Use new nova_admin_tenant_name
Patches in base neutron allow for use of just the nova tenant name instead of having to make an ugly cli call into keystone to get the uuid. This is much much cleaner way to do it. Kept the old admin_tenant_id attribute, added a new admin_tenant_name one. This should come directly from the Compute cookbook attribute, service_tenant_name, but since Network does not depend upon Compute cookbook, I simply added the default here. I don't think we want to introduce a depends between Network and Compute, that would be a circular dependency. Change-Id: I88948b6ad300192cb00b07f10d29dc7ec19d4ba2 Closes-Bug: #1427817
This commit is contained in:
parent
6ec0caf181
commit
48d3cafe4f
|
@ -250,9 +250,16 @@ default['openstack']['network']['nova']['admin_username'] = 'nova'
|
|||
default['openstack']['network']['nova']['url_version'] = '/v2'
|
||||
|
||||
# The uuid of the nova tenant
|
||||
# Nil will cause the uuid to be queried from keystone.
|
||||
# Nil will cause the name below to be used.
|
||||
default['openstack']['network']['nova']['admin_tenant_id'] = nil
|
||||
|
||||
# The name of the nova tenant
|
||||
# defined here based upon Compute cookbook attribute:
|
||||
# default['openstack']['compute']['service_tenant_name'] = 'service'
|
||||
# Since this cookbook does not depend upon Compute, can't directly
|
||||
# reference that here.
|
||||
default['openstack']['network']['nova']['admin_tenant_name'] = 'service'
|
||||
|
||||
# Number of seconds between sending events to nova if there are any events to send
|
||||
default['openstack']['network']['nova']['send_events_interval'] = 2
|
||||
|
||||
|
|
|
@ -159,32 +159,6 @@ nova_endpoint = internal_endpoint 'compute-api'
|
|||
nova_version = node['openstack']['network']['nova']['url_version']
|
||||
nova_endpoint = uri_from_hash('scheme' => nova_endpoint.scheme.to_s, 'host' => nova_endpoint.host.to_s, 'port' => nova_endpoint.port.to_s, 'path' => nova_version)
|
||||
nova_admin_pass = get_password 'service', 'openstack-compute'
|
||||
ruby_block 'query service tenant uuid' do
|
||||
# query keystone for the service tenant uuid
|
||||
block do
|
||||
begin
|
||||
admin_user = node['openstack']['identity']['admin_user']
|
||||
admin_tenant = node['openstack']['identity']['admin_tenant_name']
|
||||
is_insecure = node['openstack']['network']['api']['auth']['insecure']
|
||||
cafile = node['openstack']['network']['api']['auth']['cafile']
|
||||
args = {}
|
||||
is_insecure && args['insecure'] = ''
|
||||
!cafile.to_s.empty? && args['os-cacert'] = cafile
|
||||
env = openstack_command_env admin_user, admin_tenant
|
||||
tenant_id = identity_uuid 'tenant', 'name', 'service', env, args
|
||||
Chef::Log.error('service tenant UUID for nova_admin_tenant_id not found.') if tenant_id.nil?
|
||||
node.set['openstack']['network']['nova']['admin_tenant_id'] = tenant_id
|
||||
rescue RuntimeError => e
|
||||
Chef::Log.error("Could not query service tenant UUID for nova_admin_tenant_id. Error was #{e.message}")
|
||||
end
|
||||
end
|
||||
action :run
|
||||
only_if do
|
||||
(node['openstack']['network']['nova']['notify_nova_on_port_status_changes'] == 'True' ||
|
||||
node['openstack']['network']['nova']['notify_nova_on_port_data_changes'] == 'True') &&
|
||||
node['openstack']['network']['nova']['admin_tenant_id'].nil?
