diff --git a/deployment/puppet/openstack_tasks/manifests/ceilometer/controller.pp b/deployment/puppet/openstack_tasks/manifests/ceilometer/controller.pp index 1333b5259d..492d5cec0a 100644 --- a/deployment/puppet/openstack_tasks/manifests/ceilometer/controller.pp +++ b/deployment/puppet/openstack_tasks/manifests/ceilometer/controller.pp @@ -41,7 +41,7 @@ class openstack_tasks::ceilometer::controller { $internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http') $internal_auth_endpoint = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint]) - $keystone_identity_uri = "${internal_auth_protocol}://${internal_auth_endpoint}:35357/" + $keystone_auth_url = "${internal_auth_protocol}://${internal_auth_endpoint}:35357/" $keystone_auth_uri = "${internal_auth_protocol}://${internal_auth_endpoint}:5000/" $memcached_servers = hiera('memcached_servers') @@ -197,18 +197,20 @@ class openstack_tasks::ceilometer::controller { workers => $service_workers, } - # Install the ceilometer-api service - # The keystone_password parameter is mandatory - class { '::ceilometer::api': + class { '::ceilometer::keystone::authtoken': + username => $ceilometer_hash['user'], + password => $ceilometer_hash['user_password'], + project_name => $ceilometer_hash['tenant'], + auth_url => $keystone_auth_url, auth_uri => $keystone_auth_uri, - identity_uri => $keystone_identity_uri, - keystone_user => $ceilometer_hash['user'], - keystone_password => $ceilometer_hash['user_password'], - keystone_tenant => $ceilometer_hash['tenant'], memcached_servers => $memcached_servers, - host => $api_bind_address, - service_name => 'httpd', - api_workers => $service_workers, + } + + # Install the ceilometer-api service + class { '::ceilometer::api': + host => $api_bind_address, + service_name => 'httpd', + api_workers => $service_workers, } # Clean up expired data once a week diff --git a/deployment/puppet/openstack_tasks/manifests/glance/glance.pp b/deployment/puppet/openstack_tasks/manifests/glance/glance.pp index 7ce2b5ab33..32eb95a4e9 100644 --- a/deployment/puppet/openstack_tasks/manifests/glance/glance.pp +++ b/deployment/puppet/openstack_tasks/manifests/glance/glance.pp @@ -121,8 +121,8 @@ class openstack_tasks::glance::glance { $admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [hiera('service_endpoint', ''), $management_vip]) $glance_endpoint = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'hostname', [$management_vip]) - $auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/" - $identity_uri = "${admin_auth_protocol}://${admin_auth_address}:35357/" + $auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/" + $auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/" $rados_connect_timeout = '30' @@ -154,16 +154,21 @@ class openstack_tasks::glance::glance { } } + class { '::glance::api::authtoken': + username => $glance_user, + password => $glance_user_password, + project_name => $glance_tenant, + auth_url => $auth_url, + auth_uri => $auth_uri, + token_cache_time => '-1', + memcached_servers => $memcached_servers, + } + # Install and configure glance-api class { '::glance::api': debug => $debug, bind_host => $api_bind_host, - auth_type => 'keystone', - auth_uri => $auth_uri, - identity_uri => $identity_uri, - keystone_user => $glance_user, - keystone_password => $glance_user_password, - keystone_tenant => $glance_tenant, + auth_strategy => 'keystone', database_connection => $db_connection, enabled => $enabled, workers => $service_workers, @@ -181,10 +186,8 @@ class openstack_tasks::glance::glance { os_region_name => $region, delayed_delete => false, scrub_time => '43200', - token_cache_time => '-1', image_cache_stall_time => '86400', image_cache_max_size => $glance_image_cache_max_size, - memcached_servers => $memcached_servers, } class { '::glance::glare::logging': @@ -211,21 +214,24 @@ class openstack_tasks::glance::glance { Package['python-swiftclient'] -> Class['::glance::glare'] } + class { '::glance::glare::authtoken': + username => $glance_glare_user, + password => $glance_glare_user_password, + project_name => $glance_glare_tenant, + auth_url => $auth_url, + auth_uri => $auth_uri, + token_cache_time => '-1', + memcached_servers => $memcached_servers, + } + class { '::glance::glare': bind_host => $glare_bind_host, - auth_type => 'keystone', - auth_uri => $auth_uri, - identity_uri => $identity_uri, - keystone_user => $glance_glare_user, - keystone_password => $glance_glare_user_password, - keystone_tenant => $glance_glare_tenant, + auth_strategy => 