Add several insecure-related attributes
This change adds some attributes into the cookbook so that they are configurable. They are mainly to configure for glance_api_insecure and neutron_api_insecure in nova.conf. It also makes neutron_url and neutron_admin_auth_url to be prefixed with scheme(http or https). Change-Id: If6d50a6963b47ee0983ecc71087414ab7c366623 Closes-Bug: #1381599
This commit is contained in:
parent
949d1d1ef7
commit
89f6118f38
|
@ -14,6 +14,7 @@ This file is used to list changes made in each version of cookbook-openstack-com
|
|||
* Bump Chef gem to 11.16
|
||||
* Separate endpoints for vncserver_listen and vncserver_proxyclient_address
|
||||
* Add more neutron section attributes
|
||||
* Add glance_api_insecure and neutron_api_insecure; make glance_api_servers and neutron_url to be prefixed with scheme
|
||||
|
||||
## 9.3.1
|
||||
* Move auth configuration from api-paste.ini to nova.conf
|
||||
|
|
|
@ -179,6 +179,10 @@ TODO: move rabbit parameters under openstack["compute"]["mq"]
|
|||
* `openstack["compute"]["mq"]["qpid"]["protocol"]` - Protocol to use. Default tcp.
|
||||
* `openstack["compute"]["mq"]["qpid"]["tcp_nodelay"]` - Disable the Nagle algorithm. default disabled.
|
||||
|
||||
Glance Attributes
|
||||
-----------------
|
||||
* `openstack["compute"]["image"]["glance_api_insecure"]` - If True, this indicates that glance-api allows the client to perform insecure SSL(https) requests, this should be the same as the setting in the glance-api service.
|
||||
|
||||
Networking Attributes
|
||||
---------------------
|
||||
|
||||
|
@ -191,6 +195,7 @@ Basic networking configuration is controlled with the following attributes:
|
|||
* `openstack["compute"]["network"]["auto_assign_floating_ip"]` - Defaults to false. Autoassigning floating ip to VM, this should be only for nova network.
|
||||
* `openstack["compute"]["network"]["force_dhcp_release"]` - If True, send a dhcp release on instance termination. (Default is false on "fedora", "redhat", "centos")
|
||||
* `openstack["compute"]["network"]["use_ipv6"]` - If True, use ipv6 support.
|
||||
* `openstack["compute"]["network"]["neutron"]["api_insecure"]` - If True, this indicates that neutron-api allows the client to perform insecure SSL (https) requests. This should be the same as the setting in the neutron api service.
|
||||
|
||||
You can have the cookbook automatically create networks in Nova for you by adding a Hash to the `openstack["compute"]["networks"]` Array.
|
||||
**Note**: The `openstack-compute::nova-setup` recipe contains the code that creates these pre-defined networks.
|
||||
|
|
|
@ -101,7 +101,16 @@ default['openstack']['compute']['rootwrap']['use_syslog'] = false
|
|||
default['openstack']['compute']['rootwrap']['syslog_log_facility'] = 'syslog'
|
||||
default['openstack']['compute']['rootwrap']['syslog_log_level'] = 'ERROR'
|
||||
|
||||
# If True, this indicates that glance-api allows the client to perform
|
||||
# insecure SSL(https) requests; this should be the same as the setting
|
||||
# in the glance-api service.
|
||||
default['openstack']['compute']['image']['glance_api_insecure'] = false
|
||||
|
||||
# Neutron options
|
||||
# If True, this indicates that neutron api allows the client to perform
|
||||
# insecure SSL (https) requests. This should be the same as the setting
|
||||
# in the neutron api service.
|
||||
default['openstack']['compute']['network']['neutron']['api_insecure'] = false
|
||||
default['openstack']['compute']['network']['neutron']['network_api_class'] = 'nova.network.neutronv2.api.API'
|
||||
default['openstack']['compute']['network']['neutron']['auth_strategy'] = 'keystone'
|
||||
default['openstack']['compute']['network']['neutron']['admin_tenant_name'] = 'service'
