openstack
/
puppet-glance
Code Issues Proposed changes

Merge "api: allow ssl communications with registry"

Browse Source
changes/55/292155/1
Jenkins 7 years ago committed by Gerrit Code Review
parent 7d1c73ba0a 7bf43b2b13
commit fbf285e95d
2 changed files with 96 additions and 88 deletions
Show Stats Download Patch File Download Diff File

163
manifests/api.pp
Unescape View File

@ -175,15 +175,30 @@
#
# [*cert_file*]
# (optinal) Certificate file to use when starting API server securely
# Defaults to false, not set
# Defaults to $::os_service_default
#
# [*key_file*]
# (optional) Private key file to use when starting API server securely
# Defaults to false, not set
# Defaults to $::os_service_default
#
# [*ca_file*]
# (optional) CA certificate file to use to verify connecting clients
# Defaults to false, not set
# Defaults to $::os_service_default
#
# [*registry_client_cert_file*]
# (optinal) The path to the cert file to use in SSL connections to the
# registry server.
# Defaults to $::os_service_default
#
# [*registry_client_key_file*]
# (optinal) The path to the private key file to use in SSL connections to the
# registry server.
# Defaults to $::os_service_default
#
# [*registry_client_ca_file*]
# (optinal) The path to the CA certificate file to use in SSL connections to the
# registry server.
# Defaults to $::os_service_default
#
# [*stores*]
# (optional) List of which store classes and store class locations are
@ -254,60 +269,63 @@
#
class glance::api(
$keystone_password,
$package_ensure = 'present',
$verbose = undef,
$debug = undef,
$bind_host = '0.0.0.0',
$bind_port = '9292',
$backlog = '4096',
$workers = $::processorcount,
$log_file = undef,
$log_dir = undef,
$registry_host = '0.0.0.0',
$registry_port = '9191',
$registry_client_protocol = 'http',
$scrub_time = $::os_service_default,
$delayed_delete = $::os_service_default,
$auth_type = 'keystone',
$auth_region = $::os_service_default,
$auth_uri = 'http://127.0.0.1:5000/',
$identity_uri = 'http://127.0.0.1:35357/',
$memcached_servers = $::os_service_default,
$pipeline = 'keystone',
$keystone_tenant = 'services',
$keystone_user = 'glance',
$manage_service = true,
$enabled = true,
$use_syslog = undef,
$use_stderr = undef,
$log_facility = undef,
$show_image_direct_url = false,
$show_multiple_locations = $::os_service_default,
$location_strategy = $::os_service_default,
$purge_config = false,
$cert_file = false,
$key_file = false,
$ca_file = false,
$stores = false,
$default_store = undef,
$multi_store = false,
$database_connection = undef,
$database_idle_timeout = undef,
$database_min_pool_size = undef,
$database_max_pool_size = undef,
$database_max_retries = undef,
$database_retry_interval = undef,
$database_max_overflow = undef,
$image_cache_max_size = $::os_service_default,
$image_cache_stall_time = $::os_service_default,
$image_cache_dir = '/var/lib/glance/image-cache',
$os_region_name = 'RegionOne',
$signing_dir = $::os_service_default,
$token_cache_time = $::os_service_default,
$validate = false,
$validation_options = {},
$package_ensure = 'present',
$verbose = undef,
$debug = undef,
$bind_host = '0.0.0.0',
$bind_port = '9292',
$backlog = '4096',
$workers = $::processorcount,
$log_file = undef,
$log_dir = undef,
$registry_host = '0.0.0.0',
$registry_port = '9191',
$registry_client_protocol = 'http',
$scrub_time = $::os_service_default,
$delayed_delete = $::os_service_default,
$auth_type = 'keystone',
$auth_region = $::os_service_default,
$auth_uri = 'http://127.0.0.1:5000/',
$identity_uri = 'http://127.0.0.1:35357/',
$memcached_servers = $::os_service_default,
$pipeline = 'keystone',
$keystone_tenant = 'services',
$keystone_user = 'glance',
$manage_service = true,
$enabled = true,
$use_syslog = undef,
$use_stderr = undef,
$log_facility = undef,
$show_image_direct_url = false,
$show_multiple_locations = $::os_service_default,
$location_strategy = $::os_service_default,
$purge_config = false,
$cert_file = $::os_service_default,
$key_file = $::os_service_default,
$ca_file = $::os_service_default,
$registry_client_cert_file = $::os_service_default,
$registry_client_key_file = $::os_service_default,
$registry_client_ca_file = $::os_service_default,
$stores = false,
$default_store = undef,
$multi_store = false,
$database_connection = undef,
$database_idle_timeout = undef,
$database_min_pool_size = undef,
$database_max_pool_size = undef,
$database_max_retries = undef,
$database_retry_interval = undef,
$database_max_overflow = undef,
$image_cache_max_size = $::os_service_default,
$image_cache_stall_time = $::os_service_default,
$image_cache_dir = '/var/lib/glance/image-cache',
$os_region_name = 'RegionOne',
$signing_dir = $::os_service_default,
$token_cache_time = $::os_service_default,
$validate = false,
$validation_options = {},
# DEPRECATED PARAMETERS
$known_stores = false,
$known_stores = false,
) inherits glance {
include ::glance::policy
@ -452,32 +470,13 @@ class glance::api(
}
# SSL Options
if $cert_file {
glance_api_config {
'DEFAULT/cert_file' : value => $cert_file;
}
} else {
glance_api_config {
'DEFAULT/cert_file': ensure => absent;
}
}
if $key_file {
glance_api_config {
'DEFAULT/key_file' : value => $key_file;
}
} else {
glance_api_config {
'DEFAULT/key_file': ensure => absent;
}
}
if $ca_file {
glance_api_config {
'DEFAULT/ca_file' : value => $ca_file;
}
} else {
glance_api_config {
'DEFAULT/ca_file': ensure => absent;
}
glance_api_config {
'DEFAULT/cert_file': value => $cert_file;
'DEFAULT/key_file' : value => $key_file;
'DEFAULT/ca_file' : value => $ca_file;
'DEFAULT/registry_client_ca_file': value => $registry_client_ca_file;
'DEFAULT/registry_client_cert_file': value => $registry_client_cert_file;
'DEFAULT/registry_client_key_file': value => $registry_client_key_file;
}
if $manage_service {

