Merge pull request #63 from SUSE-Cloud/suse-grizzly

Suse grizzly
2013-05-13 07:38:40 -07:00 · 2013-05-13 07:38:40 -07:00 · 58840bbb25
parent 385fbac38a 9c07980163
commit 58840bbb25
11 changed files with 93 additions and 90 deletions
--- a/README.md
+++ b/README.md
@ -105,7 +105,8 @@ Attributes
 * `glance["service_tenant_name"]` - Tenant name used by glance when interacting with keystone - used in the API and registry paste.ini files
 * `glance["service_user"]` - User name used by glance when interacting with keystone - used in the API and registry paste.ini files
 * `glance["service_role"]` - User role used by glance when interacting with keystone - used in the API and registry paste.ini files
-* `default["glance"]["pki"]["signing_dir"]` - Defaults to `/tmp/glance-signing-dir`. Directory where `auth_token` middleware writes certificate
+* `default["glance"]["api"]["auth"]["cache_dir"]` - Defaults to `/var/cache/glance/api`. Directory where `auth_token` middleware writes certificates for glance-api
+* `default["glance"]["registry"]["auth"]["cache_dir"]` - Defaults to `/var/cache/glance/registry`. Directory where `auth_token` middleware writes certificates for glance-registry
 * `glance["image_upload"]` - Toggles whether to automatically upload images in the `glance["images"]` array
 * `glance["images"]` - Default list of images to upload to the glance repository as part of the install
 * `glance["image]["<imagename>"]` - URL location of the `<imagename>` image. There can be multiple instances of this line to define multiple imagess (eg natty, maverick, fedora17 etc)
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -29,9 +29,6 @@ default["glance"]["debug"] = "False"
 # This is the name of the Chef role that will install the Keystone Service API
 default["glance"]["keystone_service_chef_role"] = "keystone"

-default["glance"]["user"] = "glance"
-default["glance"]["group"] = "glance"
-
 # Gets set in the Image Endpoint when registering with Keystone
 default["glance"]["region"] = "RegionOne"

@ -39,25 +36,25 @@ default["glance"]["region"] = "RegionOne"
 # that Glance uses
 default["glance"]["rabbit_server_chef_role"] = "rabbitmq-server"

-default["glance"]["db"]["username"] = "glance" # node_attribute
+default["glance"]["db"]["username"] = "glance"

-default["glance"]["service_tenant_name"] = "service"                        # node_attribute
-default["glance"]["service_user"] = "glance"                                # node_attribute
-default["glance"]["service_role"] = "admin"                                 # node_attribute
+default["glance"]["service_tenant_name"] = "service"
+default["glance"]["service_user"] = "glance"
+default["glance"]["service_role"] = "admin"

-# Keystone PKI signing directory. Only written to the filter:authtoken section
-# of the api-paste.ini when node["openstack"]["auth"]["strategy"] == "pki"
+# Keystone PKI signing directories
+# XXX keystoneclient wants these dirs to exist even if it doesn't use them
 default["glance"]["api"]["auth"]["cache_dir"] = "/var/cache/glance/api"
 default["glance"]["registry"]["auth"]["cache_dir"] = "/var/cache/glance/registry"

-default["glance"]["api"]["default_store"] = "file"                          # node_attribute
+default["glance"]["api"]["default_store"] = "file"
 # If set, glance API service will bind to the address on this interface,
 # otherwise it will bind to the API endpoint's host.
 default["glance"]["api"]["bind_interface"] = nil
-default["glance"]["api"]["swift"]["container"] = "glance"             # node_attribute
-default["glance"]["api"]["swift"]["large_object_size"] = "200"        # node_attribute
-default["glance"]["api"]["swift"]["large_object_chunk_size"] = "200"  # node_attribute
-default["glance"]["api"]["cache"]["image_cache_max_size"] = "10737418240"   # node_attribute
+default["glance"]["api"]["swift"]["container"] = "glance"
+default["glance"]["api"]["swift"]["large_object_size"] = "200"
+default["glance"]["api"]["swift"]["large_object_chunk_size"] = "200"
+default["glance"]["api"]["cache"]["image_cache_max_size"] = "10737418240"

 # Ceph Options
 default["glance"]["api"]["rbd"]["rbd_store_ceph_conf"] = "/etc/ceph/ceph.conf"
@ -71,38 +68,56 @@ default["glance"]["api"]["rbd"]["rbd_store_chunk_size"] = "8"
 default["glance"]["registry"]["bind_interface"] = nil

