Make cinder work for Ocata

- cinder-api now runs under apache2 and no longer as systemd service - cinder-volume needs explicit backend configuration - don't install deprecated cinder v1 API endpoints - clean up some config options To be added in a follow-up: - Make backend configuration more flexible - Replace distro provided wsgi setup with our custom one Change-Id: I77ac294fd8e1cd4e6bc39667ddfdea21c4daed8a
2017-03-29 08:18:27 +00:00
parent 8421080468
commit a3ba8685a7
9 changed files with 46 additions and 206 deletions
--- a/attributes/cinder_conf.rb
+++ b/attributes/cinder_conf.rb
@@ -9,13 +9,11 @@ default['openstack']['block-storage']['conf'].tap do |conf|
  conf['DEFAULT']['glance_api_version'] = '2'
  conf['DEFAULT']['volume_group'] = 'cinder-volumes'
  conf['DEFAULT']['state_path'] = '/var/lib/cinder'
-  conf['keystone_authtoken']['auth_type'] = 'v3password'
+  conf['keystone_authtoken']['auth_type'] = 'password'
  conf['keystone_authtoken']['region_name'] = node['openstack']['region']
  conf['keystone_authtoken']['username'] = 'cinder'
  conf['keystone_authtoken']['auth_version'] = node['openstack']['identity']['auth']['version']
  conf['keystone_authtoken']['project_name'] = 'service'
  conf['keystone_authtoken']['user_domain_name'] = 'Default'
  conf['keystone_authtoken']['signing_dir'] = '/var/cache/cinder/api'
  conf['keystone_authtoken']['project_domain_name'] = 'Default'
  conf['oslo_concurrency']['lock_path'] = '/var/lib/cinder/tmp'
--- a/recipes/api.rb
+++ b/recipes/api.rb
@@ -43,22 +43,9 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg|
  end
 end
-directory node['openstack']['block-storage']['conf']['keystone_authtoken']['signing_dir'] do
+# Todo(jr): Runs via wsgi in apache2 now, need to find a nice way to
-  owner node['openstack']['block-storage']['user']
+# trigger apache2 restart. Also disable the default installed wsgi
-  group node['openstack']['block-storage']['group']
+# service and use our template based setup
  recursive true
  mode 00700
 end
 service 'cinder-api' do
  service_name platform_options['cinder_api_service']
  supports status: true, restart: true
  action :enable
  subscribes :restart, [
    'template[/etc/cinder/cinder.conf]',
    'remote_file[/etc/cinder/policy.json]'
  ]
 end
 execute 'cinder-manage db sync' do
  user node['openstack']['block-storage']['user']
--- a/recipes/cinder-common.rb
+++ b/recipes/cinder-common.rb
@@ -48,11 +48,13 @@ end
 glance_api_endpoint = internal_endpoint 'image_api'
 cinder_api_bind = node['openstack']['bind_service']['all']['block-storage']
 cinder_api_bind_address = bind_address cinder_api_bind
-identity_endpoint = public_endpoint 'identity'
+identity_endpoint = internal_endpoint 'identity'
 identity_admin_endpoint = admin_endpoint 'identity'
 node.default['openstack']['block-storage']['conf_secrets']
  .[]('keystone_authtoken')['password'] =
  get_password 'service', 'openstack-block-storage'
-auth_url = auth_uri_transform(identity_endpoint.to_s, node['openstack']['api']['auth']['version'])
+auth_uri = identity_endpoint.to_s
 auth_url = identity_admin_endpoint.to_s
 directory '/etc/cinder' do
  group node['openstack']['block-storage']['group']
@@ -62,18 +64,32 @@ directory '/etc/cinder' do
 end
 node.default['openstack']['block-storage']['conf'].tap do |conf|
  conf['DEFAULT']['glance_host'] = glance_api_endpoint.host
  conf['DEFAULT']['glance_port'] = glance_api_endpoint.port
  conf['DEFAULT']['my_ip'] = cinder_api_bind_address
-  conf['DEFAULT']['glance_api_servers'] = "#{glance_api_endpoint.scheme}://#{glance_api_endpoint.host}:#{glance_api_endpoint.port}"
+  conf['DEFAULT']['glance_api_servers'] = glance_api_endpoint.to_s
  conf['DEFAULT']['osapi_volume_listen'] = cinder_api_bind_address
  conf['DEFAULT']['osapi_volume_listen_port'] = cinder_api_bind.port
  conf['keystone_authtoken']['auth_uri'] = auth_uri
  conf['keystone_authtoken']['auth_url'] = auth_url
 end
-# merge all config options and secrets to be used in the nova.conf.erb
+# Todo(jr): Make this configurable depending on backend to be used
 # This needs to be explicitly configured since Ocata
 node.default['openstack']['block-storage']['conf'].tap do |conf|
  conf['DEFAULT']['enabled_backends'] = 'lvm'
  conf['lvm']['volume_driver'] = 'cinder.volume.drivers.lvm.LVMVolumeDriver'
  conf['lvm']['volume_group'] = 'cinder-volumes'
  conf['lvm']['iscsi_protocol'] = 'iscsi'
  conf['lvm']['iscsi_helper'] = 'tgtadm'
 end
 # merge all config options and secrets to be used in the cinder.conf.erb
 cinder_conf_options = merge_config_options 'block-storage'
 service 'cinder-apache2' do
  service_name 'apache2'
  action :nothing
 end
 template '/etc/cinder/cinder.conf' do
  source 'openstack-service.conf.erb'
  cookbook 'openstack-common'
@@ -83,6 +99,7 @@ template '/etc/cinder/cinder.conf' do
  variables(
    service_config: cinder_conf_options
  )
  notifies :restart, 'service[cinder-apache2]'
 end
 # delete all secrets saved in the attribute
--- a/recipes/identity_registration.rb
+++ b/recipes/identity_registration.rb
@@ -99,40 +99,3 @@ openstack_user service_user do
  connection_params connection_params
  action :grant_domain
 end
 # --------------------- WORKAROUND --------------------------------------#
 # Currently this bug is still open
 # (https://bugs.launchpad.net/horizon/+bug/1415712) and we need to register and
 # enable the cinder v1 api to make it available via the dashboard. This should
 # be removed with the final mitaka release.
 # openstack_identity_register 'Register Cinder V1 Volume Service' do
 #   auth_uri auth_uri
 #   bootstrap_token bootstrap_token
 #   service_name ((service_name).gsub(/v2/, ''))
 #   service_type ((service_type).gsub(/v2/, ''))
 #   service_description 'Cinder Volume Service V1'
 #   endpoint_region region
 #   endpoint_adminurl ((::URI.decode admin_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
 #   endpoint_internalurl ((::URI.decode internal_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
 #   endpoint_publicurl ((::URI.decode public_cinder_api_endpoint.to_s).gsub(/v2/, 'v1'))
 #   action :create_service
 # end
 # Register Volume Service
 openstack_service 'cinder' do
  type 'volume'
  connection_params connection_params
 end
 interfaces.each do |interface, res|
  # Register VolumeV1 Endpoints
  openstack_endpoint 'volume' do
    service_name 'cinder'
    interface interface.to_s
    url (::URI.decode res[:url].to_s).gsub(/v2/, 'v1')
    region region
    connection_params connection_params
  end
 end
 # --------------------- WORKAROUND --------------------------------------#
--- a/spec/api-redhat_spec.rb
+++ b/spec/api-redhat_spec.rb
@@ -26,9 +26,5 @@ describe 'openstack-block-storage::api' do
      expect(chef_run).to upgrade_package 'python-psycopg2'
      expect(chef_run).not_to upgrade_package 'MySQL-python'
    end
    it 'starts cinder api on boot' do
      expect(chef_run).to enable_service 'openstack-cinder-api'
    end
  end
 end
--- a/spec/api_spec.rb
+++ b/spec/api_spec.rb
@@ -12,16 +12,12 @@ describe 'openstack-block-storage::api' do
    include_context 'block-storage-stubs'
    include_examples 'common-logging'
-    include_examples 'creates_cinder_conf', 'service[cinder-api]', 'cinder', 'cinder'
+    include_examples 'creates_cinder_conf', 'service[cinder-apache2]', 'cinder', 'cinder'
    it 'upgrades cinder api packages' do
      expect(chef_run).to upgrade_package('cinder-api')
    end
    it 'starts cinder api on boot' do
      expect(chef_run).to enable_service('cinder-api')
    end
    it 'upgrades mysql python package' do
      expect(chef_run).to upgrade_package('python-mysqldb')
    end
@@ -33,18 +29,6 @@ describe 'openstack-block-storage::api' do
      expect(chef_run).not_to upgrade_package('python-mysqldb')
    end
    describe '/var/cache/cinder/api' do
      let(:dir) { chef_run.directory('/var/cache/cinder/api') }
      it 'should create the directory' do
        expect(chef_run).to create_directory(dir.name).with(
          owner: 'cinder',
          group: 'cinder',
          mode: 00700
        )
      end
    end
    it 'runs db migrations' do
      expect(chef_run).to run_execute('cinder-manage db sync').with(user: 'cinder', group: 'cinder')
    end
--- a/spec/cinder_common_spec.rb
+++ b/spec/cinder_common_spec.rb
@@ -51,33 +51,30 @@ describe 'openstack-block-storage::cinder-common' do
      end
      context 'keystone authtoken attributes with default values' do
-        it 'sets memcached server(s)' do
+        it 'does not set memcached server(s)' do
          expect(chef_run).not_to render_file(file.name).with_content(/^memcached_servers = $/)
        end
-        it 'sets memcache security strategy' do
+        it 'does not set memcache security strategy' do
          expect(chef_run).not_to render_file(file.name).with_content(/^memcache_security_strategy = $/)
        end
-        it 'sets memcache secret key' do
+        it 'does not set memcache secret key' do
          expect(chef_run).not_to render_file(file.name).with_content(/^memcache_secret_key = $/)
        end
-        it 'sets cafile' do
+        it 'does not set cafile' do
          expect(chef_run).not_to render_file(file.name).with_content(/^cafile = $/)
        end
      end
      context 'keystone authtoken attributes' do
        it 'has signing_dir' do
          node.set['openstack']['block-storage']['conf']['keystone_authtoken']['signing_dir'] = 'auth_cache_dir'
          expect(chef_run).to render_file(file.name).with_content(/^signing_dir = auth_cache_dir$/)
