Use memcached for token caching in ironic authtoken

Use memcached to cache token in ironic authtoken, as in-process
cache, which we currently use, was already deprecated[1].
Also, add unit tests for ironic related manifests.

[1] Ied2b88c8cefe5655a88d0c2f334de04e588fa75a

Change-Id: I0f0ce58682789c8fd8b8625aaebfe4b75aea6105
This commit is contained in:
Takashi Kajinami 2019-09-08 22:05:05 +09:00
parent 2189f6da4b
commit 048b6cfb22
10 changed files with 568 additions and 0 deletions

View File

@ -55,6 +55,7 @@ class tripleo::profile::base::ironic::api (
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
) { ) {
include ::tripleo::profile::base::ironic include ::tripleo::profile::base::ironic
include ::tripleo::profile::base::ironic::authtoken
if $::hostname == downcase($bootstrap_node) { if $::hostname == downcase($bootstrap_node) {
$is_bootstrap = true $is_bootstrap = true

View File

@ -0,0 +1,44 @@
# Copyright 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::ironic::authtoken
#
# Ironic authtoken profile for TripleO
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
# [*memcached_ips*]
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
# Defaults to hiera('memcached_node_ips')
#
class tripleo::profile::base::ironic::authtoken (
$step = Integer(hiera('step')),
$memcached_ips = hiera('memcached_node_ips'),
) {
if $step >= 3 {
if is_ipv6_address($memcached_ips[0]) {
$memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
} else {
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
}
class { '::ironic::api::authtoken':
memcached_servers => $memcache_servers
}
}
}

View File

@ -59,6 +59,8 @@ class tripleo::profile::base::ironic_inspector (
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
) { ) {
include ::tripleo::profile::base::ironic_inspector::authtoken
if $::hostname == downcase($bootstrap_node) { if $::hostname == downcase($bootstrap_node) {
$sync_db = true $sync_db = true
} else { } else {

View File

@ -0,0 +1,44 @@
# Copyright 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::ironic_inspector::authtoken
#
# Ironic inspector authtoken profile for TripleO
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
# [*memcached_ips*]
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
# Defaults to hiera('memcached_node_ips')
#
class tripleo::profile::base::ironic_inspector::authtoken (
$step = Integer(hiera('step')),
$memcached_ips = hiera('memcached_node_ips'),
) {
if $step >= 3 {
if is_ipv6_address($memcached_ips[0]) {
$memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
} else {
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
}
class { '::ironic::inspector::authtoken':
memcached_servers => $memcache_servers
}
}
}

View File

@ -0,0 +1,117 @@
#
# Copyright (C) 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::ironic::api' do
shared_examples_for 'tripleo::profile::base::ironic::api' do
before :each do
facts.merge!({ :step => params[:step] })
end
let(:pre_condition) do
<<-eos
class { '::tripleo::profile::base::ironic':
step => #{params[:step]},
oslomsg_rpc_hosts => [ 'localhost' ],
oslomsg_rpc_username => 'ironic',
oslomsg_rpc_password => 'foo'
}
eos
end
context 'with step less than 3' do
let(:params) { {
:step => 1,
:bootstrap_node => 'node.example.com',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic::api')
is_expected.to contain_class('tripleo::profile::base::ironic::authtoken')
is_expected.to contain_class('tripleo::profile::base::ironic')
is_expected.to_not contain_class('ironic::api')
is_expected.to_not contain_class('ironic::cors')
is_expected.to_not contain_class('tripleo::profile::base::apache')
is_expected.to_not contain_class('ironic::wsgi::apache')
}
end
context 'with step 3 on bootstrap node' do
let(:params) { {
:step => 3,
:bootstrap_node => 'node.example.com',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic::api')
is_expected.to contain_class('tripleo::profile::base::ironic::authtoken')
is_expected.to contain_class('tripleo::profile::base::ironic')
is_expected.to contain_class('ironic::api')
is_expected.to contain_class('ironic::cors')
is_expected.to contain_class('tripleo::profile::base::apache')
is_expected.to contain_class('ironic::wsgi::apache')
}
end
context 'with step 3 not on bootstrap node' do
let(:params) { {
:step => 3,
:bootstrap_node => 'other.example.com',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic::api')
is_expected.to contain_class('tripleo::profile::base::ironic::authtoken')
is_expected.to contain_class('tripleo::profile::base::ironic')
is_expected.to_not contain_class('ironic::api')
is_expected.to_not contain_class('ironic::cors')
is_expected.to_not contain_class('tripleo::profile::base::apache')
is_expected.to_not contain_class('ironic::wsgi::apache')
}
end
context 'with step 4 not on bootstrap node' do
let(:params) { {
:step => 4,
:bootstrap_node => 'other.example.com',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic::api')
is_expected.to contain_class('tripleo::profile::base::ironic::authtoken')
is_expected.to contain_class('tripleo::profile::base::ironic')
is_expected.to contain_class('ironic::api')
is_expected.to contain_class('ironic::cors')
is_expected.to contain_class('tripleo::profile::base::apache')
is_expected.to contain_class('ironic::wsgi::apache')
}
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::ironic::api'
end
end
end

View File

@ -0,0 +1,70 @@
#
# Copyright (C) 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::ironic::authtoken' do
shared_examples_for 'tripleo::profile::base::ironic::authtoken' do
context 'with step less than 3' do
let(:params) { {
:step => 1,
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic::authtoken')
is_expected.to_not contain_class('ironic::api::authtoken')
}
end
context 'with step 3' do
let(:params) { {
:step => 3,
:memcached_ips => '127.0.0.1',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic::authtoken')
is_expected.to contain_class('ironic::api::authtoken').with(
:memcached_servers => ['127.0.0.1:11211'])
}
end
context 'with step 3 with ipv6' do
let(:params) { {
:step => 3,
:memcached_ips => '::1',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic::authtoken')
is_expected.to contain_class('ironic::api::authtoken').with(
:memcached_servers => ['[::1]:11211'])
}
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::ironic::authtoken'
end
end
end

View File

@ -0,0 +1,70 @@
#
# Copyright (C) 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::ironic_inspector::authtoken' do
shared_examples_for 'tripleo::profile::base::ironic_inspector::authtoken' do
context 'with step less than 3' do
let(:params) { {
:step => 1,
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic_inspector::authtoken')
is_expected.to_not contain_class('ironic::inspector::authtoken')
}
end
context 'with step 3' do
let(:params) { {
:step => 3,
:memcached_ips => '127.0.0.1',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic_inspector::authtoken')
is_expected.to contain_class('ironic::inspector::authtoken').with(
:memcached_servers => ['127.0.0.1:11211'])
}
end
context 'with step 3 with ipv6' do
let(:params) { {
:step => 3,
:memcached_ips => '::1',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic_inspector::authtoken')
is_expected.to contain_class('ironic::inspector::authtoken').with(
:memcached_servers => ['[::1]:11211'])
}
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::ironic_inspector::authtoken'
end
end
end

View File

@ -0,0 +1,108 @@
#
# Copyright (C) 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::ironic_inspector' do
shared_examples_for 'tripleo::profile::base::ironic_inspector' do
before :each do
facts.merge!({ :step => params[:step] })
end
context 'with step less than 3' do
let(:params) { {
:step => 1,
:bootstrap_node => 'node.example.com',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic_inspector')
is_expected.to_not contain_class('ironic::inspector')
is_expected.to_not contain_class('ironic::inspector::pxe_filter')
is_expected.to_not contain_class('ironic::inspector::pxe_filter::dnsmasq')
is_expected.to_not contain_class('ironic::config')
is_expected.to_not contain_class('ironic::inspector::logging')
}
end
context 'with step 3 on bootstrap node' do
let(:params) { {
:step => 3,
:bootstrap_node => 'node.example.com',
:inspection_subnets => ['192.168.24.0/24'],
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic_inspector')
is_expected.to contain_class('ironic::inspector').with(
:dnsmasq_ip_subnets => ['192.168.24.0/24']
)
is_expected.to contain_class('ironic::inspector::pxe_filter')
is_expected.to contain_class('ironic::inspector::pxe_filter::dnsmasq')
is_expected.to contain_class('ironic::config')
is_expected.to contain_class('ironic::inspector::logging')
}
end
context 'with step 3 not on bootstrap node' do
let(:params) { {
:step => 3,
:bootstrap_node => 'other.example.com',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic_inspector')
is_expected.to_not contain_class('ironic::inspector')
is_expected.to_not contain_class('ironic::inspector::pxe_filter')
is_expected.to_not contain_class('ironic::inspector::pxe_filter::dnsmasq')
is_expected.to_not contain_class('ironic::config')
is_expected.to_not contain_class('ironic::inspector::logging')
}
end
context 'with step 4' do
let(:params) { {
:step => 4,
:bootstrap_node => 'other.example.com',
:inspection_subnets => ['192.168.24.0/24'],
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic_inspector')
is_expected.to contain_class('ironic::inspector').with(
:dnsmasq_ip_subnets => ['192.168.24.0/24']
)
is_expected.to contain_class('ironic::inspector::pxe_filter')
is_expected.to contain_class('ironic::inspector::pxe_filter::dnsmasq')
is_expected.to contain_class('ironic::config')
is_expected.to contain_class('ironic::inspector::logging')
}
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::ironic_inspector'
end
end
end

View File

@ -0,0 +1,107 @@
#
# Copyright (C) 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::ironic' do
shared_examples_for 'tripleo::profile::base::ironic' do
context 'with step less than 3' do
let(:params) { {
:step => 1,
:bootstrap_node => 'node.example.com',
:oslomsg_rpc_hosts => [ 'localhost' ],
:oslomsg_rpc_password => 'foo'
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic')
is_expected.to_not contain_class('ironic')
is_expected.to_not contain_class('ironic::config')
is_expected.to_not contain_class('ironic::cors')
is_expected.to_not contain_class('ironic::logging')
}
end
context 'with step 3 on bootstrap node' do
let(:params) { {
:step => 3,
:bootstrap_node => 'node.example.com',
:oslomsg_rpc_hosts => [ 'localhost' ],
:oslomsg_rpc_username => 'ironic',
:oslomsg_rpc_password => 'foo',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic')
is_expected.to contain_class('ironic').with(
:default_transport_url => 'rabbit://ironic:foo@localhost:5672/?ssl=0'
)
is_expected.to contain_class('ironic::config')
is_expected.to contain_class('ironic::cors')
is_expected.to contain_class('ironic::logging')
}
end
context 'with step 3 not on bootstrap node' do
let(:params) { {
:step => 3,
:bootstrap_node => 'other.example.com',
:oslomsg_rpc_hosts => [ 'localhost' ],
:oslomsg_rpc_password => 'foo'
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic')
is_expected.to_not contain_class('ironic')
is_expected.to_not contain_class('ironic::config')
is_expected.to_not contain_class('ironic::cors')
is_expected.to_not contain_class('ironic::logging')
}
end
context 'with step 4' do
let(:params) { {
:step => 4,
:bootstrap_node => 'other.example.com',
:oslomsg_rpc_hosts => [ 'localhost' ],
:oslomsg_rpc_password => 'foo',
} }
it {
is_expected.to contain_class('tripleo::profile::base::ironic')
is_expected.to contain_class('ironic').with(
:default_transport_url => /.+/,
)
is_expected.to contain_class('ironic::config')
is_expected.to contain_class('ironic::cors')
is_expected.to contain_class('ironic::logging')
}
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::ironic'
end
end
end

View File

@ -44,6 +44,11 @@ gnocchi_api_short_bootstrap_node_name: node
gnocchi::keystone::authtoken::password: 'password' gnocchi::keystone::authtoken::password: 'password'
gnocchi::storage::ceph::ceph_username: 'gnocchi' gnocchi::storage::ceph::ceph_username: 'gnocchi'
gnocchi::storage::ceph::ceph_secret: 'password' gnocchi::storage::ceph::ceph_secret: 'password'
# ironic related items
ironic::api::authtoken::password: 'password'
ironic_api_short_bootstrap_node_name: node
ironic::inspector::authtoken::password: 'password'
ironic_inspector_short_bootstrap_node_name: node
# haproxy related items # haproxy related items
mysql_enabled: true mysql_enabled: true
controller_node_ips: '10.1.0.1,10.1.0.2' controller_node_ips: '10.1.0.1,10.1.0.2'