use_cookbook-openstackclient/identity_v3

- Now use cookbook-openstackclient to create endpoints role service and
  user
- added domain creation and access granting
- added values to work with identity_v3
- rewrote specs to work again
- added needed keystone_authtoken attributes
- updated README

Change-Id: I2f339055883354c6a8a77daa7967ff279c4d18d9
Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1
Depends-On: If7b4d6e563081a0be9957353d73ef61a9688df56
This commit is contained in:
Christoph Albers 2016-08-31 15:33:25 +02:00
parent ddad81bf9b
commit 49d23da167
9 changed files with 189 additions and 205 deletions

View File

@ -8,3 +8,6 @@ cookbook "openstack-identity",
github: "openstack/cookbook-openstack-identity"
cookbook "openstack-common",
github: "openstack/cookbook-openstack-common"
cookbook "openstackclient",
github: "cloudbau/cookbook-openstackclient"

View File

@ -29,9 +29,10 @@ Cookbooks
The following cookbooks are dependencies:
- 'apt', '~> 4.0'
- 'openstack-common', '>= 13.0.0'
- 'openstack-identity', '>= 13.0.0'
- 'openstack-image', '>= 13.0.0'
- 'openstack-common', '>= 14.0.0'
- 'openstack-identity', '>= 14.0.0'
- 'openstack-image', '>= 14.0.0'
- 'openstackclient', '>= 0.1.0'
Attributes
==========
@ -96,6 +97,7 @@ License and Author
| **Author** | Eric Zhou (<zyouzhou@cn.ibm.com>) |
| **Author** | Edwin Wang (<edwin.wang@cn.ibm.com>) |
| **Author** | Jan Klare (<j.klare@cloudbau.de>) |
| **Author** | Christoph Albers (<c.albers@x-ion.de>) |
| | |
| **Copyright** | Copyright (c) 2012, Rackspace US, Inc. |
| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. |

View File

@ -9,10 +9,14 @@ default['openstack']['block-storage']['conf'].tap do |conf|
conf['DEFAULT']['control_exchange'] = 'cinder'
conf['DEFAULT']['volume_group'] = 'cinder-volumes'
conf['DEFAULT']['state_path'] = '/var/lib/cinder'
conf['keystone_authtoken']['auth_type'] = 'v2password'
conf['keystone_authtoken']['auth_type'] = 'v3password'
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
conf['keystone_authtoken']['username'] = 'cinder'
conf['keystone_authtoken']['tenant_name'] = 'service'
conf['keystone_authtoken']['auth_version'] = node['openstack']['identity']['auth']['version']
conf['keystone_authtoken']['project_name'] = 'service'
conf['keystone_authtoken']['user_domain_name'] = 'Default'
conf['keystone_authtoken']['signing_dir'] = '/var/cache/cinder/api'
conf['keystone_authtoken']['project_domain_name'] = 'Default'
conf['oslo_concurrency']['lock_path'] = '/var/lib/cinder/tmp'
end

View File

@ -49,7 +49,7 @@ default['openstack']['block-storage']['rabbit_server_chef_role'] = 'os-ops-messa
default['openstack']['block-storage']['keystone_service_chef_role'] = 'keystone'
default['openstack']['block-storage']['service_user'] = 'cinder'
default['openstack']['block-storage']['service_tenant_name'] = 'service'
default['openstack']['block-storage']['project'] = 'service'
default['openstack']['block-storage']['service_role'] = 'service'
default['openstack']['block-storage']['service_name'] = 'cinderv2'
default['openstack']['block-storage']['service_type'] = 'volumev2'

View File

@ -17,3 +17,4 @@ depends 'apt', '~> 4.0'
depends 'openstack-common', '>= 14.0.0'
depends 'openstack-identity', '>= 14.0.0'
depends 'openstack-image', '>= 14.0.0'
depends 'openstackclient'

