openstack
/
puppet-ironic
Code Issues Proposed changes

Add separate manifest for configuring access to glance 

Without these parameters ironic uses keystone_authtoken credentials.
This is deprecated since Newton and can be removed at any moment.

This patch provides a manifest to configure separate credentials
and moves other related parameters to it.

Change-Id: I1b367308fb4dd82a7c8702a5d4301dcfd3f24a34
Partial-Bug: #1661250
This commit is contained in:
Dmitry Tantsur 2017-02-02 15:29:39 +01:00
parent c8ad960a4c
commit c995ec4840
5 changed files with 230 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
manifests/glance.pp Normal file
View File

@ -0,0 +1,79 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: ironic::glance
#
# [*auth_type*]
# The authentication plugin to use when connecting to glance.
# Defaults to 'password'
#
# [*auth_url*]
# The address of the keystone api endpoint.
# Defaults to $::os_service_default
#
# [*project_name*]
# The Keystone project name.
# Defaults to 'services'
#
# [*username*]
# The admin username for ironic to connect to glance.
# Defaults to 'ironic'.
#
# [*password*]
# The admin password for ironic to connect to glance.
# Defaults to $::os_service_default
#
# [*api_servers*]
# (optional) A list of the glance api servers available to ironic.
# Should be an array with [hostname|ip]:port
# Defaults to $::os_service_default
#
# [*num_retries*]
# (optional) Number retries when downloading an image from glance.
# Defaults to $::os_service_default
#
# [*api_insecure*]
# (optional) Allow to perform insecure SSL (https) requests to glance.
# Defaults to $::os_service_default
#
class ironic::glance (
$auth_type = 'password',
$auth_url = $::os_service_default,
$project_name = 'services',
$username = 'ironic',
$password = $::os_service_default,
$api_servers = $::os_service_default,
$num_retries = $::os_service_default,
$api_insecure = $::os_service_default,
) {
$api_servers_real = pick($::ironic::glance_api_servers, $api_servers)
if is_array($api_servers_real) {
$api_servers_converted = join($api_servers_real, ',')
} else {
$api_servers_converted = $api_servers_real
}
$num_retries_real = pick($::ironic::glance_num_retries, $num_retries)
$api_insecure_real = pick($::ironic::glance_api_insecure, $api_insecure)
ironic_config {
'glance/auth_type': value => $auth_type;
'glance/username': value => $username;
'glance/password': value => $password, secret => true;
'glance/auth_url': value => $auth_url;
'glance/project_name': value => $project_name;
'glance/glance_api_servers': value => $api_servers_converted;
'glance/glance_num_retries': value => $num_retries_real;
'glance/glance_api_insecure': value => $api_insecure_real;
}
}

52
manifests/init.pp
View File

@ -231,19 +231,6 @@
# (optional) If set, use this value for max_overflow with sqlalchemy.
# Defaults to: undef
#
# [*glance_api_servers*]
# (optional) A list of the glance api servers available to ironic.
# Should be an array with [hostname|ip]:port
# Defaults to undef
#
# [*glance_num_retries*]
# (optional) Number retries when downloading an image from glance.
# Defaults to 0
#
# [*glance_api_insecure*]
# (optional) Allow to perform insecure SSL (https) requests to glance.
# Defaults to false
#
# [*sync_db*]
# Enable dbsync
# Defaults to true
@ -289,6 +276,19 @@
# (optional) The RabbitMQ virtual host. (string value)
# Defaults to $::os_service_default
#
# [*glance_api_servers*]
# (optional) A list of the glance api servers available to ironic.
# Should be an array with [hostname|ip]:port
# Defaults to undef
#
# [*glance_num_retries*]
# (optional) Number retries when downloading an image from glance.
# Defaults to undef
#
# [*glance_api_insecure*]
# (optional) Allow to perform insecure SSL (https) requests to glance.
# Defaults to undef
#
class ironic (
$enabled = true,
$package_ensure = 'present',
@ -338,9 +338,6 @@ class ironic (
$database_min_pool_size = undef,
$database_max_pool_size = undef,
$database_max_overflow = undef,
$glance_api_servers = undef,
$glance_num_retries = '0',
$glance_api_insecure = false,
$sync_db = true,
$purge_config = false,
# DEPRECATED PARAMETERS
@ -352,6 +349,9 @@ class ironic (
$rabbit_port = $::os_service_default,
$rabbit_userid = $::os_service_default,
$rabbit_virtual_host = $::os_service_default,
$glance_api_servers = undef,
$glance_num_retries = undef,
$glance_api_insecure = undef,
) {
include ::ironic::deps
@ -359,6 +359,8 @@ class ironic (
include ::ironic::db
include ::ironic::params
include ::ironic::glance
if $rabbit_user {
warning('The rabbit_user parameter is deprecated. Please use rabbit_userid instead.')
$rabbit_user_real = $rabbit_user
@ -377,6 +379,12 @@ ironic::rabbit_port, ironic::rabbit_userid and ironic::rabbit_virtual_host are \
deprecated. Please use ironic::default_transport_url instead.")
}
if $glance_api_servers or $glance_api_insecure or $glance_num_retries {
warning("ironic::glance_api_servers, ironic::glance_api_insecure, \
ironic::glance_num_retries are deprecated in favor of ironic::glance::api_servers, \
ironic::glance::api_insecure and ironic::glance::num_retries accordingly")
}
package { 'ironic-common':
ensure => $package_ensure,
name => $::ironic::params::common_package_name,
@ -393,21 +401,9 @@ deprecated. Please use ironic::default_transport_url instead.")
purge => $purge_config,
}
if is_array($glance_api_servers) {
ironic_config {
'glance/glance_api_servers': value => join($glance_api_servers, ',');
}
} elsif is_string($glance_api_servers) {
ironic_config {
'glance/glance_api_servers': value => $glance_api_servers;
}
}
ironic_config {
'DEFAULT/auth_strategy': value => $auth_strategy;
'DEFAULT/my_ip': value => $my_ip;
'glance/glance_num_retries': value => $glance_num_retries;
'glance/glance_api_insecure': value => $glance_api_insecure;
}
if $sync_db {

12
releasenotes/notes/glance-manifest-8fbe400720ffc60e.yaml Normal file
View File

@ -0,0 +1,12 @@
---
features:
- |
New manifest "ironic::glance" to set parameters for connecting to glance.
Please set credentials for ironic to access glance using this manifest,
otherwise ironic falls back to using "keystone_authtoken" credentials,
which are deprecated for this purpose.
deprecations:
- |
Parameters "glance_api_services", "glance_api_insecure" and
"glance_num_retries" are deprecated, please use parameters "api_services",
"api_insecure" and "num_retries" for new "ironic::glance" manifest.

113
spec/classes/ironic_glance_spec.rb Normal file
View File

@ -0,0 +1,113 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::glance
#
require 'spec_helper'
describe 'ironic::glance' do
let :default_params do
{ :auth_type => 'password',
:project_name => 'services',
:username => 'ironic',
}
end
let :params do
{}
end
shared_examples_for 'ironic glance configuration' do
let :p do
default_params.merge(params)
end
it 'configures ironic.conf' do
is_expected.to contain_ironic_config('glance/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_config('glance/auth_url').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
is_expected.to contain_ironic_config('glance/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value('<SERVICE DEFAULT>')
end
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:api_servers => '10.0.0.1:9292',
:api_insecure => true,
:num_retries => 42
)
end
it 'should replace default parameter with new value' do
is_expected.to contain_ironic_config('glance/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_config('glance/auth_url').with_value(p[:auth_url])
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers])
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])
end
end
context 'when overriding parameters with 2 glance servers' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:api_servers => ['10.0.0.1:9292','10.0.0.2:9292'],
:api_insecure => true,
:num_retries => 42
)
end
it 'should replace default parameter with new value' do
is_expected.to contain_ironic_config('glance/auth_type').with_value(p[:auth_type])
is_expected.to contain_ironic_config('glance/auth_url').with_value(p[:auth_url])
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers].join(','))
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic glance configuration'
end
end
end

31
spec/classes/ironic_init_spec.rb
View File

@ -30,8 +30,6 @@ describe 'ironic' do
:database_idle_timeout => 3600,
:database_reconnect_interval => 10,
:database_retry_interval => 10,
:glance_num_retries => 0,
:glance_api_insecure => false,
:purge_config => false,
}
end
@ -45,8 +43,6 @@ describe 'ironic' do
it_configures 'with SSL enabled with kombu'
it_configures 'with amqp_durable_queues disabled'
it_configures 'with amqp_durable_queues enabled'
it_configures 'with one glance server'
it_configures 'with two glance servers'
end
context 'and if rabbit_hosts parameter is provided' do
@ -75,6 +71,8 @@ describe 'ironic' do
it { is_expected.to contain_class('ironic::logging') }
it { is_expected.to contain_class('ironic::params') }
it { is_expected.to contain_class('ironic::glance') }
it 'installs ironic-common package' do
is_expected.to contain_package('ironic-common').with(
:ensure => 'present',
@ -111,11 +109,6 @@ describe 'ironic' do
is_expected.to contain_ironic_config('database/retry_interval').with_value(params[:database_retry_interval])
end
it 'configures glance connection' do
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(params[:glance_num_retries])
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(params[:glance_api_insecure])
end
it 'configures ironic.conf' do
is_expected.to contain_ironic_config('DEFAULT/auth_strategy').with_value('keystone')
is_expected.to contain_ironic_config('DEFAULT/my_ip').with_value('<SERVICE DEFAULT>')
@ -208,26 +201,6 @@ describe 'ironic' do
it { is_expected.to contain_ironic_config('oslo_messaging_rabbit/amqp_durable_queues').with_value(true) }
end
shared_examples_for 'with one glance server' do
before do
params.merge!(:glance_api_servers => '10.0.0.1:9292')
end
it 'should configure one glance server' do
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(params[:glance_api_servers])
end
end
shared_examples_for 'with two glance servers' do
before do
params.merge!(:glance_api_servers => ['10.0.0.1:9292','10.0.0.2:9292'])
end
it 'should configure one glance server' do
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(params[:glance_api_servers].join(','))
end
end
shared_examples_for 'amqp support' do
context 'with default parameters' do
before { params.merge!( :rpc_backend => 'amqp' ) }