stackforge/puppet-openstack-cloud
Code Issues Proposed changes

identity: more flexibility in endpoints protocols

Browse Source 
Allow to specify all endpoint type protocols:
- recatorize keystone endpoints
- for each OpenStack service, allow to specify internal & admin
  endpoints procotols

Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
This commit is contained in:
Emilien Macchi
2014-06-23 18:16:41 +02:00
parent f34152acf5
commit b4e18e6b1e
2 changed files with 188 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
manifests/identity.pp
View File

@@ -336,23 +336,31 @@ class cloud::identity (
$ks_ceilometer_public_host = '127.0.0.1',
$ks_ceilometer_public_port = 8777,
$ks_ceilometer_public_proto = 'http',
$ks_ceilometer_admin_proto = 'http',
$ks_ceilometer_internal_proto = 'http',
$ks_cinder_admin_host = '127.0.0.1',
$ks_cinder_internal_host = '127.0.0.1',
$ks_cinder_password = 'cinderpassword',
$ks_cinder_public_host = '127.0.0.1',
$ks_cinder_public_proto = 'http',
$ks_cinder_admin_proto = 'http',
$ks_cinder_internal_proto = 'http',
$ks_cinder_public_port = 8776,
$ks_glance_admin_host = '127.0.0.1',
$ks_glance_internal_host = '127.0.0.1',
$ks_glance_password = 'glancepassword',
$ks_glance_public_host = '127.0.0.1',
$ks_glance_public_proto = 'http',
$ks_glance_internal_proto = 'http',
$ks_glance_admin_proto = 'http',
$ks_glance_api_public_port = 9292,
$ks_heat_admin_host = '127.0.0.1',
$ks_heat_internal_host = '127.0.0.1',
$ks_heat_password = 'heatpassword',
$ks_heat_public_host = '127.0.0.1',
$ks_heat_public_proto = 'http',
$ks_heat_admin_proto = 'http',
$ks_heat_internal_proto = 'http',
$ks_heat_public_port = 8004,
$ks_heat_cfn_public_port = 8000,
$ks_keystone_admin_host = '127.0.0.1',
@@ -363,16 +371,22 @@ class cloud::identity (
$ks_keystone_public_port = 5000,
$ks_keystone_public_proto = 'http',
$ks_neutron_admin_host = '127.0.0.1',
$ks_keystone_admin_proto = 'http',
$ks_keystone_internal_proto = 'http',
$ks_neutron_internal_host = '127.0.0.1',
$ks_neutron_password = 'neutronpassword',
$ks_neutron_public_host = '127.0.0.1',
$ks_neutron_public_proto = 'http',
$ks_neutron_admin_proto = 'http',
$ks_neutron_internal_proto = 'http',
$ks_neutron_public_port = 9696,
$ks_nova_admin_host = '127.0.0.1',
$ks_nova_internal_host = '127.0.0.1',
$ks_nova_password = 'novapassword',
$ks_nova_public_host = '127.0.0.1',
$ks_nova_public_proto = 'http',
$ks_nova_internal_proto = 'http',
$ks_nova_admin_proto = 'http',
$ks_nova_public_port = 8774,
$ks_ec2_public_port = 8773,
$ks_swift_dispersion_password = 'dispersion',
@@ -382,6 +396,8 @@ class cloud::identity (
$ks_swift_public_host = '127.0.0.1',
$ks_swift_public_port = 8080,
$ks_swift_public_proto = 'http',
$ks_swift_admin_proto = 'http',
$ks_swift_internal_proto = 'http',
$api_eth = '127.0.0.1',
$region = 'RegionOne',
$verbose = true,
@@ -439,14 +455,10 @@ class cloud::identity (
keystone_role { $identity_roles_addons: ensure => present }
class {'keystone::endpoint':
admin_address => $ks_keystone_admin_host,
admin_port => $ks_keystone_admin_port,
internal_address => $ks_keystone_internal_host,
internal_port => $ks_keystone_internal_port,
public_address => $ks_keystone_public_host,
public_port => $ks_keystone_public_port,
public_protocol => $ks_keystone_public_proto,
region => $region,
public_url => "${ks_keystone_public_proto}://${ks_keystone_public_host}:${ks_keystone_public_port}",
internal_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}",
admin_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}",
region => $region,
}
# TODO(EmilienM) Disable WSGI - bug #98
@@ -462,13 +474,15 @@ class cloud::identity (
if $swift_enabled {
class {'swift::keystone::auth':
password => $ks_swift_password,
public_address => $ks_swift_public_host,
public_port => $ks_swift_public_port,
public_protocol => $ks_swift_public_proto,
admin_address => $ks_swift_admin_host,
internal_address => $ks_swift_internal_host,
region => $region
password => $ks_swift_password,
public_address => $ks_swift_public_host,
public_port => $ks_swift_public_port,
public_protocol => $ks_swift_public_proto,
admin_protocol => $ks_swift_admin_proto,
internal_protocol => $ks_swift_internal_proto,
admin_address => $ks_swift_admin_host,
internal_address => $ks_swift_internal_host,
region => $region
}
class {'swift::keystone::dispersion':
@@ -477,68 +491,89 @@ class cloud::identity (
}
class {'ceilometer::keystone::auth':
admin_address => $ks_ceilometer_admin_host,
internal_address => $ks_ceilometer_internal_host,
public_address => $ks_ceilometer_public_host,
port => $ks_ceilometer_public_port,
region => $region,
password => $ks_ceilometer_password
admin_address => $ks_ceilometer_admin_host,
internal_address => $ks_ceilometer_internal_host,
public_address => $ks_ceilometer_public_host,
public_protocol => $ks_ceilometer_public_proto,
admin_protocol => $ks_ceilometer_admin_proto,
internal_protocol => $ks_ceilometer_internal_proto,
port => $ks_ceilometer_public_port,
region => $region,
password => $ks_ceilometer_password
}
class { 'nova::keystone::auth':
cinder => true,
admin_address => $ks_nova_admin_host,
internal_address => $ks_nova_internal_host,
public_address => $ks_nova_public_host,
compute_port => $ks_nova_public_port,
ec2_port => $ks_ec2_public_port,
region => $region,
password => $ks_nova_password
cinder => true,
admin_address => $ks_nova_admin_host,
internal_address => $ks_nova_internal_host,
public_address => $ks_nova_public_host,
compute_port => $ks_nova_public_port,
public_protocol => $ks_nova_public_proto,
admin_protocol => $ks_nova_admin_proto,
internal_protocol => $ks_nova_internal_proto,
ec2_port => $ks_ec2_public_port,
region => $region,
password => $ks_nova_password
}
class { 'neutron::keystone::auth':
admin_address => $ks_neutron_admin_host,
internal_address => $ks_neutron_internal_host,
public_address => $ks_neutron_public_host,
port => $ks_neutron_public_port,
region => $region,
password => $ks_neutron_password
admin_address => $ks_neutron_admin_host,
internal_address => $ks_neutron_internal_host,
public_address => $ks_neutron_public_host,
public_protocol => $ks_neutron_public_proto,
internal_protocol => $ks_neutron_internal_proto,
admin_protocol => $ks_neutron_admin_proto,
port => $ks_neutron_public_port,
region => $region,
password => $ks_neutron_password
}
class { 'cinder::keystone::auth':
admin_address => $ks_cinder_admin_host,
internal_address => $ks_cinder_internal_host,
public_address => $ks_cinder_public_host,
port => $ks_cinder_public_port,
region => $region,
password => $ks_cinder_password
admin_address => $ks_cinder_admin_host,
internal_address => $ks_cinder_internal_host,
public_address => $ks_cinder_public_host,
port => $ks_cinder_public_port,
public_protocol => $ks_cinder_public_proto,
admin_protocol => $ks_cinder_admin_proto,
internal_protocol => $ks_cinder_internal_proto,
region => $region,
password => $ks_cinder_password
}
class { 'glance::keystone::auth':
admin_address => $ks_glance_admin_host,
internal_address => $ks_glance_internal_host,
public_address => $ks_glance_public_host,
port => $ks_glance_api_public_port,
region => $region,
password => $ks_glance_password
admin_address => $ks_glance_admin_host,
internal_address => $ks_glance_internal_host,
public_address => $ks_glance_public_host,
port => $ks_glance_api_public_port,
public_protocol => $ks_glance_public_proto,
internal_protocol => $ks_glance_internal_proto,
admin_protocol => $ks_glance_admin_proto,
region => $region,
password => $ks_glance_password
}
class { 'heat::keystone::auth':
admin_address => $ks_heat_admin_host,
internal_address => $ks_heat_internal_host,
public_address => $ks_heat_public_host,
port => $ks_heat_public_port,
region => $region,
password => $ks_heat_password
admin_address => $ks_heat_admin_host,
internal_address => $ks_heat_internal_host,
public_address => $ks_heat_public_host,
port => $ks_heat_public_port,
public_protocol => $ks_heat_public_proto,
internal_protocol => $ks_heat_internal_proto,
admin_protocol => $ks_heat_admin_proto,
region => $region,
password => $ks_heat_password
}
class { 'heat::keystone::auth_cfn':
admin_address => $ks_heat_admin_host,
internal_address => $ks_heat_internal_host,
public_address => $ks_heat_public_host,
port => $ks_heat_cfn_public_port,
region => $region,
password => $ks_heat_password
admin_address => $ks_heat_admin_host,
internal_address => $ks_heat_internal_host,
public_address => $ks_heat_public_host,
port => $ks_heat_cfn_public_port,
public_protocol => $ks_heat_public_proto,
internal_protocol => $ks_heat_internal_proto,
admin_protocol => $ks_heat_admin_proto,
region => $region,
password => $ks_heat_password
}
# Purge expored tokens every days at midnight

163
spec/classes/cloud_identity_spec.rb
View File

@@ -37,23 +37,30 @@ describe 'cloud::identity' do
:ks_ceilometer_password => 'secrete',
:ks_ceilometer_public_host => '10.0.0.1',
:ks_ceilometer_public_port => '8777',
:ks_ceilometer_public_proto => 'http',
:ks_ceilometer_public_proto => 'https',
:ks_ceilometer_admin_proto => 'https',
:ks_ceilometer_internal_proto => 'https',
:ks_cinder_admin_host => '10.0.0.1',
:ks_cinder_internal_host => '10.0.0.1',
:ks_cinder_password => 'secrete',
:ks_cinder_public_host => '10.0.0.1',
:ks_cinder_public_proto => 'http',
:ks_cinder_public_port => '8776',
:ks_cinder_public_proto => 'https',
:ks_cinder_public_proto => 'https',
:ks_cinder_admin_proto => 'https',
:ks_glance_admin_host => '10.0.0.1',
:ks_glance_internal_host => '10.0.0.1',
:ks_glance_password => 'secrete',
:ks_glance_public_host => '10.0.0.1',
:ks_glance_public_proto => 'http',
:ks_glance_public_proto => 'https',
:ks_glance_admin_proto => 'https',
:ks_glance_internal_proto => 'https',
:ks_heat_admin_host => '10.0.0.1',
:ks_heat_internal_host => '10.0.0.1',
:ks_heat_password => 'secrete',
:ks_heat_public_host => '10.0.0.1',
:ks_heat_public_proto => 'http',
:ks_heat_public_proto => 'https',
:ks_heat_admin_proto => 'https',
:ks_heat_internal_proto => 'https',
:ks_heat_public_port => '8004',
:ks_heat_cfn_public_port => '8000',
:ks_keystone_admin_host => '10.0.0.1',
@@ -62,18 +69,24 @@ describe 'cloud::identity' do
:ks_keystone_internal_port => '5000',
:ks_keystone_public_host => '10.0.0.1',
:ks_keystone_public_port => '5000',
:ks_keystone_public_proto => 'http',
:ks_keystone_public_proto => 'https',
:ks_keystone_admin_proto => 'https',
:ks_keystone_internal_proto => 'https',
:ks_neutron_admin_host => '10.0.0.1',
:ks_neutron_internal_host => '10.0.0.1',
:ks_neutron_password => 'secrete',
:ks_neutron_public_host => '10.0.0.1',
:ks_neutron_public_proto => 'http',
:ks_neutron_admin_proto => 'https',
:ks_neutron_internal_proto => 'https',
:ks_neutron_public_proto => 'https',
:ks_neutron_public_port => '9696',
:ks_nova_admin_host => '10.0.0.1',
:ks_nova_internal_host => '10.0.0.1',
:ks_nova_password => 'secrete',
:ks_nova_public_host => '10.0.0.1',
:ks_nova_public_proto => 'http',
:ks_nova_public_proto => 'https',
:ks_nova_internal_proto => 'https',
:ks_nova_admin_proto => 'https',
:ks_nova_public_port => '8774',
:ks_ec2_public_port => '8773',
:ks_swift_dispersion_password => 'secrete',
@@ -81,7 +94,9 @@ describe 'cloud::identity' do
:ks_swift_password => 'secrete',
:ks_swift_public_host => '10.0.0.1',
:ks_swift_public_port => '8080',
:ks_swift_public_proto => 'http',
:ks_swift_public_proto => 'https',
:ks_swift_admin_proto => 'https',
:ks_swift_internal_proto => 'https',
:ks_swift_admin_host => '10.0.0.1',
:region => 'BigCloud',
:verbose => true,
@@ -148,26 +163,24 @@ describe 'cloud::identity' do
it 'configure keystone endpoint' do
should contain_class('keystone::endpoint').with(
:admin_address => '10.0.0.1',
:admin_port => '35357',
:internal_address => '10.0.0.1',
:internal_port => '5000',
:public_address => '10.0.0.1',
:public_port => '5000',
:public_protocol => 'http',
:region => 'BigCloud'
:public_url => 'https://10.0.0.1:5000',
:admin_url => 'https://10.0.0.1:35357',
:internal_url => 'https://10.0.0.1:5000',
