Use ssl lookups for ironic endpoints
The endpoints used by ironic should lookup the procol and hostname from the ssl hash. This change switches the endpoint lookups to query the ssl hash for tls configuration support. Change-Id: I79a50493211b1973d285d5f2b19f5330c003768e Closes-Bug: #1568059
This commit is contained in:
parent
bedd29639a
commit
af4241d86f
@ -11,7 +11,6 @@ class openstack_tasks::ironic::ironic {
|
||||
|
||||
$database_vip = hiera('database_vip')
|
||||
$keystone_endpoint = hiera('service_endpoint')
|
||||
$neutron_endpoint = hiera('neutron_endpoint', $management_vip)
|
||||
$glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292")
|
||||
$debug = hiera('debug', false)
|
||||
$verbose = hiera('verbose', true)
|
||||
@ -60,6 +59,11 @@ class openstack_tasks::ironic::ironic {
|
||||
$admin_identity_uri = "${admin_identity_protocol}://${admin_identity_address}:35357"
|
||||
$public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'ironic', 'public', 'protocol', 'http')
|
||||
$public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'ironic', 'public', 'hostname', $public_vip)
|
||||
$neutron_endpoint_default = hiera('neutron_endpoint', $management_vip)
|
||||
$neutron_protocol = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'protocol', 'http')
|
||||
$neutron_endpoint = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'hostname', $neutron_endpoint_default)
|
||||
|
||||
|
||||
|
||||
prepare_network_config(hiera_hash('network_scheme', {}))
|
||||
|
||||
@ -91,7 +95,7 @@ class openstack_tasks::ironic::ironic {
|
||||
admin_tenant_name => $ironic_tenant,
|
||||
admin_user => $ironic_user,
|
||||
admin_password => $ironic_user_password,
|
||||
neutron_url => "http://${neutron_endpoint}:9696",
|
||||
neutron_url => "${neutron_protocol}://${neutron_endpoint}:9696",
|
||||
public_endpoint => "${public_protocol}://${public_address}:6385",
|
||||
}
|
||||
|
||||
|
@ -5,6 +5,7 @@ class openstack_tasks::ironic::keystone {
|
||||
$ironic_hash = hiera_hash('ironic', {})
|
||||
$public_vip = hiera('public_vip')
|
||||
$management_vip = hiera('management_vip')
|
||||
$ssl_hash = hiera_hash('use_ssl', {})
|
||||
$public_ssl_hash = hiera_hash('public_ssl')
|
||||
$ironic_tenant = pick($ironic_hash['tenant'],'services')
|
||||
$ironic_user = pick($ironic_hash['auth_name'],'ironic')
|
||||
@ -16,20 +17,20 @@ class openstack_tasks::ironic::keystone {
|
||||
|
||||
Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::ironic::keystone::auth']
|
||||
|
||||
$public_address = $public_ssl_hash['services'] ? {
|
||||
true => $public_ssl_hash['hostname'],
|
||||
default => $public_vip,
|
||||
}
|
||||
$public_protocol = $public_ssl_hash['services'] ? {
|
||||
true => 'https',
|
||||
default => 'http',
|
||||
}
|
||||
|
||||
$region = hiera('region', 'RegionOne')
|
||||
$tenant = pick($ironic_hash['tenant'], 'services')
|
||||
|
||||
$public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'ironic', 'public', 'protocol', 'http')
|
||||
$public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'ironic', 'public', 'hostname', [$public_vip])
|
||||
$internal_protocol = get_ssl_property($ssl_hash, {}, 'ironic', 'internal', 'protocol', 'http')
|
||||
$internal_address = get_ssl_property($ssl_hash, {}, 'ironic', 'internal', 'hostname', [$management_vip])
|
||||
$admin_protocol = get_ssl_property($ssl_hash, {}, 'ironic', 'admin', 'protocol', 'http')
|
||||
$admin_address = get_ssl_property($ssl_hash, {}, 'ironic', 'admin', 'hostname', [$management_vip])
|
||||
|
||||
$public_url = "${public_protocol}://${public_address}:6385"
|
||||
$admin_url = "http://${management_vip}:6385"
|
||||
$internal_url = "http://${management_vip}:6385"
|
||||
$admin_url = "${admin_protocol}://${admin_address}:6385"
|
||||
$internal_url = "${internal_protocol}://${internal_address}:6385"
|
||||
|
||||
|
||||
class { '::osnailyfacter::wait_for_keystone_backends':}
|
||||
class { '::ironic::keystone::auth':
|
||||
|
@ -14,7 +14,6 @@ class openstack_tasks::roles::ironic_conductor {
|
||||
|
||||
$database_vip = hiera('database_vip')
|
||||
$service_endpoint = hiera('service_endpoint')
|
||||
$neutron_endpoint = hiera('neutron_endpoint', $management_vip)
|
||||
$glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292")
|
||||
$amqp_hosts = hiera('amqp_hosts')
|
||||
$rabbit_hosts = split($amqp_hosts, ',')
|
||||
@ -31,6 +30,18 @@ class openstack_tasks::roles::ironic_conductor {
|
||||
$ironic_user_password = pick($ironic_hash['user_password'],'ironic')
|
||||
$ironic_swift_tempurl_key = pick($ironic_hash['swift_tempurl_key'],'ironic')
|
||||
|
||||
$ssl_hash = hiera('use_ssl', {})
|
||||
$neutron_endpoint_default = hiera('neutron_endpoint', $management_vip)
|
||||
$neutron_protocol = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'protocol', 'http')
|
||||
$neutron_endpoint = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'hostname', $neutron_endpoint_default)
|
||||
$neutron_uri = "${neutron_protocol}://${neutron_endpoint}:9696"
|
||||
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
|
||||
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
|
||||
$internal_auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000"
|
||||
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
|
||||
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
||||
$admin_identity_uri = "${admin_identity_protocol}://${admin_identity_address}:35357"
|
||||
|
||||
$db_type = 'mysql'
|
||||
$db_host = pick($ironic_hash['db_host'], $database_vip)
|
||||
$db_user = pick($ironic_hash['db_user'], 'ironic')
|
||||
@ -88,9 +99,9 @@ class openstack_tasks::roles::ironic_conductor {
|
||||
}
|
||||
|
||||
ironic_config {
|
||||
'neutron/url': value => "http://${neutron_endpoint}:9696";
|
||||
'keystone_authtoken/auth_uri': value => "http://${service_endpoint}:5000/";
|
||||
'keystone_authtoken/auth_host': value => $service_endpoint;
|
||||
'neutron/url': value => $neutron_uri;
|
||||
'keystone_authtoken/auth_uri': value => $internal_auth_uri;
|
||||
'keystone_authtoken/identity_uri': value => $admin_identity_uri;
|
||||
'keystone_authtoken/admin_tenant_name': value => $ironic_tenant;
|
||||
'keystone_authtoken/admin_user': value => $ironic_user;
|
||||
'keystone_authtoken/admin_password': value => $ironic_user_password, secret => true;
|
||||
|
@ -55,7 +55,6 @@ describe manifest do
|
||||
end
|
||||
end
|
||||
|
||||
public_ssl_hash = Noop.hiera_hash('public_ssl')
|
||||
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
|
||||
let(:admin_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone', 'admin','protocol','http' }
|
||||
let(:admin_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin', 'hostname', [Noop.hiera('service_endpoint', Noop.hiera('management_vip'))]}
|
||||
|
@ -43,6 +43,10 @@ if ironic_enabled
|
||||
end
|
||||
let(:public_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'ironic','admin','protocol','http' }
|
||||
let(:public_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'ironic','admin','hostname', public_vip }
|
||||
let(:neutron_endpoint_default) {Noop.hiera 'neutron_endpoint', management_vip }
|
||||
let(:neutron_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'neutron','internal','protocol','http' }
|
||||
let(:neutron_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'neutron','internal','hostname', neutron_endpoint_default }
|
||||
|
||||
|
||||
it 'should configure default_log_levels' do
|
||||
should contain_ironic_config('DEFAULT/default_log_levels').with_value(default_log_levels.sort.join(','))
|
||||
@ -66,6 +70,7 @@ if ironic_enabled
|
||||
'admin_tenant_name' => admin_tenant,
|
||||
'admin_user' => admin_user,
|
||||
'admin_password' => admin_password,
|
||||
'neutron_url' => "#{neutron_protocol}://#{neutron_address}:9696",
|
||||
'public_endpoint' => "#{public_protocol}://#{public_address}:6385"
|
||||
)
|
||||
end
|
||||
|
@ -11,15 +11,17 @@ describe manifest do
|
||||
if ironic_enabled
|
||||
public_vip = Noop.hiera('public_vip')
|
||||
admin_address = Noop.hiera('management_vip')
|
||||
public_ssl = Noop.hiera_structure('public_ssl/services')
|
||||
|
||||
if public_ssl
|
||||
public_address = Noop.hiera_structure('public_ssl/hostname')
|
||||
public_protocol = 'https'
|
||||
else
|
||||
public_address = public_vip
|
||||
public_protocol = 'http'
|
||||
end
|
||||
let(:public_ssl_hash) { Noop.hiera_hash('public_ssl') }
|
||||
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
|
||||
let(:public_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'ironic','public','protocol','http' }
|
||||
let(:public_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'ironic','public','hostname', public_vip }
|
||||
let(:internal_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'ironic','internal','protocol','http' }
|
||||
let(:internal_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'ironic','internal','hostname', admin_address }
|
||||
let(:admin_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'ironic','admin','protocol','http' }
|
||||
let(:admin_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'ironic','admin','hostname', admin_address }
|
||||
let(:public_url) { "#{public_protocol}://#{public_address}:6385" }
|
||||
let(:admin_url) { "#{admin_protocol}://#{admin_address}:6385" }
|
||||
let(:internal_url) { "#{internal_protocol}://#{internal_address}:6385" }
|
||||
|
||||
auth_name = Noop.hiera_structure('ironic/auth_name', 'ironic')
|
||||
password = Noop.hiera_structure('ironic/user_password')
|
||||
@ -29,8 +31,6 @@ describe manifest do
|
||||
region = Noop.hiera_structure('ironic/region', 'RegionOne')
|
||||
tenant = Noop.hiera_structure('ironic/tenant', 'services')
|
||||
service_name = Noop.hiera_structure('ironic/service_name', 'ironic')
|
||||
public_url = "#{public_protocol}://#{public_address}:6385"
|
||||
admin_url = "http://#{admin_address}:6385"
|
||||
|
||||
it 'should have explicit ordering between LB classes and particular actions' do
|
||||
expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]",
|
||||
@ -49,7 +49,7 @@ describe manifest do
|
||||
'service_name' => service_name,
|
||||
'public_url' => public_url,
|
||||
'admin_url' => admin_url,
|
||||
'internal_url' => admin_url,
|
||||
'internal_url' => internal_url,
|
||||
'region' => region,
|
||||
'tenant' => tenant,
|
||||
)
|
||||
|
@ -47,12 +47,28 @@ describe manifest do
|
||||
management_vip = Noop.hiera 'management_vip'
|
||||
service_endpoint = Noop.hiera 'service_endpoint', management_vip
|
||||
neutron_endpoint = Noop.hiera 'neutron_endpoint', service_endpoint
|
||||
neutron_url = "http://#{neutron_endpoint}:9696"
|
||||
ironic_user = Noop.hiera_structure 'ironic/user', 'ironic'
|
||||
temp_url_endpoint_type = (storage_config['images_ceph']) ? 'radosgw' : 'swift'
|
||||
|
||||
let(:public_ssl_hash) { Noop.hiera_hash('public_ssl') }
|
||||
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
|
||||
let(:service_endpoint) { Noop.hiera 'service_endpoint' }
|
||||
let(:neutron_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'neutron','internal','protocol','http' }
|
||||
let(:neutron_endpoint) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'neutron','internal','hostname', management_vip }
|
||||
let(:neutron_url) { "#{neutron_protocol}://#{neutron_endpoint}:9696" }
|
||||
let(:internal_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','protocol','http' }
|
||||
let(:internal_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','hostname', [ service_endpoint, management_vip ] }
|
||||
let(:internal_auth_uri) { "#{internal_auth_protocol}://#{internal_auth_address}:5000" }
|
||||
let(:admin_identity_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','protocol','http' }
|
||||
let(:admin_identity_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','hostname', [ service_endpoint, management_vip ] }
|
||||
let(:admin_identity_uri) { "#{internal_auth_protocol}://#{internal_auth_address}:35357" }
|
||||
|
||||
|
||||
it 'ironic config should have propper config options' do
|
||||
should contain_ironic_config('pxe/tftp_root').with('value' => '/var/lib/ironic/tftpboot')
|
||||
should contain_ironic_config('neutron/url').with('value' => neutron_url)
|
||||
should contain_ironic_config('keystone_authtoken/auth_uri').with('value' => internal_auth_uri)
|
||||
should contain_ironic_config('keystone_authtoken/identity_uri').with('value' => admin_identity_uri)
|
||||
should contain_ironic_config('keystone_authtoken/admin_user').with('value' => ironic_user)
|
||||
should contain_ironic_config('glance/temp_url_endpoint_type').with('value' => temp_url_endpoint_type)
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user