View File

@ -27,102 +27,112 @@ class ::Chef::Recipe
end
identity_admin_endpoint = admin_endpoint 'identity'
bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token'
auth_uri = ::URI.decode identity_admin_endpoint.to_s
admin_cinder_api_endpoint = admin_endpoint 'block-storage'
internal_cinder_api_endpoint = internal_endpoint 'block-storage'
public_cinder_api_endpoint = public_endpoint 'block-storage'
auth_url = ::URI.decode identity_admin_endpoint.to_s
interfaces = {
public: { url: public_endpoint('block-storage') },
internal: { url: internal_endpoint('block-storage') },
admin: { url: admin_endpoint('block-storage') }
}
service_pass = get_password 'service', 'openstack-block-storage'
region = node['openstack']['block-storage']['region']
service_tenant_name = node['openstack']['block-storage']['service_tenant_name']
service_project_name = node['openstack']['block-storage']['conf']['keystone_authtoken']['project_name']
service_user = node['openstack']['block-storage']['service_user']
admin_user = node['openstack']['identity']['admin_user']
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
admin_project = node['openstack']['identity']['admin_project']
admin_domain = node['openstack']['identity']['admin_domain_name']
service_domain_name = node['openstack']['block-storage']['conf']['keystone_authtoken']['user_domain_name']
service_role = node['openstack']['block-storage']['service_role']
service_name = node['openstack']['block-storage']['service_name']
service_type = node['openstack']['block-storage']['service_type']
openstack_identity_register 'Register Service Tenant' do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
tenant_description 'Service Tenant'
action :create_tenant
connection_params = {
openstack_auth_url: "#{auth_url}/auth/tokens",
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_project_name: admin_project,
openstack_domain_name: admin_domain
}
# Register VolumeV2 Service
openstack_service service_name do
type service_type
connection_params connection_params
end
openstack_identity_register 'Register Cinder V2 Volume Service' do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_name service_name
service_type service_type
service_description 'Cinder Volume Service V2'
endpoint_region region
endpoint_adminurl ::URI.decode admin_cinder_api_endpoint.to_s
endpoint_internalurl ::URI.decode internal_cinder_api_endpoint.to_s
endpoint_publicurl ::URI.decode public_cinder_api_endpoint.to_s
action :create_service
interfaces.each do |interface, res|
# Register VolumeV2 Endpoints
openstack_endpoint service_type do
service_name service_name
interface interface.to_s
url res[:url].to_s
region region
connection_params connection_params
end
end
openstack_identity_register 'Register Cinder V2 Volume Endpoint' do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_name service_name
service_type service_type
service_description 'Cinder Volume Service V2'
endpoint_region region
endpoint_adminurl ::URI.decode admin_cinder_api_endpoint.to_s
endpoint_internalurl ::URI.decode internal_cinder_api_endpoint.to_s
endpoint_publicurl ::URI.decode public_cinder_api_endpoint.to_s
action :create_endpoint
# Register Service Project
openstack_project service_project_name do
connection_params connection_params
end
# Register Service User
openstack_user service_user do
project_name service_project_name
role_name service_role
password service_pass
connection_params connection_params
end
## Grant Service role to Service User for Service Tenant ##
openstack_user service_user do
role_name service_role
project_name service_project_name
connection_params connection_params
action :grant_role
end
openstack_user service_user do
domain_name service_domain_name
role_name service_role
connection_params connection_params
action :grant_domain
end
# --------------------- WORKAROUND --------------------------------------#
# Currently this bug is still open
# (https://bugs.launchpad.net/horizon/+bug/1415712) and we need to register and
# enable the cinder v1 api to make it available via the dashboard. This should
# be removed with the final mitaka release.
openstack_identity_register 'Register Cinder V1 Volume Service' do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_name (service_name.gsub(/v2/, ''))
service_type (service_type.gsub(/v2/, ''))
service_description 'Cinder Volume Service V1'
endpoint_region region
endpoint_adminurl (::URI.decode admin_cinder_api_endpoint.to_s.gsub(/v2/, 'v1'))
endpoint_internalurl (::URI.decode internal_cinder_api_endpoint.to_s.gsub(/v2/, 'v1'))
endpoint_publicurl (::URI.decode public_cinder_api_endpoint.to_s.gsub(/v2/, 'v1'))
action :create_service
# openstack_identity_register 'Register Cinder V1 Volume Service' do
# auth_uri auth_uri
# bootstrap_token bootstrap_token
# service_name ((service_name).gsub(/v2/, ''))
# service_type ((service_type).gsub(/v2/, ''))
# service_description 'Cinder Volume Service V1'
# endpoint_region region
# endpoint_adminurl ((::URI.decode admin_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
# endpoint_internalurl ((::URI.decode internal_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
# endpoint_publicurl ((::URI.decode public_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
# action :create_service
# end
# Register Volume Service
openstack_service 'cinder' do
type 'volume'
connection_params connection_params
end
openstack_identity_register 'Register Cinder V1 Volume Endpoint' do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_name (service_name.gsub(/v2/, ''))
service_type (service_type.gsub(/v2/, ''))
service_description 'Cinder Volume Service V1'
endpoint_region region
endpoint_adminurl (::URI.decode admin_cinder_api_endpoint.to_s.gsub(/v2/, 'v1'))
endpoint_internalurl (::URI.decode internal_cinder_api_endpoint.to_s.gsub(/v2/, 'v1'))
endpoint_publicurl (::URI.decode public_cinder_api_endpoint.to_s.gsub(/v2/, 'v1'))
action :create_endpoint
interfaces.each do |interface, res|
# Register VolumeV1 Endpoints
openstack_endpoint 'volume' do
service_name 'cinder'
interface interface.to_s
url (::URI.decode res[:url].to_s).gsub(/v2/, 'v1')
region region
connection_params connection_params
end
end
# --------------------- WORKAROUND --------------------------------------#
openstack_identity_register 'Register Cinder Service User' do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
user_name service_user
user_pass service_pass
user_enabled true # Not required as this is the default
action :create_user
end
openstack_identity_register 'Grant service Role to Cinder Service User for Cinder Service Tenant' do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
user_name service_user
role_name service_role
action :grant_role
end

