openstack/fuel-library
Code Issues Proposed changes

Revert "Add ability to configure heat-cfn keystone auth_name via hiera"

Browse Source 
This reverts commit fad1a25e3e.

The change has an incorrect puppet_manifest in the heat-cfn-keystone
task which causes deployments to fail.

Change-Id: Ie4b976d170b79c041a6979427806b0867d2b805d
Closes-Bug: #1569547
This commit is contained in:
Alex Schultz 2016-04-12 19:56:35 +00:00
parent 82cf170f65
commit acae2bbca8
6 changed files with 38 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
deployment/puppet/openstack_tasks/examples/heat/tasks.yaml
View File

@ -59,16 +59,3 @@
puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/heat/keystone.pp puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/heat/keystone.pp
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
timeout: 1800 timeout: 1800
- id: heat-cfn-keystone
type: puppet
version: 2.0.0
groups: [primary-controller]
required_for: [heat, primary-heat]
requires: [primary-keystone, keystone]
cross-depends:
- name: keystone
parameters:
puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/heat/cfn_keystone.pp
puppet_modules: /etc/puppet/modules
timeout: 1800

56
deployment/puppet/openstack_tasks/manifests/heat/cfn_keystone.pp
View File

@ -1,56 +0,0 @@
class openstack_tasks::heat::cfn_keystone {
notice('MODULAR: heat/cfn_keystone.pp')
$heat_hash = hiera_hash('heat', {})
$public_vip = hiera('public_vip')
$region = pick($heat_hash['region'], hiera('region', 'RegionOne'))
$management_vip = hiera('management_vip')
$public_ssl_hash = hiera_hash('public_ssl')
$ssl_hash = hiera_hash('use_ssl', {})
$public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'heat', 'public', 'protocol', 'http')
$public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'heat', 'public', 'hostname', [$public_vip])
$internal_protocol = get_ssl_property($ssl_hash, {}, 'heat', 'internal', 'protocol', 'http')
$internal_address = get_ssl_property($ssl_hash, {}, 'heat', 'internal', 'hostname', [hiera('heat_endpoint', ''), $management_vip])
$admin_protocol = get_ssl_property($ssl_hash, {}, 'heat', 'admin', 'protocol', 'http')
$admin_address = get_ssl_property($ssl_hash, {}, 'heat', 'admin', 'hostname', [hiera('heat_endpoint', ''), $management_vip])
$password = $heat_hash['user_password']
$cfn_auth_name = pick($heat_hash['cfn_auth_name'], 'heat-cfn')
$configure_endpoint = pick($heat_hash['configure_endpoint'], true)
$configure_user = pick($heat_hash['configure_user'], true)
$configure_user_role = pick($heat_hash['configure_user_role'], true)
$service_name = pick($heat_hash['service_name'], 'heat')
$tenant = pick($heat_hash['tenant'], 'services')
$cfn_auth_email = pick($heat_hash['cfn_auth_email'], "${cfn_auth_name}@localhost")
Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::heat::keystone::auth_cfn']
validate_string($public_address)
validate_string($password)
$public_url_cfn = "${public_protocol}://${public_address}:8000/v1"
$internal_url_cfn = "${internal_protocol}://${internal_address}:8000/v1"
$admin_url_cfn = "${admin_protocol}://${admin_address}:8000/v1"
class { '::osnailyfacter::wait_for_keystone_backends': }
class { '::heat::keystone::auth_cfn' :
password => $password,
auth_name => $cfn_auth_name,
service_type => 'cloudformation',
region => $region,
tenant => $keystone_tenant,
email => $cfn_auth_email,
configure_endpoint => true,
configure_user => $configure_user,
configure_user_role => $configure_user_role,
public_url => $public_url_cfn,
internal_url => $internal_url_cfn,
admin_url => $admin_url_cfn,
}
}

