Add a cloud_config recipe
Using a cloud config file when accessing a cloud is the modern variant of setting lots of environment variables, so we add a new recipe that produces a cloud config matching what we are deploying. Clean up the old openrc template a bit. Change-Id: I8574d9f4299be5b2a374140b461ef48e9e80ae6b
This commit is contained in:
parent
df72871ac8
commit
f2902385ef
@ -128,7 +128,7 @@ default['openstack']['identity']['conf']['credential']['key_repository'] =
|
||||
'/etc/keystone/credential-tokens'
|
||||
|
||||
# configuration directory for keystone domain specific options
|
||||
default['openstack']['identity']['identity']['domain_config_dir'] = '/etc/keystone/domains'
|
||||
default['openstack']['identity']['domain_config_dir'] = '/etc/keystone/domains'
|
||||
|
||||
# keystone service user name
|
||||
default['openstack']['identity']['user'] = 'keystone'
|
||||
@ -160,15 +160,17 @@ end
|
||||
# array of bare options for openrc (e.g. 'option=value')
|
||||
default['openstack']['misc_openrc'] = nil
|
||||
|
||||
# openrc path
|
||||
default['openstack']['openrc']['path'] = '/root'
|
||||
# openrc path mode
|
||||
default['openstack']['openrc']['path_mode'] = '0700'
|
||||
%w(openrc cloud_config).each do |file_type|
|
||||
default['openstack']['identity'][file_type]['path'] = '/root'
|
||||
default['openstack']['identity'][file_type]['path_mode'] = '0700'
|
||||
default['openstack']['identity'][file_type]['file_mode'] = '0600'
|
||||
default['openstack']['identity'][file_type]['user'] = 'root'
|
||||
default['openstack']['identity'][file_type]['group'] = 'root'
|
||||
end
|
||||
|
||||
# openrc file name
|
||||
default['openstack']['openrc']['file'] = 'openrc'
|
||||
# openrc file mode
|
||||
default['openstack']['openrc']['file_mode'] = '0600'
|
||||
# openrc file owner
|
||||
default['openstack']['openrc']['user'] = 'root'
|
||||
# openrc file group
|
||||
default['openstack']['openrc']['group'] = 'root'
|
||||
default['openstack']['identity']['openrc']['file'] = 'openrc'
|
||||
# cloud_config file name
|
||||
default['openstack']['identity']['cloud_config']['file'] = 'clouds.yaml'
|
||||
# cloud_config cloud name
|
||||
default['openstack']['identity']['cloud_config']['cloud_name'] = 'default'
|
||||
|
61
recipes/cloud_config.rb
Normal file
61
recipes/cloud_config.rb
Normal file
@ -0,0 +1,61 @@
|
||||
# encoding: UTF-8
|
||||
#
|
||||
# Cookbook Name:: openstack-identity
|
||||
# recipe:: cloud_config
|
||||
#
|
||||
# Copyright 2019 x-ion GmbH
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# This recipe creates a fully usable cloud config file to be used directly
|
||||
# by the openstack client or sdk.
|
||||
|
||||
class ::Chef::Recipe
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
ksadmin_project = node['openstack']['identity']['admin_project']
|
||||
project_domain_name = node['openstack']['identity']['admin_project_domain']
|
||||
ksadmin_user = node['openstack']['identity']['admin_user']
|
||||
admin_domain_name = node['openstack']['identity']['admin_domain_name']
|
||||
|
||||
ksadmin_pass = get_password 'user', ksadmin_user
|
||||
|
||||
identity_endpoint = public_endpoint 'identity'
|
||||
auth_url = ::URI.decode identity_endpoint.to_s
|
||||
|
||||
cloud_config = node['openstack']['identity']['cloud_config']
|
||||
|
||||
directory cloud_config['path'] do
|
||||
owner cloud_config['user']
|
||||
group cloud_config['group']
|
||||
mode cloud_config['path_mode']
|
||||
recursive true
|
||||
end
|
||||
|
||||
template "#{cloud_config['path']}/#{cloud_config['file']}" do
|
||||
source 'cloud_config.erb'
|
||||
owner cloud_config['user']
|
||||
group cloud_config['group']
|
||||
mode cloud_config['file_mode']
|
||||
sensitive true
|
||||
variables(
|
||||
cloud_name: cloud_config['cloud_name'],
|
||||
user: ksadmin_user,
|
||||
user_domain_name: admin_domain_name,
|
||||
project: ksadmin_project,
|
||||
project_domain_name: project_domain_name,
|
||||
password: ksadmin_pass,
|
||||
identity_endpoint: auth_url
|
||||
)
|
||||
end
|
@ -34,25 +34,26 @@ ksadmin_pass = get_password 'user', ksadmin_user
|
||||
identity_endpoint = public_endpoint 'identity'
|
||||
auth_url = ::URI.decode identity_endpoint.to_s
|
||||
|
||||
directory node['openstack']['openrc']['path'] do
|
||||
owner node['openstack']['openrc']['user']
|
||||
group node['openstack']['openrc']['group']
|
||||
mode node['openstack']['openrc']['path_mode']
|
||||
openrc_config = node['openstack']['identity']['openrc']
|
||||
|
||||
directory openrc_config['path'] do
|
||||
owner openrc_config['user']
|
||||
group openrc_config['group']
|
||||
mode openrc_config['path_mode']
|
||||
recursive true
|
||||
end
|
||||
|
||||
template "#{node['openstack']['openrc']['path']}/#{node['openstack']['openrc']['file']}" do
|
||||
template "#{openrc_config['path']}/#{openrc_config['file']}" do
|
||||
source 'openrc.erb'
|
||||
owner node['openstack']['openrc']['user']
|
||||
group node['openstack']['openrc']['group']
|
||||
mode node['openstack']['openrc']['file_mode']
|
||||
owner openrc_config['user']
|
||||
group openrc_config['group']
|
||||
mode openrc_config['file_mode']
|
||||
sensitive true
|
||||
variables(
|
||||
user: ksadmin_user,
|
||||
user_domain_name: admin_domain_name,
|
||||
project: ksadmin_project,
|
||||
project_domain_name: project_domain_name,
|
||||
api_version: '3',
|
||||
password: ksadmin_pass,
|
||||
identity_endpoint: auth_url
|
||||
)
|
||||
|
@ -117,11 +117,11 @@ directory '/etc/keystone' do
|
||||
end
|
||||
|
||||
# create keystone domain config dir if needed
|
||||
directory node['openstack']['identity']['identity']['domain_config_dir'] do
|
||||
directory node['openstack']['identity']['domain_config_dir'] do
|
||||
owner keystone_user
|
||||
group keystone_group
|
||||
mode 0o0700
|
||||
only_if { node['openstack']['identity']['identity']['domain_specific_drivers_enabled'] }
|
||||
only_if { node['openstack']['identity']['domain_specific_drivers_enabled'] }
|
||||
end
|
||||
|
||||
# delete the keystone.db sqlite file if another db backend is used
|
||||
|
@ -76,7 +76,7 @@ describe 'openstack-identity::server-apache' do
|
||||
end
|
||||
|
||||
it 'creates /etc/keystone/domains when domain_specific_drivers_enabled enabled' do
|
||||
node.override['openstack']['identity']['identity']['domain_specific_drivers_enabled'] = true
|
||||
node.override['openstack']['identity']['domain_specific_drivers_enabled'] = true
|
||||
expect(chef_run).to create_directory(dir).with(
|
||||
user: 'keystone',
|
||||
group: 'keystone',
|
||||
|
11
templates/default/cloud_config.erb
Normal file
11
templates/default/cloud_config.erb
Normal file
@ -0,0 +1,11 @@
|
||||
clouds:
|
||||
<%= @cloud_name %>:
|
||||
auth:
|
||||
username: <%= @user %>
|
||||
user_domain_name: <%= @user_domain_name %>
|
||||
password: <%= @password %>
|
||||
project_name: <%= @project %>
|
||||
project_domain_name: <%= @project_domain_name %>
|
||||
auth_url: <%= @identity_endpoint %>
|
||||
identity_api_version: 3
|
||||
region_name: <%= node['openstack']['region'] %>
|
@ -6,7 +6,7 @@ export OS_USER_DOMAIN_NAME=<%= @user_domain_name %>
|
||||
export OS_PASSWORD=<%= @password %>
|
||||
export OS_PROJECT_NAME=<%= @project %>
|
||||
export OS_PROJECT_DOMAIN_NAME=<%= @project_domain_name %>
|
||||
export OS_IDENTITY_API_VERSION=<%= @api_version %>
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
export OS_AUTH_URL=<%= @identity_endpoint %>
|
||||
export OS_REGION_NAME=<%= node['openstack']['region'] %>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user