[lxc-devel] [nova-lxd/master] Migrate
zulcss on Github
lxc-bot at linuxcontainers.org
Fri Mar 4 14:06:39 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 362 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160304/9688feaf/attachment.bin>
-------------- next part --------------
From 6c5d53aa80f6c60bf6bb2295b578709c7168fdb5 Mon Sep 17 00:00:00 2001
From: Chuck Short <chuck.short at canonical.com>
Date: Thu, 3 Mar 2016 20:50:27 -0500
Subject: [PATCH 1/3] Use certificate when copying hosts
In newer versions of LXD, it uses a certificate to
validate the host from a MITM attack. Adjust
for newer versions of LXD.
Signed-off-by: Chuck Short <chuck.short at canonical.com>
---
nova_lxd/nova/virt/lxd/config.py | 12 ++++++++----
nova_lxd/nova/virt/lxd/migrate.py | 17 ++++++++++++++---
nova_lxd/nova/virt/lxd/session.py | 12 ++++++++++++
3 files changed, 34 insertions(+), 7 deletions(-)
diff --git a/nova_lxd/nova/virt/lxd/config.py b/nova_lxd/nova/virt/lxd/config.py
index 25beb18..0daec0b 100644
--- a/nova_lxd/nova/virt/lxd/config.py
+++ b/nova_lxd/nova/virt/lxd/config.py
@@ -14,6 +14,8 @@
# License for the specific language governing permissions and limitations
# under the License.
+import socket
+
from nova import exception
from nova import i18n
from nova.virt import configdrive
@@ -246,22 +248,24 @@ def get_container_source(self, instance):
{'instance': instance.name, 'ex': ex},
instance=instance)
- def get_container_migrate(self, container_migrate, migration, instance):
+ def get_container_migrate(self, container_migrate, migration, host, instance):
LOG.debug('get_container_migrate called for instance',
instance=instance)
try:
# Generate the container config
+ host = socket.gethostbyname(host)
container_metadata = container_migrate['metadata']
container_control = container_metadata['metadata']['control']
container_fs = container_metadata['metadata']['fs']
- container_url = ('wss://%s:8443%s/websocket'
- % (migration['source_compute'],
- container_migrate.get('operation')))
+ container_url = 'https://%s:8443%s' \
+ % (host, container_migrate.get('operation'))
container_migrate = {
'base_image': '',
'mode': 'pull',
+ 'certificate': str(self.session.host_certificate(instance,
+ host)),
'operation': str(container_url),
'secrets': {
'control': str(container_control),
diff --git a/nova_lxd/nova/virt/lxd/migrate.py b/nova_lxd/nova/virt/lxd/migrate.py
index 4b9cb07..a497b05 100644
--- a/nova_lxd/nova/virt/lxd/migrate.py
+++ b/nova_lxd/nova/virt/lxd/migrate.py
@@ -15,9 +15,11 @@
import os
import pprint
+import socket
from nova import exception
from nova import i18n
+from nova import utils
from oslo_config import cfg
from oslo_log import log as logging
@@ -127,14 +129,15 @@ def finish_migration(self, context, migration, instance, disk_info,
# Step 2 - Open a websocket on the srct and and
# generate the container config
- src_host = migration['source_compute']
+ src_host = self._get_hostname(migration['source_compute'], instance)
(state, data) = (self.session.container_migrate(instance.name,
src_host,
instance))
container_config = self.config.create_container(instance)
container_config['source'] = \
- self.config.get_container_migrate(data, migration, instance)
- LOG.debug(pprint.pprint(container_config))
+ self.config.get_container_migrate(data, migration, src_host, instance)
+ LOG.debug('chuck')
+ LOG.debug('CHUCK %s' % container_config)
self.session.container_init(container_config, instance)
# Step 3 - Start the network and contianer
@@ -153,3 +156,11 @@ def finish_revert_migration(self, context, instance, network_info,
instance=instance)
if self.session.container_defined(instance.name, instance):
self.session.container_start(instance.name, instance)
+
+ def _get_hostname(self, host, instance):
+ LOG.debug('_get_hostname called for instance', instance=instance)
+ out, err = utils.execute('env', 'LANG=C', 'dnsdomainname')
+ if out != '':
+ return '%s.%s' % (host, out.rstrip('\n'))
+ else:
+ return host
diff --git a/nova_lxd/nova/virt/lxd/session.py b/nova_lxd/nova/virt/lxd/session.py
index 246f72d..274fe9b 100644
--- a/nova_lxd/nova/virt/lxd/session.py
+++ b/nova_lxd/nova/virt/lxd/session.py
@@ -796,6 +796,18 @@ def profile_delete(self, instance):
LOG.error(
_LE('Failed to delete profile %(instance)s: %(reason)s'),
{'instance': instance.name, 'reason': ex})
+ #
+ # Host Methods
+ #
+ def host_certificate(self, instance, host):
+ LOG.debug('host_certificate called for instance', instance=instance)
+ try:
+ client = self.get_session(host)
+ return client.get_host_certificate()
+ except lxd_exceptions.APIError as ex:
+ msg = _('Failed to communicate with LXD %(instance)s:'
+ ' %(reason)s') % {'instance': instance.name,
+ 'ex': reason}
#
# Migrate methods
From 1c0057871def84e431a4e21292c26e7f46f8fb21 Mon Sep 17 00:00:00 2001
From: Chuck Short <chuck.short at canonical.com>
Date: Fri, 4 Mar 2016 08:59:45 -0500
Subject: [PATCH 2/3] Bump version
Signed-off-by: Chuck Short <chuck.short at canonical.com>
---
setup.cfg | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.cfg b/setup.cfg
index d634e4d..32a24e8 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -3,7 +3,7 @@ name = nova-lxd
summary = native lxd driver for openstack
description-file =
README.md
-version = 13.0.0b2
+version = 13.0.0b3
author = OpenStack
author-email = openstack-dev at lists.openstack.org
home-page = http://www.openstack.org/
From 24de2119dc15ca6529a45c975b68753da907d742 Mon Sep 17 00:00:00 2001
From: Chuck Short <chuck.short at canonical.com>
Date: Fri, 4 Mar 2016 09:03:28 -0500
Subject: [PATCH 3/3] Remove extra debug messages
Signed-off-by: Chuck Short <chuck.short at canonical.com>
---
nova_lxd/nova/virt/lxd/migrate.py | 2 --
1 file changed, 2 deletions(-)
diff --git a/nova_lxd/nova/virt/lxd/migrate.py b/nova_lxd/nova/virt/lxd/migrate.py
index a497b05..566a59b 100644
--- a/nova_lxd/nova/virt/lxd/migrate.py
+++ b/nova_lxd/nova/virt/lxd/migrate.py
@@ -136,8 +136,6 @@ def finish_migration(self, context, migration, instance, disk_info,
container_config = self.config.create_container(instance)
container_config['source'] = \
self.config.get_container_migrate(data, migration, src_host, instance)
- LOG.debug('chuck')
- LOG.debug('CHUCK %s' % container_config)
self.session.container_init(container_config, instance)
# Step 3 - Start the network and contianer
More information about the lxc-devel
mailing list