openstack
/
puppet-keystone
Code Issues Proposed changes

Merge "Deprecate options related to eventlet server"

This commit is contained in:
Zuul 2019-08-23 23:44:25 +00:00 committed by Gerrit Code Review
parent 0fac41fc0f bfcc84b73e
commit 615b5507a8
3 changed files with 95 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
manifests/init.pp
View File

@ -13,14 +13,6 @@
# accepts latest or specific versions.
# Defaults to present.
#
# [*public_port*]
# (Optional) Port that keystone binds to.
# Defaults to '5000'
#
# [*admin_port*]
# (Optional) Port that can be used for admin tasks.
# Defaults to '35357'
#
# [*admin_token*]
# Admin token that can be used to authenticate as a keystone
# admin. This is not the password for the admin user
@ -267,14 +259,6 @@
# (Optional) Seconds to wait for a response from a call.
# Defaults to $::os_service_default
#
# [*public_bind_host*]
# (Optional) The IP address of the public network interface to listen on
# Default to '0.0.0.0'.
#
# [*admin_bind_host*]
# (Optional) The IP address of the public network interface to listen on
# Default to '0.0.0.0'.
#
# [*log_dir*]
# (Optional) Directory where logs should be stored
# If set to $::os_service_default, it will not log to any directory
@ -284,14 +268,6 @@
# (Optional) Where to log
# Defaults to undef.
#
# [*public_endpoint*]
# (Optional) The base public endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how
# keystone listens for connections) (string value)
# If set to false, no public_endpoint will be defined in keystone.conf.
# Sample value: 'http://localhost:5000/'
# Defaults to $::os_service_default
#
# [*admin_endpoint*]
# (Optional) The base admin endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how keystone listens
@ -300,6 +276,14 @@
# Sample value: 'http://localhost:5000/'
# Defaults to $::os_service_default
#
# [*public_endpoint*]
# (Optional) The base public endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how
# keystone listens for connections) (string value)
# If set to false, no public_endpoint will be defined in keystone.conf.
# Sample value: 'http://localhost:5000/'
# Defaults to $::os_service_default
#
# [*enable_ssl*]
# (Optional) Toggle for SSL support on the keystone eventlet servers.
# (boolean value)
@ -371,18 +355,6 @@
# (Optional) maximum allowable Keystone token size
# Defaults to $::os_service_default
#
# [*admin_workers*]
# (Optional) The number of worker processes to serve the admin eventlet application.
# This option is deprecated along with eventlet and will be removed in M.
# This setting has no affect when using WSGI.
# Defaults to $::os_workers
#
# [*public_workers*]
# (Optional) The number of worker processes to serve the public eventlet application.
# This option is deprecated along with eventlet and will be removed in M.
# This setting has no affect when using WSGI.
# Defaults to $::os_workers
#
# [*sync_db*]
# (Optional) Run db sync on the node.
# Defaults to true
@ -557,6 +529,34 @@
#
# === DEPRECATED PARAMETERS
#
# [*admin_bind_host*]
# (Optional) The IP address of the public network interface to listen on
# Default to '0.0.0.0'.
#
# [*public_bind_host*]
# (Optional) The IP address of the public network interface to listen on
# Default to '0.0.0.0'.
#
# [*admin_port*]
# (Optional) Port that can be used for admin tasks.
# Defaults to '35357'
#
# [*public_port*]
# (Optional) Port that keystone binds to.
# Defaults to '5000'
#
# [*admin_workers*]
# (Optional) The number of worker processes to serve the admin eventlet application.
# This option is deprecated along with eventlet and will be removed in M.
# This setting has no affect when using WSGI.
# Defaults to undef
#
# [*public_workers*]
# (Optional) The number of worker processes to serve the public eventlet application.
# This option is deprecated along with eventlet and will be removed in M.
# This setting has no affect when using WSGI.
# Defaults to undef
#
# [*cache_dir*]
# (Optional) Directory created when token_provider is pki. This folder is not
# created unless enable_pki_setup is set to True.
@ -599,10 +599,6 @@ class keystone(
$admin_password = undef,
$package_ensure = 'present',
$client_package_ensure = 'present',
$public_bind_host = '0.0.0.0',
$admin_bind_host = '0.0.0.0',
$public_port = '5000',
$admin_port = '35357',
$log_dir = undef,
$log_file = undef,
$catalog_type = 'sql',
@ -614,8 +610,8 @@ class keystone(
$password_hash_rounds = $::os_service_default,
$revoke_driver = $::os_service_default,
$revoke_by_id = true,
$public_endpoint = $::os_service_default,
$admin_endpoint = $::os_service_default,
$public_endpoint = $::os_service_default,
$enable_ssl = false,
$ssl_certfile = '/etc/keystone/ssl/certs/keystone.pem',
$ssl_keyfile = '/etc/keystone/ssl/private/keystonekey.pem',
@ -695,8 +691,12 @@ class keystone(
$purge_config = false,
$amqp_durable_queues = $::os_service_default,
# DEPRECATED PARAMETERS
$admin_workers = $::os_workers,
$public_workers = $::os_workers,
$admin_bind_host = undef,
$public_bind_host = undef,
$admin_port = undef,
$public_port = undef,
$admin_workers = undef,
$public_workers = undef,
$cache_dir = undef,
$token_driver = undef,
) inherits keystone::params {
@ -713,18 +713,48 @@ class keystone(
warning('keystone::token_driver is deprecated, has no effect and will be removed in a later release')
}
if $admin_bind_host {
warning('keystone::admin_bond_host is deprecated, has not effect and will be removed in a later relase')
}
if $admin_port {
warning('keystone::admin_port is deprecated, has not effect and will be removed in a later relase')
}
if $admin_workers {
warning('keystone::admin_workers is deprecated, has no effect and will be removed in a later release')
}
if $public_workers {
warning('keystone::public_workers is deprecated, has no effect and will be removed in a later release')
}
if ! $catalog_driver {
validate_legacy(Enum['template', 'sql'], 'validate_re', $catalog_type)
}
if ($admin_endpoint and 'v2.0' in $admin_endpoint) {
warning('Version string /v2.0/ should not be included in keystone::admin_endpoint')
if ! $public_endpoint {
warning('keystone::public_endpoint is not set will be required in a later release')
}
if ($public_endpoint and 'v2.0' in $public_endpoint) {
warning('Version string /v2.0/ should not be included in keystone::public_endpoint')
}
if $public_bind_host {
warning('keystone::public_bind_host is deprecated, and will have no effect and be removed in a later release.')
$public_bind_host_real = $public_bind_host
} else {
$public_bind_host_real = '0.0.0.0'
}
if $public_port {
warning('keystone::public_port is deprecated, and will have no effect and be removed in a later release')
$public_port_real = $public_port
} else {
$public_port_real = '5000'
}
if $admin_password == undef {
warning("admin_password is required, please set admin_password to a value != admin_token. \
admin_token will be removed in a later release")
@ -775,7 +805,6 @@ admin_token will be removed in a later release")
# Endpoint configuration
keystone_config {
'DEFAULT/public_endpoint': value => $public_endpoint;
'DEFAULT/admin_endpoint': value => $admin_endpoint;
}
keystone_config {
@ -902,12 +931,8 @@ admin_token will be removed in a later release")
}
keystone_config {
'eventlet_server/public_bind_host': value => $public_bind_host;
'eventlet_server/admin_bind_host': value => $admin_bind_host;
'eventlet_server/public_port': value => $public_port;
'eventlet_server/admin_port': value => $admin_port;
'eventlet_server/admin_workers': value => $admin_workers;
'eventlet_server/public_workers': value => $public_workers;
'eventlet_server/public_bind_host': value => $public_bind_host_real;
'eventlet_server/public_port': value => $public_port_real;
}
if $manage_service {

17
releasenotes/notes/deprecate-eventlet-server-c39f0e958d19848e.yaml Normal file
View File

@ -0,0 +1,17 @@
---
deprecations:
- |
keystone::admin_bind_host and keystone::admin_port are deprecated and
ignored as the correspoding options in keystone were already deprecated.
- |
Now keystone::admin_endpoint does not affect keystone configuration,
as the corresponding parameter in keystone was already removed.
- |
keystone::public_bind_host and keystone::public_port are deprecated.
They still works as valid hieradata to generate endpoint information
used in keystone resource creation, but will be ignored in future.
Use keystone::public_endpoint instead, which will be necessory option
in the future to define public endpoint.
- |
keystone::admin_workers and keystone::public_workers are deprecated,
and now are ignored.

30
spec/classes/keystone_init_spec.rb
View File

@ -24,9 +24,7 @@ describe 'keystone' do
'package_ensure' => 'present',
'client_package_ensure' => 'present',
'public_bind_host' => '0.0.0.0',
'admin_bind_host' => '0.0.0.0',
'public_port' => '5000',
'admin_port' => '35357',
'catalog_type' => 'sql',
'catalog_driver' => false,
'token_provider' => 'fernet',
@ -52,8 +50,6 @@ describe 'keystone' do
'rabbit_heartbeat_rate' => '<SERVICE DEFAULT>',
'rabbit_heartbeat_in_pthread' => '<SERVICE DEFAULT>',
'amqp_durable_queues' => '<SERVICE DEFAULT>',
'admin_workers' => 20,
'public_workers' => 20,
'member_role_id' => '<SERVICE DEFAULT>',
'member_role_name' => '<SERVICE DEFAULT>',
'sync_db' => true,
@ -66,9 +62,7 @@ describe 'keystone' do
'package_ensure' => 'latest',
'client_package_ensure' => 'latest',
'public_bind_host' => '0.0.0.0',
'admin_bind_host' => '0.0.0.0',
'public_port' => '5001',
'admin_port' => '35358',
'admin_token' => 'service_token_override',
'admin_password' => 'admin_openstack_password',
'catalog_type' => 'template',
@ -78,7 +72,6 @@ describe 'keystone' do
'revoke_driver' => 'kvs',
'revoke_by_id' => false,
'public_endpoint' => 'https://localhost:5000/v2.0/',
'admin_endpoint' => 'https://localhost:5000/v2.0/',
'enable_ssl' => true,
'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem',
'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem',
@ -186,12 +179,7 @@ describe 'keystone' do
is_expected.to contain_keystone_config('token/revoke_by_id').with_value(param_hash['revoke_by_id'])
end
it 'should ensure proper setting of admin_endpoint and public_endpoint' do
if param_hash['admin_endpoint']
is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value(param_hash['admin_endpoint'])
else
is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('<SERVICE DEFAULT>')
end
it 'should ensure proper setting of public_endpoint' do
if param_hash['public_endpoint']
is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint'])
else
@ -217,23 +205,11 @@ describe 'keystone' do
it 'should contain correct eventlet server config' do
[
'public_bind_host',
'admin_bind_host',
'public_port',
'admin_port',
].each do |config|
is_expected.to contain_keystone_config("eventlet_server/#{config}").with_value(param_hash[config])
end
if param_hash['admin_workers']
is_expected.to contain_keystone_config('eventlet_server/admin_workers').with_value(param_hash['admin_workers'])
else
is_expected.to contain_keystone_config('eventlet_server/admin_workers').with_value('2')
end
if param_hash['public_workers']
is_expected.to contain_keystone_config('eventlet_server/public_workers').with_value(param_hash['public_workers'])
else
is_expected.to contain_keystone_config('eventlet_server/public_workers').with_value('2')
end
end
it 'should ensure rabbit_ha_queues' do
@ -544,7 +520,6 @@ describe 'keystone' do
'admin_token' => 'service_token',
'enable_ssl' => true,
'public_endpoint' => 'https://localhost:5000/v2.0/',
'admin_endpoint' => 'https://localhost:5000/v2.0/',
}
end
it {is_expected.to contain_keystone_config('ssl/enable').with_value(true)}
@ -554,7 +529,6 @@ describe 'keystone' do
it {is_expected.to contain_keystone_config('ssl/ca_key').with_value('/etc/keystone/ssl/private/cakey.pem')}
it {is_expected.to contain_keystone_config('ssl/cert_subject').with_value('/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost')}
it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('https://localhost:5000/v2.0/')}
it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('https://localhost:5000/v2.0/')}
end
describe 'when disabling SSL' do
let :params do
@ -565,7 +539,6 @@ describe 'keystone' do
end
it {is_expected.to contain_keystone_config('ssl/enable').with_value(false)}
it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('<SERVICE DEFAULT>')}
it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('<SERVICE DEFAULT>')}
end
describe 'not setting notification settings by default' do
let :params do
@ -717,7 +690,6 @@ describe 'keystone' do
}
end
it { is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('http://some.host:5000') }
it { is_expected.to contain_class('keystone::service').with(
'validate' => true,
'admin_endpoint' => 'http://some.host:5000/v2.0'