Keystone config updates for Ocata, style and lint fixes
- Keystone config updates for Ocata - Style and lint fixes to support newer chefdk - Rewrote metadata.rb for readability Change-Id: Ie1d5f27a9cf8803044568a31e4dae7654b02c9a1
This commit is contained in:
parent
150c363d68
commit
8a967c291a
|
@ -1,11 +1,16 @@
|
||||||
# This configuration was generated by
|
# This configuration was generated by
|
||||||
# `rubocop --auto-gen-config`
|
# `rubocop --auto-gen-config`
|
||||||
# on 2017-02-23 16:58:29 +0100 using RuboCop version 0.39.0.
|
# on 2017-08-01 10:39:17 -0400 using RuboCop version 0.47.1.
|
||||||
# The point is for the user to remove these configuration records
|
# The point is for the user to remove these configuration records
|
||||||
# one by one as the offenses are removed from the code base.
|
# one by one as the offenses are removed from the code base.
|
||||||
# Note that changes in the inspected code, or installation of new
|
# Note that changes in the inspected code, or installation of new
|
||||||
# versions of RuboCop, may require this file to be generated again.
|
# versions of RuboCop, may require this file to be generated again.
|
||||||
|
|
||||||
|
# Offense count: 20
|
||||||
|
# Configuration parameters: CountComments, ExcludedMethods.
|
||||||
|
Metrics/BlockLength:
|
||||||
|
Max: 408
|
||||||
|
|
||||||
# Offense count: 4
|
# Offense count: 4
|
||||||
# Configuration parameters: EnforcedStyle, SupportedStyles.
|
# Configuration parameters: EnforcedStyle, SupportedStyles.
|
||||||
# SupportedStyles: nested, compact
|
# SupportedStyles: nested, compact
|
||||||
|
|
|
@ -16,16 +16,16 @@ default['openstack']['identity']['conf'].tap do |conf|
|
||||||
end
|
end
|
||||||
|
|
||||||
# [assignment] option in keystone.conf to set driver
|
# [assignment] option in keystone.conf to set driver
|
||||||
conf['assignment']['driver'] = 'keystone.assignment.backends.sql.Assignment'
|
conf['assignment']['driver'] = 'sql'
|
||||||
|
|
||||||
# [auth] option in keystone.conf to set auth plugins
|
# [auth] option in keystone.conf to set auth plugins
|
||||||
conf['auth']['external'] = 'keystone.auth.plugins.external.DefaultDomain'
|
conf['auth']['external'] = 'DefaultDomain'
|
||||||
# [auth] option in keystone.conf to set auth methods
|
# [auth] option in keystone.conf to set auth methods
|
||||||
conf['auth']['methods'] = 'external, password, token, oauth1'
|
conf['auth']['methods'] = 'external, password, token, oauth1'
|
||||||
|
|
||||||
# [catalog] option in keystone.conf to set catalog driver
|
# [catalog] option in keystone.conf to set catalog driver
|
||||||
conf['catalog']['driver'] = 'keystone.catalog.backends.sql.Catalog'
|
conf['catalog']['driver'] = 'sql'
|
||||||
|
|
||||||
# [policy] option in keystone.conf to set policy backend driver
|
# [policy] option in keystone.conf to set policy backend driver
|
||||||
conf['policy']['driver'] = 'keystone.policy.backends.sql.Policy'
|
conf['policy']['driver'] = 'sql'
|
||||||
end
|
end
|
||||||
|
|
19
metadata.rb
19
metadata.rb
|
@ -1,17 +1,20 @@
|
||||||
name 'openstack-identity'
|
name 'openstack-identity'
|
||||||
maintainer 'openstack-chef'
|
maintainer 'openstack-chef'
|
||||||
maintainer_email 'openstack-dev@lists.openstack.org'
|
maintainer_email 'openstack-dev@lists.openstack.org'
|
||||||
issues_url 'https://launchpad.net/openstack-chef' if respond_to?(:issues_url)
|
license 'Apache 2.0'
|
||||||
source_url 'https://github.com/openstack/cookbook-openstack-identity' if respond_to?(:source_url)
|
description 'The OpenStack Identity service Keystone.'
