Get the vCenter password from databag for cinder

1. Add new attribute openstack_vmware_secret_name to indicate the
databag secret key
2. Get the password from databag if dev mode is false
3. Update the test cases

Implements: blueprint vmware-password-databag

Change-Id: Id6872d38c255067a4991aceaa0bf6fb400cce1c8

CHANGELOG.md

@@ -1,6 +1,10 @@
 openstack-block-storage Cookbook CHANGELOG
 ==============================
 This file is used to list changes made in each version of the openstack-block-storage cookbook.
+## 9.2.0
+### Blue print
+* Get VMware vCenter password from databag
+
 ## 9.1.1
 * Fix package action to allow updates
 

README.md

@@ -140,15 +140,15 @@ Cinder attributes
 * `openstack['block-storage']['storwize']['storwize_svc_multihostmap_enabled'] - Allows vdisk to multi host mapping
 
 ### VMware attributes ###
+* `openstack['block-storage']['vmware']['secret_name']` - VMware databag secret name
 * `openstack['block-storage']['vmware']['vmware_host_ip']` - IP address for connecting to VMware ESX/VC server. (string value)
 * `openstack['block-storage']['vmware']['vmware_host_username']` - Username for authenticating with VMware ESX/VC server. (string value)
-* `openstack']['block-storage']['vmware']['vmware_host_password']` - Password for authenticating with VMware ESX/VC server. (string value)
+* `openstack['block-storage']['vmware']['vmware_wsdl_location']` - Optional VIM service WSDL Location e.g http://<server>/vimService.wsdl. Optional over-ride to default location for bug work-arounds. (string value)
-* `openstack']['block-storage']['vmware']['vmware_wsdl_location']` - Optional VIM service WSDL Location e.g http://<server>/vimService.wsdl. Optional over-ride to default location for bug work-arounds. (string value)
+* `openstack['block-storage']['vmware']['vmware_api_retry_count']` - Number of times VMware ESX/VC server API must be retried upon connection related issues. (integer value, default 10)
-* `openstack']['block-storage']['vmware']['vmware_api_retry_count']` - Number of times VMware ESX/VC server API must be retried upon connection related issues. (integer value, default 10)
+* `openstack['block-storage']['vmware']['vmware_task_poll_interval']` - The interval (in seconds) for polling remote tasks invoked on VMware ESX/VC server. (integer value, default 5)
-* `openstack']['block-storage']['vmware']['vmware_task_poll_interval']` - The interval (in seconds) for polling remote tasks invoked on VMware ESX/VC server. (integer value, default 5)
+* `openstack['block-storage']['vmware']['vmware_volume_folder']` - Name for the folder in the VC datacenter that will contain cinder volumes. (string value, default cinder-volumes)
-* `openstack']['block-storage']['vmware']['vmware_volume_folder']` - Name for the folder in the VC datacenter that will contain cinder volumes. (string value, default cinder-volumes)
+* `openstack['block-storage']['vmware']['vmware_image_transfer_timeout_secs']` - Timeout in seconds for VMDK volume transfer between Cinder and Glance. (integer value, default 7200)
-* `openstack']['block-storage']['vmware']['vmware_image_transfer_timeout_secs']` - Timeout in seconds for VMDK volume transfer between Cinder and Glance. (integer value, default 7200)
+* `openstack['block-storage']['vmware']['vmware_max_objects_retrieval']` - Max number of objects to be retrieved per batch. (integer value, default 100)
-* `openstack']['block-storage']['vmware']['vmware_max_objects_retrieval']` - Max number of objects to be retrieved per batch. (integer value, default 100)
 
 ### IBM GPFS attributes ###
 * `openstack['block-storage']['gpfs']['gpfs_mount_point_base']` - Path to directory in GPFS filesystem where volume files are located (string value)

attributes/default.rb

@@ -7,7 +7,7 @@
 # Copyright 2012, Rackspace US, Inc.
 # Copyright 2012-2013, AT&T Services, Inc.
 # Copyright 2013, Opscode, Inc.
-# Copyright 2013, IBM, Corp
+# Copyright 2013-2014, IBM, Corp
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -163,9 +163,9 @@ default['openstack']['block-storage']['emc']['EcomUserName'] = 'admin'
 default['openstack']['block-storage']['emc']['MaskingView'] = nil
 
