Use the library method auth_uri_transform

Use the library method auth_uri_transform and remove the authtoken
configuration from api-paste.ini.

Change-Id: I46d10bf9b3707c16c3d2ddc84171968ecc4e46a1
Imlements: blueprint move-keystone-authtoken-move-auth-uri-logic
This commit is contained in:
ericzhou 2014-03-17 13:28:21 +08:00
parent 1a8343cd8d
commit e558c101fd
8 changed files with 57 additions and 45 deletions

View File

@ -2,6 +2,10 @@
This file is used to list changes made in each version of cookbook-openstack-network.
## 8.5.0
### Blue print
* Use the library method auth_uri_transform
## 8.4.0
* Add new template for ml2 plugin

View File

@ -58,6 +58,7 @@ Attributes
==========
* `openstack['openstack']['network']['service_provider']` - Array of service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
* `openstack['network']['api']['auth']['version']` - Select v2.0 or v3.0. Default v2.0. The auth API version used to interact with identity service.
TODO: Add DB2 support on other platforms
* `openstack["network"]["platform"]["db2_python_packages"]` - Array of DB2 python packages, only available on redhat platform
@ -151,6 +152,7 @@ License and Author
| | Jian Hua Geng (<gengjh@cn.ibm.com>) |
| | Chen Zhiwei (<zhiwchen@cn.ibm.com>) |
| | Mark Vanderwiel(<vanderwl@us.ibm.com>) |
| | Eric Zhou(<zyouzhou@cn.ibm.com>) |
| | |
| **Copyright** | Copyright (c) 2013, AT&T Services, Inc. |
| | Copyright (c) 2013-2014, SUSE Linux GmbH |

View File

@ -60,6 +60,9 @@ default['openstack']['network']['api']['agent']['signing_dir'] = '/var/lib/neutr
# Keystone PKI signing directory.
default['openstack']['network']['api']['auth']['cache_dir'] = '/var/cache/neutron/api'
# The auth api version used to interact with identity service.
default['openstack']['network']['api']['auth']['version'] = node['openstack']['api']['auth']['version']
# If bind_interface is set, the neutron API service will bind to the
# address on this interface and use the port in bind_port. Otherwise,
# it will bind to the API endpoint's host.

View File

@ -5,7 +5,7 @@ maintainer 'Jay Pipes <jaypipes@gmail.com>'
license 'Apache 2.0'
description 'Installs and configures the OpenStack Network API Service and various agents and plugins'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '8.4.0'
version '8.5.0'
recipe 'openstack-network::client', 'Install packages required for network client'
recipe 'openstack-network::server', 'Installs packages required for a OpenStack Network server'
recipe 'openstack-network::openvswitch', 'Installs packages required for OVS'

View File

@ -112,6 +112,8 @@ identity_endpoint = endpoint 'identity-api'
identity_admin_endpoint = endpoint 'identity-admin'
auth_uri = ::URI.decode identity_endpoint.to_s
auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['network']['api']['auth']['version']
db_user = node['openstack']['db']['network']['username']
db_pass = get_password 'db', 'neutron'
sql_connection = db_uri('network', db_user, db_pass)
@ -158,7 +160,8 @@ template '/etc/neutron/neutron.conf' do
mq_service_type: mq_service_type,
mq_password: mq_password,
core_plugin: core_plugin,
identity_endpoint: identity_endpoint,
auth_uri: auth_uri,
identity_admin_endpoint: identity_admin_endpoint,
service_pass: service_pass,
sql_connection: sql_connection
)
@ -171,12 +174,6 @@ template '/etc/neutron/api-paste.ini' do
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00640
variables(
'auth_uri' => auth_uri,
'identity_admin_endpoint' => identity_admin_endpoint,
'identity_endpoint' => identity_endpoint,
'service_pass' => service_pass
)
notifies :restart, 'service[neutron-server]', :delayed
end

View File

@ -86,31 +86,6 @@ describe 'openstack-network::server' do
it 'has proper modes' do
expect(sprintf('%o', @file.mode)).to eq '640'
end
it 'has neutron pass' do
expect(@chef_run).to render_file(@file.name).with_content(
'admin_password = neutron-pass')
end
it 'has auth_uri' do
expect(@chef_run).to render_file(@file.name).with_content(
'auth_uri = http://127.0.0.1:5000/v2.0')
end
it 'has auth_host' do
expect(@chef_run).to render_file(@file.name).with_content(
'auth_host = 127.0.0.1')
end
it 'has auth_port' do
expect(@chef_run).to render_file(@file.name).with_content(
'auth_port = 35357')
end
it 'has auth_protocol' do
expect(@chef_run).to render_file(@file.name).with_content(
'auth_protocol = http')
end
end
it 'should create neutron-ha-tool.py script' do
@ -191,7 +166,7 @@ describe 'openstack-network::server' do
it 'has appropriate auth port for agents' do
expect(@chef_run).to render_file(@file.name).with_content(
'auth_port = 5000')
'auth_port = 35357')
end
it 'has appropriate admin password for agents' do
@ -288,6 +263,41 @@ describe 'openstack-network::server' do
'service_plugins = neutron.foo,neutron.bar')
end
it 'has neutron pass' do
expect(@chef_run).to render_file(@file.name).with_content(
'admin_password = neutron-pass')
end
it 'has auth_uri' do
expect(@chef_run).to render_file(@file.name).with_content(
'auth_uri = http://127.0.0.1:5000/v2.0')
end
it 'has auth_host' do
expect(@chef_run).to render_file(@file.name).with_content(
'auth_host = 127.0.0.1')
end
it 'has auth_port' do
expect(@chef_run).to render_file(@file.name).with_content(
'auth_port = 35357')
end
it 'has auth_protocol' do
expect(@chef_run).to render_file(@file.name).with_content(
'auth_protocol = http')
end
it 'has signing_dir' do
expect(@chef_run).to render_file(@file.name).with_content(
'signing_dir = /var/lib/neutron/keystone-signing')
end
it 'has no auth_version' do
expect(@chef_run).not_to render_file(@file.name).with_content(
'auth_version = v2.0')
end
describe 'qpid' do
before do
@chef_run = ::ChefSpec::Runner.new ::UBUNTU_OPTS do |n|

View File

@ -24,12 +24,4 @@ paste.app_factory = neutron.api.v2.router:APIRouter.factory
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_uri = <%= @auth_uri %>
auth_host = <%= @identity_admin_endpoint.host %>
auth_port = <%= @identity_admin_endpoint.port %>
auth_protocol = <%= @identity_admin_endpoint.scheme %>
admin_tenant_name = <%= node["openstack"]["network"]["service_tenant_name"] %>
admin_user = <%= node["openstack"]["network"]["service_user"] %>
admin_password = <%= @service_pass %>
delay_auth_decision = true
signing_dir = <%= node["openstack"]["network"]["api"]["auth"]["cache_dir"] %>

View File

@ -318,9 +318,13 @@ root_helper = "sudo neutron-rootwrap /etc/neutron/rootwrap.conf"
report_interval = <%= node["openstack"]["network"]["api"]["agent"]["agent_report_interval"] %>
[keystone_authtoken]
auth_host = <%= @identity_endpoint.host %>
auth_port = <%= @identity_endpoint.port %>
auth_protocol = <%= @identity_endpoint.scheme %>
auth_uri = <%= @auth_uri %>
auth_host = <%= @identity_admin_endpoint.host %>
auth_port = <%= @identity_admin_endpoint.port %>
auth_protocol = <%= @identity_admin_endpoint.scheme %>
<% if node['openstack']['network']['api']['auth']['version'] != 'v2.0' %>
auth_version = <%= node['openstack']['network']['api']['auth']['version'] %>
<% end %>
admin_tenant_name = <%= node["openstack"]["network"]["service_tenant_name"] %>
admin_user = <%= node["openstack"]["network"]["service_user"] %>
admin_password = <%= @service_pass %>