Similar to what is done with os_service_default, but here we have the
possibility to tell puppet to not change the existing value, whatever
this is.
The associated fact for syntactic sugar in the module is
`::os_immutable`.
Partial-Bug: #1763322
Change-Id: Iaea44309db9b1b075425fa15890ba592d8bc9b7e
If a user has additional code in their openrc file that isn't just bash
variables, the auth provider might fail while parsing it. This change
updates the logic to only try and parse lines with OS_ in it to make
sure that extra things like bash code are ignored.
Change-Id: Id6f5406dcf15642bc0d70caeac30224114bb0669
Closes-Bug: #1699950
Currently we only allow to use strings
as the data type for ports.
Due to this we need to cast the data type
in the puppet modules because from THT
this is configured as a Number.
This submission allow to use either string
or numbers for the port parameter in the
os_transport_url function.
Change-Id: I9e56f8e2de542b20fe9e6995506cff5bb435e220
Closes-Bug: #1664561
The ssl paramter of the os_transport_url should be 0/1 but we do not
ensure that this is the value being used in the creation of the
transport_url. This change leverages the stdlib str2bool and bool2num to
ensure that when provided the ssl paramter ends up being 0/1 which is
the correct format for the transport url. Additionally this also allows
for string booleans to be passed into the ssl parameter and it should
still work correctly.
Change-Id: I278559ba98ba48974ae590dc1e0bb99b6ab961d7
If an array with a single host is passed into the hosts param, the
function was erroring because the host was getting converted to a string
when it was checking for bracketing for ipv6. This change checks the
type and fixes the case where a single host is being passed so it
continues to function.
Change-Id: I91b9959a6f71b4e6885e55a568116cc28cf16ddd
Closes-Bug: #1650042
This change adds a os_transport_url function that can be used to
generate correct URIs for the transport_url setting used by
oslo.messaging.
Change-Id: If83c0f0e61a08061334536399a42767a305966b7
I want to be able to use the internal API endpoints from Puppet. This is done
by setting $OS_INTERFACE to internal for use with the openstack CLI. This
change will do this by also reading OS_INTERFACE from the environment or
/root/openrc.
Change-Id: Id826836ccfe8f61780a6201ef2851068d75391ab
This fixes the credentials classes to properly accept region as a
property to manage. This allows OS_REGION_NAME to be set properly if
the child class passes it in.
Change-Id: I3345dac8bebd68f93290c1d45aa9a4d80bf3fb34
Partial-Bug: #1517220
Allow to give an array of IP addresses to normalize_ip_for_url function.
Each IP in the list will be normalized like it would be for a string.
Change-Id: I8d361ce9cfcfe6a3f8592b2b7991971a3c748c75
Co-Authored-By: Athlan-Guyot sofer <sathlang@redhat.com>
openstack_config contains a method 'self.instances' that is required for
purging unmanaged resources that references a static namevar method that
is not defined in openstack_config and may not be provided by base
classes. The 'namevar' method doesn't require any information from the
derived class so a default implementation in the base provider type
suffices.
Closes-Bug: #1612009
Change-Id: If27152863b9df5a28bf45e23ca989019666a958c
For instance this would enable this:
neutron_l3_agent_config {
'DEFAULT/router_id': value => $router_name, transform_to => 'uuid';
}
The neutron_l3_agent_config would only have to implement this:
def to_uuid(name)
# code to get the uuid
end
def from_uuid(uuid)
# code to return the name
end
Change-Id: I3b7c17590b27cd3a22c5458342d049969ade2281
Co-Authored-By: Drew Fisher <drew.fisher@oracle.com>
We recently patched the openstackclient code to increase the number
of retries when running commands[1], but I think what we really wanted
was to increase the amount of time to wait on each retry.
The original approach did help somewhat, but it is doing so by just
racing more times. Instead, it would be better to win the race more
often.
This is mostly a CI or developer environment issue where we are
deploying with the minimal amount of computing resources to get
a functioning cloud.
[1] https://git.openstack.org/cgit/openstack/puppet-openstacklib/commit/?id=489099632446b1903986549e5feb80b509f9b77d
Change-Id: I0707165a9e8054c1b3e0ad299604356cecc9f99f
This is useful when the user (a puppet provider) is expecting a error.
With this it doesn't have to wait for the long retry cycle to have its
error back. This replace the awkward mechanism in
self.request_without_retry which was dynamically mangling
request_timeout and disabled even legit retry.
Examples of such function are self.fetch_user, self.fetch_project in the
keystone provider.
Change-Id: I589da0100ad3ccf3abf17ac8b26c827793ace484
Related-Bug: 1597357
Use provider for managing policy-rc.d file to be sure that
services stopped right after package installed.
