Deprecate keystone v2.0 functionality
This deprecates the rgw_keystone_version and rgw_keystone_admin_token parameters which now has no effect. It makes the following parameter required as it's now only using Keystone V3. * rgw_keystone_admin_domain * rgw_keystone_admin_project * rgw_keystone_admin_user * rgw_keystone_admin_password Also does cleanup on documentation of parameters and the spec testing. Change-Id: Id4c6b564a47e583c4f6af587d9a3c97f419e90a9
This commit is contained in:
parent
e39f7d2320
commit
85b9d61c40
|
@ -23,63 +23,76 @@
|
|||
#
|
||||
### == Parameters
|
||||
#
|
||||
# [*rgw_keystone_admin_token*] The keystone admin token.
|
||||
# Required if rgw_keystone_version is v2.0.
|
||||
# [*rgw_keystone_admin_domain*]
|
||||
# (Required) The name of OpenStack domain with admin
|
||||
# privilege when using OpenStack Identity API v3.
|
||||
#
|
||||
# [*rgw_keystone_url*] The internal or admin url for keystone.
|
||||
# Optional. Default is 'http://127.0.0.1:5000'
|
||||
# [*rgw_keystone_admin_project*]
|
||||
# (Optional) The name of OpenStack project with admin
|
||||
# privilege when using OpenStack Identity API v3
|
||||
#
|
||||
# [*rgw_keystone_version*] The api version for keystone.
|
||||
# Possible values 'v2.0', 'v3'
|
||||
# Optional. Default is 'v2.0'
|
||||
# [*rgw_keystone_admin_user*]
|
||||
# (Required) The user name of OpenStack tenant with admin
|
||||
# privilege (Service Tenant).
|
||||
#
|
||||
# [*rgw_keystone_accepted_roles*] Roles to accept from keystone.
|
||||
# Optional. Default is 'Member'.
|
||||
# [*rgw_keystone_admin_password*]
|
||||
# (Required) The password for OpenStack admin user.
|
||||
#
|
||||
# [*rgw_keystone_url*]
|
||||
# (Optional) The internal or admin url for keystone.
|
||||
# Defaults to 'http://127.0.0.1:5000'
|
||||
#
|
||||
# [*rgw_keystone_accepted_roles*]
|
||||
# (Optional) Roles to accept from keystone.
|
||||
# Comma separated list of roles.
|
||||
# Defaults to 'Member'
|
||||
#
|
||||
# [*rgw_keystone_token_cache_size*] How many tokens to keep cached.
|
||||
# Optional. Default is 500.
|
||||
# [*rgw_keystone_token_cache_size*]
|
||||
# (Optional) How many tokens to keep cached.
|
||||
# Not useful when using PKI as every token is checked.
|
||||
# Defaults to 500
|
||||
#
|
||||
# [*rgw_s3_auth_use_keystone*] Whether to enable keystone auth for S3.
|
||||
# Optional. Default to true.
|
||||
# [*rgw_s3_auth_use_keystone*]
|
||||
# (Optional) Whether to enable keystone auth for S3.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*use_pki*] Whether to use PKI related configuration.
|
||||
# Optional. Default to true.
|
||||
# [*use_pki*]
|
||||
# (Optional) Whether to use PKI related configuration.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*rgw_keystone_revocation_interval*] Interval to check for expired tokens.
|
||||
# Optional. Default is 600 (seconds).
|
||||
# [*rgw_keystone_revocation_interval*]
|
||||
# (Optional) Interval to check for expired tokens.
|
||||
# Not useful if not using PKI tokens (if not, set to high value).
|
||||
# Defaults is 600 (seconds)
|
||||
#
|
||||
# [*nss_db_path*] Path to NSS < - > keystone tokens db files.
|
||||
# Optional. Default is undef.
|
||||
# [*nss_db_path*]
|
||||
# (Optional) Path to NSS < - > keystone tokens db files.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*user*] User running the web frontend.
|
||||
# Optional. Default is 'www-data'.
|
||||
# [*user*]
|
||||
# (Optional) User running the web frontend.
|
||||
# Defaults to 'www-data'
|
||||
#
|
||||
# [*rgw_keystone_admin_domain*] The name of OpenStack domain with admin
|
||||
# privilege when using OpenStack Identity API v3
|
||||
# Optional. Default is undef
|
||||
# [*rgw_keystone_implicit_tenants*]
|
||||
# (Optional) Set 'true' for a private tenant for each user.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*rgw_keystone_admin_project*] The name of OpenStack project with admin
|
||||
# privilege when using OpenStack Identity API v3
|
||||
# Optional. Default is 'openstack'
|
||||
## DEPRECATED PARAMS
|
||||
#
|
||||
# [*rgw_keystone_admin_user*] The user name of OpenStack tenant with admin
|
||||
# privilege (Service Tenant)
|
||||
# Required if rgw_keystone_version is 'v3'.
|
||||
# [*rgw_keystone_version*]
|
||||
# (Optional) The api version for keystone.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*rgw_keystone_admin_password*] The password for OpenStack admin user
|
||||
# Required if rgw_keystone_version is 'v3'.
|
||||
# [*rgw_keystone_admin_token*]
|
||||
# (Optional) The keystone admin token.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*rgw_keystone_implicit_tenants*] Set 'true' for a private tenant
|
||||
# for each user.
|
||||
# Defaults is true
|
||||
|
||||
define ceph::rgw::keystone (
|
||||
$rgw_keystone_admin_token = undef,
|
||||
$rgw_keystone_admin_domain,
|
||||
$rgw_keystone_admin_project,
|
||||
$rgw_keystone_admin_user,
|
||||
$rgw_keystone_admin_password,
|
||||
$rgw_keystone_url = 'http://127.0.0.1:5000',
|
||||
$rgw_keystone_version = 'v2.0',
|
||||
$rgw_keystone_accepted_roles = 'Member',
|
||||
$rgw_keystone_token_cache_size = 500,
|
||||
$rgw_s3_auth_use_keystone = true,
|
||||
|
@ -87,17 +100,23 @@ define ceph::rgw::keystone (
|
|||
$rgw_keystone_revocation_interval = 600,
|
||||
$nss_db_path = '/var/lib/ceph/nss',
|
||||
$user = $::ceph::params::user_radosgw,
|
||||
$rgw_keystone_admin_domain = $::ceph::profile::params::rgw_keystone_admin_domain,
|
||||
$rgw_keystone_admin_project = $::ceph::profile::params::rgw_keystone_admin_project,
|
||||
$rgw_keystone_admin_user = $::ceph::profile::params::rgw_keystone_admin_user,
|
||||
$rgw_keystone_admin_password = $::ceph::profile::params::rgw_keystone_admin_password,
|
||||
$rgw_keystone_implicit_tenants = true,
|
||||
## DEPRECATED PARAMS
|
||||
$rgw_keystone_version = undef,
|
||||
$rgw_keystone_admin_token = undef,
|
||||
) {
|
||||
|
||||
unless $name =~ /^radosgw\..+/ {
|
||||
fail("Define name must be started with 'radosgw.'")
|
||||
}
|
||||
|
||||
if $rgw_keystone_version {
|
||||
warning('ceph::rgw::keystone::rgw_keystone_version is deprecated')
|
||||
}
|
||||
if $rgw_keystone_admin_token {
|
||||
warning('ceph::rgw::keystone::rgw_keystone_admin_token is deprecated')
|
||||
}
|
||||
|
||||
ceph_config {
|
||||
"client.${name}/rgw_keystone_url": value => $rgw_keystone_url;
|
||||
"client.${name}/rgw_keystone_accepted_roles": value => join(any2array($rgw_keystone_accepted_roles), ',');
|
||||
|
@ -114,33 +133,13 @@ define ceph::rgw::keystone (
|
|||
}
|
||||
}
|
||||
|
||||
if $rgw_keystone_version == 'v2.0' {
|
||||
if $rgw_keystone_admin_token == undef
|
||||
{
|
||||
fail( 'Missing rgw_keystone_admin_token for Keystone V2 integration')
|
||||
}
|
||||
ceph_config {
|
||||
"client.${name}/rgw_keystone_admin_token": value => $rgw_keystone_admin_token;
|
||||
}
|
||||
} elsif $rgw_keystone_version == 'v3' {
|
||||
if $rgw_keystone_admin_domain == undef
|
||||
or $rgw_keystone_admin_project == undef
|
||||
or $rgw_keystone_admin_user == undef
|
||||
or $rgw_keystone_admin_password == undef
|
||||
{
|
||||
fail( 'Incomplete parameters for Keystone V3 integration')
|
||||
}
|
||||
ceph_config {
|
||||
"client.${name}/rgw_keystone_api_version": value => 3;
|
||||
"client.${name}/rgw_keystone_admin_domain": value => $rgw_keystone_admin_domain;
|
||||
"client.${name}/rgw_keystone_admin_project": value => $rgw_keystone_admin_project;
|
||||
"client.${name}/rgw_keystone_admin_user": value => $rgw_keystone_admin_user;
|
||||
"client.${name}/rgw_keystone_admin_password": value => $rgw_keystone_admin_password;
|
||||
"client.${name}/rgw_keystone_admin_token": ensure => absent;
|
||||
}
|
||||
|
||||
} else {
|
||||
fail("Unsupported keystone version: ${rgw_keystone_version}")
|
||||
ceph_config {
|
||||
"client.${name}/rgw_keystone_api_version": value => 3;
|
||||
"client.${name}/rgw_keystone_admin_domain": value => $rgw_keystone_admin_domain;
|
||||
"client.${name}/rgw_keystone_admin_project": value => $rgw_keystone_admin_project;
|
||||
"client.${name}/rgw_keystone_admin_user": value => $rgw_keystone_admin_user;
|
||||
"client.${name}/rgw_keystone_admin_password": value => $rgw_keystone_admin_password;
|
||||
"client.${name}/rgw_keystone_admin_token": ensure => absent;
|
||||
}
|
||||
|
||||
if $use_pki {
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
The ceph::rgw::keystone class now defaults to configuration it for Keystone
|
||||
V3 API. The v2.0 functionality is removed.
|
||||
- |
|
||||
The ceph::rgw::keystone class now requires the rgw_keystone_admin_domain,
|
||||
rgw_keystone_admin_project, rgw_keystone_admin_user and
|
||||
rgw_keystone_admin_password parameters to be configured, these were previously
|
||||
only required when configuring Keystone V3, which is now the default and v2.0
|
||||
has been removed.
|
||||
deprecations:
|
||||
- |
|
||||
The ceph::rgw::keystone::rgw_keystone_version is deprecated and now has no
|
||||
effect.
|
||||
- |
|
||||
The ceph::rgw::keystone::rgw_keystone_admin_token is deprecated and now has
|
||||
no effect.
|
|
@ -19,15 +19,7 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'ceph::rgw::keystone' do
|
||||
shared_examples 'ceph::rgw::keystone on Debian' do
|
||||
before do
|
||||
facts.merge!( :lsbdistid => 'Ubuntu',
|
||||
:lsbdistcodename => 'trusty',
|
||||
:operatingsystem => 'Ubuntu',
|
||||
:operatingsystemrelease => '14.04',
|
||||
:lsbdistrelease => '14.04' )
|
||||
end
|
||||
|
||||
shared_examples 'ceph::rgw::keystone' do
|
||||
context 'create with default params' do
|
||||
let :pre_condition do
|
||||
"include ceph::params
|
||||
|
@ -43,13 +35,19 @@ describe 'ceph::rgw::keystone' do
|
|||
|
||||
let :params do
|
||||
{
|
||||
:rgw_keystone_url => 'http://keystone.default:5000',
|
||||
:rgw_keystone_admin_token => 'defaulttoken',
|
||||
:rgw_keystone_admin_domain => 'default',
|
||||
:rgw_keystone_admin_project => 'openstack',
|
||||
:rgw_keystone_admin_user => 'rgwuser',
|
||||
:rgw_keystone_admin_password => '123456',
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_url').with_value('http://keystone.default:5000') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_token').with_value('defaulttoken') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_url').with_value('http://127.0.0.1:5000') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_domain').with_value('default') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_project').with_value('openstack') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_user').with_value('rgwuser') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_password').with_value('123456') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_token').with_ensure('absent') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_accepted_roles').with_value('Member') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_token_cache_size').with_value(500) }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) }
|
||||
|
@ -60,18 +58,18 @@ describe 'ceph::rgw::keystone' do
|
|||
it { should contain_exec('radosgw.gateway-nssdb-ca').with(
|
||||
:command => "/bin/true # comment to satisfy puppet syntax requirements
|
||||
set -ex
|
||||
wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/ca -O - |
|
||||
wget --no-check-certificate http://127.0.0.1:5000/v2.0/certificates/ca -O - |
|
||||
openssl x509 -pubkey | certutil -A -d /var/lib/ceph/nss -n ca -t \"TCu,Cu,Tuw\"
|
||||
",
|
||||
:user => 'www-data',
|
||||
:user => platform_params[:user_radosgw],
|
||||
) }
|
||||
it { should contain_exec('radosgw.gateway-nssdb-signing').with(
|
||||
:command => "/bin/true # comment to satisfy puppet syntax requirements
|
||||
set -ex
|
||||
wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/signing -O - |
|
||||
wget --no-check-certificate http://127.0.0.1:5000/v2.0/certificates/signing -O - |
|
||||
openssl x509 -pubkey | certutil -A -d /var/lib/ceph/nss -n signing_cert -t \"P,P,P\"
|
||||
",
|
||||
:user => 'www-data',
|
||||
:user => platform_params[:user_radosgw],
|
||||
)}
|
||||
end
|
||||
|
||||
|
@ -89,20 +87,28 @@ wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/signi
|
|||
|
||||
let :params do
|
||||
{
|
||||
:rgw_keystone_admin_domain => 'default',
|
||||
:rgw_keystone_admin_project => 'openstack',
|
||||
:rgw_keystone_admin_user => 'rgwuser',
|
||||
:rgw_keystone_admin_password => '123456',
|
||||
:rgw_keystone_url => 'http://keystone.custom:5000',
|
||||
:rgw_keystone_admin_token => 'mytoken',
|
||||
:rgw_keystone_accepted_roles => '_role1_,role2',
|
||||
:rgw_keystone_token_cache_size => 100,
|
||||
:rgw_s3_auth_use_keystone => false,
|
||||
:use_pki => false,
|
||||
:rgw_keystone_revocation_interval => 0,
|
||||
:user => 'myuser',
|
||||
:nss_db_path => '/some/path/to/nss',
|
||||
:rgw_keystone_implicit_tenants => false,
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_domain').with_value('default') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_project').with_value('openstack') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_user').with_value('rgwuser') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_password').with_value('123456') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_token').with_ensure('absent') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_url').with_value('http://keystone.custom:5000') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_token').with_value('mytoken') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_accepted_roles').with_value('_role1_,role2') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_token_cache_size').with_value(100) }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) }
|
||||
|
@ -116,7 +122,7 @@ set -ex
|
|||
wget --no-check-certificate http://keystone.custom:5000/v2.0/certificates/ca -O - |
|
||||
openssl x509 -pubkey | certutil -A -d /some/path/to/nss -n ca -t \"TCu,Cu,Tuw\"
|
||||
",
|
||||
:user => 'www-data',
|
||||
:user => 'myuser',
|
||||
) }
|
||||
it { should_not contain_exec('radosgw.custom-nssdb-signing').with(
|
||||
:command => "/bin/true # comment to satisfy puppet syntax requirements
|
||||
|
@ -124,186 +130,10 @@ set -ex
|
|||
wget --no-check-certificate http://keystone.custom:5000/v2.0/certificates/signing -O - |
|
||||
openssl x509 -pubkey | certutil -A -d /some/path/to/nss -n signing_cert -t \"P,P,P\"
|
||||
",
|
||||
:user => 'www-data',
|
||||
:user => 'myuser',
|
||||
)}
|
||||
|
||||
end
|
||||
|
||||
context 'create with keystone v3 and no pki params' do
|
||||
let :pre_condition do
|
||||
"include ceph::params
|
||||
class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' }
|
||||
class { 'ceph::repo': }
|
||||
include ceph
|
||||
ceph::rgw { 'radosgw.gateway': }"
|
||||
end
|
||||
|
||||
let :title do
|
||||
'radosgw.gateway'
|
||||
end
|
||||
|
||||
let :params do
|
||||
{
|
||||
:rgw_keystone_url => 'http://keystone.default:5000',
|
||||
:rgw_keystone_version => 'v3',
|
||||
:rgw_keystone_admin_domain => 'default',
|
||||
:rgw_keystone_admin_project => 'openstack',
|
||||
:rgw_keystone_admin_user => 'rgwuser',
|
||||
:rgw_keystone_admin_password => '123456',
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_url').with_value('http://keystone.default:5000') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_domain').with_value('default') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_project').with_value('openstack') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_user').with_value('rgwuser') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_password').with_value('123456') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_token').with_ensure('absent') }
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples 'ceph::rgw::keystone on RedHat' do
|
||||
before do
|
||||
facts.merge!( :lsbdistcodename => 'Maipo',
|
||||
:osfamily => 'RedHat',
|
||||
:operatingsystem => 'RedHat',
|
||||
:operatingsystemrelease => '7.2',
|
||||
:operatingsystemmajrelease => '7' )
|
||||
end
|
||||
|
||||
context 'create with default params' do
|
||||
let :pre_condition do
|
||||
"include ceph::params
|
||||
class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' }
|
||||
include ceph
|
||||
ceph::rgw { 'radosgw.gateway': }
|
||||
ceph::rgw::apache_proxy_fcgi { 'radosgw.gateway': }"
|
||||
end
|
||||
|
||||
let :title do
|
||||
'radosgw.gateway'
|
||||
end
|
||||
|
||||
let :params do
|
||||
{
|
||||
:rgw_keystone_url => 'http://keystone.default:5000',
|
||||
:rgw_keystone_admin_token => 'defaulttoken',
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_url').with_value('http://keystone.default:5000') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_token').with_value('defaulttoken') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_accepted_roles').with_value('Member') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_token_cache_size').with_value(500) }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_revocation_interval').with_value(600) }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/nss_db_path').with_value('/var/lib/ceph/nss') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_implicit_tenants').with_value(true) }
|
||||
|
||||
it { should contain_exec('radosgw.gateway-nssdb-ca').with(
|
||||
:command => "/bin/true # comment to satisfy puppet syntax requirements
|
||||
set -ex
|
||||
wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/ca -O - |
|
||||
openssl x509 -pubkey | certutil -A -d /var/lib/ceph/nss -n ca -t \"TCu,Cu,Tuw\"
|
||||
",
|
||||
:user => 'apache',
|
||||
) }
|
||||
it { should contain_exec('radosgw.gateway-nssdb-signing').with(
|
||||
:command => "/bin/true # comment to satisfy puppet syntax requirements
|
||||
set -ex
|
||||
wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/signing -O - |
|
||||
openssl x509 -pubkey | certutil -A -d /var/lib/ceph/nss -n signing_cert -t \"P,P,P\"
|
||||
",
|
||||
:user => 'apache',
|
||||
) }
|
||||
|
||||
end
|
||||
|
||||
context 'create with custom params' do
|
||||
let :pre_condition do
|
||||
"include ceph::params
|
||||
class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' }
|
||||
ceph::rgw { 'radosgw.custom': }
|
||||
ceph::rgw::apache_proxy_fcgi { 'radosgw.gateway': }"
|
||||
end
|
||||
|
||||
let :title do
|
||||
'radosgw.custom'
|
||||
end
|
||||
|
||||
let :params do
|
||||
{
|
||||
:rgw_keystone_url => 'http://keystone.custom:5000',
|
||||
:rgw_keystone_admin_token => 'mytoken',
|
||||
:rgw_keystone_accepted_roles => '_role1_,role2',
|
||||
:rgw_keystone_token_cache_size => 100,
|
||||
:rgw_s3_auth_use_keystone => false,
|
||||
:use_pki => false,
|
||||
:rgw_keystone_revocation_interval => 0,
|
||||
:nss_db_path => '/some/path/to/nss',
|
||||
:rgw_keystone_implicit_tenants => false,
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_url').with_value('http://keystone.custom:5000') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_token').with_value('mytoken') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_accepted_roles').with_value('_role1_,role2') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_token_cache_size').with_value(100) }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_revocation_interval').with_value(0) }
|
||||
it { should contain_ceph_config('client.radosgw.custom/nss_db_path').with_ensure('absent') }
|
||||
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_implicit_tenants').with_value(false) }
|
||||
|
||||
it { should_not contain_exec('radosgw.custom-nssdb-ca').with(
|
||||
:command => "/bin/true # comment to satisfy puppet syntax requirements
|
||||
set -ex
|
||||
wget --no-check-certificate http://keystone.custom:5000/v2.0/certificates/ca -O - |
|
||||
openssl x509 -pubkey | certutil -A -d /some/path/to/nss -n ca -t \"TCu,Cu,Tuw\"
|
||||
",
|
||||
:user => 'apache',
|
||||
)}
|
||||
|
||||
it { should_not contain_exec('radosgw.custom-nssdb-signing').with(
|
||||
:command => "/bin/true # comment to satisfy puppet syntax requirements
|
||||
set -ex
|
||||
wget --no-check-certificate http://keystone.custom:5000/v2.0/certificates/signing -O - |
|
||||
openssl x509 -pubkey | certutil -A -d /some/path/to/nss -n signing_cert -t \"P,P,P\"
|
||||
",
|
||||
:user => 'apache',
|
||||
)}
|
||||
end
|
||||
|
||||
context 'create with keystone v3 and no pki params' do
|
||||
let :pre_condition do
|
||||
"include ceph::params
|
||||
class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' }
|
||||
include ceph
|
||||
ceph::rgw { 'radosgw.gateway': }
|
||||
ceph::rgw::apache_proxy_fcgi { 'radosgw.gateway': }"
|
||||
end
|
||||
|
||||
let :title do
|
||||
'radosgw.gateway'
|
||||
end
|
||||
|
||||
let :params do
|
||||
{
|
||||
:rgw_keystone_url => 'http://keystone.default:5000',
|
||||
:rgw_keystone_version => 'v3',
|
||||
:rgw_keystone_admin_domain => 'default',
|
||||
:rgw_keystone_admin_project => 'openstack',
|
||||
:rgw_keystone_admin_user => 'rgwuser',
|
||||
:rgw_keystone_admin_password => '123456',
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_url').with_value('http://keystone.default:5000') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_domain').with_value('default') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_project').with_value('openstack') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_user').with_value('rgwuser') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_password').with_value('123456') }
|
||||
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_token').with_ensure('absent') }
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
|
@ -316,7 +146,16 @@ wget --no-check-certificate http://keystone.custom:5000/v2.0/certificates/signin
|
|||
:hostname => 'myhost' ))
|
||||
end
|
||||
|
||||
it_behaves_like "ceph::rgw::keystone on #{facts[:osfamily]}"
|
||||
let (:platform_params) do
|
||||
if facts[:osfamily] == 'Debian'
|
||||
user_radosgw = 'www-data'
|
||||
else
|
||||
user_radosgw = 'apache'
|
||||
end
|
||||
{ :user_radosgw => user_radosgw }
|
||||
end
|
||||
|
||||
it_behaves_like 'ceph::rgw::keystone'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue