From c995ec4840beb8a4aff7cc53f13c7c4089b0a2e2 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Thu, 2 Feb 2017 15:29:39 +0100 Subject: [PATCH] Add separate manifest for configuring access to glance Without these parameters ironic uses keystone_authtoken credentials. This is deprecated since Newton and can be removed at any moment. This patch provides a manifest to configure separate credentials and moves other related parameters to it. Change-Id: I1b367308fb4dd82a7c8702a5d4301dcfd3f24a34 Partial-Bug: #1661250 --- manifests/glance.pp | 79 ++++++++++++ manifests/init.pp | 52 ++++---- .../glance-manifest-8fbe400720ffc60e.yaml | 12 ++ spec/classes/ironic_glance_spec.rb | 113 ++++++++++++++++++ spec/classes/ironic_init_spec.rb | 31 +---- 5 files changed, 230 insertions(+), 57 deletions(-) create mode 100644 manifests/glance.pp create mode 100644 releasenotes/notes/glance-manifest-8fbe400720ffc60e.yaml create mode 100644 spec/classes/ironic_glance_spec.rb diff --git a/manifests/glance.pp b/manifests/glance.pp new file mode 100644 index 00000000..f770ac25 --- /dev/null +++ b/manifests/glance.pp @@ -0,0 +1,79 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: ironic::glance +# +# [*auth_type*] +# The authentication plugin to use when connecting to glance. +# Defaults to 'password' +# +# [*auth_url*] +# The address of the keystone api endpoint. +# Defaults to $::os_service_default +# +# [*project_name*] +# The Keystone project name. +# Defaults to 'services' +# +# [*username*] +# The admin username for ironic to connect to glance. +# Defaults to 'ironic'. +# +# [*password*] +# The admin password for ironic to connect to glance. +# Defaults to $::os_service_default +# +# [*api_servers*] +# (optional) A list of the glance api servers available to ironic. +# Should be an array with [hostname|ip]:port +# Defaults to $::os_service_default +# +# [*num_retries*] +# (optional) Number retries when downloading an image from glance. +# Defaults to $::os_service_default +# +# [*api_insecure*] +# (optional) Allow to perform insecure SSL (https) requests to glance. +# Defaults to $::os_service_default +# +class ironic::glance ( + $auth_type = 'password', + $auth_url = $::os_service_default, + $project_name = 'services', + $username = 'ironic', + $password = $::os_service_default, + $api_servers = $::os_service_default, + $num_retries = $::os_service_default, + $api_insecure = $::os_service_default, +) { + + $api_servers_real = pick($::ironic::glance_api_servers, $api_servers) + if is_array($api_servers_real) { + $api_servers_converted = join($api_servers_real, ',') + } else { + $api_servers_converted = $api_servers_real + } + + $num_retries_real = pick($::ironic::glance_num_retries, $num_retries) + $api_insecure_real = pick($::ironic::glance_api_insecure, $api_insecure) + + ironic_config { + 'glance/auth_type': value => $auth_type; + 'glance/username': value => $username; + 'glance/password': value => $password, secret => true; + 'glance/auth_url': value => $auth_url; + 'glance/project_name': value => $project_name; + 'glance/glance_api_servers': value => $api_servers_converted; + 'glance/glance_num_retries': value => $num_retries_real; + 'glance/glance_api_insecure': value => $api_insecure_real; + } +} diff --git a/manifests/init.pp b/manifests/init.pp index 8503bf51..64a3c056 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -231,19 +231,6 @@ # (optional) If set, use this value for max_overflow with sqlalchemy. # Defaults to: undef # -# [*glance_api_servers*] -# (optional) A list of the glance api servers available to ironic. -# Should be an array with [hostname|ip]:port -# Defaults to undef -# -# [*glance_num_retries*] -# (optional) Number retries when downloading an image from glance. -# Defaults to 0 -# -# [*glance_api_insecure*] -# (optional) Allow to perform insecure SSL (https) requests to glance. -# Defaults to false -# # [*sync_db*] # Enable dbsync # Defaults to true @@ -289,6 +276,19 @@ # (optional) The RabbitMQ virtual host. (string value) # Defaults to $::os_service_default # +# [*glance_api_servers*] +# (optional) A list of the glance api servers available to ironic. +# Should be an array with [hostname|ip]:port +# Defaults to undef +# +# [*glance_num_retries*] +# (optional) Number retries when downloading an image from glance. +# Defaults to undef +# +# [*glance_api_insecure*] +# (optional) Allow to perform insecure SSL (https) requests to glance. +# Defaults to undef +# class ironic ( $enabled = true, $package_ensure = 'present', @@ -338,9 +338,6 @@ class ironic ( $database_min_pool_size = undef, $database_max_pool_size = undef, $database_max_overflow = undef, - $glance_api_servers = undef, - $glance_num_retries = '0', - $glance_api_insecure = false, $sync_db = true, $purge_config = false, # DEPRECATED PARAMETERS @@ -352,6 +349,9 @@ class ironic ( $rabbit_port = $::os_service_default, $rabbit_userid = $::os_service_default, $rabbit_virtual_host = $::os_service_default, + $glance_api_servers = undef, + $glance_num_retries = undef, + $glance_api_insecure = undef, ) { include ::ironic::deps @@ -359,6 +359,8 @@ class ironic ( include ::ironic::db include ::ironic::params + include ::ironic::glance + if $rabbit_user { warning('The rabbit_user parameter is deprecated. Please use rabbit_userid instead.') $rabbit_user_real = $rabbit_user @@ -377,6 +379,12 @@ ironic::rabbit_port, ironic::rabbit_userid and ironic::rabbit_virtual_host are \ deprecated. Please use ironic::default_transport_url instead.") } + if $glance_api_servers or $glance_api_insecure or $glance_num_retries { + warning("ironic::glance_api_servers, ironic::glance_api_insecure, \ +ironic::glance_num_retries are deprecated in favor of ironic::glance::api_servers, \ +ironic::glance::api_insecure and ironic::glance::num_retries accordingly") + } + package { 'ironic-common': ensure => $package_ensure, name => $::ironic::params::common_package_name, @@ -393,21 +401,9 @@ deprecated. Please use ironic::default_transport_url instead.") purge => $purge_config, } - if is_array($glance_api_servers) { - ironic_config { - 'glance/glance_api_servers': value => join($glance_api_servers, ','); - } - } elsif is_string($glance_api_servers) { - ironic_config { - 'glance/glance_api_servers': value => $glance_api_servers; - } - } - ironic_config { 'DEFAULT/auth_strategy': value => $auth_strategy; 'DEFAULT/my_ip': value => $my_ip; - 'glance/glance_num_retries': value => $glance_num_retries; - 'glance/glance_api_insecure': value => $glance_api_insecure; } if $sync_db { diff --git a/releasenotes/notes/glance-manifest-8fbe400720ffc60e.yaml b/releasenotes/notes/glance-manifest-8fbe400720ffc60e.yaml new file mode 100644 index 00000000..aa3f2544 --- /dev/null +++ b/releasenotes/notes/glance-manifest-8fbe400720ffc60e.yaml @@ -0,0 +1,12 @@ +--- +features: + - | + New manifest "ironic::glance" to set parameters for connecting to glance. + Please set credentials for ironic to access glance using this manifest, + otherwise ironic falls back to using "keystone_authtoken" credentials, + which are deprecated for this purpose. +deprecations: + - | + Parameters "glance_api_services", "glance_api_insecure" and + "glance_num_retries" are deprecated, please use parameters "api_services", + "api_insecure" and "num_retries" for new "ironic::glance" manifest. diff --git a/spec/classes/ironic_glance_spec.rb b/spec/classes/ironic_glance_spec.rb new file mode 100644 index 00000000..7bb84b72 --- /dev/null +++ b/spec/classes/ironic_glance_spec.rb @@ -0,0 +1,113 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for ironic::glance +# + +require 'spec_helper' + +describe 'ironic::glance' do + + let :default_params do + { :auth_type => 'password', + :project_name => 'services', + :username => 'ironic', + } + end + + let :params do + {} + end + + shared_examples_for 'ironic glance configuration' do + let :p do + default_params.merge(params) + end + + it 'configures ironic.conf' do + is_expected.to contain_ironic_config('glance/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_config('glance/auth_url').with_value('') + is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_config('glance/username').with_value(p[:username]) + is_expected.to contain_ironic_config('glance/password').with_value('').with_secret(true) + is_expected.to contain_ironic_config('glance/glance_api_servers').with_value('') + is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value('') + is_expected.to contain_ironic_config('glance/glance_num_retries').with_value('') + end + + context 'when overriding parameters' do + before :each do + params.merge!