Also added tests.
Change-Id: Ic54b9707b6ef36032d71fe9dc04a7e310293f127
This change updates the require statements in the providers
to resolve the issues with the autoloader in puppet. This
issue technically always existed but was masked prior to the
split with puppet server and puppet agent because both used to
share the same loadpath. Documentation on this issue can be
read at https://tickets.puppetlabs.com/browse/PUP-4450.
Change-Id: I72a27fe92a41a5eb845adba6b82252b8aac1c164
It may be useful to be able to execute a command without a retry.
A good use case is provider in [1], where the keystone_user resource try
to get an user by fetching it. It is expected to fail when the user is
absent. With the current implementation, it will takes 60 seconds for
the provider to give up on the user.
[1] https://review.openstack.org/299301
Closes-Bug: #1563898
Change-Id: I5b334e3ffd26df4ba8584d77a5e41b56e73536c8
Give non-retry calls the full timeout seconds to finish and also
don't log that you're going to retry them when you are not.
Change-Id: I51cbe3905b55f035718245b45bfc34536b8ce602
This add the function normalize_ip_for_uri to the parser. It encloses
into brackets any valid IPv6 address thrown at it.
Change-Id: I093dd5a4e6294e20761cb3d33373652eeadeac36
Closes-bug: 1531960
- fixed idempotency issues with single string values
- fixed deletion of multiple values
This patch is required for I95cf32c3211bc4498eaa68e6e748a27dfd9af0fa to pass
acceptance tests
Change-Id: I619de3038cd2690bebe47cd601c085692506ac3d
When :array_matching => :all is used for value, the values comes
in form of array even when they are passed as single string and
so <SERVICE DEFAULT> mechanism does not currently work without hack
on each inherited resource.
This is required for I95cf32c3211bc4498eaa68e6e748a27dfd9af0fa to pass
acceptance tests.
Change-Id: Ibbc8a376496b8120d7c1d87f7a9005024ae14984
Add support for providing additional parameters to be used when
constructing the database uri. This change adds an 'extra' parameter
which is a hash that will be joined together when constructing the
database uri. It should be noted that the charset option, which can be
provided as a standalone option, will override charset when passed in
the 'extra' parameter. This is to maintain backwards compatibility.
Usage Example:
os_database_connection({
...
extra => { 'charset' => 'utf-8', 'read_timeout' => 60 }
})
Change-Id: I7ef078b76ac6cd7bea42a0ac92b383cefd47167a
Co-Authored-By: Alex Schultz <aschultz@mirantis.com>
Sometimes openstackclient can hang if Keystone
API fails to respond to requests.
This patch adds retries to work around these
situations.
* Retry and timeouts for openstack command
-'command_timeout=20':
after this timeout openstack command is retried
untill the request_timeout.
(The value of command_timeout parameter was updated
from 10 to 20 as it was observed that "10" value is
not enough when sytem was overloaded.)
-'request_timeout=60':
timeout of the entire request.
-'retry_sleep=3':
interval between command retries
* Does not retry non-idempotent actions.
* Improve specs
Change-Id: Ifd8ae1b00321366e3a54fd6fe4a68db46bb743c7
This change creates a parser function that can be used to check if a
value is set to the '<SERVICE DEFAULT>' string. The is_service_default
function will return true if the parameter passed in is '<SERVICE
DEFAULT>' otherwise it returns false.
Checks like:
if ($our_param == '<SERVICE DEFAULT>') { ... }
Should be replaced with:
if is_service_default($our_param) { ... }
This change will also be useful if we ever refactor the default value
string or have different values as this function could be updated to
support multiple values without having to adjust the calling code.
Change-Id: I07b8b9b54ed1e88891f74da9b930e4f39876a607
This commit aims to add a new feature for the ini_setting provider, this
feature aims to simulate the ensure => absent behavior when a specific
keyword is specified.
Currently a pattern we have is
if $myvar {
keystone_config { 'SECTION/setting' : value => $myvar }
} else {
keystone_config { 'SECTION/setting' : ensure => absent }
}
If one has dozens or hundreds of parameters to handle then it can easily
make the manifest hard to read.
The solution offer here would turn the above example in something like
Keystone_config {
ensure_absent_val = '<SERVICE DEFAULT>' # It is the default
}
keystone_config { 'SECTION/setting' : value => $myvar }
If `$myvar` is '<SERVICE DEFAULT>' then it will act as if `ensure => absent` would
have been specified.
Also added new tests for openstack_config provider
Co-Authored-By: Denis Egorenko <degorenko@mirantis.com>
Change-Id: I0eeebde3aac2662cc7e69bfad7f8d2481463a218
Create a proxy inifile provider that will sit between the openstack
configuration providers (ie. keystone_config) and the actual ini_setting
provider.
