Changed cookbook name to openstack-identity
Changed the cookbook to opentack-identity. This involved changing many attribute and lwrp references. Also, corrected tests to use the new cookbook name and attributes. All tests are passing. Change-Id: Idcc49431c9c9327066deaed520ceb82b86db3ea8
This commit is contained in:
John Dewey
parent
ad613679fa
commit
9665817131
@ -1,4 +1,4 @@
|
||||
metadata
|
||||
|
||||
cookbook "openstack-common",
|
||||
git: "git@github.com:att-cloud/cookbook-openstack-common.git"
|
||||
git: "git://github.com/stackforge/cookbook-openstack-common.git"
|
||||
|
||||
1
Gemfile
1
Gemfile
@ -4,4 +4,3 @@ gem "chef", "~> 10.18.2"
|
||||
gem "berkshelf", "~> 1.4.0"
|
||||
gem "chefspec", "~> 1.0.0"
|
||||
gem "foodcritic", "~> 2.1.0"
|
||||
gem "webmock", "~> 1.11.0"
|
||||
|
||||
@ -56,7 +56,6 @@ GEM
|
||||
multi_json (>= 1.3.0)
|
||||
ci_reporter (1.8.4)
|
||||
builder (>= 2.1.2)
|
||||
crack (0.3.2)
|
||||
diff-lcs (1.2.4)
|
||||
erubis (2.7.0)
|
||||
faraday (0.8.7)
|
||||
@ -154,9 +153,6 @@ GEM
|
||||
polyglot
|
||||
polyglot (>= 0.3.1)
|
||||
uuidtools (2.1.4)
|
||||
webmock (1.11.0)
|
||||
addressable (>= 2.2.7)
|
||||
crack (>= 0.3.2)
|
||||
yajl-ruby (1.1.0)
|
||||
|
||||
PLATFORMS
|
||||
@ -167,4 +163,3 @@ DEPENDENCIES
|
||||
chef (~> 10.18.2)
|
||||
chefspec (~> 1.0.0)
|
||||
foodcritic (~> 2.1.0)
|
||||
webmock (~> 1.11.0)
|
||||
|
||||
54
README.md
54
README.md
@ -31,7 +31,7 @@ Configures database for use with keystone
|
||||
|
||||
```json
|
||||
"run_list": [
|
||||
"recipe[keystone::db]"
|
||||
"recipe[openstack-identity::db]"
|
||||
]
|
||||
```
|
||||
|
||||
@ -42,7 +42,7 @@ Installs and Configures Keystone Service
|
||||
|
||||
```json
|
||||
"run_list": [
|
||||
"recipe[keystone::server]"
|
||||
"recipe[openstack-identity::server]"
|
||||
]
|
||||
```
|
||||
|
||||
@ -122,7 +122,7 @@ Register users, tenants, roles, services and endpoints with Keystone
|
||||
### Examples
|
||||
|
||||
# Create 'openstack' tenant
|
||||
keystone_register "Register 'openstack' Tenant" do
|
||||
openstack_identity_register "Register 'openstack' Tenant" do
|
||||
auth_host "192.168.1.10"
|
||||
auth_port "35357"
|
||||
auth_protocol "http"
|
||||
@ -135,7 +135,7 @@ Register users, tenants, roles, services and endpoints with Keystone
|
||||
end
|
||||
|
||||
# Create 'admin' user
|
||||
keystone_register "Register 'admin' User" do
|
||||
openstack_identity_register "Register 'admin' User" do
|
||||
auth_host "192.168.1.10"
|
||||
auth_port "35357"
|
||||
auth_protocol "http"
|
||||
@ -149,7 +149,7 @@ Register users, tenants, roles, services and endpoints with Keystone
|
||||
end
|
||||
|
||||
# Create 'admin' role
|
||||
keystone_register "Register 'admin' Role" do
|
||||
openstack_identity_register "Register 'admin' Role" do
|
||||
auth_host "192.168.1.10"
|
||||
auth_port "35357"
|
||||
auth_protocol "http"
|
||||
@ -161,7 +161,7 @@ Register users, tenants, roles, services and endpoints with Keystone
|
||||
|
||||
|
||||
# Grant 'admin' role to 'admin' user in the 'openstack' tenant
|
||||
keystone_register "Grant 'admin' Role to 'admin' User" do
|
||||
openstack_identity_register "Grant 'admin' Role to 'admin' User" do
|
||||
auth_host "192.168.1.10"
|
||||
auth_port "35357"
|
||||
auth_protocol "http"
|
||||
@ -174,7 +174,7 @@ Register users, tenants, roles, services and endpoints with Keystone
|
||||
end
|
||||
|
||||
# Create 'identity' service
|
||||
keystone_register "Register Identity Service" do
|
||||
openstack_identity_register "Register Identity Service" do
|
||||
auth_host "192.168.1.10"
|
||||
auth_port "35357"
|
||||
auth_protocol "http"
|
||||
@ -187,7 +187,7 @@ Register users, tenants, roles, services and endpoints with Keystone
|
