Add domain parameters to switch, neutron and glance auth modules
These are required to use Identity v3 authentication with them. Change-Id: I50068d5f29641fb0f01cf1ded3487bb44b324558 Related-Bug: #1661250
This commit is contained in:
parent
d3589fc525
commit
f60b27493a
|
@ -32,6 +32,14 @@
|
||||||
# The admin password for ironic to connect to glance.
|
# The admin password for ironic to connect to glance.
|
||||||
# Defaults to $::os_service_default
|
# Defaults to $::os_service_default
|
||||||
#
|
#
|
||||||
|
# [*user_domain_name*]
|
||||||
|
# The name of user's domain (required for Identity V3).
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*project_domain_name*]
|
||||||
|
# The name of project's domain (required for Identity V3).
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
# [*api_servers*]
|
# [*api_servers*]
|
||||||
# (optional) A list of the glance api servers available to ironic.
|
# (optional) A list of the glance api servers available to ironic.
|
||||||
# Should be an array with [hostname|ip]:port
|
# Should be an array with [hostname|ip]:port
|
||||||
|
@ -66,6 +74,8 @@ class ironic::glance (
|
||||||
$project_name = 'services',
|
$project_name = 'services',
|
||||||
$username = 'ironic',
|
$username = 'ironic',
|
||||||
$password = $::os_service_default,
|
$password = $::os_service_default,
|
||||||
|
$user_domain_name = $::os_service_default,
|
||||||
|
$project_domain_name = $::os_service_default,
|
||||||
$api_servers = $::os_service_default,
|
$api_servers = $::os_service_default,
|
||||||
$num_retries = $::os_service_default,
|
$num_retries = $::os_service_default,
|
||||||
$api_insecure = $::os_service_default,
|
$api_insecure = $::os_service_default,
|
||||||
|
@ -94,6 +104,8 @@ class ironic::glance (
|
||||||
'glance/password': value => $password, secret => true;
|
'glance/password': value => $password, secret => true;
|
||||||
'glance/auth_url': value => $auth_url;
|
'glance/auth_url': value => $auth_url;
|
||||||
'glance/project_name': value => $project_name;
|
'glance/project_name': value => $project_name;
|
||||||
|
'glance/user_domain_name': value => $user_domain_name;
|
||||||
|
'glance/project_domain_name': value => $project_domain_name;
|
||||||
'glance/glance_api_servers': value => $api_servers_converted;
|
'glance/glance_api_servers': value => $api_servers_converted;
|
||||||
'glance/glance_num_retries': value => $num_retries_real;
|
'glance/glance_num_retries': value => $num_retries_real;
|
||||||
'glance/glance_api_insecure': value => $api_insecure_real;
|
'glance/glance_api_insecure': value => $api_insecure_real;
|
||||||
|
|
|
@ -36,23 +36,35 @@
|
||||||
# The admin password for ironic to connect to neutron.
|
# The admin password for ironic to connect to neutron.
|
||||||
# Defaults to $::os_service_default
|
# Defaults to $::os_service_default
|
||||||
#
|
#
|
||||||
|
# [*user_domain_name*]
|
||||||
|
# The name of user's domain (required for Identity V3).
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*project_domain_name*]
|
||||||
|
# The name of project's domain (required for Identity V3).
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
class ironic::neutron (
|
class ironic::neutron (
|
||||||
$api_endpoint = $::os_service_default,
|
$api_endpoint = $::os_service_default,
|
||||||
$auth_type = 'password',
|
$auth_type = 'password',
|
||||||
$auth_url = $::os_service_default,
|
$auth_url = $::os_service_default,
|
||||||
$project_name = 'services',
|
$project_name = 'services',
|
||||||
$username = 'ironic',
|
$username = 'ironic',
|
||||||
$password = $::os_service_default,
|
$password = $::os_service_default,
|
||||||
|
$user_domain_name = $::os_service_default,
|
||||||
|
$project_domain_name = $::os_service_default,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
$api_endpoint_real = pick($::ironic::api::neutron_url, $api_endpoint)
|
$api_endpoint_real = pick($::ironic::api::neutron_url, $api_endpoint)
|
||||||
|
|
||||||
ironic_config {
|
ironic_config {
|
||||||
'neutron/url': value => $api_endpoint_real;
|
'neutron/url': value => $api_endpoint_real;
|
||||||
'neutron/auth_type': value => $auth_type;
|
'neutron/auth_type': value => $auth_type;
|
||||||
'neutron/username': value => $username;
|
'neutron/username': value => $username;
|
||||||
'neutron/password': value => $password, secret => true;
|
'neutron/password': value => $password, secret => true;
|
||||||
'neutron/auth_url': value => $auth_url;
|
'neutron/auth_url': value => $auth_url;
|
||||||
'neutron/project_name': value => $project_name;
|
'neutron/project_name': value => $project_name;
|
||||||
|
'neutron/user_domain_name': value => $user_domain_name;
|
||||||
|
'neutron/project_domain_name': value => $project_domain_name;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,19 +32,31 @@
