[MediaWiki-commits] [Gerrit] operations/puppet[production]: Make the nova_ldap notification handler thread-safe
Andrew Bogott has submitted this change and it was merged. Change subject: Make the nova_ldap notification handler thread-safe .. Make the nova_ldap notification handler thread-safe It turns out that this is getting called by eventlet, and was re-entering all over the place. Change-Id: I58ca5f93d0f6e481e0467038585d0f8947d787df --- M modules/openstack/files/kilo/designate/nova_ldap/base.py M modules/openstack/files/liberty/designate/nova_ldap/base.py M modules/openstack/files/mitaka/designate/nova_ldap/base.py 3 files changed, 126 insertions(+), 111 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved Alex Monk: Looks good to me, but someone else must approve jenkins-bot: Verified diff --git a/modules/openstack/files/kilo/designate/nova_ldap/base.py b/modules/openstack/files/kilo/designate/nova_ldap/base.py index 036fd5a..7ae9a46 100644 --- a/modules/openstack/files/kilo/designate/nova_ldap/base.py +++ b/modules/openstack/files/kilo/designate/nova_ldap/base.py @@ -33,7 +33,8 @@ class BaseAddressLdapHandler(BaseAddressHandler): -def _get_ip_data(self, addr_dict): +@staticmethod +def _get_ip_data(addr_dict): ip = addr_dict['address'] version = addr_dict['version'] @@ -49,7 +50,8 @@ data["octet%s" % i] = ip_data[i] return data -def _getLdapInfo(self, attr, conffile="/etc/ldap.conf"): +@staticmethod +def _getLdapInfo(attr, conffile="/etc/ldap.conf"): try: f = open(conffile) except IOError: @@ -64,39 +66,35 @@ return line.split(None, 1)[1].strip() break -def _initLdap(self): -self.base = self._getLdapInfo("base") -self.ldapHost = self._getLdapInfo("uri") -self.sslType = self._getLdapInfo("ssl") - -self.binddn = cfg.CONF[self.name].get('ldapusername') -self.bindpw = cfg.CONF[self.name].get('ldappassword') - def _openLdap(self): -self.ds = ldap.initialize(self.ldapHost) -self.ds.protocol_version = ldap.VERSION3 -if self.sslType == "start_tls": -self.ds.start_tls_s() +ldapHost = self._getLdapInfo("uri") +sslType = self._getLdapInfo("ssl") + +binddn = cfg.CONF[self.name].get('ldapusername') +bindpw = cfg.CONF[self.name].get('ldappassword') +ds = ldap.initialize(ldapHost) +ds.protocol_version = ldap.VERSION3 +if sslType == "start_tls": +ds.start_tls_s() try: -self.ds.simple_bind_s(self.binddn, self.bindpw) -return self.ds +ds.simple_bind_s(binddn, bindpw) +return ds except ldap.CONSTRAINT_VIOLATION: LOG.debug("LDAP bind failure: Too many failed attempts.\n") except ldap.INVALID_DN_SYNTAX: LOG.debug("LDAP bind failure: The bind DN is incorrect... \n") except ldap.NO_SUCH_OBJECT: -LOG.debug("LDAP bind failure: Unable to locate the bind DN account.\n") +LOG.debug("LDAP bind failure: " + "Unable to locate the bind DN account.\n") except ldap.UNWILLING_TO_PERFORM as msg: -LOG.debug("LDAP bind failure: The LDAP server was unwilling to perform the action" +LOG.debug("LDAP bind failure: " + "The LDAP server was unwilling to perform the action" " requested.\nError was: %s\n" % msg[0]["info"]) except ldap.INVALID_CREDENTIALS: LOG.debug("LDAP bind failure: Password incorrect.\n") return None - -def _closeLdap(self): -self.ds.unbind() def _create(self, addresses, extra, managed=True, resource_type=None, resource_id=None): @@ -110,8 +108,8 @@ :param resource_type: The managed resource type :param resource_id: The managed resource ID """ -self._initLdap() -if not self._openLdap(): +ds = self._openLdap() +if not ds: return LOG.debug('Using DomainID: %s' % cfg.CONF[self.name].domain_id) @@ -153,23 +151,26 @@ hostEntry['puppetVar'].append(var) hostEntry['associatedDomain'] = [] hostEntry['puppetVar'].append('instanceproject=%s' % - event_data['project_name'].encode('utf8')) + event_data['project_name'].encode( + 'utf8')) hostEntry['puppetVar'].append('instancename=%s' % - event_data['hostname'].encode('utf8')) + event_data['hostname'].encode( + 'utf8')) for fmt in cfg.CONF[self.name].get('format'): -hostEntry['associatedDomain'].append((fmt %
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Make the nova_ldap notification handler thread-safe
Andrew Bogott has uploaded a new change for review. https://gerrit.wikimedia.org/r/312127 Change subject: Make the nova_ldap notification handler thread-safe .. Make the nova_ldap notification handler thread-safe It turns out that this is getting called by eventlet, and was re-entering all over the place. Change-Id: I58ca5f93d0f6e481e0467038585d0f8947d787df --- M modules/openstack/files/kilo/designate/nova_ldap/base.py M modules/openstack/files/liberty/designate/nova_ldap/base.py M modules/openstack/files/mitaka/designate/nova_ldap/base.py 3 files changed, 126 insertions(+), 111 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/27/312127/1 diff --git a/modules/openstack/files/kilo/designate/nova_ldap/base.py b/modules/openstack/files/kilo/designate/nova_ldap/base.py index 036fd5a..7ae9a46 100644 --- a/modules/openstack/files/kilo/designate/nova_ldap/base.py +++ b/modules/openstack/files/kilo/designate/nova_ldap/base.py @@ -33,7 +33,8 @@ class BaseAddressLdapHandler(BaseAddressHandler): -def _get_ip_data(self, addr_dict): +@staticmethod +def _get_ip_data(addr_dict): ip = addr_dict['address'] version = addr_dict['version'] @@ -49,7 +50,8 @@ data["octet%s" % i] = ip_data[i] return data -def _getLdapInfo(self, attr, conffile="/etc/ldap.conf"): +@staticmethod +def _getLdapInfo(attr, conffile="/etc/ldap.conf"): try: f = open(conffile) except IOError: @@ -64,39 +66,35 @@ return line.split(None, 1)[1].strip() break -def _initLdap(self): -self.base = self._getLdapInfo("base") -self.ldapHost = self._getLdapInfo("uri") -self.sslType = self._getLdapInfo("ssl") - -self.binddn = cfg.CONF[self.name].get('ldapusername') -self.bindpw = cfg.CONF[self.name].get('ldappassword') - def _openLdap(self): -self.ds = ldap.initialize(self.ldapHost) -self.ds.protocol_version = ldap.VERSION3 -if self.sslType == "start_tls": -self.ds.start_tls_s() +ldapHost = self._getLdapInfo("uri") +sslType = self._getLdapInfo("ssl") + +binddn = cfg.CONF[self.name].get('ldapusername') +bindpw = cfg.CONF[self.name].get('ldappassword') +ds = ldap.initialize(ldapHost) +ds.protocol_version = ldap.VERSION3 +if sslType == "start_tls": +ds.start_tls_s() try: -self.ds.simple_bind_s(self.binddn, self.bindpw) -return self.ds +ds.simple_bind_s(binddn, bindpw) +return ds except ldap.CONSTRAINT_VIOLATION: LOG.debug("LDAP bind failure: Too many failed attempts.\n") except ldap.INVALID_DN_SYNTAX: LOG.debug("LDAP bind failure: The bind DN is incorrect... \n") except ldap.NO_SUCH_OBJECT: -LOG.debug("LDAP bind failure: Unable to locate the bind DN account.\n") +LOG.debug("LDAP bind failure: " + "Unable to locate the bind DN account.\n") except ldap.UNWILLING_TO_PERFORM as msg: -LOG.debug("LDAP bind failure: The LDAP server was unwilling to perform the action" +LOG.debug("LDAP bind failure: " + "The LDAP server was unwilling to perform the action" " requested.\nError was: %s\n" % msg[0]["info"]) except ldap.INVALID_CREDENTIALS: LOG.debug("LDAP bind failure: Password incorrect.\n") return None - -def _closeLdap(self): -self.ds.unbind() def _create(self, addresses, extra, managed=True, resource_type=None, resource_id=None): @@ -110,8 +108,8 @@ :param resource_type: The managed resource type :param resource_id: The managed resource ID """ -self._initLdap() -if not self._openLdap(): +ds = self._openLdap() +if not ds: return LOG.debug('Using DomainID: %s' % cfg.CONF[self.name].domain_id) @@ -153,23 +151,26 @@ hostEntry['puppetVar'].append(var) hostEntry['associatedDomain'] = [] hostEntry['puppetVar'].append('instanceproject=%s' % - event_data['project_name'].encode('utf8')) + event_data['project_name'].encode( + 'utf8')) hostEntry['puppetVar'].append('instancename=%s' % - event_data['hostname'].encode('utf8')) + event_data['hostname'].encode( + 'utf8')) for fmt in cfg.CONF[self.name].get('format'): -hostEntry['associatedDomain'].append((fmt % event_data).rstrip('.').encode('utf8')) +