Use memcached for token caching in designate authtoken
Use memcached to cache token in designate authtoken, as in-process cache, which we currently use, was already deprecated[1]. [1] Ied2b88c8cefe5655a88d0c2f334de04e588fa75a Change-Id: Iaa8e4fb26cf4677fe151c699a3911f02e30f8d32
This commit is contained in:
parent
8c0d43a193
commit
78d1492226
@ -38,10 +38,10 @@ class tripleo::profile::base::designate::api (
|
|||||||
) {
|
) {
|
||||||
|
|
||||||
include tripleo::profile::base::designate
|
include tripleo::profile::base::designate
|
||||||
|
include tripleo::profile::base::designate::authtoken
|
||||||
|
|
||||||
if ($step >= 3) {
|
if ($step >= 3) {
|
||||||
$listen_uri = normalize_ip_for_uri($listen_ip)
|
$listen_uri = normalize_ip_for_uri($listen_ip)
|
||||||
include designate::keystone::authtoken
|
|
||||||
class { 'designate::api':
|
class { 'designate::api':
|
||||||
listen => "${listen_uri}:${listen_port}",
|
listen => "${listen_uri}:${listen_port}",
|
||||||
}
|
}
|
||||||
|
44
manifests/profile/base/designate/authtoken.pp
Normal file
44
manifests/profile/base/designate/authtoken.pp
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
# Copyright 2020 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
# == Class: tripleo::profile::base::designate::authtoken
|
||||||
|
#
|
||||||
|
# Designate authtoken profile for TripleO
|
||||||
|
#
|
||||||
|
# [*step*]
|
||||||
|
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||||
|
# for more details.
|
||||||
|
# Defaults to hiera('step')
|
||||||
|
#
|
||||||
|
# [*memcached_ips*]
|
||||||
|
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
||||||
|
# Defaults to hiera('memcached_node_ips')
|
||||||
|
#
|
||||||
|
class tripleo::profile::base::designate::authtoken (
|
||||||
|
$step = Integer(hiera('step')),
|
||||||
|
$memcached_ips = hiera('memcached_node_ips'),
|
||||||
|
) {
|
||||||
|
|
||||||
|
if $step >= 3 {
|
||||||
|
if is_ipv6_address($memcached_ips[0]) {
|
||||||
|
$memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
|
||||||
|
} else {
|
||||||
|
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
|
||||||
|
}
|
||||||
|
|
||||||
|
class { 'designate::keystone::authtoken':
|
||||||
|
memcached_servers => $memcache_servers
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,70 @@
|
|||||||
|
#
|
||||||
|
# Copyright (C) 2020 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'tripleo::profile::base::designate::authtoken' do
|
||||||
|
shared_examples_for 'tripleo::profile::base::designate::authtoken' do
|
||||||
|
context 'with step less than 3' do
|
||||||
|
let(:params) { {
|
||||||
|
:step => 1,
|
||||||
|
} }
|
||||||
|
|
||||||
|
it {
|
||||||
|
is_expected.to contain_class('tripleo::profile::base::designate::authtoken')
|
||||||
|
is_expected.to_not contain_class('designate::keystone::authtoken')
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with step 3' do
|
||||||
|
let(:params) { {
|
||||||
|
:step => 3,
|
||||||
|
:memcached_ips => '127.0.0.1',
|
||||||
|
} }
|
||||||
|
|
||||||
|
it {
|
||||||
|
is_expected.to contain_class('tripleo::profile::base::designate::authtoken')
|
||||||
|
is_expected.to contain_class('designate::keystone::authtoken').with(
|
||||||
|
:memcached_servers => ['127.0.0.1:11211'])
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with step 3 with ipv6' do
|
||||||
|
let(:params) { {
|
||||||
|
:step => 3,
|
||||||
|
:memcached_ips => '::1',
|
||||||
|
} }
|
||||||
|
|
||||||
|
it {
|
||||||
|
is_expected.to contain_class('tripleo::profile::base::designate::authtoken')
|
||||||
|
is_expected.to contain_class('designate::keystone::authtoken').with(
|
||||||
|
:memcached_servers => ['[::1]:11211'])
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
on_supported_os.each do |os, facts|
|
||||||
|
context "on #{os}" do
|
||||||
|
let(:facts) do
|
||||||
|
facts.merge({ :hostname => 'node.example.com' })
|
||||||
|
end
|
||||||
|
|
||||||
|
it_behaves_like 'tripleo::profile::base::designate::authtoken'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
3
spec/fixtures/hieradata/default.yaml
vendored
3
spec/fixtures/hieradata/default.yaml
vendored
@ -39,6 +39,9 @@ cinder_volume_short_node_names:
|
|||||||
cinder::backup::nfs::backup_share: '/mnt/backup'
|
cinder::backup::nfs::backup_share: '/mnt/backup'
|
||||||
cinder::rabbit_password: 'password'
|
cinder::rabbit_password: 'password'
|
||||||
cinder::keystone::authtoken::password: 'password'
|
cinder::keystone::authtoken::password: 'password'
|
||||||
|
# designate related items
|
||||||
|
designate_api_short_bootstrap_node_name: node
|
||||||
|
designate::keystone::authtoken::password: 'password'
|
||||||
# glance related items
|
# glance related items
|
||||||
glance_api_short_bootstrap_node_name : node
|
glance_api_short_bootstrap_node_name : node
|
||||||
glance::api::authtoken::password: 'password'
|
glance::api::authtoken::password: 'password'
|
||||||
|
Loading…
x
Reference in New Issue
Block a user