Move auth config from api-paste.ini to nova.conf.

In Icehouse, the configurations for keystone auth token has been moved
to nova.conf. So we need to remove the configurations from api-paste.ini
and move them to nova.conf.

Change-Id: I5b5b32b16c8e9235103bd61f3c3eb1774b093e0a
Closes-Bug: #1342002

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 This file is used to list changes made in each version of cookbook-openstack-compute.
 
+## 9.3.1
+* Move auth configuration from api-paste.ini to nova.conf
+
 ## 9.3.0
 * python_packages database client attributes have been migrated to the -common cookbook
 * bump berkshelf to 2.0.18 to allow Supermarket support

metadata.rb

@@ -4,7 +4,7 @@ maintainer_email 'matt@opscode.com'
 license          'Apache 2.0'
 description      'The OpenStack Compute service Nova.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '9.3.0'
+version          '9.3.1'
 
 recipe 'openstack-compute::api-ec2', 'Installs AWS EC2 compatible API'
 recipe 'openstack-compute::api-metadata', 'Installs the nova metadata package'

recipes/api-ec2.rb

@@ -47,21 +47,10 @@ service 'nova-api-ec2' do
   action :enable
 end
 
-identity_endpoint = endpoint 'identity-api'
-identity_admin_endpoint = endpoint 'identity-admin'
-service_pass = get_password 'service', 'openstack-compute'
-
-auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['compute']['api']['auth']['version']
-
 template '/etc/nova/api-paste.ini' do
   source 'api-paste.ini.erb'
   owner  node['openstack']['compute']['user']
   group  node['openstack']['compute']['group']
   mode   00644
-  variables(
-    auth_uri: auth_uri,
-    identity_admin_endpoint: identity_admin_endpoint,
-    service_pass: service_pass
-  )
   notifies :restart, 'service[nova-api-ec2]'
 end

recipes/api-metadata.rb

@@ -50,21 +50,10 @@ service 'nova-api-metadata' do
   action :enable
 end
 
-identity_endpoint = endpoint 'identity-api'
-identity_admin_endpoint = endpoint 'identity-admin'
-service_pass = get_password 'service', 'openstack-compute'
-
-auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['compute']['api']['auth']['version']
-
 template '/etc/nova/api-paste.ini' do
   source 'api-paste.ini.erb'
   owner  node['openstack']['compute']['user']
   group  node['openstack']['compute']['group']
   mode   00644
-  variables(
-    auth_uri: auth_uri,
-    identity_admin_endpoint: identity_admin_endpoint,
-    service_pass: service_pass
-  )
   notifies :restart, 'service[nova-api-metadata]'
 end

recipes/api-os-compute.rb

@@ -53,21 +53,10 @@ service 'nova-api-os-compute' do
   action [:enable, :start]
 end
 
-identity_endpoint = endpoint 'identity-api'
-identity_admin_endpoint = endpoint 'identity-admin'
-service_pass = get_password 'service', 'openstack-compute'
-
-auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['compute']['api']['auth']['version']
-
 template '/etc/nova/api-paste.ini' do
   source 'api-paste.ini.erb'
   owner  node['openstack']['compute']['user']
   group  node['openstack']['compute']['group']
   mode   00644
-  variables(
-    auth_uri: auth_uri,
-    identity_admin_endpoint: identity_admin_endpoint,
-    service_pass: service_pass
-  )
   notifies :restart, 'service[nova-api-os-compute]'
 end

recipes/nova-common.rb

@@ -124,6 +124,10 @@ if node['openstack']['compute']['driver'].split('.').first == 'vmwareapi'
   vmware_host_pass = get_secret node['openstack']['compute']['vmware']['secret_name']
 end
 
+identity_admin_endpoint = endpoint 'identity-admin'
+auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['compute']['api']['auth']['version']
+service_pass = get_password 'service', 'openstack-compute'
+
 template '/etc/nova/nova.conf' do
   source 'nova.conf.erb'
   owner node['openstack']['compute']['user']
@@ -159,7 +163,10 @@ template '/etc/nova/nova.conf' do
     ec2_api_bind_ip: ec2_api_bind.host,
     ec2_api_bind_port: ec2_api_bind.port,
     rbd_secret_uuid: rbd_secret_uuid,
-    vmware_host_pass: vmware_host_pass
+    vmware_host_pass: vmware_host_pass,
+    auth_uri: auth_uri,
+    identity_admin_endpoint: identity_admin_endpoint,
+    service_pass: service_pass
   )
 end
 

spec/nova-common_spec.rb

@@ -173,6 +173,25 @@ describe 'openstack-compute::nova-common' do
         end
       end
 
+      context 'keystone_authtoken' do
+        it 'has correct auth_token settings' do
+          [
+            'auth_uri = http://127.0.0.1:5000/v2.0',
+            'auth_host = 127.0.0.1',
+            'auth_port = 35357',
+            'auth_protocol = http',
+            'auth_version = v2.0',
+            'admin_tenant_name = service',
+            'admin_user = nova',
+            'admin_password = nova-pass',
+            'signing_dir = /var/cache/nova/api'
+          ].each do |line|
+            expect(chef_run).to render_file(file.name).with_content(
+              /^#{Regexp.quote(line)}$/)
+          end
+        end
+      end
+
       context 'rabbit mq backend' do
         before do
           node.set['openstack']['mq']['compute']['service_type'] = 'rabbitmq'

spec/spec_helper.rb

@@ -143,25 +143,6 @@ def expect_creates_api_paste(service, action = :restart) # rubocop:disable Metho
       )
     end
 
-    describe 'keystone_authtoken' do
-      it 'has correct auth_token settings' do
-        [
-          'auth_uri = http://127.0.0.1:5000/v2.0',
-          'auth_host = 127.0.0.1',
-          'auth_port = 35357',
-          'auth_protocol = http',
-          'auth_version = v2.0',
-          'admin_tenant_name = service',
-          'admin_user = nova',
-          'admin_password = nova-pass',
-          'signing_dir = /var/cache/nova/api'
-        ].each do |line|
-          expect(chef_run).to render_file(file.name).with_content(
-            /^#{Regexp.quote(line)}$/)
-        end
-      end
-    end
-
     context 'template contents' do
       context 'ec2 enabled' do
         before do

templates/default/api-paste.ini.erb

@@ -108,15 +108,6 @@ paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
 
 [filter:authtoken]
 paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
-auth_uri = <%= @auth_uri %>
-auth_host = <%= @identity_admin_endpoint.host %>
-auth_port = <%= @identity_admin_endpoint.port %>
-auth_protocol = <%= @identity_admin_endpoint.scheme %>
-auth_version = <%= node["openstack"]["compute"]["api"]["auth"]["version"] %>
-admin_tenant_name = <%= node["openstack"]["compute"]["service_tenant_name"] %>
-admin_user = <%= node["openstack"]["compute"]["service_user"] %>
-admin_password = <%= @service_pass %>
-signing_dir = <%= node["openstack"]["compute"]["api"]["auth"]["cache_dir"] %>
 
 <% if node["openstack"]["compute"]["misc_paste"] %>
 ########

templates/default/nova.conf.erb

@@ -585,3 +585,14 @@ rbd_user=<%= node['openstack']['compute']['libvirt']['rbd']['rbd_user'] %>
 # The libvirt UUID of the secret for the rbd images (string value)
 rbd_secret_uuid=<%= @rbd_secret_uuid %>
 <% end -%>
+
+[keystone_authtoken]
+auth_uri = <%= @auth_uri %>
+auth_host = <%= @identity_admin_endpoint.host %>
+auth_port = <%= @identity_admin_endpoint.port %>
+auth_protocol = <%= @identity_admin_endpoint.scheme %>
+auth_version = <%= node["openstack"]["compute"]["api"]["auth"]["version"] %>
+admin_tenant_name = <%= node["openstack"]["compute"]["service_tenant_name"] %>
+admin_user = <%= node["openstack"]["compute"]["service_user"] %>
+admin_password = <%= @service_pass %>
+signing_dir = <%= node["openstack"]["compute"]["api"]["auth"]["cache_dir"] %>