Updated keystone_admin conf section to reflect changes in middleware
keystonemiddleware module now prefers auth_uri (for public auth endpoint) and identity_uri (for admin auth endpoint). Made cisco plugin to use public auth_uri instead of identity_uri. identity_uri is used by keystonemiddleware only, anyway added it to several unit tests for consistency. DocImpact Closes-Bug: 1313783 Change-Id: I8bce9bfc01859dad82e5a98f4ac1da54ed86392a
This commit is contained in:
parent
5de1d2ed67
commit
c5928a4464
@ -589,9 +589,8 @@ lock_path = $state_path/lock
|
||||
# =========== end of items for agent management extension =====
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_host = 127.0.0.1
|
||||
auth_port = 35357
|
||||
auth_protocol = http
|
||||
auth_uri = http://127.0.0.1:35357/v2.0/
|
||||
identity_uri = http://127.0.0.1:5000
|
||||
admin_tenant_name = %SERVICE_TENANT_NAME%
|
||||
admin_user = %SERVICE_USER%
|
||||
admin_password = %SERVICE_PASSWORD%
|
||||
|
@ -357,3 +357,15 @@ def is_dvr_serviced(device_owner):
|
||||
q_const.DEVICE_OWNER_DHCP)
|
||||
return (device_owner.startswith('compute:') or
|
||||
device_owner in dvr_serviced_device_owners)
|
||||
|
||||
|
||||
def get_keystone_url(conf):
|
||||
if conf.auth_uri:
|
||||
auth_uri = conf.auth_uri.rstrip('/')
|
||||
else:
|
||||
auth_uri = ('%(protocol)s://%(host)s:%(port)s' %
|
||||
{'protocol': conf.auth_protocol,
|
||||
'host': conf.auth_host,
|
||||
'port': conf.auth_port})
|
||||
# NOTE(ihrachys): all existing consumers assume version 2.0
|
||||
return '%s/v2.0/' % auth_uri
|
||||
|
@ -108,7 +108,7 @@ class DeviceHandlingMixin(object):
|
||||
def l3_tenant_id(cls):
|
||||
"""Returns id of tenant owning hosting device resources."""
|
||||
if cls._l3_tenant_uuid is None:
|
||||
auth_url = cfg.CONF.keystone_authtoken.identity_uri + "/v2.0"
|
||||
auth_url = cfg.CONF.keystone_authtoken.auth_uri
|
||||
user = cfg.CONF.keystone_authtoken.admin_user
|
||||
pw = cfg.CONF.keystone_authtoken.admin_password
|
||||
tenant = cfg.CONF.keystone_authtoken.admin_tenant_name
|
||||
@ -336,7 +336,7 @@ class DeviceHandlingMixin(object):
|
||||
return True
|
||||
|
||||
def _setup_device_handling(self):
|
||||
auth_url = cfg.CONF.keystone_authtoken.identity_uri + "/v2.0"
|
||||
auth_url = cfg.CONF.keystone_authtoken.auth_uri
|
||||
u_name = cfg.CONF.keystone_authtoken.admin_user
|
||||
pw = cfg.CONF.keystone_authtoken.admin_password
|
||||
tenant = cfg.CONF.general.l3_admin_tenant
|
||||
|
@ -23,6 +23,7 @@ from keystoneclient.v2_0 import client as keyclient
|
||||
from oslo.config import cfg
|
||||
|
||||
from neutron.api.v2 import attributes
|
||||
from neutron.common import utils
|
||||
from neutron.i18n import _LE, _LI
|
||||
from neutron.openstack.common import log as logging
|
||||
from neutron.plugins.ibm.common import config # noqa
|
||||
@ -341,15 +342,14 @@ class KeystoneClient(object):
|
||||
auth_url=None):
|
||||
|
||||
keystone_conf = cfg.CONF.keystone_authtoken
|
||||
keystone_auth_url = ('%s://%s:%s/v2.0/' %
|
||||
(keystone_conf.auth_protocol,
|
||||
keystone_conf.auth_host,
|
||||
keystone_conf.auth_port))
|
||||
|
||||
username = username or keystone_conf.admin_user
|
||||
tenant_name = tenant_name or keystone_conf.admin_tenant_name
|
||||
password = password or keystone_conf.admin_password
|
||||
auth_url = auth_url or keystone_auth_url
|
||||
# FIXME(ihrachys): plugins should not construct keystone URL
|
||||
# from configuration file and should instead rely on service
|
||||
# catalog contents
|
||||
auth_url = auth_url or utils.get_keystone_url(keystone_conf)
|
||||
|
||||
self.overlay_signature = cfg.CONF.SDNVE.overlay_signature
|
||||
self.of_signature = cfg.CONF.SDNVE.of_signature
|
||||
|
@ -20,6 +20,7 @@ import jsonrpclib
|
||||
from oslo.config import cfg
|
||||
|
||||
from neutron.common import constants as n_const
|
||||
from neutron.common import utils
|
||||
from neutron.i18n import _LI, _LW
|
||||
from neutron.openstack.common import log as logging
|
||||
from neutron.plugins.ml2.common import exceptions as ml2_exc
|
||||
@ -77,13 +78,6 @@ class AristaRPCWrapper(object):
|
||||
LOG.warn(_LW("'timestamp' command '%s' is not available on EOS"),
|
||||
cmd)
|
||||
|
||||
def _keystone_url(self):
|
||||
keystone_auth_url = ('%s://%s:%s/v2.0/' %
|
||||
(self.keystone_conf.auth_protocol,
|
||||
self.keystone_conf.auth_host,
|
||||
self.keystone_conf.auth_port))
|
||||
return keystone_auth_url
|
||||
|
||||
def get_tenants(self):
|
||||
"""Returns dict of all tenants known by EOS.
