Merge "use_cookbook-openstackclient/identity_v3"

This commit is contained in:
Jenkins 2016-10-10 19:55:01 +00:00 committed by Gerrit Code Review
commit 3cc01d79ab
11 changed files with 156 additions and 211 deletions

View File

@ -6,3 +6,6 @@ cookbook 'openstack-identity',
github: 'openstack/cookbook-openstack-identity'
cookbook 'openstack-common',
github: 'openstack/cookbook-openstack-common'
cookbook "openstackclient",
github: "cloudbau/cookbook-openstackclient"

View File

@ -35,6 +35,7 @@ The following cookbooks are dependencies:
- 'openstack-common', '>= 14.0.0'
- 'openstack-identity', '>= 14.0.0'
- 'openstackclient', '>= 0.1.0'
Attributes
==========

View File

@ -37,7 +37,7 @@ default['openstack']['bind_service']['all']['network']['port'] = 9696
# config)
default['openstack']['network']['syslog']['use'] = false
# Name of the plugin to load
default['openstack']['network']['identity-api']['auth']['version'] = 'v2.0'
default['openstack']['network']['identity-api']['auth']['version'] = 'v3'
# Set dbsync command timeout value
default['openstack']['network']['dbsync_timeout'] = 3600
# Specify policy.json remote filwe to import
@ -261,7 +261,7 @@ default['openstack']['network']['platform'].tap do |platform|
''
when 'debian'
platform['neutron_packages'] =
%w(neutron-common python-pyparsing python-cliff)
%w(neutron-common)
platform['neutron_client_packages'] =
%w(python-neutronclient python-pyparsing)
platform['neutron_dhcp_packages'] =
@ -274,7 +274,7 @@ default['openstack']['network']['platform'].tap do |platform|
platform['neutron_lbaas_packages'] =
%w(python-neutron-lbaas neutron-lbaas-agent haproxy)
platform['neutron_openvswitch_packages'] =
%w(openvswitch-switch openvswitch-datapath-dkms bridge-utils)
%w(openvswitch-switch bridge-utils)
platform['neutron_openvswitch_build_packages'] =
%w(
build-essential pkg-config fakeroot

View File

@ -19,16 +19,20 @@ default['openstack']['network']['conf'].tap do |conf|
end
# [keystone_authtoken] section
conf['keystone_authtoken']['auth_type'] = 'v2password'
conf['keystone_authtoken']['auth_type'] = 'v3password'
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
conf['keystone_authtoken']['username'] = 'neutron'
conf['keystone_authtoken']['tenant_name'] = 'service'
conf['keystone_authtoken']['user_domain_name'] = 'Default'
conf['keystone_authtoken']['project_domain_name'] = 'Default'
conf['keystone_authtoken']['project_name'] = 'service'
conf['keystone_authtoken']['auth_version'] = 'v3'
# [nova] section
conf['nova']['auth_type'] = 'v2password'
conf['nova']['auth_type'] = 'v3password'
conf['nova']['region_name'] = node['openstack']['region']
conf['nova']['username'] = 'nova'
conf['nova']['tenant_name'] = 'service'
conf['nova']['user_domain_name'] = 'Default'
conf['nova']['project_name'] = 'service'
conf['nova']['project_domain_name'] = 'Default'
# [oslo_concurrency] section
conf['oslo_concurrency']['lock_path'] = '/var/lib/neutron/lock'

View File

@ -15,3 +15,4 @@ end
depends 'openstack-common', '>= 14.0.0'
depends 'openstack-identity', '>= 14.0.0'
depends 'openstackclient'

View File

@ -85,11 +85,7 @@ if node['openstack']['network']['conf']['DEFAULT']['rpc_backend'] == 'rabbit'
end
identity_public_endpoint = public_endpoint 'identity'
auth_url =
auth_uri_transform(
identity_public_endpoint.to_s,
node['openstack']['network']['identity-api']['auth']['version']
)
auth_url = identity_public_endpoint.to_s
db_user = node['openstack']['db']['network']['username']
db_pass = get_password 'db', 'neutron'

