Merge "use_cookbook-openstackclient/identity_v3"

This commit is contained in:
Jenkins 2016-10-11 16:17:29 +00:00 committed by Gerrit Code Review
commit 1993d880f2
9 changed files with 147 additions and 144 deletions

View File

@ -2,11 +2,13 @@ source "https://supermarket.chef.io"
metadata
cookbook "openstack-network",
github: "openstack/cookbook-openstack-network"
cookbook "openstack-image",
github: "openstack/cookbook-openstack-image"
cookbook "openstack-identity",
github: "openstack/cookbook-openstack-identity"
cookbook "openstack-common",
github: "openstack/cookbook-openstack-common"
cookbook "openstack-network",
github: "openstack/cookbook-openstack-network"
cookbook "openstackclient",
github: "cloudbau/cookbook-openstackclient"

View File

@ -34,6 +34,7 @@ The following cookbooks are dependencies:
- 'openstack-image', '>= 14.0.0'
- 'openstack-network', '>= 14.0.0'
- 'python', '~> 1.4.6'
- 'openstackclient', '>= 0.1.0'
Attributes
==========

View File

@ -253,7 +253,7 @@ end
default['openstack']['endpoints'][type]['compute-xvpvnc']['path'] = '/console'
# The OpenStack Compute (Nova) Native API endpoint
default['openstack']['endpoints'][type]['compute-api']['port'] = '8774'
default['openstack']['endpoints'][type]['compute-api']['path'] = '/v2/%(tenant_id)s'
default['openstack']['endpoints'][type]['compute-api']['path'] = '/v2.1/%(tenant_id)s'
# The OpenStack Compute (Nova) novnc endpoint
default['openstack']['endpoints'][type]['compute-novnc']['port'] = '6080'
default['openstack']['endpoints'][type]['compute-novnc']['path'] = '/vnc_auto.html'

View File

@ -22,10 +22,13 @@ default['openstack']['compute']['conf'].tap do |conf|
# [keystone_authtoken]
conf['keystone_authtoken']['signing_dir'] = '/var/cache/nova/api'
conf['keystone_authtoken']['auth_type'] = 'v2password'
conf['keystone_authtoken']['auth_type'] = 'v3password'
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
conf['keystone_authtoken']['username'] = 'nova'
conf['keystone_authtoken']['tenant_name'] = 'service'
conf['keystone_authtoken']['user_domain_name'] = 'Default'
conf['keystone_authtoken']['project_domain_name'] = 'Default'
conf['keystone_authtoken']['project_name'] = 'service'
conf['keystone_authtoken']['auth_version'] = 'v3'
# [libvirt]
conf['libvirt']['virt_type'] = 'kvm'
@ -44,11 +47,13 @@ default['openstack']['compute']['conf'].tap do |conf|
end
# [neutron]
conf['neutron']['auth_type'] = 'v2password'
conf['neutron']['auth_type'] = 'v3password'
conf['neutron']['region_name'] = node['openstack']['region']
conf['neutron']['username'] = 'neutron'
conf['neutron']['tenant_name'] = 'service'
conf['neutron']['user_domain_name'] = 'Default'
conf['neutron']['service_metadata_proxy'] = true
conf['neutron']['project_name'] = 'service'
conf['neutron']['project_domain_name'] = 'Default'
# [cinder] section
conf['cinder']['os_region_name'] = node['openstack']['region']

View File

@ -18,3 +18,4 @@ depends 'openstack-identity', '>= 14.0.0'
depends 'openstack-image', '>= 14.0.0'
depends 'openstack-network', '>= 14.0.0'
depends 'python', '~> 1.4.6'
depends 'openstackclient'

View File

@ -26,67 +26,77 @@ class ::Chef::Recipe
end
identity_admin_endpoint = admin_endpoint 'identity'
bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token'
auth_uri = ::URI.decode identity_admin_endpoint.to_s
interfaces = {
public: { url: public_endpoint('compute-api') },
internal: { url: internal_endpoint('compute-api') },
admin: { url: admin_endpoint('compute-api') }
}
auth_url = ::URI.decode identity_admin_endpoint.to_s
service_pass = get_password 'service', 'openstack-compute'
service_user = node['openstack']['compute']['conf']['keystone_authtoken']['username']
service_role = node['openstack']['compute']['service_role']
service_tenant_name = node['openstack']['compute']['conf']['keystone_authtoken']['tenant_name']
public_nova_api_endpoint = public_endpoint 'compute-api'
admin_nova_api_endpoint = admin_endpoint 'compute-api'
internal_nova_api_endpoint = internal_endpoint 'compute-api'
service_project_name = node['openstack']['compute']['conf']['keystone_authtoken']['project_name']
service_domain_name = node['openstack']['compute']['conf']['keystone_authtoken']['user_domain_name']
# TBD, another clean up opportunity. We could use the 'admin', and
# 'internal' endpoints for a single service name. For now, we'll
# leave the old names in place.
region = node['openstack']['region']
admin_user = node['openstack']['identity']['admin_user']
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
admin_project = node['openstack']['identity']['admin_project']
admin_domain = node['openstack']['identity']['admin_domain_name']
connection_params = {
openstack_auth_url: "#{auth_url}/auth/tokens",
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_project_name: admin_project,
openstack_domain_name: admin_domain
}
# Register Compute Service
openstack_service 'nova' do
type 'compute'
connection_params connection_params
end
interfaces.each do |interface, res|
# Register Compute Endpoints
openstack_endpoint 'compute' do
service_name 'nova'
interface interface.to_s
url res[:url].to_s
region region
connection_params connection_params
end
end
# Register Service Tenant
openstack_identity_register 'Register Service Tenant' do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
tenant_description 'Service Tenant'
action :create_tenant
openstack_project service_project_name do
connection_params connection_params
end
# Register Service User
openstack_identity_register 'Register Service User' do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
user_name service_user
user_pass service_pass
action :create_user
openstack_user service_user do
project_name service_project_name
role_name service_role
password service_pass
connection_params connection_params
end
## Grant Admin role to Service User for Service Tenant ##
openstack_identity_register "Grant 'admin' Role to Service User for Service Tenant" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
user_name service_user
## Grant Service role to Service User for Service Tenant ##
openstack_user service_user do
role_name service_role
project_name service_project_name
connection_params connection_params
action :grant_role
end
# Register Compute Service
openstack_identity_register 'Register Compute Service' do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_name 'nova'
service_type 'compute'
service_description 'Nova Compute Service'
action :create_service
end
# Register Compute Endpoint
openstack_identity_register 'Register Compute Endpoint' do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_type 'compute'
endpoint_region region
endpoint_adminurl ::URI.decode admin_nova_api_endpoint.to_s
endpoint_internalurl ::URI.decode internal_nova_api_endpoint.to_s
endpoint_publicurl ::URI.decode public_nova_api_endpoint.to_s
action :create_endpoint
openstack_user service_user do
domain_name service_domain_name
role_name service_role
user_name service_user
connection_params connection_params
action :grant_domain
end

View File

@ -139,7 +139,7 @@ Chef::Log.debug("openstack-compute::nova-common:network_endpoint|#{network_endpo
Chef::Log.debug("openstack-compute::nova-common:image_endpoint|#{image_endpoint}")
# Chef::Log.debug("openstack-compute::nova-common:ironic_endpoint|#{ironic_endpoint}")
if node['openstack']['compute']['conf']['neutron']['auth_type'] == 'v2password'
if node['openstack']['compute']['conf']['neutron']['auth_type'] == 'v3password'
node.default['openstack']['compute']['conf_secrets']
.[]('neutron')['password'] =
get_password 'service', 'openstack-network'

View File

@ -10,109 +10,86 @@ describe 'openstack-compute::identity_registration' do
include_context 'compute_stubs'
it 'registers service tenant' do
expect(chef_run).to create_tenant_openstack_identity_register(
'Register Service Tenant'
connection_params = {
openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
openstack_username: 'admin',
openstack_api_key: 'admin',
openstack_project_name: 'admin',
openstack_domain_name: 'default'
}
service_name = 'nova'
service_type = 'compute'
service_user = 'nova'
url = 'http://127.0.0.1:8774/v2.1/%(tenant_id)s'
region = 'RegionOne'
project_name = 'service'
role_name = 'admin'
password = 'nova-pass'
domain_name = 'Default'
it "registers #{project_name} Project" do
expect(chef_run).to create_openstack_project(
project_name
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
tenant_description: 'Service Tenant'
connection_params: connection_params
)
end
it "registers #{service_name} service" do
expect(chef_run).to create_openstack_service(
service_name
).with(
connection_params: connection_params,
type: service_type
)
end
context "registers #{service_name} endpoint" do
%w(admin internal public).each do |interface|
it "#{interface} endpoint with default values" do
expect(chef_run).to create_openstack_endpoint(
service_type
).with(
service_name: service_name,
# interface: interface,
url: url,
region: region,
connection_params: connection_params
)
end
end
end
it 'registers service user' do
expect(chef_run).to create_user_openstack_identity_register(
'Register Service User'
expect(chef_run).to create_openstack_user(
service_user
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
user_name: 'nova',
user_pass: 'nova-pass'
project_name: project_name,
role_name: role_name,
password: password,
connection_params: connection_params
)
end
it 'grants admin role to service user for service tenant' do
expect(chef_run).to grant_role_openstack_identity_register(
"Grant 'admin' Role to Service User for Service Tenant"
it do
expect(chef_run).to grant_domain_openstack_user(
service_user
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
user_name: 'nova',
role_name: 'admin'
domain_name: domain_name,
role_name: role_name,
connection_params: connection_params
)
end
it 'registers compute service' do
expect(chef_run).to create_service_openstack_identity_register(
'Register Compute Service'
it do
expect(chef_run).to grant_role_openstack_user(
service_user
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_name: 'nova',
service_type: 'compute',
service_description: 'Nova Compute Service'
project_name: project_name,
role_name: role_name,
password: password,
connection_params: connection_params
)
end
context 'registers compute endpoint' do
it 'with default values' do
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Compute Endpoint'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_type: 'compute',
endpoint_region: 'RegionOne',
endpoint_adminurl: 'http://127.0.0.1:8774/v2/%(tenant_id)s',
endpoint_internalurl: 'http://127.0.0.1:8774/v2/%(tenant_id)s',
endpoint_publicurl: 'http://127.0.0.1:8774/v2/%(tenant_id)s'
)
end
it 'register endpoint with all different URLs' do
public_url = 'https://public.host:789/public_path'
internal_url = 'http://internal.host:456/internal_path'
admin_url = 'https://admin.host:123/admin_path'
node.set['openstack']['endpoints']['public']['compute-api']['uri'] = public_url
node.set['openstack']['endpoints']['internal']['compute-api']['uri'] = internal_url
node.set['openstack']['endpoints']['admin']['compute-api']['uri'] = admin_url
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Compute Endpoint'
).with(
endpoint_adminurl: admin_url,
endpoint_internalurl: internal_url,
endpoint_publicurl: public_url
)
end
it 'with custom region override' do
node.set['openstack']['region'] = 'computeRegion'
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Compute Endpoint'
).with(endpoint_region: 'computeRegion')
end
end
describe "when 'ec2' is not in the list of enabled_apis" do
before do
node.set['openstack']['compute']['conf']['DEFAULT']['enabled_apis'] = 'osapi_compute'
end
it 'does not register ec2 service' do
expect(chef_run).not_to create_service_openstack_identity_register(
'Register EC2 Service'
)
end
it 'does not register ec2 endpoint' do
expect(chef_run).not_to create_endpoint_openstack_identity_register(
'Register EC2 Endpoint'
)
end
end
end
end

View File

@ -123,8 +123,12 @@ describe 'openstack-compute::nova-common' do
context 'keystone_authtoken' do
it 'has correct auth_token settings' do
[
'auth_url = http://127.0.0.1:5000/v2.0',
'password = nova-pass'
'auth_url = http://127.0.0.1:5000/v3',
'password = nova-pass',
'username = nova',
'project_name = service',
'user_domain_name = Default',
'project_domain_name = Default'
].each do |line|
expect(chef_run).to render_config_file(file.name)\
.with_section_content('keystone_authtoken', /^#{Regexp.quote(line)}$/)
@ -145,7 +149,10 @@ describe 'openstack-compute::nova-common' do
it do
[
/^username = neutron$/,
/^project_name = service$/,
/^user_domain_name = Default/,
/^project_domain_name = Default/,
%r{^url = http://127.0.0.1:9696$}
].each do |line|
expect(chef_run).to render_config_file(file.name)\