Add parameters to configure vendordata dynamic plugins' auth
These plugins can support keystone authentication; but need some auth parameters to be configured. Change-Id: I870e244aff97439143b58e9b2284830b4388cc5f
This commit is contained in:
Juan Antonio Osorio Robles
parent
210a3161e5
commit
d80cb9ab16
199
manifests/api.pp
199
manifests/api.pp
@ -215,6 +215,39 @@
|
||||
# and in others you need it set there.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*vendordata_dynamic_auth_auth_type*]
|
||||
# (optional) Authentication type to load for vendordata dynamic plugins.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*vendordata_dynamic_auth_auth_url*]
|
||||
# (optional) URL to use for authenticating.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*vendordata_dynamic_auth_os_region_name*]
|
||||
# (optional) Region name for the vendordata dynamic plugin credentials.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*vendordata_dynamic_auth_password*]
|
||||
# (optional) Password for the vendordata dynamic plugin credentials.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*vendordata_dynamic_auth_project_domain_name*]
|
||||
# (optional) Project domain name for the vendordata dynamic plugin
|
||||
# credentials.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*vendordata_dynamic_auth_project_name*]
|
||||
# (optional) Project name for the vendordata dynamic plugin credentials.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*vendordata_dynamic_auth_user_domain_name*]
|
||||
# (optional) User domain name for the vendordata dynamic plugin credentials.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*vendordata_dynamic_auth_username*]
|
||||
# (optional) User name for the vendordata dynamic plugin credentials.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# DEPRECATED
|
||||
#
|
||||
# [*conductor_workers*]
|
||||
@ -242,56 +275,64 @@
|
||||
# Defaults to undef
|
||||
#
|
||||
class nova::api(
|
||||
$enabled = true,
|
||||
$manage_service = true,
|
||||
$api_paste_config = 'api-paste.ini',
|
||||
$ensure_package = 'present',
|
||||
$api_bind_address = '0.0.0.0',
|
||||
$osapi_compute_listen_port = 8774,
|
||||
$metadata_listen = '0.0.0.0',
|
||||
$metadata_listen_port = 8775,
|
||||
$enabled_apis = ['osapi_compute', 'metadata'],
|
||||
$use_forwarded_for = false,
|
||||
$osapi_compute_workers = $::os_workers,
|
||||
$metadata_workers = $::os_workers,
|
||||
$sync_db = true,
|
||||
$sync_db_api = true,
|
||||
$db_online_data_migrations = false,
|
||||
$neutron_metadata_proxy_shared_secret = undef,
|
||||
$default_floating_pool = 'nova',
|
||||
$pci_alias = undef,
|
||||
$ratelimits = undef,
|
||||
$ratelimits_factory =
|
||||
$enabled = true,
|
||||
$manage_service = true,
|
||||
$api_paste_config = 'api-paste.ini',
|
||||
$ensure_package = 'present',
|
||||
$api_bind_address = '0.0.0.0',
|
||||
$osapi_compute_listen_port = 8774,
|
||||
$metadata_listen = '0.0.0.0',
|
||||
$metadata_listen_port = 8775,
|
||||
$enabled_apis = ['osapi_compute', 'metadata'],
|
||||
$use_forwarded_for = false,
|
||||
$osapi_compute_workers = $::os_workers,
|
||||
$metadata_workers = $::os_workers,
|
||||
$sync_db = true,
|
||||
$sync_db_api = true,
|
||||
$db_online_data_migrations = false,
|
||||
$neutron_metadata_proxy_shared_secret = undef,
|
||||
$default_floating_pool = 'nova',
|
||||
$pci_alias = undef,
|
||||
$ratelimits = undef,
|
||||
$ratelimits_factory =
|
||||
'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory',
|
||||
$validate = false,
|
||||
$validation_options = {},