|
||||||
# The admin password for ironic to connect to swift.
|
# The admin password for ironic to connect to swift.
|
||||||
# Defaults to $::os_service_default
|
# Defaults to $::os_service_default
|
||||||
#
|
#
|
||||||
|
# [*user_domain_name*]
|
||||||
|
# The name of user's domain (required for Identity V3).
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*project_domain_name*]
|
||||||
|
# The name of project's domain (required for Identity V3).
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
class ironic::swift (
|
class ironic::swift (
|
||||||
$auth_type = 'password',
|
$auth_type = 'password',
|
||||||
$auth_url = $::os_service_default,
|
$auth_url = $::os_service_default,
|
||||||
$project_name = 'services',
|
$project_name = 'services',
|
||||||
$username = 'ironic',
|
$username = 'ironic',
|
||||||
$password = $::os_service_default,
|
$password = $::os_service_default,
|
||||||
|
$user_domain_name = $::os_service_default,
|
||||||
|
$project_domain_name = $::os_service_default,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
ironic_config {
|
ironic_config {
|
||||||
'swift/auth_type': value => $auth_type;
|
'swift/auth_type': value => $auth_type;
|
||||||
'swift/username': value => $username;
|
'swift/username': value => $username;
|
||||||
'swift/password': value => $password, secret => true;
|
'swift/password': value => $password, secret => true;
|
||||||
'swift/auth_url': value => $auth_url;
|
'swift/auth_url': value => $auth_url;
|
||||||
'swift/project_name': value => $project_name;
|
'swift/project_name': value => $project_name;
|
||||||
|
'swift/user_domain_name': value => $user_domain_name;
|
||||||
|
'swift/project_domain_name': value => $project_domain_name;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Add "user_domain_name" and "project_domain_name" to "ironic::glance",
|
||||||
|
"ironic::swift" and "ironic::neutron" manifests. These are required to
|
||||||
|
support Identity v3 authentication.
|
|
@ -39,6 +39,8 @@ describe 'ironic::glance' do
|
||||||
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
|
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
|
||||||
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
|
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
|
||||||
is_expected.to contain_ironic_config('glance/password').with_value('<SERVICE DEFAULT>').with_secret(true)
|
is_expected.to contain_ironic_config('glance/password').with_value('<SERVICE DEFAULT>').with_secret(true)
|
||||||
|
is_expected.to contain_ironic_config('glance/user_domain_name').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_config('glance/project_domain_name').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value('<SERVICE DEFAULT>')
|
||||||
|
@ -55,6 +57,8 @@ describe 'ironic::glance' do
|
||||||
:project_name => 'project1',
|
:project_name => 'project1',
|
||||||
:username => 'admin',
|
:username => 'admin',
|
||||||
:password => 'pa$$w0rd',
|
:password => 'pa$$w0rd',
|
||||||
|
:user_domain_name => 'NonDefault',
|
||||||
|
:project_domain_name => 'NonDefault',
|
||||||
:api_servers => '10.0.0.1:9292',
|
:api_servers => '10.0.0.1:9292',
|
||||||
:api_insecure => true,
|
:api_insecure => true,
|
||||||
:num_retries => 42,
|
:num_retries => 42,
|
||||||
|
@ -70,6 +74,8 @@ describe 'ironic::glance' do
|
||||||
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
|
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
|
||||||
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
|
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
|
||||||
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
|
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
|
||||||
|
is_expected.to contain_ironic_config('glance/user_domain_name').with_value(p[:user_domain_name])
|
||||||
|
is_expected.to contain_ironic_config('glance/project_domain_name').with_value(p[:project_domain_name])
|
||||||
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers])
|
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers])
|
||||||
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
|
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
|
||||||
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])
|
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])
|
||||||
|
@ -82,14 +88,16 @@ describe 'ironic::glance' do
|
||||||
context 'when overriding parameters with 2 glance servers' do
|
context 'when overriding parameters with 2 glance servers' do
|
||||||
before :each do
|
before :each do
|
||||||
params.merge!(
|
params.merge!(
|
||||||
:auth_type => 'noauth',
|
:auth_type => 'noauth',
|
||||||
:auth_url => 'http://example.com',
|
:auth_url => 'http://example.com',
|
||||||
:project_name => 'project1',
|
:project_name => 'project1',
|
||||||
:username => 'admin',
|
:username => 'admin',
|
||||||
:password => 'pa$$w0rd',
|
:password => 'pa$$w0rd',
|
||||||
:api_servers => ['10.0.0.1:9292','10.0.0.2:9292'],
|
:user_domain_name => 'NonDefault',
|
||||||
:api_insecure => true,
|
:project_domain_name => 'NonDefault',
|
||||||
:num_retries => 42
|
:api_servers => ['10.0.0.1:9292','10.0.0.2:9292'],
|
||||||
|
:api_insecure => true,
|
||||||
|
:num_retries => 42
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -99,6 +107,8 @@ describe 'ironic::glance' do
|
||||||
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
|
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
|
||||||
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
