openstack
/
puppet-magnum
Code Issues Proposed changes

Various fixes 

- correcting "host_ip" entry to be "host" entry for magnum.conf
- correcting "userid" to be "rabbit_userid" entry inside magnum.conf
- db sync function
- beaker tests are working on Ubuntu as well
- update metadata.json with new openstacklib version
- as we don't have a database parameters in main class we don't want to pickup values from it inside db class

Adding:
- client class with client package installation
- examples folder with example which works with Mitaka release
- spec for db_sync
- adding nodesets spec for CentOS 7.2
- adding class and spec for creating user and domain for trust setup: http://osdir.com/ml/openstack-dev/2016-02/msg02123.html
- class to configure cert_manager_type properties

Known issues:
- In CentOS/RDP cannot create magnum bay due to the neutron issues: https://bugs.launchpad.net/magnum/+bug/1575524
- Trust domain and trust domain user has to be set to ID, not a names. Bug reported to magnum devs: https://bugs.launchpad.net/puppet-magnum/+bug/1581372

Change-Id: Ib923f79da691b5c71bb1c4efba8935c774598888
This commit is contained in:
Michal Adamczyk 2016-05-06 11:25:33 +02:00
parent fd08f3f481
commit e941ab51fa
15 changed files with 429 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
examples/magnum.pp Normal file
View File

@ -0,0 +1,62 @@
# Example: enabling magnum module in Puppet
rabbitmq_user { 'magnum':
admin => true,
password => 'an_even_bigger_secret',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
rabbitmq_user_permissions { 'magnum@/':
configure_permission => '.*',
write_permission => '.*',
read_permission => '.*',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
class { '::magnum::db::mysql':
password => 'magnum',
}
class { '::magnum::db':
database_connection => 'mysql://magnum:magnum@127.0.0.1/magnum',
}
class { '::magnum::keystone::domain':
domain_password => 'oh_my_no_secret',
}
class { '::magnum::api':
admin_password => 'a_big_secret',
auth_uri => 'http://127.0.0.1:5000/',
identity_uri => 'http://127.0.0.1:35357/',
host => '127.0.0.1',
}
class { '::magnum::keystone::auth':
password => 'a_big_secret',
public_url => 'http://127.0.0.1:9511/v1',
internal_url => 'http://127.0.0.1:9511/v1',
admin_url => 'http://127.0.0.1:9511/v1',
}
class { '::magnum':
rabbit_host => '127.0.0.1',
rabbit_port => '5672',
rabbit_userid => 'magnum',
rabbit_password => 'an_even_bigger_secret',
rabbit_use_ssl => false,
notification_driver => 'messagingv2',
}
class { '::magnum::conductor':
}
class { '::magnum::client':
}
class { '::magnum::certificates':
cert_manager_type => 'local'
}

23
manifests/api.pp
View File

@ -19,7 +19,7 @@
# (Optional) The port for the Magnum API server.
# Defaults to '9511'
#
# [*host_ip*]
# [*host*]
# (Optional) The listen IP for the Magnum API server.
# Defaults to '127.0.0.1'
#
@ -30,17 +30,21 @@
#
# [*auth_uri*]
# (Optional) Complete public identity API endpoint.
# Defaults to 'http://localhost:5000/'
# Defaults to 'http://127.0.0.1:5000/'
#
# [*identity_uri*]
# (Optional) Complete admin identity API endpoint.
# Defaults to 'http://localhost:35357/'
# Defaults to 'http://127.0.0.1:35357/'
#
# [*auth_version*]
# (Optional) API version of the admin identity API endpoint. For example,
# use 'v3' for the keystone version 3 API.
# Defaults to false
#
# [*sync_db*]
# (Optional) Enable DB sync
# Defaults to true
#
# [*admin_tenant_name*]
# (Optional) The name of the tenant to create in keystone for use by Magnum services.
# Defaults to 'services'
@ -55,11 +59,12 @@ class magnum::api(
$package_ensure = 'present',
$enabled = true,
$port = '9511',
$host_ip = '127.0.0.1',
$host = '127.0.0.1',
$max_limit = '1000',
$auth_uri = 'http://localhost:5000/',
$identity_uri = 'http://localhost:35357/',
$auth_uri = 'http://127.0.0.1:5000/',
$identity_uri = 'http://127.0.0.1:35357/',
$auth_version = false,
$sync_db = true,
$admin_tenant_name = 'services',
$admin_user = 'magnum',
) {
@ -67,13 +72,17 @@ class magnum::api(
include ::magnum::params
include ::magnum::policy
if $sync_db {
include ::magnum::db::sync
}
Magnum_config<||> ~> Service['magnum-api']
Class['magnum::policy'] ~> Service['magnum-api']
# Configure API conf
magnum_config {
'api/port' : value => $port;
'api/host_ip' : value => $host_ip;
'api/host' : value => $host;
'api/max_limit' : value => $max_limit;
}

