Browse Source

Merge "use_cookbook-openstackclient/identity_v3"

Jenkins 2 years ago
parent
commit
3cc01d79ab

+ 3
- 0
Berksfile View File

@@ -6,3 +6,6 @@ cookbook 'openstack-identity',
6 6
   github: 'openstack/cookbook-openstack-identity'
7 7
 cookbook 'openstack-common',
8 8
   github: 'openstack/cookbook-openstack-common'
9
+cookbook "openstackclient",
10
+  github: "cloudbau/cookbook-openstackclient"
11
+

+ 1
- 0
README.md View File

@@ -35,6 +35,7 @@ The following cookbooks are dependencies:
35 35
 
36 36
 - 'openstack-common', '>= 14.0.0'
37 37
 - 'openstack-identity', '>= 14.0.0'
38
+- 'openstackclient', '>= 0.1.0'
38 39
 
39 40
 Attributes
40 41
 ==========

+ 3
- 3
attributes/default.rb View File

@@ -37,7 +37,7 @@ default['openstack']['bind_service']['all']['network']['port'] = 9696
37 37
 # config)
38 38
 default['openstack']['network']['syslog']['use'] = false
39 39
 # Name of the plugin to load
40
-default['openstack']['network']['identity-api']['auth']['version'] = 'v2.0'
40
+default['openstack']['network']['identity-api']['auth']['version'] = 'v3'
41 41
 # Set dbsync command timeout value
42 42
 default['openstack']['network']['dbsync_timeout'] = 3600
43 43
 # Specify policy.json remote filwe to import
@@ -261,7 +261,7 @@ default['openstack']['network']['platform'].tap do |platform|
261 261
       ''
262 262
   when 'debian'
263 263
     platform['neutron_packages'] =
264
-      %w(neutron-common python-pyparsing python-cliff)
264
+      %w(neutron-common)
265 265
     platform['neutron_client_packages'] =
266 266
       %w(python-neutronclient python-pyparsing)
267 267
     platform['neutron_dhcp_packages'] =
@@ -274,7 +274,7 @@ default['openstack']['network']['platform'].tap do |platform|
274 274
     platform['neutron_lbaas_packages'] =
275 275
       %w(python-neutron-lbaas neutron-lbaas-agent haproxy)
276 276
     platform['neutron_openvswitch_packages'] =
277
-      %w(openvswitch-switch openvswitch-datapath-dkms bridge-utils)
277
+      %w(openvswitch-switch bridge-utils)
278 278
     platform['neutron_openvswitch_build_packages'] =
279 279
       %w(
280 280
         build-essential pkg-config fakeroot

+ 9
- 5
attributes/neutron_conf.rb View File

@@ -19,16 +19,20 @@ default['openstack']['network']['conf'].tap do |conf|
19 19
   end
20 20
 
21 21
   # [keystone_authtoken] section
22
-  conf['keystone_authtoken']['auth_type'] = 'v2password'
22
+  conf['keystone_authtoken']['auth_type'] = 'v3password'
23 23
   conf['keystone_authtoken']['region_name'] = node['openstack']['region']
24 24
   conf['keystone_authtoken']['username'] = 'neutron'
25
-  conf['keystone_authtoken']['tenant_name'] = 'service'
26
-
25
+  conf['keystone_authtoken']['user_domain_name'] = 'Default'
26
+  conf['keystone_authtoken']['project_domain_name'] = 'Default'
27
+  conf['keystone_authtoken']['project_name'] = 'service'
28
+  conf['keystone_authtoken']['auth_version'] = 'v3'
27 29
   # [nova] section
28
-  conf['nova']['auth_type'] = 'v2password'
30
+  conf['nova']['auth_type'] = 'v3password'
29 31
   conf['nova']['region_name'] = node['openstack']['region']
30 32
   conf['nova']['username'] = 'nova'
31
-  conf['nova']['tenant_name'] = 'service'
33
+  conf['nova']['user_domain_name'] = 'Default'
34
+  conf['nova']['project_name'] = 'service'
35
+  conf['nova']['project_domain_name'] = 'Default'
32 36
 
33 37
   # [oslo_concurrency] section
34 38
   conf['oslo_concurrency']['lock_path'] = '/var/lib/neutron/lock'

+ 1
- 0
metadata.rb View File

@@ -15,3 +15,4 @@ end
15 15
 
16 16
 depends 'openstack-common', '>= 14.0.0'
17 17
 depends 'openstack-identity', '>= 14.0.0'
18
+depends 'openstackclient'

+ 1
- 5
recipes/default.rb View File

@@ -85,11 +85,7 @@ if node['openstack']['network']['conf']['DEFAULT']['rpc_backend'] == 'rabbit'
85 85
 end
86 86
 
87 87
 identity_public_endpoint = public_endpoint 'identity'
88
-auth_url =
89
-  auth_uri_transform(
90
-    identity_public_endpoint.to_s,
91
-    node['openstack']['network']['identity-api']['auth']['version']
92
-  )
88
+auth_url = identity_public_endpoint.to_s
93 89
 
94 90
 db_user = node['openstack']['db']['network']['username']
95 91
 db_pass = get_password 'db', 'neutron'

+ 59
- 47
recipes/identity_registration.rb View File

@@ -28,68 +28,80 @@ end
28 28
 
29 29
 identity_admin_endpoint = admin_endpoint 'identity'
30 30
 
31
-bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token'
32
-auth_uri = ::URI.decode identity_admin_endpoint.to_s
31
+auth_url = ::URI.decode identity_admin_endpoint.to_s
33 32
 
34
-admin_api_endpoint = admin_endpoint 'network'
35
-public_api_endpoint = public_endpoint 'network'
36
-internal_api_endpoint = internal_endpoint 'network'
33
+interfaces = {
34
+  public: { url: public_endpoint('network') },
35
+  internal: { url: internal_endpoint('network') },
36
+  admin: { url: admin_endpoint('network') }
37
+}
37 38
 
38 39
 service_pass = get_password 'service', 'openstack-network'
39 40
 service_tenant_name =
40
-  node['openstack']['network']['conf']['keystone_authtoken']['tenant_name']
41
+  node['openstack']['network']['conf']['keystone_authtoken']['project_name']
41 42
 
42 43
 service_user =
43 44
   node['openstack']['network']['conf']['keystone_authtoken']['username']
44 45
 service_role = node['openstack']['network']['service_role']
45
-
46
-openstack_identity_register 'Register Network API Service' do
47
-  auth_uri auth_uri
48
-  bootstrap_token bootstrap_token
49
-  service_name node['openstack']['network']['service_name']
50
-  service_type node['openstack']['network']['service_type']
51
-  service_description 'OpenStack Network Service'
52
-
53
-  action :create_service
46
+service_domain_name = node['openstack']['network']['conf']['keystone_authtoken']['user_domain_name']
47
+admin_user = node['openstack']['identity']['admin_user']
48
+admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
49
+admin_project = node['openstack']['identity']['admin_project']
50
+admin_domain = node['openstack']['identity']['admin_domain_name']
51
+region = node['openstack']['region']
52
+
53
+# Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927),
54
+# See discussions on https://bugs.launchpad.net/heat/+bug/1167927
55
+
56
+connection_params = {
57
+  openstack_auth_url:     "#{auth_url}/auth/tokens",
58
+  openstack_username:     admin_user,
59
+  openstack_api_key:      admin_pass,
60
+  openstack_project_name: admin_project,
61
+  openstack_domain_name:    admin_domain
62
+}
63
+
64
+# Register Network Service
65
+openstack_service 'neutron' do
66
+  type 'network'
67
+  connection_params connection_params
54 68
 end
55 69
 
56
-openstack_identity_register 'Register Network Endpoint' do
57
-  auth_uri auth_uri
58
-  bootstrap_token bootstrap_token
59
-  service_type node['openstack']['network']['service_type']
60
-  endpoint_region node['openstack']['network']['region']
61
-  endpoint_adminurl admin_api_endpoint.to_s
62
-  endpoint_internalurl internal_api_endpoint.to_s
63
-  endpoint_publicurl public_api_endpoint.to_s
64
-
65
-  action :create_endpoint
70
+# Register Network Public-Endpoint
71
+interfaces.each do |interface, res|
72
+  # Register network Endpoints
73
+  openstack_endpoint 'network' do
74
+    service_name 'neutron'
75
+    interface interface.to_s
76
+    url res[:url].to_s
77
+    region region
78
+    connection_params connection_params
79
+  end
66 80
 end
67
-
68
-openstack_identity_register 'Register Service Tenant' do
69
-  auth_uri auth_uri
70
-  bootstrap_token bootstrap_token
71
-  tenant_name service_tenant_name
72
-  tenant_description 'Service Tenant'
73
-
74
-  action :create_tenant
81
+# Register Service Tenant
82
+openstack_project service_tenant_name do
83
+  connection_params connection_params
75 84
 end
76 85
 
77
-openstack_identity_register "Register #{service_user} User" do
78
-  auth_uri auth_uri
79
-  bootstrap_token bootstrap_token
80
-  tenant_name service_tenant_name
81
-  user_name service_user
82
-  user_pass service_pass
83
-
84
-  action :create_user
86
+# Register Service User
87
+openstack_user service_user do
88
+  project_name service_tenant_name
89
+  role_name service_role
90
+  password service_pass
91
+  connection_params connection_params
85 92
 end
86 93
 
87
-openstack_identity_register "Grant '#{service_role}' Role to #{service_user} User for #{service_tenant_name} Tenant" do
88
-  auth_uri auth_uri
89
-  bootstrap_token bootstrap_token
90
-  tenant_name service_tenant_name
91
-  user_name service_user
94
+## Grant Service role to Service User for Service Tenant ##
95
+openstack_user service_user do
92 96
   role_name service_role
93
-
97
+  project_name service_tenant_name
98
+  connection_params connection_params
94 99
   action :grant_role
95 100
 end
101
+
102
+openstack_user service_user do
103
+  domain_name service_domain_name
104
+  role_name service_role
105
+  connection_params connection_params
106
+  action :grant_domain
107
+end

+ 11
- 7
spec/default_spec.rb View File

@@ -15,7 +15,7 @@ describe 'openstack-network' do
15 15
       expect(chef_run).to include_recipe('openstack-network::client')
16 16
     end
17 17
 
18
-    %w(neutron-common python-pyparsing python-cliff python-mysqldb).each do |package|
18
+    %w(neutron-common python-pyparsing  python-mysqldb).each do |package|
19 19
       it do
20 20
         expect(chef_run).to upgrade_package(package)
21 21
       end
@@ -114,11 +114,13 @@ describe 'openstack-network' do
114 114
         end
115 115
       end
116 116
       [
117
-        /^tenant_name = service$/,
117
+        /^project_name = service$/,
118 118
         /^username = neutron$/,
119
-        %r{^auth_url = http://127\.0\.0\.1:5000/v2\.0$},
119
+        /^user_domain_name = Default/,
120
+        /^project_domain_name = Default/,
121
+        %r{^auth_url = http://127\.0\.0\.1:5000/v3$},
120 122
         /^password = neutron-pass$/,
121
-        /^auth_type = v2password$/
123
+        /^auth_type = v3password$/
122 124
       ].each do |line|
123 125
         it do
124 126
           expect(chef_run).to render_config_file(file.name)
@@ -127,10 +129,12 @@ describe 'openstack-network' do
127 129
       end
128 130
       [
129 131
         /^region_name = RegionOne$/,
130
-        /^auth_type = v2password$/,
131
-        %r{^auth_url = http://127\.0\.0\.1:5000/v2\.0$},
132
+        /^auth_type = v3password$/,
133
+        %r{^auth_url = http://127\.0\.0\.1:5000/v3$},
132 134
         /^username = nova$/,
133
-        /^tenant_name = service$/
135
+        /^user_domain_name = Default/,
136
+        /^project_domain_name = Default/,
137
+        /^project_name = service$/
134 138
       ].each do |line|
135 139
         it do
136 140
           expect(chef_run).to render_config_file(file.name)

+ 62
- 137
spec/identity_registration_spec.rb View File

@@ -13,160 +13,85 @@ describe 'openstack-network::identity_registration' do
13 13
 
14 14
     include_context 'neutron-stubs'
15 15
 
16
-    it 'registers network service' do
17
-      expect(chef_run).to create_service_openstack_identity_register(
18
-        'Register Network API Service'
16
+    connection_params = {
17
+      openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
18
+      openstack_username: 'admin',
19
+      openstack_api_key: 'admin-pass',
20
+      openstack_project_name: 'admin',
21
+      openstack_domain_name: 'default'
22
+    }
23
+    service_name = 'neutron'
24
+    service_type = 'network'
25
+    service_user = 'neutron'
26
+    url = 'http://127.0.0.1:9696'
27
+    region = 'RegionOne'
28
+    project_name = 'service'
29
+    role_name = 'admin'
30
+    password = 'neutron-pass'
31
+    domain_name = 'Default'
32
+
33
+    it "registers #{project_name} Project" do
34
+      expect(chef_run).to create_openstack_project(
35
+        project_name
19 36
       ).with(
20
-        auth_uri: 'http://127.0.0.1:35357/v2.0',
21
-        bootstrap_token: 'bootstrap-token',
22
-        service_type: 'network',
23
-        service_description: 'OpenStack Network Service'
37
+        connection_params: connection_params
24 38
       )
25 39
     end
26 40
 
27
-    context 'registers network endpoint' do
28
-      it 'with default values' do
29
-        expect(chef_run).to create_endpoint_openstack_identity_register(
30
-          'Register Network Endpoint'
31
-        ).with(
32
-          auth_uri: 'http://127.0.0.1:35357/v2.0',
33
-          bootstrap_token: 'bootstrap-token',
34
-          service_type: 'network',
35
-          endpoint_region: 'RegionOne',
36
-          endpoint_adminurl: 'http://127.0.0.1:9696',
37
-          endpoint_internalurl: 'http://127.0.0.1:9696',
38
-          endpoint_publicurl: 'http://127.0.0.1:9696'
39
-        )
40
-      end
41
-
42
-      it 'with different admin url values' do
43
-        admin_url = 'https://admin.host:123/admin_path'
44
-        general_url = 'http://general.host:456/general_path'
45
-
46
-        # Set the general endpoint
47
-        node.set['openstack']['endpoints']['internal']['network']['uri'] = general_url
48
-        node.set['openstack']['endpoints']['public']['network']['uri'] = general_url
49
-        # Set the admin endpoint override
50
-        node.set['openstack']['endpoints']['admin']['network']['uri'] = admin_url
51
-        expect(chef_run).to create_endpoint_openstack_identity_register(
52
-          'Register Network Endpoint'
53
-        ).with(
54
-          auth_uri: 'http://127.0.0.1:35357/v2.0',
55
-          bootstrap_token: 'bootstrap-token',
56
-          service_type: 'network',
57
-          endpoint_region: 'RegionOne',
58
-          endpoint_adminurl: admin_url,
59
-          endpoint_internalurl: general_url,
60
-          endpoint_publicurl: general_url
61
-        )
62
-      end
63
-
64
-      it 'with different public url values' do
65
-        public_url = 'https://public.host:789/public_path'
66
-        general_url = 'http://general.host:456/general_path'
67
-
68
-        # Set the general endpoint
69
-        node.set['openstack']['endpoints']['internal']['network']['uri'] = general_url
70
-        # Set the public endpoint override
71
-        node.set['openstack']['endpoints']['public']['network']['uri'] = public_url
72
-        node.set['openstack']['endpoints']['admin']['network']['uri'] = general_url
73
-        expect(chef_run).to create_endpoint_openstack_identity_register(
74
-          'Register Network Endpoint'
75
-        ).with(
76
-          auth_uri: 'http://127.0.0.1:35357/v2.0',
77
-          bootstrap_token: 'bootstrap-token',
78
-          service_type: 'network',
79
-          endpoint_region: 'RegionOne',
80
-          endpoint_adminurl: general_url,
81
-          endpoint_internalurl: general_url,
82
-          endpoint_publicurl: public_url
83
-        )
84
-      end
85
-
86
-      it 'with different internal url values' do
87
-        internal_url = 'http://internal.host:456/internal_path'
88
-        general_url = 'http://general.host:456/general_path'
89
-
90
-        # Set the general endpoint
91
-        node.set['openstack']['endpoints']['admin']['network']['uri'] = general_url
92
-        # Set the internal endpoint override
93
-        node.set['openstack']['endpoints']['internal']['network']['uri'] = internal_url
94
-        node.set['openstack']['endpoints']['public']['network']['uri'] = general_url
95
-        expect(chef_run).to create_endpoint_openstack_identity_register(
96
-          'Register Network Endpoint'
97
-        ).with(
98
-          auth_uri: 'http://127.0.0.1:35357/v2.0',
99
-          bootstrap_token: 'bootstrap-token',
100
-          service_type: 'network',
101
-          endpoint_region: 'RegionOne',
102
-          endpoint_adminurl: general_url,
103
-          endpoint_internalurl: internal_url,
104
-          endpoint_publicurl: general_url
105
-        )
106
-      end
107
-
108
-      it 'with different internal,public, and admin url values' do
109
-        admin_url = 'https://admin.host:123/admin_path'
110
-        internal_url = 'http://internal.host:456/internal_path'
111
-        public_url = 'https://public.host:789/public_path'
112
-
113
-        node.set['openstack']['endpoints']['internal']['network']['uri'] = internal_url
114
-        node.set['openstack']['endpoints']['public']['network']['uri'] = public_url
115
-        node.set['openstack']['endpoints']['admin']['network']['uri'] = admin_url
116
-
117
-        expect(chef_run).to create_endpoint_openstack_identity_register(
118
-          'Register Network Endpoint'
119
-        ).with(
120
-          auth_uri: 'http://127.0.0.1:35357/v2.0',
121
-          bootstrap_token: 'bootstrap-token',
122
-          service_type: 'network',
123
-          endpoint_region: 'RegionOne',
124
-          endpoint_adminurl: admin_url,
125
-          endpoint_internalurl: internal_url,
126
-          endpoint_publicurl: public_url
127
-        )
128
-      end
129
-      it 'with custom region override' do
130
-        node.set['openstack']['network']['region'] = 'netRegion'
41
+    it "registers #{service_name} service" do
42
+      expect(chef_run).to create_openstack_service(
43
+        service_name
44
+      ).with(
45
+        connection_params: connection_params,
46
+        type: service_type
47
+      )
48
+    end
131 49
 
132
-        expect(chef_run).to create_endpoint_openstack_identity_register(
133
-          'Register Network Endpoint'
134
-        ).with(endpoint_region: 'netRegion')
50
+    context "registers #{service_name} endpoint" do
51
+      %w(admin internal public).each do |interface|
52
+        it "#{interface} endpoint with default values" do
53
+          expect(chef_run).to create_openstack_endpoint(
54
+            service_type
55
+          ).with(
56
+            service_name: service_name,
57
+            # interface: interface,
58
+            url: url,
59
+            region: region,
60
+            connection_params: connection_params
61
+          )
62
+        end
135 63
       end
136 64
     end
137 65
 
138
-    it 'registers service tenant' do
139
-      expect(chef_run).to create_tenant_openstack_identity_register(
140
-        'Register Service Tenant'
66
+    it 'registers service user' do
67
+      expect(chef_run).to create_openstack_user(
68
+        service_user
141 69
       ).with(
142
-        auth_uri: 'http://127.0.0.1:35357/v2.0',
143
-        bootstrap_token: 'bootstrap-token',
144
-        tenant_name: 'service',
145
-        tenant_description: 'Service Tenant'
70
+        project_name: project_name,
71
+        role_name: role_name,
72
+        password: password,
73
+        connection_params: connection_params
146 74
       )
147 75
     end
148 76
 
149
-    it 'registers service user' do
150
-      expect(chef_run).to create_user_openstack_identity_register(
151
-        'Register neutron User'
77
+    it do
78
+      expect(chef_run).to grant_domain_openstack_user(
79
+        service_user
152 80
       ).with(
153
-        auth_uri: 'http://127.0.0.1:35357/v2.0',
154
-        bootstrap_token: 'bootstrap-token',
155
-        tenant_name: 'service',
156
-        user_name: 'neutron',
157
-        user_pass: 'neutron-pass'
81
+        domain_name: domain_name,
82
+        role_name: role_name,
83
+        connection_params: connection_params
158 84
       )
159 85
     end
160 86
 
161
-    it 'grants admin role to service user for service tenant' do
162
-      expect(chef_run).to grant_role_openstack_identity_register(
163
-        "Grant 'admin' Role to neutron User for service Tenant"
87
+    it do
88
+      expect(chef_run).to grant_role_openstack_user(
89
+        service_user
164 90
       ).with(
165
-        auth_uri: 'http://127.0.0.1:35357/v2.0',
166
-        bootstrap_token: 'bootstrap-token',
167
-        tenant_name: 'service',
168
-        role_name: 'admin',
169
-        user_name: 'neutron'
91
+        project_name: project_name,
92
+        role_name: role_name,
93
+        password: password,
94
+        connection_params: connection_params
170 95
       )
171 96
     end
172 97
   end

+ 0
- 4
spec/openvswitch_spec.rb View File

@@ -13,10 +13,6 @@ describe 'openstack-network::openvswitch' do
13 13
       expect(chef_run).to upgrade_package 'openvswitch-switch'
14 14
     end
15 15
 
16
-    it 'upgrades openvswitch datapath dkms' do
17
-      expect(chef_run).to upgrade_package 'openvswitch-datapath-dkms'
18
-    end
19
-
20 16
     it 'upgrades linux bridge utils' do
21 17
       expect(chef_run).to upgrade_package 'bridge-utils'
22 18
     end

+ 3
- 0
spec/spec_helper.rb View File

@@ -45,6 +45,9 @@ shared_context 'neutron-stubs' do
45 45
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
46 46
       .with('service', 'openstack-compute')
47 47
       .and_return('nova-pass')
48
+    allow_any_instance_of(Chef::Recipe).to receive(:get_password)
49
+      .with('user', 'admin')
50
+      .and_return('admin-pass')
48 51
   end
49 52
   shared_examples 'custom template banner displayer' do
50 53
     it 'shows the custom banner' do

Loading…
Cancel
Save