Keystone config updates for Ocata, style and lint fixes

- Keystone config updates for Ocata
- Style and lint fixes to support newer chefdk
- Rewrote metadata.rb for readability

Change-Id: Ie1d5f27a9cf8803044568a31e4dae7654b02c9a1
This commit is contained in:
Samuel Cassiba 2017-08-02 01:36:37 -04:00
parent 150c363d68
commit 8a967c291a
11 changed files with 105 additions and 101 deletions

View File

@ -1,11 +1,16 @@
# This configuration was generated by
# `rubocop --auto-gen-config`
# on 2017-02-23 16:58:29 +0100 using RuboCop version 0.39.0.
# on 2017-08-01 10:39:17 -0400 using RuboCop version 0.47.1.
# The point is for the user to remove these configuration records
# one by one as the offenses are removed from the code base.
# Note that changes in the inspected code, or installation of new
# versions of RuboCop, may require this file to be generated again.
# Offense count: 20
# Configuration parameters: CountComments, ExcludedMethods.
Metrics/BlockLength:
Max: 408
# Offense count: 4
# Configuration parameters: EnforcedStyle, SupportedStyles.
# SupportedStyles: nested, compact

View File

@ -16,16 +16,16 @@ default['openstack']['identity']['conf'].tap do |conf|
end
# [assignment] option in keystone.conf to set driver
conf['assignment']['driver'] = 'keystone.assignment.backends.sql.Assignment'
conf['assignment']['driver'] = 'sql'
# [auth] option in keystone.conf to set auth plugins
conf['auth']['external'] = 'keystone.auth.plugins.external.DefaultDomain'
conf['auth']['external'] = 'DefaultDomain'
# [auth] option in keystone.conf to set auth methods
conf['auth']['methods'] = 'external, password, token, oauth1'
# [catalog] option in keystone.conf to set catalog driver
conf['catalog']['driver'] = 'keystone.catalog.backends.sql.Catalog'
conf['catalog']['driver'] = 'sql'
# [policy] option in keystone.conf to set policy backend driver
conf['policy']['driver'] = 'keystone.policy.backends.sql.Policy'
conf['policy']['driver'] = 'sql'
end

View File

@ -1,17 +1,20 @@
name 'openstack-identity'
maintainer 'openstack-chef'
name 'openstack-identity'
maintainer 'openstack-chef'
maintainer_email 'openstack-dev@lists.openstack.org'
issues_url 'https://launchpad.net/openstack-chef' if respond_to?(:issues_url)
source_url 'https://github.com/openstack/cookbook-openstack-identity' if respond_to?(:source_url)
license 'Apache 2.0'
description 'The OpenStack Identity service Keystone.'
license 'Apache 2.0'
description 'The OpenStack Identity service Keystone.'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '15.0.0'
version '15.0.0'
%w(ubuntu redhat centos).each do |os|
supports os
end
depends 'apache2', '~> 3.2'
depends 'openstack-common', '>= 15.0.0'
depends 'openstackclient'
depends 'apache2', '~> 3.2'
issues_url 'https://launchpad.net/openstack-chef' if respond_to?(:issues_url)
source_url 'https://github.com/openstack/cookbook-openstack-identity' if respond_to?(:source_url)
chef_version '>= 12.5' if respond_to?(:chef_version)

View File

@ -29,7 +29,7 @@ key_repository =
directory key_repository do
owner node['openstack']['identity']['user']
group node['openstack']['identity']['group']
mode 00700
mode 0o0700
end
node['openstack']['identity']['fernet']['keys'].each do |key_index|
@ -38,6 +38,6 @@ node['openstack']['identity']['fernet']['keys'].each do |key_index|
content key
owner node['openstack']['identity']['user']
group node['openstack']['identity']['group']
mode 00400
mode 0o0400
end
end

View File

@ -41,20 +41,6 @@ admin_user = node['openstack']['identity']['admin_user']
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
admin_role = node['openstack']['identity']['admin_role']
admin_domain = node['openstack']['identity']['admin_domain_name']
region = node['openstack']['identity']['region']
execute 'bootstrap_keystone' do
command "keystone-manage bootstrap \\
--bootstrap-password #{admin_pass} \\
--bootstrap-username #{admin_user} \\
--bootstrap-project-name #{admin_project} \\
--bootstrap-role-name #{admin_role} \\
--bootstrap-service-name keystone \\
--bootstrap-region-id #{region} \\
--bootstrap-admin-url #{identity_admin_endpoint} \\
--bootstrap-public-url #{identity_public_endpoint} \\
--bootstrap-internal-url #{identity_internal_endpoint}"
end
connection_params = {
openstack_auth_url: "#{auth_url}/auth/tokens",

View File

@ -48,6 +48,16 @@ end
platform_options = node['openstack']['identity']['platform']
identity_admin_endpoint = admin_endpoint 'identity'
identity_internal_endpoint = internal_endpoint 'identity'
identity_public_endpoint = public_endpoint 'identity'
# define the credentials to use for the initial admin user
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
region = node['openstack']['identity']['region']
keystone_user = node['openstack']['identity']['user']
keystone_group = node['openstack']['identity']['group']
# install the database python adapter packages for the selected database
# service_type
db_type = node['openstack']['db']['identity']['service_type']
@ -90,14 +100,14 @@ end
directory '/etc/keystone' do
owner node['openstack']['identity']['user']
group node['openstack']['identity']['group']
mode 00700
mode 0o0700
end
# create keystone domain config dir if needed
directory node['openstack']['identity']['identity']['domain_config_dir'] do
owner node['openstack']['identity']['user']
group node['openstack']['identity']['group']
mode 00700
mode 0o0700
only_if { node['openstack']['identity']['identity']['domain_specific_drivers_enabled'] }
end
@ -110,6 +120,26 @@ end
# include the recipe to setup fernet tokens
include_recipe 'openstack-identity::_fernet_tokens'
# initialize fernet tokens
execute 'fernet setup' do
user 'root'
command <<-EOH.gsub(/\s+/, ' ').strip!
keystone-manage fernet_setup
--keystone-user #{keystone_user}
--keystone-group #{keystone_group}
EOH
notifies :run, 'execute[credential setup]', :immediately
end
execute 'credential setup' do
user 'root'
command <<-EOH.gsub(/\s+/, ' ').strip!
keystone-manage credential_setup
--keystone-user #{keystone_user}
--keystone-group #{keystone_group}
EOH
end
# define the address to bind the keystone apache main service to
main_bind_service = node['openstack']['bind_service']['main']['identity']
main_bind_address = bind_address main_bind_service
@ -149,14 +179,14 @@ if node['openstack']['identity']['pastefile_url']
source node['openstack']['identity']['pastefile_url']
owner node['openstack']['identity']['user']
group node['openstack']['identity']['group']
mode 00644
mode 0o0644
end
else
template '/etc/keystone/keystone-paste.ini' do
source 'keystone-paste.ini.erb'
owner node['openstack']['identity']['user']
group node['openstack']['identity']['group']
mode 00644
mode 0o0644
end
end
@ -181,7 +211,7 @@ template '/etc/keystone/keystone.conf' do
cookbook 'openstack-common'
owner node['openstack']['identity']['user']
group node['openstack']['identity']['group']
mode 00640
mode 0o0640
variables(
service_config: keystone_conf_options
)
@ -226,7 +256,7 @@ if node['openstack']['identity']['catalog']['backend'] == 'templated'
source 'default_catalog.templates.erb'
owner node['openstack']['identity']['user']
group node['openstack']['identity']['group']
mode 00644
mode 0o0644
variables(
uris: uris
)
@ -235,12 +265,16 @@ end
# sync db after keystone.conf is generated
execute 'keystone-manage db_sync' do
user node['openstack']['identity']['user']
group node['openstack']['identity']['group']
user 'root'
only_if { node['openstack']['db']['identity']['migrate'] }
end
# bootstrap keystone after keystone.conf is generated
execute 'keystone bootstrap' do
user 'root'
command "keystone-manage bootstrap --bootstrap-password \"#{admin_pass}\" --bootstrap-region-id \"#{region}\" --bootstrap-admin-url #{identity_admin_endpoint} --bootstrap-public-url #{identity_public_endpoint} --bootstrap-internal-url #{identity_internal_endpoint}"
end
# configure the flush tokens cronjob
should_run_cron = node['openstack']['identity']['token_flush_cron']['enabled'] && node['openstack']['identity']['token']['backend'] == 'sql'
log_file = node['openstack']['identity']['token_flush_cron']['log_file']
@ -278,7 +312,7 @@ keystone_apache_dir = "#{node['apache']['docroot_dir']}/keystone"
directory keystone_apache_dir do
owner 'root'
group 'root'
mode 00755
mode 0o0755
end
wsgi_apps = {

View File

@ -15,7 +15,7 @@ describe 'openstack-identity::_fernet_tokens' do
it do
expect(chef_run).to create_directory('/etc/keystone/fernet-tokens')
.with(owner: 'keystone', user: 'keystone', mode: 00700)
.with(owner: 'keystone', user: 'keystone', mode: 0o0700)
end
[0, 1].each do |key_index|
@ -25,7 +25,7 @@ describe 'openstack-identity::_fernet_tokens' do
content: "thisisfernetkey#{key_index}",
owner: 'keystone',
group: 'keystone',
mode: 00400
mode: 0o0400
)
end
end

View File

@ -48,9 +48,11 @@ describe 'openstack-identity::openrc' do
it 'templates misc_openrc array correctly' do
node.set['openstack']['misc_openrc'] = ['export MISC1=OPTION1', 'export MISC2=OPTION2']
expect(chef_run).to render_file(file.name).with_content(
/^export MISC1=OPTION1$/)
/^export MISC1=OPTION1$/
)
expect(chef_run).to render_file(file.name).with_content(
/^export MISC2=OPTION2$/)
/^export MISC2=OPTION2$/
)
end
it 'contains overridden auth environment variables' do

View File

@ -18,33 +18,12 @@ describe 'openstack-identity::registration' do
openstack_project_name: 'admin',
openstack_domain_name: 'default'
}
service_name = 'keystone'
service_user = 'admin'
region = 'RegionOne'
project_name = 'admin'
role_name = 'admin'
password = 'admin'
domain_name = 'default'
admin_url = 'http://127.0.0.1:35357/v3'
public_url = 'http://127.0.0.1:5000/v3'
internal_url = 'http://127.0.0.1:5000/v3'
describe 'keystone bootstrap' do
context 'default values' do
it 'bootstrap with keystone-manage' do
expect(chef_run).to run_execute('bootstrap_keystone'
).with(command: "keystone-manage bootstrap \\
--bootstrap-password #{password} \\
--bootstrap-username #{service_user} \\
--bootstrap-project-name #{project_name} \\
--bootstrap-role-name #{role_name} \\
--bootstrap-service-name #{service_name} \\
--bootstrap-region-id #{region} \\
--bootstrap-admin-url #{admin_url} \\
--bootstrap-public-url #{public_url} \\
--bootstrap-internal-url #{internal_url}")
end
it do
expect(chef_run).to run_ruby_block('wait for identity admin endpoint')
end
@ -106,20 +85,6 @@ describe 'openstack-identity::registration' do
'identity_domain'
end
it 'bootstrap with keystone-manage' do
expect(chef_run).to run_execute('bootstrap_keystone'
).with(command: "keystone-manage bootstrap \\
--bootstrap-password identity_admin_pass \\
--bootstrap-username identity_admin \\
--bootstrap-project-name admin_project \\
--bootstrap-role-name identity_role \\
--bootstrap-service-name #{service_name} \\
--bootstrap-region-id otherRegion \\
--bootstrap-admin-url https://admin.identity:1234/v3 \\
--bootstrap-public-url https://public.identity:9753/v3 \\
--bootstrap-internal-url https://internal.identity:5678/v3")
end
it 'registers identity_domain domain' do
expect(chef_run).to create_openstack_domain(
'identity_domain'

View File

@ -14,6 +14,12 @@ describe 'openstack-identity::server-apache' do
include Helpers
include_context 'identity_stubs'
region = 'RegionOne'
password = 'admin'
admin_url = 'http://127.0.0.1:35357/v3'
public_url = 'http://127.0.0.1:5000/v3'
internal_url = 'http://127.0.0.1:5000/v3'
it 'runs logging recipe if node attributes say to' do
node.set['openstack']['identity']['syslog']['use'] = true
expect(chef_run).to include_recipe('openstack-common::logging')
@ -40,6 +46,9 @@ describe 'openstack-identity::server-apache' do
expect(chef_run).to upgrade_package('identity cookbook package keystone')
end
it 'bootstrap with keystone-manage' do
expect(chef_run).to run_execute('keystone bootstrap').with(command: "keystone-manage bootstrap --bootstrap-password \"#{password}\" --bootstrap-region-id \"#{region}\" --bootstrap-admin-url #{admin_url} --bootstrap-public-url #{public_url} --bootstrap-internal-url #{internal_url}")
end
it 'has flush tokens cronjob running every day at 3:30am' do
expect(chef_run).to create_cron('keystone-manage-token-flush').with_command(/keystone-manage token_flush/)
expect(chef_run).to create_cron('keystone-manage-token-flush').with_minute('0')
@ -60,7 +69,7 @@ describe 'openstack-identity::server-apache' do
expect(chef_run).to create_directory(dir.name).with(
user: 'keystone',
group: 'keystone',
mode: 00700
mode: 0o0700
)
end
end
@ -77,7 +86,7 @@ describe 'openstack-identity::server-apache' do
expect(chef_run).to create_directory(dir).with(
user: 'keystone',
group: 'keystone',
mode: 00700
mode: 0o0700
)
end
end
@ -99,7 +108,7 @@ describe 'openstack-identity::server-apache' do
expect(chef_run).to create_template(resource.name).with(
user: 'keystone',
group: 'keystone',
mode: 00640
mode: 0o0640
)
end
end
@ -204,7 +213,7 @@ describe 'openstack-identity::server-apache' do
describe '[assignment] section' do
it 'configures driver' do
r = line_regexp('driver = keystone.assignment.backends.sql.Assignment')
r = line_regexp('driver = sql')
expect(chef_run).to render_config_file(path).with_section_content('assignment', r)
end
end
@ -216,7 +225,7 @@ describe 'openstack-identity::server-apache' do
line_regexp(str)
end
let(:sql) do
line_regexp('driver = keystone.catalog.backends.sql.Catalog')
line_regexp('driver = sql')
end
it 'configures driver' do
@ -227,7 +236,7 @@ describe 'openstack-identity::server-apache' do
describe '[policy] section' do
it 'configures driver' do
r = line_regexp('driver = keystone.policy.backends.sql.Policy')
r = line_regexp('driver = sql')
expect(chef_run).to render_config_file(path).with_section_content('policy', r)
end
end
@ -248,16 +257,14 @@ describe 'openstack-identity::server-apache' do
it 'runs migrations' do
expect(chef_run).to run_execute(cmd).with(
user: 'keystone',
group: 'keystone'
user: 'root'
)
end
it 'does not run migrations' do
node.set['openstack']['db']['identity']['migrate'] = false
expect(chef_run).not_to run_execute(cmd).with(
user: 'keystone',
group: 'keystone'
user: 'root'
)
end
end
@ -270,7 +277,7 @@ describe 'openstack-identity::server-apache' do
expect(chef_run).to create_template(template.name).with(
user: 'keystone',
group: 'keystone',
mode: 0644
mode: 0o644
)
end
@ -308,9 +315,11 @@ describe 'openstack-identity::server-apache' do
it 'template misc_paste array correctly' do
node.set['openstack']['identity']['misc_paste'] = ['MISC1 = OPTION1', 'MISC2 = OPTION2']
expect(chef_run).to render_file(path).with_content(
/^MISC1 = OPTION1$/)
/^MISC1 = OPTION1$/
)
expect(chef_run).to render_file(path).with_content(
/^MISC2 = OPTION2$/)
/^MISC2 = OPTION2$/
)
end
end
@ -323,7 +332,7 @@ describe 'openstack-identity::server-apache' do
source: 'http://server/mykeystone-paste.ini',
user: 'keystone',
group: 'keystone',
mode: 00644
mode: 0o0644
)
end
end

View File

@ -1,12 +1,12 @@
<%= node["openstack"]["identity"]["custom_template_banner"] %>
<%= node['openstack']['identity']['custom_template_banner'] %>
# Keystone PasteDeploy configuration file.
[filter:debug]
use = egg:keystone#debug
use = egg:oslo.middleware#debug
[filter:request_id]
use = egg:keystone#request_id
use = egg:oslo.middleware#request_id
[filter:build_auth_context]
use = egg:keystone#build_auth_context
@ -40,7 +40,7 @@ use = egg:keystone#s3_extension
use = egg:keystone#url_normalize
[filter:sizelimit]
use = egg:keystone#sizelimit
use = egg:oslo.middleware#sizelimit
[filter:osprofiler]
use = egg:osprofiler#osprofiler
@ -55,13 +55,13 @@ use = egg:keystone#service_v3
use = egg:keystone#admin_service
[pipeline:public_api]
pipeline = <%=node["openstack"]["identity"]["pipeline"]["public_api"] %>
pipeline = <%=node['openstack']['identity']['pipeline']['public_api'] %>
[pipeline:admin_api]
pipeline = <%=node["openstack"]["identity"]["pipeline"]["admin_api"] %>
pipeline = <%=node['openstack']['identity']['pipeline']['admin_api'] %>
[pipeline:api_v3]
pipeline = <%=node["openstack"]["identity"]["pipeline"]["api_v3"] %>
pipeline = <%=node['openstack']['identity']['pipeline']['api_v3'] %>
[app:public_version_service]
use = egg:keystone#public_version_service
@ -87,8 +87,8 @@ use = egg:Paste#urlmap
/v3 = api_v3
/ = admin_version_api
<% if node["openstack"]["identity"]["misc_paste"] %>
<% node["openstack"]["identity"]["misc_paste"].each do |m| %>
<% if node['openstack']['identity']['misc_paste'] %>
<% node['openstack']['identity']['misc_paste'].each do |m| %>
<%= m %>
<% end %>
<% end %>