openstack
/
puppet-ironic
Code Issues Proposed changes

Add domain parameters to switch, neutron and glance auth modules 

These are required to use Identity v3 authentication with them.

Change-Id: I50068d5f29641fb0f01cf1ded3487bb44b324558
Related-Bug: #1661250
This commit is contained in:
Dmitry Tantsur 2017-03-14 16:39:07 +01:00
parent d3589fc525
commit f60b27493a
7 changed files with 105 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
manifests/glance.pp
View File

@ -32,6 +32,14 @@
# The admin password for ironic to connect to glance. # The admin password for ironic to connect to glance.
# Defaults to $::os_service_default # Defaults to $::os_service_default
# #
# [*user_domain_name*]
# The name of user's domain (required for Identity V3).
# Defaults to $::os_service_default
#
# [*project_domain_name*]
# The name of project's domain (required for Identity V3).
# Defaults to $::os_service_default
#
# [*api_servers*] # [*api_servers*]
# (optional) A list of the glance api servers available to ironic. # (optional) A list of the glance api servers available to ironic.
# Should be an array with [hostname|ip]:port # Should be an array with [hostname|ip]:port
@ -66,6 +74,8 @@ class ironic::glance (
$project_name = 'services', $project_name = 'services',
$username = 'ironic', $username = 'ironic',
$password = $::os_service_default, $password = $::os_service_default,
$user_domain_name = $::os_service_default,
$project_domain_name = $::os_service_default,
$api_servers = $::os_service_default, $api_servers = $::os_service_default,
$num_retries = $::os_service_default, $num_retries = $::os_service_default,
$api_insecure = $::os_service_default, $api_insecure = $::os_service_default,
@ -94,6 +104,8 @@ class ironic::glance (
'glance/password': value => $password, secret => true; 'glance/password': value => $password, secret => true;
'glance/auth_url': value => $auth_url; 'glance/auth_url': value => $auth_url;
'glance/project_name': value => $project_name; 'glance/project_name': value => $project_name;
'glance/user_domain_name': value => $user_domain_name;
'glance/project_domain_name': value => $project_domain_name;
'glance/glance_api_servers': value => $api_servers_converted; 'glance/glance_api_servers': value => $api_servers_converted;
'glance/glance_num_retries': value => $num_retries_real; 'glance/glance_num_retries': value => $num_retries_real;
'glance/glance_api_insecure': value => $api_insecure_real; 'glance/glance_api_insecure': value => $api_insecure_real;

36
manifests/neutron.pp
View File

@ -36,23 +36,35 @@
# The admin password for ironic to connect to neutron. # The admin password for ironic to connect to neutron.
# Defaults to $::os_service_default # Defaults to $::os_service_default
# #
# [*user_domain_name*]
# The name of user's domain (required for Identity V3).
# Defaults to $::os_service_default
#
# [*project_domain_name*]
# The name of project's domain (required for Identity V3).
# Defaults to $::os_service_default
#
class ironic::neutron ( class ironic::neutron (
$api_endpoint = $::os_service_default, $api_endpoint = $::os_service_default,
$auth_type = 'password', $auth_type = 'password',
$auth_url = $::os_service_default, $auth_url = $::os_service_default,
$project_name = 'services', $project_name = 'services',
$username = 'ironic', $username = 'ironic',
$password = $::os_service_default, $password = $::os_service_default,
$user_domain_name = $::os_service_default,
$project_domain_name = $::os_service_default,
) { ) {
$api_endpoint_real = pick($::ironic::api::neutron_url, $api_endpoint) $api_endpoint_real = pick($::ironic::api::neutron_url, $api_endpoint)
ironic_config { ironic_config {
'neutron/url': value => $api_endpoint_real; 'neutron/url': value => $api_endpoint_real;
'neutron/auth_type': value => $auth_type; 'neutron/auth_type': value => $auth_type;
'neutron/username': value => $username; 'neutron/username': value => $username;
'neutron/password': value => $password, secret => true; 'neutron/password': value => $password, secret => true;
'neutron/auth_url': value => $auth_url; 'neutron/auth_url': value => $auth_url;
'neutron/project_name': value => $project_name; 'neutron/project_name': value => $project_name;
'neutron/user_domain_name': value => $user_domain_name;
'neutron/project_domain_name': value => $project_domain_name;
} }
} }

32
manifests/swift.pp
View File

@ -32,19 +32,31 @@
# The admin password for ironic to connect to swift. # The admin password for ironic to connect to swift.
# Defaults to $::os_service_default # Defaults to $::os_service_default
# #
# [*user_domain_name*]
# The name of user's domain (required for Identity V3).
# Defaults to $::os_service_default
#
# [*project_domain_name*]
# The name of project's domain (required for Identity V3).
# Defaults to $::os_service_default
#
class ironic::swift ( class ironic::swift (
$auth_type = 'password', $auth_type = 'password',
$auth_url = $::os_service_default, $auth_url = $::os_service_default,
$project_name = 'services', $project_name = 'services',
$username = 'ironic', $username = 'ironic',
$password = $::os_service_default, $password = $::os_service_default,
$user_domain_name = $::os_service_default,
$project_domain_name = $::os_service_default,
) { ) {
ironic_config { ironic_config {
'swift/auth_type': value => $auth_type; 'swift/auth_type': value => $auth_type;
'swift/username': value => $username; 'swift/username': value => $username;
'swift/password': value => $password, secret => true; 'swift/password': value => $password, secret => true;
'swift/auth_url': value => $auth_url; 'swift/auth_url': value => $auth_url;
'swift/project_name': value => $project_name; 'swift/project_name': value => $project_name;
'swift/user_domain_name': value => $user_domain_name;
'swift/project_domain_name': value => $project_domain_name;
} }
} }