||||
end
|
||||
|
||||
# Create 'identity' endpoint
|
||||
keystone_register "Register Identity Endpoint" do
|
||||
openstack_identity_register "Register Identity Endpoint" do
|
||||
auth_host "192.168.1.10"
|
||||
auth_port "35357"
|
||||
auth_protocol "http"
|
||||
@ -226,7 +226,7 @@ Create EC2 credentials for a given user in the specified tenant
|
||||
|
||||
### Examples
|
||||
|
||||
keystone_credentials "Create EC2 credentials for 'admin' user" do
|
||||
openstack_identity_credentials "Create EC2 credentials for 'admin' user" do
|
||||
auth_host "192.168.1.10"
|
||||
auth_port "35357"
|
||||
auth_protocol "http"
|
||||
@ -239,24 +239,24 @@ Create EC2 credentials for a given user in the specified tenant
|
||||
Attributes
|
||||
==========
|
||||
|
||||
* `keystone["db_server_chef_role"]` - The name of the Chef role that knows about the db server
|
||||
* `keystone["bind_interface"]` - Interface to bind keystone to
|
||||
* `keystone["service_port"]` - Port to listen on for client functions
|
||||
* `keystone["admin_port"]` - Port to listen on for admin functions
|
||||
* `keystone["user"]` - User keystone runs as
|
||||
* `keystone["group"]` - Group keystone runs as
|
||||
* `keystone["db"]` - Name of keystone database
|
||||
* `keystone["db_user"]` - Username for keystone database access
|
||||
* `keystone["db_passwd"]` - Password for keystone database access
|
||||
* `keystone["db_ipaddress"]` - IP address of the keystone database
|
||||
* `keystone["api_ipaddress"]` - IP address for the keystone API to bind to. _TODO_: Rename to bind_address
|
||||
* `keystone["verbose"]` - Enables/disables verbose output for keystone API server
|
||||
* `keystone["debug"]` - Enables/disables debug output for keystone API server
|
||||
* `keystone["service_port"]` - Port for the keystone service API to bind to
|
||||
* `keystone["admin_port"]` - Port for the keystone admin service to bind to
|
||||
* `keystone["admin_token"]` - Admin token for bootstraping keystone server
|
||||
* `keystone["roles"]` - Array of roles to create in the keystone server
|
||||
* `keystone["users"]` - Array of users to create in the keystone server
|
||||
* `openstack-identity["db_server_chef_role"]` - The name of the Chef role that knows about the db server
|
||||
* `openstack-identity["bind_interface"]` - Interface to bind keystone to
|
||||
* `openstack-identity["service_port"]` - Port to listen on for client functions
|
||||
* `openstack-identity["admin_port"]` - Port to listen on for admin functions
|
||||
* `openstack-identity["user"]` - User keystone runs as
|
||||
* `openstack-identity["group"]` - Group keystone runs as
|
||||
* `openstack-identity["db"]` - Name of keystone database
|
||||
* `openstack-identity["db_user"]` - Username for keystone database access
|
||||
* `openstack-identity["db_passwd"]` - Password for keystone database access
|
||||
* `openstack-identity["db_ipaddress"]` - IP address of the keystone database
|
||||
* `openstack-identity["api_ipaddress"]` - IP address for the keystone API to bind to. _TODO_: Rename to bind_address
|
||||
* `openstack-identity["verbose"]` - Enables/disables verbose output for keystone API server
|
||||
* `openstack-identity["debug"]` - Enables/disables debug output for keystone API server
|
||||
* `openstack-identity["service_port"]` - Port for the keystone service API to bind to
|
||||
* `openstack-identity["admin_port"]` - Port for the keystone admin service to bind to
|
||||
* `openstack-identity["admin_token"]` - Admin token for bootstraping keystone server
|
||||
* `openstack-identity["roles"]` - Array of roles to create in the keystone server
|
||||
* `openstack-identity["users"]` - Array of users to create in the keystone server
