Browse Source

Refactor using new style

* use new logic for heat.conf template
* move all attributes that are used in heat.conf to
  attributes/heat_conf.rb
* remove all attributes that are just setting default values
* add new default attributes so that the authorisation setup will be
  functional again
* refactored endpoint and bind_service logic to fit the new common
  cookbook
* adapt specs accordingly
* removed qpid as a messaging option (can be included in a wrapper)
* removed fedora as supported platform
* removed deprecated Gemfile
* removed logic for setting up a dedicated domain for Heat, should be
  done in a wrapper
* update README.md accordingly (still incomplete)

Implements: blueprint cookbook-refactoring
Change-Id: I16a29e28068d106f0edcbe04cb529aabbbed1ac5
Jens Rosenboom 3 years ago
parent
commit
5d70ac53fa

+ 0
- 14
Gemfile View File

@@ -1,14 +0,0 @@
1
-## THIS GEMFILE IS DEPRECATED AND WILL BE REMOVED AFTER THE NEXT RELEASE
2
-## THERE WON'T BE ANY UPDATES TO THIS FILE DURING THIS RELEASE CYCLE
3
-## WE SWITCHED TO CHEFDK AS THE BUNDLE FOR THE NEEDED GEMS
4
-
5
-source 'https://rubygems.org'
6
-
7
-gem 'chef', '~> 11.18.6'
8
-gem 'json', '<= 1.7.7' # chef 11 dependency
9
-gem 'berkshelf', '~> 3.2.1'
10
-gem 'hashie', '~> 2.0'
11
-gem 'chefspec', '~> 4.0.0'
12
-gem 'rspec', '~> 3.0.0'
13
-gem 'foodcritic', '~> 4.0'
14
-gem 'rubocop', '~> 0.29.1'

+ 29
- 131
README.md View File

@@ -54,150 +54,46 @@ Attributes
54 54
 
55 55
 Attributes for the Heat service are in the ['openstack']['orchestration'] namespace.
56 56
 
57
-* `openstack['orchestration']['verbose']` - Enables/disables verbose output for heat services.
58
-* `openstack['orchestration']['debug']` - Enables/disables debug output for heat services.
59 57
 * `openstack['orchestration']['identity_service_chef_role']` - The name of the Chef role that installs the Keystone Service API
60 58
 * `openstack['orchestration']['rabbit_server_chef_role']` - The name of the Chef role that knows about the message queue server
61 59
 * `openstack['orchestration']['user']` - User heat runs as
62 60
 * `openstack['orchestration']['group']` - Group heat runs as
63
-* `openstack['orchestration']['num_engine_workers']` - Number of heat-engine processes to fork and run.
64
-* `openstack['orchestration']['api']['workers']` - Number of workers for Heat api service.
65
-* `openstack['orchestration']['api_cfn']['workers']` - Number of workers for Heat api cfn service.
66
-* `openstack['orchestration']['api_cloudwatch']['workers']` - Number of workers for Heat api cloudwatch service.
67
-* `openstack['orchestration']['db']['username']` - Username for heat database access
68
-* `openstack['orchestration']['api']['adminURL']` - Used when registering heat endpoint with keystone
69
-* `openstack['orchestration']['api']['internalURL']` - Used when registering heat endpoint with keystone
70
-* `openstack['orchestration']['api']['publicURL']` - Used when registering heat endpoint with keystone
71
-* `openstack['orchestration']['service_tenant_name']` - Tenant name used by heat when interacting with keystone - used in the API and registry paste.ini files
72
-* `openstack['orchestration']['service_user']` - User name used by heat when interacting with keystone - used in the API and registry paste.ini files
73
-* `openstack['orchestration']['service_role']` - User role used by heat when interacting with keystone - used in the API and registry paste.ini files
74
-* `openstack['orchestration']['api']['auth']['cache_dir']` - Defaults to `/var/cache/heat`. Directory where `auth_token` middleware writes certificates for heat
61
+* `openstack['db']['orchestration']['username']` - Username for heat database access
62
+* `openstack['orchestration']['service_role']` - User role used by heat when interacting with keystone, defaults to 'service'. Used in the API and registry paste.ini files
75 63
 * `openstack['orchestration']['syslog']['use']` - Should heat log to syslog?
76
-* `openstack['orchestration']['syslog']['facility']` - Which facility heat should use when logging in python style (for example, `LOG_LOCAL1`)
77
-* `openstack['orchestration']['syslog']['config_facility']` - Which facility heat should use when logging in rsyslog style (for example, local1)
78
-* `openstack['orchestration']['rpc_thread_pool_size']` - size of RPC thread pool
79
-* `openstack['orchestration']['rpc_conn_pool_size']` - size of RPC connection pool
80
-* `openstack['orchestration']['rpc_response_timeout']` - seconds to wait for a response from call or multicall
81 64
 * `openstack['orchestration']['platform']` - hash of platform specific package/service names and options
82
-* `openstack['orchestration']['api']['auth']['version']` - Select v2.0 or v3.0. Default v2.0. The auth API version used to interact with identity service.
83
-* `openstack['orchestration']['api']['auth']['memcached_servers']` - A list of memcached server(s) for caching
84
-* `openstack['orchestration']['api']['auth']['memcache_security_strategy']` - Whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT.
85
-* `openstack['orchestration']['api']['auth']['memcache_secret_key']` - This string is used for key derivation.
86
-* `openstack['orchestration']['api']['auth']['hash_algorithms']` - Hash algorithms to use for hashing PKI tokens.
87
-* `openstack['orchestration']['api']['auth']['cafile']` - A PEM encoded Certificate Authority to use when verifying HTTPs connections.
88
-* `openstack['orchestration']['api']['auth']['insecure']` - Whether to allow the client to perform insecure SSL (https) requests.
89
-
90
-Clients configurations
91
-----------------------
92
-* `openstack['orchestration']['clients']['ca_file']` - A PEM encoded Certificate Authority to use for clients when verifying HTTPs connections.
93
-* `openstack['orchestration']['clients']['cert_file']` - Cert file to use for clients when verifying HTTPs connections.
94
-* `openstack['orchestration']['clients']['key_file']` - Private key file to use for clients when verifying HTTPs connections.
95
-* `openstack['orchestration']['clients']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients.
96
-
97
-clients_ceilometer configurations
98
----------------------------------
99
-* `openstack['orchestration']['clients_ceilometer']['ca_file']` - A PEM encoded Certificate Authority to use for clients_ceilometer when verifying HTTPs connections.
100
-* `openstack['orchestration']['clients_ceilometer']['cert_file']` - Cert file to use for clients_ceilometer when verifying HTTPs connections.
101
-* `openstack['orchestration']['clients_ceilometer']['key_file']` - Private key file to use for clients_ceilometer when verifying HTTPs connections.
102
-* `openstack['orchestration']['clients_ceilometer']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_ceilometer.
103
-
104
-clients_cinder configurations
105
------------------------------
106
-* `openstack['orchestration']['clients_cinder']['ca_file']` - A PEM encoded Certificate Authority to use for clients_cinder when verifying HTTPs connections.
107
-* `openstack['orchestration']['clients_cinder']['cert_file']` - Cert file to use for clients_cinder when verifying HTTPs connections.
108
-* `openstack['orchestration']['clients_cinder']['key_file']` - Private key file to use for clients_cinder when verifying HTTPs connections.
109
-* `openstack['orchestration']['clients_cinder']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_cinder.
110
-
111
-clients_glance configurations
112
------------------------------
113
-* `openstack['orchestration']['clients_glance']['ca_file']` - A PEM encoded Certificate Authority to use for clients_glance when verifying HTTPs connections.
114
-* `openstack['orchestration']['clients_glance']['cert_file']` - Cert file to use for clients_glance when verifying HTTPs connections.
115
-* `openstack['orchestration']['clients_glance']['key_file']` - Private key file to use for clients_glance when verifying HTTPs connections.
116
-* `openstack['orchestration']['clients_glance']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_glance.
117
-
118
-clients_heat configurations
119
----------------------------
120
-* `openstack['orchestration']['clients_heat']['ca_file']` - A PEM encoded Certificate Authority to use for clients_heat when verifying HTTPs connections.
121
-* `openstack['orchestration']['clients_heat']['cert_file']` - Cert file to use for clients_heat when verifying HTTPs connections.
122
-* `openstack['orchestration']['clients_heat']['key_file']` - Private key file to use for clients_heat when verifying HTTPs connections.
123
-* `openstack['orchestration']['clients_heat']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_heat.
124
-
125
-clients_keystone configurations
126
--------------------------------
127
-* `openstack['orchestration']['clients_keystone']['ca_file']` - A PEM encoded Certificate Authority to use for clients_keystone when verifying HTTPs connections.
128
-* `openstack['orchestration']['clients_keystone']['cert_file']` - Cert file to use for clients_keystone when verifying HTTPs connections.
129
-* `openstack['orchestration']['clients_keystone']['key_file']` - Private key file to use for clients_keystone when verifying HTTPs connections.
130
-* `openstack['orchestration']['clients_keystone']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_keystone.
131
-
132
-clients_neutron configurations
133
-------------------------------
134
-* `openstack['orchestration']['clients_neutron']['ca_file']` - A PEM encoded Certificate Authority to use for clients_neutron when verifying HTTPs connections.
135
-* `openstack['orchestration']['clients_neutron']['cert_file']` - Cert file to use for clients_neutron when verifying HTTPs connections.
136
-* `openstack['orchestration']['clients_neutron']['key_file']` - Private key file to use for clients_neutron when verifying HTTPs connections.
137
-* `openstack['orchestration']['clients_neutron']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_neutron.
138
-
139
-clients_nova configurations
140
----------------------------------
141
-* `openstack['orchestration']['clients_nova']['ca_file']` - A PEM encoded Certificate Authority to use for clients_nova when verifying HTTPs connections.
142
-* `openstack['orchestration']['clients_nova']['cert_file']` - Cert file to use for clients_nova when verifying HTTPs connections.
143
-* `openstack['orchestration']['clients_nova']['key_file']` - Private key file to use for clients_nova when verifying HTTPs connections.
144
-* `openstack['orchestration']['clients_nova']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients_nova.
145
-
146
-Notification definitions
147
-------------------------
148
-* `openstack['orchestration']['notification_driver']` - driver
149
-* `openstack['orchestration']['default_notification_level']` - level
150
-* `openstack['orchestration']['default_publisher_id']` - publisher id
151
-* `openstack['orchestration']['list_notifier_drivers']` - list of drivers
152
-* `openstack['orchestration']['notification_topics']` - notifications topics
65
+* `openstack['orchestration']['api']['auth']['version']` - Select v2.0 or v3.0. Default v2.0. The auth API version used to interact with the identity service.
66
+
67
+TODO: update this section adding new attributes
153 68
 
