diff --git a/config.yaml b/config.yaml index d205942..835a786 100644 --- a/config.yaml +++ b/config.yaml @@ -40,6 +40,13 @@ options: default: heat type: string description: Database name + instance-user: + default: + type: string + description: | + The default user for new instances. This option is deprecated as of Juno. + If left empty, Heat will use the default user set up with your cloud + image (for OS::Nova::Server) or 'ec2-user' (for AWS::EC2::Instance). region: default: RegionOne type: string diff --git a/hooks/heat_context.py b/hooks/heat_context.py index 922c4bc..20ab49b 100644 --- a/hooks/heat_context.py +++ b/hooks/heat_context.py @@ -96,3 +96,15 @@ class HeatApacheSSLContext(context.ApacheSSLContext): external_ports = API_PORTS.values() service_namespace = 'heat' + + +class InstanceUserContext(context.OSContextGenerator): + + def __call__(self): + ctxt = {} + + instance_user = '' + if config('instance-user'): + instance_user = config('instance-user') + ctxt['instance_user'] = instance_user + return ctxt diff --git a/hooks/heat_utils.py b/hooks/heat_utils.py index 9096fe4..92ef8bb 100644 --- a/hooks/heat_utils.py +++ b/hooks/heat_utils.py @@ -38,6 +38,7 @@ from heat_context import ( API_PORTS, HeatIdentityServiceContext, EncryptionContext, + InstanceUserContext, HeatApacheSSLContext, HeatHAProxyContext, ) @@ -86,6 +87,7 @@ CONFIG_FILES = OrderedDict([ HeatIdentityServiceContext(service=SVC, service_user=SVC), HeatHAProxyContext(), EncryptionContext(), + InstanceUserContext(), context.SyslogContext(), context.LogLevelContext(), context.BindHostContext()] diff --git a/templates/icehouse/heat.conf b/templates/icehouse/heat.conf new file mode 100644 index 0000000..19b4fad --- /dev/null +++ b/templates/icehouse/heat.conf @@ -0,0 +1,79 @@ +[DEFAULT] +use_syslog = {{ use_syslog }} +verbose = {{ verbose }} +debug = {{ debug }} +log_dir = /var/log/heat +# Icehouse expects 'instance_user=' to allow the image's default user +# Not including instance_user at all results in 'ec2-user' being used +instance_user={{ instance_user }} +instance_driver=heat.engine.nova +plugin_dirs=/usr/lib64/heat,/usr/lib/heat +environment_dir=/etc/heat/environment.d +deferred_auth_method=password +host=heat +auth_encryption_key={{ encryption_key }} + +{% if database_host -%} +# < Icehouse db config +sql_connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %} +{% endif %} + +{% if rabbitmq_host or rabbitmq_hosts -%} +rabbit_userid = {{ rabbitmq_user }} +rabbit_virtual_host = {{ rabbitmq_virtual_host }} +rabbit_password = {{ rabbitmq_password }} +{% if rabbitmq_hosts -%} +rabbit_hosts = {{ rabbitmq_hosts }} +{% if rabbitmq_ha_queues -%} +rabbit_ha_queues = True +rabbit_durable_queues = False +{% endif -%} +{% else -%} +rabbit_host = {{ rabbitmq_host }} +{% endif -%} +{% if rabbit_ssl_port -%} +rabbit_use_ssl = True +rabbit_port = {{ rabbit_ssl_port }} +{% if rabbit_ssl_ca -%} +kombu_ssl_ca_certs = {{ rabbit_ssl_ca }} +{% endif -%} +{% endif -%} +{% endif %} + +{% if auth_host -%} +[keystone_authtoken] +auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0 +auth_host = {{ auth_host }} +auth_port = {{ auth_port }} +auth_protocol = {{ auth_protocol }} +admin_tenant_name = {{ admin_tenant_name }} +admin_user = {{ admin_user }} +admin_password = {{ admin_password }} +signing_dir = {{ signing_dir }} +{% endif %} + +[ec2_authtoken] +auth_uri = {{service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0 +keystone_ec2_uri = {{service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0/ec2tokens + +{% if database_host -%} +[database] +connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %} +{% endif -%} + +[paste_deploy] +api_paste_config=/etc/heat/api-paste.ini + +[heat_api] +{% if api_listen_port -%} +bind_port={{ api_listen_port }} +{% else -%} +bind_port=8004 +{% endif %} + +[heat_api_cfn] +{% if api_cfn_listen_port -%} +bind_port={{ api_cfn_listen_port }} +{% else -%} +bind_port=8000 +{% endif %} diff --git a/templates/kilo/heat.conf b/templates/kilo/heat.conf index 81da4aa..8fc909b 100644 --- a/templates/kilo/heat.conf +++ b/templates/kilo/heat.conf @@ -3,7 +3,7 @@ use_syslog = {{ use_syslog }} debug = False verbose = False log_dir = /var/log/heat -instance_user=ec2-user +instance_user={{ instance_user }} instance_driver=heat.engine.nova plugin_dirs=/usr/lib64/heat,/usr/lib/heat environment_dir=/etc/heat/environment.d diff --git a/unit_tests/test_heat_context.py b/unit_tests/test_heat_context.py index 4241668..9692d4d 100644 --- a/unit_tests/test_heat_context.py +++ b/unit_tests/test_heat_context.py @@ -4,7 +4,8 @@ from test_utils import CharmTestCase TO_PATCH = [ 'get_encryption_key', - 'generate_ec2_tokens' + 'generate_ec2_tokens', + 'config' ] @@ -19,6 +20,12 @@ class TestHeatContext(CharmTestCase): heat_context.EncryptionContext()(), {'encryption_key': 'key'}) + def test_instance_user_empty_configuration(self): + self.config.return_value = None + self.assertEquals( + heat_context.InstanceUserContext()(), + {'instance_user': ''}) + @patch('charmhelpers.contrib.openstack.' 'context.IdentityServiceContext.__call__') def test_identity_configuration(self, __call__):