|
||||
|
||||
Testing
|
||||
=====
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Cookbook Name:: keystone
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Recipe:: default
|
||||
#
|
||||
# Copyright 2012-2013, AT&T Services, Inc.
|
||||
@ -19,7 +19,7 @@
|
||||
|
||||
# Set to some text value if you want templated config files
|
||||
# to contain a custom banner at the top of the written file
|
||||
default["keystone"]["custom_template_banner"] = "
|
||||
default["openstack-identity"]["custom_template_banner"] = "
|
||||
# This file autogenerated by Chef
|
||||
# Do not edit, changes will be overwritten
|
||||
"
|
||||
@ -29,36 +29,36 @@ default["keystone"]["custom_template_banner"] = "
|
||||
default["credentials"]["EC2"]["admin"]["access"] = ""
|
||||
default["credentials"]["EC2"]["admin"]["secret"] = ""
|
||||
|
||||
default["keystone"]["db"]["username"] = "keystone"
|
||||
default["openstack-identity"]["db"]["username"] = "keystone"
|
||||
|
||||
default["keystone"]["verbose"] = "False"
|
||||
default["keystone"]["debug"] = "False"
|
||||
default["openstack-identity"]["verbose"] = "False"
|
||||
default["openstack-identity"]["debug"] = "False"
|
||||
|
||||
default["keystone"]["service_port"] = "5000"
|
||||
default["keystone"]["admin_port"] = "35357"
|
||||
default['keystone']['user'] = "keystone"
|
||||
default['keystone']['group'] = "keystone"
|
||||
default["keystone"]["region"] = "RegionOne"
|
||||
default["openstack-identity"]["service_port"] = "5000"
|
||||
default["openstack-identity"]["admin_port"] = "35357"
|
||||
default["openstack-identity"]["user"] = "keystone"
|
||||
default["openstack-identity"]["group"] = "keystone"
|
||||
default["openstack-identity"]["region"] = "RegionOne"
|
||||
|
||||
default["keystone"]["bind_interface"] = "lo"
|
||||
default["openstack-identity"]["bind_interface"] = "lo"
|
||||
|
||||
# Logging stuff
|
||||
default["keystone"]["syslog"]["use"] = false
|
||||
default["keystone"]["syslog"]["facility"] = "LOG_LOCAL2"
|
||||
default["keystone"]["syslog"]["config_facility"] = "local2"
|
||||
default["openstack-identity"]["syslog"]["use"] = false
|
||||
default["openstack-identity"]["syslog"]["facility"] = "LOG_LOCAL2"
|
||||
default["openstack-identity"]["syslog"]["config_facility"] = "local2"
|
||||
|
||||
# default["keystone"]["roles"] = [ "admin", "Member", "KeystoneAdmin", "KeystoneServiceAdmin", "sysadmin", "netadmin" ]
|
||||
default["keystone"]["roles"] = [ "admin", "Member", "KeystoneAdmin", "KeystoneServiceAdmin" ]
|
||||
# default["openstack-identity"]["roles"] = [ "admin", "Member", "KeystoneAdmin", "KeystoneServiceAdmin", "sysadmin", "netadmin" ]
|
||||
default["openstack-identity"]["roles"] = [ "admin", "Member", "KeystoneAdmin", "KeystoneServiceAdmin" ]
|
||||
|
||||
#TODO(shep): this should probably be derived from keystone.users hash keys
|
||||
default["keystone"]["tenants"] = [ "admin", "service"]
|
||||
default["openstack-identity"]["tenants"] = [ "admin", "service"]
|
||||
|
||||
default["keystone"]["admin_user"] = "admin"
|
||||
default["keystone"]["admin_tenant_name"] = "admin"
|
||||
default["openstack-identity"]["admin_user"] = "admin"
|
||||
default["openstack-identity"]["admin_tenant_name"] = "admin"
|
||||
|
||||
default["keystone"]["users"] = {
|
||||
default["keystone"]["admin_user"] => {
|
||||
"default_tenant" => default["keystone"]["admin_tenant_name"],
|
||||
default["openstack-identity"]["users"] = {
|
||||
default["openstack-identity"]["admin_user"] => {
|
||||
"default_tenant" => default["openstack-identity"]["admin_tenant_name"],
|
||||
"roles" => {
|
||||
"admin" => [ "admin" ],
|
||||
"KeystoneAdmin" => [ "admin" ],
|
||||
@ -76,23 +76,23 @@ default["keystone"]["users"] = {
|
||||
|
||||
# PKI signing. Corresponds to the [signing] section of keystone.conf
|
||||
# Note this section is only written if node["openstack"]["auth"]["straegy"] == "pki"
|
||||
default["keystone"]["signing"]["basedir"] = "/etc/keystone/ssl"
|
||||
default["keystone"]["signing"]["certfile"] = "/etc/keystone/ssl/certs/signing_cert.pem"
|
||||
default["keystone"]["signing"]["keyfile"] = "/etc/keystone/ssl/private/signing_key.pem"
|
||||
default["keystone"]["signing"]["ca_certs"] = "/etc/keystone/ssl/certs/ca.pem"
|
||||
default["keystone"]["signing"]["key_size"] = "1024"
|
||||
default["keystone"]["signing"]["valid_days"] = "3650"
|
||||
default["keystone"]["signing"]["ca_password"] = nil
|
||||
default["openstack-identity"]["signing"]["basedir"] = "/etc/keystone/ssl"
|
||||
default["openstack-identity"]["signing"]["certfile"] = "/etc/keystone/ssl/certs/signing_cert.pem"
|
||||
default["openstack-identity"]["signing"]["keyfile"] = "/etc/keystone/ssl/private/signing_key.pem"
|
||||
default["openstack-identity"]["signing"]["ca_certs"] = "/etc/keystone/ssl/certs/ca.pem"
|
||||
default["openstack-identity"]["signing"]["key_size"] = "1024"
|
||||
default["openstack-identity"]["signing"]["valid_days"] = "3650"
|
||||
default["openstack-identity"]["signing"]["ca_password"] = nil
|
||||
|
||||
# These switches set the various drivers for the different Keystone components
|
||||
default['keystone']['identity']['backend'] = 'sql'
|
||||
default['keystone']['token']['backend'] = 'sql'
|
||||
default['keystone']['catalog']['backend'] = 'sql'
|
||||
default["openstack-identity"]["identity"]["backend"] = "sql"
|
||||
default["openstack-identity"]["token"]["backend"] = "sql"
|
||||
default["openstack-identity"]["catalog"]["backend"] = "sql"
|
||||
|
||||
# platform defaults
|
||||
case platform
|
||||
when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this
|
||||
default["keystone"]["platform"] = {
|
||||
default["openstack-identity"]["platform"] = {
|
||||
"mysql_python_packages" => [ "MySQL-python" ],
|
||||
"memcache_python_packages" => [ "python-memcached" ],
|
||||
"keystone_packages" => [ "openstack-keystone" ],
|
||||
@ -101,7 +101,7 @@ when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this
|
||||
"package_options" => ""
|
||||
}
|
||||
when "ubuntu"
|
||||
default["keystone"]["platform"] = {
|
||||
default["openstack-identity"]["platform"] = {
|
||||
"mysql_python_packages" => [ "python-mysqldb" ],
|
||||
"memcache_python_packages" => [ "python-memcache" ],
|
||||
"keystone_packages" => [ "keystone" ],
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
name "keystone"
|
||||
name "openstack-identity"
|
||||
maintainer "Opscode, Inc."
|
||||
maintainer_email "matt@opscode.com"
|
||||
license "Apache 2.0"
|
||||
@ -6,9 +6,9 @@ description "The OpenStack Identity service Keystone."
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version "2012.2.1"
|
||||
|
||||
recipe "keystone::db", "Configures database for use with keystone"
|
||||
recipe "keystone::server", "Installs and Configures Keystone Service"
|
||||
recipe "keystone::registration", "Adds user, tenant, role and endpoint records to Keystone"
|
||||
recipe "openstack-identity::db", "Configures database for use with keystone"
|
||||
recipe "openstack-identity::server", "Installs and Configures Keystone Service"
|
||||
recipe "openstack-identity::registration", "Adds user, tenant, role and endpoint records to Keystone"
|
||||
|
||||
%w{ ubuntu fedora redhat centos }.each do |os|
|
||||
supports os
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Cookbook Name:: keystone
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Provider:: credentials
|
||||
#
|
||||
# Copyright 2012, Rackspace US, Inc.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Cookbook Name:: keystone
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Provider:: register
|
||||
#
|
||||
# Copyright 2012, Rackspace US, Inc.
|
||||
@ -21,7 +21,7 @@
|
||||
require "uri"
|
||||
|
||||
action :create_service do
|
||||
if node['keystone']['catalog']['backend'] == 'templated'
|
||||
if node["openstack-identity"]["catalog"]["backend"] == "templated"
|
||||
Chef::Log.info("Skipping service creation - templated catalog backend in use.")
|
||||
new_resource.updated_by_last_action(false)
|
||||
else
|
||||
@ -61,7 +61,7 @@ end
|
||||
|
||||
|
||||
action :create_endpoint do
|
||||
if node['keystone']['catalog']['backend'] == 'templated'
|
||||
if node["openstack-identity"]["catalog"]["backend"] == "templated"
|
||||
Chef::Log.info("Skipping endpoint creation - templated catalog backend in use.")
|
||||
new_resource.updated_by_last_action(false)
|
||||
else
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Cookbook Name:: keystone
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Recipe:: db
|
||||
#
|
||||
# Copyright 2012-2013, AT&T Services, Inc.
|
||||
@ -30,7 +30,7 @@ include_recipe "mysql::client"
|
||||
include_recipe "mysql::ruby"
|
||||
|
||||
db_pass = db_password "keystone"
|
||||
db_user = node["keystone"]["db"]["username"]
|
||||
db_user = node["openstack-identity"]["db"]["username"]
