Update keystone auth for nova

Remove deprecated service entries for authtoken config. Move keystone config from nova class to nova::api class.
2012-04-23 17:46:17 -07:00 · 2012-04-23 17:46:17 -07:00 · 23ae273010
parent 0a5ed27e2a
commit 23ae273010
6 changed files with 27 additions and 28 deletions
--- a/examples/all.pp
+++ b/examples/all.pp
@ -146,11 +146,11 @@ class { 'nova':
  image_service      => 'nova.image.glance.GlanceImageService',
  glance_api_servers => '127.0.0.1:9292',
  network_manager    => 'nova.network.manager.FlatDHCPManager',
-  admin_password     => $nova_user_password,
 }

 class { 'nova::api':
-  enabled => true
+  enabled        => true,
+  admin_password => $nova_user_password,
 }

 class { 'nova::scheduler':
--- a/examples/multi.pp
+++ b/examples/multi.pp
@ -169,19 +169,19 @@ node /controller/ {
    image_service      => 'nova.image.glance.GlanceImageService',
    glance_api_servers => false,
    network_manager    => 'nova.network.manager.FlatDHCPManager',
-    admin_password     => $nova_user_password,
  }

  class { 'nova::api':
-    enabled => true
+    enabled        => true,
+    admin_password => $nova_user_password,
  }

  class { 'nova::scheduler':
-    enabled => true
+    enabled => true,
  }

  class { 'nova::network':
-    enabled => true
+    enabled => true,
  }

  nova::manage::network { "nova-vm-net":
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -1,9 +1,18 @@
 class nova::api(
-  $enabled=false
+  $enabled           = false,
+  $auth_strategy     = 'keystone',
+  $auth_host         = '127.0.0.1',
+  $auth_port         = 35357,
+  $auth_protocol     = 'http',
+  $admin_tenant_name = 'services',
+  $admin_user        = 'nova',
+  $admin_password    = 'passw0rd'
 ) {

  include nova::params

+  $auth_uri = "${auth_protocol}://${auth_host}:${auth_port}/v2.0"
+
  # TODO what exactly is this for?
  # This resource is adding a great deal of comlexity to the overall
  # modules. Removing it would be great
@ -23,7 +32,16 @@ class nova::api(
    service_name => $::nova::params::api_service_name,
  }

-  nova_config { 'api_paste_config': value => '/etc/nova/api-paste.ini' }
+  nova_config {
+    'api_paste_config': value => '/etc/nova/api-paste.ini';
+    'auth_strategy': value => $auth_strategy;
+  }
+
+  if $auth_strategy == 'keystone' {
+    nova_config { 'use_deprecated_auth': value => false }
+  } else {
+    nova_config { 'use_deprecated_auth': value => true }
+  }

  file { '/etc/nova/api-paste.ini':
    content => template('nova/api-paste.ini.erb'),
--- a/manifests/compute/libvirt.pp
+++ b/manifests/compute/libvirt.pp
@ -5,7 +5,7 @@ class nova::compute::libvirt (

  include nova::params

-  Service['libvirt'] -> Service['nova-compute'] {
+  Service['libvirt'] -> Service['nova-compute']

  if($::nova::params::compute_package_name) {
    package { "nova-compute-${libvirt_type}":
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -27,14 +27,6 @@ class nova(
  $periodic_interval = '60',
  $report_interval = '10',
  $root_helper = $::nova::params::root_helper,
-  $auth_strategy = "keystone",
-  $auth_host = '127.0.0.1',
-  $auth_port = 35357,
-  $auth_protocol = 'http',
-  $auth_uri = 'http://127.0.0.1:5000/v2.0',
-  $admin_tenant_name = 'services',
-  $admin_user = 'nova',
-  $admin_password = 'passw0rd',
  $novncproxy_base_url = 'http://127.0.0.1:6080/vnc_auto.htm'
 ) inherits nova::params {

@ -164,23 +156,15 @@ class nova(
    'network_manager': value => $network_manager;
    'multi_host': value => $multi_host_networking;
    'root_helper': value => $root_helper;
-    'auth_strategy': value => $auth_strategy;
    # vnc config
    'novncproxy_base_url': value => $novncproxy_base_url;
  }

-
  exec { 'post-nova_config':
    command => '/bin/echo "Nova config has changed"',
    refreshonly => true,
  }

-  if $auth_strategy == 'keystone' {
-    nova_config { 'use_deprecated_auth': value => false }
-  } else {
-    nova_config { 'use_deprecated_auth': value => true }
-  }
-
  if $network_manager == 'nova.network.manager.FlatManager' {
    nova_config {
      'flat_network_bridge': value => $flat_network_bridge
--- a/templates/api-paste.ini.erb
+++ b/templates/api-paste.ini.erb
@ -143,9 +143,6 @@ paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory

 [filter:authtoken]
 paste.filter_factory = keystone.middleware.auth_token:filter_factory
-service_protocol = http
-service_host = 127.0.0.1
-service_port = 5000
 auth_host = <%= auth_host %>
 auth_port = <%= auth_port %>
 auth_protocol = <%= auth_protocol %>