|
||||
end
|
||||
end
|
||||
|
||||
template '/etc/neutron/neutron.conf' do
|
||||
source 'neutron.conf.erb'
|
||||
|
|
|
@ -569,10 +569,14 @@ describe 'openstack-network' do
|
|||
end
|
||||
end
|
||||
|
||||
%w(region_name admin_username admin_tenant_id).each do |attr|
|
||||
it 'does not set the sets admin_tenant_id' do
|
||||
expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^nova_admin_tenant_id =/)
|
||||
end
|
||||
|
||||
%w(region_name admin_username admin_tenant_id admin_tenant_name).each do |attr|
|
||||
it "sets the #{attr} nova attribute" do
|
||||
node.set['openstack']['network']['nova'][attr] = "nova_#{attr}_value"
|
||||
expect(chef_run).to render_file(file.name).with_content(/^nova_#{attr} = nova_#{attr}_value$/)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^nova_#{attr} = nova_#{attr}_value$/)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -756,134 +760,6 @@ describe 'openstack-network' do
|
|||
expect(chef_run).not_to render_file(file.name).with_content(/^service_provider = /)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'query service tenant uuid' do
|
||||
it 'has queried service tenant uuid for nova interactions' do
|
||||
# run actual ruby_block resource
|
||||
chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create)
|
||||
nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id']
|
||||
expect(nova_tenant_id).to eq('000-UUID-FROM-CLI')
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
'nova_admin_tenant_id = 000-UUID-FROM-CLI')
|
||||
end
|
||||
|
||||
it 'has queried service tenant uuid for nova interactions with ssl' do
|
||||
chef_run.node.set['openstack']['network']['api']['auth']['cafile'] = 'cafile'
|
||||
chef_run.node.set['openstack']['network']['api']['auth']['insecure'] = true
|
||||
allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:identity_uuid)
|
||||
.with('tenant', 'name', 'service', {}, 'insecure' => '', 'os-cacert' => 'cafile')
|
||||
.and_return('000-UUID-FROM-CLI')
|
||||
# run actual ruby_block resource
|
||||
chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create)
|
||||
nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id']
|
||||
expect(nova_tenant_id).to eq('000-UUID-FROM-CLI')
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
'nova_admin_tenant_id = 000-UUID-FROM-CLI')
|
||||
end
|
||||
|
||||
it 'has queried service tenant uuid for nova interactions with ssl empty cafile' do
|
||||
chef_run.node.set['openstack']['network']['api']['auth']['cafile'] = ''
|
||||
chef_run.node.set['openstack']['network']['api']['auth']['insecure'] = true
|
||||
allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:identity_uuid)
|
||||
.with('tenant', 'name', 'service', {}, 'insecure' => '')
|
||||
.and_return('000-UUID-FROM-CLI')
|
||||
# run actual ruby_block resource
|
||||
chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create)
|
||||
nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id']
|
||||
expect(nova_tenant_id).to eq('000-UUID-FROM-CLI')
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
'nova_admin_tenant_id = 000-UUID-FROM-CLI')
|
||||
end
|
||||
|
||||
it 'has queried service tenant uuid for nova interactions with ssl nil cafile' do
|
||||
chef_run.node.set['openstack']['network']['api']['auth']['cafile'] = nil
|
||||
chef_run.node.set['openstack']['network']['api']['auth']['insecure'] = true
|
||||
allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:identity_uuid)
|
||||
.with('tenant', 'name', 'service', {}, 'insecure' => '')
|
||||
.and_return('000-UUID-FROM-CLI')
|
||||
# run actual ruby_block resource
|
||||
chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create)
|
||||
nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id']
|
||||
expect(nova_tenant_id).to eq('000-UUID-FROM-CLI')
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
'nova_admin_tenant_id = 000-UUID-FROM-CLI')
|
||||
end
|
||||
|
||||
it 'has status changes for nova interactions disabled without id override' do
|
||||
chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_status_changes'] = 'False'
|
||||
# run actual ruby_block resource
|
||||
chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create)
|
||||
nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id']
|
||||
expect(nova_tenant_id).to eq('000-UUID-FROM-CLI')
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
'nova_admin_tenant_id = 000-UUID-FROM-CLI')
|
||||
end
|
||||
|
||||
it 'has data changes for nova interactions disabled without id override' do
|
||||
chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_data_changes'] = 'False'
|
||||
# run actual ruby_block resource
|
||||
chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create)
|
||||
nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id']
|
||||
expect(nova_tenant_id).to eq('000-UUID-FROM-CLI')
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
'nova_admin_tenant_id = 000-UUID-FROM-CLI')
|
||||
end
|
||||
|
||||
it 'has all changes for nova interactions disabled without id override' do
|
||||
chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_status_changes'] = 'False'
|
||||
chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_data_changes'] = 'False'
|
||||
# run actual ruby_block resource
|
||||
chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create)
|
||||
nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id']
|
||||
expect(nova_tenant_id).to eq(nil)
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
'nova_admin_tenant_id =')
|
||||
end
|
||||
|
||||
it 'has status changes for nova interactions disabled with id override' do
|
||||
chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_status_changes'] = 'False'
|
||||
chef_run.node.set['openstack']['network']['nova']['admin_tenant_id'] = '111-UUID-OVERRIDE'
|
||||
# run actual ruby_block resource
|
||||
chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create)
|
||||
nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id']
|
||||
expect(nova_tenant_id).to eq('111-UUID-OVERRIDE')
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
'nova_admin_tenant_id = 111-UUID-OVERRIDE')
|
||||
end
|
||||
|
||||
it 'has data changes for nova interactions disabled with id override' do
|
||||
chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_data_changes'] = 'False'
|
||||
chef_run.node.set['openstack']['network']['nova']['admin_tenant_id'] = '111-UUID-OVERRIDE'
|
||||
# run actual ruby_block resource
|
||||
chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create)
|
||||
nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id']
|
||||
expect(nova_tenant_id).to eq('111-UUID-OVERRIDE')
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
'nova_admin_tenant_id = 111-UUID-OVERRIDE')
|
||||
end
|
||||
|
||||
it 'has all changes for nova interactions disabled with id override' do
|
||||
chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_status_changes'] = 'False'
|
||||
chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_data_changes'] = 'False'
|
||||
chef_run.node.set['openstack']['network']['nova']['admin_tenant_id'] = '111-UUID-OVERRIDE'
|
||||
# run actual ruby_block resource
|
||||
chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create)
|
||||
nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id']
|
||||
expect(nova_tenant_id).to eq('111-UUID-OVERRIDE')
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
'nova_admin_tenant_id = 111-UUID-OVERRIDE')
|
||||
end
|
||||
|
||||
it 'has overriden service tenant uuid for nova interactions' do
|
||||
chef_run.node.set['openstack']['network']['nova']['admin_tenant_id'] = '111-UUID-OVERRIDE'
|
||||
# run actual ruby_block resource
|
||||
chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create)
|
||||
nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id']
|
||||
expect(nova_tenant_id).to eq('111-UUID-OVERRIDE')
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
'nova_admin_tenant_id = 111-UUID-OVERRIDE')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'policy file' do
|
||||
|
|
|
@ -359,8 +359,14 @@ nova_region_name = <%= node["openstack"]["network"]["nova"]["region_name"] %>
|
|||
# Username for connection to nova in admin context
|
||||
nova_admin_username = <%= node["openstack"]["network"]["nova"]["admin_username"] %>
|
||||
|
||||
<% if node['openstack']['network']['nova']['admin_tenant_id'] -%>
|
||||
# The uuid of the admin nova tenant
|
||||
nova_admin_tenant_id = <%= node["openstack"]["network"]["nova"]["admin_tenant_id"] %>
|
||||
<% end -%>
|
||||
|
||||
# The name of the admin nova tenant. If the uuid of the admin nova tenant
|
||||
# is set, this is optional.
|
||||
nova_admin_tenant_name = <%= node["openstack"]["network"]["nova"]["admin_tenant_name"] %>
|
||||
|
||||
# Password for connection to nova in admin context.
|
||||
nova_admin_password = <%= @nova_admin_pass %>
|
||||
|
|
Loading…
Reference in New Issue