Use the library method auth_uri_transform
Use the library method auth_uri_transform and remove the authtoken configuration from api-paste.ini. Change-Id: I46d10bf9b3707c16c3d2ddc84171968ecc4e46a1 Imlements: blueprint move-keystone-authtoken-move-auth-uri-logic
This commit is contained in:
parent
1a8343cd8d
commit
e558c101fd
|
@ -2,6 +2,10 @@
|
|||
|
||||
This file is used to list changes made in each version of cookbook-openstack-network.
|
||||
|
||||
## 8.5.0
|
||||
### Blue print
|
||||
* Use the library method auth_uri_transform
|
||||
|
||||
## 8.4.0
|
||||
* Add new template for ml2 plugin
|
||||
|
||||
|
|
|
@ -58,6 +58,7 @@ Attributes
|
|||
==========
|
||||
|
||||
* `openstack['openstack']['network']['service_provider']` - Array of service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
|
||||
* `openstack['network']['api']['auth']['version']` - Select v2.0 or v3.0. Default v2.0. The auth API version used to interact with identity service.
|
||||
|
||||
TODO: Add DB2 support on other platforms
|
||||
* `openstack["network"]["platform"]["db2_python_packages"]` - Array of DB2 python packages, only available on redhat platform
|
||||
|
@ -151,6 +152,7 @@ License and Author
|
|||
| | Jian Hua Geng (<gengjh@cn.ibm.com>) |
|
||||
| | Chen Zhiwei (<zhiwchen@cn.ibm.com>) |
|
||||
| | Mark Vanderwiel(<vanderwl@us.ibm.com>) |
|
||||
| | Eric Zhou(<zyouzhou@cn.ibm.com>) |
|
||||
| | |
|
||||
| **Copyright** | Copyright (c) 2013, AT&T Services, Inc. |
|
||||
| | Copyright (c) 2013-2014, SUSE Linux GmbH |
|
||||
|
|
|
@ -60,6 +60,9 @@ default['openstack']['network']['api']['agent']['signing_dir'] = '/var/lib/neutr
|
|||
# Keystone PKI signing directory.
|
||||
default['openstack']['network']['api']['auth']['cache_dir'] = '/var/cache/neutron/api'
|
||||
|
||||
# The auth api version used to interact with identity service.
|
||||
default['openstack']['network']['api']['auth']['version'] = node['openstack']['api']['auth']['version']
|
||||
|
||||
# If bind_interface is set, the neutron API service will bind to the
|
||||
# address on this interface and use the port in bind_port. Otherwise,
|
||||
# it will bind to the API endpoint's host.
|
||||
|
|
|
@ -5,7 +5,7 @@ maintainer 'Jay Pipes <jaypipes@gmail.com>'
|
|||
license 'Apache 2.0'
|
||||
description 'Installs and configures the OpenStack Network API Service and various agents and plugins'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '8.4.0'
|
||||
version '8.5.0'
|
||||
recipe 'openstack-network::client', 'Install packages required for network client'
|
||||
recipe 'openstack-network::server', 'Installs packages required for a OpenStack Network server'
|
||||
recipe 'openstack-network::openvswitch', 'Installs packages required for OVS'
|
||||
|
|
|
@ -112,6 +112,8 @@ identity_endpoint = endpoint 'identity-api'
|
|||
identity_admin_endpoint = endpoint 'identity-admin'
|
||||
auth_uri = ::URI.decode identity_endpoint.to_s
|
||||
|
||||
auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['network']['api']['auth']['version']
|
||||
|
||||
db_user = node['openstack']['db']['network']['username']
|
||||
db_pass = get_password 'db', 'neutron'
|
||||
sql_connection = db_uri('network', db_user, db_pass)
|
||||
|
@ -158,7 +160,8 @@ template '/etc/neutron/neutron.conf' do
|
|||
mq_service_type: mq_service_type,
|
||||
mq_password: mq_password,
|
||||
core_plugin: core_plugin,
|
||||
identity_endpoint: identity_endpoint,
|
||||
auth_uri: auth_uri,
|
||||
identity_admin_endpoint: identity_admin_endpoint,
|
||||
service_pass: service_pass,
|
||||
sql_connection: sql_connection
|
||||
)
|
||||
|
@ -171,12 +174,6 @@ template '/etc/neutron/api-paste.ini' do
|
|||
owner node['openstack']['network']['platform']['user']
|
||||
group node['openstack']['network']['platform']['group']
|
||||
mode 00640
|
||||
variables(
|
||||
'auth_uri' => auth_uri,
|
||||
'identity_admin_endpoint' => identity_admin_endpoint,
|
||||
'identity_endpoint' => identity_endpoint,
|
||||
'service_pass' => service_pass
|
||||
)
|
||||
|
||||
notifies :restart, 'service[neutron-server]', :delayed
|
||||
end
|
||||
|
|
|
@ -86,31 +86,6 @@ describe 'openstack-network::server' do
|
|||
it 'has proper modes' do
|
||||
expect(sprintf('%o', @file.mode)).to eq '640'
|
||||
end
|
||||
|
||||
it 'has neutron pass' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'admin_password = neutron-pass')
|
||||
end
|
||||
|
||||
it 'has auth_uri' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'auth_uri = http://127.0.0.1:5000/v2.0')
|
||||
end
|
||||
|
||||
it 'has auth_host' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'auth_host = 127.0.0.1')
|
||||
end
|
||||
|
||||
it 'has auth_port' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'auth_port = 35357')
|
||||
end
|
||||
|
||||
it 'has auth_protocol' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'auth_protocol = http')
|
||||
end
|
||||
end
|
||||
|
||||
it 'should create neutron-ha-tool.py script' do
|
||||
|
@ -191,7 +166,7 @@ describe 'openstack-network::server' do
|
|||
|
||||
it 'has appropriate auth port for agents' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'auth_port = 5000')
|
||||
'auth_port = 35357')
|
||||
end
|
||||
|
||||
it 'has appropriate admin password for agents' do
|
||||
|
@ -288,6 +263,41 @@ describe 'openstack-network::server' do
|
|||
'service_plugins = neutron.foo,neutron.bar')
|
||||
end
|
||||
|
||||
it 'has neutron pass' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'admin_password = neutron-pass')
|
||||
end
|
||||
|
||||
it 'has auth_uri' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'auth_uri = http://127.0.0.1:5000/v2.0')
|
||||
end
|
||||
|
||||
it 'has auth_host' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'auth_host = 127.0.0.1')
|
||||
end
|
||||
|
||||
it 'has auth_port' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'auth_port = 35357')
|
||||
end
|
||||
|
||||
it 'has auth_protocol' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'auth_protocol = http')
|
||||
end
|
||||
|
||||
it 'has signing_dir' do
|
||||
expect(@chef_run).to render_file(@file.name).with_content(
|
||||
'signing_dir = /var/lib/neutron/keystone-signing')
|
||||
end
|
||||
|
||||
it 'has no auth_version' do
|
||||
expect(@chef_run).not_to render_file(@file.name).with_content(
|
||||
'auth_version = v2.0')
|
||||
end
|
||||
|
||||
describe 'qpid' do
|
||||
before do
|
||||
@chef_run = ::ChefSpec::Runner.new ::UBUNTU_OPTS do |n|
|
||||
|
|
|
@ -24,12 +24,4 @@ paste.app_factory = neutron.api.v2.router:APIRouter.factory
|
|||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
|
||||
auth_uri = <%= @auth_uri %>
|
||||
auth_host = <%= @identity_admin_endpoint.host %>
|
||||
auth_port = <%= @identity_admin_endpoint.port %>
|
||||
auth_protocol = <%= @identity_admin_endpoint.scheme %>
|
||||
admin_tenant_name = <%= node["openstack"]["network"]["service_tenant_name"] %>
|
||||
admin_user = <%= node["openstack"]["network"]["service_user"] %>
|
||||
admin_password = <%= @service_pass %>
|
||||
delay_auth_decision = true
|
||||
signing_dir = <%= node["openstack"]["network"]["api"]["auth"]["cache_dir"] %>
|
||||
|
|
|
@ -318,9 +318,13 @@ root_helper = "sudo neutron-rootwrap /etc/neutron/rootwrap.conf"
|
|||
report_interval = <%= node["openstack"]["network"]["api"]["agent"]["agent_report_interval"] %>
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_host = <%= @identity_endpoint.host %>
|
||||
auth_port = <%= @identity_endpoint.port %>
|
||||
auth_protocol = <%= @identity_endpoint.scheme %>
|
||||
auth_uri = <%= @auth_uri %>
|
||||
auth_host = <%= @identity_admin_endpoint.host %>
|
||||
auth_port = <%= @identity_admin_endpoint.port %>
|
||||
auth_protocol = <%= @identity_admin_endpoint.scheme %>
|
||||
<% if node['openstack']['network']['api']['auth']['version'] != 'v2.0' %>
|
||||
auth_version = <%= node['openstack']['network']['api']['auth']['version'] %>
|
||||
<% end %>
|
||||
admin_tenant_name = <%= node["openstack"]["network"]["service_tenant_name"] %>
|
||||
admin_user = <%= node["openstack"]["network"]["service_user"] %>
|
||||
admin_password = <%= @service_pass %>
|
||||
|
|
Loading…
Reference in New Issue