Make cinder work for Ocata
- cinder-api now runs under apache2 and no longer as systemd service - cinder-volume needs explicit backend configuration - don't install deprecated cinder v1 API endpoints - clean up some config options To be added in a follow-up: - Make backend configuration more flexible - Replace distro provided wsgi setup with our custom one Change-Id: I77ac294fd8e1cd4e6bc39667ddfdea21c4daed8a
This commit is contained in:
parent
8421080468
commit
a3ba8685a7
|
@ -9,13 +9,11 @@ default['openstack']['block-storage']['conf'].tap do |conf|
|
|||
conf['DEFAULT']['glance_api_version'] = '2'
|
||||
conf['DEFAULT']['volume_group'] = 'cinder-volumes'
|
||||
conf['DEFAULT']['state_path'] = '/var/lib/cinder'
|
||||
conf['keystone_authtoken']['auth_type'] = 'v3password'
|
||||
conf['keystone_authtoken']['auth_type'] = 'password'
|
||||
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
|
||||
conf['keystone_authtoken']['username'] = 'cinder'
|
||||
conf['keystone_authtoken']['auth_version'] = node['openstack']['identity']['auth']['version']
|
||||
conf['keystone_authtoken']['project_name'] = 'service'
|
||||
conf['keystone_authtoken']['user_domain_name'] = 'Default'
|
||||
conf['keystone_authtoken']['signing_dir'] = '/var/cache/cinder/api'
|
||||
conf['keystone_authtoken']['project_domain_name'] = 'Default'
|
||||
|
||||
conf['oslo_concurrency']['lock_path'] = '/var/lib/cinder/tmp'
|
||||
|
|
|
@ -43,22 +43,9 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg|
|
|||
end
|
||||
end
|
||||
|
||||
directory node['openstack']['block-storage']['conf']['keystone_authtoken']['signing_dir'] do
|
||||
owner node['openstack']['block-storage']['user']
|
||||
group node['openstack']['block-storage']['group']
|
||||
recursive true
|
||||
mode 00700
|
||||
end
|
||||
|
||||
service 'cinder-api' do
|
||||
service_name platform_options['cinder_api_service']
|
||||
supports status: true, restart: true
|
||||
action :enable
|
||||
subscribes :restart, [
|
||||
'template[/etc/cinder/cinder.conf]',
|
||||
'remote_file[/etc/cinder/policy.json]'
|
||||
]
|
||||
end
|
||||
# Todo(jr): Runs via wsgi in apache2 now, need to find a nice way to
|
||||
# trigger apache2 restart. Also disable the default installed wsgi
|
||||
# service and use our template based setup
|
||||
|
||||
execute 'cinder-manage db sync' do
|
||||
user node['openstack']['block-storage']['user']
|
||||
|
|
|
@ -48,11 +48,13 @@ end
|
|||
glance_api_endpoint = internal_endpoint 'image_api'
|
||||
cinder_api_bind = node['openstack']['bind_service']['all']['block-storage']
|
||||
cinder_api_bind_address = bind_address cinder_api_bind
|
||||
identity_endpoint = public_endpoint 'identity'
|
||||
identity_endpoint = internal_endpoint 'identity'
|
||||
identity_admin_endpoint = admin_endpoint 'identity'
|
||||
node.default['openstack']['block-storage']['conf_secrets']
|
||||
.[]('keystone_authtoken')['password'] =
|
||||
get_password 'service', 'openstack-block-storage'
|
||||
auth_url = auth_uri_transform(identity_endpoint.to_s, node['openstack']['api']['auth']['version'])
|
||||
auth_uri = identity_endpoint.to_s
|
||||
auth_url = identity_admin_endpoint.to_s
|
||||
|
||||
directory '/etc/cinder' do
|
||||
group node['openstack']['block-storage']['group']
|
||||
|
@ -62,18 +64,32 @@ directory '/etc/cinder' do
|
|||
end
|
||||
|
||||
node.default['openstack']['block-storage']['conf'].tap do |conf|
|
||||
conf['DEFAULT']['glance_host'] = glance_api_endpoint.host
|
||||
conf['DEFAULT']['glance_port'] = glance_api_endpoint.port
|
||||
conf['DEFAULT']['my_ip'] = cinder_api_bind_address
|
||||
conf['DEFAULT']['glance_api_servers'] = "#{glance_api_endpoint.scheme}://#{glance_api_endpoint.host}:#{glance_api_endpoint.port}"
|
||||
conf['DEFAULT']['glance_api_servers'] = glance_api_endpoint.to_s
|
||||
conf['DEFAULT']['osapi_volume_listen'] = cinder_api_bind_address
|
||||
conf['DEFAULT']['osapi_volume_listen_port'] = cinder_api_bind.port
|
||||
conf['keystone_authtoken']['auth_uri'] = auth_uri
|
||||
conf['keystone_authtoken']['auth_url'] = auth_url
|
||||
end
|
||||
|
||||
# merge all config options and secrets to be used in the nova.conf.erb
|
||||
# Todo(jr): Make this configurable depending on backend to be used
|
||||
# This needs to be explicitly configured since Ocata
|
||||
node.default['openstack']['block-storage']['conf'].tap do |conf|
|
||||
conf['DEFAULT']['enabled_backends'] = 'lvm'
|
||||
conf['lvm']['volume_driver'] = 'cinder.volume.drivers.lvm.LVMVolumeDriver'
|
||||
conf['lvm']['volume_group'] = 'cinder-volumes'
|
||||
conf['lvm']['iscsi_protocol'] = 'iscsi'
|
||||
conf['lvm']['iscsi_helper'] = 'tgtadm'
|
||||
end
|
||||
|
||||
# merge all config options and secrets to be used in the cinder.conf.erb
|
||||
cinder_conf_options = merge_config_options 'block-storage'
|
||||
|
||||
service 'cinder-apache2' do
|
||||
service_name 'apache2'
|
||||
action :nothing
|
||||
end
|
||||
|
||||
template '/etc/cinder/cinder.conf' do
|
||||
source 'openstack-service.conf.erb'
|
||||
cookbook 'openstack-common'
|
||||
|
@ -83,6 +99,7 @@ template '/etc/cinder/cinder.conf' do
|
|||
variables(
|
||||
service_config: cinder_conf_options
|
||||
)
|
||||
notifies :restart, 'service[cinder-apache2]'
|
||||
end
|
||||
|
||||
# delete all secrets saved in the attribute
|
||||
|
|
|
@ -99,40 +99,3 @@ openstack_user service_user do
|
|||
connection_params connection_params
|
||||
action :grant_domain
|
||||
end
|
||||
# --------------------- WORKAROUND --------------------------------------#
|
||||
# Currently this bug is still open
|
||||
# (https://bugs.launchpad.net/horizon/+bug/1415712) and we need to register and
|
||||
# enable the cinder v1 api to make it available via the dashboard. This should
|
||||
# be removed with the final mitaka release.
|
||||
|
||||
# openstack_identity_register 'Register Cinder V1 Volume Service' do
|
||||
# auth_uri auth_uri
|
||||
# bootstrap_token bootstrap_token
|
||||
# service_name ((service_name).gsub(/v2/, ''))
|
||||
# service_type ((service_type).gsub(/v2/, ''))
|
||||
# service_description 'Cinder Volume Service V1'
|
||||
# endpoint_region region
|
||||
# endpoint_adminurl ((::URI.decode admin_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
|
||||
# endpoint_internalurl ((::URI.decode internal_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
|
||||
# endpoint_publicurl ((::URI.decode public_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
|
||||
# action :create_service
|
||||
# end
|
||||
|
||||
# Register Volume Service
|
||||
openstack_service 'cinder' do
|
||||
type 'volume'
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
interfaces.each do |interface, res|
|
||||
# Register VolumeV1 Endpoints
|
||||
openstack_endpoint 'volume' do
|
||||
service_name 'cinder'
|
||||
interface interface.to_s
|
||||
url (::URI.decode res[:url].to_s).gsub(/v2/, 'v1')
|
||||
region region
|
||||
connection_params connection_params
|
||||
end
|
||||
end
|
||||
|
||||
# --------------------- WORKAROUND --------------------------------------#
|
||||
|
|
|
@ -26,9 +26,5 @@ describe 'openstack-block-storage::api' do
|
|||
expect(chef_run).to upgrade_package 'python-psycopg2'
|
||||
expect(chef_run).not_to upgrade_package 'MySQL-python'
|
||||
end
|
||||
|
||||
it 'starts cinder api on boot' do
|
||||
expect(chef_run).to enable_service 'openstack-cinder-api'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -12,16 +12,12 @@ describe 'openstack-block-storage::api' do
|
|||
|
||||
include_context 'block-storage-stubs'
|
||||
include_examples 'common-logging'
