openstack
/
puppet-keystone
Code Issues Proposed changes

Deprecate options related to eventlet server 

The usage of eventlet server in keystone was already depreacted,
so we should deprecate parameters related to the feature.

Notes:
 - public_bind_host and public_port still remain as valid parameters,
   to wait until users migrate to public_endpoint, which should be
   used instead.
 - admin_endpoint does not affect keystone configuration, but it is
   not yet deprecated as it is still used when validate_service is True.

Change-Id: Ibc8023caf8ad4ee16ebc08a943bdcc9f188c73c1
This commit is contained in:
Takashi Kajinami 2019-08-22 17:03:14 +09:00
parent a4f74ef5fa
commit bfcc84b73e
3 changed files with 95 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
manifests/init.pp
View File

@ -13,14 +13,6 @@
# accepts latest or specific versions.
# Defaults to present.
#
# [*public_port*]
# (Optional) Port that keystone binds to.
# Defaults to '5000'
#
# [*admin_port*]
# (Optional) Port that can be used for admin tasks.
# Defaults to '35357'
#
# [*admin_token*]
# Admin token that can be used to authenticate as a keystone
# admin. This is not the password for the admin user
@ -257,14 +249,6 @@
# (Optional) Seconds to wait for a response from a call.
# Defaults to $::os_service_default
#
# [*public_bind_host*]
# (Optional) The IP address of the public network interface to listen on
# Default to '0.0.0.0'.
#
# [*admin_bind_host*]
# (Optional) The IP address of the public network interface to listen on
# Default to '0.0.0.0'.
#
# [*log_dir*]
# (Optional) Directory where logs should be stored
# If set to $::os_service_default, it will not log to any directory
@ -274,14 +258,6 @@
# (Optional) Where to log
# Defaults to undef.
#
# [*public_endpoint*]
# (Optional) The base public endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how
# keystone listens for connections) (string value)
# If set to false, no public_endpoint will be defined in keystone.conf.
# Sample value: 'http://localhost:5000/'
# Defaults to $::os_service_default
#
# [*admin_endpoint*]
# (Optional) The base admin endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how keystone listens
@ -290,6 +266,14 @@
# Sample value: 'http://localhost:5000/'
# Defaults to $::os_service_default
#
# [*public_endpoint*]
# (Optional) The base public endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how
# keystone listens for connections) (string value)
# If set to false, no public_endpoint will be defined in keystone.conf.
# Sample value: 'http://localhost:5000/'
# Defaults to $::os_service_default
#
# [*enable_ssl*]
# (Optional) Toggle for SSL support on the keystone eventlet servers.
# (boolean value)
@ -361,18 +345,6 @@
# (Optional) maximum allowable Keystone token size
# Defaults to $::os_service_default
#
# [*admin_workers*]
# (Optional) The number of worker processes to serve the admin eventlet application.
# This option is deprecated along with eventlet and will be removed in M.
# This setting has no affect when using WSGI.
# Defaults to $::os_workers
#
# [*public_workers*]
# (Optional) The number of worker processes to serve the public eventlet application.
# This option is deprecated along with eventlet and will be removed in M.
# This setting has no affect when using WSGI.
# Defaults to $::os_workers
#
# [*sync_db*]
# (Optional) Run db sync on the node.
# Defaults to true
@ -547,6 +519,34 @@
#
# === DEPRECATED PARAMETERS
#
# [*admin_bind_host*]
# (Optional) The IP address of the public network interface to listen on
# Default to '0.0.0.0'.
#
# [*public_bind_host*]
# (Optional) The IP address of the public network interface to listen on
# Default to '0.0.0.0'.
#
# [*admin_port*]
# (Optional) Port that can be used for admin tasks.
# Defaults to '35357'
#
# [*public_port*]
# (Optional) Port that keystone binds to.
# Defaults to '5000'
#
# [*admin_workers*]
# (Optional) The number of worker processes to serve the admin eventlet application.
# This option is deprecated along with eventlet and will be removed in M.
# This setting has no affect when using WSGI.
# Defaults to undef
#
# [*public_workers*]
# (Optional) The number of worker processes to serve the public eventlet application.
# This option is deprecated along with eventlet and will be removed in M.
# This setting has no affect when using WSGI.
# Defaults to undef
#
# [*cache_dir*]
# (Optional) Directory created when token_provider is pki. This folder is not
# created unless enable_pki_setup is set to True.
@ -589,10 +589,6 @@ class keystone(
