Refactor nova section to enable auth strategy
Authenticating to nova using nova_admin_* options is deprecated. CONF.nova_admin_auth_url CONF.nova_admin_username CONF.nova_admin_password CONF.nova_admin_tenant_id CONF.nova_admin_tenant_name This should be done using an auth plugin, like password: [nova] region_name = RegionOne project_domain_id = default project_name = service user_domain_id = default password = passw0rd username = nova auth_url = http://127.0.0.1:35357 auth_plugin = password Reference: https://github.com/openstack/neutron/blob/master/neutron/notifiers/nova.py#L85-90 Change-Id: I8896af89f1b5fef39776a8aa1289cb9ee7645a08 Closes-bug: #1449058
This commit is contained in:
parent
f185099581
commit
38758fbb14
|
@ -244,6 +244,9 @@ default['openstack']['network']['nova']['region_name'] = node['openstack']['regi
|
|||
# Username for connection to nova in admin context
|
||||
default['openstack']['network']['nova']['admin_username'] = 'nova'
|
||||
|
||||
# User's domain ID for authentication.
|
||||
default['openstack']['network']['nova']['user_domain_id'] = 'default'
|
||||
|
||||
# Version for connection to nova
|
||||
# TODO: (MRV) Need to allow for this in Common.
|
||||
default['openstack']['network']['nova']['url_version'] = '/v2'
|
||||
|
@ -256,9 +259,16 @@ default['openstack']['network']['nova']['admin_tenant_id'] = nil
|
|||
# defined here based upon Compute cookbook attribute:
|
||||
# default['openstack']['compute']['service_tenant_name'] = 'service'
|
||||
# Since this cookbook does not depend upon Compute, can't directly
|
||||
# reference that here.
|
||||
# reference that here. Deprecated for Liberty.
|
||||
default['openstack']['network']['nova']['admin_tenant_name'] = 'service'
|
||||
|
||||
# Project name for project scoping. Use this instead of deprecated 'admin_tenant_name',
|
||||
# which is still used until Liberty.
|
||||
default['openstack']['network']['nova']['project_name'] = node['openstack']['network']['nova']['admin_tenant_name']
|
||||
|
||||
# Project's domain ID for project.
|
||||
default['openstack']['network']['nova']['project_domain_id'] = 'default'
|
||||
|
||||
# Number of seconds between sending events to nova if there are any events to send
|
||||
default['openstack']['network']['nova']['send_events_interval'] = 2
|
||||
|
||||
|
|
|
@ -672,24 +672,34 @@ describe 'openstack-network' do
|
|||
expect(chef_run).not_to render_config_file(file.name).with_section_content('nova', /^admin_tenant_id =/)
|
||||
end
|
||||
|
||||
%w(region_name admin_username admin_tenant_id admin_tenant_name).each do |attr|
|
||||
it "sets the #{attr} nova attribute" do
|
||||
node.set['openstack']['network']['nova'][attr] = "nova_#{attr}_value"
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^#{attr} = nova_#{attr}_value$/)
|
||||
it 'sets the nova admin_tenant_id' do
|
||||
node.set['openstack']['network']['nova']['admin_tenant_id'] = 'admin_tenant_id_value'
|
||||
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^admin_tenant_id = admin_tenant_id_value/)
|
||||
end
|
||||
|
||||
it 'has default nova user and project attributes' do
|
||||
[
|
||||
/^username = nova$/,
|
||||
/^user_domain_id = default$/,
|
||||
/^project_name = service$/,
|
||||
/^project_domain_id = default$/
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'sets the nova url attribute with the right version' do
|
||||
node.set['openstack']['network']['nova']['url_version'] = '/nova_version_value'
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', %r(^url = http://127.0.0.1:8774/nova_version_value$))
|
||||
it 'sets the nova region_name attribute' do
|
||||
node.set['openstack']['network']['nova']['region_name'] = 'nova_region_name_value'
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^region_name = nova_region_name_value$/)
|
||||
end
|
||||
|
||||
it 'sets the nova admin_password attribute' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^admin_password = nova-pass$/)
|
||||
it 'sets the nova password attribute' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^password = nova-pass$/)
|
||||
end
|
||||
|
||||
it 'sets the nova admin_auth_url attribute' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', %r(^admin_auth_url = http://127.0.0.1:35357/v2.0$))
|
||||
it 'sets the nova auth_url attribute' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('nova', %r(^auth_url = http://127.0.0.1:35357/v2.0$))
|
||||
end
|
||||
|
||||
it 'has default nova api insecure' do
|
||||
|
|
|
@ -577,31 +577,33 @@ pool_timeout = <%= node['openstack']['db']['network']['pool_timeout'] %>
|
|||
# Name of the plugin to load
|
||||
auth_plugin = <%= node['openstack']['network']['nova']['auth_plugin'] %>
|
||||
|
||||
# Authorization URL for connection to nova in admin context.
|
||||
auth_url = <%= @identity_admin_endpoint.to_s %>
|
||||
|
||||
# Username for connection to nova in admin context
|
||||
username = <%= node["openstack"]["network"]["nova"]["admin_username"] %>
|
||||
|
||||
user_domain_id = <%= node["openstack"]["network"]["nova"]["user_domain_id"] %>
|
||||
|
||||
# Password for connection to nova in admin context.
|
||||
password = <%= @nova_admin_pass %>
|
||||
|
||||
# Project's domain name for project.
|
||||
project_name = <%= node["openstack"]["network"]["nova"]["project_name"] %>
|
||||
|
||||
# Project's domain ID for project.
|
||||
project_domain_id = <%= node["openstack"]["network"]["nova"]["project_domain_id"] %>
|
||||
|
||||
|
||||
# Boolean to control ignoring SSL errors on the nova url
|
||||
# insecure = False
|
||||
insecure = <%= node['openstack']['network']['nova']['insecure'] %>
|
||||
|
||||
# URL for connection to nova (Only supports one nova region currently).
|
||||
url = <%= @nova_endpoint %>
|
||||
|
||||
# Username for connection to nova in admin context
|
||||
admin_username = <%= node["openstack"]["network"]["nova"]["admin_username"] %>
|
||||
|
||||
<% if node['openstack']['network']['nova']['admin_tenant_id'] -%>
|
||||
# The uuid of the admin nova tenant
|
||||
admin_tenant_id = <%= node["openstack"]["network"]["nova"]["admin_tenant_id"] %>
|
||||
<% end -%>
|
||||
|
||||
# The name of the admin nova tenant. If the uuid of the admin nova tenant
|
||||
# is set, this is optional.
|
||||
admin_tenant_name = <%= node["openstack"]["network"]["nova"]["admin_tenant_name"] %>
|
||||
|
||||
# Password for connection to nova in admin context.
|
||||
admin_password = <%= @nova_admin_pass %>
|
||||
|
||||
# Authorization URL for connection to nova in admin context.
|
||||
admin_auth_url = <%= @identity_admin_endpoint.to_s %>
|
||||
|
||||
# Name of nova region to use. Useful if keystone manages more than one region
|
||||
region_name = <%= node["openstack"]["network"]["nova"]["region_name"] %>
|
||||
|
||||
|
|
Loading…
Reference in New Issue