Merge "Adapt fuel-library to removal of old authtoken parameters"
This commit is contained in:
commit
fdb38df92a
|
@ -41,7 +41,7 @@ class openstack_tasks::ceilometer::controller {
|
|||
|
||||
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
|
||||
$internal_auth_endpoint = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint])
|
||||
$keystone_identity_uri = "${internal_auth_protocol}://${internal_auth_endpoint}:35357/"
|
||||
$keystone_auth_url = "${internal_auth_protocol}://${internal_auth_endpoint}:35357/"
|
||||
$keystone_auth_uri = "${internal_auth_protocol}://${internal_auth_endpoint}:5000/"
|
||||
|
||||
$memcached_servers = hiera('memcached_servers')
|
||||
|
@ -197,18 +197,20 @@ class openstack_tasks::ceilometer::controller {
|
|||
workers => $service_workers,
|
||||
}
|
||||
|
||||
# Install the ceilometer-api service
|
||||
# The keystone_password parameter is mandatory
|
||||
class { '::ceilometer::api':
|
||||
class { '::ceilometer::keystone::authtoken':
|
||||
username => $ceilometer_hash['user'],
|
||||
password => $ceilometer_hash['user_password'],
|
||||
project_name => $ceilometer_hash['tenant'],
|
||||
auth_url => $keystone_auth_url,
|
||||
auth_uri => $keystone_auth_uri,
|
||||
identity_uri => $keystone_identity_uri,
|
||||
keystone_user => $ceilometer_hash['user'],
|
||||
keystone_password => $ceilometer_hash['user_password'],
|
||||
keystone_tenant => $ceilometer_hash['tenant'],
|
||||
memcached_servers => $memcached_servers,
|
||||
host => $api_bind_address,
|
||||
service_name => 'httpd',
|
||||
api_workers => $service_workers,
|
||||
}
|
||||
|
||||
# Install the ceilometer-api service
|
||||
class { '::ceilometer::api':
|
||||
host => $api_bind_address,
|
||||
service_name => 'httpd',
|
||||
api_workers => $service_workers,
|
||||
}
|
||||
|
||||
# Clean up expired data once a week
|
||||
|
|
|
@ -121,8 +121,8 @@ class openstack_tasks::glance::glance {
|
|||
$admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [hiera('service_endpoint', ''), $management_vip])
|
||||
$glance_endpoint = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'hostname', [$management_vip])
|
||||
|
||||
$auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/"
|
||||
$identity_uri = "${admin_auth_protocol}://${admin_auth_address}:35357/"
|
||||
$auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/"
|
||||
$auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/"
|
||||
|
||||
$rados_connect_timeout = '30'
|
||||
|
||||
|
@ -154,16 +154,21 @@ class openstack_tasks::glance::glance {
|
|||
}
|
||||
}
|
||||
|
||||
class { '::glance::api::authtoken':
|
||||
username => $glance_user,
|
||||
password => $glance_user_password,
|
||||
project_name => $glance_tenant,
|
||||
auth_url => $auth_url,
|
||||
auth_uri => $auth_uri,
|
||||
token_cache_time => '-1',
|
||||
memcached_servers => $memcached_servers,
|
||||
}
|
||||
|
||||
# Install and configure glance-api
|
||||
class { '::glance::api':
|
||||
debug => $debug,
|
||||
bind_host => $api_bind_host,
|
||||
auth_type => 'keystone',
|
||||
auth_uri => $auth_uri,
|
||||
identity_uri => $identity_uri,
|
||||
keystone_user => $glance_user,
|
||||
keystone_password => $glance_user_password,
|
||||
keystone_tenant => $glance_tenant,
|
||||
auth_strategy => 'keystone',
|
||||
database_connection => $db_connection,
|
||||
enabled => $enabled,
|
||||
workers => $service_workers,
|
||||
|
@ -181,10 +186,8 @@ class openstack_tasks::glance::glance {
|
|||
os_region_name => $region,
|
||||
delayed_delete => false,
|
||||
scrub_time => '43200',
|
||||
token_cache_time => '-1',
|
||||
image_cache_stall_time => '86400',
|
||||
image_cache_max_size => $glance_image_cache_max_size,
|
||||
memcached_servers => $memcached_servers,
|
||||
}
|
||||
|
||||
class { '::glance::glare::logging':
|
||||
|
@ -211,21 +214,24 @@ class openstack_tasks::glance::glance {
|
|||
Package['python-swiftclient'] -> Class['::glance::glare']
|
||||
}
|
||||
|
||||
class { '::glance::glare::authtoken':
|
||||
username => $glance_glare_user,
|
||||
password => $glance_glare_user_password,
|
||||
project_name => $glance_glare_tenant,
|
||||
auth_url => $auth_url,
|
||||
auth_uri => $auth_uri,
|
||||
token_cache_time => '-1',
|
||||
memcached_servers => $memcached_servers,
|
||||
}
|
||||
|
||||
class { '::glance::glare':
|
||||
bind_host => $glare_bind_host,
|
||||
auth_type => 'keystone',
|
||||
auth_uri => $auth_uri,
|
||||
identity_uri => $identity_uri,
|
||||
keystone_user => $glance_glare_user,
|
||||
keystone_password => $glance_glare_user_password,
|
||||
keystone_tenant => $glance_glare_tenant,
|
||||
auth_strategy => 'keystone',
|
||||
enabled => $enabled,
|
||||
stores => $known_stores,
|
||||
workers => $service_workers,
|
||||
pipeline => $pipeline,
|
||||
os_region_name => $region,
|
||||
token_cache_time => '-1',
|
||||
memcached_servers => $memcached_servers,
|
||||
}
|
||||
|
||||
glance_api_config {
|
||||
|
@ -237,16 +243,20 @@ class openstack_tasks::glance::glance {
|
|||
'DEFAULT/os_region_name': value => $region;
|
||||
}
|
||||
|
||||
class { '::glance::registry::authtoken':
|
||||
username => $glance_user,
|
||||
password => $glance_user_password,
|
||||
project_name => $glance_tenant,
|
||||
auth_url => $auth_url,
|
||||
auth_uri => $auth_uri,
|
||||
memcached_servers => $memcached_servers,
|
||||
}
|
||||
|
||||
# Install and configure glance-registry
|
||||
class { '::glance::registry':
|
||||
debug => $debug,
|
||||
bind_host => $api_bind_host,
|
||||
auth_uri => $auth_uri,
|
||||
identity_uri => $identity_uri,
|
||||
auth_type => 'keystone',
|
||||
keystone_user => $glance_user,
|
||||
keystone_password => $glance_user_password,
|
||||
keystone_tenant => $glance_tenant,
|
||||
auth_strategy => 'keystone',
|
||||
database_connection => $db_connection,
|
||||
database_max_pool_size => $max_pool_size,
|
||||
database_max_retries => $max_retries,
|
||||
|
@ -259,7 +269,6 @@ class openstack_tasks::glance::glance {
|
|||
workers => $service_workers,
|
||||
sync_db => $primary_controller,
|
||||
os_region_name => $region,
|
||||
memcached_servers => $memcached_servers,
|
||||
}
|
||||
|
||||
class { '::glance::notify::rabbitmq':
|
||||
|
|
|
@ -31,7 +31,7 @@ class openstack_tasks::heat::heat {
|
|||
$public_ssl = get_ssl_property($ssl_hash, {}, 'heat', 'public', 'usage', false)
|
||||
|
||||
$auth_uri = "${public_auth_protocol}://${public_auth_address}:5000/v2.0/"
|
||||
$identity_uri = "${admin_auth_protocol}://${admin_auth_address}:35357/"
|
||||
$auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/"
|
||||
$keystone_ec2_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/v2.0"
|
||||
|
||||
$api_bind_port = '8004'
|
||||
|
@ -193,14 +193,18 @@ class openstack_tasks::heat::heat {
|
|||
}
|
||||
}
|
||||
|
||||
class { '::heat::keystone::authtoken':
|
||||
username => $keystone_user,
|
||||
password => $heat_hash['user_password'],
|
||||
project_name => $keystone_tenant,
|
||||
auth_uri => $auth_uri,
|
||||
auth_url => $auth_url,
|
||||
memcached_servers => $memcached_servers,
|
||||
}
|
||||
|
||||
# Common configuration, logging and RPC
|
||||
class { '::heat':
|
||||
auth_uri => $auth_uri,
|
||||
identity_uri => $identity_uri,
|
||||
keystone_ec2_uri => $keystone_ec2_uri,
|
||||
keystone_user => $keystone_user,
|
||||
keystone_tenant => $keystone_tenant,
|
||||
keystone_password => $heat_hash['user_password'],
|
||||
region_name => $region,
|
||||
|
||||
database_connection => $db_connection,
|
||||
|
@ -231,7 +235,6 @@ class openstack_tasks::heat::heat {
|
|||
database_max_retries => $max_retries,
|
||||
|
||||
kombu_compression => $kombu_compression,
|
||||
memcached_servers => $memcached_servers
|
||||
}
|
||||
|
||||
# Engine
|
||||
|
|
|
@ -92,15 +92,18 @@ class openstack_tasks::ironic::ironic {
|
|||
|
||||
class { '::ironic::client': }
|
||||
|
||||
class { '::ironic::api':
|
||||
host_ip => get_network_role_property('ironic/api', 'ipaddr'),
|
||||
class { '::ironic::api::authtoken':
|
||||
username => $ironic_user,
|
||||
password => $ironic_user_password,
|
||||
project_name => $ironic_tenant,
|
||||
auth_url => $admin_identity_uri,
|
||||
auth_uri => $internal_auth_url,
|
||||
identity_uri => $admin_identity_uri,
|
||||
admin_tenant_name => $ironic_tenant,
|
||||
admin_user => $ironic_user,
|
||||
admin_password => $ironic_user_password,
|
||||
neutron_url => "${neutron_protocol}://${neutron_endpoint}:9696",
|
||||
public_endpoint => "${public_protocol}://${public_address}:6385",
|
||||
memcached_servers => $memcached_servers,
|
||||
}
|
||||
|
||||
class { '::ironic::api':
|
||||
host_ip => get_network_role_property('ironic/api', 'ipaddr'),
|
||||
neutron_url => "${neutron_protocol}://${neutron_endpoint}:9696",
|
||||
public_endpoint => "${public_protocol}://${public_address}:6385",
|
||||
}
|
||||
}
|
||||
|
|
|
@ -55,7 +55,6 @@ class openstack_tasks::ironic::ironic_compute {
|
|||
'extra' => $extra_params
|
||||
})
|
||||
|
||||
$memcached_servers = hiera('memcached_servers')
|
||||
$notify_on_state_change = 'vm_and_task_state'
|
||||
|
||||
