Merge "use_cookbook-openstackclient/identity_v3"
This commit is contained in:
commit
1993d880f2
|
@ -2,11 +2,13 @@ source "https://supermarket.chef.io"
|
|||
|
||||
metadata
|
||||
|
||||
cookbook "openstack-network",
|
||||
github: "openstack/cookbook-openstack-network"
|
||||
cookbook "openstack-image",
|
||||
github: "openstack/cookbook-openstack-image"
|
||||
cookbook "openstack-identity",
|
||||
github: "openstack/cookbook-openstack-identity"
|
||||
cookbook "openstack-common",
|
||||
github: "openstack/cookbook-openstack-common"
|
||||
cookbook "openstack-network",
|
||||
github: "openstack/cookbook-openstack-network"
|
||||
cookbook "openstackclient",
|
||||
github: "cloudbau/cookbook-openstackclient"
|
||||
|
|
|
@ -34,6 +34,7 @@ The following cookbooks are dependencies:
|
|||
- 'openstack-image', '>= 14.0.0'
|
||||
- 'openstack-network', '>= 14.0.0'
|
||||
- 'python', '~> 1.4.6'
|
||||
- 'openstackclient', '>= 0.1.0'
|
||||
|
||||
Attributes
|
||||
==========
|
||||
|
|
|
@ -253,7 +253,7 @@ end
|
|||
default['openstack']['endpoints'][type]['compute-xvpvnc']['path'] = '/console'
|
||||
# The OpenStack Compute (Nova) Native API endpoint
|
||||
default['openstack']['endpoints'][type]['compute-api']['port'] = '8774'
|
||||
default['openstack']['endpoints'][type]['compute-api']['path'] = '/v2/%(tenant_id)s'
|
||||
default['openstack']['endpoints'][type]['compute-api']['path'] = '/v2.1/%(tenant_id)s'
|
||||
# The OpenStack Compute (Nova) novnc endpoint
|
||||
default['openstack']['endpoints'][type]['compute-novnc']['port'] = '6080'
|
||||
default['openstack']['endpoints'][type]['compute-novnc']['path'] = '/vnc_auto.html'
|
||||
|
|
|
@ -22,10 +22,13 @@ default['openstack']['compute']['conf'].tap do |conf|
|
|||
|
||||
# [keystone_authtoken]
|
||||
conf['keystone_authtoken']['signing_dir'] = '/var/cache/nova/api'
|
||||
conf['keystone_authtoken']['auth_type'] = 'v2password'
|
||||
conf['keystone_authtoken']['auth_type'] = 'v3password'
|
||||
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
|
||||
conf['keystone_authtoken']['username'] = 'nova'
|
||||
conf['keystone_authtoken']['tenant_name'] = 'service'
|
||||
conf['keystone_authtoken']['user_domain_name'] = 'Default'
|
||||
conf['keystone_authtoken']['project_domain_name'] = 'Default'
|
||||
conf['keystone_authtoken']['project_name'] = 'service'
|
||||
conf['keystone_authtoken']['auth_version'] = 'v3'
|
||||
|
||||
# [libvirt]
|
||||
conf['libvirt']['virt_type'] = 'kvm'
|
||||
|
@ -44,11 +47,13 @@ default['openstack']['compute']['conf'].tap do |conf|
|
|||
end
|
||||
|
||||
# [neutron]
|
||||
conf['neutron']['auth_type'] = 'v2password'
|
||||
conf['neutron']['auth_type'] = 'v3password'
|
||||
conf['neutron']['region_name'] = node['openstack']['region']
|
||||
conf['neutron']['username'] = 'neutron'
|
||||
conf['neutron']['tenant_name'] = 'service'
|
||||
conf['neutron']['user_domain_name'] = 'Default'
|
||||
conf['neutron']['service_metadata_proxy'] = true
|
||||
conf['neutron']['project_name'] = 'service'
|
||||
conf['neutron']['project_domain_name'] = 'Default'
|
||||
|
||||
# [cinder] section
|
||||
conf['cinder']['os_region_name'] = node['openstack']['region']
|
||||
|
|
|
@ -18,3 +18,4 @@ depends 'openstack-identity', '>= 14.0.0'
|
|||
depends 'openstack-image', '>= 14.0.0'
|
||||
depends 'openstack-network', '>= 14.0.0'
|
||||
depends 'python', '~> 1.4.6'
|
||||
depends 'openstackclient'
|
||||
|
|
|
@ -26,67 +26,77 @@ class ::Chef::Recipe
|
|||
end
|
||||
|
||||
identity_admin_endpoint = admin_endpoint 'identity'
|
||||
bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token'
|
||||
auth_uri = ::URI.decode identity_admin_endpoint.to_s
|
||||
interfaces = {
|
||||
public: { url: public_endpoint('compute-api') },
|
||||
