diff --git a/attributes/cinder_conf.rb b/attributes/cinder_conf.rb index 22d7752..62beabf 100644 --- a/attributes/cinder_conf.rb +++ b/attributes/cinder_conf.rb @@ -9,13 +9,11 @@ default['openstack']['block-storage']['conf'].tap do |conf| conf['DEFAULT']['glance_api_version'] = '2' conf['DEFAULT']['volume_group'] = 'cinder-volumes' conf['DEFAULT']['state_path'] = '/var/lib/cinder' - conf['keystone_authtoken']['auth_type'] = 'v3password' + conf['keystone_authtoken']['auth_type'] = 'password' conf['keystone_authtoken']['region_name'] = node['openstack']['region'] conf['keystone_authtoken']['username'] = 'cinder' - conf['keystone_authtoken']['auth_version'] = node['openstack']['identity']['auth']['version'] conf['keystone_authtoken']['project_name'] = 'service' conf['keystone_authtoken']['user_domain_name'] = 'Default' - conf['keystone_authtoken']['signing_dir'] = '/var/cache/cinder/api' conf['keystone_authtoken']['project_domain_name'] = 'Default' conf['oslo_concurrency']['lock_path'] = '/var/lib/cinder/tmp' diff --git a/recipes/api.rb b/recipes/api.rb index 69d236d..a9a6a8f 100644 --- a/recipes/api.rb +++ b/recipes/api.rb @@ -43,22 +43,9 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg| end end -directory node['openstack']['block-storage']['conf']['keystone_authtoken']['signing_dir'] do - owner node['openstack']['block-storage']['user'] - group node['openstack']['block-storage']['group'] - recursive true - mode 00700 -end - -service 'cinder-api' do - service_name platform_options['cinder_api_service'] - supports status: true, restart: true - action :enable - subscribes :restart, [ - 'template[/etc/cinder/cinder.conf]', - 'remote_file[/etc/cinder/policy.json]' - ] -end +# Todo(jr): Runs via wsgi in apache2 now, need to find a nice way to +# trigger apache2 restart. Also disable the default installed wsgi +# service and use our template based setup execute 'cinder-manage db sync' do user node['openstack']['block-storage']['user'] diff --git a/recipes/cinder-common.rb b/recipes/cinder-common.rb index 7ac90b3..8da3afd 100644 --- a/recipes/cinder-common.rb +++ b/recipes/cinder-common.rb @@ -48,11 +48,13 @@ end glance_api_endpoint = internal_endpoint 'image_api' cinder_api_bind = node['openstack']['bind_service']['all']['block-storage'] cinder_api_bind_address = bind_address cinder_api_bind -identity_endpoint = public_endpoint 'identity' +identity_endpoint = internal_endpoint 'identity' +identity_admin_endpoint = admin_endpoint 'identity' node.default['openstack']['block-storage']['conf_secrets'] .[]('keystone_authtoken')['password'] = get_password 'service', 'openstack-block-storage' -auth_url = auth_uri_transform(identity_endpoint.to_s, node['openstack']['api']['auth']['version']) +auth_uri = identity_endpoint.to_s +auth_url = identity_admin_endpoint.to_s directory '/etc/cinder' do group node['openstack']['block-storage']['group'] @@ -62,18 +64,32 @@ directory '/etc/cinder' do end node.default['openstack']['block-storage']['conf'].tap do |conf| - conf['DEFAULT']['glance_host'] = glance_api_endpoint.host - conf['DEFAULT']['glance_port'] = glance_api_endpoint.port conf['DEFAULT']['my_ip'] = cinder_api_bind_address - conf['DEFAULT']['glance_api_servers'] = "#{glance_api_endpoint.scheme}://#{glance_api_endpoint.host}:#{glance_api_endpoint.port}" + conf['DEFAULT']['glance_api_servers'] = glance_api_endpoint.to_s conf['DEFAULT']['osapi_volume_listen'] = cinder_api_bind_address conf['DEFAULT']['osapi_volume_listen_port'] = cinder_api_bind.port + conf['keystone_authtoken']['auth_uri'] = auth_uri conf['keystone_authtoken']['auth_url'] = auth_url end -# merge all config options and secrets to be used in the nova.conf.erb +# Todo(jr): Make this configurable depending on backend to be used +# This needs to be explicitly configured since Ocata +node.default['openstack']['block-storage']['conf'].tap do |conf| + conf['DEFAULT']['enabled_backends'] = 'lvm' + conf['lvm']['volume_driver'] = 'cinder.volume.drivers.lvm.LVMVolumeDriver' + conf['lvm']['volume_group'] = 'cinder-volumes' + conf['lvm']['iscsi_protocol'] = 'iscsi' + conf['lvm']['iscsi_helper'] = 'tgtadm' +end + +# merge all config options and secrets to be used in the cinder.conf.erb cinder_conf_options = merge_config_options 'block-storage' +service 'cinder-apache2' do + service_name 'apache2' + action :nothing +end + template '/etc/cinder/cinder.conf' do source 'openstack-service.conf.erb' cookbook 'openstack-common' @@ -83,6 +99,7 @@ template '/etc/cinder/cinder.conf' do variables( service_config: cinder_conf_options ) + notifies :restart, 'service[cinder-apache2]' end # delete all secrets saved in the attribute diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb index 08897cf..5eb015d 100644 --- a/recipes/identity_registration.rb +++ b/recipes/identity_registration.rb @@ -99,40 +99,3 @@ openstack_user service_user do connection_params connection_params action :grant_domain end -# --------------------- WORKAROUND --------------------------------------# -# Currently this bug is still open -# (https://bugs.launchpad.net/horizon/+bug/1415712) and we need to register and -# enable the cinder v1 api to make it available via the dashboard. This should -# be removed with the final mitaka release. - -# openstack_identity_register 'Register Cinder V1 Volume Service' do -# auth_uri auth_uri -# bootstrap_token bootstrap_token -# service_name ((service_name).gsub(/v2/, '')) -# service_type ((service_type).gsub(/v2/, '')) -# service_description 'Cinder Volume Service V1' -# endpoint_region region -# endpoint_adminurl ((::URI.decode admin_cinder_api_endpoint.to_s).gsub(/v2/, 'v1')) -# endpoint_internalurl ((::URI.decode internal_cinder_api_endpoint.to_s).gsub(/v2/, 'v1')) -# endpoint_publicurl ((::URI.decode public_cinder_api_endpoint.to_s).gsub(/v2/, 'v1')) -# action :create_service -# end - -# Register Volume Service -openstack_service 'cinder' do - type 'volume' - connection_params connection_params -end - -interfaces.each do |interface, res| - # Register VolumeV1 Endpoints - openstack_endpoint 'volume' do - service_name 'cinder' - interface interface.to_s - url (::URI.decode res[:url].to_s).gsub(/v2/, 'v1') - region region - connection_params connection_params - end -end - -# --------------------- WORKAROUND --------------------------------------# diff --git a/spec/api-redhat_spec.rb b/spec/api-redhat_spec.rb index 290f03b..d0ef802 100644 --- a/spec/api-redhat_spec.rb +++ b/spec/api-redhat_spec.rb @@ -26,9 +26,5 @@ describe 'openstack-block-storage::api' do expect(chef_run).to upgrade_package 'python-psycopg2' expect(chef_run).not_to upgrade_package 'MySQL-python' end - - it 'starts cinder api on boot' do - expect(chef_run).to enable_service 'openstack-cinder-api' - end end end diff --git a/spec/api_spec.rb b/spec/api_spec.rb index 19471b4..0233a84 100644 --- a/spec/api_spec.rb +++ b/spec/api_spec.rb @@ -12,16 +12,12 @@ describe 'openstack-block-storage::api' do include_context 'block-storage-stubs' include_examples 'common-logging' - include_examples 'creates_cinder_conf', 'service[cinder-api]', 'cinder', 'cinder' + include_examples 'creates_cinder_conf', 'service[cinder-apache2]', 'cinder', 'cinder' it 'upgrades cinder api packages' do expect(chef_run).to upgrade_package('cinder-api') end - it 'starts cinder api on boot' do - expect(chef_run).to enable_service('cinder-api') - end - it 'upgrades mysql python package' do expect(chef_run).to upgrade_package('python-mysqldb') end @@ -33,18 +29,6 @@ describe 'openstack-block-storage::api' do expect(chef_run).not_to upgrade_package('python-mysqldb') end - describe '/var/cache/cinder/api' do - let(:dir) { chef_run.directory('/var/cache/cinder/api') } - - it 'should create the directory' do - expect(chef_run).to create_directory(dir.name).with( - owner: 'cinder', - group: 'cinder', - mode: 00700 - ) - end - end - it 'runs db migrations' do expect(chef_run).to run_execute('cinder-manage db sync').with(user: 'cinder', group: 'cinder') end diff --git a/spec/cinder_common_spec.rb b/spec/cinder_common_spec.rb index 59a0843..d912040 100644 --- a/spec/cinder_common_spec.rb +++ b/spec/cinder_common_spec.rb @@ -51,33 +51,30 @@ describe 'openstack-block-storage::cinder-common' do end context 'keystone authtoken attributes with default values' do - it 'sets memcached server(s)' do + it 'does not set memcached server(s)' do expect(chef_run).not_to render_file(file.name).with_content(/^memcached_servers = $/) end - it 'sets memcache security strategy' do + it 'does not set memcache security strategy' do expect(chef_run).not_to render_file(file.name).with_content(/^memcache_security_strategy = $/) end - it 'sets memcache secret key' do + it 'does not set memcache secret key' do expect(chef_run).not_to render_file(file.name).with_content(/^memcache_secret_key = $/) end - it 'sets cafile' do + it 'does not set cafile' do expect(chef_run).not_to render_file(file.name).with_content(/^cafile = $/) end end context 'keystone authtoken attributes' do - it 'has signing_dir' do - node.set['openstack']['block-storage']['conf']['keystone_authtoken']['signing_dir'] = 'auth_cache_dir' - - expect(chef_run).to render_file(file.name).with_content(/^signing_dir = auth_cache_dir$/) - end - context 'endpoint related' do it 'has auth_uri' do - expect(chef_run).to render_file(file.name).with_content(%r{^auth_url = http://127.0.0.1:5000/v3$}) + expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', %r{^auth_uri = http://127.0.0.1:5000/v3$}) + end + it 'has auth_url' do + expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', %r{^auth_url = http://127.0.0.1:35357/v3$}) end end @@ -85,43 +82,13 @@ describe 'openstack-block-storage::cinder-common' do expect(chef_run).not_to render_file(file.name).with_content(/^auth_version = v2.0$/) end - it 'has an admin tenant name' do - node.set['openstack']['block-storage']['conf']['keystone_authtoken']['admin_tenant_name'] = 'tenant_name' - - expect(chef_run).to render_file(file.name).with_content(/^admin_tenant_name = tenant_name$/) - end - - it 'has an admin user' do - node.set['openstack']['block-storage']['conf']['keystone_authtoken']['admin_user'] = 'username' - - expect(chef_run).to render_file(file.name).with_content(/^admin_user = username$/) - end - it 'has an admin password' do # (fgimenez) the get_password mocking is set in spec/spec_helper.rb - expect(chef_run).to render_file(file.name).with_content(/^password = cinder-pass$/) + expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', /^password = cinder-pass$/) end end context 'template contents' do - context 'commonly named attributes' do - %w(debug verbose host notification_driver - osapi_volume_worker control_exchange).each do |attr_key| - it "has a #{attr_key} attribute" do - node.set['openstack']['block-storage']['conf']['DEFAULT'][attr_key] = "#{attr_key}_value" - - expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^#{attr_key} = #{attr_key}_value$/) - end - end - end - - context 'backup swift backend contents' do - before do - node.set['openstack']['block-storage']['backup']['enabled'] = true - node.set['openstack']['block-storage']['backup']['driver'] = 'cinder.backup.drivers.swift' - end - end - it 'has a lock_path attribute' do expect(chef_run).to render_config_file(file.name).with_section_content('oslo_concurrency', %r{^lock_path = /var/lib/cinder/tmp}) end @@ -151,50 +118,22 @@ describe 'openstack-block-storage::cinder-common' do .with_section_content('database', /^connection = sql_connection_value$/) end - it 'has a slave db connection attribute' do - allow_any_instance_of(Chef::Recipe).to receive(:db_uri) - .and_return('sql_connection_value') - - expect(chef_run).to render_config_file(file.name) - .with_section_content('database', /^connection = sql_connection_value$/) - end - - it 'has a volume_driver attribute' do - node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'volume_driver_value' - expect(chef_run).to render_file(file.name).with_content(/^volume_driver = volume_driver_value$/) - end - - it 'has a state_path attribute' do - node.set['openstack']['block-storage']['conf']['DEFAULT']['state_path'] = 'state_path_value' - expect(chef_run).to render_file(file.name).with_content(/^state_path = state_path_value$/) - end - - context 'glance endpoint' do - it 'has a glance_api_servers attribute' do - expect(chef_run).to render_file(file.name).with_content(%r{^glance_api_servers = http://127.0.0.1:9292$}) - end - - it 'has a glance host attribute' do - expect(chef_run).to render_file(file.name).with_content(/^glance_host = 127.0.0.1$/) - end - - it 'has a glance port attribute' do - expect(chef_run).to render_file(file.name).with_content(/^glance_port = 9292$/) - end + it 'has a glance_api_servers attribute' do + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', %r{^glance_api_servers = http://127.0.0.1:9292$}) end context 'cinder endpoint' do it 'has osapi_volume_listen set' do - expect(chef_run).to render_file(file.name).with_content(/^osapi_volume_listen = 127.0.0.1$/) + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^osapi_volume_listen = 127.0.0.1$/) end it 'has