Merge "use_cookbook-openstackclient/identity_v3"
This commit is contained in:
commit
3cc01d79ab
|
@ -6,3 +6,6 @@ cookbook 'openstack-identity',
|
|||
github: 'openstack/cookbook-openstack-identity'
|
||||
cookbook 'openstack-common',
|
||||
github: 'openstack/cookbook-openstack-common'
|
||||
cookbook "openstackclient",
|
||||
github: "cloudbau/cookbook-openstackclient"
|
||||
|
||||
|
|
|
@ -35,6 +35,7 @@ The following cookbooks are dependencies:
|
|||
|
||||
- 'openstack-common', '>= 14.0.0'
|
||||
- 'openstack-identity', '>= 14.0.0'
|
||||
- 'openstackclient', '>= 0.1.0'
|
||||
|
||||
Attributes
|
||||
==========
|
||||
|
|
|
@ -37,7 +37,7 @@ default['openstack']['bind_service']['all']['network']['port'] = 9696
|
|||
# config)
|
||||
default['openstack']['network']['syslog']['use'] = false
|
||||
# Name of the plugin to load
|
||||
default['openstack']['network']['identity-api']['auth']['version'] = 'v2.0'
|
||||
default['openstack']['network']['identity-api']['auth']['version'] = 'v3'
|
||||
# Set dbsync command timeout value
|
||||
default['openstack']['network']['dbsync_timeout'] = 3600
|
||||
# Specify policy.json remote filwe to import
|
||||
|
@ -261,7 +261,7 @@ default['openstack']['network']['platform'].tap do |platform|
|
|||
''
|
||||
when 'debian'
|
||||
platform['neutron_packages'] =
|
||||
%w(neutron-common python-pyparsing python-cliff)
|
||||
%w(neutron-common)
|
||||
platform['neutron_client_packages'] =
|
||||
%w(python-neutronclient python-pyparsing)
|
||||
platform['neutron_dhcp_packages'] =
|
||||
|
@ -274,7 +274,7 @@ default['openstack']['network']['platform'].tap do |platform|
|
|||
platform['neutron_lbaas_packages'] =
|
||||
%w(python-neutron-lbaas neutron-lbaas-agent haproxy)
|
||||
platform['neutron_openvswitch_packages'] =
|
||||
%w(openvswitch-switch openvswitch-datapath-dkms bridge-utils)
|
||||
%w(openvswitch-switch bridge-utils)
|
||||
platform['neutron_openvswitch_build_packages'] =
|
||||
%w(
|
||||
build-essential pkg-config fakeroot
|
||||
|
|
|
@ -19,16 +19,20 @@ default['openstack']['network']['conf'].tap do |conf|
|
|||
end
|
||||
|
||||
# [keystone_authtoken] section
|
||||
conf['keystone_authtoken']['auth_type'] = 'v2password'
|
||||
conf['keystone_authtoken']['auth_type'] = 'v3password'
|
||||
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
|
||||
conf['keystone_authtoken']['username'] = 'neutron'
|
||||
conf['keystone_authtoken']['tenant_name'] = 'service'
|
||||
|
||||
conf['keystone_authtoken']['user_domain_name'] = 'Default'
|
||||
conf['keystone_authtoken']['project_domain_name'] = 'Default'
|
||||
conf['keystone_authtoken']['project_name'] = 'service'
|
||||
conf['keystone_authtoken']['auth_version'] = 'v3'
|
||||
# [nova] section
|
||||
conf['nova']['auth_type'] = 'v2password'
|
||||
conf['nova']['auth_type'] = 'v3password'
|
||||
conf['nova']['region_name'] = node['openstack']['region']
|
||||
conf['nova']['username'] = 'nova'
|
||||
conf['nova']['tenant_name'] = 'service'
|
||||
conf['nova']['user_domain_name'] = 'Default'
|
||||
conf['nova']['project_name'] = 'service'
|
||||
conf['nova']['project_domain_name'] = 'Default'
|
||||
|
||||
# [oslo_concurrency] section
|
||||
conf['oslo_concurrency']['lock_path'] = '/var/lib/neutron/lock'
|
||||
|
|
|
@ -15,3 +15,4 @@ end
|
|||
|
||||
depends 'openstack-common', '>= 14.0.0'
|
||||
depends 'openstack-identity', '>= 14.0.0'
|
||||
depends 'openstackclient'
|
||||
|
|
|
@ -85,11 +85,7 @@ if node['openstack']['network']['conf']['DEFAULT']['rpc_backend'] == 'rabbit'
|
|||
end
|
||||
|
||||
identity_public_endpoint = public_endpoint 'identity'
|
||||
auth_url =
|