20
manifests/certificates.pp Normal file
View File

@ -0,0 +1,20 @@
# == Class: magnum::certificates
#
# Manages the magnum certificate manager plugin
#
# === Parameters:
#
# [*cert_manager_type*]
# (optional) Certificate Manager plugin. Defaults to barbican. (string value)
# Defaults to 'barbican'
#
class magnum::certificates (
$cert_manager_type = $::os_service_default,
) {
magnum_config { 'certificates/cert_manager_type':
value => $cert_manager_type;
}
}

23
manifests/client.pp Normal file
View File

@ -0,0 +1,23 @@
# == Class: magnum::client
#
# Manages the magnum client package on systems
#
# === Parameters:
#
# [*package_ensure*]
# (optional) The state of the package
# Defaults to present
#
class magnum::client (
$package_ensure = present
) {
include ::magnum::params
package { 'python-magnumclient':
ensure => $package_ensure,
name => $::magnum::params::client_package,
tag => 'openstack',
}
}

2
manifests/conductor.pp
View File

@ -53,7 +53,7 @@ class magnum::conductor(
name => $::magnum::params::conductor_package,
enable => $enabled,
hasstatus => true,
tag => 'magnum-service',
tag => ['magnum-service', 'magnum-db-sync-service'],
}
magnum_config {

30
manifests/db.pp
View File

@ -6,7 +6,7 @@
#
# [*database_connection*]
# Url used to connect to database.
# (Optional) Defaults to "mysql://magnum:secrete@localhost:3306/magnum".
# (Optional) Defaults to "mysql://magnum:magnum@localhost:3306/magnum".
#
# [*database_idle_timeout*]
# Timeout when db connections should be reaped.
@ -34,7 +34,7 @@
# (Optional) Defaults to $::os_service_default
#
class magnum::db (
$database_connection = 'mysql://magnum:secrete@localhost:3306/magnum',
$database_connection = 'mysql://magnum:magnum@localhost:3306/magnum',
$database_idle_timeout = $::os_service_default,
$database_min_pool_size = $::os_service_default,
$database_max_pool_size = $::os_service_default,
@ -43,25 +43,17 @@ class magnum::db (
$database_max_overflow = $::os_service_default,
) {
$database_connection_real = pick($::magnum::database_connection, $database_connection)
$database_idle_timeout_real = pick($::magnum::database_idle_timeout, $database_idle_timeout)
$database_min_pool_size_real = pick($::magnum::database_min_pool_size, $database_min_pool_size)
$database_max_pool_size_real = pick($::magnum::database_max_pool_size, $database_max_pool_size)
$database_max_retries_real = pick($::magnum::database_max_retries, $database_max_retries)
$database_retry_interval_real = pick($::magnum::database_retry_interval, $database_retry_interval)
$database_max_overflow_real = pick($::magnum::database_max_overflow, $database_max_overflow)
validate_re($database_connection_real,
'(mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?')
validate_re($database_connection,
'^(mysql(\+pymysql)?|postgresql):\/\/(\S+:\S+@\S+\/\S+)?')
oslo::db { 'magnum_config':
connection => $database_connection_real,
idle_timeout => $database_idle_timeout_real,
min_pool_size => $database_min_pool_size_real,
max_pool_size => $database_max_pool_size_real,
max_retries => $database_max_retries_real,
retry_interval => $database_retry_interval_real,
max_overflow => $database_max_overflow_real,
connection => $database_connection,
idle_timeout => $database_idle_timeout,
min_pool_size => $database_min_pool_size,
max_pool_size => $database_max_pool_size,
max_retries => $database_max_retries,
retry_interval => $database_retry_interval,
max_overflow => $database_max_overflow,
}
}