$ssl_hash = hiera_hash('use_ssl', {})
|
||||
|
@ -113,7 +112,6 @@ class openstack_tasks::ironic::ironic_compute {
|
|||
report_interval => $nova_report_interval,
|
||||
service_down_time => $nova_service_down_time,
|
||||
notify_on_state_change => $notify_on_state_change,
|
||||
memcached_servers => $memcached_servers,
|
||||
os_region_name => $region_name,
|
||||
}
|
||||
|
||||
|
|
|
@ -55,9 +55,9 @@ class openstack_tasks::openstack_controller::openstack_controller {
|
|||
$admin_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', [$nova_hash['auth_protocol'], 'http'])
|
||||
$admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
||||
|
||||
$keystone_auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/"
|
||||
$keystone_identity_uri = "${admin_auth_protocol}://${admin_auth_address}:35357/"
|
||||
$keystone_ec2_url = "${keystone_auth_uri}v2.0/ec2tokens"
|
||||
$keystone_auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/"
|
||||
$keystone_auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/"
|
||||
$keystone_ec2_url = "${keystone_auth_uri}v2.0/ec2tokens"
|
||||
|
||||
# get glance api servers list
|
||||
$glance_endpoint_default = hiera('glance_endpoint', $management_vip)
|
||||
|
@ -209,7 +209,6 @@ class openstack_tasks::openstack_controller::openstack_controller {
|
|||
notify_api_faults => pick($nova_hash['notify_api_faults'], false),
|
||||
notification_driver => $ceilometer_hash['notification_driver'],
|
||||
notify_on_state_change => $notify_on_state_change,
|
||||
memcached_servers => $memcached_servers,
|
||||
cinder_catalog_info => pick($nova_hash['cinder_catalog_info'], 'volumev2:cinderv2:internalURL'),
|
||||
database_max_pool_size => $max_pool_size,
|
||||
database_max_retries => $max_retries,
|
||||
|
@ -277,17 +276,21 @@ class openstack_tasks::openstack_controller::openstack_controller {
|
|||
, MINUTE);(GET, %(*changes-since*), .*changes-since.*, #{@get_limit}, MINUTE);(DELETE, %(*),\
|
||||
.*, #{@delete_limit} , MINUTE)" %>')
|
||||
|
||||
class { '::nova::keystone::authtoken':
|
||||
username => $keystone_user,
|
||||
password => $nova_hash['user_password'],
|
||||
project_name => pick($nova_hash['admin_tenant_name'], $keystone_tenant),
|
||||
auth_url => $keystone_auth_url,
|
||||
auth_uri => $keystone_auth_uri,
|
||||
auth_version => pick($nova_hash['auth_version'], $::os_service_default),
|
||||
memcached_servers => $memcached_servers,
|
||||
}
|
||||
|
||||
# Configure nova-api
|
||||
class { '::nova::api':
|
||||
enabled => true,
|
||||
api_bind_address => $api_bind_address,
|
||||
metadata_listen => $api_bind_address,
|
||||
admin_user => $keystone_user,
|
||||
admin_password => $nova_hash['user_password'],
|
||||
admin_tenant_name => pick($nova_hash['admin_tenant_name'], $keystone_tenant),
|
||||
identity_uri => $keystone_identity_uri,
|
||||
auth_uri => $keystone_auth_uri,
|
||||
auth_version => pick($nova_hash['auth_version'], $::os_service_default),
|
||||
ratelimits => $nova_rate_limits_string,
|
||||
neutron_metadata_proxy_shared_secret => $neutron_metadata_proxy_secret,
|
||||
osapi_compute_workers => $service_workers,
|
||||
|
@ -379,7 +382,7 @@ class openstack_tasks::openstack_controller::openstack_controller {
|
|||
class { '::nova::ironic::common':
|
||||
admin_username => pick($ironic_hash['auth_name'],'ironic'),
|
||||
admin_password => pick($ironic_hash['user_password'],'ironic'),
|
||||
admin_url => "${keystone_identity_uri}v2.0",
|
||||
admin_url => "${keystone_auth_url}v2.0",
|
||||
admin_tenant_name => pick($ironic_hash['tenant'],'services'),
|
||||
api_endpoint => "${ironic_protocol}://${ironic_endpoint}:6385/v1",
|
||||
}
|
||||
|
|
|
@ -203,15 +203,20 @@ class openstack_tasks::openstack_network::server_config {
|
|||
firewall_driver => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
|
||||
}
|
||||
|
||||
class { '::neutron::keystone::authtoken':
|
||||
username => $username,
|
||||
password => $password,
|
||||
project_name => $project_name,
|
||||
region_name => $region_name,
|
||||
auth_url => $auth_url,
|
||||
auth_uri => $auth_uri,
|
||||
memcached_servers => $memcached_servers,
|
||||
}
|
||||
|
||||
class { '::neutron::server':
|
||||
sync_db => $primary_controller,
|
||||
|
||||
username => $username,
|
||||
password => $password,
|
||||
project_name => $project_name,
|
||||
region_name => $region_name,
|
||||
auth_url => $auth_url,
|
||||
auth_uri => $auth_uri,
|
||||
auth_strategy => 'keystone',
|
||||
|
||||
database_connection => $db_connection,
|
||||
database_max_retries => hiera('max_retries'),