|
||||||
license 'Apache 2.0'
|
|
||||||
description 'The OpenStack Identity service Keystone.'
|
|
||||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||||
version '15.0.0'
|
version '15.0.0'
|
||||||
|
|
||||||
%w(ubuntu redhat centos).each do |os|
|
%w(ubuntu redhat centos).each do |os|
|
||||||
supports os
|
supports os
|
||||||
end
|
end
|
||||||
|
|
||||||
depends 'apache2', '~> 3.2'
|
|
||||||
depends 'openstack-common', '>= 15.0.0'
|
depends 'openstack-common', '>= 15.0.0'
|
||||||
depends 'openstackclient'
|
depends 'openstackclient'
|
||||||
|
|
||||||
|
depends 'apache2', '~> 3.2'
|
||||||
|
|
||||||
|
issues_url 'https://launchpad.net/openstack-chef' if respond_to?(:issues_url)
|
||||||
|
source_url 'https://github.com/openstack/cookbook-openstack-identity' if respond_to?(:source_url)
|
||||||
|
chef_version '>= 12.5' if respond_to?(:chef_version)
|
||||||
|
|
|
@ -29,7 +29,7 @@ key_repository =
|
||||||
directory key_repository do
|
directory key_repository do
|
||||||
owner node['openstack']['identity']['user']
|
owner node['openstack']['identity']['user']
|
||||||
group node['openstack']['identity']['group']
|
group node['openstack']['identity']['group']
|
||||||
mode 00700
|
mode 0o0700
|
||||||
end
|
end
|
||||||
|
|
||||||
node['openstack']['identity']['fernet']['keys'].each do |key_index|
|
node['openstack']['identity']['fernet']['keys'].each do |key_index|
|
||||||
|
@ -38,6 +38,6 @@ node['openstack']['identity']['fernet']['keys'].each do |key_index|
|
||||||
content key
|
content key
|
||||||
owner node['openstack']['identity']['user']
|
owner node['openstack']['identity']['user']
|
||||||
group node['openstack']['identity']['group']
|
group node['openstack']['identity']['group']
|
||||||
mode 00400
|
mode 0o0400
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -41,20 +41,6 @@ admin_user = node['openstack']['identity']['admin_user']
|
||||||
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
||||||
admin_role = node['openstack']['identity']['admin_role']
|
admin_role = node['openstack']['identity']['admin_role']
|
||||||
admin_domain = node['openstack']['identity']['admin_domain_name']
|
admin_domain = node['openstack']['identity']['admin_domain_name']
|
||||||
region = node['openstack']['identity']['region']
|
|
||||||
|
|
||||||
execute 'bootstrap_keystone' do
|
|
||||||
command "keystone-manage bootstrap \\
|
|
||||||
--bootstrap-password #{admin_pass} \\
|
|
||||||
--bootstrap-username #{admin_user} \\
|
|
||||||
--bootstrap-project-name #{admin_project} \\
|
|
||||||
--bootstrap-role-name #{admin_role} \\
|
|
||||||
--bootstrap-service-name keystone \\
|
|
||||||
--bootstrap-region-id #{region} \\
|
|
||||||
--bootstrap-admin-url #{identity_admin_endpoint} \\
|
|
||||||
--bootstrap-public-url #{identity_public_endpoint} \\
|
|
||||||
--bootstrap-internal-url #{identity_internal_endpoint}"
|
|
||||||
end
|
|
||||||
|
|
||||||
connection_params = {
|
connection_params = {
|
||||||
openstack_auth_url: "#{auth_url}/auth/tokens",
