use_cookbook-openstackclient/identity_v3

- Now use cookbook-openstackclient to create endpoints role service and
  user
- added domain creation and access granting
- added values to work with identity_v3
- rewrote specs to work again
- updated readme

Change-Id: I6c91c874013190522dd7f1fd6060dc3796dc80fd
Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1
Depends-On: I2d404a424bd79a6e9b282304e21591fa33a48981
Depends-On: If7b4d6e563081a0be9957353d73ef61a9688df56
Depends-On: I84f850f32f25a318c3ed3c7337a0dfa6f641a5fe
This commit is contained in:
Christoph Albers 2016-08-31 16:04:34 +02:00
parent 327878ed18
commit 2e00d31d1f
10 changed files with 156 additions and 114 deletions

View File

@ -12,3 +12,6 @@ cookbook "openstack-image",
github: "openstack/cookbook-openstack-image"
cookbook "openstack-network",
github: "openstack/cookbook-openstack-network"
cookbook "openstackclient",
github: "cloudbau/cookbook-openstackclient"

View File

@ -33,6 +33,7 @@ The following cookbooks are dependencies:
- 'openstack-common', '>= 14.0.0'
- 'openstack-identity', '>= 14.0.0'
- 'openstackclient', '>= 0.1.0'
Attributes
==========
@ -89,7 +90,8 @@ License and Author
| **Author** | Chen Zhiwei (<zhiwchen@cn.ibm.com>) |
| **Author** | David Geng (<gengjh@cn.ibm.com>) |
| **Author** | Mark Vanderwiel (<vanderwl@us.ibm.com>) |
| **Author** | Jan Klare (<j.klare@cloudbau.de>) |
| **Author** | Jan Klare (<j.klare@cloudbau.de>) |
| **Author** | Christoph Albers (<c.albers@x-ion.de>) |
| | |
| **Copyright** | Copyright (c) 2013, Opscode, Inc. |
| **Copyright** | Copyright (c) 2013, AT&T Services, Inc. |

View File

@ -7,12 +7,16 @@ default['openstack']['telemetry']['conf'].tap do |conf|
# [keystone_authtoken] section
conf['keystone_authtoken']['username'] = 'ceilometer'
conf['keystone_authtoken']['project_name'] = 'service'
conf['keystone_authtoken']['auth_type'] = 'password'
conf['keystone_authtoken']['auth_type'] = 'v3password'
conf['keystone_authtoken']['user_domain_name'] = 'Default'
conf['keystone_authtoken']['project_domain_name'] = 'Default'
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
# [service_credentials] section
conf['service_credentials']['username'] = 'ceilometer'
conf['service_credentials']['project_name'] = 'service'
conf['service_credentials']['auth_type'] = 'password'
conf['service_credentials']['user_domain_name'] = 'Default'
conf['service_credentials']['project_domain_name'] = 'Default'
conf['service_credentials']['auth_type'] = 'v3password'
conf['service_credentials']['interface'] = 'internal'
conf['service_credentials']['region_name'] = node['openstack']['region']
end

View File

@ -6,7 +6,9 @@ default['openstack']['telemetry-metric']['conf'].tap do |conf|
# [keystone_authtoken] section
conf['keystone_authtoken']['username'] = 'gnocchi'
conf['keystone_authtoken']['project_name'] = 'service'
conf['keystone_authtoken']['auth_type'] = 'password'
conf['keystone_authtoken']['auth_type'] = 'v3password'
conf['keystone_authtoken']['user_domain_name'] = 'Default'
conf['keystone_authtoken']['project_domain_name'] = 'Default'
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
conf['storage']['driver'] = 'file'
if node['openstack']['telemetry-metric']['conf']['storage']['driver'] == 'file'

View File

@ -25,3 +25,4 @@ end
depends 'openstack-common', '>= 14.0.0'
depends 'openstack-identity', '>= 14.0.0'
depends 'openstackclient'