|
||||
|
@ -233,7 +238,6 @@ class openstack_tasks::openstack_network::server_config {
|
|||
qos_notification_drivers => $qos_notification_drivers,
|
||||
enabled => true,
|
||||
manage_service => true,
|
||||
memcached_servers => $memcached_servers,
|
||||
}
|
||||
|
||||
# TODO(mmalchuk) remove this after LP#1628580 merged
|
||||
|
|
|
@ -279,7 +279,6 @@ class openstack_tasks::roles::compute {
|
|||
service_down_time => $nova_service_down_time,
|
||||
notify_on_state_change => $notify_on_state_change,
|
||||
notification_driver => $ceilometer_hash['notification_driver'],
|
||||
memcached_servers => $memcached_servers,
|
||||
cinder_catalog_info => pick($nova_hash_real['cinder_catalog_info'], 'volumev2:cinderv2:internalURL'),
|
||||
kombu_compression => $kombu_compression,
|
||||
block_device_allocate_retries => $block_device_allocate_retries,
|
||||
|
|
|
@ -50,7 +50,7 @@ describe manifest do
|
|||
ssl_hash = Noop.hiera_structure('use_ssl', {})
|
||||
internal_auth_protocol = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','protocol','http'
|
||||
internal_auth_endpoint = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','hostname',[service_endpoint]
|
||||
keystone_identity_uri = "#{internal_auth_protocol}://#{internal_auth_endpoint}:35357/"
|
||||
keystone_auth_url = "#{internal_auth_protocol}://#{internal_auth_endpoint}:35357/"
|
||||
keystone_auth_uri = "#{internal_auth_protocol}://#{internal_auth_endpoint}:5000/"
|
||||
kombu_compression = Noop.hiera 'kombu_compression', ''
|
||||
rabbit_hash = Noop.hiera_structure 'rabbit', {}
|
||||
|
@ -94,25 +94,31 @@ describe manifest do
|
|||
)
|
||||
end
|
||||
|
||||
it 'should declare ceilometer::keystone::authtoken class with correct parameters' do
|
||||
should contain_class('ceilometer::keystone::authtoken').with(
|
||||
'username' => ceilometer_user,
|
||||
'password' => ceilometer_user_password,
|
||||
'project_name' => ceilometer_tenant,
|
||||
'auth_url' => keystone_auth_url,
|
||||
'auth_uri' => keystone_auth_uri,
|
||||
'memcached_servers' => memcached_servers,
|
||||
)
|
||||
end
|
||||
|
||||
it 'should declare ceilometer::api class with correct parameters' do
|
||||
should contain_class('ceilometer::api').with(
|
||||
'auth_uri' => keystone_auth_uri,
|
||||
# TODO(aschultz): uncomment these and fix calling class
|
||||
# once https://review.openstack.org/#/c/345789/ has landed
|
||||
#'auth_url' => keystone_identity_uri,
|
||||
#'username' => ceilometer_user,
|
||||
#'password' => ceilometer_user_password,
|
||||
#'project_name' => ceilometer_tenant,
|
||||
'memcached_servers' => memcached_servers,
|
||||
'host' => api_bind_address,
|
||||
'service_name' => 'httpd',
|
||||
)
|
||||
end
|
||||
|
||||
it 'should configure auth and identity uri' do
|
||||
it 'should correctly configure authtoken parameters' do
|
||||
should contain_ceilometer_config('keystone_authtoken/username').with(:value => ceilometer_user)
|
||||
should contain_ceilometer_config('keystone_authtoken/password').with(:value => ceilometer_user_password)
|
||||
should contain_ceilometer_config('keystone_authtoken/project_name').with(:value => ceilometer_tenant)
|
||||
should contain_ceilometer_config('keystone_authtoken/auth_uri').with(:value => keystone_auth_uri)
|
||||
# TODO(aschultz): uncomment this once https://review.openstack.org/#/c/345789/ has landed
|
||||
#should contain_ceilometer_config('keystone_authtoken/auth_url').with(:value => keystone_identity_uri)
|
||||
should contain_ceilometer_config('keystone_authtoken/auth_url').with(:value => keystone_auth_url)
|
||||
should contain_ceilometer_config('keystone_authtoken/memcached_servers').with(:value => memcached_servers.join(','))
|
||||
end
|
||||
|
||||
it 'should configure interface (ex. OS ENDPOINT TYPE) for ceilometer' do
|
||||
|
@ -189,17 +195,6 @@ describe manifest do
|
|||
)
|
||||
end
|
||||
|
||||
it 'configures ceilometer::api' do
|
||||
should contain_class('ceilometer::api').with(
|
||||
'auth_uri' => keystone_auth_uri,
|
||||
'identity_uri' => keystone_identity_uri,
|
||||
'keystone_user' => ceilometer_hash['user'],
|
||||
'keystone_password' => ceilometer_hash['user_password'],
|
||||
'keystone_tenant' => ceilometer_hash['tenant'],
|
||||
'host' => bind_address,
|
||||
)
|
||||
end
|
||||
|
||||
it 'should properly configure rabbit queue' do
|
||||
should contain_ceilometer_config('DEFAULT/rpc_backend').with(:value => 'rabbit')
|
||||
should contain_ceilometer_config('oslo_messaging_rabbit/rabbit_virtual_host').with(:value => '/')
|
||||
|
|
|
@ -21,6 +21,7 @@ describe manifest do
|
|||
# TODO All this stuff should be moved to shared examples controller* tests.
|
||||
workers_max = Noop.hiera 'workers_max'
|
||||
glance_config = Noop.hiera_structure 'glance'
|
||||
glance_glare_config = Noop.hiera_structure 'glance_glare'
|
||||
storage_config = Noop.hiera_structure 'storage'
|
||||
max_pool_size = Noop.hiera('max_pool_size')
|
||||
max_overflow = Noop.hiera('max_overflow')
|
||||
|
@ -52,6 +53,14 @@ describe manifest do
|
|||
glance_vc_insecure = Noop.hiera_structure 'glance/vc_insecure', 'false'
|
||||
glance_vc_ca_file = Noop.hiera_structure 'glance/vc_ca_file', {'content' => 'RSA', 'name' => 'vcenter-ca.pem'}
|
||||
|
||||
glance_password = glance_config.fetch('user_password')
|
||||
glance_username = glance_config.fetch('user', 'glance')
|
||||
glance_project_name = glance_config.fetch('tenant', 'services')
|
||||
|
||||
glance_glare_password = glance_glare_config.fetch('user_password')
|
||||
glance_glare_username = glance_glare_config.fetch('user', 'glare')
|
||||
glance_glare_project_name = glance_glare_config.fetch('tenant', 'services')
|
||||
|
||||
rabbit_hash = Noop.hiera_structure 'rabbit', {}
|
||||
|
||||
let(:ceilometer_hash) { Noop.hiera_structure 'ceilometer' }
|
||||
|
@ -68,7 +77,7 @@ describe manifest do
|
|||
|
||||
let(:auth_uri) { "#{internal_auth_protocol}://#{internal_auth_address}:5000/" }
|
||||
|
||||
let(:identity_uri) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/" }
|
||||
let(:auth_url) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/" }
|
||||
|
||||
let(:memcached_servers) { Noop.hiera 'memcached_servers' }
|
||||
|
||||
|
@ -82,11 +91,36 @@ describe manifest do
|
|||
should contain_glance_registry_config('oslo_messaging_rabbit/heartbeat_rate').with_value(rabbit_heartbeat_rate)
|
||||
end
|
||||
|
||||
it 'should select right protocols and addresses for auth' do
|
||||
should contain_class('glance::api').with(
|
||||
'auth_uri' => auth_uri,
|
||||
'identity_uri' => identity_uri,
|
||||
)
|
||||
it 'should have correct auth options for Glance API' do
|
||||
should contain_class('glance::api::authtoken').with(
|
||||
'username' => glance_username,
|
||||
'password' => glance_password,
|
||||
'project_name' => glance_project_name,
|
||||
'auth_url' => auth_url,
|
||||
'auth_uri' => auth_uri,
|
||||
'token_cache_time' => '-1',
|
||||
'memcached_servers' => memcached_servers)
|
||||
end
|
||||
|
||||
it 'should have correct auth options for Glance Glare' do
|
||||
should contain_class('glance::glare::authtoken').with(
|
||||
'username' => glance_glare_username,
|
||||
'password' => glance_glare_password,
|
||||
'project_name' => glance_glare_project_name,
|
||||
'auth_url' => auth_url,
|
||||
'auth_uri' => auth_uri,
|
||||
'token_cache_time' => '-1',
|
||||
'memcached_servers' => memcached_servers)
|
||||
end
|
||||
|
||||
it 'should have correct auth options for Glance Registry' do
|
||||
should contain_class('glance::registry::authtoken').with(
|
||||
'username' => glance_username,
|
||||
'password' => glance_password,
|
||||
'project_name' => glance_project_name,
|
||||
'auth_url' => auth_url,
|
||||
'auth_uri' => auth_uri,
|
||||
'memcached_servers' => memcached_servers)
|
||||
end
|
||||
|
||||
it 'should configure workers for API, registry services' do
|
||||
|
@ -125,14 +159,13 @@ describe manifest do
|
|||
should contain_glance_api_config('DEFAULT/scrub_time').with_value('43200')
|
||||
should contain_glance_api_config('DEFAULT/scrubber_datadir').with_value('/var/lib/glance/scrubber')
|
||||
should contain_glance_api_config('glance_store/os_region_name').with_value(region)
|
||||
should contain_glance_api_config('keystone_authtoken/auth_type').with_value('password')
|
||||
should contain_glance_api_config('keystone_authtoken/auth_url').with_value(auth_url)
|
||||
should contain_glance_api_config('keystone_authtoken/auth_uri').with_value(auth_uri)
|
||||
should contain_glance_api_config('keystone_authtoken/username').with_value(glance_username)
|
||||
should contain_glance_api_config('keystone_authtoken/password').with_value(glance_password)
|
||||
should contain_glance_api_config('keystone_authtoken/project_name').with_value(glance_project_name)
|
||||
should contain_glance_api_config('keystone_authtoken/token_cache_time').with_value('-1')
|
||||
# TODO(aderyugin): Enable this test after https://review.openstack.org/#/c/348826/ merge
|
||||
# should contain_glance_api_config('keystone_authtoken/auth_type').with_value('password')
|