 # VMware Support
+default['openstack']['block-storage']['vmware']['secret_name'] = 'openstack_vmware_secret_name'
 default['openstack']['block-storage']['vmware']['vmware_host_ip'] = ''
 default['openstack']['block-storage']['vmware']['vmware_host_username'] = ''
-default['openstack']['block-storage']['vmware']['vmware_host_password'] = ''
 default['openstack']['block-storage']['vmware']['vmware_wsdl_location'] = nil
 default['openstack']['block-storage']['vmware']['vmware_api_retry_count'] = 10
 default['openstack']['block-storage']['vmware']['vmware_task_poll_interval'] = 5

metadata.rb

@@ -5,7 +5,7 @@ maintainer_email 'cookbooks@lists.tfoundry.com'
 license          'Apache 2.0'
 description      'The OpenStack Advanced Volume Management service Cinder.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '9.1.1'
+version          '9.2.0'
 
 recipe           'openstack-block-storage::api', 'Installs the cinder-api, sets up the cinder database, and cinder service/user/endpoints in keystone'
 recipe           'openstack-block-storage::client', 'Install packages required for cinder client'

recipes/cinder-common.rb

@@ -61,6 +61,8 @@ directory '/etc/cinder' do
   action :create
 end
 
+vmware_host_pass = get_secret node['openstack']['block-storage']['vmware']['secret_name']
+
 template '/etc/cinder/cinder.conf' do
   source 'cinder.conf.erb'
   group node['openstack']['block-storage']['group']
@@ -76,7 +78,8 @@ template '/etc/cinder/cinder.conf' do
     ibmnas_pass: ibmnas_pass,
     solidfire_pass: solidfire_pass,
     volume_api_bind_address: cinder_api_bind.host,
-    volume_api_bind_port: cinder_api_bind.port
+    volume_api_bind_port: cinder_api_bind.port,
+    vmware_host_pass: vmware_host_pass
   )
 end
 

spec/cinder_common_spec.rb

@@ -474,7 +474,7 @@ describe 'openstack-block-storage::cinder-common' do
             node.set['openstack']['block-storage']['volume']['driver'] = 'cinder.volume.drivers.vmware.vmdk.VMwareVcVmdkDriver'
           end
 
-          %w(vmware_host_ip vmware_host_username vmware_host_password
+          %w(vmware_host_ip vmware_host_username
              vmware_api_retry_count vmware_task_poll_interval vmware_volume_folder
              vmware_image_transfer_timeout_secs vmware_max_objects_retrieval).each do |attr|
             it "has vmware #{attr} set" do
@@ -483,6 +483,10 @@ describe 'openstack-block-storage::cinder-common' do
             end
           end
 
+          it 'has password set which is from databag' do
+            expect(chef_run).to render_file(file.name).with_content(/^vmware_host_password = vmware_secret_name$/)
+          end
+
           it 'has no wsdl_location line without the attribute' do
             node.set['openstack']['block-storage']['vmware']['vmware_wsdl_location'] = nil
             expect(chef_run).not_to render_file(file.name).with_content(/^vmware_wsdl_location = /)

spec/spec_helper.rb

@@ -42,6 +42,9 @@ shared_context 'block-storage-stubs' do
     Chef::Recipe.any_instance.stub(:get_secret)
       .with('rbd_secret_uuid')
       .and_return('b0ff3bba-e07b-49b1-beed-09a45552b1ad')
+    Chef::Recipe.any_instance.stub(:get_secret)
+      .with('openstack_vmware_secret_name')
+      .and_return 'vmware_secret_name'
     Chef::Recipe.any_instance.stub(:get_password)
       .with('user', 'guest')
       .and_return('mq-pass')

templates/default/cinder.conf.erb

@@ -901,7 +901,7 @@ vmware_host_username = <%= node['openstack']['block-storage']['vmware']['vmware_
 
 # Password for authenticating with VMware ESX/VC server.
 # (string value)
-vmware_host_password = <%= node['openstack']['block-storage']['vmware']['vmware_host_password'] %>
+vmware_host_password = <%= @vmware_host_pass %>
 
 <% if node['openstack']['block-storage']['vmware']['vmware_wsdl_location'] -%>
 # Optional VIM service WSDL Location e.g