Adding such a component will give us more flexibility on the ini_setting
provider. With that in place we could :
* Test new feature with the provider - merge them upstream when validated
* Bypass upstream limit if our queries are not valid for upstream.
By inheriting the provider we don't fork and hence should remain
compatible with the next releases of puppetlabs-inifile
Change-Id: I061371d8cf2faf928019161e635e1b4252a6b433
* Unset was broken, not resetting the variables
* Also added a rspec example
It worked but wasn't clean as if an authentication method failed some fields
could have been left un-blanked, creating bad side effects.
In addition:
* Added tests for #set with both valid and invalid values
* Added negative tests for #service_token_set? and user_password_set?
* Added test for #version
* Fixed #unset test
* Fixed #to_env test
* In several tests, added an OS_NOT_VALID parameter to make sure the
credentials code correctly ignores it
* Added tests to make sure the fallback in Auth.request works properly
* Added additional tests to make sure the @credentials object is set
correctly
* Fixed some formatting/alignment issues
Change-Id: I64cb492dc244b975827d2d0d86b4b97d7129088f
This adds the class Puppet::Provider::Openstack::CredentialsV3
that implements support for Keystone v3 authentication and all
of the new id and domain authentication parameters.
Implements: blueprint api-v3-support
Change-Id: Icafc4cb8ed000fd9d3ed6ffde2afe1a1250d90af
Workflow to find credentials details from:
1. The environment variables (ENV['OS_*'])
2. If not enough, credentials available from the environment RC file
to be used. Default RC file must be in current user homedir: ~/openrc
- Adds module Puppet::Provider::Openstack::Auth providing class methods for
providers instead of relying on superclass inheritance.
As discussed [1], this purposefully removes the possibility to pass authenti-
cation details as parameters to Puppet resources instances.
- Wraps credentials information with object:
Puppet::Provider::Openstack::Credentials
- The credentials information is used in a withenv block
Review for puppet-keystone needs to be merged at same time:
https://review.openstack.org/#/c/181299/
[1] http://lists.openstack.org/pipermail/openstack-dev/2015-May/063352.html
Change-Id: If628f4ad95f3aac3392475d4ea6857fb858f8755
Implements: blueprint auth-restructure
The default domain (id 'default', name 'Default') is where the V2
tenants/users are defined. So V3, which is now the default API's version
can and should be used. Beeing able to use V3 domains needs to be
supported by specifying the domain name for a project/user.
This patch :
- Adds project and user domain names
- Renames tenant (v2) as project (v3)
- Renames os-auth-url to os-url, when using an authicated token against a
service url, to distinct them from each other, as in OSC
(opentackclient)
- Updates newparam(:auth) accordingly to describe v2/v3 credential
examples
Note: Keystone API v2 is deprecated [1]
[1] http://docs.openstack.org/developer/keystone/http-api.html#should-i-use-v2-0-or-v3
Change-Id: I72f79129a6875eb433eeb8a62f928e7210db134a
When parsing the response from the OpenStack client values (like
keystone tenant descriptions) can have embedded newline. To avoid this
issue, we drop lines that don't start with a double quoted value until
the first one we find.
Change-Id: Ie952161b503d2c46637e6a6e1c83b2dfce1c03a7
This patch abandons the use of the Aviator library for interacting with
the openstack APIs in favor of the universal openstack client[1]. This
work has already been implemented in the keystone module. This patch
moves that work into openstacklib in order to make it available for the
other modules.
[1] https://wiki.openstack.org/wiki/OpenStackClient
Change-Id: I68705c28955a54e26d98f1de718016691c64e4b1
This patch adds a dependency on the aimonb/aviator module and adds
functionality to support interactions with the OpenStack services' API
via aviator.
The patch adds a parent provider that is intended for other providers
to inherit from. The parent provider has methods to authenticate to
openstack services, create session objects, and make requests. The
authenticate method can accept credentials as an argument hash or infer
credentials from the environment.
It also adds a stub type parameter that allows types to incorporate
basic parameters they need in order to support using aviator.
Change-Id: I56b0d07ae8f4738037eda486b75a0f6e24fe80e7
Implements: blueprint use-aviator-in-module-resources
The os_database_connection function is an helper used to build
database connection URI from various parameters.
Example:
os_database_connection({
dialect => 'mysql',
host => '127.0.0.1',
port => '3306',
username => 'guest',
password => 's3cr3t',
database => 'test',
charset => 'utf-8'
})
Result:
mysql://guest:s3cr3t@127.0.0.1:3306/test?charset=utf-8
Change-Id: Id0bde33891112e36f13d3f8fdf0ff89820c09c01