|
||||
include_examples 'creates_cinder_conf', 'service[cinder-api]', 'cinder', 'cinder'
|
||||
include_examples 'creates_cinder_conf', 'service[cinder-apache2]', 'cinder', 'cinder'
|
||||
|
||||
it 'upgrades cinder api packages' do
|
||||
expect(chef_run).to upgrade_package('cinder-api')
|
||||
end
|
||||
|
||||
it 'starts cinder api on boot' do
|
||||
expect(chef_run).to enable_service('cinder-api')
|
||||
end
|
||||
|
||||
it 'upgrades mysql python package' do
|
||||
expect(chef_run).to upgrade_package('python-mysqldb')
|
||||
end
|
||||
|
@ -33,18 +29,6 @@ describe 'openstack-block-storage::api' do
|
|||
expect(chef_run).not_to upgrade_package('python-mysqldb')
|
||||
end
|
||||
|
||||
describe '/var/cache/cinder/api' do
|
||||
let(:dir) { chef_run.directory('/var/cache/cinder/api') }
|
||||
|
||||
it 'should create the directory' do
|
||||
expect(chef_run).to create_directory(dir.name).with(
|
||||
owner: 'cinder',
|
||||
group: 'cinder',
|
||||
mode: 00700
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
it 'runs db migrations' do
|
||||
expect(chef_run).to run_execute('cinder-manage db sync').with(user: 'cinder', group: 'cinder')
|
||||
end
|
||||
|
|
|
@ -51,33 +51,30 @@ describe 'openstack-block-storage::cinder-common' do
|
|||
end
|
||||
|
||||
context 'keystone authtoken attributes with default values' do
|
||||
it 'sets memcached server(s)' do
|
||||
it 'does not set memcached server(s)' do
|
||||
expect(chef_run).not_to render_file(file.name).with_content(/^memcached_servers = $/)
|
||||
end
|
||||
|
||||
it 'sets memcache security strategy' do
|
||||
it 'does not set memcache security strategy' do
|
||||
expect(chef_run).not_to render_file(file.name).with_content(/^memcache_security_strategy = $/)
|
||||
end
|
||||
|
||||
it 'sets memcache secret key' do
|
||||
it 'does not set memcache secret key' do
|
||||
expect(chef_run).not_to render_file(file.name).with_content(/^memcache_secret_key = $/)
|
||||
end
|
||||
|
||||
it 'sets cafile' do
|
||||
it 'does not set cafile' do
|
||||
expect(chef_run).not_to render_file(file.name).with_content(/^cafile = $/)
|
||||
end
|
||||
end
|
||||
|
||||
context 'keystone authtoken attributes' do
|
||||
it 'has signing_dir' do
|
||||
node.set['openstack']['block-storage']['conf']['keystone_authtoken']['signing_dir'] = 'auth_cache_dir'
|
||||
|
||||
expect(chef_run).to render_file(file.name).with_content(/^signing_dir = auth_cache_dir$/)
|
||||
end
|
||||
|
||||
context 'endpoint related' do
|
||||
it 'has auth_uri' do
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^auth_url = http://127.0.0.1:5000/v3$})
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', %r{^auth_uri = http://127.0.0.1:5000/v3$})
|
||||
end
|
||||
it 'has auth_url' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', %r{^auth_url = http://127.0.0.1:35357/v3$})
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -85,43 +82,13 @@ describe 'openstack-block-storage::cinder-common' do
|
|||
expect(chef_run).not_to render_file(file.name).with_content(/^auth_version = v2.0$/)
|
||||
end
|
||||
|
||||
it 'has an admin tenant name' do
|
||||
node.set['openstack']['block-storage']['conf']['keystone_authtoken']['admin_tenant_name'] = 'tenant_name'
|
||||
|
||||
expect(chef_run).to render_file(file.name).with_content(/^admin_tenant_name = tenant_name$/)
|
||||
end
|
||||
|
||||
it 'has an admin user' do
|
||||
node.set['openstack']['block-storage']['conf']['keystone_authtoken']['admin_user'] = 'username'
|
||||
|
||||
expect(chef_run).to render_file(file.name).with_content(/^admin_user = username$/)
|
||||
end
|
||||
|
||||
it 'has an admin password' do
|
||||
# (fgimenez) the get_password mocking is set in spec/spec_helper.rb
|
||||
expect(chef_run).to render_file(file.name).with_content(/^password = cinder-pass$/)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', /^password = cinder-pass$/)
|
||||
end
|
||||
end
|
||||
|
||||
context 'template contents' do
|
||||
context 'commonly named attributes' do
|
||||
%w(debug verbose host notification_driver
|
||||
osapi_volume_worker control_exchange).each do |attr_key|
|
||||
it "has a #{attr_key} attribute" do
|
||||
node.set['openstack']['block-storage']['conf']['DEFAULT'][attr_key] = "#{attr_key}_value"
|
||||
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^#{attr_key} = #{attr_key}_value$/)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'backup swift backend contents' do
|
||||
before do
|
||||
node.set['openstack']['block-storage']['backup']['enabled'] = true
|
||||
node.set['openstack']['block-storage']['backup']['driver'] = 'cinder.backup.drivers.swift'
|
||||
end
|
||||
end
|
||||
|
||||
it 'has a lock_path attribute' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_concurrency', %r{^lock_path = /var/lib/cinder/tmp})
|
||||
end
|
||||
|
@ -151,50 +118,22 @@ describe 'openstack-block-storage::cinder-common' do
|
|||
.with_section_content('database', /^connection = sql_connection_value$/)
|
||||
end
|
||||
|
||||
it 'has a slave db connection attribute' do
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:db_uri)
|
||||
.and_return('sql_connection_value')
|
||||
|
||||
expect(chef_run).to render_config_file(file.name)
|
||||
.with_section_content('database', /^connection = sql_connection_value$/)
|
||||
end
|
||||
|
||||
it 'has a volume_driver attribute' do
|
||||
node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'volume_driver_value'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^volume_driver = volume_driver_value$/)
|
||||
end
|
||||
|
||||
it 'has a state_path attribute' do
|
||||
node.set['openstack']['block-storage']['conf']['DEFAULT']['state_path'] = 'state_path_value'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^state_path = state_path_value$/)
|
||||
end
|
||||
|
||||
context 'glance endpoint' do
|
||||
it 'has a glance_api_servers attribute' do
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^glance_api_servers = http://127.0.0.1:9292$})
|
||||
end
|
||||
|
||||
it 'has a glance host attribute' do
|
||||
expect(chef_run).to render_file(file.name).with_content(/^glance_host = 127.0.0.1$/)
|
||||
end
|
||||
|
||||
it 'has a glance port attribute' do
|
||||
expect(chef_run).to render_file(file.name).with_content(/^glance_port = 9292$/)
|
||||
end
|
||||
it 'has a glance_api_servers attribute' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', %r{^glance_api_servers = http://127.0.0.1:9292$})
|
||||
end
|
||||
|
||||
context 'cinder endpoint' do
|
||||
it 'has osapi_volume_listen set' do
|
||||
expect(chef_run).to render_file(file.name).with_content(/^osapi_volume_listen = 127.0.0.1$/)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^osapi_volume_listen = 127.0.0.1$/)
|
||||
end
|
||||
|
||||
it 'has osapi_volume_listen_port set' do
|
||||
expect(chef_run).to render_file(file.name).with_content(/^osapi_volume_listen_port = 8776$/)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^osapi_volume_listen_port = 8776$/)
|
||||
end
|
||||
end
|
||||
it 'has default transport_url/AMQP options set' do
|
||||
[%r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$}].each do |line|
|
||||
expect(chef_run).to render_file(file.name).with_content(line)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -204,22 +143,10 @@ describe 'openstack-block-storage::cinder-common' do
|
|||
node.set['openstack']['mq']['block-storage']['rabbit']['ha'] = false
|
||||
end
|
||||
|
||||
%w(host port).each do |attr|
|
||||
it "has rabbit_#{attr} attribute" do
|
||||
node.set['openstack']['block-storage']['conf']['oslo_messaging_rabbit']["rabbit_#{attr}"] = "rabbit_#{attr}_value"
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_#{attr} = rabbit_#{attr}_value$/)
|
||||
end
|
||||
end
|
||||
|
||||
it 'does not have a rabbit_hosts attribute' do
|
||||
expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_hosts = /)
|
||||
end
|
||||
end
|
||||
|
||||
it 'has rabbit_virtual_host' do
|
||||
node.set['openstack']['block-storage']['conf']['oslo_messaging_rabbit']['rabbit_virtual_host'] = 'vhost_value'
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_virtual_host = vhost_value$/)
|
||||
end
|
||||
end
|
||||
|
||||
context 'lvm settings' do
|
||||
|
@ -243,11 +170,6 @@ describe 'openstack-block-storage::cinder-common' do
|
|||
end
|
||||
end
|
||||
|
||||
it 'has volume_driver attribute' do
|
||||
node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'volume_driver_value'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^volume_driver = volume_driver_value$/)
|
||||
end
|
||||
|
||||
context 'netapp ISCSI settings' do
|
||||
before do
|
||||
node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'cinder.volume.drivers.netapp.NetAppISCSIDriver'
|
||||
|
@ -293,6 +215,7 @@ describe 'openstack-block-storage::cinder-common' do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to run_ruby_block("delete all attributes in node['openstack']['block-storage']['conf_secrets']")
|
||||
end
|
||||
|
|
|
@ -60,22 +60,6 @@ describe 'openstack-block-storage::identity_registration' do
|
|||
)
|
||||
end
|
||||
end
|
||||
%w(admin internal public).each do |interface|
|
||||
it "#{interface} with different service type/name and registers v1 endpoint" do
|
||||
node.set['openstack']['block-storage']['service_name'] = 'cinder'
|
||||
node.set['openstack']['block-storage']['service_type'] = 'volume'
|
||||
|
||||
expect(chef_run).to create_openstack_endpoint(
|
||||
'volume'
|
||||
).with(
|
||||
service_name: 'cinder',
|
||||
# interface: interface,
|
||||
url: 'http://127.0.0.1:8776/v1/%(tenant_id)s',
|
||||
region: 'RegionOne',
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
it 'with custom region override' do
|
||||
node.set['openstack']['block-storage']['region'] = 'volumeRegion'
|
||||
|
@ -116,14 +100,5 @@ describe 'openstack-block-storage::identity_registration' do
|
|||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'registers cinder v1 volume service' do
|
||||
expect(chef_run).to create_openstack_service(
|
||||
'cinder'
|
||||
).with(
|
||||
connection_params: connection_params,
|
||||
type: 'volume'
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -31,9 +31,6 @@ shared_context 'block-storage-stubs' do
|
|||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('db', anything)
|
||||
.and_return('')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('token', 'openstack_identity_bootstrap_token')
|
||||
.and_return('bootstrap-token')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('token', 'rbd_secret_uuid')
|
||||
.and_return('b0ff3bba-e07b-49b1-beed-09a45552b1ad')
|
||||
|
@ -111,14 +108,14 @@ shared_examples 'creates_cinder_conf' do |service, user, group, action = :restar
|
|||
|
||||
it do
|
||||
[
|
||||
/^auth_type = v3password$/,
|
||||
/^auth_type = password$/,
|
||||
/^region_name = RegionOne$/,
|
||||
/^username = cinder/,
|
||||
/^project_name = service$/,
|
||||
/^user_domain_name = Default/,
|
||||
/^project_domain_name = Default/,
|
||||
%r{^signing_dir = /var/cache/cinder/api$},
|
||||
%r{^auth_url = http://127.0.0.1:5000/v3$},
|
||||
%r{^auth_uri = http://127.0.0.1:5000/v3$},
|
||||
%r{^auth_url = http://127.0.0.1:35357/v3$},
|
||||
/^password = cinder-pass$/
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name)
|
||||
|
|
Loading…
Reference in New Issue