Fix Keystone 'token-get' Error

Previously, users would receive an error similar to the one below after sourcing keystone authentication variables (i.e. source openrc) and running the puppet agent: debug: Puppet::Type::Keystone_user::ProviderKeystone: Executing '/usr/bin/keystone --os-auth-url http://127.0.0.1:35357/v2.0/ token-get' err: /Stage[main]/Nova::Keystone::Auth/Keystone_user[nova]: Could not evaluate: Execution of '/usr/bin/keystone --os-auth-url http://127.0.0.1:35357/v2.0/ token-get' returned 1: Configuration error: Client configured to run without a service catalog. Run the client using --os-auth-url or OS_AUTH_URL, instead of --os-endpoint or OS_SERVICE_ENDPOINT, for example. WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). Even though the OS_AUTH_URL was being provided in the auth file, Keystone will ignore it and other variables related to user/pswd based authnetication. This is because only one form of auth (token or user/password) can be used at a time and Keystone will prefer token-based auth if both are provided. This change introduces the new parameter use_token_auth to set the Keystone auth file based on user/password or token-based authentication. Defaults to false for backwards compatibility and to use user/password authentication. Additional Information: http://docs.openstack.org/developer/keystone/configuration.html https://lists.launchpad.net/openstack/msg22356.html Additionally, Region support was added through the region_name parameter. Defaults to RegionOne for backwards compatibility and to use the default region named RegionOne. Change-Id: I913d8da5b753c8db40a05ba2ae1784750f722a5b
2013-07-31 19:28:53 +00:00
parent ebeda3c6ee
commit 8b37baa366
2 changed files with 39 additions and 39 deletions
--- a/manifests/auth_file.pp
+++ b/manifests/auth_file.pp
@@ -4,24 +4,35 @@
 # against a keystone server.
 #
 class openstack::auth_file(
-  $admin_password,
  $controller_node      = '127.0.0.1',
-  $keystone_admin_token = 'keystone_admin_token',
+  $keystone_admin_token = undef,
  $admin_user           = 'admin',
+  $admin_password       = undef,
  $admin_tenant         = 'admin',
+  $region_name          = 'RegionOne',
  $use_no_cache         = true
 ) {
-  file { '/root/openrc':
-    content =>
-  "
-  export OS_NO_CACHE=${use_no_cache}
-  export OS_TENANT_NAME=${admin_tenant}
-  export OS_USERNAME=${admin_user}
-  export OS_PASSWORD='${admin_password}'
-  export OS_AUTH_URL=\"http://${controller_node}:5000/v2.0/\"
-  export OS_AUTH_STRATEGY=keystone
-  export SERVICE_TOKEN=${keystone_admin_token}
-  export SERVICE_ENDPOINT=http://${controller_node}:35357/v2.0/
-  "
+
+  if ($keystone_admin_token) {
+    file { '/root/openrc':
+        content =>
+    "
+    export OS_SERVICE_TOKEN=${keystone_admin_token}
+    export OS_SERVICE_ENDPOINT=http://${controller_node}:35357/v2.0/
+    "
+    }
+  } else {
+    file { '/root/openrc':
+      content =>
+    "
+    export OS_NO_CACHE=${use_no_cache}
+    export OS_TENANT_NAME=${admin_tenant}
+    export OS_USERNAME=${admin_user}
+    export OS_PASSWORD='${admin_password}'
+    export OS_AUTH_URL=\"http://${controller_node}:5000/v2.0/\"
+    export OS_AUTH_STRATEGY=keystone
+    export OS_REGION_NAME=${region_name}
+    "
+    }
  }
 }
--- a/spec/classes/openstack_auth_file_spec.rb
+++ b/spec/classes/openstack_auth_file_spec.rb
@@ -2,7 +2,7 @@ require 'spec_helper'

 describe 'openstack::auth_file' do

-  describe "when only passing required class parameters" do
+  describe "when only passing default class parameters" do

    let :params do
      { :admin_password => 'admin' }
@@ -10,16 +10,15 @@ describe 'openstack::auth_file' do

    it 'should create a openrc file' do
      should contain_file('/root/openrc').with_content(
-  '
-  export OS_NO_CACHE=true
-  export OS_TENANT_NAME=admin
-  export OS_USERNAME=admin
-  export OS_PASSWORD=\'admin\'
-  export OS_AUTH_URL="http://127.0.0.1:5000/v2.0/"
-  export OS_AUTH_STRATEGY=keystone
-  export SERVICE_TOKEN=keystone_admin_token
-  export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0/
-  '
+    '
+    export OS_NO_CACHE=true
+    export OS_TENANT_NAME=admin
+    export OS_USERNAME=admin
+    export OS_PASSWORD=\'admin\'
+    export OS_AUTH_URL="http://127.0.0.1:5000/v2.0/"
+    export OS_AUTH_STRATEGY=keystone
+    export OS_REGION_NAME=RegionOne
+    '
        )
    end
  end
@@ -28,27 +27,17 @@ describe 'openstack::auth_file' do

      let :params do
        {
-          :admin_password        => 'nova',
          :controller_node       => '127.0.0.2',
          :keystone_admin_token  => 'keystone',
-          :admin_user            => 'nova',
-          :admin_tenant          => 'nova',
-          :use_no_cache          => false,
        }
      end

      it 'should create a openrc file' do
        should contain_file('/root/openrc').with_content(
-  '
-  export OS_NO_CACHE=false
-  export OS_TENANT_NAME=nova
-  export OS_USERNAME=nova
-  export OS_PASSWORD=\'nova\'
-  export OS_AUTH_URL="http://127.0.0.2:5000/v2.0/"
-  export OS_AUTH_STRATEGY=keystone
-  export SERVICE_TOKEN=keystone
-  export SERVICE_ENDPOINT=http://127.0.0.2:35357/v2.0/
-  '
+    '
+    export OS_SERVICE_TOKEN=keystone
+    export OS_SERVICE_ENDPOINT=http://127.0.0.2:35357/v2.0/
+    '
        )
      end
  end