From e94c69b56cae3198c17d95fb5f4b702c2a2096eb Mon Sep 17 00:00:00 2001 From: Matt Odden Date: Fri, 7 Feb 2014 02:19:52 +0000 Subject: [PATCH] Change bind address to use Identity endpoint host Allow the bind interface address to take precendence, but default to binding to the host attribute of the Identity API endpoint. This brings the identity cookbook into conformance with the other cookbooks regarding the service interface binding. Closes-Bug: 1277266 Change-Id: I9634e2a359a6ce52b694859a7e84a57638bad5be --- attributes/default.rb | 5 ++++- recipes/server.rb | 8 ++++++-- spec/server_spec.rb | 22 +++++++++++++++++++--- spec/spec_helper.rb | 3 --- templates/default/keystone.conf.erb | 2 +- 5 files changed, 30 insertions(+), 10 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index 4842dbe..b358352 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -38,9 +38,12 @@ default['openstack']['identity']['debug'] = 'False' default['openstack']['identity']['service_port'] = '5000' default['openstack']['identity']['admin_port'] = '35357' default['openstack']['identity']['region'] = 'RegionOne' -default['openstack']['identity']['bind_interface'] = 'lo' default['openstack']['identity']['token']['expiration'] = '86400' +# If set, the keystone service will bind to the address on this interface, +# otherwise it will bind to the API endpoint's host. +default['openstack']['identity']['bind_interface'] = nil + # Logging stuff default['openstack']['identity']['syslog']['use'] = false default['openstack']['identity']['syslog']['facility'] = 'LOG_LOCAL2' diff --git a/recipes/server.rb b/recipes/server.rb index 1f3f8bc..f200cff 100644 --- a/recipes/server.rb +++ b/recipes/server.rb @@ -111,7 +111,11 @@ sql_connection = db_uri('identity', db_user, db_pass) bootstrap_token = secret 'secrets', 'openstack_identity_bootstrap_token' -ip_address = address_for node['openstack']['identity']['bind_interface'] +if node['openstack']['identity']['bind_interface'].nil? + bind_address = identity_endpoint.host +else + bind_address = address_for node['openstack']['identity']['bind_interface'] +end # If the search role is set, we search for memcache # servers via a Chef search. If not, we look at the @@ -143,7 +147,7 @@ template '/etc/keystone/keystone.conf' do mode 00644 variables( sql_connection: sql_connection, - ip_address: ip_address, + bind_address: bind_address, bootstrap_token: bootstrap_token, memcache_servers: memcache_servers, uris: uris, diff --git a/spec/server_spec.rb b/spec/server_spec.rb index fe397f7..c03f66b 100644 --- a/spec/server_spec.rb +++ b/spec/server_spec.rb @@ -179,9 +179,25 @@ describe 'openstack-identity::server' do expect(chef_run).to render_file(path).with_content(r) end - it 'has bind host' do - r = line_regexp('bind_host = 127.0.1.1') - expect(chef_run).to render_file(path).with_content(r) + describe 'bind_interface is nil' do + it 'has bind host from endpoint' do + r = line_regexp('bind_host = 127.0.1.1') + expect(chef_run).to render_file(path).with_content(r) + end + end + + describe 'bind_interface is eth0' do + before do + node.set['openstack']['identity']['bind_interface'] = 'eth0' + ::Chef::Recipe.any_instance.stub(:address_for) + .with('eth0') + .and_return('10.0.0.2') + end + + it 'has bind host from interface ip' do + r = line_regexp('bind_host = 10.0.0.2') + expect(chef_run).to render_file(path).with_content(r) + end end describe 'port numbers' do diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 1093ecb..8066b06 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -35,9 +35,6 @@ end shared_context 'identity_stubs' do before do - ::Chef::Recipe.any_instance.stub(:address_for) - .with('lo') - .and_return('127.0.1.1') ::Chef::Recipe.any_instance.stub(:memcached_servers).and_return [] ::Chef::Recipe.any_instance.stub(:get_password) .with('db', anything) diff --git a/templates/default/keystone.conf.erb b/templates/default/keystone.conf.erb index 1ea377a..2e03816 100644 --- a/templates/default/keystone.conf.erb +++ b/templates/default/keystone.conf.erb @@ -4,7 +4,7 @@ public_port = <%= node["openstack"]["identity"]["service_port"] %> admin_port = <%= node["openstack"]["identity"]["admin_port"] %> admin_token = <%= @bootstrap_token %> -bind_host = <%= @ip_address %> +bind_host = <%= @bind_address %> compute_port = 8774 verbose = <%= node["openstack"]["identity"]["verbose"] %> debug = <%= node["openstack"]["identity"]["debug"] %>