|
||||
$instance_name_template = undef,
|
||||
$fping_path = '/usr/sbin/fping',
|
||||
$service_name = $::nova::params::api_service_name,
|
||||
$enable_proxy_headers_parsing = $::os_service_default,
|
||||
$metadata_cache_expiration = $::os_service_default,
|
||||
$vendordata_jsonfile_path = $::os_service_default,
|
||||
$vendordata_providers = $::os_service_default,
|
||||
$vendordata_dynamic_targets = $::os_service_default,
|
||||
$vendordata_dynamic_connect_timeout = $::os_service_default,
|
||||
$vendordata_dynamic_read_timeout = $::os_service_default,
|
||||
$vendordata_dynamic_failure_fatal = $::os_service_default,
|
||||
$max_limit = $::os_service_default,
|
||||
$compute_link_prefix = $::os_service_default,
|
||||
$glance_link_prefix = $::os_service_default,
|
||||
$hide_server_address_states = $::os_service_default,
|
||||
$allow_instance_snapshots = $::os_service_default,
|
||||
$enable_network_quota = $::os_service_default,
|
||||
$enable_instance_password = $::os_service_default,
|
||||
$password_length = $::os_service_default,
|
||||
$install_cinder_client = true,
|
||||
$allow_resize_to_same_host = false,
|
||||
$validate = false,
|
||||
$validation_options = {},
|
||||
$instance_name_template = undef,
|
||||
$fping_path = '/usr/sbin/fping',
|
||||
$service_name = $::nova::params::api_service_name,
|
||||
$enable_proxy_headers_parsing = $::os_service_default,
|
||||
$metadata_cache_expiration = $::os_service_default,
|
||||
$vendordata_jsonfile_path = $::os_service_default,
|
||||
$vendordata_providers = $::os_service_default,
|
||||
$vendordata_dynamic_targets = $::os_service_default,
|
||||
$vendordata_dynamic_connect_timeout = $::os_service_default,
|
||||
$vendordata_dynamic_read_timeout = $::os_service_default,
|
||||
$vendordata_dynamic_failure_fatal = $::os_service_default,
|
||||
$max_limit = $::os_service_default,
|
||||
$compute_link_prefix = $::os_service_default,
|
||||
$glance_link_prefix = $::os_service_default,
|
||||
$hide_server_address_states = $::os_service_default,
|
||||
$allow_instance_snapshots = $::os_service_default,
|
||||
$enable_network_quota = $::os_service_default,
|
||||
$enable_instance_password = $::os_service_default,
|
||||
$password_length = $::os_service_default,
|
||||
$install_cinder_client = true,
|
||||
$allow_resize_to_same_host = false,
|
||||
$vendordata_dynamic_auth_auth_type = $::os_service_default,
|
||||
$vendordata_dynamic_auth_auth_url = $::os_service_default,
|
||||
$vendordata_dynamic_auth_os_region_name = $::os_service_default,
|
||||
$vendordata_dynamic_auth_password = $::os_service_default,
|
||||
$vendordata_dynamic_auth_project_domain_name = $::os_service_default,
|
||||
$vendordata_dynamic_auth_project_name = $::os_service_default,
|
||||
$vendordata_dynamic_auth_user_domain_name = $::os_service_default,
|
||||
$vendordata_dynamic_auth_username = $::os_service_default,
|
||||
# DEPRECATED PARAMETER
|
||||
$conductor_workers = undef,
|
||||
$osapi_max_limit = undef,
|
||||
$osapi_compute_link_prefix = undef,
|
||||
$osapi_glance_link_prefix = undef,
|
||||
$osapi_hide_server_address_states = undef,
|
||||
$conductor_workers = undef,
|
||||
$osapi_max_limit = undef,
|
||||
$osapi_compute_link_prefix = undef,
|
||||
$osapi_glance_link_prefix = undef,
|
||||
$osapi_hide_server_address_states = undef,
|
||||
) inherits nova::params {
|
||||
|
||||
include ::nova::deps
|
||||
@ -406,33 +447,41 @@ as a standalone service, or httpd for being run by a httpd server")
|
||||
}
|
||||
|
||||
nova_config {
|
||||
