From 48d3cafe4f5f787d3faf9b6652fa46c23dd34655 Mon Sep 17 00:00:00 2001 From: Mark Vanderwiel Date: Tue, 3 Mar 2015 14:24:10 -0600 Subject: [PATCH] Use new nova_admin_tenant_name Patches in base neutron allow for use of just the nova tenant name instead of having to make an ugly cli call into keystone to get the uuid. This is much much cleaner way to do it. Kept the old admin_tenant_id attribute, added a new admin_tenant_name one. This should come directly from the Compute cookbook attribute, service_tenant_name, but since Network does not depend upon Compute cookbook, I simply added the default here. I don't think we want to introduce a depends between Network and Compute, that would be a circular dependency. Change-Id: I88948b6ad300192cb00b07f10d29dc7ec19d4ba2 Closes-Bug: #1427817 --- attributes/default.rb | 9 +- recipes/default.rb | 26 ------ spec/default_spec.rb | 136 ++--------------------------- templates/default/neutron.conf.erb | 6 ++ 4 files changed, 20 insertions(+), 157 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index 0dcbbab8..7e31a980 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -250,9 +250,16 @@ default['openstack']['network']['nova']['admin_username'] = 'nova' default['openstack']['network']['nova']['url_version'] = '/v2' # The uuid of the nova tenant -# Nil will cause the uuid to be queried from keystone. +# Nil will cause the name below to be used. default['openstack']['network']['nova']['admin_tenant_id'] = nil +# The name of the nova tenant +# defined here based upon Compute cookbook attribute: +# default['openstack']['compute']['service_tenant_name'] = 'service' +# Since this cookbook does not depend upon Compute, can't directly +# reference that here. +default['openstack']['network']['nova']['admin_tenant_name'] = 'service' + # Number of seconds between sending events to nova if there are any events to send default['openstack']['network']['nova']['send_events_interval'] = 2 diff --git a/recipes/default.rb b/recipes/default.rb index 362dbedb..f6d628bf 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -159,32 +159,6 @@ nova_endpoint = internal_endpoint 'compute-api' nova_version = node['openstack']['network']['nova']['url_version'] nova_endpoint = uri_from_hash('scheme' => nova_endpoint.scheme.to_s, 'host' => nova_endpoint.host.to_s, 'port' => nova_endpoint.port.to_s, 'path' => nova_version) nova_admin_pass = get_password 'service', 'openstack-compute' -ruby_block 'query service tenant uuid' do - # query keystone for the service tenant uuid - block do - begin - admin_user = node['openstack']['identity']['admin_user'] - admin_tenant = node['openstack']['identity']['admin_tenant_name'] - is_insecure = node['openstack']['network']['api']['auth']['insecure'] - cafile = node['openstack']['network']['api']['auth']['cafile'] - args = {} - is_insecure && args['insecure'] = '' - !cafile.to_s.empty? && args['os-cacert'] = cafile - env = openstack_command_env admin_user, admin_tenant - tenant_id = identity_uuid 'tenant', 'name', 'service', env, args - Chef::Log.error('service tenant UUID for nova_admin_tenant_id not found.') if tenant_id.nil? - node.set['openstack']['network']['nova']['admin_tenant_id'] = tenant_id - rescue RuntimeError => e - Chef::Log.error("Could not query service tenant UUID for nova_admin_tenant_id. Error was #{e.message}") - end - end - action :run - only_if do - (node['openstack']['network']['nova']['notify_nova_on_port_status_changes'] == 'True' || - node['openstack']['network']['nova']['notify_nova_on_port_data_changes'] == 'True') && - node['openstack']['network']['nova']['admin_tenant_id'].nil? - end -end template '/etc/neutron/neutron.conf' do source 'neutron.conf.erb' diff --git a/spec/default_spec.rb b/spec/default_spec.rb index d8b82849..df981017 100644 --- a/spec/default_spec.rb +++ b/spec/default_spec.rb @@ -569,10 +569,14 @@ describe 'openstack-network' do end end - %w(region_name admin_username admin_tenant_id).each do |attr| + it 'does not set the sets admin_tenant_id' do + expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^nova_admin_tenant_id =/) + end + + %w(region_name admin_username admin_tenant_id admin_tenant_name).each do |attr| it "sets the #{attr} nova attribute" do node.set['openstack']['network']['nova'][attr] = "nova_#{attr}_value" - expect(chef_run).to render_file(file.name).with_content(/^nova_#{attr} = nova_#{attr}_value$/) + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^nova_#{attr} = nova_#{attr}_value$/) end end @@ -756,134 +760,6 @@ describe 'openstack-network' do expect(chef_run).not_to render_file(file.name).with_content(/^service_provider = /) end end - - describe 'query service tenant uuid' do - it 'has queried service tenant uuid for nova interactions' do - # run actual ruby_block resource - chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create) - nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id'] - expect(nova_tenant_id).to eq('000-UUID-FROM-CLI') - expect(chef_run).to render_file(file.name).with_content( - 'nova_admin_tenant_id = 000-UUID-FROM-CLI') - end - - it 'has queried service tenant uuid for nova interactions with ssl' do - chef_run.node.set['openstack']['network']['api']['auth']['cafile'] = 'cafile' - chef_run.node.set['openstack']['network']['api']['auth']['insecure'] = true - allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:identity_uuid) - .with('tenant', 'name', 'service', {}, 'insecure' => '', 'os-cacert' => 'cafile') - .and_return('000-UUID-FROM-CLI') - # run actual ruby_block resource - chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create) - nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id'] - expect(nova_tenant_id).to eq('000-UUID-FROM-CLI') - expect(chef_run).to render_file(file.name).with_content( - 'nova_admin_tenant_id = 000-UUID-FROM-CLI') - end - - it 'has queried service tenant uuid for nova interactions with ssl empty cafile' do - chef_run.node.set['openstack']['network']['api']['auth']['cafile'] = '' - chef_run.node.set['openstack']['network']['api']['auth']['insecure'] = true - allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:identity_uuid) - .with('tenant', 'name', 'service', {}, 'insecure' => '') - .and_return('000-UUID-FROM-CLI') - # run actual ruby_block resource - chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create) - nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id'] - expect(nova_tenant_id).to eq('000-UUID-FROM-CLI') - expect(chef_run).to render_file(file.name).with_content( - 'nova_admin_tenant_id = 000-UUID-FROM-CLI') - end - - it 'has queried service tenant uuid for nova interactions with ssl nil cafile' do - chef_run.node.set['openstack']['network']['api']['auth']['cafile'] = nil - chef_run.node.set['openstack']['network']['api']['auth']['insecure'] = true - allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:identity_uuid) - .with('tenant', 'name', 'service', {}, 'insecure' => '') - .and_return('000-UUID-FROM-CLI') - # run actual ruby_block resource - chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create) - nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id'] - expect(nova_tenant_id).to eq('000-UUID-FROM-CLI') - expect(chef_run).to render_file(file.name).with_content( - 'nova_admin_tenant_id = 000-UUID-FROM-CLI') - end - - it 'has status changes for nova interactions disabled without id override' do - chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_status_changes'] = 'False' - # run actual ruby_block resource - chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create) - nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id'] - expect(nova_tenant_id).to eq('000-UUID-FROM-CLI') - expect(chef_run).to render_file(file.name).with_content( - 'nova_admin_tenant_id = 000-UUID-FROM-CLI') - end - - it 'has data changes for nova interactions disabled without id override' do - chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_data_changes'] = 'False' - # run actual ruby_block resource - chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create) - nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id'] - expect(nova_tenant_id).to eq('000-UUID-FROM-CLI') - expect(chef_run).to render_file(file.name).with_content( - 'nova_admin_tenant_id = 000-UUID-FROM-CLI') - end - - it 'has all changes for nova interactions disabled without id override' do - chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_status_changes'] = 'False' - chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_data_changes'] = 'False' - # run actual ruby_block resource - chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create) - nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id'] - expect(nova_tenant_id).to eq(nil) - expect(chef_run).to render_file(file.name).with_content( - 'nova_admin_tenant_id =') - end - - it 'has status changes for nova interactions disabled with id override' do - chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_status_changes'] = 'False' - chef_run.node.set['openstack']['network']['nova']['admin_tenant_id'] = '111-UUID-OVERRIDE' - # run actual ruby_block resource - chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create) - nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id'] - expect(nova_tenant_id).to eq('111-UUID-OVERRIDE') - expect(chef_run).to render_file(file.name).with_content( - 'nova_admin_tenant_id = 111-UUID-OVERRIDE') - end - - it 'has data changes for nova interactions disabled with id override' do - chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_data_changes'] = 'False' - chef_run.node.set['openstack']['network']['nova']['admin_tenant_id'] = '111-UUID-OVERRIDE' - # run actual ruby_block resource - chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create) - nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id'] - expect(nova_tenant_id).to eq('111-UUID-OVERRIDE') - expect(chef_run).to render_file(file.name).with_content( - 'nova_admin_tenant_id = 111-UUID-OVERRIDE') - end - - it 'has all changes for nova interactions disabled with id override' do - chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_status_changes'] = 'False' - chef_run.node.set['openstack']['network']['nova']['notify_nova_on_port_data_changes'] = 'False' - chef_run.node.set['openstack']['network']['nova']['admin_tenant_id'] = '111-UUID-OVERRIDE' - # run actual ruby_block resource - chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create) - nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id'] - expect(nova_tenant_id).to eq('111-UUID-OVERRIDE') - expect(chef_run).to render_file(file.name).with_content( - 'nova_admin_tenant_id = 111-UUID-OVERRIDE') - end - - it 'has overriden service tenant uuid for nova interactions' do - chef_run.node.set['openstack']['network']['nova']['admin_tenant_id'] = '111-UUID-OVERRIDE' - # run actual ruby_block resource - chef_run.find_resource(:ruby_block, 'query service tenant uuid').old_run_action(:create) - nova_tenant_id = chef_run.node['openstack']['network']['nova']['admin_tenant_id'] - expect(nova_tenant_id).to eq('111-UUID-OVERRIDE') - expect(chef_run).to render_file(file.name).with_content( - 'nova_admin_tenant_id = 111-UUID-OVERRIDE') - end - end end describe 'policy file' do diff --git a/templates/default/neutron.conf.erb b/templates/default/neutron.conf.erb index dc9bbcb7..ea060c50 100644 --- a/templates/default/neutron.conf.erb +++ b/templates/default/neutron.conf.erb @@ -359,8 +359,14 @@ nova_region_name = <%= node["openstack"]["network"]["nova"]["region_name"] %> # Username for connection to nova in admin context nova_admin_username = <%= node["openstack"]["network"]["nova"]["admin_username"] %> +<% if node['openstack']['network']['nova']['admin_tenant_id'] -%> # The uuid of the admin nova tenant nova_admin_tenant_id = <%= node["openstack"]["network"]["nova"]["admin_tenant_id"] %> +<% end -%> + +# The name of the admin nova tenant. If the uuid of the admin nova tenant +# is set, this is optional. +nova_admin_tenant_name = <%= node["openstack"]["network"]["nova"]["admin_tenant_name"] %> # Password for connection to nova in admin context. nova_admin_password = <%= @nova_admin_pass %>