[macgreagoir, r=gnuoy] Make heat.conf instance_user item configurable.

2016-01-06 09:03:09 +00:00 · 2016-01-06 09:03:09 +00:00 · 930edde83a
parent 0da372969d cdab9ad6a3
commit 930edde83a
6 changed files with 109 additions and 2 deletions
--- a/config.yaml
+++ b/config.yaml
@ -40,6 +40,13 @@ options:
    default: heat
    type: string
    description: Database name
+  instance-user:
+    default:
+    type: string
+    description: |
+      The default user for new instances. This option is deprecated as of Juno.
+      If left empty, Heat will use the default user set up with your cloud
+      image (for OS::Nova::Server) or 'ec2-user' (for AWS::EC2::Instance).
  region:
    default: RegionOne
    type: string
--- a/hooks/heat_context.py
+++ b/hooks/heat_context.py
@ -96,3 +96,15 @@ class HeatApacheSSLContext(context.ApacheSSLContext):

    external_ports = API_PORTS.values()
    service_namespace = 'heat'
+
+
+class InstanceUserContext(context.OSContextGenerator):
+
+    def __call__(self):
+        ctxt = {}
+
+        instance_user = ''
+        if config('instance-user'):
+            instance_user = config('instance-user')
+        ctxt['instance_user'] = instance_user
+        return ctxt
--- a/hooks/heat_utils.py
+++ b/hooks/heat_utils.py
@ -38,6 +38,7 @@ from heat_context import (
    API_PORTS,
    HeatIdentityServiceContext,
    EncryptionContext,
+    InstanceUserContext,
    HeatApacheSSLContext,
    HeatHAProxyContext,
 )
@ -86,6 +87,7 @@ CONFIG_FILES = OrderedDict([
                     HeatIdentityServiceContext(service=SVC, service_user=SVC),
                     HeatHAProxyContext(),
                     EncryptionContext(),
+                     InstanceUserContext(),
                     context.SyslogContext(),
                     context.LogLevelContext(),
                     context.BindHostContext()]
--- a/templates/icehouse/heat.conf
+++ b/templates/icehouse/heat.conf
@ -0,0 +1,79 @@
+[DEFAULT]
+use_syslog = {{ use_syslog }}
+verbose = {{ verbose }}
+debug = {{ debug }}
+log_dir = /var/log/heat
+# Icehouse expects 'instance_user=' to allow the image's default user
+# Not including instance_user at all results in 'ec2-user' being used
+instance_user={{ instance_user }}
+instance_driver=heat.engine.nova
+plugin_dirs=/usr/lib64/heat,/usr/lib/heat
+environment_dir=/etc/heat/environment.d
+deferred_auth_method=password
+host=heat
+auth_encryption_key={{ encryption_key }}
+
+{% if database_host -%}
+# < Icehouse db config
+sql_connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
+{% endif %}
+
+{% if rabbitmq_host or rabbitmq_hosts -%}
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_virtual_host = {{ rabbitmq_virtual_host }}
+rabbit_password = {{ rabbitmq_password }}
+{% if rabbitmq_hosts -%}
+rabbit_hosts = {{ rabbitmq_hosts }}
+{% if rabbitmq_ha_queues -%}
+rabbit_ha_queues = True
+rabbit_durable_queues = False
+{% endif -%}
+{% else -%}
+rabbit_host = {{ rabbitmq_host }}
+{% endif -%}
+{% if rabbit_ssl_port -%}
+rabbit_use_ssl = True
+rabbit_port = {{ rabbit_ssl_port }}
+{% if rabbit_ssl_ca -%}
+kombu_ssl_ca_certs = {{ rabbit_ssl_ca }}
+{% endif -%}
+{% endif -%}
+{% endif %}
+
+{% if auth_host -%}
+[keystone_authtoken]
+auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0
+auth_host = {{ auth_host }}
+auth_port = {{ auth_port }}
+auth_protocol = {{ auth_protocol }}
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+signing_dir = {{ signing_dir }}
+{% endif %}
+
+[ec2_authtoken]
+auth_uri = {{service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0
+keystone_ec2_uri = {{service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0/ec2tokens
+
+{% if database_host -%}
+[database]
+connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
+{% endif -%}
+
+[paste_deploy]
+api_paste_config=/etc/heat/api-paste.ini
+
+[heat_api]
+{% if api_listen_port -%} 
+bind_port={{ api_listen_port }}
+{% else -%}
+bind_port=8004
+{% endif %}
+
+[heat_api_cfn]
+{% if api_cfn_listen_port -%}
+bind_port={{ api_cfn_listen_port }}
+{% else -%}
+bind_port=8000
+{% endif %}
--- a/templates/kilo/heat.conf
+++ b/templates/kilo/heat.conf
@ -3,7 +3,7 @@ use_syslog = {{ use_syslog }}
 debug = False
 verbose = False
 log_dir = /var/log/heat
-instance_user=ec2-user
+instance_user={{ instance_user }}
 instance_driver=heat.engine.nova
 plugin_dirs=/usr/lib64/heat,/usr/lib/heat
 environment_dir=/etc/heat/environment.d
--- a/unit_tests/test_heat_context.py
+++ b/unit_tests/test_heat_context.py
@ -4,7 +4,8 @@ from test_utils import CharmTestCase

 TO_PATCH = [
    'get_encryption_key',
-    'generate_ec2_tokens'
+    'generate_ec2_tokens',
+    'config'
 ]


@ -19,6 +20,12 @@ class TestHeatContext(CharmTestCase):
            heat_context.EncryptionContext()(),
            {'encryption_key': 'key'})

+    def test_instance_user_empty_configuration(self):
+        self.config.return_value = None
+        self.assertEquals(
+            heat_context.InstanceUserContext()(),
+            {'instance_user': ''})
+
    @patch('charmhelpers.contrib.openstack.'
           'context.IdentityServiceContext.__call__')
    def test_identity_configuration(self, __call__):