|
openstack_auth_url: "#{auth_url}/auth/tokens",
|
||||||
|
|
|
@ -48,6 +48,16 @@ end
|
||||||
|
|
||||||
platform_options = node['openstack']['identity']['platform']
|
platform_options = node['openstack']['identity']['platform']
|
||||||
|
|
||||||
|
identity_admin_endpoint = admin_endpoint 'identity'
|
||||||
|
identity_internal_endpoint = internal_endpoint 'identity'
|
||||||
|
identity_public_endpoint = public_endpoint 'identity'
|
||||||
|
|
||||||
|
# define the credentials to use for the initial admin user
|
||||||
|
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
||||||
|
region = node['openstack']['identity']['region']
|
||||||
|
keystone_user = node['openstack']['identity']['user']
|
||||||
|
keystone_group = node['openstack']['identity']['group']
|
||||||
|
|
||||||
# install the database python adapter packages for the selected database
|
# install the database python adapter packages for the selected database
|
||||||
# service_type
|
# service_type
|
||||||
db_type = node['openstack']['db']['identity']['service_type']
|
db_type = node['openstack']['db']['identity']['service_type']
|
||||||
|
@ -90,14 +100,14 @@ end
|
||||||
directory '/etc/keystone' do
|
directory '/etc/keystone' do
|
||||||
owner node['openstack']['identity']['user']
|
owner node['openstack']['identity']['user']
|
||||||
group node['openstack']['identity']['group']
|
group node['openstack']['identity']['group']
|
||||||
mode 00700
|
mode 0o0700
|
||||||
end
|
end
|
||||||
|
|
||||||
# create keystone domain config dir if needed
|
# create keystone domain config dir if needed
|
||||||
directory node['openstack']['identity']['identity']['domain_config_dir'] do
|
directory node['openstack']['identity']['identity']['domain_config_dir'] do
|
||||||
owner node['openstack']['identity']['user']
|
owner node['openstack']['identity']['user']
|
||||||
group node['openstack']['identity']['group']
|
group node['openstack']['identity']['group']
|
||||||
mode 00700
|
mode 0o0700
|
||||||
only_if { node['openstack']['identity']['identity']['domain_specific_drivers_enabled'] }
|
only_if { node['openstack']['identity']['identity']['domain_specific_drivers_enabled'] }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -110,6 +120,26 @@ end
|
||||||
# include the recipe to setup fernet tokens
|
# include the recipe to setup fernet tokens
|
||||||
include_recipe 'openstack-identity::_fernet_tokens'
|
include_recipe 'openstack-identity::_fernet_tokens'
|
||||||
|
|
||||||
|
# initialize fernet tokens
|
||||||
|
execute 'fernet setup' do
|
||||||
|
user 'root'
|
||||||
|
command <<-EOH.gsub(/\s+/, ' ').strip!
|
||||||
|
keystone-manage fernet_setup
|
||||||
|
--keystone-user #{keystone_user}
|
||||||
|
--keystone-group #{keystone_group}
|
||||||
|
EOH
|
||||||
|
notifies :run, 'execute[credential setup]', :immediately
|
||||||
|
end
|
||||||
|
|
||||||
|
execute 'credential setup' do
|
||||||
|
user 'root'
|
||||||
|
command <<-EOH.gsub(/\s+/, ' ').strip!