internal: { url: internal_endpoint('compute-api') },
|
||||
admin: { url: admin_endpoint('compute-api') }
|
||||
}
|
||||
auth_url = ::URI.decode identity_admin_endpoint.to_s
|
||||
service_pass = get_password 'service', 'openstack-compute'
|
||||
service_user = node['openstack']['compute']['conf']['keystone_authtoken']['username']
|
||||
service_role = node['openstack']['compute']['service_role']
|
||||
service_tenant_name = node['openstack']['compute']['conf']['keystone_authtoken']['tenant_name']
|
||||
public_nova_api_endpoint = public_endpoint 'compute-api'
|
||||
admin_nova_api_endpoint = admin_endpoint 'compute-api'
|
||||
internal_nova_api_endpoint = internal_endpoint 'compute-api'
|
||||
service_project_name = node['openstack']['compute']['conf']['keystone_authtoken']['project_name']
|
||||
service_domain_name = node['openstack']['compute']['conf']['keystone_authtoken']['user_domain_name']
|
||||
|
||||
# TBD, another clean up opportunity. We could use the 'admin', and
|
||||
# 'internal' endpoints for a single service name. For now, we'll
|
||||
# leave the old names in place.
|
||||
region = node['openstack']['region']
|
||||
admin_user = node['openstack']['identity']['admin_user']
|
||||
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
||||
admin_project = node['openstack']['identity']['admin_project']
|
||||
admin_domain = node['openstack']['identity']['admin_domain_name']
|
||||
|
||||
connection_params = {
|
||||
openstack_auth_url: "#{auth_url}/auth/tokens",
|
||||
openstack_username: admin_user,
|
||||
openstack_api_key: admin_pass,
|
||||
openstack_project_name: admin_project,
|
||||
openstack_domain_name: admin_domain
|
||||
}
|
||||
|
||||
# Register Compute Service
|
||||
openstack_service 'nova' do
|
||||
type 'compute'
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
interfaces.each do |interface, res|
|
||||
# Register Compute Endpoints
|
||||
openstack_endpoint 'compute' do
|
||||
service_name 'nova'
|
||||
interface interface.to_s
|
||||
url res[:url].to_s
|
||||
region region
|
||||
connection_params connection_params
|
||||
end
|
||||
end
|
||||
|
||||
# Register Service Tenant
|
||||
openstack_identity_register 'Register Service Tenant' do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
tenant_name service_tenant_name
|
||||
tenant_description 'Service Tenant'
|
||||
action :create_tenant
|
||||
openstack_project service_project_name do
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
# Register Service User
|
||||
openstack_identity_register 'Register Service User' do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
tenant_name service_tenant_name
|
||||
user_name service_user
|
||||
user_pass service_pass
|
||||
action :create_user
|
||||
openstack_user service_user do
|
||||
project_name service_project_name
|
||||
role_name service_role
|
||||
password service_pass
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
## Grant Admin role to Service User for Service Tenant ##
|
||||
openstack_identity_register "Grant 'admin' Role to Service User for Service Tenant" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
tenant_name service_tenant_name
|
||||
user_name service_user
|
||||
## Grant Service role to Service User for Service Tenant ##
|
||||
openstack_user service_user do
|
||||
role_name service_role
|
||||
project_name service_project_name
|
||||
connection_params connection_params
|
||||
action :grant_role
|
||||
end
|
||||
|
||||
# Register Compute Service
|
||||
openstack_identity_register 'Register Compute Service' do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
service_name 'nova'
|
||||
service_type 'compute'
|
||||
service_description 'Nova Compute Service'
|
||||
action :create_service
|
||||
end
|
||||
|
||||