6
releasenotes/notes/swift-glance-neutron-idv3-e235313691da667b.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- |
Add "user_domain_name" and "project_domain_name" to "ironic::glance",
"ironic::swift" and "ironic::neutron" manifests. These are required to
support Identity v3 authentication.

26
spec/classes/ironic_glance_spec.rb
View File

@ -39,6 +39,8 @@ describe 'ironic::glance' do
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('glance/username').with_value(p[:username]) is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
is_expected.to contain_ironic_config('glance/password').with_value('<SERVICE DEFAULT>').with_secret(true) is_expected.to contain_ironic_config('glance/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('glance/user_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('glance/glance_api_servers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('glance/glance_num_retries').with_value('<SERVICE DEFAULT>')
@ -55,6 +57,8 @@ describe 'ironic::glance' do
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:api_servers => '10.0.0.1:9292', :api_servers => '10.0.0.1:9292',
:api_insecure => true, :api_insecure => true,
:num_retries => 42, :num_retries => 42,
@ -70,6 +74,8 @@ describe 'ironic::glance' do
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('glance/username').with_value(p[:username]) is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true) is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('glance/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('glance/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers]) is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers])
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure]) is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries]) is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])
@ -82,14 +88,16 @@ describe 'ironic::glance' do
context 'when overriding parameters with 2 glance servers' do context 'when overriding parameters with 2 glance servers' do
before :each do before :each do
params.merge!( params.merge!(
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:api_servers => ['10.0.0.1:9292','10.0.0.2:9292'], :user_domain_name => 'NonDefault',
:api_insecure => true, :project_domain_name => 'NonDefault',
:num_retries => 42 :api_servers => ['10.0.0.1:9292','10.0.0.2:9292'],
:api_insecure => true,
:num_retries => 42
) )
end end
@ -99,6 +107,8 @@ describe 'ironic::glance' do
is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('glance/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('glance/username').with_value(p[:username]) is_expected.to contain_ironic_config('glance/username').with_value(p[:username])
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true) is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('glance/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('glance/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers].join(',')) is_expected.to contain_ironic_config('glance/glance_api_servers').with_value(p[:api_servers].join(','))
is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure]) is_expected.to contain_ironic_config('glance/glance_api_insecure').with_value(p[:api_insecure])
is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries]) is_expected.to contain_ironic_config('glance/glance_num_retries').with_value(p[:num_retries])

18
spec/classes/ironic_neutron_spec.rb
View File

@ -40,17 +40,21 @@ describe 'ironic::neutron' do
is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('neutron/username').with_value(p[:username]) is_expected.to contain_ironic_config('neutron/username').with_value(p[:username])
is_expected.to contain_ironic_config('neutron/password').with_value('<SERVICE DEFAULT>').with_secret(true) is_expected.to contain_ironic_config('neutron/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('neutron/user_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value('<SERVICE DEFAULT>')
end end
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do before :each do
params.merge!( params.merge!(
:api_endpoint => 'http://neutron.example.com', :api_endpoint => 'http://neutron.example.com',
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
) )
end end
@ -61,6 +65,8 @@ describe 'ironic::neutron' do
is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('neutron/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('neutron/username').with_value(p[:username]) is_expected.to contain_ironic_config('neutron/username').with_value(p[:username])
is_expected.to contain_ironic_config('neutron/password').with_value(p[:password]).with_secret(true) is_expected.to contain_ironic_config('neutron/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('neutron/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value(p[:project_domain_name])
end end
end end

16
spec/classes/ironic_swift_spec.rb
View File

@ -39,16 +39,20 @@ describe 'ironic::swift' do
is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('swift/username').with_value(p[:username]) is_expected.to contain_ironic_config('swift/username').with_value(p[:username])
is_expected.to contain_ironic_config('swift/password').with_value('<SERVICE DEFAULT>').with_secret(true) is_expected.to contain_ironic_config('swift/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('swift/user_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/project_domain_name').with_value('<SERVICE DEFAULT>')
end end
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do before :each do
params.merge!( params.merge!(
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
) )
end end
@ -58,6 +62,8 @@ describe 'ironic::swift' do
is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name]) is_expected.to contain_ironic_config('swift/project_name').with_value(p[:project_name])
is_expected.to contain_ironic_config('swift/username').with_value(p[:username]) is_expected.to contain_ironic_config('swift/username').with_value(p[:username])
is_expected.to contain_ironic_config('swift/password').with_value(p[:password]).with_secret(true) is_expected.to contain_ironic_config('swift/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('swift/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('swift/project_domain_name').with_value(p[:project_domain_name])
end end
end end