Retire openstack-chef: remove repo content

OpenStack-chef project is retiring
- https://review.opendev.org/c/openstack/governance/+/905279

this commit remove the content of this project repo

Depends-On: https://review.opendev.org/c/openstack/project-config/+/909134
Change-Id: I07e16dd10769a13ae587b94f1387efacda01fdb2
This commit is contained in:
Ghanshyam Mann 2024-02-15 14:15:58 -08:00
parent cf9da3b474
commit fb7c035bf3
56 changed files with 8 additions and 4493 deletions

View File

@ -1,9 +0,0 @@
[local_phases]
unit = 'rspec spec/'
lint = 'cookstyle --display-cop-names --extra-details'
syntax = "berks install -e integration"
provision = "echo skipping"
deploy = "echo skipping"
smoke = "echo skipping"
functional = "echo skipping"
cleanup = "echo skipping"

9
.gitignore vendored
View File

@ -1,9 +0,0 @@
.bundle/
berks-cookbooks/
.kitchen
.vagrant
.coverage/
*.swp
Berksfile.lock
Vagrantfile
Gemfile.lock

View File

@ -1,6 +0,0 @@
inherit_from: .rubocop_todo.yml
Chef/Modernize/FoodcriticComments:
Enabled: true
Chef/Style/CopyrightCommentFormat:
Enabled: true

View File

@ -1,20 +0,0 @@
# This configuration was generated by
# `rubocop --auto-gen-config`
# on 2021-10-14 06:25:41 UTC using RuboCop version 1.22.0.
# The point is for the user to remove these configuration records
# one by one as the offenses are removed from the code base.
# Note that changes in the inspected code, or installation of new
# versions of RuboCop, may require this file to be generated again.
# Offense count: 1
# Cop supports --auto-correct.
# Configuration parameters: Include.
# Include: **/libraries/*.rb
Chef/Modernize/DefinesChefSpecMatchers:
Exclude:
- 'libraries/matchers.rb'
# Offense count: 2
Lint/NestedMethodDefinition:
Exclude:
- 'libraries/matchers.rb'

View File

@ -1,3 +0,0 @@
- project:
templates:
- openstack-chef-jobs

View File

@ -1,8 +0,0 @@
source 'https://supermarket.chef.io'
solver :ruby, :required
metadata
# cookbook for testing database provider:
cookbook 'test-openstack-common-database', path: 'spec/cookbooks/test-openstack-common-database'

View File

@ -1,36 +0,0 @@
Contributing
============
How To Get Started
------------------
If you would like to contribute to the development of OpenStack Chef Cookbooks,
you must follow the steps in this page:
http://docs.openstack.org/infra/manual/developers.html
Gerrit Workflow
---------------
Once those steps have been completed, changes to OpenStack
should be submitted for review via the Gerrit tool, following
the workflow documented at:
http://docs.openstack.org/infra/manual/developers.html#development-workflow
Pull requests submitted through GitHub will be ignored.
Bugs
----
Bugs should be filed on Launchpad, not GitHub:
https://bugs.launchpad.net/openstack-chef
Contacts
--------
Mailing list: groups.google.com/group/opscode-chef-openstack
IRC: #openstack-chef is our channel on irc.freenode.net
Wiki: https://wiki.openstack.org/wiki/Chef/GettingStarted and https://docs.getchef.com/openstack.html
Twitter: @chefopenstack