View File

@ -77,13 +77,11 @@ describe 'openstack-block-storage::cinder-common' do
context 'endpoint related' do
it 'has auth_uri' do
expect(chef_run).to render_file(file.name).with_content(%r{^auth_url = http://127.0.0.1:5000/v2.0$})
expect(chef_run).to render_file(file.name).with_content(%r{^auth_url = http://127.0.0.1:5000/v3$})
end
end
it 'has no auth_version when auth_version is v2.0' do
node.set['openstack']['block-storage']['api']['auth']['version'] = 'v2.0'
it do
expect(chef_run).not_to render_file(file.name).with_content(/^auth_version = v2.0$/)
end

View File

@ -12,153 +12,117 @@ describe 'openstack-block-storage::identity_registration' do
include_context 'block-storage-stubs'
it 'registers service tenant' do
expect(chef_run).to create_tenant_openstack_identity_register(
'Register Service Tenant'
connection_params = {
openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
openstack_username: 'admin',
openstack_api_key: 'emc_test_pass',
openstack_project_name: 'admin',
openstack_domain_name: 'default'
}
service_name = 'cinderv2'
service_type = 'volumev2'
service_user = 'cinder'
url = 'http://127.0.0.1:8776/v2/%(tenant_id)s'
region = 'RegionOne'
project_name = 'service'
role_name = 'service'
password = 'cinder-pass'
domain_name = 'Default'
it "registers #{project_name} Project" do
expect(chef_run).to create_openstack_project(
project_name
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
tenant_description: 'Service Tenant'
connection_params: connection_params
)
end
it 'registers cinder v2 volume service' do
expect(chef_run).to create_service_openstack_identity_register(
'Register Cinder V2 Volume Service'
it "registers #{service_name} service" do
expect(chef_run).to create_openstack_service(
service_name
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_name: 'cinderv2',
service_type: 'volumev2',
service_description: 'Cinder Volume Service V2',
endpoint_region: 'RegionOne',
endpoint_adminurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s',
endpoint_internalurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s',
endpoint_publicurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s'
connection_params: connection_params,
type: service_type
)
end
context 'registers v2 volume endpoint' do
it 'with default values' do
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Cinder V2 Volume Endpoint'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_name: 'cinderv2',
service_type: 'volumev2',
service_description: 'Cinder Volume Service V2',
endpoint_region: 'RegionOne',
endpoint_adminurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s',
endpoint_internalurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s',
endpoint_publicurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s'
)
context "registers #{service_name} endpoint" do
%w(admin internal public).each do |interface|
it "#{interface} endpoint with default values" do
expect(chef_run).to create_openstack_endpoint(
service_type
).with(
service_name: service_name,
# interface: interface,
url: url,
region: region,
connection_params: connection_params
)
end
end
%w(admin internal public).each do |interface|
it "#{interface} with different service type/name and registers v1 endpoint" do
node.set['openstack']['block-storage']['service_name'] = 'cinder'
node.set['openstack']['block-storage']['service_type'] = 'volume'
it 'with all different URLs' do
admin_url = 'https://admin.host:123/admin_path'
internal_url = 'http://internal.host:456/internal_path'
public_url = 'https://public.host:789/public_path'
node.set['openstack']['endpoints']['internal']['block-storage']['uri'] = internal_url
node.set['openstack']['endpoints']['admin']['block-storage']['uri'] = admin_url
node.set['openstack']['endpoints']['public']['block-storage']['uri'] = public_url
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Cinder V2 Volume Endpoint'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_name: 'cinderv2',
service_type: 'volumev2',
service_description: 'Cinder Volume Service V2',
endpoint_region: 'RegionOne',
endpoint_adminurl: admin_url,
endpoint_internalurl: internal_url,
endpoint_publicurl: public_url
)
end
it 'with different service type/name' do
node.set['openstack']['block-storage']['service_name'] = 'cinder'
node.set['openstack']['block-storage']['service_type'] = 'volume'
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Cinder V2 Volume Endpoint'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_name: 'cinder',
service_type: 'volume',
service_description: 'Cinder Volume Service V2',
endpoint_region: 'RegionOne',
endpoint_adminurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s',
endpoint_internalurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s',
endpoint_publicurl: 'http://127.0.0.1:8776/v2/%(tenant_id)s'
)
expect(chef_run).to create_openstack_endpoint(
'volume'
).with(
service_name: 'cinder',
# interface: interface,
url: 'http://127.0.0.1:8776/v1/%(tenant_id)s',
region: 'RegionOne',
connection_params: connection_params
)
end
end
it 'with custom region override' do
node.set['openstack']['block-storage']['region'] = 'volumeRegion'
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Cinder V2 Volume Endpoint'
).with(endpoint_region: 'volumeRegion')
expect(chef_run).to create_openstack_endpoint(
service_type
).with(region: 'volumeRegion')
end
end
it 'registers service user' do
expect(chef_run).to create_user_openstack_identity_register(
'Register Cinder Service User'
expect(chef_run).to create_openstack_user(
service_user
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
user_name: 'cinder',
user_pass: 'cinder-pass',
user_enabled: true
project_name: project_name,
role_name: role_name,
password: password,
connection_params: connection_params
)
end
it 'grants service role to service user for service tenant' do
expect(chef_run).to grant_role_openstack_identity_register(
'Grant service Role to Cinder Service User for Cinder Service Tenant'
it do
expect(chef_run).to grant_domain_openstack_user(
service_user
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
user_name: 'cinder',
role_name: 'service'
domain_name: domain_name,
role_name: role_name,
connection_params: connection_params
)
end
it do
expect(chef_run).to create_service_openstack_identity_register(
'Register Cinder V1 Volume Service'
expect(chef_run).to grant_role_openstack_user(
service_user
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_name: 'cinder',
service_type: 'volume',
service_description: 'Cinder Volume Service V1',
endpoint_region: 'RegionOne',
endpoint_adminurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s',
endpoint_internalurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s',
endpoint_publicurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s'
project_name: project_name,
role_name: role_name,
password: password,
connection_params: connection_params
)
end
it do
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Cinder V1 Volume Endpoint'
it 'registers cinder v1 volume service' do
expect(chef_run).to create_openstack_service(
'cinder'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_name: 'cinder',
service_type: 'volume',
service_description: 'Cinder Volume Service V1',
endpoint_region: 'RegionOne',
endpoint_adminurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s',
endpoint_internalurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s',
endpoint_publicurl: 'http://127.0.0.1:8776/v1/%(tenant_id)s'
connection_params: connection_params,
type: 'volume'
)
end
end

View File

@ -108,12 +108,14 @@ shared_examples 'creates_cinder_conf' do |service, user, group, action = :restar
it do
[
/^auth_type = v2password$/,
/^auth_type = v3password$/,
/^region_name = RegionOne$/,
/^username = cinder/,
/^tenant_name = service$/,
/^project_name = service$/,
/^user_domain_name = Default/,
/^project_domain_name = Default/,
%r{^signing_dir = /var/cache/cinder/api$},
%r{^auth_url = http://127.0.0.1:5000/v2.0$},
%r{^auth_url = http://127.0.0.1:5000/v3$},
/^password = cinder-pass$/
].each do |line|
expect(chef_run).to render_config_file(file.name)