# Register Compute Endpoint
|
||||
openstack_identity_register 'Register Compute Endpoint' do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
service_type 'compute'
|
||||
endpoint_region region
|
||||
endpoint_adminurl ::URI.decode admin_nova_api_endpoint.to_s
|
||||
endpoint_internalurl ::URI.decode internal_nova_api_endpoint.to_s
|
||||
endpoint_publicurl ::URI.decode public_nova_api_endpoint.to_s
|
||||
action :create_endpoint
|
||||
openstack_user service_user do
|
||||
domain_name service_domain_name
|
||||
role_name service_role
|
||||
user_name service_user
|
||||
connection_params connection_params
|
||||
action :grant_domain
|
||||
end
|
||||
|
|
|
@ -139,7 +139,7 @@ Chef::Log.debug("openstack-compute::nova-common:network_endpoint|#{network_endpo
|
|||
Chef::Log.debug("openstack-compute::nova-common:image_endpoint|#{image_endpoint}")
|
||||
# Chef::Log.debug("openstack-compute::nova-common:ironic_endpoint|#{ironic_endpoint}")
|
||||
|
||||
if node['openstack']['compute']['conf']['neutron']['auth_type'] == 'v2password'
|
||||
if node['openstack']['compute']['conf']['neutron']['auth_type'] == 'v3password'
|
||||
node.default['openstack']['compute']['conf_secrets']
|
||||
.[]('neutron')['password'] =
|
||||
get_password 'service', 'openstack-network'
|
||||
|
|
|
@ -10,109 +10,86 @@ describe 'openstack-compute::identity_registration' do
|
|||
|
||||
include_context 'compute_stubs'
|
||||
|
||||
it 'registers service tenant' do
|
||||
expect(chef_run).to create_tenant_openstack_identity_register(
|
||||
'Register Service Tenant'
|
||||
connection_params = {
|
||||
openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
|
||||
openstack_username: 'admin',
|
||||
openstack_api_key: 'admin',
|
||||
openstack_project_name: 'admin',
|
||||
openstack_domain_name: 'default'
|
||||
}
|
||||
service_name = 'nova'
|
||||
service_type = 'compute'
|
||||
service_user = 'nova'
|
||||
url = 'http://127.0.0.1:8774/v2.1/%(tenant_id)s'
|
||||
region = 'RegionOne'
|
||||
project_name = 'service'
|
||||
role_name = 'admin'
|
||||
password = 'nova-pass'
|
||||
domain_name = 'Default'
|
||||
|
||||
it "registers #{project_name} Project" do
|
||||
expect(chef_run).to create_openstack_project(
|
||||
project_name
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'service',
|
||||
tenant_description: 'Service Tenant'
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it "registers #{service_name} service" do
|
||||
expect(chef_run).to create_openstack_service(
|
||||
service_name
|
||||
).with(
|
||||
connection_params: connection_params,
|
||||
type: service_type
|
||||
)
|
||||
end
|
||||
|
||||
context "registers #{service_name} endpoint" do
|
||||
%w(admin internal public).each do |interface|
|
||||
it "#{interface} endpoint with default values" do
|
||||
expect(chef_run).to create_openstack_endpoint(
|
||||
service_type
|
||||
).with(
|
||||
service_name: service_name,
|
||||
# interface: interface,
|
||||
url: url,
|
||||
region: region,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'registers service user' do
|
||||
expect(chef_run).to create_user_openstack_identity_register(
|
||||
'Register Service User'
|
||||
expect(chef_run).to create_openstack_user(
|
||||
service_user
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'service',
|
||||
user_name: 'nova',
|
||||
user_pass: 'nova-pass'
|
||||
project_name: project_name,
|
||||
role_name: role_name,
|
||||
password: password,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'grants admin role to service user for service tenant' do
|
||||
expect(chef_run).to grant_role_openstack_identity_register(
|
||||
"Grant 'admin' Role to Service User for Service Tenant"
|
||||
it do
|
||||
expect(chef_run).to grant_domain_openstack_user(
|
||||
service_user
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'service',
|
||||
user_name: 'nova',
|
||||
role_name: 'admin'
|
||||
domain_name: domain_name,
|
||||
role_name: role_name,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'registers compute service' do
|
||||
expect(chef_run).to create_service_openstack_identity_register(
|
||||
'Register Compute Service'
|
||||
it do
|
||||
expect(chef_run).to grant_role_openstack_user(
|
||||
service_user
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_name: 'nova',
|
||||
service_type: 'compute',
|
||||
service_description: 'Nova Compute Service'
|
||||
project_name: project_name,
|
||||
role_name: role_name,
|
||||
password: password,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
context 'registers compute endpoint' do
|
||||
it 'with default values' do
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Compute Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'compute',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: 'http://127.0.0.1:8774/v2/%(tenant_id)s',
|
||||
endpoint_internalurl: 'http://127.0.0.1:8774/v2/%(tenant_id)s',
|
||||
endpoint_publicurl: 'http://127.0.0.1:8774/v2/%(tenant_id)s'
|
||||
)
|
||||
end
|
||||
|
||||
it 'register endpoint with all different URLs' do
|
||||
public_url = 'https://public.host:789/public_path'
|
||||
internal_url = 'http://internal.host:456/internal_path'
|
||||
admin_url = 'https://admin.host:123/admin_path'
|
||||
node.set['openstack']['endpoints']['public']['compute-api']['uri'] = public_url
|
||||
node.set['openstack']['endpoints']['internal']['compute-api']['uri'] = internal_url
|
||||
node.set['openstack']['endpoints']['admin']['compute-api']['uri'] = admin_url
|
||||
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Compute Endpoint'
|
||||
).with(
|
||||
endpoint_adminurl: admin_url,
|
||||
endpoint_internalurl: internal_url,
|
||||
endpoint_publicurl: public_url
|
||||
)
|
||||
end
|
||||
|
||||
it 'with custom region override' do
|
||||
node.set['openstack']['region'] = 'computeRegion'
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Compute Endpoint'
|
||||
).with(endpoint_region: 'computeRegion')
|
||||
end
|
||||
end
|
||||
|
||||
describe "when 'ec2' is not in the list of enabled_apis" do
|
||||
before do
|
||||
node.set['openstack']['compute']['conf']['DEFAULT']['enabled_apis'] = 'osapi_compute'
|
||||
end
|
||||
|
||||
it 'does not register ec2 service' do
|
||||
expect(chef_run).not_to create_service_openstack_identity_register(
|
||||
'Register EC2 Service'
|
||||
)
|
||||
end
|
||||
|
||||
it 'does not register ec2 endpoint' do
|
||||
expect(chef_run).not_to create_endpoint_openstack_identity_register(
|
||||
'Register EC2 Endpoint'
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -123,8 +123,12 @@ describe 'openstack-compute::nova-common' do
|
|||
context 'keystone_authtoken' do
|
||||
it 'has correct auth_token settings' do
|
||||
[
|
||||
'auth_url = http://127.0.0.1:5000/v2.0',
|
||||
'password = nova-pass'
|
||||
'auth_url = http://127.0.0.1:5000/v3',
|
||||
'password = nova-pass',
|
||||
'username = nova',
|
||||
'project_name = service',
|
||||
'user_domain_name = Default',
|
||||
'project_domain_name = Default'
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name)\
|
||||
.with_section_content('keystone_authtoken', /^#{Regexp.quote(line)}$/)
|
||||
|
@ -145,7 +149,10 @@ describe 'openstack-compute::nova-common' do
|
|||
|
||||
it do
|
||||
[
|
||||
|
||||
/^username = neutron$/,
|
||||
/^project_name = service$/,
|
||||
/^user_domain_name = Default/,
|
||||
/^project_domain_name = Default/,
|
||||
%r{^url = http://127.0.0.1:9696$}
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name)\
|
||||
|
|
Loading…
Reference in New Issue