'keystone', enabled => $enabled, stores => $known_stores, workers => $service_workers, pipeline => $pipeline, os_region_name => $region, - token_cache_time => '-1', - memcached_servers => $memcached_servers, } glance_api_config { @@ -237,16 +243,20 @@ class openstack_tasks::glance::glance { 'DEFAULT/os_region_name': value => $region; } + class { '::glance::registry::authtoken': + username => $glance_user, + password => $glance_user_password, + project_name => $glance_tenant, + auth_url => $auth_url, + auth_uri => $auth_uri, + memcached_servers => $memcached_servers, + } + # Install and configure glance-registry class { '::glance::registry': debug => $debug, bind_host => $api_bind_host, - auth_uri => $auth_uri, - identity_uri => $identity_uri, - auth_type => 'keystone', - keystone_user => $glance_user, - keystone_password => $glance_user_password, - keystone_tenant => $glance_tenant, + auth_strategy => 'keystone', database_connection => $db_connection, database_max_pool_size => $max_pool_size, database_max_retries => $max_retries, @@ -259,7 +269,6 @@ class openstack_tasks::glance::glance { workers => $service_workers, sync_db => $primary_controller, os_region_name => $region, - memcached_servers => $memcached_servers, } class { '::glance::notify::rabbitmq': diff --git a/deployment/puppet/openstack_tasks/manifests/heat/heat.pp b/deployment/puppet/openstack_tasks/manifests/heat/heat.pp index 5ee4cb5898..b8c4d6717d 100644 --- a/deployment/puppet/openstack_tasks/manifests/heat/heat.pp +++ b/deployment/puppet/openstack_tasks/manifests/heat/heat.pp @@ -31,7 +31,7 @@ class openstack_tasks::heat::heat { $public_ssl = get_ssl_property($ssl_hash, {}, 'heat', 'public', 'usage', false) $auth_uri = "${public_auth_protocol}://${public_auth_address}:5000/v2.0/" - $identity_uri = "${admin_auth_protocol}://${admin_auth_address}:35357/" + $auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/" $keystone_ec2_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/v2.0" $api_bind_port = '8004' @@ -193,14 +193,18 @@ class openstack_tasks::heat::heat { } } + class { '::heat::keystone::authtoken': + username => $keystone_user, + password => $heat_hash['user_password'], + project_name => $keystone_tenant, + auth_uri => $auth_uri, + auth_url => $auth_url, + memcached_servers => $memcached_servers, + } + # Common configuration, logging and RPC class { '::heat': - auth_uri => $auth_uri, - identity_uri => $identity_uri, keystone_ec2_uri => $keystone_ec2_uri, - keystone_user => $keystone_user, - keystone_tenant => $keystone_tenant, - keystone_password => $heat_hash['user_password'], region_name => $region, database_connection => $db_connection, @@ -231,7 +235,6 @@ class openstack_tasks::heat::heat { database_max_retries => $max_retries, kombu_compression => $kombu_compression, - memcached_servers => $memcached_servers } # Engine diff --git a/deployment/puppet/openstack_tasks/manifests/ironic/ironic.pp b/deployment/puppet/openstack_tasks/manifests/ironic/ironic.pp index 7264b7e83b..40112dcaaa 100644 --- a/deployment/puppet/openstack_tasks/manifests/ironic/ironic.pp +++ b/deployment/puppet/openstack_tasks/manifests/ironic/ironic.pp @@ -92,15 +92,18 @@ class openstack_tasks::ironic::ironic { class { '::ironic::client': } - class { '::ironic::api': - host_ip => get_network_role_property('ironic/api', 'ipaddr'), + class { '::ironic::api::authtoken': + username => $ironic_user, + password => $ironic_user_password, + project_name => $ironic_tenant, + auth_url => $admin_identity_uri, auth_uri => $internal_auth_url, - identity_uri => $admin_identity_uri, - admin_tenant_name => $ironic_tenant, - admin_user => $ironic_user, - admin_password => $ironic_user_password, - neutron_url => "${neutron_protocol}://${neutron_endpoint}:9696", - public_endpoint => "${public_protocol}://${public_address}:6385", memcached_servers => $memcached_servers, } + + class { '::ironic::api': + host_ip => get_network_role_property('ironic/api', 'ipaddr'), + neutron_url => "${neutron_protocol}://${neutron_endpoint}:9696", + public_endpoint => "${public_protocol}://${public_address}:6385", + } } diff --git a/deployment/puppet/openstack_tasks/manifests/ironic/ironic_compute.pp b/deployment/puppet/openstack_tasks/manifests/ironic/ironic_compute.pp index b2dfe32b6a..79ed96e4d9 100644 --- a/deployment/puppet/openstack_tasks/manifests/ironic/ironic_compute.pp +++ b/deployment/puppet/openstack_tasks/manifests/ironic/ironic_compute.pp @@ -55,7 +55,6 @@ class openstack_tasks::ironic::ironic_compute { 