|
||||
|
||||
db_create_with_user("identity",
|
||||
db_user,
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Cookbook Name:: keystone
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Recipe:: default
|
||||
#
|
||||
# Copyright 2012-2013, AT&T Services, Inc.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Cookbook Name:: keystone
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Recipe:: setup
|
||||
#
|
||||
# Copyright 2012, Rackspace US, Inc.
|
||||
@ -27,9 +27,9 @@ end
|
||||
identity_admin_endpoint = endpoint "identity-admin"
|
||||
identity_endpoint = endpoint "identity-api"
|
||||
|
||||
admin_tenant_name = node["keystone"]["admin_tenant_name"]
|
||||
admin_user = node["keystone"]["admin_user"]
|
||||
admin_pass = user_password node["keystone"]["admin_user"]
|
||||
admin_tenant_name = node["openstack-identity"]["admin_tenant_name"]
|
||||
admin_user = node["openstack-identity"]["admin_user"]
|
||||
admin_pass = user_password node["openstack-identity"]["admin_user"]
|
||||
auth_uri = ::URI.decode identity_admin_endpoint.to_s
|
||||
|
||||
bootstrap_token = secret "secrets", "keystone_bootstrap_token"
|
||||
@ -75,9 +75,9 @@ exit 0
|
||||
EOF
|
||||
end
|
||||
|
||||
node["keystone"]["tenants"].each do |tenant_name|
|
||||
node["openstack-identity"]["tenants"].each do |tenant_name|
|
||||
## Add openstack tenant ##
|
||||
keystone_register "Register '#{tenant_name}' Tenant" do
|
||||
openstack_identity_register "Register '#{tenant_name}' Tenant" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
tenant_name tenant_name
|
||||
@ -88,8 +88,8 @@ node["keystone"]["tenants"].each do |tenant_name|
|
||||
end
|
||||
end
|
||||
|
||||
node["keystone"]["roles"].each do |role_key|
|
||||
keystone_register "Register '#{role_key.to_s}' Role" do
|
||||
node["openstack-identity"]["roles"].each do |role_key|
|
||||
openstack_identity_register "Register '#{role_key.to_s}' Role" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
role_name role_key
|
||||
@ -98,8 +98,8 @@ node["keystone"]["roles"].each do |role_key|
|
||||
end
|
||||
end
|
||||
|
||||
node["keystone"]["users"].each do |username, user_info|
|
||||
keystone_register "Register '#{username}' User" do
|
||||
node["openstack-identity"]["users"].each do |username, user_info|
|
||||
openstack_identity_register "Register '#{username}' User" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
user_name username
|
||||
@ -112,7 +112,7 @@ node["keystone"]["users"].each do |username, user_info|
|
||||
|
||||
user_info["roles"].each do |rolename, tenant_list|
|
||||
tenant_list.each do |tenantname|
|
||||
keystone_register "Grant '#{rolename}' Role to '#{username}' User in '#{tenantname}' Tenant" do
|
||||
openstack_identity_register "Grant '#{rolename}' Role to '#{username}' User in '#{tenantname}' Tenant" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
user_name username
|
||||
@ -125,7 +125,7 @@ node["keystone"]["users"].each do |username, user_info|
|
||||
end
|
||||
end
|
||||
|
||||
keystone_register "Register Identity Service" do
|
||||
openstack_identity_register "Register Identity Service" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
service_name "keystone"
|
||||
@ -135,32 +135,31 @@ keystone_register "Register Identity Service" do
|
||||
action :create_service
|
||||
end
|
||||
|
||||
node.set["keystone"]["adminURL"] = identity_admin_endpoint.to_s
|
||||
node.set["keystone"]["internalURL"] = identity_endpoint.to_s
|
||||
node.set["keystone"]["publicURL"] = identity_endpoint.to_s
|
||||
node.set["openstack-identity"]["adminURL"] = identity_admin_endpoint.to_s
|
||||
node.set["openstack-identity"]["internalURL"] = identity_endpoint.to_s
|
||||
node.set["openstack-identity"]["publicURL"] = identity_endpoint.to_s
|
||||
|
||||
Chef::Log.info "Keystone AdminURL: #{identity_admin_endpoint.to_s}"
|
||||
Chef::Log.info "Keystone InternalURL: #{identity_endpoint.to_s}"
|
||||
Chef::Log.info "Keystone PublicURL: #{identity_endpoint.to_s}"
|
||||
|
||||
keystone_register "Register Identity Endpoint" do
|
||||
openstack_identity_register "Register Identity Endpoint" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
service_type "identity"
|
||||
endpoint_region node["keystone"]["region"]
|
||||
endpoint_adminurl node["keystone"]["adminURL"]
|
||||
endpoint_internalurl node["keystone"]["adminURL"]
|
||||
endpoint_publicurl node["keystone"]["publicURL"]
|
||||
endpoint_region node["openstack-identity"]["region"]
|
||||
endpoint_adminurl node["openstack-identity"]["adminURL"]
|
||||
endpoint_internalurl node["openstack-identity"]["adminURL"]
|
||||
endpoint_publicurl node["openstack-identity"]["publicURL"]
|
||||
|
||||
action :create_endpoint
|
||||
end
|
||||
|
||||
node["keystone"]["users"].each do |username, user_info|
|
||||
keystone_credentials "Create EC2 credentials for '#{username}' user" do
|
||||
node["openstack-identity"]["users"].each do |username, user_info|
|
||||
openstack_identity_credentials "Create EC2 credentials for '#{username}' user" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
user_name username
|
||||
tenant_name user_info["default_tenant"]