154 69
 MQ attributes
155 70
 -------------
156
-* `openstack["orchestration"]["mq"]["service_type"]` - Select qpid or rabbitmq. default rabbitmq
157
-TODO: move rabbit parameters under openstack["orchestration"]["mq"]
158
-* `openstack["orchestration"]["rabbit"]["username"]` - Username for nova rabbit access
159
-* `openstack["orchestration"]["rabbit"]["vhost"]` - The rabbit vhost to use
160
-* `openstack["orchestration"]["rabbit"]["port"]` - The rabbit port to use
161
-* `openstack["orchestration"]["rabbit"]["host"]` - The rabbit host to use (must set when `openstack["orchestration"]["rabbit"]["ha"]` false).
162
-* `openstack["orchestration"]["rabbit"]["ha"]` - Whether or not to use rabbit ha
163
-
164
-* `openstack["orchestration"]["mq"]["qpid"]["host"]` - The qpid host to use
165
-* `openstack["orchestration"]["mq"]["qpid"]["port"]` - The qpid port to use
166
-* `openstack["orchestration"]["mq"]["qpid"]["qpid_hosts"]` - Qpid hosts. TODO. use only when ha is specified.
167
-* `openstack["orchestration"]["mq"]["qpid"]["username"]` - Username for qpid connection
168
-* `openstack["orchestration"]["mq"]["qpid"]["password"]` - Password for qpid connection
169
-* `openstack["orchestration"]["mq"]["qpid"]["sasl_mechanisms"]` - Space separated list of SASL mechanisms to use for auth
170
-* `openstack["orchestration"]["mq"]["qpid"]["reconnect_timeout"]` - The number of seconds to wait before deciding that a reconnect attempt has failed.
171
-* `openstack["orchestration"]["mq"]["qpid"]["reconnect_limit"]` - The limit for the number of times to reconnect before considering the connection to be failed.
172
-* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval_min"]` - Minimum number of seconds between connection attempts.
173
-* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval_max"]` - Maximum number of seconds between connection attempts.
174
-* `openstack["orchestration"]["mq"]["qpid"]["reconnect_interval"]` - Equivalent to setting qpid_reconnect_interval_min and qpid_reconnect_interval_max to the same value.
175
-* `openstack["orchestration"]["mq"]["qpid"]["heartbeat"]` - Seconds between heartbeat messages sent to ensure that the connection is still alive.
176
-* `openstack["orchestration"]["mq"]["qpid"]["protocol"]` - Protocol to use. Default tcp.
177
-* `openstack["orchestration"]["mq"]["qpid"]["tcp_nodelay"]` - Disable the Nagle algorithm. default disabled.
178
-
179
-The following attributes are defined in attributes/default.rb of the common cookbook, but are documented here due to their relevance:
180
-
181
-* `openstack['endpoints']['orchestration-api-bind']['host']` - The IP address to bind the service to
182
-* `openstack['endpoints']['orchestration-api-bind']['port']` - The port to bind the service to
183
-* `openstack['endpoints']['orchestration-api-bind']['bind_interface']` - The interface name to bind the service to
184
-
185
-* `openstack['endpoints']['orchestration-api-cfn-bind']['host']` - The IP address to bind the service to
186
-* `openstack['endpoints']['orchestration-api-cfn-bind']['port']` - The port to bind the service to
187
-* `openstack['endpoints']['orchestration-api-cfn-bind']['bind_interface']` - The interface name to bind the-cfn service to
188
-
189
-* `openstack['endpoints']['orchestration-api-cloudwatch-bind']['host']` - The IP address to bind the service to
190
-* `openstack['endpoints']['orchestration-api-cloudwatch-bind']['port']` - The port to bind the service to
191
-* `openstack['endpoints']['orchestration-api-cloudwatch-bind']['bind_interface']` - The interface name to bind the-cloudwatch service to
192
-
193
-If the value of the 'bind_interface' attribute is non-nil, then the service will be bound to the first IP address on that interface. If the value of the 'bind_interface' attribute is nil, then the service will be bound to the IP address specifie>
71
+
72
+TODO: update this section with the new attributes
73
+
74
+Service bindings
75
+----------------
76
+
77
+* `openstack['bind_service']['all']['orchestration-api']['host']` - The IP address to bind the service to
78
+* `openstack['bind_service']['all']['orchestration-api']['port']` - The port to bind the service to
79
+* `openstack['bind_service']['all']['orchestration-api']['interface']` - The interface to bind the service to
80
+
81
+* `openstack['bind_service']['all']['orchestration-api-cfn']['host']` - The IP address to bind the service to
82
+* `openstack['bind_service']['all']['orchestration-api-cfn']['port']` - The port to bind the service to
83
+* `openstack['bind_service']['all']['orchestration-api-cfn']['interface']` - The interface to bind the service to
84
+
85
+* `openstack['bind_service']['all']['orchestration-api-cloudwatch']['host']` - The IP address to bind the service to
86
+* `openstack['bind_service']['all']['orchestration-api-cloudwatch']['port']` - The port to bind the service to
87
+* `openstack['bind_service']['all']['orchestration-api-cloudwatch']['interface']` - The interface to bind the service to
88
+
89
+If the value of the 'interface' attribute is non-nil, then the service will be bound to the first IP address on that interface and
90
+the 'host' attribute will be ignored. 
91
+If the value of the 'interface' attribute is nil (which is the default), then the service will be bound to the IP address specified
92
+in the 'host' attribute.
194 93
 
195 94
 Miscellaneous Options
196 95
 ---------------------
197 96
 
198
-Arrays whose elements will be copied exactly into the respective config files (contents e.g. ['option1=value1', 'option2=value2']).
199
-
200
-* `openstack["orchestration"]["misc_heat"]` - Array of bare options for `heat.conf`.
201 97
 * `orchestration_auth_encryption_key` - Key used to encrypt authentication info in the database. Length of this key must be 16, 24 or 32 characters. Comes from secrets databag.
202 98
 
203 99
 Testing
@@ -215,9 +111,11 @@ License and Author
215 111
 | **Author**           |  Ionut Artarisi (<iartarisi@suse.cz>)              |
216 112
 | **Author**           |  Mark Vanderwiel (<vanderwl@us.ibm.com>)           |
217 113
 | **Author**           |  Jan Klare (<j.klare@x-ion.de>)                    |
114
+| **Author**           |  Dr. Jens Rosenboom (<j.rosenboom@x-ion.de>)       |
218 115
 |                      |                                                    |
219 116
 | **Copyright**        |  Copyright (c) 2013-2014, IBM Corp.                |
220 117
 | **Copyright**        |  Copyright (c) 2014, SUSE Linux, GmbH.             |
118
+| **Copyright**        |  Copyright (c) 2016, x-ion GmbH.                   |
221 119
 
222 120
 Licensed under the Apache License, Version 2.0 (the "License");
223 121
 you may not use this file except in compliance with the License.

+ 28
- 166
attributes/default.rb View File

@@ -17,192 +17,54 @@
17 17
 # limitations under the License.
18 18
 #
19 19
 
20
+%w(public internal admin).each do |ep_type|
21
+  # openstack orchestration-api service endpoints (used by users and services)
22
+  default['openstack']['endpoints'][ep_type]['orchestration-api']['host'] = '127.0.0.1'
23
+  default['openstack']['endpoints'][ep_type]['orchestration-api']['scheme'] = 'http'
24
+  default['openstack']['endpoints'][ep_type]['orchestration-api']['path'] = '/v1/%(tenant_id)s'
25
+  default['openstack']['endpoints'][ep_type]['orchestration-api']['port'] = 8004
26
+  # openstack orchestration-api-cfn service endpoints (used by users and services)
27
+  default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['host'] = '127.0.0.1'
28
+  default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['scheme'] = 'http'
29
+  default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['path'] = '/v1'
30
+  default['openstack']['endpoints'][ep_type]['orchestration-api-cfn']['port'] = 8000
31
+  # openstack orchestration-api-cloudwatch service endpoints (used by users and services)
32
+  default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['host'] = '127.0.0.1'
33
+  default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['scheme'] = 'http'
34
+  default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['path'] = '/v1'
35
+  default['openstack']['endpoints'][ep_type]['orchestration-api-cloudwatch']['port'] = 8003
36
+end
37
+default['openstack']['bind_service']['all']['orchestration-api']['host'] = '127.0.0.1'
38
+default['openstack']['bind_service']['all']['orchestration-api']['port'] = 8004
39
+default['openstack']['bind_service']['all']['orchestration-api-cfn']['host'] = '127.0.0.1'
40
+default['openstack']['bind_service']['all']['orchestration-api-cfn']['port'] = 8000
41
+default['openstack']['bind_service']['all']['orchestration-api-cloudwatch']['host'] = '127.0.0.1'
42
+default['openstack']['bind_service']['all']['orchestration-api-cloudwatch']['port'] = 8003
43
+
20 44
 # Set to some text value if you want templated config files
21 45
 # to contain a custom banner at the top of the written file
22 46
 default['openstack']['orchestration']['custom_template_banner'] = '
23
-# This file autogenerated by Chef
47
+# This file was autogenerated by Chef
24 48
 # Do not edit, changes will be overwritten
25 49
 '
26 50
 
