Auth_url changes following auth_plugin in nova section
After the refact of nova authentication in neutron, it supports three auth_plugin: password, v2password, v3password. Each auth_plugin match a different auth_url. For example: a) password auth_plugin = password auth_url = http://127.0.0.1:35357/ b) v2password auth_plugin = v2password auth_url = http://127.0.0.1:35357/v2.0 c) v3password auth_plugin = v3password auth_url = http://127.0.0.1:35357/v3 The auth_url should be set following the auth_plugin automatically. Change-Id: Ia584a6c6a64fcaa92012c957da004ac029ca7db2 Closes-bug: #1459594 Closes-bug: #1461480
This commit is contained in:
parent
095db20713
commit
aea5f5ac7b
|
@ -223,7 +223,7 @@ default['openstack']['network']['rpc_response_timeout'] = 60
|
|||
|
||||
# ======== Neutron Nova interactions ==========
|
||||
# Name of the plugin to load
|
||||
default['openstack']['network']['nova']['auth_plugin'] = 'password'
|
||||
default['openstack']['network']['nova']['auth_plugin'] = 'v2password'
|
||||
|
||||
# CA file for novaclient to verify server certificates
|
||||
default['openstack']['network']['nova']['cafile'] = nil
|
||||
|
|
|
@ -164,6 +164,17 @@ nova_version = node['openstack']['network']['nova']['url_version']
|
|||
nova_endpoint = uri_from_hash('scheme' => nova_endpoint.scheme.to_s, 'host' => nova_endpoint.host.to_s, 'port' => nova_endpoint.port.to_s, 'path' => nova_version)
|
||||
nova_admin_pass = get_password 'service', 'openstack-compute'
|
||||
|
||||
# The auth_url in nova section follows auth_plugin
|
||||
nova_auth_url = nil
|
||||
case node['openstack']['network']['nova']['auth_plugin'].downcase
|
||||
when 'password'
|
||||
nova_auth_url = identity_uri
|
||||
when 'v2password'
|
||||
nova_auth_url = auth_uri_transform(identity_admin_endpoint.to_s, 'v2.0')
|
||||
when 'v3password'
|
||||
nova_auth_url = auth_uri_transform(identity_admin_endpoint.to_s, 'v3.0')
|
||||
end
|
||||
|
||||
if node['openstack']['network']['l3']['router_distributed'] == 'auto'
|
||||
if node['openstack']['network']['interface_driver'].split('.').last != 'OVSInterfaceDriver'
|
||||
node.set['openstack']['network']['l3']['router_distributed'] = 'false'
|
||||
|
@ -198,6 +209,7 @@ template '/etc/neutron/neutron.conf' do
|
|||
sql_connection: sql_connection,
|
||||
nova_endpoint: nova_endpoint,
|
||||
nova_admin_pass: nova_admin_pass,
|
||||
nova_auth_url: nova_auth_url,
|
||||
router_distributed: router_distributed
|
||||
)
|
||||
|
||||
|
|
|
@ -666,7 +666,7 @@ describe 'openstack-network' do
|
|||
end
|
||||
|
||||
it 'has default nova auth_plugin attribute' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^auth_plugin = password/)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^auth_plugin = v2password/)
|
||||
end
|
||||
|
||||
it 'does not set the sets admin_tenant_id' do
|
||||
|
@ -683,6 +683,7 @@ describe 'openstack-network' do
|
|||
[
|
||||
/^username = nova$/,
|
||||
/^user_domain_id = default$/,
|
||||
/^tenant_name = service$/,
|
||||
/^project_name = service$/,
|
||||
/^project_domain_id = default$/
|
||||
].each do |line|
|
||||
|
@ -699,10 +700,20 @@ describe 'openstack-network' do
|
|||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^password = nova-pass$/)
|
||||
end
|
||||
|
||||
it 'sets the nova auth_url attribute' do
|
||||
it 'sets the nova auth_url attribute when auth_plugin is password' do
|
||||
node.set['openstack']['network']['nova']['auth_plugin'] = 'password'
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', %r{^auth_url = http://127.0.0.1:35357/$})
|
||||
end
|
||||
|
||||
it 'sets the nova auth_url attribute when auth_plugin is v2password by default' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', %r{^auth_url = http://127.0.0.1:35357/v2.0$})
|
||||
end
|
||||
|
||||
it 'sets the nova auth_url attribute when auth_plugin is v3password' do
|
||||
node.set['openstack']['network']['nova']['auth_plugin'] = 'v3password'
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', %r{^auth_url = http://127.0.0.1:35357/v3$})
|
||||
end
|
||||
|
||||
it 'has default nova api insecure' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^insecure = false$/)
|
||||
end
|
||||
|
|
|
@ -578,7 +578,7 @@ pool_timeout = <%= node['openstack']['db']['network']['pool_timeout'] %>
|
|||
auth_plugin = <%= node['openstack']['network']['nova']['auth_plugin'] %>
|
||||
|
||||
# Authorization URL for connection to nova in admin context.
|
||||
auth_url = <%= @identity_admin_endpoint.to_s %>
|
||||
auth_url = <%= @nova_auth_url %>
|
||||
|
||||
# Username for connection to nova in admin context
|
||||
username = <%= node["openstack"]["network"]["nova"]["admin_username"] %>
|
||||
|
@ -588,7 +588,9 @@ user_domain_id = <%= node["openstack"]["network"]["nova"]["user_domain_id"] %>
|
|||
# Password for connection to nova in admin context.
|
||||
password = <%= @nova_admin_pass %>
|
||||
|
||||
# Project's domain name for project.
|
||||
# Project/tenant name. Keystone client v2 requires using tenant_name while v3 requires using project_name.
|
||||
# The value for both of them is the same. Adding both of them to handle both situations.
|
||||
tenant_name = <%= node["openstack"]["network"]["nova"]["project_name"] %>
|
||||
project_name = <%= node["openstack"]["network"]["nova"]["project_name"] %>
|
||||
|
||||
# Project's domain ID for project.
|
||||
|
|
Loading…
Reference in New Issue