Add separate manifest for configuring access to glance
Without these parameters ironic uses keystone_authtoken credentials. This is deprecated since Newton and can be removed at any moment. This patch provides a manifest to configure separate credentials and moves other related parameters to it. Change-Id: I1b367308fb4dd82a7c8702a5d4301dcfd3f24a34 Partial-Bug: #1661250
This commit is contained in:
parent
c8ad960a4c
commit
c995ec4840
79
manifests/glance.pp
Normal file
79
manifests/glance.pp
Normal file
@ -0,0 +1,79 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: ironic::glance
|
||||
#
|
||||
# [*auth_type*]
|
||||
# The authentication plugin to use when connecting to glance.
|
||||
# Defaults to 'password'
|
||||
#
|
||||
# [*auth_url*]
|
||||
# The address of the keystone api endpoint.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*project_name*]
|
||||
# The Keystone project name.
|
||||
# Defaults to 'services'
|
||||
#
|
||||
# [*username*]
|
||||
# The admin username for ironic to connect to glance.
|
||||
# Defaults to 'ironic'.
|
||||
#
|
||||
# [*password*]
|
||||
# The admin password for ironic to connect to glance.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*api_servers*]
|
||||
# (optional) A list of the glance api servers available to ironic.
|
||||
# Should be an array with [hostname|ip]:port
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*num_retries*]
|
||||
# (optional) Number retries when downloading an image from glance.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*api_insecure*]
|
||||
# (optional) Allow to perform insecure SSL (https) requests to glance.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
class ironic::glance (
|
||||
$auth_type = 'password',
|
||||
$auth_url = $::os_service_default,
|
||||
$project_name = 'services',
|
||||
$username = 'ironic',
|
||||
$password = $::os_service_default,
|
||||
$api_servers = $::os_service_default,
|
||||
$num_retries = $::os_service_default,
|
||||
$api_insecure = $::os_service_default,
|
||||
) {
|
||||
|
||||
$api_servers_real = pick($::ironic::glance_api_servers, $api_servers)
|
||||
if is_array($api_servers_real) {
|
||||
$api_servers_converted = join($api_servers_real, ',')
|
||||
} else {
|
||||
$api_servers_converted = $api_servers_real
|
||||
}
|
||||
|
||||
$num_retries_real = pick($::ironic::glance_num_retries, $num_retries)
|
||||
$api_insecure_real = pick($::ironic::glance_api_insecure, $api_insecure)
|
||||
|
||||
ironic_config {
|
||||
'glance/auth_type': value => $auth_type;
|
||||
'glance/username': value => $username;
|
||||
'glance/password': value => $password, secret => true;
|
||||
'glance/auth_url': value => $auth_url;
|
||||
'glance/project_name': value => $project_name;
|
||||
'glance/glance_api_servers': value => $api_servers_converted;
|
||||
'glance/glance_num_retries': value => $num_retries_real;
|
||||
'glance/glance_api_insecure': value => $api_insecure_real;
|
||||
}
|
||||
}
|
@ -231,19 +231,6 @@
|
||||
# (optional) If set, use this value for max_overflow with sqlalchemy.
|
||||
# Defaults to: undef
|
||||
#
|
||||
# [*glance_api_servers*]
|
||||
# (optional) A list of the glance api servers available to ironic.
|
||||
# Should be an array with [hostname|ip]:port
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*glance_num_retries*]
|
||||
# (optional) Number retries when downloading an image from glance.
|
||||
# Defaults to 0
|
||||
#
|
||||
# [*glance_api_insecure*]
|
||||
# (optional) Allow to perform insecure SSL (https) requests to glance.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*sync_db*]
|
||||
# Enable dbsync
|
||||
# Defaults to true
|
||||
@ -289,6 +276,19 @@
|
||||
# (optional) The RabbitMQ virtual host. (string value)
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*glance_api_servers*]
|
||||
# (optional) A list of the glance api servers available to ironic.
|
||||
# Should be an array with [hostname|ip]:port
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*glance_num_retries*]
|
||||
# (optional) Number retries when downloading an image from glance.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*glance_api_insecure*]
|
||||
# (optional) Allow to perform insecure SSL (https) requests to glance.
|
||||
# Defaults to undef
|
||||
#
|
||||
class ironic (
|
||||
$enabled = true,
|
||||
$package_ensure = 'present',
|
||||
@ -338,9 +338,6 @@ class ironic (
|
||||
$database_min_pool_size = undef,
|
||||
$database_max_pool_size = undef,
|
||||
$database_max_overflow = undef,
|
||||
$glance_api_servers = undef,
|
||||
$glance_num_retries = '0',
|
||||
$glance_api_insecure = false,
|
||||
$sync_db = true,
|
||||
$purge_config = false,
|
||||
# DEPRECATED PARAMETERS
|
||||
@ -352,6 +349,9 @@ class ironic (
|
||||
$rabbit_port = $::os_service_default,
|
||||
$rabbit_userid = $::os_service_default,
|
||||
$rabbit_virtual_host = $::os_service_default,
|
||||
$glance_api_servers = undef,
|
||||
$glance_num_retries = undef,
|
||||
$glance_api_insecure = undef,
|
||||
) {
|
||||
|
||||
include ::ironic::deps
|
||||
@ -359,6 +359,8 @@ class ironic (
|
||||
include ::ironic::db
|
||||
include ::ironic::params
|
||||
|
||||
include ::ironic::glance
|
||||
|
||||
if $rabbit_user {
|
||||
warning('The rabbit_user parameter is deprecated. Please use rabbit_userid instead.')
|
||||
$rabbit_user_real = $rabbit_user
|
||||
@ -377,6 +379,12 @@ ironic::rabbit_port, ironic::rabbit_userid and ironic::rabbit_virtual_host are \
|
||||
deprecated. Please use ironic::default_transport_url instead.")
|
||||
}
|
||||
|
||||
if $glance_api_servers or $glance_api_insecure or $glance_num_retries {
|
||||
warning("ironic::glance_api_servers, ironic::glance_api_insecure, \
|
||||
ironic::glance_num_retries are deprecated in favor of ironic::glance::api_servers, \
|
||||
ironic::glance::api_insecure and ironic::glance::num_retries accordingly")
|
||||
}
|
||||
|
||||
package { 'ironic-common':
|
||||
ensure => $package_ensure,
|
||||
name => $::ironic::params::common_package_name,
|
||||
@ -393,21 +401,9 @@ deprecated. Please use ironic::default_transport_url instead.")
|
||||
purge => $purge_config,
|
||||
}
|
||||
|
||||
if is_array($glance_api_servers) {
|
||||
ironic_config {
|
||||
'glance/glance_api_servers': value => join($glance_api_servers, ',');
|
||||
}
|
||||
} elsif is_string($glance_api_servers) {
|
||||
ironic_config {
|
||||
'glance/glance_api_servers': value => $glance_api_servers;
|
||||
}
|
||||
}
|
||||
|
||||
ironic_config {
|
||||
'DEFAULT/auth_strategy': value => $auth_strategy;
|
||||
'DEFAULT/my_ip': value => $my_ip;
|
||||
'glance/glance_num_retries': value => $glance_num_retries;
|
||||
'glance/glance_api_insecure': value => $glance_api_insecure;
|
||||
}
|
||||
|
||||
if $sync_db {
|
||||
|
12
releasenotes/notes/glance-manifest-8fbe400720ffc60e.yaml
Normal file
12
releasenotes/notes/glance-manifest-8fbe400720ffc60e.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
New manifest "ironic::glance" to set parameters for connecting to glance.
|
||||
Please set credentials for ironic to access glance using this manifest,
|
||||
otherwise ironic falls back to using "keystone_authtoken" credentials,
|
||||
which are deprecated for this purpose.
|
||||
deprecations:
|
||||
- |
|
||||
Parameters "glance_api_services", "glance_api_insecure" and
|
||||
"glance_num_retries" are deprecated, please use parameters "api_services",
|
||||
"api_insecure" and "num_retries" for new "ironic::glance" manifest.
|
113
spec/classes/ironic_glance_spec.rb
Normal file
113
spec/classes/ironic_glance_spec.rb
Normal file
@ -0,0 +1,113 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# Unit tests for ironic::glance
|
||||
#
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'ironic::glance' do
|
||||
|
||||
let :default_params do
|
||||
{ :auth_type => 'password',
|
||||
:project_name => 'services',
|
||||
:username => 'ironic',
|
||||
}
|
||||
end
|
||||
|
||||
let :params do
|
||||
{}
|
||||
end
|
||||
|
||||
shared_examples_for 'ironic glance configuration' do
|
||||
let :p do
|
||||
default_params.merge(params)
|
||||
end
|
||||
|
||||
it 'configures ironic.conf' do
|
||||
is_expected.to contain_ironic_config('glance/auth_type').with_value(p[:auth_type])
|
||||
is_expected.to contain_ironic_config('glance/auth_url').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
|
||||
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
|
||||
is_expected.to contain_ironic_config('glance/password').with_value('<SERVICE DEFAULT>').with_secret(true)
|
||||
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value('<SERVICE DEFAULT>')
|
||||
end
|
||||
|
||||
context 'when overriding parameters' do
|
||||
before :each do
|
||||
params.merge!(
|
||||
:auth_type => 'noauth',
|
||||
:auth_url => 'http://example.com',
|
||||
:project_name => 'project1',
|
||||
:username => 'admin',
|
||||
:password => 'pa$$w0rd',
|
||||
:api_servers => '10.0.0.1:9292',
|
||||
:api_insecure => true,
|
||||
:num_retries => 42
|
||||
)
|
||||
end
|
||||
|
||||
it 'should replace default parameter with new value' do
|
||||
is_expected.to contain_ironic_config('glance/auth_type').with_value(p[:auth_type])
|
||||
is_expected.to contain_ironic_config('glance/auth_url').with_value(p[:auth_url])
|
||||
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
|
||||
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
|
||||
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
|
||||
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers])
|
||||
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
|
||||
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])
|
||||
end
|
||||
end
|
||||
|
||||
context 'when overriding parameters with 2 glance servers' do
|
||||
before :each do
|
||||
params.merge!(
|
||||
:auth_type => 'noauth',
|
||||
:auth_url => 'http://example.com',
|
||||
:project_name => 'project1',
|
||||
:username => 'admin',
|
||||
:password => 'pa$$w0rd',
|
||||
:api_servers => ['10.0.0.1:9292','10.0.0.2:9292'],
|
||||
:api_insecure => true,
|
||||
:num_retries => 42
|
||||
)
|
||||
end
|
||||
|
||||
it 'should replace default parameter with new value' do
|
||||
is_expected.to contain_ironic_config('glance/auth_type').with_value(p[:auth_type])
|
||||
is_expected.to contain_ironic_config('glance/auth_url').with_value(p[:auth_url])
|
||||
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
|
||||
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
|
||||
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
|
||||
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers].join(','))
|
||||
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
|
||||
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
it_behaves_like 'ironic glance configuration'
|
||||
end
|
||||
end
|
||||
|
||||
end
|
@ -30,8 +30,6 @@ describe 'ironic' do
|
||||
:database_idle_timeout => 3600,
|
||||
:database_reconnect_interval => 10,
|
||||
:database_retry_interval => 10,
|
||||
:glance_num_retries => 0,
|
||||
:glance_api_insecure => false,
|
||||
:purge_config => false,
|
||||
}
|
||||
end
|
||||
@ -45,8 +43,6 @@ describe 'ironic' do
|
||||
it_configures 'with SSL enabled with kombu'
|
||||
it_configures 'with amqp_durable_queues disabled'
|
||||
it_configures 'with amqp_durable_queues enabled'
|
||||
it_configures 'with one glance server'
|
||||
it_configures 'with two glance servers'
|
||||
end
|
||||
|
||||
context 'and if rabbit_hosts parameter is provided' do
|
||||
@ -75,6 +71,8 @@ describe 'ironic' do
|
||||
it { is_expected.to contain_class('ironic::logging') }
|
||||
it { is_expected.to contain_class('ironic::params') }
|
||||
|
||||
it { is_expected.to contain_class('ironic::glance') }
|
||||
|
||||
it 'installs ironic-common package' do
|
||||
is_expected.to contain_package('ironic-common').with(
|
||||
:ensure => 'present',
|
||||
@ -111,11 +109,6 @@ describe 'ironic' do
|
||||
is_expected.to contain_ironic_config('database/retry_interval').with_value(params[:database_retry_interval])
|
||||
end
|
||||
|
||||
it 'configures glance connection' do
|
||||
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(params[:glance_num_retries])
|
||||
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(params[:glance_api_insecure])
|
||||
end
|
||||
|
||||
it 'configures ironic.conf' do
|
||||
is_expected.to contain_ironic_config('DEFAULT/auth_strategy').with_value('keystone')
|
||||
is_expected.to contain_ironic_config('DEFAULT/my_ip').with_value('<SERVICE DEFAULT>')
|
||||
@ -208,26 +201,6 @@ describe 'ironic' do
|
||||
it { is_expected.to contain_ironic_config('oslo_messaging_rabbit/amqp_durable_queues').with_value(true) }
|
||||
end
|
||||
|
||||
shared_examples_for 'with one glance server' do
|
||||
before do
|
||||
params.merge!(:glance_api_servers => '10.0.0.1:9292')
|
||||
end
|
||||
|
||||
it 'should configure one glance server' do
|
||||
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(params[:glance_api_servers])
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'with two glance servers' do
|
||||
before do
|
||||
params.merge!(:glance_api_servers => ['10.0.0.1:9292','10.0.0.2:9292'])
|
||||
end
|
||||
|
||||
it 'should configure one glance server' do
|
||||
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(params[:glance_api_servers].join(','))
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'amqp support' do
|
||||
context 'with default parameters' do
|
||||
before { params.merge!( :rpc_backend => 'amqp' ) }
|
||||
|
Loading…
Reference in New Issue
Block a user