diff --git a/manifests/init.pp b/manifests/init.pp index 24393fe01..f3409fe02 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -13,14 +13,6 @@ # accepts latest or specific versions. # Defaults to present. # -# [*public_port*] -# (Optional) Port that keystone binds to. -# Defaults to '5000' -# -# [*admin_port*] -# (Optional) Port that can be used for admin tasks. -# Defaults to '35357' -# # [*admin_token*] # Admin token that can be used to authenticate as a keystone # admin. This is not the password for the admin user @@ -267,14 +259,6 @@ # (Optional) Seconds to wait for a response from a call. # Defaults to $::os_service_default # -# [*public_bind_host*] -# (Optional) The IP address of the public network interface to listen on -# Default to '0.0.0.0'. -# -# [*admin_bind_host*] -# (Optional) The IP address of the public network interface to listen on -# Default to '0.0.0.0'. -# # [*log_dir*] # (Optional) Directory where logs should be stored # If set to $::os_service_default, it will not log to any directory @@ -284,14 +268,6 @@ # (Optional) Where to log # Defaults to undef. # -# [*public_endpoint*] -# (Optional) The base public endpoint URL for keystone that are -# advertised to clients (NOTE: this does NOT affect how -# keystone listens for connections) (string value) -# If set to false, no public_endpoint will be defined in keystone.conf. -# Sample value: 'http://localhost:5000/' -# Defaults to $::os_service_default -# # [*admin_endpoint*] # (Optional) The base admin endpoint URL for keystone that are # advertised to clients (NOTE: this does NOT affect how keystone listens @@ -300,6 +276,14 @@ # Sample value: 'http://localhost:5000/' # Defaults to $::os_service_default # +# [*public_endpoint*] +# (Optional) The base public endpoint URL for keystone that are +# advertised to clients (NOTE: this does NOT affect how +# keystone listens for connections) (string value) +# If set to false, no public_endpoint will be defined in keystone.conf. +# Sample value: 'http://localhost:5000/' +# Defaults to $::os_service_default +# # [*enable_ssl*] # (Optional) Toggle for SSL support on the keystone eventlet servers. # (boolean value) @@ -371,18 +355,6 @@ # (Optional) maximum allowable Keystone token size # Defaults to $::os_service_default # -# [*admin_workers*] -# (Optional) The number of worker processes to serve the admin eventlet application. -# This option is deprecated along with eventlet and will be removed in M. -# This setting has no affect when using WSGI. -# Defaults to $::os_workers -# -# [*public_workers*] -# (Optional) The number of worker processes to serve the public eventlet application. -# This option is deprecated along with eventlet and will be removed in M. -# This setting has no affect when using WSGI. -# Defaults to $::os_workers -# # [*sync_db*] # (Optional) Run db sync on the node. # Defaults to true @@ -557,6 +529,34 @@ # # === DEPRECATED PARAMETERS # +# [*admin_bind_host*] +# (Optional) The IP address of the public network interface to listen on +# Default to '0.0.0.0'. +# +# [*public_bind_host*] +# (Optional) The IP address of the public network interface to listen on +# Default to '0.0.0.0'. +# +# [*admin_port*] +# (Optional) Port that can be used for admin tasks. +# Defaults to '35357' +# +# [*public_port*] +# (Optional) Port that keystone binds to. +# Defaults to '5000' +# +# [*admin_workers*] +# (Optional) The number of worker processes to serve the admin eventlet application. +# This option is deprecated along with eventlet and will be removed in M. +# This setting has no affect when using WSGI. +# Defaults to undef +# +# [*public_workers*] +# (Optional) The number of worker processes to serve the public eventlet application. +# This option is deprecated along with eventlet and will be removed in M. +# This setting has no affect when using WSGI. +# Defaults to undef +# # [*cache_dir*] # (Optional) Directory created when token_provider is pki. This folder is not # created unless enable_pki_setup is set to True. @@ -599,10 +599,6 @@ class keystone( $admin_password = undef, $package_ensure = 'present', $client_package_ensure = 'present', - $public_bind_host = '0.0.0.0', - $admin_bind_host = '0.0.0.0', - $public_port = '5000', - $admin_port = '35357', $log_dir = undef, $log_file = undef, $catalog_type = 'sql', @@ -614,8 +610,8 @@ class keystone( $password_hash_rounds = $::os_service_default, $revoke_driver = $::os_service_default, $revoke_by_id = true, - $public_endpoint = $::os_service_default, $admin_endpoint = $::os_service_default, + $public_endpoint = $::os_service_default, $enable_ssl = false, $ssl_certfile = '/etc/keystone/ssl/certs/keystone.pem', $ssl_keyfile = '/etc/keystone/ssl/private/keystonekey.pem', @@ -695,8 +691,12 @@ class keystone( $purge_config = false, $amqp_durable_queues = $::os_service_default, # DEPRECATED PARAMETERS - $admin_workers = $::os_workers, - $public_workers = $::os_workers, + $admin_bind_host = undef, + $public_bind_host = undef, + $admin_port = undef, + $public_port = undef, + $admin_workers = undef, + $public_workers = undef, $cache_dir = undef, $token_driver = undef, ) inherits keystone::params { @@ -713,18 +713,48 @@ class keystone( warning('keystone::token_driver is deprecated, has no effect and will be removed in a later release') } + if $admin_bind_host { + warning('keystone::admin_bond_host is deprecated, has not effect and will be removed in a later relase') + } + + if $admin_port { + warning('keystone::admin_port is deprecated, has not effect and will be removed in a later relase') + } + + if $admin_workers { + warning('keystone::admin_workers is deprecated, has no effect and will be removed in a later release') + } + + if $public_workers { + warning('keystone::public_workers is deprecated, has no effect and will be removed in a later release') + } + if ! $catalog_driver { validate_legacy(Enum['template', 'sql'], 'validate_re', $catalog_type) } - if ($admin_endpoint and 'v2.0' in $admin_endpoint) { - warning('Version string /v2.0/ should not be included in keystone::admin_endpoint') + if ! $public_endpoint { + warning('keystone::public_endpoint is not set will be required in a later release') } if ($public_endpoint and 'v2.0' in $public_endpoint) { warning('Version string /v2.0/ should not be included in keystone::public_endpoint') } + if $public_bind_host { + warning('keystone::public_bind_host is deprecated, and will have no effect and be removed in a later release.') + $public_bind_host_real = $public_bind_host + } else { + $public_bind_host_real = '0.0.0.0' + } + + if $public_port { + warning('keystone::public_port is deprecated, and will have no effect and be removed in a later release') + $public_port_real = $public_port + } else { + $public_port_real = '5000' + } + if $admin_password == undef { warning("admin_password is required, please set admin_password to a value != admin_token. \ admin_token will be removed in a later release") @@ -775,7 +805,6 @@ admin_token will be removed in a later release") # Endpoint configuration keystone_config { 'DEFAULT/public_endpoint': value => $public_endpoint; - 'DEFAULT/admin_endpoint': value => $admin_endpoint; } keystone_config { @@ -902,12 +931,8 @@ admin_token will be removed in a later release") } keystone_config { - 'eventlet_server/public_bind_host': value => $public_bind_host; - 'eventlet_server/admin_bind_host': value => $admin_bind_host; - 'eventlet_server/public_port': value => $public_port; - 'eventlet_server/admin_port': value => $admin_port; - 'eventlet_server/admin_workers': value => $admin_workers; - 'eventlet_server/public_workers': value => $public_workers; + 'eventlet_server/public_bind_host': value => $public_bind_host_real; + 'eventlet_server/public_port': value => $public_port_real; } if $manage_service { diff --git a/releasenotes/notes/deprecate-eventlet-server-c39f0e958d19848e.yaml b/releasenotes/notes/deprecate-eventlet-server-c39f0e958d19848e.yaml new file mode 100644 index 000000000..f24d20de2 --- /dev/null +++ b/releasenotes/notes/deprecate-eventlet-server-c39f0e958d19848e.yaml @@ -0,0 +1,17 @@ +--- +deprecations: + - | + keystone::admin_bind_host and keystone::admin_port are deprecated and + ignored as the correspoding options in keystone were already deprecated. + - | + Now keystone::admin_endpoint does not affect keystone configuration, + as the corresponding parameter in keystone was already removed. + - | + keystone::public_bind_host and keystone::public_port are deprecated. + They still works as valid hieradata to generate endpoint information + used in keystone resource creation, but will be ignored in future. + Use keystone::public_endpoint instead, which will be necessory option + in the future to define public endpoint. + - | + keystone::admin_workers and keystone::public_workers are deprecated, + and now are ignored. diff --git a/spec/classes/keystone_init_spec.rb b/spec/classes/keystone_init_spec.rb index 9c5428517..408a6f0c2 100644 --- a/spec/classes/keystone_init_spec.rb +++ b/spec/classes/keystone_init_spec.rb @@ -24,9 +24,7 @@ describe 'keystone' do 'package_ensure' => 'present', 'client_package_ensure' => 'present', 'public_bind_host' => '0.0.0.0', - 'admin_bind_host' => '0.0.0.0', 'public_port' => '5000', - 'admin_port' => '35357', 'catalog_type' => 'sql', 'catalog_driver' => false, 'token_provider' => 'fernet', @@ -52,8 +50,6 @@ describe 'keystone' do 'rabbit_heartbeat_rate' => '', 'rabbit_heartbeat_in_pthread' => '', 'amqp_durable_queues' => '', - 'admin_workers' => 20, - 'public_workers' => 20, 'member_role_id' => '', 'member_role_name' => '', 'sync_db' => true, @@ -66,9 +62,7 @@ describe 'keystone' do 'package_ensure' => 'latest', 'client_package_ensure' => 'latest', 'public_bind_host' => '0.0.0.0', - 'admin_bind_host' => '0.0.0.0', 'public_port' => '5001', - 'admin_port' => '35358', 'admin_token' => 'service_token_override', 'admin_password' => 'admin_openstack_password', 'catalog_type' => 'template', @@ -78,7 +72,6 @@ describe 'keystone' do 'revoke_driver' => 'kvs', 'revoke_by_id' => false, 'public_endpoint' => 'https://localhost:5000/v2.0/', - 'admin_endpoint' => 'https://localhost:5000/v2.0/', 'enable_ssl' => true, 'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem', 'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem', @@ -186,12 +179,7 @@ describe 'keystone' do is_expected.to contain_keystone_config('token/revoke_by_id').with_value(param_hash['revoke_by_id']) end - it 'should ensure proper setting of admin_endpoint and public_endpoint' do - if param_hash['admin_endpoint'] - is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value(param_hash['admin_endpoint']) - else - is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('') - end + it 'should ensure proper setting of public_endpoint' do if param_hash['public_endpoint'] is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint']) else @@ -217,23 +205,11 @@ describe 'keystone' do it 'should contain correct eventlet server config' do [ 'public_bind_host', - 'admin_bind_host', 'public_port', - 'admin_port', ].each do |config| is_expected.to contain_keystone_config("eventlet_server/#{config}").with_value(param_hash[config]) end - if param_hash['admin_workers'] - is_expected.to contain_keystone_config('eventlet_server/admin_workers').with_value(param_hash['admin_workers']) - else - is_expected.to contain_keystone_config('eventlet_server/admin_workers').with_value('2') - end - if param_hash['public_workers'] - is_expected.to contain_keystone_config('eventlet_server/public_workers').with_value(param_hash['public_workers']) - else - is_expected.to contain_keystone_config('eventlet_server/public_workers').with_value('2') - end end it 'should ensure rabbit_ha_queues' do @@ -544,7 +520,6 @@ describe 'keystone' do 'admin_token' => 'service_token', 'enable_ssl' => true, 'public_endpoint' => 'https://localhost:5000/v2.0/', - 'admin_endpoint' => 'https://localhost:5000/v2.0/', } end it {is_expected.to contain_keystone_config('ssl/enable').with_value(true)} @@ -554,7 +529,6 @@ describe 'keystone' do it {is_expected.to contain_keystone_config('ssl/ca_key').with_value('/etc/keystone/ssl/private/cakey.pem')} it {is_expected.to contain_keystone_config('ssl/cert_subject').with_value('/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost')} it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('https://localhost:5000/v2.0/')} - it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('https://localhost:5000/v2.0/')} end describe 'when disabling SSL' do let :params do @@ -565,7 +539,6 @@ describe 'keystone' do end it {is_expected.to contain_keystone_config('ssl/enable').with_value(false)} it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('')} - it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('')} end describe 'not setting notification settings by default' do let :params do @@ -717,7 +690,6 @@ describe 'keystone' do } end - it { is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('http://some.host:5000') } it { is_expected.to contain_class('keystone::service').with( 'validate' => true, 'admin_endpoint' => 'http://some.host:5000/v2.0'