diff --git a/CHANGELOG.md b/CHANGELOG.md index 65e5d23..19af455 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,11 @@ # CHANGELOG for cookbook-openstack-identity This file is used to list changes made in each version of cookbook-openstack-identity. + ## 10.0.1 * Update keystone.conf from mode 0644 to 0640 * Allow hash_algorithm to be configurable - -## 10.0.1 * Raise exceptions when register provider keystone command fails +* Allow admin_bind_host to be settable in the keystone.conf template ## 10.0.0 * Upgrading to Juno diff --git a/metadata.rb b/metadata.rb index b934a27..5db7701 100644 --- a/metadata.rb +++ b/metadata.rb @@ -14,4 +14,4 @@ recipe 'openstack-identity::registration', 'Adds user, tenant, role an supports os end -depends 'openstack-common', '~> 10.0' +depends 'openstack-common', '~> 10.1' diff --git a/recipes/server.rb b/recipes/server.rb index 0ff8944..05976eb 100644 --- a/recipes/server.rb +++ b/recipes/server.rb @@ -144,6 +144,7 @@ if node['openstack']['auth']['strategy'] == 'pki' end bind_endpoint = endpoint 'identity-bind' +admin_bind_endpoint = endpoint 'identity-admin-bind' identity_admin_endpoint = endpoint 'identity-admin' identity_endpoint = endpoint 'identity-api' compute_endpoint = endpoint 'compute-api' @@ -159,6 +160,7 @@ sql_connection = db_uri('identity', db_user, db_pass) bootstrap_token = get_secret 'openstack_identity_bootstrap_token' bind_address = bind_endpoint.host +admin_bind_address = admin_bind_endpoint.host # If the search role is set, we search for memcache # servers via a Chef search. If not, we look at the @@ -204,6 +206,7 @@ template '/etc/keystone/keystone.conf' do variables( sql_connection: sql_connection, bind_address: bind_address, + admin_bind_address: admin_bind_address, bootstrap_token: bootstrap_token, memcache_servers: memcache_servers, public_endpoint: public_endpoint, diff --git a/spec/server_spec.rb b/spec/server_spec.rb index 5622217..f055434 100644 --- a/spec/server_spec.rb +++ b/spec/server_spec.rb @@ -21,6 +21,10 @@ describe 'openstack-identity::server' do 'port' => '35357', 'scheme' => 'https' } + node.set_unless['openstack']['endpoints']['identity-admin-bind'] = { + 'host' => '127.0.1.1', + 'port' => '35357' + } runner.converge(described_recipe) end @@ -433,6 +437,26 @@ describe 'openstack-identity::server' do end end + describe 'admin bind_interface is nil' do + it 'has admin bind host from endpoint' do + r = line_regexp('admin_bind_host = 127.0.1.1') + expect(chef_run).to render_file(path).with_content(r) + end + end + + describe 'admin bind_interface is eth0' do + before do + node.set['openstack']['endpoints']['identity-admin-bind']['bind_interface'] = 'eth0' + allow_any_instance_of(Chef::Recipe).to receive(:address_for) + .and_return('10.0.0.2') + end + + it 'has admin bind host from interface ip' do + r = line_regexp('admin_bind_host = 10.0.0.2') + expect(chef_run).to render_file(path).with_content(r) + end + end + describe 'port numbers' do ['public_port', 'admin_port'].each do |x| it "has #{x}" do diff --git a/templates/default/keystone.conf.erb b/templates/default/keystone.conf.erb index 91ab9d8..963f89f 100644 --- a/templates/default/keystone.conf.erb +++ b/templates/default/keystone.conf.erb @@ -23,7 +23,7 @@ public_bind_host = <%= @bind_address %> # The IP address of the network interface for the admin # service to listen on. (string value) # Deprecated group/name - [DEFAULT]/bind_host -#admin_bind_host=0.0.0.0 +admin_bind_host = <%= @admin_bind_address %> # (Deprecated) The port which the OpenStack Compute service # listens on. This option was only used for string replacement