Update keystone_auth section for Mitaka

The keystone_auth section has changed for Mitaka. The Liberty format
,which is currently being used, is incompatible with keystone v3 on
Mitaka as it assumes the id of the default domain is default where
as in Mitaka it is a uuid.

The install documentation for Mitaka dictates that domain name should
be used rather than id when setting project_domain and user_domain

Change-Id: Ic8621020db16eaa4ac398e48406d8a858f974ae4
Partial-Bug: 1571347

hooks/charmhelpers/contrib/openstack/templates/section-keystone-authtoken-mitaka

@@ -0,0 +1,12 @@
+{% if auth_host -%}
+[keystone_authtoken]
+auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
+auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = {{ admin_tenant_name }}
+username = {{ admin_user }}
+password = {{ admin_password }}
+signing_dir = {{ signing_dir }}
+{% endif -%}

hooks/charmhelpers/contrib/storage/linux/ceph.py

@@ -166,12 +166,19 @@ class Pool(object):
         """
         # read-only is easy, writeback is much harder
         mode = get_cache_mode(self.service, cache_pool)
+        version = ceph_version()
         if mode == 'readonly':
             check_call(['ceph', '--id', self.service, 'osd', 'tier', 'cache-mode', cache_pool, 'none'])
             check_call(['ceph', '--id', self.service, 'osd', 'tier', 'remove', self.name, cache_pool])
 
         elif mode == 'writeback':
-            check_call(['ceph', '--id', self.service, 'osd', 'tier', 'cache-mode', cache_pool, 'forward'])
+            pool_forward_cmd = ['ceph', '--id', self.service, 'osd', 'tier',
+                                'cache-mode', cache_pool, 'forward']
+            if version >= '10.1':
+                # Jewel added a mandatory flag
+                pool_forward_cmd.append('--yes-i-really-mean-it')
+
+            check_call(pool_forward_cmd)
             # Flush the cache and wait for it to return
             check_call(['rados', '--id', self.service, '-p', cache_pool, 'cache-flush-evict-all'])
             check_call(['ceph', '--id', self.service, 'osd', 'tier', 'remove-overlay', self.name])
@@ -221,6 +228,10 @@ class ReplicatedPool(Pool):
                    self.name, str(self.pg_num)]
             try:
                 check_call(cmd)
+                # Set the pool replica size
+                update_pool(client=self.service,
+                            pool=self.name,
+                            settings={'size': str(self.replicas)})
             except CalledProcessError:
                 raise
 

templates/mitaka/cinder.conf

@@ -0,0 +1,79 @@
+###############################################################################
+# [ WARNING ]
+# cinder configuration file maintained by Juju
+# local changes may be overwritten.
+###############################################################################
+[DEFAULT]
+rootwrap_config = /etc/cinder/rootwrap.conf
+api_paste_confg = /etc/cinder/api-paste.ini
+iscsi_helper = tgtadm
+volume_name_template = volume-%s
+volume_group = cinder-volumes
+verbose = {{ verbose }}
+debug = {{ debug }}
+use_syslog = {{ use_syslog }}
+auth_strategy = keystone
+state_path = /var/lib/cinder
+volumes_dir = /var/lib/cinder/volumes
+osapi_volume_workers = {{ workers }}
+
+{% if rabbitmq_host or rabbitmq_hosts -%}
+notification_driver = cinder.openstack.common.notifier.rpc_notifier
+control_exchange = cinder
+{% endif -%}
+
+{% if volume_driver -%}
+volume_driver = {{ volume_driver }}
+{% endif -%}
+
+{% if use_internal_endpoints -%}
+swift_catalog_info = object-store:swift:internalURL
+keystone_catalog_info = identity:Identity Service:internalURL
+glance_catalog_info = image:glance:internalURL
+nova_catalog_info = compute:Compute Service:internalURL
+{% endif %}
+
+{% if rbd_pool -%}
+rbd_pool = {{ rbd_pool }}
+host = {{ host }}
+rbd_user = {{ rbd_user }}
+{% endif -%}
+
+osapi_volume_listen = {{ bind_host }}
+{% if osapi_volume_listen_port -%}
+osapi_volume_listen_port = {{ osapi_volume_listen_port }}
+{% endif -%}
+
+{% if glance_api_servers -%}
+glance_api_servers = {{ glance_api_servers }}
+{% endif -%}
+
+{% if glance_api_version -%}
+glance_api_version = {{ glance_api_version }}
+{% endif -%}
+
+{% if region -%}
+os_region_name = {{ region }}
+{% endif -%}
+
+{% if user_config_flags -%}
+{% for key, value in user_config_flags.iteritems() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+
+{% include "parts/backends" %}
+
+{% include "section-keystone-authtoken-mitaka" %}
+
+{% include "parts/section-database" %}
+
+{% include "section-rabbitmq-oslo" %}
+
+[oslo_concurrency]
+lock_path = /var/lock/cinder
+
+[keymgr]
+# XXX: hack to work around http://pad.lv/1516085
+#      will be superceeded by SRU to cinder package
+encryption_auth_url = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/v3

tests/basic_deployment.py

@@ -551,7 +551,19 @@ class CinderBasicDeployment(OpenStackAmuletDeployment):
             'rabbit_password': rel_mq_ci['password'],
             'rabbit_host': rel_mq_ci['hostname'],
         }
-        if self._get_openstack_release() >= self.trusty_liberty:
+        if self._get_openstack_release() >= self.trusty_mitaka:
+            expected['keystone_authtoken'] = {
+                'auth_uri': auth_uri.rstrip('/'),
+                'auth_url': auth_url.rstrip('/'),
+                'auth_type': 'password',
+                'project_domain_name': 'default',
+                'user_domain_name': 'default',
+                'project_name': 'services',
+                'username': rel_ks_ci['service_username'],
+                'password': rel_ks_ci['service_password'],
+                'signing_dir': '/var/cache/cinder'
+            }
+        elif self._get_openstack_release() >= self.trusty_liberty:
             expected['keystone_authtoken'] = {
                 'auth_uri': auth_uri.rstrip('/'),
                 'auth_url': auth_url.rstrip('/'),