 # Default Image Locations
-default["glance"]["image_upload"] = false                                                                                           # node_attribute
-default["glance"]["images"] = [ "cirros" ]                                                                                          # node_attribute
-default["glance"]["image"]["precise"] = "http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img"    # node_attribute
-default["glance"]["image"]["oneiric"] = "http://cloud-images.ubuntu.com/oneiric/current/oneiric-server-cloudimg-amd64-disk1.img"    # node_attribute
-default["glance"]["image"]["natty"] = "http://cloud-images.ubuntu.com/natty/current/natty-server-cloudimg-amd64-disk1.img"          # node_attribute
-default["glance"]["image"]["cirros"] = "https://launchpadlibrarian.net/83305348/cirros-0.3.0-x86_64-disk.img"                       # node_attribute
+default["glance"]["image_upload"] = false
+default["glance"]["images"] = [ "cirros" ]
+default["glance"]["image"]["precise"] = "http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img"
+default["glance"]["image"]["oneiric"] = "http://cloud-images.ubuntu.com/oneiric/current/oneiric-server-cloudimg-amd64-disk1.img"
+default["glance"]["image"]["natty"] = "http://cloud-images.ubuntu.com/natty/current/natty-server-cloudimg-amd64-disk1.img"
+default["glance"]["image"]["cirros"] = "https://launchpadlibrarian.net/83305348/cirros-0.3.0-x86_64-disk.img"
 # more images available at https://github.com/rackerjoe/oz-image-build
 default["glance"]["image"]["centos"] = "http://c250663.r63.cf1.rackcdn.com/centos60_x86_64.qcow2"

 # logging attribute
-default["glance"]["syslog"]["use"] = false                  # node_attribute
-default["glance"]["syslog"]["facility"] = "LOG_LOCAL2"      # node_attribute
-default["glance"]["syslog"]["config_facility"] = "local2"   # node_attribute
+default["glance"]["syslog"]["use"] = false
+default["glance"]["syslog"]["facility"] = "LOG_LOCAL2"
+default["glance"]["syslog"]["config_facility"] = "local2"

 # platform-specific settings
 case platform
 when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this
+  default["glance"]["user"] = "glance"
+  default["glance"]["group"] = "glance"
  default["glance"]["platform"] = {
-    "mysql_python_packages" => [ "MySQL-python" ],                  # node_attribute
-    "glance_packages" => [ "openstack-glance", "openstack-swift", "cronie" ], # node_attribute
-    "glance_api_service" => "openstack-glance-api",                 # node_attribute
-    "glance_registry_service" => "openstack-glance-registry",       # node_attribute
-    "glance_api_process_name" => "glance-api",                      # node_attribute
-    "package_overrides" => ""                                       # node_attribute
+    "postgresql_python_packages" => [ "python-psycopg2" ],
+    "mysql_python_packages" => [ "MySQL-python" ],
+    "glance_packages" => [ "openstack-glance", "openstack-swift", "cronie" ],
+    "glance_api_service" => "openstack-glance-api",
+    "glance_registry_service" => "openstack-glance-registry",
+    "glance_api_process_name" => "glance-api",
+    "package_overrides" => ""
+  }
+when "suse"
+  default["glance"]["user"] = "openstack-glance"
+  default["glance"]["group"] = "openstack-glance"
+  default["glance"]["platform"] = {
+    "postgresql_python_packages" => [ "python-psycopg2" ],
+    "mysql_python_packages" => [ "python-mysql" ],
+    "glance_packages" => [ "openstack-glance", "openstack-swift", "python-glanceclient" ],
+    "glance_api_service" => "openstack-glance-api",
+    "glance_registry_service" => "openstack-glance-registry",
+    "glance_api_process_name" => "glance-api",
+    "package_overrides" => ""
  }
 when "ubuntu"
+  default["glance"]["user"] = "glance"
+  default["glance"]["group"] = "glance"
  default["glance"]["platform"] = {
-    "mysql_python_packages" => [ "python-mysqldb" ],                # node_attribute
-    "glance_packages" => [ "glance", "python-swift" ],              # node_attribute
-    "glance_api_service" => "glance-api",                           # node_attribute
-    "glance_registry_service" => "glance-registry",                 # node_attribute
-    "glance_registry_process_name" => "glance-registry",            # node_attribute
-    "package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" # node_attribute
+    "postgresql_python_packages" => [ "python-psycopg2" ],
+    "mysql_python_packages" => [ "python-mysqldb" ],
+    "glance_packages" => [ "glance", "python-swift" ],
+    "glance_api_service" => "glance-api",
+    "glance_registry_service" => "glance-registry",
+    "glance_registry_process_name" => "glance-registry",
+    "package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'"
  }
 end
--- a/metadata.rb
+++ b/metadata.rb
@ -9,11 +9,12 @@ recipe            "glance::registry", "Installs packages required for a glance r
 recipe            "glance::db", "Creates the Glance registry database"
 recipe            "glance::keystone_registration", "Registers Glance endpoints and service with Keystone"

