openstack
/
puppet-tripleo
Code Issues Proposed changes

Configure authtoken in Nova Placement 

The Nova Placement API's configuration currently relies
on the nova-api profile for its keystone authtoken
configuration. This means that Nova Placement would
fail if it got installed on an isolated node or
docker container (this currently breaks TripleO's
deployment of placement via docker).

This patch creates a new authtoken profile and
calls it via the api and placement roles.

Change-Id: I7b38ab6ba5cae41689ac500d97dec4d09c73d387
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
This commit is contained in:
Dan Prince 2017-02-13 10:07:24 -05:00 committed by Alex Schultz
parent 71f655326b
commit fb6965116d
7 changed files with 258 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Puppetfile_extras
View File

@ -32,3 +32,7 @@ mod 'etcd',
mod 'fdio',
:git => 'https://git.fd.io/puppet-fdio',
:ref => 'master'
mod 'certmonger',
:git => 'https://github.com/earsdown/puppet-certmonger',
:ref => 'v1.1.1'

11
manifests/profile/base/nova/api.pp
View File

@ -75,6 +75,7 @@ class tripleo::profile::base::nova::api (
}
include ::tripleo::profile::base::nova
include ::tripleo::profile::base::nova::authtoken
if $step >= 3 and $sync_db {
include ::nova::cell_v2::simple_setup
@ -82,16 +83,6 @@ class tripleo::profile::base::nova::api (
if $step >= 4 or ($step >= 3 and $sync_db) {
if hiera('nova::use_ipv6', false) {
$memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips_v6'))), ':11211')
} else {
$memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips'))), ':11211')
}
class { '::nova::keystone::authtoken':
memcached_servers => $memcache_servers
}
class { '::nova::api':
sync_db => $sync_db,
sync_db_api => $sync_db,

56
manifests/profile/base/nova/authtoken.pp Normal file
View File

@ -0,0 +1,56 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::nova::authtoken
#
# Nova authtoken profile for TripleO
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
# [*use_ipv6*]
# (Optional) Flag indicating if ipv6 should be used for caching
# Defaults to hiera('nova::use_ipv6', false)
#
# [*memcache_nodes_ipv6*]
# (Optional) Array of ipv6 addresses for memcache. Used if use_ipv6 is true.
# Defaults to hiera('memcached_node_ipvs_v6', ['::1'])
#
# [*memcache_nodes_ipv4*]
# (Optional) Array of ipv4 addresses for memcache. Used by default unless
# use_ipv6 is set to true.
# Defaults to hiera('memcached_node_ips', ['127.0.0.1'])
#
class tripleo::profile::base::nova::authtoken (
$step = hiera('step'),
$use_ipv6 = hiera('nova::use_ipv6', false),
$memcache_nodes_ipv6 = hiera('memcached_node_ips_v6', ['::1']),
$memcache_nodes_ipv4 = hiera('memcached_node_ips', ['127.0.0.1']),
) {
if $step >= 3 {
$memcached_ips = $use_ipv6 ? {
true => $memcache_nodes_ipv6,
default => $memcache_nodes_ipv4
}
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
class { '::nova::keystone::authtoken':
memcached_servers => $memcache_servers
}
}
}

1
manifests/profile/base/nova/placement.pp
View File

@ -69,6 +69,7 @@ class tripleo::profile::base::nova::placement (
}
include ::tripleo::profile::base::nova
include ::tripleo::profile::base::nova::authtoken
if $enable_internal_tls {
if $generate_service_certificates {

3
spec/classes/tripleo_profile_base_nova_api_spec.rb
View File

@ -26,6 +26,9 @@ describe 'tripleo::profile::base::nova::api' do
oslomsg_rpc_username => 'nova',
oslomsg_rpc_password => 'foo'
}
class { '::tripleo::profile::base::nova::authtoken':
step => #{params[:step]},
}
eos
end

69
spec/classes/tripleo_profile_base_nova_authtoken_spec.rb Normal file
View File

@ -0,0 +1,69 @@
#
# Copyright (C) 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::nova::authtoken' do
shared_examples_for 'tripleo::profile::base::nova::authtoken' do
context 'with step less than 3' do
let(:params) { {
:step => 1,
} }
it {
is_expected.to contain_class('tripleo::profile::base::nova::authtoken')
is_expected.to_not contain_class('nova::keystone::authtoken')
}
end
context 'with step 3' do
let(:params) { {
:step => 3,
} }
it {
is_expected.to contain_class('tripleo::profile::base::nova::authtoken')
is_expected.to contain_class('nova::keystone::authtoken').with(
:memcached_servers => ['127.0.0.1:11211'])
}
end
context 'with step 3 with ipv6' do
let(:params) { {
:step => 3,
:use_ipv6 => true,
} }
it {
is_expected.to contain_class('tripleo::profile::base::nova::authtoken')
is_expected.to contain_class('nova::keystone::authtoken').with(
:memcached_servers => ['[::1]:11211'])
}
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::nova::authtoken'
end
end
end

124
spec/classes/tripleo_profile_base_nova_placement_spec.rb Normal file
View File

@ -0,0 +1,124 @@
#
# Copyright (C) 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::nova::placement' do
shared_examples_for 'tripleo::profile::base::nova::placement' do
let(:pre_condition) do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
oslomsg_rpc_hosts => [ 'localhost' ],
oslomsg_rpc_username => 'nova',
oslomsg_rpc_password => 'foo'
}
class { '::tripleo::profile::base::nova::authtoken':
step => #{params[:step]},
}
eos
end
context 'with step less than 3' do
let(:params) { {
:step => 1,
} }
it {
is_expected.to contain_class('tripleo::profile::base::nova::placement')
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to_not contain_class('nova::keystone::authtoken')
is_expected.to_not contain_class('nova::wsgi::apache_placement')
}
end
context 'with step less than 3 and internal tls and generate certs' do
let(:params) { {
:step => 1,
:enable_internal_tls => true,
:generate_service_certificates => true,
:nova_placement_network => 'bar',
:certificates_specs => {
'httpd-bar' => {
'hostname' => 'foo',
'service_certificate' => '/foo.pem',
'service_key' => '/foo.key',
},
}
} }
it {
is_expected.to contain_class('tripleo::profile::base::nova::placement')
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_tripleo__certmonger__httpd('httpd-bar')
is_expected.to_not contain_class('nova::keystone::authtoken')
is_expected.to_not contain_class('nova::wsgi::apache_placement')
}
end
context 'with step 3' do
let(:params) { {
:step => 3,
} }
it {
is_expected.to contain_class('tripleo::profile::base::nova::placement')
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::wsgi::apache_placement')
}
end
context 'with step 3 with enable_internal_tls and skip generate certs' do
let(:params) { {
:step => 3,
:enable_internal_tls => true,
:generate_service_certificates => false,
:nova_placement_network => 'bar',
:certificates_specs => {
'httpd-bar' => {
'hostname' => 'foo',
'service_certificate' => '/foo.pem',
'service_key' => '/foo.key',
},
}
} }
it {
is_expected.to contain_class('tripleo::profile::base::nova::placement')
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to_not contain_tripleo__certmonger__httpd('foo')
is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::wsgi::apache_placement').with(
:ssl_cert => '/foo.pem',
:ssl_key => '/foo.key')
}
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::nova::placement'
end
end
end