( + :auth_type => 'noauth', + :auth_url => 'http://example.com', + :project_name => 'project1', + :username => 'admin', + :password => 'pa$$w0rd', + :api_servers => '10.0.0.1:9292', + :api_insecure => true, + :num_retries => 42 + ) + end + + it 'should replace default parameter with new value' do + is_expected.to contain_ironic_config('glance/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_config('glance/auth_url').with_value(p[:auth_url]) + is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_config('glance/username').with_value(p[:username]) + is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true) + is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers]) + is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure]) + is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries]) + end + end + + context 'when overriding parameters with 2 glance servers' do + before :each do + params.merge!( + :auth_type => 'noauth', + :auth_url => 'http://example.com', + :project_name => 'project1', + :username => 'admin', + :password => 'pa$$w0rd', + :api_servers => ['10.0.0.1:9292','10.0.0.2:9292'], + :api_insecure => true, + :num_retries => 42 + ) + end + + it 'should replace default parameter with new value' do + is_expected.to contain_ironic_config('glance/auth_type').with_value(p[:auth_type]) + is_expected.to contain_ironic_config('glance/auth_url').with_value(p[:auth_url]) + is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name]) + is_expected.to contain_ironic_config('glance/username').with_value(p[:username]) + is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true) + is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers].join(',')) + is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure]) + is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries]) + end + end + + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'ironic glance configuration' + end + end + +end diff --git a/spec/classes/ironic_init_spec.rb b/spec/classes/ironic_init_spec.rb index 5cbcfb0c..41db8011 100644 --- a/spec/classes/ironic_init_spec.rb +++ b/spec/classes/ironic_init_spec.rb @@ -30,8 +30,6 @@ describe 'ironic' do :database_idle_timeout => 3600, :database_reconnect_interval => 10, :database_retry_interval => 10, - :glance_num_retries => 0, - :glance_api_insecure => false, :purge_config => false, } end @@ -45,8 +43,6 @@ describe 'ironic' do it_configures 'with SSL enabled with kombu' it_configures 'with amqp_durable_queues disabled' it_configures 'with amqp_durable_queues enabled' - it_configures 'with one glance server' - it_configures 'with two glance servers' end context 'and if rabbit_hosts parameter is provided' do @@ -75,6 +71,8 @@ describe 'ironic' do it { is_expected.to contain_class('ironic::logging') } it { is_expected.to contain_class('ironic::params') } + it { is_expected.to contain_class('ironic::glance') } + it 'installs ironic-common package' do is_expected.to contain_package('ironic-common').with( :ensure => 'present', @@ -111,11 +109,6 @@ describe 'ironic' do is_expected.to contain_ironic_config('database/retry_interval').with_value(params[:database_retry_interval]) end - it 'configures glance connection' do - is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(params[:glance_num_retries]) - is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(params[:glance_api_insecure]) - end - it 'configures ironic.conf' do is_expected.to contain_ironic_config('DEFAULT/auth_strategy').with_value('keystone') is_expected.to contain_ironic_config('DEFAULT/my_ip').with_value('') @@ -208,26 +201,6 @@ describe 'ironic' do it { is_expected.to contain_ironic_config('oslo_messaging_rabbit/amqp_durable_queues').with_value(true) } end - shared_examples_for 'with one glance server' do - before do - params.merge!(:glance_api_servers => '10.0.0.1:9292') - end - - it 'should configure one glance server' do - is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(params[:glance_api_servers]) - end - end - - shared_examples_for 'with two glance servers' do - before do - params.merge!(:glance_api_servers => ['10.0.0.1:9292','10.0.0.2:9292']) - end - - it 'should configure one glance server' do - is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(params[:glance_api_servers].join(',')) - end - end - shared_examples_for 'amqp support' do context 'with default parameters' do before { params.merge!( :rpc_backend => 'amqp' ) }