View File

@ -20,14 +20,26 @@
require 'uri'
class ::Chef::Recipe # rubocop:disable Documentation
# Include OS
class ::Chef::Recipe
include ::Openstack
end
identity_admin_endpoint = admin_endpoint 'identity'
bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token'
auth_uri = ::URI.decode identity_admin_endpoint.to_s
auth_url = ::URI.decode identity_admin_endpoint.to_s
admin_user = node['openstack']['identity']['admin_user']
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
admin_project = node['openstack']['identity']['admin_project']
admin_domain = node['openstack']['identity']['admin_domain_name']
service_domain_name = node['openstack']['telemetry']['conf']['keystone_authtoken']['user_domain_name']
connection_params = {
openstack_auth_url: "#{auth_url}/auth/tokens",
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_project_name: admin_project,
openstack_domain_name: admin_domain
}
%w(telemetry telemetry-metric).each do |telemetry_service|
case telemetry_service
@ -37,11 +49,13 @@ auth_uri = ::URI.decode identity_admin_endpoint.to_s
when 'telemetry-metric'
service_name = 'gnocchi'
service_type = 'metric'
end
admin_api_endpoint = admin_endpoint telemetry_service
internal_api_endpoint = internal_endpoint telemetry_service
public_api_endpoint = public_endpoint telemetry_service
end
interfaces = {
public: { url: public_endpoint(telemetry_service) },
internal: { url: internal_endpoint(telemetry_service) },
admin: { url: admin_endpoint(telemetry_service) }
}
service_pass = get_password 'service', "openstack-#{telemetry_service}"
service_role = node['openstack'][telemetry_service]['service_role']
@ -49,58 +63,51 @@ auth_uri = ::URI.decode identity_admin_endpoint.to_s
node['openstack'][telemetry_service]['conf']['keystone_authtoken']['username']
service_tenant_name =
node['openstack'][telemetry_service]['conf']['keystone_authtoken']['project_name']
region = node['openstack']['region']
# Register telemetry_service Service
openstack_service service_name do
type service_type
connection_params connection_params
end
interfaces.each do |interface, res|
# Register telemetry_service Endpoints
openstack_endpoint service_type do
service_name service_name
interface interface.to_s
url res[:url].to_s
region region
connection_params connection_params
end
end
# Register Service Tenant
openstack_identity_register "Register Service Tenant for #{telemetry_service}" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
tenant_description 'Service Tenant'
action :create_tenant
openstack_project service_tenant_name do
connection_params connection_params
end
# Register Service User
openstack_identity_register "Register #{service_user} User" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
user_name service_user
user_pass service_pass
action :create_user
openstack_user service_user do
project_name service_tenant_name
role_name service_role
password service_pass
connection_params connection_params
end
# Grant Admin role to Service User for Service Tenant
openstack_identity_register "Grant 'admin' Role to #{service_user} User for Service Tenant" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
user_name service_user
## Grant Service role to Service User for Service Tenant ##
openstack_user service_user do
role_name service_role
project_name service_tenant_name
connection_params connection_params
action :grant_role
end
openstack_identity_register "Register Service #{telemetry_service}" do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_name service_name
service_type service_type
service_description 'Ceilometer Service'
action :create_service
end
openstack_identity_register "Register #{service_type} Endpoint" do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_type service_type
endpoint_region node['openstack'][telemetry_service]['conf']['keystone_authtoken']['region_name']
endpoint_adminurl ::URI.decode admin_api_endpoint.to_s
endpoint_internalurl ::URI.decode internal_api_endpoint.to_s
endpoint_publicurl ::URI.decode public_api_endpoint.to_s
action :create_endpoint
openstack_user service_user do
domain_name service_domain_name
role_name service_role
user_name service_user
connection_params connection_params
action :grant_domain
end
end

View File

@ -65,9 +65,11 @@ describe 'openstack-telemetry::common' do
[
/^username = ceilometer$/,
/^project_name = service$/,
/^auth_type = password$/,
/^user_domain_name = Default/,
/^project_domain_name = Default/,
/^auth_type = v3password$/,
/^region_name = RegionOne$/,
%r{auth_url = http://127\.0\.0\.1:5000/v2\.0},
%r{auth_url = http://127\.0\.0\.1:5000/v3},
/^password = ceilometer-pass$/
].each do |line|
expect(chef_run).to render_config_file(file.name)
@ -79,10 +81,12 @@ describe 'openstack-telemetry::common' do
[
/^username = ceilometer$/,
/^project_name = service$/,
/^auth_type = password$/,
/^user_domain_name = Default/,
/^project_domain_name = Default/,
/^auth_type = v3password$/,
/^interface = internal$/,
/^region_name = RegionOne$/,
%r{auth_url = http://127\.0\.0\.1:5000/v2\.0},
%r{auth_url = http://127\.0\.0\.1:5000/v3},
/^password = ceilometer-pass$/
].each do |line|
expect(chef_run).to render_config_file(file.name)