||||
auth_uri_transform(
|
||||
identity_public_endpoint.to_s,
|
||||
node['openstack']['network']['identity-api']['auth']['version']
|
||||
)
|
||||
auth_url = identity_public_endpoint.to_s
|
||||
|
||||
db_user = node['openstack']['db']['network']['username']
|
||||
db_pass = get_password 'db', 'neutron'
|
||||
|
|
|
@ -28,68 +28,80 @@ end
|
|||
|
||||
identity_admin_endpoint = admin_endpoint 'identity'
|
||||
|
||||
bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token'
|
||||
auth_uri = ::URI.decode identity_admin_endpoint.to_s
|
||||
auth_url = ::URI.decode identity_admin_endpoint.to_s
|
||||
|
||||
admin_api_endpoint = admin_endpoint 'network'
|
||||
public_api_endpoint = public_endpoint 'network'
|
||||
internal_api_endpoint = internal_endpoint 'network'
|
||||
interfaces = {
|
||||
public: { url: public_endpoint('network') },
|
||||
internal: { url: internal_endpoint('network') },
|
||||
admin: { url: admin_endpoint('network') }
|
||||
}
|
||||
|
||||
service_pass = get_password 'service', 'openstack-network'
|
||||
service_tenant_name =
|
||||
node['openstack']['network']['conf']['keystone_authtoken']['tenant_name']
|
||||
node['openstack']['network']['conf']['keystone_authtoken']['project_name']
|
||||
|
||||
service_user =
|
||||
node['openstack']['network']['conf']['keystone_authtoken']['username']
|
||||
service_role = node['openstack']['network']['service_role']
|
||||
service_domain_name = node['openstack']['network']['conf']['keystone_authtoken']['user_domain_name']
|
||||
admin_user = node['openstack']['identity']['admin_user']
|
||||
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
||||
admin_project = node['openstack']['identity']['admin_project']
|
||||
admin_domain = node['openstack']['identity']['admin_domain_name']
|
||||
region = node['openstack']['region']
|
||||
|
||||
openstack_identity_register 'Register Network API Service' do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
service_name node['openstack']['network']['service_name']
|
||||
service_type node['openstack']['network']['service_type']
|
||||
service_description 'OpenStack Network Service'
|
||||
# Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927),
|
||||
# See discussions on https://bugs.launchpad.net/heat/+bug/1167927
|
||||
|
||||
action :create_service
|
||||
connection_params = {
|
||||
openstack_auth_url: "#{auth_url}/auth/tokens",
|
||||
openstack_username: admin_user,
|
||||
openstack_api_key: admin_pass,
|
||||
openstack_project_name: admin_project,
|
||||
openstack_domain_name: admin_domain
|
||||
}
|
||||
|
||||
# Register Network Service
|
||||
openstack_service 'neutron' do
|
||||
type 'network'
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
openstack_identity_register 'Register Network Endpoint' do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
service_type node['openstack']['network']['service_type']
|
||||
endpoint_region node['openstack']['network']['region']
|
||||
endpoint_adminurl admin_api_endpoint.to_s
|
||||
endpoint_internalurl internal_api_endpoint.to_s
|
||||
endpoint_publicurl public_api_endpoint.to_s
|
||||
|
||||
action :create_endpoint
|
||||
# Register Network Public-Endpoint
|
||||
interfaces.each do |interface, res|
|
||||
# Register network Endpoints
|
||||
openstack_endpoint 'network' do
|
||||
service_name 'neutron'
|
||||
interface interface.to_s
|
||||
url res[:url].to_s
|
||||
region region
|
||||
connection_params connection_params
|
||||
end
|
||||
end
|
||||
# Register Service Tenant
|
||||
openstack_project service_tenant_name do
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