'extra' => $extra_params }) - $memcached_servers = hiera('memcached_servers') $notify_on_state_change = 'vm_and_task_state' $ssl_hash = hiera_hash('use_ssl', {}) @@ -113,7 +112,6 @@ class openstack_tasks::ironic::ironic_compute { report_interval => $nova_report_interval, service_down_time => $nova_service_down_time, notify_on_state_change => $notify_on_state_change, - memcached_servers => $memcached_servers, os_region_name => $region_name, } diff --git a/deployment/puppet/openstack_tasks/manifests/openstack_controller/openstack_controller.pp b/deployment/puppet/openstack_tasks/manifests/openstack_controller/openstack_controller.pp index 68467daf3b..c92080bfae 100644 --- a/deployment/puppet/openstack_tasks/manifests/openstack_controller/openstack_controller.pp +++ b/deployment/puppet/openstack_tasks/manifests/openstack_controller/openstack_controller.pp @@ -55,9 +55,9 @@ class openstack_tasks::openstack_controller::openstack_controller { $admin_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', [$nova_hash['auth_protocol'], 'http']) $admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip]) - $keystone_auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/" - $keystone_identity_uri = "${admin_auth_protocol}://${admin_auth_address}:35357/" - $keystone_ec2_url = "${keystone_auth_uri}v2.0/ec2tokens" + $keystone_auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/" + $keystone_auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/" + $keystone_ec2_url = "${keystone_auth_uri}v2.0/ec2tokens" # get glance api servers list $glance_endpoint_default = hiera('glance_endpoint', $management_vip) @@ -209,7 +209,6 @@ class openstack_tasks::openstack_controller::openstack_controller { notify_api_faults => pick($nova_hash['notify_api_faults'], false), notification_driver => $ceilometer_hash['notification_driver'], notify_on_state_change => $notify_on_state_change, - memcached_servers => $memcached_servers, cinder_catalog_info => pick($nova_hash['cinder_catalog_info'], 'volumev2:cinderv2:internalURL'), database_max_pool_size => $max_pool_size, database_max_retries => $max_retries, @@ -277,17 +276,21 @@ class openstack_tasks::openstack_controller::openstack_controller { , MINUTE);(GET, %(*changes-since*), .*changes-since.*, #{@get_limit}, MINUTE);(DELETE, %(*),\ .*, #{@delete_limit} , MINUTE)" %>') + class { '::nova::keystone::authtoken': + username => $keystone_user, + password => $nova_hash['user_password'], + project_name => pick($nova_hash['admin_tenant_name'], $keystone_tenant), + auth_url => $keystone_auth_url, + auth_uri => $keystone_auth_uri, + auth_version => pick($nova_hash['auth_version'], $::os_service_default), + memcached_servers => $memcached_servers, + } + # Configure nova-api class { '::nova::api': enabled => true, api_bind_address => $api_bind_address, metadata_listen => $api_bind_address, - admin_user => $keystone_user, - admin_password => $nova_hash['user_password'], - admin_tenant_name => pick($nova_hash['admin_tenant_name'], $keystone_tenant), - identity_uri => $keystone_identity_uri, - auth_uri => $keystone_auth_uri, - auth_version => pick($nova_hash['auth_version'], $::os_service_default), ratelimits => $nova_rate_limits_string, neutron_metadata_proxy_shared_secret => $neutron_metadata_proxy_secret, osapi_compute_workers => $service_workers, @@ -379,7 +382,7 @@ class openstack_tasks::openstack_controller::openstack_controller { class { '::nova::ironic::common': admin_username => pick($ironic_hash['auth_name'],'ironic'), admin_password => pick($ironic_hash['user_password'],'ironic'), - admin_url => "${keystone_identity_uri}v2.0", + admin_url => "${keystone_auth_url}v2.0", admin_tenant_name => pick($ironic_hash['tenant'],'services'), api_endpoint => "${ironic_protocol}://${ironic_endpoint}:6385/v1", } diff --git a/deployment/puppet/openstack_tasks/manifests/openstack_network/server_config.pp b/deployment/puppet/openstack_tasks/manifests/openstack_network/server_config.pp index cbb7e98a22..657cb87e3e 100644 --- a/deployment/puppet/openstack_tasks/manifests/openstack_network/server_config.pp +++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/server_config.pp @@ -203,15 +203,20 @@ class openstack_tasks::openstack_network::server_config { firewall_driver => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver', } + class { '::neutron::keystone::authtoken': + username => $username, + password => $password, + project_name => $project_name, + region_name => $region_name, + auth_url => $auth_url, + auth_uri => $auth_uri, + memcached_servers => $memcached_servers, + } + class { '::neutron::server': sync_db => $primary_controller, - username => $username, - password => $password, - project_name => $project_name, - region_name => $region_name, - auth_url => $auth_url, - auth_uri => $auth_uri, + auth_strategy => 'keystone', database_connection => $db_connection, database_max_retries => hiera('max_retries'), @@ -233,7 +238,6 @@ class openstack_tasks::openstack_network::server_config { qos_notification_drivers => $qos_notification_drivers, enabled => true, manage_service => true, - memcached_servers => $memcached_servers, } # TODO(mmalchuk) remove this after LP#1628580 merged diff --git a/deployment/puppet/openstack_tasks/manifests/roles/compute.pp b/deployment/puppet/openstack_tasks/manifests/roles/compute.pp index d7b6dac6ec..b50ae92aaa 100644 --- a/deployment/puppet/openstack_tasks/manifests/roles/compute.pp +++ b/deployment/puppet/openstack_tasks/manifests/roles/compute.pp @@ -279,7 +279,6 @@ class openstack_tasks::roles::compute { service_down_time => $nova_service_down_time, notify_on_state_change => $notify_on_state_change, notification_driver => $ceilometer_hash['notification_driver'], - memcached_servers => $memcached_servers, cinder_catalog_info => pick($nova_hash_real['cinder_catalog_info'], 'volumev2:cinderv2:internalURL'), kombu_compression => $kombu_compression, block_device_allocate_retries => $block_device_allocate_retries, diff --git a/tests/noop/spec/hosts/ceilometer/controller_spec.rb b/tests/noop/spec/hosts/ceilometer/controller_spec.rb index d43f68aa6f..c3df8a09d1 100644 --- a/tests/noop/spec/hosts/ceilometer/controller_spec.rb +++ b/tests/noop/spec/hosts/ceilometer/controller_spec.rb @@ -50,7 +50,7 @@ describe manifest do ssl_hash = Noop.hiera_structure('use_ssl', {}) internal_auth_protocol = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','protocol','http' internal_auth_endpoint = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','hostname',[service_endpoint] - keystone_identity_uri = "#{internal_auth_protocol}://#{internal_auth_endpoint}:35357/" + keystone_auth_url = "#{internal_auth_protocol}://#{internal_auth_endpoint}:35357/" keystone_auth_uri = "#{internal_auth_protocol}://#{internal_auth_endpoint}:5000/" kombu_compression = Noop.hiera 'kombu_compression', '' rabbit_hash = Noop.hiera_structure 'rabbit', {} @@ -94,25 +94,31 @@ describe manifest do ) end + it 'should declare ceilometer::keystone::authtoken class with correct parameters' do + should contain_class('ceilometer::keystone::authtoken').with( + 'username' => ceilometer_user, + 'password' => ceilometer_user_password, + 'project_name' => ceilometer_tenant, + 'auth_url' => keystone_auth_url, + 'auth_uri' => keystone_auth_uri, + 'memcached_servers' => memcached_servers, + ) + end + it 'should declare ceilometer::api class with correct parameters' do should contain_class('ceilometer::api').with( - 'auth_uri' => keystone_auth_uri, - # TODO(aschultz): uncomment these and fix calling class - # once https://review.openstack.org/#/c/345789/ has landed - #'auth_url' => keystone_identity_uri, - #'username' => ceilometer_user, - #'password' => ceilometer_user_password, - #'project_name' => ceilometer_tenant, - 'memcached_servers' => memcached_servers, 'host' => api_bind_address, 'service_name' => 'httpd', ) end - it 'should configure auth and identity uri' do + it 'should correctly configure authtoken parameters' do + should contain_ceilometer_config('keystone_authtoken/username').with(:value => ceilometer_user) + should contain_ceilometer_config('keystone_authtoken/password').with(:value => ceilometer_user_password) + should contain_ceilometer_config('keystone_authtoken/project_name').with(:value => ceilometer_tenant) should contain_ceilometer_config('keystone_authtoken/auth_uri').with(:value => keystone_auth_uri) - # TODO(aschultz): uncomment this once https://review.openstack.org/#/c/345789/ has landed - #should contain_ceilometer_config('keystone_authtoken/auth_url').with(:value => keystone_identity_uri) + should contain_ceilometer_config('keystone_authtoken/auth_url').with(:value => keystone_auth_url) + should contain_ceilometer_config('keystone_authtoken/memcached_servers').with(:value => memcached_servers.join(',')) end it 'should configure interface (ex. OS ENDPOINT TYPE) for ceilometer' do @@ -189,17 +195,6 @@ describe manifest do ) end - it 'configures ceilometer::api' do - should contain_class('ceilometer::api').with( - 'auth_uri' => keystone_auth_uri, - 