Similar to what is done with os_service_default, but here we have the
possibility to tell puppet to not change the existing value, whatever
this is.
The associated fact for syntactic sugar in the module is
`::os_immutable`.
Partial-Bug: #1763322
Change-Id: Iaea44309db9b1b075425fa15890ba592d8bc9b7e
Re-using the classic os_workers fact but changing the minimum from 2 to
4, specific to the fact Heat Engine can be stressed out.
Also cap to 24 workers at maximum.
Change-Id: I31d02bea6dd55d65a7014503398adc4422ce7303
Facter.clear clears all cached values and removes all facts from memory
where Facter.flush just clears the cached values. This should reduce the
time it takes to actually run the unit tests as it all the other facts
we're touching won't be removed from memory.
Also we only need to do it before the tests, not before and after.
Change-Id: I9a24dc9f74cb3b59508b12e63a078068c26c1442
If a user has additional code in their openrc file that isn't just bash
variables, the auth provider might fail while parsing it. This change
updates the logic to only try and parse lines with OS_ in it to make
sure that extra things like bash code are ignored.
Change-Id: Id6f5406dcf15642bc0d70caeac30224114bb0669
Closes-Bug: #1699950
This fixes the credentials classes to properly accept region as a
property to manage. This allows OS_REGION_NAME to be set properly if
the child class passes it in.
Change-Id: I3345dac8bebd68f93290c1d45aa9a4d80bf3fb34
Partial-Bug: #1517220
For instance this would enable this:
neutron_l3_agent_config {
'DEFAULT/router_id': value => $router_name, transform_to => 'uuid';
}
The neutron_l3_agent_config would only have to implement this:
def to_uuid(name)
# code to get the uuid
end
def from_uuid(uuid)
# code to return the name
end
Change-Id: I3b7c17590b27cd3a22c5458342d049969ade2281
Co-Authored-By: Drew Fisher <drew.fisher@oracle.com>
We recently patched the openstackclient code to increase the number
of retries when running commands[1], but I think what we really wanted
was to increase the amount of time to wait on each retry.
The original approach did help somewhat, but it is doing so by just
racing more times. Instead, it would be better to win the race more
often.
This is mostly a CI or developer environment issue where we are
deploying with the minimal amount of computing resources to get
a functioning cloud.
[1] https://git.openstack.org/cgit/openstack/puppet-openstacklib/commit/?id=489099632446b1903986549e5feb80b509f9b77d
Change-Id: I0707165a9e8054c1b3e0ad299604356cecc9f99f
Change Ic54b9707b6ef36032d71fe9dc04a7e310293f127 missed release note,
so this patch adds it.
Alos improve unit test for policy-rcd provider.
Change-Id: Ie6d4dd1e5406acd097969a9ff7fccd5dfa7f8632
Use provider for managing policy-rc.d file to be sure that
services stopped right after package installed.
Also added tests.
Change-Id: Ic54b9707b6ef36032d71fe9dc04a7e310293f127
Sometimes openstackclient can hang if Keystone
API fails to respond to requests.
This patch adds retries to work around these
situations.
* Retry and timeouts for openstack command
-'command_timeout=20':
after this timeout openstack command is retried
untill the request_timeout.
(The value of command_timeout parameter was updated
from 10 to 20 as it was observed that "10" value is
not enough when sytem was overloaded.)
-'request_timeout=60':
timeout of the entire request.
-'retry_sleep=3':
interval between command retries
* Does not retry non-idempotent actions.
* Improve specs
Change-Id: Ifd8ae1b00321366e3a54fd6fe4a68db46bb743c7
This commit aims to add a new feature for the ini_setting provider, this
feature aims to simulate the ensure => absent behavior when a specific
keyword is specified.
Currently a pattern we have is
if $myvar {
keystone_config { 'SECTION/setting' : value => $myvar }
} else {
keystone_config { 'SECTION/setting' : ensure => absent }
}
If one has dozens or hundreds of parameters to handle then it can easily
make the manifest hard to read.
The solution offer here would turn the above example in something like
Keystone_config {
ensure_absent_val = '<SERVICE DEFAULT>' # It is the default
}
keystone_config { 'SECTION/setting' : value => $myvar }
If `$myvar` is '<SERVICE DEFAULT>' then it will act as if `ensure => absent` would
have been specified.
Also added new tests for openstack_config provider
Co-Authored-By: Denis Egorenko <degorenko@mirantis.com>
Change-Id: I0eeebde3aac2662cc7e69bfad7f8d2481463a218
* Unset was broken, not resetting the variables
* Also added a rspec example
It worked but wasn't clean as if an authentication method failed some fields
could have been left un-blanked, creating bad side effects.
In addition:
* Added tests for #set with both valid and invalid values
* Added negative tests for #service_token_set? and user_password_set?
* Added test for #version
* Fixed #unset test
* Fixed #to_env test
* In several tests, added an OS_NOT_VALID parameter to make sure the
credentials code correctly ignores it
* Added tests to make sure the fallback in Auth.request works properly
* Added additional tests to make sure the @credentials object is set
correctly
* Fixed some formatting/alignment issues
Change-Id: I64cb492dc244b975827d2d0d86b4b97d7129088f
This adds the class Puppet::Provider::Openstack::CredentialsV3
that implements support for Keystone v3 authentication and all
of the new id and domain authentication parameters.
Implements: blueprint api-v3-support
Change-Id: Icafc4cb8ed000fd9d3ed6ffde2afe1a1250d90af
Workflow to find credentials details from:
1. The environment variables (ENV['OS_*'])
2. If not enough, credentials available from the environment RC file
to be used. Default RC file must be in current user homedir: ~/openrc
- Adds module Puppet::Provider::Openstack::Auth providing class methods for
providers instead of relying on superclass inheritance.
As discussed [1], this purposefully removes the possibility to pass authenti-
cation details as parameters to Puppet resources instances.
- Wraps credentials information with object:
Puppet::Provider::Openstack::Credentials
- The credentials information is used in a withenv block
Review for puppet-keystone needs to be merged at same time:
https://review.openstack.org/#/c/181299/
[1] http://lists.openstack.org/pipermail/openstack-dev/2015-May/063352.html
Change-Id: If628f4ad95f3aac3392475d4ea6857fb858f8755
Implements: blueprint auth-restructure
The default domain (id 'default', name 'Default') is where the V2
tenants/users are defined. So V3, which is now the default API's version
can and should be used. Beeing able to use V3 domains needs to be
supported by specifying the domain name for a project/user.
This patch :
- Adds project and user domain names
- Renames tenant (v2) as project (v3)
- Renames os-auth-url to os-url, when using an authicated token against a
service url, to distinct them from each other, as in OSC
(opentackclient)
- Updates newparam(:auth) accordingly to describe v2/v3 credential
examples
Note: Keystone API v2 is deprecated [1]
[1] http://docs.openstack.org/developer/keystone/http-api.html#should-i-use-v2-0-or-v3
Change-Id: I72f79129a6875eb433eeb8a62f928e7210db134a
When parsing the response from the OpenStack client values (like
keystone tenant descriptions) can have embedded newline. To avoid this
issue, we drop lines that don't start with a double quoted value until
the first one we find.
Change-Id: Ie952161b503d2c46637e6a6e1c83b2dfce1c03a7
This patch abandons the use of the Aviator library for interacting with
the openstack APIs in favor of the universal openstack client[1]. This
work has already been implemented in the keystone module. This patch
moves that work into openstacklib in order to make it available for the
other modules.
[1] https://wiki.openstack.org/wiki/OpenStackClient
Change-Id: I68705c28955a54e26d98f1de718016691c64e4b1
This patch adds a dependency on the aimonb/aviator module and adds
functionality to support interactions with the OpenStack services' API
via aviator.
The patch adds a parent provider that is intended for other providers
to inherit from. The parent provider has methods to authenticate to
openstack services, create session objects, and make requests. The
authenticate method can accept credentials as an argument hash or infer
credentials from the environment.
It also adds a stub type parameter that allows types to incorporate
basic parameters they need in order to support using aviator.
Change-Id: I56b0d07ae8f4738037eda486b75a0f6e24fe80e7
Implements: blueprint use-aviator-in-module-resources
