Keystone config updates for Ocata, style and lint fixes
- Keystone config updates for Ocata - Style and lint fixes to support newer chefdk - Rewrote metadata.rb for readability Change-Id: Ie1d5f27a9cf8803044568a31e4dae7654b02c9a1
This commit is contained in:
parent
150c363d68
commit
8a967c291a
|
@ -1,11 +1,16 @@
|
|||
# This configuration was generated by
|
||||
# `rubocop --auto-gen-config`
|
||||
# on 2017-02-23 16:58:29 +0100 using RuboCop version 0.39.0.
|
||||
# on 2017-08-01 10:39:17 -0400 using RuboCop version 0.47.1.
|
||||
# The point is for the user to remove these configuration records
|
||||
# one by one as the offenses are removed from the code base.
|
||||
# Note that changes in the inspected code, or installation of new
|
||||
# versions of RuboCop, may require this file to be generated again.
|
||||
|
||||
# Offense count: 20
|
||||
# Configuration parameters: CountComments, ExcludedMethods.
|
||||
Metrics/BlockLength:
|
||||
Max: 408
|
||||
|
||||
# Offense count: 4
|
||||
# Configuration parameters: EnforcedStyle, SupportedStyles.
|
||||
# SupportedStyles: nested, compact
|
||||
|
|
|
@ -16,16 +16,16 @@ default['openstack']['identity']['conf'].tap do |conf|
|
|||
end
|
||||
|
||||
# [assignment] option in keystone.conf to set driver
|
||||
conf['assignment']['driver'] = 'keystone.assignment.backends.sql.Assignment'
|
||||
conf['assignment']['driver'] = 'sql'
|
||||
|
||||
# [auth] option in keystone.conf to set auth plugins
|
||||
conf['auth']['external'] = 'keystone.auth.plugins.external.DefaultDomain'
|
||||
conf['auth']['external'] = 'DefaultDomain'
|
||||
# [auth] option in keystone.conf to set auth methods
|
||||
conf['auth']['methods'] = 'external, password, token, oauth1'
|
||||
|
||||
# [catalog] option in keystone.conf to set catalog driver
|
||||
conf['catalog']['driver'] = 'keystone.catalog.backends.sql.Catalog'
|
||||
conf['catalog']['driver'] = 'sql'
|
||||
|
||||
# [policy] option in keystone.conf to set policy backend driver
|
||||
conf['policy']['driver'] = 'keystone.policy.backends.sql.Policy'
|
||||
conf['policy']['driver'] = 'sql'
|
||||
end
|
||||
|
|
19
metadata.rb
19
metadata.rb
|
@ -1,17 +1,20 @@
|
|||
name 'openstack-identity'
|
||||
maintainer 'openstack-chef'
|
||||
name 'openstack-identity'
|
||||
maintainer 'openstack-chef'
|
||||
maintainer_email 'openstack-dev@lists.openstack.org'
|
||||
issues_url 'https://launchpad.net/openstack-chef' if respond_to?(:issues_url)
|
||||
source_url 'https://github.com/openstack/cookbook-openstack-identity' if respond_to?(:source_url)
|
||||
license 'Apache 2.0'
|
||||
description 'The OpenStack Identity service Keystone.'
|
||||
license 'Apache 2.0'
|
||||
description 'The OpenStack Identity service Keystone.'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '15.0.0'
|
||||
version '15.0.0'
|
||||
|
||||
%w(ubuntu redhat centos).each do |os|
|
||||
supports os
|
||||
end
|
||||
|
||||
depends 'apache2', '~> 3.2'
|
||||
depends 'openstack-common', '>= 15.0.0'
|
||||
depends 'openstackclient'
|
||||
|
||||
depends 'apache2', '~> 3.2'
|
||||
|
||||
issues_url 'https://launchpad.net/openstack-chef' if respond_to?(:issues_url)
|
||||
source_url 'https://github.com/openstack/cookbook-openstack-identity' if respond_to?(:source_url)
|
||||
chef_version '>= 12.5' if respond_to?(:chef_version)
|
||||
|
|
|
@ -29,7 +29,7 @@ key_repository =
|
|||
directory key_repository do
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00700
|
||||
mode 0o0700
|
||||
end
|
||||
|
||||
node['openstack']['identity']['fernet']['keys'].each do |key_index|
|
||||
|
@ -38,6 +38,6 @@ node['openstack']['identity']['fernet']['keys'].each do |key_index|
|
|||
content key
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00400
|
||||
mode 0o0400
|
||||
end
|
||||
end
|
||||
|
|
|
@ -41,20 +41,6 @@ admin_user = node['openstack']['identity']['admin_user']
|
|||
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
||||
admin_role = node['openstack']['identity']['admin_role']
|
||||
admin_domain = node['openstack']['identity']['admin_domain_name']
|
||||
region = node['openstack']['identity']['region']
|
||||
|
||||
execute 'bootstrap_keystone' do
|
||||
command "keystone-manage bootstrap \\
|
||||
--bootstrap-password #{admin_pass} \\
|
||||
--bootstrap-username #{admin_user} \\
|
||||
--bootstrap-project-name #{admin_project} \\
|
||||
--bootstrap-role-name #{admin_role} \\
|
||||
--bootstrap-service-name keystone \\
|
||||
--bootstrap-region-id #{region} \\
|
||||
--bootstrap-admin-url #{identity_admin_endpoint} \\
|
||||
--bootstrap-public-url #{identity_public_endpoint} \\
|
||||
--bootstrap-internal-url #{identity_internal_endpoint}"
|
||||
end
|
||||
|
||||
connection_params = {
|
||||
openstack_auth_url: "#{auth_url}/auth/tokens",
|
||||
|
|
|
@ -48,6 +48,16 @@ end
|
|||
|
||||
platform_options = node['openstack']['identity']['platform']
|
||||
|
||||
identity_admin_endpoint = admin_endpoint 'identity'
|
||||
identity_internal_endpoint = internal_endpoint 'identity'
|
||||
identity_public_endpoint = public_endpoint 'identity'
|
||||
|
||||
# define the credentials to use for the initial admin user
|
||||
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
||||
region = node['openstack']['identity']['region']
|
||||
keystone_user = node['openstack']['identity']['user']
|
||||
keystone_group = node['openstack']['identity']['group']
|
||||
|
||||
# install the database python adapter packages for the selected database
|
||||
# service_type
|
||||
db_type = node['openstack']['db']['identity']['service_type']
|
||||
|
@ -90,14 +100,14 @@ end
|
|||
directory '/etc/keystone' do
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00700
|
||||
mode 0o0700
|
||||
end
|
||||
|
||||
# create keystone domain config dir if needed
|
||||
directory node['openstack']['identity']['identity']['domain_config_dir'] do
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00700
|
||||
mode 0o0700
|
||||
only_if { node['openstack']['identity']['identity']['domain_specific_drivers_enabled'] }
|
||||
end
|
||||
|
||||
|
@ -110,6 +120,26 @@ end
|
|||
# include the recipe to setup fernet tokens
|
||||
include_recipe 'openstack-identity::_fernet_tokens'
|
||||
|
||||
# initialize fernet tokens
|
||||
execute 'fernet setup' do
|
||||
user 'root'
|
||||
command <<-EOH.gsub(/\s+/, ' ').strip!
|
||||
keystone-manage fernet_setup
|
||||
--keystone-user #{keystone_user}
|
||||
--keystone-group #{keystone_group}
|
||||
EOH
|
||||
notifies :run, 'execute[credential setup]', :immediately
|
||||
end
|
||||
|
||||
execute 'credential setup' do
|
||||
user 'root'
|
||||
command <<-EOH.gsub(/\s+/, ' ').strip!
|
||||
keystone-manage credential_setup
|
||||
--keystone-user #{keystone_user}
|
||||
--keystone-group #{keystone_group}
|
||||
EOH
|
||||
end
|
||||
|
||||
# define the address to bind the keystone apache main service to
|
||||
main_bind_service = node['openstack']['bind_service']['main']['identity']
|
||||
main_bind_address = bind_address main_bind_service
|
||||
|
@ -149,14 +179,14 @@ if node['openstack']['identity']['pastefile_url']
|
|||
source node['openstack']['identity']['pastefile_url']
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00644
|
||||
mode 0o0644
|
||||
end
|
||||
else
|
||||
template '/etc/keystone/keystone-paste.ini' do
|
||||
source 'keystone-paste.ini.erb'
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00644
|
||||
mode 0o0644
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -181,7 +211,7 @@ template '/etc/keystone/keystone.conf' do
|
|||
cookbook 'openstack-common'
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00640
|
||||
mode 0o0640
|
||||
variables(
|
||||
service_config: keystone_conf_options
|
||||
)
|
||||
|
@ -226,7 +256,7 @@ if node['openstack']['identity']['catalog']['backend'] == 'templated'
|
|||
source 'default_catalog.templates.erb'
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00644
|
||||
mode 0o0644
|
||||
variables(
|
||||
uris: uris
|
||||
)
|
||||
|
@ -235,12 +265,16 @@ end
|
|||
|
||||
# sync db after keystone.conf is generated
|
||||
execute 'keystone-manage db_sync' do
|
||||
user node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
|
||||
user 'root'
|
||||
only_if { node['openstack']['db']['identity']['migrate'] }
|
||||
end
|
||||
|
||||
# bootstrap keystone after keystone.conf is generated
|
||||
execute 'keystone bootstrap' do
|
||||
user 'root'
|
||||
command "keystone-manage bootstrap --bootstrap-password \"#{admin_pass}\" --bootstrap-region-id \"#{region}\" --bootstrap-admin-url #{identity_admin_endpoint} --bootstrap-public-url #{identity_public_endpoint} --bootstrap-internal-url #{identity_internal_endpoint}"
|
||||
end
|
||||
|
||||
# configure the flush tokens cronjob
|
||||
should_run_cron = node['openstack']['identity']['token_flush_cron']['enabled'] && node['openstack']['identity']['token']['backend'] == 'sql'
|
||||
log_file = node['openstack']['identity']['token_flush_cron']['log_file']
|
||||
|
@ -278,7 +312,7 @@ keystone_apache_dir = "#{node['apache']['docroot_dir']}/keystone"
|
|||
directory keystone_apache_dir do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode 00755
|
||||
mode 0o0755
|
||||
end
|
||||
|
||||
wsgi_apps = {
|
||||
|
|
|
@ -15,7 +15,7 @@ describe 'openstack-identity::_fernet_tokens' do
|
|||
|
||||
it do
|
||||
expect(chef_run).to create_directory('/etc/keystone/fernet-tokens')
|
||||
.with(owner: 'keystone', user: 'keystone', mode: 00700)
|
||||
.with(owner: 'keystone', user: 'keystone', mode: 0o0700)
|
||||
end
|
||||
|
||||
[0, 1].each do |key_index|
|
||||
|
@ -25,7 +25,7 @@ describe 'openstack-identity::_fernet_tokens' do
|
|||
content: "thisisfernetkey#{key_index}",
|
||||
owner: 'keystone',
|
||||
group: 'keystone',
|
||||
mode: 00400
|
||||
mode: 0o0400
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -48,9 +48,11 @@ describe 'openstack-identity::openrc' do
|
|||
it 'templates misc_openrc array correctly' do
|
||||
node.set['openstack']['misc_openrc'] = ['export MISC1=OPTION1', 'export MISC2=OPTION2']
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
/^export MISC1=OPTION1$/)
|
||||
/^export MISC1=OPTION1$/
|
||||
)
|
||||
expect(chef_run).to render_file(file.name).with_content(
|
||||
/^export MISC2=OPTION2$/)
|
||||
/^export MISC2=OPTION2$/
|
||||
)
|
||||
end
|
||||
|
||||
it 'contains overridden auth environment variables' do
|
||||
|
|
|
@ -18,33 +18,12 @@ describe 'openstack-identity::registration' do
|
|||
openstack_project_name: 'admin',
|
||||
openstack_domain_name: 'default'
|
||||
}
|
||||
service_name = 'keystone'
|
||||
service_user = 'admin'
|
||||
region = 'RegionOne'
|
||||
project_name = 'admin'
|
||||
role_name = 'admin'
|
||||
password = 'admin'
|
||||
domain_name = 'default'
|
||||
admin_url = 'http://127.0.0.1:35357/v3'
|
||||
public_url = 'http://127.0.0.1:5000/v3'
|
||||
internal_url = 'http://127.0.0.1:5000/v3'
|
||||
|
||||
describe 'keystone bootstrap' do
|
||||
context 'default values' do
|
||||
it 'bootstrap with keystone-manage' do
|
||||
expect(chef_run).to run_execute('bootstrap_keystone'
|
||||
).with(command: "keystone-manage bootstrap \\
|
||||
--bootstrap-password #{password} \\
|
||||
--bootstrap-username #{service_user} \\
|
||||
--bootstrap-project-name #{project_name} \\
|
||||
--bootstrap-role-name #{role_name} \\
|
||||
--bootstrap-service-name #{service_name} \\
|
||||
--bootstrap-region-id #{region} \\
|
||||
--bootstrap-admin-url #{admin_url} \\
|
||||
--bootstrap-public-url #{public_url} \\
|
||||
--bootstrap-internal-url #{internal_url}")
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to run_ruby_block('wait for identity admin endpoint')
|
||||
end
|
||||
|
@ -106,20 +85,6 @@ describe 'openstack-identity::registration' do
|
|||
'identity_domain'
|
||||
end
|
||||
|
||||
it 'bootstrap with keystone-manage' do
|
||||
expect(chef_run).to run_execute('bootstrap_keystone'
|
||||
).with(command: "keystone-manage bootstrap \\
|
||||
--bootstrap-password identity_admin_pass \\
|
||||
--bootstrap-username identity_admin \\
|
||||
--bootstrap-project-name admin_project \\
|
||||
--bootstrap-role-name identity_role \\
|
||||
--bootstrap-service-name #{service_name} \\
|
||||
--bootstrap-region-id otherRegion \\
|
||||
--bootstrap-admin-url https://admin.identity:1234/v3 \\
|
||||
--bootstrap-public-url https://public.identity:9753/v3 \\
|
||||
--bootstrap-internal-url https://internal.identity:5678/v3")
|
||||
end
|
||||
|
||||
it 'registers identity_domain domain' do
|
||||
expect(chef_run).to create_openstack_domain(
|
||||
'identity_domain'
|
||||
|
|
|
@ -14,6 +14,12 @@ describe 'openstack-identity::server-apache' do
|
|||
include Helpers
|
||||
include_context 'identity_stubs'
|
||||
|
||||
region = 'RegionOne'
|
||||
password = 'admin'
|
||||
admin_url = 'http://127.0.0.1:35357/v3'
|
||||
public_url = 'http://127.0.0.1:5000/v3'
|
||||
internal_url = 'http://127.0.0.1:5000/v3'
|
||||
|
||||
it 'runs logging recipe if node attributes say to' do
|
||||
node.set['openstack']['identity']['syslog']['use'] = true
|
||||
expect(chef_run).to include_recipe('openstack-common::logging')
|
||||
|
@ -40,6 +46,9 @@ describe 'openstack-identity::server-apache' do
|
|||
expect(chef_run).to upgrade_package('identity cookbook package keystone')
|
||||
end
|
||||
|
||||
it 'bootstrap with keystone-manage' do
|
||||
expect(chef_run).to run_execute('keystone bootstrap').with(command: "keystone-manage bootstrap --bootstrap-password \"#{password}\" --bootstrap-region-id \"#{region}\" --bootstrap-admin-url #{admin_url} --bootstrap-public-url #{public_url} --bootstrap-internal-url #{internal_url}")
|
||||
end
|
||||
it 'has flush tokens cronjob running every day at 3:30am' do
|
||||
expect(chef_run).to create_cron('keystone-manage-token-flush').with_command(/keystone-manage token_flush/)
|
||||
expect(chef_run).to create_cron('keystone-manage-token-flush').with_minute('0')
|
||||
|
@ -60,7 +69,7 @@ describe 'openstack-identity::server-apache' do
|
|||
expect(chef_run).to create_directory(dir.name).with(
|
||||
user: 'keystone',
|
||||
group: 'keystone',
|
||||
mode: 00700
|
||||
mode: 0o0700
|
||||
)
|
||||
end
|
||||
end
|
||||
|
@ -77,7 +86,7 @@ describe 'openstack-identity::server-apache' do
|
|||
expect(chef_run).to create_directory(dir).with(
|
||||
user: 'keystone',
|
||||
group: 'keystone',
|
||||
mode: 00700
|
||||
mode: 0o0700
|
||||
)
|
||||
end
|
||||
end
|
||||
|
@ -99,7 +108,7 @@ describe 'openstack-identity::server-apache' do
|
|||
expect(chef_run).to create_template(resource.name).with(
|
||||
user: 'keystone',
|
||||
group: 'keystone',
|
||||
mode: 00640
|
||||
mode: 0o0640
|
||||
)
|
||||
end
|
||||
end
|
||||
|
@ -204,7 +213,7 @@ describe 'openstack-identity::server-apache' do
|
|||
|
||||
describe '[assignment] section' do
|
||||
it 'configures driver' do
|
||||
r = line_regexp('driver = keystone.assignment.backends.sql.Assignment')
|
||||
r = line_regexp('driver = sql')
|
||||
expect(chef_run).to render_config_file(path).with_section_content('assignment', r)
|
||||
end
|
||||
end
|
||||
|
@ -216,7 +225,7 @@ describe 'openstack-identity::server-apache' do
|
|||
line_regexp(str)
|
||||
end
|
||||
let(:sql) do
|
||||
line_regexp('driver = keystone.catalog.backends.sql.Catalog')
|
||||
line_regexp('driver = sql')
|
||||
end
|
||||
|
||||
it 'configures driver' do
|
||||
|
@ -227,7 +236,7 @@ describe 'openstack-identity::server-apache' do
|
|||
|
||||
describe '[policy] section' do
|
||||
it 'configures driver' do
|
||||
r = line_regexp('driver = keystone.policy.backends.sql.Policy')
|
||||
r = line_regexp('driver = sql')
|
||||
expect(chef_run).to render_config_file(path).with_section_content('policy', r)
|
||||
end
|
||||
end
|
||||
|
@ -248,16 +257,14 @@ describe 'openstack-identity::server-apache' do
|
|||
|
||||
it 'runs migrations' do
|
||||
expect(chef_run).to run_execute(cmd).with(
|
||||
user: 'keystone',
|
||||
group: 'keystone'
|
||||
user: 'root'
|
||||
)
|
||||
end
|
||||
|
||||
it 'does not run migrations' do
|
||||
node.set['openstack']['db']['identity']['migrate'] = false
|
||||
expect(chef_run).not_to run_execute(cmd).with(
|
||||
user: 'keystone',
|
||||
group: 'keystone'
|
||||
user: 'root'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
@ -270,7 +277,7 @@ describe 'openstack-identity::server-apache' do
|
|||
expect(chef_run).to create_template(template.name).with(
|
||||
user: 'keystone',
|
||||
group: 'keystone',
|
||||
mode: 0644
|
||||
mode: 0o644
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -308,9 +315,11 @@ describe 'openstack-identity::server-apache' do
|
|||
it 'template misc_paste array correctly' do
|
||||
node.set['openstack']['identity']['misc_paste'] = ['MISC1 = OPTION1', 'MISC2 = OPTION2']
|
||||
expect(chef_run).to render_file(path).with_content(
|
||||
/^MISC1 = OPTION1$/)
|
||||
/^MISC1 = OPTION1$/
|
||||
)
|
||||
expect(chef_run).to render_file(path).with_content(
|
||||
/^MISC2 = OPTION2$/)
|
||||
/^MISC2 = OPTION2$/
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -323,7 +332,7 @@ describe 'openstack-identity::server-apache' do
|
|||
source: 'http://server/mykeystone-paste.ini',
|
||||
user: 'keystone',
|
||||
group: 'keystone',
|
||||
mode: 00644
|
||||
mode: 0o0644
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
<%= node["openstack"]["identity"]["custom_template_banner"] %>
|
||||
<%= node['openstack']['identity']['custom_template_banner'] %>
|
||||
|
||||
# Keystone PasteDeploy configuration file.
|
||||
|
||||
[filter:debug]
|
||||
use = egg:keystone#debug
|
||||
use = egg:oslo.middleware#debug
|
||||
|
||||
[filter:request_id]
|
||||
use = egg:keystone#request_id
|
||||
use = egg:oslo.middleware#request_id
|
||||
|
||||
[filter:build_auth_context]
|
||||
use = egg:keystone#build_auth_context
|
||||
|
@ -40,7 +40,7 @@ use = egg:keystone#s3_extension
|
|||
use = egg:keystone#url_normalize
|
||||
|
||||
[filter:sizelimit]
|
||||
use = egg:keystone#sizelimit
|
||||
use = egg:oslo.middleware#sizelimit
|
||||
|
||||
[filter:osprofiler]
|
||||
use = egg:osprofiler#osprofiler
|
||||
|
@ -55,13 +55,13 @@ use = egg:keystone#service_v3
|
|||
use = egg:keystone#admin_service
|
||||
|
||||
[pipeline:public_api]
|
||||
pipeline = <%=node["openstack"]["identity"]["pipeline"]["public_api"] %>
|
||||
pipeline = <%=node['openstack']['identity']['pipeline']['public_api'] %>
|
||||
|
||||
[pipeline:admin_api]
|
||||
pipeline = <%=node["openstack"]["identity"]["pipeline"]["admin_api"] %>
|
||||
pipeline = <%=node['openstack']['identity']['pipeline']['admin_api'] %>
|
||||
|
||||
[pipeline:api_v3]
|
||||
pipeline = <%=node["openstack"]["identity"]["pipeline"]["api_v3"] %>
|
||||
pipeline = <%=node['openstack']['identity']['pipeline']['api_v3'] %>
|
||||
|
||||
[app:public_version_service]
|
||||
use = egg:keystone#public_version_service
|
||||
|
@ -87,8 +87,8 @@ use = egg:Paste#urlmap
|
|||
/v3 = api_v3
|
||||
/ = admin_version_api
|
||||
|
||||
<% if node["openstack"]["identity"]["misc_paste"] %>
|
||||
<% node["openstack"]["identity"]["misc_paste"].each do |m| %>
|
||||
<% if node['openstack']['identity']['misc_paste'] %>
|
||||
<% node['openstack']['identity']['misc_paste'].each do |m| %>
|
||||
<%= m %>
|
||||
<% end %>
|
||||
<% end %>
|
||||
|
|
Loading…
Reference in New Issue