openstack
/
puppet-tripleo
Code Issues Proposed changes

Add support for not using admin_token in Ceph/RGW 

This patch add the option for using Keyston V3 authention with
the Ceph/RGW service instead of using the admin_token

Change-Id: I42861afcac221478dcb68be13b6dbc2533a7f158
This commit is contained in:
Keith Schincke 2016-12-01 13:37:12 -05:00 committed by Giulio Fidente
parent 17fbadba7d
commit bbf13fe1d5
4 changed files with 51 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
manifests/profile/base/ceph/rgw.pp
View File

@ -29,6 +29,10 @@
# [*keystone_admin_token*]
# The keystone admin token
#
# [*rgw_keystone_version*] The api version for keystone.
# Possible values 'v2.0', 'v3'
# Optional. Default is 'v2.0'
#
# [*keystone_url*]
# The internal or admin url for keystone
#
@ -44,9 +48,10 @@ class tripleo::profile::base::ceph::rgw (
$keystone_admin_token,
$keystone_url,
$rgw_key,
$civetweb_bind_ip = '127.0.0.1',
$civetweb_bind_port = '8080',
$step = hiera('step'),
$civetweb_bind_ip = '127.0.0.1',
$civetweb_bind_port = '8080',
$rgw_keystone_version = 'v2.0',
$step = hiera('step'),
) {
include ::tripleo::profile::base::ceph
@ -58,7 +63,8 @@ class tripleo::profile::base::ceph::rgw (
include ::ceph::profile::base
ceph::rgw { $rgw_name:
frontend_type => 'civetweb',
rgw_frontends => "civetweb port=${civetweb_bind_ip_real}:${civetweb_bind_port}"
rgw_frontends => "civetweb port=${civetweb_bind_ip_real}:${civetweb_bind_port}",
user => 'ceph',
}
ceph::key { "client.${rgw_name}":
secret => $rgw_key,
@ -69,11 +75,24 @@ class tripleo::profile::base::ceph::rgw (
}
if $step >= 4 {
ceph::rgw::keystone { $rgw_name:
rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'],
use_pki => false,
rgw_keystone_admin_token => $keystone_admin_token,
rgw_keystone_url => $keystone_url,
if $rgw_keystone_version == 'v2.0' {
ceph::rgw::keystone { $rgw_name:
rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'],
use_pki => false,
rgw_keystone_admin_token => $keystone_admin_token,
rgw_keystone_url => $keystone_url,
user => 'ceph',
}
}
else
{
ceph::rgw::keystone { $rgw_name:
rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'],
use_pki => false,
rgw_keystone_url => $keystone_url,
rgw_keystone_version => $rgw_keystone_version,
user => 'ceph',
}
}
}
}

5
releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- Add support for configuring Ceph RGW to use
keystone V3 service authentication instead
of admin token authentication

11
spec/classes/tripleo_profile_base_ceph_rgw_spec.rb
View File

@ -85,6 +85,17 @@ describe 'tripleo::profile::base::ceph::rgw' do
)
end
end
context 'with step 4 and keystone v3' do
let(:params) { default_params.merge({ :step => 4, :rgw_keystone_version => 'v3' }) }
it 'should include rgw configuration' do
is_expected.to contain_ceph__rgw__keystone('radosgw.gateway').with(
:rgw_keystone_accepted_roles => ["admin", "_member_", "Member"],
:use_pki => false,
:rgw_keystone_url => 'url'
)
end
end
end
on_supported_os.each do |os, facts|

7
spec/fixtures/hieradata/default.yaml vendored
View File

@ -14,6 +14,13 @@ barbican::keystone::authtoken::password: 'password'
ceilometer::keystone::authtoken::password: 'password'
# ceph related items
ceph::profile::params::mon_key: 'password'
# NOTE(gfidente): we want to use keystone v3 API for RGW so the following are
# needed to comply with the if condition:
# https://github.com/openstack/puppet-ceph/blob/master/manifests/rgw/keystone.pp#L111
ceph::profile::params::rgw_keystone_admin_domain: 'keystone_domain'
ceph::profile::params::rgw_keystone_admin_project: 'keystone_project'
ceph::profile::params::rgw_keystone_admin_user: 'keystone_admin_user'
ceph::profile::params::rgw_keystone_admin_password: 'keystone_admin_password'
# cinder related items
cinder::rabbit_password: 'password'
cinder::keystone::authtoken::password: 'password'