|
||||||
|
keystone-manage credential_setup
|
||||||
|
--keystone-user #{keystone_user}
|
||||||
|
--keystone-group #{keystone_group}
|
||||||
|
EOH
|
||||||
|
end
|
||||||
|
|
||||||
# define the address to bind the keystone apache main service to
|
# define the address to bind the keystone apache main service to
|
||||||
main_bind_service = node['openstack']['bind_service']['main']['identity']
|
main_bind_service = node['openstack']['bind_service']['main']['identity']
|
||||||
main_bind_address = bind_address main_bind_service
|
main_bind_address = bind_address main_bind_service
|
||||||
|
@ -149,14 +179,14 @@ if node['openstack']['identity']['pastefile_url']
|
||||||
source node['openstack']['identity']['pastefile_url']
|
source node['openstack']['identity']['pastefile_url']
|
||||||
owner node['openstack']['identity']['user']
|
owner node['openstack']['identity']['user']
|
||||||
group node['openstack']['identity']['group']
|
group node['openstack']['identity']['group']
|
||||||
mode 00644
|
mode 0o0644
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
template '/etc/keystone/keystone-paste.ini' do
|
template '/etc/keystone/keystone-paste.ini' do
|
||||||
source 'keystone-paste.ini.erb'
|
source 'keystone-paste.ini.erb'
|
||||||
owner node['openstack']['identity']['user']
|
owner node['openstack']['identity']['user']
|
||||||
group node['openstack']['identity']['group']
|
group node['openstack']['identity']['group']
|
||||||
mode 00644
|
mode 0o0644
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -181,7 +211,7 @@ template '/etc/keystone/keystone.conf' do
|
||||||
cookbook 'openstack-common'
|
cookbook 'openstack-common'
|
||||||
owner node['openstack']['identity']['user']
|
owner node['openstack']['identity']['user']
|
||||||
group node['openstack']['identity']['group']
|
group node['openstack']['identity']['group']
|
||||||
mode 00640
|
mode 0o0640
|
||||||
variables(
|
variables(
|
||||||
service_config: keystone_conf_options
|
service_config: keystone_conf_options
|
||||||
)
|
)
|
||||||
|
@ -226,7 +256,7 @@ if node['openstack']['identity']['catalog']['backend'] == 'templated'
|
||||||
source 'default_catalog.templates.erb'
|
source 'default_catalog.templates.erb'
|
||||||
owner node['openstack']['identity']['user']
|
owner node['openstack']['identity']['user']
|
||||||
group node['openstack']['identity']['group']
|
group node['openstack']['identity']['group']
|
||||||
mode 00644
|
mode 0o0644
|
||||||
variables(
|
variables(
|
||||||
uris: uris
|
uris: uris
|
||||||
)
|
)
|
||||||
|
@ -235,12 +265,16 @@ end
|
||||||
|
|
||||||
# sync db after keystone.conf is generated
|
# sync db after keystone.conf is generated
|
||||||
execute 'keystone-manage db_sync' do
|
execute 'keystone-manage db_sync' do
|
||||||
user node['openstack']['identity']['user']
|
user 'root'
|
||||||
group node['openstack']['identity']['group']
|
|
||||||
|
|
||||||
only_if { node['openstack']['db']['identity']['migrate'] }
|
only_if { node['openstack']['db']['identity']['migrate'] }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# bootstrap keystone after keystone.conf is generated
|
||||||
|
execute 'keystone bootstrap' do
|
||||||
|
user 'root'
|
||||||
|
command "keystone-manage bootstrap --bootstrap-password \"#{admin_pass}\" --bootstrap-region-id \"#{region}\" --bootstrap-admin-url #{identity_admin_endpoint} --bootstrap-public-url #{identity_public_endpoint} --bootstrap-internal-url #{identity_internal_endpoint}"
|
||||||
|
end
|
||||||
|
|
||||||
# configure the flush tokens cronjob
|
# configure the flush tokens cronjob
|
||||||
should_run_cron = node['openstack']['identity']['token_flush_cron']['enabled'] && node['openstack']['identity']['token']['backend'] == 'sql'
|
should_run_cron = node['openstack']['identity']['token_flush_cron']['enabled'] && node['openstack']['identity']['token']['backend'] == 'sql'
|
