From 32c233347c5d54274466be644ee98be1cab42678 Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Mon, 30 Apr 2012 09:42:28 -0700 Subject: [PATCH 1/2] Refactor endpoint code This commit refactors the nova::keystone::auth code. - makes the configuration of public,internal, and admin address separate. makes region configurable. --- manifests/keystone/auth.pp | 47 +++--- spec/classes/nova_keystone_endpoint_spec.rb | 152 ++++++++++++++++++++ 2 files changed, 176 insertions(+), 23 deletions(-) create mode 100644 spec/classes/nova_keystone_endpoint_spec.rb diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp index a9838b48e..77a0958fb 100644 --- a/manifests/keystone/auth.pp +++ b/manifests/keystone/auth.pp @@ -1,12 +1,14 @@ class nova::keystone::auth( - $auth_name = 'nova', - $password = 'nova_password', - $service = 'compute', - $address = '127.0.0.1', - $compute_port = '8774', - $volume_port = '8776', - $ec2_port = '8773', - $version = 'v1.1' + $auth_name = 'nova', + $password = 'nova_password', + $public_address = '127.0.0.1', + $admin_address = '127.0.0.1', + $internal_address = '127.0.0.1', + $compute_port = '8774', + $volume_port = '8776', + $ec2_port = '8773', + $version = 'v1.1', + $region = 'RegionOne' ) { keystone_user { $auth_name: @@ -16,19 +18,18 @@ class nova::keystone::auth( keystone_user_role { "${auth_name}@services": ensure => present, roles => 'admin', - require => Keystone_user[$auth_name] } keystone_service { $auth_name: - ensure => present, + ensure => present, type => 'compute', description => "Openstack Compute Service", } keystone_endpoint { $auth_name: ensure => present, - region => 'RegionOne', - public_url => "http://${address}:${compute_port}/${version}/%(tenant_id)s", - admin_url => "http://${address}:${compute_port}/${version}/%(tenant_id)s", - internal_url => "http://${address}:${compute_port}/${version}/%(tenant_id)s", + region => $region, + public_url => "http://${public_address}:${compute_port}/${version}/%(tenant_id)s", + admin_url => "http://${admin_address}:${compute_port}/${version}/%(tenant_id)s", + internal_url => "http://${internal_address}:${compute_port}/${version}/%(tenant_id)s", } keystone_service { "${auth_name}_volume": @@ -38,23 +39,23 @@ class nova::keystone::auth( } keystone_endpoint { "${auth_name}_volume": ensure => present, - region => 'RegionOne', - public_url => "http://${address}:${volume_port}/${version}/%(tenant_id)s", - admin_url => "http://${address}:${volume_port}/${version}/%(tenant_id)s", - internal_url => "http://${address}:${volume_port}/${version}/%(tenant_id)s", + region => $region, + public_url => "http://${public_address}:${volume_port}/${version}/%(tenant_id)s", + admin_url => "http://${admin_address}:${volume_port}/${version}/%(tenant_id)s", + internal_url => "http://${internal_address}:${volume_port}/${version}/%(tenant_id)s", } keystone_service { "${auth_name}_ec2": ensure => present, type => 'ec2', - description => 'EC2 service', + description => 'EC2 Service', } keystone_endpoint { "${auth_name}_ec2": ensure => present, - region => 'RegionOne', - public_url => "http://${address}:${ec2_port}/services/Cloud", - admin_url => "http://${address}:${ec2_port}/services/Admin", - internal_url => "http://${address}:${ec2_port}/services/Cloud", + region => $region, + public_url => "http://${public_address}:${ec2_port}/services/Cloud", + admin_url => "http://${admin_address}:${ec2_port}/services/Admin", + internal_url => "http://${internal_address}:${ec2_port}/services/Cloud", } } diff --git a/spec/classes/nova_keystone_endpoint_spec.rb b/spec/classes/nova_keystone_endpoint_spec.rb new file mode 100644 index 000000000..2ee2fabd7 --- /dev/null +++ b/spec/classes/nova_keystone_endpoint_spec.rb @@ -0,0 +1,152 @@ +require 'spec_helper' + +describe 'nova::keystone::auth' do + + describe 'with defaults' do + + it { should contain_keystone_user('nova').with( + :ensure => 'present', + :password => 'nova_password' + ) } + + it { should contain_keystone_user_role('nova@services').with( + :ensure => 'present', + :roles => 'admin' + )} + + it { should contain_keystone_service('nova').with( + :ensure => 'present', + :type => 'compute', + :description => 'Openstack Compute Service' + )} + + it { should contain_keystone_service('nova_volume').with( + :ensure => 'present', + :type => 'volume', + :description => 'Volume Service' + )} + + it { should contain_keystone_service('nova_ec2').with( + :ensure => 'present', + :type => 'ec2', + :description => 'EC2 Service' + )} + + it { should contain_keystone_endpoint('nova').with( + :ensure => 'present', + :region => 'RegionOne', + :public_url => 'http://127.0.0.1:8774/v1.1/%(tenant_id)s', + :admin_url => 'http://127.0.0.1:8774/v1.1/%(tenant_id)s', + :internal_url => 'http://127.0.0.1:8774/v1.1/%(tenant_id)s' + )} + + it { should contain_keystone_endpoint('nova_volume').with( + :ensure => 'present', + :region => 'RegionOne', + :public_url => 'http://127.0.0.1:8776/v1.1/%(tenant_id)s', + :admin_url => 'http://127.0.0.1:8776/v1.1/%(tenant_id)s', + :internal_url => 'http://127.0.0.1:8776/v1.1/%(tenant_id)s' + )} + + it { should contain_keystone_endpoint('nova_ec2').with( + :ensure => 'present', + :region => 'RegionOne', + :public_url => 'http://127.0.0.1:8773/services/Cloud', + :admin_url => 'http://127.0.0.1:8773/services/Admin', + :internal_url => 'http://127.0.0.1:8773/services/Cloud' + )} + + end + + describe 'when setting auth name' do + + let :params do + {:auth_name => 'foo' } + end + + it { should contain_keystone_user('foo').with( + :ensure => 'present', + :password => 'nova_password' + ) } + + it { should contain_keystone_user_role('foo@services').with( + :ensure => 'present', + :roles => 'admin' + )} + + it { should contain_keystone_service('foo').with( + :ensure => 'present', + :type => 'compute', + :description => 'Openstack Compute Service' + )} + + it { should contain_keystone_service('foo_volume').with( + :ensure => 'present', + :type => 'volume', + :description => 'Volume Service' + )} + + it { should contain_keystone_service('foo_ec2').with( + :ensure => 'present', + :type => 'ec2', + :description => 'EC2 Service' + )} + + end + + describe 'when setting password' do + + let :params do + { :password => 'pass'} + end + + it { should contain_keystone_user('nova').with( + :ensure => 'present', + :password => 'pass' + ) } + + end + + + describe 'when overriding endpoint params' do + + let :params do + { + :public_address => '10.0.0.1', + :admin_address => '10.0.0.2', + :internal_address => '10.0.0.3', + :compute_port => '9774', + :volume_port => '9776', + :ec2_port => '9773', + :version => 'v2.1', + :region => 'RegionTwo' + } + end + + it { should contain_keystone_endpoint('nova').with( + :ensure => 'present', + :region => 'RegionTwo', + :public_url => 'http://10.0.0.1:9774/v2.1/%(tenant_id)s', + :admin_url => 'http://10.0.0.2:9774/v2.1/%(tenant_id)s', + :internal_url => 'http://10.0.0.3:9774/v2.1/%(tenant_id)s' + )} + + it { should contain_keystone_endpoint('nova_volume').with( + :ensure => 'present', + :region => 'RegionTwo', + :public_url => 'http://10.0.0.1:9776/v2.1/%(tenant_id)s', + :admin_url => 'http://10.0.0.2:9776/v2.1/%(tenant_id)s', + :internal_url => 'http://10.0.0.3:9776/v2.1/%(tenant_id)s' + )} + + it { should contain_keystone_endpoint('nova_ec2').with( + :ensure => 'present', + :region => 'RegionTwo', + :public_url => 'http://10.0.0.1:9773/services/Cloud', + :admin_url => 'http://10.0.0.2:9773/services/Admin', + :internal_url => 'http://10.0.0.3:9773/services/Cloud' + )} + + end + +end From cb2f51a85512005d56d4c13c884c249ee73d226c Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Mon, 30 Apr 2012 09:46:52 -0700 Subject: [PATCH 2/2] Move auth_strategy to nova class This commit moves the auth_strategy config from the api class to the nova class. This is required b/c the compute node has to know how to authorize for connections to the glance api server. Previously, the nova compute nodes were failing to be able to communicate with glance on multi-node installations. --- manifests/api.pp | 11 +---------- manifests/init.pp | 12 ++++++++++++ spec/classes/nova_api_spec.rb | 2 -- spec/classes/nova_init_spec.rb | 5 ++++- 4 files changed, 17 insertions(+), 13 deletions(-) diff --git a/manifests/api.pp b/manifests/api.pp index 15cbcb135..276bf3c41 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -32,16 +32,7 @@ class nova::api( service_name => $::nova::params::api_service_name, } - nova_config { - 'api_paste_config': value => '/etc/nova/api-paste.ini'; - 'auth_strategy': value => $auth_strategy; - } - - if $auth_strategy == 'keystone' { - nova_config { 'use_deprecated_auth': value => false } - } else { - nova_config { 'use_deprecated_auth': value => true } - } + nova_config { 'api_paste_config': value => '/etc/nova/api-paste.ini'; } file { '/etc/nova/api-paste.ini': content => template('nova/api-paste.ini.erb'), diff --git a/manifests/init.pp b/manifests/init.pp index 1849df3c0..cd976bb68 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -13,6 +13,7 @@ class nova( $rabbit_port='5672', $rabbit_userid='guest', $rabbit_virtual_host='/', + $auth_strategy = 'keystone', $network_manager = 'nova.network.manager.FlatManager', $multi_host_networking = false, $flat_network_bridge = 'br100', @@ -130,6 +131,17 @@ class nova( } } + nova_config { + 'auth_strategy': value => $auth_strategy; + } + + if $auth_strategy == 'keystone' { + nova_config { 'use_deprecated_auth': value => false } + } else { + nova_config { 'use_deprecated_auth': value => true } + } + + # I may want to support exporting and collecting these nova_config { 'rabbit_password': value => $rabbit_password; diff --git a/spec/classes/nova_api_spec.rb b/spec/classes/nova_api_spec.rb index 061955d47..f18e6a500 100644 --- a/spec/classes/nova_api_spec.rb +++ b/spec/classes/nova_api_spec.rb @@ -36,7 +36,6 @@ describe 'nova::api' do )} end describe 'with defaults' do - it { should contain_nova_config('use_deprecated_auth').with_value('false') } it 'should use default params for api-paste.init' do verify_contents(subject, '/etc/nova/api-paste.ini', [ @@ -65,7 +64,6 @@ describe 'nova::api' do :admin_password => 'passw0rd2' } end - it { should contain_nova_config('use_deprecated_auth').with_value('true') } it 'should use default params for api-paste.init' do verify_contents(subject, '/etc/nova/api-paste.ini', [ diff --git a/spec/classes/nova_init_spec.rb b/spec/classes/nova_init_spec.rb index 9e868b94e..9b49f0fde 100644 --- a/spec/classes/nova_init_spec.rb +++ b/spec/classes/nova_init_spec.rb @@ -77,6 +77,7 @@ describe 'nova' do it { should contain_nova_config('flat_network_bridge').with_value('br100') } it { should contain_nova_config('root_helper').with_value('sudo nova-rootwrap') } + it { should contain_nova_config('use_deprecated_auth').with_value('false') } describe 'with parameters supplied' do @@ -95,10 +96,12 @@ describe 'nova' do 'lock_path' => '/var/locky/path', 'state_path' => '/var/lib/nova2', 'service_down_time' => '120', - 'network_manager' => 'nova.network.manager.FlatDHCPManager' + 'network_manager' => 'nova.network.manager.FlatDHCPManager', + 'auth_strategy' => 'foo' } end + it { should contain_nova_config('use_deprecated_auth').with_value('true') } it { should contain_nova_config('sql_connection').with_value('mysql://user:pass@db/db') } it { should contain_nova_config('verbose').with_value(true) }