$admin_password = undef,
$package_ensure = 'present',
$client_package_ensure = 'present',
$public_bind_host = '0.0.0.0',
$admin_bind_host = '0.0.0.0',
$public_port = '5000',
$admin_port = '35357',
$log_dir = undef,
$log_file = undef,
$catalog_type = 'sql',
@ -604,8 +600,8 @@ class keystone(
$password_hash_rounds = $::os_service_default,
$revoke_driver = $::os_service_default,
$revoke_by_id = true,
$public_endpoint = $::os_service_default,
$admin_endpoint = $::os_service_default,
$public_endpoint = $::os_service_default,
$enable_ssl = false,
$ssl_certfile = '/etc/keystone/ssl/certs/keystone.pem',
$ssl_keyfile = '/etc/keystone/ssl/private/keystonekey.pem',
@ -684,8 +680,12 @@ class keystone(
$purge_config = false,
$amqp_durable_queues = $::os_service_default,
# DEPRECATED PARAMETERS
$admin_workers = $::os_workers,
$public_workers = $::os_workers,
$admin_bind_host = undef,
$public_bind_host = undef,
$admin_port = undef,
$public_port = undef,
$admin_workers = undef,
$public_workers = undef,
$cache_dir = undef,
$token_driver = undef,
) inherits keystone::params {
@ -702,18 +702,48 @@ class keystone(
warning('keystone::token_driver is deprecated, has no effect and will be removed in a later release')
}
if $admin_bind_host {
warning('keystone::admin_bond_host is deprecated, has not effect and will be removed in a later relase')
}
if $admin_port {
warning('keystone::admin_port is deprecated, has not effect and will be removed in a later relase')
}
if $admin_workers {
warning('keystone::admin_workers is deprecated, has no effect and will be removed in a later release')
}
if $public_workers {
warning('keystone::public_workers is deprecated, has no effect and will be removed in a later release')
}
if ! $catalog_driver {
validate_legacy(Enum['template', 'sql'], 'validate_re', $catalog_type)
}
if ($admin_endpoint and 'v2.0' in $admin_endpoint) {
warning('Version string /v2.0/ should not be included in keystone::admin_endpoint')
if ! $public_endpoint {
warning('keystone::public_endpoint is not set will be required in a later release')
}
if ($public_endpoint and 'v2.0' in $public_endpoint) {
warning('Version string /v2.0/ should not be included in keystone::public_endpoint')
}
if $public_bind_host {
warning('keystone::public_bind_host is deprecated, and will have no effect and be removed in a later release.')
$public_bind_host_real = $public_bind_host
} else {
$public_bind_host_real = '0.0.0.0'
}
if $public_port {
warning('keystone::public_port is deprecated, and will have no effect and be removed in a later release')
$public_port_real = $public_port
} else {
$public_port_real = '5000'
}
if $admin_password == undef {
warning("admin_password is required, please set admin_password to a value != admin_token. \
admin_token will be removed in a later release")
@ -764,7 +794,6 @@ admin_token will be removed in a later release")
# Endpoint configuration
keystone_config {
'DEFAULT/public_endpoint': value => $public_endpoint;
'DEFAULT/admin_endpoint': value => $admin_endpoint;
}
keystone_config {
@ -890,12 +919,8 @@ admin_token will be removed in a later release")
}
keystone_config {
'eventlet_server/public_bind_host': value => $public_bind_host;
'eventlet_server/admin_bind_host': value => $admin_bind_host;
'eventlet_server/public_port': value => $public_port;
'eventlet_server/admin_port': value => $admin_port;
'eventlet_server/admin_workers': value => $admin_workers;
'eventlet_server/public_workers': value => $public_workers;
'eventlet_server/public_bind_host': value => $public_bind_host_real;
'eventlet_server/public_port': value => $public_port_real;
}
if $manage_service {

17
releasenotes/notes/deprecate-eventlet-server-c39f0e958d19848e.yaml Normal file
View File

@ -0,0 +1,17 @@
---
deprecations:
- |
keystone::admin_bind_host and keystone::admin_port are deprecated and
ignored as the correspoding options in keystone were already deprecated.
- |
Now keystone::admin_endpoint does not affect keystone configuration,
as the corresponding parameter in keystone was already removed.
- |
keystone::public_bind_host and keystone::public_port are deprecated.
They still works as valid hieradata to generate endpoint information
used in keystone resource creation, but will be ignored in future.
Use keystone::public_endpoint instead, which will be necessory option
in the future to define public endpoint.
- |
keystone::admin_workers and keystone::public_workers are deprecated,
and now are ignored.

30
spec/classes/keystone_init_spec.rb
View File

@ -24,9 +24,7 @@ describe 'keystone' do
'package_ensure' => 'present',
'client_package_ensure' => 'present',
'public_bind_host' => '0.0.0.0',
'admin_bind_host' => '0.0.0.0',
'public_port' => '5000',
'admin_port' => '35357',
'catalog_type' => 'sql',
'catalog_driver' => false,
'token_provider' => 'fernet',
@ -51,8 +49,6 @@ describe 'keystone' do
'rabbit_heartbeat_timeout_threshold' => '<SERVICE DEFAULT>',
'rabbit_heartbeat_rate' => '<SERVICE DEFAULT>',
'amqp_durable_queues' => '<SERVICE DEFAULT>',
'admin_workers' => 20,
'public_workers' => 20,
'member_role_id' => '<SERVICE DEFAULT>',
'member_role_name' => '<SERVICE DEFAULT>',
'sync_db' => true,
@ -65,9 +61,7 @@ describe 'keystone' do
'package_ensure' => 'latest',
'client_package_ensure' => 'latest',
'public_bind_host' => '0.0.0.0',
'admin_bind_host' => '0.0.0.0',
'public_port' => '5001',
'admin_port' => '35358',
'admin_token' => 'service_token_override',
'admin_password' => 'admin_openstack_password',
'catalog_type' => 'template',
@ -77,7 +71,6 @@ describe 'keystone' do
'revoke_driver' => 'kvs',
'revoke_by_id' => false,
'public_endpoint' => 'https://localhost:5000/v2.0/',
'admin_endpoint' => 'https://localhost:5000/v2.0/',
'enable_ssl' => true,
'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem',
'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem',
@ -184,12 +177,7 @@ describe 'keystone' do
is_expected.to contain_keystone_config('token/revoke_by_id').with_value(param_hash['revoke_by_id'])
end
it 'should ensure proper setting of admin_endpoint and public_endpoint' do
if param_hash['admin_endpoint']
is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value(param_hash['admin_endpoint'])
else
is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('<SERVICE DEFAULT>')
end
it 'should ensure proper setting of public_endpoint' do
if param_hash['public_endpoint']
is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint'])
else
@ -214,23 +202,11 @@ describe 'keystone' do
it 'should contain correct eventlet server config' do
[
'public_bind_host',
'admin_bind_host',
'public_port',
'admin_port',
].each do |config|
is_expected.to contain_keystone_config("eventlet_server/#{config}").with_value(param_hash[config])
end
if param_hash['admin_workers']
is_expected.to contain_keystone_config('eventlet_server/admin_workers').with_value(param_hash['admin_workers'])
else
is_expected.to contain_keystone_config('eventlet_server/admin_workers').with_value('2')
end
if param_hash['public_workers']
is_expected.to contain_keystone_config('eventlet_server/public_workers').with_value(param_hash['public_workers'])
else
is_expected.to contain_keystone_config('eventlet_server/public_workers').with_value('2')
end
end
it 'should ensure rabbit_ha_queues' do
@ -541,7 +517,6 @@ describe 'keystone' do
'admin_token' => 'service_token',
'enable_ssl' => true,
'public_endpoint' => 'https://localhost:5000/v2.0/',
'admin_endpoint' => 'https://localhost:5000/v2.0/',
}
end
it {is_expected.to contain_keystone_config('ssl/enable').with_value(true)}
@ -551,7 +526,6 @@ describe 'keystone' do
it {is_expected.to contain_keystone_config('ssl/ca_key').with_value('/etc/keystone/ssl/private/cakey.pem')}
it {is_expected.to contain_keystone_config('ssl/cert_subject').with_value('/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost')}
it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('https://localhost:5000/v2.0/')}
it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('https://localhost:5000/v2.0/')}
end
describe 'when disabling SSL' do
let :params do
@ -562,7 +536,6 @@ describe 'keystone' do
end
it {is_expected.to contain_keystone_config('ssl/enable').with_value(false)}
it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('<SERVICE DEFAULT>')}
it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('<SERVICE DEFAULT>')}
end
describe 'not setting notification settings by default' do
let :params do
@ -714,7 +687,6 @@ describe 'keystone' do
}
end
it { is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('http://some.host:5000') }
it { is_expected.to contain_class('keystone::service').with(
'validate' => true,
'admin_endpoint' => 'http://some.host:5000/v2.0'