diff --git a/manifests/init.pp b/manifests/init.pp index b406e326c..1ab3217e5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -182,6 +182,21 @@ # (optional) The RabbitMQ virtual host. # Defaults to /. # +# [*rabbit_heartbeat_timeout_threshold*] +# (optional) Number of seconds after which the RabbitMQ broker is considered +# down if the heartbeat keepalive fails. Any value >0 enables heartbeats. +# Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently +# closed, resulting in missed or lost messages from the queue. +# (Requires kombu >= 3.0.7 and amqp >= 1.4.0) +# Defaults to 0 +# +# [*rabbit_heartbeat_rate*] +# (optional) How often during the rabbit_heartbeat_timeout_threshold period to +# check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2 +# when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked +# every 30 seconds. +# Defaults to 2 +# # [*rabbit_use_ssl*] # (optional) Connect over SSL for RabbitMQ # Defaults to false @@ -402,83 +417,85 @@ # class keystone( $admin_token, - $package_ensure = 'present', - $client_package_ensure = 'present', - $public_bind_host = '0.0.0.0', - $admin_bind_host = '0.0.0.0', - $public_port = '5000', - $admin_port = '35357', - $verbose = false, - $debug = false, - $log_dir = '/var/log/keystone', - $log_file = false, - $use_syslog = false, - $log_facility = 'LOG_USER', - $catalog_type = 'sql', - $catalog_driver = false, - $catalog_template_file = '/etc/keystone/default_catalog.templates', - $token_provider = 'keystone.token.providers.uuid.Provider', - $token_driver = 'keystone.token.persistence.backends.sql.Token', - $token_expiration = 3600, - $revoke_driver = 'keystone.contrib.revoke.backends.sql.Revoke', - $public_endpoint = false, - $admin_endpoint = false, - $enable_ssl = false, - $ssl_certfile = '/etc/keystone/ssl/certs/keystone.pem', - $ssl_keyfile = '/etc/keystone/ssl/private/keystonekey.pem', - $ssl_ca_certs = '/etc/keystone/ssl/certs/ca.pem', - $ssl_ca_key = '/etc/keystone/ssl/private/cakey.pem', - $ssl_cert_subject = '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost', - $cache_dir = '/var/cache/keystone', - $memcache_servers = false, - $manage_service = true, - $cache_backend = 'keystone.common.cache.noop', - $cache_backend_argument = undef, - $debug_cache_backend = false, - $token_caching = true, - $enabled = true, - $database_connection = 'sqlite:////var/lib/keystone/keystone.db', - $database_idle_timeout = '200', - $enable_pki_setup = true, - $signing_certfile = '/etc/keystone/ssl/certs/signing_cert.pem', - $signing_keyfile = '/etc/keystone/ssl/private/signing_key.pem', - $signing_ca_certs = '/etc/keystone/ssl/certs/ca.pem', - $signing_ca_key = '/etc/keystone/ssl/private/cakey.pem', - $signing_cert_subject = '/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com', - $signing_key_size = 2048, - $rabbit_host = 'localhost', - $rabbit_hosts = false, - $rabbit_password = 'guest', - $rabbit_port = '5672', - $rabbit_userid = 'guest', - $rabbit_virtual_host = '/', - $rabbit_use_ssl = false, - $kombu_ssl_ca_certs = undef, - $kombu_ssl_certfile = undef, - $kombu_ssl_keyfile = undef, - $kombu_ssl_version = 'TLSv1', - $notification_driver = false, - $notification_topics = false, - $notification_format = undef, - $control_exchange = false, - $validate_service = false, - $validate_insecure = false, - $validate_auth_url = false, - $validate_cacert = undef, - $paste_config = $::keystone::params::paste_config, - $service_provider = $::keystone::params::service_provider, - $service_name = $::keystone::params::service_name, - $max_token_size = undef, - $admin_workers = max($::processorcount, 2), - $public_workers = max($::processorcount, 2), - $sync_db = true, - $enable_fernet_setup = false, - $fernet_key_repository = '/etc/keystone/fernet-keys', - $fernet_max_active_keys = undef, - $default_domain = undef, + $package_ensure = 'present', + $client_package_ensure = 'present', + $public_bind_host = '0.0.0.0', + $admin_bind_host = '0.0.0.0', + $public_port = '5000', + $admin_port = '35357', + $verbose = false, + $debug = false, + $log_dir = '/var/log/keystone', + $log_file = false, + $use_syslog = false, + $log_facility = 'LOG_USER', + $catalog_type = 'sql', + $catalog_driver = false, + $catalog_template_file = '/etc/keystone/default_catalog.templates', + $token_provider = 'keystone.token.providers.uuid.Provider', + $token_driver = 'keystone.token.persistence.backends.sql.Token', + $token_expiration = 3600, + $revoke_driver = 'keystone.contrib.revoke.backends.sql.Revoke', + $public_endpoint = false, + $admin_endpoint = false, + $enable_ssl = false, + $ssl_certfile = '/etc/keystone/ssl/certs/keystone.pem', + $ssl_keyfile = '/etc/keystone/ssl/private/keystonekey.pem', + $ssl_ca_certs = '/etc/keystone/ssl/certs/ca.pem', + $ssl_ca_key = '/etc/keystone/ssl/private/cakey.pem', + $ssl_cert_subject = '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost', + $cache_dir = '/var/cache/keystone', + $memcache_servers = false, + $manage_service = true, + $cache_backend = 'keystone.common.cache.noop', + $cache_backend_argument = undef, + $debug_cache_backend = false, + $token_caching = true, + $enabled = true, + $database_connection = 'sqlite:////var/lib/keystone/keystone.db', + $database_idle_timeout = '200', + $enable_pki_setup = true, + $signing_certfile = '/etc/keystone/ssl/certs/signing_cert.pem', + $signing_keyfile = '/etc/keystone/ssl/private/signing_key.pem', + $signing_ca_certs = '/etc/keystone/ssl/certs/ca.pem', + $signing_ca_key = '/etc/keystone/ssl/private/cakey.pem', + $signing_cert_subject = '/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com', + $signing_key_size = 2048, + $rabbit_host = 'localhost', + $rabbit_hosts = false, + $rabbit_password = 'guest', + $rabbit_port = '5672', + $rabbit_userid = 'guest', + $rabbit_virtual_host = '/', + $rabbit_heartbeat_timeout_threshold = 0, + $rabbit_heartbeat_rate = 2, + $rabbit_use_ssl = false, + $kombu_ssl_ca_certs = undef, + $kombu_ssl_certfile = undef, + $kombu_ssl_keyfile = undef, + $kombu_ssl_version = 'TLSv1', + $notification_driver = false, + $notification_topics = false, + $notification_format = undef, + $control_exchange = false, + $validate_service = false, + $validate_insecure = false, + $validate_auth_url = false, + $validate_cacert = undef, + $paste_config = $::keystone::params::paste_config, + $service_provider = $::keystone::params::service_provider, + $service_name = $::keystone::params::service_name, + $max_token_size = undef, + $admin_workers = max($::processorcount, 2), + $public_workers = max($::processorcount, 2), + $sync_db = true, + $enable_fernet_setup = false, + $fernet_key_repository = '/etc/keystone/fernet-keys', + $fernet_max_active_keys = undef, + $default_domain = undef, # DEPRECATED PARAMETERS - $mysql_module = undef, - $compute_port = undef, + $mysql_module = undef, + $compute_port = undef, ) inherits keystone::params { if ! $catalog_driver { @@ -765,35 +782,37 @@ class keystone( } keystone_config { - 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true; - 'DEFAULT/rabbit_userid': value => $rabbit_userid; - 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host; + 'oslo_messaging_rabbit/rabbit_password': value => $rabbit_password, secret => true; + 'oslo_messaging_rabbit/rabbit_userid': value => $rabbit_userid; + 'oslo_messaging_rabbit/rabbit_virtual_host': value => $rabbit_virtual_host; + 'oslo_messaging_rabbit/heartbeat_timeout_threshold': value => $rabbit_heartbeat_timeout_threshold; + 'oslo_messaging_rabbit/heartbeat_rate': value => $rabbit_heartbeat_rate; } if $rabbit_hosts { - keystone_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') } - keystone_config { 'DEFAULT/rabbit_ha_queues': value => true } + keystone_config { 'oslo_messaging_rabbit/rabbit_hosts': value => join($rabbit_hosts, ',') } + keystone_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => true } } else { - keystone_config { 'DEFAULT/rabbit_host': value => $rabbit_host } - keystone_config { 'DEFAULT/rabbit_port': value => $rabbit_port } - keystone_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" } - keystone_config { 'DEFAULT/rabbit_ha_queues': value => false } + keystone_config { 'oslo_messaging_rabbit/rabbit_host': value => $rabbit_host } + keystone_config { 'oslo_messaging_rabbit/rabbit_port': value => $rabbit_port } + keystone_config { 'oslo_messaging_rabbit/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" } + keystone_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => false } } - keystone_config { 'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl } + keystone_config { 'oslo_messaging_rabbit/rabbit_use_ssl': value => $rabbit_use_ssl } if $rabbit_use_ssl { keystone_config { - 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; - 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile; - 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile; - 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version; + 'oslo_messaging_rabbit/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; + 'oslo_messaging_rabbit/kombu_ssl_certfile': value => $kombu_ssl_certfile; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': value => $kombu_ssl_keyfile; + 'oslo_messaging_rabbit/kombu_ssl_version': value => $kombu_ssl_version; } } else { keystone_config { - 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; - 