openstack_identity_register 'Register Service Tenant' do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
tenant_name service_tenant_name
|
||||
tenant_description 'Service Tenant'
|
||||
|
||||
action :create_tenant
|
||||
end
|
||||
|
||||
openstack_identity_register "Register #{service_user} User" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
tenant_name service_tenant_name
|
||||
user_name service_user
|
||||
user_pass service_pass
|
||||
|
||||
action :create_user
|
||||
end
|
||||
|
||||
openstack_identity_register "Grant '#{service_role}' Role to #{service_user} User for #{service_tenant_name} Tenant" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
tenant_name service_tenant_name
|
||||
user_name service_user
|
||||
# Register Service User
|
||||
openstack_user service_user do
|
||||
project_name service_tenant_name
|
||||
role_name service_role
|
||||
password service_pass
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
## Grant Service role to Service User for Service Tenant ##
|
||||
openstack_user service_user do
|
||||
role_name service_role
|
||||
project_name service_tenant_name
|
||||
connection_params connection_params
|
||||
action :grant_role
|
||||
end
|
||||
|
||||
openstack_user service_user do
|
||||
domain_name service_domain_name
|
||||
role_name service_role
|
||||
connection_params connection_params
|
||||
action :grant_domain
|
||||
end
|
||||
|
|
|
@ -15,7 +15,7 @@ describe 'openstack-network' do
|
|||
expect(chef_run).to include_recipe('openstack-network::client')
|
||||
end
|
||||
|
||||
%w(neutron-common python-pyparsing python-cliff python-mysqldb).each do |package|
|
||||
%w(neutron-common python-pyparsing python-mysqldb).each do |package|
|
||||
it do
|
||||
expect(chef_run).to upgrade_package(package)
|
||||
end
|
||||
|
@ -114,11 +114,13 @@ describe 'openstack-network' do
|
|||
end
|
||||
end
|
||||
[
|
||||
/^tenant_name = service$/,
|
||||
/^project_name = service$/,
|
||||
/^username = neutron$/,
|
||||
%r{^auth_url = http://127\.0\.0\.1:5000/v2\.0$},
|
||||
/^user_domain_name = Default/,
|
||||
/^project_domain_name = Default/,
|
||||
%r{^auth_url = http://127\.0\.0\.1:5000/v3$},
|
||||
/^password = neutron-pass$/,
|
||||
/^auth_type = v2password$/
|
||||
/^auth_type = v3password$/
|
||||
].each do |line|
|
||||
it do
|
||||
expect(chef_run).to render_config_file(file.name)
|
||||
|
@ -127,10 +129,12 @@ describe 'openstack-network' do
|
|||
end
|
||||
[
|
||||
/^region_name = RegionOne$/,
|
||||
/^auth_type = v2password$/,
|
||||
%r{^auth_url = http://127\.0\.0\.1:5000/v2\.0$},
|
||||
/^auth_type = v3password$/,
|
||||
%r{^auth_url = http://127\.0\.0\.1:5000/v3$},
|
||||
/^username = nova$/,
|
||||
/^tenant_name = service$/
|
||||
/^user_domain_name = Default/,
|
||||
/^project_domain_name = Default/,
|
||||
/^project_name = service$/
|
||||
].each do |line|
|
||||
it do
|
||||
expect(chef_run).to render_config_file(file.name)
|
||||
|
|
|
@ -13,160 +13,85 @@ describe 'openstack-network::identity_registration' do
|
|||
|
||||
include_context 'neutron-stubs'
|
||||
|
||||
it 'registers network service' do
|
||||
expect(chef_run).to create_service_openstack_identity_register(
|
||||
'Register Network API Service'
|
||||
connection_params = {
|
||||
openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
|
||||
openstack_username: 'admin',
|
||||
openstack_api_key: 'admin-pass',
|
||||
openstack_project_name: 'admin',
|
||||
openstack_domain_name: 'default'
|
||||
}
|
||||
service_name = 'neutron'
|
||||
service_type = 'network'
|
||||
service_user = 'neutron'
|
||||
url = 'http://127.0.0.1:9696'
|
||||
region = 'RegionOne'
|
||||
project_name = 'service'
|
||||
role_name = 'admin'
|
||||
password = 'neutron-pass'
|
||||
domain_name = 'Default'
|
||||
|
||||
it "registers #{project_name} Project" do
|
||||
expect(chef_run).to create_openstack_project(
|
||||
project_name
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'network',
|
||||
service_description: 'OpenStack Network Service'
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
context 'registers network endpoint' do
|
||||
it 'with default values' do
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Network Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'network',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: 'http://127.0.0.1:9696',
|
||||
endpoint_internalurl: 'http://127.0.0.1:9696',
|
||||
endpoint_publicurl: 'http://127.0.0.1:9696'
|
||||
)
|
||||
end
|
||||
|
||||
it 'with different admin url values' do
|
||||
admin_url = 'https://admin.host:123/admin_path'
|
||||
general_url = 'http://general.host:456/general_path'
|
||||
|
||||
# Set the general endpoint
|
||||
node.set['openstack']['endpoints']['internal']['network']['uri'] = general_url
|
||||
node.set['openstack']['endpoints']['public']['network']['uri'] = general_url
|
||||
# Set the admin endpoint override
|
||||
node.set['openstack']['endpoints']['admin']['network']['uri'] = admin_url
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Network Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'network',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: admin_url,
|
||||
endpoint_internalurl: general_url,
|
||||
endpoint_publicurl: general_url
|
||||
)
|
||||
end
|
||||
|
||||
it 'with different public url values' do
|
||||
public_url = 'https://public.host:789/public_path'
|
||||
general_url = 'http://general.host:456/general_path'
|
||||
|
||||
# Set the general endpoint
|
||||
node.set['openstack']['endpoints']['internal']['network']['uri'] = general_url
|
||||
# Set the public endpoint override
|
||||
node.set['openstack']['endpoints']['public']['network']['uri'] = public_url
|
||||
node.set['openstack']['endpoints']['admin']['network']['uri'] = general_url
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Network Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'network',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: general_url,
|
||||
endpoint_internalurl: general_url,
|
||||
endpoint_publicurl: public_url
|
||||
)
|
||||
end
|
||||
|
||||
it 'with different internal url values' do
|
||||
internal_url = 'http://internal.host:456/internal_path'
|
||||
general_url = 'http://general.host:456/general_path'
|
||||
|
||||
# Set the general endpoint
|
||||
node.set['openstack']['endpoints']['admin']['network']['uri'] = general_url
|
||||
# Set the internal endpoint override
|
||||
node.set['openstack']['endpoints']['internal']['network']['uri'] = internal_url
|
||||
node.set['openstack']['endpoints']['public']['network']['uri'] = general_url
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Network Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'network',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: general_url,
|
||||
endpoint_internalurl: internal_url,
|
||||
endpoint_publicurl: general_url
|
||||
)
|
||||
end
|
||||
|
||||
it 'with different internal,public, and admin url values' do
|
||||
admin_url = 'https://admin.host:123/admin_path'
|
||||
internal_url = 'http://internal.host:456/internal_path'
|
||||
public_url = 'https://public.host:789/public_path'
|
||||
|
||||
node.set['openstack']['endpoints']['internal']['network']['uri'] = internal_url
|
||||
node.set['openstack']['endpoints']['public']['network']['uri'] = public_url
|
||||
node.set['openstack']['endpoints']['admin']['network']['uri'] = admin_url
|
||||
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Network Endpoint'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
service_type: 'network',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: admin_url,
|
||||
endpoint_internalurl: internal_url,
|
||||
endpoint_publicurl: public_url
|
||||
)
|
||||
end
|
||||
it 'with custom region override' do
|
||||
node.set['openstack']['network']['region'] = 'netRegion'
|
||||
|
||||
expect(chef_run).to create_endpoint_openstack_identity_register(
|
||||
'Register Network Endpoint'
|
||||
).with(endpoint_region: 'netRegion')
|
||||
end
|
||||
it "registers #{service_name} service" do
|
||||
expect(chef_run).to create_openstack_service(
|
||||
service_name
|
||||
).with(
|
||||
connection_params: connection_params,
|
||||
type: service_type
|
||||
)
|
||||
end
|
||||
|
||||
it 'registers service tenant' do
|
||||
expect(chef_run).to create_tenant_openstack_identity_register(
|
||||
'Register Service Tenant'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'service',
|
||||
tenant_description: 'Service Tenant'
|
||||
)
|
||||
context "registers #{service_name} endpoint" do
|
||||
%w(admin internal public).each do |interface|
|
||||
it "#{interface} endpoint with default values" do
|
||||
expect(chef_run).to create_openstack_endpoint(
|
||||
service_type
|
||||
).with(
|
||||
service_name: service_name,
|
||||
# interface: interface,
|
||||
url: url,
|
||||
region: region,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'registers service user' do
|
||||
expect(chef_run).to create_user_openstack_identity_register(
|
||||
'Register neutron User'
|
||||
expect(chef_run).to create_openstack_user(
|
||||
service_user
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'service',
|
||||
user_name: 'neutron',
|
||||
user_pass: 'neutron-pass'
|
||||
project_name: project_name,
|
||||
role_name: role_name,
|
||||
password: password,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'grants admin role to service user for service tenant' do
|
||||
expect(chef_run).to grant_role_openstack_identity_register(
|
||||
"Grant 'admin' Role to neutron User for service Tenant"
|
||||
it do
|
||||
expect(chef_run).to grant_domain_openstack_user(
|
||||
service_user
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'service',
|
||||
role_name: 'admin',
|
||||
user_name: 'neutron'
|
||||
domain_name: domain_name,
|
||||
role_name: role_name,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to grant_role_openstack_user(
|
||||
service_user
|
||||
).with(
|
||||
project_name: project_name,
|
||||
role_name: role_name,
|
||||
password: password,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -13,10 +13,6 @@ describe 'openstack-network::openvswitch' do
|
|||
expect(chef_run).to upgrade_package 'openvswitch-switch'
|
||||
end
|
||||
|
||||
it 'upgrades openvswitch datapath dkms' do
|
||||
expect(chef_run).to upgrade_package 'openvswitch-datapath-dkms'
|
||||
end
|
||||
|
||||
it 'upgrades linux bridge utils' do
|
||||
expect(chef_run).to upgrade_package 'bridge-utils'
|
||||
end
|
||||
|
|
|
@ -45,6 +45,9 @@ shared_context 'neutron-stubs' do
|
|||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('service', 'openstack-compute')
|
||||
.and_return('nova-pass')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', 'admin')
|
||||
.and_return('admin-pass')
|
||||
end
|
||||
shared_examples 'custom template banner displayer' do
|
||||
it 'shows the custom banner' do
|
||||
|
|
Loading…
Reference in New Issue