openstack
/
fuel-library
Code Issues Proposed changes

Sync glance module with upstream 

master commit: 646a6cd15f2c358c6fde25dbb795615f45913d96

Fuel-CI: disable
Partially implements: blueprint upgrade-openstack-puppet-modules

Change-Id: Ifa9e699e4165f254664a9f6272adcc5b72e41cf8
This commit is contained in:
Denis Egorenko 2015-06-18 13:30:31 +03:00
parent fa5366b7a1
commit e1d3ab1cae
65 changed files with 2453 additions and 1243 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
deployment/puppet/glance/.fixtures.yml
View File

@ -1,17 +1,17 @@
fixtures:
repositories:
"apt": "git://github.com/puppetlabs/puppetlabs-apt.git"
"keystone": "git://github.com/stackforge/puppet-keystone.git"
"mysql":
repo: "git://github.com/puppetlabs/puppetlabs-mysql.git"
ref: 'origin/0.x'
"stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git"
"rabbitmq":
repo: "git://github.com/puppetlabs/puppetlabs-rabbitmq"
'apt': 'git://github.com/puppetlabs/puppetlabs-apt.git'
'concat':
'repo': 'git://github.com/puppetlabs/puppetlabs-concat.git'
'ref': '1.2.1'
'keystone': 'git://github.com/stackforge/puppet-keystone.git'
'mysql': 'git://github.com/puppetlabs/puppetlabs-mysql.git'
'openstacklib': 'git://github.com/stackforge/puppet-openstacklib.git'
'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git'
'rabbitmq':
repo: 'git://github.com/puppetlabs/puppetlabs-rabbitmq'
ref: 'origin/2.x'
'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile'
"postgresql":
repo: "git://github.com/puppetlabs/puppet-postgresql.git"
ref: "2.5.0"
'postgresql': 'git://github.com/puppetlabs/puppet-postgresql.git'
symlinks:
"glance": "#{source_dir}"

5
deployment/puppet/glance/.gitignore vendored
View File

@ -1,5 +0,0 @@
spec/fixtures/modules/*
spec/fixtures/manifests/*
*swp
pkg
Gemfile.lock

167
deployment/puppet/glance/CHANGELOG.md Normal file
View File

@ -0,0 +1,167 @@
##2015-06-17 - 5.1.0
###Summary
This is a feature and bugfix release in the Juno series.
####Features
- Add service validation for Glance-API
- Switch to TLSv1
- Makes kombu_ssl_* parameters optional when rabbit_use_ssl => true
- Allow overriding package ensure for glance-registry
- Add openstack tag to glance packages
- Create a sync_db boolean for Glance
- Command parameter to sync the correct Database
- Add $notification_driver parameter to notify::rabbitmq
####Bugfixes
- Move rbd related options into glance_store section
- Change default MySQL collate to utf8_general_ci
- Correctly munge glance_image is_public property
- Fix catalog compilation when not configuring endpoint
- Fix is_public munge
####Maintenance
- spec: pin rspec-puppet to 1.0.1
- Pin puppetlabs-concat to 1.2.1 in fixtures
- Update .gitreview file for project rename
##2014-11-24 - 5.0.0
###Summary
This is a backwards-incompatible major release for OpenStack Juno.
####Backwards-incompatible changes
- Bump stdlib dependency to >=4.0.0
- Migrate the mysql backend to use openstacklib::db::mysql, adding dependency
on puppet-openstacklib
####Features
- Add ceilometer::policy to control policy.json
- Add parameter os_region_name to glance::api
- Add support for vSphere datastore backend
- Update the calls to the glance command-line utility
- Add parameter swift_store_large_object_size to glance::backend::swift
- Add parameter command_options to glance::cache::cleaner and
glance::cache::pruner
- Add parameter package_ensure to glance::backend::rbd
- Add parameter manage_service to various classes
- Add parameters to control whether to configure users
- Add parameter registery_client_protocol to glance::api
####Bugfixes
- Fix bug in glance_image type
- Fix ssl parameter requirements for kombu and rabbit
##2014-10-16 - 4.2.0
###Summary
This is a feature release in the Icehouse series.
####Features
- Add ability to hide secret type parameters from logs
##2014-06-19 - 4.1.0
###Summary
This is a feature and bugfix release in the Icehouse series.
####Features
- Add multiple rabbit hosts support.
- Add image_cache_dir parameter.
- Deprecate old SQL parameters.
####Bugfixes
- Fix the Glance add_image parser for new client.
- Fix values in get_glance_image_attrs.
- Fix 'could not find user glance' bug.
####Maintenance
- Pin major gems.
##2014-05-01 - 4.0.0
###Summary
This is a backwards-incompatible major release for OpenStack Icehouse.
####Backwards-incompatible changes
- Remove deprecated notifier_stratgy parameter.
####Features
- Add glance::config to handle additional custom options.
- Add known_stores option for glance::api.
- Add copy-on-write cloning of images to volumes.
- Add support for puppetlabs-mysql 2.2 and greater.
- Add support for python-glanceclient v2 API update.
- Deprecate show_image_direct_url in glance::rbd.
##2014-03-26 - 3.1.0
###Summary
This is a feature and bugfix release in the Havana series.
####Features
- Add availability to configure show_image_direct_url.
- Add support for https authentication endpoints.
- Enable ssl configuration for glance-registry.
- Explicitly set default notifier strategy.
####Bugfixes
- Remove Keystone client warnings.
##2014-01-09 - 3.0.0
###Summary
This is a major release for OpenStack Havana but contains no API-breaking
changes.
####Features
- Add Cinder backend to image storage.
####Bugfixes
- Fix bug to ensure keystone endpoint is set before service starts.
- Fix qpid_hostname bug.
##2013-10-07 - 2.2.0
###Summary
This is a feature and bugfix release in the Grizzly series.
####Features
- Add syslog support.
- Add support for iso disk format.
####Bugfixes
- Fix bug to allow support for rdb options in glance-api.conf.
- Fix bug for rabbitmq options in notify::rabbitmq.
- Remove non-implemented glance::scrubber class.
##2013-08-07 - 2.1.0
###Summary
This is a feature and bugfix release in the Grizzly series.
####Features
- Add glance-cache-cleaner and glance-cache-pruner.
- Add ceph/rdb support.
- Add retry for glance provider to account for service startup time.
- Add support for both file and swift backends.
####Bugfixes
- Fix allowed_hosts/database access bug.
- Fix glance_image type example.
- Remove unnecessary mysql::server dependency.
- Remove --silent-upload option.
- Remove glance-manage version_control.
####Maintenance
- Pin rabbit and mysql module versions.
##2013-06-24 - 2.0.0
###Summary
Initial release on Stackforge.
####Features
- Add postgresql support.

20
deployment/puppet/glance/Gemfile
View File

@ -2,8 +2,24 @@ source 'https://rubygems.org'
group :development, :test do
gem 'puppetlabs_spec_helper', :require => false
gem 'puppet-lint', '~> 0.3.2'
gem 'rake', '10.1.1'
gem 'rspec-puppet', '~> 2.1.0', :require => false
gem 'metadata-json-lint'
gem 'puppet-lint-param-docs'
gem 'puppet-lint-absolute_classname-check'
gem 'puppet-lint-absolute_template_path'
gem 'puppet-lint-trailing_newline-check'
# Puppet 4.x related lint checks
gem 'puppet-lint-unquoted_string-check'
gem 'puppet-lint-leading_zero-check'
gem 'puppet-lint-variable_contains_upcase'
gem 'puppet-lint-numericvariable'
gem 'beaker-rspec', :require => false
gem 'beaker-puppet_install_helper', :require => false
gem 'json'
gem 'webmock'
end
if puppetversion = ENV['PUPPET_GEM_VERSION']

208
deployment/puppet/glance/LICENSE
View File

@ -1,201 +1,15 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
Copyright (C) 2012 Puppet Labs Inc
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
Puppet Labs can be contacted at: info@puppetlabs.com
1. Definitions.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
http://www.apache.org/licenses/LICENSE-2.0
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

13
deployment/puppet/glance/Modulefile
View File

@ -1,13 +0,0 @@
name 'puppetlabs-glance'
version '4.0.0'
source 'https://github.com/stackforge/puppet-glance'
author 'Puppet Labs'
license 'Apache License 2.0'
summary 'Puppet Labs Glance Module'
description 'Puppet module to install and configure the Openstack Glance image service'
project_page 'https://launchpad.net/puppet-openstack'
dependency 'puppetlabs/inifile', '>=1.0.0 <2.0.0'
dependency 'puppetlabs/keystone', '>=4.0.0 <5.0.0'
dependency 'puppetlabs/mysql', '>=0.9.0 <3.0.0'
dependency 'puppetlabs/stdlib', '>= 3.2.0'

