Updated keystone_admin conf section to reflect changes in middleware

keystonemiddleware module now prefers auth_uri (for public auth
endpoint) and identity_uri (for admin auth endpoint).

Made cisco plugin to use public auth_uri instead of identity_uri.

identity_uri is used by keystonemiddleware only, anyway added it to
several unit tests for consistency.

DocImpact
Closes-Bug: 1313783
Change-Id: I8bce9bfc01859dad82e5a98f4ac1da54ed86392a
This commit is contained in:
Ihar Hrachyshka 2014-04-28 15:02:34 +02:00
parent 5de1d2ed67
commit c5928a4464
8 changed files with 54 additions and 43 deletions

View File

@ -589,9 +589,8 @@ lock_path = $state_path/lock
# =========== end of items for agent management extension =====
[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:35357/v2.0/
identity_uri = http://127.0.0.1:5000
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%

View File

@ -357,3 +357,15 @@ def is_dvr_serviced(device_owner):
q_const.DEVICE_OWNER_DHCP)
return (device_owner.startswith('compute:') or
device_owner in dvr_serviced_device_owners)
def get_keystone_url(conf):
if conf.auth_uri:
auth_uri = conf.auth_uri.rstrip('/')
else:
auth_uri = ('%(protocol)s://%(host)s:%(port)s' %
{'protocol': conf.auth_protocol,
'host': conf.auth_host,
'port': conf.auth_port})
# NOTE(ihrachys): all existing consumers assume version 2.0
return '%s/v2.0/' % auth_uri

View File

@ -108,7 +108,7 @@ class DeviceHandlingMixin(object):
def l3_tenant_id(cls):
"""Returns id of tenant owning hosting device resources."""
if cls._l3_tenant_uuid is None:
auth_url = cfg.CONF.keystone_authtoken.identity_uri + "/v2.0"
auth_url = cfg.CONF.keystone_authtoken.auth_uri
user = cfg.CONF.keystone_authtoken.admin_user
pw = cfg.CONF.keystone_authtoken.admin_password
tenant = cfg.CONF.keystone_authtoken.admin_tenant_name
@ -336,7 +336,7 @@ class DeviceHandlingMixin(object):
return True
def _setup_device_handling(self):
auth_url = cfg.CONF.keystone_authtoken.identity_uri + "/v2.0"
auth_url = cfg.CONF.keystone_authtoken.auth_uri
u_name = cfg.CONF.keystone_authtoken.admin_user
pw = cfg.CONF.keystone_authtoken.admin_password
tenant = cfg.CONF.general.l3_admin_tenant

View File

@ -23,6 +23,7 @@ from keystoneclient.v2_0 import client as keyclient
from oslo.config import cfg
from neutron.api.v2 import attributes
from neutron.common import utils
from neutron.i18n import _LE, _LI
from neutron.openstack.common import log as logging
from neutron.plugins.ibm.common import config # noqa
@ -341,15 +342,14 @@ class KeystoneClient(object):
auth_url=None):
keystone_conf = cfg.CONF.keystone_authtoken
keystone_auth_url = ('%s://%s:%s/v2.0/' %
(keystone_conf.auth_protocol,
keystone_conf.auth_host,
keystone_conf.auth_port))
username = username or keystone_conf.admin_user
tenant_name = tenant_name or keystone_conf.admin_tenant_name
password = password or keystone_conf.admin_password
auth_url = auth_url or keystone_auth_url
# FIXME(ihrachys): plugins should not construct keystone URL
# from configuration file and should instead rely on service
# catalog contents
auth_url = auth_url or utils.get_keystone_url(keystone_conf)
self.overlay_signature = cfg.CONF.SDNVE.overlay_signature
self.of_signature = cfg.CONF.SDNVE.of_signature