27
-default['openstack']['orchestration']['verbose'] = 'False'
28
-default['openstack']['orchestration']['debug'] = 'False'
29
-default['openstack']['orchestration']['log_dir'] = '/var/log/heat'
51
+default['openstack']['orchestration']['syslog']['use']
52
+
30 53
 # This is the name of the Chef role that will install the Keystone Service API
31 54
 default['openstack']['orchestration']['identity_service_chef_role'] = 'os-identity'
32 55
 
33
-# Number of heat-engine processes to fork and run.
34
-default['openstack']['orchestration']['num_engine_workers'] = nil
35
-# Number of workers for Heat api service.
36
-default['openstack']['orchestration']['api']['workers'] = 0
37
-# Number of workers for Heat api cfn service.
38
-default['openstack']['orchestration']['api_cfn']['workers'] = 0
39
-# Number of workers for Heat api cloudwatch service.
40
-default['openstack']['orchestration']['api_cloudwatch']['workers'] = 0
41
-
42
-# Gets set in the Heat Endpoint when registering with Keystone
43
-default['openstack']['orchestration']['region'] = node['openstack']['region']
44
-
45 56
 # The name of the Chef role that knows about the message queue server
46 57
 # that Heat uses
47 58
 default['openstack']['orchestration']['rabbit_server_chef_role'] = 'os-ops-messaging'
48 59
 
49
-default['openstack']['orchestration']['service_tenant_name'] = 'service'
50
-default['openstack']['orchestration']['service_user'] = 'heat'
51 60
 default['openstack']['orchestration']['service_role'] = 'service'
52 61
 
53 62
 default['openstack']['orchestration']['ec2authtoken']['auth']['version'] = 'v2.0'
54 63
 default['openstack']['orchestration']['api']['auth']['version'] = node['openstack']['api']['auth']['version']
55 64
 
56
-# A PEM encoded Certificate Authority to use for clients when verifying HTTPs connections.
57
-default['openstack']['orchestration']['clients']['ca_file'] = nil
58
-# Cert file to use for clients when verifying HTTPs connections.
59
-default['openstack']['orchestration']['clients']['cert_file'] = nil
60
-# Private key file to use for clients when verifying HTTPs connections.
61
-default['openstack']['orchestration']['clients']['key_file'] = nil
62
-# Whether to allow insecure SSL (https) requests when calling clients.
63
-default['openstack']['orchestration']['clients']['insecure'] = false
64
-
65
-# A PEM encoded Certificate Authority to use for clients_ceilometer when verifying HTTPs connections.
66
-default['openstack']['orchestration']['clients_ceilometer']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
67
-# Cert file to use for clients_ceilometer when verifying HTTPs connections.
68
-default['openstack']['orchestration']['clients_ceilometer']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
69
-# Private key file to use for clients_ceilometer when verifying HTTPs connections.
70
-default['openstack']['orchestration']['clients_ceilometer']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
71
-# Whether to allow insecure SSL (https) requests when calling clients_ceilometer.
72
-default['openstack']['orchestration']['clients_ceilometer']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
73
-
74
-# A PEM encoded Certificate Authority to use for clients_cinder when verifying HTTPs connections.
75
-default['openstack']['orchestration']['clients_cinder']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
76
-# Cert file to use for clients_cinder when verifying HTTPs connections.
77
-default['openstack']['orchestration']['clients_cinder']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
78
-# Private key file to use for clients_cinder when verifying HTTPs connections.
79
-default['openstack']['orchestration']['clients_cinder']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
80
-# Whether to allow insecure SSL (https) requests when calling clients_cinder.
81
-default['openstack']['orchestration']['clients_cinder']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
82
-
83
-# A PEM encoded Certificate Authority to use for clients_glance when verifying HTTPs connections.
84
-default['openstack']['orchestration']['clients_glance']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
85
-# Cert file to use for clients_glance when verifying HTTPs connections.
86
-default['openstack']['orchestration']['clients_glance']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
87
-# Private key file to use for clients_glance when verifying HTTPs connections.
88
-default['openstack']['orchestration']['clients_glance']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
89
-# Whether to allow insecure SSL (https) requests when calling clients_glance.
90
-default['openstack']['orchestration']['clients_glance']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
91
-
92
-# A PEM encoded Certificate Authority to use for clients_heat when verifying HTTPs connections.
93
-default['openstack']['orchestration']['clients_heat']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
94
-# Cert file to use for clients_heat when verifying HTTPs connections.
95
-default['openstack']['orchestration']['clients_heat']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
96
-# Private key file to use for clients_heat when verifying HTTPs connections.
97
-default['openstack']['orchestration']['clients_heat']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
98
-# Whether to allow insecure SSL (https) requests when calling clients_heat.
99
-default['openstack']['orchestration']['clients_heat']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
100
-
101
-# A PEM encoded Certificate Authority to use for clients_keystone when verifying HTTPs connections.
102
-default['openstack']['orchestration']['clients_keystone']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
103
-# Cert file to use for clients_keystone when verifying HTTPs connections.
104
-default['openstack']['orchestration']['clients_keystone']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
105
-# Private key file to use for clients_keystone when verifying HTTPs connections.
106
-default['openstack']['orchestration']['clients_keystone']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
107
-# Whether to allow insecure SSL (https) requests when calling clients_keystone.
108
-default['openstack']['orchestration']['clients_keystone']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
109
-
110
-# A PEM encoded Certificate Authority to use for clients_neutron when verifying HTTPs connections.
111
-default['openstack']['orchestration']['clients_neutron']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
112
-# Cert file to use for clients_neutron when verifying HTTPs connections.
113
-default['openstack']['orchestration']['clients_neutron']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
114
-# Private key file to use for clients_neutron when verifying HTTPs connections.
115
-default['openstack']['orchestration']['clients_neutron']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
116
-# Whether to allow insecure SSL (https) requests when calling clients_neutron.
117
-default['openstack']['orchestration']['clients_neutron']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
118
-
119
-# A PEM encoded Certificate Authority to use for clients_nova when verifying HTTPs connections.
120
-default['openstack']['orchestration']['clients_nova']['ca_file'] = node['openstack']['orchestration']['clients']['ca_file']
121
-# Cert file to use for clients_nova when verifying HTTPs connections.
122
-default['openstack']['orchestration']['clients_nova']['cert_file'] = node['openstack']['orchestration']['clients']['cert_file']
123
-# Private key file to use for clients_nova when verifying HTTPs connections.
124
-default['openstack']['orchestration']['clients_nova']['key_file'] = node['openstack']['orchestration']['clients']['key_file']
125
-# Whether to allow insecure SSL (https) requests when calling clients_nova.
126
-default['openstack']['orchestration']['clients_nova']['insecure'] = node['openstack']['orchestration']['clients']['insecure']
127
-
128
-# A list of memcached server(s) for caching
129
-default['openstack']['orchestration']['api']['auth']['memcached_servers'] = nil
130
-
131
-# Whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT
132
-default['openstack']['orchestration']['api']['auth']['memcache_security_strategy'] = nil
133
-
134
-# This string is used for key derivation
135
-default['openstack']['orchestration']['api']['auth']['memcache_secret_key'] = nil
136
-
137
-# Hash algorithms to use for hashing PKI tokens
138
-default['openstack']['orchestration']['api']['auth']['hash_algorithms'] = 'md5'
139
-
140
-# A PEM encoded Certificate Authority to use when verifying HTTPs connections
141
-default['openstack']['orchestration']['api']['auth']['cafile'] = nil
142
-
143
-# Whether to allow the client to perform insecure SSL (https) requests
144
-default['openstack']['orchestration']['api']['auth']['insecure'] = false
145
-
146
-# Keystone role for heat template-defined users. (string value)
147
-default['openstack']['orchestration']['heat_stack_user_role'] = nil
148
-
149
-# Keystone domain id which contains heat template-defined users.
150
-# If this option is set, stack_user_domain_name option
151
-# will be ignored. (string value)
152
-default['openstack']['orchestration']['stack_user_domain_id'] = nil
153
-
154
-# Keystone domain name which contains heat template-defined users. (string value)
155
-default['openstack']['orchestration']['stack_user_domain_name'] = nil
156
-
157
-# Keystone username, a user with roles sufficient to manage
158
-# users and projects in the stack_user_domain. (string value)
159
-default['openstack']['orchestration']['stack_domain_admin'] = nil
160
-
161
-# Select deferred auth method, stored password or trusts.
162
-default['openstack']['orchestration']['deferred_auth_method'] = 'trusts'
163
-
164
-# If true, will passing stack information to scheduler hints when creating instances.
165
-default['openstack']['orchestration']['stack_scheduler_hints'] = false
166
-
167
-# If set, heat API service will bind to the address on this interface,
168
-# otherwise it will bind to the API endpoint's host.
169
-default['openstack']['orchestration']['api']['bind_interface'] = nil
170
-
171
-# If set, heat api-cfn service will bind to the address on this interface,
172
-# otherwise it will bind to the API endpoint's host.
173
-default['openstack']['orchestration']['api-cfn']['bind_interface'] = nil
174
-
175
-# If set, heat api-cloudwatch service will bind to the address on this interface,
176
-# otherwise it will bind to the API endpoint's host.
177
-default['openstack']['orchestration']['api-cloudwatch']['bind_interface'] = nil
178
-
179
-# Keystone PKI signing directory. Only written to the filter:authtoken section
180
-# of the api-paste.ini when node['openstack']['auth']['strategy'] == 'pki'
181
-default['openstack']['orchestration']['api']['auth']['cache_dir'] = '/var/cache/heat'
182
-
183
-# logging attribute
184
-default['openstack']['orchestration']['syslog']['use'] = false
185
-default['openstack']['orchestration']['syslog']['facility'] = 'LOG_LOCAL2'
186
-default['openstack']['orchestration']['syslog']['config_facility'] = 'local2'
187
-
188
-# Common rpc definitions
189
-default['openstack']['orchestration']['rpc_thread_pool_size'] = 64
190
-default['openstack']['orchestration']['rpc_conn_pool_size'] = 30
191
-default['openstack']['orchestration']['rpc_response_timeout'] = 60
192
-
193
-# Notification definitions
194
-default['openstack']['orchestration']['notification_driver'] = 'heat.openstack.common.notifier.rpc_notifier'
195
-default['openstack']['orchestration']['default_notification_level'] = 'INFO'
196
-default['openstack']['orchestration']['default_publisher_id'] = ''
197
-default['openstack']['orchestration']['list_notifier_drivers'] = 'heat.openstack.common.notifier.no_op_notifier'
198
-default['openstack']['orchestration']['notification_topics'] = 'notifications'
199
-
200
-# Array of options for `heat.conf` (e.g. ['option1=value1', 'option2=value2'])
201
-default['openstack']['orchestration']['misc_heat'] = nil
202
-
203 65
 # platform-specific settings
204 66
 case platform_family
205
-when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
67
+when 'rhel'
206 68
   default['openstack']['orchestration']['user'] = 'heat'
207 69
   default['openstack']['orchestration']['group'] = 'heat'
208 70
   default['openstack']['orchestration']['platform'] = {

