Fix hardcoded protocols for identity_uri endpoints
Fix hardcoded protocols for: ceph-osd, radosgw, ironic-compute, neutron metadata, sahara Related blueprint: selective-ssl Change-Id: I61df0040de7cf911bd85aba30b4807cec0975161 Closes-Bug: #1533819
This commit is contained in:
parent
c9d5314333
commit
3f97fc1dfa
|
@ -25,6 +25,10 @@ prepare_network_config($network_scheme)
|
||||||
$ceph_cluster_network = get_network_role_property('ceph/replication', 'network')
|
$ceph_cluster_network = get_network_role_property('ceph/replication', 'network')
|
||||||
$ceph_public_network = get_network_role_property('ceph/public', 'network')
|
$ceph_public_network = get_network_role_property('ceph/public', 'network')
|
||||||
$ceph_tuning_settings = hiera('ceph_tuning_settings', {})
|
$ceph_tuning_settings = hiera('ceph_tuning_settings', {})
|
||||||
|
$ssl_hash = hiera_hash('use_ssl', {})
|
||||||
|
$admin_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
|
||||||
|
$admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
||||||
|
$admin_identity_url = "${admin_auth_protocol}://${admin_auth_address}:35357"
|
||||||
|
|
||||||
class {'ceph':
|
class {'ceph':
|
||||||
primary_mon => $primary_mon,
|
primary_mon => $primary_mon,
|
||||||
|
@ -35,7 +39,7 @@ class {'ceph':
|
||||||
osd_pool_default_pg_num => $storage_hash['pg_num'],
|
osd_pool_default_pg_num => $storage_hash['pg_num'],
|
||||||
osd_pool_default_pgp_num => $storage_hash['pg_num'],
|
osd_pool_default_pgp_num => $storage_hash['pg_num'],
|
||||||
use_rgw => $storage_hash['objects_ceph'],
|
use_rgw => $storage_hash['objects_ceph'],
|
||||||
rgw_keystone_url => "${service_endpoint}:35357",
|
rgw_keystone_url => $admin_identity_url,
|
||||||
glance_backend => $glance_backend,
|
glance_backend => $glance_backend,
|
||||||
rgw_pub_ip => $public_vip,
|
rgw_pub_ip => $public_vip,
|
||||||
rgw_adm_ip => $management_vip,
|
rgw_adm_ip => $management_vip,
|
||||||
|
|
|
@ -11,6 +11,9 @@ $radosgw_large_pool_name = ".rgw"
|
||||||
$mon_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_monitor_nodes'), 'ceph/public')
|
$mon_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_monitor_nodes'), 'ceph/public')
|
||||||
$external_lb = hiera('external_lb', false)
|
$external_lb = hiera('external_lb', false)
|
||||||
$ssl_hash = hiera_hash('use_ssl', {})
|
$ssl_hash = hiera_hash('use_ssl', {})
|
||||||
|
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
|
||||||
|
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
||||||
|
$admin_identity_url = "${admin_identity_protocol}://${admin_identity_address}:35357"
|
||||||
|
|
||||||
if ($storage_hash['volumes_ceph'] or
|
if ($storage_hash['volumes_ceph'] or
|
||||||
$storage_hash['images_ceph'] or
|
$storage_hash['images_ceph'] or
|
||||||
|
@ -54,9 +57,6 @@ if $use_ceph and $storage_hash['objects_ceph'] {
|
||||||
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
|
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
|
||||||
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
|
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
|
||||||
$internal_auth_url = "${internal_auth_protocol}://${internal_auth_address}:5000"
|
$internal_auth_url = "${internal_auth_protocol}://${internal_auth_address}:5000"
|
||||||
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
|
|
||||||
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
|
||||||
$admin_identity_url = "${admin_identity_protocol}://${admin_identity_address}:35357"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
haproxy_backend_status { 'keystone-admin' :
|
haproxy_backend_status { 'keystone-admin' :
|
||||||
|
@ -109,7 +109,7 @@ if $use_ceph and $storage_hash['objects_ceph'] {
|
||||||
#rgw Keystone settings
|
#rgw Keystone settings
|
||||||
rgw_use_pki => false,
|
rgw_use_pki => false,
|
||||||
rgw_use_keystone => true,
|
rgw_use_keystone => true,
|
||||||
rgw_keystone_url => "${service_endpoint}:35357",
|
rgw_keystone_url => $admin_identity_url,
|
||||||
rgw_keystone_admin_token => $keystone_hash['admin_token'],
|
rgw_keystone_admin_token => $keystone_hash['admin_token'],
|
||||||
rgw_keystone_token_cache_size => '10',
|
rgw_keystone_token_cache_size => '10',
|
||||||
rgw_keystone_accepted_roles => '_member_, Member, admin, swiftoperator',
|
rgw_keystone_accepted_roles => '_member_, Member, admin, swiftoperator',
|
||||||
|
|
|
@ -40,6 +40,12 @@ $memcached_port = hiera('memcache_server_port', '11211')
|
||||||
$memcached_addresses = suffix($memcached_servers, ":${memcached_port}")
|
$memcached_addresses = suffix($memcached_servers, ":${memcached_port}")
|
||||||
$notify_on_state_change = 'vm_and_task_state'
|
$notify_on_state_change = 'vm_and_task_state'
|
||||||
|
|
||||||
|
$ssl_hash = hiera_hash('use_ssl', {})
|
||||||
|
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
|
||||||
|
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
||||||
|
$admin_identity_uri = "${admin_identity_protocol}://${admin_identity_address}:35357"
|
||||||
|
|
||||||
|
|
||||||
####### Disable upstart startup on install #######
|
####### Disable upstart startup on install #######
|
||||||
tweaks::ubuntu_service_override { 'nova-compute':
|
tweaks::ubuntu_service_override { 'nova-compute':
|
||||||
package_name => "nova-compute",
|
package_name => "nova-compute",
|
||||||
|
@ -83,7 +89,7 @@ class { '::nova::compute':
|
||||||
|
|
||||||
|
|
||||||
class { 'nova::compute::ironic':
|
class { 'nova::compute::ironic':
|
||||||
admin_url => "http://${service_endpoint}:35357/v2.0",
|
admin_url => "${admin_identity_uri}/v2.0",
|
||||||
admin_user => $ironic_user,
|
admin_user => $ironic_user,
|
||||||
admin_tenant_name => $ironic_tenant,
|
admin_tenant_name => $ironic_tenant,
|
||||||
admin_passwd => $ironic_user_password,
|
admin_passwd => $ironic_user_password,
|
||||||
|
@ -93,7 +99,7 @@ class { 'nova::compute::ironic':
|
||||||
class { 'nova::network::neutron':
|
class { 'nova::network::neutron':
|
||||||
neutron_admin_password => $neutron_config['keystone']['admin_password'],
|
neutron_admin_password => $neutron_config['keystone']['admin_password'],
|
||||||
neutron_url => "http://${neutron_endpoint}:9696",
|
neutron_url => "http://${neutron_endpoint}:9696",
|
||||||
neutron_admin_auth_url => "http://${service_endpoint}:35357/v2.0",
|
neutron_admin_auth_url => "${admin_identity_uri}/v2.0",
|
||||||
}
|
}
|
||||||
|
|
||||||
cs_resource { "p_nova_compute_ironic":
|
cs_resource { "p_nova_compute_ironic":
|
||||||
|
|
|
@ -17,8 +17,12 @@ if $use_neutron and ($controller or ($dvr and $compute)) {
|
||||||
|
|
||||||
$auth_region = hiera('region', 'RegionOne')
|
$auth_region = hiera('region', 'RegionOne')
|
||||||
$service_endpoint = hiera('service_endpoint')
|
$service_endpoint = hiera('service_endpoint')
|
||||||
|
$management_vip = hiera('management_vip')
|
||||||
$auth_api_version = 'v2.0'
|
$auth_api_version = 'v2.0'
|
||||||
$admin_identity_uri = "http://${service_endpoint}:35357"
|
$ssl_hash = hiera_hash('use_ssl', {})
|
||||||
|
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
|
||||||
|
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
||||||
|
$admin_identity_uri = "${admin_identity_protocol}://${admin_identity_address}:35357"
|
||||||
$admin_auth_url = "${admin_identity_uri}/${auth_api_version}"
|
$admin_auth_url = "${admin_identity_uri}/${auth_api_version}"
|
||||||
|
|
||||||
$neutron_config = hiera_hash('neutron_config')
|
$neutron_config = hiera_hash('neutron_config')
|
||||||
|
@ -29,7 +33,6 @@ if $use_neutron and ($controller or ($dvr and $compute)) {
|
||||||
|
|
||||||
$shared_secret = try_get_value($neutron_config, 'metadata/metadata_proxy_shared_secret')
|
$shared_secret = try_get_value($neutron_config, 'metadata/metadata_proxy_shared_secret')
|
||||||
|
|
||||||
$management_vip = hiera('management_vip')
|
|
||||||
$nova_endpoint = hiera('nova_endpoint', $management_vip)
|
$nova_endpoint = hiera('nova_endpoint', $management_vip)
|
||||||
|
|
||||||
class { 'neutron::agents::metadata':
|
class { 'neutron::agents::metadata':
|
||||||
|
|
|
@ -25,6 +25,12 @@ $amqp_port = hiera('amqp_port')
|
||||||
$amqp_hosts = hiera('amqp_hosts')
|
$amqp_hosts = hiera('amqp_hosts')
|
||||||
$external_lb = hiera('external_lb', false)
|
$external_lb = hiera('external_lb', false)
|
||||||
$ssl_hash = hiera_hash('use_ssl', {})
|
$ssl_hash = hiera_hash('use_ssl', {})
|
||||||
|
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
|
||||||
|
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
|
||||||
|
$internal_auth_url = "${internal_auth_protocol}://${internal_auth_address}:5000"
|
||||||
|
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
|
||||||
|
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
||||||
|
$admin_identity_uri = "${admin_identity_protocol}://${admin_identity_address}:35357"
|
||||||
|
|
||||||
#################################################################
|
#################################################################
|
||||||
|
|
||||||
|
@ -80,8 +86,8 @@ if $sahara_hash['enabled'] {
|
||||||
database_max_retries => $max_retries,
|
database_max_retries => $max_retries,
|
||||||
database_idle_timeout => $idle_timeout,
|
database_idle_timeout => $idle_timeout,
|
||||||
sync_db => $primary_controller,
|
sync_db => $primary_controller,
|
||||||
auth_uri => "http://${service_endpoint}:5000/v2.0/",
|
auth_uri => "${internal_auth_url}/v2.0/",
|
||||||
identity_uri => "http://${service_endpoint}:35357/",
|
identity_uri => $admin_identity_uri,
|
||||||
rpc_backend => 'rabbit',
|
rpc_backend => 'rabbit',
|
||||||
use_neutron => $use_neutron,
|
use_neutron => $use_neutron,
|
||||||
admin_user => $sahara_user,
|
admin_user => $sahara_user,
|
||||||
|
@ -142,14 +148,6 @@ if $sahara_hash['enabled'] {
|
||||||
|
|
||||||
if $primary_controller {
|
if $primary_controller {
|
||||||
|
|
||||||
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
|
|
||||||
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
|
|
||||||
$internal_auth_url = "${internal_auth_protocol}://${internal_auth_address}:5000"
|
|
||||||
|
|
||||||
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
|
|
||||||
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
|
||||||
$admin_identity_url = "${admin_identity_protocol}://${admin_identity_address}:35357"
|
|
||||||
|
|
||||||
haproxy_backend_status { 'keystone-public' :
|
haproxy_backend_status { 'keystone-public' :
|
||||||
name => 'keystone-1',
|
name => 'keystone-1',
|
||||||
url => $external_lb ? {
|
url => $external_lb ? {
|
||||||
|
@ -162,7 +160,7 @@ if $sahara_hash['enabled'] {
|
||||||
name => 'keystone-2',
|
name => 'keystone-2',
|
||||||
url => $external_lb ? {
|
url => $external_lb ? {
|
||||||
default => $haproxy_stats_url,
|
default => $haproxy_stats_url,
|
||||||