View File

@ -20,6 +20,7 @@ import jsonrpclib
from oslo.config import cfg
from neutron.common import constants as n_const
from neutron.common import utils
from neutron.i18n import _LI, _LW
from neutron.openstack.common import log as logging
from neutron.plugins.ml2.common import exceptions as ml2_exc
@ -77,13 +78,6 @@ class AristaRPCWrapper(object):
LOG.warn(_LW("'timestamp' command '%s' is not available on EOS"),
cmd)
def _keystone_url(self):
keystone_auth_url = ('%s://%s:%s/v2.0/' %
(self.keystone_conf.auth_protocol,
self.keystone_conf.auth_host,
self.keystone_conf.auth_port))
return keystone_auth_url
def get_tenants(self):
"""Returns dict of all tenants known by EOS.
@ -389,18 +383,25 @@ class AristaRPCWrapper(object):
This the initial handshake between Neutron and EOS.
critical end-point information is registered with EOS.
"""
keystone_conf = self.keystone_conf
# FIXME(ihrachys): plugins should not construct keystone URL
# from configuration file and should instead rely on service
# catalog contents
auth_uri = utils.get_keystone_url(keystone_conf)
cmds = ['auth url %s user %s password %s tenant %s' % (
self._keystone_url(),
self.keystone_conf.admin_user,
self.keystone_conf.admin_password,
self.keystone_conf.admin_tenant_name)]
cmds = ['auth url %(auth_url)s user %(user)s '
'password %(password)s tenant %(tenant)s' %
{'auth_url': auth_uri,
'user': keystone_conf.admin_user,
'password': keystone_conf.admin_password,
'tenant': keystone_conf.admin_tenant_name}]
log_cmds = ['auth url %s user %s password %s tenant %s' % (
self._keystone_url(),
self.keystone_conf.admin_user,
'******',
self.keystone_conf.admin_tenant_name)]
log_cmds = ['auth url %(auth_url)s user %(user)s '
'password %(password)s tenant %(tenant)s' %
{'auth_url': auth_uri,
'user': keystone_conf.admin_user,
'password': '******',
'tenant': keystone_conf.admin_tenant_name}]
sync_interval_cmd = 'sync interval %d' % self.sync_interval
cmds.append(sync_interval_cmd)

View File

@ -158,9 +158,8 @@ class L3RouterApplianceTestCaseBase(
cfg.CONF.set_override('allow_sorting', True)
test_opts = [
cfg.StrOpt('auth_protocol', default='http'),
cfg.StrOpt('auth_host', default='localhost'),
cfg.IntOpt('auth_port', default=35357),
cfg.StrOpt('auth_uri', default='http://localhost:35357/v2.0/'),
cfg.StrOpt('identity_uri', default='http://localhost:5000'),
cfg.StrOpt('admin_user', default='neutron'),
cfg.StrOpt('admin_password', default='secrete')]
cfg.CONF.register_opts(test_opts, 'keystone_authtoken')

View File

@ -17,6 +17,7 @@ import mock
from oslo.config import cfg
from neutron.common import constants as n_const
from neutron.common import utils
from neutron.extensions import portbindings
from neutron.plugins.ml2.drivers.arista import db
from neutron.plugins.ml2.drivers.arista import exceptions as arista_exc
@ -525,13 +526,14 @@ class PositiveRPCWrapperValidConfigTestCase(base.BaseTestCase):
def test_register_with_eos(self):
self.drv.register_with_eos()
auth = fake_keystone_info_class()
keystone_url = '%s://%s:%s/v2.0/' % (auth.auth_protocol,
auth.auth_host,
auth.auth_port)
auth_cmd = 'auth url %s user %s password %s tenant %s' % (keystone_url,
auth.admin_user,
auth.admin_password,
auth.admin_tenant_name)
auth_cmd = (
'auth url %(auth_url)s user %(user)s '
'password %(password)s tenant %(tenant)s' %
{'auth_url': utils.get_keystone_url(auth),
'user': auth.admin_user,
'password': auth.admin_password,
'tenant': auth.admin_tenant_name}
)
cmds = ['enable',
'configure',
'cvx',
@ -713,9 +715,8 @@ class fake_keystone_info_class(object):
Arista Driver expects Keystone auth info. This fake information
is for testing only
"""
auth_protocol = 'abc'
auth_host = 'host'
auth_port = 5000
auth_uri = 'abc://host:35357/v2.0/'
identity_uri = 'abc://host:5000'
admin_user = 'neutron'
admin_password = 'fun'
admin_tenant_name = 'tenant_name'

View File

@ -201,9 +201,8 @@ class KeyStoneInfo(object):
"""To generate Keystone Authentication information
Contrail Driver expects Keystone auth info for testing purpose.
"""
auth_protocol = 'http'
auth_host = 'host'
auth_port = 5000
auth_uri = 'http://host:35357/v2.0/'
identity_uri = 'http://host:5000'
admin_user = 'neutron'
admin_password = 'neutron'
admin_token = 'neutron'