||||||
log_file = node['openstack']['identity']['token_flush_cron']['log_file']
|
log_file = node['openstack']['identity']['token_flush_cron']['log_file']
|
||||||
|
@ -278,7 +312,7 @@ keystone_apache_dir = "#{node['apache']['docroot_dir']}/keystone"
|
||||||
directory keystone_apache_dir do
|
directory keystone_apache_dir do
|
||||||
owner 'root'
|
owner 'root'
|
||||||
group 'root'
|
group 'root'
|
||||||
mode 00755
|
mode 0o0755
|
||||||
end
|
end
|
||||||
|
|
||||||
wsgi_apps = {
|
wsgi_apps = {
|
||||||
|
|
|
@ -15,7 +15,7 @@ describe 'openstack-identity::_fernet_tokens' do
|
||||||
|
|
||||||
it do
|
it do
|
||||||
expect(chef_run).to create_directory('/etc/keystone/fernet-tokens')
|
expect(chef_run).to create_directory('/etc/keystone/fernet-tokens')
|
||||||
.with(owner: 'keystone', user: 'keystone', mode: 00700)
|
.with(owner: 'keystone', user: 'keystone', mode: 0o0700)
|
||||||
end
|
end
|
||||||
|
|
||||||
[0, 1].each do |key_index|
|
[0, 1].each do |key_index|
|
||||||
|
@ -25,7 +25,7 @@ describe 'openstack-identity::_fernet_tokens' do
|
||||||
content: "thisisfernetkey#{key_index}",
|
content: "thisisfernetkey#{key_index}",
|
||||||
owner: 'keystone',
|
owner: 'keystone',
|
||||||
group: 'keystone',
|
group: 'keystone',
|
||||||
mode: 00400
|
mode: 0o0400
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -48,9 +48,11 @@ describe 'openstack-identity::openrc' do
|
||||||
it 'templates misc_openrc array correctly' do
|
it 'templates misc_openrc array correctly' do
|
||||||
node.set['openstack']['misc_openrc'] = ['export MISC1=OPTION1', 'export MISC2=OPTION2']
|
node.set['openstack']['misc_openrc'] = ['export MISC1=OPTION1', 'export MISC2=OPTION2']
|
||||||
expect(chef_run).to render_file(file.name).with_content(
|
expect(chef_run).to render_file(file.name).with_content(
|
||||||
/^export MISC1=OPTION1$/)
|
/^export MISC1=OPTION1$/
|
||||||
|
)
|
||||||
expect(chef_run).to render_file(file.name).with_content(
|
expect(chef_run).to render_file(file.name).with_content(
|
||||||
/^export MISC2=OPTION2$/)
|
/^export MISC2=OPTION2$/
|
||||||
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'contains overridden auth environment variables' do
|
it 'contains overridden auth environment variables' do
|
||||||
|
|
|
@ -18,33 +18,12 @@ describe 'openstack-identity::registration' do
|
||||||
openstack_project_name: 'admin',
|
openstack_project_name: 'admin',
|
||||||
openstack_domain_name: 'default'
|
openstack_domain_name: 'default'
|
||||||
}
|
}
|
||||||
service_name = 'keystone'
|
|
||||||
service_user = 'admin'
|
service_user = 'admin'
|
||||||
region = 'RegionOne'
|
|
||||||
project_name = 'admin'
|
|
||||||
role_name = 'admin'
|
role_name = 'admin'
|
||||||
password = 'admin'
|
|
||||||
domain_name = 'default'
|
domain_name = 'default'
|
||||||
admin_url = 'http://127.0.0.1:35357/v3'
|
|
||||||
public_url = 'http://127.0.0.1:5000/v3'
|
|
||||||
internal_url = 'http://127.0.0.1:5000/v3'
|
|
||||||
|
|
||||||
describe 'keystone bootstrap' do
|
describe 'keystone bootstrap' do
|
||||||
context 'default values' do
|
context 'default values' do
|
||||||
it 'bootstrap with keystone-manage' do
|
|
||||||
expect(chef_run).to run_execute('bootstrap_keystone'
|
|
||||||
).with(command: "keystone-manage bootstrap \\
|
|
||||||
--bootstrap-password #{password} \\
|
|
||||||
--bootstrap-username #{service_user} \\
|
|
||||||
--bootstrap-project-name #{project_name} \\
|
|
||||||
--bootstrap-role-name #{role_name} \\
|
|
||||||
--bootstrap-service-name #{service_name} \\
|
|
||||||
--bootstrap-region-id #{region} \\
|
|
||||||
--bootstrap-admin-url #{admin_url} \\
|
|
||||||
--bootstrap-public-url #{public_url} \\
|
|
||||||
--bootstrap-internal-url #{internal_url}")
|
|
||||||
end
|
|
||||||
|
|
||||||
it do
|
it do
|
||||||
expect(chef_run).to run_ruby_block('wait for identity admin endpoint')
|
expect(chef_run).to run_ruby_block('wait for identity admin endpoint')
|
||||||
end
|
end
|
||||||
|
@ -106,20 +85,6 @@ describe 'openstack-identity::registration' do
|
||||||
'identity_domain'
|
'identity_domain'
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'bootstrap with keystone-manage' do
|
|
||||||
expect(chef_run).to run_execute('bootstrap_keystone'
|
|
||||||
).with(command: "keystone-manage bootstrap \\
|
|
||||||
--bootstrap-password identity_admin_pass \\
|
|
||||||
--bootstrap-username identity_admin \\
|
|
||||||
--bootstrap-project-name admin_project \\
|
|
||||||
--bootstrap-role-name identity_role \\
|
|
||||||
--bootstrap-service-name #{service_name} \\
|
|
||||||
--bootstrap-region-id otherRegion \\
|
|
||||||
--bootstrap-admin-url https://admin.identity:1234/v3 \\
|
|
||||||
--bootstrap-public-url https://public.identity:9753/v3 \\
|
|
||||||
--bootstrap-internal-url https://internal.identity:5678/v3")
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'registers identity_domain domain' do
|
it 'registers identity_domain domain' do
|
||||||
expect(chef_run).to create_openstack_domain(
|
expect(chef_run).to create_openstack_domain(
|
||||||
'identity_domain'
|
'identity_domain'
|
||||||
|
|
|
@ -14,6 +14,12 @@ describe 'openstack-identity::server-apache' do
|
||||||
include Helpers
|
include Helpers
|
||||||
include_context 'identity_stubs'
|
include_context 'identity_stubs'
|
||||||
|
|
||||||
|
region = 'RegionOne'
|
||||||
|
password = 'admin'
|
||||||
|
admin_url = 'http://127.0.0.1:35357/v3'
|
||||||
|
public_url = 'http://127.0.0.1:5000/v3'
|
||||||
|
internal_url = 'http://127.0.0.1:5000/v3'
|
||||||
|
|
||||||
it 'runs logging recipe if node attributes say to' do
|
it 'runs logging recipe if node attributes say to' do
|
||||||
node.set['openstack']['identity']['syslog']['use'] = true
|
node.set['openstack']['identity']['syslog']['use'] = true
|
||||||
expect(chef_run).to include_recipe('openstack-common::logging')
|
expect(chef_run).to include_recipe('openstack-common::logging')
|
||||||
|
@ -40,6 +46,9 @@ describe 'openstack-identity::server-apache' do
|
||||||
expect(chef_run).to upgrade_package('identity cookbook package keystone')
|
expect(chef_run).to upgrade_package('identity cookbook package keystone')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'bootstrap with keystone-manage' do
|
||||||
|
expect(chef_run).to run_execute('keystone bootstrap').with(command: "keystone-manage bootstrap --bootstrap-password \"#{password}\" --bootstrap-region-id \"#{region}\" --bootstrap-admin-url #{admin_url} --bootstrap-public-url #{public_url} --bootstrap-internal-url #{internal_url}")
|
||||||
|
end
|
||||||
it 'has flush tokens cronjob running every day at 3:30am' do
|
it 'has flush tokens cronjob running every day at 3:30am' do
|
||||||
expect(chef_run).to create_cron('keystone-manage-token-flush').with_command(/keystone-manage token_flush/)
|
expect(chef_run).to create_cron('keystone-manage-token-flush').with_command(/keystone-manage token_flush/)
|
||||||
expect(chef_run).to create_cron('keystone-manage-token-flush').with_minute('0')
|
expect(chef_run).to create_cron('keystone-manage-token-flush').with_minute('0')
|
||||||
|
@ -60,7 +69,7 @@ describe 'openstack-identity::server-apache' do
|
||||||
expect(chef_run).to create_directory(dir.name).with(
|
expect(chef_run).to create_directory(dir.name).with(
|
||||||
user: 'keystone',
|
user: 'keystone',
|
||||||
group: 'keystone',
|
group: 'keystone',
|
||||||
mode: 00700
|
mode: 0o0700
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -77,7 +86,7 @@ describe 'openstack-identity::server-apache' do
|
||||||
expect(chef_run).to create_directory(dir).with(
|
expect(chef_run).to create_directory(dir).with(
|
||||||
user: 'keystone',
|
user: 'keystone',
|
||||||
group: 'keystone',
|
group: 'keystone',
|
||||||
mode: 00700
|
mode: 0o0700