'DEFAULT/kombu_ssl_certfile': ensure => absent; - 'DEFAULT/kombu_ssl_keyfile': ensure => absent; - 'DEFAULT/kombu_ssl_version': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_version': ensure => absent; } } diff --git a/spec/classes/keystone_spec.rb b/spec/classes/keystone_spec.rb index c9537dc08..73ededc81 100644 --- a/spec/classes/keystone_spec.rb +++ b/spec/classes/keystone_spec.rb @@ -20,80 +20,84 @@ describe 'keystone' do end default_params = { - 'admin_token' => 'service_token', - 'package_ensure' => 'present', - 'client_package_ensure' => 'present', - 'public_bind_host' => '0.0.0.0', - 'admin_bind_host' => '0.0.0.0', - 'public_port' => '5000', - 'admin_port' => '35357', - 'admin_token' => 'service_token', - 'verbose' => false, - 'debug' => false, - 'catalog_type' => 'sql', - 'catalog_driver' => false, - 'token_provider' => 'keystone.token.providers.uuid.Provider', - 'token_driver' => 'keystone.token.persistence.backends.sql.Token', - 'revoke_driver' => 'keystone.contrib.revoke.backends.sql.Revoke', - 'cache_dir' => '/var/cache/keystone', - 'enable_ssl' => false, - 'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem', - 'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem', - 'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem', - 'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem', - 'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost', - 'enabled' => true, - 'manage_service' => true, - 'database_connection' => 'sqlite:////var/lib/keystone/keystone.db', - 'database_idle_timeout' => '200', - 'enable_pki_setup' => true, - 'signing_certfile' => '/etc/keystone/ssl/certs/signing_cert.pem', - 'signing_keyfile' => '/etc/keystone/ssl/private/signing_key.pem', - 'signing_ca_certs' => '/etc/keystone/ssl/certs/ca.pem', - 'signing_ca_key' => '/etc/keystone/ssl/private/cakey.pem', - 'rabbit_host' => 'localhost', - 'rabbit_password' => 'guest', - 'rabbit_userid' => 'guest', - 'admin_workers' => 20, - 'public_workers' => 20, - 'sync_db' => true, + 'admin_token' => 'service_token', + 'package_ensure' => 'present', + 'client_package_ensure' => 'present', + 'public_bind_host' => '0.0.0.0', + 'admin_bind_host' => '0.0.0.0', + 'public_port' => '5000', + 'admin_port' => '35357', + 'admin_token' => 'service_token', + 'verbose' => false, + 'debug' => false, + 'catalog_type' => 'sql', + 'catalog_driver' => false, + 'token_provider' => 'keystone.token.providers.uuid.Provider', + 'token_driver' => 'keystone.token.persistence.backends.sql.Token', + 'revoke_driver' => 'keystone.contrib.revoke.backends.sql.Revoke', + 'cache_dir' => '/var/cache/keystone', + 'enable_ssl' => false, + 'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem', + 'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem', + 'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem', + 'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem', + 'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost', + 'enabled' => true, + 'manage_service' => true, + 'database_connection' => 'sqlite:////var/lib/keystone/keystone.db', + 'database_idle_timeout' => '200', + 'enable_pki_setup' => true, + 'signing_certfile' => '/etc/keystone/ssl/certs/signing_cert.pem', + 'signing_keyfile' => '/etc/keystone/ssl/private/signing_key.pem', + 'signing_ca_certs' => '/etc/keystone/ssl/certs/ca.pem', + 'signing_ca_key' => '/etc/keystone/ssl/private/cakey.pem', + 'rabbit_host' => 'localhost', + 'rabbit_password' => 'guest', + 'rabbit_userid' => 'guest', + 'rabbit_heartbeat_timeout_threshold' => 0, + 'rabbit_heartbeat_rate' => 2, + 'admin_workers' => 20, + 'public_workers' => 20, + 'sync_db' => true, } override_params = { - 'package_ensure' => 'latest', - 'client_package_ensure' => 'latest', - 'public_bind_host' => '0.0.0.0', - 'admin_bind_host' => '0.0.0.0', - 'public_port' => '5001', - 'admin_port' => '35358', - 'admin_token' => 'service_token_override', - 'verbose' => true, - 'debug' => true, - 'catalog_type' => 'template', - 'token_provider' => 'keystone.token.providers.uuid.Provider', - 'token_driver' => 'keystone.token.backends.kvs.Token', - 'revoke_driver' => 'keystone.contrib.revoke.backends.kvs.Revoke', - 'public_endpoint' => 'https://localhost:5000/v2.0/', - 'admin_endpoint' => 'https://localhost:35357/v2.0/', - 'enable_ssl' => true, - 'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem', - 'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem', - 'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem', - 'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem', - 'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost', - 'enabled' => false, - 'manage_service' => true, - 