Add several insecure-related attributes

This change adds some attributes into the cookbook so that they are configurable. They are mainly to configure for glance_api_insecure and neutron_api_insecure in nova.conf. It also makes neutron_url and neutron_admin_auth_url to be prefixed with scheme(http or https). Change-Id: If6d50a6963b47ee0983ecc71087414ab7c366623 Closes-Bug: #1381599
2014-10-15 23:20:18 +08:00 · 2014-10-15 23:20:18 +08:00 · 89f6118f38
parent 949d1d1ef7
commit 89f6118f38
6 changed files with 43 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,7 @@ This file is used to list changes made in each version of cookbook-openstack-com
 * Bump Chef gem to 11.16
 * Separate endpoints for vncserver_listen and vncserver_proxyclient_address
 * Add more neutron section attributes
+* Add glance_api_insecure and neutron_api_insecure; make glance_api_servers and neutron_url to be prefixed with scheme

 ## 9.3.1
 * Move auth configuration from api-paste.ini to nova.conf
--- a/README.md
+++ b/README.md
@ -179,6 +179,10 @@ TODO: move rabbit parameters under openstack["compute"]["mq"]
 * `openstack["compute"]["mq"]["qpid"]["protocol"]` - Protocol to use. Default tcp.
 * `openstack["compute"]["mq"]["qpid"]["tcp_nodelay"]` - Disable the Nagle algorithm. default disabled.

+Glance Attributes
+-----------------
+* `openstack["compute"]["image"]["glance_api_insecure"]` - If True, this indicates that glance-api allows the client to perform insecure SSL(https) requests, this should be the same as the setting in the glance-api service.
+
 Networking Attributes
 ---------------------

@ -191,6 +195,7 @@ Basic networking configuration is controlled with the following attributes:
 * `openstack["compute"]["network"]["auto_assign_floating_ip"]` - Defaults to false. Autoassigning floating ip to VM, this should be only for nova network.
 * `openstack["compute"]["network"]["force_dhcp_release"]` - If True, send a dhcp release on instance termination. (Default is false on "fedora", "redhat", "centos")
 * `openstack["compute"]["network"]["use_ipv6"]` - If True, use ipv6 support.
+* `openstack["compute"]["network"]["neutron"]["api_insecure"]` - If True, this indicates that neutron-api allows the client to perform insecure SSL (https) requests. This should be the same as the setting in the neutron api service.

 You can have the cookbook automatically create networks in Nova for you by adding a Hash to the `openstack["compute"]["networks"]` Array.
 **Note**: The `openstack-compute::nova-setup` recipe contains the code that creates these pre-defined networks.
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -101,7 +101,16 @@ default['openstack']['compute']['rootwrap']['use_syslog'] = false
 default['openstack']['compute']['rootwrap']['syslog_log_facility'] = 'syslog'
 default['openstack']['compute']['rootwrap']['syslog_log_level'] = 'ERROR'