:region => 'BigCloud'
)
end
it 'configure swift endpoints' do
should contain_class('swift::keystone::auth').with(
:password => 'secrete',
:public_address => '10.0.0.1',
:public_port => '8080',
:public_protocol => 'http',
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:region => 'BigCloud'
:password => 'secrete',
:public_address => '10.0.0.1',
:public_port => '8080',
:public_protocol => 'https',
:admin_protocol => 'https',
:internal_protocol => 'https',
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:region => 'BigCloud'
)
end
@@ -177,39 +190,45 @@ describe 'cloud::identity' do
it 'configure ceilometer endpoints' do
should contain_class('ceilometer::keystone::auth').with(
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:password => 'secrete',
:port => '8777',
:public_address => '10.0.0.1',
:public_protocol => 'http',
:region => 'BigCloud'
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:password => 'secrete',
:port => '8777',
:public_address => '10.0.0.1',
:public_protocol => 'https',
:admin_protocol => 'https',
:internal_protocol => 'https',
:region => 'BigCloud'
)
end
it 'configure nova endpoints' do
should contain_class('nova::keystone::auth').with(
:admin_address => '10.0.0.1',
:cinder => true,
:internal_address => '10.0.0.1',
:password => 'secrete',
:public_address => '10.0.0.1',
:public_protocol => 'http',
:compute_port => '8774',
:ec2_port => '8773',
:region => 'BigCloud'
:admin_address => '10.0.0.1',
:cinder => true,
:internal_address => '10.0.0.1',
:password => 'secrete',
:public_address => '10.0.0.1',
:public_protocol => 'https',
:admin_protocol => 'https',
:internal_protocol => 'https',
:compute_port => '8774',
:ec2_port => '8773',
:region => 'BigCloud'
)
end
it 'configure neutron endpoints' do
should contain_class('neutron::keystone::auth').with(
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:password => 'secrete',
:public_address => '10.0.0.1',
:public_protocol => 'http',
:port => '9696',
:region => 'BigCloud'
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:password => 'secrete',
:public_address => '10.0.0.1',
:public_protocol => 'https',
:internal_protocol => 'https',
:admin_protocol => 'https',
:port => '9696',
:region => 'BigCloud'
)
end
@@ -219,44 +238,50 @@ describe 'cloud::identity' do
:internal_address => '10.0.0.1',
:password => 'secrete',
:public_address => '10.0.0.1',
:public_protocol => 'http',
:public_protocol => 'https',
:region => 'BigCloud'
)
end
it 'configure glance endpoints' do
should contain_class('glance::keystone::auth').with(
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:password => 'secrete',
:public_address => '10.0.0.1',
:public_protocol => 'http',
:port => '9292',
:region => 'BigCloud'
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:password => 'secrete',
:public_address => '10.0.0.1',
:public_protocol => 'https',
:admin_protocol => 'https',
:internal_protocol => 'https',
:port => '9292',
:region => 'BigCloud'
)
end
it 'configure heat endpoints' do
should contain_class('heat::keystone::auth').with(
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:password => 'secrete',
:public_address => '10.0.0.1',
:public_protocol => 'http',
:port => '8004',
:region => 'BigCloud'
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:password => 'secrete',
:public_address => '10.0.0.1',
:public_protocol => 'https',
:admin_protocol => 'https',
:internal_protocol => 'https',
:port => '8004',
:region => 'BigCloud'
)
end
it 'configure heat cloudformation endpoints' do
should contain_class('heat::keystone::auth_cfn').with(
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:password => 'secrete',
:public_address => '10.0.0.1',
:public_protocol => 'http',
:port => '8000',
:region => 'BigCloud'
:admin_address => '10.0.0.1',
:internal_address => '10.0.0.1',
:password => 'secrete',
:public_address => '10.0.0.1',
:public_protocol => 'https',
:admin_protocol => 'https',
:internal_protocol => 'https',
:port => '8000',
:region => 'BigCloud'
)
end