        end
        context 'endpoint related' do
          it 'has auth_uri' do
-            expect(chef_run).to render_file(file.name).with_content(%r{^auth_url = http://127.0.0.1:5000/v3$})
+            expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', %r{^auth_uri = http://127.0.0.1:5000/v3$})
          end
          it 'has auth_url' do
            expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', %r{^auth_url = http://127.0.0.1:35357/v3$})
          end
        end
@@ -85,43 +82,13 @@ describe 'openstack-block-storage::cinder-common' do
          expect(chef_run).not_to render_file(file.name).with_content(/^auth_version = v2.0$/)
        end
        it 'has an admin tenant name' do
          node.set['openstack']['block-storage']['conf']['keystone_authtoken']['admin_tenant_name'] = 'tenant_name'
          expect(chef_run).to render_file(file.name).with_content(/^admin_tenant_name = tenant_name$/)
        end
        it 'has an admin user' do
          node.set['openstack']['block-storage']['conf']['keystone_authtoken']['admin_user'] = 'username'
          expect(chef_run).to render_file(file.name).with_content(/^admin_user = username$/)
        end
        it 'has an admin password' do
          # (fgimenez) the get_password mocking is set in spec/spec_helper.rb
-          expect(chef_run).to render_file(file.name).with_content(/^password = cinder-pass$/)
+          expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', /^password = cinder-pass$/)
        end
      end
      context 'template contents' do
        context 'commonly named attributes' do
          %w(debug verbose host notification_driver
             osapi_volume_worker control_exchange).each do |attr_key|
            it "has a #{attr_key} attribute" do
              node.set['openstack']['block-storage']['conf']['DEFAULT'][attr_key] = "#{attr_key}_value"
              expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^#{attr_key} = #{attr_key}_value$/)
            end
          end
        end
        context 'backup swift backend contents' do
          before do
            node.set['openstack']['block-storage']['backup']['enabled'] = true
            node.set['openstack']['block-storage']['backup']['driver'] = 'cinder.backup.drivers.swift'
          end
        end
        it 'has a lock_path attribute' do
          expect(chef_run).to render_config_file(file.name).with_section_content('oslo_concurrency', %r{^lock_path = /var/lib/cinder/tmp})
        end
@@ -151,50 +118,22 @@ describe 'openstack-block-storage::cinder-common' do
            .with_section_content('database', /^connection = sql_connection_value$/)
        end
-        it 'has a slave db connection attribute' do
+        it 'has a glance_api_servers attribute' do
-          allow_any_instance_of(Chef::Recipe).to receive(:db_uri)
+          expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', %r{^glance_api_servers = http://127.0.0.1:9292$})
            .and_return('sql_connection_value')
          expect(chef_run).to render_config_file(file.name)
            .with_section_content('database', /^connection = sql_connection_value$/)
        end
        it 'has a volume_driver attribute' do
          node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'volume_driver_value'
          expect(chef_run).to render_file(file.name).with_content(/^volume_driver = volume_driver_value$/)
        end
        it 'has a state_path attribute' do
          node.set['openstack']['block-storage']['conf']['DEFAULT']['state_path'] = 'state_path_value'
          expect(chef_run).to render_file(file.name).with_content(/^state_path = state_path_value$/)
        end
        context 'glance endpoint' do
          it 'has a glance_api_servers attribute' do
            expect(chef_run).to render_file(file.name).with_content(%r{^glance_api_servers = http://127.0.0.1:9292$})
          end
          it 'has a glance host attribute' do
            expect(chef_run).to render_file(file.name).with_content(/^glance_host = 127.0.0.1$/)
          end
          it 'has a glance port attribute' do
            expect(chef_run).to render_file(file.name).with_content(/^glance_port = 9292$/)
          end
        end
        context 'cinder endpoint' do
          it 'has osapi_volume_listen set' do
-            expect(chef_run).to render_file(file.name).with_content(/^osapi_volume_listen = 127.0.0.1$/)
+            expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^osapi_volume_listen = 127.0.0.1$/)
          end
          it 'has osapi_volume_listen_port set' do
-            expect(chef_run).to render_file(file.name).with_content(/^osapi_volume_listen_port = 8776$/)
+            expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^osapi_volume_listen_port = 8776$/)