View File

@ -22,10 +22,12 @@ describe 'openstack-telemetry::gnocchi_configure' do
it do
[
/^username = gnocchi$/,
/^user_domain_name = Default$/,
/^project_name = service$/,
/^auth_type = password$/,
/^project_domain_name = Default$/,
/^auth_type = v3password$/,
/^region_name = RegionOne$/,
%r{auth_url = http://127\.0\.0\.1:5000/v2\.0},
%r{auth_url = http://127\.0\.0\.1:5000/v3},
/^password = gnocchi-pass$/
].each do |line|
expect(chef_run).to render_config_file(file.name)

View File

@ -15,76 +15,93 @@ describe 'openstack-telemetry::identity_registration' do
when 'telemetry'
service_name = 'ceilometer'
service_type = 'metering'
user_pass = 'ceilometer-pass'
password = 'ceilometer-pass'
port = 8777
when 'telemetry-metric'
service_name = 'gnocchi'
service_type = 'metric'
user_pass = 'gnocchi-pass'
password = 'gnocchi-pass'
port = 8041
end
it do
expect(chef_run).to create_tenant_openstack_identity_register(
"Register Service Tenant for #{telemetry_service}"
connection_params = {
openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
openstack_username: 'admin',
openstack_api_key: 'admin-pass',
openstack_project_name: 'admin',
openstack_domain_name: 'default'
}
service_user = service_name
url = "http://127.0.0.1:#{port}"
region = 'RegionOne'
project_name = 'service'
role_name = 'admin'
domain_name = 'Default'
it "registers #{project_name} Project" do
expect(chef_run).to create_openstack_project(
project_name
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
tenant_description: 'Service Tenant'
connection_params: connection_params
)
end
it do
expect(chef_run).to create_user_openstack_identity_register(
"Register #{service_name} User"
it "registers #{service_name} service" do
expect(chef_run).to create_openstack_service(
service_name
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
user_name: service_name,
user_pass: user_pass
connection_params: connection_params,
type: service_type
)
end
it do
expect(chef_run).to grant_role_openstack_identity_register(
"Grant 'admin' Role to #{service_name} User for Service Tenant"
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'service',
user_name: service_name,
role_name: 'admin'
)
end
it do
expect(chef_run).to create_service_openstack_identity_register(
"Register Service #{telemetry_service}"
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_name: service_name,
service_type: service_type
)
end
context "registers #{service_type} endpoint" do
it do
expect(chef_run).to create_endpoint_openstack_identity_register(
"Register #{service_type} Endpoint"
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
service_type: service_type,
endpoint_region: 'RegionOne',
endpoint_adminurl: "http://127.0.0.1:#{port}",
endpoint_internalurl: "http://127.0.0.1:#{port}",
endpoint_publicurl: "http://127.0.0.1:#{port}"
)
context "registers #{service_name} endpoint" do
%w(admin internal public).each do |interface|
it "#{interface} endpoint with default values" do
expect(chef_run).to create_openstack_endpoint(
service_type
).with(
service_name: service_name,
# interface: interface,
url: url,
region: region,
connection_params: connection_params
)
end
end
end
it 'registers service user' do
expect(chef_run).to create_openstack_user(
service_user
).with(
project_name: project_name,
role_name: role_name,
password: password,
connection_params: connection_params
)
end
it do
expect(chef_run).to grant_domain_openstack_user(
service_user
).with(
domain_name: domain_name,
role_name: role_name,
connection_params: connection_params
)
end
it do
expect(chef_run).to grant_role_openstack_user(
service_user
).with(
project_name: project_name,
role_name: role_name,
password: password,
connection_params: connection_params
)
end
end
end
end

View File

@ -39,8 +39,8 @@ shared_context 'telemetry-stubs' do
.with('user', 'guest')
.and_return('mq-pass')
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('token', 'openstack_identity_bootstrap_token')
.and_return('bootstrap-token')
.with('user', 'admin')
.and_return('admin-pass')
allow(Chef::Application).to receive(:fatal!)
end
end