fog-openstack
fog-openstack copied to clipboard
fog
Fog OpenStack keystone v3 caching is non deterministic
brought by: https://github.com/fog/fog/pull/3738
My biggest problem is, that the behavior is non deterministic now, which is not good for lib I think. So for ManageIQ CI, which is doing a lot of request per one recorded VCR, it will always pass the 30 second interval, always having variable amount of requests cached. Then of course the recorded VCR is much quicker, so that is another issue, it would require having sleep there.
So, this makes it impossible to get deterministic behavior. When Invoking the same methods, I am getting basically random API requests fired. And that always breaks our CI.
My proposed solution: 1.) Having it configurable, disabled caching by default, we would pass e.g. :cache_ttl => 30 as options for auth request, then other services could take the settings from there, e.g. for keystone project list, etc. So it would be Fog::Compute.new({..., :cache_ttl => 30 })
2.) Revert the caching here and rather rely on application specific implementation of caching, using redis, memcache, etc. But unless we will just have http layer caching, we would need to expose the Auth object.
So e.g. something like this: auth = Fog::Auth.new({ :provider => 'openstack', # OpenStack Fog provider :openstack_auth_url => 'http://KEYSTONE_HOST:KEYSTONE_PORT/v2.0/tokens', # OpenStack Keystone endpoint :openstack_username => OPEN_STACK_USER, # Your OpenStack Username :openstack_tenant => OPEN_STACK_TENANT, # Your tenant id :openstack_api_key => OPEN_STACK_PASSWORD, # Your OpenStack Password :connection_options => {} # Optional })
then:
Fog::Compute.new(auth_object => auth) Fog::Image.new(auth_object => auth)
I think these would not need to do API request then, if we will fetch auth token and keystone catalog into the auth object. And the Auth object could support rescoping maybe? Which we use for changing a tenant scope e.g. Fog::Image.new(auth_object => auth, openstack_tenant => 'project1'), which would just fire one api request for rescoping using existing token.
Original issue opened by @Ladas at fog/fog#3812
I am still facing this issue when reading OpenStack domains. Subsequent calls to read domains return different results, for example I run this code
identity = Fog::Identity::OpenStack.new(@connection_params)
puts "First listing of domains: #{identity.domains}"
puts "Second listing of domains: #{identity.domains}"
And I get output that looks like this
First listing of domains: [ <Fog::Identity::OpenStack::V3::Domain
id="d249ae0289274e6a8b29b1faf0aa3f6a",
description="",
enabled=true,
name="test",
links={"self"=>"https://my-cluster.com:5000/v3/domains/d249ae0289274e6a8b29b1faf0aa3f6a"}
>, <Fog::Identity::OpenStack::V3::Domain
id="default",
description="The default domain",
enabled=true,
name="Default",
links={"self"=>"https://my-cluster.com:5000/v3/domains/default"}
>]
Second listing of domains: []
This is causing problems using the Chef openstackclient cookbook.
It seems that the changes applied to lib/fog/openstack/models/identity_v3/projects.rb here were not also applied to the domains class. Could someone also apply the changes to check for the openstack_cache_ttl in the domains class here? Or, if that is not the proper solution then please fix the domains caching issue? Thanks!
cc @Ladas @dhague @geemus
I wrote a proposed solution in pull request #270, please let me know if there is any feedback.