Run console proxies per cell instead of globally
Along with converting to the database backend for console token auth,
the console proxies need to run per cell instead of globally. This way,
the instance UUID isn't needed in the access url as users will be
handed an access url local to the cell their instances is in. With
console proxies sharded across cells, a large cloud will no longer have
a bottleneck of one console proxy for the entire deployment.
This also disables the novnc tempest tests with a TODO to re-enable
them once the nova patch series that converts from the nova-consoleauth
backend -> cell database backend lands.
Change-Id: I67894a31b887a93de26f3d2d8a1fa84be5b9ea89
diff --git a/lib/nova b/lib/nova
index fea2b85..3a00ab3 100644
--- a/lib/nova
+++ b/lib/nova
@@ -921,11 +921,46 @@
run_process n-api-meta "$NOVA_BIN_DIR/uwsgi --procname-prefix nova-api-meta --ini $NOVA_METADATA_UWSGI_CONF"
fi
- run_process n-novnc "$NOVA_BIN_DIR/nova-novncproxy --config-file $api_cell_conf --web $NOVNC_WEB_DIR"
- run_process n-xvnc "$NOVA_BIN_DIR/nova-xvpvncproxy --config-file $api_cell_conf"
- run_process n-spice "$NOVA_BIN_DIR/nova-spicehtml5proxy --config-file $api_cell_conf --web $SPICE_WEB_DIR"
+ # nova-consoleauth always runs globally
run_process n-cauth "$NOVA_BIN_DIR/nova-consoleauth --config-file $api_cell_conf"
- run_process n-sproxy "$NOVA_BIN_DIR/nova-serialproxy --config-file $api_cell_conf"
+
+ export PATH=$old_path
+}
+
+function enable_nova_console_proxies {
+ for i in $(seq 1 $NOVA_NUM_CELLS); do
+ for srv in n-novnc n-xvnc n-spice n-sproxy; do
+ if is_service_enabled $srv; then
+ enable_service ${srv}-cell${i}
+ fi
+ done
+ done
+}
+
+function start_nova_console_proxies {
+ # Hack to set the path for rootwrap
+ local old_path=$PATH
+ # This is needed to find the nova conf
+ export PATH=$NOVA_BIN_DIR:$PATH
+
+ local api_cell_conf=$NOVA_CONF
+ # console proxies run globally for singleconductor, else they run per cell
+ if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
+ run_process n-novnc "$NOVA_BIN_DIR/nova-novncproxy --config-file $api_cell_conf --web $NOVNC_WEB_DIR"
+ run_process n-xvnc "$NOVA_BIN_DIR/nova-xvpvncproxy --config-file $api_cell_conf"
+ run_process n-spice "$NOVA_BIN_DIR/nova-spicehtml5proxy --config-file $api_cell_conf --web $SPICE_WEB_DIR"
+ run_process n-sproxy "$NOVA_BIN_DIR/nova-serialproxy --config-file $api_cell_conf"
+ else
+ enable_nova_console_proxies
+ for i in $(seq 1 $NOVA_NUM_CELLS); do
+ local conf
+ conf=$(conductor_conf $i)
+ run_process n-novnc-cell${i} "$NOVA_BIN_DIR/nova-novncproxy --config-file $conf --web $NOVNC_WEB_DIR"
+ run_process n-xvnc-cell${i} "$NOVA_BIN_DIR/nova-xvpvncproxy --config-file $conf"
+ run_process n-spice-cell${i} "$NOVA_BIN_DIR/nova-spicehtml5proxy --config-file $conf --web $SPICE_WEB_DIR"
+ run_process n-sproxy-cell${i} "$NOVA_BIN_DIR/nova-serialproxy --config-file $conf"
+ done
+ fi
export PATH=$old_path
}
@@ -985,6 +1020,7 @@
# this catches the cells v1 case early
_set_singleconductor
start_nova_rest
+ start_nova_console_proxies
start_nova_conductor
start_nova_compute
if is_service_enabled n-api; then
@@ -1010,11 +1046,26 @@
function stop_nova_rest {
# Kill the non-compute nova processes
- for serv in n-api n-api-meta n-net n-sch n-novnc n-xvnc n-cauth n-spice n-cell n-cell n-sproxy; do
+ for serv in n-api n-api-meta n-net n-sch n-cauth n-cell n-cell; do
stop_process $serv
done
}
+function stop_nova_console_proxies {
+ if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
+ for srv in n-novnc n-xvnc n-spice n-sproxy; do
+ stop_process $srv
+ done
+ else
+ enable_nova_console_proxies
+ for i in $(seq 1 $NOVA_NUM_CELLS); do
+ for srv in n-novnc n-xvnc n-spice n-sproxy; do
+ stop_process ${srv}-cell${i}
+ done
+ done
+ fi
+}
+
function stop_nova_conductor {
if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
stop_process n-cond
@@ -1032,6 +1083,7 @@
# stop_nova() - Stop running processes
function stop_nova {
stop_nova_rest
+ stop_nova_console_proxies
stop_nova_conductor
stop_nova_compute
}