Add ability to specify IP for service
The problem that this change addresses is that the address_for method will not work correctly if there are multiple IP address associated with the specified interface. The approach to solving this problem and moving towards the overall goal of having one place where service networking information is stored is to convert address_for calls into endpoints, and add a address() method to the endpoints interface for IP address resolution. The address() method has the following behavior: if the bind_interface of an endpoint is set, then the IP is looked up on the interface. Otherwise, the IP specified in the host attribute is returned. This allows the caller to choose either method of determining what IP a service will be bound to. This change switches the identity cookbook to use an endpoint for binding instead of address_for. This change is dependent on the follow change which adds the endpoint to common: https://review.openstack.org/#/c/79387/ blueprint increase-ip-binding-flexibility Change-Id: Ibccc187c5b04e78468d289d175407007451a4b2b
This commit is contained in:
Chris Dearborn
11
README.md
11
README.md
@@ -231,7 +231,6 @@ Attributes
|
||||
==========
|
||||
|
||||
* `openstack['identity']['db_server_chef_role']` - The name of the Chef role that knows about the db server
|
||||
* `openstack['identity']['bind_interface']` - Interface to bind keystone to
|
||||
* `openstack['identity']['service_port']` - Port to listen on for client functions
|
||||
* `openstack['identity']['admin_port']` - Port to listen on for admin functions
|
||||
* `openstack['identity']['user']` - User keystone runs as
|
||||
@@ -252,6 +251,16 @@ TODO: Add DB2 support on other platforms
|
||||
* `openstack['identity']['platform']['db2_python_packages']` - Array of DB2 python packages, only available on redhat platform
|
||||
* `openstack['identity']['token']['expiration']` - Token validity time in seconds
|
||||
|
||||
The following attributes are defined in attributes/default.rb of the common cookbook, but are documented here due to their relevance:
|
||||
|
||||
* `openstack['endpoints']['identity-bind']['host']` - The IP address to bind the identity services to
|
||||
* `openstack['endpoints']['identity-bind']['scheme']` - Unused
|
||||
* `openstack['endpoints']['identity-bind']['port']` - Unused
|
||||
* `openstack['endpoints']['identity-bind']['path']` - Unused
|
||||
* `openstack['endpoints']['identity-bind']['bind_interface']` - The interface name to bind the identity services to
|
||||
|
||||
If the value of the 'bind_interface' attribute is non-nil, then the identity service will be bound to the first IP address on that interface. If the value of the 'bind_interface' attribute is nil, then the identity service will be bound to the IP address specified in the host attribute.
|
||||
|
||||
Testing
|
||||
=====
|
||||
|
||||
|
||||
@@ -40,10 +40,6 @@ default['openstack']['identity']['admin_port'] = '35357'
|
||||
default['openstack']['identity']['region'] = node['openstack']['region']
|
||||
default['openstack']['identity']['token']['expiration'] = '86400'
|
||||
|
||||
# If set, the keystone service will bind to the address on this interface,
|
||||
# otherwise it will bind to the API endpoint's host.
|
||||
default['openstack']['identity']['bind_interface'] = nil
|
||||
|
||||
# Logging stuff
|
||||
default['openstack']['identity']['syslog']['use'] = false
|
||||
default['openstack']['identity']['syslog']['facility'] = 'LOG_LOCAL2'
|
||||
|
||||
@@ -97,6 +97,7 @@ execute 'keystone-manage pki_setup' do
|
||||
not_if { ::FileTest.exists? node['openstack']['identity']['signing']['keyfile'] }
|
||||
end
|
||||
|
||||
bind_endpoint = endpoint 'identity-bind'
|
||||
identity_admin_endpoint = endpoint 'identity-admin'
|
||||
identity_endpoint = endpoint 'identity-api'
|
||||
compute_endpoint = endpoint 'compute-api'
|
||||
@@ -111,11 +112,7 @@ sql_connection = db_uri('identity', db_user, db_pass)
|
||||
|
||||
bootstrap_token = secret 'secrets', 'openstack_identity_bootstrap_token'
|
||||
|
||||
if node['openstack']['identity']['bind_interface'].nil?
|
||||
bind_address = identity_endpoint.host
|
||||
else
|
||||
bind_address = address_for node['openstack']['identity']['bind_interface']
|
||||
end
|
||||
bind_address = bind_endpoint.host
|
||||
|
||||
# If the search role is set, we search for memcache
|
||||
# servers via a Chef search. If not, we look at the
|
||||
|
||||
@@ -8,6 +8,9 @@ describe 'openstack-identity::server' do
|
||||
let(:runner) { ChefSpec::Runner.new(UBUNTU_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
let(:chef_run) do
|
||||
node.set_unless['openstack']['endpoints']['identity-bind'] = {
|
||||
'host' => '127.0.1.1'
|
||||
}
|
||||
node.set_unless['openstack']['endpoints']['identity-api'] = {
|
||||
'host' => '127.0.1.1',
|
||||
'port' => '5000',
|
||||
@@ -188,9 +191,8 @@ describe 'openstack-identity::server' do
|
||||
|
||||
describe 'bind_interface is eth0' do
|
||||
before do
|
||||
node.set['openstack']['identity']['bind_interface'] = 'eth0'
|
||||
node.set['openstack']['endpoints']['identity-bind']['bind_interface'] = 'eth0'
|
||||
::Chef::Recipe.any_instance.stub(:address_for)
|
||||
.with('eth0')
|
||||
.and_return('10.0.0.2')
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user