diff --git a/deployment/puppet/openstack_tasks/manifests/ironic/ironic.pp b/deployment/puppet/openstack_tasks/manifests/ironic/ironic.pp index 3bd6ab57ed..890c090890 100644 --- a/deployment/puppet/openstack_tasks/manifests/ironic/ironic.pp +++ b/deployment/puppet/openstack_tasks/manifests/ironic/ironic.pp @@ -11,7 +11,6 @@ class openstack_tasks::ironic::ironic { $database_vip = hiera('database_vip') $keystone_endpoint = hiera('service_endpoint') - $neutron_endpoint = hiera('neutron_endpoint', $management_vip) $glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292") $debug = hiera('debug', false) $verbose = hiera('verbose', true) @@ -60,6 +59,11 @@ class openstack_tasks::ironic::ironic { $admin_identity_uri = "${admin_identity_protocol}://${admin_identity_address}:35357" $public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'ironic', 'public', 'protocol', 'http') $public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'ironic', 'public', 'hostname', $public_vip) + $neutron_endpoint_default = hiera('neutron_endpoint', $management_vip) + $neutron_protocol = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'protocol', 'http') + $neutron_endpoint = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'hostname', $neutron_endpoint_default) + + prepare_network_config(hiera_hash('network_scheme', {})) @@ -91,7 +95,7 @@ class openstack_tasks::ironic::ironic { admin_tenant_name => $ironic_tenant, admin_user => $ironic_user, admin_password => $ironic_user_password, - neutron_url => "http://${neutron_endpoint}:9696", + neutron_url => "${neutron_protocol}://${neutron_endpoint}:9696", public_endpoint => "${public_protocol}://${public_address}:6385", } diff --git a/deployment/puppet/openstack_tasks/manifests/ironic/keystone.pp b/deployment/puppet/openstack_tasks/manifests/ironic/keystone.pp index 3c5650ca86..a1f3c68390 100644 --- a/deployment/puppet/openstack_tasks/manifests/ironic/keystone.pp +++ b/deployment/puppet/openstack_tasks/manifests/ironic/keystone.pp @@ -5,6 +5,7 @@ class openstack_tasks::ironic::keystone { $ironic_hash = hiera_hash('ironic', {}) $public_vip = hiera('public_vip') $management_vip = hiera('management_vip') + $ssl_hash = hiera_hash('use_ssl', {}) $public_ssl_hash = hiera_hash('public_ssl') $ironic_tenant = pick($ironic_hash['tenant'],'services') $ironic_user = pick($ironic_hash['auth_name'],'ironic') @@ -16,20 +17,20 @@ class openstack_tasks::ironic::keystone { Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::ironic::keystone::auth'] - $public_address = $public_ssl_hash['services'] ? { - true => $public_ssl_hash['hostname'], - default => $public_vip, - } - $public_protocol = $public_ssl_hash['services'] ? { - true => 'https', - default => 'http', - } - $region = hiera('region', 'RegionOne') $tenant = pick($ironic_hash['tenant'], 'services') - $public_url = "${public_protocol}://${public_address}:6385" - $admin_url = "http://${management_vip}:6385" - $internal_url = "http://${management_vip}:6385" + + $public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'ironic', 'public', 'protocol', 'http') + $public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'ironic', 'public', 'hostname', [$public_vip]) + $internal_protocol = get_ssl_property($ssl_hash, {}, 'ironic', 'internal', 'protocol', 'http') + $internal_address = get_ssl_property($ssl_hash, {}, 'ironic', 'internal', 'hostname', [$management_vip]) + $admin_protocol = get_ssl_property($ssl_hash, {}, 'ironic', 'admin', 'protocol', 'http') + $admin_address = get_ssl_property($ssl_hash, {}, 'ironic', 'admin', 'hostname', [$management_vip]) + + $public_url = "${public_protocol}://${public_address}:6385" + $admin_url = "${admin_protocol}://${admin_address}:6385" + $internal_url = "${internal_protocol}://${internal_address}:6385" + class { '::osnailyfacter::wait_for_keystone_backends':} class { '::ironic::keystone::auth': diff --git a/deployment/puppet/openstack_tasks/manifests/roles/ironic_conductor.pp b/deployment/puppet/openstack_tasks/manifests/roles/ironic_conductor.pp index f280365a43..8e3ad03edc 100644 --- a/deployment/puppet/openstack_tasks/manifests/roles/ironic_conductor.pp +++ b/deployment/puppet/openstack_tasks/manifests/roles/ironic_conductor.pp @@ -14,7 +14,6 @@ class openstack_tasks::roles::ironic_conductor { $database_vip = hiera('database_vip') $service_endpoint = hiera('service_endpoint') - $neutron_endpoint = hiera('neutron_endpoint', $management_vip) $glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292") $amqp_hosts = hiera('amqp_hosts') $rabbit_hosts = split($amqp_hosts, ',') @@ -31,6 +30,18 @@ class openstack_tasks::roles::ironic_conductor { $ironic_user_password = pick($ironic_hash['user_password'],'ironic') $ironic_swift_tempurl_key = pick($ironic_hash['swift_tempurl_key'],'ironic') + $ssl_hash = hiera('use_ssl', {}) + $neutron_endpoint_default = hiera('neutron_endpoint', $management_vip) + $neutron_protocol = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'protocol', 'http') + $neutron_endpoint = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'hostname', $neutron_endpoint_default) + $neutron_uri = "${neutron_protocol}://${neutron_endpoint}:9696" + $internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http') + $internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip]) + $internal_auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000" + $admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http') + $admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip]) + $admin_identity_uri = "${admin_identity_protocol}://${admin_identity_address}:35357" + $db_type = 'mysql' $db_host = pick($ironic_hash['db_host'], $database_vip) $db_user = pick($ironic_hash['db_user'], 'ironic') @@ -88,9 +99,9 @@ class openstack_tasks::roles::ironic_conductor { } ironic_config { - 'neutron/url': value => "http://${neutron_endpoint}:9696"; - 'keystone_authtoken/auth_uri': value => "http://${service_endpoint}:5000/"; - 'keystone_authtoken/auth_host': value => $service_endpoint; + 'neutron/url': value => $neutron_uri; + 'keystone_authtoken/auth_uri': value => $internal_auth_uri; + 'keystone_authtoken/identity_uri': value => $admin_identity_uri; 'keystone_authtoken/admin_tenant_name': value => $ironic_tenant; 'keystone_authtoken/admin_user': value => $ironic_user; 'keystone_authtoken/admin_password': value => $ironic_user_password, secret => true; diff --git a/tests/noop/spec/hosts/ironic/ironic-compute_spec.rb b/tests/noop/spec/hosts/ironic/ironic-compute_spec.rb index 288bc3e5dc..c00659c86a 100644 --- a/tests/noop/spec/hosts/ironic/ironic-compute_spec.rb +++ b/tests/noop/spec/hosts/ironic/ironic-compute_spec.rb @@ -55,7 +55,6 @@ describe manifest do end end - public_ssl_hash = Noop.hiera_hash('public_ssl') let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} } let(:admin_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone', 'admin','protocol','http' } let(:admin_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin', 'hostname', [Noop.hiera('service_endpoint', Noop.hiera('management_vip'))]} diff --git a/tests/noop/spec/hosts/ironic/ironic_spec.rb b/tests/noop/spec/hosts/ironic/ironic_spec.rb index da7061faef..abfc5f5194 100644 --- a/tests/noop/spec/hosts/ironic/ironic_spec.rb +++ b/tests/noop/spec/hosts/ironic/ironic_spec.rb @@ -43,6 +43,10 @@ if ironic_enabled end let(:public_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'ironic','admin','protocol','http' } let(:public_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'ironic','admin','hostname', public_vip } + let(:neutron_endpoint_default) {Noop.hiera 'neutron_endpoint', management_vip } + let(:neutron_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'neutron','internal','protocol','http' } + let(:neutron_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'neutron','internal','hostname', neutron_endpoint_default } + it 'should configure default_log_levels' do should contain_ironic_config('DEFAULT/default_log_levels').with_value(default_log_levels.sort.join(',')) @@ -66,6 +70,7 @@ if ironic_enabled 'admin_tenant_name' => admin_tenant, 'admin_user' => admin_user, 'admin_password' => admin_password, + 'neutron_url' => "#{neutron_protocol}://#{neutron_address}:9696", 'public_endpoint' => "#{public_protocol}://#{public_address}:6385" ) end diff --git a/tests/noop/spec/hosts/ironic/keystone_spec.rb b/tests/noop/spec/hosts/ironic/keystone_spec.rb index 8607e679b2..37859e258b 100644 --- a/tests/noop/spec/hosts/ironic/keystone_spec.rb +++ b/tests/noop/spec/hosts/ironic/keystone_spec.rb @@ -11,15 +11,17 @@ describe manifest do if ironic_enabled public_vip = Noop.hiera('public_vip') admin_address = Noop.hiera('management_vip') - public_ssl = Noop.hiera_structure('public_ssl/services') - - if public_ssl - public_address = Noop.hiera_structure('public_ssl/hostname') - public_protocol = 'https' - else - public_address = public_vip - public_protocol = 'http' - end + let(:public_ssl_hash) { Noop.hiera_hash('public_ssl') } + let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} } + let(:public_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'ironic','public','protocol','http' } + let(:public_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'ironic','public','hostname', public_vip } + let(:internal_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'ironic','internal','protocol','http' } + let(:internal_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'ironic','internal','hostname', admin_address } + let(:admin_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'ironic','admin','protocol','http' } + let(:admin_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'ironic','admin','hostname', admin_address } + let(:public_url) { "#{public_protocol}://#{public_address}:6385" } + let(:admin_url) { "#{admin_protocol}://#{admin_address}:6385" } + let(:internal_url) { "#{internal_protocol}://#{internal_address}:6385" } auth_name = Noop.hiera_structure('ironic/auth_name', 'ironic') password = Noop.hiera_structure('ironic/user_password') @@ -29,8 +31,6 @@ describe manifest do region = Noop.hiera_structure('ironic/region', 'RegionOne') tenant = Noop.hiera_structure('ironic/tenant', 'services') service_name = Noop.hiera_structure('ironic/service_name', 'ironic') - public_url = "#{public_protocol}://#{public_address}:6385" - admin_url = "http://#{admin_address}:6385" it 'should have explicit ordering between LB classes and particular actions' do expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]", @@ -49,7 +49,7 @@ describe manifest do 'service_name' => service_name, 'public_url' => public_url, 'admin_url' => admin_url, - 'internal_url' => admin_url, + 'internal_url' => internal_url, 'region' => region, 'tenant' => tenant, ) diff --git a/tests/noop/spec/hosts/roles/ironic-conductor_spec.rb b/tests/noop/spec/hosts/roles/ironic-conductor_spec.rb index cf73f1e6b1..166cb87a7e 100644 --- a/tests/noop/spec/hosts/roles/ironic-conductor_spec.rb +++ b/tests/noop/spec/hosts/roles/ironic-conductor_spec.rb @@ -47,12 +47,28 @@ describe manifest do management_vip = Noop.hiera 'management_vip' service_endpoint = Noop.hiera 'service_endpoint', management_vip neutron_endpoint = Noop.hiera 'neutron_endpoint', service_endpoint - neutron_url = "http://#{neutron_endpoint}:9696" ironic_user = Noop.hiera_structure 'ironic/user', 'ironic' temp_url_endpoint_type = (storage_config['images_ceph']) ? 'radosgw' : 'swift' + + let(:public_ssl_hash) { Noop.hiera_hash('public_ssl') } + let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} } + let(:service_endpoint) { Noop.hiera 'service_endpoint' } + let(:neutron_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'neutron','internal','protocol','http' } + let(:neutron_endpoint) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'neutron','internal','hostname', management_vip } + let(:neutron_url) { "#{neutron_protocol}://#{neutron_endpoint}:9696" } + let(:internal_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','protocol','http' } + let(:internal_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','hostname', [ service_endpoint, management_vip ] } + let(:internal_auth_uri) { "#{internal_auth_protocol}://#{internal_auth_address}:5000" } + let(:admin_identity_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','protocol','http' } + let(:admin_identity_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','hostname', [ service_endpoint, management_vip ] } + let(:admin_identity_uri) { "#{internal_auth_protocol}://#{internal_auth_address}:35357" } + + it 'ironic config should have propper config options' do should contain_ironic_config('pxe/tftp_root').with('value' => '/var/lib/ironic/tftpboot') should contain_ironic_config('neutron/url').with('value' => neutron_url) + should contain_ironic_config('keystone_authtoken/auth_uri').with('value' => internal_auth_uri) + should contain_ironic_config('keystone_authtoken/identity_uri').with('value' => admin_identity_uri) should contain_ironic_config('keystone_authtoken/admin_user').with('value' => ironic_user) should contain_ironic_config('glance/temp_url_endpoint_type').with('value' => temp_url_endpoint_type) end