新版OpenStack CLI玩耍

在开源的东西上进行修改,是否要进行同步来维护,这是个十分麻烦的事情,一直都在用H版的OpenStack,自己装了个最新版devstack玩耍了一番,才操作了几分钟,已经感觉到了很大的变动,毕竟相隔了3,4年的版本

我是VMware Fusion里安装了一个CentOS7.2,一般人以及官方推荐都是Ubuntu比较方便,都差不多,凡事在于尝试,下载地址老地方

https://github.com/openstack-dev/devstack.git

版本是newton,给虚拟机分配了2个Core和3.9G的Memory,内存快到4G就行了,少于3.5就有点悬了,其它的安装搭建很简单,有问题就靠自己解决了

我这里带horizon一起安装完成,source一下居然出来一个WARNING

[lihui@openstack devstack]$ source openrc admin admin
WARNING: setting legacy OS_TENANT_NAME to support cli tools.

不明觉厉,WARNING还是要看下,首先是openrc文件,报警的地方

echo "WARNING: setting legacy OS_TENANT_NAME to support cli tools."
export OS_TENANT_NAME=$OS_PROJECT_NAME

没有一点点防备,也没有一丝条件,直接就echo了一个警告,一脸懵逼

直译就是设置旧版本的OS_TENANT_NAME,以便支持命令行工具,这什么鬼,OS_TENANT_NAME不就是租户么,往上看有这么一段

# The OpenStack ecosystem has standardized the term **project** as the
# entity that owns resources.  In some places **tenant** remains
# referenced, but in all cases this just means **project**.  We will
# warn if we need to turn on legacy **tenant** support to have a
# working environment.
export OS_PROJECT_NAME=${OS_PROJECT_NAME:-demo}

这里冒出来一个OS_PROJECT_NAME,注释清楚明白地说明了看似用project来取代tenant,用到tenant的地方会warning

这么看来echo一个警告只是为了声明一下:上面这玩意只是为了支持cli tools,不然都会有warning的

虽然还没从上面的懵逼中回过神来,继续看了一眼,又发现了一个新鲜玩意

# With domain which the user and project belong to.
if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then
    export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"}
    export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}
fi

domain是个什么鬼,不过看下面的if应该是keyston的V3版本里冒出来的概念,难不成domain=user+project

直接准备用keystone获取个token看看,更懵逼了

[lihui@openstack ~]$ keystone-
keystone-manage       keystone-wsgi-admin   keystone-wsgi-public

看下client的版本,果然是v3的了

[lihui@openstack ~]$ pip freeze | grep keystoneclient
python-keystoneclient==3.10.0

 没想到居然沦落到获取一个token也这么难的地步,看看openstack接口

[lihui@openstack devstack]$ openstack help | grep token | tail
中间省略一大波...
  token issue    Issue new token
  token revoke   Revoke existing token

看字面意思token issue好使

[lihui@openstack devstack]$ openstack token issue
Missing value auth-url required for auth plugin password

直接在openrc里指定

export OS_AUTH_URL=http://192.168.226.182:35357/v3

还是错误

[lihui@openstack devstack]$ openstack token issue
Ignoring domain related config project_domain_id because identity API version is 2.0
Ignoring domain related config user_domain_id because identity API version is 2.0
Ignoring domain related config project_domain_id because identity API version is 2.0
Ignoring domain related config user_domain_id because identity API version is 2.0
Ignoring domain related config project_domain_id because identity API version is 2.0
Ignoring domain related config user_domain_id because identity API version is 2.0
Ignoring domain related config project_domain_id because identity API version is 2.0
Ignoring domain related config user_domain_id because identity API version is 2.0
Expecting to find domain in project - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) (Request-ID: req-a8916bdd-409c-4a43-8a4b-1e61a0518e9e)

不过经过上面的修改,起码简单的接口是没问题的

[lihui@openstack devstack]$ nova list
/usr/lib/python2.7/site-packages/novaclient/client.py:278: UserWarning: The 'tenant_id' argument is deprecated in Ocata and its use may result in errors in future releases. As 'project_id' is provided, the 'tenant_id' argument will be ignored.
  warnings.warn(msg)
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+

