openstack
/
cookbook-openstack-orchestration
Code Issues Proposed changes

Add clients configurations for Heat 

This commit adds some clients configurations for Heat into cookbook
so that they are configurable.

Change-Id: Ie8db8238cd75e99bd4c6942a82f1734777c91966
Closes-Bug: #1381907
This commit is contained in:
jun xie 2014-10-16 14:57:02 +08:00
parent 241b22cca4
commit d1d2c9c7ad
5 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -11,6 +11,7 @@ This file is used to list changes made in each version of cookbook-openstack-orc
* Add attributes for stack role and domain users
* Bump Chef gem to 11.16
* Create role and domain setup for heat template defined users
* Add cert_file, key_file, ca_file and insecure for clients so that they are configurable.
## 9.2.0
* python_packages database client attributes have been migrated to

7
README.md
View File

@ -83,6 +83,13 @@ Attributes for the Heat service are in the ['openstack']['orchestration'] namesp
* `openstack['orchestration']['api']['auth']['cafile']` - A PEM encoded Certificate Authority to use when verifying HTTPs connections.
* `openstack['orchestration']['api']['auth']['insecure']` - Whether to allow the client to perform insecure SSL (https) requests.
Clients configurations
----------------------
* `openstack['orchestration']['clients']['ca_file']` - A PEM encoded Certificate Authority to use for clients when verifying HTTPs connections.
* `openstack['orchestration']['clients']['cert_file']` - Cert file to use for clients when verifying HTTPs connections.
* `openstack['orchestration']['clients']['key_file']` - Private key file to use for clients when verifying HTTPs connections.
* `openstack['orchestration']['clients']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients.
Notification definitions
------------------------
* `openstack['orchestration']['notification_driver']` - driver

9
attributes/default.rb
View File

@ -42,6 +42,15 @@ default['openstack']['orchestration']['service_role'] = 'admin'
default['openstack']['orchestration']['api']['auth']['version'] = node['openstack']['api']['auth']['version']
# A PEM encoded Certificate Authority to use for clients when verifying HTTPs connections.
default['openstack']['orchestration']['clients']['ca_file'] = nil
# Cert file to use for clients when verifying HTTPs connections.
default['openstack']['orchestration']['clients']['cert_file'] = nil
# Private key file to use for clients when verifying HTTPs connections.
default['openstack']['orchestration']['clients']['key_file'] = nil
# Whether to allow insecure SSL (https) requests when calling clients.
default['openstack']['orchestration']['clients']['insecure'] = false
# A list of memcached server(s) for caching
default['openstack']['orchestration']['api']['auth']['memcached_servers'] = nil

23
spec/spec_helper.rb
View File

@ -192,6 +192,29 @@ shared_examples 'expects to create heat conf' do
expect(chef_run).to render_file(file.name).with_content(/^insecure=false$/)
end
describe 'default values for certificates files' do
it 'has no such values' do
[
/^ca_file=/,
/^cert_file=/,
/^key_file=/
].each do |line|
expect(chef_run).not_to render_file(file.name).with_content(line)
end
end
it 'sets clients ca_file cert_file key_file insecure' do
node.set['openstack']['orchestration']['clients']['ca_file'] = 'dir/to/path'
node.set['openstack']['orchestration']['clients']['cert_file'] = 'dir/to/path'
node.set['openstack']['orchestration']['clients']['key_file'] = 'dir/to/path'
node.set['openstack']['orchestration']['clients']['insecure'] = true
expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
end
end
describe 'default values' do
it 'has default conf values' do
[

13
templates/default/heat.conf.erb
View File

@ -603,19 +603,32 @@ log_config = /etc/openstack/logging.conf
# Optional CA cert file to use in SSL connections. (string
# value)
<% if node['openstack']['orchestration']['clients']['ca_file'] -%>
ca_file=<%= node['openstack']['orchestration']['clients']['ca_file'] %>
<% else -%>
#ca_file=<None>
<% end -%>
# Optional PEM-formatted certificate chain file. (string
# value)
<% if node['openstack']['orchestration']['clients']['cert_file'] -%>
cert_file=<%= node['openstack']['orchestration']['clients']['cert_file'] %>
<% else -%>
#cert_file=<None>
<% end -%>
# Optional PEM-formatted file that contains the private key.
# (string value)
<% if node['openstack']['orchestration']['clients']['key_file'] -%>
key_file=<%= node['openstack']['orchestration']['clients']['key_file'] %>
<% else -%>
#key_file=<None>
<% end -%>
# If set, then the server's certificate will not be verified.
# (boolean value)
#insecure=false
insecure=<%= node['openstack']['orchestration']['clients']['insecure'] %>
[clients_ceilometer]