Update keystone auth for nova
Remove deprecated service entries for authtoken config. Move keystone config from nova class to nova::api class.
This commit is contained in:
parent
0a5ed27e2a
commit
23ae273010
|
@ -146,11 +146,11 @@ class { 'nova':
|
|||
image_service => 'nova.image.glance.GlanceImageService',
|
||||
glance_api_servers => '127.0.0.1:9292',
|
||||
network_manager => 'nova.network.manager.FlatDHCPManager',
|
||||
admin_password => $nova_user_password,
|
||||
}
|
||||
|
||||
class { 'nova::api':
|
||||
enabled => true
|
||||
enabled => true,
|
||||
admin_password => $nova_user_password,
|
||||
}
|
||||
|
||||
class { 'nova::scheduler':
|
||||
|
|
|
@ -169,19 +169,19 @@ node /controller/ {
|
|||
image_service => 'nova.image.glance.GlanceImageService',
|
||||
glance_api_servers => false,
|
||||
network_manager => 'nova.network.manager.FlatDHCPManager',
|
||||
admin_password => $nova_user_password,
|
||||
}
|
||||
|
||||
class { 'nova::api':
|
||||
enabled => true
|
||||
enabled => true,
|
||||
admin_password => $nova_user_password,
|
||||
}
|
||||
|
||||
class { 'nova::scheduler':
|
||||
enabled => true
|
||||
enabled => true,
|
||||
}
|
||||
|
||||
class { 'nova::network':
|
||||
enabled => true
|
||||
enabled => true,
|
||||
}
|
||||
|
||||
nova::manage::network { "nova-vm-net":
|
||||
|
|
|
@ -1,9 +1,18 @@
|
|||
class nova::api(
|
||||
$enabled=false
|
||||
$enabled = false,
|
||||
$auth_strategy = 'keystone',
|
||||
$auth_host = '127.0.0.1',
|
||||
$auth_port = 35357,
|
||||
$auth_protocol = 'http',
|
||||
$admin_tenant_name = 'services',
|
||||
$admin_user = 'nova',
|
||||
$admin_password = 'passw0rd'
|
||||
) {
|
||||
|
||||
include nova::params
|
||||
|
||||
$auth_uri = "${auth_protocol}://${auth_host}:${auth_port}/v2.0"
|
||||
|
||||
# TODO what exactly is this for?
|
||||
# This resource is adding a great deal of comlexity to the overall
|
||||
# modules. Removing it would be great
|
||||
|
@ -23,7 +32,16 @@ class nova::api(
|
|||
service_name => $::nova::params::api_service_name,
|
||||
}
|
||||
|
||||
nova_config { 'api_paste_config': value => '/etc/nova/api-paste.ini' }
|
||||
nova_config {
|
||||
'api_paste_config': value => '/etc/nova/api-paste.ini';
|
||||
'auth_strategy': value => $auth_strategy;
|
||||
}
|
||||
|
||||
if $auth_strategy == 'keystone' {
|
||||
nova_config { 'use_deprecated_auth': value => false }
|
||||
} else {
|
||||
nova_config { 'use_deprecated_auth': value => true }
|
||||
}
|
||||
|
||||
file { '/etc/nova/api-paste.ini':
|
||||
content => template('nova/api-paste.ini.erb'),
|
||||
|
|
|
@ -5,7 +5,7 @@ class nova::compute::libvirt (
|
|||
|
||||
include nova::params
|
||||
|
||||
Service['libvirt'] -> Service['nova-compute'] {
|
||||
Service['libvirt'] -> Service['nova-compute']
|
||||
|
||||
if($::nova::params::compute_package_name) {
|
||||
package { "nova-compute-${libvirt_type}":
|
||||
|
|
|
@ -27,14 +27,6 @@ class nova(
|
|||
$periodic_interval = '60',
|
||||
$report_interval = '10',
|
||||
$root_helper = $::nova::params::root_helper,
|
||||
$auth_strategy = "keystone",
|
||||
$auth_host = '127.0.0.1',
|
||||
$auth_port = 35357,
|
||||
$auth_protocol = 'http',
|
||||
$auth_uri = 'http://127.0.0.1:5000/v2.0',
|
||||
$admin_tenant_name = 'services',
|
||||
$admin_user = 'nova',
|
||||
$admin_password = 'passw0rd',
|
||||
$novncproxy_base_url = 'http://127.0.0.1:6080/vnc_auto.htm'
|
||||
) inherits nova::params {
|
||||
|
||||
|
@ -164,23 +156,15 @@ class nova(
|
|||
'network_manager': value => $network_manager;
|
||||
'multi_host': value => $multi_host_networking;
|
||||
'root_helper': value => $root_helper;
|
||||
'auth_strategy': value => $auth_strategy;
|
||||
# vnc config
|
||||
'novncproxy_base_url': value => $novncproxy_base_url;
|
||||
}
|
||||
|
||||
|
||||
exec { 'post-nova_config':
|
||||
command => '/bin/echo "Nova config has changed"',
|
||||
refreshonly => true,
|
||||
}
|
||||
|
||||
if $auth_strategy == 'keystone' {
|
||||
nova_config { 'use_deprecated_auth': value => false }
|
||||
} else {
|
||||
nova_config { 'use_deprecated_auth': value => true }
|
||||
}
|
||||
|
||||
if $network_manager == 'nova.network.manager.FlatManager' {
|
||||
nova_config {
|
||||
'flat_network_bridge': value => $flat_network_bridge
|
||||
|
|
|
@ -143,9 +143,6 @@ paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
|
|||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
||||
service_protocol = http
|
||||
service_host = 127.0.0.1
|
||||
service_port = 5000
|
||||
auth_host = <%= auth_host %>
|
||||
auth_port = <%= auth_port %>
|
||||
auth_protocol = <%= auth_protocol %>
|
||||
|
|
Loading…
Reference in New Issue