20
deployment/puppet/openstack_tasks/manifests/heat/keystone.pp
View File

@ -27,6 +27,7 @@ class openstack_tasks::heat::keystone {
$tenant = pick($heat_hash['tenant'], 'services') $tenant = pick($heat_hash['tenant'], 'services')
Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::heat::keystone::auth'] Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::heat::keystone::auth']
Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::heat::keystone::auth_cfn']
validate_string($public_address) validate_string($public_address)
validate_string($password) validate_string($password)
@ -34,6 +35,9 @@ class openstack_tasks::heat::keystone {
$public_url = "${public_protocol}://${public_address}:8004/v1/%(tenant_id)s" $public_url = "${public_protocol}://${public_address}:8004/v1/%(tenant_id)s"
$internal_url = "${internal_protocol}://${internal_address}:8004/v1/%(tenant_id)s" $internal_url = "${internal_protocol}://${internal_address}:8004/v1/%(tenant_id)s"
$admin_url = "${admin_protocol}://${admin_address}:8004/v1/%(tenant_id)s" $admin_url = "${admin_protocol}://${admin_address}:8004/v1/%(tenant_id)s"
$public_url_cfn = "${public_protocol}://${public_address}:8000/v1"
$internal_url_cfn = "${internal_protocol}://${internal_address}:8000/v1"
$admin_url_cfn = "${admin_protocol}://${admin_address}:8000/v1"
class { '::osnailyfacter::wait_for_keystone_backends': } class { '::osnailyfacter::wait_for_keystone_backends': }
@ -51,4 +55,20 @@ class openstack_tasks::heat::keystone {
internal_url => $internal_url, internal_url => $internal_url,
admin_url => $admin_url, admin_url => $admin_url,
} }
class { '::heat::keystone::auth_cfn' :
password => $password,
auth_name => "${auth_name}-cfn",
service_type => 'cloudformation',
region => $region,
tenant => $keystone_tenant,
email => "${auth_name}-cfn@localhost",
configure_endpoint => true,
configure_user => $configure_user,
configure_user_role => $configure_user_role,
public_url => $public_url_cfn,
internal_url => $internal_url_cfn,
admin_url => $admin_url_cfn,
}
} }

2
deployment/puppet/osnailyfacter/modular/heat/cfn_keystone.pp
View File

@ -1,2 +0,0 @@
include ::openstack_tasks::heat::cfn_keystone
warning('osnailyfacter/modular/./heat/cfn_keystone.pp is deprecated in mitaka and will be removed in newton. Please use openstack_tasks/examples/./heat/cfn_keystone.pp')

68
tests/noop/spec/hosts/heat/cfn_keystone_spec.rb
View File

@ -1,68 +0,0 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'heat/cfn_keystone.pp'
describe manifest do
shared_examples 'catalog' do
it 'should set empty trusts_delegated_roles for heat auth' do
contain_class('heat::keystone::auth').with(
'trusts_delegated_roles' => [],
)
end
heat = Noop.hiera_hash('heat')
internal_protocol = 'http'
internal_address = Noop.hiera('management_vip')
admin_protocol = 'http'
admin_address = internal_address
configure_user = heat.fetch('configure_user', true)
configure_user_role = heat.fetch('configure_user_role', true)
auth_name_cfn = heat.fetch('cfn_auth_name', 'heat-cfn')
if Noop.hiera_structure('use_ssl', false)
public_protocol = 'https'
public_address = Noop.hiera_structure('use_ssl/heat_public_hostname')
internal_protocol = 'https'
internal_address = Noop.hiera_structure('use_ssl/heat_internal_hostname')
admin_protocol = 'https'
admin_address = Noop.hiera_structure('use_ssl/heat_admin_hostname')
elsif Noop.hiera_structure('public_ssl/services')
public_protocol = 'https'
public_address = Noop.hiera_structure('public_ssl/hostname')
else
public_address = Noop.hiera('public_vip')
public_protocol = 'http'
end
public_url_cfn = "#{public_protocol}://#{public_address}:8000/v1"
internal_url_cfn = "#{internal_protocol}://#{internal_address}:8000/v1"
admin_url_cfn = "#{admin_protocol}://#{admin_address}:8000/v1"
tenant = Noop.hiera_structure 'heat/tenant', 'services'
it 'class heat::keystone::auth_cfn should contain correct *_url' do
should contain_class('heat::keystone::auth_cfn').with('public_url' => public_url_cfn)
should contain_class('heat::keystone::auth_cfn').with('internal_url' => internal_url_cfn)
should contain_class('heat::keystone::auth_cfn').with('admin_url' => admin_url_cfn)
end
it 'should have explicit ordering between LB classes and particular actions' do
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]",
"Class[heat::keystone::auth_cfn]")
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]",
"Class[heat::keystone::auth_cfn]")
end
it 'class heat::keystone::auth_cfn should contain configure_user parameters' do
should contain_class('heat::keystone::auth_cfn').with('configure_user' => configure_user)
should contain_class('heat::keystone::auth_cfn').with('configure_user_role' => configure_user_role)
end
it 'class heat::keystone::auth_cfn should contain correct auth_name' do
should contain_class('heat::keystone::auth_cfn').with('auth_name' => auth_name_cfn)
end
end
test_ubuntu_and_centos manifest
end

18
tests/noop/spec/hosts/heat/keystone_spec.rb
View File

@ -38,6 +38,9 @@ describe manifest do
public_url = "#{public_protocol}://#{public_address}:8004/v1/%(tenant_id)s" public_url = "#{public_protocol}://#{public_address}:8004/v1/%(tenant_id)s"
internal_url = "#{internal_protocol}://#{internal_address}:8004/v1/%(tenant_id)s" internal_url = "#{internal_protocol}://#{internal_address}:8004/v1/%(tenant_id)s"
admin_url = "#{admin_protocol}://#{admin_address}:8004/v1/%(tenant_id)s" admin_url = "#{admin_protocol}://#{admin_address}:8004/v1/%(tenant_id)s"
public_url_cfn = "#{public_protocol}://#{public_address}:8000/v1"
internal_url_cfn = "#{internal_protocol}://#{internal_address}:8000/v1"
admin_url_cfn = "#{admin_protocol}://#{admin_address}:8000/v1"
tenant = Noop.hiera_structure 'heat/tenant', 'services' tenant = Noop.hiera_structure 'heat/tenant', 'services'
it 'class heat::keystone::auth should contain correct *_url' do it 'class heat::keystone::auth should contain correct *_url' do
@ -46,17 +49,32 @@ describe manifest do
should contain_class('heat::keystone::auth').with('admin_url' => admin_url) should contain_class('heat::keystone::auth').with('admin_url' => admin_url)
end end
it 'class heat::keystone::auth_cfn should contain correct *_url' do
should contain_class('heat::keystone::auth_cfn').with('public_url' => public_url_cfn)
should contain_class('heat::keystone::auth_cfn').with('internal_url' => internal_url_cfn)
should contain_class('heat::keystone::auth_cfn').with('admin_url' => admin_url_cfn)
end
it 'should have explicit ordering between LB classes and particular actions' do it 'should have explicit ordering between LB classes and particular actions' do
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]", expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]",
"Class[heat::keystone::auth]") "Class[heat::keystone::auth]")
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]", expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]",
"Class[heat::keystone::auth]") "Class[heat::keystone::auth]")
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]",
"Class[heat::keystone::auth_cfn]")
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]",
"Class[heat::keystone::auth_cfn]")
end end
it 'class heat::keystone::auth should contain tenant' do it 'class heat::keystone::auth should contain tenant' do
should contain_class('heat::keystone::auth').with('tenant' => tenant) should contain_class('heat::keystone::auth').with('tenant' => tenant)
end end
it 'class heat::keystone::auth_cfn should contain configure_user parameters' do
should contain_class('heat::keystone::auth_cfn').with('configure_user' => configure_user)
should contain_class('heat::keystone::auth_cfn').with('configure_user_role' => configure_user_role)
end
it 'class heat::keystone::auth should contain configure_user parameters' do it 'class heat::keystone::auth should contain configure_user parameters' do
should contain_class('heat::keystone::auth').with('configure_user' => configure_user) should contain_class('heat::keystone::auth').with('configure_user' => configure_user)
should contain_class('heat::keystone::auth').with('configure_user_role' => configure_user_role) should contain_class('heat::keystone::auth').with('configure_user_role' => configure_user_role)