||||
# should contain_glance_api_config('keystone_authtoken/auth_url').with_value(identity_uri)
|
||||
# should contain_glance_api_config('keystone_authtoken/username').with_value(glance_config.fetch('user', 'glance'))
|
||||
# should contain_glance_api_config('keystone_authtoken/password').with_value(glance_config.fetch('user_password'))
|
||||
# should contain_glance_api_config('keystone_authtoken/project_name').with_value(glance_config.fetch('project_name', 'services'))
|
||||
|
||||
should contain_glance_api_config('keystone_authtoken/memcached_servers').with_value(memcached_servers.join(','))
|
||||
end
|
||||
|
||||
|
@ -142,6 +175,12 @@ describe manifest do
|
|||
should contain_glance_glare_config('database/max_overflow').with_value(max_overflow)
|
||||
should contain_glance_glare_config('database/max_retries').with_value(max_retries)
|
||||
should contain_glance_glare_config('glance_store/os_region_name').with_value(region)
|
||||
should contain_glance_glare_config('keystone_authtoken/auth_type').with_value('password')
|
||||
should contain_glance_glare_config('keystone_authtoken/auth_url').with_value(auth_url)
|
||||
should contain_glance_glare_config('keystone_authtoken/auth_uri').with_value(auth_uri)
|
||||
should contain_glance_glare_config('keystone_authtoken/username').with_value(glance_glare_username)
|
||||
should contain_glance_glare_config('keystone_authtoken/password').with_value(glance_glare_password)
|
||||
should contain_glance_glare_config('keystone_authtoken/project_name').with_value(glance_glare_project_name)
|
||||
should contain_glance_glare_config('keystone_authtoken/token_cache_time').with_value('-1')
|
||||
should contain_glance_glare_config('keystone_authtoken/memcached_servers').with_value(memcached_servers.join(','))
|
||||
end
|
||||
|
@ -171,6 +210,12 @@ describe manifest do
|
|||
should contain_glance_registry_config('database/max_overflow').with_value(max_overflow)
|
||||
should contain_glance_registry_config('database/max_retries').with_value(max_retries)
|
||||
should contain_glance_registry_config('glance_store/os_region_name').with_value(region)
|
||||
should contain_glance_registry_config('keystone_authtoken/auth_type').with_value('password')
|
||||
should contain_glance_registry_config('keystone_authtoken/auth_url').with_value(auth_url)
|
||||
should contain_glance_registry_config('keystone_authtoken/auth_uri').with_value(auth_uri)
|
||||
should contain_glance_registry_config('keystone_authtoken/username').with_value(glance_username)
|
||||
should contain_glance_registry_config('keystone_authtoken/password').with_value(glance_password)
|
||||
should contain_glance_registry_config('keystone_authtoken/project_name').with_value(glance_project_name)
|
||||
should contain_glance_registry_config('keystone_authtoken/memcached_servers').with_value(memcached_servers.join(','))
|
||||
end
|
||||
|
||||
|
|
|
@ -73,6 +73,14 @@ describe manifest do
|
|||
heat_db_name = Noop.hiera('heat_db_name', 'heat')
|
||||
|
||||
heat_hash = Noop.hiera_structure 'heat', {}
|
||||
|
||||
keystone_auth_uri = "#{public_auth_protocol}://#{public_auth_address}:5000/v2.0/"
|
||||
keystone_auth_url = "#{admin_auth_protocol}://#{admin_auth_address}:35357/"
|
||||
|
||||
tenant = heat_hash.fetch('tenant', 'services')
|
||||
user = heat_hash.fetch('user', 'heat')
|
||||
password = heat_hash['user_password']
|
||||
|
||||
rabbit_hash = Noop.hiera_structure 'rabbit', {}
|
||||
|
||||
rabbit_heartbeat_timeout_threshold = Noop.puppet_function 'pick', heat_hash['rabbit_heartbeat_timeout_threshold'], rabbit_hash['heartbeat_timeout_treshold'], 60
|
||||
|
@ -124,17 +132,31 @@ describe manifest do
|
|||
end
|
||||
end
|
||||
|
||||
it 'should use auth_uri and identity_uri' do
|
||||
should contain_class('heat').with(
|
||||
'auth_uri' => "#{public_auth_protocol}://#{public_auth_address}:5000/v2.0/",
|
||||
'identity_uri' => "#{admin_auth_protocol}://#{admin_auth_address}:35357/",
|
||||
'sync_db' => primary_controller,
|
||||
'heat_clients_url' => "#{public_heat_protocol}://#{public_vip}:8004/v1/%(tenant_id)s",
|
||||
it 'should declare heat::keystone::authtoken class with correct parameters' do
|
||||
should contain_class('heat::keystone::authtoken').with(
|
||||
'username' => user,
|
||||
'password' => password,
|
||||
'project_name' => tenant,
|
||||
'auth_url' => keystone_auth_url,
|
||||
'auth_uri' => keystone_auth_uri,
|
||||
'memcached_servers' => memcached_servers,
|
||||
)
|
||||
end
|
||||
|
||||
it 'should configure memcache for keystone authtoken' do
|
||||
should contain_heat_config('keystone_authtoken/memcached_servers').with_value(memcached_servers.join(','))
|
||||
it 'should correctly configure authtoken parameters' do
|
||||
should contain_heat_config('keystone_authtoken/username').with(:value => user)
|
||||
should contain_heat_config('keystone_authtoken/password').with(:value => password)
|
||||
should contain_heat_config('keystone_authtoken/project_name').with(:value => tenant)
|
||||
should contain_heat_config('keystone_authtoken/auth_url').with(:value => keystone_auth_url)
|
||||
should contain_heat_config('keystone_authtoken/auth_uri').with(:value => keystone_auth_uri)
|
||||
should contain_heat_config('keystone_authtoken/memcached_servers').with(:value => memcached_servers.join(','))
|
||||
end
|
||||
|
||||
it 'should configure heat class' do
|
||||
should contain_class('heat').with(
|
||||
'sync_db' => primary_controller,
|
||||
'heat_clients_url' => "#{public_heat_protocol}://#{public_vip}:8004/v1/%(tenant_id)s",
|
||||
)
|
||||
end
|
||||
|
||||
it 'should set empty trusts_delegated_roles for heat engine' do
|
||||
|
|
|
@ -75,14 +75,28 @@ if ironic_enabled
|
|||
)
|
||||
end
|
||||
|
||||
it 'should declare ironic::api::authtoken class correctly' do
|
||||
should contain_class('ironic::api::authtoken').with(
|
||||
'username' => admin_user,
|
||||
'password' => admin_password,
|
||||
'project_name' => admin_tenant,
|
||||
'auth_url' => admin_auth_uri,
|
||||
'auth_uri' => internal_auth_url,
|
||||
'memcached_servers' => memcached_servers,
|
||||
)
|
||||
end
|
||||
|
||||
it 'should correctly configure authtoken parameters' do
|
||||
should contain_ironic_config('keystone_authtoken/username').with(:value => admin_user)
|
||||
should contain_ironic_config('keystone_authtoken/password').with(:value => admin_password)
|
||||
should contain_ironic_config('keystone_authtoken/project_name').with(:value => admin_tenant)
|
||||
should contain_ironic_config('keystone_authtoken/auth_url').with(:value => admin_auth_uri)
|
||||
should contain_ironic_config('keystone_authtoken/auth_uri').with(:value => internal_auth_url)
|
||||
should contain_ironic_config('keystone_authtoken/memcached_servers').with(:value => memcached_servers.join(','))
|
||||
end
|
||||
|
||||
it 'should declare ironic::api class correctly' do
|
||||
should contain_class('ironic::api').with(
|
||||
'auth_uri' => internal_auth_url,
|
||||
'identity_uri' => admin_auth_uri,
|
||||
'admin_tenant_name' => admin_tenant,
|
||||
'admin_user' => admin_user,
|
||||
'admin_password' => admin_password,
|
||||
'memcached_servers' => memcached_servers,
|
||||
'neutron_url' => "#{neutron_protocol}://#{neutron_address}:9696",
|
||||
'public_endpoint' => "#{public_protocol}://#{public_address}:6385"
|
||||
)
|
||||
|
|
|
@ -56,7 +56,9 @@ describe manifest do
|
|||
let(:admin_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin','hostname',[service_endpoint, management_vip] }
|
||||
|
||||
let(:keystone_auth_uri) { "#{internal_auth_protocol}://#{internal_auth_address}:5000/" }
|
||||
let(:keystone_identity_uri) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/" }
|
||||
let(:keystone_auth_url) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/" }
|
||||
let(:project_name) { Noop.puppet_function('pick', nova_hash['admin_tenant_name'], keystone_tenant) }
|
||||
let(:auth_version) { Noop.puppet_function('pick', nova_hash['auth_version'], facts[:os_service_default]) }
|
||||
let(:keystone_ec2_url) { "#{keystone_auth_uri}v2.0/ec2tokens" }
|
||||
|
||||
default_log_levels_hash = Noop.hiera_hash 'default_log_levels'
|
||||
|
@ -206,7 +208,6 @@ describe manifest do
|
|||
:database_max_retries => max_retries,
|
||||
:database_max_overflow => max_overflow,
|
||||
:notify_on_state_change => 'vm_and_task_state',
|
||||
:memcached_servers => memcached_servers,
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -236,18 +237,34 @@ describe manifest do
|
|||
)
|
||||
end
|
||||
|
||||
it 'should configure nova::keystone::authtoken' do
|
||||
should contain_class('nova::keystone::authtoken').with(
|
||||
:username => keystone_user,
|
||||
:password => nova_hash['user_password'],
|
||||
:project_name => project_name,
|
||||
:auth_url => keystone_auth_url,
|
||||
:auth_uri => keystone_auth_uri,
|
||||
:auth_version => auth_version,
|
||||
:memcached_servers => memcached_servers,
|
||||
)
|
||||
end
|
||||
|
||||
it 'should correctly configure authtoken parameters' do
|
||||
should contain_nova_config('keystone_authtoken/username').with(:value => keystone_user)
|
||||
should contain_nova_config('keystone_authtoken/password').with(:value => nova_hash['user_password'])
|
||||
should contain_nova_config('keystone_authtoken/project_name').with(:value => project_name)
|
||||
should contain_nova_config('keystone_authtoken/auth_url').with(:value => keystone_auth_url)
|
||||
should contain_nova_config('keystone_authtoken/auth_uri').with(:value => keystone_auth_uri)
|
||||
should contain_nova_config('keystone_authtoken/auth_version').with(:value => auth_version)
|
||||
should contain_nova_config('keystone_authtoken/memcached_servers').with(:value => memcached_servers.join(','))
|
||||
end
|
||||
|
||||
it 'should configure nova::api' do
|
||||
# FIXME(aschultz): check rate limits
|
||||
should contain_class('nova::api').with(
|
||||
:enabled => true,
|
||||
:api_bind_address => api_bind_address,
|
||||
:metadata_listen => api_bind_address,
|
||||
:admin_user => keystone_user,
|
||||
:admin_password => nova_hash['user_password'],
|
||||
:admin_tenant_name => Noop.puppet_function('pick', nova_hash['admin_tenant_name'], keystone_tenant),
|
||||
:identity_uri => keystone_identity_uri,
|
||||
:auth_uri => keystone_auth_uri,
|
||||
:auth_version => Noop.puppet_function('pick', nova_hash['auth_version'], facts[:os_service_default]),
|
||||
:neutron_metadata_proxy_shared_secret => neutron_metadata_proxy_secret,
|
||||
:osapi_compute_workers => service_workers,
|
||||
:metadata_workers => service_workers,
|
||||
|
@ -368,7 +385,7 @@ describe manifest do
|
|||
'admin_username' => ironic_user,
|
||||
'admin_password' => ironic_password,
|
||||
'admin_tenant_name' => ironic_tenant,
|
||||
'admin_url' => "#{keystone_identity_uri}v2.0",
|
||||
'admin_url' => "#{keystone_auth_url}v2.0",
|
||||
'api_endpoint' => "#{ironic_protocol}://#{ironic_endpoint}:6385/v1",
|
||||
)
|
||||
end
|
||||
|
|
|
@ -61,6 +61,7 @@ describe manifest do
|
|||
|
||||
should contain_class('neutron::server').with(
|
||||
'sync_db' => sync_db,
|
||||
'auth_strategy' => 'keystone',
|
||||
'database_retry_interval' => '2',
|
||||
'database_connection' => db_connection,
|
||||
'database_max_retries' => Noop.hiera('max_retries'),
|
||||
|
@ -256,13 +257,24 @@ describe manifest do
|
|||
end
|
||||
|
||||
it 'should have correct auth options' do
|
||||
should contain_class('neutron::server').with(
|
||||
'password' => password,
|
||||
'project_name' => project_name,
|
||||
'region_name' => region_name,
|
||||
'username' => username,
|
||||
'auth_url' => auth_url,
|
||||
'auth_uri' => auth_uri,)
|
||||
should contain_class('neutron::keystone::authtoken').with(
|
||||
'username' => username,
|
||||
'password' => password,
|
||||
'project_name' => project_name,
|
||||
'region_name' => region_name,
|
||||
'auth_url' => auth_url,
|
||||
'auth_uri' => auth_uri,
|
||||
'memcached_servers' => memcached_servers,)
|
||||
end
|
||||
|
||||
it 'should correctly configure authtoken parameters' do
|
||||
should contain_neutron_config('keystone_authtoken/username').with(:value => username)
|
||||
should contain_neutron_config('keystone_authtoken/password').with(:value => password)
|
||||
should contain_neutron_config('keystone_authtoken/project_name').with(:value => project_name)
|
||||
should contain_neutron_config('keystone_authtoken/region_name').with(:value => region_name)
|
||||
should contain_neutron_config('keystone_authtoken/auth_url').with(:value => auth_url)
|
||||
should contain_neutron_config('keystone_authtoken/auth_uri').with(:value => auth_uri)
|
||||
should contain_neutron_config('keystone_authtoken/memcached_servers').with(:value => memcached_servers.join(','))
|
||||
end
|
||||
|
||||
it 'should have agent related settings' do
|
||||
|
@ -277,8 +289,7 @@ describe manifest do
|
|||
should contain_class('neutron::server').with(
|
||||
'router_distributed' => dvr,
|
||||
'enabled' => true,
|
||||
'manage_service' => true,
|
||||
'memcached_servers' => memcached_servers,)
|
||||
'manage_service' => true,)
|
||||
}
|
||||
|
||||
it 'should configure neutron::server::notifications' do
|
||||
|
|
|
@ -317,11 +317,6 @@ describe manifest do
|
|||
'value' => 'false',
|
||||
)
|
||||
end
|
||||
it 'nova config should contain right memcached servers list' do
|
||||
should contain_class('nova').with(
|
||||
:memcached_servers => memcached_servers
|
||||
)
|
||||
end
|
||||
|
||||
it 'should configure nova cache correctly' do
|
||||
should contain_class('nova::cache').with(
|
||||
|
|
Loading…
Reference in New Issue