From acae2bbca871bc70127ff838ace2688a18356577 Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Tue, 12 Apr 2016 19:56:35 +0000 Subject: [PATCH] Revert "Add ability to configure heat-cfn keystone auth_name via hiera" This reverts commit fad1a25e3e25ef4bb5dfd6f5afa153a49ee11a94. The change has an incorrect puppet_manifest in the heat-cfn-keystone task which causes deployments to fail. Change-Id: Ie4b976d170b79c041a6979427806b0867d2b805d Closes-Bug: #1569547 --- .../openstack_tasks/examples/heat/tasks.yaml | 13 ---- .../manifests/heat/cfn_keystone.pp | 56 --------------- .../manifests/heat/keystone.pp | 20 ++++++ .../modular/heat/cfn_keystone.pp | 2 - .../noop/spec/hosts/heat/cfn_keystone_spec.rb | 68 ------------------- tests/noop/spec/hosts/heat/keystone_spec.rb | 18 +++++ 6 files changed, 38 insertions(+), 139 deletions(-) delete mode 100644 deployment/puppet/openstack_tasks/manifests/heat/cfn_keystone.pp delete mode 100644 deployment/puppet/osnailyfacter/modular/heat/cfn_keystone.pp delete mode 100644 tests/noop/spec/hosts/heat/cfn_keystone_spec.rb diff --git a/deployment/puppet/openstack_tasks/examples/heat/tasks.yaml b/deployment/puppet/openstack_tasks/examples/heat/tasks.yaml index d6a8deeaa8..a33dbfefcf 100644 --- a/deployment/puppet/openstack_tasks/examples/heat/tasks.yaml +++ b/deployment/puppet/openstack_tasks/examples/heat/tasks.yaml @@ -59,16 +59,3 @@ puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/heat/keystone.pp puppet_modules: /etc/puppet/modules timeout: 1800 - -- id: heat-cfn-keystone - type: puppet - version: 2.0.0 - groups: [primary-controller] - required_for: [heat, primary-heat] - requires: [primary-keystone, keystone] - cross-depends: - - name: keystone - parameters: - puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/heat/cfn_keystone.pp - puppet_modules: /etc/puppet/modules - timeout: 1800 diff --git a/deployment/puppet/openstack_tasks/manifests/heat/cfn_keystone.pp b/deployment/puppet/openstack_tasks/manifests/heat/cfn_keystone.pp deleted file mode 100644 index 6047f20e5a..0000000000 --- a/deployment/puppet/openstack_tasks/manifests/heat/cfn_keystone.pp +++ /dev/null @@ -1,56 +0,0 @@ -class openstack_tasks::heat::cfn_keystone { - - notice('MODULAR: heat/cfn_keystone.pp') - - $heat_hash = hiera_hash('heat', {}) - $public_vip = hiera('public_vip') - $region = pick($heat_hash['region'], hiera('region', 'RegionOne')) - $management_vip = hiera('management_vip') - $public_ssl_hash = hiera_hash('public_ssl') - $ssl_hash = hiera_hash('use_ssl', {}) - - $public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'heat', 'public', 'protocol', 'http') - $public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'heat', 'public', 'hostname', [$public_vip]) - - $internal_protocol = get_ssl_property($ssl_hash, {}, 'heat', 'internal', 'protocol', 'http') - $internal_address = get_ssl_property($ssl_hash, {}, 'heat', 'internal', 'hostname', [hiera('heat_endpoint', ''), $management_vip]) - - $admin_protocol = get_ssl_property($ssl_hash, {}, 'heat', 'admin', 'protocol', 'http') - $admin_address = get_ssl_property($ssl_hash, {}, 'heat', 'admin', 'hostname', [hiera('heat_endpoint', ''), $management_vip]) - - $password = $heat_hash['user_password'] - $cfn_auth_name = pick($heat_hash['cfn_auth_name'], 'heat-cfn') - $configure_endpoint = pick($heat_hash['configure_endpoint'], true) - $configure_user = pick($heat_hash['configure_user'], true) - $configure_user_role = pick($heat_hash['configure_user_role'], true) - $service_name = pick($heat_hash['service_name'], 'heat') - $tenant = pick($heat_hash['tenant'], 'services') - $cfn_auth_email = pick($heat_hash['cfn_auth_email'], "${cfn_auth_name}@localhost") - - Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::heat::keystone::auth_cfn'] - - validate_string($public_address) - validate_string($password) - - $public_url_cfn = "${public_protocol}://${public_address}:8000/v1" - $internal_url_cfn = "${internal_protocol}://${internal_address}:8000/v1" - $admin_url_cfn = "${admin_protocol}://${admin_address}:8000/v1" - - class { '::osnailyfacter::wait_for_keystone_backends': } - - class { '::heat::keystone::auth_cfn' : - password => $password, - auth_name => $cfn_auth_name, - service_type => 'cloudformation', - region => $region, - tenant => $keystone_tenant, - email => $cfn_auth_email, - configure_endpoint => true, - configure_user => $configure_user, - configure_user_role => $configure_user_role, - public_url => $public_url_cfn, - internal_url => $internal_url_cfn, - admin_url => $admin_url_cfn, - } - -} diff --git a/deployment/puppet/openstack_tasks/manifests/heat/keystone.pp b/deployment/puppet/openstack_tasks/manifests/heat/keystone.pp index 24955b1b12..5c83364440 100644 --- a/deployment/puppet/openstack_tasks/manifests/heat/keystone.pp +++ b/deployment/puppet/openstack_tasks/manifests/heat/keystone.pp @@ -27,6 +27,7 @@ class openstack_tasks::heat::keystone { $tenant = pick($heat_hash['tenant'], 'services') Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::heat::keystone::auth'] + Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::heat::keystone::auth_cfn'] validate_string($public_address) validate_string($password) @@ -34,6 +35,9 @@ class openstack_tasks::heat::keystone { $public_url = "${public_protocol}://${public_address}:8004/v1/%(tenant_id)s" $internal_url = "${internal_protocol}://${internal_address}:8004/v1/%(tenant_id)s" $admin_url = "${admin_protocol}://${admin_address}:8004/v1/%(tenant_id)s" + $public_url_cfn = "${public_protocol}://${public_address}:8000/v1" + $internal_url_cfn = "${internal_protocol}://${internal_address}:8000/v1" + $admin_url_cfn = "${admin_protocol}://${admin_address}:8000/v1" class { '::osnailyfacter::wait_for_keystone_backends': } @@ -51,4 +55,20 @@ class openstack_tasks::heat::keystone { internal_url => $internal_url, admin_url => $admin_url, } + + class { '::heat::keystone::auth_cfn' : + password => $password, + auth_name => "${auth_name}-cfn", + service_type => 'cloudformation', + region => $region, + tenant => $keystone_tenant, + email => "${auth_name}-cfn@localhost", + configure_endpoint => true, + configure_user => $configure_user, + configure_user_role => $configure_user_role, + public_url => $public_url_cfn, + internal_url => $internal_url_cfn, + admin_url => $admin_url_cfn, + } + } diff --git a/deployment/puppet/osnailyfacter/modular/heat/cfn_keystone.pp b/deployment/puppet/osnailyfacter/modular/heat/cfn_keystone.pp deleted file mode 100644 index fee1ac2a22..0000000000 --- a/deployment/puppet/osnailyfacter/modular/heat/cfn_keystone.pp +++ /dev/null @@ -1,2 +0,0 @@ -include ::openstack_tasks::heat::cfn_keystone -warning('osnailyfacter/modular/./heat/cfn_keystone.pp is deprecated in mitaka and will be removed in newton. Please use openstack_tasks/examples/./heat/cfn_keystone.pp') diff --git a/tests/noop/spec/hosts/heat/cfn_keystone_spec.rb b/tests/noop/spec/hosts/heat/cfn_keystone_spec.rb deleted file mode 100644 index f2cc4ac38a..0000000000 --- a/tests/noop/spec/hosts/heat/cfn_keystone_spec.rb +++ /dev/null @@ -1,68 +0,0 @@ -require 'spec_helper' -require 'shared-examples' -manifest = 'heat/cfn_keystone.pp' - -describe manifest do - shared_examples 'catalog' do - it 'should set empty trusts_delegated_roles for heat auth' do - contain_class('heat::keystone::auth').with( - 'trusts_delegated_roles' => [], - ) - end - heat = Noop.hiera_hash('heat') - internal_protocol = 'http' - internal_address = Noop.hiera('management_vip') - admin_protocol = 'http' - admin_address = internal_address - - configure_user = heat.fetch('configure_user', true) - configure_user_role = heat.fetch('configure_user_role', true) - - auth_name_cfn = heat.fetch('cfn_auth_name', 'heat-cfn') - - if Noop.hiera_structure('use_ssl', false) - public_protocol = 'https' - public_address = Noop.hiera_structure('use_ssl/heat_public_hostname') - internal_protocol = 'https' - internal_address = Noop.hiera_structure('use_ssl/heat_internal_hostname') - admin_protocol = 'https' - admin_address = Noop.hiera_structure('use_ssl/heat_admin_hostname') - elsif Noop.hiera_structure('public_ssl/services') - public_protocol = 'https' - public_address = Noop.hiera_structure('public_ssl/hostname') - else - public_address = Noop.hiera('public_vip') - public_protocol = 'http' - end - - public_url_cfn = "#{public_protocol}://#{public_address}:8000/v1" - internal_url_cfn = "#{internal_protocol}://#{internal_address}:8000/v1" - admin_url_cfn = "#{admin_protocol}://#{admin_address}:8000/v1" - tenant = Noop.hiera_structure 'heat/tenant', 'services' - - it 'class heat::keystone::auth_cfn should contain correct *_url' do - should contain_class('heat::keystone::auth_cfn').with('public_url' => public_url_cfn) - should contain_class('heat::keystone::auth_cfn').with('internal_url' => internal_url_cfn) - should contain_class('heat::keystone::auth_cfn').with('admin_url' => admin_url_cfn) - end - - it 'should have explicit ordering between LB classes and particular actions' do - expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]", - "Class[heat::keystone::auth_cfn]") - expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]", - "Class[heat::keystone::auth_cfn]") - end - - it 'class heat::keystone::auth_cfn should contain configure_user parameters' do - should contain_class('heat::keystone::auth_cfn').with('configure_user' => configure_user) - should contain_class('heat::keystone::auth_cfn').with('configure_user_role' => configure_user_role) - end - - it 'class heat::keystone::auth_cfn should contain correct auth_name' do - should contain_class('heat::keystone::auth_cfn').with('auth_name' => auth_name_cfn) - end - - end - - test_ubuntu_and_centos manifest -end diff --git a/tests/noop/spec/hosts/heat/keystone_spec.rb b/tests/noop/spec/hosts/heat/keystone_spec.rb index b4546c4325..a0eb8927e9 100644 --- a/tests/noop/spec/hosts/heat/keystone_spec.rb +++ b/tests/noop/spec/hosts/heat/keystone_spec.rb @@ -38,6 +38,9 @@ describe manifest do public_url = "#{public_protocol}://#{public_address}:8004/v1/%(tenant_id)s" internal_url = "#{internal_protocol}://#{internal_address}:8004/v1/%(tenant_id)s" admin_url = "#{admin_protocol}://#{admin_address}:8004/v1/%(tenant_id)s" + public_url_cfn = "#{public_protocol}://#{public_address}:8000/v1" + internal_url_cfn = "#{internal_protocol}://#{internal_address}:8000/v1" + admin_url_cfn = "#{admin_protocol}://#{admin_address}:8000/v1" tenant = Noop.hiera_structure 'heat/tenant', 'services' it 'class heat::keystone::auth should contain correct *_url' do @@ -46,17 +49,32 @@ describe manifest do should contain_class('heat::keystone::auth').with('admin_url' => admin_url) end + it 'class heat::keystone::auth_cfn should contain correct *_url' do + should contain_class('heat::keystone::auth_cfn').with('public_url' => public_url_cfn) + should contain_class('heat::keystone::auth_cfn').with('internal_url' => internal_url_cfn) + should contain_class('heat::keystone::auth_cfn').with('admin_url' => admin_url_cfn) + end + it 'should have explicit ordering between LB classes and particular actions' do expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]", "Class[heat::keystone::auth]") expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]", "Class[heat::keystone::auth]") + expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]", + "Class[heat::keystone::auth_cfn]") + expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]", + "Class[heat::keystone::auth_cfn]") end it 'class heat::keystone::auth should contain tenant' do should contain_class('heat::keystone::auth').with('tenant' => tenant) end + it 'class heat::keystone::auth_cfn should contain configure_user parameters' do + should contain_class('heat::keystone::auth_cfn').with('configure_user' => configure_user) + should contain_class('heat::keystone::auth_cfn').with('configure_user_role' => configure_user_role) + end + it 'class heat::keystone::auth should contain configure_user parameters' do should contain_class('heat::keystone::auth').with('configure_user' => configure_user) should contain_class('heat::keystone::auth').with('configure_user_role' => configure_user_role)