Browse Source

Merge "Unset public_endpoint by default"

master
Zuul 4 days ago
committed by Gerrit Code Review
parent
commit
3b03d50a15
3 changed files with 14 additions and 83 deletions
  1. +7
    -40
      manifests/init.pp
  2. +6
    -0
      releasenotes/notes/unset-public_endpoint-1f28429335f3d0d7.yaml
  3. +1
    -43
      spec/classes/keystone_init_spec.rb

+ 7
- 40
manifests/init.pp View File

@@ -211,10 +211,7 @@
# (Optional) The base public endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how
# keystone listens for connections) (string value)
# If set to false, public_endpoint will be set from public_bind_host and
# public_port, or default to http://127.0.0.1:5000
# Sample value: 'http://localhost:5000/'
# Defaults to undef
# Defaults to $::os_service_default
#
# [*enable_ssl*]
# (Optional) Toggle for SSL support on the keystone eventlet servers.
@@ -565,7 +562,7 @@ class keystone(
$revoke_driver = $::os_service_default,
$revoke_by_id = true,
$admin_endpoint = $::os_service_default,
$public_endpoint = undef,
$public_endpoint = $::os_service_default,
$enable_ssl = false,
$ssl_certfile = '/etc/keystone/ssl/certs/keystone.pem',
$ssl_keyfile = '/etc/keystone/ssl/private/keystonekey.pem',
@@ -683,43 +680,13 @@ class keystone(
}

if $public_bind_host {
warning('keystone::public_bind_host is deprecated, and will have no effect and be removed in a later release.')
case $public_bind_host {
'0.0.0.0': {
$public_host = '127.0.0.1'
}
'::0': {
$public_host = '[::1]'
}
default: {
$public_host = normalize_ip_for_uri($public_bind_host)
}
}
} else {
$public_host = '127.0.0.1'
warning('keystone::public_bind_host is deprecated. This parameter has no effect and \
will be removed in a later release.')
}

if $public_port {
warning('keystone::public_port is deprecated, and will have no effect and be removed in a later release')
$public_port_real = $public_port
} else {
$public_port_real = '5000'
}

if ! $public_endpoint {
warning('keystone::public_endpoint is not set, but will be required in a later release')

if $enable_ssl {
$public_protocol = 'https'
} else {
$public_protocol = 'http'
}
$public_endpoint_real = "${public_protocol}://${public_host}:${$public_port_real}"
} else {
if ('v2.0' in $public_endpoint) {
warning('Version string /v2.0/ should not be included in keystone::public_endpoint')
}
$public_endpoint_real = $public_endpoint
warning('keystone::public_port is deprecated. This parameter has no effect and \
will be removed in a later release')
}

if $manage_policyrcd {
@@ -762,7 +729,7 @@ class keystone(

# Endpoint configuration
keystone_config {
'DEFAULT/public_endpoint': value => $public_endpoint_real;
'DEFAULT/public_endpoint': value => $public_endpoint;
}

keystone_config {


+ 6
- 0
releasenotes/notes/unset-public_endpoint-1f28429335f3d0d7.yaml View File

@@ -0,0 +1,6 @@
---
fixes:
- |
The ``default/public_endpiint`` parameter is no longer set by default
because of known issue with different hosts/protocol used for each
endpoints (especially for admin endpoint and public endpoint)

+ 1
- 43
spec/classes/keystone_init_spec.rb View File

@@ -164,7 +164,7 @@ describe 'keystone' do
if param_hash['public_endpoint']
is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint'])
else
is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('http://127.0.0.1:5000')
is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('<SERVICE DEFAULT>')
end
end

@@ -265,45 +265,6 @@ describe 'keystone' do
) }
end

describe 'when public_bind_host or public_bind_port are set' do
describe 'when ipv6 loopback is set' do
let :params do
{
:public_bind_host => '::0'
}
end
it { is_expected.to contain_keystone_config("DEFAULT/public_endpoint").with_value('http://[::1]:5000') }
end

describe 'when ipv4 address is set' do
let :params do
{
:public_bind_host => '192.168.0.1',
:public_port => '15000'
}
end
it { is_expected.to contain_keystone_config("DEFAULT/public_endpoint").with_value('http://192.168.0.1:15000') }
end

describe 'when unenclosed ipv6 address is set' do
let :params do
{
:public_bind_host => '2001:db8::1'
}
end
it { is_expected.to contain_keystone_config("DEFAULT/public_endpoint").with_value('http://[2001:db8::1]:5000') }
end

describe 'when enclosed ipv6 address is set' do
let :params do
{
:public_bind_host => '[2001:db8::1]'
}
end
it { is_expected.to contain_keystone_config("DEFAULT/public_endpoint").with_value('http://[2001:db8::1]:5000') }
end
end

describe 'when using invalid service name for keystone' do
let (:params) { {'service_name' => 'foo'}.merge(default_params) }

@@ -384,7 +345,6 @@ describe 'keystone' do
let :params do
{
'enable_ssl' => true,
'public_endpoint' => 'https://localhost:5000',
}
end
it {is_expected.to contain_keystone_config('ssl/enable').with_value(true)}
@@ -393,7 +353,6 @@ describe 'keystone' do
it {is_expected.to contain_keystone_config('ssl/ca_certs').with_value('/etc/keystone/ssl/certs/ca.pem')}
it {is_expected.to contain_keystone_config('ssl/ca_key').with_value('/etc/keystone/ssl/private/cakey.pem')}
it {is_expected.to contain_keystone_config('ssl/cert_subject').with_value('/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost')}
it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('https://localhost:5000')}
end

describe 'when disabling SSL' do
@@ -403,7 +362,6 @@ describe 'keystone' do
}
end
it {is_expected.to contain_keystone_config('ssl/enable').with_value(false)}
it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('http://127.0.0.1:5000')}
end

describe 'not setting notification settings by default' do


Loading…
Cancel
Save