Dont rely on /root/openrc

Instead of relying on the presence of /root/openrc file all calls should
asume it doesn't exist and pass credentials, or set up the env vars
themselves. In these cases we use existing service users instead of the
more volitile admin credentials.

We still create /root/openrc, but it's use is only for the end user.

Also removes the old and unused openstack::test_file

Related-bug: #1396594
Related-bug: #1347542

Change-Id: I66a20d09d8515f21a7c71a6b8056bc483f6ea3f6

deployment/puppet/cluster/files/q-agent-cleanup.py

@@ -94,7 +94,7 @@ def retry(func, pattern=RECOVERABLE):
                 i += 1
                 if i >= RETRY_COUNT:
                     raise e
-                print("retry request {0}: {1}".format(i, e))
+                LOG.debug("retry request {0}: {1}".format(i, e))
                 sleep(RETRY_DELAY)
     return wrapper
 

deployment/puppet/openstack/manifests/network.pp

@@ -149,15 +149,6 @@ class openstack::network (
         kombu_reconnect_delay   => '5.0',
       }
 
-      # In Juno Neutron API ready for answer not yet when server starts.
-      @exec {'waiting-for-neutron-api':
-        tries     => 30,
-        try_sleep => 4,
-        onlyif    => "test -r /root/openrc",
-        command   => "bash -c \"source /root/openrc ; neutron net-list --http-timeout=4 \" 2>&1 > /dev/null",
-        path      => '/usr/sbin:/usr/bin:/sbin:/bin',
-      }
-
       if $nova_neutron {
         class {'nova::network::neutron':
           neutron_admin_password    => $admin_password,
@@ -212,6 +203,22 @@ class openstack::network (
           nova_admin_tenant_name  => 'services', # Default
           nova_admin_password     => $nova_admin_password,
         }
+
+        # In Juno Neutron API ready for answer not yet when server starts.
+        exec {'waiting-for-neutron-api':
+          environment => [
+            "OS_TENANT_NAME=${admin_tenant_name}",
+            "OS_USERNAME=${admin_username}",
+            "OS_PASSWORD=${admin_password}",
+            "OS_AUTH_URL=${auth_url}",
+            'OS_ENDPOINT_TYPE=internalURL',
+          ],
+          tries     => 30,
+          try_sleep => 4,
+          command   => "bash -c \"neutron net-list --http-timeout=4 \" 2>&1 > /dev/null",
+          path      => '/usr/sbin:/usr/bin:/sbin:/bin',
+        }
+
         Service['neutron-server'] -> Exec<| title == 'waiting-for-neutron-api' |>
         Exec<| title == 'waiting-for-neutron-api' |> -> Neutron_network<||>
         Exec<| title == 'waiting-for-neutron-api' |> -> Neutron_subnet<||>

deployment/puppet/openstack/manifests/test_file.pp

@@ -1,29 +0,0 @@
-#
-# Class that can be used to create a test script for testing an
-# installed openstack environment.
-#
-# == Parameters
-#
-# [path] Path of test file to be created. Optional. Defaults to /tmp/test_nova.sh
-# [rc_file_path] Path of openrc file that sets up all authentication environment
-#   variables. Optional. Defaults to /root/openrc.
-# [image_type] Type of image to download. Accepts cirros or ubuntu. Optional.
-#   Defaults to cirros.
-# [sleep_time] Used to tune how long to sleep for. Optional. Defaults to 60.
-# [floating_ip] Rather to test flating ip address allocation. Optional.
-#   Defaults to true.
-#
-class openstack::test_file(
-  $path         = '/tmp/test_nova.sh',
-  $rc_file_path = '/root/openrc',
-  $image_type   = 'cirros',
-  $sleep_time   = '15',
-  $floating_ip  = true,
-  $quantum      = true
-) {
-
-  file { $path:
-    content => template('openstack/test_nova.sh.erb'),
-  }
-
-}

deployment/puppet/openstack/templates/test_nova.sh.erb

@@ -1,76 +0,0 @@
-#!/bin/bash
-#
-# assumes that openstack credentails are set in this file
-source <%= rc_file_path %>
-
-<% if image_type == 'cirros' -%>
-
-# Grab an image.  Cirros is a nice small Linux that's easy to deploy
-wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
-
-# Add it to glance so that we can use it in Openstack
-glance add name='cirros image' is_public=true container_format=bare disk_format=qcow2 < cirros-0.3.0-x86_64-disk.img
-
-# Caputre the Image ID so taht we can call the right UUID for this image
-IMAGE_ID=`glance index | grep 'cirros image' | head -1 |  awk -F' ' '{print $1}'`
-
-login_user='cirros'
-<% else -%>
-
-# otherwise, use an Ubuntu precise image. This is a larger image, but a little more
-# feature-full and realistic
-wget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img
-# import that image into glance
-glance add name="precise-amd64" is_public=true container_format=ovf disk_format=qcow2 < precise-server-cloudimg-amd64-disk1.img
-# Caputre the Image ID so taht we can call the right UUID for this image
-IMAGE_ID=`glance index | grep 'precise-amd64' | head -1 |  awk -F' ' '{print $1}'`
-<% end -%>
-
-login_user='ubuntu'
-
-# create a pub/priv keypair
-ssh-keygen -f /tmp/id_rsa -t rsa -N ''
-
-#add the public key to nova.
-nova --no-cache keypair-add --pub_key /tmp/id_rsa.pub key_cirros
-
-
-instance_name='<%= image_type %>_test_vm'
-
-<% if quantum -%>
-quantum net-create net1
-quantum subnet-create net1 10.0.0.0/24
-quantum_net=`quantum net-list | grep net1 | awk -F' ' '{print $2}'`
-nova --no-cache boot --flavor 1 --image $IMAGE_ID --key_name key_cirros --nic net-id=$quantum_net $instance_name
-<% else -%>
-  <% if floating_ip -%>
-# create a security group so that we can allow ssh, http, and ping traffic
-# when we add a floating IP (assuming you are adding floating IPs)
-nova --no-cache secgroup-create nova_test 'Cirros test security group'
-nova --no-cache secgroup-add-rule nova_test tcp 22 22 0.0.0.0/0
-nova --no-cache secgroup-add-rule nova_test tcp 80 80 0.0.0.0/0
-nova --no-cache secgroup-add-rule nova_test icmp -1 -1 0.0.0.0/0
-# request a floating IP address, and extract the address from the results message
-floating_ip=`nova --no-cache floating-ip-create | grep None | awk '{print $2}'`
-  <% end -%>
-  # Boot the added image against the "1" flavor which by default maps to a micro instance.  <% if floating_ip -%> Include the cirros_test group so our address will work when we add it later <% end %>
-nova --no-cache boot --flavor 1 <% if floating_ip -%>--security_groups nova_test<% end %> --image ${IMAGE_ID} --key_name key_cirros $instance_name
-<% end -%>
-
-# let the system catch up
-sleep <%= sleep_time %>
-
-# Show the state of the system we just requested.
-nova --no-cache show $instance_name
-
-# wait for the server to boot
-sleep <%= sleep_time %>
-
-<% if floating_ip -%>
-# Now add the floating IP we reserved earlier to the machine.
-nova --no-cache add-floating-ip $instance_name $floating_ip
-# Wait  and then try to SSH to the node, leveraging the private key
-# we generated earlier.
-sleep <%= sleep_time %>
-ssh $login_user@$floating_ip -i /tmp/id_rsa
-<% end -%>

deployment/puppet/osnailyfacter/modular/astute/upload_cirros.rb

@@ -5,6 +5,14 @@ ENV['LANG'] = 'C'
 
 hiera = Hiera.new(:config => '/etc/hiera.yaml')
 test_vm_images = hiera.lookup 'test_vm_image', {}, {}
+glanced = hiera.lookup 'glance', {} , {}
+auth_addr = hiera.lookup 'internal_address', nil, {}
+
+ENV['OS_TENANT_NAME']="services"
+ENV['OS_USERNAME']="glance"
+ENV['OS_PASSWORD']="#{glanced['user_password']}"
+ENV['OS_AUTH_URL']="http://#{auth_addr}:5000/v2.0"
+ENV['OS_ENDPOINT_TYPE'] = "internalURL"
 
 raise 'Not test_vm_image data!' unless [Array, Hash].include?(test_vm_images.class) && test_vm_images.any?
 