'wsgi/api_paste_config': value => $api_paste_config;
|
||||
'DEFAULT/enabled_apis': value => join($enabled_apis_real, ',');
|
||||
'DEFAULT/osapi_compute_listen': value => $api_bind_address;
|
||||
'DEFAULT/metadata_listen': value => $metadata_listen;
|
||||
'DEFAULT/metadata_listen_port': value => $metadata_listen_port;
|
||||
'DEFAULT/osapi_compute_listen_port': value => $osapi_compute_listen_port;
|
||||
'DEFAULT/osapi_volume_listen': value => $api_bind_address;
|
||||
'DEFAULT/osapi_compute_workers': value => $osapi_compute_workers;
|
||||
'DEFAULT/metadata_workers': value => $metadata_workers;
|
||||
'DEFAULT/default_floating_pool': value => $default_floating_pool;
|
||||
'DEFAULT/enable_network_quota': value => $enable_network_quota;
|
||||
'DEFAULT/password_length': value => $password_length;
|
||||
'api/metadata_cache_expiration': value => $metadata_cache_expiration;
|
||||
'api/use_forwarded_for': value => $use_forwarded_for;
|
||||
'api/fping_path': value => $fping_path;
|
||||
'api/vendordata_jsonfile_path': value => $vendordata_jsonfile_path;
|
||||
'api/vendordata_providers': value => $vendordata_providers_real;
|
||||
'api/vendordata_dynamic_targets': value => $vendordata_dynamic_targets_real;
|
||||
'api/vendordata_dynamic_connect_timeout': value => $vendordata_dynamic_connect_timeout;
|
||||
'api/vendordata_dynamic_read_timeout': value => $vendordata_dynamic_read_timeout;
|
||||
'api/vendordata_dynamic_failure_fatal': value => $vendordata_dynamic_failure_fatal;
|
||||
'api/max_limit': value => $max_limit_real;
|
||||
'api/compute_link_prefix': value => $compute_link_prefix_real;
|
||||
'api/glance_link_prefix': value => $glance_link_prefix_real;
|
||||
'api/hide_server_address_states': value => $hide_server_address_states_real;
|
||||
'api/allow_instance_snapshots': value => $allow_instance_snapshots;
|
||||
'api/enable_instance_password': value => $enable_instance_password;
|
||||
'wsgi/api_paste_config': value => $api_paste_config;
|
||||
'DEFAULT/enabled_apis': value => join($enabled_apis_real, ',');
|
||||
'DEFAULT/osapi_compute_listen': value => $api_bind_address;
|
||||
'DEFAULT/metadata_listen': value => $metadata_listen;
|
||||
'DEFAULT/metadata_listen_port': value => $metadata_listen_port;
|
||||
'DEFAULT/osapi_compute_listen_port': value => $osapi_compute_listen_port;
|
||||
'DEFAULT/osapi_volume_listen': value => $api_bind_address;
|
||||
'DEFAULT/osapi_compute_workers': value => $osapi_compute_workers;
|
||||
'DEFAULT/metadata_workers': value => $metadata_workers;
|
||||
'DEFAULT/default_floating_pool': value => $default_floating_pool;
|
||||
'DEFAULT/enable_network_quota': value => $enable_network_quota;
|
||||
'DEFAULT/password_length': value => $password_length;
|
||||
'api/metadata_cache_expiration': value => $metadata_cache_expiration;
|
||||
'api/use_forwarded_for': value => $use_forwarded_for;
|
||||
'api/fping_path': value => $fping_path;
|
||||
'api/vendordata_jsonfile_path': value => $vendordata_jsonfile_path;
|
||||
'api/vendordata_providers': value => $vendordata_providers_real;
|
||||
'api/vendordata_dynamic_targets': value => $vendordata_dynamic_targets_real;
|
||||
'api/vendordata_dynamic_connect_timeout': value => $vendordata_dynamic_connect_timeout;
|
||||
'api/vendordata_dynamic_read_timeout': value => $vendordata_dynamic_read_timeout;
|
||||
'api/vendordata_dynamic_failure_fatal': value => $vendordata_dynamic_failure_fatal;
|
||||
'api/max_limit': value => $max_limit_real;
|
||||
'api/compute_link_prefix': value => $compute_link_prefix_real;
|
||||
