This commit moves conditionals based on values obtained from Facter
inside code blocks that are only executed on agents and replaces
the use of Facter['osfamily'].value with Facter.value:(:osfamily).
Without this change we are returning values based off the master's
facts, so if a Debian agent checks into a RedHat master then the type
is currently making a decision based off of RedHat and not the actual
OS of the agent running the catalog. Code ran outside blocks is
evaluated on masters and inside a block is evaluated by the agent when
the catalog is executed. We do not notice this because all our
testing uses "puppet apply" and autorequire only matters when they
find a matching resource name in the catalog. The latter results
in no error because the relationship is simply ignored on the Debian
agent if a package resource with the RedHat name is not found.
This issue was found by running facter 3, the C++11 re-implementation
under the jruby and clojure implemented puppetserver. The clojure
jni shim written so that facter can be ran inside of puppetserver does
not implement the [] method for the Facter module but the ruby shim
does. So I noticed that the code had an issue when
Facter['osfamily'].value was executed on the master, which returned a
not method error. Once again, something we didn't notice becuase we
do not test against a master. I decided to migrate to
Facter.value(:osfamily) to simply keep to an API that is consistent
across both puppet and puppetserver but fixing where the code runs
does actually solve the not method found error.
Change-Id: I773f20e0bc1e917f6ec5fa8830f5bbfa60b6cd8a
Some distros (RHEL based) have a single glance package. On those
distros the ensure_package/autorequire stuff doesn't quite work
correctly as per the type code it is assumed two packages 'glance-api'
and 'glance-registry'
This commit makes sure that on RHEL based distros type only autorequire
'openstack-glance' while on other distros it correctly autorequire
'glance-api' and 'glance-registry'
Change-Id: I17c84b2282beadaec80f4db42fa5696b7967159f
Closes-bug: #1493442
Co-Authored-By: Yanis Guenane <yguenane@redhat.com>
With the creation of the new openstack_config provider, some processing
that was done in glance_api_config has been centralized in
openstack_config.
The same changes apply for glance_registry_config and
glance_cache_config
Impacted methods are :
* section
* setting
* separator
Also, this commit adds the fact that, when passing a specific string
(ensure_absent_val) the provider will behave as if ensure => absent was
specified. '<SERVICE DEFAULT>' is the default value for
ensure_absent_val.
The use case is the following :
glance_api_config { 'DEFAULT/foo' : value => 'bar' } # will work as usual
glance_api_config { 'DEFAULT/foo' : value => '<SERVICE DEFAULT>' } # will mean absent
That means that all the current :
if $myvar {
glance_api_config { 'DEFAULT/foo' : value => $myvar }
} else {
glance_api_config { 'DEFAULT/foo' : ensure => absent }
}
can be removed in favor of :
glance_api_config { 'DEFAULT/foo' : value => $myvar }
If for any reason '<SERVICE DEFAULT>' turns out to be a valid value for
a specific parameter. One could by pass that doing the following :
glance_api_config { 'DEFAULT/foo' : value => '<SERVICE DEFAULT>',
ensure_absent_val => 'foo' }
Change-Id: I3bbdf63d1b9b5a2daba30fd4ba897db703f979ae
Depends-On: I0eeebde3aac2662cc7e69bfad7f8d2481463a218
Currently we specify the ordering of config resources wherever it is
necessary based on the presence of the file it will write to, or the
presence of the package in charge of providing the file it will write
to.
Those kind of ordering can be specified directly at the resource level
using the autorequire mechanism. With this patch, any config resource
will make sure the package in charge of providing the file will be
installed first.
Change-Id: Idb19da25958e79787b0c66e4ae275216849a9a2e
As we discovered before[1] with puppet-keystone, rspec-puppet has
trouble loading paths in some circumstances. This patch updates the
$LOAD_PATH in the newly rewritten glance_image type so that unit tests
in other modules can properly load the openstacklib backend.
[1] https://bugs.launchpad.net/puppet-keystone/+bug/1408531
Change-Id: Ifa3cbd46b8b32695848d4c2e8f837881c46a7d98
This patch changes the glance_image provider to use
puppet-openstacklib's authentication methods, which use
python-openstackclient as an interface, instead of the glance command
line client. The benefits of this is:
- Code reduction. This patch reduces the amount of code in the
glance parent provider and glance_image provider by reusing code from
Puppet::Provider::Openstack instead of implementing authentication,
retries, and response parsing in the provider.
- Presumed reduction in sudden API changes that require quick fixes in
this module, such as f377c0229c006b02f43a14be4979553e983cb98e.
- Ability to set project-based access control for images
Additional reasoning for this change is in the blueprint.
Important note: this change does not work on Ubuntu under Juno due to a
major bug in the version of python-openstackclient shipped in UCA [1].
This change targets the Kilo releases.
Note about performance: the self.instances and instances methods make
API requests for each image found in the list of instances. This is not
a change from how this was implemented before. The --long formatted
list, either from the glance client or openstackclient, does not
provide all information needed to query an instance and populate
setters. Future patches could possibly improve on this.
Other details of this change:
- Removes auth_glance method, replaced by the request and
glance_request methods
- Removes auth_glance_stdin method which was not being used
- Removes parse_table which is now unnecessary because openstackclient
formats its responses as CSV and Puppet::Provider::Openstack#request
returns the results a hash
- Removes remove_warnings methods which are handled by
Puppet::Provider::Openstack#request
- Removes list_glance_images and get_glance_image_attr which are
sufficiently replaced by using the 'list' and 'show' commands with
Puppet::Provider::Openstack's request method.
- Removed self.prefetch since we can't populate auth parameters during
a prefetch. Instead we prepopulate the list via the instances method.
- Added a flush method to do updates more efficiently
- Changed is_public property to accept true/false in addition to yes/no
and to munge to a symbol instead of a capitalized string, for
consistency with keystone_tenant's enabled property
- Move the reset method into the spec tests since it is only necessary
for testing
- Added tests for glance_image, which did not exist before
- Removed connection retry test since this is taken care of in
openstacklib
[1] https://bugs.launchpad.net/python-openstackclient/+bug/1269821
blueprint use-openstackclient-in-module-resources
Change-Id: Iceab5e1c6138e7aba0f883ed4acb8f7ecbcd2830
The location property of the glance_image type has nearly identical
functionality as the source param, yet one is a param and one is a
property. It is possible to change either of these for a glance image,
but only if it is as of yet unset, and therefore unsaved. It is not
possible to change the location of a glance image once it has been
saved, nor is it possible to query it afterward. Since having location
be a property when it is usually unsettable and is always unqueryable
does not make much sense, we change it to be a param to be consistent
with the source param.
Change-Id: I686c3fec9bf571d18e282888c626d795c9958a6b
Commit 031609b57284cf13877ce727c2e4672831a3dbe2 changed the way
is_public was munged. However, when testing it it looks like it
was always seen as an empty string after this, so all created
images were private. Changing the way the 'if' block is done fixes
it.
Change-Id: If2eb52a6d0d9be89c9323702616f62f8ecba5e02
glance expects True/False values whereas this type uses Yes/No.
Without this patch, puppet would return the following message with an
existing glance image with is_public attribute already set to 'True'.
puppet-agent[18190]: (/Stage[main]/Site::Controller/Glance_image[raring-server-cloudimg-amd64]/is_public) is_public changed 'True' to 'Yes'
Change-Id: I532e08e6815a8b03f5eb6a9495d886b9855762c8
Currently secrets like rabbit_password or admin_password are displayed in
puppet logs when changed. This commit changes glance_*_config and
glance_*_ini types adding a new parameter that triggers obfuscation of
the values in puppet logs.
Change-Id: I31f974a9afadef42939ee092ecba3b8f4333bb8b
Closes-Bug: #1328448
This patch allows the usage of Puppet boolean values and still
configure values with OpenStack boolean style: True/False.
Change-Id: I1f96bf979e67fd7fb8fd1d984809fd072783224c
- Add native types to manage all existing ini files
- remove all unused templates
- convert all concat with ini_setting resources
- remove all concat code