View File

@ -28,68 +28,80 @@ end
identity_admin_endpoint = admin_endpoint 'identity'
bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token'
auth_uri = ::URI.decode identity_admin_endpoint.to_s
auth_url = ::URI.decode identity_admin_endpoint.to_s
admin_api_endpoint = admin_endpoint 'network'
public_api_endpoint = public_endpoint 'network'
internal_api_endpoint = internal_endpoint 'network'
interfaces = {
public: { url: public_endpoint('network') },
internal: { url: internal_endpoint('network') },
admin: { url: admin_endpoint('network') }
}
service_pass = get_password 'service', 'openstack-network'
service_tenant_name =
node['openstack']['network']['conf']['keystone_authtoken']['tenant_name']
node['openstack']['network']['conf']['keystone_authtoken']['project_name']
service_user =
node['openstack']['network']['conf']['keystone_authtoken']['username']
service_role = node['openstack']['network']['service_role']
service_domain_name = node['openstack']['network']['conf']['keystone_authtoken']['user_domain_name']
admin_user = node['openstack']['identity']['admin_user']
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
admin_project = node['openstack']['identity']['admin_project']
admin_domain = node['openstack']['identity']['admin_domain_name']
region = node['openstack']['region']
openstack_identity_register 'Register Network API Service' do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_name node['openstack']['network']['service_name']
service_type node['openstack']['network']['service_type']
service_description 'OpenStack Network Service'
# Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927),
# See discussions on https://bugs.launchpad.net/heat/+bug/1167927
action :create_service
connection_params = {
openstack_auth_url: "#{auth_url}/auth/tokens",
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_project_name: admin_project,
openstack_domain_name: admin_domain
}
# Register Network Service
openstack_service 'neutron' do
type 'network'
connection_params connection_params
end
openstack_identity_register 'Register Network Endpoint' do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_type node['openstack']['network']['service_type']
endpoint_region node['openstack']['network']['region']
endpoint_adminurl admin_api_endpoint.to_s
endpoint_internalurl internal_api_endpoint.to_s
endpoint_publicurl public_api_endpoint.to_s
action :create_endpoint
# Register Network Public-Endpoint
interfaces.each do |interface, res|
# Register network Endpoints
openstack_endpoint 'network' do
service_name 'neutron'
interface interface.to_s
url res[:url].to_s
region region
connection_params connection_params
end
end
# Register Service Tenant
openstack_project service_tenant_name do
connection_params connection_params
end
openstack_identity_register 'Register Service Tenant' do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
tenant_description 'Service Tenant'
action :create_tenant
end
openstack_identity_register "Register #{service_user} User" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
user_name service_user
user_pass service_pass
action :create_user
end
openstack_identity_register "Grant '#{service_role}' Role to #{service_user} User for #{service_tenant_name} Tenant" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
user_name service_user
# Register Service User
openstack_user service_user do
project_name service_tenant_name
role_name service_role
password service_pass
connection_params connection_params
end
## Grant Service role to Service User for Service Tenant ##
openstack_user service_user do
role_name service_role
project_name service_tenant_name
connection_params connection_params
action :grant_role
end
openstack_user service_user do
domain_name service_domain_name
role_name service_role
connection_params connection_params
action :grant_domain
end

View File

@ -15,7 +15,7 @@ describe 'openstack-network' do
expect(chef_run).to include_recipe('openstack-network::client')
end
%w(neutron-common python-pyparsing python-cliff python-mysqldb).each do |package|
%w(neutron-common python-pyparsing python-mysqldb).each do |package|
it do
expect(chef_run).to upgrade_package(package)
end
@ -114,11 +114,13 @@ describe 'openstack-network' do
end
end
[
/^tenant_name = service$/,
/^project_name = service$/,
/^username = neutron$/,
%r{^auth_url = http://127\.0\.0\.1:5000/v2\.0$},
/^user_domain_name = Default/,
/^project_domain_name = Default/,
%r{^auth_url = http://127\.0\.0\.1:5000/v3$},
/^password = neutron-pass$/,
/^auth_type = v2password$/
/^auth_type = v3password$/
].each do |line|
it do
expect(chef_run).to render_config_file(file.name)
@ -127,10 +129,12 @@ describe 'openstack-network' do
end
[
/^region_name = RegionOne$/,
/^auth_type = v2password$/,
%r{^auth_url = http://127\.0\.0\.1:5000/v2\.0$},
/^auth_type = v3password$/,
%r{^auth_url = http://127\.0\.0\.1:5000/v3$},
/^username = nova$/,
/^tenant_name = service$/
/^user_domain_name = Default/,
/^project_domain_name = Default/,
/^project_name = service$/
].each do |line|
it do
expect(chef_run).to render_config_file(file.name)

