stackhpc
diff --git a/‎nova/api/openstack/compute/console_auth_tokens.py
Lines changed: 13 additions & 19 deletions b/‎nova/api/openstack/compute/console_auth_tokens.py
Lines changed: 13 additions & 19 deletions
diff --git a/‎nova/api/openstack/compute/hosts.py
Lines changed: 0 additions & 3 deletions b/‎nova/api/openstack/compute/hosts.py
Lines changed: 0 additions & 3 deletions
diff --git a/‎nova/cmd/consoleauth.py
Lines changed: 0 additions & 50 deletions b/‎nova/cmd/consoleauth.py
Lines changed: 0 additions & 50 deletions
diff --git a/‎nova/compute/api.py
Lines changed: 0 additions & 73 deletions b/‎nova/compute/api.py
Lines changed: 0 additions & 73 deletions
diff --git a/‎nova/conf/compute.py
Lines changed: 1 addition & 1 deletion b/‎nova/conf/compute.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎nova/conf/consoleauth.py
Lines changed: 0 additions & 4 deletions b/‎nova/conf/consoleauth.py
Lines changed: 0 additions & 4 deletions
diff --git a/‎nova/conf/upgrade_levels.py
Lines changed: 0 additions & 18 deletions b/‎nova/conf/upgrade_levels.py
Lines changed: 0 additions & 18 deletions
diff --git a/‎nova/conf/workarounds.py
Lines changed: 0 additions & 32 deletions b/‎nova/conf/workarounds.py
Lines changed: 0 additions & 32 deletions
diff --git a/‎nova/console/websocketproxy.py
Lines changed: 2 additions & 28 deletions b/‎nova/console/websocketproxy.py
Lines changed: 2 additions & 28 deletions
@@ -17,7 +17,6 @@
 
 from nova.api.openstack import wsgi
 import nova.conf
-from nova.consoleauth import rpcapi as consoleauth_rpcapi
 from nova import context as nova_context
 from nova.i18n import _
 from nova import objects
@@ -27,9 +26,6 @@
 
 
 class ConsoleAuthTokensController(wsgi.Controller):
-    def __init__(self):
-        super(ConsoleAuthTokensController, self).__init__()
-        self._consoleauth_rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
 
     def _show(self, req, id, rdp_only):
         """Checks a console auth token and returns the related connect info."""
@@ -42,21 +38,19 @@ def _show(self, req, id, rdp_only):
             raise webob.exc.HTTPBadRequest(explanation=msg)
 
         connect_info = None
-        if CONF.workarounds.enable_consoleauth:
-            connect_info = self._consoleauth_rpcapi.check_token(context, token)
-        else:
-            results = nova_context.scatter_gather_skip_cell0(
-                context, objects.ConsoleAuthToken.validate, token)
-            # NOTE(melwitt): Console token auths are stored in cell databases,
-            # but with only the token as a request param, we can't know which
-            # cell database contains the token's corresponding connection info.
-            # So, we must query all cells for the info and we can break the
-            # loop as soon as we find a result because the token is associated
-            # with one instance, which can only be in one cell.
-            for result in results.values():
-                if not nova_context.is_cell_failure_sentinel(result):
-                    connect_info = result.to_dict()
-                    break
+
+        results = nova_context.scatter_gather_skip_cell0(
+            context, objects.ConsoleAuthToken.validate, token)
+        # NOTE(melwitt): Console token auths are stored in cell databases,
+        # but with only the token as a request param, we can't know which
+        # cell database contains the token's corresponding connection info.
+        # So, we must query all cells for the info and we can break the
+        # loop as soon as we find a result because the token is associated
+        # with one instance, which can only be in one cell.
+        for result in results.values():
+            if not nova_context.is_cell_failure_sentinel(result):
+                connect_info = result.to_dict()
+                break
 
         if not connect_info:
             raise webob.exc.HTTPNotFound(explanation=_("Token not found"))
 