|
is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
|
||||||
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
|
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
|
||||||
|
is_expected.to contain_ironic_config('glance/user_domain_name').with_value(p[:user_domain_name])
|
||||||
|
is_expected.to contain_ironic_config('glance/project_domain_name').with_value(p[:project_domain_name])
|
||||||
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers].join(','))
|
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers].join(','))
|
||||||
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
|
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
|
||||||
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])
|
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])
|
||||||
|
|
|
@ -40,17 +40,21 @@ describe 'ironic::neutron' do
|
||||||
is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name])
|
is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name])
|
||||||
is_expected.to contain_ironic_config('neutron/username').with_value(p[:username])
|
is_expected.to contain_ironic_config('neutron/username').with_value(p[:username])
|
||||||
is_expected.to contain_ironic_config('neutron/password').with_value('<SERVICE DEFAULT>').with_secret(true)
|
is_expected.to contain_ironic_config('neutron/password').with_value('<SERVICE DEFAULT>').with_secret(true)
|
||||||
|
is_expected.to contain_ironic_config('neutron/user_domain_name').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value('<SERVICE DEFAULT>')
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when overriding parameters' do
|
context 'when overriding parameters' do
|
||||||
before :each do
|
before :each do
|
||||||
params.merge!(
|
params.merge!(
|
||||||
:api_endpoint => 'http://neutron.example.com',
|
:api_endpoint => 'http://neutron.example.com',
|
||||||
:auth_type => 'noauth',
|
:auth_type => 'noauth',
|
||||||
:auth_url => 'http://example.com',
|
:auth_url => 'http://example.com',
|
||||||
:project_name => 'project1',
|
:project_name => 'project1',
|
||||||
:username => 'admin',
|
:username => 'admin',
|
||||||
:password => 'pa$$w0rd',
|
:password => 'pa$$w0rd',
|
||||||
|
:user_domain_name => 'NonDefault',
|
||||||
|
:project_domain_name => 'NonDefault',
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -61,6 +65,8 @@ describe 'ironic::neutron' do
|
||||||
is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name])
|
is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name])
|
||||||
is_expected.to contain_ironic_config('neutron/username').with_value(p[:username])
|
is_expected.to contain_ironic_config('neutron/username').with_value(p[:username])
|
||||||
is_expected.to contain_ironic_config('neutron/password').with_value(p[:password]).with_secret(true)
|
is_expected.to contain_ironic_config('neutron/password').with_value(p[:password]).with_secret(true)
|
||||||
|
is_expected.to contain_ironic_config('neutron/user_domain_name').with_value(p[:user_domain_name])
|
||||||
|
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value(p[:project_domain_name])
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -39,16 +39,20 @@ describe 'ironic::swift' do
|
||||||
is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name])
|
is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name])
|
||||||
is_expected.to contain_ironic_config('swift/username').with_value(p[:username])
|
is_expected.to contain_ironic_config('swift/username').with_value(p[:username])
|
||||||
is_expected.to contain_ironic_config('swift/password').with_value('<SERVICE DEFAULT>').with_secret(true)
|
is_expected.to contain_ironic_config('swift/password').with_value('<SERVICE DEFAULT>').with_secret(true)
|
||||||
|
is_expected.to contain_ironic_config('swift/user_domain_name').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_config('swift/project_domain_name').with_value('<SERVICE DEFAULT>')
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when overriding parameters' do
|
context 'when overriding parameters' do
|
||||||
before :each do
|
before :each do
|
||||||
params.merge!(
|
params.merge!(
|
||||||
:auth_type => 'noauth',
|
:auth_type => 'noauth',
|
||||||
:auth_url => 'http://example.com',
|
:auth_url => 'http://example.com',
|
||||||
:project_name => 'project1',
|
:project_name => 'project1',
|
||||||
:username => 'admin',
|
:username => 'admin',
|
||||||
:password => 'pa$$w0rd',
|
:password => 'pa$$w0rd',
|
||||||
|
:user_domain_name => 'NonDefault',
|
||||||
|
:project_domain_name => 'NonDefault',
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -58,6 +62,8 @@ describe 'ironic::swift' do
|
||||||
is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name])
|
is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name])
|
||||||
is_expected.to contain_ironic_config('swift/username').with_value(p[:username])
|
is_expected.to contain_ironic_config('swift/username').with_value(p[:username])
|
||||||
is_expected.to contain_ironic_config('swift/password').with_value(p[:password]).with_secret(true)
|
is_expected.to contain_ironic_config('swift/password').with_value(p[:password]).with_secret(true)
|
||||||
|
is_expected.to contain_ironic_config('swift/user_domain_name').with_value(p[:user_domain_name])
|
||||||
|
is_expected.to contain_ironic_config('swift/project_domain_name').with_value(p[:project_domain_name])
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue