Adapt synced keystone module
* add new parameters: public_url, admin_url, internal_url, mysql_module, token_caching cache_backend, revoke_driver * replase old parameters with new: idle_timeout -> database_idle_timeout * installing python-memcache has been moved to module * added noop tests for new variables * fix pep8 errors Partially Implements: blueprint upgrade-openstack-puppet-modules Change-Id: I33cbabd5e623fc9920107a3f8c2258bd7e47346e
This commit is contained in:
parent
252969895a
commit
fa5366b7a1
@ -13,7 +13,8 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
#
|
#
|
||||||
# This file was copied from https://github.com/openstack/keystone/raw/0b676730347c76c7f64a67c1ad0135663e99c4fc/httpd/keystone.py
|
# This file was copied from
|
||||||
|
# raw.githubusercontent.com/openstack/keystone/a4f29db/httpd/keystone.py
|
||||||
# It's only required for platforms on which it is not packaged yet.
|
# It's only required for platforms on which it is not packaged yet.
|
||||||
# It should be removed when available everywhere in a package.
|
# It should be removed when available everywhere in a package.
|
||||||
#
|
#
|
||||||
|
@ -20,7 +20,7 @@ case $production {
|
|||||||
class { 'keystone':
|
class { 'keystone':
|
||||||
admin_token => $::fuel_settings['keystone']['admin_token'],
|
admin_token => $::fuel_settings['keystone']['admin_token'],
|
||||||
catalog_type => 'sql',
|
catalog_type => 'sql',
|
||||||
sql_connection => "postgresql://${::fuel_settings['postgres']['keystone_user']}:${::fuel_settings['postgres']['keystone_password']}@${::fuel_settings['ADMIN_NETWORK']['ipaddress']}/${::fuel_settings['postgres']['keystone_dbname']}",
|
database_connection => "postgresql://${::fuel_settings['postgres']['keystone_user']}:${::fuel_settings['postgres']['keystone_password']}@${::fuel_settings['ADMIN_NETWORK']['ipaddress']}/${::fuel_settings['postgres']['keystone_dbname']}",
|
||||||
token_expiration => 86400,
|
token_expiration => 86400,
|
||||||
token_provider => 'keystone.token.providers.uuid.Provider',
|
token_provider => 'keystone.token.providers.uuid.Provider',
|
||||||
}
|
}
|
||||||
@ -53,7 +53,7 @@ case $production {
|
|||||||
password => $::fuel_settings['FUEL_ACCESS']['password'],
|
password => $::fuel_settings['FUEL_ACCESS']['password'],
|
||||||
enabled => 'True',
|
enabled => 'True',
|
||||||
tenant => 'admin',
|
tenant => 'admin',
|
||||||
replace_password => 'False',
|
replace_password => false,
|
||||||
}
|
}
|
||||||
|
|
||||||
keystone_user_role { 'admin@admin':
|
keystone_user_role { 'admin@admin':
|
||||||
@ -81,9 +81,9 @@ case $production {
|
|||||||
|
|
||||||
# Keystone Endpoint
|
# Keystone Endpoint
|
||||||
class { 'keystone::endpoint':
|
class { 'keystone::endpoint':
|
||||||
public_address => $::fuel_settings['ADMIN_NETWORK']['ipaddress'],
|
public_url => "http://${::fuel_settings['ADMIN_NETWORK']['ipaddress']}:5000",
|
||||||
admin_address => $::fuel_settings['ADMIN_NETWORK']['ipaddress'],
|
admin_url => "http://${::fuel_settings['ADMIN_NETWORK']['ipaddress']}:35357",
|
||||||
internal_address => $::fuel_settings['ADMIN_NETWORK']['ipaddress'],
|
internal_url => "http://${::fuel_settings['ADMIN_NETWORK']['ipaddress']}:5000",
|
||||||
}
|
}
|
||||||
|
|
||||||
# Nailgun
|
# Nailgun
|
||||||
|
@ -37,13 +37,14 @@
|
|||||||
# class { 'openstack::keystone':
|
# class { 'openstack::keystone':
|
||||||
# db_host => '127.0.0.1',
|
# db_host => '127.0.0.1',
|
||||||
# keystone_db_password => 'changeme',
|
# keystone_db_password => 'changeme',
|
||||||
# keystone_admin_token => '12345',
|
|
||||||
# admin_email => 'root@localhost',
|
|
||||||
# admin_password => 'changeme',
|
# admin_password => 'changeme',
|
||||||
# public_address => '192.168.1.1',
|
# public_address => '192.168.1.1',
|
||||||
# }
|
# }
|
||||||
|
|
||||||
class openstack::keystone (
|
class openstack::keystone (
|
||||||
|
$public_url,
|
||||||
|
$admin_url,
|
||||||
|
$internal_url,
|
||||||
$db_host,
|
$db_host,
|
||||||
$db_password,
|
$db_password,
|
||||||
$admin_token,
|
$admin_token,
|
||||||
@ -89,8 +90,8 @@ class openstack::keystone (
|
|||||||
$package_ensure = present,
|
$package_ensure = present,
|
||||||
$use_syslog = false,
|
$use_syslog = false,
|
||||||
$syslog_log_facility = 'LOG_LOCAL7',
|
$syslog_log_facility = 'LOG_LOCAL7',
|
||||||
$idle_timeout = '200',
|
|
||||||
$region = 'RegionOne',
|
$region = 'RegionOne',
|
||||||
|
$database_idle_timeout = '200',
|
||||||
$rabbit_hosts = false,
|
$rabbit_hosts = false,
|
||||||
$rabbit_password = 'guest',
|
$rabbit_password = 'guest',
|
||||||
$rabbit_userid = 'guest',
|
$rabbit_userid = 'guest',
|
||||||
@ -98,11 +99,14 @@ class openstack::keystone (
|
|||||||
$max_pool_size = '10',
|
$max_pool_size = '10',
|
||||||
$max_overflow = '30',
|
$max_overflow = '30',
|
||||||
$max_retries = '-1',
|
$max_retries = '-1',
|
||||||
|
$token_caching = false,
|
||||||
|
$cache_backend = 'keystone.cache.memcache_pool',
|
||||||
|
$revoke_driver = false,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
# Install and configure Keystone
|
# Install and configure Keystone
|
||||||
if $db_type == 'mysql' {
|
if $db_type == 'mysql' {
|
||||||
$sql_conn = "mysql://${$db_user}:${db_password}@${db_host}/${db_name}?read_timeout=60"
|
$database_connection = "mysql://${$db_user}:${db_password}@${db_host}/${db_name}?read_timeout=60"
|
||||||
} else {
|
} else {
|
||||||
fail("db_type ${db_type} is not supported")
|
fail("db_type ${db_type} is not supported")
|
||||||
}
|
}
|
||||||
@ -216,12 +220,12 @@ class openstack::keystone (
|
|||||||
catalog_type => 'sql',
|
catalog_type => 'sql',
|
||||||
admin_token => $admin_token,
|
admin_token => $admin_token,
|
||||||
enabled => $enabled,
|
enabled => $enabled,
|
||||||
sql_connection => $sql_conn,
|
database_connection => $database_connection,
|
||||||
public_bind_host => $public_bind_host,
|
public_bind_host => $public_bind_host,
|
||||||
admin_bind_host => $admin_bind_host,
|
admin_bind_host => $admin_bind_host,
|
||||||
package_ensure => $package_ensure,
|
package_ensure => $package_ensure,
|
||||||
use_syslog => $use_syslog,
|
use_syslog => $use_syslog,
|
||||||
idle_timeout => $idle_timeout,
|
database_idle_timeout => $database_idle_timeout,
|
||||||
rabbit_password => $rabbit_password,
|
rabbit_password => $rabbit_password,
|
||||||
rabbit_userid => $rabbit_userid,
|
rabbit_userid => $rabbit_userid,
|
||||||
rabbit_hosts => $rabbit_hosts,
|
rabbit_hosts => $rabbit_hosts,
|
||||||
@ -231,6 +235,9 @@ class openstack::keystone (
|
|||||||
token_provider => 'keystone.token.providers.uuid.Provider',
|
token_provider => 'keystone.token.providers.uuid.Provider',
|
||||||
notification_driver => $notification_driver,
|
notification_driver => $notification_driver,
|
||||||
notification_topics => $notification_topics,
|
notification_topics => $notification_topics,
|
||||||
|
token_caching => $token_caching,
|
||||||
|
cache_backend => $cache_backend,
|
||||||
|
revoke_driver => $revoke_driver,
|
||||||
}
|
}
|
||||||
|
|
||||||
if $::operatingsystem == 'Ubuntu' {
|
if $::operatingsystem == 'Ubuntu' {
|
||||||
@ -249,16 +256,12 @@ class openstack::keystone (
|
|||||||
if $memcache_servers {
|
if $memcache_servers {
|
||||||
Service<| title == 'memcached' |> -> Service<| title == 'keystone'|>
|
Service<| title == 'memcached' |> -> Service<| title == 'keystone'|>
|
||||||
keystone_config {
|
keystone_config {
|
||||||
'token/caching': value => 'false';
|
|
||||||
'cache/enabled': value => 'true';
|
|
||||||
'cache/backend': value => 'keystone.cache.memcache_pool';
|
|
||||||
'cache/memcache_servers': value => join($memcache_servers_real, ',');
|
'cache/memcache_servers': value => join($memcache_servers_real, ',');
|
||||||
'cache/memcache_dead_retry': value => '30';
|
'cache/memcache_dead_retry': value => '30';
|
||||||
'cache/memcache_socket_timeout': value => '1';
|
'cache/memcache_socket_timeout': value => '1';
|
||||||
'cache/memcache_pool_maxsize': value => '1000';
|
'cache/memcache_pool_maxsize': value => '1000';
|
||||||
'cache/memcache_pool_unused_timeout': value => '60';
|
'cache/memcache_pool_unused_timeout': value => '60';
|
||||||
'memcache/dead_retry': value => '30';
|
'memcache/dead_retry': value => '30';
|
||||||
'revoke/driver': value => 'keystone.contrib.revoke.backends.sql.Revoke';
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -314,9 +317,9 @@ class openstack::keystone (
|
|||||||
|
|
||||||
# Setup the Keystone Identity Endpoint
|
# Setup the Keystone Identity Endpoint
|
||||||
class { 'keystone::endpoint':
|
class { 'keystone::endpoint':
|
||||||
public_address => $public_address,
|
public_url => $public_url,
|
||||||
admin_address => $admin_real,
|
admin_url => $admin_url,
|
||||||
internal_address => $internal_real,
|
internal_url => $internal_url,
|
||||||
region => $region,
|
region => $region,
|
||||||
}
|
}
|
||||||
Exec <| title == 'keystone-manage db_sync' |> -> Class['keystone::endpoint']
|
Exec <| title == 'keystone-manage db_sync' |> -> Class['keystone::endpoint']
|
||||||
|
@ -43,6 +43,17 @@ $memcache_servers = hiera('memcache_servers', $controller_nodes)
|
|||||||
$memcache_server_port = hiera('memcache_server_port', '11211')
|
$memcache_server_port = hiera('memcache_server_port', '11211')
|
||||||
$memcache_pool_maxsize = '100'
|
$memcache_pool_maxsize = '100'
|
||||||
|
|
||||||
|
$public_port = '5000'
|
||||||
|
$admin_port = '35357'
|
||||||
|
$internal_port = '5000'
|
||||||
|
$public_protocol = 'http'
|
||||||
|
|
||||||
|
$public_url = "${public_protocol}://${public_address}:${public_port}"
|
||||||
|
$admin_url = "http://${admin_address}:${admin_port}"
|
||||||
|
$internal_url = "http://${internal_address}:${internal_port}"
|
||||||
|
|
||||||
|
$revoke_driver = 'keystone.contrib.revoke.backends.sql.Revoke'
|
||||||
|
|
||||||
$glance_user_password = $glance_hash['user_password']
|
$glance_user_password = $glance_hash['user_password']
|
||||||
$nova_user_password = $nova_hash['user_password']
|
$nova_user_password = $nova_hash['user_password']
|
||||||
$cinder_user_password = $cinder_hash['user_password']
|
$cinder_user_password = $cinder_hash['user_password']
|
||||||
@ -61,7 +72,7 @@ $rabbit_virtual_host = '/'
|
|||||||
$max_pool_size = hiera('max_pool_size')
|
$max_pool_size = hiera('max_pool_size')
|
||||||
$max_overflow = hiera('max_overflow')
|
$max_overflow = hiera('max_overflow')
|
||||||
$max_retries = '-1'
|
$max_retries = '-1'
|
||||||
$idle_timeout = '3600'
|
$database_idle_timeout = '3600'
|
||||||
|
|
||||||
$murano_settings_hash = hiera('murano_settings', {})
|
$murano_settings_hash = hiera('murano_settings', {})
|
||||||
if has_key($murano_settings_hash, 'murano_repo_url') {
|
if has_key($murano_settings_hash, 'murano_repo_url') {
|
||||||
@ -109,7 +120,11 @@ class { 'openstack::keystone':
|
|||||||
rabbit_userid => $rabbit_user,
|
rabbit_userid => $rabbit_user,
|
||||||
rabbit_hosts => $rabbit_hosts,
|
rabbit_hosts => $rabbit_hosts,
|
||||||
rabbit_virtual_host => $rabbit_virtual_host,
|
rabbit_virtual_host => $rabbit_virtual_host,
|
||||||
idle_timeout => $idle_timeout,
|
database_idle_timeout => $database_idle_timeout,
|
||||||
|
revoke_driver => $revoke_driver,
|
||||||
|
public_url => $public_url,
|
||||||
|
admin_url => $admin_url,
|
||||||
|
internal_url => $internal_url,
|
||||||
}
|
}
|
||||||
|
|
||||||
####### WSGI ###########
|
####### WSGI ###########
|
||||||
@ -188,25 +203,6 @@ Service['keystone'] -> Haproxy_backend_status<||>
|
|||||||
Service<| title == 'httpd' |> -> Haproxy_backend_status<||>
|
Service<| title == 'httpd' |> -> Haproxy_backend_status<||>
|
||||||
Haproxy_backend_status<||> -> Class['keystone::roles::admin']
|
Haproxy_backend_status<||> -> Class['keystone::roles::admin']
|
||||||
|
|
||||||
case $::osfamily {
|
|
||||||
'RedHat': {
|
|
||||||
$pymemcache_package_name = 'python-memcached'
|
|
||||||
}
|
|
||||||
'Debian': {
|
|
||||||
$pymemcache_package_name = 'python-memcache'
|
|
||||||
}
|
|
||||||
default: {
|
|
||||||
fail("The ${::osfamily} operating system is not supported")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
package { 'python-memcache' :
|
|
||||||
ensure => present,
|
|
||||||
name => $pymemcache_package_name,
|
|
||||||
}
|
|
||||||
|
|
||||||
Package['python-memcache'] -> Nova::Generic_service <||>
|
|
||||||
|
|
||||||
####### Disable upstart startup on install #######
|
####### Disable upstart startup on install #######
|
||||||
if($::operatingsystem == 'Ubuntu') {
|
if($::operatingsystem == 'Ubuntu') {
|
||||||
tweaks::ubuntu_service_override { 'keystone':
|
tweaks::ubuntu_service_override { 'keystone':
|
||||||
|
@ -16,12 +16,11 @@ describe manifest do
|
|||||||
'allowed_hosts' => allowed_hosts,
|
'allowed_hosts' => allowed_hosts,
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
#TODO: uncomment in keystone module adaptation patch
|
allowed_hosts.each do |host|
|
||||||
# allowed_hosts.each do |host|
|
it "should define openstacklib::db::mysql::host_access for #{keystone_db_dbname} DB for #{host}" do
|
||||||
# it "should define openstacklib::db::mysql::host_access for #{keystone_db_dbname} DB for #{host}" do
|
should contain_openstacklib__db__mysql__host_access("#{keystone_db_dbname}_#{host}")
|
||||||
# should contain_openstacklib__db__mysql__host_access("#{keystone_db_dbname}_#{host}")
|
end
|
||||||
# end
|
end
|
||||||
# end
|
|
||||||
end # end of shared_examples
|
end # end of shared_examples
|
||||||
test_ubuntu_and_centos manifest
|
test_ubuntu_and_centos manifest
|
||||||
end
|
end
|
||||||
|
@ -15,6 +15,13 @@ describe manifest do
|
|||||||
controller_nodes = Noop::Utils.ipsort(controller_internal_addresses.values)
|
controller_nodes = Noop::Utils.ipsort(controller_internal_addresses.values)
|
||||||
memcached_servers = controller_nodes.map{ |n| n = n + ':11211' }.join(',')
|
memcached_servers = controller_nodes.map{ |n| n = n + ':11211' }.join(',')
|
||||||
admin_token = Noop.hiera_structure 'keystone/admin_token'
|
admin_token = Noop.hiera_structure 'keystone/admin_token'
|
||||||
|
public_vip = Noop.hiera('public_vip')
|
||||||
|
management_vip= Noop.hiera('management_vip')
|
||||||
|
public_url = "http://#{public_vip}:5000"
|
||||||
|
admin_url = "http://#{management_vip}:35357"
|
||||||
|
internal_url = "http://#{internal_address}:5000"
|
||||||
|
revoke_driver = 'keystone.contrib.revoke.backends.sql.Revoke'
|
||||||
|
database_idle_timeout = '3600'
|
||||||
|
|
||||||
it 'should declare keystone class with admin_token' do
|
it 'should declare keystone class with admin_token' do
|
||||||
should contain_class('keystone').with(
|
should contain_class('keystone').with(
|
||||||
@ -22,6 +29,13 @@ describe manifest do
|
|||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'should declare openstack::keystone class with public_url,admin_url,internal_url' do
|
||||||
|
should contain_class('openstack::keystone').with('public_url' => public_url)
|
||||||
|
should contain_class('openstack::keystone').with('admin_url' => admin_url)
|
||||||
|
should contain_class('openstack::keystone').with('internal_url' => internal_url)
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
it 'should configure memcache_pool keystone cache backend' do
|
it 'should configure memcache_pool keystone cache backend' do
|
||||||
should contain_keystone_config('token/caching').with(:value => 'false')
|
should contain_keystone_config('token/caching').with(:value => 'false')
|
||||||
should contain_keystone_config('cache/enabled').with(:value => 'true')
|
should contain_keystone_config('cache/enabled').with(:value => 'true')
|
||||||
@ -34,6 +48,19 @@ describe manifest do
|
|||||||
should contain_keystone_config('memcache/dead_retry').with(:value => '30')
|
should contain_keystone_config('memcache/dead_retry').with(:value => '30')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'should configure revoke_driver for keystone' do
|
||||||
|
should contain_keystone_config('revoke/driver').with(:value => revoke_driver)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should configure database_idle_timeout for keystone' do
|
||||||
|
should contain_keystone_config('database/idle_timeout').with(:value => database_idle_timeout)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should contain token_caching parameter for keystone set to false' do
|
||||||
|
should contain_class('keystone').with('token_caching' => 'false')
|
||||||
|
should contain_keystone_config('token/caching').with(:value => 'false')
|
||||||
|
end
|
||||||
|
|
||||||
# it 'should declare keystone::wsgi::apache class with 4 workers on 4 CPU system' do
|
# it 'should declare keystone::wsgi::apache class with 4 workers on 4 CPU system' do
|
||||||
# should contain_class('keystone::wsgi::apache').with(
|
# should contain_class('keystone::wsgi::apache').with(
|
||||||
# 'threads' => '1',
|
# 'threads' => '1',
|
||||||
|
Loading…
Reference in New Issue
Block a user