176
LICENSE
View File

@ -1,176 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

View File

@ -1,336 +1,10 @@
OpenStack Chef Cookbook - common
================================
This project is no longer maintained.
.. image:: https://governance.openstack.org/badges/cookbook-openstack-common.svg
:target: https://governance.openstack.org/reference/tags/index.html
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
.. Change things from this point on
Description
===========
This cookbook provides common setup recipes, helper methods and
attributes that describe an OpenStack deployment as part of the
OpenStack reference deployment Chef for OpenStack.
Please relate to the official OpenStack Configuration and Installation
Guides for a more detailed documentation on operating and administration
of an OpenStack cluster:
https://docs.openstack.org/latest/configuration/
https://docs.openstack.org/latest/install/
Requirements
============
- Chef 16 or higher
- Chef Workstation 21.10.640 for testing (also includes berkshelf for
cookbook dependency resolution)
Platform
========
- ubuntu
- redhat
- centos
Cookbooks
=========
The following cookbooks are dependencies:
- 'etcd', '~> 7.0'
- 'mariadb', '~> 5.0'
- 'memcached', '~> 7.0'
- 'selinux'
- 'yum-centos', '>= 3.2.0'
- 'yum-epel'
Attributes
==========
Please see the extensive inline documentation in ``attributes/*.rb`` for
descriptions of all the settable attributes for this cookbook.
Note that all attributes are in the ``default["openstack"]`` "namespace"
Attributes to generate OpenStack service configuration files
------------------------------------------------------------
Since the mitaka release, we moved to a completely new way to generate
all OpenStack service configuration files. The base template is the
``openstack-service.conf.erb`` included in the templates of this
cookbook. In each of the service cookbook (e.g. openstack-network,
openstack-identity or openstack-compute), the service configuration file
(e.g neutron.conf, keystone.conf or nova.conf) gets generated directly
from attributes set inside the cookbook. To merge all the configuration
options (including the secrets) properly, before handing them over as
``@service_config`` to the mentioned template above, we use the methods
defined in ``libraries/config_helpers``.
For examples how to use these attributes, please refer to the attribute
files included in the service cookbooks (e.g.
``attributes/neutron_conf.rb`` in openstack-network or
``attributes/keystone_conf.rb`` in openstack-identity). The basic
structure of all these attributes always follows this model:
.. code-block:: ruby
# usual config option that should eventually be saved to the node object
default['openstack'][service]['conf'][section][key][value]
# configuration options like passwords that should not be saved in the node
# object
default['openstack'][service]['conf_secrets'][section][key][value]
Recipes
=======
openstack-common::client
------------------------
- Install the common python openstack client package
openstack-common::completions
-----------------------------
- Install bash completions for openstack client
openstack-common::default
-------------------------
- Installs/Configures common recipes
openstack-common::etcd
----------------------
- Installs and starts etcd
openstack-common::logging
-------------------------
- Installs/Configures common logging
openstack-common::sysctl
------------------------
- Iterates over the contents of the ``node['openstack']['sysctl']``
hash and executes the ``sysctl`` resource.
Data Bags
=========
This cookbook contains Libraries to work with passwords and secrets in
databags. Databags can be unencrypted (for dev) or encrypted (for prod).
In addition to traditionally encrypted data bags they can also be
created as chef-vault items. To read more about chef-vault and how to
use it, go to https://docs.chef.io/chef_vault.html.
Documentation for Attributes for selecting databag format can be found
in the attributes section of this cookbook.
Documentation for format of these Databags can be found in the
`Openstack Chef
Repo <https://opendev.org/openstack/openstack-chef#data-bags>`__
repository.
Resources
=========
This cookbook provides the ``openstack_database`` custom resource. When
this cookbook is included as dependency, this custom resource can be
used to create databases needed by the OpenStack services.
.. code-block:: ruby
depends 'openstack-common'
.. code-block:: ruby
openstack_database 'compute' do
user 'nova'
pass 'supersecret'
end
An example of the usage can be seen here
https://opendev.org/openstack/cookbook-openstack-ops-database/src/branch/master/recipes/openstack-db.rb
.
Libraries
=========
This cookbook exposes a set of default library routines:
- ``cli`` -- Used to call openstack CLIs
- ``endpoint`` -- Used to return a ``::URI`` object representing the
named OpenStack endpoint
- ``internal_endpoint`` -- Used to return a ``::URI`` object
representing the named OpenStack internal endpoint if one was
specified. Otherwise, it will return the same value as ``endpoint``.
- ``public_endpoint`` -- Used to return a ``::URI`` object representing
the named OpenStack public endpoint if one was specified. Otherwise,
it will return the same value as ``endpoint``.
- ``endpoints`` -- Useful for operating on all OpenStack endpoints
- ``db`` -- Returns a Hash of information about a named OpenStack
database
- ``db_uri`` -- Returns the SQLAlchemy RFC-1738 DB URI (see:
http://rfc.net/rfc1738.html) for a named OpenStack database
- ``secret`` -- Returns the value of an encrypted data bag for a named
OpenStack secret key and key-section
- ``get_password`` -- Ease-of-use helper that returns the decrypted
password for a named database, service or keystone user.
- ``matchers`` -- A custom matcher(``render_config_file``) for testing
ini format file section content by ``with_section_content``.
Examples
========
The following are code examples showing the above library routines in
action. Remember when using the library routines exposed by this library
to include the Openstack routines in your recipe's ``::Chef::Recipe``
namespace, like so:
.. code-block:: ruby
class ::Chef::Recipe
include ::Openstack
end
Example of using the ``endpoint`` routine:
.. code-block:: ruby
nova_api_ep = endpoint "compute-api"
::Chef::Log.info("Using Openstack Compute API endpoint at #{nova_api_ep.to_s}")
# Note that endpoint URIs may contain variable interpolation markers such
# as `%(tenant_id)s`, so you may need to decode them. Do so like this:
require "uri"
puts ::URI.decode nova_api_ap.to_s
Example of using the ``get_password`` and ``db_uri`` routine:
.. code-block:: ruby
db_pass = get_password "db" "cinder"
db_user = node["cinder"]["db"]["user"]
sql_connection = db_uri "volume", db_user, db_pass
template "/etc/cinder/cinder.conf" do
source "cinder.conf.erb"
owner node["cinder"]["user"]
group node["cinder"]["group"]
mode 00644
variables(
"sql_connection" => sql_connection
)
end
URI Operations
--------------
Use the ``Openstack::uri_from_hash`` routine to helpfully return a
``::URI::Generic`` object for a hash that contains any of the following
keys:
- ``host``
- ``uri``
- ``port``
- ``path``
- ``scheme``
If the ``uri`` key is in the hash, that will be used as the URI,
otherwise the URI will be constructed from the various parts of the hash
corresponding to the keys above.
.. code-block:: ruby
# Suppose node hash contains the following subhash in the :identity_service key:
# {
# :host => 'identity.example.com',
# :port => 5000,
# :scheme => 'https'
# }
uri = ::Openstack::uri_from_hash(node[:identity_service])
# uri.to_s would == "https://identity.example.com:5000"
The routine will return nil if neither a ``uri`` or ``host`` key exists
in the supplied hash.
Using the library without prefixing with ::Openstack
----------------------------------------------------
Don't like prefixing calls to the library's routines with
``::Openstack``? Do this:
.. code-block:: ruby
class ::Chef::Recipe
include ::Openstack
end
in your recipe.
License and Author
==================
+-----------------+-------------------------------------------------+
| **Author** | Jay Pipes (jaypipes@att.com) |
+-----------------+-------------------------------------------------+
| **Author** | John Dewey (jdewey@att.com) |
+-----------------+-------------------------------------------------+
| **Author** | Matt Ray (matt@opscode.com) |
+-----------------+-------------------------------------------------+
| **Author** | Craig Tracey (craigtracey@gmail.com) |
+-----------------+-------------------------------------------------+
| **Author** | Sean Gallagher (sean.gallagher@att.com) |
+-----------------+-------------------------------------------------+
| **Author** | Ionut Artarisi (iartarisi@suse.cz) |
+-----------------+-------------------------------------------------+
| **Author** | Chen Zhiwei (zhiwchen@cn.ibm.com) |
+-----------------+-------------------------------------------------+
| **Author** | Brett Campbell (brett.campbell@rackspace.com) |
+-----------------+-------------------------------------------------+
| **Author** | Mark Vanderwiel (vanderwl@us.ibm.com) |
+-----------------+-------------------------------------------------+
| **Author** | Jan Klare (j.klare@cloudbau.de) |
+-----------------+-------------------------------------------------+
| **Author** | Christoph Albers (c.albers@x-ion.de) |
+-----------------+-------------------------------------------------+
| **Author** | Jens Harbott (j.harbott@x-ion.de) |
+-----------------+-------------------------------------------------+
| **Author** | Lance Albertson (lance@osuosl.org) |
+-----------------+-------------------------------------------------+
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2013, Opscode, Inc. |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2013, Craig Tracey |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2014, SUSE Linux GmbH |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2015, IBM, Corp. |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2014, Rackspace US, Inc. |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2016-2019, x-ion GmbH |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2016-2021, Oregon State University |
+-----------------+--------------------------------------------------+
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
::
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-dev on
OFTC.