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Cookbook Name:: keystone
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Recipe:: server
|
||||
#
|
||||
# Copyright 2012, Rackspace US, Inc.
|
||||
@ -24,11 +24,11 @@ class ::Chef::Recipe
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
if node["keystone"]["syslog"]["use"]
|
||||
if node["openstack-identity"]["syslog"]["use"]
|
||||
include_recipe "openstack-common::logging"
|
||||
end
|
||||
|
||||
platform_options = node["keystone"]["platform"]
|
||||
platform_options = node["openstack-identity"]["platform"]
|
||||
|
||||
##### NOTE #####
|
||||
# https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/931236
|
||||
@ -70,14 +70,14 @@ service "keystone" do
|
||||
end
|
||||
|
||||
directory "/etc/keystone" do
|
||||
owner node['keystone']['user']
|
||||
group node['keystone']['group']
|
||||
owner node["openstack-identity"]["user"]
|
||||
group node["openstack-identity"]["group"]
|
||||
mode 00700
|
||||
end
|
||||
|
||||
directory node["keystone"]["signing"]["basedir"] do
|
||||
owner node['keystone']['user']
|
||||
group node['keystone']['group']
|
||||
directory node["openstack-identity"]["signing"]["basedir"] do
|
||||
owner node["openstack-identity"]["user"]
|
||||
group node["openstack-identity"]["group"]
|
||||
mode 00700
|
||||
|
||||
only_if { node["openstack"]["auth"]["strategy"] == "pki" }
|
||||
@ -88,10 +88,10 @@ file "/var/lib/keystone/keystone.db" do
|
||||
end
|
||||
|
||||
execute "keystone-manage pki_setup" do
|
||||
user node["keystone"]["user"]
|
||||
user node["openstack-identity"]["user"]
|
||||
|
||||
only_if { node["openstack"]["auth"]["strategy"] == "pki" }
|
||||
not_if { ::FileTest.exists? node["keystone"]["signing"]["keyfile"] }
|
||||
not_if { ::FileTest.exists? node["openstack-identity"]["signing"]["keyfile"] }
|
||||
end
|
||||
|
||||
identity_admin_endpoint = endpoint "identity-admin"
|
||||
@ -101,13 +101,13 @@ ec2_endpoint = endpoint "compute-ec2-api"
|
||||
image_endpoint = endpoint "image-api"
|
||||
volume_endpoint = endpoint "volume-api"
|
||||
|
||||
db_user = node["keystone"]["db"]["username"]
|
||||
db_user = node["openstack-identity"]["db"]["username"]
|
||||
db_pass = db_password "keystone"
|
||||
sql_connection = db_uri("identity", db_user, db_pass)
|
||||
|
||||
bootstrap_token = secret "secrets", "keystone_bootstrap_token"
|
||||
|
||||
ip_address = node["network"]["ipaddress_#{node["keystone"]["bind_interface"]}"]
|
||||
ip_address = node["network"]["ipaddress_#{node["openstack-identity"]["bind_interface"]}"]
|
||||
|
||||
# If the search role is set, we search for memcache
|
||||
# servers via a Chef search. If not, we look at the
|
||||
@ -116,8 +116,8 @@ memcache_servers = memcached_servers.join "," # from openstack-common lib
|
||||
|
||||
template "/etc/keystone/keystone.conf" do
|
||||
source "keystone.conf.erb"
|
||||
owner node["keystone"]["user"]
|
||||
group node["keystone"]["group"]
|
||||
owner node["openstack-identity"]["user"]
|
||||
group node["openstack-identity"]["group"]
|
||||
mode 00644
|
||||
variables(
|
||||
:sql_connection => sql_connection,
|
||||
@ -140,15 +140,15 @@ uris = {
|
||||
|
||||
template "/etc/keystone/default_catalog.templates" do
|
||||
source "default_catalog.templates.erb"
|
||||
owner node["keystone"]["user"]
|
||||
group node["keystone"]["group"]
|
||||
owner node["openstack-identity"]["user"]
|
||||
group node["openstack-identity"]["group"]
|
||||
mode 00644
|
||||
variables(
|
||||
"uris" => uris
|
||||
)
|
||||
|
||||
notifies :restart, "service[keystone]", :immediately
|
||||
only_if { node['keystone']['catalog']['backend'] == 'templated' }
|
||||
only_if { node["openstack-identity"]["catalog"]["backend"] == "templated" }
|
||||
end
|
||||
|
||||
# sync db after keystone.conf is generated
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Cookbook Name:: keystone
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Resource:: credentials
|
||||
#
|
||||
# Copyright 2012, Rackspace US, Inc.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Cookbook Name:: keystone
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Resource:: register
|
||||
#
|
||||
# Copyright 2012, Rackspace US, Inc.
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
require "spec_helper"
|
||||
|
||||
describe "keystone::db" do
|
||||
describe "openstack-identity::db" do
|
||||
it "installs mysql packages" do
|
||||
@chef_run = converge
|
||||
|
||||
@ -19,6 +19,6 @@ describe "keystone::db" do
|
||||
::Chef::Recipe.any_instance.stub(:db_password).with("keystone").
|
||||
and_return "test-pass"
|
||||
|
||||
::ChefSpec::ChefRunner.new(::UBUNTU_OPTS).converge "keystone::db"
|
||||
::ChefSpec::ChefRunner.new(::UBUNTU_OPTS).converge "openstack-identity::db"
|
||||
end
|
||||
end
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
require "spec_helper"
|
||||
|
||||
describe "keystone::default" do
|
||||
describe "openstack-identity::default" do
|
||||
end
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
require "spec_helper"
|
||||
|
||||
describe "keystone::server" do
|
||||
describe "openstack-identity::server" do
|
||||
describe "redhat" do
|
||||
before do
|
||||
keystone_stubs
|
||||
@chef_run = ::ChefSpec::ChefRunner.new ::REDHAT_OPTS
|
||||
@chef_run.converge "keystone::server"
|
||||
@chef_run.converge "openstack-identity::server"
|
||||
end
|
||||
|
||||
it "installs mysql python packages" do
|
||||
|
||||
@ -1,14 +1,14 @@
|
||||
require "spec_helper"
|
||||
|
||||
describe "keystone::server" do
|
||||
describe "openstack-identity::server" do
|
||||
describe "ubuntu" do
|
||||
before do
|
||||
keystone_stubs
|
||||
@chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS
|
||||
@node = @chef_run.node
|
||||
@node.set["keystone"]["syslog"]["use"] = true
|
||||
@node.set["openstack-identity"]["syslog"]["use"] = true
|
||||
@node.set["network"]["ipaddress_lo"] = "10.10.10.10"
|
||||
@chef_run.converge "keystone::server"
|
||||
@chef_run.converge "openstack-identity::server"
|
||||
end
|
||||
|
||||
it "runs logging recipe if node attributes say to" do
|
||||
@ -17,7 +17,7 @@ describe "keystone::server" do
|
||||
|
||||
it "doesn't run logging recipe" do
|
||||
chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS
|
||||
chef_run.converge "keystone::server"
|
||||
chef_run.converge "openstack-identity::server"
|
||||
|
||||
expect(chef_run).not_to include_recipe "openstack-common::logging"
|
||||
end
|
||||
|
||||
@ -1,5 +1,4 @@
|
||||
require "chefspec"
|
||||
require "webmock/rspec"
|
||||
|
||||
::LOG_LEVEL = :fatal
|
||||
::REDHAT_OPTS = {
|
||||
@ -13,6 +12,7 @@ require "webmock/rspec"
|
||||
}
|
||||
|
||||
def keystone_stubs
|
||||
::Chef::Recipe.any_instance.stub(:memcached_servers).and_return []
|
||||
::Chef::Recipe.any_instance.stub(:db_password).and_return String.new
|
||||
::Chef::Recipe.any_instance.stub(:secret).and_return String.new
|
||||
end
|
||||
|
||||
@ -1,24 +1,24 @@
|
||||
catalog.<%= node['keystone']['region'] %>.identity.publicURL = <%= @uris['identity'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.identity.adminURL = <%= @uris['identity-admin'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.identity.internalURL = <%= @uris['identity'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.identity.name = Identity Service
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.identity.publicURL = <%= @uris["identity"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.identity.adminURL = <%= @uris["identity-admin"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.identity.internalURL = <%= @uris["identity"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.identity.name = Identity Service
|
||||
|
||||
catalog.<%= node['keystone']['region'] %>.compute.publicURL = <%= @uris['compute'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.compute.adminURL = <%= @uris['compute'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.compute.internalURL = <%= @uris['compute'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.compute.name = Compute Service
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.compute.publicURL = <%= @uris["compute"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.compute.adminURL = <%= @uris["compute"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.compute.internalURL = <%= @uris["compute"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.compute.name = Compute Service
|
||||
|
||||
catalog.<%= node['keystone']['region'] %>.volume.publicURL = <%= @uris['volume'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.volume.adminURL = <%= @uris['volume'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.volume.internalURL = <%= @uris['volume'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.volume.name = Volume Service
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.volume.publicURL = <%= @uris["volume"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.volume.adminURL = <%= @uris["volume"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.volume.internalURL = <%= @uris["volume"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.volume.name = Volume Service
|
||||
|
||||
catalog.<%= node['keystone']['region'] %>.ec2.publicURL = <%= @uris['ec2'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.ec2.adminURL = <%= @uris['ec2'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.ec2.internalURL = <%= @uris['ec2'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.ec2.name = EC2 Service
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.ec2.publicURL = <%= @uris["ec2"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.ec2.adminURL = <%= @uris["ec2"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.ec2.internalURL = <%= @uris["ec2"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.ec2.name = EC2 Service
|
||||
|
||||
catalog.<%= node['keystone']['region'] %>.image.publicURL = <%= @uris['image'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.image.adminURL = <%= @uris['image'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.image.internalURL = <%= @uris['image'].to_s %>
|
||||
catalog.<%= node['keystone']['region'] %>.image.name = Image Service
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.image.publicURL = <%= @uris["image"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.image.adminURL = <%= @uris["image"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.image.internalURL = <%= @uris["image"].to_s %>
|
||||
catalog.<%= node["openstack-identity"]["region"] %>.image.name = Image Service
|
||||
|
||||
@ -1,14 +1,14 @@
|
||||
<%= node["keystone"]["custom_template_banner"] %>
|
||||
<%= node["openstack-identity"]["custom_template_banner"] %>
|
||||
|
||||
[DEFAULT]
|
||||
public_port = <%= node["keystone"]["service_port"] %>
|
||||
admin_port = <%= node["keystone"]["admin_port"] %>
|
||||
public_port = <%= node["openstack-identity"]["service_port"] %>
|
||||
admin_port = <%= node["openstack-identity"]["admin_port"] %>
|
||||
admin_token = <%= @bootstrap_token %>
|
||||
bind_host = <%= @ip_address %>
|
||||
compute_port = 8774
|
||||
verbose = <%= node["keystone"]["verbose"] %>
|
||||
debug = <%= node["keystone"]["debug"] %>
|
||||
<% if node["keystone"]["syslog"]["use"] %>
|
||||
verbose = <%= node["openstack-identity"]["verbose"] %>
|
||||
debug = <%= node["openstack-identity"]["debug"] %>
|
||||
<% if node["openstack-identity"]["syslog"]["use"] %>
|
||||
log_config = /etc/openstack/logging.conf
|
||||
<% else %>
|
||||
log_file = /var/log/keystone/keystone.log
|
||||
@ -37,19 +37,19 @@ pool_timeout = 200
|
||||
#suffix = cn=example,cn=com
|
||||
|
||||
[identity]
|
||||
driver = keystone.identity.backends.<%= node['keystone']['identity']['backend'] %>.Identity
|
||||
driver = keystone.identity.backends.<%= node["openstack-identity"]["identity"]["backend"] %>.Identity
|
||||
|
||||
[catalog]
|
||||
<% if node['keystone']['catalog']['backend'] == 'templated' -%>
|
||||
<% if node["openstack-identity"]["catalog"]["backend"] == "templated" -%>
|
||||
# templated driver uses different class name :(
|
||||
driver = keystone.catalog.backends.templated.TemplatedCatalog
|
||||
<% else -%>
|
||||
driver = keystone.catalog.backends.<%= node['keystone']['catalog']['backend'] %>.Catalog
|
||||
driver = keystone.catalog.backends.<%= node["openstack-identity"]["catalog"]["backend"] %>.Catalog
|
||||
<% end -%>
|
||||
template_file = /etc/keystone/default_catalog.templates
|
||||
|
||||
[token]
|
||||
driver = keystone.token.backends.<%= node['keystone']['token']['backend'] %>.Token
|
||||
driver = keystone.token.backends.<%= node["openstack-identity"]["token"]["backend"] %>.Token
|
||||
|
||||
# Amount of time a token should remain valid (in seconds)
|
||||
expiration = 86400
|
||||
@ -63,12 +63,12 @@ driver = keystone.contrib.ec2.backends.sql.Ec2
|
||||
[signing]
|
||||
<% if node["openstack"]["auth"]["strategy"] == "pki" -%>
|
||||
token_format = PKI
|
||||
certfile = <%= node["keystone"]["signing"]["certfile"] %>
|
||||
keyfile = <%= node["keystone"]["signing"]["keyfile"] %>
|
||||
ca_certs = <%= node["keystone"]["signing"]["ca_certs"] %>
|
||||
key_size = <%= node["keystone"]["signing"]["key_size"] %>
|
||||
valid_days = <%= node["keystone"]["signing"]["valid_days"] %>
|
||||
ca_password = <%= node["keystone"]["signing"]["ca_password"] %>
|
||||
certfile = <%= node["openstack-identity"]["signing"]["certfile"] %>
|
||||
keyfile = <%= node["openstack-identity"]["signing"]["keyfile"] %>
|
||||
ca_certs = <%= node["openstack-identity"]["signing"]["ca_certs"] %>
|
||||
key_size = <%= node["openstack-identity"]["signing"]["key_size"] %>
|
||||
valid_days = <%= node["openstack-identity"]["signing"]["valid_days"] %>
|
||||
ca_password = <%= node["openstack-identity"]["signing"]["ca_password"] %>
|
||||
<% else -%>
|
||||
token_format = UUID
|
||||
<% end -%>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user