Adapt puppet-keystone for Fuel

Partial blueprint merge-openstack-puppet-modules - Includes fix for rhbz#1129760 bug. Upstream Change-Id: I3f0102b184a484f5e5a85cadf26ed651829fbf8c Change-Id: I46d872bc6ec1ef33243dce2588847b8be7f2df4b Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2014-04-07 15:31:19 +03:00 · 2014-04-07 15:31:19 +03:00 · e6647249b8
commit e6647249b8
parent 01326ed62c
8 changed files with 98 additions and 26 deletions
--- a/deployment/puppet/keystone/manifests/db/postgresql.pp
+++ b/deployment/puppet/keystone/manifests/db/postgresql.pp
@ -42,6 +42,6 @@ class keystone::db::postgresql(
    password  => $password,
  }
-  Postgresql::Db[$dbname] ~> Exec<| title == 'keystone-manage db_sync' |>
+  Postgresql::Server::Db[$dbname] ~> Exec<| title == 'keystone-manage db_sync' |>
 }
--- a/deployment/puppet/keystone/manifests/roles/admin.pp
+++ b/deployment/puppet/keystone/manifests/roles/admin.pp
@ -6,7 +6,6 @@
 #   * "admin" tenant (defaults to "openstack")
 #   * admin user (that defaults to the "admin" tenant)
 #   * admin role
 #   * _member_ role
 #   * adds admin role to admin user on the "admin" tenant
 #
 # [*Parameters*]
@ -51,7 +50,7 @@ class keystone::roles::admin(
    email       => $email,
    password    => $password,
  }
-  keystone_role { ['admin', '_member_']:
+  keystone_role { 'admin':
    ensure => present,
  }
  keystone_user_role { "${admin}@${admin_tenant}":
--- a/deployment/puppet/keystone/spec/classes/keystone_roles_admin_spec.rb
+++ b/deployment/puppet/keystone/spec/classes/keystone_roles_admin_spec.rb
@ -28,9 +28,7 @@ describe 'keystone::roles::admin' do
      :email       => 'foo@bar',
      :password    => 'ChangeMe'
    )}
-    ['admin', '_member_'].each do |role_name|
+    it { should contain_keystone_role('admin').with_ensure('present') }
      it { should contain_keystone_role(role_name).with_ensure('present') }
    end
    it { should contain_keystone_user_role('admin@openstack').with(
      :roles  => 'admin',
      :ensure => 'present'
--- a/deployment/puppet/nailgun/examples/keystone-only.pp
+++ b/deployment/puppet/nailgun/examples/keystone-only.pp
@ -18,9 +18,11 @@ case $production {
    class {'docker::container': }
    class { 'keystone':
-      admin_token     => $::fuel_settings['keystone']['admin_token'],
+      admin_token      => $::fuel_settings['keystone']['admin_token'],
-      catalog_type    => 'sql',
+      catalog_type     => 'sql',
-      sql_connection => "postgresql://${::fuel_settings['postgres']['keystone_user']}:${::fuel_settings['postgres']['keystone_password']}@${::fuel_settings['ADMIN_NETWORK']['ipaddress']}/${::fuel_settings['postgres']['keystone_dbname']}",
+      sql_connection   => "postgresql://${::fuel_settings['postgres']['keystone_user']}:${::fuel_settings['postgres']['keystone_password']}@${::fuel_settings['ADMIN_NETWORK']['ipaddress']}/${::fuel_settings['postgres']['keystone_dbname']}",
      token_expiration => 86400,
      token_provider   => 'keystone.token.providers.uuid.Provider',
    }
    #FIXME(mattymo): We should enable db_sync on every run inside keystone,
@ -79,11 +81,6 @@ case $production {
      address   => $::fuel_settings['ADMIN_NETWORK']['ipaddress'],
    }
    # Increase token expiratin to 24h
    keystone_config {
      'token/expiration': value => 86400;
    }
    package { 'crontabs':
      ensure => latest,
    }
--- a/deployment/puppet/nailgun/manifests/auth.pp
+++ b/deployment/puppet/nailgun/manifests/auth.pp
@ -21,7 +21,8 @@ class nailgun::auth(
  $internal_address = undef,
  $admin_address    = undef,
  $public_address   = undef,
-  $port             = '8000'
+  $port             = '8000',
  $region           = 'RegionOne',
 ) {
  if ($internal_address == undef) {
    $internal_address_real = $address
@ -59,7 +60,7 @@ class nailgun::auth(
    description => 'Nailgun API',
  }
-  keystone_endpoint { 'nailgun':
+  keystone_endpoint { "$region/nailgun":
    ensure       => present,
    public_url   => "http://${public_address_real}:${port}/api",
    admin_url    => "http://${admin_address_real}:${port}/api",
--- a/deployment/puppet/nailgun/manifests/ostf/auth.pp
+++ b/deployment/puppet/nailgun/manifests/ostf/auth.pp
@ -21,7 +21,8 @@ class nailgun::ostf::auth(
  $internal_address = undef,
  $admin_address    = undef,
  $public_address   = undef,
-  $port             = '8000'
+  $port             = '8000',
  $region           = 'RegionOne',
 ) {
  if ($internal_address == undef) {
    $internal_address_real = $address
@ -59,7 +60,7 @@ class nailgun::ostf::auth(
    description => 'OSTF',
  }
-  keystone_endpoint { 'ostf':
+  keystone_endpoint { "$region/ostf":
    ensure       => present,
    public_url   => "http://${public_address_real}:${port}/ostf",
    admin_url    => "http://${admin_address_real}:${port}/ostf",
--- a/deployment/puppet/openstack/manifests/keystone.pp
+++ b/deployment/puppet/openstack/manifests/keystone.pp
@ -30,6 +30,9 @@
 # [use_syslog] Rather or not service should log to syslog. Optional. Default to false.
 # [syslog_log_facility] Facility for syslog, if used. Optional. Note: duplicating conf option
 #       wouldn't have been used, but more powerfull rsyslog features managed via conf template instead
 # [max_pool_size] SQLAlchemy backend related. Default 10.
 # [max_overflow] SQLAlchemy backend related.  Default 30.
 # [max_retries] SQLAlchemy backend related. Default -1.
 #
 # === Example
 #
@ -195,6 +198,14 @@ class openstack::keystone (
    $ceilometer_admin_real = $admin_real
  }
  if $memcache_servers {
    $memcache_servers_real = suffix($memcache_servers, inline_template(":<%= @memcache_server_port %>"))
    $token_driver = 'keystone.token.backends.memcache.Token'
  } else {
    $memcache_servers_real = false
    $token_driver = 'keystone.token.backends.sql.Token'
  }
  class { '::keystone':
    verbose             => $verbose,
    debug               => $debug,
@ -205,17 +216,83 @@ class openstack::keystone (
    bind_host           => $bind_host,
    package_ensure      => $package_ensure,
    use_syslog          => $use_syslog,
    syslog_log_facility => $syslog_log_facility,
    max_retries         => $max_retries,
    max_pool_size       => $max_pool_size,
    max_overflow        => $max_overflow,
    idle_timeout        => $idle_timeout,
    rabbit_password     => $rabbit_password,
    rabbit_userid       => $rabbit_userid,
    rabbit_hosts        => $rabbit_hosts,
    rabbit_virtual_host => $rabbit_virtual_host,
-    memcache_servers    => $memcache_servers,
+    memcache_servers    => $memcache_servers_real,
-    memcache_server_port => $memcache_server_port,
+    token_driver        => $token_driver,
    token_provider      => 'keystone.token.providers.uuid.Provider',
  }
  if $::operatingsystem == 'Ubuntu' {
   if $service_provider == 'pacemaker' {
      tweaks::ubuntu_service_override { 'keystone':
        package_name => 'keystone',
      }
      exec { 'remove-keystone-bootblockr':
        command => 'rm -rf /etc/init/keystone.override',
        path    => ['/bin', '/usr/bin'],
        require => Package['keystone']
      }
    }
  }
  if $memcache_servers {
    Service<| title == 'memcached' |> -> Service<| title == 'keystone'|>
    keystone_config {
      'token/caching': value => 'true';
      'cache/enabled': value => 'true';
      'cache/backend': value => 'dogpile.cache.memcached';
      'cache/backend_argument': value => inline_template("url:<%= @memcache_servers.collect{|ip| ip }.join ',' %>");
     }
  }
  Package<| title == 'keystone'|> ~> Service<| title == 'keystone'|>
  if !defined(Service['keystone']) {
    notify{ "Module ${module_name} cannot notify service keystone on package update": }
  }
  if $use_syslog {
    keystone_config {
      'DEFAULT/use_syslog_rfc_format':  value  => true;
    }
  }
  keystone_config {
    'DATABASE/max_pool_size':                          value => $max_pool_size;
    'DATABASE/max_retries':                            value => $max_retries;
    'DATABASE/max_overflow':                           value => $max_overflow;
    'identity/driver':                                 value =>"keystone.identity.backends.sql.Identity";
    'policy/driver':                                   value =>"keystone.policy.backends.rules.Policy";
    'ec2/driver':                                      value =>"keystone.contrib.ec2.backends.sql.Ec2";
    'filter:debug/paste.filter_factory':               value =>"keystone.common.wsgi:Debug.factory";
    'filter:token_auth/paste.filter_factory':          value =>"keystone.middleware:TokenAuthMiddleware.factory";
    'filter:admin_token_auth/paste.filter_factory':    value =>"keystone.middleware:AdminTokenAuthMiddleware.factory";
    'filter:xml_body/paste.filter_factory':            value =>"keystone.middleware:XmlBodyMiddleware.factory";
    'filter:json_body/paste.filter_factory':           value =>"keystone.middleware:JsonBodyMiddleware.factory";
    'filter:user_crud_extension/paste.filter_factory': value =>"keystone.contrib.user_crud:CrudExtension.factory";
    'filter:crud_extension/paste.filter_factory':      value =>"keystone.contrib.admin_crud:CrudExtension.factory";
    'filter:ec2_extension/paste.filter_factory':       value =>"keystone.contrib.ec2:Ec2Extension.factory";
    'filter:s3_extension/paste.filter_factory':        value =>"keystone.contrib.s3:S3Extension.factory";
    'filter:url_normalize/paste.filter_factory':       value =>"keystone.middleware:NormalizingFilter.factory";
    'filter:stats_monitoring/paste.filter_factory':    value =>"keystone.contrib.stats:StatsMiddleware.factory";
    'filter:stats_reporting/paste.filter_factory':     value =>"keystone.contrib.stats:StatsExtension.factory";
    'app:public_service/paste.app_factory':            value =>"keystone.service:public_app_factory";
    'app:admin_service/paste.app_factory':             value =>"keystone.service:admin_app_factory";
    'pipeline:public_api/pipeline':                    value =>"stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service";
    'pipeline:admin_api/pipeline':                     value =>"stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service";
    'app:public_version_service/paste.app_factory':    value =>"keystone.service:public_version_app_factory";
    'app:admin_version_service/paste.app_factory':     value =>"keystone.service:admin_version_app_factory";
    'pipeline:public_version_api/pipeline':            value =>"stats_monitoring url_normalize xml_body public_version_service";
    'pipeline:admin_version_api/pipeline':             value =>"stats_monitoring url_normalize xml_body admin_version_service";
    'composite:main/use':                              value =>"egg:Paste#urlmap";
    'composite:main//v2.0':                            value =>"public_api";
    'composite:main//':                                value =>"public_version_api";
    'composite:admin/use':                             value =>"egg:Paste#urlmap";
    'composite:admin//v2.0':                           value =>"admin_api";
    'composite:admin//':                               value =>"admin_version_api";
  }
  if ($enabled) {
--- a/deployment/puppet/sahara/manifests/keystone/auth.pp
+++ b/deployment/puppet/sahara/manifests/keystone/auth.pp
@ -23,9 +23,8 @@ class sahara::keystone::auth (
    description => 'OpenStack Data Processing',
  }
-  keystone_endpoint { $auth_name:
+  keystone_endpoint { "$region/$auth_name":
    ensure       => present,
    region       => $region,
    public_url   => "http://${public_address}:${sahara_port}/v1.1/%(tenant_id)s",
    internal_url => "http://${internal_address}:${sahara_port}/v1.1/%(tenant_id)s",
    admin_url    => "http://${admin_address}:${sahara_port}/v1.1/%(tenant_id)s",