccf
Submitter: Zuul
Branch:    master

commit b2e02f5147d79eaf4fd935507590fec5a0ba7ccf
Author: Chris Dent <cdent@xxxxxxxxxxxxx>
Date:   Tue Nov 28 12:44:44 2017 +0000

    [placement] re-use existing conf with auth token middleware
    
    If 'oslo_config_project' is passed to the auth_token filter
    factory, the mechanism in nova.api.openstack.placement.wsgi for
    overriding the location of the configuration file is ignored
    meaning that expected custom configuration is also ignored.
    
    Instead pass the already existing conf with 'olso_config_config'
    parameter.
    
    The unit test in test_deploy.py shows that the configuration
    settings get passed to the middleware and used by testing the
    value of the 'WWW-Authenticate' header (which comes from a few
    different configuration settings, of which is 'auth_uri') in
    a response generated by the placement WSGI application.
    The same test against the previous deploy.py code fails.
    
    Change-Id: I61d20c5d19797f7e66648c7864a632f3328be8ce
    Closes-Bug: #1734491


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1734491

Title:
  placement keystonemiddleware_authtoken ignores OS_PLACEMENT_CONFIG_DIR

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  In placement master, late November 2017, the deploy.py file is
  responsible for building the WSGI middleware stack, including loading
  the keystonemiddleware.

             auth_middleware = auth_token.filter_factory(
              {}, oslo_config_project=project_name)

  This mode of loading means that the middleware itself is responsible
  for finding and reading the project conf file (nova.conf for now).

  Whereas the general the conf loading done in wsgi.py is aware of an
  OS_PLACEMENT_CONFIG_DIR env, the filter_factory loading above is not.

  This can lead to some pretty confusing situations where custom config,
  for things like the database, from custom locations are visible in the
  placement service, but authtoken config is not.

  Only after pulling all hair from head does it become clear what's
  happening.

  So we should fix that. It _may_ be as simple as adding similar file
  handling as used in wsgi.py, but it's not clear if the arg will get
  passed through. Further experimentation required.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1734491/+subscriptions