View File

@ -1,51 +0,0 @@
task default: ['test']
task test: [:syntax, :unit]
desc 'Vendor the cookbooks in the Berksfile'
task :berks_prep do
sh %(chef exec berks vendor)
end
desc 'Run CookStyle (syntax & lint) tests'
task :syntax do
sh %(delivery local lint)
end
desc 'Run RSpec (unit) tests'
task unit: :berks_prep do
sh %(delivery local unit)
end
desc 'Remove the berks-cookbooks directory and the Berksfile.lock'
task :clean do
rm_rf [
'berks-cookbooks',
'Berksfile.lock',
]
end
desc 'All-in-One Neutron build'
task integration: :common_integration do
# Noop
end
desc 'Common task used by all cookbooks for integration test'
task :common_integration do
# Use the berksfile support to make use of the existing patch clones.
# Make a sym link from workspace/gate-cookbook-openstack-common-chef-rake-integration
# to workspace/cookbook-openstack-common
patch_dir = Dir.pwd
patch_dir_berks = ENV['ZUUL_PROJECT'].split('/')[1]
sh %(ls -la ..)
sh %(ls -la ../..)
sh %(sudo ln -s #{patch_dir} ../#{patch_dir_berks})
unless Dir.exist?('../openstack-chef')
sh %(git clone --depth 1 https://opendev.org/openstack/openstack-chef ../openstack-chef)
end
Dir.chdir('../openstack-chef') do
sh %(chef exec rake integration)
end
end

View File

@ -1,30 +0,0 @@
# Testing the Cookbook #
This cookbook uses [chefdk](https://downloads.chef.io/chef-dk/) and [berkshelf](http://berkshelf.com/) to isolate dependencies. Make sure you have chefdk and the header files for `gecode` installed before continuing. Make sure that you're using gecode version 3. More info [here](https://github.com/opscode/dep-selector-libgecode/tree/0bad63fea305ede624c58506423ced697dd2545e#using-a-system-gecode-instead). For more detailed information on what needs to be installed, you can have a quick look into the bootstrap.sh file in this repository, which does install all the needed things to get going on ubuntu trusty. The tests defined in the Rakefile include lint, style and unit. For integration testing please refere to the [openstack-chef-repo](https://github.com/openstack/openstack-chef-repo).
We have three test suites which you can run either, individually (there are three rake tasks):
$ chef exec rake lint
$ chef exec rake style
$ chef exec rake unit
or altogether:
$ chef exec rake
The `rake` tasks will take care of installing the needed cookbooks with `berkshelf`.
## Rubocop ##
[Rubocop](https://github.com/bbatsov/rubocop) is a static Ruby code analyzer, based on the community [Ruby style guide](https://github.com/bbatsov/ruby-style-guide). We are attempting to adhere to this where applicable, slowly cleaning up the cookbooks until we can turn on Rubocop for gating the commits.
## Foodcritic ##
[Foodcritic](http://acrmp.github.io/foodcritic/) is a lint tool for Chef cookbooks. We ignore the following rules:
* [FC003](http://acrmp.github.io/foodcritic/#FC003) These cookbooks are not intended for Chef Solo.
* [FC023](http://acrmp.github.io/foodcritic/#FC023) Prefer conditional attributes.
## Chefspec
[ChefSpec](https://github.com/sethvargo/chefspec) is a unit testing framework for testing Chef cookbooks. ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers.

View File

@ -1,207 +0,0 @@
#
# Cookbook:: openstack-common
# Attributes:: database
#
# Copyright:: 2012-2021, AT&T Services, Inc.
# Copyright:: 2013-2021, SUSE Linux GmbH
# Copyright:: 2020-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# ======================== OpenStack DB Support ================================
#
# This section of node attributes stores information about the database hosts
# used in an OpenStack deployment.
#
# There is no 'scheme' key. Instead, there is a 'service_type' key that should
# contain one of 'sqlite', 'mysql', or 'postgresql'
#
# The ::Openstack::db(<SERVICE_NAME>) library routine allows a lookup from any recipe
# to this array, returning the host information for the server that contains
# the database for <SERVICE_NAME>, where <SERVICE_NAME> is one of 'compute' (Nova),
# 'image' (Glance), 'identity' (Keystone), 'network' (Neutron), or 'volume' (Cinder)
#
# The ::Openstack::db_connection(<SERVICE_NAME>, <USER>, <PASSWORD>) library routine
# returns the SQLAlchemy DB URI for <SERVICE_NAME>, with the supplied user and password
# that a calling service might be using when connecting to the database.
#
# For example, let's assume that the database that is used by the OpenStack Identity
# service (Keystone) is configured as follows:
#
# host: 192.168.0.3
# port: 3306
# service_type: mysql
# db_name: keystone
#
# Further suppose that a node running the OpenStack Identity API service needs to
# connect to the above identity database server. It has the following in it's node
# attributes:
#
# node['openstack']['db']['identity']['username'] = 'keystone'
#
# In a 'keystone' recipe, you might find the following code:
#
# user = node['openstack']['db']['identity']['username']
# pass = get_password 'db', 'keystone'
#
# sql_connection = ::Openstack::db_uri('identity', user, pass)
#
# The sql_connection variable would then be set to "mysql://keystone:password@192.168.0.3:keystone"
# and could then be written to the keystone.conf file in a template.
#
# Database Migrations:
#
# node['openstack']['db'][<SERVICE_NAME>]['migrate']
#
# The above attribute causes database migrations to be executed for the given
# service. There are cases where migrations should not be executed. For
# example when upgrading a zone, and the image or identity database are replicated
# across many zones.
#
# ******************** Database Endpoint **************************************
%w(endpoints bind_service).each do |type|
default['openstack'][type]['db']['host'] = '127.0.0.1'
default['openstack'][type]['db']['port'] = '3306'
end
default['openstack']['bind_service']['db']['interface'] = nil
default['openstack']['endpoints']['db']['enabled_slave'] = false
default['openstack']['endpoints']['db']['slave_host'] = '127.0.0.1'
default['openstack']['endpoints']['db']['slave_port'] = '3316'
# If you bind the database to a specific ip-address (you can only choose one
# here for mysql, so 127.0.0.1 + external address is not an option), to allow
# the services and applications to access it via this one, you probably do not
# want to allow the db root user to access it via this external address. In this
# case you have the option to allow root access only via localhost, which
# will work for mysql databases, since it will use a direct connection via
# the socket, so the database does not have not to listen on 127.0.0.1.
# Set this to 'localhost' for mysql to connect via socket.
default['openstack']['endpoints']['db']['host_for_db_root_user'] = 'localhost'
# Default database attributes
default['openstack']['db']['server_role'] = 'os-ops-database'
# Database charset during create database
default['openstack']['db']['charset'] = {
mysql: 'utf8',
'percona-cluster' => 'utf8',
mariadb: 'utf8',
postgresql: nil,
pgsql: nil,
sqlite: nil,
nosql: nil,
galera: 'utf8',
}
# Database connection options. Should include starting '?'
default['openstack']['db']['options'] = {
mysql: "?charset=#{node['openstack']['db']['charset']['mysql']}",
'percona-cluster' => "?charset=#{node['openstack']['db']['charset']['percona-cluster']}",
mariadb: "?charset=#{node['openstack']['db']['charset']['mariadb']}",
sqlite: '',
nosql: '',
galera: "?charset=#{node['openstack']['db']['charset']['galera']}",
}
# platform and DBMS-specific python client packages
default['openstack']['db']['python_packages'] = {
postgresql: [],
sqlite: [],
}
case node['platform_family']
when 'rhel'
default['openstack']['db']['service_type'] = 'mariadb'
if node['platform_version'].to_i >= 8
default['openstack']['db']['python_packages']['mariadb'] = ['python3-PyMySQL']
default['openstack']['db']['python_packages']['percona-cluster'] = ['python3-PyMySQL']
default['openstack']['db']['python_packages']['galera'] = ['python3-PyMySQL']
else
default['openstack']['db']['python_packages']['mariadb'] = ['MySQL-python']
default['openstack']['db']['python_packages']['percona-cluster'] = ['MySQL-python']
default['openstack']['db']['python_packages']['galera'] = ['MySQL-python']
end
when 'debian'
default['openstack']['db']['service_type'] = 'mariadb'
default['openstack']['db']['python_packages']['mariadb'] = ['python3-mysqldb']
default['openstack']['db']['python_packages']['percona-cluster'] = ['python3-mysqldb']
default['openstack']['db']['python_packages']['galera'] = ['python3-mysqldb']
end
# database sockets, because different
case node['platform_family']
when 'rhel'
default['openstack']['db']['socket'] = '/var/lib/mysql/mysql.sock'
when 'debian'
default['openstack']['db']['socket'] = '/var/run/mysqld/mysqld.sock'
end
# Database used by the OpenStack services
node['openstack']['common']['services'].each do |service, project|
default['openstack']['db'][service]['service_type'] = node['openstack']['db']['service_type']
default['openstack']['db'][service]['host'] = node['openstack']['endpoints']['db']['host']
default['openstack']['db'][service]['port'] = node['openstack']['endpoints']['db']['port']
default['openstack']['db'][service]['db_name'] = project
default['openstack']['db'][service]['username'] = project
default['openstack']['db'][service]['options'] = node['openstack']['db']['options']
default['openstack']['db'][service]['slave_host'] = node['openstack']['endpoints']['db']['slave_host']
default['openstack']['db'][service]['slave_port'] = node['openstack']['endpoints']['db']['slave_port']
default['openstack']['db'][service]['socket'] = node['openstack']['db']['socket']
case service
when 'dashboard'
default['openstack']['db'][service]['migrate'] = true
when 'identity'
default['openstack']['db'][service]['migrate'] = true
when 'image'
default['openstack']['db'][service]['migrate'] = true
when 'network'
# The SQLAlchemy connection string used to connect to the slave database
default['openstack']['db'][service]['slave_connection'] = ''
# Database reconnection retry times - in event connectivity is lost
default['openstack']['db'][service]['max_retries'] = 10
# Database reconnection interval in seconds - if the initial connection to the database fails
default['openstack']['db'][service]['retry_interval'] = 10
# Minimum number of SQL connections to keep open in a pool
default['openstack']['db'][service]['min_pool_size'] = 1
# Maximum number of SQL connections to keep open in a pool
default['openstack']['db'][service]['max_pool_size'] = 10
# Timeout in seconds before idle sql connections are reaped
default['openstack']['db'][service]['idle_timeout'] = 3600
# If set, use this value for max_overflow with sqlalchemy
default['openstack']['db'][service]['max_overflow'] = 20
# Verbosity of SQL debugging information. 0=None, 100=Everything
default['openstack']['db'][service]['connection_debug'] = 0
# Add python stack traces to SQL as comment strings
default['openstack']['db'][service]['connection_trace'] = false
# If set, use this value for pool_timeout with sqlalchemy
default['openstack']['db'][service]['pool_timeout'] = 10
when 'telemetry'
default['openstack']['db'][service]['nosql']['used'] = false
default['openstack']['db'][service]['nosql']['port'] = '27017'
end
end
# DB key to the get_password library routine
default['openstack']['db']['root_user_key'] = 'mysqlroot'

View File

@ -1,357 +0,0 @@
#
# Cookbook:: openstack-common
# Attributes:: default
#
# Copyright:: 2012-2021, AT&T Services, Inc.
# Copyright:: 2013-2021, SUSE Linux GmbH
# Copyright:: 2016-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Release mode toggle for testing frameworks. Defaults to false.
# Override this to true at the environment level when you're ready.
default['openstack']['is_release'] = false
# Set to some text value if you want templated config files
# to contain a custom banner at the top of the written file
default['openstack']['common']['custom_template_banner'] = '
# This file is automatically generated by Chef
# Any changes will be overwritten
'
# OpenStack services and their project names
default['openstack']['common']['services'] = {
'aodh' => 'aodh',
'baremetal' => 'ironic',
'bare_metal' => 'ironic',
'block_storage' => 'cinder',
'block-storage' => 'cinder',
'compute' => 'nova',
'compute_api' => 'nova_api',
'compute_cell0' => 'nova_cell0',
'dashboard' => 'horizon',
'database' => 'trove',
'dns' => 'designate',
'identity' => 'keystone',
'image' => 'glance',
'load_balancer' => 'octavia',
'network' => 'neutron',
'object_storage' => 'swift',
'orchestration' => 'heat',
'placement' => 'placement',
'telemetry' => 'ceilometer',
'telemetry_metric' => 'gnocchi',
'application_catalog' => 'murano',
}
# Setting this to True means that database passwords and service user
# passwords for Keystone will be easy-to-remember values -- they will be
# the same value as the key. For instance, if a cookbook calls the
# ::Openstack::secret routine like so:
#
# pass = secret "passwords", "nova"
#
# The value of pass will be "nova"
#
# Use data bags for storing passwords
# Set this to false in order to get the passwords from attributes like:
# node['openstack']['secret'][key][type]
default['openstack']['use_databags'] = true
# Set databag type
# acceptable values 'encrypted', 'standard', 'vault'
# Set this to 'standard' in order to use regular databags.
# this is not recommended for anything other than dev/CI
# type environments. Storing real secrets in plaintext = craycray.
# In addition to the encrypted data_bags which are an included
# feature of the official chef project, you can use 'vault' to
# encrypt your secrets with the method provided in the chef-vault gem.
default['openstack']['databag_type'] = 'encrypted'
default['openstack']['vault_gem_version'] = '~> 3.2'
# Default attributes when not using data bags (use_databags = false)
node['openstack']['common']['services'].each_key do |service|
%w(user service db token).each do |type|
default['openstack']['secret'][service][type] = "#{service}-#{type}"
end
end
# The type of token signing to use (uuid or fernet)
default['openstack']['auth']['strategy'] = 'fernet'
# Set to true where using self-signed certs (in testing environments)
default['openstack']['auth']['validate_certs'] = true
# ========================= Encrypted Databag Setup ===========================
#
# The openstack-common cookbook's default library contains a `secret`
# routine that looks up the value of encrypted databag values. This routine
# uses the secret key file located at the following location to decrypt the
# values in the data bag.
default['openstack']['secret']['key_path'] = '/etc/chef/openstack_data_bag_secret'
# The name of the encrypted data bag that stores openstack secrets
default['openstack']['secret']['secrets_data_bag'] = 'secrets'
# The name of the encrypted data bag that stores service user passwords, with
# each key in the data bag corresponding to a named OpenStack service, like
# "nova", "cinder", etc.
default['openstack']['secret']['service_passwords_data_bag'] = 'service_passwords'
# The name of the encrypted data bag that stores DB passwords, with
# each key in the data bag corresponding to a named OpenStack database, like
# "nova", "cinder", etc.
default['openstack']['secret']['db_passwords_data_bag'] = 'db_passwords'
# The name of the encrypted data bag that stores Keystone user passwords, with
# each key in the data bag corresponding to a user (Keystone or otherwise).
default['openstack']['secret']['user_passwords_data_bag'] = 'user_passwords'
# ========================= Package and Repository Setup ======================
#
# Various Linux distributions provide OpenStack packages and repositories.
# The provide some sensible defaults, but feel free to override per your
# needs.
# The coordinated release of OpenStack codename
default['openstack']['release'] = 'train'
# The Ubuntu Cloud Archive has packages for multiple Ubuntu releases. For
# more information, see: https://wiki.ubuntu.com/ServerTeam/CloudArchive.
# In the component strings, %codename% will be replaced by the value of
# the node['lsb']['codename'] Ohai value and %release% will be replaced
# by the value of node['openstack']['release']
#
# Change ['openstack']['apt']['update_apt_cache'] to true if you would like
# have the cache automatically updated
default['openstack']['apt']['update_apt_cache'] = false
default['openstack']['apt']['live_updates_enabled'] = true
default['openstack']['apt']['uri'] = 'http://ubuntu-cloud.archive.canonical.com/ubuntu'
default['openstack']['apt']['components'] = ['main']
default['openstack']['yum']['update_yum_cache'] = false
default['openstack']['yum']['rdo_enabled'] = true
default['openstack']['yum']['uri'] =
