From 2e1ed9749d65ab9ec099f3e01a445569a075613c Mon Sep 17 00:00:00 2001 From: Michael Polenchuk Date: Tue, 12 Apr 2016 14:48:21 +0300 Subject: [PATCH] Smooth out glance api servers getter * get glance api servers list from one entry point for http(s) * set the following descending priority for getter: - hiera glance_api_servers raw list - get_ssl_property() return - hiera glance_endpoint ip address - $management_vip Change-Id: I80c45d1c6cdabfd8aa239ae61d8c4add5e9e8cbe Closes-Bug: #1568088 Closes-bug: #1569443 --- .../openstack_cinder/openstack_cinder.pp | 14 +++++-------- .../openstack_controller.pp | 11 ++++------ .../openstack_tasks/manifests/roles/cinder.pp | 12 ++++------- .../manifests/roles/compute.pp | 11 ++++------ .../openstack-cinder/openstack-cinder_spec.rb | 21 ++++++++++++++----- .../openstack-controller_spec.rb | 12 +++-------- tests/noop/spec/hosts/roles/cinder_spec.rb | 17 +++++++-------- tests/noop/spec/hosts/roles/compute_spec.rb | 12 ++++++----- 8 files changed, 51 insertions(+), 59 deletions(-) diff --git a/deployment/puppet/openstack_tasks/manifests/openstack_cinder/openstack_cinder.pp b/deployment/puppet/openstack_tasks/manifests/openstack_cinder/openstack_cinder.pp index 6801c92e39..b4994c9152 100644 --- a/deployment/puppet/openstack_tasks/manifests/openstack_cinder/openstack_cinder.pp +++ b/deployment/puppet/openstack_tasks/manifests/openstack_cinder/openstack_cinder.pp @@ -48,21 +48,17 @@ class openstack_tasks::openstack_cinder::openstack_cinder { $keystone_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http') $keystone_auth_host = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [hiera('keystone_endpoint', ''), $service_endpoint, $management_vip]) - $glance_protocol = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'protocol', 'http') - $glance_endpoint = get_ssl_property($ssl_hash, {}, 'heat', 'internal', 'hostname', [hiera('glance_endpoint', ''), $management_vip]) - $glance_ssl_usage = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'usage', false) + # get glance api servers list + $glance_endpoint_default = hiera('glance_endpoint', $management_vip) + $glance_protocol = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'protocol', 'http') + $glance_endpoint = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'hostname', $glance_endpoint_default) + $glance_api_servers = hiera('glance_api_servers', "${glance_protocol}://${glance_endpoint}:9292") $swift_internal_protocol = get_ssl_property($ssl_hash, {}, 'swift', 'internal', 'protocol', 'http') $swift_internal_address = get_ssl_property($ssl_hash, {}, 'swift', 'internal', 'hostname', [$management_vip]) $swift_url = "${swift_internal_protocol}://${swift_internal_address}:${proxy_port}" - if $glance_ssl_usage { - $glance_api_servers = "${glance_protocol}://${glance_endpoint}:9292" - } else { - $glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292") - } - $service_port = '5000' $auth_uri = "${keystone_auth_protocol}://${keystone_auth_host}:${service_port}/" $identity_uri = "${keystone_auth_protocol}://${keystone_auth_host}:${service_port}/" diff --git a/deployment/puppet/openstack_tasks/manifests/openstack_controller/openstack_controller.pp b/deployment/puppet/openstack_tasks/manifests/openstack_controller/openstack_controller.pp index d30c8d5996..0933269b07 100644 --- a/deployment/puppet/openstack_tasks/manifests/openstack_controller/openstack_controller.pp +++ b/deployment/puppet/openstack_tasks/manifests/openstack_controller/openstack_controller.pp @@ -51,14 +51,11 @@ class openstack_tasks::openstack_controller::openstack_controller { $keystone_identity_uri = "${admin_auth_protocol}://${admin_auth_address}:35357/" $keystone_ec2_url = "${keystone_auth_uri}v2.0/ec2tokens" + # get glance api servers list + $glance_endpoint_default = hiera('glance_endpoint', $management_vip) $glance_protocol = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'protocol', 'http') - $glance_endpoint = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'hostname', [hiera('glance_endpoint', ''), $management_vip]) - $glance_ssl = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'usage', false) - if $glance_ssl { - $glance_api_servers = "${glance_protocol}://${glance_endpoint}:9292" - } else { - $glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292") - } + $glance_endpoint = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'hostname', $glance_endpoint_default) + $glance_api_servers = hiera('glance_api_servers', "${glance_protocol}://${glance_endpoint}:9292") $keystone_user = pick($nova_hash['user'], 'nova') $keystone_tenant = pick($nova_hash['tenant'], 'services') diff --git a/deployment/puppet/openstack_tasks/manifests/roles/cinder.pp b/deployment/puppet/openstack_tasks/manifests/roles/cinder.pp index 540c01a55a..0bef54d91a 100644 --- a/deployment/puppet/openstack_tasks/manifests/roles/cinder.pp +++ b/deployment/puppet/openstack_tasks/manifests/roles/cinder.pp @@ -54,21 +54,17 @@ class openstack_tasks::roles::cinder { $keystone_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http') $keystone_auth_host = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip]) + # get glance api servers list + $glance_endpoint_default = hiera('glance_endpoint', $management_vip) $glance_protocol = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'protocol', 'http') - $glance_endpoint = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'hostname', [$management_vip]) - $glance_internal_ssl = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'usage', false) + $glance_endpoint = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'hostname', $glance_endpoint_default) + $glance_api_servers = hiera('glance_api_servers', "${glance_protocol}://${glance_endpoint}:9292") $swift_internal_protocol = get_ssl_property($ssl_hash, {}, 'swift', 'internal', 'protocol', 'http') $swift_internal_address = get_ssl_property($ssl_hash, {}, 'swift', 'internal', 'hostname', [$management_vip]) $swift_url = "${swift_internal_protocol}://${swift_internal_address}:${proxy_port}" - if $glance_internal_ssl { - $glance_api_servers = "${glance_protocol}://${glance_endpoint}:9292" - } else { - $glance_api_servers = hiera('glance_api_servers', "http://${management_vip}:9292") - } - $service_port = '5000' $auth_uri = "${keystone_auth_protocol}://${keystone_auth_host}:${service_port}/" diff --git a/deployment/puppet/openstack_tasks/manifests/roles/compute.pp b/deployment/puppet/openstack_tasks/manifests/roles/compute.pp index 245904ad39..08e7e1ddff 100644 --- a/deployment/puppet/openstack_tasks/manifests/roles/compute.pp +++ b/deployment/puppet/openstack_tasks/manifests/roles/compute.pp @@ -65,14 +65,11 @@ class openstack_tasks::roles::compute { $network_device_mtu = 65000 } + # get glance api servers list + $glance_endpoint_default = hiera('glance_endpoint', $management_vip) $glance_protocol = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'protocol', 'http') - $glance_endpoint = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'hostname', [hiera('glance_endpoint', $management_vip)]) - $glance_internal_ssl = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'usage', false) - if $glance_internal_ssl { - $glance_api_servers = "${glance_protocol}://${glance_endpoint}:9292" - } else { - $glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292") - } + $glance_endpoint = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'hostname', $glance_endpoint_default) + $glance_api_servers = hiera('glance_api_servers', "${glance_protocol}://${glance_endpoint}:9292") $vncproxy_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'nova', 'public', 'protocol', [$nova_hash['vncproxy_protocol'], 'http']) $vncproxy_host = get_ssl_property($ssl_hash, $public_ssl_hash, 'nova', 'public', 'hostname', [$public_vip]) diff --git a/tests/noop/spec/hosts/openstack-cinder/openstack-cinder_spec.rb b/tests/noop/spec/hosts/openstack-cinder/openstack-cinder_spec.rb index d35f89404e..c64797d1b1 100644 --- a/tests/noop/spec/hosts/openstack-cinder/openstack-cinder_spec.rb +++ b/tests/noop/spec/hosts/openstack-cinder/openstack-cinder_spec.rb @@ -31,7 +31,9 @@ describe manifest do primary_controller = Noop.hiera 'primary_controller' volume_backend_name = Noop.hiera_structure 'storage/volume_backend_names' kombu_compression = Noop.hiera 'kombu_compression', '' + ssl_hash = Noop.hiera_hash 'use_ssl', {} + management_vip = Noop.hiera 'management_vip' database_vip = Noop.hiera('database_vip') cinder = Noop.puppet_function 'roles_include', 'cinder' cinder_db_password = Noop.hiera_structure 'cinder/db_password', 'cinder' @@ -55,6 +57,11 @@ describe manifest do end end + let(:glance_endpoint_default) { Noop.hiera 'glance_endpoint', management_vip } + let(:glance_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance','internal','protocol','http' } + let(:glance_endpoint) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance','internal','hostname', glance_endpoint_default} + let(:glance_api_servers) { Noop.hiera 'glance_api_servers', "#{glance_protocol}://#{glance_endpoint}:9292" } + it 'should configure default_log_levels' do should contain_cinder_config('DEFAULT/default_log_levels').with_value(default_log_levels.sort.join(',')) end @@ -97,12 +104,12 @@ describe manifest do ) end - if Noop.hiera_structure('use_ssl', false) - internal_auth_protocol = 'https' - keystone_auth_host = Noop.hiera_structure('use_ssl/keystone_internal_hostname') - else + if ssl_hash.empty? internal_auth_protocol = 'http' keystone_auth_host = Noop.hiera 'service_endpoint' + else + internal_auth_protocol = 'https' + keystone_auth_host = Noop.hiera_structure('use_ssl/keystone_internal_hostname') end auth_uri = "#{internal_auth_protocol}://#{keystone_auth_host}:5000/" identity_uri = "#{internal_auth_protocol}://#{keystone_auth_host}:5000/" @@ -207,8 +214,12 @@ describe manifest do 'keymgr_encryption_auth_url' => "#{identity_uri}/v3", ) } + it { is_expected.to contain_class('cinder::glance').with( + :glance_api_servers => glance_api_servers, + :glance_api_version => '2', + )} + it { is_expected.to contain_class('cinder') } - it { is_expected.to contain_class('cinder::glance') } it { is_expected.to contain_class('cinder::logging') } it { is_expected.to contain_class('cinder::scheduler') } it { diff --git a/tests/noop/spec/hosts/openstack-controller/openstack-controller_spec.rb b/tests/noop/spec/hosts/openstack-controller/openstack-controller_spec.rb index 3ada4da072..6e61ed929a 100644 --- a/tests/noop/spec/hosts/openstack-controller/openstack-controller_spec.rb +++ b/tests/noop/spec/hosts/openstack-controller/openstack-controller_spec.rb @@ -120,16 +120,10 @@ describe manifest do let(:nova_quota) { Noop.hiera 'nova_quota', false } + let(:glance_endpoint_default) { Noop.hiera 'glance_endpoint', management_vip } let(:glance_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance','internal','protocol','http' } - let(:glance_endpoint) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance','internal','hostname',[Noop.hiera('glance_endpoint', ''), management_vip] } - let(:glance_ssl) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance','internal','usage',false } - let(:glance_api_servers) do - if glance_ssl - "#{glance_protocol}://#{glance_endpoint}:9292" - else - Noop.hiera 'glance_api_servers', "#{management_vip}:9292" - end - end + let(:glance_endpoint) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance','internal','hostname', glance_endpoint_default} + let(:glance_api_servers) { Noop.hiera 'glance_api_servers', "#{glance_protocol}://#{glance_endpoint}:9292" } let(:keystone_user) { Noop.puppet_function 'pick', nova_hash['user'], 'nova' } let(:keystone_tenant) { Noop.puppet_function 'pick', nova_hash['tenant'], 'services' } diff --git a/tests/noop/spec/hosts/roles/cinder_spec.rb b/tests/noop/spec/hosts/roles/cinder_spec.rb index 2d667894a1..73466e6e2c 100644 --- a/tests/noop/spec/hosts/roles/cinder_spec.rb +++ b/tests/noop/spec/hosts/roles/cinder_spec.rb @@ -22,6 +22,7 @@ describe manifest do volume_backend_name = storage_hash['volume_backend_names'] kombu_compression = Noop.hiera 'kombu_compression', '' + management_vip = Noop.hiera 'management_vip' database_vip = Noop.hiera('database_vip') cinder_db_password = Noop.hiera_structure 'cinder/db_password', 'cinder' cinder_db_user = Noop.hiera_structure 'cinder/db_user', 'cinder' @@ -58,18 +59,16 @@ describe manifest do it { should contain_package('python-amqp') } - if Noop.hiera_structure('use_ssl') - glance_protocol = 'https' - glance_internal_address = Noop.hiera_structure('use_ssl/glance_internal_hostname') - else - glance_protocol = 'http' - glance_internal_address = Noop.hiera('management_vip') - end - glance_api_servers = "#{glance_protocol}://#{glance_internal_address}:9292" + let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} } + let(:glance_endpoint_default) { Noop.hiera 'glance_endpoint', management_vip } + let(:glance_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance','internal','protocol','http' } + let(:glance_endpoint) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance','internal','hostname', glance_endpoint_default} + let(:glance_api_servers) { Noop.hiera 'glance_api_servers', "#{glance_protocol}://#{glance_endpoint}:9292" } it 'should contain correct glance api servers addresses' do should contain_class('cinder::glance').with( - 'glance_api_servers' => glance_api_servers + :glance_api_servers => glance_api_servers, + :glance_api_version => '2', ) end diff --git a/tests/noop/spec/hosts/roles/compute_spec.rb b/tests/noop/spec/hosts/roles/compute_spec.rb index e93865be7a..2160bfcd59 100644 --- a/tests/noop/spec/hosts/roles/compute_spec.rb +++ b/tests/noop/spec/hosts/roles/compute_spec.rb @@ -394,14 +394,16 @@ describe manifest do # SSL support management_vip = Noop.hiera('management_vip') - glance_api_servers = "#{management_vip}:9292" vncproxy_protocol = 'https' + ssl_hash = Noop.hiera_hash 'use_ssl', {} - if Noop.hiera_structure('use_ssl') + let(:glance_endpoint_default) { Noop.hiera 'glance_endpoint', management_vip } + let(:glance_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance','internal','protocol','http' } + let(:glance_endpoint) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance','internal','hostname', glance_endpoint_default} + let(:glance_api_servers) { Noop.hiera 'glance_api_servers', "#{glance_protocol}://#{glance_endpoint}:9292" } + + if !ssl_hash.empty? vncproxy_host = Noop.hiera_structure('use_ssl/nova_public_hostname') - glance_protocol = 'https' - glance_endpoint = Noop.hiera_structure('use_ssl/glance_internal_hostname') - glance_api_servers = "#{glance_protocol}://#{glance_endpoint}:9292" elsif Noop.hiera_structure('public_ssl/services') vncproxy_host = Noop.hiera_structure('public_ssl/hostname') else