'api/glance_link_prefix': value => $glance_link_prefix_real;
|
||||
'api/hide_server_address_states': value => $hide_server_address_states_real;
|
||||
'api/allow_instance_snapshots': value => $allow_instance_snapshots;
|
||||
'api/enable_instance_password': value => $enable_instance_password;
|
||||
'vendordata_dynamic_auth/auth_type': value => $vendordata_dynamic_auth_auth_type;
|
||||
'vendordata_dynamic_auth/auth_url': value => $vendordata_dynamic_auth_auth_url;
|
||||
'vendordata_dynamic_auth/os_region_name': value => $vendordata_dynamic_auth_os_region_name;
|
||||
'vendordata_dynamic_auth/password': value => $vendordata_dynamic_auth_password, secret => true;
|
||||
'vendordata_dynamic_auth/project_domain_name': value => $vendordata_dynamic_auth_project_domain_name;
|
||||
'vendordata_dynamic_auth/project_name': value => $vendordata_dynamic_auth_project_name;
|
||||
'vendordata_dynamic_auth/user_domain_name': value => $vendordata_dynamic_auth_user_domain_name;
|
||||
'vendordata_dynamic_auth/username': value => $vendordata_dynamic_auth_username;
|
||||
}
|
||||
|
||||
oslo::middleware {'nova_config':
|
||||
|
||||
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- Vendordata Dynamic plugins' authentication can be configured via the
|
||||
vendordata_dynamic_plugin_auth_* parameters for the api manifest. These
|
||||
parameters set the values in the vendordata_dynamic_auth section of the
|
||||
nova configuration.
|
||||
@ -72,6 +72,14 @@ describe 'nova::api' do
|
||||
is_expected.to contain_nova_config('api/enable_instance_password').with('value' => '<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => false)
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_type').with('value' => '<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_url').with('value' => '<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/os_region_name').with('value' => '<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/password').with('value' => '<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_domain_name').with('value' => '<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_name').with('value' => '<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/user_domain_name').with('value' => '<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/username').with('value' => '<SERVICE DEFAULT>')
|
||||
end
|
||||
|
||||
it 'unconfigures neutron_metadata proxy' do
|
||||
@ -83,36 +91,44 @@ describe 'nova::api' do
|
||||
context 'with overridden parameters' do
|
||||
before do
|
||||
params.merge!({
|
||||
:enabled => false,
|
||||
:ensure_package => '2012.1-2',
|
||||
:api_bind_address => '192.168.56.210',
|
||||
:metadata_listen => '127.0.0.1',
|
||||
:metadata_listen_port => 8875,
|
||||
:osapi_compute_listen_port => 8874,
|
||||
:use_forwarded_for => false,
|
||||
:ratelimits => '(GET, "*", .*, 100, MINUTE);(POST, "*", .*, 200, MINUTE)',
|
||||
:neutron_metadata_proxy_shared_secret => 'secrete',
|
||||
:osapi_compute_workers => 1,
|
||||
:metadata_workers => 2,
|
||||
:default_floating_pool => 'public',
|
||||
:enable_proxy_headers_parsing => true,
|
||||
:metadata_cache_expiration => 15,
|
||||
:vendordata_jsonfile_path => '/tmp',
|
||||
:vendordata_providers => ['StaticJSON', 'DynamicJSON'],
|
||||
:vendordata_dynamic_targets => ['join@http://127.0.0.1:9999/v1/'],
|
||||
:vendordata_dynamic_connect_timeout => 30,
|
||||
:vendordata_dynamic_read_timeout => 30,
|
||||
:vendordata_dynamic_failure_fatal => false,
|
||||
:osapi_max_limit => 1000,
|
||||
:osapi_compute_link_prefix => 'https://10.0.0.1:7777/',
|
||||
:osapi_glance_link_prefix => 'https://10.0.0.1:6666/',
|
||||
:osapi_hide_server_address_states => 'building',
|
||||
:allow_instance_snapshots => true,
|
||||
:enable_network_quota => false,
|
||||
:enable_instance_password => true,
|
||||
:password_length => 12,
|
||||
:pci_alias => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]",
|
||||
:allow_resize_to_same_host => true,
|
||||
:enabled => false,
|
||||
:ensure_package => '2012.1-2',
|
||||
:api_bind_address => '192.168.56.210',
|
||||
:metadata_listen => '127.0.0.1',
|
||||
:metadata_listen_port => 8875,
|
||||
:osapi_compute_listen_port => 8874,
|
||||
:use_forwarded_for => false,
|
||||
:ratelimits => '(GET, "*", .*, 100, MINUTE);(POST, "*", .*, 200, MINUTE)',
|
||||
:neutron_metadata_proxy_shared_secret => 'secrete',
|
||||
:osapi_compute_workers => 1,
|
||||
:metadata_workers => 2,
|
||||
:default_floating_pool => 'public',
|
||||
:enable_proxy_headers_parsing => true,
|
||||
:metadata_cache_expiration => 15,
|
||||
:vendordata_jsonfile_path => '/tmp',
|
||||
:vendordata_providers => ['StaticJSON', 'DynamicJSON'],
|
||||
:vendordata_dynamic_targets => ['join@http://127.0.0.1:9999/v1/'],
|
||||
:vendordata_dynamic_connect_timeout => 30,
|
||||
:vendordata_dynamic_read_timeout => 30,
|
||||
:vendordata_dynamic_failure_fatal => false,
|
||||
:osapi_max_limit => 1000,
|
||||
:osapi_compute_link_prefix => 'https://10.0.0.1:7777/',
|
||||
:osapi_glance_link_prefix => 'https://10.0.0.1:6666/',
|
||||
:osapi_hide_server_address_states => 'building',
|
||||
:allow_instance_snapshots => true,
|
||||
:enable_network_quota => false,
|
||||
:enable_instance_password => true,
|
||||
:password_length => 12,
|
||||
:pci_alias => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]",
|
||||
:allow_resize_to_same_host => true,
|
||||
:vendordata_dynamic_auth_auth_type => 'password',
|
||||
:vendordata_dynamic_auth_auth_url => 'http://127.0.0.1:5000',
|
||||
:vendordata_dynamic_auth_os_region_name => 'RegionOne',
|
||||
:vendordata_dynamic_auth_password => 'secrete',
|
||||
:vendordata_dynamic_auth_project_domain_name => 'Default',
|
||||
:vendordata_dynamic_auth_project_name => 'project',
|
||||
:vendordata_dynamic_auth_user_domain_name => 'Default',
|
||||
:vendordata_dynamic_auth_username => 'user',
|
||||
})
|
||||
end
|
||||
|
||||
@ -160,6 +176,14 @@ describe 'nova::api' do
|
||||
is_expected.to contain_nova_config('api/enable_instance_password').with('value' => true)
|
||||
is_expected.to contain_nova_config('DEFAULT/password_length').with('value' => '12')
|
||||
is_expected.to contain_nova_config('DEFAULT/allow_resize_to_same_host').with('value' => true)
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_type').with('value' => 'password')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/auth_url').with('value' => 'http://127.0.0.1:5000')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/os_region_name').with('value' => 'RegionOne')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/password').with('value' => 'secrete').with_secret(true)
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_domain_name').with('value' => 'Default')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/project_name').with('value' => 'project')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/user_domain_name').with('value' => 'Default')
|
||||
is_expected.to contain_nova_config('vendordata_dynamic_auth/username').with('value' => 'user')
|
||||
end
|
||||
|
||||
it 'configures nova pci_alias entries' do
|
||||
|
||||
Loading…
Reference in New Issue
Block a user