Adapt synced keystone module

* add new parameters: public_url, admin_url, internal_url, mysql_module, token_caching cache_backend, revoke_driver * replase old parameters with new: idle_timeout -> database_idle_timeout * installing python-memcache has been moved to module * added noop tests for new variables * fix pep8 errors Partially Implements: blueprint upgrade-openstack-puppet-modules Change-Id: I33cbabd5e623fc9920107a3f8c2258bd7e47346e
2015-06-23 17:42:13 +03:00 · 2015-06-23 17:42:13 +03:00 · fa5366b7a1
parent 252969895a
commit fa5366b7a1
6 changed files with 91 additions and 65 deletions
--- a/deployment/puppet/keystone/files/httpd/keystone.py
+++ b/deployment/puppet/keystone/files/httpd/keystone.py
@ -13,7 +13,8 @@
 #    under the License.

 #
-# This file was copied from https://github.com/openstack/keystone/raw/0b676730347c76c7f64a67c1ad0135663e99c4fc/httpd/keystone.py
+# This file was copied from
+# raw.githubusercontent.com/openstack/keystone/a4f29db/httpd/keystone.py
 # It's only required for platforms on which it is not packaged yet.
 # It should be removed when available everywhere in a package.
 #
--- a/deployment/puppet/nailgun/examples/keystone-only.pp
+++ b/deployment/puppet/nailgun/examples/keystone-only.pp
@ -20,7 +20,7 @@ case $production {
    class { 'keystone':
      admin_token      => $::fuel_settings['keystone']['admin_token'],
      catalog_type     => 'sql',
-      sql_connection   => "postgresql://${::fuel_settings['postgres']['keystone_user']}:${::fuel_settings['postgres']['keystone_password']}@${::fuel_settings['ADMIN_NETWORK']['ipaddress']}/${::fuel_settings['postgres']['keystone_dbname']}",
+      database_connection   => "postgresql://${::fuel_settings['postgres']['keystone_user']}:${::fuel_settings['postgres']['keystone_password']}@${::fuel_settings['ADMIN_NETWORK']['ipaddress']}/${::fuel_settings['postgres']['keystone_dbname']}",
      token_expiration => 86400,
      token_provider   => 'keystone.token.providers.uuid.Provider',
    }
@ -53,7 +53,7 @@ case $production {
      password        => $::fuel_settings['FUEL_ACCESS']['password'],
      enabled         => 'True',
      tenant          => 'admin',
-      replace_password => 'False',
+      replace_password => false,
    }

    keystone_user_role { 'admin@admin':
@ -81,9 +81,9 @@ case $production {

    # Keystone Endpoint
    class { 'keystone::endpoint':
-      public_address   => $::fuel_settings['ADMIN_NETWORK']['ipaddress'],
-      admin_address    => $::fuel_settings['ADMIN_NETWORK']['ipaddress'],
-      internal_address => $::fuel_settings['ADMIN_NETWORK']['ipaddress'],
+      public_url   => "http://${::fuel_settings['ADMIN_NETWORK']['ipaddress']}:5000",
+      admin_url    => "http://${::fuel_settings['ADMIN_NETWORK']['ipaddress']}:35357",
+      internal_url => "http://${::fuel_settings['ADMIN_NETWORK']['ipaddress']}:5000",
    }

    # Nailgun
--- a/deployment/puppet/openstack/manifests/keystone.pp
+++ b/deployment/puppet/openstack/manifests/keystone.pp
@ -37,13 +37,14 @@
 # class { 'openstack::keystone':
 #   db_host               => '127.0.0.1',
 #   keystone_db_password  => 'changeme',
-#   keystone_admin_token  => '12345',
-#   admin_email           => 'root@localhost',
 #   admin_password        => 'changeme',
 #   public_address        => '192.168.1.1',
 #  }

 class openstack::keystone (
+  $public_url,
+  $admin_url,
+  $internal_url,
  $db_host,
  $db_password,
  $admin_token,
@ -89,8 +90,8 @@ class openstack::keystone (
  $package_ensure              = present,
  $use_syslog                  = false,
  $syslog_log_facility         = 'LOG_LOCAL7',
-  $idle_timeout                = '200',
  $region                      = 'RegionOne',
+  $database_idle_timeout       = '200',
  $rabbit_hosts                = false,
  $rabbit_password             = 'guest',
  $rabbit_userid               = 'guest',
@ -98,11 +99,14 @@ class openstack::keystone (
  $max_pool_size               = '10',
  $max_overflow                = '30',
  $max_retries                 = '-1',
+  $token_caching               = false,
+  $cache_backend               = 'keystone.cache.memcache_pool',
+  $revoke_driver               = false,
 ) {

  # Install and configure Keystone
  if $db_type == 'mysql' {
-    $sql_conn = "mysql://${$db_user}:${db_password}@${db_host}/${db_name}?read_timeout=60"
+    $database_connection = "mysql://${$db_user}:${db_password}@${db_host}/${db_name}?read_timeout=60"
  } else {
    fail("db_type ${db_type} is not supported")
  }
@ -211,26 +215,29 @@ class openstack::keystone (
  }

  class { '::keystone':
-    verbose             => $verbose,
-    debug               => $debug,
-    catalog_type        => 'sql',
-    admin_token         => $admin_token,
-    enabled             => $enabled,
-    sql_connection      => $sql_conn,
-    public_bind_host    => $public_bind_host,
-    admin_bind_host     => $admin_bind_host,
-    package_ensure      => $package_ensure,
-    use_syslog          => $use_syslog,
-    idle_timeout        => $idle_timeout,
-    rabbit_password     => $rabbit_password,
-    rabbit_userid       => $rabbit_userid,
-    rabbit_hosts        => $rabbit_hosts,
-    rabbit_virtual_host => $rabbit_virtual_host,
-    memcache_servers    => $memcache_servers_real,
-    token_driver        => $token_driver,
-    token_provider      => 'keystone.token.providers.uuid.Provider',
-    notification_driver => $notification_driver,
-    notification_topics => $notification_topics,
+    verbose               => $verbose,
+    debug                 => $debug,
+    catalog_type          => 'sql',
+    admin_token           => $admin_token,
+    enabled               => $enabled,
+    database_connection   => $database_connection,
+    public_bind_host      => $public_bind_host,
+    admin_bind_host       => $admin_bind_host,
+    package_ensure        => $package_ensure,
+    use_syslog            => $use_syslog,
+    database_idle_timeout => $database_idle_timeout,
+    rabbit_password       => $rabbit_password,
+    rabbit_userid         => $rabbit_userid,
+    rabbit_hosts          => $rabbit_hosts,
+    rabbit_virtual_host   => $rabbit_virtual_host,
+    memcache_servers      => $memcache_servers_real,
+    token_driver          => $token_driver,
+    token_provider        => 'keystone.token.providers.uuid.Provider',
+    notification_driver   => $notification_driver,
+    notification_topics   => $notification_topics,
+    token_caching         => $token_caching,
+    cache_backend         => $cache_backend,
+    revoke_driver         => $revoke_driver,
  }

  if $::operatingsystem == 'Ubuntu' {
@ -249,16 +256,12 @@ class openstack::keystone (
  if $memcache_servers {
    Service<| title == 'memcached' |> -> Service<| title == 'keystone'|>
    keystone_config {
-      'token/caching':                      value => 'false';
-      'cache/enabled':                      value => 'true';
-      'cache/backend':                      value => 'keystone.cache.memcache_pool';
      'cache/memcache_servers':             value => join($memcache_servers_real, ',');
      'cache/memcache_dead_retry':          value => '30';
      'cache/memcache_socket_timeout':      value => '1';
      'cache/memcache_pool_maxsize':        value => '1000';
      'cache/memcache_pool_unused_timeout': value => '60';
      'memcache/dead_retry':                value => '30';
-      'revoke/driver':                      value => 'keystone.contrib.revoke.backends.sql.Revoke';
     }
  }

@ -314,10 +317,10 @@ class openstack::keystone (

    # Setup the Keystone Identity Endpoint
    class { 'keystone::endpoint':
-      public_address   => $public_address,
-      admin_address    => $admin_real,
-      internal_address => $internal_real,
-      region           => $region,
+      public_url   => $public_url,
+      admin_url    => $admin_url,
+      internal_url => $internal_url,
+      region       => $region,
    }
    Exec <| title == 'keystone-manage db_sync' |> -> Class['keystone::endpoint']
    Haproxy_backend_status<||> -> Class['keystone::endpoint']
--- a/deployment/puppet/osnailyfacter/modular/keystone/keystone.pp
+++ b/deployment/puppet/osnailyfacter/modular/keystone/keystone.pp
@ -43,6 +43,17 @@ $memcache_servers      = hiera('memcache_servers', $controller_nodes)
 $memcache_server_port  = hiera('memcache_server_port', '11211')
 $memcache_pool_maxsize = '100'

+$public_port = '5000'
+$admin_port = '35357'
+$internal_port = '5000'
+$public_protocol = 'http'
+
+$public_url = "${public_protocol}://${public_address}:${public_port}"
+$admin_url = "http://${admin_address}:${admin_port}"
+$internal_url = "http://${internal_address}:${internal_port}"
+
+$revoke_driver = 'keystone.contrib.revoke.backends.sql.Revoke'
+
 $glance_user_password     = $glance_hash['user_password']
 $nova_user_password       = $nova_hash['user_password']
 $cinder_user_password     = $cinder_hash['user_password']
@ -61,7 +72,7 @@ $rabbit_virtual_host = '/'
 $max_pool_size = hiera('max_pool_size')
 $max_overflow  = hiera('max_overflow')
 $max_retries   = '-1'
-$idle_timeout  = '3600'
+$database_idle_timeout  = '3600'

 $murano_settings_hash = hiera('murano_settings', {})
 if has_key($murano_settings_hash, 'murano_repo_url') {
@ -109,7 +120,11 @@ class { 'openstack::keystone':
  rabbit_userid            => $rabbit_user,
  rabbit_hosts             => $rabbit_hosts,
  rabbit_virtual_host      => $rabbit_virtual_host,
-  idle_timeout             => $idle_timeout,
+  database_idle_timeout    => $database_idle_timeout,
+  revoke_driver            => $revoke_driver,
+  public_url               => $public_url,
+  admin_url                => $admin_url,
+  internal_url             => $internal_url,
 }

 ####### WSGI ###########
@ -188,25 +203,6 @@ Service['keystone'] -> Haproxy_backend_status<||>
 Service<| title == 'httpd' |> -> Haproxy_backend_status<||>
 Haproxy_backend_status<||> -> Class['keystone::roles::admin']

-case $::osfamily {
-  'RedHat': {
-    $pymemcache_package_name      = 'python-memcached'
-  }
-  'Debian': {
-    $pymemcache_package_name      = 'python-memcache'
-  }
-  default: {
-    fail("The ${::osfamily} operating system is not supported")
-  }
-}
-
-package { 'python-memcache' :
-  ensure => present,
-  name   => $pymemcache_package_name,
-}
-
-Package['python-memcache'] -> Nova::Generic_service <||>
-
 ####### Disable upstart startup on install #######
 if($::operatingsystem == 'Ubuntu') {
  tweaks::ubuntu_service_override { 'keystone':
--- a/tests/noop/spec/hosts/keystone/keystone_db_spec.rb
+++ b/tests/noop/spec/hosts/keystone/keystone_db_spec.rb
@ -16,12 +16,11 @@ describe manifest do
        'allowed_hosts' => allowed_hosts,
      )
    end
-    #TODO: uncomment in keystone module adaptation patch
-#    allowed_hosts.each do |host|
-#      it "should define openstacklib::db::mysql::host_access for #{keystone_db_dbname} DB for #{host}" do
-#        should contain_openstacklib__db__mysql__host_access("#{keystone_db_dbname}_#{host}")
-#      end
-#    end
+    allowed_hosts.each do |host|
+      it "should define openstacklib::db::mysql::host_access for #{keystone_db_dbname} DB for #{host}" do
+        should contain_openstacklib__db__mysql__host_access("#{keystone_db_dbname}_#{host}")
+      end
+    end
  end # end of shared_examples
  test_ubuntu_and_centos manifest
 end
--- a/tests/noop/spec/hosts/keystone/keystone_spec.rb
+++ b/tests/noop/spec/hosts/keystone/keystone_spec.rb
@ -15,6 +15,13 @@ describe manifest do
    controller_nodes = Noop::Utils.ipsort(controller_internal_addresses.values)
    memcached_servers = controller_nodes.map{ |n| n = n + ':11211' }.join(',')
    admin_token = Noop.hiera_structure 'keystone/admin_token'
+    public_vip = Noop.hiera('public_vip')
+    management_vip= Noop.hiera('management_vip')
+    public_url = "http://#{public_vip}:5000"
+    admin_url = "http://#{management_vip}:35357"
+    internal_url = "http://#{internal_address}:5000"
+    revoke_driver = 'keystone.contrib.revoke.backends.sql.Revoke'
+    database_idle_timeout = '3600'

    it 'should declare keystone class with admin_token' do
      should contain_class('keystone').with(
@ -22,6 +29,13 @@ describe manifest do
      )
    end

+    it 'should declare openstack::keystone class with public_url,admin_url,internal_url' do
+        should contain_class('openstack::keystone').with('public_url' => public_url)
+        should contain_class('openstack::keystone').with('admin_url' => admin_url)
+        should contain_class('openstack::keystone').with('internal_url' => internal_url)
+    end
+
+
    it 'should configure memcache_pool keystone cache backend' do
      should contain_keystone_config('token/caching').with(:value => 'false')
      should contain_keystone_config('cache/enabled').with(:value => 'true')
@ -34,6 +48,19 @@ describe manifest do
      should contain_keystone_config('memcache/dead_retry').with(:value => '30')
    end

+    it 'should configure revoke_driver for keystone' do
+      should contain_keystone_config('revoke/driver').with(:value => revoke_driver)
+    end
+
+    it 'should configure database_idle_timeout for keystone' do
+      should contain_keystone_config('database/idle_timeout').with(:value => database_idle_timeout)
+    end
+
+    it 'should contain token_caching parameter for keystone set to false' do
+      should contain_class('keystone').with('token_caching' => 'false')
+      should contain_keystone_config('token/caching').with(:value => 'false')
+    end
+
    # it 'should declare keystone::wsgi::apache class with 4 workers on 4 CPU system' do
    #   should contain_class('keystone::wsgi::apache').with(
    #     'threads' => '1',