From 9a21f56f8a0f4e57ecfe03ed3ecde3ddac58be28 Mon Sep 17 00:00:00 2001 From: Remi Bergsma Date: Sat, 7 May 2016 18:56:58 +0200 Subject: [PATCH 1/3] Speedup vm start by making vm_passwd saving much faster - do not keep passwords in databag (/etc/cloudstack/vmpasswd.json) - process only the password we get in (vm_password.json) from mgt server - lookup the correct passwd server instead of adding passwd to all of them Example: - 4 tiers and 199 VMs running - Start vm 200 would cause new passwd from vm_password.json (1) to be merged with /etc/cloudstack/vmpasswd.json (199) - A curl command was exected foreach password (200) foreach tier (4) resulting in 800 calls - In fact, since passwds are never cleaned it could very well be even more as the ip address was the key in the json file so until the ip address was reused the original password would remain and be sent to passwd server every time another vm starts. - This took ~40 seconds Now we just figure out the right tier and only process the new password resulting in a single curl call. - takes 0,03 seconds! --- .../config/opt/cloud/bin/cs/CsVmPassword.py | 45 +++++++++++++++++++ .../debian/config/opt/cloud/bin/cs_vmp.py | 27 ----------- 2 files changed, 45 insertions(+), 27 deletions(-) create mode 100644 systemvm/patches/debian/config/opt/cloud/bin/cs/CsVmPassword.py delete mode 100755 systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsVmPassword.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsVmPassword.py new file mode 100644 index 00000000000..279d21d3298 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsVmPassword.py @@ -0,0 +1,45 @@ +#!/usr/bin/python +# -- coding: utf-8 -- + +import CsHelper +from CsProcess import CsProcess +from netaddr import IPNetwork, IPAddress +import logging + + +class CsPassword: + + TOKEN_FILE="/tmp/passwdsrvrtoken" + + def __init__(self, dbag): + self.dbag = dbag + self.process() + + def process(self): + self.__update(self.dbag['ip_address'], self.dbag['password']) + + def __update(self, vm_ip, password): + token = "" + try: + tokenFile = open(self.TOKEN_FILE) + token = tokenFile.read() + except IOError: + logging.debug("File %s does not exist" % self.TOKEN_FILE) + + logging.debug("Got VM '%s' and password '%s'" % (vm_ip, password)) + get_cidrs_cmd = "ip addr show | grep inet | grep -v secondary | awk '{print $2}'" + cidrs = CsHelper.execute(get_cidrs_cmd) + logging.debug("Found these CIDRs: %s" % cidrs) + for cidr in cidrs: + logging.debug("Processing CIDR '%s'" % cidr) + if IPAddress(vm_ip) in IPNetwork(cidr): + ip = cidr.split('/')[0] + logging.debug("Cidr %s matches vm ip address %s so adding passwd to passwd server at %s" % (cidr, vm_ip, ip)) + proc = CsProcess(['/opt/cloud/bin/passwd_server_ip.py', ip]) + if proc.find(): + update_command = 'curl --header "DomU_Request: save_password" "http://{SERVER_IP}:8080/" -F "ip={VM_IP}" -F "password={PASSWORD}" ' \ + '-F "token={TOKEN}" --interface 127.0.0.1 >/dev/null 2>/dev/null &'.format(SERVER_IP=ip, VM_IP=vm_ip, PASSWORD=password, TOKEN=token) + result = CsHelper.execute(update_command) + logging.debug("Update password server result ==> %s" % result) + else: + logging.debug("Update password server skipped because we didn't find a passwd server process for %s (makes sense on backup routers)" % ip) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py deleted file mode 100755 index 3a8e06ed719..00000000000 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py +++ /dev/null @@ -1,27 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -from pprint import pprint -from netaddr import * - - -def merge(dbag, data): - """ - Track vm passwords - """ - dbag[data['ip_address']] = data['password'] - return dbag From 00add837494f0cadf6bce46ce33d0b35e95610ce Mon Sep 17 00:00:00 2001 From: Daan Hoogland Date: Sat, 6 May 2017 22:12:36 +0200 Subject: [PATCH 2/3] remaining conflicting code for vm_passwd speedup --- .../debian/config/opt/cloud/bin/configure.py | 30 ------------------- .../debian/config/opt/cloud/bin/merge.py | 20 ++++++------- .../config/opt/cloud/bin/update_config.py | 22 +++++++++++++- 3 files changed, 31 insertions(+), 41 deletions(-) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index bdcfec9ade8..ff5d3ed4419 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -45,36 +45,6 @@ from cs.CsProcess import CsProcess from cs.CsStaticRoutes import CsStaticRoutes -class CsPassword(CsDataBag): - - TOKEN_FILE="/tmp/passwdsrvrtoken" - - def process(self): - for item in self.dbag: - if item == "id": - continue - self.