Change bind address to use Identity endpoint host

Allow the bind interface address to take precendence, but default
to binding to the host attribute of the Identity API endpoint.
This brings the identity cookbook into conformance with the
other cookbooks regarding the service interface binding.

Closes-Bug: 1277266

Change-Id: I9634e2a359a6ce52b694859a7e84a57638bad5be

attributes/default.rb

@@ -38,9 +38,12 @@ default['openstack']['identity']['debug'] = 'False'
 default['openstack']['identity']['service_port'] = '5000'
 default['openstack']['identity']['admin_port'] = '35357'
 default['openstack']['identity']['region'] = 'RegionOne'
-default['openstack']['identity']['bind_interface'] = 'lo'
 default['openstack']['identity']['token']['expiration'] = '86400'
 
+# If set, the keystone service will bind to the address on this interface,
+# otherwise it will bind to the API endpoint's host.
+default['openstack']['identity']['bind_interface'] = nil
+
 # Logging stuff
 default['openstack']['identity']['syslog']['use'] = false
 default['openstack']['identity']['syslog']['facility'] = 'LOG_LOCAL2'

recipes/server.rb

@@ -111,7 +111,11 @@ sql_connection = db_uri('identity', db_user, db_pass)
 
 bootstrap_token = secret 'secrets', 'openstack_identity_bootstrap_token'
 
-ip_address = address_for node['openstack']['identity']['bind_interface']
+if node['openstack']['identity']['bind_interface'].nil?
+  bind_address = identity_endpoint.host
+else
+  bind_address = address_for node['openstack']['identity']['bind_interface']
+end
 
 # If the search role is set, we search for memcache
 # servers via a Chef search. If not, we look at the
@@ -143,7 +147,7 @@ template '/etc/keystone/keystone.conf' do
   mode   00644
   variables(
     sql_connection: sql_connection,
-    ip_address: ip_address,
+    bind_address: bind_address,
     bootstrap_token: bootstrap_token,
     memcache_servers: memcache_servers,
     uris: uris,

spec/server_spec.rb

@@ -179,9 +179,25 @@ describe 'openstack-identity::server' do
           expect(chef_run).to render_file(path).with_content(r)
         end
 
-        it 'has bind host' do
-          r = line_regexp('bind_host = 127.0.1.1')
-          expect(chef_run).to render_file(path).with_content(r)
+        describe 'bind_interface is nil' do
+          it 'has bind host from endpoint' do
+            r = line_regexp('bind_host = 127.0.1.1')
+            expect(chef_run).to render_file(path).with_content(r)
+          end
+        end
+
+        describe 'bind_interface is eth0' do
+          before do
+            node.set['openstack']['identity']['bind_interface'] = 'eth0'
+            ::Chef::Recipe.any_instance.stub(:address_for)
+              .with('eth0')
+              .and_return('10.0.0.2')
+          end
+
+          it 'has bind host from interface ip' do
+            r = line_regexp('bind_host = 10.0.0.2')
+            expect(chef_run).to render_file(path).with_content(r)
+          end
         end
 
         describe 'port numbers' do

spec/spec_helper.rb

@@ -35,9 +35,6 @@ end
 
 shared_context 'identity_stubs' do
   before do
-    ::Chef::Recipe.any_instance.stub(:address_for)
-      .with('lo')
-      .and_return('127.0.1.1')
     ::Chef::Recipe.any_instance.stub(:memcached_servers).and_return []
     ::Chef::Recipe.any_instance.stub(:get_password)
       .with('db', anything)

templates/default/keystone.conf.erb

@@ -4,7 +4,7 @@
 public_port = <%= node["openstack"]["identity"]["service_port"] %>
 admin_port = <%= node["openstack"]["identity"]["admin_port"] %>
 admin_token = <%= @bootstrap_token %>
-bind_host = <%= @ip_address %>
+bind_host = <%= @bind_address %>
 compute_port = 8774
 verbose = <%= node["openstack"]["identity"]["verbose"] %>
 debug = <%= node["openstack"]["identity"]["debug"] %>