keypairs shouldn't be in LDAP
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Keypairs were stored in LDAP for historical reasons (in nova 0.1, LDAP was the only persistent datastore)
Now that we've got a more solid datastore, it would be nice to move them to where the rest of the non-user data resides.
Storing the keys in LDAP added complexity and brittleness to the code (since we had to add a custom LDAP schema, and LDAP seems to throw exceptions 0.5% of the time when we launch instances:
ERROR:root:instance i-1470: Failed to spawn
Traceback (most recent call last):
File "/srv/cloud/
yield self.driver.
File "/usr/local/
result = result.
File "/usr/local/
return g.throw(self.type, self.value, self.tb)
File "/srv/cloud/
yield self._create_
File "/usr/local/
result = g.send(result)
File "/srv/cloud/
project = manager.
File "/srv/cloud/
with self.driver() as drv:
File "/srv/cloud/
self.
File "/usr/lib/
return self.result(
File "/usr/lib/
res_
File "/usr/lib/
res_type, res_data, res_msgid, srv_ctrls = self.result3(
File "/usr/lib/
ldap_result = self._ldap_
File "/usr/lib/
result = func(*args,
SERVER_DOWN: {'desc': "Can't contact LDAP server"}
Related branches
- Jay Pipes (community): Approve
- Eric Day (community): Approve
- Soren Hansen (community): Needs Information
-
Diff: 21 lines (+2/-2)1 file modifiednova/endpoint/cloud.py (+2/-2)
- Jesse Andrews (community): Approve
- Jay Pipes (community): Approve
-
Diff: 700 lines (+200/-225)11 files modifiednova/auth/ldapdriver.py (+0/-60)
nova/auth/manager.py (+6/-101)
nova/cloudpipe/pipelib.py (+2/-2)
nova/crypto.py (+1/-1)
nova/db/api.py (+28/-0)
nova/db/sqlalchemy/api.py (+40/-0)
nova/db/sqlalchemy/models.py (+36/-0)
nova/endpoint/cloud.py (+38/-19)
nova/tests/api_unittest.py (+4/-3)
nova/tests/auth_unittest.py (+0/-31)
nova/tests/cloud_unittest.py (+45/-8)
Changed in nova: | |
importance: | Undecided → Low |
Changed in nova: | |
status: | Confirmed → Fix Committed |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Setting to confirmed, as I've run into this myself.