__update(item, self.dbag[item]) - - def __update(self, vm_ip, password): - token = "" - try: - tokenFile = open(self.TOKEN_FILE) - token = tokenFile.read() - except IOError: - logging.debug("File %s does not exist" % self.TOKEN_FILE) - - ips_cmd = "ip addr show | grep inet | awk '{print $2}'" - ips = CsHelper.execute(ips_cmd) - for ip in ips: - server_ip = ip.split('/')[0] - proc = CsProcess(['/opt/cloud/bin/passwd_server_ip.py', server_ip]) - if proc.find(): - update_command = 'curl --header "DomU_Request: save_password" "http://{SERVER_IP}:8080/" -F "ip={VM_IP}" -F "password={PASSWORD}" ' \ - '-F "token={TOKEN}" >/dev/null 2>/dev/null &'.format(SERVER_IP=server_ip, VM_IP=vm_ip, PASSWORD=password, TOKEN=token) - result = CsHelper.execute(update_command) - logging.debug("Update password server result ==> %s" % result) - - class CsAcl(CsDataBag): """ Deal with Network acls diff --git a/systemvm/patches/debian/config/opt/cloud/bin/merge.py b/systemvm/patches/debian/config/opt/cloud/bin/merge.py index 50d9ee9aae8..e6ca8586eea 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/merge.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/merge.py @@ -23,7 +23,6 @@ import logging import cs_ip import cs_guestnetwork import cs_cmdline -import cs_vmp import cs_network_acl import cs_firewallrules import cs_loadbalancer @@ -36,8 +35,6 @@ import cs_remoteaccessvpn import cs_vpnusers import cs_staticroutes -from pprint import pprint - class DataBag: @@ -105,8 +102,6 @@ class updateDataBag: dbag = self.processGuestNetwork(self.db.getDataBag()) elif self.qFile.type == 'cmdline': dbag = self.processCL(self.db.getDataBag()) - elif self.qFile.type == 'vmpassword': - dbag = self.processVMpassword(self.db.getDataBag()) elif self.qFile.type == 'networkacl': dbag = self.process_network_acl(self.db.getDataBag()) elif self.qFile.type == 'firewallrules': @@ -188,9 +183,6 @@ class updateDataBag: def process_staticroutes(self, dbag): return cs_staticroutes.merge(dbag, self.qFile.data) - def processVMpassword(self, dbag): - return cs_vmp.merge(dbag, self.qFile.data) - def processForwardingRules(self, dbag): # to be used by both staticnat and portforwarding return cs_forwardingrules.merge(dbag, self.qFile.data) @@ -275,13 +267,21 @@ class QueueFile: fileName = '' configCache = "/var/cache/cloud" keep = True + do_merge = True data = {} + def update_databag(self): + if self.do_merge: + logging.info("Merging because do_merge is %s" % self.do_merge) + updateDataBag(self) + else: + logging.info("Not merging because do_merge is %s" % self.do_merge) + def load(self, data): if data is not None: self.data = data self.type = self.data["type"] - proc = updateDataBag(self) + self.update_databag() return fn = self.configCache + '/' + self.fileName try: @@ -296,7 +296,7 @@ class QueueFile: self.__moveFile(fn, self.configCache + "/processed") else: os.remove(fn) - proc = updateDataBag(self) + self.update_databag() def setFile(self, name): self.fileName = name diff --git a/systemvm/patches/debian/config/opt/cloud/bin/update_config.py b/systemvm/patches/debian/config/opt/cloud/bin/update_config.py index dddd0c8e3c0..9ec3f872785 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/update_config.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/update_config.py @@ -25,6 +25,7 @@ import os import os.path import configure import json +from cs.CsVmPassword import * logging.basicConfig(filename='/var/log/cloud.log', level=logging.DEBUG, format='%(asctime)s %(filename)s %(funcName)s:%(lineno)d %(message)s') @@ -45,15 +46,30 @@ def finish_config(): sys.exit(returncode) -def process_file(): +def process(do_merge=True): print "[INFO] Processing JSON file %s" % sys.argv[1] qf = QueueFile() qf.setFile(sys.argv[1]) + qf.do_merge = do_merge qf.load(None) + + return qf + + +def process_file(): + print "[INFO] process_file" + qf = process() # Converge finish_config() +def process_vmpasswd(): + print "[INFO] process_vmpassword" + qf = process(False) + print "[INFO] Sending password to password server" + CsPassword(qf.getData()) + + def is_guestnet_configured(guestnet_dict, keys): existing_keys = [] @@ -135,6 +151,10 @@ if sys.argv[1] == "guest_network.json": else: print "[INFO] update_config.py :: No GuestNetwork configured yet. Configuring first one now." process_file() +# Bypass saving passwords and running full config/convergence, just feed passwd to passwd server and stop +elif sys.argv[1].startswith("vm_password.json"): + print "[INFO] update_config.py :: Processing incoming vm_passwd file => %s" % sys.argv[1] + process_vmpasswd() else: print "[INFO] update_config.py :: Processing incoming file => %s" % sys.argv[1] process_file() From 710d3bff3f9676aa59a5a960489072ca2b4729d6 Mon Sep 17 00:00:00 2001 From: Daan Hoogland Date: Mon, 8 May 2017 07:42:04 +0200 Subject: [PATCH 3/3] rat --- .../config/opt/cloud/bin/cs/CsVmPassword.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsVmPassword.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsVmPassword.py index 279d21d3298..1376093c81a 100644 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsVmPassword.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsVmPassword.py @@ -1,5 +1,21 @@ #!/usr/bin/python # -- coding: utf-8 -- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. import CsHelper from CsProcess import CsProcess