21
spec/classes/glance_api_spec.rb
Unescape View File

@ -146,9 +146,12 @@ describe 'glance::api' do
end
it 'is_expected.to have no ssl options' do
is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_ensure('absent')
is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_ensure('absent')
is_expected.to contain_glance_api_config('DEFAULT/key_file').with_ensure('absent')
is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_value('<SERVICE DEFAULT>')
is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_value('<SERVICE DEFAULT>')
is_expected.to contain_glance_api_config('DEFAULT/key_file').with_value('<SERVICE DEFAULT>')
is_expected.to contain_glance_api_config('DEFAULT/registry_client_ca_file').with_value('<SERVICE DEFAULT>')
is_expected.to contain_glance_api_config('DEFAULT/registry_client_cert_file').with_value('<SERVICE DEFAULT>')
is_expected.to contain_glance_api_config('DEFAULT/registry_client_key_file').with_value('<SERVICE DEFAULT>')
end
it 'is_expected.to configure itself for keystone if that is the auth_type' do
@ -233,9 +236,12 @@ describe 'glance::api' do
describe 'with ssl options' do
let :params do
default_params.merge({
:ca_file => '/tmp/ca_file',
:cert_file => '/tmp/cert_file',
:key_file => '/tmp/key_file'
:ca_file => '/tmp/ca_file',
:cert_file => '/tmp/cert_file',
:key_file => '/tmp/key_file',
:registry_client_ca_file => '/tmp/registry_ca_file',
:registry_client_key_file => '/tmp/registry_key_file',
:registry_client_cert_file => '/tmp/registry_cert_file',
})
end
@ -243,6 +249,9 @@ describe 'glance::api' do
it { is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_value('/tmp/ca_file') }
it { is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_value('/tmp/cert_file') }
it { is_expected.to contain_glance_api_config('DEFAULT/key_file').with_value('/tmp/key_file') }
it { is_expected.to contain_glance_api_config('DEFAULT/registry_client_ca_file').with_value('/tmp/registry_ca_file') }
it { is_expected.to contain_glance_api_config('DEFAULT/registry_client_key_file').with_value('/tmp/registry_key_file') }
it { is_expected.to contain_glance_api_config('DEFAULT/registry_client_cert_file').with_value('/tmp/registry_cert_file') }
end
end
describe 'with stores by default' do

Write Preview
Loading…
Cancel
Save