Allow admin_bind_host to be settable in the keystone.conf

Change server recipe and template to allow the admin_bind_host
to be set to the identity_admin endpoint defined in Common.

Change-Id: I1043d8e9137ea2a6c8f84ee3a2da4f98e3c82521
Closes-Bug: #1368282

CHANGELOG.md

@@ -1,11 +1,11 @@
 # CHANGELOG for cookbook-openstack-identity
 This file is used to list changes made in each version of cookbook-openstack-identity.
+
 ## 10.0.1
 * Update keystone.conf from mode 0644 to 0640
 * Allow hash_algorithm to be configurable
-
-## 10.0.1
 * Raise exceptions when register provider keystone command fails
+* Allow admin_bind_host to be settable in the keystone.conf template
 
 ## 10.0.0
 * Upgrading to Juno

metadata.rb

@@ -14,4 +14,4 @@ recipe           'openstack-identity::registration', 'Adds user, tenant, role an
   supports os
 end
 
-depends          'openstack-common', '~> 10.0'
+depends          'openstack-common', '~> 10.1'

recipes/server.rb

@@ -144,6 +144,7 @@ if node['openstack']['auth']['strategy'] == 'pki'
 end
 
 bind_endpoint = endpoint 'identity-bind'
+admin_bind_endpoint = endpoint 'identity-admin-bind'
 identity_admin_endpoint = endpoint 'identity-admin'
 identity_endpoint = endpoint 'identity-api'
 compute_endpoint = endpoint 'compute-api'
@@ -159,6 +160,7 @@ sql_connection = db_uri('identity', db_user, db_pass)
 bootstrap_token = get_secret 'openstack_identity_bootstrap_token'
 
 bind_address = bind_endpoint.host
+admin_bind_address = admin_bind_endpoint.host
 
 # If the search role is set, we search for memcache
 # servers via a Chef search. If not, we look at the
@@ -204,6 +206,7 @@ template '/etc/keystone/keystone.conf' do
   variables(
     sql_connection: sql_connection,
     bind_address: bind_address,
+    admin_bind_address: admin_bind_address,
     bootstrap_token: bootstrap_token,
     memcache_servers: memcache_servers,
     public_endpoint: public_endpoint,

spec/server_spec.rb

@@ -21,6 +21,10 @@ describe 'openstack-identity::server' do
         'port' => '35357',
         'scheme' => 'https'
       }
+      node.set_unless['openstack']['endpoints']['identity-admin-bind'] = {
+        'host' => '127.0.1.1',
+        'port' => '35357'
+      }
 
       runner.converge(described_recipe)
     end
@@ -433,6 +437,26 @@ describe 'openstack-identity::server' do
           end
         end
 
+        describe 'admin bind_interface is nil' do
+          it 'has admin bind host from endpoint' do
+            r = line_regexp('admin_bind_host = 127.0.1.1')
+            expect(chef_run).to render_file(path).with_content(r)
+          end
+        end
+
+        describe 'admin bind_interface is eth0' do
+          before do
+            node.set['openstack']['endpoints']['identity-admin-bind']['bind_interface'] = 'eth0'
+            allow_any_instance_of(Chef::Recipe).to receive(:address_for)
+              .and_return('10.0.0.2')
+          end
+
+          it 'has admin bind host from interface ip' do
+            r = line_regexp('admin_bind_host = 10.0.0.2')
+            expect(chef_run).to render_file(path).with_content(r)
+          end
+        end
+
         describe 'port numbers' do
           ['public_port', 'admin_port'].each do |x|
             it "has #{x}" do

templates/default/keystone.conf.erb

@@ -23,7 +23,7 @@ public_bind_host = <%= @bind_address %>
 # The IP address of the network interface for the admin
 # service to listen on. (string value)
 # Deprecated group/name - [DEFAULT]/bind_host
-#admin_bind_host=0.0.0.0
+admin_bind_host = <%= @admin_bind_address %>
 
 # (Deprecated) The port which the OpenStack Compute service
 # listens on. This option was only used for string replacement