-%w{ ubuntu fedora redhat centos }.each do |os|
+%w{ ubuntu fedora redhat centos suse }.each do |os|
  supports os
 end

 depends           "database"
 depends           "keystone", ">= 2012.2.1"
-depends           "mysql"
 depends           "openstack-common", ">= 0.1.7"
+suggests          "mysql"
+suggests          "postgresql" 
--- a/recipes/api.rb
+++ b/recipes/api.rb
@ -62,8 +62,6 @@ directory ::File.dirname node["glance"]["api"]["auth"]["cache_dir"] do
  owner node["glance"]["user"]
  group node["glance"]["group"]
  mode 00700
-
-  only_if { node["openstack"]["auth"]["strategy"] == "pki" }
 end

 template "/etc/glance/policy.json" do
@ -146,6 +144,8 @@ template "/etc/glance/glance-api.conf" do
    :sql_connection => sql_connection,
    :rabbit_ipaddress => rabbit_info["host"],    #FIXME!
    :glance_flavor => glance_flavor,
+    "identity_endpoint" => identity_endpoint,
+    "service_pass" => service_pass,
    :swift_store_key => swift_store_key,
    :swift_user_tenant => swift_user_tenant,
    :swift_store_user => swift_store_user,
@ -161,10 +161,6 @@ template "/etc/glance/glance-api-paste.ini" do
  owner node["glance"]["user"]
  group node["glance"]["group"]
  mode   00644
-  variables(
-    "identity_endpoint" => identity_endpoint,
-    "service_pass" => service_pass
-  )

  notifies :restart, "service[glance-api]", :immediately
 end
--- a/recipes/db.rb
+++ b/recipes/db.rb
@ -24,14 +24,7 @@ class ::Chef::Recipe
  include ::Openstack
 end

-# TODO(jaypipes): This is retarded, but nothing runs without this. The
-# database cookbook should handle this crap, but it doesn't. :(
-include_recipe "mysql::client"
-include_recipe "mysql::ruby"
-
-db_pass = db_password "glance"
-
 db_create_with_user("image",
  node["glance"]["db"]["username"],
-  db_pass
+  db_password("glance")
 )
--- a/recipes/keystone_registration.rb
+++ b/recipes/keystone_registration.rb
@ -66,7 +66,7 @@ keystone_register "Register Service Tenant" do
  bootstrap_token bootstrap_token
  tenant_name service_tenant_name
  tenant_description "Service Tenant"
-  tenant_enabled "true" # Not required as this is the default
+  tenant_enabled true # Not required as this is the default

  action :create_tenant
 end
@ -78,7 +78,7 @@ keystone_register "Register #{service_user} User" do
  tenant_name service_tenant_name
  user_name service_user
  user_pass service_pass
-  user_enabled "true" # Not required as this is the default
+  user_enabled true # Not required as this is the default

  action :create_user
 end
--- a/recipes/registry.rb
+++ b/recipes/registry.rb
@ -43,7 +43,8 @@ package "curl" do
  action :install
 end

-platform_options["mysql_python_packages"].each do |pkg|
+db_type = node['openstack']['db']['identity']['db_type']
+platform_options["#{db_type}_python_packages"].each do |pkg|
  package pkg do
    action :install
  end
@ -59,8 +60,6 @@ directory ::File.dirname(node["glance"]["registry"]["auth"]["cache_dir"]) do
  owner node["glance"]["user"]
  group node["glance"]["group"]
  mode 00700
-
-  only_if { node["openstack"]["auth"]["strategy"] == "pki" }
 end

 service "glance-registry" do
@ -101,7 +100,9 @@ template "/etc/glance/glance-registry.conf" do
  variables(
    :registry_bind_address => bind_address,
    :registry_port => registry_endpoint.port,
-    :sql_connection => sql_connection
+    :sql_connection => sql_connection,
+    "identity_endpoint" => identity_endpoint,
+    "service_pass" => service_pass
  )

  notifies :restart, "service[glance-registry]", :immediately
@ -115,10 +116,6 @@ template "/etc/glance/glance-registry-paste.ini" do
  owner  "root"
  group  "root"
  mode   00644
-  variables(
-    "identity_endpoint" => identity_endpoint,
-    "service_pass" => service_pass
-  )

  notifies :restart, "service[glance-registry]", :immediately
 end
--- a/templates/default/glance-api-paste.ini.erb
+++ b/templates/default/glance-api-paste.ini.erb
@ -1,6 +1,6 @@
 <%= node["glance"]["custom_template_banner"] %>

-# Default minimal pipeline
+# Use this pipeline for no auth or image caching - DEFAULT
 [pipeline:glance-api]
 pipeline = versionnegotiation unauthenticated-context rootapp

@ -55,14 +55,5 @@ paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
 paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory

 [filter:authtoken]
-paste.filter_factory = keystone.middleware.auth_token:filter_factory
-auth_host = <%= @identity_endpoint.host %>
-auth_port = <%= @identity_endpoint.port %>
-auth_protocol = <%= @identity_endpoint.scheme %>
-admin_tenant_name = <%= node["glance"]["service_tenant_name"] %>
-admin_user = <%= node["glance"]["service_user"] %>
-admin_password = <%= @service_pass %>
+paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
 delay_auth_decision = true
-<% if node["openstack"]["auth"]["strategy"] == "pki" -%>
-signing_dir = <%= node["glance"]["api"]["auth"]["cache_dir"] %>
-<% end -%>
--- a/templates/default/glance-api.conf.erb
+++ b/templates/default/glance-api.conf.erb
@ -246,5 +246,14 @@ scrubber_datadir = /var/lib/glance/scrubber
 # Base directory that the Image Cache uses
 image_cache_dir = /var/lib/glance/image-cache/

+[keystone_authtoken]
+auth_host = <%= @identity_endpoint.host %>
+auth_port = <%= @identity_endpoint.port %>
+auth_protocol = <%= @identity_endpoint.scheme %>
+admin_tenant_name = <%= node["glance"]["service_tenant_name"] %>
+admin_user = <%= node["glance"]["service_user"] %>
+admin_password = <%= @service_pass %>
+signing_dir = <%= node["glance"]["api"]["auth"]["cache_dir"] %>
+
 [paste_deploy]
 flavor = <%= @glance_flavor %>
--- a/templates/default/glance-registry-paste.ini.erb
+++ b/templates/default/glance-registry-paste.ini.erb
@ -1,14 +1,11 @@
 <%= node["glance"]["custom_template_banner"] %>

 # Default minimal pipeline
+# Use this pipeline for no auth - DEFAULT
 [pipeline:glance-registry]
-pipeline = context registryapp
+pipeline = unauthenticated-context registryapp

-# Use the following pipeline for keystone auth
-# i.e. in glance-registry.conf:
-# [paste_deploy]
-# flavor = keystone
-#
+# Use this pipeline for keystone auth
 [pipeline:glance-registry-keystone]
 pipeline = authtoken context registryapp

@ -16,18 +13,11 @@ pipeline = authtoken context registryapp
 paste.app_factory = glance.registry.api.v1:API.factory

 [filter:context]
-context_class = glance.registry.context.RequestContext
 paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory

+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
 [filter:authtoken]
-paste.filter_factory = keystone.middleware.auth_token:filter_factory
-auth_host = <%= @identity_endpoint.host %>
-auth_port = <%= @identity_endpoint.port %>
-auth_protocol = <%= @identity_endpoint.scheme %>
-admin_tenant_name = <%= node["glance"]["service_tenant_name"] %>
-admin_user = <%= node["glance"]["service_user"] %>
-admin_password = <%= @service_pass %>
+paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
 delay_auth_decision = true
-<% if node["openstack"]["auth"]["strategy"] == "pki" -%>
-signing_dir = <%= node["glance"]["registry"]["auth"]["cache_dir"] %>
-<% end -%>
--- a/templates/default/glance-registry.conf.erb
+++ b/templates/default/glance-registry.conf.erb
@ -56,5 +56,15 @@ log_file = /var/log/glance/registry.log
 # Private key file to use when starting registry server securely
 # key_file = /path/to/keyfile

+# ================= Keystone authtoken ===============================
+[keystone_authtoken]
+auth_host = <%= @identity_endpoint.host %>
+auth_port = <%= @identity_endpoint.port %>
+auth_protocol = <%= @identity_endpoint.scheme %>
+admin_tenant_name = <%= node["glance"]["service_tenant_name"] %>
+admin_user = <%= node["glance"]["service_user"] %>
+admin_password = <%= @service_pass %>
+signing_dir = <%= node["glance"]["registry"]["auth"]["cache_dir"] %>
+
 [paste_deploy]
 flavor = keystone