+ 26
- 0
attributes/heat_conf.rb View File

@@ -0,0 +1,26 @@
1
+# encoding: UTF-8
2
+#
3
+# Cookbook Name:: openstack-orchestration
4
+# Attributes:: default
5
+#
6
+# Copyright 2013, IBM Corp.
7
+# Licensed under the Apache License, Version 2.0 (the "License");
8
+# you may not use this file except in compliance with the License.
9
+# You may obtain a copy of the License at
10
+#
11
+#     http://www.apache.org/licenses/LICENSE-2.0
12
+#
13
+# Unless required by applicable law or agreed to in writing, software
14
+# distributed under the License is distributed on an "AS IS" BASIS,
15
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
+# See the License for the specific language governing permissions and
17
+# limitations under the License.
18
+#
19
+
20
+default['openstack']['orchestration']['conf']['DEFAULT']['log_dir'] = '/var/log/heat'
21
+default['openstack']['orchestration']['conf']['DEFAULT']['notification_driver'] = 'heat.openstack.common.notifier.rpc_notifier'
22
+default['openstack']['orchestration']['conf']['keystone_authtoken']['auth_plugin'] = 'v2password'
23
+default['openstack']['orchestration']['conf']['keystone_authtoken']['username'] = 'heat'
24
+default['openstack']['orchestration']['conf']['keystone_authtoken']['tenant_name'] = 'service'
25
+default['openstack']['orchestration']['conf']['trustee']['auth_plugin'] = 'v2password'
26
+default['openstack']['orchestration']['conf']['trustee']['username'] = 'heat'

+ 4
- 4
metadata.rb View File

@@ -5,7 +5,7 @@ maintainer_email 'openstack-dev@lists.openstack.org'
5 5
 license 'Apache 2.0'
6 6
 description 'Installs and configures the Heat Service'
7 7
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
8
-version '12.0.0'
8
+version '13.0.0'
9 9
 recipe 'openstack-orchestration::api', 'Start and configure the Heat API service'
10 10
 recipe 'openstack-orchestration::api-cfn', 'Start and configure the Heat API CloudFormation service'
11 11
 recipe 'openstack-orchestration::api-cloudwatch', 'Start and configure the Heat API CloudWatch service'
@@ -14,9 +14,9 @@ recipe 'openstack-orchestration::common', 'Installs packages and configures a He
14 14
 recipe 'openstack-orchestration::engine', 'Sets up Heat database and starts Heat Engine service'
15 15
 recipe 'openstack-orchestration::identity_registration', 'Registers Heat service, user and endpoints with Keystone'
16 16
 
17
-%w(ubuntu fedora redhat centos).each do |os|
17
+%w(ubuntu redhat centos).each do |os|
18 18
   supports os
19 19
 end
20 20
 
21
-depends 'openstack-common', '>= 12.0.0'
22
-depends 'openstack-identity', '>= 12.0.0'
21
+depends 'openstack-common', '>= 13.0.0'
22
+depends 'openstack-identity', '>= 13.0.0'

+ 63
- 56
recipes/common.rb View File

@@ -49,91 +49,98 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg|
49 49
   end
50 50
 end
51 51
 
52
+unless node['openstack']['orchestration']['conf']['DEFAULT']['rpc_backend'].nil? &&
53
+       node['openstack']['orchestration']['conf']['DEFAULT']['rpc_backend'] == 'rabbit'
54
+  user = node['openstack']['mq']['orchestration']['rabbit']['userid']
55
+  node.default['openstack']['orchestration']['conf']
56
+  .[]('oslo_messaging_rabbit')['rabbit_userid'] = user
57
+  node.default['openstack']['orchestration']['conf_secrets']
58
+  .[]('oslo_messaging_rabbit')['rabbit_password'] =
59
+    get_password 'user', user
60
+end
61
+
52 62
 db_user = node['openstack']['db']['orchestration']['username']
53 63
 db_pass = get_password 'db', 'heat'
54
-sql_connection = db_uri('orchestration', db_user, db_pass)
55
-
56
-identity_endpoint = internal_endpoint 'identity-internal'
57
-identity_admin_endpoint = admin_endpoint 'identity-admin'
58
-heat_api_bind = internal_endpoint 'orchestration-api-bind'
59
-heat_api_endpoint = internal_endpoint 'orchestration-api'
60
-heat_api_cfn_bind = internal_endpoint 'orchestration-api-cfn-bind'
61
-heat_api_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
62
-heat_api_cloudwatch_bind = internal_endpoint 'orchestration-api-cloudwatch-bind'
63
-heat_api_cloudwatch_endpoint = internal_endpoint 'orchestration-api-cloudwatch'
64
-
65
-service_pass = get_password 'service', 'openstack-orchestration'
66
-auth_encryption_key = get_password 'token', 'orchestration_auth_encryption_key'
67
-
68
-stack_domain_admin_password = nil
69
-if node['openstack']['orchestration']['stack_domain_admin']
70
-  stack_domain_admin_password = get_password 'user', node['openstack']['orchestration']['stack_domain_admin']
71
-end
64
+
65
+identity_endpoint = internal_endpoint 'identity'
66
+identity_admin_endpoint = admin_endpoint 'identity'
67
+
68
+bind_services = node['openstack']['bind_service']['all']
69
+api_bind = bind_services['orchestration-api']
70
+api_cfn_bind = bind_services['orchestration-api-cfn']
71
+api_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
72
+api_cw_bind = bind_services['orchestration-api-cloudwatch']
73
+api_cw_endpoint = internal_endpoint 'orchestration-api-cloudwatch'
72 74
 
73 75
 ec2_auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['ec2authtoken']['auth']['version']
74 76
 auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['api']['auth']['version']
75
-identity_uri = identity_uri_transform(identity_admin_endpoint)
76 77
 
77
-mq_service_type = node['openstack']['mq']['orchestration']['service_type']
78
+# We need these URIs without their default path
79
+metadata_uri = "#{api_cfn_endpoint.scheme}://#{api_cfn_endpoint.host}:#{api_cfn_endpoint.port}"
80
+watch_uri = "#{api_cw_endpoint.scheme}://#{api_cw_endpoint.host}:#{api_cw_endpoint.port}"
81
+
82
+# define attributes that are needed in the heat.conf
83
+node.default['openstack']['orchestration']['conf'].tap do |conf|
84
+  conf['DEFAULT']['heat_metadata_server_url'] = metadata_uri
85
+  conf['DEFAULT']['heat_waitcondition_server_url'] = "#{api_cfn_endpoint}/waitcondition"
86
+  conf['DEFAULT']['heat_watch_server_url'] = watch_uri
87
+  conf['DEFAULT']['region_name_for_services'] = node['openstack']['region']
88
+  conf['clients_keystone']['auth_uri'] = auth_uri
89
+  conf['ec2authtoken']['auth_uri'] = ec2_auth_uri
90
+  conf['heat_api']['bind_host'] = bind_address api_bind
91
+  conf['heat_api']['bind_port'] = api_bind.port
92
+  conf['heat_api_cfn']['bind_host'] = bind_address api_cfn_bind
93
+  conf['heat_api_cfn']['bind_port'] = api_cfn_bind.port
94
+  conf['heat_api_cloudwatch']['bind_host'] = bind_address api_cw_bind
95
+  conf['heat_api_cloudwatch']['bind_port'] = api_cw_bind.port
96
+  conf['keystone_authtoken']['auth_url'] = auth_uri
97
+  conf['trustee']['auth_url'] = identity_admin_endpoint
98
+end
78 99
 
79
-if mq_service_type == 'rabbitmq'
80
-  if node['openstack']['mq']['orchestration']['rabbit']['ha']
81
-    rabbit_hosts = rabbit_servers
82
-  end
83
-  mq_password = get_password 'user', node['openstack']['mq']['orchestration']['rabbit']['userid']
84
-elsif mq_service_type == 'qpid'
85
-  mq_password = get_password 'user', node['openstack']['mq']['orchestration']['qpid']['username']
100
+# define secrets that are needed in the heat.conf
101
+node.default['openstack']['orchestration']['conf_secrets'].tap do |conf_secrets|
102
+  conf_secrets['DEFAULT']['auth_encryption_key'] =
103
+    get_password 'token', 'orchestration_auth_encryption_key'
104
+  conf_secrets['database']['connection'] =
105
+    db_uri('orchestration', db_user, db_pass)
106
+  conf_secrets['keystone_authtoken']['password'] =
107
+    get_password 'service', 'openstack-orchestration'
108
+  conf_secrets['trustee']['password'] =
109
+    get_password 'service', 'openstack-orchestration'
86 110
 end
87 111
 
112
+# merge all config options and secrets to be used in the heat.conf
113
+heat_conf_options = merge_config_options 'orchestration'
114
+
88 115
 directory '/etc/heat' do
89
-  group node['openstack']['orchestration']['group']
90 116
   owner node['openstack']['orchestration']['user']
91
-  mode 00700
92
-  action :create
93
-end
94
-
95
-directory '/etc/heat/environment.d' do
96 117
   group node['openstack']['orchestration']['group']
97
-  owner node['openstack']['orchestration']['user']
98
-  mode 00700
118
+  mode 00750
99 119
   action :create
100 120
 end
101 121
 
102
-directory node['openstack']['orchestration']['api']['auth']['cache_dir'] do
122
+directory '/etc/heat/environment.d' do
103 123
   owner node['openstack']['orchestration']['user']
104 124
   group node['openstack']['orchestration']['group']
105
-  mode 00700
125
+  mode 00750
126
+  action :create
106 127
 end
107 128
 
108 129
 template '/etc/heat/heat.conf' do
109
-  source 'heat.conf.erb'
110
-  group node['openstack']['orchestration']['group']
130
+  source 'openstack-service.conf.erb'
131
+  cookbook 'openstack-common'
111 132
   owner node['openstack']['orchestration']['user']
133
+  group node['openstack']['orchestration']['group']
112 134
   mode 00640
113 135
   variables(
114
-    stack_domain_admin_password: stack_domain_admin_password,
115
-    mq_service_type: mq_service_type,
116
-    mq_password: mq_password,
117
-    rabbit_hosts: rabbit_hosts,
118
-    ec2_auth_uri: ec2_auth_uri,
119
-    auth_uri: auth_uri,
120
-    identity_uri: identity_uri,
121
-    service_pass: service_pass,
122
-    auth_encryption_key: auth_encryption_key,
123
-    sql_connection: sql_connection,
124
-    heat_api_bind: heat_api_bind,
125
-    heat_api_endpoint: heat_api_endpoint,
126
-    heat_api_cfn_bind: heat_api_cfn_bind,
127
-    heat_api_cfn_endpoint: heat_api_cfn_endpoint,
128
-    heat_api_cloudwatch_bind: heat_api_cloudwatch_bind,
129
-    heat_api_cloudwatch_endpoint: heat_api_cloudwatch_endpoint
136
+    service_config: heat_conf_options
130 137
   )
131 138
 end
132 139
 
133 140
 template '/etc/heat/environment.d/default.yaml' do
134 141
   source 'default.yaml.erb'
135
-  group node['openstack']['orchestration']['group']
136 142
   owner node['openstack']['orchestration']['user']
143
+  group node['openstack']['orchestration']['group']
137 144
   mode 00644
138 145
 end
139 146
 

+ 4
- 41
recipes/identity_registration.rb View File

@@ -24,7 +24,7 @@ class ::Chef::Recipe # rubocop:disable Documentation
24 24
   include ::Openstack
25 25
 end
26 26
 
27
-identity_admin_endpoint = admin_endpoint 'identity-admin'
27
+identity_admin_endpoint = admin_endpoint 'identity'
28 28
 
29 29
 token = get_password 'token', 'openstack_identity_bootstrap_token'
30 30
 auth_url = ::URI.decode identity_admin_endpoint.to_s
@@ -37,11 +37,10 @@ internal_heat_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
37 37
 public_heat_cfn_endpoint = public_endpoint 'orchestration-api-cfn'
38 38
 
39 39
 service_pass = get_password 'service', 'openstack-orchestration'
40
-service_tenant_name = node['openstack']['orchestration']['service_tenant_name']
41
-service_user = node['openstack']['orchestration']['service_user']
40
+service_tenant_name = node['openstack']['orchestration']['conf']['keystone_authtoken']['tenant_name']
41
+service_user = node['openstack']['orchestration']['conf']['keystone_authtoken']['username']
42 42
 service_role = node['openstack']['orchestration']['service_role']
43
-region = node['openstack']['orchestration']['region']
44
-stack_user_role = node['openstack']['orchestration']['heat_stack_user_role']
43
+region = node['openstack']['orchestration']['conf']['DEFAULT']['region_name_for_services']
45 44
 
46 45
 # Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927),
47 46
 # See discussions on https://bugs.launchpad.net/heat/+bug/1167927
@@ -133,39 +132,3 @@ openstack_identity_register "Grant '#{service_role}' Role to #{service_user} Use
133 132
 
134 133
   action :grant_role
135 134
 end
136
-
137
-## Create role for heat template defined users ##
138
-openstack_identity_register "Create '#{stack_user_role}' Role for template defined users" do
139
-  auth_uri auth_url
140
-  bootstrap_token token
141
-  role_name stack_user_role
142
-
143
-  action :create_role
144
-  not_if { stack_user_role.nil? }
145
-end
146
-
147
-stack_user_domain_name = node['openstack']['orchestration']['stack_user_domain_name']
148
-stack_domain_admin = node['openstack']['orchestration']['stack_domain_admin']
149
-
150
-if !stack_user_role.nil? && !stack_user_domain_name.nil? && !stack_domain_admin.nil?
151
-  stack_domain_admin_password = get_password 'user', stack_domain_admin
152
-  admin_user = node['openstack']['identity']['admin_user']
153
-  admin_pass = get_password 'user', admin_user
154
-  ca_cert = node['openstack']['orchestration']['clients']['ca_file']
155
-  cert_file = node['openstack']['orchestration']['clients']['cert_file']
156
-  key_file = node['openstack']['orchestration']['clients']['key_file']
157
-  insecure = node['openstack']['orchestration']['clients']['insecure'] && '--insecure' || ''
158
-
159
-  execute 'heat-keystone-setup-domain' do
160
-    environment 'OS_USERNAME' => admin_user,
161
-                'OS_PASSWORD' => admin_pass,
162
-                'OS_AUTH_URL' => auth_url,
163
-                'OS_CACERT' => ca_cert,
164
-                'OS_CERT' => cert_file,
165
-                'OS_KEY' => key_file,
166
-                'HEAT_DOMAIN' => stack_user_domain_name,
167
-                'HEAT_DOMAIN_ADMIN' => stack_domain_admin,
168
-                'HEAT_DOMAIN_PASSWORD' => stack_domain_admin_password
169
-    command "heat-keystone-setup-domain #{insecure}"
170
-  end
171
-end

+ 0
- 9
spec/common_spec.rb View File

@@ -31,14 +31,5 @@ describe 'openstack-orchestration::common' do
31 31
       expect(chef_run).not_to upgrade_package 'python-ibm-db'
32 32
       expect(chef_run).not_to upgrade_package 'python-ibm-db-sa'
33 33
     end
34
-
35
-    describe 'heat.conf' do
36
-      let(:file) { chef_run.template('/etc/heat/heat.conf') }
37
-
38
-      it 'adds misc_heat array correctly' do
39
-        node.set['openstack']['orchestration']['misc_heat'] = ['MISC_OPTION=FOO']
40
-        expect(chef_run).to render_file(file.name).with_content('MISC_OPTION=FOO')
41
-      end
42
-    end
43 34
   end
44 35
 end

+ 3
- 198
spec/identity_registration_spec.rb View File

@@ -68,83 +68,14 @@ describe 'openstack-orchestration::identity_registration' do
68 68
       )
69 69
     end
70 70
 
71
-    it 'register heat-api endpoint with different admin url' do
71
+    it 'registers heat-api endpoint with different urls' do
72 72
       admin_url = 'https://admin.host:123/admin_path'
73
-      general_url = 'http://general.host:456/general_path'
74
-
75
-      # Set the general endpoint
76
-      node.set['openstack']['endpoints']['orchestration-api']['uri'] = general_url
77
-      # Set the admin endpoint override
78
-      node.set['openstack']['endpoints']['admin']['orchestration-api']['uri'] = admin_url
79
-
80
-      expect(chef_run).to create_endpoint_openstack_identity_register(
81
-        'Register Heat Orchestration Endpoint'
82
-      ).with(
83
-        auth_uri: 'http://127.0.0.1:35357/v2.0',
84
-        bootstrap_token: 'bootstrap-token',
85
-        service_type: 'orchestration',
86
-        endpoint_region: 'RegionOne',
87
-        endpoint_adminurl: admin_url,
88
-        endpoint_internalurl: general_url,
89
-        endpoint_publicurl: general_url,
90
-        action: [:create_endpoint]
91
-      )
92
-    end
93
-
94
-    it 'register heat-api endpoint with different public url' do
95
-      public_url = 'https://public.host:789/public_path'
96
-      general_url = 'http://general.host:456/general_path'
97
-
98
-      # Set the general endpoint
99
-      node.set['openstack']['endpoints']['orchestration-api']['uri'] = general_url
100
-      # Set the public endpoint override
101
-      node.set['openstack']['endpoints']['public']['orchestration-api']['uri'] = public_url
102
-
103
-      expect(chef_run).to create_endpoint_openstack_identity_register(
104
-        'Register Heat Orchestration Endpoint'
105
-      ).with(
106
-        auth_uri: 'http://127.0.0.1:35357/v2.0',
107
-        bootstrap_token: 'bootstrap-token',
108
-        service_type: 'orchestration',
109
-        endpoint_region: 'RegionOne',
110
-        endpoint_adminurl: general_url,
111
-        endpoint_internalurl: general_url,
112
-        endpoint_publicurl: public_url,
113
-        action: [:create_endpoint]
114
-      )
115
-    end
116
-
117
-    it 'register heat-api endpoint with different internal url' do
73
+      public_url = 'http://public.host:456/public_path'
118 74
       internal_url = 'http://internal.host:456/internal_path'
119
-      general_url = 'http://general.host:456/general_path'
120
-
121
-      # Set general endpoint
122
-      node.set['openstack']['endpoints']['orchestration-api']['uri'] = general_url
123
-      # Set the internal endpoint override
124
-      node.set['openstack']['endpoints']['internal']['orchestration-api']['uri'] = internal_url
125
-
126
-      expect(chef_run).to create_endpoint_openstack_identity_register(
127
-        'Register Heat Orchestration Endpoint'
128
-      ).with(
129
-        auth_uri: 'http://127.0.0.1:35357/v2.0',
130
-        bootstrap_token: 'bootstrap-token',
131
-        service_type: 'orchestration',
132
-        endpoint_region: 'RegionOne',
133
-        endpoint_adminurl: general_url,
134
-        endpoint_internalurl: internal_url,
135
-        endpoint_publicurl: general_url,
136
-        action: [:create_endpoint]
137
-      )
138
-    end
139
-
140
-    it 'register heat-api endpoint with all different urls' do
141
-      admin_url = 'https://admin.host:123/admin_path'
142
-      internal_url = 'http://internal.host:456/internal_path'
143
-      public_url = 'https://public.host:789/public_path'
144 75
 
145 76
       node.set['openstack']['endpoints']['admin']['orchestration-api']['uri'] = admin_url
146
-      node.set['openstack']['endpoints']['internal']['orchestration-api']['uri'] = internal_url
147 77
       node.set['openstack']['endpoints']['public']['orchestration-api']['uri'] = public_url
78
+      node.set['openstack']['endpoints']['internal']['orchestration-api']['uri'] = internal_url
148 79
 
149 80
       expect(chef_run).to create_endpoint_openstack_identity_register(
150 81
         'Register Heat Orchestration Endpoint'
@@ -175,69 +106,6 @@ describe 'openstack-orchestration::identity_registration' do
175 106
       )
176 107
     end
177 108
 
178
-    it 'register heat-cfn endpoint with different admin url' do
179
-      admin_url = 'https://admin.host:123/admin_path'
180
-      general_url = 'http://general.host:456/general_path'
181
-      # Set the general endpoint
182
-      node.set['openstack']['endpoints']['orchestration-api-cfn']['uri'] = general_url
183
-      # Set the admin endpoint override
184
-      node.set['openstack']['endpoints']['admin']['orchestration-api-cfn']['uri'] = admin_url
185
-      expect(chef_run).to create_endpoint_openstack_identity_register(
186
-        'Register Heat Cloudformation Endpoint'
187
-      ).with(
188
-        auth_uri: 'http://127.0.0.1:35357/v2.0',
189
-        bootstrap_token: 'bootstrap-token',
190
-        service_type: 'cloudformation',
191
-        endpoint_region: 'RegionOne',
192
-        endpoint_adminurl: admin_url,
193
-        endpoint_internalurl: general_url,
194
-        endpoint_publicurl: general_url,
195
-        action: [:create_endpoint]
196
-      )
197
-    end
198
-
199
-    it 'register heat-cfn endpoint with different public url' do
200
-      public_url = 'https://public.host:789/public_path'
201
-      general_url = 'http://general.host:456/general_path'
202
-      # Set the general endpoint
203
-      node.set['openstack']['endpoints']['orchestration-api-cfn']['uri'] = general_url
204
-      # Set the public endpoint override
205
-      node.set['openstack']['endpoints']['public']['orchestration-api-cfn']['uri'] = public_url
206
-      expect(chef_run).to create_endpoint_openstack_identity_register(
207
-        'Register Heat Cloudformation Endpoint'
208
-      ).with(
209
-        auth_uri: 'http://127.0.0.1:35357/v2.0',
210
-        bootstrap_token: 'bootstrap-token',
211
-        service_type: 'cloudformation',
212
-        endpoint_region: 'RegionOne',
213
-        endpoint_adminurl: general_url,
214
-        endpoint_internalurl: general_url,
215
-        endpoint_publicurl: public_url,
216
-        action: [:create_endpoint]
217
-      )
218
-    end
219
-
220
-    it 'register heat-cfn endpoint with different internal url' do
221
-      internal_url = 'http://internal.host:456/internal_path'
222
-      general_url = 'http://general.host:456/general_path'
223
-      # Set the general endpoint
224
-      node.set['openstack']['endpoints']['orchestration-api-cfn']['uri'] = general_url
225
-      # Set the internal endpoint override
226
-      node.set['openstack']['endpoints']['internal']['orchestration-api-cfn']['uri'] = internal_url
227
-      expect(chef_run).to create_endpoint_openstack_identity_register(
228
-        'Register Heat Cloudformation Endpoint'
229
-      ).with(
230
-        auth_uri: 'http://127.0.0.1:35357/v2.0',
231
-        bootstrap_token: 'bootstrap-token',
232
-        service_type: 'cloudformation',
233
-        endpoint_region: 'RegionOne',
234
-        endpoint_adminurl: general_url,
235
-        endpoint_internalurl: internal_url,
236
-        endpoint_publicurl: general_url,
237
-        action: [:create_endpoint]
238
-      )
239
-    end
240
-
241 109
     it 'register heat-cfn endpoint with all different urls' do
242 110
       admin_url = 'https://admin.host:123/admin_path'
243 111
       internal_url = 'http://internal.host:456/internal_path'
@@ -308,68 +176,5 @@ describe 'openstack-orchestration::identity_registration' do
308 176
         action: [:create_role]
309 177
       )
310 178
     end
311
-
312
-    it 'creates role for template defined users' do
313
-      node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
314
-      expect(chef_run).to create_role_openstack_identity_register(
315
-        "Create 'heat_stack_user' Role for template defined users"
316
-      ).with(
317
-        auth_uri: 'http://127.0.0.1:35357/v2.0',
318
-        bootstrap_token: 'bootstrap-token',
319
-        role_name: 'heat_stack_user',
320
-        action: [:create_role]
321
-      )
322
-    end
323
-
324
-    it 'does not call domain setup script by default' do
325
-      expect(chef_run).not_to run_execute('heat-keystone-setup-domain')
326
-    end
327
-
328
-    it 'calls domain setup script with insecure mode' do
329
-      node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
330
-      node.set['openstack']['orchestration']['stack_user_domain_name'] = 'stack_user_domain_name'
331
-      node.set['openstack']['orchestration']['stack_domain_admin'] = 'stack_domain_admin'
332
-      node.set['openstack']['orchestration']['clients']['insecure'] = true
333
-      node.set['openstack']['endpoints']['identity-admin']['scheme'] = 'https'
334
-
335
-      expect(chef_run).to run_execute('heat-keystone-setup-domain --insecure')
336
-        .with(
337
-          environment: { 'OS_USERNAME' => 'admin',
338
-                         'OS_PASSWORD' => 'admin_pass',
339
-                         'OS_AUTH_URL' => 'https://127.0.0.1:35357/v2.0',
340
-                         'OS_CACERT' => nil,
341
-                         'OS_CERT' => nil,
342
-                         'OS_KEY' => nil,
343
-                         'HEAT_DOMAIN' => 'stack_user_domain_name',
344
-                         'HEAT_DOMAIN_ADMIN' => 'stack_domain_admin',
345
-                         'HEAT_DOMAIN_PASSWORD' => 'stack_domain_admin_pass'
346
-          }
347
-        )
348
-    end
349
-
350
-    it 'calls domain setup script with secure mode' do
351
-      node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
352
-      node.set['openstack']['orchestration']['stack_user_domain_name'] = 'stack_user_domain_name'
353
-      node.set['openstack']['orchestration']['stack_domain_admin'] = 'stack_domain_admin'
354
-      node.set['openstack']['orchestration']['clients']['insecure'] = false
355
-      node.set['openstack']['orchestration']['clients']['ca_file'] = 'path/cacert'
356
-      node.set['openstack']['orchestration']['clients']['cert_file'] = 'path/cert_file'
357
-      node.set['openstack']['orchestration']['clients']['key_file'] = 'path/key_file'
358
-      node.set['openstack']['endpoints']['identity-admin']['scheme'] = 'https'
359
-
360
-      expect(chef_run).to run_execute('heat-keystone-setup-domain ')
361
-        .with(
362
-          environment: { 'OS_USERNAME' => 'admin',
363
-                         'OS_PASSWORD' => 'admin_pass',
364
-                         'OS_AUTH_URL' => 'https://127.0.0.1:35357/v2.0',
365
-                         'OS_CACERT' => 'path/cacert',
366
-                         'OS_CERT' => 'path/cert_file',
367
-                         'OS_KEY' => 'path/key_file',
368
-                         'HEAT_DOMAIN' => 'stack_user_domain_name',
369
-                         'HEAT_DOMAIN_ADMIN' => 'stack_domain_admin',
370
-                         'HEAT_DOMAIN_PASSWORD' => 'stack_domain_admin_pass'
371
-          }
372
-        )
373
-    end
374 179
   end
375 180
 end

+ 53
- 318
spec/spec_helper.rb View File

@@ -43,15 +43,9 @@ shared_context 'orchestration_stubs' do
43 43
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
44 44
       .with('user', 'admin-user')
45 45
       .and_return 'admin-pass'
46
-    allow_any_instance_of(Chef::Recipe).to receive(:get_password)
47
-      .with('user', 'heat_stack_admin')
48
-      .and_return 'heat_stack_domain_admin_password'
49 46
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
50 47
       .with('service', 'openstack-orchestration')
51 48
       .and_return 'heat-pass'
52
-    allow_any_instance_of(Chef::Recipe).to receive(:get_password)
53
-      .with('user', 'stack_domain_admin')
54
-      .and_return 'stack_domain_admin_pass'
55 49
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
56 50
       .with('user', 'admin')
57 51
       .and_return 'admin_pass'
@@ -103,7 +97,7 @@ shared_examples 'expects to create heat directories' do
103 97
     expect(chef_run).to create_directory('/etc/heat').with(
104 98
       owner: 'heat',
105 99
       group: 'heat',
106
-      mode: 0700
100
+      mode: 0750
107 101
     )
108 102
   end
109 103
 
@@ -111,15 +105,7 @@ shared_examples 'expects to create heat directories' do
111 105
     expect(chef_run).to create_directory('/etc/heat/environment.d').with(
112 106
       owner: 'heat',
113 107
       group: 'heat',
114
-      mode: 0700
115
-    )
116
-  end
117
-
118
-  it 'creates /var/cache/heat' do
119
-    expect(chef_run).to create_directory('/var/cache/heat').with(
120
-      owner: 'heat',
121
-      group: 'heat',
122
-      mode: 0700
108
+      mode: 0750
123 109
     )
124 110
   end
125 111
 end
@@ -136,356 +122,105 @@ shared_examples 'expects to create heat conf' do
136 122
       )
137 123
     end
138 124
 
139
-    describe 'workers' do
140
-      it 'has default worker values' do
141
-        [
142
-          'heat_api',
143
-          'heat_api_cfn',
144
-          'heat_api_cloudwatch'
145
-        ].each do |section|
146
-          expect(chef_run).to render_config_file(file.name).with_section_content(section, /^workers=0$/)
147
-        end
148
-      end
149
-
150
-      it 'has engine workers not set by default' do
151
-        expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^num_engine_workers=/)
152
-      end
153
-
154
-      it 'allows engine workers override' do
155
-        node.set['openstack']['orchestration']['num_engine_workers'] = 5
156
-        expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^num_engine_workers=5$/)
157
-      end
158
-    end
159
-
160
-    it 'uses default values for these attributes and they are not set' do
161
-      expect(chef_run).not_to render_file(file.name).with_content(
162
-        /^memcached_servers=/)
163
-      expect(chef_run).not_to render_file(file.name).with_content(
164
-        /^memcache_security_strategy=/)
165
-      expect(chef_run).not_to render_file(file.name).with_content(
166
-        /^memcache_secret_key=/)
167
-      expect(chef_run).not_to render_file(file.name).with_content(
168
-        /^cafile=/)
169
-    end
170
-
171
-    it 'sets memcached server(s)' do
172
-      node.set['openstack']['orchestration']['api']['auth']['memcached_servers'] = 'localhost:11211'
173
-      expect(chef_run).to render_file(file.name).with_content(/^memcached_servers=localhost:11211$/)
174
-    end
175
-
176
-    it 'sets memcache security strategy' do
177
-      node.set['openstack']['orchestration']['api']['auth']['memcache_security_strategy'] = 'MAC'
178
-      expect(chef_run).to render_file(file.name).with_content(/^memcache_security_strategy=MAC$/)
179
-    end
180
-
181
-    it 'sets memcache secret key' do
182
-      node.set['openstack']['orchestration']['api']['auth']['memcache_secret_key'] = '0123456789ABCDEF'
183
-      expect(chef_run).to render_file(file.name).with_content(/^memcache_secret_key=0123456789ABCDEF$/)
184
-    end
185
-
186
-    it 'sets cafile' do
187
-      node.set['openstack']['orchestration']['api']['auth']['cafile'] = 'dir/to/path'
188
-      expect(chef_run).to render_file(file.name).with_content(%r{^cafile=dir/to/path$})
189
-    end
190
-
191
-    it 'sets token hash algorithms' do
192
-      node.set['openstack']['orchestration']['api']['auth']['hash_algorithms'] = 'sha2'
193
-      expect(chef_run).to render_file(file.name).with_content(/^hash_algorithms=sha2$/)
194
-    end
195
-
196
-    it 'sets insecure' do
197
-      node.set['openstack']['orchestration']['api']['auth']['insecure'] = false
198
-      expect(chef_run).to render_file(file.name).with_content(/^insecure=false$/)
199
-    end
200
-
201 125
     it 'sets auth_encryption_key' do
202
-      expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^auth_encryption_key=auth_encryption_key_secret$/)
203
-    end
204
-
205
-    describe 'default values for certificates files' do
206
-      it 'has no such values' do
207
-        [
208
-          /^ca_file=/,
209
-          /^cert_file=/,
210
-          /^key_file=/
211
-        ].each do |line|
212
-          expect(chef_run).not_to render_file(file.name).with_content(line)
213
-        end
214
-      end
215
-
216
-      it 'sets clients ca_file cert_file key_file insecure' do
217
-        node.set['openstack']['orchestration']['clients']['ca_file'] = 'dir/to/path'
218
-        node.set['openstack']['orchestration']['clients']['cert_file'] = 'dir/to/path'
219
-        node.set['openstack']['orchestration']['clients']['key_file'] = 'dir/to/path'
220
-        node.set['openstack']['orchestration']['clients']['insecure'] = true
221
-        expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
222
-        expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
223
-        expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
224
-        expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
225
-      end
226
-
227
-      it 'sets clients_ceilometer ca_file cert_file key_file insecure' do
228
-        node.set['openstack']['orchestration']['clients_ceilometer']['ca_file'] = 'dir/to/path'
229
-        node.set['openstack']['orchestration']['clients_ceilometer']['cert_file'] = 'dir/to/path'
230
-        node.set['openstack']['orchestration']['clients_ceilometer']['key_file'] = 'dir/to/path'
231
-        node.set['openstack']['orchestration']['clients_ceilometer']['insecure'] = true
232
-        expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
233
-        expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
234
-        expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
235
-        expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
236
-      end
237
-
238
-      it 'sets clients_cinder ca_file cert_file key_file insecure' do
239
-        node.set['openstack']['orchestration']['clients_cinder']['ca_file'] = 'dir/to/path'
240
-        node.set['openstack']['orchestration']['clients_cinder']['cert_file'] = 'dir/to/path'
241
-        node.set['openstack']['orchestration']['clients_cinder']['key_file'] = 'dir/to/path'
242
-        node.set['openstack']['orchestration']['clients_cinder']['insecure'] = true
243
-        expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
244
-        expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
245
-        expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
246
-        expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
247
-      end
248
-
249
-      it 'sets clients_glance ca_file cert_file key_file insecure' do
250
-        node.set['openstack']['orchestration']['clients_glance']['ca_file'] = 'dir/to/path'
251
-        node.set['openstack']['orchestration']['clients_glance']['cert_file'] = 'dir/to/path'
252
-        node.set['openstack']['orchestration']['clients_glance']['key_file'] = 'dir/to/path'
253
-        node.set['openstack']['orchestration']['clients_glance']['insecure'] = true
254
-        expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
255
-        expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
256
-        expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
257
-        expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
258
-      end
259
-
260
-      it 'sets clients_heat ca_file cert_file key_file insecure' do
261
-        node.set['openstack']['orchestration']['clients_heat']['ca_file'] = 'dir/to/path'
262
-        node.set['openstack']['orchestration']['clients_heat']['cert_file'] = 'dir/to/path'
263
-        node.set['openstack']['orchestration']['clients_heat']['key_file'] = 'dir/to/path'
264
-        node.set['openstack']['orchestration']['clients_heat']['insecure'] = true
265
-        expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
266
-        expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
267
-        expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
268
-        expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
269
-      end
270
-
271
-      it 'sets clients_keystone ca_file cert_file key_file insecure' do
272
-        node.set['openstack']['orchestration']['clients_keystone']['ca_file'] = 'dir/to/path'
273
-        node.set['openstack']['orchestration']['clients_keystone']['cert_file'] = 'dir/to/path'
274
-        node.set['openstack']['orchestration']['clients_keystone']['key_file'] = 'dir/to/path'
275
-        node.set['openstack']['orchestration']['clients_keystone']['insecure'] = true
276
-        expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
277
-        expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
278
-        expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
279
-        expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
280
-      end
281
-
282
-      it 'sets clients_neutron ca_file cert_file key_file insecure' do
283
-        node.set['openstack']['orchestration']['clients_neutron']['ca_file'] = 'dir/to/path'
284
-        node.set['openstack']['orchestration']['clients_neutron']['cert_file'] = 'dir/to/path'
285
-        node.set['openstack']['orchestration']['clients_neutron']['key_file'] = 'dir/to/path'
286
-        node.set['openstack']['orchestration']['clients_neutron']['insecure'] = true
287
-        expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
288
-        expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
289
-        expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
290
-        expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
291
-      end
292
-
293
-      it 'sets clients_nova ca_file cert_file key_file insecure' do
294
-        node.set['openstack']['orchestration']['clients_nova']['ca_file'] = 'dir/to/path'
295
-        node.set['openstack']['orchestration']['clients_nova']['cert_file'] = 'dir/to/path'
296
-        node.set['openstack']['orchestration']['clients_nova']['key_file'] = 'dir/to/path'
297
-        node.set['openstack']['orchestration']['clients_nova']['insecure'] = true
298
-        expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
299
-        expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
300
-        expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
301
-        expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
302
-      end
126
+      expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^auth_encryption_key = auth_encryption_key_secret$/)
303 127
     end
304 128
 
305 129
     describe 'default values' do
306 130
       it 'has default conf values' do
307 131
         [
308
-          %r{^connection=mysql://heat:heat@127.0.0.1:3306/heat\?charset=utf8$},
309
-          %r{^heat_metadata_server_url=http://127.0.0.1:8000$},
310
-          %r{^heat_waitcondition_server_url=http://127.0.0.1:8000/v1/waitcondition$},
311
-          %r{^heat_watch_server_url=http://127.0.0.1:8003$},
312
-          %r{^signing_dir=/var/cache/heat$},
313
-          /^debug=False$/,
314
-          /^verbose=False$/,
315
-          %r{^log_dir=/var/log/heat$},
132
+          %r{^heat_metadata_server_url = http://127.0.0.1:8000$},
133
+          %r{^heat_waitcondition_server_url = http://127.0.0.1:8000/v1/waitcondition$},
134
+          %r{^heat_watch_server_url = http://127.0.0.1:8003$},
135
+          %r{^log_dir = /var/log/heat$},
316 136
           /^notification_driver = heat.openstack.common.notifier.rpc_notifier$/,
317
-          /^default_notification_level = INFO$/,
318
-          /^default_publisher_id = $/,
319
-          /^list_notifier_drivers = heat.openstack.common.notifier.no_op_notifier$/,
320
-          /^notification_topics = notifications$/,
321
-          /^rpc_thread_pool_size=64$/,
322
-          /^rpc_response_timeout=60$/,
323
-          /^bind_host=127.0.0.1$/,
324
-          /^bind_port=8004$/,
325
-          %r{^auth_uri=http://127.0.0.1:5000/v2.0$},
326
-          %r{^identity_uri=http://127.0.0.1:35357/$},
327
-          /^auth_version=v2.0$/,
328
-          /^hash_algorithms=md5$/,
329
-          /^insecure=false$/,
330
-          /^admin_user=heat$/,
331
-          /^admin_password=heat-pass$/,
332
-          /^admin_tenant_name=service$/,
333
-          /^deferred_auth_method=trusts$/,
334
-          /^stack_scheduler_hints=false$/,
335
-          /^region_name_for_services=RegionOne$/
137
+          /^region_name_for_services = RegionOne$/
336 138
         ].each do |line|
337
-          expect(chef_run).to render_file(file.name).with_content(line)
139
+          expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
338 140
         end
339 141
       end
340 142
 
341
-      it 'overrides the schemes' do
342
-        node.set['openstack']['endpoints']['orchestration-api-cfn']['scheme'] = 'https'
343
-        node.set['openstack']['endpoints']['orchestration-api-cloudwatch']['scheme'] = 'https'
344
-        expect(chef_run).to render_file(file.name).with_content(%r{^heat_metadata_server_url=https://127.0.0.1:8000$})
345
-        expect(chef_run).to render_file(file.name).with_content(%r{^heat_waitcondition_server_url=https://127.0.0.1:8000/v1/waitcondition$})
346
-        expect(chef_run).to render_file(file.name).with_content(%r{^heat_watch_server_url=https://127.0.0.1:8003$})
347
-      end
348
-    end
349
-
350
-    describe 'domain values' do
351
-      it 'has no default domain values' do
143
+      it 'has heat_api binding' do
352 144
         [
353
-          /^heat_stack_user_role=/,
354
-          /^stack_user_domain_name=/,
355
-          /^stack_user_domain_id=/,
356
-          /^stack_domain_admin=/,
357
-          /^stack_domain_admin_password=/
145
+          /^bind_host = 127.0.0.1$/,
146
+          /^bind_port = 8004$/
358 147
         ].each do |line|
359
-          expect(chef_run).not_to render_file(file.name).with_content(line)
148
+          expect(chef_run).to render_config_file(file.name).with_section_content('heat_api', line)
360 149
         end
361 150
       end
362 151
 
363
-      it 'has domain override values' do
364
-        node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
365
-        node.set['openstack']['orchestration']['stack_user_domain_name'] = 'heat'
366
-        node.set['openstack']['orchestration']['stack_user_domain_id'] = '123'
367
-        node.set['openstack']['orchestration']['stack_domain_admin'] = 'heat_stack_admin'
152
+      it 'has heat_api_cfn binding' do
368 153
         [
369
-          /^heat_stack_user_role=heat_stack_user$/,
370
-          /^stack_user_domain_name=heat$/,
371
-          /^stack_user_domain_id=123$/,
372
-          /^stack_domain_admin=heat_stack_admin$/,
373
-          /^stack_domain_admin_password=heat_stack_domain_admin_password$/
154
+          /^bind_host = 127.0.0.1$/,
155
+          /^bind_port = 8000$/
374 156
         ].each do |line|
375
-          expect(chef_run).to render_file(file.name).with_content(line)
157
+          expect(chef_run).to render_config_file(file.name).with_section_content('heat_api_cfn', line)
376 158
         end
377 159
       end
378
-    end
379
-
380
-    describe 'has qpid values' do
381
-      it 'has default qpid_* values' do
382
-        node.set['openstack']['mq']['orchestration']['service_type'] = 'qpid'
383 160
 
161
+      it 'has heat_api_cloudwatch binding' do
384 162
         [
385
-          /^rpc_conn_pool_size=30$/,
386
-          /^amqp_durable_queues=false$/,
387
-          /^amqp_auto_delete=false$/,
388
-          /^qpid_hostname=127.0.0.1$/,
389
-          /^qpid_port=5672$/,
390
-          /^qpid_username=guest$/,
391
-          /^qpid_password=mq-pass$/,
392
-          /^qpid_sasl_mechanisms=$/,
393
-          /^qpid_heartbeat=60$/,
394
-          /^qpid_protocol=tcp$/,
395
-          /^qpid_tcp_nodelay=true$/,
396
-          /^qpid_reconnect_timeout=0$/,
397
-          /^qpid_reconnect_limit=0$/,
398
-          /^qpid_reconnect_interval_min=0$/,
399
-          /^qpid_reconnect_interval_max=0$/,
400
-          /^qpid_reconnect_interval=0$/,
401
-          /^qpid_topology_version=1$/
163
+          /^bind_host = 127.0.0.1$/,
164
+          /^bind_port = 8003$/
402 165
         ].each do |line|
403
-          expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_qpid', line)
166
+          expect(chef_run).to render_config_file(file.name).with_section_content('heat_api_cloudwatch', line)
404 167
         end
405
-        expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^rpc_backend=heat.openstack.common.rpc.impl_qpid$/)
168
+      end
169
+
170
+      it 'sets database connection value' do
171
+        expect(chef_run).to render_config_file(file.name).with_section_content(
172
+          'database', %r{^connection = mysql://heat:heat@127.0.0.1:3306/heat\?charset=utf8$})
406 173
       end
407 174
     end
408 175
 
409 176
     describe 'has ec2authtoken values' do
410 177
       it 'has default ec2authtoken values' do
411
-        expect(chef_run).to render_config_file(file.name).with_section_content('ec2authtoken', %r{^auth_uri=http://127.0.0.1:5000/v2.0$})
178
+        expect(chef_run).to render_config_file(file.name).with_section_content('ec2authtoken', %r{^auth_uri = http://127.0.0.1:5000/v2.0$})
412 179
       end
413 180
     end
414 181
 
415
-    describe 'has rabbit values' do
416
-      before do
417
-        node.set['openstack']['mq']['orchestration']['service_type'] = 'rabbitmq'
182
+    describe 'has clients_keystone values' do
183
+      it 'has default clients_keystone values' do
184
+        expect(chef_run).to render_config_file(file.name).with_section_content('clients_keystone', %r{^auth_uri = http://127.0.0.1:5000/v2.0$})
418 185
       end
186
+    end
419 187
 
420
-      it 'has default rabbit values' do
421
-        [/^rpc_conn_pool_size=30$/,
422
-         /^amqp_durable_queues=false$/,
423
-         /^amqp_auto_delete=false$/,
424
-         /^heartbeat_timeout_threshold=0$/,
425
-         /^heartbeat_rate=2$/
188
+    describe 'has oslo_messaging_rabbit values' do
189
+      it 'has default oslo_messaging_rabbit values' do
190
+        [
191
+          /^rabbit_userid = guest$/,
192
+          /^rabbit_password = mq-pass$/
426 193
         ].each do |line|
427 194
           expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
428 195
         end
429 196
       end
197
+    end
430 198
 
431
-      it 'does not have rabbit ha values' do
199
+    describe 'has keystone_authtoken values' do
200
+      it 'has default keystone_authtoken values' do
432 201
         [
433
-          /^rabbit_host=127.0.0.1$/,
434
-          /^rabbit_port=5672$/,
435
-          /^rabbit_ha_queues=False$/
202
+          %r{^auth_url = http://127.0.0.1:5000/v2.0$},
203
+          /^auth_plugin = v2password$/,
204
+          /^username = heat$/,
205
+          /^tenant_name = service$/,
206
+          /^password = heat-pass$/
436 207
         ].each do |line|
437
-          expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
208
+          expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line)
438 209
         end
439 210
       end
211
+    end
440 212
 
441
-      it 'has rabbit ha values' do
442
-        node.set['openstack']['mq']['orchestration']['rabbit']['ha'] = true
213
+    describe 'has trustee values' do
214
+      it 'has default trustee values' do
443 215
         [
444
-          /^rabbit_hosts=1.1.1.1:5672,2.2.2.2:5672$/,
445
-          /^rabbit_ha_queues=True$/
216
+          %r{^auth_url = http://127.0.0.1:35357/v2.0$},
217
+          /^auth_plugin = v2password$/,
218
+          /^username = heat$/,
219
+          /^password = heat-pass$/
446 220
         ].each do |line|
447
-          expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
221
+          expect(chef_run).to render_config_file(file.name).with_section_content('trustee', line)
448 222
         end
449 223
       end
450
-
451
-      it 'does not have ssl config set' do
452
-        [/^rabbit_use_ssl=/,
453
-         /^kombu_ssl_version=/,
454
-         /^kombu_ssl_keyfile=/,
455
-         /^kombu_ssl_certfile=/,
456
-         /^kombu_ssl_ca_certs=/,
457
-         /^kombu_reconnect_delay=/,
458
-         /^kombu_reconnect_timeout=/].each do |line|
459
-          expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
460
-        end
461
-      end
462
-
463
-      it 'sets ssl config' do
464
-        node.set['openstack']['mq']['orchestration']['rabbit']['use_ssl'] = true
465
-        node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_version'] = 'TLSv1.2'
466
-        node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_keyfile'] = 'keyfile'
467
-        node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_certfile'] = 'certfile'
468
-        node.set['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_ca_certs'] = 'certsfile'
469
-        node.set['openstack']['mq']['orchestration']['rabbit']['kombu_reconnect_delay'] = 123.123
470
-        node.set['openstack']['mq']['orchestration']['rabbit']['kombu_reconnect_timeout'] = 123
471
-        [/^rabbit_use_ssl=true/,
472
-         /^kombu_ssl_version=TLSv1.2$/,
473
-         /^kombu_ssl_keyfile=keyfile$/,
474
-         /^kombu_ssl_certfile=certfile$/,
475
-         /^kombu_ssl_ca_certs=certsfile$/,
476
-         /^kombu_reconnect_delay=123.123$/,
477
-         /^kombu_reconnect_timeout=123$/].each do |line|
478
-          expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
479
-        end
480
-      end
481
-
482
-      it 'has the default rabbit_retry_interval set' do
483
-        expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_retry_interval=1$/)
484
-      end
485
-
486
-      it 'has the default rabbit_max_retries set' do
487
-        expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_max_retries=0$/)
488
-      end
489 224
     end
490 225
   end
491 226
 end

+ 0
- 1506
templates/default/heat.conf.erb
File diff suppressed because it is too large
View File


Loading…
Cancel
Save