Add clients configurations for Heat
This commit adds some clients configurations for Heat into cookbook so that they are configurable. Change-Id: Ie8db8238cd75e99bd4c6942a82f1734777c91966 Closes-Bug: #1381907
This commit is contained in:
parent
241b22cca4
commit
d1d2c9c7ad
|
@ -11,6 +11,7 @@ This file is used to list changes made in each version of cookbook-openstack-orc
|
|||
* Add attributes for stack role and domain users
|
||||
* Bump Chef gem to 11.16
|
||||
* Create role and domain setup for heat template defined users
|
||||
* Add cert_file, key_file, ca_file and insecure for clients so that they are configurable.
|
||||
|
||||
## 9.2.0
|
||||
* python_packages database client attributes have been migrated to
|
||||
|
|
|
@ -83,6 +83,13 @@ Attributes for the Heat service are in the ['openstack']['orchestration'] namesp
|
|||
* `openstack['orchestration']['api']['auth']['cafile']` - A PEM encoded Certificate Authority to use when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['api']['auth']['insecure']` - Whether to allow the client to perform insecure SSL (https) requests.
|
||||
|
||||
Clients configurations
|
||||
----------------------
|
||||
* `openstack['orchestration']['clients']['ca_file']` - A PEM encoded Certificate Authority to use for clients when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients']['cert_file']` - Cert file to use for clients when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients']['key_file']` - Private key file to use for clients when verifying HTTPs connections.
|
||||
* `openstack['orchestration']['clients']['insecure']` - Whether to allow insecure SSL (https) requests when calling clients.
|
||||
|
||||
Notification definitions
|
||||
------------------------
|
||||
* `openstack['orchestration']['notification_driver']` - driver
|
||||
|
|
|
@ -42,6 +42,15 @@ default['openstack']['orchestration']['service_role'] = 'admin'
|
|||
|
||||
default['openstack']['orchestration']['api']['auth']['version'] = node['openstack']['api']['auth']['version']
|
||||
|
||||
# A PEM encoded Certificate Authority to use for clients when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients']['ca_file'] = nil
|
||||
# Cert file to use for clients when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients']['cert_file'] = nil
|
||||
# Private key file to use for clients when verifying HTTPs connections.
|
||||
default['openstack']['orchestration']['clients']['key_file'] = nil
|
||||
# Whether to allow insecure SSL (https) requests when calling clients.
|
||||
default['openstack']['orchestration']['clients']['insecure'] = false
|
||||
|
||||
# A list of memcached server(s) for caching
|
||||
default['openstack']['orchestration']['api']['auth']['memcached_servers'] = nil
|
||||
|
||||
|
|
|
@ -192,6 +192,29 @@ shared_examples 'expects to create heat conf' do
|
|||
expect(chef_run).to render_file(file.name).with_content(/^insecure=false$/)
|
||||
end
|
||||
|
||||
describe 'default values for certificates files' do
|
||||
it 'has no such values' do
|
||||
[
|
||||
/^ca_file=/,
|
||||
/^cert_file=/,
|
||||
/^key_file=/
|
||||
].each do |line|
|
||||
expect(chef_run).not_to render_file(file.name).with_content(line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'sets clients ca_file cert_file key_file insecure' do
|
||||
node.set['openstack']['orchestration']['clients']['ca_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients']['cert_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients']['key_file'] = 'dir/to/path'
|
||||
node.set['openstack']['orchestration']['clients']['insecure'] = true
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^ca_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^cert_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^key_file=dir/to/path$})
|
||||
expect(chef_run).to render_file(file.name).with_content(/^insecure=true$/)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'default values' do
|
||||
it 'has default conf values' do
|
||||
[
|
||||
|
|
|
@ -603,19 +603,32 @@ log_config = /etc/openstack/logging.conf
|
|||
|
||||
# Optional CA cert file to use in SSL connections. (string
|
||||
# value)
|
||||
<% if node['openstack']['orchestration']['clients']['ca_file'] -%>
|
||||
ca_file=<%= node['openstack']['orchestration']['clients']['ca_file'] %>
|
||||
<% else -%>
|
||||
#ca_file=<None>
|
||||
<% end -%>
|
||||
|
||||
# Optional PEM-formatted certificate chain file. (string
|
||||
# value)
|
||||
<% if node['openstack']['orchestration']['clients']['cert_file'] -%>
|
||||
cert_file=<%= node['openstack']['orchestration']['clients']['cert_file'] %>
|
||||
<% else -%>
|
||||
#cert_file=<None>
|
||||
<% end -%>
|
||||
|
||||
# Optional PEM-formatted file that contains the private key.
|
||||
# (string value)
|
||||
<% if node['openstack']['orchestration']['clients']['key_file'] -%>
|
||||
key_file=<%= node['openstack']['orchestration']['clients']['key_file'] %>
|
||||
<% else -%>
|
||||
#key_file=<None>
|
||||
<% end -%>
|
||||
|
||||
# If set, then the server's certificate will not be verified.
|
||||
# (boolean value)
|
||||
#insecure=false
|
||||
insecure=<%= node['openstack']['orchestration']['clients']['insecure'] %>
|
||||
|
||||
|
||||
[clients_ceilometer]
|
||||
|
|
Loading…
Reference in New Issue