|
||||
|
||||
@ -389,18 +383,25 @@ class AristaRPCWrapper(object):
|
||||
This the initial handshake between Neutron and EOS.
|
||||
critical end-point information is registered with EOS.
|
||||
"""
|
||||
keystone_conf = self.keystone_conf
|
||||
# FIXME(ihrachys): plugins should not construct keystone URL
|
||||
# from configuration file and should instead rely on service
|
||||
# catalog contents
|
||||
auth_uri = utils.get_keystone_url(keystone_conf)
|
||||
|
||||
cmds = ['auth url %s user %s password %s tenant %s' % (
|
||||
self._keystone_url(),
|
||||
self.keystone_conf.admin_user,
|
||||
self.keystone_conf.admin_password,
|
||||
self.keystone_conf.admin_tenant_name)]
|
||||
cmds = ['auth url %(auth_url)s user %(user)s '
|
||||
'password %(password)s tenant %(tenant)s' %
|
||||
{'auth_url': auth_uri,
|
||||
'user': keystone_conf.admin_user,
|
||||
'password': keystone_conf.admin_password,
|
||||
'tenant': keystone_conf.admin_tenant_name}]
|
||||
|
||||
log_cmds = ['auth url %s user %s password %s tenant %s' % (
|
||||
self._keystone_url(),
|
||||
self.keystone_conf.admin_user,
|
||||
'******',
|
||||
self.keystone_conf.admin_tenant_name)]
|
||||
log_cmds = ['auth url %(auth_url)s user %(user)s '
|
||||
'password %(password)s tenant %(tenant)s' %
|
||||
{'auth_url': auth_uri,
|
||||
'user': keystone_conf.admin_user,
|
||||
'password': '******',
|
||||
'tenant': keystone_conf.admin_tenant_name}]
|
||||
|
||||
sync_interval_cmd = 'sync interval %d' % self.sync_interval
|
||||
cmds.append(sync_interval_cmd)
|
||||
|
@ -158,9 +158,8 @@ class L3RouterApplianceTestCaseBase(
|
||||
|
||||
cfg.CONF.set_override('allow_sorting', True)
|
||||
test_opts = [
|
||||
cfg.StrOpt('auth_protocol', default='http'),
|
||||
cfg.StrOpt('auth_host', default='localhost'),
|
||||
cfg.IntOpt('auth_port', default=35357),
|
||||
cfg.StrOpt('auth_uri', default='http://localhost:35357/v2.0/'),
|
||||
cfg.StrOpt('identity_uri', default='http://localhost:5000'),
|
||||
cfg.StrOpt('admin_user', default='neutron'),
|
||||
cfg.StrOpt('admin_password', default='secrete')]
|
||||
cfg.CONF.register_opts(test_opts, 'keystone_authtoken')
|
||||
|
@ -17,6 +17,7 @@ import mock
|
||||
from oslo.config import cfg
|
||||
|
||||
from neutron.common import constants as n_const
|
||||
from neutron.common import utils
|
||||
from neutron.extensions import portbindings
|
||||
from neutron.plugins.ml2.drivers.arista import db
|
||||
from neutron.plugins.ml2.drivers.arista import exceptions as arista_exc
|
||||
@ -525,13 +526,14 @@ class PositiveRPCWrapperValidConfigTestCase(base.BaseTestCase):
|
||||
def test_register_with_eos(self):
|
||||
self.drv.register_with_eos()
|
||||
auth = fake_keystone_info_class()
|
||||
keystone_url = '%s://%s:%s/v2.0/' % (auth.auth_protocol,
|
||||
auth.auth_host,
|
||||
auth.auth_port)
|
||||
auth_cmd = 'auth url %s user %s password %s tenant %s' % (keystone_url,
|
||||
auth.admin_user,
|
||||
auth.admin_password,
|
||||
auth.admin_tenant_name)
|
||||
auth_cmd = (
|
||||
'auth url %(auth_url)s user %(user)s '
|
||||
'password %(password)s tenant %(tenant)s' %
|
||||
{'auth_url': utils.get_keystone_url(auth),
|
||||
'user': auth.admin_user,
|
||||
'password': auth.admin_password,
|
||||
'tenant': auth.admin_tenant_name}
|
||||
)
|
||||
cmds = ['enable',
|
||||
'configure',
|
||||
'cvx',
|
||||
@ -713,9 +715,8 @@ class fake_keystone_info_class(object):
|
||||
Arista Driver expects Keystone auth info. This fake information
|
||||
is for testing only
|
||||
"""
|
||||
auth_protocol = 'abc'
|
||||
auth_host = 'host'
|
||||
auth_port = 5000
|
||||
auth_uri = 'abc://host:35357/v2.0/'
|
||||
identity_uri = 'abc://host:5000'
|
||||
admin_user = 'neutron'
|
||||
admin_password = 'fun'
|
||||
admin_tenant_name = 'tenant_name'
|
||||
|
@ -201,9 +201,8 @@ class KeyStoneInfo(object):
|
||||
"""To generate Keystone Authentication information
|
||||
Contrail Driver expects Keystone auth info for testing purpose.
|
||||
"""
|
||||
auth_protocol = 'http'
|
||||
auth_host = 'host'
|
||||
auth_port = 5000
|
||||
auth_uri = 'http://host:35357/v2.0/'
|
||||
identity_uri = 'http://host:5000'
|
||||
admin_user = 'neutron'
|
||||
admin_password = 'neutron'
|
||||
admin_token = 'neutron'
|
||||
|
Loading…
Reference in New Issue
Block a user