@@ -53,9 +53,6 @@ def index(self, req):
         |    {'host_name': 'some.celly.host.name',
         |     'service': 'cells',
         |     'zone': 'internal'},
-        |    {'host_name': 'console1.host.com',
-        |     'service': 'consoleauth',
-        |     'zone': 'internal'},
         |    {'host_name': 'network1.host.com',
         |     'service': 'network',
         |     'zone': 'internal'},
 
@@ -51,7 +51,6 @@
 from nova.compute import vm_states
 from nova import conductor
 import nova.conf
-from nova.consoleauth import rpcapi as consoleauth_rpcapi
 from nova import context as nova_context
 from nova import crypto
 from nova.db import base
@@ -259,7 +258,6 @@ def __init__(self, image_api=None, network_api=None, volume_api=None,
         self._placementclient = None  # Lazy-load on first access.
         self.security_group_api = (security_group_api or
             openstack_driver.get_openstack_security_group_driver())
-        self.consoleauth_rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
         self.compute_rpcapi = compute_rpcapi.ComputeAPI()
         self.compute_task_api = conductor.ComputeTaskAPI()
         self.servicegroup_api = servicegroup.API()
@@ -2066,13 +2064,6 @@ def _delete(self, context, instance, delete_type, cb, **instance_attrs):
             instance.progress = 0
             instance.save()
 
-            if CONF.workarounds.enable_consoleauth:
-                # TODO(melwitt): Remove the conditions for running this line
-                # with cells v2, when consoleauth is no longer being used by
-                # cells v2, in Stein.
-                self.consoleauth_rpcapi.delete_tokens_for_instance(
-                    context, instance.uuid)
-
             if not instance.host and not may_have_ports_or_volumes:
                 try:
                     with compute_utils.notify_about_instance_delete(
@@ -3803,18 +3794,6 @@ def get_vnc_console(self, context, instance, console_type):
         """Get a url to an instance Console."""
         connect_info = self.compute_rpcapi.get_vnc_console(context,
                 instance=instance, console_type=console_type)
-
-        # TODO(melwitt): In Rocky, the compute manager puts the
-        # console authorization in the database in the above method.
-        # The following will be removed when everything has been
-        # converted to use the database, in Stein.
-        if CONF.workarounds.enable_consoleauth:
-            self.consoleauth_rpcapi.authorize_console(context,
-                    connect_info['token'], console_type,
-                    connect_info['host'], connect_info['port'],
-                    connect_info['internal_access_path'], instance.uuid,
-                    access_url=connect_info['access_url'])
-
         return {'url': connect_info['access_url']}
 
     @check_instance_host
@@ -3824,17 +3803,6 @@ def get_spice_console(self, context, instance, console_type):
         """Get a url to an instance Console."""
         connect_info = self.compute_rpcapi.get_spice_console(context,
                 instance=instance, console_type=console_type)
-        # TODO(melwitt): In Rocky, the compute manager puts the
-        # console authorization in the database in the above method.
-        # The following will be removed when everything has been
-        # converted to use the database, in Stein.
-        if CONF.workarounds.enable_consoleauth:
-            self.consoleauth_rpcapi.authorize_console(context,
-                    connect_info['token'], console_type,
-                    connect_info['host'], connect_info['port'],
-                    connect_info['internal_access_path'], instance.uuid,
-                    access_url=connect_info['access_url'])
-
         return {'url': connect_info['access_url']}
 
     @check_instance_host
@@ -3844,17 +3812,6 @@ def get_rdp_console(self, context, instance, console_type):
         """Get a url to an instance Console."""
         connect_info = self.compute_rpcapi.get_rdp_console(context,
                 instance=instance, console_type=console_type)
-        # TODO(melwitt): In Rocky, the compute manager puts the
-        # console authorization in the database in the above method.
-        # The following will be removed when everything has been
-        # converted to use the database, in Stein.
-        if CONF.workarounds.enable_consoleauth:
-            self.consoleauth_rpcapi.authorize_console(context,
-                    connect_info['token'], console_type,
-                    connect_info['host'], connect_info['port'],
-                    connect_info['internal_access_path'], instance.uuid,
-                    access_url=connect_info['access_url'])
-
         return {'url': connect_info['access_url']}
 