          end
        end
        it 'has default transport_url/AMQP options set' do
          [%r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$}].each do |line|
-            expect(chef_run).to render_file(file.name).with_content(line)
+            expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
          end
        end
@@ -204,22 +143,10 @@ describe 'openstack-block-storage::cinder-common' do
              node.set['openstack']['mq']['block-storage']['rabbit']['ha'] = false
            end
            %w(host port).each do |attr|
              it "has rabbit_#{attr} attribute" do
                node.set['openstack']['block-storage']['conf']['oslo_messaging_rabbit']["rabbit_#{attr}"] = "rabbit_#{attr}_value"
                expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_#{attr} = rabbit_#{attr}_value$/)
              end
            end
            it 'does not have a rabbit_hosts attribute' do
              expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_hosts = /)
            end
          end
          it 'has rabbit_virtual_host' do
            node.set['openstack']['block-storage']['conf']['oslo_messaging_rabbit']['rabbit_virtual_host'] = 'vhost_value'
            expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_virtual_host = vhost_value$/)
          end
        end
        context 'lvm settings' do
@@ -243,11 +170,6 @@ describe 'openstack-block-storage::cinder-common' do
          end
        end
        it 'has volume_driver attribute' do
          node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'volume_driver_value'
          expect(chef_run).to render_file(file.name).with_content(/^volume_driver = volume_driver_value$/)
        end
        context 'netapp ISCSI settings' do
          before do
            node.set['openstack']['block-storage']['conf']['DEFAULT']['volume_driver'] = 'cinder.volume.drivers.netapp.NetAppISCSIDriver'
@@ -293,6 +215,7 @@ describe 'openstack-block-storage::cinder-common' do
        end
      end
    end
    it do
      expect(chef_run).to run_ruby_block("delete all attributes in node['openstack']['block-storage']['conf_secrets']")
    end
--- a/spec/identity_registration_spec.rb
+++ b/spec/identity_registration_spec.rb
@@ -60,22 +60,6 @@ describe 'openstack-block-storage::identity_registration' do
          )
        end
      end
      %w(admin internal public).each do |interface|
        it "#{interface} with different service type/name and registers v1 endpoint" do
          node.set['openstack']['block-storage']['service_name'] = 'cinder'
          node.set['openstack']['block-storage']['service_type'] = 'volume'
          expect(chef_run).to create_openstack_endpoint(
            'volume'
          ).with(
            service_name: 'cinder',
            # interface: interface,
            url: 'http://127.0.0.1:8776/v1/%(tenant_id)s',
            region: 'RegionOne',
            connection_params: connection_params
          )
        end
      end
      it 'with custom region override' do
        node.set['openstack']['block-storage']['region'] = 'volumeRegion'
@@ -116,14 +100,5 @@ describe 'openstack-block-storage::identity_registration' do
        connection_params: connection_params
      )
    end
    it 'registers cinder v1 volume service' do
      expect(chef_run).to create_openstack_service(
        'cinder'
      ).with(
        connection_params: connection_params,
        type: 'volume'
      )
    end
  end
 end
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -31,9 +31,6 @@ shared_context 'block-storage-stubs' do
    allow_any_instance_of(Chef::Recipe).to receive(:get_password)
      .with('db', anything)
      .and_return('')
    allow_any_instance_of(Chef::Recipe).to receive(:get_password)
      .with('token', 'openstack_identity_bootstrap_token')
      .and_return('bootstrap-token')
    allow_any_instance_of(Chef::Recipe).to receive(:get_password)
      .with('token', 'rbd_secret_uuid')
      .and_return('b0ff3bba-e07b-49b1-beed-09a45552b1ad')
@@ -111,14 +108,14 @@ shared_examples 'creates_cinder_conf' do |service, user, group, action = :restar
    it do
      [
-        /^auth_type = v3password$/,
+        /^auth_type = password$/,
        /^region_name = RegionOne$/,
        /^username = cinder/,
        /^project_name = service$/,
        /^user_domain_name = Default/,
        /^project_domain_name = Default/,
-        %r{^signing_dir = /var/cache/cinder/api$},
+        %r{^auth_uri = http://127.0.0.1:5000/v3$},
-        %r{^auth_url = http://127.0.0.1:5000/v3$},
+        %r{^auth_url = http://127.0.0.1:35357/v3$},
        /^password = cinder-pass$/
      ].each do |line|
        expect(chef_run).to render_config_file(file.name)