|
||||
|
|
|
@ -151,6 +151,7 @@ template '/etc/nova/nova.conf' do
|
|||
identity_endpoint: identity_endpoint,
|
||||
# TODO(jaypipes): No support here for >1 image API servers
|
||||
# with the glance_api_servers configuration option...
|
||||
glance_api_scheme: image_endpoint.scheme,
|
||||
glance_api_ipaddress: image_endpoint.host,
|
||||
glance_api_port: image_endpoint.port,
|
||||
iscsi_helper: platform_options['iscsi_helper'],
|
||||
|
|
|
@ -247,6 +247,29 @@ describe 'openstack-compute::nova-common' do
|
|||
/^cafile =/)
|
||||
expect(chef_run).to render_file(file.name).with_content(/^hash_algorithms = md5$/)
|
||||
expect(chef_run).to render_file(file.name).with_content(/^insecure = false$/)
|
||||
expect(chef_run).to render_file(file.name).with_content(/^glance_api_insecure=false$/)
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^glance_api_servers=http://127.0.0.1:9292$})
|
||||
end
|
||||
|
||||
it 'sets service_type to neutron' do
|
||||
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^neutron_api_insecure=false$/)
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^neutron_url=http://127.0.0.1:9696$})
|
||||
end
|
||||
|
||||
it 'sets service_type and insecure and scheme for neutron' do
|
||||
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
|
||||
node.set['openstack']['compute']['network']['neutron']['api_insecure'] = true
|
||||
node.set['openstack']['endpoints']['network-api']['scheme'] = 'https'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^neutron_api_insecure=true$/)
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^neutron_url=https://127.0.0.1:9696$})
|
||||
end
|
||||
|
||||
it 'sets scheme and insecure for glance' do
|
||||
node.set['openstack']['endpoints']['image-api']['scheme'] = 'https'
|
||||
node.set['openstack']['compute']['image']['glance_api_insecure'] = true
|
||||
expect(chef_run).to render_file(file.name).with_content(/^glance_api_insecure=true$/)
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^glance_api_servers=https://127.0.0.1:9292$})
|
||||
end
|
||||
|
||||
it 'sets memcached server(s)' do
|
||||
|
|
|
@ -96,8 +96,9 @@ when "neutron" -%>
|
|||
<% if @network_endpoint.port == 443 -%>
|
||||
neutron_url=http://<%= @network_endpoint.host %>:80
|
||||
<% else -%>
|
||||
neutron_url=http://<%= @network_endpoint.host %>:<%= @network_endpoint.port %>
|
||||
neutron_url=<%= @network_endpoint.scheme %>://<%= @network_endpoint.host %>:<%= @network_endpoint.port %>
|
||||
<% end -%>
|
||||
neutron_api_insecure=<%= node['openstack']['compute']['network']['neutron']['api_insecure'] %>
|
||||
network_api_class=<%= node["openstack"]["compute"]["network"]["neutron"]["network_api_class"] %>
|
||||
neutron_auth_strategy=<%= node["openstack"]["compute"]["network"]["neutron"]["auth_strategy"] %>
|
||||
neutron_admin_tenant_name=<%= node["openstack"]["compute"]["network"]["neutron"]["admin_tenant_name"] %>
|
||||
|
@ -135,7 +136,8 @@ use_ipv6=<%= node["openstack"]["compute"]["network"]["use_ipv6"] %>
|
|||
|
||||
##### GLANCE #####
|
||||
image_service=nova.image.glance.GlanceImageService
|
||||
glance_api_servers=<%= @glance_api_ipaddress %>:<%= @glance_api_port %>
|
||||
glance_api_servers=<%= @glance_api_scheme %>://<%= @glance_api_ipaddress %>:<%= @glance_api_port %>
|
||||
glance_api_insecure=<%= node['openstack']['compute']['image']['glance_api_insecure'] %>
|
||||
|
||||
##### COMPUTE #####
|
||||
compute_driver=<%= node["openstack"]["compute"]["driver"] %>
|
||||
|
|
Loading…
Reference in New Issue