@@ -25,7 +33,7 @@ test_vm_images.each do |image|
 end
 
 def image_list
-  stdout = `. /root/openrc && glance image-list`
+  stdout = `glance image-list`
   return_code = $?.exitstatus
   images = []
   stdout.split("\n").each do |line|
@@ -39,7 +47,7 @@ end
 
 def image_create(image_hash)
   command = <<-EOF
-. /root/openrc && /usr/bin/glance image-create \
+/usr/bin/glance image-create \
 --name '#{image_hash['img_name']}' \
 --is-public '#{image_hash['public']}' \
 --container-format='#{image_hash['container_format']}' \

deployment/puppet/osnailyfacter/modular/glance/glance_post.rb

@@ -2,6 +2,12 @@ require File.join File.dirname(__FILE__), '../test_common.rb'
 
 PORT = 9292
 
+ENV['OS_TENANT_NAME']="services"
+ENV['OS_USERNAME']="glance"
+ENV['OS_PASSWORD']="#{Settings.glance['user_password']}"
+ENV['OS_AUTH_URL']="http://#{Settings.management_vip}:5000/v2.0"
+ENV['OS_ENDPOINT_TYPE'] = "internalURL"
+
 class GlancePostTest < Test::Unit::TestCase
 
   def test_glance_api_is_running
@@ -23,7 +29,7 @@ class GlancePostTest < Test::Unit::TestCase
   end
 
   def test_keystone_endpoint_list_run
-    cmd = 'source /root/openrc && glance image-list'
+    cmd = 'glance image-list'
     assert TestCommon::Process.run_successful?(cmd), "Could not run '#{cmd}'!"
   end
 

deployment/puppet/osnailyfacter/modular/keystone/keystone_post.rb

@@ -3,6 +3,14 @@ require File.join File.dirname(__FILE__), '../test_common.rb'
 PUBLIC_PORT = 5000
 ADMIN_PORT = 35357
 
+# Keystone doen't have a user, so we'd have to use the admin token, or use
+# another user like nova.
+ENV['OS_TENANT_NAME']="services"
+ENV['OS_USERNAME']="nova"
+ENV['OS_PASSWORD']="#{Settings.nova['user_password']}"
+ENV['OS_AUTH_URL']="http://#{Settings.management_vip}:#{PUBLIC_PORT}/v2.0"
+ENV['OS_ENDPOINT_TYPE'] = "internalURL"
+
 class KeystonePostTest < Test::Unit::TestCase
 
   def test_keystone_is_running
@@ -20,7 +28,7 @@ class KeystonePostTest < Test::Unit::TestCase
   end
 
   def test_keystone_endpoint_list_run
-    cmd = 'source /root/openrc && keystone endpoint-list'
+    cmd = 'keystone endpoint-list'
     assert TestCommon::Process.run_successful?(cmd), "Could not run '#{cmd}'!"
   end
 

deployment/puppet/osnailyfacter/modular/openstack-controller/openstack-controller.pp

@@ -292,9 +292,16 @@ if $primary_controller {
   Class['nova::api'] -> Haproxy_backend_status['nova-api']
 
   exec { 'create-m1.micro-flavor' :
-    command => "bash -c \"source /root/openrc; nova flavor-create --is-public true m1.micro auto 64 0 1\"",
     path    => '/sbin:/usr/sbin:/bin:/usr/bin',
-    unless  => 'bash -c "source /root/openrc; nova flavor-list | grep -q m1.micro"',
+    environment => [
+      "OS_TENANT_NAME=services",
+      "OS_USERNAME=nova",
+      "OS_PASSWORD=${nova_hash['user_password']}",
+      "OS_AUTH_URL=http://${management_vip}:5000/v2.0/",
+      'OS_ENDPOINT_TYPE=internalURL',
+    ],
+    command => 'bash -c "nova flavor-create --is-public true m1.micro auto 64 0 1"',
+    unless  => 'bash -c "nova flavor-list | grep -q m1.micro"',
     require => Class['nova'],
   }
 

deployment/puppet/osnailyfacter/modular/sahara/sahara.pp

@@ -64,5 +64,3 @@ include mysql::config
 
 class openstack::firewall {}
 include openstack::firewall
-
-file { '/root/openrc' :}

deployment/puppet/sahara/files/create_templates.sh

@@ -1,5 +1,4 @@
 #!/bin/bash -x
-. /root/openrc
 
 network_provider=$1
 plugin=$2

deployment/puppet/sahara/manifests/api.pp

@@ -119,6 +119,10 @@ class sahara::api (
   class { 'sahara::templates::create_templates':
     network_provider => $network_provider,
     templates_dir    => $templates_dir,
+    auth_user        => $keystone_user,
+    auth_password    => $keystone_password,
+    auth_tenant      => $keystone_tenant,
+    auth_uri         => $sahara_auth_uri,
   }
 
   Package['sahara'] ->

deployment/puppet/sahara/manifests/templates/create_templates.pp

@@ -1,6 +1,10 @@
 class sahara::templates::create_templates (
   $network_provider = undef,
   $templates_dir    = $sahara::params::templates_dir,
+  $auth_uri         = 'http://127.0.0.1:5000/v2.0/',
+  $auth_user        = 'sahara',
+  $auth_tenant      = 'services',
+  $auth_password    = 'sahara',
 ) inherits sahara::params {
 
   file { 'create_templates':
@@ -24,18 +28,14 @@ class sahara::templates::create_templates (
     require  => [ Package['sahara'], File['create_templates'] ],
   }
 
-  sahara::templates::template { 'vanilla':
+  Sahara::Templates::Template {
     network_provider => $network_provider,
     templates_dir    => $templates_dir,
+    auth_user        => $auth_user,
+    auth_password    => $auth_password,
+    auth_tenant      => $auth_tenant,
+    auth_uri         => $auth_uri,
   }
 
-  sahara::templates::template { 'hdp':
-    network_provider => $network_provider,
-    templates_dir    => $templates_dir,
-  }
-
-  sahara::templates::template { 'cdh':
-    network_provider => $network_provider,
-    templates_dir    => $templates_dir,
-  }
+  sahara::templates::template { ['vanilla', 'hdp', 'cdh']: }
 }

deployment/puppet/sahara/manifests/templates/template.pp

@@ -4,15 +4,28 @@ define sahara::templates::template (
   $network_provider = undef,
   $templates_dir    = '/usr/share/sahara/templates',
   $plugin           = $title,
+  $auth_uri         = 'http://127.0.0.1:5000/v2.0/',
+  $auth_user        = 'sahara',
+  $auth_tenant      = 'services',
+  $auth_password    = 'sahara',
+
 ) {
   include sahara
   include sahara::api
 
   exec { "${plugin}_create_templates":
+    environment => [
+      "OS_TENANT_NAME=${auth_tenant}",
+      "OS_USERNAME=${auth_user}",
+      "OS_PASSWORD=${auth_password}",
+      "OS_AUTH_URL=${auth_uri}",
+      'OS_ENDPOINT_TYPE=internalURL',
+    ],
     path    => "/bin:/usr/bin",
     cwd     => $templates_dir,
-    command => "bash -c \"source /root/openrc; sahara node-group-template-list | grep -q ${plugin}\"",
+    command => "bash -c \"sahara node-group-template-list | grep -q ${plugin}\"",
     unless  => "bash create_templates.sh ${network_provider} ${plugin}",
+    timeout => 450,
     require => File['script_templates'],
   }
 }