'database_connection' => 'mysql://a:b@c/d', - 'database_idle_timeout' => '300', - 'enable_pki_setup' => true, - 'signing_certfile' => '/etc/keystone/ssl/certs/signing_cert.pem', - 'signing_keyfile' => '/etc/keystone/ssl/private/signing_key.pem', - 'signing_ca_certs' => '/etc/keystone/ssl/certs/ca.pem', - 'signing_ca_key' => '/etc/keystone/ssl/private/cakey.pem', - 'rabbit_host' => '127.0.0.1', - 'rabbit_password' => 'openstack', - 'rabbit_userid' => 'admin', - 'default_domain' => 'other_domain', + 'package_ensure' => 'latest', + 'client_package_ensure' => 'latest', + 'public_bind_host' => '0.0.0.0', + 'admin_bind_host' => '0.0.0.0', + 'public_port' => '5001', + 'admin_port' => '35358', + 'admin_token' => 'service_token_override', + 'verbose' => true, + 'debug' => true, + 'catalog_type' => 'template', + 'token_provider' => 'keystone.token.providers.uuid.Provider', + 'token_driver' => 'keystone.token.backends.kvs.Token', + 'revoke_driver' => 'keystone.contrib.revoke.backends.kvs.Revoke', + 'public_endpoint' => 'https://localhost:5000/v2.0/', + 'admin_endpoint' => 'https://localhost:35357/v2.0/', + 'enable_ssl' => true, + 'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem', + 'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem', + 'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem', + 'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem', + 'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost', + 'enabled' => false, + 'manage_service' => true, + 'database_connection' => 'mysql://a:b@c/d', + 'database_idle_timeout' => '300', + 'enable_pki_setup' => true, + 'signing_certfile' => '/etc/keystone/ssl/certs/signing_cert.pem', + 'signing_keyfile' => '/etc/keystone/ssl/private/signing_key.pem', + 'signing_ca_certs' => '/etc/keystone/ssl/certs/ca.pem', + 'signing_ca_key' => '/etc/keystone/ssl/private/cakey.pem', + 'rabbit_host' => '127.0.0.1', + 'rabbit_password' => 'openstack', + 'rabbit_userid' => 'admin', + 'rabbit_heartbeat_timeout_threshold' => '60', + 'rabbit_heartbeat_rate' => '10', + 'default_domain' => 'other_domain', } httpd_params = {'service_name' => 'httpd'}.merge(default_params) @@ -193,7 +197,12 @@ describe 'keystone' do end it 'should contain correct rabbit_password' do - is_expected.to contain_keystone_config('DEFAULT/rabbit_password').with_value(param_hash['rabbit_password']).with_secret(true) + is_expected.to contain_keystone_config('oslo_messaging_rabbit/rabbit_password').with_value(param_hash['rabbit_password']).with_secret(true) + end + + it 'should contain correct rabbit heartbeat configuration' do + is_expected.to contain_keystone_config('oslo_messaging_rabbit/heartbeat_timeout_threshold').with_value(param_hash['rabbit_heartbeat_timeout_threshold']) + is_expected.to contain_keystone_config('oslo_messaging_rabbit/heartbeat_rate').with_value(param_hash['rabbit_heartbeat_rate']) end it 'should remove max_token_size param by default' do @@ -634,11 +643,11 @@ describe 'keystone' do end it do - is_expected.to contain_keystone_config('DEFAULT/rabbit_use_ssl').with_value('true') - is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_ca_certs').with_value('/path/to/ssl/ca/certs') - is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_certfile').with_value('/path/to/ssl/cert/file') - is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_keyfile').with_value('/path/to/ssl/keyfile') - is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') + is_expected.to contain_keystone_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') + is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value('/path/to/ssl/ca/certs') + is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value('/path/to/ssl/cert/file') + is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value('/path/to/ssl/keyfile') + is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') end end @@ -654,11 +663,11 @@ describe 'keystone' do end it do - is_expected.to contain_keystone_config('DEFAULT/rabbit_use_ssl').with_value('false') - is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') - is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') - is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') - is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_version').with_ensure('absent') + is_expected.to contain_keystone_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('false') + is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') + is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') + is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') + is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_ssl_version').with_ensure('absent') end end