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -99,7 +108,7 @@ describe 'openstack-identity::server-apache' do
|
||||||
expect(chef_run).to create_template(resource.name).with(
|
expect(chef_run).to create_template(resource.name).with(
|
||||||
user: 'keystone',
|
user: 'keystone',
|
||||||
group: 'keystone',
|
group: 'keystone',
|
||||||
mode: 00640
|
mode: 0o0640
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -204,7 +213,7 @@ describe 'openstack-identity::server-apache' do
|
||||||
|
|
||||||
describe '[assignment] section' do
|
describe '[assignment] section' do
|
||||||
it 'configures driver' do
|
it 'configures driver' do
|
||||||
r = line_regexp('driver = keystone.assignment.backends.sql.Assignment')
|
r = line_regexp('driver = sql')
|
||||||
expect(chef_run).to render_config_file(path).with_section_content('assignment', r)
|
expect(chef_run).to render_config_file(path).with_section_content('assignment', r)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -216,7 +225,7 @@ describe 'openstack-identity::server-apache' do
|
||||||
line_regexp(str)
|
line_regexp(str)
|
||||||
end
|
end
|
||||||
let(:sql) do
|
let(:sql) do
|
||||||
line_regexp('driver = keystone.catalog.backends.sql.Catalog')
|
line_regexp('driver = sql')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'configures driver' do
|
it 'configures driver' do
|
||||||
|
@ -227,7 +236,7 @@ describe 'openstack-identity::server-apache' do
|
||||||
|
|
||||||
describe '[policy] section' do
|
describe '[policy] section' do
|
||||||
it 'configures driver' do
|
it 'configures driver' do
|
||||||
r = line_regexp('driver = keystone.policy.backends.sql.Policy')
|
r = line_regexp('driver = sql')
|
||||||
expect(chef_run).to render_config_file(path).with_section_content('policy', r)
|
expect(chef_run).to render_config_file(path).with_section_content('policy', r)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -248,16 +257,14 @@ describe 'openstack-identity::server-apache' do
|
||||||
|
|
||||||
it 'runs migrations' do
|
it 'runs migrations' do
|
||||||
expect(chef_run).to run_execute(cmd).with(
|
expect(chef_run).to run_execute(cmd).with(
|
||||||
user: 'keystone',
|
user: 'root'
|
||||||
group: 'keystone'
|
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'does not run migrations' do
|
it 'does not run migrations' do
|
||||||
node.set['openstack']['db']['identity']['migrate'] = false
|
node.set['openstack']['db']['identity']['migrate'] = false
|
||||||
expect(chef_run).not_to run_execute(cmd).with(
|
expect(chef_run).not_to run_execute(cmd).with(
|
||||||
user: 'keystone',
|
user: 'root'
|
||||||
group: 'keystone'
|
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -270,7 +277,7 @@ describe 'openstack-identity::server-apache' do
|
||||||
expect(chef_run).to create_template(template.name).with(
|
expect(chef_run).to create_template(template.name).with(
|
||||||
user: 'keystone',
|
user: 'keystone',
|
||||||
group: 'keystone',
|
group: 'keystone',
|
||||||
mode: 0644
|
mode: 0o644
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -308,9 +315,11 @@ describe 'openstack-identity::server-apache' do
|
||||||
it 'template misc_paste array correctly' do
|
it 'template misc_paste array correctly' do
|
||||||
node.set['openstack']['identity']['misc_paste'] = ['MISC1 = OPTION1', 'MISC2 = OPTION2']
|
node.set['openstack']['identity']['misc_paste'] = ['MISC1 = OPTION1', 'MISC2 = OPTION2']
|
||||||
expect(chef_run).to render_file(path).with_content(
|
expect(chef_run).to render_file(path).with_content(
|
||||||
/^MISC1 = OPTION1$/)
|
/^MISC1 = OPTION1$/
|
||||||
|
)
|
||||||
expect(chef_run).to render_file(path).with_content(
|
expect(chef_run).to render_file(path).with_content(
|
||||||
/^MISC2 = OPTION2$/)
|
/^MISC2 = OPTION2$/
|
||||||
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -323,7 +332,7 @@ describe 'openstack-identity::server-apache' do