true => $admin_identity_url,
|
true => $admin_identity_uri,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,12 @@ describe manifest do
|
||||||
end
|
end
|
||||||
ceph_tuning_settings = Noop.hiera 'ceph_tuning_settings'
|
ceph_tuning_settings = Noop.hiera 'ceph_tuning_settings'
|
||||||
|
|
||||||
|
public_ssl_hash = Noop.hiera('public_ssl')
|
||||||
|
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
|
||||||
|
let(:admin_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone', 'admin','protocol','http' }
|
||||||
|
let(:admin_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin', 'hostname', [Noop.hiera('service_endpoint', Noop.hiera('management_vip'))]}
|
||||||
|
let(:admin_uri) { "#{admin_auth_protocol}://#{admin_auth_address}:35357" }
|
||||||
|
|
||||||
if (storage_hash['images_ceph'] or storage_hash['objects_ceph'])
|
if (storage_hash['images_ceph'] or storage_hash['objects_ceph'])
|
||||||
it { should contain_class('ceph').with(
|
it { should contain_class('ceph').with(
|
||||||
'mon_hosts' => ceph_monitor_nodes.keys,
|
'mon_hosts' => ceph_monitor_nodes.keys,
|
||||||
|
@ -21,7 +27,7 @@ describe manifest do
|
||||||
'osd_pool_default_pg_num' => storage_hash['pg_num'],
|
'osd_pool_default_pg_num' => storage_hash['pg_num'],
|
||||||
'osd_pool_default_pgp_num' => storage_hash['pg_num'],
|
'osd_pool_default_pgp_num' => storage_hash['pg_num'],
|
||||||
'ephemeral_ceph' => storage_hash['ephemeral_ceph'],
|
'ephemeral_ceph' => storage_hash['ephemeral_ceph'],
|
||||||
'rgw_keystone_url' => "#{service_endpoint}:35357"
|
'rgw_keystone_url' => admin_uri,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -68,6 +68,7 @@ describe manifest do
|
||||||
it 'should configure s3 keystone authentication for RadosGW' do
|
it 'should configure s3 keystone authentication for RadosGW' do
|
||||||
should contain_class('ceph::radosgw').with(
|
should contain_class('ceph::radosgw').with(
|
||||||
:rgw_use_keystone => true,
|
:rgw_use_keystone => true,
|
||||||
|
:rgw_keystone_url => admin_url,
|
||||||
)
|
)
|
||||||
should contain_ceph_conf("client.#{rgw_id}/rgw_s3_auth_use_keystone").with(
|
should contain_ceph_conf("client.#{rgw_id}/rgw_s3_auth_use_keystone").with(
|
||||||
:value => rgw_s3_auth_use_keystone,
|
:value => rgw_s3_auth_use_keystone,
|
||||||
|
|
|
@ -28,11 +28,19 @@ describe manifest do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
public_ssl_hash = Noop.hiera('public_ssl')
|
||||||
|
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
|
||||||
|
let(:admin_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone', 'admin','protocol','http' }
|
||||||
|
let(:admin_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin', 'hostname', [Noop.hiera('service_endpoint', Noop.hiera('management_vip'))]}
|
||||||
|
let(:admin_uri) { "#{admin_auth_protocol}://#{admin_auth_address}:35357" }
|
||||||
|
|
||||||
if ironic_enabled
|
if ironic_enabled
|
||||||
it 'nova config should have correct ironic settings' do
|
it 'nova config should have correct ironic settings' do
|
||||||
should contain_nova_config('ironic/admin_password').with(:value => ironic_user_password)
|
should contain_nova_config('ironic/admin_password').with(:value => ironic_user_password)
|
||||||
should contain_nova_config('DEFAULT/compute_driver').with(:value => 'ironic.IronicDriver')
|
should contain_nova_config('DEFAULT/compute_driver').with(:value => 'ironic.IronicDriver')
|
||||||
should contain_nova_config('DEFAULT/compute_manager').with(:value => 'ironic.nova.compute.manager.ClusteredComputeManager')
|