5
manifests/db/sync.pp
View File

@ -14,10 +14,10 @@
#
class magnum::db::sync(
$user = 'magnum',
$extra_params = undef,
$extra_params = '--config-file /etc/magnum/magnum.conf',
) {
exec { 'magnum-db-sync':
command => "magnum-db-manage upgrade ${extra_params}",
command => "magnum-db-manage ${extra_params} upgrade head",
path => '/usr/bin',
user => $user,
refreshonly => true,
@ -27,4 +27,5 @@ class magnum::db::sync(
Package<| tag == 'magnum-package' |> ~> Exec['magnum-db-sync']
Exec['magnum-db-sync'] ~> Service<| tag == 'magnum-db-sync-service' |>
Magnum_config<| title == 'database/connection' |> ~> Exec['magnum-db-sync']
Magnum_config <| |> ~> Exec['magnum-db-sync']
}

85
manifests/keystone/domain.pp Normal file
View File

@ -0,0 +1,85 @@
# == Class: magnum::keystone::domain
#
# Configures magnum domain in Keystone.
#
# === Parameters
#
# [*domain_name*]
# magnum domain name. Defaults to 'magnum'.
#
# [*domain_admin*]
# Keystone domain admin user which will be created. Defaults to 'magnum_admin'.
#
# [*domain_admin_email*]
# Keystone domain admin user email address. Defaults to 'magnum_admin@localhost'.
#
# [*domain_password*]
# Keystone domain admin user password. Defaults to 'changeme'.
#
# [*manage_domain*]
# Whether manage or not the domain creation.
# If using the default domain, it needs to be False because puppet-keystone
# can already manage it.
# Defaults to 'true'.
#
# [*manage_user*]
# Whether manage or not the user creation.
# Defaults to 'true'.
#
# [*manage_role*]
# Whether manage or not the user role creation.
# Defaults to 'true'.
#
class magnum::keystone::domain (
$domain_name = 'magnum',
$domain_admin = 'magnum_admin',
$domain_admin_email = 'magnum_admin@localhost',
$domain_password = 'changeme',
$manage_domain = true,
$manage_user = true,
$manage_role = true,
) {
include ::magnum::params
if $manage_domain {
ensure_resource('keystone_domain', $domain_name, {
'ensure' => 'present',
'enabled' => true,
}
)
}
if $manage_user {
ensure_resource('keystone_user', "${domain_admin}::${domain_name}", {
'ensure' => 'present',
'enabled' => true,
'email' => $domain_admin_email,
'password' => $domain_password,
}
)
}
if $manage_role {
ensure_resource('keystone_user_role', "${domain_admin}::${domain_name}@::${domain_name}", {
'roles' => ['admin'],
}
)
}
# TODO(vanditboy): wait for a bugfix https://bugs.launchpad.net/puppet-magnum/+bug/1581372 or wirte
# a custom type to get ID.
magnum_config {
#'trust/trustee_domain_id':
# value => $domain_name;
#'trust/trustee_domain_admin_id':
# value => $domain_admin;
'trust/trustee_domain_admin_password':
value => $domain_password,
secret => true;
}
}

2
manifests/params.pp
View File

@ -11,6 +11,7 @@ class magnum::params {
# service names
$api_service = 'openstack-magnum-api'
$conductor_service = 'openstack-magnum-conductor'
$client_package = 'python2-magnumclient'
}
'Debian': {
# package names
@ -20,6 +21,7 @@ class magnum::params {
# service names
$api_service = 'magnum-api'
$conductor_service = 'magnum-conductor'
$client_package = 'python-magnumclient'
}
default: {
fail("Unsupported osfamily: ${::osfamily} operatingsystem")