这就又懵逼了,调用这些接口,首先必须获取token才对,这么说API应该没问题,只不过keystoneclient封装这里有问题

接下来看看neutron,更不可思议的玩意

[lihui@openstack devstack]$ neutron agent-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+--------------------+-----------+-------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host      | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+-----------+-------------------+-------+----------------+---------------------------+
| 0bb98382-27e4-4354-b786-763f637a2319 | Open vSwitch agent | openstack |                   | :-)   | True           | neutron-openvswitch-agent |
| 0e210fd3-7897-4c6e-899e-ed8c282ead1a | Metadata agent     | openstack |                   | :-)   | True           | neutron-metadata-agent    |
| 3474930b-550d-41aa-8ece-cbafd0e680ba | L3 agent           | openstack | nova              | :-)   | True           | neutron-l3-agent          |
| ca341695-086b-4cca-9d0f-bdd5a5599cc3 | DHCP agent         | openstack | nova              | :-)   | True           | neutron-dhcp-agent        |
+--------------------------------------+--------------------+-----------+-------------------+-------+----------------+---------------------------+

neutron的CLI要被放弃了,以后都用openstack接口,反正懵逼习惯了,看看代码里怎么写的

https://github.com/openstack/python-neutronclient.git

来自python-neutronclient/neutronclient/shell.py里,又是一个毫不讲理,main一开始就输出警告

def main(argv=sys.argv[1:]):
    try:
        print(_("neutron CLI is deprecated and will be removed "
                "in the future. Use openstack CLI instead."), file=sys.stderr)
        return NeutronShell(NEUTRON_API_VERSION).run(
            list(map(encodeutils.safe_decode, argv)))
    except KeyboardInterrupt:
        print(_("... terminating neutron client"), file=sys.stderr)
        return 130
    except exc.NeutronClientException:
        return 1
    except Exception as e:
        print(e)
        return 1

既然如此,查看一下openstack接口,还真有

[lihui@openstack devstack]$ openstack help | grep agent
  compute agent create  Create compute agent
  compute agent delete  Delete compute agent(s)
  compute agent list  List compute agents
  compute agent set  Set compute agent properties
  network agent delete  Delete network agent(s)
  network agent list  List network agents
  network agent set  Set network agent properties
  network agent show  Display network agent details

但是执行结果又是一脸懵逼

[lihui@openstack devstack]$ openstack network agent list
Ignoring domain related config project_domain_id because identity API version is 2.0
Ignoring domain related config user_domain_id because identity API version is 2.0
Ignoring domain related config project_domain_id because identity API version is 2.0
Ignoring domain related config user_domain_id because identity API version is 2.0
Ignoring domain related config project_domain_id because identity API version is 2.0
Ignoring domain related config user_domain_id because identity API version is 2.0
Ignoring domain related config project_domain_id because identity API version is 2.0
Ignoring domain related config user_domain_id because identity API version is 2.0
Expecting to find domain in project - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) (Request-ID: req-f101f3ef-4b66-49c9-9038-282307586b60)

到处都有domain的身影,看来新版本里这玩意肯定不简单

看看社区官方文档,有关CLI的

https://docs.openstack.org/developer/python-openstackclient/man/openstack.html

写了个lihuirc文件

export OS_AUTH_URL=http://192.168.226.182:35357/v3
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=lihui

执行CLI

[lihui@openstack devstack]$ source lihuirc
[lihui@openstack devstack]$ nova list
/usr/lib/python2.7/site-packages/novaclient/client.py:278: UserWarning: The 'tenant_id' argument is deprecated in Ocata and its use may result in errors in future releases. As 'project_id' is provided, the 'tenant_id' argument will be ignored.
  warnings.warn(msg)
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+
[lihui@openstack devstack]$
[lihui@openstack devstack]$
[lihui@openstack devstack]$ openstack token issue
Expecting to find domain in project - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) (Request-ID: req-d9ee268a-479d-4aaf-ab84-373891be9561)

真是颠覆了我的五官,nova接口返回了,获取token接口失败,不错从警告里可以看出来,novaclient目前还是兼容,只是说明了在Ocata版本里tenant_id会不用,至于后面一个接口,还是project写的不对

大半夜的不玩了,明晚再研究下这个版本的keystone

发表回复