View File

@ -13,160 +13,85 @@ describe 'openstack-network::identity_registration' do
include_context 'neutron-stubs'
it 'registers network service' do
expect(chef_run).to create_service_openstack_identity_register(
'Register Network API Service'
connection_params = {
openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
openstack_username: 'admin',
openstack_api_key: 'admin-pass',
openstack_project_name: 'admin',
openstack_domain_name: 'default'
}
service_name = 'neutron'
service_type = 'network'
service_user = 'neutron'
url = 'http://127.0.0.1:9696'
region = 'RegionOne'
project_name = 'service'
role_name = 'admin'
password = 'neutron-pass'
domain_name = 'Default'
it "registers #{project_name} Project" do
expect(chef_run).to create_openstack_project(
project_name
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_type: 'network',
service_description: 'OpenStack Network Service'
connection_params: connection_params
)
end
context 'registers network endpoint' do
it 'with default values' do
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Network Endpoint'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_type: 'network',
endpoint_region: 'RegionOne',
endpoint_adminurl: 'http://127.0.0.1:9696',
endpoint_internalurl: 'http://127.0.0.1:9696',
endpoint_publicurl: 'http://127.0.0.1:9696'
)
end
it 'with different admin url values' do
admin_url = 'https://admin.host:123/admin_path'
general_url = 'http://general.host:456/general_path'
# Set the general endpoint
node.set['openstack']['endpoints']['internal']['network']['uri'] = general_url
node.set['openstack']['endpoints']['public']['network']['uri'] = general_url
# Set the admin endpoint override
node.set['openstack']['endpoints']['admin']['network']['uri'] = admin_url
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Network Endpoint'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_type: 'network',
endpoint_region: 'RegionOne',
endpoint_adminurl: admin_url,
endpoint_internalurl: general_url,
endpoint_publicurl: general_url
)
end
it 'with different public url values' do
public_url = 'https://public.host:789/public_path'
general_url = 'http://general.host:456/general_path'
# Set the general endpoint
node.set['openstack']['endpoints']['internal']['network']['uri'] = general_url
# Set the public endpoint override
node.set['openstack']['endpoints']['public']['network']['uri'] = public_url
node.set['openstack']['endpoints']['admin']['network']['uri'] = general_url
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Network Endpoint'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_type: 'network',
endpoint_region: 'RegionOne',
endpoint_adminurl: general_url,
endpoint_internalurl: general_url,
endpoint_publicurl: public_url
)
end
it 'with different internal url values' do
internal_url = 'http://internal.host:456/internal_path'
general_url = 'http://general.host:456/general_path'
# Set the general endpoint
node.set['openstack']['endpoints']['admin']['network']['uri'] = general_url
# Set the internal endpoint override
node.set['openstack']['endpoints']['internal']['network']['uri'] = internal_url
node.set['openstack']['endpoints']['public']['network']['uri'] = general_url
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Network Endpoint'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_type: 'network',
endpoint_region: 'RegionOne',
endpoint_adminurl: general_url,
endpoint_internalurl: internal_url,
endpoint_publicurl: general_url
)
end
it 'with different internal,public, and admin url values' do
admin_url = 'https://admin.host:123/admin_path'
internal_url = 'http://internal.host:456/internal_path'
public_url = 'https://public.host:789/public_path'
node.set['openstack']['endpoints']['internal']['network']['uri'] = internal_url
node.set['openstack']['endpoints']['public']['network']['uri'] = public_url
node.set['openstack']['endpoints']['admin']['network']['uri'] = admin_url
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Network Endpoint'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_type: 'network',
endpoint_region: 'RegionOne',
endpoint_adminurl: admin_url,
endpoint_internalurl: internal_url,
endpoint_publicurl: public_url
)
end
it 'with custom region override' do
node.set['openstack']['network']['region'] = 'netRegion'
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Network Endpoint'
).with(endpoint_region: 'netRegion')
end
it "registers #{service_name} service" do
expect(chef_run).to create_openstack_service(
service_name
).with(
connection_params: connection_params,
type: service_type
)
end
it 'registers service tenant' do
expect(chef_run).to create_tenant_openstack_identity_register(
'Register Service Tenant'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
tenant_description: 'Service Tenant'
)
context "registers #{service_name} endpoint" do
%w(admin internal public).each do |interface|
it "#{interface} endpoint with default values" do
expect(chef_run).to create_openstack_endpoint(
service_type
).with(
service_name: service_name,
# interface: interface,
url: url,
region: region,
connection_params: connection_params
)
end
end
end
it 'registers service user' do
expect(chef_run).to create_user_openstack_identity_register(
'Register neutron User'
expect(chef_run).to create_openstack_user(
service_user
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
user_name: 'neutron',
user_pass: 'neutron-pass'
project_name: project_name,
role_name: role_name,
password: password,
connection_params: connection_params
)
end
it 'grants admin role to service user for service tenant' do
expect(chef_run).to grant_role_openstack_identity_register(
"Grant 'admin' Role to neutron User for service Tenant"
it do
expect(chef_run).to grant_domain_openstack_user(
service_user
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
role_name: 'admin',
user_name: 'neutron'
domain_name: domain_name,
role_name: role_name,
connection_params: connection_params
)
end
it do
expect(chef_run).to grant_role_openstack_user(
service_user
).with(
project_name: project_name,
role_name: role_name,
password: password,
connection_params: connection_params
)
end
end

View File

@ -13,10 +13,6 @@ describe 'openstack-network::openvswitch' do
expect(chef_run).to upgrade_package 'openvswitch-switch'
end
it 'upgrades openvswitch datapath dkms' do
expect(chef_run).to upgrade_package 'openvswitch-datapath-dkms'
end
it 'upgrades linux bridge utils' do
expect(chef_run).to upgrade_package 'bridge-utils'
end

View File

@ -45,6 +45,9 @@ shared_context 'neutron-stubs' do
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('service', 'openstack-compute')
.and_return('nova-pass')
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('user', 'admin')
.and_return('admin-pass')
end
shared_examples 'custom template banner displayer' do
it 'shows the custom banner' do