Use ironic::neutron class

Keystone_authtoken parameters were deprecated for authenticating in neutron, we need to switch to neutron/* auth options using ironic::neutron class. Change-Id: I72c2fd5241fe3e171fac8bd61d4000ab4415daa3 Closes-Bug: #1662158
2017-02-09 17:17:29 +02:00 · 2017-02-09 17:17:29 +02:00 · 38f91bf47c
parent 34185580a1
commit 38f91bf47c
4 changed files with 56 additions and 14 deletions
--- a/deployment/puppet/openstack_tasks/manifests/ironic/ironic.pp
+++ b/deployment/puppet/openstack_tasks/manifests/ironic/ironic.pp
@ -64,6 +64,7 @@ class openstack_tasks::ironic::ironic {
  $neutron_endpoint_default   = hiera('neutron_endpoint', $management_vip)
  $neutron_protocol           = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'protocol', 'http')
  $neutron_endpoint           = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'hostname', $neutron_endpoint_default)
+  $neutron_uri                = "${neutron_protocol}://${neutron_endpoint}:9696"

  $rabbit_heartbeat_timeout_threshold = pick($ironic_hash['rabbit_heartbeat_timeout_threshold'], $rabbit_hash['heartbeat_timeout_threshold'], 60)
  $rabbit_heartbeat_rate              = pick($ironic_hash['rabbit_heartbeat_rate'], $rabbit_hash['rabbit_heartbeat_rate'], 2)
@ -72,6 +73,14 @@ class openstack_tasks::ironic::ironic {

  $baremetal_vip = $network_metadata['vips']['baremetal']['ipaddr']

+  class { '::ironic::neutron':
+    api_endpoint => $neutron_uri,
+    auth_url     => $admin_identity_uri,
+    project_name => $ironic_tenant,
+    username     => $ironic_user,
+    password     => $ironic_user_password,
+  }
+
  class { '::ironic':
    debug                              => $debug,
    rabbit_hosts                       => $rabbit_hosts,
@ -104,7 +113,6 @@ class openstack_tasks::ironic::ironic {

  class { '::ironic::api':
    host_ip           => get_network_role_property('ironic/api', 'ipaddr'),
-    neutron_url       => "${neutron_protocol}://${neutron_endpoint}:9696",
    public_endpoint   => "${public_protocol}://${public_address}:6385",
  }
 }
--- a/deployment/puppet/openstack_tasks/manifests/roles/ironic_conductor.pp
+++ b/deployment/puppet/openstack_tasks/manifests/roles/ironic_conductor.pp
@ -80,6 +80,14 @@ class openstack_tasks::roles::ironic_conductor {
    warning('The $verbose is deprecated and will be removed in a future release')
  }

+  class { '::ironic::neutron':
+    api_endpoint => $neutron_uri,
+    auth_url     => $admin_identity_uri,
+    project_name => $ironic_tenant,
+    username     => $ironic_user,
+    password     => $ironic_user_password,
+  }
+
  class { '::ironic':
    debug                => $debug,
    enabled_drivers      => ['fuel_ssh', 'fuel_ipmitool', 'fake', 'fuel_libvirt'],
@ -121,17 +129,6 @@ class openstack_tasks::roles::ironic_conductor {
    'glance/temp_url_endpoint_type':        value => $temp_url_endpoint_type;
  }

-  # TODO (mkarpin): use ironic::neutron class once https://review.openstack.org/#/c/428795/ is merged
-  if !defined(Ironic_config['neutron/url']) {
-    ironic_config {
-      'neutron/url': value => $neutron_uri;
-    }
-  } else {
-    Ironic_config <| title == 'neutron/url' |> {
-      value => $neutron_uri
-    }
-  }
-
  file { $tftp_root:
    ensure  => directory,
    owner   => 'ironic',
--- a/tests/noop/spec/hosts/ironic/ironic_spec.rb
+++ b/tests/noop/spec/hosts/ironic/ironic_spec.rb
@ -32,6 +32,7 @@ if ironic_enabled
      service_endpoint = Noop.hiera 'service_endpoint'
      management_vip = Noop.hiera 'management_vip'
      public_vip = Noop.hiera 'public_vip'
+
      let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
      let(:public_ssl_hash) { Noop.hiera_hash 'public_ssl', {} }
      let(:internal_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','protocol','http' }
@ -49,9 +50,12 @@ if ironic_enabled
      let(:neutron_endpoint_default) {Noop.hiera 'neutron_endpoint', management_vip }
      let(:neutron_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'neutron','internal','protocol','http' }
      let(:neutron_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'neutron','internal','hostname', neutron_endpoint_default }
+      let(:neutron_url) do
+          "#{neutron_protocol}://#{neutron_address}:9696"
+      end

      let(:memcached_servers) { Noop.hiera 'memcached_servers' }
-    let(:local_memcached_server) { Noop.hiera 'local_memcached_server' }
+      let(:local_memcached_server) { Noop.hiera 'local_memcached_server' }

      rabbit_heartbeat_timeout_threshold = Noop.puppet_function 'pick', ironic_hash['rabbit_heartbeat_timeout_threshold'], rabbit_hash['heartbeat_timeout_treshold'], 60
      rabbit_heartbeat_rate = Noop.puppet_function 'pick', ironic_hash['rabbit_heartbeat_rate'], rabbit_hash['heartbeat_rate'], 2
@ -65,6 +69,16 @@ if ironic_enabled
        should contain_ironic_config('DEFAULT/default_log_levels').with_value(default_log_levels.sort.join(','))
      end

+      it 'should declare ironic::neutron class correctly' do
+        should contain_class('ironic::neutron').with(
+          'api_endpoint' => neutron_url,
+          'auth_url'     => admin_auth_uri,
+          'project_name' => admin_tenant,
+          'username'     => admin_user,
+          'password'     => admin_password,
+        )
+      end
+
      it 'should declare ironic class correctly' do
        should contain_class('ironic').with(
          'rabbit_userid'        => rabbit_user,
@ -87,6 +101,14 @@ if ironic_enabled
        )
      end

+      it 'ironic config should have propper neutron config options' do
+        should contain_ironic_config('neutron/url').with('value' => neutron_url)
+        should contain_ironic_config('neutron/auth_url').with('value' => admin_auth_uri)
+        should contain_ironic_config('neutron/username').with('value' => admin_user)
+        should contain_ironic_config('neutron/password').with('value' => admin_password)
+        should contain_ironic_config('neutron/project_name').with('value' => admin_tenant)
+      end
+
      it 'should correctly configure authtoken parameters' do
        should contain_ironic_config('keystone_authtoken/username').with(:value => admin_user)
        should contain_ironic_config('keystone_authtoken/password').with(:value => admin_password)
@ -98,7 +120,6 @@ if ironic_enabled

      it 'should declare ironic::api class correctly' do
        should contain_class('ironic::api').with(
-          'neutron_url'          => "#{neutron_protocol}://#{neutron_address}:9696",
          'public_endpoint'      => "#{public_protocol}://#{public_address}:6385"
        )
      end
--- a/tests/noop/spec/hosts/roles/ironic-conductor_spec.rb
+++ b/tests/noop/spec/hosts/roles/ironic-conductor_spec.rb
@ -62,6 +62,8 @@ describe manifest do
      service_endpoint = Noop.hiera 'service_endpoint', management_vip
      neutron_endpoint = Noop.hiera 'neutron_endpoint', service_endpoint
      ironic_user = Noop.hiera_structure 'ironic/user', 'ironic'
+      ironic_user_password = Noop.hiera_structure 'ironic/user_password','ironic'
+      ironic_tenant = Noop.hiera_structure 'ironic/tenant','services'
      temp_url_endpoint_type = (storage_config['images_ceph']) ? 'radosgw' : 'swift'

      let(:public_ssl_hash) { Noop.hiera_hash('public_ssl') }
@ -77,10 +79,24 @@ describe manifest do
      let(:admin_identity_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','hostname', [ service_endpoint, management_vip ] }
      let(:admin_identity_uri) { "#{internal_auth_protocol}://#{internal_auth_address}:35357" }

+      it 'should declare ironic::neutron class correctly' do
+        should contain_class('ironic::neutron').with(
+          'api_endpoint' => neutron_url,
+          'auth_url'     => admin_identity_uri,
+          'project_name' => ironic_tenant,
+          'username'     => ironic_user,
+          'password'     => ironic_user_password,
+        )
+      end
+

      it 'ironic config should have propper config options' do
        should contain_ironic_config('pxe/tftp_root').with('value' => '/var/lib/ironic/tftpboot')
        should contain_ironic_config('neutron/url').with('value' => neutron_url)
+        should contain_ironic_config('neutron/auth_url').with('value' => admin_identity_uri)
+        should contain_ironic_config('neutron/username').with('value' => ironic_user)
+        should contain_ironic_config('neutron/password').with('value' => ironic_user_password)
+        should contain_ironic_config('neutron/project_name').with('value' => ironic_tenant)
        should contain_ironic_config('keystone_authtoken/auth_uri').with('value' => internal_auth_uri)
        should contain_ironic_config('keystone_authtoken/identity_uri').with('value' => admin_identity_uri)
        should contain_ironic_config('keystone_authtoken/admin_user').with('value' => ironic_user)