should contain_nova_config('DEFAULT/compute_manager').with(:value => 'ironic.nova.compute.manager.ClusteredComputeManager')
|
||||||
|
should contain_nova_config('ironic/admin_url').with(:value => "#{admin_uri}/v2.0")
|
||||||
|
should contain_nova_config('neutron/admin_auth_url')..with(:value => "#{admin_uri}/v2.0")
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'nova config should have reserved_host_memory_mb set to 0' do
|
it 'nova config should have reserved_host_memory_mb set to 0' do
|
||||||
|
|
|
@ -33,8 +33,10 @@ describe manifest do
|
||||||
auth_region = Noop.hiera('region', 'RegionOne')
|
auth_region = Noop.hiera('region', 'RegionOne')
|
||||||
service_endpoint = Noop.hiera('service_endpoint')
|
service_endpoint = Noop.hiera('service_endpoint')
|
||||||
auth_api_version = 'v2.0'
|
auth_api_version = 'v2.0'
|
||||||
admin_identity_uri = "http://#{service_endpoint}:35357"
|
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
|
||||||
admin_auth_url = "#{admin_identity_uri}/#{auth_api_version}"
|
let(:admin_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone', 'admin','protocol','http' }
|
||||||
|
let(:admin_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin', 'hostname', [Noop.hiera('service_endpoint', Noop.hiera('management_vip'))]}
|
||||||
|
let(:admin_auth_url) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/#{auth_api_version}" }
|
||||||
|
|
||||||
if neutron_compute_roles.include?(Noop.hiera('role'))
|
if neutron_compute_roles.include?(Noop.hiera('role'))
|
||||||
context 'neutron-metadata-agent on compute' do
|
context 'neutron-metadata-agent on compute' do
|
||||||
|
|
|
@ -68,6 +68,13 @@ describe manifest do
|
||||||
"#{sahara_protocol}://#{sahara_address}:#{api_bind_port}"
|
"#{sahara_protocol}://#{sahara_address}:#{api_bind_port}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let(:admin_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone', 'admin','protocol','http' }
|
||||||
|
let(:admin_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin', 'hostname', [Noop.hiera('service_endpoint', Noop.hiera('management_vip'))]}
|
||||||
|
let(:admin_uri) { "#{admin_auth_protocol}://#{admin_auth_address}:35357" }
|
||||||
|
let(:internal_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','protocol','http' }
|
||||||
|
let(:internal_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','hostname',[Noop.hiera('service_endpoint', ''), Noop.hiera('management_vip')] }
|
||||||
|
let(:auth_url) { "#{internal_auth_protocol}://#{internal_auth_address}:5000/v2.0/" }
|
||||||
|
|
||||||
############################################################################
|
############################################################################
|
||||||
|
|
||||||
enable = Noop.hiera_structure('sahara/enabled')
|
enable = Noop.hiera_structure('sahara/enabled')
|
||||||
|
@ -91,8 +98,8 @@ describe manifest do
|
||||||
sql_connection = "mysql://#{db_user}:#{db_password}@#{db_host}/#{db_name}?read_timeout=#{read_timeout}"
|
sql_connection = "mysql://#{db_user}:#{db_password}@#{db_host}/#{db_name}?read_timeout=#{read_timeout}"
|
||||||
|
|
||||||
should contain_class('sahara').with(
|
should contain_class('sahara').with(
|
||||||
'auth_uri' => "http://#{service_endpoint}:5000/v2.0/",
|
'auth_uri' => auth_url,
|
||||||
'identity_uri' => "http://#{service_endpoint}:35357/",
|
'identity_uri' => admin_uri,
|
||||||
'plugins' => sahara_plugins,
|
'plugins' => sahara_plugins,
|
||||||
'rpc_backend' => 'rabbit',
|
'rpc_backend' => 'rabbit',
|
||||||
'use_neutron' => use_neutron,
|
'use_neutron' => use_neutron,
|
||||||
|
|
Loading…
Reference in New Issue