Add ability to configure heat-cfn keystone auth_name via hiera
Change-Id: I0eaaf812fda4dcd75f937cdf0e9770fa7617da76 Closes-Bug: #1561236
This commit is contained in:
parent
fd7675bb74
commit
47cf113151
|
@ -0,0 +1 @@
|
|||
include ::openstack_tasks::heat::cfn_keystone
|
|
@ -59,3 +59,16 @@
|
|||
puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/heat/keystone.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 1800
|
||||
|
||||
- id: heat-cfn-keystone
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
groups: [primary-controller]
|
||||
required_for: [heat, primary-heat]
|
||||
requires: [primary-keystone, keystone]
|
||||
cross-depends:
|
||||
- name: keystone
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/heat/cfn_keystone.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 1800
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
class openstack_tasks::heat::cfn_keystone {
|
||||
|
||||
notice('MODULAR: heat/cfn_keystone.pp')
|
||||
|
||||
$heat_hash = hiera_hash('heat', {})
|
||||
$public_vip = hiera('public_vip')
|
||||
$region = pick($heat_hash['region'], hiera('region', 'RegionOne'))
|
||||
$management_vip = hiera('management_vip')
|
||||
$public_ssl_hash = hiera_hash('public_ssl')
|
||||
$ssl_hash = hiera_hash('use_ssl', {})
|
||||
|
||||
$public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'heat', 'public', 'protocol', 'http')
|
||||
$public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'heat', 'public', 'hostname', [$public_vip])
|
||||
|
||||
$internal_protocol = get_ssl_property($ssl_hash, {}, 'heat', 'internal', 'protocol', 'http')
|
||||
$internal_address = get_ssl_property($ssl_hash, {}, 'heat', 'internal', 'hostname', [hiera('heat_endpoint', ''), $management_vip])
|
||||
|
||||
$admin_protocol = get_ssl_property($ssl_hash, {}, 'heat', 'admin', 'protocol', 'http')
|
||||
$admin_address = get_ssl_property($ssl_hash, {}, 'heat', 'admin', 'hostname', [hiera('heat_endpoint', ''), $management_vip])
|
||||
|
||||
$password = $heat_hash['user_password']
|
||||
$cfn_auth_name = pick($heat_hash['cfn_auth_name'], 'heat-cfn')
|
||||
$configure_endpoint = pick($heat_hash['configure_endpoint'], true)
|
||||
$configure_user = pick($heat_hash['configure_user'], true)
|
||||
$configure_user_role = pick($heat_hash['configure_user_role'], true)
|
||||
$service_name = pick($heat_hash['service_name'], 'heat')
|
||||
$tenant = pick($heat_hash['tenant'], 'services')
|
||||
$cfn_auth_email = pick($heat_hash['cfn_auth_email'], "${cfn_auth_name}@localhost")
|
||||
|
||||
Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::heat::keystone::auth_cfn']
|
||||
|
||||
validate_string($public_address)
|
||||
validate_string($password)
|
||||
|
||||
$public_url_cfn = "${public_protocol}://${public_address}:8000/v1"
|
||||
$internal_url_cfn = "${internal_protocol}://${internal_address}:8000/v1"
|
||||
$admin_url_cfn = "${admin_protocol}://${admin_address}:8000/v1"
|
||||
|
||||
class { '::osnailyfacter::wait_for_keystone_backends': }
|
||||
|
||||
class { '::heat::keystone::auth_cfn' :
|
||||
password => $password,
|
||||
auth_name => $cfn_auth_name,
|
||||
service_type => 'cloudformation',
|
||||
region => $region,
|
||||
tenant => $keystone_tenant,
|
||||
email => $cfn_auth_email,
|
||||
configure_endpoint => true,
|
||||
configure_user => $configure_user,
|
||||
configure_user_role => $configure_user_role,
|
||||
public_url => $public_url_cfn,
|
||||
internal_url => $internal_url_cfn,
|
||||
admin_url => $admin_url_cfn,
|
||||
}
|
||||
|
||||
}
|
|
@ -27,7 +27,6 @@ class openstack_tasks::heat::keystone {
|
|||
$tenant = pick($heat_hash['tenant'], 'services')
|
||||
|
||||
Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::heat::keystone::auth']
|
||||
Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::heat::keystone::auth_cfn']
|
||||
|
||||
validate_string($public_address)
|
||||
validate_string($password)
|
||||
|
@ -35,9 +34,6 @@ class openstack_tasks::heat::keystone {
|
|||
$public_url = "${public_protocol}://${public_address}:8004/v1/%(tenant_id)s"
|
||||
$internal_url = "${internal_protocol}://${internal_address}:8004/v1/%(tenant_id)s"
|
||||
$admin_url = "${admin_protocol}://${admin_address}:8004/v1/%(tenant_id)s"
|
||||
$public_url_cfn = "${public_protocol}://${public_address}:8000/v1"
|
||||
$internal_url_cfn = "${internal_protocol}://${internal_address}:8000/v1"
|
||||
$admin_url_cfn = "${admin_protocol}://${admin_address}:8000/v1"
|
||||
|
||||
class { '::osnailyfacter::wait_for_keystone_backends': }
|
||||
|
||||
|
@ -55,20 +51,4 @@ class openstack_tasks::heat::keystone {
|
|||
internal_url => $internal_url,
|
||||
admin_url => $admin_url,
|
||||
}
|
||||
|
||||
class { '::heat::keystone::auth_cfn' :
|
||||
password => $password,
|
||||
auth_name => "${auth_name}-cfn",
|
||||
service_type => 'cloudformation',
|
||||
region => $region,
|
||||
tenant => $keystone_tenant,
|
||||
email => "${auth_name}-cfn@localhost",
|
||||
configure_endpoint => true,
|
||||
configure_user => $configure_user,
|
||||
configure_user_role => $configure_user_role,
|
||||
public_url => $public_url_cfn,
|
||||
internal_url => $internal_url_cfn,
|
||||
admin_url => $admin_url_cfn,
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
include ::openstack_tasks::heat::cfn_keystone
|
||||
warning('osnailyfacter/modular/./heat/cfn_keystone.pp is deprecated in mitaka and will be removed in newton. Please use openstack_tasks/examples/./heat/cfn_keystone.pp')
|
|
@ -0,0 +1,68 @@
|
|||
require 'spec_helper'
|
||||
require 'shared-examples'
|
||||
manifest = 'heat/cfn_keystone.pp'
|
||||
|
||||
describe manifest do
|
||||
shared_examples 'catalog' do
|
||||
it 'should set empty trusts_delegated_roles for heat auth' do
|
||||
contain_class('heat::keystone::auth').with(
|
||||
'trusts_delegated_roles' => [],
|
||||
)
|
||||
end
|
||||
heat = Noop.hiera_hash('heat')
|
||||
internal_protocol = 'http'
|
||||
internal_address = Noop.hiera('management_vip')
|
||||
admin_protocol = 'http'
|
||||
admin_address = internal_address
|
||||
|
||||
configure_user = heat.fetch('configure_user', true)
|
||||
configure_user_role = heat.fetch('configure_user_role', true)
|
||||
|
||||
auth_name_cfn = heat.fetch('cfn_auth_name', 'heat-cfn')
|
||||
|
||||
if Noop.hiera_structure('use_ssl', false)
|
||||
public_protocol = 'https'
|
||||
public_address = Noop.hiera_structure('use_ssl/heat_public_hostname')
|
||||
internal_protocol = 'https'
|
||||
internal_address = Noop.hiera_structure('use_ssl/heat_internal_hostname')
|
||||
admin_protocol = 'https'
|
||||
admin_address = Noop.hiera_structure('use_ssl/heat_admin_hostname')
|
||||
elsif Noop.hiera_structure('public_ssl/services')
|
||||
public_protocol = 'https'
|
||||
public_address = Noop.hiera_structure('public_ssl/hostname')
|
||||
else
|
||||
public_address = Noop.hiera('public_vip')
|
||||
public_protocol = 'http'
|
||||
end
|
||||
|
||||
public_url_cfn = "#{public_protocol}://#{public_address}:8000/v1"
|
||||
internal_url_cfn = "#{internal_protocol}://#{internal_address}:8000/v1"
|
||||
admin_url_cfn = "#{admin_protocol}://#{admin_address}:8000/v1"
|
||||
tenant = Noop.hiera_structure 'heat/tenant', 'services'
|
||||
|
||||
it 'class heat::keystone::auth_cfn should contain correct *_url' do
|
||||
should contain_class('heat::keystone::auth_cfn').with('public_url' => public_url_cfn)
|
||||
should contain_class('heat::keystone::auth_cfn').with('internal_url' => internal_url_cfn)
|
||||
should contain_class('heat::keystone::auth_cfn').with('admin_url' => admin_url_cfn)
|
||||
end
|
||||
|
||||
it 'should have explicit ordering between LB classes and particular actions' do
|
||||
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]",
|
||||
"Class[heat::keystone::auth_cfn]")
|
||||
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]",
|
||||
"Class[heat::keystone::auth_cfn]")
|
||||
end
|
||||
|
||||
it 'class heat::keystone::auth_cfn should contain configure_user parameters' do
|
||||
should contain_class('heat::keystone::auth_cfn').with('configure_user' => configure_user)
|
||||
should contain_class('heat::keystone::auth_cfn').with('configure_user_role' => configure_user_role)
|
||||
end
|
||||
|
||||
it 'class heat::keystone::auth_cfn should contain correct auth_name' do
|
||||
should contain_class('heat::keystone::auth_cfn').with('auth_name' => auth_name_cfn)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
test_ubuntu_and_centos manifest
|
||||
end
|
|
@ -38,9 +38,6 @@ describe manifest do
|
|||
public_url = "#{public_protocol}://#{public_address}:8004/v1/%(tenant_id)s"
|
||||
internal_url = "#{internal_protocol}://#{internal_address}:8004/v1/%(tenant_id)s"
|
||||
admin_url = "#{admin_protocol}://#{admin_address}:8004/v1/%(tenant_id)s"
|
||||
public_url_cfn = "#{public_protocol}://#{public_address}:8000/v1"
|
||||
internal_url_cfn = "#{internal_protocol}://#{internal_address}:8000/v1"
|
||||
admin_url_cfn = "#{admin_protocol}://#{admin_address}:8000/v1"
|
||||
tenant = Noop.hiera_structure 'heat/tenant', 'services'
|
||||
|
||||
it 'class heat::keystone::auth should contain correct *_url' do
|
||||
|
@ -49,32 +46,17 @@ describe manifest do
|
|||
should contain_class('heat::keystone::auth').with('admin_url' => admin_url)
|
||||
end
|
||||
|
||||
it 'class heat::keystone::auth_cfn should contain correct *_url' do
|
||||
should contain_class('heat::keystone::auth_cfn').with('public_url' => public_url_cfn)
|
||||
should contain_class('heat::keystone::auth_cfn').with('internal_url' => internal_url_cfn)
|
||||
should contain_class('heat::keystone::auth_cfn').with('admin_url' => admin_url_cfn)
|
||||
end
|
||||
|
||||
it 'should have explicit ordering between LB classes and particular actions' do
|
||||
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]",
|
||||
"Class[heat::keystone::auth]")
|
||||
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]",
|
||||
"Class[heat::keystone::auth]")
|
||||
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]",
|
||||
"Class[heat::keystone::auth_cfn]")
|
||||
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]",
|
||||
"Class[heat::keystone::auth_cfn]")
|
||||
end
|
||||
|
||||
it 'class heat::keystone::auth should contain tenant' do
|
||||
should contain_class('heat::keystone::auth').with('tenant' => tenant)
|
||||
end
|
||||
|
||||
it 'class heat::keystone::auth_cfn should contain configure_user parameters' do
|
||||
should contain_class('heat::keystone::auth_cfn').with('configure_user' => configure_user)
|
||||
should contain_class('heat::keystone::auth_cfn').with('configure_user_role' => configure_user_role)
|
||||
end
|
||||
|
||||
it 'class heat::keystone::auth should contain configure_user parameters' do
|
||||
should contain_class('heat::keystone::auth').with('configure_user' => configure_user)
|
||||
should contain_class('heat::keystone::auth').with('configure_user_role' => configure_user_role)
|
||||
|
|
Loading…
Reference in New Issue