if node['platform_version'].to_i >= 8
# TODO: Train has been archived to vault for RHEL 8
# "http://mirror.centos.org/centos/$releasever/cloud/$basearch/openstack-#{node['openstack']['release']}"
"https://vault.centos.org/8.5.2111/cloud/x86_64/openstack-#{node['openstack']['release']}/"
else
"http://mirror.centos.org/centos/$releasever/cloud/$basearch/openstack-#{node['openstack']['release']}"
end
default['openstack']['yum']['repo-key'] = "https://github.com/rdo-infra/rdo-release/raw/#{node['openstack']['release']}-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud"
# Enforcing GnuPG signature check for RDO repo. Set this to false if you want to disable the check.
default['openstack']['yum']['gpgcheck'] = true
default['openstack']['endpoints']['family'] = 'inet'
# Set a default region that other regions are set to - such that changing the region for all services can be done in one place
default['openstack']['region'] = 'RegionOne'
# Allow configured loggers in logging.conf
default['openstack']['logging']['loggers'] = {
'root' => {
'level' => 'NOTSET',
'handlers' => 'devel',
},
'ceilometer' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'ceilometer',
},
'cinder' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'cinder',
},
'glance' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'glance',
},
'horizon' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'horizon',
},
'keystone' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'keystone',
},
'nova' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'nova',
},
'neutron' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'neutron',
},
'trove' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'trove',
},
'amqplib' => {
'level' => 'WARNING',
'handlers' => 'stderr',
'qualname' => 'amqplib',
},
'sqlalchemy' => {
'level' => 'WARNING',
# "level' => 'INFO" logs SQL queries.
# "level' => 'DEBUG" logs SQL queries and results.
# "level' => 'WARNING" logs neither. (Recommended for production systems.)
'handlers' => 'stderr',
'qualname' => 'sqlalchemy',
},
'boto' => {
'level' => 'WARNING',
'handlers' => 'stderr',
'qualname' => 'boto',
},
'suds' => {
'level' => 'INFO',
'handlers' => 'stderr',
'qualname' => 'suds',
},
'eventletwsgi' => {
'level' => 'WARNING',
'handlers' => 'stderr',
'qualname' => 'eventlet.wsgi.server',
},
'nova_api_openstack_wsgi' => {
'level' => 'WARNING',
'handlers' => 'prod,debug',
'qualname' => 'nova.api.openstack.wsgi',
},
'nova_osapi_compute_wsgi_server' => {
'level' => 'WARNING',
'handlers' => 'prod,debug',
'qualname' => 'nova.osapi_compute.wsgi.server',
},
}
# Allow configured formatters in logging.conf
default['openstack']['logging']['formatters'] = {
'normal' => {
'format' => '%(asctime)s %(levelname)s %(message)s',
},
'normal_with_name' => {
'format' => '[%(name)s]: %(asctime)s %(levelname)s %(message)s',
},
'debug' => {
'format' => '[%(name)s]: %(asctime)s %(levelname)s %(module)s.%(funcName)s %(message)s',
},
'syslog_with_name' => {
'format' => '%(name)s: %(levelname)s %(message)s',
},
'syslog_debug' => {
'format' => '%(name)s: %(levelname)s %(module)s.%(funcName)s %(message)s',
},
}
# Allow configured logging handlers in logging.conf
default['openstack']['logging']['handlers'] = {
'stderr' => {
'args' => '(sys.stderr,)',
'class' => 'StreamHandler',
'formatter' => 'debug',
},
'devel' => {
'args' => '(sys.stdout,)',
'class' => 'StreamHandler',
'formatter' => 'debug',
'level' => 'NOTSET',
},
'prod' => {
'args' => '((\'/dev/log\'), handlers.SysLogHandler.LOG_LOCAL0)',
'class' => 'handlers.SysLogHandler',
'formatter' => 'syslog_with_name',
'level' => 'INFO',
},
'debug' => {
'args' => '((\'/dev/log\'), handlers.SysLogHandler.LOG_LOCAL1)',
'class' => 'handlers.SysLogHandler',
'formatter' => 'syslog_debug',
'level' => 'DEBUG',
},
}
default['openstack']['memcached_servers'] = nil
# Default sysctl settings
default['openstack']['sysctl']['net.ipv4.conf.all.rp_filter'] = 0
default['openstack']['sysctl']['net.ipv4.conf.default.rp_filter'] = 0
case node['platform_family']
when 'rhel'
default['openstack']['common']['platform'] =
if node['platform_version'].to_i >= 8
{
'common_client_packages' => ['python3-openstackclient'],
'python_packages' => %w(
python3-pip
python3-setuptools
python3-virtualenv
python3-wheel
python36
python36-devel
),
'package_overrides' => '',
}
else
{
'common_client_packages' => ['python-openstackclient'],
'python_packages' => %w(
python
python2-pip
python2-setuptools
python-devel
python-virtualenv
python-wheel
),
'package_overrides' => '',
}
end
when 'debian'
default['openstack']['common']['platform'] = {
'common_client_packages' => ['python3-openstackclient'],
'python_packages' => %w(
python3
python3-dev
python3-pip
python3-setuptools
python3-virtualenv
python3-wheel
virtualenv
),
'package_overrides' => '',
}
end
# The location of the OSC bash completion file
default['openstack']['common']['bash_complete'] = '/etc/bash_completion.d/osc.bash_completion'
# Set maximum count for searches [1]
# [1] https://review.opendev.org/60126
default['openstack']['common']['search_count_max'] = 7
# The name of the Chef role that installs the Keystone Service API
default['openstack']['identity_service_chef_role'] = 'os-identity'
# The name of the Chef role that sets up the compute worker
default['openstack']['compute_worker_chef_role'] = 'os-compute-worker'

View File

@ -1,125 +0,0 @@
#
# Cookbook:: openstack-common
# Attributes:: messaging
#
# Copyright:: 2012-2021, AT&T Services, Inc.
# Copyright:: 2013-2021, SUSE Linux GmbH
# Copyright:: 2013-2021, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# The rabbitmq user's password is stored in an encrypted databag and accessed
# with openstack-common cookbook library's user_password routine. You are
# expected to create the user, pass, vhost in a wrapper rabbitmq cookbook.
#
# ******************** RabbitMQ Endpoint **************************************
%w(endpoints bind_service).each do |type|
default['openstack'][type]['mq']['host'] = '127.0.0.1'
default['openstack'][type]['mq']['port'] = '5672'
end
default['openstack']['bind_service']['mq']['interface'] = nil
###################################################################
# Services to assign mq attributes for
###################################################################
services =
%w(
aodh
bare_metal
baremetal
block-storage
block_storage
compute
database
dns
identity
image
load_balancer
network
orchestration
placement
telemetry
)
###################################################################
# Generic default attributes
###################################################################
default['openstack']['mq']['server_role'] = 'os-ops-messaging'
default['openstack']['mq']['service_type'] = 'rabbit'
default['openstack']['mq']['user'] = 'openstack'
default['openstack']['mq']['vhost'] = '/'
# defined in oslo/messaging/_drivers/amqp.py
default['openstack']['mq']['durable_queues'] = false
default['openstack']['mq']['auto_delete'] = false
###################################################################
# Default rabbit values (for attribute assignment below)
###################################################################
# global switch for handling rabbit ssl
default['openstack']['mq']['rabbitmq']['use_ssl'] = false
# SSL version to use (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_version'] = nil
# SSL key file (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'] = nil
# SSL cert file (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'] = nil
# SSL certification authority file (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'] = nil
# How long to wait before reconnecting in response to an AMQP consumer cancel notification
default['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'] = 1.0
# How long to wait before considering a reconnect attempt to have failed.
# This value should not be longer than rpc_response_timeout
default['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout'] = 60
# global switch for handling rabbit ha
default['openstack']['mq']['rabbitmq']['ha'] = false
# global switch for number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat)
default['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'] = 0
# global switch for how often times during the heartbeat_timeout_threshold we check the heartbeat
default['openstack']['mq']['rabbitmq']['heartbeat_rate'] = 2
rabbit_defaults = {
rabbit_max_retries: 0,
rabbit_retry_interval: 1,
userid: node['openstack']['mq']['user'],
vhost: node['openstack']['mq']['vhost'],
port: node['openstack']['endpoints']['mq']['port'],
host: node['openstack']['endpoints']['mq']['host'],
ha: node['openstack']['mq']['rabbitmq']['ha'],
heartbeat_timeout_threshold: node['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'],
heartbeat_rate: node['openstack']['mq']['rabbitmq']['heartbeat_rate'],
use_ssl: node['openstack']['mq']['rabbitmq']['use_ssl'],
kombu_ssl_version: node['openstack']['mq']['rabbitmq']['kombu_ssl_version'],
kombu_ssl_keyfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'],
kombu_ssl_certfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'],
kombu_ssl_ca_certs: node['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'],
kombu_reconnect_delay: node['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'],
kombu_reconnect_timeout: node['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout'],
}
###################################################################
# Assign default mq attributes for every service
###################################################################
services.each do |svc|
default['openstack']['mq'][svc]['service_type'] = node['openstack']['mq']['service_type']
default['openstack']['mq'][svc]['durable_queues'] =
node['openstack']['mq']['durable_queues']
default['openstack']['mq'][svc]['auto_delete'] =
node['openstack']['mq']['auto_delete']
rabbit_defaults.each do |key, val|
default['openstack']['mq'][svc]['rabbit'][key.to_s] = val
end
end

View File

@ -1,138 +0,0 @@
#
# Cookbook:: openstack-common
# library:: cli
#
# Copyright:: 2014-2021, IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'chef/mixin/shell_out'
include Chef::Mixin::ShellOut
require 'uri'
# CLI methods
module ::Openstack
# return an environment suitable for calling openstack commands.
#
# @param [String] user name
# @param [String] tenant name
# @return [Hash] environment
def openstack_command_env(name, project, user_domain, project_domain)
identity_endpoint = public_endpoint 'identity'
auth_url = identity_endpoint.to_s
pass = get_password 'user', name
{
'OS_USERNAME' => name,
'OS_PASSWORD' => pass,
'OS_PROJECT_NAME' => project,
'OS_USER_DOMAIN_NAME' => user_domain,
'OS_PROJECT_DOMAIN_NAME' => project_domain,
'OS_IDENTITY_API_VERSION' => '3',
'OS_AUTH_URL' => auth_url,
}
end
# return stdout from calling an openstack command.
#
# @param [String] command to run
# @param [String] command options
# @param [Hash] environment to use
# @param [Hash] optional command argument/values pairs
# @return [String] stdout or fail
#
def openstack_command(cmd, options = '', env = {}, args = {})
# NOTE: Here we split options (which creates an array) and then merge that
# array into [cmd]. This is done to accomdate cmd + options like:
# keystone user-list
# glance image-show <id|name>
openstackcmd = [cmd]
args.each do |key, val|
openstackcmd << "--#{key}"
openstackcmd << val.to_s unless val.to_s.empty?
end
# If options is a string, split on whitespace into array; otherwise, assume
# it is an array already and leave it untouched.
options = options.split if options.instance_of? String
openstackcmd = openstackcmd.concat(options)
Chef::Log.debug("Running openstack command: #{openstackcmd} with environment: #{env}")
result = shell_out(openstackcmd, env: env)
Chef::Log.debug("Output for command: #{cmd}:\n#{result.stdout}\n#{result.stderr}")
raise "#{result.stderr} (#{result.exitstatus})" if result.exitstatus != 0
result.stdout
end
# return uuid for a resource.
#
# @param [String] client of resource (keystone, neutron, glance, ...)
# @param [String] type of resource (user, service, tenant, endpoint, role; net, subnet, router, ...)
# @param [String] key of resource to match
# @param [String] value of resource key to match
# @param [Hash] environment to use.
# @param [Hash] optional command argument/values pairs
# @param [String] optional uuid field to match
# @return [String] uuid or nil
#
def get_uuid(client, type, key, value, env, args = {}, uuid_field = 'id') # rubocop: disable Metrics/ParameterLists
begin
output = openstack_command(client, "#{type} list", env, args)
prettytable_to_array(output).each do |obj|
return obj[uuid_field] if obj.key?(uuid_field) && obj[key] == value
end
rescue RuntimeError => e
raise "Could not lookup uuid for #{type}:#{key}=>#{value}. Error was #{e.message}"
end
nil
end
# return uuid for an identity resource.
#
# @param [String] type of resource (user, service, tenant, endpoint, role)
# @param [String] key of resource to match
# @param [String] value of resource key to match
# @param [Hash] environment to use.
# @param [Hash] optional command argument/values pairs
# @param [String] optional uuid field to match
# @return [String] uuid or nil
#
# TODO: update openstack-identity register provider to use these functions.
#
def identity_uuid(*args)
get_uuid('openstack', *args)
end
# return id for a glance image.
#
# @param [String] name of image
# @param [Hash] environment to use.
# @param [Hash] optional command argument/values pairs
# @return [String] id or nil
def image_id(name, env, args = {})
get_uuid('openstack', 'image', 'Name', name, env, args, 'ID')
end
# return uuid for a network resource.
#
# @param [String] type of resource (net, subnet, router, port, ...)
# @param [String] key of resource to match
# @param [String] value of resource key to match
# @param [Hash] environment to use.
# @param [Hash] optional command argument/values pairs
# @param [String] optional uuid field to match
# @return [String] uuid or nil
#
def network_uuid(*args)
get_uuid('openstack', *args)
end
end

View File

@ -1,46 +0,0 @@
#
# Cookbook:: openstack-common
# library:: config_helpers
#
# Copyright:: 2016-2021, cloudbau GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# config helper methods
module ::Openstack
# return a Mash with config options which can be used for the service config