Refactor using new style
* use new logic for heat.conf template * move all attributes that are used in heat.conf to attributes/heat_conf.rb * remove all attributes that are just setting default values * add new default attributes so that the authorisation setup will be functional again * refactored endpoint and bind_service logic to fit the new common cookbook * adapt specs accordingly * removed qpid as a messaging option (can be included in a wrapper) * removed fedora as supported platform * removed deprecated Gemfile * removed logic for setting up a dedicated domain for Heat, should be done in a wrapper * update README.md accordingly (still incomplete) Implements: blueprint cookbook-refactoring Change-Id: I16a29e28068d106f0edcbe04cb529aabbbed1ac5
This commit is contained in:
parent
9fe64485f5
commit
5d70ac53fa
14
Gemfile
14
Gemfile
|
@ -1,14 +0,0 @@
|
|||
## THIS GEMFILE IS DEPRECATED AND WILL BE REMOVED AFTER THE NEXT RELEASE
|
||||
## THERE WON'T BE ANY UPDATES TO THIS FILE DURING THIS RELEASE CYCLE
|
||||
## WE SWITCHED TO CHEFDK AS THE BUNDLE FOR THE NEEDED GEMS
|
||||
|
||||
source 'https://rubygems.org'
|
||||
|
||||
gem 'chef', '~> 11.18.6'
|
||||
gem 'json', '<= 1.7.7' # chef 11 dependency
|
||||
gem 'berkshelf', '~> 3.2.1'
|
||||
gem 'hashie', '~> 2.0'
|
||||
gem 'chefspec', '~> 4.0.0'
|
||||
gem 'rspec', '~> 3.0.0'
|
||||
gem 'foodcritic', '~> 4.0'
|
||||
gem 'rubocop', '~> 0.29.1'
|
146
README.md
146
README.md
|
@ -54,150 +54,46 @@ Attributes
|
|||
|
||||
Attributes for the Heat service are in the ['openstack']['orchestration'] namespace.
|
||||
|
||||
* `openstack['orchestration']['verbose']` - Enables/disables verbose output for heat services.
|
||||
* `openstack['orchestration']['debug']` - Enables/disables debug output for heat services.
|
||||
* `openstack['orchestration']['identity_service_chef_role']` - The name of the Chef role that installs the Keystone Service API
|
||||
* `openstack['orchestration']['rabbit_server_chef_role']` - The name of the Chef role that knows about the message queue server
|
||||
* `openstack['orchestration']['user']` - User heat runs as
|
||||
* `openstack['orchestration']['group']` - Group heat runs as
|
||||
* `openstack['orchestration']['num_engine_workers']` - Number of heat-engine processes to fork and run.
|
||||
* `openstack['orchestration']['api']['workers']` - Number of workers for Heat api service.
|
||||
* `openstack['orchestration']['api_cfn']['workers']` - Number of workers for Heat api cfn service.
|
||||
* `openstack['orchestration']['api_cloudwatch']['workers']` - Number of workers for Heat api cloudwatch service.
|
||||
* `openstack['orchestration']['db']['username']` - Username for heat database access
|
||||
* `openstack['orchestration']['api']['adminURL']` - Used when registering heat endpoint with keystone
|
||||
* `openstack['orchestration']['api']['internalURL']` - Used when registering heat endpoint with keystone
|
||||
* `openstack['orchestration']['api']['publicURL']` - Used when registering heat endpoint with keystone
|
||||
* `openstack['orchestration']['service_tenant_name']` - Tenant name used by heat when interacting with keystone - used in the API and registry paste.ini files
|
||||
* `openstack['orchestration']['service_user']` - User name used by heat when interacting with keystone - used in the API and registry paste.ini files
|
||||
* `openstack['orchestration']['service_role']` - User role used by heat when interacting with keystone - used in the API and registry paste.ini files
|
||||
* `openstack['orchestration']['api']['auth']['cache_dir']` - Defaults to `/var/cache/heat`. Directory where `auth_token` middleware writes certificates for heat
|
||||
* `openstack['db']['orchestration']['username']` - Username for heat database access
|
||||
* `openstack['orchestration']['service_role']` - User role used by heat when interacting with keystone, defaults to 'service'. Used in the API and registry paste.ini files
|
||||
* `openstack['orchestration']['syslog']['use']` - Should heat log to syslog?
|
||||
* `openstack['orchestration']['syslog']['facility']` - Which facility heat should use when logging in python style (for example, `LOG_LOCAL1`)
|
||||
* `openstack['orchestration']['syslog']['config_facility']` - Which facility heat should use when logging in rsyslog style (for example, local1)
|
||||
* `openstack['orchestration']['rpc_thread_pool_size']` - size of RPC thread pool
|
||||
* `openstack['orchestration']['rpc_conn_pool_size']` - size of RPC connection pool
|
||||
* `openstack['orchestration']['rpc_response_timeout']` - seconds to wait for a response from call or multicall
|
||||
* `openstack['orchestration']['platform']` - hash of platform specific package/service names and options
|
||||
* `openstack['orchestration']['api']['auth']['version']` - Select v2.0 or v3.0. Default v2.0. The auth API version used to interact with identity service.
|
||||
* `openstack['orchestration']['api']['auth']['memcached_servers']` - A list of memcached server(s) for caching
|
||||
* `openstack['orchestration']['api']['auth']['memcache_security_strategy']` - Whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT.
|
||||
* `openstack['orchestration']['api']['auth']['memcache_secret_key']` - This string is used for key derivation.
|
||||
* `openstack['orchestration']['api']['auth']['hash_algorithms']` - Hash algorithms to use for hashing PKI tokens.
|
||||
* `openstack['orchestration']['api']['auth']['cafile']` - A PEM encoded Certificate Authority to use when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['api']['auth']['insecure']` - Whether to allow the client to perform insecure SSL (https) requests.
|
||||
* `openstack['orchestration']['api']['auth']['version']` - Select v2.0 or v3.0. Default v2.0. The auth API version used to interact with the identity service.
|
||||
|
||||
Clients configurations
|
||||
----------------------
|
||||
* `openstack['orchestration']['clients']['ca_file']` - A PEM encoded Certificate Authority to use for clients when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients']['cert_file']` - Cert file to use for clients when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients']['key_file']` - Private key file to use for clients when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients.
|
||||
|
||||
clients_ceilometer configurations
|
||||
---------------------------------
|
||||
* `openstack['orchestration']['clients_ceilometer']['ca_file']` - A PEM encoded Certificate Authority to use for clients_ceilometer when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_ceilometer']['cert_file']` - Cert file to use for clients_ceilometer when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_ceilometer']['key_file']` - Private key file to use for clients_ceilometer when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_ceilometer']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_ceilometer.
|
||||
|
||||
clients_cinder configurations
|
||||
-----------------------------
|
||||
* `openstack['orchestration']['clients_cinder']['ca_file']` - A PEM encoded Certificate Authority to use for clients_cinder when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_cinder']['cert_file']` - Cert file to use for clients_cinder when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_cinder']['key_file']` - Private key file to use for clients_cinder when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_cinder']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_cinder.
|
||||
|
||||
clients_glance configurations
|
||||
-----------------------------
|
||||
* `openstack['orchestration']['clients_glance']['ca_file']` - A PEM encoded Certificate Authority to use for clients_glance when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_glance']['cert_file']` - Cert file to use for clients_glance when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_glance']['key_file']` - Private key file to use for clients_glance when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_glance']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_glance.
|
||||
|
||||
clients_heat configurations
|
||||
---------------------------
|
||||
* `openstack['orchestration']['clients_heat']['ca_file']` - A PEM encoded Certificate Authority to use for clients_heat when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_heat']['cert_file']` - Cert file to use for clients_heat when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_heat']['key_file']` - Private key file to use for clients_heat when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_heat']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_heat.
|
||||
|
||||
clients_keystone configurations
|
||||
-------------------------------
|
||||
* `openstack['orchestration']['clients_keystone']['ca_file']` - A PEM encoded Certificate Authority to use for clients_keystone when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_keystone']['cert_file']` - Cert file to use for clients_keystone when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_keystone']['key_file']` - Private key file to use for clients_keystone when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_keystone']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_keystone.
|
||||
|
||||
clients_neutron configurations
|
||||
------------------------------
|
||||
* `openstack['orchestration']['clients_neutron']['ca_file']` - A PEM encoded Certificate Authority to use for clients_neutron when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_neutron']['cert_file']` - Cert file to use for clients_neutron when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_neutron']['key_file']` - Private key file to use for clients_neutron when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_neutron']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_neutron.
|
||||
|
||||
clients_nova configurations
|
||||
---------------------------------
|
||||
* `openstack['orchestration']['clients_nova']['ca_file']` - A PEM encoded Certificate Authority to use for clients_nova when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_nova']['cert_file']` - Cert file to use for clients_nova when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_nova']['key_file']` - Private key file to use for clients_nova when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients_nova']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_nova.
|
||||
|
||||
Notification definitions
|
||||
------------------------
|
||||
* `openstack['orchestration']['notification_driver']` - driver
|
||||
* `openstack['orchestration']['default_notification_level']` - level
|
||||
* `openstack['orchestration']['default_publisher_id']` - publisher id
|
||||
* `openstack['orchestration']['list_notifier_drivers']` - list of drivers
|
||||
* `openstack['orchestration']['notification_topics']` - notifications topics
|
||||
TODO: update this section adding new attributes
|
||||
|
||||
MQ attributes
|
||||
-------------
|
||||
* `openstack["orchestration"]["mq"]["service_type"]` - Select qpid or rabbitmq. default rabbitmq
|
||||
TODO: move rabbit parameters under openstack["orchestration"]["mq"]
|
||||
* `openstack["orchestration"]["rabbit"]["username"]` - Username for nova rabbit access
|
||||
* `openstack["orchestration"]["rabbit"]["vhost"]` - The rabbit vhost to use
|
||||
* `openstack["orchestration"]["rabbit"]["port"]` - The rabbit port to use
|
||||
* `openstack["orchestration"]["rabbit"]["host"]` - The rabbit host to use (must set when `openstack["orchestration"]["rabbit"]["ha"]` false).
|
||||
* `openstack["orchestration"]["rabbit"]["ha"]` - Whether or not to use rabbit ha
|
||||
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["host"]` - The qpid host to use
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["port"]` - The qpid port to use
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["qpid_hosts"]` - Qpid hosts. TODO. use only when ha is specified.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["username"]` - Username for qpid connection
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["password"]` - Password for qpid connection
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["sasl_mechanisms"]` - Space separated list of SASL mechanisms to use for auth
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["reconnect_timeout"]` - The number of seconds to wait before deciding that a reconnect attempt has failed.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["reconnect_limit"]` - The limit for the number of times to reconnect before considering the connection to be failed.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval_min"]` - Minimum number of seconds between connection attempts.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval_max"]` - Maximum number of seconds between connection attempts.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval"]` - Equivalent to setting qpid_reconnect_interval_min and qpid_reconnect_interval_max to the same value.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["heartbeat"]` - Seconds between heartbeat messages sent to ensure that the connection is still alive.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["protocol"]` - Protocol to use. Default tcp.
|
||||
* `openstack["orchestration"]["mq"]["qpid"]["tcp_nodelay"]` - Disable the Nagle algorithm. default disabled.
|
||||
TODO: update this section with the new attributes
|
||||
|
||||
The following attributes are defined in attributes/default.rb of the common cookbook, but are documented here due to their relevance:
|
||||
Service bindings
|
||||
----------------
|
||||
|
||||
* `openstack['endpoints']['orchestration-api-bind']['host']` - The IP address to bind the service to
|
||||
* `openstack['endpoints']['orchestration-api-bind']['port']` - The port to bind the service to
|
||||
* `openstack['endpoints']['orchestration-api-bind']['bind_interface']` - The interface name to bind the service to
|
||||
* `openstack['bind_service']['all']['orchestration-api']['host']` - The IP address to bind the service to
|
||||
* `openstack['bind_service']['all']['orchestration-api']['port']` - The port to bind the service to
|
||||
* `openstack['bind_service']['all']['orchestration-api']['interface']` - The interface to bind the service to
|
||||
|
||||
* `openstack['endpoints']['orchestration-api-cfn-bind']['host']` - The IP address to bind the service to
|
||||
* `openstack['endpoints']['orchestration-api-cfn-bind']['port']` - The port to bind the service to
|
||||
* `openstack['endpoints']['orchestration-api-cfn-bind']['bind_interface']` - The interface name to bind the-cfn service to
|
||||
* `openstack['bind_service']['all']['orchestration-api-cfn']['host']` - The IP address to bind the service to
|
||||
* `openstack['bind_service']['all']['orchestration-api-cfn']['port']` - The port to bind the service to
|
||||
* `openstack['bind_service']['all']['orchestration-api-cfn']['interface']` - The interface to bind the service to
|
||||
|
||||
* `openstack['endpoints']['orchestration-api-cloudwatch-bind']['host']` - The IP address to bind the service to
|
||||
* `openstack['endpoints']['orchestration-api-cloudwatch-bind']['port']` - The port to bind the service to
|
||||
* `openstack['endpoints']['orchestration-api-cloudwatch-bind']['bind_interface']` - The interface name to bind the-cloudwatch service to
|
||||
* `openstack['bind_service']['all']['orchestration-api-cloudwatch']['host']` - The IP address to bind the service to
|
||||
* `openstack['bind_service']['all']['orchestration-api-cloudwatch']['port']` - The port to bind the service to
|
||||
* `openstack['bind_service']['all']['orchestration-api-cloudwatch']['interface']` - The interface to bind the service to
|
||||
|
||||
If the value of the 'bind_interface' attribute is non-nil, then the service will be bound to the first IP address on that interface. If the value of the 'bind_interface' attribute is nil, then the service will be bound to the IP address specifie>
|
||||
If the value of the 'interface' attribute is non-nil, then the service will be bound to the first IP address on that interface and
|
||||
the 'host' attribute will be ignored.
|
||||
If the value of the 'interface' attribute is nil (which is the default), then the service will be bound to the IP address specified
|
||||
in the 'host' attribute.
|
||||
|
||||
Miscellaneous Options
|
||||
---------------------
|
||||
|
||||
Arrays whose elements will be copied exactly into the respective config files (contents e.g. ['option1=value1', 'option2=value2']).
|
||||
|
||||
* `openstack["orchestration"]["misc_heat"]` - Array of bare options for `heat.conf`.
|
||||
* `orchestration_auth_encryption_key` - Key used to encrypt authentication info in the database. Length of this key must be 16, 24 or 32 characters. Comes from secrets databag.
|
||||
|
||||
Testing
|
||||
|
@ -215,9 +111,11 @@ License and Author
|
|||
| **Author** | Ionut Artarisi (<iartarisi@suse.cz>) |
|
||||
| **Author** | Mark Vanderwiel (<vanderwl@us.ibm.com>) |
|
||||
| **Author** | Jan Klare (<j.klare@x-ion.de>) |
|
||||
| **Author** | Dr. Jens Rosenboom (<j.rosenboom@x-ion.de>) |
|
||||
| | |
|
||||
| **Copyright** | Copyright (c) 2013-2014, IBM Corp. |
|
||||
| **Copyright** | Copyright (c) 2014, SUSE Linux, GmbH. |
|
||||
| **Copyright** | Copyright (c) 2016, x-ion GmbH. |
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
|
@ -17,192 +17,54 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
|
||||
%w(public internal admin).each do |ep_type|
|
||||
# openstack orchestration-api service endpoints (used by users and services)
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api']['host'] = '127.0.0.1'
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api']['scheme'] = 'http'
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api']['path'] = '/v1/%(tenant_id)s'
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api']['port'] = 8004
|
||||
# openstack orchestration-api-cfn service endpoints (used by users and services)
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['host'] = '127.0.0.1'
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['scheme'] = 'http'
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['path'] = '/v1'
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['port'] = 8000
|
||||
# openstack orchestration-api-cloudwatch service endpoints (used by users and services)
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['host'] = '127.0.0.1'
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['scheme'] = 'http'
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['path'] = '/v1'
|
||||
default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['port'] = 8003
|
||||
end
|
||||
default['openstack']['bind_service']['all']['orchestration-api']['host'] = '127.0.0.1'
|
||||
default['openstack']['bind_service']['all']['orchestration-api']['port'] = 8004
|
||||
default['openstack']['bind_service']['all']['orchestration-api-cfn']['host'] = '127.0.0.1'
|
||||
default['openstack']['bind_service']['all']['orchestration-api-cfn']['port'] = 8000
|
||||
default['openstack']['bind_service']['all']['orchestration-api-cloudwatch']['host'] = '127.0.0.1'
|
||||
default['openstack']['bind_service']['all']['orchestration-api-cloudwatch']['port'] = 8003
|
||||
|
||||
# Set to some text value if you want templated config files
|
||||
# to contain a custom banner at the top of the written file
|
||||
default['openstack']['orchestration']['custom_template_banner'] = '
|
||||
# This file autogenerated by Chef
|
||||
# This file was autogenerated by Chef
|
||||
# Do not edit, changes will be overwritten
|
||||
'
|
||||
|
||||
default['openstack']['orchestration']['verbose'] = 'False'
|
||||
default['openstack']['orchestration']['debug'] = 'False'
|
||||
default['openstack']['orchestration']['log_dir'] = '/var/log/heat'
|
||||
default['openstack']['orchestration']['syslog']['use']
|
||||
|
||||
# This is the name of the Chef role that will install the Keystone Service API
|
||||
default['openstack']['orchestration']['identity_service_chef_role'] = 'os-identity'
|
||||
|
||||
# Number of heat-engine processes to fork and run.
|
||||
default['openstack']['orchestration']['num_engine_workers'] = nil
|
||||
# Number of workers for Heat api service.
|
||||
default['openstack']['orchestration']['api']['workers'] = 0
|
||||
# Number of workers for Heat api cfn service.
|
||||
default['openstack']['orchestration']['api_cfn']['workers'] = 0
|
||||
# Number of workers for Heat api cloudwatch service.
|
||||
default['openstack']['orchestration']['api_cloudwatch']['workers'] = 0
|
||||
|
||||
# Gets set in the Heat Endpoint when registering with Keystone
|
||||
default['openstack']['orchestration']['region'] = node['openstack']['region']
|
||||
|
||||
# The name of the Chef role that knows about the message queue server
|
||||
# that Heat uses
|
||||
default['openstack']['orchestration']['rabbit_server_chef_role'] = 'os-ops-messaging'
|
||||
|
||||
default['openstack']['orchestration']['service_tenant_name'] = 'service'
|
||||
default['openstack']['orchestration']['service_user'] = 'heat'
|
||||
default['openstack']['orchestration']['service_role'] = 'service'
|
||||
|
||||
default['openstack']['orchestration']['ec2authtoken']['auth']['version'] = 'v2.0'
|
||||
default['openstack']['orchestration']['api']['auth']['version'] = node['openstack']['api']['auth']['version']
|
||||
|
||||
# A PEM encoded Certificate Authority to use for clients when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients']['ca_file'] = nil
|
||||
# Cert file to use for clients when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients']['cert_file'] = nil
|
||||
# Private key file to use for clients when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients']['key_file'] = nil
|
||||
# Whether to allow insecure SSL (https) requests when calling clients.
|
||||
default['openstack']['orchestration']['clients']['insecure'] = false
|
||||
|
||||
# A PEM encoded Certificate Authority to use for clients_ceilometer when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_ceilometer']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
|
||||
# Cert file to use for clients_ceilometer when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_ceilometer']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
|
||||
# Private key file to use for clients_ceilometer when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_ceilometer']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
|
||||
# Whether to allow insecure SSL (https) requests when calling clients_ceilometer.
|
||||
default['openstack']['orchestration']['clients_ceilometer']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
|
||||
|
||||
# A PEM encoded Certificate Authority to use for clients_cinder when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_cinder']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
|
||||
# Cert file to use for clients_cinder when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_cinder']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
|
||||
# Private key file to use for clients_cinder when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_cinder']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
|
||||
# Whether to allow insecure SSL (https) requests when calling clients_cinder.
|
||||
default['openstack']['orchestration']['clients_cinder']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
|
||||
|
||||
# A PEM encoded Certificate Authority to use for clients_glance when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_glance']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
|
||||
# Cert file to use for clients_glance when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_glance']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
|
||||
# Private key file to use for clients_glance when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_glance']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
|
||||
# Whether to allow insecure SSL (https) requests when calling clients_glance.
|
||||
default['openstack']['orchestration']['clients_glance']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
|
||||
|
||||
# A PEM encoded Certificate Authority to use for clients_heat when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_heat']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
|
||||
# Cert file to use for clients_heat when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_heat']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
|
||||
# Private key file to use for clients_heat when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_heat']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
|
||||
# Whether to allow insecure SSL (https) requests when calling clients_heat.
|
||||
default['openstack']['orchestration']['clients_heat']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
|
||||
|
||||
# A PEM encoded Certificate Authority to use for clients_keystone when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_keystone']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
|
||||
# Cert file to use for clients_keystone when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_keystone']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
|
||||
# Private key file to use for clients_keystone when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_keystone']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
|
||||
# Whether to allow insecure SSL (https) requests when calling clients_keystone.
|
||||
default['openstack']['orchestration']['clients_keystone']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
|
||||
|
||||
# A PEM encoded Certificate Authority to use for clients_neutron when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_neutron']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
|
||||
# Cert file to use for clients_neutron when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_neutron']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
|
||||
# Private key file to use for clients_neutron when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_neutron']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
|
||||
# Whether to allow insecure SSL (https) requests when calling clients_neutron.
|
||||
default['openstack']['orchestration']['clients_neutron']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
|
||||
|
||||
# A PEM encoded Certificate Authority to use for clients_nova when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_nova']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
|
||||
# Cert file to use for clients_nova when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_nova']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
|
||||
# Private key file to use for clients_nova when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients_nova']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
|
||||
# Whether to allow insecure SSL (https) requests when calling clients_nova.
|
||||
default['openstack']['orchestration']['clients_nova']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
|
||||
|
||||
# A list of memcached server(s) for caching
|
||||
default['openstack']['orchestration']['api']['auth']['memcached_servers'] = nil
|
||||
|
||||
# Whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT
|
||||
default['openstack']['orchestration']['api']['auth']['memcache_security_strategy'] = nil
|
||||
|
||||
# This string is used for key derivation
|
||||
default['openstack']['orchestration']['api']['auth']['memcache_secret_key'] = nil
|
||||
|
||||
# Hash algorithms to use for hashing PKI tokens
|
||||
default['openstack']['orchestration']['api']['auth']['hash_algorithms'] = 'md5'
|
||||
|
||||
# A PEM encoded Certificate Authority to use when verifying HTTPs connections
|
||||
default['openstack']['orchestration']['api']['auth']['cafile'] = nil
|
||||
|
||||
# Whether to allow the client to perform insecure SSL (https) requests
|
||||
default['openstack']['orchestration']['api']['auth']['insecure'] = false
|
||||
|
||||
# Keystone role for heat template-defined users. (string value)
|
||||
default['openstack']['orchestration']['heat_stack_user_role'] = nil
|
||||
|
||||
# Keystone domain id which contains heat template-defined users.
|
||||
# If this option is set, stack_user_domain_name option
|
||||
# will be ignored. (string value)
|
||||
default['openstack']['orchestration']['stack_user_domain_id'] = nil
|
||||
|
||||
# Keystone domain name which contains heat template-defined users. (string value)
|
||||
default['openstack']['orchestration']['stack_user_domain_name'] = nil
|
||||
|
||||
# Keystone username, a user with roles sufficient to manage
|
||||
# users and projects in the stack_user_domain. (string value)
|
||||
default['openstack']['orchestration']['stack_domain_admin'] = nil
|
||||
|
||||
# Select deferred auth method, stored password or trusts.
|
||||
default['openstack']['orchestration']['deferred_auth_method'] = 'trusts'
|
||||
|
||||
# If true, will passing stack information to scheduler hints when creating instances.
|
||||
default['openstack']['orchestration']['stack_scheduler_hints'] = false
|
||||
|
||||
# If set, heat API service will bind to the address on this interface,
|
||||
# otherwise it will bind to the API endpoint's host.
|
||||
default['openstack']['orchestration']['api']['bind_interface'] = nil
|
||||
|
||||
# If set, heat api-cfn service will bind to the address on this interface,
|
||||
# otherwise it will bind to the API endpoint's host.
|
||||
default['openstack']['orchestration']['api-cfn']['bind_interface'] = nil
|
||||
|
||||
# If set, heat api-cloudwatch service will bind to the address on this interface,
|
||||
# otherwise it will bind to the API endpoint's host.
|
||||
default['openstack']['orchestration']['api-cloudwatch']['bind_interface'] = nil
|
||||
|
||||
# Keystone PKI signing directory. Only written to the filter:authtoken section
|
||||
# of the api-paste.ini when node['openstack']['auth']['strategy'] == 'pki'
|
||||
default['openstack']['orchestration']['api']['auth']['cache_dir'] = '/var/cache/heat'
|
||||
|
||||
# logging attribute
|
||||
default['openstack']['orchestration']['syslog']['use'] = false
|
||||
default['openstack']['orchestration']['syslog']['facility'] = 'LOG_LOCAL2'
|
||||
default['openstack']['orchestration']['syslog']['config_facility'] = 'local2'
|
||||
|
||||
# Common rpc definitions
|
||||
default['openstack']['orchestration']['rpc_thread_pool_size'] = 64
|
||||
default['openstack']['orchestration']['rpc_conn_pool_size'] = 30
|
||||
default['openstack']['orchestration']['rpc_response_timeout'] = 60
|
||||
|
||||
# Notification definitions
|
||||
default['openstack']['orchestration']['notification_driver'] = 'heat.openstack.common.notifier.rpc_notifier'
|
||||
default['openstack']['orchestration']['default_notification_level'] = 'INFO'
|
||||
default['openstack']['orchestration']['default_publisher_id'] = ''
|
||||
default['openstack']['orchestration']['list_notifier_drivers'] = 'heat.openstack.common.notifier.no_op_notifier'
|
||||
default['openstack']['orchestration']['notification_topics'] = 'notifications'
|
||||
|
||||
# Array of options for `heat.conf` (e.g. ['option1=value1', 'option2=value2'])
|
||||
default['openstack']['orchestration']['misc_heat'] = nil
|
||||
|
||||
# platform-specific settings
|
||||
case platform_family
|
||||
when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
|
||||
when 'rhel'
|
||||
default['openstack']['orchestration']['user'] = 'heat'
|
||||
default['openstack']['orchestration']['group'] = 'heat'
|
||||
default['openstack']['orchestration']['platform'] = {
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
# encoding: UTF-8
|
||||
#
|
||||
# Cookbook Name:: openstack-orchestration
|
||||
# Attributes:: default
|
||||
#
|
||||
# Copyright 2013, IBM Corp.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
default['openstack']['orchestration']['conf']['DEFAULT']['log_dir'] = '/var/log/heat'
|
||||
default['openstack']['orchestration']['conf']['DEFAULT']['notification_driver'] = 'heat.openstack.common.notifier.rpc_notifier'
|
||||
default['openstack']['orchestration']['conf']['keystone_authtoken']['auth_plugin'] = 'v2password'
|
||||
default['openstack']['orchestration']['conf']['keystone_authtoken']['username'] = 'heat'
|
||||
default['openstack']['orchestration']['conf']['keystone_authtoken']['tenant_name'] = 'service'
|
||||
default['openstack']['orchestration']['conf']['trustee']['auth_plugin'] = 'v2password'
|
||||
default['openstack']['orchestration']['conf']['trustee']['username'] = 'heat'
|
|
@ -5,7 +5,7 @@ maintainer_email 'openstack-dev@lists.openstack.org'
|
|||
license 'Apache 2.0'
|
||||
description 'Installs and configures the Heat Service'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '12.0.0'
|
||||
version '13.0.0'
|
||||
recipe 'openstack-orchestration::api', 'Start and configure the Heat API service'
|
||||
recipe 'openstack-orchestration::api-cfn', 'Start and configure the Heat API CloudFormation service'
|
||||
recipe 'openstack-orchestration::api-cloudwatch', 'Start and configure the Heat API CloudWatch service'
|
||||
|
@ -14,9 +14,9 @@ recipe 'openstack-orchestration::common', 'Installs packages and configures a He
|
|||
recipe 'openstack-orchestration::engine', 'Sets up Heat database and starts Heat Engine service'
|
||||
recipe 'openstack-orchestration::identity_registration', 'Registers Heat service, user and endpoints with Keystone'
|
||||
|
||||
%w(ubuntu fedora redhat centos).each do |os|
|
||||
%w(ubuntu redhat centos).each do |os|
|
||||
supports os
|
||||
end
|
||||
|
||||
depends 'openstack-common', '>= 12.0.0'
|
||||
depends 'openstack-identity', '>= 12.0.0'
|
||||
depends 'openstack-common', '>= 13.0.0'
|
||||
depends 'openstack-identity', '>= 13.0.0'
|
||||
|
|
|
@ -49,91 +49,98 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg|
|
|||
end
|
||||
end
|
||||
|
||||
unless node['openstack']['orchestration']['conf']['DEFAULT']['rpc_backend'].nil? &&
|
||||
node['openstack']['orchestration']['conf']['DEFAULT']['rpc_backend'] == 'rabbit'
|
||||
user = node['openstack']['mq']['orchestration']['rabbit']['userid']
|
||||
node.default['openstack']['orchestration']['conf']
|
||||
.[]('oslo_messaging_rabbit')['rabbit_userid'] = user
|
||||
node.default['openstack']['orchestration']['conf_secrets']
|
||||
.[]('oslo_messaging_rabbit')['rabbit_password'] =
|
||||
get_password 'user', user
|
||||
end
|
||||
|
||||
db_user = node['openstack']['db']['orchestration']['username']
|
||||
db_pass = get_password 'db', 'heat'
|
||||
sql_connection = db_uri('orchestration', db_user, db_pass)
|
||||
|
||||
identity_endpoint = internal_endpoint 'identity-internal'
|
||||
identity_admin_endpoint = admin_endpoint 'identity-admin'
|
||||
heat_api_bind = internal_endpoint 'orchestration-api-bind'
|
||||
heat_api_endpoint = internal_endpoint 'orchestration-api'
|
||||
heat_api_cfn_bind = internal_endpoint 'orchestration-api-cfn-bind'
|
||||
heat_api_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
|
||||
heat_api_cloudwatch_bind = internal_endpoint 'orchestration-api-cloudwatch-bind'
|
||||
heat_api_cloudwatch_endpoint = internal_endpoint 'orchestration-api-cloudwatch'
|
||||
identity_endpoint = internal_endpoint 'identity'
|
||||
identity_admin_endpoint = admin_endpoint 'identity'
|
||||
|
||||
service_pass = get_password 'service', 'openstack-orchestration'
|
||||
auth_encryption_key = get_password 'token', 'orchestration_auth_encryption_key'
|
||||
|
||||
stack_domain_admin_password = nil
|
||||
if node['openstack']['orchestration']['stack_domain_admin']
|
||||
stack_domain_admin_password = get_password 'user', node['openstack']['orchestration']['stack_domain_admin']
|
||||
end
|
||||
bind_services = node['openstack']['bind_service']['all']
|
||||
api_bind = bind_services['orchestration-api']
|
||||
api_cfn_bind = bind_services['orchestration-api-cfn']
|
||||
api_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
|
||||
api_cw_bind = bind_services['orchestration-api-cloudwatch']
|
||||
api_cw_endpoint = internal_endpoint 'orchestration-api-cloudwatch'
|
||||
|
||||
ec2_auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['ec2authtoken']['auth']['version']
|
||||
auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['api']['auth']['version']
|
||||
identity_uri = identity_uri_transform(identity_admin_endpoint)
|
||||
|
||||
mq_service_type = node['openstack']['mq']['orchestration']['service_type']
|
||||
# We need these URIs without their default path
|
||||
metadata_uri = "#{api_cfn_endpoint.scheme}://#{api_cfn_endpoint.host}:#{api_cfn_endpoint.port}"
|
||||
watch_uri = "#{api_cw_endpoint.scheme}://#{api_cw_endpoint.host}:#{api_cw_endpoint.port}"
|
||||
|
||||
if mq_service_type == 'rabbitmq'
|
||||
if node['openstack']['mq']['orchestration']['rabbit']['ha']
|
||||
rabbit_hosts = rabbit_servers
|
||||
end
|
||||
mq_password = get_password 'user', node['openstack']['mq']['orchestration']['rabbit']['userid']
|
||||
elsif mq_service_type == 'qpid'
|
||||
mq_password = get_password 'user', node['openstack']['mq']['orchestration']['qpid']['username']
|
||||
# define attributes that are needed in the heat.conf
|
||||
node.default['openstack']['orchestration']['conf'].tap do |conf|
|
||||
conf['DEFAULT']['heat_metadata_server_url'] = metadata_uri
|
||||
conf['DEFAULT']['heat_waitcondition_server_url'] = "#{api_cfn_endpoint}/waitcondition"
|
||||
conf['DEFAULT']['heat_watch_server_url'] = watch_uri
|
||||
conf['DEFAULT']['region_name_for_services'] = node['openstack']['region']
|
||||
conf['clients_keystone']['auth_uri'] = auth_uri
|
||||
conf['ec2authtoken']['auth_uri'] = ec2_auth_uri
|
||||
conf['heat_api']['bind_host'] = bind_address api_bind
|
||||
conf['heat_api']['bind_port'] = api_bind.port
|
||||
conf['heat_api_cfn']['bind_host'] = bind_address api_cfn_bind
|
||||
conf['heat_api_cfn']['bind_port'] = api_cfn_bind.port
|
||||
conf['heat_api_cloudwatch']['bind_host'] = bind_address api_cw_bind
|
||||
conf['heat_api_cloudwatch']['bind_port'] = api_cw_bind.port
|
||||
conf['keystone_authtoken']['auth_url'] = auth_uri
|
||||
conf['trustee']['auth_url'] = identity_admin_endpoint
|
||||
end
|
||||
|
||||
# define secrets that are needed in the heat.conf
|
||||
node.default['openstack']['orchestration']['conf_secrets'].tap do |conf_secrets|
|
||||
conf_secrets['DEFAULT']['auth_encryption_key'] =
|
||||
get_password 'token', 'orchestration_auth_encryption_key'
|
||||
conf_secrets['database']['connection'] =
|
||||
db_uri('orchestration', db_user, db_pass)
|
||||
conf_secrets['keystone_authtoken']['password'] =
|
||||
get_password 'service', 'openstack-orchestration'
|
||||
conf_secrets['trustee']['password'] =
|
||||
get_password 'service', 'openstack-orchestration'
|
||||
end
|
||||
|
||||
# merge all config options and secrets to be used in the heat.conf
|
||||
heat_conf_options = merge_config_options 'orchestration'
|
||||
|
||||
directory '/etc/heat' do
|
||||
group node['openstack']['orchestration']['group']
|
||||
owner node['openstack']['orchestration']['user']
|
||||
mode 00700
|
||||
group node['openstack']['orchestration']['group']
|
||||
mode 00750
|
||||
action :create
|
||||
end
|
||||
|
||||
directory '/etc/heat/environment.d' do
|
||||
group node['openstack']['orchestration']['group']
|
||||
owner node['openstack']['orchestration']['user']
|
||||
mode 00700
|
||||
group node['openstack']['orchestration']['group']
|
||||
mode 00750
|
||||
action :create
|
||||
end
|
||||
|
||||
directory node['openstack']['orchestration']['api']['auth']['cache_dir'] do
|
||||
owner node['openstack']['orchestration']['user']
|
||||
group node['openstack']['orchestration']['group']
|
||||
mode 00700
|
||||
end
|
||||
|
||||
template '/etc/heat/heat.conf' do
|
||||
source 'heat.conf.erb'
|
||||
group node['openstack']['orchestration']['group']
|
||||
source 'openstack-service.conf.erb'
|
||||
cookbook 'openstack-common'
|
||||
owner node['openstack']['orchestration']['user']
|
||||
group node['openstack']['orchestration']['group']
|
||||
mode 00640
|
||||
variables(
|
||||
stack_domain_admin_password: stack_domain_admin_password,
|
||||
mq_service_type: mq_service_type,
|
||||
mq_password: mq_password,
|
||||
rabbit_hosts: rabbit_hosts,
|
||||
ec2_auth_uri: ec2_auth_uri,
|
||||
auth_uri: auth_uri,
|
||||
identity_uri: identity_uri,
|
||||
service_pass: service_pass,
|
||||
auth_encryption_key: auth_encryption_key,
|
||||
sql_connection: sql_connection,
|
||||
heat_api_bind: heat_api_bind,
|
||||
heat_api_endpoint: heat_api_endpoint,
|
||||
heat_api_cfn_bind: heat_api_cfn_bind,
|
||||
heat_api_cfn_endpoint: heat_api_cfn_endpoint,
|
||||
heat_api_cloudwatch_bind: heat_api_cloudwatch_bind,
|
||||
heat_api_cloudwatch_endpoint: heat_api_cloudwatch_endpoint
|
||||
service_config: heat_conf_options
|
||||
)
|
||||
end
|
||||
|
||||
template '/etc/heat/environment.d/default.yaml' do
|
||||
source 'default.yaml.erb'
|
||||
group node['openstack']['orchestration']['group']
|
||||
owner node['openstack']['orchestration']['user']
|
||||
group node['openstack']['orchestration']['group']
|
||||
mode 00644
|
||||
end
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ class ::Chef::Recipe # rubocop:disable Documentation
|
|||
include ::Openstack
|
||||
end
|
||||
|
||||
identity_admin_endpoint = admin_endpoint 'identity-admin'
|
||||
identity_admin_endpoint = admin_endpoint 'identity'
|
||||
|
||||
token = get_password 'token', 'openstack_identity_bootstrap_token'
|
||||
auth_url = ::URI.decode identity_admin_endpoint.to_s
|
||||
|
@ -37,11 +37,10 @@ internal_heat_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
|
|||
public_heat_cfn_endpoint = public_endpoint 'orchestration-api-cfn'
|
||||
|
||||
service_pass = get_password 'service', 'openstack-orchestration'
|
||||
service_tenant_name = node['openstack']['orchestration']['service_tenant_name']
|
||||
service_user = node['openstack']['orchestration']['service_user']
|
||||
service_tenant_name = node['openstack']['orchestration']['conf']['keystone_authtoken']['tenant_name']
|
||||
service_user = node['openstack']['orchestration']['conf']['keystone_authtoken']['username']
|
||||
service_role = node['openstack']['orchestration']['service_role']
|
||||
region = node['openstack']['orchestration']['region']
|
||||
stack_user_role = node['openstack']['orchestration']['heat_stack_user_role']
|
||||
region = node['openstack']['orchestration']['conf']['DEFAULT']['region_name_for_services']
|
||||
|
||||
# Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927),
|
||||
# See discussions on https://bugs.launchpad.net/heat/+bug/1167927
|
||||
|
@ -133,39 +132,3 @@ openstack_identity_register "Grant '#{service_role}' Role to #{service_user} Use
|
|||
|
||||
action :grant_role
|
||||
end
|
||||
|
||||
## Create role for heat template defined users ##
|
||||
openstack_identity_register "Create '#{stack_user_role}' Role for template defined users" do
|
||||
auth_uri auth_url
|
||||
bootstrap_token token
|
||||
role_name stack_user_role
|
||||
|
||||
action :create_role
|
||||
not_if { stack_user_role.nil? }
|
||||
end
|
||||
|
||||
stack_user_domain_name = node['openstack']['orchestration']['stack_user_domain_name']
|
||||
stack_domain_admin = node['openstack']['orchestration']['stack_domain_admin']
|
||||
|
||||
if !stack_user_role.nil? && !stack_user_domain_name.nil? && !stack_domain_admin.nil?
|
||||
stack_domain_admin_password = get_password 'user', stack_domain_admin
|
||||
admin_user = node['openstack']['identity']['admin_user']
|
||||
admin_pass = get_password 'user', admin_user
|
||||
ca_cert = node['openstack']['orchestration']['clients']['ca_file']
|
||||
cert_file = node['openstack']['orchestration']['clients']['cert_file']
|
||||
key_file = node['openstack']['orchestration']['clients']['key_file']
|
||||
insecure = node['openstack']['orchestration']['clients']['insecure'] && '--insecure' || ''
|
||||
|
||||
execute 'heat-keystone-setup-domain' do
|
||||
environment 'OS_USERNAME' => admin_user,
|
||||
'OS_PASSWORD' => admin_pass,
|
||||
'OS_AUTH_URL' => auth_url,
|
||||
'OS_CACERT' => ca_cert,
|
||||
'OS_CERT' => cert_file,
|
||||
'OS_KEY' => key_file,
|
||||
'HEAT_DOMAIN' => stack_user_domain_name,
|
||||
'HEAT_DOMAIN_ADMIN' => stack_domain_admin,
|
||||
'HEAT_DOMAIN_PASSWORD' => stack_domain_admin_password
|
||||
command "heat-keystone-setup-domain #{insecure}"
|
||||
end
|
||||
end
|
||||
|
|
|
@ -31,14 +31,5 @@ describe 'openstack-orchestration::common' do
|
|||
expect(chef_run).not_to upgrade_package 'python-ibm-db'
|
||||
expect(chef_run).not_to upgrade_package 'python-ibm-db-sa'
|
||||
end
|
||||
|
||||
describe 'heat.conf' do
|
||||
let(:file) { chef_run.template('/etc/heat/heat.conf') }
|
||||
|
||||
it 'adds misc_heat array correctly' do
|
||||
node.set['openstack']['orchestration']['misc_heat'] = ['MISC_OPTION=FOO']
|
||||
expect(chef_run).to render_file(file.name).with_content('MISC_OPTION=FOO')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -68,83 +68,14 @@ describe 'openstack-orchestration::identity_registration' do
|
|||
)
|
||||
end
|
||||
|
||||
it 'register heat-api endpoint with different admin url' do
|
||||
it 'registers heat-api endpoint with different urls' do
|
||||
admin_url = 'https://admin.host:123/admin_path'
|
||||
general_url = 'http://general.host:456/general_path'
|
||||
|
||||
# Set the general endpoint
|
||||
node.set['openstack']['endpoints']['orchestration-api']['uri'] = general_url
|
||||
# Set the admin endpoint override
|
||||
node.set['openstack']['endpoints']['admin']['orchestration-api']['uri'] = admin_url
|
||||
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Heat Orchestration Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'orchestration',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: admin_url,
|
||||
endpoint_internalurl: general_url,
|
||||
endpoint_publicurl: general_url,
|
||||
action: [:create_endpoint]
|
||||
)
|
||||
end
|
||||
|
||||
it 'register heat-api endpoint with different public url' do
|
||||
public_url = 'https://public.host:789/public_path'
|
||||
general_url = 'http://general.host:456/general_path'
|
||||
|
||||
# Set the general endpoint
|
||||
node.set['openstack']['endpoints']['orchestration-api']['uri'] = general_url
|
||||
# Set the public endpoint override
|
||||
node.set['openstack']['endpoints']['public']['orchestration-api']['uri'] = public_url
|
||||
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Heat Orchestration Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'orchestration',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: general_url,
|
||||
endpoint_internalurl: general_url,
|
||||
endpoint_publicurl: public_url,
|
||||
action: [:create_endpoint]
|
||||
)
|
||||
end
|
||||
|
||||
it 'register heat-api endpoint with different internal url' do
|
||||
public_url = 'http://public.host:456/public_path'
|
||||
internal_url = 'http://internal.host:456/internal_path'
|
||||
general_url = 'http://general.host:456/general_path'
|
||||
|
||||
# Set general endpoint
|
||||
node.set['openstack']['endpoints']['orchestration-api']['uri'] = general_url
|
||||
# Set the internal endpoint override
|
||||
node.set['openstack']['endpoints']['internal']['orchestration-api']['uri'] = internal_url
|
||||
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Heat Orchestration Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'orchestration',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: general_url,
|
||||
endpoint_internalurl: internal_url,
|
||||
endpoint_publicurl: general_url,
|
||||
action: [:create_endpoint]
|
||||
)
|
||||
end
|
||||
|
||||
it 'register heat-api endpoint with all different urls' do
|
||||
admin_url = 'https://admin.host:123/admin_path'
|
||||
internal_url = 'http://internal.host:456/internal_path'
|
||||
public_url = 'https://public.host:789/public_path'
|
||||
|
||||
node.set['openstack']['endpoints']['admin']['orchestration-api']['uri'] = admin_url
|
||||
node.set['openstack']['endpoints']['internal']['orchestration-api']['uri'] = internal_url
|
||||
node.set['openstack']['endpoints']['public']['orchestration-api']['uri'] = public_url
|
||||
node.set['openstack']['endpoints']['internal']['orchestration-api']['uri'] = internal_url
|
||||
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Heat Orchestration Endpoint'
|
||||
|
@ -175,69 +106,6 @@ describe 'openstack-orchestration::identity_registration' do
|
|||
)
|
||||
end
|
||||
|
||||
it 'register heat-cfn endpoint with different admin url' do
|
||||
admin_url = 'https://admin.host:123/admin_path'
|
||||
general_url = 'http://general.host:456/general_path'
|
||||
# Set the general endpoint
|
||||
node.set['openstack']['endpoints']['orchestration-api-cfn']['uri'] = general_url
|
||||
# Set the admin endpoint override
|
||||
node.set['openstack']['endpoints']['admin']['orchestration-api-cfn']['uri'] = admin_url
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Heat Cloudformation Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'cloudformation',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: admin_url,
|
||||
endpoint_internalurl: general_url,
|
||||
endpoint_publicurl: general_url,
|
||||
action: [:create_endpoint]
|
||||
)
|
||||
end
|
||||
|
||||
it 'register heat-cfn endpoint with different public url' do
|
||||
public_url = 'https://public.host:789/public_path'
|
||||
general_url = 'http://general.host:456/general_path'
|
||||
# Set the general endpoint
|
||||
node.set['openstack']['endpoints']['orchestration-api-cfn']['uri'] = general_url
|
||||
# Set the public endpoint override
|
||||
node.set['openstack']['endpoints']['public']['orchestration-api-cfn']['uri'] = public_url
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Heat Cloudformation Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'cloudformation',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: general_url,
|
||||
endpoint_internalurl: general_url,
|
||||
endpoint_publicurl: public_url,
|
||||
action: [:create_endpoint]
|
||||
)
|
||||
end
|
||||
|
||||
it 'register heat-cfn endpoint with different internal url' do
|
||||
internal_url = 'http://internal.host:456/internal_path'
|
||||
general_url = 'http://general.host:456/general_path'
|
||||
# Set the general endpoint
|
||||
node.set['openstack']['endpoints']['orchestration-api-cfn']['uri'] = general_url
|
||||
# Set the internal endpoint override
|
||||
node.set['openstack']['endpoints']['internal']['orchestration-api-cfn']['uri'] = internal_url
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Heat Cloudformation Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'cloudformation',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: general_url,
|
||||
endpoint_internalurl: internal_url,
|
||||
endpoint_publicurl: general_url,
|
||||
action: [:create_endpoint]
|
||||
)
|
||||
end
|
||||
|
||||
it 'register heat-cfn endpoint with all different urls' do
|
||||
admin_url = 'https://admin.host:123/admin_path'
|
||||
internal_url = 'http://internal.host:456/internal_path'
|
||||
|
@ -308,68 +176,5 @@ describe 'openstack-orchestration::identity_registration' do
|
|||
action: [:create_role]
|
||||
)
|
||||
end
|
||||
|
||||
it 'creates role for template defined users' do
|
||||
node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
|
||||
expect(chef_run).to create_role_openstack_identity_register(
|
||||
"Create 'heat_stack_user' Role for template defined users"
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
role_name: 'heat_stack_user',
|
||||
action: [:create_role]
|
||||
)
|
||||
end
|
||||
|
||||
it 'does not call domain setup script by default' do
|
||||
expect(chef_run).not_to run_execute('heat-keystone-setup-domain')
|
||||
end
|
||||
|
||||
it 'calls domain setup script with insecure mode' do
|
||||
node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
|
||||
node.set['openstack']['orchestration']['stack_user_domain_name'] = 'stack_user_domain_name'
|
||||
node.set['openstack']['orchestration']['stack_domain_admin'] = 'stack_domain_admin'
|
||||
node.set['openstack']['orchestration']['clients']['insecure'] = true
|
||||
node.set['openstack']['endpoints']['identity-admin']['scheme'] = 'https'
|
||||
|
||||
expect(chef_run).to run_execute('heat-keystone-setup-domain --insecure')
|
||||
.with(
|
||||
environment: { 'OS_USERNAME' => 'admin',
|
||||
'OS_PASSWORD' => 'admin_pass',
|
||||
'OS_AUTH_URL' => 'https://127.0.0.1:35357/v2.0',
|
||||
'OS_CACERT' => nil,
|
||||
'OS_CERT' => nil,
|
||||
'OS_KEY' => nil,
|
||||
'HEAT_DOMAIN' => 'stack_user_domain_name',
|
||||
'HEAT_DOMAIN_ADMIN' => 'stack_domain_admin',
|
||||
'HEAT_DOMAIN_PASSWORD' => 'stack_domain_admin_pass'
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
it 'calls domain setup script with secure mode' do
|
||||
node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
|
||||
node.set['openstack']['orchestration']['stack_user_domain_name'] = 'stack_user_domain_name'
|
||||
node.set['openstack']['orchestration']['stack_domain_admin'] = 'stack_domain_admin'
|
||||
node.set['openstack']['orchestration']['clients']['insecure'] = false
|
||||
node.set['openstack']['orchestration']['clients']['ca_file'] = 'path/cacert'
|
||||
node.set['openstack']['orchestration']['clients']['cert_file'] = 'path/cert_file'
|
||||
node.set['openstack']['orchestration']['clients']['key_file'] = 'path/key_file'
|
||||
node.set['openstack']['endpoints']['identity-admin']['scheme'] = 'https'
|
||||
|
||||
expect(chef_run).to run_execute('heat-keystone-setup-domain ')
|
||||
.with(
|
||||
environment: { 'OS_USERNAME' => 'admin',
|
||||
'OS_PASSWORD' => 'admin_pass',
|
||||
'OS_AUTH_URL' => 'https://127.0.0.1:35357/v2.0',
|
||||
'OS_CACERT' => 'path/cacert',
|
||||
'OS_CERT' => 'path/cert_file',
|
||||
'OS_KEY' => 'path/key_file',
|
||||
'HEAT_DOMAIN' => 'stack_user_domain_name',
|
||||
'HEAT_DOMAIN_ADMIN' => 'stack_domain_admin',
|
||||
'HEAT_DOMAIN_PASSWORD' => 'stack_domain_admin_pass'
|
||||
}
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -43,15 +43,9 @@ shared_context 'orchestration_stubs' do
|
|||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', 'admin-user')
|
||||
.and_return 'admin-pass'
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', 'heat_stack_admin')
|
||||
.and_return 'heat_stack_domain_admin_password'
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('service', 'openstack-orchestration')
|
||||
.and_return 'heat-pass'
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', 'stack_domain_admin')
|
||||
.and_return 'stack_domain_admin_pass'
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', 'admin')
|
||||
.and_return 'admin_pass'
|
||||
|
@ -103,7 +97,7 @@ shared_examples 'expects to create heat directories' do
|
|||
expect(chef_run).to create_directory('/etc/heat').with(
|
||||
owner: 'heat',
|
||||
group: 'heat',
|
||||
mode: 0700
|
||||
mode: 0750
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -111,15 +105,7 @@ shared_examples 'expects to create heat directories' do
|
|||
expect(chef_run).to create_directory('/etc/heat/environment.d').with(
|
||||
owner: 'heat',
|
||||
group: 'heat',
|
||||
mode: 0700
|
||||
)
|
||||
end
|
||||
|
||||
it 'creates /var/cache/heat' do
|
||||
expect(chef_run).to create_directory('/var/cache/heat').with(
|
||||
owner: 'heat',
|
||||
group: 'heat',
|
||||
mode: 0700
|
||||
mode: 0750
|
||||
)
|
||||
end
|
||||
end
|
||||
|
@ -136,356 +122,105 @@ shared_examples 'expects to create heat conf' do
|
|||
)
|
||||
end
|
||||
|
||||
describe 'workers' do
|
||||
it 'has default worker values' do
|
||||
[
|
||||
'heat_api',
|
||||
'heat_api_cfn',
|
||||
'heat_api_cloudwatch'
|
||||
].each do |section|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content(section, /^workers=0$/)
|
||||
end
|
||||
end
|
||||
|
||||
it 'has engine workers not set by default' do
|
||||
expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^num_engine_workers=/)
|
||||
end
|
||||
|
||||
it 'allows engine workers override' do
|
||||
node.set['openstack']['orchestration']['num_engine_workers'] = 5
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^num_engine_workers=5$/)
|
||||
end
|
||||
end
|
||||
|
||||
it 'uses default values for these attributes and they are not set' do
|
||||
expect(chef_run).not_to render_file(file.name).with_content(
|
||||
/^memcached_servers=/)
|
||||
expect(chef_run).not_to render_file(file.name).with_content(
|
||||
/^memcache_security_strategy=/)
|
||||
expect(chef_run).not_to render_file(file.name).with_content(
|
||||
/^memcache_secret_key=/)
|
||||
expect(chef_run).not_to render_file(file.name).with_content(
|
||||
/^cafile=/)
|
||||
end
|
||||
|
||||
it 'sets memcached server(s)' do
|
||||
node.set['openstack']['orchestration']['api']['auth']['memcached_servers'] = 'localhost:11211'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^memcached_servers=localhost:11211$/)
|
||||
end
|
||||
|
||||
it 'sets memcache security strategy' do
|
||||
node.set['openstack']['orchestration']['api']['auth']['memcache_security_strategy'] = 'MAC'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^memcache_security_strategy=MAC$/)
|
||||
end
|
||||
|
||||
it 'sets memcache secret key' do
|
||||
node.set['openstack']['orchestration']['api']['auth']['memcache_secret_key'] = '0123456789ABCDEF'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^memcache_secret_key=0123456789ABCDEF$/)
|
||||
end
|
||||
|
||||
it 'sets cafile' do
|
||||
node.set['openstack']['orchestration']['api']['auth']['cafile'] = 'dir/to/path'
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^cafile=dir/to/path$})
|
||||
end
|
||||
|
||||
it 'sets token hash algorithms' do
|
||||
node.set['openstack']['orchestration']['api']['auth']['hash_algorithms'] = 'sha2'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^hash_algorithms=sha2$/)
|
||||
end
|
||||
|
||||
it 'sets insecure' do
|
||||
node.set['openstack']['orchestration']['api']['auth']['insecure'] = false
|
||||
expect(chef_run).to render_file(file.name).with_content(/^insecure=false$/)
|
||||
end
|
||||
|
||||
it 'sets auth_encryption_key' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^auth_encryption_key=auth_encryption_key_secret$/)
|
||||
end
|
||||
|
||||
describe 'default values for certificates files' do
|
||||
it 'has no such values' do
|
||||
[
|
||||
/^ca_file=/,
|
||||
/^cert_file=/,
|
||||
/^key_file=/
|
||||
].each do |line|
|
||||
expect(chef_run).not_to render_file(file.name).with_content(line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'sets clients ca_file cert_file key_file insecure' do
|
||||
node.set['openstack']['orchestration']['clients']['ca_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients']['cert_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients']['key_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients']['insecure'] = true
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
|
||||
end
|
||||
|
||||
it 'sets clients_ceilometer ca_file cert_file key_file insecure' do
|
||||
node.set['openstack']['orchestration']['clients_ceilometer']['ca_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_ceilometer']['cert_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_ceilometer']['key_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_ceilometer']['insecure'] = true
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
|
||||
end
|
||||
|
||||
it 'sets clients_cinder ca_file cert_file key_file insecure' do
|
||||
node.set['openstack']['orchestration']['clients_cinder']['ca_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_cinder']['cert_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_cinder']['key_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_cinder']['insecure'] = true
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
|
||||
end
|
||||
|
||||
it 'sets clients_glance ca_file cert_file key_file insecure' do
|
||||
node.set['openstack']['orchestration']['clients_glance']['ca_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_glance']['cert_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_glance']['key_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_glance']['insecure'] = true
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
|
||||
end
|
||||
|
||||
it 'sets clients_heat ca_file cert_file key_file insecure' do
|
||||
node.set['openstack']['orchestration']['clients_heat']['ca_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_heat']['cert_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_heat']['key_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_heat']['insecure'] = true
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
|
||||
end
|
||||
|
||||
it 'sets clients_keystone ca_file cert_file key_file insecure' do
|
||||
node.set['openstack']['orchestration']['clients_keystone']['ca_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_keystone']['cert_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_keystone']['key_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_keystone']['insecure'] = true
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
|
||||
end
|
||||
|
||||
it 'sets clients_neutron ca_file cert_file key_file insecure' do
|
||||
node.set['openstack']['orchestration']['clients_neutron']['ca_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_neutron']['cert_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_neutron']['key_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_neutron']['insecure'] = true
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
|
||||
end
|
||||
|
||||
it 'sets clients_nova ca_file cert_file key_file insecure' do
|
||||
node.set['openstack']['orchestration']['clients_nova']['ca_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_nova']['cert_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_nova']['key_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients_nova']['insecure'] = true
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
|
||||
end
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^auth_encryption_key = auth_encryption_key_secret$/)
|
||||
end
|
||||
|
||||
describe 'default values' do
|
||||
it 'has default conf values' do
|
||||
[
|
||||
%r{^connection=mysql://heat:heat@127.0.0.1:3306/heat\?charset=utf8$},
|
||||
%r{^heat_metadata_server_url=http://127.0.0.1:8000$},
|
||||
%r{^heat_waitcondition_server_url=http://127.0.0.1:8000/v1/waitcondition$},
|
||||
%r{^heat_watch_server_url=http://127.0.0.1:8003$},
|
||||
%r{^signing_dir=/var/cache/heat$},
|
||||
/^debug=False$/,
|
||||
/^verbose=False$/,
|
||||
%r{^log_dir=/var/log/heat$},
|
||||
%r{^heat_metadata_server_url = http://127.0.0.1:8000$},
|
||||
%r{^heat_waitcondition_server_url = http://127.0.0.1:8000/v1/waitcondition$},
|
||||
%r{^heat_watch_server_url = http://127.0.0.1:8003$},
|
||||
%r{^log_dir = /var/log/heat$},
|
||||
/^notification_driver = heat.openstack.common.notifier.rpc_notifier$/,
|
||||
/^default_notification_level = INFO$/,
|
||||
/^default_publisher_id = $/,
|
||||
/^list_notifier_drivers = heat.openstack.common.notifier.no_op_notifier$/,
|
||||
/^notification_topics = notifications$/,
|
||||
/^rpc_thread_pool_size=64$/,
|
||||
/^rpc_response_timeout=60$/,
|
||||
/^bind_host=127.0.0.1$/,
|
||||
/^bind_port=8004$/,
|
||||
%r{^auth_uri=http://127.0.0.1:5000/v2.0$},
|
||||
%r{^identity_uri=http://127.0.0.1:35357/$},
|
||||
/^auth_version=v2.0$/,
|
||||
/^hash_algorithms=md5$/,
|
||||
/^insecure=false$/,
|
||||
/^admin_user=heat$/,
|
||||
/^admin_password=heat-pass$/,
|
||||
/^admin_tenant_name=service$/,
|
||||
/^deferred_auth_method=trusts$/,
|
||||
/^stack_scheduler_hints=false$/,
|
||||
/^region_name_for_services=RegionOne$/
|
||||
/^region_name_for_services = RegionOne$/
|
||||
].each do |line|
|
||||
expect(chef_run).to render_file(file.name).with_content(line)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'overrides the schemes' do
|
||||
node.set['openstack']['endpoints']['orchestration-api-cfn']['scheme'] = 'https'
|
||||
node.set['openstack']['endpoints']['orchestration-api-cloudwatch']['scheme'] = 'https'
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^heat_metadata_server_url=https://127.0.0.1:8000$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^heat_waitcondition_server_url=https://127.0.0.1:8000/v1/waitcondition$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^heat_watch_server_url=https://127.0.0.1:8003$})
|
||||
end
|
||||
end
|
||||
|
||||
describe 'domain values' do
|
||||
it 'has no default domain values' do
|
||||
it 'has heat_api binding' do
|
||||
[
|
||||
/^heat_stack_user_role=/,
|
||||
/^stack_user_domain_name=/,
|
||||
/^stack_user_domain_id=/,
|
||||
/^stack_domain_admin=/,
|
||||
/^stack_domain_admin_password=/
|
||||
/^bind_host = 127.0.0.1$/,
|
||||
/^bind_port = 8004$/
|
||||
].each do |line|
|
||||
expect(chef_run).not_to render_file(file.name).with_content(line)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('heat_api', line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'has domain override values' do
|
||||
node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
|
||||
node.set['openstack']['orchestration']['stack_user_domain_name'] = 'heat'
|
||||
node.set['openstack']['orchestration']['stack_user_domain_id'] = '123'
|
||||
node.set['openstack']['orchestration']['stack_domain_admin'] = 'heat_stack_admin'
|
||||
it 'has heat_api_cfn binding' do
|
||||
[
|
||||
/^heat_stack_user_role=heat_stack_user$/,
|
||||
/^stack_user_domain_name=heat$/,
|
||||
/^stack_user_domain_id=123$/,
|
||||
/^stack_domain_admin=heat_stack_admin$/,
|
||||
/^stack_domain_admin_password=heat_stack_domain_admin_password$/
|
||||
/^bind_host = 127.0.0.1$/,
|
||||
/^bind_port = 8000$/
|
||||
].each do |line|
|
||||
expect(chef_run).to render_file(file.name).with_content(line)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('heat_api_cfn', line)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'has qpid values' do
|
||||
it 'has default qpid_* values' do
|
||||
node.set['openstack']['mq']['orchestration']['service_type'] = 'qpid'
|
||||
|
||||
it 'has heat_api_cloudwatch binding' do
|
||||
[
|
||||
/^rpc_conn_pool_size=30$/,
|
||||
/^amqp_durable_queues=false$/,
|
||||
/^amqp_auto_delete=false$/,
|
||||
/^qpid_hostname=127.0.0.1$/,
|
||||
/^qpid_port=5672$/,
|
||||
/^qpid_username=guest$/,
|
||||
/^qpid_password=mq-pass$/,
|
||||
/^qpid_sasl_mechanisms=$/,
|
||||
/^qpid_heartbeat=60$/,
|
||||
/^qpid_protocol=tcp$/,
|
||||
/^qpid_tcp_nodelay=true$/,
|
||||
/^qpid_reconnect_timeout=0$/,
|
||||
/^qpid_reconnect_limit=0$/,
|
||||
/^qpid_reconnect_interval_min=0$/,
|
||||
/^qpid_reconnect_interval_max=0$/,
|
||||
/^qpid_reconnect_interval=0$/,
|
||||
/^qpid_topology_version=1$/
|
||||
/^bind_host = 127.0.0.1$/,
|
||||
/^bind_port = 8003$/
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_qpid', line)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('heat_api_cloudwatch', line)
|
||||
end
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^rpc_backend=heat.openstack.common.rpc.impl_qpid$/)
|
||||
end
|
||||
|
||||
it 'sets database connection value' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content(
|
||||
'database', %r{^connection = mysql://heat:heat@127.0.0.1:3306/heat\?charset=utf8$})
|
||||
end
|
||||
end
|
||||
|
||||
describe 'has ec2authtoken values' do
|
||||
it 'has default ec2authtoken values' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('ec2authtoken', %r{^auth_uri=http://127.0.0.1:5000/v2.0$})
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('ec2authtoken', %r{^auth_uri = http://127.0.0.1:5000/v2.0$})
|
||||
end
|
||||
end
|
||||
|
||||
describe 'has rabbit values' do
|
||||
before do
|
||||
node.set['openstack']['mq']['orchestration']['service_type'] = 'rabbitmq'
|
||||
describe 'has clients_keystone values' do
|
||||
it 'has default clients_keystone values' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('clients_keystone', %r{^auth_uri = http://127.0.0.1:5000/v2.0$})
|
||||
end
|
||||
end
|
||||
|
||||
it 'has default rabbit values' do
|
||||
[/^rpc_conn_pool_size=30$/,
|
||||
/^amqp_durable_queues=false$/,
|
||||
/^amqp_auto_delete=false$/,
|
||||
/^heartbeat_timeout_threshold=0$/,
|
||||
/^heartbeat_rate=2$/
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'does not have rabbit ha values' do
|
||||
describe 'has oslo_messaging_rabbit values' do
|
||||
it 'has default oslo_messaging_rabbit values' do
|
||||
[
|
||||
/^rabbit_host=127.0.0.1$/,
|
||||
/^rabbit_port=5672$/,
|
||||
/^rabbit_ha_queues=False$/
|
||||
/^rabbit_userid = guest$/,
|
||||
/^rabbit_password = mq-pass$/
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'has rabbit ha values' do
|
||||
node.set['openstack']['mq']['orchestration']['rabbit']['ha'] = true
|
||||
describe 'has keystone_authtoken values' do
|
||||
it 'has default keystone_authtoken values' do
|
||||
[
|
||||
/^rabbit_hosts=1.1.1.1:5672,2.2.2.2:5672$/,
|
||||
/^rabbit_ha_queues=True$/
|
||||
%r{^auth_url = http://127.0.0.1:5000/v2.0$},
|
||||
/^auth_plugin = v2password$/,
|
||||
/^username = heat$/,
|
||||
/^tenant_name = service$/,
|
||||
/^password = heat-pass$/
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'does not have ssl config set' do
|
||||
[/^rabbit_use_ssl=/,
|
||||
/^kombu_ssl_version=/,
|
||||
/^kombu_ssl_keyfile=/,
|
||||
/^kombu_ssl_certfile=/,
|
||||
/^kombu_ssl_ca_certs=/,
|
||||
/^kombu_reconnect_delay=/,
|
||||
/^kombu_reconnect_timeout=/].each do |line|
|
||||
expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
|
||||
describe 'has trustee values' do
|
||||
it 'has default trustee values' do
|
||||
[
|
||||
%r{^auth_url = http://127.0.0.1:35357/v2.0$},
|
||||
/^auth_plugin = v2password$/,
|
||||
/^username = heat$/,
|
||||
/^password = heat-pass$/
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('trustee', line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'sets ssl config' do
|
||||
node.set['openstack']['mq']['orchestration']['rabbit']['use_ssl'] = true
|
||||
node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_version'] = 'TLSv1.2'
|
||||
node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_keyfile'] = 'keyfile'
|
||||
node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_certfile'] = 'certfile'
|
||||
node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_ca_certs'] = 'certsfile'
|
||||
node.set['openstack']['mq']['orchestration']['rabbit']['kombu_reconnect_delay'] = 123.123
|
||||
node.set['openstack']['mq']['orchestration']['rabbit']['kombu_reconnect_timeout'] = 123
|
||||
[/^rabbit_use_ssl=true/,
|
||||
/^kombu_ssl_version=TLSv1.2$/,
|
||||
/^kombu_ssl_keyfile=keyfile$/,
|
||||
/^kombu_ssl_certfile=certfile$/,
|
||||
/^kombu_ssl_ca_certs=certsfile$/,
|
||||
/^kombu_reconnect_delay=123.123$/,
|
||||
/^kombu_reconnect_timeout=123$/].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'has the default rabbit_retry_interval set' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_retry_interval=1$/)
|
||||
end
|
||||
|
||||
it 'has the default rabbit_max_retries set' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_max_retries=0$/)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue