Steven Hardy [Wed, 23 Jan 2013 16:56:09 +0000 (16:56 +0000)]
heat tests : autoscaling test add missing VerifyAll
Add logic to verify stubbed calls to loadbalancer reload,
also break up the tests a bit into functionally related
chunks instead of having two mega-tests
Change-Id: I94897b6ec23cae92bc464b4b3ef2a7b634bfdb0c Signed-off-by: Steven Hardy <shardy@redhat.com>
Clint Byrum [Thu, 24 Jan 2013 05:59:58 +0000 (21:59 -0800)]
Use pkg_resources to detect version of cloud-init
Previously the present of an API call only present in cloud-init 0.6.x
was used to determine whether or not cfn-userdata would have been executed
or not. The API call was removed in 0.7.x. This Fixes bug #1103793
Steven Hardy [Tue, 22 Jan 2013 16:30:18 +0000 (16:30 +0000)]
heat api paste.ini auth_uri should use auth_port
For token based auth to work, the auth_uri needs to use
auth_port, which points at the internalURL of the keystone
service, the current config uses publicURL which causes
token auth requests to keystone to fail
Steven Hardy [Tue, 22 Jan 2013 13:15:20 +0000 (13:15 +0000)]
heat tests : test_watch add create_watch_data test
Add test for create_watch_data, note there are some limitations
on what we can test here due to weird sqlite behavior with the
relationships defined in the sqlalchemy model
Change-Id: I2616b6dcf163914619321e9ff08e37f3f365d7db Signed-off-by: Steven Hardy <shardy@redhat.com>
Steven Hardy [Wed, 16 Jan 2013 16:21:16 +0000 (16:21 +0000)]
heat engine : make watchrule actions run in stack ThreadGroup
Make watchrule alarm actions run via greenthreads in the stack
ThreadGroup - this allows them to be correctly cancelled if the
stack is deleted whilst an alarm action is in progress.
Zane Bitter [Mon, 21 Jan 2013 15:36:21 +0000 (16:36 +0100)]
ReST API: Return 400 for malformed JSON input
Previously we had an unhandled exception that resulted in a 500 (Internal
Server Error) result and a stack trace when an invalid JSON file was
submitted in a POST/PUT request. Change to catching the exception and
returning a 400 (Bad Request) result.
Steven Hardy [Thu, 17 Jan 2013 17:32:25 +0000 (17:32 +0000)]
heat engine : watchrule don't run rule for every SampleCount
We should not be triggering a run_rule (which is an alarm action)
for every datapoint when the SampleCount statistic is specified,
otherwise e.g IHA instances get replaced every heartbeat signal!
run_rule should only be called in response to a rule evaluate(),
or an explicit override via set_watch_state()
Steven Hardy [Thu, 17 Jan 2013 11:22:09 +0000 (11:22 +0000)]
heat templates : fix IHA HeartbeatFailureAlarm during instance build
The HeartbeatFailureAlarm triggers prematurely while the instance is
building, because cfn-init doesn't create the files (hence the
heartbeat cron-job) until after the packges are all installed.
If we make the HeartbeatFailureAlarm depend on the WaitCondition, it
won't be created until the instance is fully built.
Steven Hardy [Thu, 17 Jan 2013 11:19:05 +0000 (11:19 +0000)]
heat templates : IHA HeartbeatFailureAlarm should be Ref
cfn-push-stats reference to HeartbeatFailureAlarm should be a
Ref not a hard-coded string, or the engine fails to find the
watch because the name lacks the stack prefix
Zane Bitter [Thu, 17 Jan 2013 10:10:14 +0000 (11:10 +0100)]
Prepare the groundwork for more exception types
We have been abusing AttributeError and ValueError rather than raising
exceptions that actually describe the problem. This opens the way for
changes that will allow us to handle a wide variety of specific exceptions.
Zane Bitter [Tue, 15 Jan 2013 12:42:57 +0000 (13:42 +0100)]
Don't inherit from NestedStack
The NestedStack class is intended only to be the implementation of the
AWS::CloudFormation::Stack resource type. Other resources whose internal
implementation uses a nested stack should subclass the abstract
StackResource class.
Zane Bitter [Tue, 15 Jan 2013 12:42:56 +0000 (13:42 +0100)]
Move abstract nested stack class to separate file
The class heat.engine.resources.stack.Stack is intended to be an abstract
class which resources that are implemented as nested stacks may inherit
from. Rename it to StackResource and move it to the
heat.engine.stack_resource module, so that other resource modules
(including plugins) may include it without having to also import the
NestedStack class (which implements the AWS::CloudFormation::Stack resource
type).
Steven Dake [Tue, 15 Jan 2013 20:38:21 +0000 (13:38 -0700)]
Remove instance in ERROR state after failed create
If a VM was created but resulted in a nova error, the VM would enter
an error state and not be deleteable via heat delete. Instead
the VM would persist after the delete operation.
Steven Hardy [Mon, 14 Jan 2013 16:59:03 +0000 (16:59 +0000)]
heat engine : Implement Count property for WaitCondition
The Count property of WaitCondition is currently ignored, so
regardless of the number specified the WaitCondition resource will
always go to CREATE_COMPLETE on the first WaitConditionHandle signal.
This patch fixes this so the Count property is handled correctly.
Steven Hardy [Fri, 11 Jan 2013 13:43:52 +0000 (13:43 +0000)]
heat engine : Add metadata validation to WaitConditionHandle
Validate metadata before updating the WaitConditionHandle resource
metadata, if we raise a ValueError in response to incorrectly
formatted metadata then the CFN API will map this to a
HeatInvalidParameterValueError, resulting in a descriptive error
response to the malformed request
Change-Id: I6fde27066e9e0eaee97b59a7fbbace09ca620b48 Signed-off-by: Steven Hardy <shardy@redhat.com>
Abstract updates to resource metadata so they are implemented per-resource,
with a generic implementation which is a no-op, since currently the only
resource which needs metadata update via the RPC API is WaitConditionHandle.
This allows resource-specific metadata validation and update logic to be more
easily added.
Tomas Sedovic [Wed, 2 Jan 2013 16:34:23 +0000 (17:34 +0100)]
Add auth middleware for custom cloud backend
Custom backends will want to provide their own authentication mechanisms
instead of using the Keystone token or EC2-like systems we have in
place.
This adds a new middleware and paste pipeline for the custom backend
that will skip the normal authentication and queries the backend's
`authenticated(context)` method instead.
Since the backend is connected to the Engine whereas the auth middleware
is run in the API service (which may sit on a separate box and have no
access to the engine config or the custom backend itself), we add a new
RPC call that lets API verify the passed credentials.
Change-Id: I2fc4a19564b1e410adb79bd9266f6b6da07dd6c9 Signed-off-by: Tomas Sedovic <tomas@sedovic.cz>
Steven Hardy [Tue, 8 Jan 2013 19:21:56 +0000 (19:21 +0000)]
heat engine : DBInstance don't pass credentials to cfn-init
Don't create user/accesskey and pass them to cfn-init as resource
metadata for internal nested stacks is not available via the cfn API
so passing them causes an error in the engine logs (and creates some
unnecessary keystone credentials)
Ensure LoadBalancer resource deletes the underlying nested
stack when the owning stack is deleted - needs to inherit
from stack.NestedStack as this implements handle_delete()
Steven Hardy [Tue, 8 Jan 2013 18:10:22 +0000 (18:10 +0000)]
heat engine : DBInstance fix so nested stack is deleted
Currently the RDS DBInstance resource inherits from stack.Stack but it
should be stack.NestedStack, which implements handle_delete whereas
stack.Stack does not, meaning the DBInstance nested stack is never
deleted when the owning stack gets deleted.
Steven Hardy [Tue, 8 Jan 2013 15:47:55 +0000 (15:47 +0000)]
heat engine : allow NestedStack template validation to work
Nested stack templates (e.g WordPress_Composed_Instances.template)
will currently fail validation because FnGetAtt attempts to get
outputs for a stack which doesn't yet exist. So add a fallback which
returns a string "None" for Outputs.* which will allow template
validation to succeed, and will still return the actual output when
the nested stack has actually been created.
Steven Hardy [Tue, 8 Jan 2013 14:37:23 +0000 (14:37 +0000)]
heat engine : ensure create thread exits on stack delete
Detect GreenletExit exception when creating resources - this may
happen if the stack gets deleted while the stack is still in
CREATE_IN_PROGRESS state. If we don't detect this then the stack
continues trying to create resources during/after the stack has been
deleted, with predictably nasty results..
Jeff Peeler [Mon, 7 Jan 2013 17:36:20 +0000 (12:36 -0500)]
Handle different cloud-init versions gracefully
Change loguserdata script to python to allow easy detection of which
version of cloud-init installed. Some logging was added to
part-handler.
Took out injecting the command to touch provision-finished in the user
data. This is now handled in loguserdata.py.
Note that up until cloud-init version 0.6.0, the user data is not
passed to part-handler. This behavior is why it's not possible to log
the provisioning process with older versions. (Technically could rely
on the redirection support added post 0.6.0, but having a separate
file just for provisioning seems beneficial.)
The DBInstance nested stack template defines a DBSecurityGroups list parameter,
which should be "CommaDelimitedList" type, curently it's a "List" type which
breaks when the template is parsed. To make this work we also have to mangle
the property (passed in the top level template) format to match the parameter
format, because in AWS Lists are not represented in the same way for Properties and
Parameters (sigh..)
NoEcho is now implemented in the engine for parameters, so we
need to change the expected ParameterValues to '******' to match
the API response for the NoEcho==True parameters
Change-Id: I4f50633dc5358e8779bfbaf03dda2f7fe1b7d452 Signed-off-by: Steven Hardy <shardy@redhat.com>
Steven Hardy [Wed, 2 Jan 2013 17:19:17 +0000 (17:19 +0000)]
heat tests : convert functional tests to folsom glanceclient
Convert functional tests to work with folsom glanceclient, also
remove the conditional essex/folsom module import since this will
no longer work on essex (this was bogus anyway since this code can
never have worked on folsom)
Note : this breaks compatibility with essex for the functional tests, so
any platform running them must be running >= Folsom from now on.
(The essex/folsom glance client interfaces are too different to make it worth
supporting both for the functional tests, ref heat-jeos..)
Change-Id: I4463bfab7f8acf93b2eafa4bb702bf86d8c78652 Signed-off-by: Steven Hardy <shardy@redhat.com>
Code Review / openstack-build / heat-build.git / log