'identity_uri' => keystone_identity_uri, - 'keystone_user' => ceilometer_hash['user'], - 'keystone_password' => ceilometer_hash['user_password'], - 'keystone_tenant' => ceilometer_hash['tenant'], - 'host' => bind_address, - ) - end - it 'should properly configure rabbit queue' do should contain_ceilometer_config('DEFAULT/rpc_backend').with(:value => 'rabbit') should contain_ceilometer_config('oslo_messaging_rabbit/rabbit_virtual_host').with(:value => '/') diff --git a/tests/noop/spec/hosts/glance/glance_spec.rb b/tests/noop/spec/hosts/glance/glance_spec.rb index 29a4693c86..e2fbae6f68 100644 --- a/tests/noop/spec/hosts/glance/glance_spec.rb +++ b/tests/noop/spec/hosts/glance/glance_spec.rb @@ -21,6 +21,7 @@ describe manifest do # TODO All this stuff should be moved to shared examples controller* tests. workers_max = Noop.hiera 'workers_max' glance_config = Noop.hiera_structure 'glance' + glance_glare_config = Noop.hiera_structure 'glance_glare' storage_config = Noop.hiera_structure 'storage' max_pool_size = Noop.hiera('max_pool_size') max_overflow = Noop.hiera('max_overflow') @@ -52,6 +53,14 @@ describe manifest do glance_vc_insecure = Noop.hiera_structure 'glance/vc_insecure', 'false' glance_vc_ca_file = Noop.hiera_structure 'glance/vc_ca_file', {'content' => 'RSA', 'name' => 'vcenter-ca.pem'} + glance_password = glance_config.fetch('user_password') + glance_username = glance_config.fetch('user', 'glance') + glance_project_name = glance_config.fetch('tenant', 'services') + + glance_glare_password = glance_glare_config.fetch('user_password') + glance_glare_username = glance_glare_config.fetch('user', 'glare') + glance_glare_project_name = glance_glare_config.fetch('tenant', 'services') + rabbit_hash = Noop.hiera_structure 'rabbit', {} let(:ceilometer_hash) { Noop.hiera_structure 'ceilometer' } @@ -68,7 +77,7 @@ describe manifest do let(:auth_uri) { "#{internal_auth_protocol}://#{internal_auth_address}:5000/" } - let(:identity_uri) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/" } + let(:auth_url) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/" } let(:memcached_servers) { Noop.hiera 'memcached_servers' } @@ -82,11 +91,36 @@ describe manifest do should contain_glance_registry_config('oslo_messaging_rabbit/heartbeat_rate').with_value(rabbit_heartbeat_rate) end - it 'should select right protocols and addresses for auth' do - should contain_class('glance::api').with( - 'auth_uri' => auth_uri, - 'identity_uri' => identity_uri, - ) + it 'should have correct auth options for Glance API' do + should contain_class('glance::api::authtoken').with( + 'username' => glance_username, + 'password' => glance_password, + 'project_name' => glance_project_name, + 'auth_url' => auth_url, + 'auth_uri' => auth_uri, + 'token_cache_time' => '-1', + 'memcached_servers' => memcached_servers) + end + + it 'should have correct auth options for Glance Glare' do + should contain_class('glance::glare::authtoken').with( + 'username' => glance_glare_username, + 'password' => glance_glare_password, + 'project_name' => glance_glare_project_name, + 'auth_url' => auth_url, + 'auth_uri' => auth_uri, + 'token_cache_time' => '-1', + 'memcached_servers' => memcached_servers) + end + + it 'should have correct auth options for Glance Registry' do + should contain_class('glance::registry::authtoken').with( + 'username' => glance_username, + 'password' => glance_password, + 'project_name' => glance_project_name, + 'auth_url' => auth_url, + 'auth_uri' => auth_uri, + 'memcached_servers' => memcached_servers) end it 'should configure workers for API, registry services' do @@ -125,14 +159,13 @@ describe manifest do should contain_glance_api_config('DEFAULT/scrub_time').with_value('43200') should contain_glance_api_config('DEFAULT/scrubber_datadir').with_value('/var/lib/glance/scrubber') should contain_glance_api_config('glance_store/os_region_name').with_value(region) + should contain_glance_api_config('keystone_authtoken/auth_type').with_value('password') + should contain_glance_api_config('keystone_authtoken/auth_url').with_value(auth_url) + should contain_glance_api_config('keystone_authtoken/auth_uri').with_value(auth_uri) + should contain_glance_api_config('keystone_authtoken/username').with_value(glance_username) + should contain_glance_api_config('keystone_authtoken/password').with_value(glance_password) + should contain_glance_api_config('keystone_authtoken/project_name').with_value(glance_project_name) should contain_glance_api_config('keystone_authtoken/token_cache_time').with_value('-1') - # TODO(aderyugin): Enable this test after https://review.openstack.org/#/c/348826/ merge - # should contain_glance_api_config('keystone_authtoken/auth_type').with_value('password') - # should contain_glance_api_config('keystone_authtoken/auth_url').with_value(identity_uri) - # should contain_glance_api_config('keystone_authtoken/username').with_value(glance_config.fetch('user', 'glance')) - # should contain_glance_api_config('keystone_authtoken/password').with_value(glance_config.fetch('user_password')) - # should contain_glance_api_config('keystone_authtoken/project_name').with_value(glance_config.fetch('project_name', 'services')) - should contain_glance_api_config('keystone_authtoken/memcached_servers').with_value(memcached_servers.join(',')) end @@ -142,6 +175,12 @@ describe manifest do should contain_glance_glare_config('database/max_overflow').with_value(max_overflow) should contain_glance_glare_config('database/max_retries').with_value(max_retries) should contain_glance_glare_config('glance_store/os_region_name').with_value(region) + should contain_glance_glare_config('keystone_authtoken/auth_type').with_value('password') + should contain_glance_glare_config('keystone_authtoken/auth_url').with_value(auth_url) + should contain_glance_glare_config('keystone_authtoken/auth_uri').with_value(auth_uri) + should contain_glance_glare_config('keystone_authtoken/username').with_value(glance_glare_username) + should contain_glance_glare_config('keystone_authtoken/password').with_value(glance_glare_password) + should contain_glance_glare_config('keystone_authtoken/project_name').with_value(glance_glare_project_name) should contain_glance_glare_config('keystone_authtoken/token_cache_time').with_value('-1') should contain_glance_glare_config('keystone_authtoken/memcached_servers').with_value(memcached_servers.join(',')) end @@ -171,6 +210,12 @@ describe manifest do should contain_glance_registry_config('database/max_overflow').with_value(max_overflow) should contain_glance_registry_config('database/max_retries').with_value(max_retries) should contain_glance_registry_config('glance_store/os_region_name').with_value(region) + should contain_glance_registry_config('keystone_authtoken/auth_type').with_value('password') + should contain_glance_registry_config('keystone_authtoken/auth_url').with_value(auth_url) + should contain_glance_registry_config('keystone_authtoken/auth_uri').with_value(auth_uri) + should contain_glance_registry_config('keystone_authtoken/username').with_value(glance_username) + should contain_glance_registry_config('keystone_authtoken/password').with_value(glance_password) + should contain_glance_registry_config('keystone_authtoken/project_name').with_value(glance_project_name) should contain_glance_registry_config('keystone_authtoken/memcached_servers').with_value(memcached_servers.join(',')) end diff --git a/tests/noop/spec/hosts/heat/heat_spec.rb b/tests/noop/spec/hosts/heat/heat_spec.rb index 98030fd2fc..554e84dd54 100644 --- a/tests/noop/spec/hosts/heat/heat_spec.rb +++ b/tests/noop/spec/hosts/heat/heat_spec.rb @@ -73,6 +73,14 @@ describe manifest do heat_db_name = Noop.hiera('heat_db_name', 'heat') heat_hash = Noop.hiera_structure 'heat', {} + + keystone_auth_uri = "#{public_auth_protocol}://#{public_auth_address}:5000/v2.0/" + keystone_auth_url = "#{admin_auth_protocol}://#{admin_auth_address}:35357/" + + tenant = heat_hash.fetch('tenant', 'services') + user = heat_hash.fetch('user', 'heat') + password = heat_hash['user_password'] + rabbit_hash = Noop.hiera_structure 'rabbit', {} rabbit_heartbeat_timeout_threshold = Noop.puppet_function 'pick', heat_hash['rabbit_heartbeat_timeout_threshold'], rabbit_hash['heartbeat_timeout_treshold'], 60 @@ -124,17 +132,31 @@ describe manifest do end end - it 'should use auth_uri and identity_uri' do - should contain_class('heat').with( - 'auth_uri' => "#{public_auth_protocol}://#{public_auth_address}:5000/v2.0/", - 'identity_uri' => "#{admin_auth_protocol}://#{admin_auth_address}:35357/", - 'sync_db' => primary_controller, - 'heat_clients_url' => "#{public_heat_protocol}://#{public_vip}:8004/v1/%(tenant_id)s", + it 'should declare heat::keystone::authtoken class with correct parameters' do + should contain_class('heat::keystone::authtoken').with( + 'username' => user, + 'password' => password, + 'project_name' => tenant, + 'auth_url' => keystone_auth_url, + 'auth_uri' => keystone_auth_uri, + 'memcached_servers' => memcached_servers, ) end - it 'should configure memcache for keystone authtoken' do - should contain_heat_config('keystone_authtoken/memcached_servers').with_value(memcached_servers.join(',')) + it 'should correctly configure authtoken parameters' do + should contain_heat_config('keystone_authtoken/username').with(:value => user) + should contain_heat_config('keystone_authtoken/password').with(:value => password) + should contain_heat_config('keystone_authtoken/project_name').with(:value => tenant) + should contain_heat_config('keystone_authtoken/auth_url').with(:value => keystone_auth_url) + should contain_heat_config('keystone_authtoken/auth_uri').with(:value => keystone_auth_uri) + should contain_heat_config('keystone_authtoken/memcached_servers').with(:value => memcached_servers.join(',')) + end + + it 'should configure heat class' do + should contain_class('heat').with( + 'sync_db' => primary_controller, + 'heat_clients_url' => "#{public_heat_protocol}://#{public_vip}:8004/v1/%(tenant_id)s", + ) end it 'should set empty trusts_delegated_roles for heat engine' do diff --git a/tests/noop/spec/hosts/ironic/ironic_spec.rb b/tests/noop/spec/hosts/ironic/ironic_spec.rb index 3a67a87a42..9ebbbdb582 100644 --- a/tests/noop/spec/hosts/ironic/ironic_spec.rb +++ b/tests/noop/spec/hosts/ironic/ironic_spec.rb @@ -75,14 +75,28 @@ if ironic_enabled ) end + it 'should declare ironic::api::authtoken class correctly' do + should contain_class('ironic::api::authtoken').with( + 'username' => admin_user, + 'password' => admin_password, + 'project_name' => admin_tenant, + 'auth_url' => admin_auth_uri, + 'auth_uri' => internal_auth_url, + 'memcached_servers' => memcached_servers, + ) + end + + it 'should correctly configure authtoken parameters' do + should contain_ironic_config('keystone_authtoken/username').with(:value => admin_user) + should contain_ironic_config('keystone_authtoken/password').with(:value => admin_password) + should contain_ironic_config('keystone_authtoken/project_name').with(:value => admin_tenant) + should contain_ironic_config('keystone_authtoken/auth_url').with(:value => admin_auth_uri) + should contain_ironic_config('keystone_authtoken/auth_uri').with(:value => internal_auth_url) + should contain_ironic_config('keystone_authtoken/memcached_servers').with(:value => memcached_servers.join(',')) + end + it 'should declare ironic::api class correctly' do should contain_class('ironic::api').with( - 'auth_uri' => internal_auth_url, - 'identity_uri' => admin_auth_uri, - 'admin_tenant_name' => admin_tenant, - 'admin_user' => admin_user, - 'admin_password' => admin_password, - 'memcached_servers' => memcached_servers, 'neutron_url' => "#{neutron_protocol}://#{neutron_address}:9696", 'public_endpoint' => "#{public_protocol}://#{public_address}:6385" ) diff --git a/tests/noop/spec/hosts/openstack-controller/openstack-controller_spec.rb b/tests/noop/spec/hosts/openstack-controller/openstack-controller_spec.rb index 5ff5104326..c8712d1575 100644 --- a/tests/noop/spec/hosts/openstack-controller/openstack-controller_spec.rb +++ b/tests/noop/spec/hosts/openstack-controller/openstack-controller_spec.rb @@ -56,7 +56,9 @@ describe manifest do let(:admin_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin','hostname',[service_endpoint, management_vip] } let(:keystone_auth_uri) { "#{internal_auth_protocol}://#{internal_auth_address}:5000/" } - let(:keystone_identity_uri) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/" } + let(:keystone_auth_url) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/" } + let(:project_name) { Noop.puppet_function('pick', nova_hash['admin_tenant_name'], keystone_tenant) } + let(:auth_version) { Noop.puppet_function('pick', nova_hash['auth_version'], facts[:os_service_default]) } let(:keystone_ec2_url) { "#{keystone_auth_uri}v2.0/ec2tokens" } default_log_levels_hash = Noop.hiera_hash 'default_log_levels' @@ -206,7 +208,6 @@ describe manifest do :database_max_retries => max_retries, :database_max_overflow => max_overflow, :notify_on_state_change => 'vm_and_task_state', - :memcached_servers => memcached_servers, ) end @@ -236,18 +237,34 @@ describe manifest do ) end + it 'should configure nova::keystone::authtoken' do + should contain_class('nova::keystone::authtoken').with( + :username => keystone_user, + :password => nova_hash['user_password'], + :project_name => project_name, + :auth_url => keystone_auth_url, + :auth_uri => keystone_auth_uri, + :auth_version => auth_version, + :memcached_servers => memcached_servers, + ) + end + + it 'should correctly configure authtoken parameters' do + should contain_nova_config('keystone_authtoken/username').with(:value => keystone_user) + should contain_nova_config('keystone_authtoken/password').with(:value => nova_hash['user_password']) + should contain_nova_config('keystone_authtoken/project_name').with(:value => project_name) + should contain_nova_config('keystone_authtoken/auth_url').with(:value => keystone_auth_url) + should contain_nova_config('keystone_authtoken/auth_uri').with(:value => keystone_auth_uri) + should contain_nova_config('keystone_authtoken/auth_version').with(:value => auth_version) + should contain_nova_config('keystone_authtoken/memcached_servers').with(:value => memcached_servers.join(',')) + end + it 'should configure nova::api' do # FIXME(aschultz): check rate limits should contain_class('nova::api').with( :enabled => true, :api_bind_address => api_bind_address, :metadata_listen => api_bind_address, - :admin_user => keystone_user, - :admin_password => nova_hash['user_password'], - :admin_tenant_name => Noop.puppet_function('pick', nova_hash['admin_tenant_name'], keystone_tenant), - :identity_uri => keystone_identity_uri, - :auth_uri => keystone_auth_uri, - :auth_version => Noop.puppet_function('pick', nova_hash['auth_version'], facts[:os_service_default]), :neutron_metadata_proxy_shared_secret => neutron_metadata_proxy_secret, :osapi_compute_workers => service_workers, :metadata_workers => service_workers, @@ -368,7 +385,7 @@ describe manifest do 'admin_username' => ironic_user, 'admin_password' => ironic_password, 'admin_tenant_name' => ironic_tenant, - 'admin_url' => "#{keystone_identity_uri}v2.0", + 'admin_url' => "#{keystone_auth_url}v2.0", 'api_endpoint' => "#{ironic_protocol}://#{ironic_endpoint}:6385/v1", ) end diff --git a/tests/noop/spec/hosts/openstack-network/server-config_spec.rb b/tests/noop/spec/hosts/openstack-network/server-config_spec.rb index faa4ccad50..55c0a41601 100644 --- a/tests/noop/spec/hosts/openstack-network/server-config_spec.rb +++ b/tests/noop/spec/hosts/openstack-network/server-config_spec.rb @@ -61,6 +61,7 @@ describe manifest do should contain_class('neutron::server').with( 'sync_db' => sync_db, + 'auth_strategy' => 'keystone', 'database_retry_interval' => '2', 'database_connection' => db_connection, 'database_max_retries' => Noop.hiera('max_retries'), @@ -256,13 +257,24 @@ describe manifest do end it 'should have correct auth options' do - should contain_class('neutron::server').with( - 'password' => password, - 'project_name' => project_name, - 'region_name' => region_name, - 'username' => username, - 'auth_url' => auth_url, - 'auth_uri' => auth_uri,) + should contain_class('neutron::keystone::authtoken').with( + 'username' => username, + 'password' => password, + 'project_name' => project_name, + 'region_name' => region_name, + 'auth_url' => auth_url, + 'auth_uri' => auth_uri, + 'memcached_servers' => memcached_servers,) + end + + it 'should correctly configure authtoken parameters' do + should contain_neutron_config('keystone_authtoken/username').with(:value => username) + should contain_neutron_config('keystone_authtoken/password').with(:value => password) + should contain_neutron_config('keystone_authtoken/project_name').with(:value => project_name) + should contain_neutron_config('keystone_authtoken/region_name').with(:value => region_name) + should contain_neutron_config('keystone_authtoken/auth_url').with(:value => auth_url) + should contain_neutron_config('keystone_authtoken/auth_uri').with(:value => auth_uri) + should contain_neutron_config('keystone_authtoken/memcached_servers').with(:value => memcached_servers.join(',')) end it 'should have agent related settings' do @@ -277,8 +289,7 @@ describe manifest do should contain_class('neutron::server').with( 'router_distributed' => dvr, 'enabled' => true, - 'manage_service' => true, - 'memcached_servers' => memcached_servers,) + 'manage_service' => true,) } it 'should configure neutron::server::notifications' do diff --git a/tests/noop/spec/hosts/roles/compute_spec.rb b/tests/noop/spec/hosts/roles/compute_spec.rb index 7833792884..540f5a96b7 100644 --- a/tests/noop/spec/hosts/roles/compute_spec.rb +++ b/tests/noop/spec/hosts/roles/compute_spec.rb @@ -317,11 +317,6 @@ describe manifest do 'value' => 'false', ) end - it 'nova config should contain right memcached servers list' do - should contain_class('nova').with( - :memcached_servers => memcached_servers - ) - end it 'should configure nova cache correctly' do should contain_class('nova::cache').with(