Drop admin endpoints
The admin endpoints offer no special functionality, users may talk to the public endpoints instead. The only historic use case has been the keystone v2 admin endpoint, but with keystone v3 API, even that is no longer needed. Also stop creating cache dirs that were only needed while keystone supported PKI tokens. [0] https://opendev.org/openstack/openstack-chef-specs/src/branch/master/specs/ocata/all/drop-admin-endpoints.rst Depends-On: https://review.openstack.org/652050 Change-Id: I309bf20e68e452489a24cf36472fc5c9f68cbe36
This commit is contained in:
parent
5bb0cf6aaa
commit
7d5f72844f
|
@ -21,7 +21,7 @@
|
|||
|
||||
# Set the endpoints for the network service to allow all other cookbooks to
|
||||
# access and use them
|
||||
%w(public internal admin).each do |ep_type|
|
||||
%w(public internal).each do |ep_type|
|
||||
# openstack identity service endpoints (used by users and services)
|
||||
default['openstack']['endpoints'][ep_type]['network']['host'] = '127.0.0.1'
|
||||
default['openstack']['endpoints'][ep_type]['network']['scheme'] = 'http'
|
||||
|
@ -49,8 +49,6 @@ default['openstack']['network']['service_name'] = 'neutron'
|
|||
default['openstack']['network']['service_type'] = 'network'
|
||||
default['openstack']['network']['description'] = 'OpenStack Networking service'
|
||||
default['openstack']['network']['rabbit_server_chef_role'] = 'rabbitmq-server'
|
||||
# Keystone PKI signing directory.
|
||||
default['openstack']['network']['api']['auth']['cache_dir'] = '/var/cache/neutron/api'
|
||||
# The bridging interface driver.
|
||||
# This is used by the L3, DHCP and LBaaS agents.
|
||||
# Options are:
|
||||
|
|
|
@ -48,20 +48,6 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg|
|
|||
end
|
||||
end
|
||||
|
||||
directory '/var/cache/neutron' do
|
||||
owner node['openstack']['network']['platform']['user']
|
||||
group node['openstack']['network']['platform']['group']
|
||||
mode 0o0700
|
||||
action :create
|
||||
end
|
||||
|
||||
directory node['openstack']['network']['api']['auth']['cache_dir'] do
|
||||
owner node['openstack']['network']['platform']['user']
|
||||
group node['openstack']['network']['platform']['group']
|
||||
mode 0o0700
|
||||
only_if { node['openstack']['auth']['strategy'] == 'pki' }
|
||||
end
|
||||
|
||||
template '/etc/neutron/rootwrap.conf' do
|
||||
source 'openstack-service.conf.erb'
|
||||
cookbook 'openstack-common'
|
||||
|
|
|
@ -32,7 +32,6 @@ auth_url = ::URI.decode identity_endpoint.to_s
|
|||
interfaces = {
|
||||
public: { url: public_endpoint('network') },
|
||||
internal: { url: internal_endpoint('network') },
|
||||
admin: { url: admin_endpoint('network') },
|
||||
}
|
||||
|
||||
service_pass = get_password 'service', 'openstack-network'
|
||||
|
@ -48,16 +47,15 @@ admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
|||
admin_project = node['openstack']['identity']['admin_project']
|
||||
admin_domain = node['openstack']['identity']['admin_domain_name']
|
||||
region = node['openstack']['region']
|
||||
|
||||
# Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927),
|
||||
# See discussions on https://bugs.launchpad.net/heat/+bug/1167927
|
||||
endpoint_type = node['openstack']['identity']['endpoint_type']
|
||||
|
||||
connection_params = {
|
||||
openstack_auth_url: "#{auth_url}/auth/tokens",
|
||||
openstack_username: admin_user,
|
||||
openstack_api_key: admin_pass,
|
||||
openstack_project_name: admin_project,
|
||||
openstack_domain_name: admin_domain,
|
||||
openstack_auth_url: "#{auth_url}/auth/tokens",
|
||||
openstack_username: admin_user,
|
||||
openstack_api_key: admin_pass,
|
||||
openstack_project_name: admin_project,
|
||||
openstack_domain_name: admin_domain,
|
||||
openstack_endpoint_type: endpoint_type,
|
||||
}
|
||||
|
||||
# Register Network Service
|
||||
|
@ -77,6 +75,7 @@ interfaces.each do |interface, res|
|
|||
connection_params connection_params
|
||||
end
|
||||
end
|
||||
|
||||
# Register Service Tenant
|
||||
openstack_project service_tenant_name do
|
||||
connection_params connection_params
|
||||
|
|
|
@ -17,37 +17,6 @@ describe 'openstack-network' do
|
|||
end
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to create_directory('/var/cache/neutron')
|
||||
.with(owner: 'neutron',
|
||||
group: 'neutron',
|
||||
mode: 0o0700)
|
||||
end
|
||||
|
||||
describe '/var/cache/neutron/api with pki set' do
|
||||
before do
|
||||
node.override['openstack']['auth']['strategy'] = 'pki'
|
||||
end
|
||||
it do
|
||||
expect(chef_run).to create_directory('/var/cache/neutron/api')
|
||||
.with(owner: 'neutron',
|
||||
group: 'neutron',
|
||||
mode: 0o0700)
|
||||
end
|
||||
end
|
||||
|
||||
describe '/var/cache/neutron/api with pki set' do
|
||||
before do
|
||||
node.override['openstack']['auth']['strategy'] = 'not_pki'
|
||||
end
|
||||
it do
|
||||
expect(chef_run).not_to create_directory('/var/cache/neutron/api')
|
||||
.with(owner: 'neutron',
|
||||
group: 'neutron',
|
||||
mode: 0o0700)
|
||||
end
|
||||
end
|
||||
|
||||
describe '/etc/neutron/rootwrap.conf' do
|
||||
let(:file) { chef_run.template('/etc/neutron/rootwrap.conf') }
|
||||
[
|
||||
|
|
|
@ -19,6 +19,7 @@ describe 'openstack-network::identity_registration' do
|
|||
openstack_api_key: 'admin-pass',
|
||||
openstack_project_name: 'admin',
|
||||
openstack_domain_name: 'default',
|
||||
openstack_endpoint_type: 'internalURL',
|
||||
}
|
||||
service_name = 'neutron'
|
||||
service_type = 'network'
|
||||
|
@ -48,7 +49,7 @@ describe 'openstack-network::identity_registration' do
|
|||
end
|
||||
|
||||
context "registers #{service_name} endpoint" do
|
||||
%w(admin internal public).each do |interface|
|
||||
%w(internal public).each do |interface|
|
||||
it "#{interface} endpoint with default values" do
|
||||
expect(chef_run).to create_openstack_endpoint(
|
||||
service_type
|
||||
|
|
Loading…
Reference in New Issue