From 1b1de7c9dd6f8c35692e746eeadd9abcfc9d31bf Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 9 Sep 2019 10:41:26 +0900 Subject: [PATCH] Use memcached for token caching in octavia authtoken Use memcached to cache token in octavia authtoken, as in-process cache, which we currently use, was already deprecated[1]. [1] Ied2b88c8cefe5655a88d0c2f334de04e588fa75a Change-Id: I09a73ae54e7b4b04396c3b31063833eca8bf5352 --- manifests/profile/base/octavia/api.pp | 1 + manifests/profile/base/octavia/authtoken.pp | 44 ++++++++++++ .../tripleo_profile_base_octavia_api_spec.rb | 3 - ...leo_profile_base_octavia_authtoken_spec.rb | 70 +++++++++++++++++++ spec/fixtures/hieradata/default.yaml | 1 + 5 files changed, 116 insertions(+), 3 deletions(-) create mode 100644 manifests/profile/base/octavia/authtoken.pp create mode 100644 spec/classes/tripleo_profile_base_octavia_authtoken_spec.rb diff --git a/manifests/profile/base/octavia/api.pp b/manifests/profile/base/octavia/api.pp index c0e012a45..f7c7b7fe7 100644 --- a/manifests/profile/base/octavia/api.pp +++ b/manifests/profile/base/octavia/api.pp @@ -80,6 +80,7 @@ class tripleo::profile::base::octavia::api ( } include ::tripleo::profile::base::octavia + include ::tripleo::profile::base::octavia::authtoken if $step >= 4 or ($step >= 3 and $sync_db) { if $enable_internal_tls { diff --git a/manifests/profile/base/octavia/authtoken.pp b/manifests/profile/base/octavia/authtoken.pp new file mode 100644 index 000000000..e7ec876cb --- /dev/null +++ b/manifests/profile/base/octavia/authtoken.pp @@ -0,0 +1,44 @@ +# Copyright 2019 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia::authtoken +# +# Octavia authtoken profile for TripleO +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*memcached_ips*] +# (Optional) Array of ipv4 or ipv6 addresses for memcache. +# Defaults to hiera('memcached_node_ips') +# +class tripleo::profile::base::octavia::authtoken ( + $step = Integer(hiera('step')), + $memcached_ips = hiera('memcached_node_ips'), +) { + + if $step >= 3 { + if is_ipv6_address($memcached_ips[0]) { + $memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:') + } else { + $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211') + } + + class { '::octavia::keystone::authtoken': + memcached_servers => $memcache_servers + } + } +} diff --git a/spec/classes/tripleo_profile_base_octavia_api_spec.rb b/spec/classes/tripleo_profile_base_octavia_api_spec.rb index 5f2c4c02e..39748246c 100644 --- a/spec/classes/tripleo_profile_base_octavia_api_spec.rb +++ b/spec/classes/tripleo_profile_base_octavia_api_spec.rb @@ -40,9 +40,6 @@ describe 'tripleo::profile::base::octavia::api' do class { 'octavia::db::mysql': password => 'some_password' } - class { 'octavia::keystone::authtoken': - password => 'some_password' - } eos end diff --git a/spec/classes/tripleo_profile_base_octavia_authtoken_spec.rb b/spec/classes/tripleo_profile_base_octavia_authtoken_spec.rb new file mode 100644 index 000000000..c39c5f0f9 --- /dev/null +++ b/spec/classes/tripleo_profile_base_octavia_authtoken_spec.rb @@ -0,0 +1,70 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::octavia::authtoken' do + shared_examples_for 'tripleo::profile::base::octavia::authtoken' do + context 'with step less than 3' do + let(:params) { { + :step => 1, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::octavia::authtoken') + is_expected.to_not contain_class('octavia::keystone::authtoken') + } + end + + context 'with step 3' do + let(:params) { { + :step => 3, + :memcached_ips => '127.0.0.1', + } } + + it { + is_expected.to contain_class('tripleo::profile::base::octavia::authtoken') + is_expected.to contain_class('octavia::keystone::authtoken').with( + :memcached_servers => ['127.0.0.1:11211']) + } + end + + context 'with step 3 with ipv6' do + let(:params) { { + :step => 3, + :memcached_ips => '::1', + } } + + it { + is_expected.to contain_class('tripleo::profile::base::octavia::authtoken') + is_expected.to contain_class('octavia::keystone::authtoken').with( + :memcached_servers => ['[::1]:11211']) + } + end + + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::octavia::authtoken' + end + end +end diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index e35b3b7b3..3ec66b18b 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -77,6 +77,7 @@ memcached_node_ips: - '127.0.0.1' # octavia related items octavia::rabbit_password: 'password' +octavia::keystone::authtoken::password: 'password' # horizon related horizon_short_bootstrap_node_name: node horizon::secret_key: 'secrete'