     @check_instance_host
@@ -3864,17 +3821,6 @@ def get_serial_console(self, context, instance, console_type):
         """Get a url to a serial console."""
         connect_info = self.compute_rpcapi.get_serial_console(context,
                 instance=instance, console_type=console_type)
-
-        # TODO(melwitt): In Rocky, the compute manager puts the
-        # console authorization in the database in the above method.
-        # The following will be removed when everything has been
-        # converted to use the database, in Stein.
-        if CONF.workarounds.enable_consoleauth:
-            self.consoleauth_rpcapi.authorize_console(context,
-                    connect_info['token'], console_type,
-                    connect_info['host'], connect_info['port'],
-                    connect_info['internal_access_path'], instance.uuid,
-                    access_url=connect_info['access_url'])
         return {'url': connect_info['access_url']}
 
     @check_instance_host
@@ -3884,16 +3830,6 @@ def get_mks_console(self, context, instance, console_type):
         """Get a url to a MKS console."""
         connect_info = self.compute_rpcapi.get_mks_console(context,
                 instance=instance, console_type=console_type)
-        # TODO(melwitt): In Rocky, the compute manager puts the
-        # console authorization in the database in the above method.
-        # The following will be removed when everything has been
-        # converted to use the database, in Stein.
-        if CONF.workarounds.enable_consoleauth:
-            self.consoleauth_rpcapi.authorize_console(context,
-                    connect_info['token'], console_type,
-                    connect_info['host'], connect_info['port'],
-                    connect_info['internal_access_path'], instance.uuid,
-                    access_url=connect_info['access_url'])
         return {'url': connect_info['access_url']}
 
     @check_instance_host
@@ -4493,15 +4429,6 @@ def live_migrate(self, context, instance, block_migration,
         self._record_action_start(context, instance,
                                   instance_actions.LIVE_MIGRATION)
 
-        # TODO(melwitt): In Rocky, we optionally store console authorizations
-        # in both the consoleauth service and the database while
-        # we convert to using the database. Remove the condition for running
-        # this line with cells v2, when consoleauth is no longer being used by
-        # cells v2, in Stein.
-        if CONF.workarounds.enable_consoleauth:
-            self.consoleauth_rpcapi.delete_tokens_for_instance(
-                context, instance.uuid)
-
         # NOTE(sbauza): Force is a boolean by the new related API version
         if force is False and host_name:
             # Unset the host to make sure we call the scheduler
 
@@ -1289,7 +1289,7 @@
 to register new compute services in disabled state and then enabled them at a
 later point in time. This option only sets this behavior for nova-compute
 services, it does not auto-disable other services like nova-conductor,
-nova-scheduler, nova-consoleauth, or nova-osapi_compute.
+nova-scheduler, or nova-osapi_compute.
 
 Possible values:
 
 
@@ -32,10 +32,6 @@
 A console auth token is used in authorizing console access for a user.
 Once the auth token time to live count has elapsed, the token is
 considered expired.  Expired tokens are then deleted.
-
-Related options:
-
-* ``[workarounds]/enable_consoleauth``
 """)
 ]
 
 
@@ -108,24 +108,6 @@
 
 Possible values:
 
-* By default send the latest version the client knows about
-* A string representing a version number in the format 'N.N';
-  for example, possible values might be '1.12' or '2.0'.
-* An OpenStack release name, in lower case, such as 'mitaka' or
-  'liberty'.
-"""),
-    cfg.StrOpt('consoleauth',
-        deprecated_for_removal=True,
-        deprecated_since='18.0.0',
-        deprecated_reason="""
-The nova-consoleauth service was deprecated in 18.0.0 (Rocky) and will be
-removed in an upcoming release.
-""",
-        help="""
-Consoleauth RPC API version cap.
-
-Possible values:
-
 * By default send the latest version the client knows about
 * A string representing a version number in the format 'N.N';
   for example, possible values might be '1.12' or '2.0'.
 
@@ -154,38 +154,6 @@
   compute service to the scheduler service.
 """),
 
-    cfg.BoolOpt(
-        'enable_consoleauth',
-        default=False,
-        deprecated_for_removal=True,
-        deprecated_since="18.0.0",
-        deprecated_reason="""
-This option has been added as deprecated originally because it is used
-for avoiding a upgrade issue and it will not be used in the future.
-See the help text for more details.
-""",
-        help="""
-Enable the consoleauth service to avoid resetting unexpired consoles.
-
-Console token authorizations have moved from the ``nova-consoleauth`` service
-to the database, so all new consoles will be supported by the database backend.
-With this, consoles that existed before database backend support will be reset.
-For most operators, this should be a minimal disruption as the default TTL of a
-console token is 10 minutes.
-
-Operators that have much longer token TTL configured or otherwise wish to avoid
-immediately resetting all existing consoles can enable this flag to continue
-using the ``nova-consoleauth`` service in addition to the database backend.
-Once all of the old ``nova-consoleauth`` supported console tokens have expired,
-this flag should be disabled. For example, if a deployment has configured a
-token TTL of one hour, the operator may disable the flag, one hour after
-deploying the new code during an upgrade.
-
-Related options:
-
-* ``[consoleauth]/token_ttl``
-"""),
-
     cfg.BoolOpt(
         'enable_numa_live_migration',
         default=False,
 
@@ -30,7 +30,6 @@
 
 from nova.compute import rpcapi as compute_rpcapi
 import nova.conf
-from nova.consoleauth import rpcapi as consoleauth_rpcapi
 from nova import context
 from nova import exception
 from nova.i18n import _
@@ -125,14 +124,8 @@ def _check_console_port(self, ctxt, instance_uuid, port, console_type):
                                                          str(port),
                                                          console_type)
 
-    def _get_connect_info_consoleauth(self, ctxt, token):
-        # NOTE(PaulMurray) consoleauth check_token() validates the token
-        # and does an rpc to compute manager to check the console port
-        # is correct.
-        rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
-        return rpcapi.check_token(ctxt, token=token)
-
-    def _get_connect_info_database(self, ctxt, token):
+    def _get_connect_info(self, ctxt, token):
+        """Validate the token and get the connect info."""
         # NOTE(PaulMurray) ConsoleAuthToken.validate validates the token.
         # We call the compute manager directly to check the console port
         # is correct.
@@ -147,25 +140,6 @@ def _get_connect_info_database(self, ctxt, token):
 
         return connect_info
 
-    def _get_connect_info(self, ctxt, token):
-        """Validate the token and get the connect info."""
-        connect_info = None
-
-        # NOTE(melwitt): If consoleauth is enabled to aid in transitioning
-        # to the database backend, check it first before falling back to
-        # the database. Tokens that existed pre-database-backend will
-        # reside in the consoleauth service storage.
-        if CONF.workarounds.enable_consoleauth:
-            connect_info = self._get_connect_info_consoleauth(ctxt, token)
-        # If consoleauth is enabled to aid in transitioning to the database
-        # backend and we didn't find a token in the consoleauth service
-        # storage, check the database for a token because it's probably a
-        # post-database-backend token, which are stored in the database.
-        if not connect_info:
-            connect_info = self._get_connect_info_database(ctxt, token)
-
-        return connect_info
-
     def new_websocket_client(self):
         """Called after a new WebSocket connection has been established."""
         # Reopen the eventlet hub to make sure we don't share an epoll