osapi_volume_listen_port set' do - expect(chef_run).to render_file(file.name).with_content(/^osapi_volume_listen_port = 8776$/) + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^osapi_volume_listen_port = 8776$/) end end it 'has default transport_url/AMQP options set' do [%r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$}].each do |line| - expect(chef_run).to render_file(file.name).with_content(line) + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) end end @@ -204,22 +143,10 @@ describe 'openstack-block-storage::cinder-common' do node.set['openstack']['mq']['block-storage']['rabbit']['ha'] = false end - %w(host port).each do |attr| - it "has rabbit_#{attr} attribute" do - node.set['openstack']['block-storage']['conf']['oslo_messaging_rabbit']["rabbit_#{attr}"] = "rabbit_#{attr}_value" - expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_#{attr} = rabbit_#{attr}_value$/) - end - end - it 'does not have a rabbit_hosts attribute' do expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_hosts = /) end end - - it 'has rabbit_virtual_host' do - node.set['openstack']['block-storage']['conf']['oslo_messaging_rabbit']['rabbit_virtual_host'] = 'vhost_value' - expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_virtual_host = vhost_value$/) - end end context 'lvm settings' do @@ -243,11 +170,6 @@ describe 'openstack-block-storage::cinder-common' do end end - it 'has volume_driver attribute' do - node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'volume_driver_value' - expect(chef_run).to render_file(file.name).with_content(/^volume_driver = volume_driver_value$/) - end - context 'netapp ISCSI settings' do before do node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'cinder.volume.drivers.netapp.NetAppISCSIDriver' @@ -293,6 +215,7 @@ describe 'openstack-block-storage::cinder-common' do end end end + it do expect(chef_run).to run_ruby_block("delete all attributes in node['openstack']['block-storage']['conf_secrets']") end diff --git a/spec/identity_registration_spec.rb b/spec/identity_registration_spec.rb index 6a8def2..162f994 100644 --- a/spec/identity_registration_spec.rb +++ b/spec/identity_registration_spec.rb @@ -60,22 +60,6 @@ describe 'openstack-block-storage::identity_registration' do ) end end - %w(admin internal public).each do |interface| - it "#{interface} with different service type/name and registers v1 endpoint" do - node.set['openstack']['block-storage']['service_name'] = 'cinder' - node.set['openstack']['block-storage']['service_type'] = 'volume' - - expect(chef_run).to create_openstack_endpoint( - 'volume' - ).with( - service_name: 'cinder', - # interface: interface, - url: 'http://127.0.0.1:8776/v1/%(tenant_id)s', - region: 'RegionOne', - connection_params: connection_params - ) - end - end it 'with custom region override' do node.set['openstack']['block-storage']['region'] = 'volumeRegion' @@ -116,14 +100,5 @@ describe 'openstack-block-storage::identity_registration' do connection_params: connection_params ) end - - it 'registers cinder v1 volume service' do - expect(chef_run).to create_openstack_service( - 'cinder' - ).with( - connection_params: connection_params, - type: 'volume' - ) - end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 1242590..029cfa8 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -31,9 +31,6 @@ shared_context 'block-storage-stubs' do allow_any_instance_of(Chef::Recipe).to receive(:get_password) .with('db', anything) .and_return('') - allow_any_instance_of(Chef::Recipe).to receive(:get_password) - .with('token', 'openstack_identity_bootstrap_token') - .and_return('bootstrap-token') allow_any_instance_of(Chef::Recipe).to receive(:get_password) .with('token', 'rbd_secret_uuid') .and_return('b0ff3bba-e07b-49b1-beed-09a45552b1ad') @@ -111,14 +108,14 @@ shared_examples 'creates_cinder_conf' do |service, user, group, action = :restar it do [ - /^auth_type = v3password$/, + /^auth_type = password$/, /^region_name = RegionOne$/, /^username = cinder/, /^project_name = service$/, /^user_domain_name = Default/, /^project_domain_name = Default/, - %r{^signing_dir = /var/cache/cinder/api$}, - %r{^auth_url = http://127.0.0.1:5000/v3$}, + %r{^auth_uri = http://127.0.0.1:5000/v3$}, + %r{^auth_url = http://127.0.0.1:35357/v3$}, /^password = cinder-pass$/ ].each do |line| expect(chef_run).to render_config_file(file.name)