63
spec/acceptance/basic_magnum_spec.rb
View File

@ -32,34 +32,55 @@ describe 'basic magnum' do
# Magnum resources
class { '::magnum::keystone::auth':
password => 'a_big_secret',
password => 'a_big_secret',
public_url => 'http://127.0.0.1:9511/v1',
internal_url => 'http://127.0.0.1:9511/v1',
admin_url => 'http://127.0.0.1:9511/v1',
}
class { '::magnum::db::mysql':
password => 'a_big_secret',
}
case $::osfamily {
'Debian': {
warning('Magnum is not yet packaged on Ubuntu systems.')
}
'RedHat': {
class { '::magnum': }
class { '::magnum::api':
admin_password => 'a_big_secret',
}
class { '::magnum::conductor': }
}
}
EOS
class { '::magnum::db::mysql':
password => 'magnum',
}
class { '::magnum::db':
database_connection => 'mysql://magnum:magnum@127.0.0.1/magnum',
}
class { '::magnum::keystone::domain':
domain_password => 'oh_my_no_secret',
}
class { '::magnum':
rabbit_host => '127.0.0.1',
rabbit_port => '5672',
rabbit_userid => 'magnum',
rabbit_password => 'an_even_bigger_secret',
rabbit_use_ssl => false,
notification_driver => 'messagingv2',
}
class { '::magnum::api':
admin_password => 'a_big_secret',
auth_uri => 'http://127.0.0.1:5000/',
identity_uri => 'http://127.0.0.1:35357/',
host => '127.0.0.1',
}
class { '::magnum::conductor': }
class { '::magnum::client': }
class { '::magnum::certificates':
cert_manager_type => 'local'
}
EOS
# Run it twice to test for idempotency
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
if os[:family].casecmp('RedHat') == 0
describe port(9511) do
it { is_expected.to be_listening }
end
describe port(9511) do
it { is_expected.to be_listening.with('tcp') }
end
end

11
spec/acceptance/nodesets/centos-72-x64.yml Normal file
View File

@ -0,0 +1,11 @@
HOSTS:
centos-server-72-x64:
roles:
- master
platform: el-7-x86_64
box: puppetlabs/centos-7.2-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/centos-7.2-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: foss

51
spec/classes/magnum_api_spec.rb
View File

@ -9,10 +9,11 @@ describe 'magnum::api' do
{ :package_ensure => 'present',
:enabled => true,
:port => '9511',
:host_ip => '127.0.0.1',
:host => '127.0.0.1',
:max_limit => '1000',
:auth_uri => 'http://localhost:5000/',
:identity_uri => 'http://localhost:35357/',
:auth_uri => 'http://127.0.0.1:5000/',
:identity_uri => 'http://127.0.0.1:35357/',
:sync_db => 'true',
:admin_tenant_name => 'services',
:admin_user => 'magnum',
}
@ -50,7 +51,7 @@ describe 'magnum::api' do
it 'configures magnum.conf' do
is_expected.to contain_magnum_config('api/port').with_value(p[:port])
is_expected.to contain_magnum_config('api/host_ip').with_value(p[:host_ip])
is_expected.to contain_magnum_config('api/host').with_value(p[:host])
is_expected.to contain_magnum_config('api/max_limit').with_value(p[:max_limit])
is_expected.to contain_magnum_config('keystone_authtoken/admin_password').with_value(p[:admin_password]).with_secret(true)
is_expected.to contain_magnum_config('keystone_authtoken/admin_user').with_value(p[:admin_user])
@ -62,17 +63,17 @@ describe 'magnum::api' do
context 'when overriding parameters' do
before :each do
params.merge!(
:port => '1234',
:host_ip => '0.0.0.0',
:max_limit => '10',
:auth_uri => 'http://10.0.0.1:5000/',
:identity_uri => 'http://10.0.0.1:35357/',
:port => '1234',
:host => '0.0.0.0',
:max_limit => '10',
:auth_uri => 'http://127.0.0.1:5000/',
:identity_uri => 'http://127.0.0.1:35357/',
)
end
it 'should replace default parameters with new values' do
is_expected.to contain_magnum_config('api/port').with_value(p[:port])
is_expected.to contain_magnum_config('api/host_ip').with_value(p[:host_ip])
is_expected.to contain_magnum_config('api/host').with_value(p[:host])
is_expected.to contain_magnum_config('api/max_limit').with_value(p[:max_limit])
is_expected.to contain_magnum_config('keystone_authtoken/admin_password').with_value(p[:admin_password]).with_secret(true)
is_expected.to contain_magnum_config('keystone_authtoken/admin_user').with_value(p[:admin_user])
@ -84,29 +85,21 @@ describe 'magnum::api' do
end
context 'on Debian platforms' do
let :facts do
@default_facts.merge({ :osfamily => 'Debian' })
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
let :platform_params do
{ :api_package => 'magnum-api',
:api_service => 'magnum-api' }
end
it_configures 'magnum-api'
end
context 'on RedHat platforms' do
let :facts do
@default_facts.merge({ :osfamily => 'RedHat' })
end
let :platform_params do
let :platform_params do
{ :api_service => 'magnum-api' }
end
it_configures 'magnum-api'
end
it_configures 'magnum-api'
end
end

2
spec/classes/magnum_db_spec.rb
View File

@ -4,7 +4,7 @@ describe 'magnum::db' do
shared_examples 'magnum::db' do
context 'with default parameters' do
it { is_expected.to contain_magnum_config('database/connection').with_value('mysql://magnum:secrete@localhost:3306/magnum') }
it { is_expected.to contain_magnum_config('database/connection').with_value('mysql://magnum:magnum@localhost:3306/magnum') }
it { is_expected.to contain_magnum_config('database/idle_timeout').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_magnum_config('database/min_pool_size').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_magnum_config('database/max_retries').with_value('<SERVICE DEFAULT>') }

48
spec/classes/magnum_db_sync_spec.rb Normal file
View File

@ -0,0 +1,48 @@
require 'spec_helper'
describe 'magnum::db::sync' do
shared_examples_for 'magnum-dbsync' do
it 'runs magnum-db-sync' do
is_expected.to contain_exec('magnum-db-sync').with(
:command => 'magnum-db-manage --config-file /etc/magnum/magnum.conf upgrade head',
:path => '/usr/bin',
:refreshonly => 'true',
:logoutput => 'on_failure'
)
end
describe "overriding extra_params" do
let :params do
{
:extra_params => '--config-file /etc/magnum/magnum.conf',
}
end
it {
is_expected.to contain_exec('magnum-db-sync').with(
:command => 'magnum-db-manage --config-file /etc/magnum/magnum.conf upgrade head',
:path => '/usr/bin',
:refreshonly => 'true',
:logoutput => 'on_failure'
)
}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_configures 'magnum-dbsync'
end
end
end

82
spec/classes/magnum_keystone_domain_spec.rb Normal file
View File

@ -0,0 +1,82 @@
require 'spec_helper'
describe 'magnum::keystone::domain' do
let :params do {
:domain_name => 'magnum',
:domain_admin => 'magnum_admin',
:domain_admin_email => 'magnum_admin@localhost',
:domain_password => 'domain_passwd'
}
end
shared_examples_for 'magnum keystone domain' do
it 'configure magnum.conf' do
#is_expected.to contain_magnum_config('trust/trustee_domain_admin_id').with_value(params[:domain_admin])
is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_value(params[:domain_password])
is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_secret(true)
#is_expected.to contain_magnum_config('trust/trustee_domain_id').with_value(params[:domain_name])
end
it 'should create keystone domain' do
is_expected.to contain_keystone_domain(params[:domain_name]).with(
:ensure => 'present',
:enabled => 'true',
:name => params[:domain_name]
)
is_expected.to contain_keystone_user("#{params[:domain_admin]}::#{params[:domain_name]}").with(
:ensure => 'present',
:enabled => 'true',
:email => params[:domain_admin_email],
:password => params[:domain_password],
)
is_expected.to contain_keystone_user_role("#{params[:domain_admin]}::#{params[:domain_name]}@::#{params[:domain_name]}").with(
:roles => ['admin'],
)
end
context 'when not managing the domain creation' do
before do
params.merge!(
:manage_domain => false
)
end
it { is_expected.to_not contain_keystone_domain('magnum_domain') }
end
context 'when not managing the user creation' do
before do
params.merge!(
:manage_user => false
)
end
it { is_expected.to_not contain_keystone_user("#{params[:domain_admin]}::#{params[:domain_name]}") }
end
context 'when not managing the user role creation' do
before do
params.merge!(
:manage_role => false
)
end
it { is_expected.to_not contain_keystone_user_role("#{params[:domain_admin]}::#{params[:domain_name]}@::#{params[:domain_name]}") }
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_configures 'magnum keystone domain'
end
end
end