Bug 824034
Summary: | auth_token middleware should be in its own subpackage | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Chmouel Boudjnah <chmouel> | ||||||||||
Component: | openstack-keystone | Assignee: | Alan Pevec <apevec> | ||||||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||
Severity: | unspecified | Docs Contact: | |||||||||||
Priority: | unspecified | ||||||||||||
Version: | rawhide | CC: | apevec, apevec, bfilippov, breu, jonathansteffan, markmc, matt_domsch, pbrady, p, rbryant | ||||||||||
Target Milestone: | --- | ||||||||||||
Target Release: | --- | ||||||||||||
Hardware: | Unspecified | ||||||||||||
OS: | Unspecified | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | openstack-keystone-2012.1-5.fc17 | Doc Type: | Bug Fix | ||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | |||||||||||||
: | 832536 844508 (view as bug list) | Environment: | |||||||||||
Last Closed: | 2012-07-26 03:59:22 UTC | Type: | Bug | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Attachments: |
|
Description
Chmouel Boudjnah
2012-05-22 15:37:28 UTC
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. So this package would just contain keystone/middleware/auth_token.py ? The main reason one would split up is to minimize dependencies, and this does seem reasonable. I was wondering about splitting all of keystone/middleware to a keystone-middleware package, but the other modules there look to have more extensive dependencies: s3_token,swift_auth on swift and ec2_token on nova. Considering the reduced dependencies on a "swift proxy" node: openstack-swift-proxy (through openstack-swift) depends on: python-configobj python-eventlet >= 0.9.8 python-greenlet >= 0.3.1 python-netifaces python-paste-deploy1.5 python-setuptools python-simplejson python-webob1.0 pyxattr while python-keystone depends on: MySQL-python python-crypto python-dateutil python-eventlet python-httplib2 python-ldap python-lxml python-memcached python-migrate python-passlib python-paste python-paste-deploy1.5 python-paste-script python-prettytable python-routes1.12 python-setuptools python-sqlalchemy0.7 python-webob1.0 And it seems that auth_token should depend on: python-webob1.0 python-memcached python-iso8601 So that's a reduction of MySQL-python python-crypto python-dateutil python-httplib2 python-ldap python-lxml python-migrate python-passlib python-paste-script python-prettytable python-routes1.12 python-sqlalchemy0.7 p.s. if we don't make this split, perhaps python-iso8601 should be added to python-keystone BTW the guard around the import of memcache and iso8601 in auth_token.py seems weird. Shouldn't it be catching ImportError rather than NameError? > So this package would just contain keystone/middleware/auth_token.py ? yes > I was wondering about splitting all of keystone/middleware > to a keystone-middleware package, but the other modules there > look to have more extensive dependencies: > s3_token,swift_auth on swift and ec2_token on nova. yes, BTW swift middleware is going to be moved to swift from http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-16-20.31.html "Voted on "move swift_auth.py middleware from keystone to swift?" Results are, yes: 5" > perhaps python-iso8601 should be added to python-keystone I've fixed that in openstack-keystone-2012.1-2 http://pkgs.fedoraproject.org/gitweb/?p=openstack-keystone.git;a=commitdiff;h=edd22d669d2c0bb8d591d0da673ea536fa88a46a#patch4 > Shouldn't it be catching ImportError rather than NameError? Let's file LP bug upstream. If you guys want to create subpackage for s3_token and ec2_token that would be ideal tool and indeed we are working on moving swift_auth to swift so no need to create a subpackage (perhaps another bug report when moved to swift). PS: it should indeed be ImportError Created attachment 586483 [details]
proposed spec patch
Created attachment 586484 [details]
proposed spec patch
The milestone bump is redundant and a bit confusing given there never was an essex rc3 for keystone. Otherwise patch looks good. cheers (In reply to comment #8) > The milestone bump is redundant and a bit confusing Count me confused too, that was wrong line :) I meant to bump Release only of course. One thing I missed, yum update on existing Keystone installation will not pull python-keystone-auth-token: @@ -56,6 +56,9 @@ Group: Applications/System # python-keystone added in 2012.1-0.2.e3 Conflicts: openstack-keystone < 2012.1-0.2.e3 +# to pull middleware on yum update +Requires: python-keystone-auth-token = %{version}-%{release} + Requires: python-eventlet Requires: python-ldap Requires: python-lxml Created attachment 586618 [details]
final proposed patch
Created attachment 586621 [details]
final final patch
* yum update
Updating:
openstack-keystone noarch 2012.1-3.fc16
python-keystone noarch 2012.1-3.fc16
Installing for dependencies:
python-keystone-auth-token noarch 2012.1-3.fc16
* yum install python-keystone-auth-token
Installing:
python-keystone-auth-token noarch 2012.1-3.fc16
Updating:
python-keystone noarch 2012.1-3.fc16
Updating for dependencies:
openstack-keystone noarch 2012.1-3.fc16
openstack-keystone-2012.1-3.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/FEDORA-2012-8283/openstack-keystone-2012.1-3.fc17 Package openstack-keystone-2012.1-3.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openstack-keystone-2012.1-3.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-8283/openstack-keystone-2012.1-3.fc17 then log in and leave karma (feedback). This will need to be updated, as the package is missing two empty __init__.py files in the keystone/ and keystone/middleware/ directories I tested with those in place and glance was able to start OK Note these empty files will need to not conflict with those from python-keystone. I've not looked into how best to achieve that. What about small subpackage python-keystone-common which contains only: keystone/__init__.py* keystone/middleware/__init__.py* (In reply to comment #15) > keystone/middleware/__init__.py* Bad idea, it contains "from keystone.middleware.core import *" and core.py imports from keystone. Only clean way seems to move auth_token out of keystone.middleware but that requires changes in paste-deploy configs of all apps. Might be worth to propose that change upstream. (In reply to comment #16) > (In reply to comment #15) > > keystone/middleware/__init__.py* > > Bad idea, it contains "from keystone.middleware.core import *" and core.py > imports from keystone. I tried to get rid of that but that would require keystone.conf changes which is config{noreplace} so existing setups would be broken after update. This is yet another reason why mixing user-configurable settings and paste-deploy is bad, but that's another story. Only quick fix here is what Pádraig suggested: let python-keystone-auth-token create empty __init__.py if missing in %post script. That way it can stand alone and if full python-keystone gets installed, it will overwrite those empty files. > Only quick fix here is what Pádraig suggested: http://pkgs.fedoraproject.org/gitweb/?p=openstack-keystone.git;a=commitdiff;h=55247fe77e53bfdf58c19078a3f289ba357bb0e3 Pádraig, I feel rather dirty after this, please review :) Nice work on the triggerpostun edge case. I learn something every day :) The logic looks sound, so looks good to me Reopening, triggerpostun has a side-effect on el6 where keystone/__init__.py is patched to import parallel versions of few python libs. Package openstack-keystone-2012.1-4.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openstack-keystone-2012.1-4.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-8283/openstack-keystone-2012.1-4.fc17 then log in and leave karma (feedback). (In reply to comment #20) > Reopening, triggerpostun has a side-effect on el6 where keystone/__init__.py > is patched to import parallel versions of few python libs. The issue is that triggerpostun was running on upgrades, breaking python-keystone: http://pkgs.fedoraproject.org/gitweb/?p=openstack-keystone.git;a=commitdiff;h=fa729f8c9e4761ebb3b51eb38030defe48f328bf openstack-keystone-2012.1-8.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/openstack-keystone-2012.1-8.el6 Package openstack-keystone-2012.1-5.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openstack-keystone-2012.1-5.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-8283/openstack-keystone-2012.1-5.fc17 then log in and leave karma (feedback). openstack-keystone-2012.1.1-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/openstack-keystone-2012.1.1-1.el6 openstack-keystone-2012.1.1-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/openstack-keystone-2012.1.1-1.fc17 openstack-keystone-2012.1.1-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Fun never ends: folsom-2 introduced new keystone-internal dependecy, breaking auth-token stand-alone: from keystone.openstack.common import jsonutils and folsom-3 adds one more: from keystone.common import cms I'll look into further subpackaging common parts as python-keystone-common but this is getting messy. Filed bug 844508 to track the issue described in comment 28 openstack-keystone-2012.1.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |