Merge "use_cookbook-openstackclient/identity_v3"
This commit is contained in:
commit
1993d880f2
|
@ -2,11 +2,13 @@ source "https://supermarket.chef.io"
|
||||||
|
|
||||||
metadata
|
metadata
|
||||||
|
|
||||||
|
cookbook "openstack-network",
|
||||||
|
github: "openstack/cookbook-openstack-network"
|
||||||
cookbook "openstack-image",
|
cookbook "openstack-image",
|
||||||
github: "openstack/cookbook-openstack-image"
|
github: "openstack/cookbook-openstack-image"
|
||||||
cookbook "openstack-identity",
|
cookbook "openstack-identity",
|
||||||
github: "openstack/cookbook-openstack-identity"
|
github: "openstack/cookbook-openstack-identity"
|
||||||
cookbook "openstack-common",
|
cookbook "openstack-common",
|
||||||
github: "openstack/cookbook-openstack-common"
|
github: "openstack/cookbook-openstack-common"
|
||||||
cookbook "openstack-network",
|
cookbook "openstackclient",
|
||||||
github: "openstack/cookbook-openstack-network"
|
github: "cloudbau/cookbook-openstackclient"
|
||||||
|
|
|
@ -34,6 +34,7 @@ The following cookbooks are dependencies:
|
||||||
- 'openstack-image', '>= 14.0.0'
|
- 'openstack-image', '>= 14.0.0'
|
||||||
- 'openstack-network', '>= 14.0.0'
|
- 'openstack-network', '>= 14.0.0'
|
||||||
- 'python', '~> 1.4.6'
|
- 'python', '~> 1.4.6'
|
||||||
|
- 'openstackclient', '>= 0.1.0'
|
||||||
|
|
||||||
Attributes
|
Attributes
|
||||||
==========
|
==========
|
||||||
|
|
|
@ -253,7 +253,7 @@ end
|
||||||
default['openstack']['endpoints'][type]['compute-xvpvnc']['path'] = '/console'
|
default['openstack']['endpoints'][type]['compute-xvpvnc']['path'] = '/console'
|
||||||
# The OpenStack Compute (Nova) Native API endpoint
|
# The OpenStack Compute (Nova) Native API endpoint
|
||||||
default['openstack']['endpoints'][type]['compute-api']['port'] = '8774'
|
default['openstack']['endpoints'][type]['compute-api']['port'] = '8774'
|
||||||
default['openstack']['endpoints'][type]['compute-api']['path'] = '/v2/%(tenant_id)s'
|
default['openstack']['endpoints'][type]['compute-api']['path'] = '/v2.1/%(tenant_id)s'
|
||||||
# The OpenStack Compute (Nova) novnc endpoint
|
# The OpenStack Compute (Nova) novnc endpoint
|
||||||
default['openstack']['endpoints'][type]['compute-novnc']['port'] = '6080'
|
default['openstack']['endpoints'][type]['compute-novnc']['port'] = '6080'
|
||||||
default['openstack']['endpoints'][type]['compute-novnc']['path'] = '/vnc_auto.html'
|
default['openstack']['endpoints'][type]['compute-novnc']['path'] = '/vnc_auto.html'
|
||||||
|
|
|
@ -22,10 +22,13 @@ default['openstack']['compute']['conf'].tap do |conf|
|
||||||
|
|
||||||
# [keystone_authtoken]
|
# [keystone_authtoken]
|
||||||
conf['keystone_authtoken']['signing_dir'] = '/var/cache/nova/api'
|
conf['keystone_authtoken']['signing_dir'] = '/var/cache/nova/api'
|
||||||
conf['keystone_authtoken']['auth_type'] = 'v2password'
|
conf['keystone_authtoken']['auth_type'] = 'v3password'
|
||||||
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
|
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
|
||||||
conf['keystone_authtoken']['username'] = 'nova'
|
conf['keystone_authtoken']['username'] = 'nova'
|
||||||
conf['keystone_authtoken']['tenant_name'] = 'service'
|
conf['keystone_authtoken']['user_domain_name'] = 'Default'
|
||||||
|
conf['keystone_authtoken']['project_domain_name'] = 'Default'
|
||||||
|
conf['keystone_authtoken']['project_name'] = 'service'
|
||||||
|
conf['keystone_authtoken']['auth_version'] = 'v3'
|
||||||
|
|
||||||
# [libvirt]
|
# [libvirt]
|
||||||
conf['libvirt']['virt_type'] = 'kvm'
|
conf['libvirt']['virt_type'] = 'kvm'
|
||||||
|
@ -44,11 +47,13 @@ default['openstack']['compute']['conf'].tap do |conf|
|
||||||
end
|
end
|
||||||
|
|
||||||
# [neutron]
|
# [neutron]
|
||||||
conf['neutron']['auth_type'] = 'v2password'
|
conf['neutron']['auth_type'] = 'v3password'
|
||||||
conf['neutron']['region_name'] = node['openstack']['region']
|
conf['neutron']['region_name'] = node['openstack']['region']
|
||||||
conf['neutron']['username'] = 'neutron'
|
conf['neutron']['username'] = 'neutron'
|
||||||
conf['neutron']['tenant_name'] = 'service'
|
conf['neutron']['user_domain_name'] = 'Default'
|
||||||
conf['neutron']['service_metadata_proxy'] = true
|
conf['neutron']['service_metadata_proxy'] = true
|
||||||
|
conf['neutron']['project_name'] = 'service'
|
||||||
|
conf['neutron']['project_domain_name'] = 'Default'
|
||||||
|
|
||||||
# [cinder] section
|
# [cinder] section
|
||||||
conf['cinder']['os_region_name'] = node['openstack']['region']
|
conf['cinder']['os_region_name'] = node['openstack']['region']
|
||||||
|
|
|
@ -18,3 +18,4 @@ depends 'openstack-identity', '>= 14.0.0'
|
||||||
depends 'openstack-image', '>= 14.0.0'
|
depends 'openstack-image', '>= 14.0.0'
|
||||||
depends 'openstack-network', '>= 14.0.0'
|
depends 'openstack-network', '>= 14.0.0'
|
||||||
depends 'python', '~> 1.4.6'
|
depends 'python', '~> 1.4.6'
|
||||||
|
depends 'openstackclient'
|
||||||
|
|
|
@ -26,67 +26,77 @@ class ::Chef::Recipe
|
||||||
end
|
end
|
||||||
|
|
||||||
identity_admin_endpoint = admin_endpoint 'identity'
|
identity_admin_endpoint = admin_endpoint 'identity'
|
||||||
bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token'
|
interfaces = {
|
||||||
auth_uri = ::URI.decode identity_admin_endpoint.to_s
|
public: { url: public_endpoint('compute-api') },
|
||||||
|
internal: { url: internal_endpoint('compute-api') },
|
||||||
|
admin: { url: admin_endpoint('compute-api') }
|
||||||
|
}
|
||||||
|
auth_url = ::URI.decode identity_admin_endpoint.to_s
|
||||||
service_pass = get_password 'service', 'openstack-compute'
|
service_pass = get_password 'service', 'openstack-compute'
|
||||||
service_user = node['openstack']['compute']['conf']['keystone_authtoken']['username']
|
service_user = node['openstack']['compute']['conf']['keystone_authtoken']['username']
|
||||||
service_role = node['openstack']['compute']['service_role']
|
service_role = node['openstack']['compute']['service_role']
|
||||||
service_tenant_name = node['openstack']['compute']['conf']['keystone_authtoken']['tenant_name']
|
service_project_name = node['openstack']['compute']['conf']['keystone_authtoken']['project_name']
|
||||||
public_nova_api_endpoint = public_endpoint 'compute-api'
|
service_domain_name = node['openstack']['compute']['conf']['keystone_authtoken']['user_domain_name']
|
||||||
admin_nova_api_endpoint = admin_endpoint 'compute-api'
|
|
||||||
internal_nova_api_endpoint = internal_endpoint 'compute-api'
|
|
||||||
# TBD, another clean up opportunity. We could use the 'admin', and
|
# TBD, another clean up opportunity. We could use the 'admin', and
|
||||||
# 'internal' endpoints for a single service name. For now, we'll
|
# 'internal' endpoints for a single service name. For now, we'll
|
||||||
# leave the old names in place.
|
# leave the old names in place.
|
||||||
region = node['openstack']['region']
|
region = node['openstack']['region']
|
||||||
|
admin_user = node['openstack']['identity']['admin_user']
|
||||||
|
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
||||||
|
admin_project = node['openstack']['identity']['admin_project']
|
||||||
|
admin_domain = node['openstack']['identity']['admin_domain_name']
|
||||||
|
|
||||||
|
connection_params = {
|
||||||
|
openstack_auth_url: "#{auth_url}/auth/tokens",
|
||||||
|
openstack_username: admin_user,
|
||||||
|
openstack_api_key: admin_pass,
|
||||||
|
openstack_project_name: admin_project,
|
||||||
|
openstack_domain_name: admin_domain
|
||||||
|
}
|
||||||
|
|
||||||
|
# Register Compute Service
|
||||||
|
openstack_service 'nova' do
|
||||||
|
type 'compute'
|
||||||
|
connection_params connection_params
|
||||||
|
end
|
||||||
|
|
||||||
|
interfaces.each do |interface, res|
|
||||||
|
# Register Compute Endpoints
|
||||||
|
openstack_endpoint 'compute' do
|
||||||
|
service_name 'nova'
|
||||||
|
interface interface.to_s
|
||||||
|
url res[:url].to_s
|
||||||
|
region region
|
||||||
|
connection_params connection_params
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
# Register Service Tenant
|
# Register Service Tenant
|
||||||
openstack_identity_register 'Register Service Tenant' do
|
openstack_project service_project_name do
|
||||||
auth_uri auth_uri
|
connection_params connection_params
|
||||||
bootstrap_token bootstrap_token
|
|
||||||
tenant_name service_tenant_name
|
|
||||||
tenant_description 'Service Tenant'
|
|
||||||
action :create_tenant
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# Register Service User
|
# Register Service User
|
||||||
openstack_identity_register 'Register Service User' do
|
openstack_user service_user do
|
||||||
auth_uri auth_uri
|
project_name service_project_name
|
||||||
bootstrap_token bootstrap_token
|
role_name service_role
|
||||||
tenant_name service_tenant_name
|
password service_pass
|
||||||
user_name service_user
|
connection_params connection_params
|
||||||
user_pass service_pass
|
|
||||||
action :create_user
|
|
||||||
end
|
end
|
||||||
|
|
||||||
## Grant Admin role to Service User for Service Tenant ##
|
## Grant Service role to Service User for Service Tenant ##
|
||||||
openstack_identity_register "Grant 'admin' Role to Service User for Service Tenant" do
|
openstack_user service_user do
|
||||||
auth_uri auth_uri
|
|
||||||
bootstrap_token bootstrap_token
|
|
||||||
tenant_name service_tenant_name
|
|
||||||
user_name service_user
|
|
||||||
role_name service_role
|
role_name service_role
|
||||||
|
project_name service_project_name
|
||||||
|
connection_params connection_params
|
||||||
action :grant_role
|
action :grant_role
|
||||||
end
|
end
|
||||||
|
|
||||||
# Register Compute Service
|
openstack_user service_user do
|
||||||
openstack_identity_register 'Register Compute Service' do
|
domain_name service_domain_name
|
||||||
auth_uri auth_uri
|
role_name service_role
|
||||||
bootstrap_token bootstrap_token
|
user_name service_user
|
||||||
service_name 'nova'
|
connection_params connection_params
|
||||||
service_type 'compute'
|
action :grant_domain
|
||||||
service_description 'Nova Compute Service'
|
|
||||||
action :create_service
|
|
||||||
end
|
|
||||||
|
|
||||||
# Register Compute Endpoint
|
|
||||||
openstack_identity_register 'Register Compute Endpoint' do
|
|
||||||
auth_uri auth_uri
|
|
||||||
bootstrap_token bootstrap_token
|
|
||||||
service_type 'compute'
|
|
||||||
endpoint_region region
|
|
||||||
endpoint_adminurl ::URI.decode admin_nova_api_endpoint.to_s
|
|
||||||
endpoint_internalurl ::URI.decode internal_nova_api_endpoint.to_s
|
|
||||||
endpoint_publicurl ::URI.decode public_nova_api_endpoint.to_s
|
|
||||||
action :create_endpoint
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -139,7 +139,7 @@ Chef::Log.debug("openstack-compute::nova-common:network_endpoint|#{network_endpo
|
||||||
Chef::Log.debug("openstack-compute::nova-common:image_endpoint|#{image_endpoint}")
|
Chef::Log.debug("openstack-compute::nova-common:image_endpoint|#{image_endpoint}")
|
||||||
# Chef::Log.debug("openstack-compute::nova-common:ironic_endpoint|#{ironic_endpoint}")
|
# Chef::Log.debug("openstack-compute::nova-common:ironic_endpoint|#{ironic_endpoint}")
|
||||||
|
|
||||||
if node['openstack']['compute']['conf']['neutron']['auth_type'] == 'v2password'
|
if node['openstack']['compute']['conf']['neutron']['auth_type'] == 'v3password'
|
||||||
node.default['openstack']['compute']['conf_secrets']
|
node.default['openstack']['compute']['conf_secrets']
|
||||||
.[]('neutron')['password'] =
|
.[]('neutron')['password'] =
|
||||||
get_password 'service', 'openstack-network'
|
get_password 'service', 'openstack-network'
|
||||||
|
|
|
@ -10,109 +10,86 @@ describe 'openstack-compute::identity_registration' do
|
||||||
|
|
||||||
include_context 'compute_stubs'
|
include_context 'compute_stubs'
|
||||||
|
|
||||||
it 'registers service tenant' do
|
connection_params = {
|
||||||
expect(chef_run).to create_tenant_openstack_identity_register(
|
openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
|
||||||
'Register Service Tenant'
|
openstack_username: 'admin',
|
||||||
|
openstack_api_key: 'admin',
|
||||||
|
openstack_project_name: 'admin',
|
||||||
|
openstack_domain_name: 'default'
|
||||||
|
}
|
||||||
|
service_name = 'nova'
|
||||||
|
service_type = 'compute'
|
||||||
|
service_user = 'nova'
|
||||||
|
url = 'http://127.0.0.1:8774/v2.1/%(tenant_id)s'
|
||||||
|
region = 'RegionOne'
|
||||||
|
project_name = 'service'
|
||||||
|
role_name = 'admin'
|
||||||
|
password = 'nova-pass'
|
||||||
|
domain_name = 'Default'
|
||||||
|
|
||||||
|
it "registers #{project_name} Project" do
|
||||||
|
expect(chef_run).to create_openstack_project(
|
||||||
|
project_name
|
||||||
).with(
|
).with(
|
||||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
connection_params: connection_params
|
||||||
bootstrap_token: 'bootstrap-token',
|
|
||||||
tenant_name: 'service',
|
|
||||||
tenant_description: 'Service Tenant'
|
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "registers #{service_name} service" do
|
||||||
|
expect(chef_run).to create_openstack_service(
|
||||||
|
service_name
|
||||||
|
).with(
|
||||||
|
connection_params: connection_params,
|
||||||
|
type: service_type
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
context "registers #{service_name} endpoint" do
|
||||||
|
%w(admin internal public).each do |interface|
|
||||||
|
it "#{interface} endpoint with default values" do
|
||||||
|
expect(chef_run).to create_openstack_endpoint(
|
||||||
|
service_type
|
||||||
|
).with(
|
||||||
|
service_name: service_name,
|
||||||
|
# interface: interface,
|
||||||
|
url: url,
|
||||||
|
region: region,
|
||||||
|
connection_params: connection_params
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
it 'registers service user' do
|
it 'registers service user' do
|
||||||
expect(chef_run).to create_user_openstack_identity_register(
|
expect(chef_run).to create_openstack_user(
|
||||||
'Register Service User'
|
service_user
|
||||||
).with(
|
).with(
|
||||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
project_name: project_name,
|
||||||
bootstrap_token: 'bootstrap-token',
|
role_name: role_name,
|
||||||
tenant_name: 'service',
|
password: password,
|
||||||
user_name: 'nova',
|
connection_params: connection_params
|
||||||
user_pass: 'nova-pass'
|
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'grants admin role to service user for service tenant' do
|
it do
|
||||||
expect(chef_run).to grant_role_openstack_identity_register(
|
expect(chef_run).to grant_domain_openstack_user(
|
||||||
"Grant 'admin' Role to Service User for Service Tenant"
|
service_user
|
||||||
).with(
|
).with(
|
||||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
domain_name: domain_name,
|
||||||
bootstrap_token: 'bootstrap-token',
|
role_name: role_name,
|
||||||
tenant_name: 'service',
|
connection_params: connection_params
|
||||||
user_name: 'nova',
|
|
||||||
role_name: 'admin'
|
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'registers compute service' do
|
it do
|
||||||
expect(chef_run).to create_service_openstack_identity_register(
|
expect(chef_run).to grant_role_openstack_user(
|
||||||
'Register Compute Service'
|
service_user
|
||||||
).with(
|
).with(
|
||||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
project_name: project_name,
|
||||||
bootstrap_token: 'bootstrap-token',
|
role_name: role_name,
|
||||||
service_name: 'nova',
|
password: password,
|
||||||
service_type: 'compute',
|
connection_params: connection_params
|
||||||
service_description: 'Nova Compute Service'
|
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'registers compute endpoint' do
|
|
||||||
it 'with default values' do
|
|
||||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
|
||||||
'Register Compute Endpoint'
|
|
||||||
).with(
|
|
||||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
||||||
bootstrap_token: 'bootstrap-token',
|
|
||||||
service_type: 'compute',
|
|
||||||
endpoint_region: 'RegionOne',
|
|
||||||
endpoint_adminurl: 'http://127.0.0.1:8774/v2/%(tenant_id)s',
|
|
||||||
endpoint_internalurl: 'http://127.0.0.1:8774/v2/%(tenant_id)s',
|
|
||||||
endpoint_publicurl: 'http://127.0.0.1:8774/v2/%(tenant_id)s'
|
|
||||||
)
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'register endpoint with all different URLs' do
|
|
||||||
public_url = 'https://public.host:789/public_path'
|
|
||||||
internal_url = 'http://internal.host:456/internal_path'
|
|
||||||
admin_url = 'https://admin.host:123/admin_path'
|
|
||||||
node.set['openstack']['endpoints']['public']['compute-api']['uri'] = public_url
|
|
||||||
node.set['openstack']['endpoints']['internal']['compute-api']['uri'] = internal_url
|
|
||||||
node.set['openstack']['endpoints']['admin']['compute-api']['uri'] = admin_url
|
|
||||||
|
|
||||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
|
||||||
'Register Compute Endpoint'
|
|
||||||
).with(
|
|
||||||
endpoint_adminurl: admin_url,
|
|
||||||
endpoint_internalurl: internal_url,
|
|
||||||
endpoint_publicurl: public_url
|
|
||||||
)
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'with custom region override' do
|
|
||||||
node.set['openstack']['region'] = 'computeRegion'
|
|
||||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
|
||||||
'Register Compute Endpoint'
|
|
||||||
).with(endpoint_region: 'computeRegion')
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe "when 'ec2' is not in the list of enabled_apis" do
|
|
||||||
before do
|
|
||||||
node.set['openstack']['compute']['conf']['DEFAULT']['enabled_apis'] = 'osapi_compute'
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'does not register ec2 service' do
|
|
||||||
expect(chef_run).not_to create_service_openstack_identity_register(
|
|
||||||
'Register EC2 Service'
|
|
||||||
)
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'does not register ec2 endpoint' do
|
|
||||||
expect(chef_run).not_to create_endpoint_openstack_identity_register(
|
|
||||||
'Register EC2 Endpoint'
|
|
||||||
)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -123,8 +123,12 @@ describe 'openstack-compute::nova-common' do
|
||||||
context 'keystone_authtoken' do
|
context 'keystone_authtoken' do
|
||||||
it 'has correct auth_token settings' do
|
it 'has correct auth_token settings' do
|
||||||
[
|
[
|
||||||
'auth_url = http://127.0.0.1:5000/v2.0',
|
'auth_url = http://127.0.0.1:5000/v3',
|
||||||
'password = nova-pass'
|
'password = nova-pass',
|
||||||
|
'username = nova',
|
||||||
|
'project_name = service',
|
||||||
|
'user_domain_name = Default',
|
||||||
|
'project_domain_name = Default'
|
||||||
].each do |line|
|
].each do |line|
|
||||||
expect(chef_run).to render_config_file(file.name)\
|
expect(chef_run).to render_config_file(file.name)\
|
||||||
.with_section_content('keystone_authtoken', /^#{Regexp.quote(line)}$/)
|
.with_section_content('keystone_authtoken', /^#{Regexp.quote(line)}$/)
|
||||||
|
@ -145,7 +149,10 @@ describe 'openstack-compute::nova-common' do
|
||||||
|
|
||||||
it do
|
it do
|
||||||
[
|
[
|
||||||
|
/^username = neutron$/,
|
||||||
|
/^project_name = service$/,
|
||||||
|
/^user_domain_name = Default/,
|
||||||
|
/^project_domain_name = Default/,
|
||||||
%r{^url = http://127.0.0.1:9696$}
|
%r{^url = http://127.0.0.1:9696$}
|
||||||
].each do |line|
|
].each do |line|
|
||||||
expect(chef_run).to render_config_file(file.name)\
|
expect(chef_run).to render_config_file(file.name)\
|
||||||
|
|
Loading…
Reference in New Issue