Merge "Add ability to specify IP for service"

README.md

@@ -233,7 +233,6 @@ Attributes
 ==========
 
 * `openstack['identity']['db_server_chef_role']` - The name of the Chef role that knows about the db server
-* `openstack['identity']['bind_interface']` - Interface to bind keystone to
 * `openstack['identity']['service_port']` - Port to listen on for client functions
 * `openstack['identity']['admin_port']` - Port to listen on for admin functions
 * `openstack['identity']['user']` - User keystone runs as
@@ -255,6 +254,16 @@ TODO: Add DB2 support on other platforms
 * `openstack['identity']['token']['expiration']` - Token validity time in seconds
 * `openstack['identity']['catalog']['backend']` - Storage mechanism for the keystone service catalog
 
+The following attributes are defined in attributes/default.rb of the common cookbook, but are documented here due to their relevance:
+
+* `openstack['endpoints']['identity-bind']['host']` - The IP address to bind the identity services to
+* `openstack['endpoints']['identity-bind']['scheme']` - Unused
+* `openstack['endpoints']['identity-bind']['port']` - Unused
+* `openstack['endpoints']['identity-bind']['path']` - Unused
+* `openstack['endpoints']['identity-bind']['bind_interface']` - The interface name to bind the identity services to
+
+If the value of the 'bind_interface' attribute is non-nil, then the identity service will be bound to the first IP address on that interface.  If the value of the 'bind_interface' attribute is nil, then the identity service will be bound to the IP address specified in the host attribute.
+
 Testing
 =====
 

attributes/default.rb

@@ -40,10 +40,6 @@ default['openstack']['identity']['admin_port'] = '35357'
 default['openstack']['identity']['region'] = node['openstack']['region']
 default['openstack']['identity']['token']['expiration'] = '86400'
 
-# If set, the keystone service will bind to the address on this interface,
-# otherwise it will bind to the API endpoint's host.
-default['openstack']['identity']['bind_interface'] = nil
-
 # Logging stuff
 default['openstack']['identity']['syslog']['use'] = false
 default['openstack']['identity']['syslog']['facility'] = 'LOG_LOCAL2'

recipes/server.rb

@@ -97,6 +97,7 @@ execute 'keystone-manage pki_setup' do
   not_if { ::FileTest.exists? node['openstack']['identity']['signing']['keyfile'] }
 end
 
+bind_endpoint = endpoint 'identity-bind'
 identity_admin_endpoint = endpoint 'identity-admin'
 identity_endpoint = endpoint 'identity-api'
 compute_endpoint = endpoint 'compute-api'
@@ -111,11 +112,7 @@ sql_connection = db_uri('identity', db_user, db_pass)
 
 bootstrap_token = secret 'secrets', 'openstack_identity_bootstrap_token'
 
-if node['openstack']['identity']['bind_interface'].nil?
+bind_address = bind_endpoint.host
-  bind_address = identity_endpoint.host
-else
-  bind_address = address_for node['openstack']['identity']['bind_interface']
-end
 
 # If the search role is set, we search for memcache
 # servers via a Chef search. If not, we look at the

spec/server_spec.rb

@@ -8,6 +8,9 @@ describe 'openstack-identity::server' do
     let(:runner) { ChefSpec::Runner.new(UBUNTU_OPTS) }
     let(:node) { runner.node }
     let(:chef_run) do
+      node.set_unless['openstack']['endpoints']['identity-bind'] = {
+        'host' => '127.0.1.1'
+      }
       node.set_unless['openstack']['endpoints']['identity-api'] = {
         'host' => '127.0.1.1',
         'port' => '5000',
@@ -188,9 +191,8 @@ describe 'openstack-identity::server' do
 
         describe 'bind_interface is eth0' do
           before do
-            node.set['openstack']['identity']['bind_interface'] = 'eth0'
+            node.set['openstack']['endpoints']['identity-bind']['bind_interface'] = 'eth0'
             ::Chef::Recipe.any_instance.stub(:address_for)
-              .with('eth0')
               .and_return('10.0.0.2')
           end