OpenStack Compute (nova)

keypairs shouldn't be in LDAP

Bug #637805 reported by Jesse Andrews
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Low
Unassigned

Bug Description

Keypairs were stored in LDAP for historical reasons (in nova 0.1, LDAP was the only persistent datastore)

Now that we've got a more solid datastore, it would be nice to move them to where the rest of the non-user data resides.

Storing the keys in LDAP added complexity and brittleness to the code (since we had to add a custom LDAP schema, and LDAP seems to throw exceptions 0.5% of the time when we launch instances:

ERROR:root:instance i-1470: Failed to spawn
Traceback (most recent call last):
 File "/srv/cloud/nova/nova/compute/manager.py", line 86, in run_instance
   yield self.driver.spawn(instance_ref)
 File "/usr/local/lib/python2.6/dist-packages/twisted/internet/defer.py", line 821, in _inlineCallbacks
   result = result.throwExceptionIntoGenerator(g)
 File "/usr/local/lib/python2.6/dist-packages/twisted/python/failure.py", line 338, in throwExceptionIntoGenerator
   return g.throw(self.type, self.value, self.tb)
 File "/srv/cloud/nova/nova/virt/libvirt_conn.py", line 217, in spawn
   yield self._create_image(instance, xml)
 File "/usr/local/lib/python2.6/dist-packages/twisted/internet/defer.py", line 823, in _inlineCallbacks
   result = g.send(result)
 File "/srv/cloud/nova/nova/virt/libvirt_conn.py", line 267, in _create_image
   project = manager.AuthManager().get_project(inst['project_id'])
 File "/srv/cloud/nova/nova/auth/manager.py", line 484, in get_project
   with self.driver() as drv:
 File "/srv/cloud/nova/nova/auth/ldapdriver.py", line 82, in __enter__
   self.conn.simple_bind_s(FLAGS.ldap_user_dn, FLAGS.ldap_password)
 File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 207, in simple_bind_s
   return self.result(msgid,all=1,timeout=self.timeout)
 File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 436, in result
   res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
 File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 440, in result2
   res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
 File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 446, in result3
   ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
 File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call
   result = func(*args,**kwargs)
SERVER_DOWN: {'desc': "Can't contact LDAP server"}

Related branches

lp:~vishvananda/nova/orm_deux
Jay Pipes (community): Approve
Eric Day (community): Approve
Soren Hansen (community): Needs Information
Diff: 21 lines (+2/-2)
1 file modified
nova/endpoint/cloud.py (+2/-2)
lp:~vishvananda/nova/move-keypairs
Jesse Andrews (community): Approve
Jay Pipes (community): Approve
Diff: 700 lines (+200/-225)
11 files modified
nova/auth/ldapdriver.py (+0/-60)
nova/auth/manager.py (+6/-101)
nova/cloudpipe/pipelib.py (+2/-2)
nova/crypto.py (+1/-1)
nova/db/api.py (+28/-0)
nova/db/sqlalchemy/api.py (+40/-0)
nova/db/sqlalchemy/models.py (+36/-0)
nova/endpoint/cloud.py (+38/-19)
nova/tests/api_unittest.py (+4/-3)
nova/tests/auth_unittest.py (+0/-31)
nova/tests/cloud_unittest.py (+45/-8)
Jesse Andrews (anotherjesse)
Changed in nova:
importance: Undecided → Low
Revision history for this message
Jay Pipes (jaypipes) wrote :

Setting to confirmed, as I've run into this myself.

Changed in nova:
status: New → Confirmed
Jesse Andrews (anotherjesse)
Changed in nova:
status: Confirmed → Fix Committed
Eric Day (eday)
Changed in nova:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.