Skip to content

Commit 5fece42

Browse files
Zuulopenstack-gerrit
authored andcommitted
Merge "Remove nova-consoleauth"
2 parents 08113fe + 2398b78 commit 5fece42

24 files changed

+61
-1081
lines changed

nova/api/openstack/compute/console_auth_tokens.py

Lines changed: 13 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@
1717

1818
from nova.api.openstack import wsgi
1919
import nova.conf
20-
from nova.consoleauth import rpcapi as consoleauth_rpcapi
2120
from nova import context as nova_context
2221
from nova.i18n import _
2322
from nova import objects
@@ -27,9 +26,6 @@
2726

2827

2928
class ConsoleAuthTokensController(wsgi.Controller):
30-
def __init__(self):
31-
super(ConsoleAuthTokensController, self).__init__()
32-
self._consoleauth_rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
3329

3430
def _show(self, req, id, rdp_only):
3531
"""Checks a console auth token and returns the related connect info."""
@@ -42,21 +38,19 @@ def _show(self, req, id, rdp_only):
4238
raise webob.exc.HTTPBadRequest(explanation=msg)
4339

4440
connect_info = None
45-
if CONF.workarounds.enable_consoleauth:
46-
connect_info = self._consoleauth_rpcapi.check_token(context, token)
47-
else:
48-
results = nova_context.scatter_gather_skip_cell0(
49-
context, objects.ConsoleAuthToken.validate, token)
50-
# NOTE(melwitt): Console token auths are stored in cell databases,
51-
# but with only the token as a request param, we can't know which
52-
# cell database contains the token's corresponding connection info.
53-
# So, we must query all cells for the info and we can break the
54-
# loop as soon as we find a result because the token is associated
55-
# with one instance, which can only be in one cell.
56-
for result in results.values():
57-
if not nova_context.is_cell_failure_sentinel(result):
58-
connect_info = result.to_dict()
59-
break
41+
42+
results = nova_context.scatter_gather_skip_cell0(
43+
context, objects.ConsoleAuthToken.validate, token)
44+
# NOTE(melwitt): Console token auths are stored in cell databases,
45+
# but with only the token as a request param, we can't know which
46+
# cell database contains the token's corresponding connection info.
47+
# So, we must query all cells for the info and we can break the
48+
# loop as soon as we find a result because the token is associated
49+
# with one instance, which can only be in one cell.
50+
for result in results.values():
51+
if not nova_context.is_cell_failure_sentinel(result):
52+
connect_info = result.to_dict()
53+
break
6054

6155
if not connect_info:
6256
raise webob.exc.HTTPNotFound(explanation=_("Token not found"))

nova/api/openstack/compute/hosts.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -53,9 +53,6 @@ def index(self, req):
5353
| {'host_name': 'some.celly.host.name',
5454
| 'service': 'cells',
5555
| 'zone': 'internal'},
56-
| {'host_name': 'console1.host.com',
57-
| 'service': 'consoleauth',
58-
| 'zone': 'internal'},
5956
| {'host_name': 'network1.host.com',
6057
| 'service': 'network',
6158
| 'zone': 'internal'},

nova/cmd/consoleauth.py

Lines changed: 0 additions & 50 deletions
This file was deleted.

nova/compute/api.py

Lines changed: 0 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,6 @@
5151
from nova.compute import vm_states
5252
from nova import conductor
5353
import nova.conf
54-
from nova.consoleauth import rpcapi as consoleauth_rpcapi
5554
from nova import context as nova_context
5655
from nova import crypto
5756
from nova.db import base
@@ -259,7 +258,6 @@ def __init__(self, image_api=None, network_api=None, volume_api=None,
259258
self._placementclient = None # Lazy-load on first access.
260259
self.security_group_api = (security_group_api or
261260
openstack_driver.get_openstack_security_group_driver())
262-
self.consoleauth_rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
263261
self.compute_rpcapi = compute_rpcapi.ComputeAPI()
264262
self.compute_task_api = conductor.ComputeTaskAPI()
265263
self.servicegroup_api = servicegroup.API()
@@ -2057,13 +2055,6 @@ def _delete(self, context, instance, delete_type, cb, **instance_attrs):
20572055
instance.progress = 0
20582056
instance.save()
20592057

2060-
if CONF.workarounds.enable_consoleauth:
2061-
# TODO(melwitt): Remove the conditions for running this line
2062-
# with cells v2, when consoleauth is no longer being used by
2063-
# cells v2, in Stein.
2064-
self.consoleauth_rpcapi.delete_tokens_for_instance(
2065-
context, instance.uuid)
2066-
20672058
if not instance.host and not may_have_ports_or_volumes:
20682059
try:
20692060
with compute_utils.notify_about_instance_delete(
@@ -3789,18 +3780,6 @@ def get_vnc_console(self, context, instance, console_type):
37893780
"""Get a url to an instance Console."""
37903781
connect_info = self.compute_rpcapi.get_vnc_console(context,
37913782
instance=instance, console_type=console_type)
3792-
3793-
# TODO(melwitt): In Rocky, the compute manager puts the
3794-
# console authorization in the database in the above method.
3795-
# The following will be removed when everything has been
3796-
# converted to use the database, in Stein.
3797-
if CONF.workarounds.enable_consoleauth:
3798-
self.consoleauth_rpcapi.authorize_console(context,
3799-
connect_info['token'], console_type,
3800-
connect_info['host'], connect_info['port'],
3801-
connect_info['internal_access_path'], instance.uuid,
3802-
access_url=connect_info['access_url'])
3803-
38043783
return {'url': connect_info['access_url']}
38053784

38063785
@check_instance_host
@@ -3810,17 +3789,6 @@ def get_spice_console(self, context, instance, console_type):
38103789
"""Get a url to an instance Console."""
38113790
connect_info = self.compute_rpcapi.get_spice_console(context,
38123791
instance=instance, console_type=console_type)
3813-
# TODO(melwitt): In Rocky, the compute manager puts the
3814-
# console authorization in the database in the above method.
3815-
# The following will be removed when everything has been
3816-
# converted to use the database, in Stein.
3817-
if CONF.workarounds.enable_consoleauth:
3818-
self.consoleauth_rpcapi.authorize_console(context,
3819-
connect_info['token'], console_type,
3820-
connect_info['host'], connect_info['port'],
3821-
connect_info['internal_access_path'], instance.uuid,
3822-
access_url=connect_info['access_url'])
3823-
38243792
return {'url': connect_info['access_url']}
38253793

38263794
@check_instance_host
@@ -3830,17 +3798,6 @@ def get_rdp_console(self, context, instance, console_type):
38303798
"""Get a url to an instance Console."""
38313799
connect_info = self.compute_rpcapi.get_rdp_console(context,
38323800
instance=instance, console_type=console_type)
3833-
# TODO(melwitt): In Rocky, the compute manager puts the
3834-
# console authorization in the database in the above method.
3835-
# The following will be removed when everything has been
3836-
# converted to use the database, in Stein.
3837-
if CONF.workarounds.enable_consoleauth:
3838-
self.consoleauth_rpcapi.authorize_console(context,
3839-
connect_info['token'], console_type,
3840-
connect_info['host'], connect_info['port'],
3841-
connect_info['internal_access_path'], instance.uuid,
3842-
access_url=connect_info['access_url'])
3843-
38443801
return {'url': connect_info['access_url']}
38453802

38463803
@check_instance_host
@@ -3850,17 +3807,6 @@ def get_serial_console(self, context, instance, console_type):
38503807
"""Get a url to a serial console."""
38513808
connect_info = self.compute_rpcapi.get_serial_console(context,
38523809
instance=instance, console_type=console_type)
3853-
3854-
# TODO(melwitt): In Rocky, the compute manager puts the
3855-
# console authorization in the database in the above method.
3856-
# The following will be removed when everything has been
3857-
# converted to use the database, in Stein.
3858-
if CONF.workarounds.enable_consoleauth:
3859-
self.consoleauth_rpcapi.authorize_console(context,
3860-
connect_info['token'], console_type,
3861-
connect_info['host'], connect_info['port'],
3862-
connect_info['internal_access_path'], instance.uuid,
3863-
access_url=connect_info['access_url'])
38643810
return {'url': connect_info['access_url']}
38653811

38663812
@check_instance_host
@@ -3870,16 +3816,6 @@ def get_mks_console(self, context, instance, console_type):
38703816
"""Get a url to a MKS console."""
38713817
connect_info = self.compute_rpcapi.get_mks_console(context,
38723818
instance=instance, console_type=console_type)
3873-
# TODO(melwitt): In Rocky, the compute manager puts the
3874-
# console authorization in the database in the above method.
3875-
# The following will be removed when everything has been
3876-
# converted to use the database, in Stein.
3877-
if CONF.workarounds.enable_consoleauth:
3878-
self.consoleauth_rpcapi.authorize_console(context,
3879-
connect_info['token'], console_type,
3880-
connect_info['host'], connect_info['port'],
3881-
connect_info['internal_access_path'], instance.uuid,
3882-
access_url=connect_info['access_url'])
38833819
return {'url': connect_info['access_url']}
38843820

38853821
@check_instance_host
@@ -4437,15 +4373,6 @@ def live_migrate(self, context, instance, block_migration,
44374373
self._record_action_start(context, instance,
44384374
instance_actions.LIVE_MIGRATION)
44394375

4440-
# TODO(melwitt): In Rocky, we optionally store console authorizations
4441-
# in both the consoleauth service and the database while
4442-
# we convert to using the database. Remove the condition for running
4443-
# this line with cells v2, when consoleauth is no longer being used by
4444-
# cells v2, in Stein.
4445-
if CONF.workarounds.enable_consoleauth:
4446-
self.consoleauth_rpcapi.delete_tokens_for_instance(
4447-
context, instance.uuid)
4448-
44494376
# NOTE(sbauza): Force is a boolean by the new related API version
44504377
if force is False and host_name:
44514378
# Unset the host to make sure we call the scheduler

nova/conf/compute.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1283,7 +1283,7 @@
12831283
to register new compute services in disabled state and then enabled them at a
12841284
later point in time. This option only sets this behavior for nova-compute
12851285
services, it does not auto-disable other services like nova-conductor,
1286-
nova-scheduler, nova-consoleauth, or nova-osapi_compute.
1286+
nova-scheduler, or nova-osapi_compute.
12871287
12881288
Possible values:
12891289

nova/conf/consoleauth.py

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,6 @@
3232
A console auth token is used in authorizing console access for a user.
3333
Once the auth token time to live count has elapsed, the token is
3434
considered expired. Expired tokens are then deleted.
35-
36-
Related options:
37-
38-
* ``[workarounds]/enable_consoleauth``
3935
""")
4036
]
4137

nova/conf/upgrade_levels.py

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -108,24 +108,6 @@
108108
109109
Possible values:
110110
111-
* By default send the latest version the client knows about
112-
* A string representing a version number in the format 'N.N';
113-
for example, possible values might be '1.12' or '2.0'.
114-
* An OpenStack release name, in lower case, such as 'mitaka' or
115-
'liberty'.
116-
"""),
117-
cfg.StrOpt('consoleauth',
118-
deprecated_for_removal=True,
119-
deprecated_since='18.0.0',
120-
deprecated_reason="""
121-
The nova-consoleauth service was deprecated in 18.0.0 (Rocky) and will be
122-
removed in an upcoming release.
123-
""",
124-
help="""
125-
Consoleauth RPC API version cap.
126-
127-
Possible values:
128-
129111
* By default send the latest version the client knows about
130112
* A string representing a version number in the format 'N.N';
131113
for example, possible values might be '1.12' or '2.0'.

nova/conf/workarounds.py

Lines changed: 0 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -154,38 +154,6 @@
154154
compute service to the scheduler service.
155155
"""),
156156

157-
cfg.BoolOpt(
158-
'enable_consoleauth',
159-
default=False,
160-
deprecated_for_removal=True,
161-
deprecated_since="18.0.0",
162-
deprecated_reason="""
163-
This option has been added as deprecated originally because it is used
164-
for avoiding a upgrade issue and it will not be used in the future.
165-
See the help text for more details.
166-
""",
167-
help="""
168-
Enable the consoleauth service to avoid resetting unexpired consoles.
169-
170-
Console token authorizations have moved from the ``nova-consoleauth`` service
171-
to the database, so all new consoles will be supported by the database backend.
172-
With this, consoles that existed before database backend support will be reset.
173-
For most operators, this should be a minimal disruption as the default TTL of a
174-
console token is 10 minutes.
175-
176-
Operators that have much longer token TTL configured or otherwise wish to avoid
177-
immediately resetting all existing consoles can enable this flag to continue
178-
using the ``nova-consoleauth`` service in addition to the database backend.
179-
Once all of the old ``nova-consoleauth`` supported console tokens have expired,
180-
this flag should be disabled. For example, if a deployment has configured a
181-
token TTL of one hour, the operator may disable the flag, one hour after
182-
deploying the new code during an upgrade.
183-
184-
Related options:
185-
186-
* ``[consoleauth]/token_ttl``
187-
"""),
188-
189157
cfg.BoolOpt(
190158
'enable_numa_live_migration',
191159
default=False,

nova/console/websocketproxy.py

Lines changed: 2 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,6 @@
3030

3131
from nova.compute import rpcapi as compute_rpcapi
3232
import nova.conf
33-
from nova.consoleauth import rpcapi as consoleauth_rpcapi
3433
from nova import context
3534
from nova import exception
3635
from nova.i18n import _
@@ -125,14 +124,8 @@ def _check_console_port(self, ctxt, instance_uuid, port, console_type):
125124
str(port),
126125
console_type)
127126

128-
def _get_connect_info_consoleauth(self, ctxt, token):
129-
# NOTE(PaulMurray) consoleauth check_token() validates the token
130-
# and does an rpc to compute manager to check the console port
131-
# is correct.
132-
rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
133-
return rpcapi.check_token(ctxt, token=token)
134-
135-
def _get_connect_info_database(self, ctxt, token):
127+
def _get_connect_info(self, ctxt, token):
128+
"""Validate the token and get the connect info."""
136129
# NOTE(PaulMurray) ConsoleAuthToken.validate validates the token.
137130
# We call the compute manager directly to check the console port
138131
# is correct.
@@ -147,25 +140,6 @@ def _get_connect_info_database(self, ctxt, token):
147140

148141
return connect_info
149142

150-
def _get_connect_info(self, ctxt, token):
151-
"""Validate the token and get the connect info."""
152-
connect_info = None
153-
154-
# NOTE(melwitt): If consoleauth is enabled to aid in transitioning
155-
# to the database backend, check it first before falling back to
156-
# the database. Tokens that existed pre-database-backend will
157-
# reside in the consoleauth service storage.
158-
if CONF.workarounds.enable_consoleauth:
159-
connect_info = self._get_connect_info_consoleauth(ctxt, token)
160-
# If consoleauth is enabled to aid in transitioning to the database
161-
# backend and we didn't find a token in the consoleauth service
162-
# storage, check the database for a token because it's probably a
163-
# post-database-backend token, which are stored in the database.
164-
if not connect_info:
165-
connect_info = self._get_connect_info_database(ctxt, token)
166-
167-
return connect_info
168-
169143
def new_websocket_client(self):
170144
"""Called after a new WebSocket connection has been established."""
171145
# Reopen the eventlet hub to make sure we don't share an epoll

0 commit comments

Comments
 (0)