+# If True, this indicates that glance-api allows the client to perform
+# insecure SSL(https) requests; this should be the same as the setting
+# in the glance-api service.
+default['openstack']['compute']['image']['glance_api_insecure'] = false
+
 # Neutron options
+# If True, this indicates that neutron api allows the client to perform
+# insecure SSL (https) requests. This should be the same as the setting
+# in the neutron api service.
+default['openstack']['compute']['network']['neutron']['api_insecure'] = false
 default['openstack']['compute']['network']['neutron']['network_api_class'] = 'nova.network.neutronv2.api.API'
 default['openstack']['compute']['network']['neutron']['auth_strategy'] = 'keystone'
 default['openstack']['compute']['network']['neutron']['admin_tenant_name'] = 'service'
--- a/recipes/nova-common.rb
+++ b/recipes/nova-common.rb
@ -151,6 +151,7 @@ template '/etc/nova/nova.conf' do
    identity_endpoint: identity_endpoint,
    # TODO(jaypipes): No support here for >1 image API servers
    # with the glance_api_servers configuration option...
+    glance_api_scheme: image_endpoint.scheme,
    glance_api_ipaddress: image_endpoint.host,
    glance_api_port: image_endpoint.port,
    iscsi_helper: platform_options['iscsi_helper'],
--- a/spec/nova-common_spec.rb
+++ b/spec/nova-common_spec.rb
@ -247,6 +247,29 @@ describe 'openstack-compute::nova-common' do
          /^cafile =/)
        expect(chef_run).to render_file(file.name).with_content(/^hash_algorithms = md5$/)
        expect(chef_run).to render_file(file.name).with_content(/^insecure = false$/)
+        expect(chef_run).to render_file(file.name).with_content(/^glance_api_insecure=false$/)
+        expect(chef_run).to render_file(file.name).with_content(%r{^glance_api_servers=http://127.0.0.1:9292$})
+      end
+
+      it 'sets service_type to neutron' do
+        node.set['openstack']['compute']['network']['service_type'] = 'neutron'
+        expect(chef_run).to render_file(file.name).with_content(/^neutron_api_insecure=false$/)
+        expect(chef_run).to render_file(file.name).with_content(%r{^neutron_url=http://127.0.0.1:9696$})
+      end
+
+      it 'sets service_type and insecure and scheme for neutron' do
+        node.set['openstack']['compute']['network']['service_type'] = 'neutron'
+        node.set['openstack']['compute']['network']['neutron']['api_insecure'] = true
+        node.set['openstack']['endpoints']['network-api']['scheme'] = 'https'
+        expect(chef_run).to render_file(file.name).with_content(/^neutron_api_insecure=true$/)
+        expect(chef_run).to render_file(file.name).with_content(%r{^neutron_url=https://127.0.0.1:9696$})
+      end
+
+      it 'sets scheme and insecure for glance' do
+        node.set['openstack']['endpoints']['image-api']['scheme'] = 'https'
+        node.set['openstack']['compute']['image']['glance_api_insecure'] = true
+        expect(chef_run).to render_file(file.name).with_content(/^glance_api_insecure=true$/)
+        expect(chef_run).to render_file(file.name).with_content(%r{^glance_api_servers=https://127.0.0.1:9292$})
      end

      it 'sets memcached server(s)' do
--- a/templates/default/nova.conf.erb
+++ b/templates/default/nova.conf.erb
@ -96,8 +96,9 @@ when "neutron" -%>
 <% if @network_endpoint.port == 443 -%>
 neutron_url=http://<%= @network_endpoint.host %>:80
 <% else -%>
-neutron_url=http://<%= @network_endpoint.host %>:<%= @network_endpoint.port %>
+neutron_url=<%= @network_endpoint.scheme %>://<%= @network_endpoint.host %>:<%= @network_endpoint.port %>
 <% end -%>
+neutron_api_insecure=<%= node['openstack']['compute']['network']['neutron']['api_insecure'] %>
 network_api_class=<%= node["openstack"]["compute"]["network"]["neutron"]["network_api_class"]  %>
 neutron_auth_strategy=<%= node["openstack"]["compute"]["network"]["neutron"]["auth_strategy"] %>
 neutron_admin_tenant_name=<%= node["openstack"]["compute"]["network"]["neutron"]["admin_tenant_name"] %>
@ -135,7 +136,8 @@ use_ipv6=<%= node["openstack"]["compute"]["network"]["use_ipv6"] %>

 ##### GLANCE #####
 image_service=nova.image.glance.GlanceImageService
-glance_api_servers=<%= @glance_api_ipaddress %>:<%= @glance_api_port %>
+glance_api_servers=<%= @glance_api_scheme %>://<%= @glance_api_ipaddress %>:<%= @glance_api_port %>
+glance_api_insecure=<%= node['openstack']['compute']['image']['glance_api_insecure'] %>

 ##### COMPUTE #####
 compute_driver=<%= node["openstack"]["compute"]["driver"] %>