|
||||||
source: 'http://server/mykeystone-paste.ini',
|
source: 'http://server/mykeystone-paste.ini',
|
||||||
user: 'keystone',
|
user: 'keystone',
|
||||||
group: 'keystone',
|
group: 'keystone',
|
||||||
mode: 00644
|
mode: 0o0644
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
<%= node["openstack"]["identity"]["custom_template_banner"] %>
|
<%= node['openstack']['identity']['custom_template_banner'] %>
|
||||||
|
|
||||||
# Keystone PasteDeploy configuration file.
|
# Keystone PasteDeploy configuration file.
|
||||||
|
|
||||||
[filter:debug]
|
[filter:debug]
|
||||||
use = egg:keystone#debug
|
use = egg:oslo.middleware#debug
|
||||||
|
|
||||||
[filter:request_id]
|
[filter:request_id]
|
||||||
use = egg:keystone#request_id
|
use = egg:oslo.middleware#request_id
|
||||||
|
|
||||||
[filter:build_auth_context]
|
[filter:build_auth_context]
|
||||||
use = egg:keystone#build_auth_context
|
use = egg:keystone#build_auth_context
|
||||||
|
@ -40,7 +40,7 @@ use = egg:keystone#s3_extension
|
||||||
use = egg:keystone#url_normalize
|
use = egg:keystone#url_normalize
|
||||||
|
|
||||||
[filter:sizelimit]
|
[filter:sizelimit]
|
||||||
use = egg:keystone#sizelimit
|
use = egg:oslo.middleware#sizelimit
|
||||||
|
|
||||||
[filter:osprofiler]
|
[filter:osprofiler]
|
||||||
use = egg:osprofiler#osprofiler
|
use = egg:osprofiler#osprofiler
|
||||||
|
@ -55,13 +55,13 @@ use = egg:keystone#service_v3
|
||||||
use = egg:keystone#admin_service
|
use = egg:keystone#admin_service
|
||||||
|
|
||||||
[pipeline:public_api]
|
[pipeline:public_api]
|
||||||
pipeline = <%=node["openstack"]["identity"]["pipeline"]["public_api"] %>
|
pipeline = <%=node['openstack']['identity']['pipeline']['public_api'] %>
|
||||||
|
|
||||||
[pipeline:admin_api]
|
[pipeline:admin_api]
|
||||||
pipeline = <%=node["openstack"]["identity"]["pipeline"]["admin_api"] %>
|
pipeline = <%=node['openstack']['identity']['pipeline']['admin_api'] %>
|
||||||
|
|
||||||
[pipeline:api_v3]
|
[pipeline:api_v3]
|
||||||
pipeline = <%=node["openstack"]["identity"]["pipeline"]["api_v3"] %>
|
pipeline = <%=node['openstack']['identity']['pipeline']['api_v3'] %>
|
||||||
|
|
||||||
[app:public_version_service]
|
[app:public_version_service]
|
||||||
use = egg:keystone#public_version_service
|
use = egg:keystone#public_version_service
|
||||||
|
@ -87,8 +87,8 @@ use = egg:Paste#urlmap
|
||||||
/v3 = api_v3
|
/v3 = api_v3
|
||||||
/ = admin_version_api
|
/ = admin_version_api
|
||||||
|
|
||||||
<% if node["openstack"]["identity"]["misc_paste"] %>
|
<% if node['openstack']['identity']['misc_paste'] %>
|
||||||
<% node["openstack"]["identity"]["misc_paste"].each do |m| %>
|
<% node['openstack']['identity']['misc_paste'].each do |m| %>
|
||||||
<%= m %>
|
<%= m %>
|
||||||
<% end %>
|
<% end %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
Loading…
Reference in New Issue