107
deployment/puppet/glance/README.md
View File

@ -1,7 +1,7 @@
glance
=======
4.0.0 - 2014.1.0 - Icehouse
5.1.0 - 2014.2 - Juno
#### Table of Contents
@ -12,26 +12,25 @@ glance
5. [Limitations - OS compatibility, etc.](#limitations)
6. [Development - Guide for contributing to the module](#development)
7. [Contributors - Those with commits](#contributors)
8. [Release Notes - Notes on the most recent updates to the module](#release-notes)
Overview
--------
The glance module is a part of [Stackforge](https://github.com/stackfoge), an effort by the Openstack infrastructure team to provide continuous integration testing and code review for Openstack and Openstack community projects not part of the core software. The module its self is used to flexibly configure and manage the image service for Openstack.
The glance module is a part of [OpenStack](https://github.com/openstack), an effort by the OpenStack infrastructure team to provide continuous integration testing and code review for OpenStack and OpenStack community projects as part of the core software. The module its self is used to flexibly configure and manage the image service for OpenStack.
Module Description
------------------
The glance module is a thorough attempt to make Puppet capable of managing the entirety of glance. This includes manifests to provision such things as keystone endpoints, RPC configurations specific to glance, and database connections. Types are shipped as part of the glance module to assist in manipulation of configuration files.
This module is tested in combination with other modules needed to build and leverage an entire Openstack software stack. These modules can be found, all pulled together in the [openstack module](https://github.com/stackfoge/puppet-openstack).
This module is tested in combination with other modules needed to build and leverage an entire OpenStack software stack. These modules can be found, all pulled together in the [openstack module](https://github.com/stackfoge/puppet-openstack).
Setup
-----
**What the glance module affects**
* glance, the image service for Openstack.
* glance, the image service for OpenStack.
### Installing glance
@ -45,19 +44,19 @@ To utilize the glance module's functionality you will need to declare multiple r
```puppet
class { 'glance::api':
verbose => true,
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => '12345',
sql_connection => 'mysql://glance:12345@127.0.0.1/glance',
verbose => true,
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => '12345',
database_connection => 'mysql://glance:12345@127.0.0.1/glance',
}
class { 'glance::registry':
verbose => true,
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => '12345',
sql_connection => 'mysql://glance:12345@127.0.0.1/glance',
verbose => true,
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => '12345',
database_connection => 'mysql://glance:12345@127.0.0.1/glance',
}
class { 'glance::backend::file': }
@ -118,7 +117,23 @@ Limitations
* Only supports configuring the file, swift and rbd storage backends.
* The Glance Openstack service depends on a sqlalchemy database. If you are using puppetlabs-mysql to achieve this, there is a parameter called mysql_module that can be used to swap between the two supported versions: 0.9 and 2.2. This is needed because the puppetlabs-mysql module was rewritten and the custom type names have changed between versions.
Beaker-Rspec
------------
This module has beaker-rspec tests
To run the tests on the default vagrant node:
To run:
```shell
bundle install
bundle exec rspec spec/acceptance
```
For more information on writing and running beaker-rspec tests visit the documentation:
* https://github.com/puppetlabs/beaker/wiki/How-to-Write-a-Beaker-Test-for-a-Module
Development
-----------
@ -130,62 +145,4 @@ Developer documentation for the entire puppet-openstack project.
Contributors
------------
* https://github.com/stackforge/puppet-glance/graphs/contributors
Release Notes
-------------
**4.0.0**
* Stable Icehouse release.
* Added glance::config to handle additional custom options.
* Added known_stores option for glance::api.
* Added copy-on-write cloning of images to volumes.
* Added support for puppetlabs-mysql 2.2 and greater.
* Added support for python-glanceclient v2 API update.
* Removed deprecated notifier_stratgy parameter.
* Deprecated show_image_direct_url in glance::rbd.
**3.1.0**
* Added availability to configure show_image_direct_url.
* Removed Keystone client warnings.
* Added support for https authentication endpoints.
* Enabled ssl configuration for glance-registry.
* Explicitly sets default notifier strategy.
**3.0.0**
* Major release for OpenStack Havana.
* Fixed bug to ensure keystone endpoint is set before service starts.
* Added Cinder backend to image storage.
* Fixed qpid_hostname bug.
**2.2.0**
* Added syslog support.
* Added support for iso disk format.
* Fixed bug to allow support for rdb options in glance-api.conf.
* Fixed bug for rabbitmq options in notify::rabbitmq.
* Removed non-implemented glance::scrubber class.
* Various lint and bug fixes.
**2.1.0**
* Added glance-cache-cleaner and glance-cache-pruner.
* Added ceph/rdb support.
* Added retry for glance provider to account for service startup time.
* Added support for both file and swift backends.
* Fixed allowed_hosts/database access bug.
* Fixed glance_image type example.
* Removed unnecessary mysql::server dependency.
* Removed --silent-upload option.
* Removed glance-manage version_control.
* Pinned rabbit and mysql module versions.
* Various lint and bug fixes.
**2.0.0**
* Upstream is now part of stackfoge.
* Added postgresql support.
* Various cleanups and bug fixes.
* https://github.com/openstack/puppet-glance/graphs/contributors

41
deployment/puppet/glance/lib/puppet/provider/glance.rb
View File

@ -15,7 +15,8 @@ class Puppet::Provider::Glance < Puppet::Provider
glance_file['keystone_authtoken']['auth_protocol'] and
glance_file['keystone_authtoken']['admin_tenant_name'] and
glance_file['keystone_authtoken']['admin_user'] and
glance_file['keystone_authtoken']['admin_password']
glance_file['keystone_authtoken']['admin_password'] and
glance_file['glance_store']['os_region_name']
g = {}
g['auth_host'] = glance_file['keystone_authtoken']['auth_host'].strip
@ -24,10 +25,26 @@ class Puppet::Provider::Glance < Puppet::Provider
g['admin_tenant_name'] = glance_file['keystone_authtoken']['admin_tenant_name'].strip
g['admin_user'] = glance_file['keystone_authtoken']['admin_user'].strip
g['admin_password'] = glance_file['keystone_authtoken']['admin_password'].strip
g['os_region_name'] = glance_file['glance_store']['os_region_name'].strip
# auth_admin_prefix not required to be set.
g['auth_admin_prefix'] = (glance_file['keystone_authtoken']['auth_admin_prefix'] || '').strip
return g
elsif glance_file and glance_file['keystone_authtoken'] and
glance_file['keystone_authtoken']['identity_uri'] and
glance_file['keystone_authtoken']['admin_tenant_name'] and
glance_file['keystone_authtoken']['admin_user'] and
glance_file['keystone_authtoken']['admin_password'] and
glance_file['glance_store']['os_region_name']
g = {}
g['identity_uri'] = glance_file['keystone_authtoken']['identity_uri'].strip
g['admin_tenant_name'] = glance_file['keystone_authtoken']['admin_tenant_name'].strip
g['admin_user'] = glance_file['keystone_authtoken']['admin_user'].strip
g['admin_password'] = glance_file['keystone_authtoken']['admin_password'].strip
g['os_region_name'] = glance_file['glance_store']['os_region_name'].strip
return g
else
raise(Puppet::Error, 'File: /etc/glance/glance-api.conf does not contain all required sections.')
@ -44,7 +61,11 @@ class Puppet::Provider::Glance < Puppet::Provider
def self.get_auth_endpoint
g = glance_credentials
"#{g['auth_protocol']}://#{g['auth_host']}:#{g['auth_port']}#{g['auth_admin_prefix']}/v2.0/"
if g.key?('identity_uri')
"#{g['identity_uri']}/"
else
"#{g['auth_protocol']}://#{g['auth_host']}:#{g['auth_port']}#{g['auth_admin_prefix']}/v2.0/"
end
end
def self.glance_file
@ -72,11 +93,11 @@ class Puppet::Provider::Glance < Puppet::Provider
def self.auth_glance(*args)
begin
g = glance_credentials
remove_warnings(glance('-T', g['admin_tenant_name'], '-I', g['admin_user'], '-K', g['admin_password'], '-N', auth_endpoint, args))
remove_warnings(glance('--os-tenant-name', g['admin_tenant_name'], '--os-username', g['admin_user'], '--os-password', g['admin_password'], '--os-region-name', g['os_region_name'], '--os-auth-url', auth_endpoint, args))
rescue Exception => e
if (e.message =~ /\[Errno 111\] Connection refused/) or (e.message =~ /\(HTTP 400\)/) or (e.message =~ /HTTP Unable to establish connection/)
sleep 10
remove_warnings(glance('-T', g['admin_tenant_name'], '-I', g['admin_user'], '-K', g['admin_password'], '-N', auth_endpoint, args))
remove_warnings(glance('--os-tenant-name', g['admin_tenant_name'], '--os-username', g['admin_user'], '--os-password', g['admin_password'], '--os-region-name', g['os_region_name'], '--os-auth-url', auth_endpoint, args))
else
raise(e)
end
@ -90,7 +111,7 @@ class Puppet::Provider::Glance < Puppet::Provider
def self.auth_glance_stdin(*args)
begin
g = glance_credentials
command = "glance -T #{g['admin_tenant_name']} -I #{g['admin_user']} -K #{g['admin_password']} -N #{auth_endpoint} #{args.join(' ')}"
command = "glance --os-tenant-name #{g['admin_tenant_name']} --os-username #{g['admin_user']} --os-password #{g['admin_password']} --os-region-name #{g['os_region_name']} --os-auth-url #{auth_endpoint} #{args.join(' ')}"
# This is a horrible, horrible hack
# Redirect stderr to stdout in order to report errors
@ -109,14 +130,14 @@ class Puppet::Provider::Glance < Puppet::Provider
private
def self.list_glance_images
ids = []
(auth_glance('index').split("\n")[2..-1] || []).collect do |line|
ids << line.split[0]
(auth_glance('image-list').split("\n")[3..-2] || []).collect do |line|
ids << line.split('|')[1].strip()
end
return ids
end
def self.get_glance_image_attr(id, attr)
(auth_glance('show', id).split("\n") || []).collect do |line|
(auth_glance('image-show', id).split("\n") || []).collect do |line|
if line =~ /^#{attr}:/
return line.split(': ')[1..-1]
end
@ -125,8 +146,8 @@ class Puppet::Provider::Glance < Puppet::Provider
def self.get_glance_image_attrs(id)
attrs = {}
(auth_glance('show', id).split("\n") || []).collect do |line|
attrs[line.split(': ').first.downcase] = line.split(': ')[1..-1].pop
(auth_glance('image-show', id).split("\n")[3..-2] || []).collect do |line|
attrs[line.split('|')[1].strip()] = line.split('|')[2].strip()
end
return attrs
end

20
deployment/puppet/glance/lib/puppet/provider/glance_image/glance.rb
View File

@ -21,10 +21,10 @@ Puppet::Type.type(:glance_image).provide(
new(
:ensure => :present,
:name => attrs['name'],
:is_public => attrs['public'],
:container_format => attrs['container format'],
:is_public => attrs['is_public'],
:container_format => attrs['container_format'],
:id => attrs['id'],
:disk_format => attrs['disk format']
:disk_format => attrs['disk_format']
)
end
end
@ -43,12 +43,10 @@ Puppet::Type.type(:glance_image).provide(
end
def create
stdin = nil
if resource[:source]
# copy_from cannot handle file://
if resource[:source] =~ /^\// # local file
location = "< #{resource[:source]}"
stdin = true
location = "--file=#{resource[:source]}"
else
location = "--copy-from=#{resource[:source]}"
end
@ -59,11 +57,7 @@ Puppet::Type.type(:glance_image).provide(
else
raise(Puppet::Error, "Must specify either source or location")
end
if stdin
result = auth_glance_stdin('image-create', "--name=#{resource[:name]}", "--is-public=#{resource[:is_public]}", "--container-format=#{resource[:container_format]}", "--disk-format=#{resource[:disk_format]}", location)
else
results = auth_glance('image-create', "--name=#{resource[:name]}", "--is-public=#{resource[:is_public]}", "--container-format=#{resource[:container_format]}", "--disk-format=#{resource[:disk_format]}", location)
end
results = auth_glance('image-create', "--name=#{resource[:name]}", "--is-public=#{resource[:is_public]}", "--container-format=#{resource[:container_format]}", "--disk-format=#{resource[:disk_format]}", location)
id = nil
@ -98,10 +92,6 @@ Puppet::Type.type(:glance_image).provide(
@property_hash[:ensure] = :absent
end
def location=(value)
auth_glance('image-update', id, "--location=#{value}")
end
def is_public=(value)
auth_glance('image-update', id, "--is-public=#{value}")
end

24
deployment/puppet/glance/lib/puppet/type/glance_api_config.rb
View File

@ -14,6 +14,30 @@ Puppet::Type.newtype(:glance_api_config) do
value.capitalize! if value =~ /^(true|false)$/i
value
end
def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end
def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end
newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
newvalues(:true, :false)
defaultto false
end
end

24
deployment/puppet/glance/lib/puppet/type/glance_api_paste_ini.rb
View File

@ -14,6 +14,30 @@ Puppet::Type.newtype(:glance_api_paste_ini) do
value.capitalize! if value =~ /^(true|false)$/i
value
end
def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end
def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end
newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
newvalues(:true, :false)
defaultto false
end
end

24
deployment/puppet/glance/lib/puppet/type/glance_cache_config.rb
View File

@ -14,6 +14,30 @@ Puppet::Type.newtype(:glance_cache_config) do
value.capitalize! if value =~ /^(true|false)$/i
value
end
def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end
def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end
newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
newvalues(:true, :false)
defaultto false
end
end

8
deployment/puppet/glance/lib/puppet/type/glance_image.rb
View File

@ -36,7 +36,7 @@ Puppet::Type.newtype(:glance_image) do
end
end
newproperty(:location) do
newparam(:location) do
desc "The permanent location of the image. Optional"
newvalues(/\S+/)
end
@ -46,7 +46,11 @@ Puppet::Type.newtype(:glance_image) do
newvalues(/(y|Y)es/, /(n|N)o/)
defaultto('Yes')
munge do |v|
v.to_s.capitalize
if v =~ /^(y|Y)es$/
'True'
elsif v =~ /^(n|N)o$/
'False'
end
end
end

24
deployment/puppet/glance/lib/puppet/type/glance_registry_config.rb
View File

@ -14,6 +14,30 @@ Puppet::Type.newtype(:glance_registry_config) do
value.capitalize! if value =~ /^(true|false)$/i
value
end
def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end
def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end
newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
newvalues(:true, :false)
defaultto false
end
end

24
deployment/puppet/glance/lib/puppet/type/glance_registry_paste_ini.rb
View File

@ -14,6 +14,30 @@ Puppet::Type.newtype(:glance_registry_paste_ini) do
value.capitalize! if value =~ /^(true|false)$/i
value
end
def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end
def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end
newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
newvalues(:true, :false)
defaultto false
end
end

297
deployment/puppet/glance/manifests/api.pp
View File

@ -7,6 +7,11 @@
# [*keystone_password*]
# (required) Password used to authentication.
#
# [*package_ensure*]
# (optional) Ensure state for package. On RedHat platforms this
# setting is ignored and the setting from the glance class is used
# because there is only one glance package. Defaults to 'present'.
#
# [*verbose*]
# (optional) Rather to log the glance api service at verbose level.
# Default: false
@ -49,44 +54,48 @@
# (optional) The port of the Glance registry service.
# Default: 9191
#
# [*registry_client_protocol*]
# (optional) The protocol of the Glance registry service.
# Default: http
#
# [*auth_type*]
# (optional) Type is authorization being used.
# Defaults to 'keystone'
#
# [* auth_host*]
# (optional) Host running auth service.
# [*auth_host*]
# (optional) DEPRECATED Host running auth service.
# Defaults to '127.0.0.1'.
#
# [*auth_url*]
# (optional) Authentication URL.
# (optional) DEPRECATED Authentication URL.
# Defaults to 'http://localhost:5000/v2.0'.
#
# [*identity_uri*]
# (optional) Complete admin Identity API endpoint.
# Defaults to "${auth_protocol}://${auth_host}:${auth_port}/"
#
# [* auth_port*]
# (optional) Port to use for auth service on auth_host.
# [*auth_port*]
# (optional) DEPRECATED Port to use for auth service on auth_host.
# Defaults to '35357'.
#
# [* auth_uri*]
# [*auth_uri*]
# (optional) Complete public Identity API endpoint.
# Defaults to false.
#
# [*auth_admin_prefix*]
# (optional) Path part of the auth url.
# (optional) DEPRECATED Path part of the auth url.
# This allow admin auth URIs like http://auth_host:35357/keystone/admin.
# (where '/keystone/admin' is auth_admin_prefix)
# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
#
# [* auth_protocol*]
# (optional) Protocol to use for auth.
# [*auth_protocol*]
# (optional) DEPRECATED Protocol to use for auth.
# Defaults to 'http'.
#
# [*identity_uri*]
# (optional) Complete admin Identity API endpoint.
# Defaults to: false
#
# [*pipeline*]
# (optional) Partial name of a pipeline in your paste configuration file with the
# service name removed.
# Defaults to 'keystone+cachemanagement'.
# Defaults to 'keystone'.
#
# [*keystone_tenant*]
# (optional) Tenant to authenticate to.
@ -96,18 +105,21 @@
# (optional) User to authenticate as with keystone.
# Defaults to 'glance'.
#
# [*manage_service*]
# (optional) If Puppet should manage service startup / shutdown.
# Defaults to true.
#
# [*enabled*]
# (optional) Whether to enable services.
# Defaults to true.
#
# [*sql_idle_timeout*]
# (optional) Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
# Defaults to '3600'.
# [*database_connection*]
# (optional) Connection url to connect to nova database.
# Defaults to 'sqlite:///var/lib/glance/glance.sqlite'
#
# [*sql_connection*]
# (optional) Database connection.
# Defaults to 'sqlite:///var/lib/glance/glance.sqlite'.
# [*database_idle_timeout*]
# (optional) Timeout before idle db connections are reaped.
# Defaults to 3600
#
# [*use_syslog*]
# (optional) Use syslog for logging.
@ -139,9 +151,7 @@
# Defaults to false, not set
#
# [*mysql_module*]
# (optional) Mysql puppet module version to use
# Tested versions include 0.9 and 2.2
# Defaults to '0.9'.
# (optional) Deprecated. Does nothing.
#
# [*known_stores*]
# (optional)List of which store classes and store class locations are
@ -149,55 +159,99 @@
# Defaults to false.
# Example: ['glance.store.filesystem.Store','glance.store.http.Store']
#
# [*image_cache_dir*]
# (optional) Base directory that the Image Cache uses.
# Defaults to '/var/lib/glance/image-cache'.
#
# [*os_region_name*]
# (optional) Sets the keystone region to use.
# Defaults to 'RegionOne'.
#
# [*validate*]
# (optional) Whether to validate the service is working after any service refreshes
# Defaults to false
#
# [*validation_options*]
# (optional) Service validation options
# Should be a hash of options defined in openstacklib::service_validation
# If empty, defaults values are taken from openstacklib function.
# Default command list images.
# Require validate set at True.
# Example:
# glance::api::validation_options:
# glance-api:
# command: check_glance-api.py
# path: /usr/bin:/bin:/usr/sbin:/sbin
# provider: shell
# tries: 5
# try_sleep: 10
# Defaults to {}
#
class glance::api(
$keystone_password,
$verbose = false,
$debug = false,
$bind_host = '0.0.0.0',
$bind_port = '9292',
$backlog = '4096',
$workers = $::processorcount,
$log_file = '/var/log/glance/api.log',
$log_dir = '/var/log/glance',
$registry_host = '0.0.0.0',
$registry_port = '9191',
$auth_type = 'keystone',
$auth_host = '127.0.0.1',
$auth_url = 'http://localhost:5000/v2.0',
$auth_port = '35357',
$auth_uri = false,
$identity_uri = false,
$auth_admin_prefix = false,
$auth_protocol = 'http',
$pipeline = 'keystone+cachemanagement',
$keystone_tenant = 'services',
$keystone_user = 'glance',
$enabled = true,
$sql_idle_timeout = '3600',
$sql_connection = 'sqlite:///var/lib/glance/glance.sqlite',
$use_syslog = false,
$log_facility = 'LOG_USER',
$show_image_direct_url = false,
$purge_config = false,
$cert_file = false,
$key_file = false,
$ca_file = false,
$mysql_module = '0.9',
$known_stores = false,
$package_ensure = 'present',
$verbose = false,
$debug = false,
$bind_host = '0.0.0.0',
$bind_port = '9292',
$backlog = '4096',
$workers = $::processorcount,
$log_file = '/var/log/glance/api.log',
$log_dir = '/var/log/glance',
$registry_host = '0.0.0.0',
$registry_port = '9191',
$registry_client_protocol = 'http',
$auth_type = 'keystone',
$auth_uri = false,
$identity_uri = false,
$pipeline = 'keystone',
$keystone_tenant = 'services',
$keystone_user = 'glance',
$manage_service = true,
$enabled = true,
$use_syslog = false,
$log_facility = 'LOG_USER',
$show_image_direct_url = false,
$purge_config = false,
$cert_file = false,
$key_file = false,
$ca_file = false,
$known_stores = false,
$database_connection = 'sqlite:///var/lib/glance/glance.sqlite',
$database_idle_timeout = 3600,
$image_cache_dir = '/var/lib/glance/image-cache',
$os_region_name = 'RegionOne',
$validate = false,
$validation_options = {},
# DEPRECATED PARAMETERS
$mysql_module = undef,
$auth_host = '127.0.0.1',
$auth_url = 'http://localhost:5000/v2.0',
$auth_port = '35357',
$auth_admin_prefix = false,
$auth_protocol = 'http',
) inherits glance {
include ::glance::policy
require keystone::python
validate_re($sql_connection, '(sqlite|mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?')
if $mysql_module {
warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.')
}
if ( $glance::params::api_package_name != $glance::params::registry_package_name ) {
ensure_packages([$glance::params::api_package_name])
ensure_packages([$glance::params::api_package_name],
{
ensure => $package_ensure,
tag => ['openstack'],
}
)
}
Package[$glance::params::api_package_name] -> File['/etc/glance/']
Package[$glance::params::api_package_name] -> Class['glance::policy']
Package[$glance::params::api_package_name] -> Glance_api_config<||>
Package[$glance::params::api_package_name] -> Glance_cache_config<||>
Package[$glance::params::api_package_name] ~> Service['glance-api']
# adding all of this stuff b/c it devstack says glance-api uses the
# db now
@ -206,6 +260,8 @@ class glance::api(
Exec<| title == 'glance-manage db_sync' |> ~> Service['glance-api']
Glance_api_config<||> ~> Service['glance-api']
Glance_cache_config<||> ~> Service['glance-api']
Class['glance::policy'] ~> Service['glance-api']
Service['glance-api'] ~> Glance_image<||>
File {
ensure => present,
@ -213,22 +269,24 @@ class glance::api(
group => 'glance',
mode => '0640',
notify => Service['glance-api'],
require => Class['glance'],
require => Class['glance']
}
if($sql_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
if ($mysql_module >= 2.2) {
if $database_connection {
if($database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
require 'mysql::bindings'
require 'mysql::bindings::python'
} elsif($database_connection =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) {
} elsif($database_connection =~ /sqlite:\/\//) {
} else {
require 'mysql::python'
fail("Invalid db connection ${database_connection}")
}
glance_api_config {
'database/connection': value => $database_connection, secret => true;
'database/idle_timeout': value => $database_idle_timeout;
}
} elsif($sql_connection =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) {
} elsif($sql_connection =~ /sqlite:\/\//) {
} else {
fail("Invalid db connection ${sql_connection}")
}
# basic service config
@ -240,6 +298,8 @@ class glance::api(
'DEFAULT/backlog': value => $backlog;
'DEFAULT/workers': value => $workers;
'DEFAULT/show_image_direct_url': value => $show_image_direct_url;
'DEFAULT/image_cache_dir': value => $image_cache_dir;
'glance_store/os_region_name': value => $os_region_name;
}
# known_stores config
@ -254,14 +314,16 @@ class glance::api(
}
glance_cache_config {
'DEFAULT/verbose': value => $verbose;
'DEFAULT/debug': value => $debug;
'DEFAULT/verbose': value => $verbose;
'DEFAULT/debug': value => $debug;
'glance_store/os_region_name': value => $os_region_name;
}
# configure api service to connect registry service
glance_api_config {
'DEFAULT/registry_host': value => $registry_host;
'DEFAULT/registry_port': value => $registry_port;
'DEFAULT/registry_host': value => $registry_host;
'DEFAULT/registry_port': value => $registry_port;
'DEFAULT/registry_client_protocol': value => $registry_client_protocol;
}
glance_cache_config {
@ -269,13 +331,10 @@ class glance::api(
'DEFAULT/registry_port': value => $registry_port;
}
# db connection config
# I do not believe this was required in Essex.
# Does the API server now need to connect to the DB?
# TODO figure out if I need this...
glance_api_config {
'DEFAULT/sql_connection': value => $sql_connection;
'DEFAULT/sql_idle_timeout': value => $sql_idle_timeout;
if $identity_uri {
glance_api_config { 'keystone_authtoken/identity_uri': value => $identity_uri; }
} else {
glance_api_config { 'keystone_authtoken/identity_uri': ensure => absent; }
}
if $auth_uri {
@ -284,30 +343,45 @@ class glance::api(
glance_api_config { 'keystone_authtoken/auth_uri': value => "${auth_protocol}://${auth_host}:5000/"; }
}
# auth config
if $identity_uri {
glance_api_config { 'keystone_authtoken/identity_uri': value => $identity_uri; }
} else {
if $auth_admin_prefix {
glance_api_config { 'keystone_authtoken/identity_uri': value => "${auth_protocol}://${auth_host}:${auth_port}/${auth_admin_prefix}"; }
# if both auth_uri and identity_uri are set we skip these deprecated settings entirely
if !$auth_uri or !$identity_uri {
if $auth_host {
warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_api_config { 'keystone_authtoken/auth_host': value => $auth_host; }
} else {
glance_api_config { 'keystone_authtoken/identity_uri': value => "${auth_protocol}://${auth_host}:${auth_port}/"; }
glance_api_config { 'keystone_authtoken/auth_host': ensure => absent; }
}
}
glance_api_config {
'keystone_authtoken/auth_host': value => $auth_host;
'keystone_authtoken/auth_port': value => $auth_port;
'keystone_authtoken/auth_protocol': value => $auth_protocol;
}
if $auth_admin_prefix {
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
glance_api_config {
'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
if $auth_port {
warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_api_config { 'keystone_authtoken/auth_port': value => $auth_port; }
} else {
glance_api_config { 'keystone_authtoken/auth_port': ensure => absent; }
}
if $auth_protocol {
warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_api_config { 'keystone_authtoken/auth_protocol': value => $auth_protocol; }
} else {
glance_api_config { 'keystone_authtoken/auth_protocol': ensure => absent; }
}
if $auth_admin_prefix {
warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
glance_api_config {
'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
}
} else {
glance_api_config { 'keystone_authtoken/auth_admin_prefix': ensure => absent; }
}
} else {
glance_api_config {
'keystone_authtoken/auth_host': ensure => absent;
'keystone_authtoken/auth_port': ensure => absent;
'keystone_authtoken/auth_protocol': ensure => absent;
'keystone_authtoken/auth_admin_prefix': ensure => absent;
}
}
@ -329,13 +403,13 @@ class glance::api(
glance_api_config {
'keystone_authtoken/admin_tenant_name': value => $keystone_tenant;
'keystone_authtoken/admin_user' : value => $keystone_user;
'keystone_authtoken/admin_password' : value => $keystone_password;
'keystone_authtoken/admin_password' : value => $keystone_password, secret => true;
}
glance_cache_config {
'DEFAULT/auth_url' : value => $auth_url;
'DEFAULT/admin_tenant_name': value => $keystone_tenant;
'DEFAULT/admin_user' : value => $keystone_user;
'DEFAULT/admin_password' : value => $keystone_password;
'DEFAULT/admin_password' : value => $keystone_password, secret => true;
}
}
@ -410,10 +484,12 @@ class glance::api(
'/etc/glance/glance-cache.conf']:
}
if $enabled {
$service_ensure = 'running'
} else {
$service_ensure = 'stopped'
if $manage_service {
if $enabled {
$service_ensure = 'running'
} else {
$service_ensure = 'stopped'
}
}
service { 'glance-api':
@ -423,4 +499,15 @@ class glance::api(
hasstatus => true,
hasrestart => true,
}
if $validate {
$defaults = {
'glance-api' => {
'command' => "glance --os-auth-url ${auth_url} --os-tenant-name ${keystone_tenant} --os-username ${keystone_user} --os-password ${keystone_password} image-list",
}
}
$validation_options_hash = merge ($defaults, $validation_options)
create_resources('openstacklib::service_validation', $validation_options_hash, {'subscribe' => 'Service[glance-api]'})
}
}

36
deployment/puppet/glance/manifests/backend/cinder.pp
View File

@ -33,9 +33,9 @@
# Defaults to 'undef'
#
# [*os_region_name*]
# (optional) Region name of this node.
# Should be a valid region name
# Defaults to 'RegionOne'
# (optional) The os_region_name parameter is deprecated and has no effect.
# Use glance::api::os_region_name instead.
# Defaults to 'undef'
#
# [*cinder_ca_certificates_file*]
# (optional) Location of ca certicate file to use for cinder client requests.
@ -54,7 +54,7 @@
#
class glance::backend::cinder(
$os_region_name = 'RegionOne',
$os_region_name = undef,
$cinder_ca_certificates_file = undef,
$cinder_api_insecure = false,
$cinder_catalog_info = 'volume:cinder:publicURL',
@ -63,35 +63,37 @@ class glance::backend::cinder(
) {
if $os_region_name {
notice('The os_region_name parameter is deprecated and has no effect. Use glance::api::os_region_name instead.')
}
glance_api_config {
'glance_store/cinder_api_insecure': value => $cinder_api_insecure;
'glance_store/cinder_catalog_info': value => $cinder_catalog_info;
'glance_store/cinder_http_retries': value => $cinder_http_retries;
'DEFAULT/cinder_api_insecure': value => $cinder_api_insecure;
'DEFAULT/cinder_catalog_info': value => $cinder_catalog_info;
'DEFAULT/cinder_http_retries': value => $cinder_http_retries;
'glance_store/default_store': value => 'cinder';
'glance_store/os_region_name': value => $os_region_name;
}
glance_cache_config {
'DEFAULT/cinder_api_insecure': value => $cinder_api_insecure;
'DEFAULT/cinder_catalog_info': value => $cinder_catalog_info;
'DEFAULT/cinder_http_retries': value => $cinder_http_retries;
'DEFAULT/os_region_name': value => $os_region_name;
}
if $cinder_endpoint_template {
glance_api_config { 'glance_store/cinder_endpoint_template': value => $cinder_endpoint_template; }
glance_cache_config { 'DEFAULT/cinder_endpoint_template': value => $cinder_endpoint_template; }
glance_api_config { 'DEFAULT/cinder_endpoint_template': value => $cinder_endpoint_template; }
glance_cache_config { 'DEFAULT/cinder_endpoint_template': value => $cinder_endpoint_template; }
} else {
glance_api_config { 'glance_store/cinder_endpoint_template': ensure => absent; }
glance_cache_config { 'DEFAULT/cinder_endpoint_template': ensure => absent; }
glance_api_config { 'DEFAULT/cinder_endpoint_template': ensure => absent; }
glance_cache_config { 'DEFAULT/cinder_endpoint_template': ensure => absent; }
}
if $cinder_ca_certificates_file {
glance_api_config { 'glance_store/cinder_ca_certificates_file': value => $cinder_ca_certificates_file; }
glance_cache_config { 'DEFAULT/cinder_ca_certificates_file': value => $cinder_ca_certificates_file; }
glance_api_config { 'DEFAULT/cinder_ca_certificates_file': value => $cinder_ca_certificates_file; }
glance_cache_config { 'DEFAULT/cinder_ca_certificates_file': value => $cinder_ca_certificates_file; }
} else {
glance_api_config { 'glance_store/cinder_ca_certificates_file': ensure => absent; }
glance_cache_config { 'DEFAULT/cinder_ca_certificates_file': ensure => absent; }
glance_api_config { 'DEFAULT/cinder_ca_certificates_file': ensure => absent; }
glance_cache_config { 'DEFAULT/cinder_ca_certificates_file': ensure => absent; }
}
}

13
deployment/puppet/glance/manifests/backend/file.pp
View File

@ -1,9 +1,14 @@
# === class: glance::backend::file
#
# used to configure file backends for glance
#
# $filesystem_store_datadir - Location where dist images are stored when
# default_store == file.
# Optional. Default: /var/lib/glance/images/
# === parameters:
#
# [*filesystem_store_datadir*]
# Location where dist images are stored when
# default_store == file.
# Optional. Default: /var/lib/glance/images/
#
class glance::backend::file(
$filesystem_store_datadir = '/var/lib/glance/images/'
) inherits glance::api {
@ -14,6 +19,6 @@ class glance::backend::file(
}
glance_cache_config {
'DEFAULT/filesystem_store_datadir': value => $filesystem_store_datadir;
'glance_store/filesystem_store_datadir': value => $filesystem_store_datadir;
}
}

43
deployment/puppet/glance/manifests/backend/rbd.pp
View File

@ -1,17 +1,31 @@
#
# == class: glance::backend::rbd
#
# configures the storage backend for glance
# as a rbd instance
#
# $rbd_store_user - Optional.
# === parameters:
#
# $rbd_store_pool - Optional. Default:'images'
# [*rbd_store_user*]
# Optional.
#
# $rbd_store_ceph_conf - Optional. Default:'/etc/ceph/ceph.conf'
# [*rbd_store_pool*]
# Optional. Default:'images'
#
# $rbd_store_chunk_size - Optional. Default:'8'
# [*rbd_store_ceph_conf*]
# Optional. Default:'/etc/ceph/ceph.conf'
#
# [*rbd_store_chunk_size*]
# Optional. Default:'8'
#
# [*show_image_direct_url*]
# Optional. Enables direct COW from glance to rbd
# DEPRECATED, use show_image_direct_url in glance::api
#
# [*package_ensure*]
# (optional) Desired ensure state of packages.
# accepts latest or specific versions.
# Defaults to present.
#
# $show_image_direct_url - Optional. Enables direct COW from glance to rbd
# DEPRECATED, use show_image_direct_url in glance::api
class glance::backend::rbd(
$rbd_store_user = undef,
@ -19,23 +33,24 @@ class glance::backend::rbd(
$rbd_store_pool = 'images',
$rbd_store_chunk_size = '8',
$show_image_direct_url = undef,
$package_ensure = 'present',
) {
include glance::params
include ::glance::params
if $show_image_direct_url {
notice('parameter show_image_direct_url is deprecated, use parameter in glance::api')
}
glance_api_config {
'glance_store/rbd_store_ceph_conf': value => $rbd_store_ceph_conf;
'glance_store/rbd_store_user': value => $rbd_store_user;
'glance_store/rbd_store_pool': value => $rbd_store_pool;
'glance_store/rbd_store_chunk_size': value => $rbd_store_chunk_size;
'glance_store/default_store': value => 'rbd';
'glance_store/default_store': value => 'rbd';
'glance_store/rbd_store_ceph_conf': value => $rbd_store_ceph_conf;
'glance_store/rbd_store_user': value => $rbd_store_user;
'glance_store/rbd_store_pool': value => $rbd_store_pool;
'glance_store/rbd_store_chunk_size': value => $rbd_store_chunk_size;
}
package { 'python-ceph':
ensure => 'present',
ensure => $package_ensure,
name => $::glance::params::pyceph_package_name,
}

48
deployment/puppet/glance/manifests/backend/swift.pp
View File

@ -1,24 +1,34 @@
# == class: glance::backend::swift
#
# configures the storage backend for glance
# as a swift instance
#
# $swift_store_user - Required.
# === parameters:
#
# $swift_store_key - Required.
# [*swift_store_user*]
# Required. Swift store user.
#
# $swift_store_auth_address - Optional. Default: '127.0.0.1:5000/v2.0/'
# [*swift_store_key*]
# Required. Swift store key.
#
# $swift_store_container - Optional. Default: 'glance'
# [*swift_store_auth_address*]
# Optional. Default: '127.0.0.1:5000/v2.0/'
#
# $swift_store_auth_version - Optional. Default: '2'
# [*swift_store_container*]
# Optional. Default: 'glance'
#
# $swift_store_create_container_on_put - Optional. Default: 'False'
# [*swift_store_auth_version*]
# Optional. Default: '2'
#
# $swift_store_large_object_size - Optional. Default: '5120'
# [*swift_store_large_object_size*]
# Optional. Default: '5120'
#
# $swift_store_endpoint_type - Optional. Default: 'internalURL'
# [*swift_store_create_container_on_put*]
# Optional. Default: 'False'
#
# [*swift_store_endpoint_type*]
# Optional. Default: 'internalURL'
#
# $swift_store_region - Optional. Default: ''
class glance::backend::swift(
$swift_store_user,
$swift_store_key,
@ -28,7 +38,6 @@ class glance::backend::swift(
$swift_store_large_object_size = '5120',
$swift_store_create_container_on_put = false,
$swift_store_endpoint_type = 'internalURL',
$swift_store_region = '',
) {
glance_api_config {
@ -36,23 +45,22 @@ class glance::backend::swift(
'glance_store/swift_store_user': value => $swift_store_user;
'glance_store/swift_store_key': value => $swift_store_key;
'glance_store/swift_store_auth_address': value => $swift_store_auth_address;
'glance_store/swift_store_container': value => $swift_store_container;
'glance_store/swift_store_auth_version': value => $swift_store_auth_version;
'glance_store/swift_store_region': value => $swift_store_region;
'glance_store/swift_store_create_container_on_put':
'DEFAULT/swift_store_container': value => $swift_store_container;
'DEFAULT/swift_store_auth_version': value => $swift_store_auth_version;
'DEFAULT/swift_store_create_container_on_put':
value => $swift_store_create_container_on_put;
'glance_store/swift_store_large_object_size':
'DEFAULT/swift_store_large_object_size':
value => $swift_store_large_object_size;
'glance_store/swift_store_endpoint_type':
value => $swift_store_endpoint_type;
}
glance_cache_config {
'DEFAULT/swift_store_user': value => $swift_store_user;
'DEFAULT/swift_store_key': value => $swift_store_key;
'DEFAULT/swift_store_auth_address': value => $swift_store_auth_address;
'DEFAULT/swift_store_container': value => $swift_store_container;
'DEFAULT/swift_store_auth_version': value => $swift_store_auth_version;
'glance_store/swift_store_user': value => $swift_store_user;
'glance_store/swift_store_key': value => $swift_store_key;
'glance_store/swift_store_auth_address': value => $swift_store_auth_address;
'DEFAULT/swift_store_container': value => $swift_store_container;
'DEFAULT/swift_store_auth_version': value => $swift_store_auth_version;
'DEFAULT/swift_store_create_container_on_put':
value => $swift_store_create_container_on_put;
'DEFAULT/swift_store_large_object_size':

22
deployment/puppet/glance/manifests/backend/vsphere.pp
View File

@ -58,26 +58,26 @@
# Defaults to '10'
#
class glance::backend::vsphere(
$vcenter_api_insecure = 'False',
$vcenter_host,
$vcenter_user,
$vcenter_password,
$vcenter_datacenter,
$vcenter_datastore,
$vcenter_image_dir,
$vcenter_api_insecure = 'False',
$vcenter_task_poll_interval = '5',
$vcenter_api_retry_count = '10',
) {
glance_api_config {
'glance_store/default_store': value => 'vsphere';
'glance_store/vmware_api_insecure': value => $vcenter_api_insecure;
'glance_store/vmware_server_host': value => $vcenter_host;
'glance_store/vmware_server_username': value => $vcenter_user;
'glance_store/vmware_server_password': value => $vcenter_password;
'glance_store/vmware_datastore_name': value => $vcenter_datastore;
'glance_store/vmware_store_image_dir': value => $vcenter_image_dir;
'glance_store/vmware_task_poll_interval': value => $vcenter_task_poll_interval;
'glance_store/vmware_api_retry_count': value => $vcenter_api_retry_count;
'glance_store/vmware_datacenter_path': value => $vcenter_datacenter;
'DEFAULT/default_store': value => 'vsphere';
'DEFAULT/vmware_api_insecure': value => $vcenter_api_insecure;
'DEFAULT/vmware_server_host': value => $vcenter_host;
'DEFAULT/vmware_server_username': value => $vcenter_user;
'DEFAULT/vmware_server_password': value => $vcenter_password;
'DEFAULT/vmware_datastore_name': value => $vcenter_datastore;
'DEFAULT/vmware_store_image_dir': value => $vcenter_image_dir;
'DEFAULT/vmware_task_poll_interval': value => $vcenter_task_poll_interval;
'DEFAULT/vmware_api_retry_count': value => $vcenter_api_retry_count;
'DEFAULT/vmware_datacenter_path': value => $vcenter_datacenter;
}
}

23
deployment/puppet/glance/manifests/cache/cleaner.pp vendored
View File

@ -19,24 +19,31 @@
# [*weekday*]
# (optional) Defaults to '*'.
#
# [*command_options*]
# command options to add to the cronjob
# (eg. point to config file, or redirect output)
# (optional) Defaults to ''.
#
class glance::cache::cleaner (
$minute = 1,
$hour = 0,
$monthday = '*',
$month = '*',
$weekday = '*',
$minute = 1,
$hour = 0,
$monthday = '*',
$month = '*',
$weekday = '*',
$command_options = '',
) {
include glance::params
include ::glance::params
cron { 'glance-cache-cleaner':
command => $glance::params::cache_cleaner_command,
command => "${glance::params::cache_cleaner_command} ${command_options}",
environment => 'PATH=/bin:/usr/bin:/usr/sbin',
user => 'glance',
minute => $minute,
hour => $hour,
monthday => $monthday,
month => $month,
weekday => $weekday
weekday => $weekday,
require => Package[$::glance::params::api_package_name],
}
}

24
deployment/puppet/glance/manifests/cache/pruner.pp vendored
View File

@ -19,24 +19,32 @@
# [*weekday*]
# (optional) Defaults to '*'.
#
# [*command_options*]
# command options to add to the cronjob
# (eg. point to config file, or redirect output)
# (optional) Defaults to ''.
#
class glance::cache::pruner (
$minute = '*/30',
$hour = '*',
$monthday = '*',
$month = '*',
$weekday = '*',
$minute = '*/30',
$hour = '*',
$monthday = '*',
$month = '*',
$weekday = '*',
$command_options = '',
) {
include glance::params
include ::glance::params
cron { 'glance-cache-pruner':
command => $glance::params::cache_pruner_command,
command => "${glance::params::cache_pruner_command} ${command_options}",
environment => 'PATH=/bin:/usr/bin:/usr/sbin',
user => 'glance',
minute => $minute,
hour => $hour,
monthday => $monthday,
month => $month,
weekday => $weekday
weekday => $weekday,
require => Package[$::glance::params::api_package_name],
}
}

7
deployment/puppet/glance/manifests/client.pp
View File

@ -2,17 +2,20 @@
# Installs the glance python library.
#
# == parameters
# * ensure - ensure state for pachage.
# [*ensure*]
# (Optional) Ensure state for pachage.
# Defaults to 'present'
#
class glance::client (
$ensure = 'present'
) {
include glance::params
include ::glance::params
package { 'python-glanceclient':
ensure => $ensure,
name => $::glance::params::client_package_name,
tag => ['openstack'],
}
}

10
deployment/puppet/glance/manifests/config.pp
View File

@ -17,19 +17,19 @@
# DEFAULT/bar:
# value: barValue
#
# [**api_config**]
# [*api_config*]
# (optional) Allow configuration of glance-api.conf configurations.
#
# [**api_paste_ini_config**]
# [*api_paste_ini_config*]
# (optional) Allow configuration of glance-api-paste.ini configurations.
#
# [**registry_config**]
# [*registry_config*]
# (optional) Allow configuration of glance-registry.conf configurations.
#
# [**registry_paste_ini_config**]
# [*registry_paste_ini_config*]
# (optional) Allow configuration of glance-registry-paste.ini configurations.
#
# [**cache_config**]
# [*cache_config*]
# (optional) Allow configuration of glance-cache.conf configurations.
#
# NOTE: The configuration MUST NOT be already handled by this module

99
deployment/puppet/glance/manifests/db/mysql.pp
View File

@ -1,11 +1,37 @@
# The glance::db::mysql class creates a MySQL database for glance.
# It must be used on the MySQL server
#
# I should change this to mysql
# for consistency
# == Parameters
#
# [*mysql_module*]
# (optional) The mysql puppet module version to use. Tested
# versions include 0.9 and 2.2
# Default to '0.9'
# [*password*]
# password to connect to the database. Mandatory.
#
# [*dbname*]
# name of the database. Optional. Defaults to glance.
#
# [*user*]
# user to connect to the database. Optional. Defaults to glance.
#
# [*host*]
# the default source host user is allowed to connect from.
# Optional. Defaults to 'localhost'
#
# [*allowed_hosts*]
# other hosts the user is allowd to connect from.
# Optional. Defaults to undef.
#
# [*charset*]
# the database charset. Optional. Defaults to 'utf8'
#
# [*collate*]
# the database collation. Optional. Defaults to 'utf8_general_ci'
#
# [*mysql_module*]
# (optional) Deprecated. Does nothing.
#
# === Deprecated parameters:
#
# [*cluster_id*] This parameter does nothing
#
class glance::db::mysql(
$password,
@ -14,56 +40,27 @@ class glance::db::mysql(
$host = '127.0.0.1',
$allowed_hosts = undef,
$charset = 'utf8',
$collate = 'utf8_unicode_ci',
$collate = 'utf8_general_ci',
$cluster_id = 'localzone',
$mysql_module = '0.9'
$mysql_module = undef,
) {
Class['glance::db::mysql'] -> Exec<| title == 'glance-manage db_sync' |>
if ($mysql_module >= 2.2) {
require mysql::bindings
require mysql::bindings::python
Mysql_database[$dbname] ~> Exec<| title == 'glance-manage db_sync' |>
mysql::db { $dbname:
user => $user,
password => $password,
host => $host,
charset => $charset,
collate => $collate,
require => Class['mysql::server'],
}
} else {
require mysql::python
Database[$dbname] ~> Exec<| title == 'glance-manage db_sync' |>
mysql::db { $dbname:
user => $user,
password => $password,
host => $host,
charset => $charset,
require => Class['mysql::config'],
}
if $mysql_module {
warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.')
}
# Check allowed_hosts to avoid duplicate resource declarations
# If $host in $allowed_hosts, then remove it
if is_array($allowed_hosts) and delete($allowed_hosts,$host) != [] {
$real_allowed_hosts = delete($allowed_hosts,$host)
# If $host = $allowed_hosts, then set it to undef
} elsif is_string($allowed_hosts) and ($allowed_hosts != $host) {
$real_allowed_hosts = $allowed_hosts
validate_string($password)
::openstacklib::db::mysql { 'glance':
user => $user,
password_hash => mysql_password($password),
dbname => $dbname,
host => $host,
charset => $charset,
collate => $collate,
allowed_hosts => $allowed_hosts,
}
if $real_allowed_hosts {
# TODO this class should be in the mysql namespace
glance::db::mysql::host_access { $real_allowed_hosts:
user => $user,
password => $password,
database => $dbname,
mysql_module => $mysql_module,
}
}
::Openstacklib::Db::Mysql['glance'] ~> Exec<| title == 'glance-manage db_sync' |>
}

33
deployment/puppet/glance/manifests/db/mysql/host_access.pp
View File

@ -1,33 +0,0 @@
#
# Used to grant access to the glance mysql DB
#
define glance::db::mysql::host_access ($user, $password, $database, $mysql_module = '0.9') {
if ($mysql_module >= 2.2) {
mysql_user { "${user}@${name}":
password_hash => mysql_password($password),
require => Mysql_database[$database],
}
mysql_grant { "${user}@${name}/${database}.*":
privileges => ['ALL'],
options => ['GRANT'],
provider => 'mysql',
table => "${database}.*",
require => Mysql_user["${user}@${name}"],
user => "${user}@${name}"
}
} else {
database_user { "${user}@${name}":
password_hash => mysql_password($password),
provider => 'mysql',
require => Database[$database],
}
database_grant { "${user}@${name}/${database}":
# TODO figure out which privileges to grant.
privileges => 'all',
provider => 'mysql',
require => Database_user["${user}@${name}"]
}
}
}

46
deployment/puppet/glance/manifests/db/postgresql.pp
View File

@ -1,21 +1,45 @@
# == Class: glance::db::postgresql
#
# Class that configures postgresql for glance
#
# Requires the Puppetlabs postgresql module.
#
# === Parameters
#
# [*password*]
# (Required) Password to connect to the database.
#
# [*dbname*]
# (Optional) Name of the database.
# Defaults to 'glance'.
#
# [*user*]
# (Optional) User to connect to the database.
# Defaults to 'glance'.
#
# [*encoding*]
# (Optional) The charset to use for the database.
# Default to undef.
#
# [*privileges*]
# (Optional) Privileges given to the database user.
# Default to 'ALL'
#
class glance::db::postgresql(
$password,
$dbname = 'glance',
$user = 'glance'
$dbname = 'glance',
$user = 'glance',
$encoding = undef,
$privileges = 'ALL',
) {
require postgresql::python
Postgresql::Server::Db[$dbname] ~> Exec<| title == 'glance-manage db_sync' |>
Package['python-psycopg2'] -> Exec<| title == 'glance-manage db_sync' |>
postgresql::server::db { $dbname:
user => $user,
password => $password,
::openstacklib::db::postgresql { 'glance':
password_hash => postgresql_password($user, $password),
dbname => $dbname,
user => $user,
encoding => $encoding,
privileges => $privileges,
}
::Openstacklib::Db::Postgresql['glance'] ~> Exec<| title == 'glance-manage db_sync' |>
}

22
deployment/puppet/glance/manifests/init.pp
View File

@ -1,26 +1,32 @@
# == class: glance
#
# base glacne config.
# base glance config.
#
# == parameters
# * package_ensure - ensure state for package.
# === parameters:
#
# [*package_ensure*]
# (Optional) Ensure state for package. On Ubuntu this setting
# is ignored since Ubuntu has separate API and registry packages.
# Defaults to 'present'
#
class glance(
$package_ensure = 'present'
) {
include glance::params
include ::glance::params
file { '/etc/glance/':
ensure => directory,
owner => 'glance',
group => 'root',
mode => '0770',
ensure => directory,
owner => 'glance',
group => 'root',
mode => '0770',
}
if ( $glance::params::api_package_name == $glance::params::registry_package_name ) {
package { $glance::params::api_package_name :
ensure => $package_ensure,
name => $::glance::params::package_name,
tag => ['openstack'],
}
}
}

238
deployment/puppet/glance/manifests/keystone/auth.pp
View File

@ -1,67 +1,209 @@
# == Class: glance::keystone::auth
#
# Sets up glance users, service and endpoint
#
# == Parameters:
#
# $auth_name :: identifier used for all keystone objects related to glance.
# Optional. Defaults to glance.
# $password :: password for glance user. Optional. Defaults to glance_password.
# $service_type :: type of service to create. Optional. Defaults to image.
# $public_address :: Public address for endpoint. Optional. Defaults to 127.0.0.1.
# $admin_address :: Admin address for endpoint. Optional. Defaults to 127.0.0.1.
# $inernal_address :: Internal address for endpoint. Optional. Defaults to 127.0.0.1.
# $port :: Port for endpoint. Needs to match glance api service port. Optional.
# Defaults to 9292.
# $region :: Region where endpoint is set.
# $public_protocol :: Protocol for public endpoint. Optional. Defaults to http.
# $admin_protocol :: Protocol for admin endpoint. Optional. Defaults to http.
# $internal_protocol :: Protocol for internal endpoint. Optional. Defaults to http.
# [*password*]
# Password for glance user. Required.
#
# [*email*]
# Email for glance user. Optional. Defaults to 'glance@localhost'.
#
# [*auth_name*]
# Username for glance service. Optional. Defaults to 'glance'.
#
# [*configure_endpoint*]
# Should glance endpoint be configured? Optional. Defaults to 'true'.
#
# [*configure_user*]
# Should the service user be configured? Optional. Defaults to 'true'.
#
# [*configure_user_role*]
# Should the admin role be configured for the service user?
# Optional. Defaults to 'true'.
#
# [*service_name*]
# Name of the service. Optional.
# Defaults to value of auth_name.
#
# [*service_type*]
# Type of service. Optional. Defaults to 'image'.
#
# [*service_description*]
# Description for keystone service. Optional. Defaults to 'OpenStack Image Service'.
#
# [*region*]
# Region for endpoint. Optional. Defaults to 'RegionOne'.
#
# [*tenant*]
# Tenant for glance user. Optional. Defaults to 'services'.
#
# [*public_url*]
# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:9292')
# This url should *not* contain any trailing '/'.
#
# [*admin_url*]
# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:9292')
# This url should *not* contain any trailing '/'.
#
# [*internal_url*]
# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:9292')
# This url should *not* contain any trailing '/'.
#
# [*port*]
# (optional) DEPRECATED: Use public_url, internal_url and admin_url instead.
# Default port for endpoints. (Defaults to 9292)
# Setting this parameter overrides public_url, internal_url and admin_url parameters.
#
# [*public_protocol*]
# (optional) DEPRECATED: Use public_url instead.
# Protocol for public endpoint. (Defaults to 'http')
# Setting this parameter overrides public_url parameter.
#
# [*public_address*]
# (optional) DEPRECATED: Use public_url instead.
# Public address for endpoint. (Defaults to '127.0.0.1')
# Setting this parameter overrides public_url parameter.
#
# [*internal_protocol*]
# (optional) DEPRECATED: Use internal_url instead.
# Protocol for internal endpoint. (Defaults to 'http')
# Setting this parameter overrides internal_url parameter.
#
# [*internal_address*]
# (optional) DEPRECATED: Use internal_url instead.
# Internal address for endpoint. (Defaults to '127.0.0.1')
# Setting this parameter overrides internal_url parameter.
#
# [*admin_protocol*]
# (optional) DEPRECATED: Use admin_url instead.
# Protocol for admin endpoint. (Defaults to 'http')
# Setting this parameter overrides admin_url parameter.
#
# [*admin_address*]
# (optional) DEPRECATED: Use admin_url instead.
# Admin address for endpoint. (Defaults to '127.0.0.1')
# Setting this parameter overrides admin_url parameter.
#
# === Deprecation notes
#
# If any value is provided for public_protocol, public_address or port parameters,
# public_url will be completely ignored. The same applies for internal and admin parameters.
#
# === Examples
#
# class { 'glance::keystone::auth':
# public_url => 'https://10.0.0.10:9292',
# internal_url => 'https://10.0.0.11:9292',
# admin_url => 'https://10.0.0.11:9292',
# }
#
class glance::keystone::auth(
$password,
$email = 'glance@localhost',
$auth_name = 'glance',
$configure_endpoint = true,
$service_type = 'image',
$public_address = '127.0.0.1',
$admin_address = '127.0.0.1',
$internal_address = '127.0.0.1',
$port = '9292',
$region = 'RegionOne',
$tenant = 'services',
$public_protocol = 'http',
$admin_protocol = 'http',
$internal_protocol = 'http'
$email = 'glance@localhost',
$auth_name = 'glance',
$configure_endpoint = true,
$configure_user = true,
$configure_user_role = true,
$service_name = undef,
$service_type = 'image',
$region = 'RegionOne',
$tenant = 'services',
$service_description = 'OpenStack Image Service',
$public_url = 'http://127.0.0.1:9292',
$admin_url = 'http://127.0.0.1:9292',
$internal_url = 'http://127.0.0.1:9292',
# DEPRECATED PARAMETERS
$port = undef,
$public_protocol = undef,
$public_address = undef,
$internal_protocol = undef,
$internal_address = undef,
$admin_protocol = undef,
$admin_address = undef,
) {
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-registry' |>
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-api' |>
Keystone_endpoint["${region}/${auth_name}"] ~> Service <| name == 'glance-api' |>
keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
if $port {
warning('The port parameter is deprecated, use public_url, internal_url and admin_url instead.')
}
keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => 'admin',
if $public_protocol {
warning('The public_protocol parameter is deprecated, use public_url instead.')
}
keystone_service { $auth_name:
ensure => present,
type => $service_type,
description => 'Openstack Image Service',
if $internal_protocol {
warning('The internal_protocol parameter is deprecated, use internal_url instead.')
}
if $admin_protocol {
warning('The admin_protocol parameter is deprecated, use admin_url instead.')
}
if $public_address {
warning('The public_address parameter is deprecated, use public_url instead.')
}
if $internal_address {
warning('The internal_address parameter is deprecated, use internal_url instead.')
}
if $admin_address {
warning('The admin_address parameter is deprecated, use admin_url instead.')
}
if ($public_protocol or $public_address or $port) {
$public_url_real = sprintf('%s://%s:%s',
pick($public_protocol, 'http'),
pick($public_address, '127.0.0.1'),
pick($port, '9292'))
} else {
$public_url_real = $public_url
}
if ($admin_protocol or $admin_address or $port) {
$admin_url_real = sprintf('%s://%s:%s',
pick($admin_protocol, 'http'),
pick($admin_address, '127.0.0.1'),
pick($port, '9292'))
} else {
$admin_url_real = $admin_url
}
if ($internal_protocol or $internal_address or $port) {
$internal_url_real = sprintf('%s://%s:%s',
pick($internal_protocol, 'http'),
pick($internal_address, '127.0.0.1'),
pick($port, '9292'))
} else {
$internal_url_real = $internal_url
}
$real_service_name = pick($service_name, $auth_name)
if $configure_endpoint {
keystone_endpoint { "${region}/${auth_name}":
ensure => present,
public_url => "${public_protocol}://${public_address}:${port}",
admin_url => "${admin_protocol}://${admin_address}:${port}",
internal_url => "${internal_protocol}://${internal_address}:${port}",
}
Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'glance-api' |>
}
keystone::resource::service_identity { $auth_name:
configure_user => $configure_user,
configure_user_role => $configure_user_role,
configure_endpoint => $configure_endpoint,
service_type => $service_type,
service_description => $service_description,
service_name => $real_service_name,
region => $region,
password => $password,
email => $email,
tenant => $tenant,
public_url => $public_url_real,
admin_url => $admin_url_real,
internal_url => $internal_url_real,
}
if $configure_user_role {
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-registry' |>
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-api' |>
}
}

24
deployment/puppet/glance/manifests/notify/qpid.pp
View File

@ -1,6 +1,28 @@
# == Class: glance::notify::qpid
#
# used to configure qpid notifications for glance
#
# === Parameters:
#
# [*qpid_password*]
# (required) Password to connect to the qpid server.
#
# [*qpid_username*]
# (Optional) User to connect to the qpid server.
# Defaults to 'guest'.
#
# [*qpid_hostname*]
# (Optional) IP or hostname of the qpid server.
# Defaults to 'localhost'.
#
# [*qpid_port*]
# (Optional) Port of the qpid server.
# Defaults to 5672.
#
# [*qpid_protocol*]
# (Optional) Protocol to use for qpid (tcp/ssl).
# Defaults to tcp.
#
class glance::notify::qpid(
$qpid_password,
$qpid_username = 'guest',
@ -15,7 +37,7 @@ class glance::notify::qpid(
'DEFAULT/qpid_port': value => $qpid_port;
'DEFAULT/qpid_protocol': value => $qpid_protocol;
'DEFAULT/qpid_username': value => $qpid_username;
'DEFAULT/qpid_password': value => $qpid_password;
'DEFAULT/qpid_password': value => $qpid_password, secret => true;
}
}

72
deployment/puppet/glance/manifests/notify/rabbitmq.pp
View File

@ -3,37 +3,59 @@
#
# [*rabbit_password*]
# password to connect to the rabbit_server.
#
# [*rabbit_userid*]
# user to connect to the rabbit server. Optional. Defaults to 'guest'
#
# [*rabbit_host*]
# ip or hostname of the rabbit server. Optional. Defaults to 'localhost'
#
# [*rabbit_hosts*]
# (Optional) IP or hostname of the rabbits servers.
# comma separated array (ex: ['1.0.0.10:5672','1.0.0.11:5672'])
# Defaults to false.
#
# [*rabbit_port*]
# port of the rabbit server. Optional. Defaults to 5672.
#
# [*rabbit_virtual_host*]
# virtual_host to use. Optional. Defaults to '/'
#
# [*rabbit_use_ssl*]
# (optional) Connect over SSL for RabbitMQ
# Defaults to false
#
# [*kombu_ssl_ca_certs*]
# (optional) SSL certification authority file (valid only if SSL enabled).
# Defaults to undef
#
# [*kombu_ssl_certfile*]
# (optional) SSL cert file (valid only if SSL enabled).
# Defaults to undef
#
# [*kombu_ssl_keyfile*]
# (optional) SSL key file (valid only if SSL enabled).
# Defaults to undef
#
# [*kombu_ssl_version*]
# (optional) SSL version to use (valid only if SSL enabled).
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
# available on some distributions.
# Defaults to 'SSLv3'
# Defaults to 'TLSv1'
#
# [*rabbit_notification_exchange*]
# Defaults to 'glance'
#
# [*rabbit_notification_topic*]
# Defaults to 'notifications'
#
# [*rabbit_durable_queues*]
# Defaults to false
#
# [*amqp_durable_queues*]
# (Optional) Use durable queues in broker.
# Defaults to false.
#
# [*notification_driver*]
# Notification driver to use. Defaults to 'messaging'.
@ -48,7 +70,7 @@ class glance::notify::rabbitmq(
$kombu_ssl_ca_certs = undef,
$kombu_ssl_certfile = undef,
$kombu_ssl_keyfile = undef,
$kombu_ssl_version = 'SSLv3',
$kombu_ssl_version = 'TLSv1',
$rabbit_notification_exchange = 'glance',
$rabbit_notification_topic = 'notifications',
$rabbit_durable_queues = false,
@ -65,55 +87,55 @@ class glance::notify::rabbitmq(
if $rabbit_hosts {
glance_api_config {
'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',');
'DEFAULT/rabbit_ha_queues': value => true
'oslo_messaging_rabbit/rabbit_hosts': value => join($rabbit_hosts, ',');
'oslo_messaging_rabbit/rabbit_ha_queues': value => true
}
} else {
glance_api_config {
'DEFAULT/rabbit_host': value => $rabbit_host;
'DEFAULT/rabbit_port': value => $rabbit_port;
'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}";
'DEFAULT/rabbit_ha_queues': value => false
'oslo_messaging_rabbit/rabbit_host': value => $rabbit_host;
'oslo_messaging_rabbit/rabbit_port': value => $rabbit_port;
'oslo_messaging_rabbit/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}";
'oslo_messaging_rabbit/rabbit_ha_queues': value => false
}
}
glance_api_config {
'DEFAULT/notification_driver': value => $notification_driver;
'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
'DEFAULT/rabbit_password': value => $rabbit_password;
'DEFAULT/rabbit_userid': value => $rabbit_userid;
'DEFAULT/rabbit_notification_exchange': value => $rabbit_notification_exchange;
'DEFAULT/rabbit_notification_topic': value => $rabbit_notification_topic;
'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl;
'oslo_messaging_rabbit/rabbit_virtual_host': value => $rabbit_virtual_host;
'oslo_messaging_rabbit/rabbit_password': value => $rabbit_password, secret => true;
'oslo_messaging_rabbit/rabbit_userid': value => $rabbit_userid;
'oslo_messaging_rabbit/rabbit_notification_exchange': value => $rabbit_notification_exchange;
'oslo_messaging_rabbit/rabbit_notification_topic': value => $rabbit_notification_topic;
'oslo_messaging_rabbit/rabbit_use_ssl': value => $rabbit_use_ssl;
'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues_real;
}
if $rabbit_use_ssl {
glance_api_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version }
glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_version': value => $kombu_ssl_version }
if $kombu_ssl_ca_certs {
glance_api_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs }
glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs }
} else {
glance_api_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent}
glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent}
}
if $kombu_ssl_certfile {
glance_api_config { 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile }
glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_certfile': value => $kombu_ssl_certfile }
} else {
glance_api_config { 'DEFAULT/kombu_ssl_certfile': ensure => absent}
glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent}
}
if $kombu_ssl_keyfile {
glance_api_config { 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile }
glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_keyfile': value => $kombu_ssl_keyfile }
} else {
glance_api_config { 'DEFAULT/kombu_ssl_keyfile': ensure => absent}
glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent}
}
} else {
glance_api_config {
'DEFAULT/kombu_ssl_version': ensure => absent;
'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
'DEFAULT/kombu_ssl_certfile': ensure => absent;
'DEFAULT/kombu_ssl_keyfile': ensure => absent;
'oslo_messaging_rabbit/kombu_ssl_version': ensure => absent;
'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent;
'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent;
'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent;
}
if ($kombu_ssl_keyfile or $kombu_ssl_certfile or $kombu_ssl_ca_certs) {
notice('Configuration of certificates with $rabbit_use_ssl == false is a useless config')

11
deployment/puppet/glance/manifests/params.pp
View File

@ -3,7 +3,6 @@
class glance::params {
$client_package_name = 'python-glanceclient'
$pyceph_package_name = 'python-ceph'
$cache_cleaner_command = 'glance-cache-cleaner'
$cache_pruner_command = 'glance-cache-pruner'
@ -14,14 +13,20 @@ class glance::params {
$registry_package_name = 'openstack-glance'
$api_service_name = 'openstack-glance-api'
$registry_service_name = 'openstack-glance-registry'
$db_sync_command = 'glance-manage db_sync'
$db_sync_command = 'glance-manage --config-file=/etc/glance/glance-registry.conf db_sync'
if ($::operatingsystem != 'fedora' and versioncmp($::operatingsystemrelease, '7') < 0) {
$pyceph_package_name = 'python-ceph'
} else {
$pyceph_package_name = 'python-rbd'
}
}
'Debian': {
$api_package_name = 'glance-api'
$registry_package_name = 'glance-registry'
$api_service_name = 'glance-api'
$registry_service_name = 'glance-registry'
$db_sync_command = 'glance-manage db_sync'
$db_sync_command = 'glance-manage --config-file=/etc/glance/glance-registry.conf db_sync'
$pyceph_package_name = 'python-ceph'
}
default: {
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} only support osfamily RedHat and Debian")

39
deployment/puppet/glance/manifests/policy.pp Normal file
View File

@ -0,0 +1,39 @@
# == Class: glance::policy
#
# Configure the glance policies
#
# === Parameters
#
# [*policies*]
# (optional) Set of policies to configure for glance
# Example :
# {
# 'glance-context_is_admin' => {
# 'key' => 'context_is_admin',
# 'value' => 'true'
# },
# 'glance-default' => {
# 'key' => 'default',
# 'value' => 'rule:admin_or_owner'
# }
# }
# Defaults to empty hash.
#
# [*policy_path*]
# (optional) Path to the glance policy.json file
# Defaults to /etc/glance/policy.json
#
class glance::policy (
$policies = {},
$policy_path = '/etc/glance/policy.json',
) {
validate_hash($policies)
Openstacklib::Policy::Base {
file_path => $policy_path,
}
create_resources('openstacklib::policy::base', $policies)
}

210
deployment/puppet/glance/manifests/registry.pp
View File

@ -7,6 +7,11 @@
# [*keystone_password*]
# (required) The keystone password for administrative user
#
# [*package_ensure*]
# (optional) Ensure state for package. Defaults to 'present'. On RedHat
# platforms this setting is ignored and the setting from the glance class is
# used because there is only one glance package.
#
# [*verbose*]
# (optional) Enable verbose logs (true|false). Defaults to false.
#
@ -29,31 +34,32 @@
# If set to boolean false, it will not log to any directory.
# Defaults to '/var/log/glance'
#
# [*sql_connection*]
# (optional) SQL connection string.
# Defaults to 'sqlite:///var/lib/glance/glance.sqlite'.
# [*database_connection*]
# (optional) Connection url to connect to nova database.
# Defaults to 'sqlite:///var/lib/glance/glance.sqlite'
#
# [*sql_idle_timeout*]
# (optional) SQL connections idle timeout. Defaults to '3600'.
# [*database_idle_timeout*]
# (optional) Timeout before idle db connections are reaped.
# Defaults to 3600
#
# [*auth_type*]
# (optional) Authentication type. Defaults to 'keystone'.
#
# [*auth_host*]
# (optional) Address of the admin authentication endpoint.
# (optional) DEPRECATED Address of the admin authentication endpoint.
# Defaults to '127.0.0.1'.
#
# [*auth_port*]
# (optional) Port of the admin authentication endpoint. Defaults to '35357'.
# (optional) DEPRECATED Port of the admin authentication endpoint. Defaults to '35357'.
#
# [*auth_admin_prefix*]
# (optional) path part of the auth url.
# (optional) DEPRECATED path part of the auth url.
# This allow admin auth URIs like http://auth_host:35357/keystone/admin.
# (where '/keystone/admin' is auth_admin_prefix)
# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
#
# [*auth_protocol*]
# (optional) Protocol to communicate with the admin authentication endpoint.
# (optional) DEPRECATED Protocol to communicate with the admin authentication endpoint.
# Defaults to 'http'. Should be 'http' or 'https'.
#
# [*auth_uri*]
@ -61,6 +67,7 @@
#
# [*identity_uri*]
# (optional) Complete admin Identity API endpoint.
# Defaults to: false
#
# [*keystone_tenant*]
# (optional) administrative tenant name to connect to keystone.
@ -70,6 +77,11 @@
# (optional) administrative user name to connect to keystone.
# Defaults to 'glance'.
#
# [*pipeline*]
# (optional) Partial name of a pipeline in your paste configuration
# file with the service name removed.
# Defaults to 'keystone'.
#
# [*use_syslog*]
# (optional) Use syslog for logging.
# Defaults to false.
@ -78,8 +90,13 @@
# (optional) Syslog facility to receive log lines.
# Defaults to LOG_USER.
#
# [*manage_service*]
# (optional) If Puppet should manage service startup / shutdown.
# Defaults to true.
#
# [*enabled*]
# (optional) Should the service be enabled. Defaults to true.
# (optional) Should the service be enabled.
# Defaults to true.
#
# [*purge_config*]
# (optional) Whether to create only the specified config values in
@ -98,52 +115,64 @@
# (optional) CA certificate file to use to verify connecting clients
# Defaults to false, not set
#
# [*sync_db*]
# (Optional) Run db sync on the node.
# Defaults to true
#
# [*mysql_module*]
# (optional) The version of puppet-mysql to use. Tested versions
# include 0.9 and 2.2
# Defaults to '0.9'
# (optional) Deprecated. Does nothing.
#
class glance::registry(
$keystone_password,
$verbose = false,
$debug = false,
$bind_host = '0.0.0.0',
$bind_port = '9191',
$log_file = '/var/log/glance/registry.log',
$log_dir = '/var/log/glance',
$sql_connection = 'sqlite:///var/lib/glance/glance.sqlite',
$sql_idle_timeout = '3600',
$auth_type = 'keystone',
$auth_host = '127.0.0.1',
$auth_port = '35357',
$auth_admin_prefix = false,
$auth_uri = false,
$identity_uri = false,
$auth_protocol = 'http',
$keystone_tenant = 'services',
$keystone_user = 'glance',
$pipeline = 'keystone',
$use_syslog = false,
$log_facility = 'LOG_USER',
$enabled = true,
$purge_config = false,
$cert_file = false,
$key_file = false,
$ca_file = false,
$mysql_module = '0.9',
$package_ensure = 'present',
$verbose = false,
$debug = false,
$bind_host = '0.0.0.0',
$bind_port = '9191',
$log_file = '/var/log/glance/registry.log',
$log_dir = '/var/log/glance',
$database_connection = 'sqlite:///var/lib/glance/glance.sqlite',
$database_idle_timeout = 3600,
$auth_type = 'keystone',
$auth_uri = false,
$identity_uri = false,
$keystone_tenant = 'services',
$keystone_user = 'glance',
$pipeline = 'keystone',
$use_syslog = false,
$log_facility = 'LOG_USER',
$manage_service = true,
$enabled = true,
$purge_config = false,
$cert_file = false,
$key_file = false,
$ca_file = false,
$sync_db = true,
# DEPRECATED PARAMETERS
$mysql_module = undef,
$auth_host = '127.0.0.1',
$auth_port = '35357',
$auth_admin_prefix = false,
$auth_protocol = 'http',
) inherits glance {
require keystone::python
validate_re($sql_connection, '(sqlite|mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?')
if $mysql_module {
warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.')
}
if ( $glance::params::api_package_name != $glance::params::registry_package_name ) {
ensure_packages([$glance::params::registry_package_name])
ensure_packages( [$glance::params::registry_package_name],
{
ensure => $package_ensure,
tag => ['openstack'],
}
)
}
Package[$glance::params::registry_package_name] -> File['/etc/glance/']
Package[$glance::params::registry_package_name] -> Glance_registry_config<||>
Package[$glance::params::registry_package_name] ~> Service['glance-registry']
Glance_registry_config<||> ~> Exec<| title == 'glance-manage db_sync' |>
Glance_registry_config<||> ~> Service['glance-registry']
@ -157,18 +186,21 @@ class glance::registry(
require => Class['glance']
}
if($sql_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
if ($mysql_module >= 2.2) {
require mysql::bindings::python
if $database_connection {
if($database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
require 'mysql::bindings'
require 'mysql::bindings::python'
} elsif($database_connection =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) {
} elsif($database_connection =~ /sqlite:\/\//) {
} else {
require mysql::python
fail("Invalid db connection ${database_connection}")
}
glance_registry_config {
'database/connection': value => $database_connection, secret => true;
'database/idle_timeout': value => $database_idle_timeout;
}
} elsif($sql_connection =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) {
} elsif($sql_connection =~ /sqlite:\/\//) {
} else {
fail("Invalid db connection ${sql_connection}")
}
glance_registry_config {
@ -178,9 +210,10 @@ class glance::registry(
'DEFAULT/bind_port': value => $bind_port;
}
glance_registry_config {
'DEFAULT/sql_connection': value => $sql_connection;
'DEFAULT/sql_idle_timeout': value => $sql_idle_timeout;
if $identity_uri {
glance_registry_config { 'keystone_authtoken/identity_uri': value => $identity_uri; }
} else {
glance_registry_config { 'keystone_authtoken/identity_uri': ensure => absent; }
}
if $auth_uri {
@ -189,30 +222,45 @@ class glance::registry(
glance_registry_config { 'keystone_authtoken/auth_uri': value => "${auth_protocol}://${auth_host}:5000/"; }
}
# auth config
if $identity_uri {
glance_registry_config { 'keystone_authtoken/identity_uri': value => $identity_uri; }
} else {
if $auth_admin_prefix {
glance_registry_config { 'keystone_authtoken/identity_uri': value => "${auth_protocol}://${auth_host}:${auth_port}/${auth_admin_prefix}"; }
# if both auth_uri and identity_uri are set we skip these deprecated settings entirely
if !$auth_uri or !$identity_uri {
if $auth_host {
warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_registry_config { 'keystone_authtoken/auth_host': value => $auth_host; }
} else {
glance_registry_config { 'keystone_authtoken/identity_uri': value => "${auth_protocol}://${auth_host}:${auth_port}/"; }
glance_registry_config { 'keystone_authtoken/auth_host': ensure => absent; }
}
}
glance_registry_config {
'keystone_authtoken/auth_host': value => $auth_host;
'keystone_authtoken/auth_port': value => $auth_port;
'keystone_authtoken/auth_protocol': value => $auth_protocol;
}
if $auth_admin_prefix {
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
glance_registry_config {
'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
if $auth_port {
warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_registry_config { 'keystone_authtoken/auth_port': value => $auth_port; }
} else {
glance_registry_config { 'keystone_authtoken/auth_port': ensure => absent; }
}
if $auth_protocol {
warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
glance_registry_config { 'keystone_authtoken/auth_protocol': value => $auth_protocol; }
} else {
glance_registry_config { 'keystone_authtoken/auth_protocol': ensure => absent; }
}
if $auth_admin_prefix {
warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
glance_registry_config {
'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
}
} else {
glance_registry_config { 'keystone_authtoken/auth_admin_prefix': ensure => absent; }
}
} else {
glance_registry_config {
'keystone_authtoken/auth_host': ensure => absent;
'keystone_authtoken/auth_port': ensure => absent;
'keystone_authtoken/auth_protocol': ensure => absent;
'keystone_authtoken/auth_admin_prefix': ensure => absent;
}
}
@ -234,7 +282,7 @@ class glance::registry(
glance_registry_config {
'keystone_authtoken/admin_tenant_name': value => $keystone_tenant;
'keystone_authtoken/admin_user' : value => $keystone_user;
'keystone_authtoken/admin_password' : value => $keystone_password;
'keystone_authtoken/admin_password' : value => $keystone_password, secret => true;
}
}
@ -308,8 +356,7 @@ class glance::registry(
'/etc/glance/glance-registry-paste.ini']:
}
if $enabled {
if $sync_db {
Exec['glance-manage db_sync'] ~> Service['glance-registry']
exec { 'glance-manage db_sync':
@ -320,9 +367,16 @@ class glance::registry(
logoutput => on_failure,
subscribe => [Package[$glance::params::registry_package_name], File['/etc/glance/glance-registry.conf']],
}
$service_ensure = 'running'
}
if $manage_service {
if $enabled {
$service_ensure = 'running'
} else {
$service_ensure = 'stopped'
}
} else {
$service_ensure = 'stopped'
warning('Execution of db_sync does not depend on $manage_service or $enabled anymore. Please use sync_db instead.')
}
service { 'glance-registry':

39
deployment/puppet/glance/metadata.json Normal file
View File

@ -0,0 +1,39 @@
{
"name": "stackforge-glance",
"version": "5.1.0",
"author": "Puppet Labs and OpenStack Contributors",
"summary": "Puppet module for OpenStack Glance",
"license": "Apache-2.0",
"source": "git://github.com/openstack/puppet-glance.git",
"project_page": "https://launchpad.net/puppet-glance",
"issues_url": "https://bugs.launchpad.net/puppet-glance",
"requirements": [
{ "name": "pe","version_requirement": "3.x" },
{ "name": "puppet","version_requirement": "3.x" }
],
"operatingsystem_support": [
{
"operatingsystem": "Debian",
"operatingsystemrelease": ["7"]
},
{
"operatingsystem": "Fedora",
"operatingsystemrelease": ["20"]
},
{
"operatingsystem": "RedHat",
"operatingsystemrelease": ["6.5","7"]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": ["12.04","14.04"]
}
],
"description": "Installs and configures OpenStack Glance (Image Service).",
"dependencies": [
{ "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" },
{ "name": "stackforge/keystone", "version_requirement": ">=5.0.0 <6.0.0" },
{ "name": "puppetlabs/stdlib", "version_requirement": ">=4.0.0 <5.0.0" },
{ "name": "stackforge/openstacklib", "version_requirement": ">=5.0.0 <6.0.0" }
]
}

100
deployment/puppet/glance/spec/acceptance/basic_glance_spec.rb Normal file
View File

@ -0,0 +1,100 @@
require 'spec_helper_acceptance'
describe 'glance class' do
context 'default parameters' do
it 'should work with no errors' do
pp= <<-EOS
Exec { logoutput => 'on_failure' }
# Common resources
case $::osfamily {
'Debian': {
include ::apt
class { '::openstack_extras::repo::debian::ubuntu':
release => 'kilo',
package_require => true,
}
}
'RedHat': {
class { '::openstack_extras::repo::redhat::redhat':
release => 'kilo',
}
package { 'openstack-selinux': ensure => 'latest' }
}
default: {
fail("Unsupported osfamily (${::osfamily})")
}
}
class { '::mysql::server': }
# Keystone resources, needed by Glance to run
class { '::keystone::db::mysql':
# https://bugs.launchpad.net/puppet-keystone/+bug/1446375
collate => 'utf8_general_ci',
password => 'keystone',
}
class { '::keystone':
verbose => true,
debug => true,
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
admin_token => 'admin_token',
enabled => true,
}
class { '::keystone::roles::admin':
email => 'test@example.tld',
password => 'a_big_secret',
}
class { '::keystone::endpoint':
public_url => "https://${::fqdn}:5000/",
admin_url => "https://${::fqdn}:35357/",
}
# Glance resources
include ::glance
include ::glance::client
class { '::glance::db::mysql':
# https://bugs.launchpad.net/puppet-glance/+bug/1446375
collate => 'utf8_general_ci',
password => 'a_big_secret',
}
class { '::glance::keystone::auth':
password => 'a_big_secret',
}
class { '::glance::api':
database_connection => 'mysql://glance:a_big_secret@127.0.0.1/glance?charset=utf8',
verbose => false,
keystone_password => 'a_big_secret',
}
class { '::glance::registry':
database_connection => 'mysql://glance:a_big_secret@127.0.0.1/glance?charset=utf8',
verbose => false,
keystone_password => 'a_big_secret',
}
glance_image { 'test_image':
ensure => present,
container_format => 'bare',
disk_format => 'qcow2',
is_public => 'yes',
source => 'http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img',
}
EOS
# Run it twice and test for idempotency
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
describe 'glance images' do
it 'should create a glance image' do
shell('openstack --os-username glance --os-password a_big_secret --os-tenant-name services --os-auth-url http://127.0.0.1:5000/v2.0 image list') do |r|
expect(r.stdout).to match(/test_image/)
expect(r.stderr).to be_empty
end
end
end
end
end

10
deployment/puppet/glance/spec/acceptance/nodesets/default.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
ubuntu-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
box : puppetlabs/ubuntu-14.04-64-nocm
box_url : https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor : vagrant
CONFIG:
type: foss

10
deployment/puppet/glance/spec/acceptance/nodesets/nodepool-centos7.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
centos-70-x64:
roles:
- master
platform: el-7-x86_64
hypervisor : none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
deployment/puppet/glance/spec/acceptance/nodesets/nodepool-trusty.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
ubuntu-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
hypervisor : none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

323
deployment/puppet/glance/spec/classes/glance_api_spec.rb
View File

@ -11,58 +11,62 @@ describe 'glance::api' do
let :default_params do
{
:verbose => false,
:debug => false,
:bind_host => '0.0.0.0',
:bind_port => '9292',
:registry_host => '0.0.0.0',
:registry_port => '9191',
:log_file => '/var/log/glance/api.log',
:log_dir => '/var/log/glance',
:auth_type => 'keystone',
:enabled => true,
:backlog => '4096',
:workers => '7',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:auth_protocol => 'http',
:auth_uri => 'http://127.0.0.1:5000/',
:identity_uri => 'http://127.0.0.1:35357/',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'ChangeMe',
:sql_idle_timeout => '3600',
:sql_connection => 'sqlite:///var/lib/glance/glance.sqlite',
:show_image_direct_url => false,
:purge_config => false,
:mysql_module => '0.9',
:known_stores => false,
:verbose => false,
:debug => false,
:bind_host => '0.0.0.0',
:bind_port => '9292',
:registry_host => '0.0.0.0',
:registry_port => '9191',
:registry_client_protocol => 'http',
:log_file => '/var/log/glance/api.log',
:log_dir => '/var/log/glance',
:auth_type => 'keystone',
:enabled => true,
:manage_service => true,
:backlog => '4096',
:workers => '7',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:auth_protocol => 'http',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'ChangeMe',
:database_idle_timeout => '3600',
:database_connection => 'sqlite:///var/lib/glance/glance.sqlite',
:show_image_direct_url => false,
:purge_config => false,
:known_stores => false,
:image_cache_dir => '/var/lib/glance/image-cache',
:os_region_name => 'RegionOne',
:pipeline => 'keystone',
}
end
[{:keystone_password => 'ChangeMe'},
{
:verbose => true,
:debug => true,
:bind_host => '127.0.0.1',
:bind_port => '9222',
:registry_host => '127.0.0.1',
:registry_port => '9111',
:auth_type => 'not_keystone',
:enabled => false,
:backlog => '4095',
:workers => '5',
:auth_host => '127.0.0.2',
:auth_port => '35358',
:auth_protocol => 'https',
:auth_uri => 'https://127.0.0.2:5000/v2.0/',
:identity_uri => 'https://127.0.0.2:35358/',
:keystone_tenant => 'admin2',
:keystone_user => 'admin2',
:keystone_password => 'ChangeMe2',
:sql_idle_timeout => '36002',
:sql_connection => 'mysql:///var:lib@glance/glance',
:show_image_direct_url => true
:verbose => true,
:debug => true,
:bind_host => '127.0.0.1',
:bind_port => '9222',
:registry_host => '127.0.0.1',
:registry_port => '9111',
:registry_client_protocol => 'https',
:auth_type => 'not_keystone',
:enabled => false,
:backlog => '4095',
:workers => '5',
:auth_host => '127.0.0.2',
:auth_port => '35358',
:auth_protocol => 'https',
:keystone_tenant => 'admin2',
:keystone_user => 'admin2',
:keystone_password => 'ChangeMe2',
:database_idle_timeout => '36002',
:database_connection => 'mysql:///var:lib@glance/glance',
:show_image_direct_url => true,
:image_cache_dir => '/tmp/glance',
:os_region_name => 'RegionOne2',
:pipeline => 'keystone2',
}
].each do |param_set|
@ -76,16 +80,20 @@ describe 'glance::api' do
param_set
end
it { should contain_class 'glance' }
it { is_expected.to contain_class 'glance' }
it { is_expected.to contain_class 'glance::policy' }
it { should contain_service('glance-api').with(
'ensure' => param_hash[:enabled] ? 'running': 'stopped',
it { is_expected.to contain_service('glance-api').with(
'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped',
'enable' => param_hash[:enabled],
'hasstatus' => true,
'hasrestart' => true
) }
it 'should lay down default api config' do
it { is_expected.to_not contain_exec('validate_nova_api') }
it { is_expected.to contain_glance_api_config("paste_deploy/flavor").with_value(param_hash[:pipeline]) }
it 'is_expected.to lay down default api config' do
[
'verbose',
'debug',
@ -93,68 +101,101 @@ describe 'glance::api' do
'bind_port',
'registry_host',
'registry_port',
'show_image_direct_url'
'registry_client_protocol',
'show_image_direct_url',
].each do |config|
should contain_glance_api_config("DEFAULT/#{config}").with_value(param_hash[config.intern])
is_expected.to contain_glance_api_config("DEFAULT/#{config}").with_value(param_hash[config.intern])
end
end
it 'should lay down default cache config' do
it 'is_expected.to lay down default cache config' do
[
'verbose',
'debug',
'registry_host',
'registry_port'
'registry_port',
].each do |config|
should contain_glance_cache_config("DEFAULT/#{config}").with_value(param_hash[config.intern])
is_expected.to contain_glance_cache_config("DEFAULT/#{config}").with_value(param_hash[config.intern])
end
end
it 'should config db' do
should contain_glance_api_config('DEFAULT/sql_connection').with_value(param_hash[:sql_connection])
should contain_glance_api_config('DEFAULT/sql_idle_timeout').with_value(param_hash[:sql_idle_timeout])
it 'is_expected.to lay down default glance_store api and cache config' do
[
'os_region_name',
].each do |config|
is_expected.to contain_glance_cache_config("glance_store/#{config}").with_value(param_hash[config.intern])
is_expected.to contain_glance_api_config("glance_store/#{config}").with_value(param_hash[config.intern])
end
end
it 'should have no ssl options' do
should contain_glance_api_config('DEFAULT/ca_file').with_ensure('absent')
should contain_glance_api_config('DEFAULT/cert_file').with_ensure('absent')
should contain_glance_api_config('DEFAULT/key_file').with_ensure('absent')
it 'is_expected.to config db' do
is_expected.to contain_glance_api_config('database/connection').with_value(param_hash[:database_connection])
is_expected.to contain_glance_api_config('database/connection').with_value(param_hash[:database_connection]).with_secret(true)
is_expected.to contain_glance_api_config('database/idle_timeout').with_value(param_hash[:database_idle_timeout])
end
it 'should lay down default auth config' do
it 'is_expected.to have no ssl options' do
is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_ensure('absent')
is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_ensure('absent')
is_expected.to contain_glance_api_config('DEFAULT/key_file').with_ensure('absent')
end
it 'is_expected.to lay down default auth config' do
[
'auth_host',
'auth_port',
'auth_protocol'
].each do |config|
should contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
is_expected.to contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
end
end
it { should contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') }
it { is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') }
it 'should configure itself for keystone if that is the auth_type' do
it 'is_expected.to configure itself for keystone if that is the auth_type' do
if params[:auth_type] == 'keystone'
should contain('paste_deploy/flavor').with_value('keystone+cachemanagement')
is_expected.to contain('paste_deploy/flavor').with_value('keystone+cachemanagement')
['admin_tenant_name', 'admin_user', 'admin_password'].each do |config|
should contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
is_expected.to contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
end
is_expected.to contain_glance_api_config('keystone_authtoken/admin_password').with_value(param_hash[:keystone_password]).with_secret(true)
['admin_tenant_name', 'admin_user', 'admin_password'].each do |config|
should contain_glance_cache_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
is_expected.to contain_glance_cache_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
end
is_expected.to contain_glance_cache_config('keystone_authtoken/admin_password').with_value(param_hash[:keystone_password]).with_secret(true)
end
end
end
end
describe 'with disabled service managing' do
let :params do
{
:keystone_password => 'ChangeMe',
:manage_service => false,
:enabled => false,
}
end
it { is_expected.to contain_service('glance-api').with(
'ensure' => nil,
'enable' => false,
'hasstatus' => true,
'hasrestart' => true
) }
end
describe 'with overridden pipeline' do
let :params do
{
:keystone_password => 'ChangeMe',
:pipeline => 'keystone',
:pipeline => 'something',
}
end
it { should contain_glance_api_config('paste_deploy/flavor').with_value('keystone') }
it { is_expected.to contain_glance_api_config('paste_deploy/flavor').with_value('something') }
end
describe 'with blank pipeline' do
@ -165,7 +206,7 @@ describe 'glance::api' do
}
end
it { should contain_glance_api_config('paste_deploy/flavor').with_ensure('absent') }
it { is_expected.to contain_glance_api_config('paste_deploy/flavor').with_ensure('absent') }
end
[
@ -183,7 +224,7 @@ describe 'glance::api' do
}
end
it { expect { should contain_glance_api_config('filter:paste_deploy/flavor') }.to\
it { expect { is_expected.to contain_glance_api_config('filter:paste_deploy/flavor') }.to\
raise_error(Puppet::Error, /validate_re\(\): .* does not match/) }
end
end
@ -196,7 +237,7 @@ describe 'glance::api' do
}
end
it { should contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
it { is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
end
[
@ -215,7 +256,7 @@ describe 'glance::api' do
}
end
it { expect { should contain_glance_api_config('filter:authtoken/auth_admin_prefix') }.to\
it { expect { is_expected.to contain_glance_api_config('filter:authtoken/auth_admin_prefix') }.to\
raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
end
end
@ -225,8 +266,8 @@ describe 'glance::api' do
default_params
end
it { should contain_glance_api_config('DEFAULT/use_syslog').with_value(false) }
it { should_not contain_glance_api_config('DEFAULT/syslog_log_facility') }
it { is_expected.to contain_glance_api_config('DEFAULT/use_syslog').with_value(false) }
it { is_expected.to_not contain_glance_api_config('DEFAULT/syslog_log_facility') }
end
describe 'with syslog enabled' do
@ -236,8 +277,8 @@ describe 'glance::api' do
})
end
it { should contain_glance_api_config('DEFAULT/use_syslog').with_value(true) }
it { should contain_glance_api_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') }
it { is_expected.to contain_glance_api_config('DEFAULT/use_syslog').with_value(true) }
it { is_expected.to contain_glance_api_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') }
end
describe 'with syslog enabled and custom settings' do
@ -248,29 +289,29 @@ describe 'glance::api' do
})
end
it { should contain_glance_api_config('DEFAULT/use_syslog').with_value(true) }
it { should contain_glance_api_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') }
it { is_expected.to contain_glance_api_config('DEFAULT/use_syslog').with_value(true) }
it { is_expected.to contain_glance_api_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') }
end
describe 'with log_file enabled by default' do
let(:params) { default_params }
it { should contain_glance_api_config('DEFAULT/log_file').with_value(default_params[:log_file]) }
it { is_expected.to contain_glance_api_config('DEFAULT/log_file').with_value(default_params[:log_file]) }
context 'with log_file disabled' do
let(:params) { default_params.merge!({ :log_file => false }) }
it { should contain_glance_api_config('DEFAULT/log_file').with_ensure('absent') }
it { is_expected.to contain_glance_api_config('DEFAULT/log_file').with_ensure('absent') }
end
end
describe 'with log_dir enabled by default' do
let(:params) { default_params }
it { should contain_glance_api_config('DEFAULT/log_dir').with_value(default_params[:log_dir]) }
it { is_expected.to contain_glance_api_config('DEFAULT/log_dir').with_value(default_params[:log_dir]) }
context 'with log_dir disabled' do
let(:params) { default_params.merge!({ :log_dir => false }) }
it { should contain_glance_api_config('DEFAULT/log_dir').with_ensure('absent') }
it { is_expected.to contain_glance_api_config('DEFAULT/log_dir').with_ensure('absent') }
end
end
@ -284,9 +325,9 @@ describe 'glance::api' do
end
context 'with ssl options' do
it { should contain_glance_api_config('DEFAULT/ca_file').with_value('/tmp/ca_file') }
it { should contain_glance_api_config('DEFAULT/cert_file').with_value('/tmp/cert_file') }
it { should contain_glance_api_config('DEFAULT/key_file').with_value('/tmp/key_file') }
it { is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_value('/tmp/ca_file') }
it { is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_value('/tmp/cert_file') }
it { is_expected.to contain_glance_api_config('DEFAULT/key_file').with_value('/tmp/key_file') }
end
end
describe 'with known_stores by default' do
@ -294,7 +335,7 @@ describe 'glance::api' do
default_params
end
it { should_not contain_glance_api_config('glance_store/stores').with_value('false') }
it { is_expected.to_not contain_glance_api_config('glance_store/stores').with_value('false') }
end
describe 'with known_stores override' do
@ -304,16 +345,106 @@ describe 'glance::api' do
})
end
it { should contain_glance_api_config('glance_store/stores').with_value("glance.store.filesystem.Store,glance.store.http.Store") }
it { is_expected.to contain_glance_api_config('glance_store/stores').with_value("glance.store.filesystem.Store,glance.store.http.Store") }
end
describe 'while validating the service with default command' do
let :params do
default_params.merge({
:validate => true,
})
end
it { is_expected.to contain_exec('execute glance-api validation').with(
:path => '/usr/bin:/bin:/usr/sbin:/sbin',
:provider => 'shell',
:tries => '10',
:try_sleep => '2',
:command => 'glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name services --os-username glance --os-password ChangeMe image-list',
)}
it { is_expected.to contain_anchor('create glance-api anchor').with(
:require => 'Exec[execute glance-api validation]',
)}
end
describe 'while validating the service with custom command' do
let :params do
default_params.merge({
:validate => true,
:validation_options => { 'glance-api' => { 'command' => 'my-script' } }
})
end
it { is_expected.to contain_exec('execute glance-api validation').with(
:path => '/usr/bin:/bin:/usr/sbin:/sbin',
:provider => 'shell',
:tries => '10',
:try_sleep => '2',
:command => 'my-script',
)}
it { is_expected.to contain_anchor('create glance-api anchor').with(
:require => 'Exec[execute glance-api validation]',
)}
end
describe 'with identity and auth settings' do
let :params do
{
:keystone_password => 'ChangeMe',
}
end
context 'with custom keystone identity_uri' do
let :params do
default_params.merge!({
:identity_uri => 'https://foo.bar:1234/',
})
end
it 'configures identity_uri' do
is_expected.to contain_glance_api_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/");
# since only identity_uri is set the deprecated auth parameters is_expected.to
# still get set in case they are still in use
is_expected.to contain_glance_api_config('keystone_authtoken/auth_host').with_value('127.0.0.1');
is_expected.to contain_glance_api_config('keystone_authtoken/auth_port').with_value('35357');
is_expected.to contain_glance_api_config('keystone_authtoken/auth_protocol').with_value('http');
end
end
context 'with custom keystone identity_uri and auth_uri' do
let :params do
default_params.merge!({
:identity_uri => 'https://foo.bar:35357/',
:auth_uri => 'https://foo.bar:5000/v2.0/',
})
end
it 'configures identity_uri' do
is_expected.to contain_glance_api_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
is_expected.to contain_glance_api_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/");
is_expected.to contain_glance_api_config('keystone_authtoken/auth_host').with_ensure('absent')
is_expected.to contain_glance_api_config('keystone_authtoken/auth_port').with_ensure('absent')
is_expected.to contain_glance_api_config('keystone_authtoken/auth_protocol').with_ensure('absent')
is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
end
end
end
describe 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
let(:params) { default_params }
it {should contain_package('glance-api')}
# We only test this on Debian platforms, since on RedHat there isn't a
# separate package for glance API.
['present', 'latest'].each do |package_ensure|
context "with package_ensure '#{package_ensure}'" do
let(:params) { default_params.merge({ :package_ensure => package_ensure }) }
it { is_expected.to contain_package('glance-api').with(
:ensure => package_ensure,
:tag => ['openstack']
)}
end
end
end
describe 'on RedHat platforms' do
@ -322,7 +453,9 @@ describe 'glance::api' do
end
let(:params) { default_params }
it { should contain_package('openstack-glance')}
it { is_expected.to contain_package('openstack-glance').with(
:tag => ['openstack'],
)}
end
describe 'on unknown platforms' do
@ -331,9 +464,7 @@ describe 'glance::api' do
end
let(:params) { default_params }
it 'should fails to configure glance-api' do
expect { subject }.to raise_error(Puppet::Error, /module glance only support osfamily RedHat and Debian/)
end
it_raises 'a Puppet::Error', /module glance only support osfamily RedHat and Debian/
end
end

49
deployment/puppet/glance/spec/classes/glance_backend_cinder_spec.rb
View File

@ -31,21 +31,19 @@ describe 'glance::backend::cinder' do
context 'when default parameters' do
it 'configures glance-api.conf' do
should contain_glance_api_config('glance_store/default_store').with_value('cinder')
should contain_glance_api_config('glance_store/cinder_api_insecure').with_value(false)
should contain_glance_api_config('glance_store/cinder_catalog_info').with_value('volume:cinder:publicURL')
should contain_glance_api_config('glance_store/os_region_name').with_value('RegionOne')
should contain_glance_api_config('glance_store/cinder_http_retries').with_value('3')
should contain_glance_api_config('glance_store/cinder_ca_certificates_file').with(:ensure => 'absent')
should contain_glance_api_config('glance_store/cinder_endpoint_template').with(:ensure => 'absent')
is_expected.to contain_glance_api_config('glance_store/default_store').with_value('cinder')
is_expected.to contain_glance_api_config('DEFAULT/cinder_api_insecure').with_value(false)
is_expected.to contain_glance_api_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:publicURL')
is_expected.to contain_glance_api_config('DEFAULT/cinder_http_retries').with_value('3')
is_expected.to contain_glance_api_config('DEFAULT/cinder_ca_certificates_file').with(:ensure => 'absent')
is_expected.to contain_glance_api_config('DEFAULT/cinder_endpoint_template').with(:ensure => 'absent')
end
it 'configures glance-cache.conf' do
should contain_glance_cache_config('DEFAULT/cinder_api_insecure').with_value(false)
should contain_glance_cache_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:publicURL')
should contain_glance_cache_config('DEFAULT/os_region_name').with_value('RegionOne')
should contain_glance_cache_config('DEFAULT/cinder_http_retries').with_value('3')
should contain_glance_cache_config('DEFAULT/cinder_ca_certificates_file').with(:ensure => 'absent')
should contain_glance_cache_config('DEFAULT/cinder_endpoint_template').with(:ensure => 'absent')
is_expected.to contain_glance_cache_config('DEFAULT/cinder_api_insecure').with_value(false)
is_expected.to contain_glance_cache_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:publicURL')
is_expected.to contain_glance_cache_config('DEFAULT/cinder_http_retries').with_value('3')
is_expected.to contain_glance_cache_config('DEFAULT/cinder_ca_certificates_file').with(:ensure => 'absent')
is_expected.to contain_glance_cache_config('DEFAULT/cinder_endpoint_template').with(:ensure => 'absent')
end
end
@ -57,25 +55,22 @@ describe 'glance::backend::cinder' do
:cinder_catalog_info => 'volume:cinder:internalURL',
:cinder_endpoint_template => 'http://srv-foo:8776/v1/%(project_id)s',
:cinder_http_retries => '10',
:os_region_name => 'foo'
}
end
it 'configures glance-api.conf' do
should contain_glance_api_config('glance_store/default_store').with_value('cinder')
should contain_glance_api_config('glance_store/cinder_api_insecure').with_value(true)
should contain_glance_api_config('glance_store/cinder_ca_certificates_file').with_value('/etc/ssh/ca.crt')
should contain_glance_api_config('glance_store/cinder_catalog_info').with_value('volume:cinder:internalURL')
should contain_glance_api_config('glance_store/cinder_endpoint_template').with_value('http://srv-foo:8776/v1/%(project_id)s')
should contain_glance_api_config('glance_store/cinder_http_retries').with_value('10')
should contain_glance_api_config('glance_store/os_region_name').with_value('foo')
is_expected.to contain_glance_api_config('glance_store/default_store').with_value('cinder')
is_expected.to contain_glance_api_config('DEFAULT/cinder_api_insecure').with_value(true)
is_expected.to contain_glance_api_config('DEFAULT/cinder_ca_certificates_file').with_value('/etc/ssh/ca.crt')
is_expected.to contain_glance_api_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:internalURL')
is_expected.to contain_glance_api_config('DEFAULT/cinder_endpoint_template').with_value('http://srv-foo:8776/v1/%(project_id)s')
is_expected.to contain_glance_api_config('DEFAULT/cinder_http_retries').with_value('10')
end
it 'configures glance-cache.conf' do
should contain_glance_cache_config('DEFAULT/cinder_api_insecure').with_value(true)
should contain_glance_cache_config('DEFAULT/cinder_ca_certificates_file').with_value('/etc/ssh/ca.crt')
should contain_glance_cache_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:internalURL')
should contain_glance_cache_config('DEFAULT/cinder_endpoint_template').with_value('http://srv-foo:8776/v1/%(project_id)s')
should contain_glance_cache_config('DEFAULT/cinder_http_retries').with_value('10')
should contain_glance_cache_config('DEFAULT/os_region_name').with_value('foo')
is_expected.to contain_glance_cache_config('DEFAULT/cinder_api_insecure').with_value(true)
is_expected.to contain_glance_cache_config('DEFAULT/cinder_ca_certificates_file').with_value('/etc/ssh/ca.crt')
is_expected.to contain_glance_cache_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:internalURL')
is_expected.to contain_glance_cache_config('DEFAULT/cinder_endpoint_template').with_value('http://srv-foo:8776/v1/%(project_id)s')
is_expected.to contain_glance_cache_config('DEFAULT/cinder_http_retries').with_value('10')
end
end

10
deployment/puppet/glance/spec/classes/glance_backend_file_spec.rb
View File

@ -10,12 +10,12 @@ describe 'glance::backend::file' do
end
it 'configures glance-api.conf' do
should contain_glance_api_config('glance_store/default_store').with_value('file')
should contain_glance_api_config('glance_store/filesystem_store_datadir').with_value('/var/lib/glance/images/')
is_expected.to contain_glance_api_config('glance_store/default_store').with_value('file')
is_expected.to contain_glance_api_config('glance_store/filesystem_store_datadir').with_value('/var/lib/glance/images/')
end
it 'configures glance-cache.conf' do
should contain_glance_cache_config('DEFAULT/filesystem_store_datadir').with_value('/var/lib/glance/images/')
is_expected.to contain_glance_cache_config('glance_store/filesystem_store_datadir').with_value('/var/lib/glance/images/')
end
describe 'when overriding datadir' do
@ -24,11 +24,11 @@ describe 'glance::backend::file' do
end
it 'configures glance-api.conf' do
should contain_glance_api_config('glance_store/filesystem_store_datadir').with_value('/tmp/')
is_expected.to contain_glance_api_config('glance_store/filesystem_store_datadir').with_value('/tmp/')
end
it 'configures glance-cache.conf' do
should contain_glance_cache_config('DEFAULT/filesystem_store_datadir').with_value('/tmp/')
is_expected.to contain_glance_cache_config('glance_store/filesystem_store_datadir').with_value('/tmp/')
end
end
end

47
deployment/puppet/glance/spec/classes/glance_backend_rbd_spec.rb
View File

@ -14,12 +14,12 @@ describe 'glance::backend::rbd' do
}
end
it { should contain_glance_api_config('glance_store/default_store').with_value('rbd') }
it { should contain_glance_api_config('glance_store/rbd_store_pool').with_value('images') }
it { should contain_glance_api_config('glance_store/rbd_store_ceph_conf').with_value('/etc/ceph/ceph.conf') }
it { should contain_glance_api_config('glance_store/rbd_store_chunk_size').with_value('8') }
it { is_expected.to contain_glance_api_config('glance_store/default_store').with_value('rbd') }
it { is_expected.to contain_glance_api_config('glance_store/rbd_store_pool').with_value('images') }
it { is_expected.to contain_glance_api_config('glance_store/rbd_store_ceph_conf').with_value('/etc/ceph/ceph.conf') }
it { is_expected.to contain_glance_api_config('glance_store/rbd_store_chunk_size').with_value('8') }
it { should contain_package('python-ceph').with(
it { is_expected.to contain_package('python-ceph').with(
:name => 'python-ceph',
:ensure => 'present'
)
@ -31,9 +31,42 @@ describe 'glance::backend::rbd' do
{
:rbd_store_user => 'user',
:rbd_store_chunk_size => '2',
:package_ensure => 'latest',
}
end
it { should contain_glance_api_config('glance_store/rbd_store_user').with_value('user') }
it { should contain_glance_api_config('glance_store/rbd_store_chunk_size').with_value('2') }
it { is_expected.to contain_glance_api_config('glance_store/rbd_store_user').with_value('user') }
it { is_expected.to contain_glance_api_config('glance_store/rbd_store_chunk_size').with_value('2') }
it { is_expected.to contain_package('python-ceph').with(
:name => 'python-ceph',
:ensure => 'latest'
)
}
end
describe 'package on RedHat platform el6' do
let :facts do
{
:osfamily => 'RedHat',
:operatingsystemrelease => '6.5',
}
end
it { is_expected.to contain_package('python-ceph').with(
:name => 'python-ceph',
:ensure => 'present'
)
}
end
describe 'package on RedHat platform el7' do
let :facts do
{
:osfamily => 'RedHat',
:operatingsystemrelease => '7.0'
}
end
it { is_expected.to contain_package('python-ceph').with(
:name => 'python-rbd',
:ensure => 'present'
)
}
end
end

55
deployment/puppet/glance/spec/classes/glance_backend_swift_spec.rb
View File

@ -21,24 +21,25 @@ describe 'glance::backend::swift' do
describe 'when default parameters' do
it 'configures glance-api.conf' do
should contain_glance_api_config('glance_store/default_store').with_value('swift')
should contain_glance_api_config('glance_store/swift_store_key').with_value('key')
should contain_glance_api_config('glance_store/swift_store_user').with_value('user')
should contain_glance_api_config('glance_store/swift_store_auth_version').with_value('2')
should contain_glance_api_config('glance_store/swift_store_large_object_size').with_value('5120')
should contain_glance_api_config('glance_store/swift_store_auth_address').with_value('127.0.0.1:5000/v2.0/')
should contain_glance_api_config('glance_store/swift_store_container').with_value('glance')
should contain_glance_api_config('glance_store/swift_store_create_container_on_put').with_value(false)
is_expected.to contain_glance_api_config('glance_store/default_store').with_value('swift')
is_expected.to contain_glance_api_config('glance_store/swift_store_key').with_value('key')
is_expected.to contain_glance_api_config('glance_store/swift_store_user').with_value('user')
is_expected.to contain_glance_api_config('DEFAULT/swift_store_auth_version').with_value('2')
is_expected.to contain_glance_api_config('DEFAULT/swift_store_large_object_size').with_value('5120')
is_expected.to contain_glance_api_config('glance_store/swift_store_auth_address').with_value('127.0.0.1:5000/v2.0/')
is_expected.to contain_glance_api_config('DEFAULT/swift_store_container').with_value('glance')
is_expected.to contain_glance_api_config('DEFAULT/swift_store_create_container_on_put').with_value(false)
is_expected.to contain_glance_api_config('glance_store/swift_store_endpoint_type').with_value('internalURL')
end
it 'configures glance-cache.conf' do
should contain_glance_cache_config('DEFAULT/swift_store_key').with_value('key')
should contain_glance_cache_config('DEFAULT/swift_store_user').with_value('user')
should contain_glance_cache_config('DEFAULT/swift_store_auth_version').with_value('2')
should contain_glance_cache_config('DEFAULT/swift_store_large_object_size').with_value('5120')
should contain_glance_cache_config('DEFAULT/swift_store_auth_address').with_value('127.0.0.1:5000/v2.0/')
should contain_glance_cache_config('DEFAULT/swift_store_container').with_value('glance')
should contain_glance_cache_config('DEFAULT/swift_store_create_container_on_put').with_value(false)
is_expected.to contain_glance_cache_config('glance_store/swift_store_key').with_value('key')
is_expected.to contain_glance_cache_config('glance_store/swift_store_user').with_value('user')
is_expected.to contain_glance_cache_config('DEFAULT/swift_store_auth_version').with_value('2')
is_expected.to contain_glance_cache_config('DEFAULT/swift_store_large_object_size').with_value('5120')
is_expected.to contain_glance_cache_config('glance_store/swift_store_auth_address').with_value('127.0.0.1:5000/v2.0/')
is_expected.to contain_glance_cache_config('DEFAULT/swift_store_container').with_value('glance')
is_expected.to contain_glance_cache_config('DEFAULT/swift_store_create_container_on_put').with_value(false)
end
end
@ -51,24 +52,26 @@ describe 'glance::backend::swift' do
:swift_store_large_object_size => '100',
:swift_store_auth_address => '127.0.0.2:8080/v1.0/',
:swift_store_container => 'swift',
:swift_store_create_container_on_put => true
:swift_store_create_container_on_put => true,
:swift_store_endpoint_type => 'publicURL'
}
end
it 'configures glance-api.conf' do
should contain_glance_api_config('glance_store/swift_store_container').with_value('swift')
should contain_glance_api_config('glance_store/swift_store_create_container_on_put').with_value(true)
should contain_glance_api_config('glance_store/swift_store_auth_version').with_value('1')
should contain_glance_api_config('glance_store/swift_store_large_object_size').with_value('100')
should contain_glance_api_config('glance_store/swift_store_auth_address').with_value('127.0.0.2:8080/v1.0/')
is_expected.to contain_glance_api_config('DEFAULT/swift_store_container').with_value('swift')
is_expected.to contain_glance_api_config('DEFAULT/swift_store_create_container_on_put').with_value(true)
is_expected.to contain_glance_api_config('DEFAULT/swift_store_auth_version').with_value('1')
is_expected.to contain_glance_api_config('DEFAULT/swift_store_large_object_size').with_value('100')
is_expected.to contain_glance_api_config('glance_store/swift_store_auth_address').with_value('127.0.0.2:8080/v1.0/')
is_expected.to contain_glance_api_config('glance_store/swift_store_endpoint_type').with_value('publicURL')
end
it 'configures glance-cache.conf' do
should contain_glance_cache_config('DEFAULT/swift_store_container').with_value('swift')
should contain_glance_cache_config('DEFAULT/swift_store_create_container_on_put').with_value(true)
should contain_glance_cache_config('DEFAULT/swift_store_auth_version').with_value('1')
should contain_glance_cache_config('DEFAULT/swift_store_large_object_size').with_value('100')
should contain_glance_cache_config('DEFAULT/swift_store_auth_address').with_value('127.0.0.2:8080/v1.0/')
is_expected.to contain_glance_cache_config('DEFAULT/swift_store_container').with_value('swift')
is_expected.to contain_glance_cache_config('DEFAULT/swift_store_create_container_on_put').with_value(true)
is_expected.to contain_glance_cache_config('DEFAULT/swift_store_auth_version').with_value('1')
is_expected.to contain_glance_cache_config('DEFAULT/swift_store_large_object_size').with_value('100')
is_expected.to contain_glance_cache_config('glance_store/swift_store_auth_address').with_value('127.0.0.2:8080/v1.0/')
end
end
end

122
deployment/puppet/glance/spec/classes/glance_backend_vsphere_spec.rb
View File

@ -1,62 +1,94 @@
#
# Copyright (C) 2014 Mirantis
#
# Author: Steapn Rogov <srogov@mirantis.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for glance::backend::vsphere class
#
require 'spec_helper'
describe 'glance::backend::vsphere' do
let :facts do
{
:osfamily => 'Debian'
}
end
let :params do
{
:vcenter_host => '10.0.0.1',
:vcenter_user => 'root',
:vcenter_password => '123456',
:vcenter_datacenter => 'Datacenter',
:vcenter_datastore => 'Datastore',
:vcenter_image_dir => '/openstack_glance',
}
end
let :pre_condition do
'class { "glance::api": keystone_password => "pass" }'
end
describe 'when default parameters' do
shared_examples_for 'glance with vsphere backend' do
it 'configures glance-api.conf' do
should contain_glance_api_config('glance_store/default_store').with_value('vsphere')
should contain_glance_api_config('glance_store/vmware_api_insecure').with_value('False')
should contain_glance_api_config('glance_store/vmware_server_host').with_value('10.0.0.1')
should contain_glance_api_config('glance_store/vmware_server_username').with_value('root')
should contain_glance_api_config('glance_store/vmware_server_password').with_value('123456')
should contain_glance_api_config('glance_store/vmware_datastore_name').with_value('Datastore')
should contain_glance_api_config('glance_store/vmware_store_image_dir').with_value('/openstack_glance')
should contain_glance_api_config('glance_store/vmware_task_poll_interval').with_value('5')
should contain_glance_api_config('glance_store/vmware_api_retry_count').with_value('10')
should contain_glance_api_config('glance_store/vmware_datacenter_path').with_value('Datacenter')
context 'when default parameters' do
let :params do
{
:vcenter_host => '10.0.0.1',
:vcenter_user => 'root',
:vcenter_password => '123456',
:vcenter_datacenter => 'Datacenter',
:vcenter_datastore => 'Datastore',
:vcenter_image_dir => '/openstack_glance',
}
end
it 'configures glance-api.conf' do
is_expected.to contain_glance_api_config('DEFAULT/default_store').with_value('vsphere')
is_expected.to contain_glance_api_config('DEFAULT/vmware_api_insecure').with_value('False')
is_expected.to contain_glance_api_config('DEFAULT/vmware_server_host').with_value('10.0.0.1')
is_expected.to contain_glance_api_config('DEFAULT/vmware_server_username').with_value('root')
is_expected.to contain_glance_api_config('DEFAULT/vmware_server_password').with_value('123456')
is_expected.to contain_glance_api_config('DEFAULT/vmware_datastore_name').with_value('Datastore')
is_expected.to contain_glance_api_config('DEFAULT/vmware_store_image_dir').with_value('/openstack_glance')
is_expected.to contain_glance_api_config('DEFAULT/vmware_task_poll_interval').with_value('5')
is_expected.to contain_glance_api_config('DEFAULT/vmware_api_retry_count').with_value('10')
is_expected.to contain_glance_api_config('DEFAULT/vmware_datacenter_path').with_value('Datacenter')
end
end
context 'when overriding parameters' do
let :params do
{
:vcenter_host => '10.0.0.1',
:vcenter_user => 'root',
:vcenter_password => '123456',
:vcenter_datacenter => 'Datacenter',
:vcenter_datastore => 'Datastore',
:vcenter_image_dir => '/openstack_glance',
:vcenter_api_insecure => 'True',
:vcenter_task_poll_interval => '6',
:vcenter_api_retry_count => '11',
}
end
it 'configures glance-api.conf' do
is_expected.to contain_glance_api_config('DEFAULT/vmware_api_insecure').with_value('True')
is_expected.to contain_glance_api_config('DEFAULT/vmware_task_poll_interval').with_value('6')
is_expected.to contain_glance_api_config('DEFAULT/vmware_api_retry_count').with_value('11')
end
end
end
describe 'when overriding parameters' do
let :params do
{
:vcenter_host => '10.0.0.1',
:vcenter_user => 'root',
:vcenter_password => '123456',
:vcenter_datacenter => 'Datacenter',
:vcenter_datastore => 'Datastore',
:vcenter_image_dir => '/openstack_glance',
:vcenter_api_insecure => 'True',
:vcenter_task_poll_interval => '6',
:vcenter_api_retry_count => '11',
}
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
it 'configures glance-api.conf' do
should contain_glance_api_config('glance_store/vmware_api_insecure').with_value('True')
should contain_glance_api_config('glance_store/vmware_task_poll_interval').with_value('6')
should contain_glance_api_config('glance_store/vmware_api_retry_count').with_value('11')
it_configures 'glance with vsphere backend'
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'glance with vsphere backend'
end
end

70
deployment/puppet/glance/spec/classes/glance_cache_cleaner_spec.rb
View File

@ -2,20 +2,64 @@ require 'spec_helper'
describe 'glance::cache::cleaner' do
let :facts do
{ :osfamily => 'Debian' }
shared_examples_for 'glance cache cleaner' do
context 'when default parameters' do
it 'configures a cron' do
is_expected.to contain_cron('glance-cache-cleaner').with(
:command => 'glance-cache-cleaner ',
:environment => 'PATH=/bin:/usr/bin:/usr/sbin',
:user => 'glance',
:minute => 1,
:hour => 0,
:monthday => '*',
:month => '*',
:weekday => '*'
)
end
end
context 'when overriding parameters' do
let :params do
{
:minute => 59,
:hour => 23,
:monthday => '1',
:month => '2',
:weekday => '3',
:command_options => '--config-dir /etc/glance/',
}
end
it 'configures a cron' do
is_expected.to contain_cron('glance-cache-cleaner').with(
:command => 'glance-cache-cleaner --config-dir /etc/glance/',
:environment => 'PATH=/bin:/usr/bin:/usr/sbin',
:user => 'glance',
:minute => 59,
:hour => 23,
:monthday => '1',
:month => '2',
:weekday => '3'
)
end
end
end
it 'configures a cron' do
should contain_cron('glance-cache-cleaner').with(
:command => 'glance-cache-cleaner',
:environment => 'PATH=/bin:/usr/bin:/usr/sbin',
:user => 'glance',
:minute => 1,
:hour => 0,
:monthday => '*',
:month => '*',
:weekday => '*'
)
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
include_examples 'glance cache cleaner'
it { is_expected.to contain_cron('glance-cache-cleaner').with(:require => 'Package[glance-api]')}
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
include_examples 'glance cache cleaner'
it { is_expected.to contain_cron('glance-cache-cleaner').with(:require => 'Package[openstack-glance]')}
end
end

70
deployment/puppet/glance/spec/classes/glance_cache_pruner_spec.rb
View File

@ -2,20 +2,64 @@ require 'spec_helper'
describe 'glance::cache::pruner' do
let :facts do
{ :osfamily => 'Debian' }
shared_examples_for 'glance cache pruner' do
context 'when default parameters' do
it 'configures a cron' do
is_expected.to contain_cron('glance-cache-pruner').with(
:command => 'glance-cache-pruner ',
:environment => 'PATH=/bin:/usr/bin:/usr/sbin',
:user => 'glance',
:minute => '*/30',
:hour => '*',
:monthday => '*',
:month => '*',
:weekday => '*'
)
end
end
context 'when overriding parameters' do
let :params do
{
:minute => 59,
:hour => 23,
:monthday => '1',
:month => '2',
:weekday => '3',
:command_options => '--config-dir /etc/glance/',
}
end
it 'configures a cron' do
is_expected.to contain_cron('glance-cache-pruner').with(
:command => 'glance-cache-pruner --config-dir /etc/glance/',
:environment => 'PATH=/bin:/usr/bin:/usr/sbin',
:user => 'glance',
:minute => 59,
:hour => 23,
:monthday => '1',
:month => '2',
:weekday => '3'
)
end
end
end
it 'configures a cron' do
should contain_cron('glance-cache-pruner').with(
:command => 'glance-cache-pruner',
:environment => 'PATH=/bin:/usr/bin:/usr/sbin',
:user => 'glance',
:minute => '*/30',
:hour => '*',
:monthday => '*',
:month => '*',
:weekday => '*'
)
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
include_examples 'glance cache pruner'
it { is_expected.to contain_cron('glance-cache-pruner').with(:require => 'Package[glance-api]')}
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
include_examples 'glance cache pruner'
it { is_expected.to contain_cron('glance-cache-pruner').with(:require => 'Package[openstack-glance]')}
end
end

7
deployment/puppet/glance/spec/classes/glance_client_spec.rb
View File

@ -3,10 +3,11 @@ require 'spec_helper'
describe 'glance::client' do
shared_examples 'glance client' do
it { should contain_class('glance::params') }
it { should contain_package('python-glanceclient').with(
it { is_expected.to contain_class('glance::params') }
it { is_expected.to contain_package('python-glanceclient').with(
:name => 'python-glanceclient',
:ensure => 'present'
:ensure => 'present',
:tag => ['openstack'],
)
}
end

39
deployment/puppet/glance/spec/classes/glance_db_mysql_spec.rb
View File

@ -15,16 +15,13 @@ describe 'glance::db::mysql' do
let :params do
{
:password => 'glancepass1',
:mysql_module => '0.9'
}
end
it { should contain_class('mysql::python') }
it { should contain_mysql__db('glance').with(
:password => 'glancepass1',
:require => 'Class[Mysql::Config]',
:charset => 'utf8'
it { is_expected.to contain_openstacklib__db__mysql('glance').with(
:password_hash => '*41C910F70EB213CF4CB7B2F561B4995503C0A87B',
:charset => 'utf8',
:collate => 'utf8_general_ci',
)}
end
@ -38,9 +35,10 @@ describe 'glance::db::mysql' do
}
end
it { should contain_mysql__db('glancedb2').with(
:password => 'glancepass2',
:charset => 'utf8'
it { is_expected.to contain_openstacklib__db__mysql('glance').with(
:password_hash => '*6F9A1CB9BD83EE06F3903BDFF9F4188764E694CA',
:dbname => 'glancedb2',
:charset => 'utf8'
)}
end
@ -54,17 +52,6 @@ describe 'glance::db::mysql' do
}
end
it {should_not contain_glance__db__mysql__host_access("127.0.0.1").with(
:user => 'glance',
:password => 'glancepass2',
:database => 'glancedb2'
)}
it {should contain_glance__db__mysql__host_access("%").with(
:user => 'glance',
:password => 'glancepass2',
:database => 'glancedb2'
)}
end
describe "overriding allowed_hosts param to string" do
@ -76,11 +63,6 @@ describe 'glance::db::mysql' do
}
end
it {should contain_glance__db__mysql__host_access("192.168.1.1").with(
:user => 'glance',
:password => 'glancepass2',
:database => 'glancedb2'
)}
end
describe "overriding allowed_hosts param equals to host param " do
@ -92,11 +74,6 @@ describe 'glance::db::mysql' do
}
end
it {should_not contain_glance__db__mysql__host_access("127.0.0.1").with(
:user => 'glance',
:password => 'glancepass2',
:database => 'glancedb2'
)}
end
end

58
deployment/puppet/glance/spec/classes/glance_db_postgresql_spec.rb
View File

@ -3,24 +3,56 @@ require 'spec_helper'
describe 'glance::db::postgresql' do
let :req_params do
{:password => 'pw'}
{ :password => 'pw' }
end
let :facts do
{
:postgres_default_version => '8.4',
:osfamily => 'RedHat',
}
let :pre_condition do
'include postgresql::server'
end
describe 'with only required params' do
let :params do
req_params
context 'on a RedHat osfamily' do
let :facts do
{
:osfamily => 'RedHat',
:operatingsystemrelease => '7.0',
:concat_basedir => '/var/lib/puppet/concat'
}
end
it { should contain_postgresql__db('glance').with(
:user => 'glance',
:password => 'pw'
) }
context 'with only required parameters' do
let :params do
req_params
end
it { is_expected.to contain_postgresql__server__db('glance').with(
:user => 'glance',
:password => 'md56c7c03b193c2c1e0667bc5bd891703db'
)}
end
end
context 'on a Debian osfamily' do
let :facts do
{
:operatingsystemrelease => '7.8',
:operatingsystem => 'Debian',
:osfamily => 'Debian',
:concat_basedir => '/var/lib/puppet/concat'
}
end
context 'with only required parameters' do
let :params do
req_params
end
it { is_expected.to contain_postgresql__server__db('glance').with(
:user => 'glance',
:password => 'md56c7c03b193c2c1e0667bc5bd891703db'
)}
end
end
end

103
deployment/puppet/glance/spec/classes/glance_keystone_auth_spec.rb
View File

@ -8,23 +8,23 @@ describe 'glance::keystone::auth' do
{:password => 'pass'}
end
it { should contain_keystone_user('glance').with(
it { is_expected.to contain_keystone_user('glance').with(
:ensure => 'present',
:password => 'pass'
)}
it { should contain_keystone_user_role('glance@services').with(
it { is_expected.to contain_keystone_user_role('glance@services').with(
:ensure => 'present',
:roles => 'admin'
:roles => ['admin']
) }
it { should contain_keystone_service('glance').with(
it { is_expected.to contain_keystone_service('glance').with(
:ensure => 'present',
:type => 'image',
:description => 'Openstack Image Service'
:description => 'OpenStack Image Service'
) }
it { should contain_keystone_endpoint('RegionOne/glance').with(
it { is_expected.to contain_keystone_endpoint('RegionOne/glance').with(
:ensure => 'present',
:public_url => 'http://127.0.0.1:9292',
:admin_url => 'http://127.0.0.1:9292',
@ -43,25 +43,42 @@ describe 'glance::keystone::auth' do
}
end
it { should contain_keystone_user('glancey').with(
it { is_expected.to contain_keystone_user('glancey').with(
:ensure => 'present',
:password => 'password'
)}
it { should contain_keystone_user_role('glancey@services').with(
it { is_expected.to contain_keystone_user_role('glancey@services').with(
:ensure => 'present',
:roles => 'admin'
:roles => ['admin']
) }
it { should contain_keystone_service('glancey').with(
it { is_expected.to contain_keystone_service('glancey').with(
:ensure => 'present',
:type => 'imagey',
:description => 'Openstack Image Service'
:description => 'OpenStack Image Service'
) }
end
describe 'when address, region, port and protocoll are overridden' do
describe 'when overriding endpoint URLs' do
let :params do
{ :password => 'passw0rd',
:region => 'RegionTwo',
:public_url => 'https://10.10.10.10:81/v2',
:internal_url => 'https://10.10.10.11:81/v2',
:admin_url => 'https://10.10.10.12:81/v2' }
end
it { is_expected.to contain_keystone_endpoint('RegionTwo/glance').with(
:ensure => 'present',
:public_url => 'https://10.10.10.10:81/v2',
:internal_url => 'https://10.10.10.11:81/v2',
:admin_url => 'https://10.10.10.12:81/v2'
) }
end
describe 'with deprecated endpoints parameters' do
let :params do
{
@ -77,7 +94,7 @@ describe 'glance::keystone::auth' do
}
end
it { should contain_keystone_endpoint('RegionTwo/glance').with(
it { is_expected.to contain_keystone_endpoint('RegionTwo/glance').with(
:ensure => 'present',
:public_url => 'https://10.0.0.1:9393',
:admin_url => 'https://10.0.0.2:9393',
@ -95,7 +112,46 @@ describe 'glance::keystone::auth' do
}
end
it { should_not contain_keystone_endpoint('glance') }
it { is_expected.to_not contain_keystone_endpoint('RegionOne/glance') }
end
describe 'when disabling user configuration' do
let :params do
{
:configure_user => false,
:password => 'pass',
}
end
it { is_expected.to_not contain_keystone_user('glance') }
it { is_expected.to contain_keystone_user_role('glance@services') }
it { is_expected.to contain_keystone_service('glance').with(
:ensure => 'present',
:type => 'image',
:description => 'OpenStack Image Service'
) }
end
describe 'when disabling user and user role configuration' do
let :params do
{
:configure_user => false,
:configure_user_role => false,
:password => 'pass',
}
end
it { is_expected.to_not contain_keystone_user('glance') }
it { is_expected.to_not contain_keystone_user_role('glance@services') }
it { is_expected.to contain_keystone_service('glance').with(
:ensure => 'present',
:type => 'image',
:description => 'OpenStack Image Service'
) }
end
describe 'when configuring glance-api and the keystone endpoint' do
@ -114,6 +170,23 @@ describe 'glance::keystone::auth' do
}
end
it { should contain_keystone_endpoint('RegionOne/glance').with_notify('Service[glance-api]') }
it { is_expected.to contain_keystone_endpoint('RegionOne/glance').with_notify(["Service[glance-api]"]) }
end
describe 'when overriding service name' do
let :params do
{
:service_name => 'glance_service',
:password => 'pass'
}
end
it { is_expected.to contain_keystone_user('glance') }
it { is_expected.to contain_keystone_user_role('glance@services') }
it { is_expected.to contain_keystone_service('glance_service') }
it { is_expected.to contain_keystone_endpoint('RegionOne/glance_service') }
end
end

29
deployment/puppet/glance/spec/classes/glance_notify_qpid_spec.rb
View File

@ -15,12 +15,13 @@ describe 'glance::notify::qpid' do
{:qpid_password => 'pass'}
end
it { should contain_glance_api_config('DEFAULT/notifier_driver').with_value('qpid') }
it { should contain_glance_api_config('DEFAULT/qpid_username').with_value('guest') }
it { should contain_glance_api_config('DEFAULT/qpid_password').with_value('pass') }
it { should contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost') }
it { should contain_glance_api_config('DEFAULT/qpid_port').with_value('5672') }
it { should contain_glance_api_config('DEFAULT/qpid_protocol').with_value('tcp') }
it { is_expected.to contain_glance_api_config('DEFAULT/notifier_driver').with_value('qpid') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_username').with_value('guest') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_password').with_value('pass') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_password').with_value(params[:qpid_password]).with_secret(true) }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_port').with_value('5672') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_protocol').with_value('tcp') }
end
describe 'when passing params' do
@ -32,10 +33,10 @@ describe 'glance::notify::qpid' do
:qpid_port => '5673'
}
end
it { should contain_glance_api_config('DEFAULT/qpid_username').with_value('guest2') }
it { should contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost2') }
it { should contain_glance_api_config('DEFAULT/qpid_port').with_value('5673') }
it { should contain_glance_api_config('DEFAULT/qpid_protocol').with_value('tcp') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_username').with_value('guest2') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost2') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_port').with_value('5673') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_protocol').with_value('tcp') }
end
describe 'when configuring with ssl' do
@ -48,9 +49,9 @@ describe 'glance::notify::qpid' do
:qpid_protocol => 'ssl'
}
end
it { should contain_glance_api_config('DEFAULT/qpid_username').with_value('guest3') }
it { should contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost3') }
it { should contain_glance_api_config('DEFAULT/qpid_port').with_value('5671') }
it { should contain_glance_api_config('DEFAULT/qpid_protocol').with_value('ssl') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_username').with_value('guest3') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost3') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_port').with_value('5671') }
it { is_expected.to contain_glance_api_config('DEFAULT/qpid_protocol').with_value('ssl') }
end
end

94
deployment/puppet/glance/spec/classes/glance_notify_rabbitmq_spec.rb
View File

@ -14,17 +14,18 @@ describe 'glance::notify::rabbitmq' do
let :params do
{:rabbit_password => 'pass'}
end
it { should contain_glance_api_config('DEFAULT/notification_driver').with_ensure('absent') }
it { should contain_glance_api_config('DEFAULT/rabbit_password').with_value('pass') }
it { should contain_glance_api_config('DEFAULT/rabbit_userid').with_value('guest') }
it { should contain_glance_api_config('DEFAULT/rabbit_host').with_value('localhost') }
it { should contain_glance_api_config('DEFAULT/rabbit_port').with_value('5672') }
it { should contain_glance_api_config('DEFAULT/rabbit_hosts').with_value('localhost:5672') }
it { should contain_glance_api_config('DEFAULT/rabbit_ha_queues').with_value('false') }
it { should contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('false') }
it { should contain_glance_api_config('DEFAULT/rabbit_virtual_host').with_value('/') }
it { should contain_glance_api_config('DEFAULT/rabbit_notification_exchange').with_value('glance') }
it { should contain_glance_api_config('DEFAULT/rabbit_notification_topic').with_value('notifications') }
it { is_expected.to contain_glance_api_config('DEFAULT/notification_driver').with_value('messaging') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_password').with_value('pass') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_password').with_value(params[:rabbit_password]).with_secret(true) }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_userid').with_value('guest') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_host').with_value('localhost') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_port').with_value('5672') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_hosts').with_value('localhost:5672') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_ha_queues').with_value('false') }
it { is_expected.to contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('false') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_virtual_host').with_value('/') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_notification_exchange').with_value('glance') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_notification_topic').with_value('notifications') }
end
describe 'when passing params and use ssl' do
@ -37,15 +38,15 @@ describe 'glance::notify::rabbitmq' do
:rabbit_use_ssl => true,
:rabbit_durable_queues => true,
}
it { should contain_glance_api_config('DEFAULT/rabbit_userid').with_value('guest2') }
it { should contain_glance_api_config('DEFAULT/rabbit_host').with_value('localhost2') }
it { should contain_glance_api_config('DEFAULT/rabbit_port').with_value('5673') }
it { should contain_glance_api_config('DEFAULT/rabbit_use_ssl').with_value('true') }
it { should contain_glance_api_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
it { should contain_glance_api_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
it { should contain_glance_api_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
it { should contain_glance_api_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
it { should contain_glance_api_config('DEFAULT/rabbit_durable_queues').with_value('true') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_userid').with_value('guest2') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_host').with_value('localhost2') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_port').with_value('5673') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_durable_queues').with_value('true') }
end
end
@ -60,11 +61,30 @@ describe 'glance::notify::rabbitmq' do
:kombu_ssl_version => 'TLSv1',
}
end
it { should contain_glance_api_config('DEFAULT/rabbit_use_ssl').with_value(true) }
it { should contain_glance_api_config('DEFAULT/kombu_ssl_ca_certs').with_value('/etc/ca.cert') }
it { should contain_glance_api_config('DEFAULT/kombu_ssl_certfile').with_value('/etc/certfile') }
it { should contain_glance_api_config('DEFAULT/kombu_ssl_keyfile').with_value('/etc/key') }
it { should contain_glance_api_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value(true) }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value('/etc/ca.cert') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value('/etc/certfile') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value('/etc/key') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') }
end
describe 'with rabbit ssl disabled' do
let :params do
{
:rabbit_password => 'pass',
:rabbit_use_ssl => false,
:kombu_ssl_ca_certs => 'undef',
:kombu_ssl_certfile => 'undef',
:kombu_ssl_keyfile => 'undef',
:kombu_ssl_version => 'TLSv1',
}
end
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('false') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_version').with_ensure('absent') }
end
describe 'when passing params for single rabbit host' do
@ -78,12 +98,12 @@ describe 'glance::notify::rabbitmq' do
:rabbit_durable_queues => true,
}
end
it { should contain_glance_api_config('DEFAULT/rabbit_userid').with_value('guest2') }
it { should contain_glance_api_config('DEFAULT/rabbit_host').with_value('localhost2') }
it { should contain_glance_api_config('DEFAULT/rabbit_port').with_value('5673') }
it { should contain_glance_api_config('DEFAULT/rabbit_hosts').with_value('localhost2:5673') }
it { should contain_glance_api_config('DEFAULT/rabbit_use_ssl').with_value('true') }
it { should contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('true') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_userid').with_value('guest2') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_host').with_value('localhost2') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_port').with_value('5673') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_hosts').with_value('localhost2:5673') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') }
it { is_expected.to contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('true') }
end
describe 'when passing params for multiple rabbit hosts' do
@ -94,12 +114,12 @@ describe 'glance::notify::rabbitmq' do
:rabbit_hosts => ['nonlocalhost3:5673', 'nonlocalhost4:5673']
}
end
it { should contain_glance_api_config('DEFAULT/rabbit_userid').with_value('guest3') }
it { should contain_glance_api_config('DEFAULT/rabbit_hosts').with_value(
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_userid').with_value('guest3') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_hosts').with_value(
'nonlocalhost3:5673,nonlocalhost4:5673') }
it { should contain_glance_api_config('DEFAULT/rabbit_ha_queues').with_value('true') }
it { should_not contain_glance_api_config('DEFAULT/rabbit_port') }
it { should_not contain_glance_api_config('DEFAULT/rabbit_host') }
it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_ha_queues').with_value('true') }
it { is_expected.to_not contain_glance_api_config('oslo_messaging_rabbit/rabbit_port') }
it { is_expected.to_not contain_glance_api_config('oslo_messaging_rabbit/rabbit_host') }
end
describe 'when using deprecated params' do
@ -109,6 +129,6 @@ describe 'glance::notify::rabbitmq' do
:rabbit_password => 'pass'
}
end
it { should contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('true') }
it { is_expected.to contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('true') }
end
end

41
deployment/puppet/glance/spec/classes/glance_policy_spec.rb Normal file
View File

@ -0,0 +1,41 @@
require 'spec_helper'
describe 'glance::policy' do
shared_examples_for 'glance policies' do
let :params do
{
:policy_path => '/etc/glance/policy.json',
:policies => {
'context_is_admin' => {
'key' => 'context_is_admin',
'value' => 'foo:bar'
}
}
}
end
it 'set up the policies' do
is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
:key => 'context_is_admin',
:value => 'foo:bar'
})
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
it_configures 'glance policies'
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'glance policies'
end
end

239
deployment/puppet/glance/spec/classes/glance_registry_spec.rb
View File

@ -9,48 +9,48 @@ describe 'glance::registry' do
let :default_params do
{
:verbose => false,
:debug => false,
:bind_host => '0.0.0.0',
:bind_port => '9191',
:log_file => '/var/log/glance/registry.log',
:log_dir => '/var/log/glance',
:sql_connection => 'sqlite:///var/lib/glance/glance.sqlite',
:sql_idle_timeout => '3600',
:enabled => true,
:auth_type => 'keystone',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:auth_protocol => 'http',
:auth_uri => 'http://127.0.0.1:5000/',
:identity_uri => 'http://127.0.0.1:35357/',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'ChangeMe',
:purge_config => false,
:mysql_module => '0.9'
:verbose => false,
:debug => false,
:bind_host => '0.0.0.0',
:bind_port => '9191',
:log_file => '/var/log/glance/registry.log',
:log_dir => '/var/log/glance',
:database_connection => 'sqlite:///var/lib/glance/glance.sqlite',
:database_idle_timeout => '3600',
:enabled => true,
:manage_service => true,
:auth_type => 'keystone',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:auth_protocol => 'http',
:auth_uri => 'http://127.0.0.1:5000/',
:keystone_tenant => 'services',
:keystone_user => 'glance',
:keystone_password => 'ChangeMe',
:purge_config => false,
:sync_db => true,
}
end
[
{:keystone_password => 'ChangeMe'},
{
:verbose => true,
:debug => true,
:bind_host => '127.0.0.1',
:bind_port => '9111',
:sql_connection => 'sqlite:///var/lib/glance.sqlite',
:sql_idle_timeout => '360',
:enabled => false,
:auth_type => 'keystone',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:auth_protocol => 'http',
:auth_uri => 'http://127.0.0.1:5000/',
:identity_uri => 'http://127.0.0.1:35357/',
:keystone_tenant => 'admin',
:keystone_user => 'admin',
:keystone_password => 'ChangeMe',
:verbose => true,
:debug => true,
:bind_host => '127.0.0.1',
:bind_port => '9111',
:database_connection => 'sqlite:///var/lib/glance.sqlite',
:database_idle_timeout => '360',
:enabled => false,
:auth_type => 'keystone',
:auth_host => '127.0.0.1',
:auth_port => '35357',
:auth_protocol => 'http',
:auth_uri => 'http://127.0.0.1:5000/',
:keystone_tenant => 'admin',
:keystone_user => 'admin',
:keystone_password => 'ChangeMe',
:sync_db => false,
}
].each do |param_set|
@ -63,10 +63,10 @@ describe 'glance::registry' do
param_set
end
it { should contain_class 'glance::registry' }
it { is_expected.to contain_class 'glance::registry' }
it { should contain_service('glance-registry').with(
'ensure' => param_hash[:enabled] ? 'running' : 'stopped',
it { is_expected.to contain_service('glance-registry').with(
'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running' : 'stopped',
'enable' => param_hash[:enabled],
'hasstatus' => true,
'hasrestart' => true,
@ -74,47 +74,78 @@ describe 'glance::registry' do
'require' => 'Class[Glance]'
)}
it 'should only sync the db if the service is enabled' do
it 'is_expected.to only sync the db if sync_db is enabled' do
if param_hash[:enabled]
should contain_exec('glance-manage db_sync').with(
if param_hash[:sync_db]
is_expected.to contain_exec('glance-manage db_sync').with(
'path' => '/usr/bin',
'command' => 'glance-manage --config-file=/etc/glance/glance-registry.conf db_sync',
'refreshonly' => true,
'logoutput' => 'on_failure',
'subscribe' => ['Package[glance-registry]', 'File[/etc/glance/glance-registry.conf]'],
'notify' => 'Service[glance-registry]'
'notify' => ["Service[glance-registry]"]
)
end
end
it 'should configure itself' do
it 'is_expected.to not sync the db if sync_db is set to false' do
if !param_hash[:sync_db]
is_expected.not_to contain_exec('glance-manage db_sync')
end
end
it 'is_expected.to configure itself' do
[
'verbose',
'debug',
'bind_port',
'bind_host',
'sql_connection',
'sql_idle_timeout'
].each do |config|
should contain_glance_registry_config("DEFAULT/#{config}").with_value(param_hash[config.intern])
is_expected.to contain_glance_registry_config("DEFAULT/#{config}").with_value(param_hash[config.intern])
end
[
'database_connection',
'database_idle_timeout',
].each do |config|
is_expected.to contain_glance_registry_config("database/#{config.gsub(/database_/,'')}").with_value(param_hash[config.intern])
end
[
'auth_host',
'auth_port',
'auth_protocol'
].each do |config|
should contain_glance_registry_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
is_expected.to contain_glance_registry_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
end
should contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
if param_hash[:auth_type] == 'keystone'
should contain_glance_registry_config("paste_deploy/flavor").with_value('keystone')
should contain_glance_registry_config("keystone_authtoken/admin_tenant_name").with_value(param_hash[:keystone_tenant])
should contain_glance_registry_config("keystone_authtoken/admin_user").with_value(param_hash[:keystone_user])
should contain_glance_registry_config("keystone_authtoken/admin_password").with_value(param_hash[:keystone_password])
is_expected.to contain_glance_registry_config("paste_deploy/flavor").with_value('keystone')
is_expected.to contain_glance_registry_config("keystone_authtoken/admin_tenant_name").with_value(param_hash[:keystone_tenant])
is_expected.to contain_glance_registry_config("keystone_authtoken/admin_user").with_value(param_hash[:keystone_user])
is_expected.to contain_glance_registry_config("keystone_authtoken/admin_password").with_value(param_hash[:keystone_password])
is_expected.to contain_glance_registry_config("keystone_authtoken/admin_password").with_value(param_hash[:keystone_password]).with_secret(true)
end
end
end
end
describe 'with disabled service managing' do
let :params do
{
:keystone_password => 'ChangeMe',
:manage_service => false,
:enabled => false,
}
end
it { is_expected.to contain_service('glance-registry').with(
'ensure' => nil,
'enable' => false,
'hasstatus' => true,
'hasrestart' => true,
'subscribe' => 'File[/etc/glance/glance-registry.conf]',
'require' => 'Class[Glance]'
)}
end
describe 'with overridden pipeline' do
# At the time of writing there was only blank and keystone as options
# but there is no reason that there can't be more options in the future.
@ -125,7 +156,7 @@ describe 'glance::registry' do
}
end
it { should contain_glance_registry_config('paste_deploy/flavor').with_value('validoptionstring') }
it { is_expected.to contain_glance_registry_config('paste_deploy/flavor').with_value('validoptionstring') }
end
describe 'with blank pipeline' do
@ -136,7 +167,7 @@ describe 'glance::registry' do
}
end
it { should contain_glance_registry_config('paste_deploy/flavor').with_ensure('absent') }
it { is_expected.to contain_glance_registry_config('paste_deploy/flavor').with_ensure('absent') }
end
[
@ -155,7 +186,7 @@ describe 'glance::registry' do
}
end
it { expect { should contain_glance_registry_config('filter:paste_deploy/flavor') }.to\
it { expect { is_expected.to contain_glance_registry_config('filter:paste_deploy/flavor') }.to\
raise_error(Puppet::Error, /validate_re\(\): .* does not match/) }
end
end
@ -168,7 +199,7 @@ describe 'glance::registry' do
}
end
it { should contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
it { is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
end
[
@ -187,7 +218,7 @@ describe 'glance::registry' do
}
end
it { expect { should contain_glance_registry_config('filter:authtoken/auth_admin_prefix') }.to\
it { expect { is_expected.to contain_glance_registry_config('filter:authtoken/auth_admin_prefix') }.to\
raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
end
end
@ -197,8 +228,8 @@ describe 'glance::registry' do
default_params
end
it { should contain_glance_registry_config('DEFAULT/use_syslog').with_value(false) }
it { should_not contain_glance_registry_config('DEFAULT/syslog_log_facility') }
it { is_expected.to contain_glance_registry_config('DEFAULT/use_syslog').with_value(false) }
it { is_expected.to_not contain_glance_registry_config('DEFAULT/syslog_log_facility') }
end
describe 'with syslog enabled' do
@ -208,8 +239,8 @@ describe 'glance::registry' do
})
end
it { should contain_glance_registry_config('DEFAULT/use_syslog').with_value(true) }
it { should contain_glance_registry_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') }
it { is_expected.to contain_glance_registry_config('DEFAULT/use_syslog').with_value(true) }
it { is_expected.to contain_glance_registry_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') }
end
describe 'with syslog enabled and custom settings' do
@ -220,38 +251,38 @@ describe 'glance::registry' do
})
end
it { should contain_glance_registry_config('DEFAULT/use_syslog').with_value(true) }
it { should contain_glance_registry_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') }
it { is_expected.to contain_glance_registry_config('DEFAULT/use_syslog').with_value(true) }
it { is_expected.to contain_glance_registry_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') }
end
describe 'with log_file enabled by default' do
let(:params) { default_params }
it { should contain_glance_registry_config('DEFAULT/log_file').with_value(default_params[:log_file]) }
it { is_expected.to contain_glance_registry_config('DEFAULT/log_file').with_value(default_params[:log_file]) }
context 'with log_file disabled' do
let(:params) { default_params.merge!({ :log_file => false }) }
it { should contain_glance_registry_config('DEFAULT/log_file').with_ensure('absent') }
it { is_expected.to contain_glance_registry_config('DEFAULT/log_file').with_ensure('absent') }
end
end
describe 'with log_dir enabled by default' do
let(:params) { default_params }
it { should contain_glance_registry_config('DEFAULT/log_dir').with_value(default_params[:log_dir]) }
it { is_expected.to contain_glance_registry_config('DEFAULT/log_dir').with_value(default_params[:log_dir]) }
context 'with log_dir disabled' do
let(:params) { default_params.merge!({ :log_dir => false }) }
it { should contain_glance_registry_config('DEFAULT/log_dir').with_ensure('absent') }
it { is_expected.to contain_glance_registry_config('DEFAULT/log_dir').with_ensure('absent') }
end
end
describe 'with no ssl options (default)' do
let(:params) { default_params }
it { should contain_glance_registry_config('DEFAULT/ca_file').with_ensure('absent')}
it { should contain_glance_registry_config('DEFAULT/cert_file').with_ensure('absent')}
it { should contain_glance_registry_config('DEFAULT/key_file').with_ensure('absent')}
it { is_expected.to contain_glance_registry_config('DEFAULT/ca_file').with_ensure('absent')}
it { is_expected.to contain_glance_registry_config('DEFAULT/cert_file').with_ensure('absent')}
it { is_expected.to contain_glance_registry_config('DEFAULT/key_file').with_ensure('absent')}
end
describe 'with ssl options' do
@ -264,9 +295,50 @@ describe 'glance::registry' do
end
context 'with ssl options' do
it { should contain_glance_registry_config('DEFAULT/ca_file').with_value('/tmp/ca_file') }
it { should contain_glance_registry_config('DEFAULT/cert_file').with_value('/tmp/cert_file') }
it { should contain_glance_registry_config('DEFAULT/key_file').with_value('/tmp/key_file') }
it { is_expected.to contain_glance_registry_config('DEFAULT/ca_file').with_value('/tmp/ca_file') }
it { is_expected.to contain_glance_registry_config('DEFAULT/cert_file').with_value('/tmp/cert_file') }
it { is_expected.to contain_glance_registry_config('DEFAULT/key_file').with_value('/tmp/key_file') }
end
end
describe 'with identity and auth settings' do
let :params do
{
:keystone_password => 'ChangeMe',
}
end
context 'with custom keystone identity_uri' do
before do
params.merge!({
:identity_uri => 'https://foo.bar:1234/',
})
end
it 'configures identity_uri' do
is_expected.to contain_glance_registry_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/");
# since only auth_uri is set the deprecated auth parameters is_expected.to
# still get set in case they are still in use
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_host').with_value('127.0.0.1');
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_port').with_value('35357');
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_protocol').with_value('http');
end
end
context 'with custom keystone identity_uri and auth_uri' do
before do
params.merge!({
:identity_uri => 'https://foo.bar:35357/',
:auth_uri => 'https://foo.bar:5000/v2.0/',
})
end
it 'configures identity_uri' do
is_expected.to contain_glance_registry_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/");
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_host').with_ensure('absent')
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_port').with_ensure('absent')
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_protocol').with_ensure('absent')
is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
end
end
end
@ -274,9 +346,18 @@ describe 'glance::registry' do
let :facts do
{ :osfamily => 'Debian' }
end
let(:params) { default_params }
it {should contain_package('glance-registry')}
# We only test this on Debian platforms, since on RedHat there isn't a
# separate package for glance registry.
['present', 'latest'].each do |package_ensure|
context "with package_ensure '#{package_ensure}'" do
let(:params) { default_params.merge({ :package_ensure => package_ensure }) }
it { is_expected.to contain_package('glance-registry').with(
:ensure => package_ensure,
:tag => ['openstack']
)}
end
end
end
describe 'on RedHat platforms' do
@ -285,7 +366,7 @@ describe 'glance::registry' do
end
let(:params) { default_params }
it { should contain_package('openstack-glance')}
it { is_expected.to contain_package('openstack-glance')}
end
describe 'on unknown platforms' do
@ -294,9 +375,7 @@ describe 'glance::registry' do
end
let(:params) { default_params }
it 'should fails to configure glance-registry' do
expect { subject }.to raise_error(Puppet::Error, /module glance only support osfamily RedHat and Debian/)
end
it_raises 'a Puppet::Error', /module glance only support osfamily RedHat and Debian/
end
end

8
deployment/puppet/glance/spec/classes/glance_spec.rb
View File

@ -25,7 +25,7 @@ describe 'glance' do
let :params do param_set end
it { should contain_file('/etc/glance/').with(
it { is_expected.to contain_file('/etc/glance/').with(
'ensure' => 'directory',
'owner' => 'glance',
'mode' => '0770'
@ -40,7 +40,7 @@ describe 'glance' do
end
let(:params) { default_params }
it {should_not contain_package('glance')}
it { is_expected.to_not contain_package('glance') }
end
describe 'on RedHat platforms' do
@ -49,7 +49,9 @@ describe 'glance' do
end
let(:params) { default_params }
it { should contain_package('openstack-glance')}
it { is_expected.to contain_package('openstack-glance').with(
:tag => ['openstack'],
)}
end
end

2
deployment/puppet/glance/spec/shared_examples.rb
View File

@ -1,5 +1,5 @@
shared_examples_for "a Puppet::Error" do |description|
it "with message matching #{description.inspect}" do
expect { should have_class_count(1) }.to raise_error(Puppet::Error, description)
expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description)
end
end

4
deployment/puppet/glance/spec/spec_helper.rb
View File

@ -2,6 +2,6 @@ require 'puppetlabs_spec_helper/module_spec_helper'
require 'shared_examples'
RSpec.configure do |c|
c.alias_it_should_behave_like_to :it_configures, 'configures'
c.alias_it_should_behave_like_to :it_raises, 'raises'
c.alias_it_should_behave_like_to :it_configures, 'configures'
c.alias_it_should_behave_like_to :it_raises, 'raises'
end

43
deployment/puppet/glance/spec/spec_helper_acceptance.rb Normal file
View File

@ -0,0 +1,43 @@
require 'beaker-rspec'
require 'beaker/puppet_install_helper'
run_puppet_install_helper
RSpec.configure do |c|
# Project root
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
# Readable test descriptions
c.formatter = :documentation
# Configure all nodes in nodeset
c.before :suite do
# Install module
hosts.each do |host|
# install git
install_package host, 'git'
# clean out any module cruft
shell('rm -fr /etc/puppet/modules/*')
# install library modules from the forge
on host, puppet('module','install', '--force', 'puppetlabs-mysql', '--version', '3.2.0'), { :acceptable_exit_codes => [0,1] }
on host, puppet('module','install','dprince/qpid'), { :acceptable_exit_codes => [0,1] }
on host, puppet('module','install','puppetlabs-apt', '--version', '1.8.0'), { :acceptable_exit_codes => [0,1] }
on host, puppet('module','install','puppetlabs-inifile'), { :acceptable_exit_codes => [0,1] }
on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] }
on host, puppet('module','install','stahnma-epel'), { :acceptable_exit_codes => [0,1] }
# install puppet modules from git, use master
shell('git clone https://git.openstack.org/openstack/puppet-openstacklib /etc/puppet/modules/openstacklib')
shell('git clone https://git.openstack.org/openstack/puppet-keystone /etc/puppet/modules/keystone')
shell('git clone https://git.openstack.org/openstack/puppet-openstack_extras /etc/puppet/modules/openstack_extras')
# Install the module being tested
puppet_module_install(:source => proj_root, :module_name => 'glance')
# List modules installed to help with debugging
on hosts[0], puppet('module','list'), { :acceptable_exit_codes => [0,1] }
end
end
end

14
deployment/puppet/glance/spec/unit/provider/glance_spec.rb
View File

@ -35,19 +35,25 @@ describe Puppet::Provider::Glance do
'admin_tenant_name' => 'foo',
'admin_user' => 'user',
'admin_password' => 'pass'
},
'glance_store' =>
{
'os_region_name' => 'SomeRegion',
}
}
Puppet::Util::IniConfig::File.expects(:new).returns(mock)
mock.expects(:read).with('/etc/glance/glance-api.conf')
klass.expects(:sleep).with(10).returns(nil)
klass.expects(:glance).twice.with(
'-T',
'--os-tenant-name',
'foo',
'-I',
'--os-username',
'user',
'-K',
'--os-password',
'pass',
'-N',
'--os-region-name',
'SomeRegion',
'--os-auth-url',
'http://127.0.0.1:35357/v2.0/',
['test_retries']
).raises(Exception, valid_message).then.returns('')

2
deployment/puppet/glance/tests/api.pp
View File

@ -1,4 +1,4 @@
class { 'glance::api':
class { '::glance::api':
debug => true,
verbose => true,
}

2
deployment/puppet/glance/tests/init.pp
View File

@ -1 +1 @@
class { 'glance': }
class { '::glance': }

2
deployment/puppet/glance/tests/registry.pp
View File

@ -1,4 +1,4 @@
class { 'glance::registry':
class { '::glance::registry':
debug => true,
verbose => true,
}

46
deployment/puppet/glance/tests/site.pp
View File

@ -4,32 +4,32 @@
Exec { logoutput => 'on_failure' }
node glance_keystone_mysql {
class { 'mysql::server': }
class { 'keystone':
class { '::mysql::server': }
class { '::keystone':
verbose => true,
debug => true,
catalog_type => 'sql',
admin_token => 'admin_token',
}
class { 'keystone::db::mysql':
class { '::keystone::db::mysql':
password => 'keystone',
}
class { 'keystone::roles::admin':
class { '::keystone::roles::admin':
email => 'test@puppetlabs.com',
password => 'ChangeMe',
}
class { 'glance::api':
verbose => true,
debug => true,
auth_type => 'keystone',
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => 'glance_password',
sql_connection => 'mysql://glance:glance@127.0.0.1/glance',
class { '::glance::api':
verbose => true,
debug => true,
auth_type => 'keystone',
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => 'glance_password',
database_connection => 'mysql://glance:glance@127.0.0.1/glance',
}
class { 'glance::backend::file': }
class { '::glance::backend::file': }
class { 'glance::db::mysql':
class { '::glance::db::mysql':
password => 'glance',
dbname => 'glance',
user => 'glance',
@ -38,16 +38,16 @@ node glance_keystone_mysql {
# $cluster_id = 'localzone'
}
class { 'glance::registry':
verbose => true,
debug => true,
auth_type => 'keystone',
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => 'glance_password',
sql_connection => 'mysql://glance:glance@127.0.0.1/glance',
class { '::glance::registry':
verbose => true,
debug => true,
auth_type => 'keystone',
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => 'glance_password',
database_connection => 'mysql://glance:glance@127.0.0.1/glance',
}
class { 'glance::keystone::auth':
class { '::glance::keystone::auth':
password => 'glance_pass',
}
}