Fix Keystone 'token-get' Error
Previously, users would receive an error similar to the one below after sourcing keystone authentication variables (i.e. source openrc) and running the puppet agent: debug: Puppet::Type::Keystone_user::ProviderKeystone: Executing '/usr/bin/keystone --os-auth-url http://127.0.0.1:35357/v2.0/ token-get' err: /Stage[main]/Nova::Keystone::Auth/Keystone_user[nova]: Could not evaluate: Execution of '/usr/bin/keystone --os-auth-url http://127.0.0.1:35357/v2.0/ token-get' returned 1: Configuration error: Client configured to run without a service catalog. Run the client using --os-auth-url or OS_AUTH_URL, instead of --os-endpoint or OS_SERVICE_ENDPOINT, for example. WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). Even though the OS_AUTH_URL was being provided in the auth file, Keystone will ignore it and other variables related to user/pswd based authnetication. This is because only one form of auth (token or user/password) can be used at a time and Keystone will prefer token-based auth if both are provided. This change introduces the new parameter use_token_auth to set the Keystone auth file based on user/password or token-based authentication. Defaults to false for backwards compatibility and to use user/password authentication. Additional Information: http://docs.openstack.org/developer/keystone/configuration.html https://lists.launchpad.net/openstack/msg22356.html Additionally, Region support was added through the region_name parameter. Defaults to RegionOne for backwards compatibility and to use the default region named RegionOne. Change-Id: I913d8da5b753c8db40a05ba2ae1784750f722a5b
This commit is contained in:
Daneyon Hansen
@@ -4,13 +4,24 @@
|
|||||||
# against a keystone server.
|
# against a keystone server.
|
||||||
#
|
#
|
||||||
class openstack::auth_file(
|
class openstack::auth_file(
|
||||||
$admin_password,
|
|
||||||
$controller_node = '127.0.0.1',
|
$controller_node = '127.0.0.1',
|
||||||
$keystone_admin_token = 'keystone_admin_token',
|
$keystone_admin_token = undef,
|
||||||
$admin_user = 'admin',
|
$admin_user = 'admin',
|
||||||
|
$admin_password = undef,
|
||||||
$admin_tenant = 'admin',
|
$admin_tenant = 'admin',
|
||||||
|
$region_name = 'RegionOne',
|
||||||
$use_no_cache = true
|
$use_no_cache = true
|
||||||
) {
|
) {
|
||||||
|
|
||||||
|
if ($keystone_admin_token) {
|
||||||
|
file { '/root/openrc':
|
||||||
|
content =>
|
||||||
|
"
|
||||||
|
export OS_SERVICE_TOKEN=${keystone_admin_token}
|
||||||
|
export OS_SERVICE_ENDPOINT=http://${controller_node}:35357/v2.0/
|
||||||
|
"
|
||||||
|
}
|
||||||
|
} else {
|
||||||
file { '/root/openrc':
|
file { '/root/openrc':
|
||||||
content =>
|
content =>
|
||||||
"
|
"
|
||||||
@@ -20,8 +31,8 @@ class openstack::auth_file(
|
|||||||
export OS_PASSWORD='${admin_password}'
|
export OS_PASSWORD='${admin_password}'
|
||||||
export OS_AUTH_URL=\"http://${controller_node}:5000/v2.0/\"
|
export OS_AUTH_URL=\"http://${controller_node}:5000/v2.0/\"
|
||||||
export OS_AUTH_STRATEGY=keystone
|
export OS_AUTH_STRATEGY=keystone
|
||||||
export SERVICE_TOKEN=${keystone_admin_token}
|
export OS_REGION_NAME=${region_name}
|
||||||
export SERVICE_ENDPOINT=http://${controller_node}:35357/v2.0/
|
|
||||||
"
|
"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ require 'spec_helper'
|
|||||||
|
|
||||||
describe 'openstack::auth_file' do
|
describe 'openstack::auth_file' do
|
||||||
|
|
||||||
describe "when only passing required class parameters" do
|
describe "when only passing default class parameters" do
|
||||||
|
|
||||||
let :params do
|
let :params do
|
||||||
{ :admin_password => 'admin' }
|
{ :admin_password => 'admin' }
|
||||||
@@ -17,8 +17,7 @@ describe 'openstack::auth_file' do
|
|||||||
export OS_PASSWORD=\'admin\'
|
export OS_PASSWORD=\'admin\'
|
||||||
export OS_AUTH_URL="http://127.0.0.1:5000/v2.0/"
|
export OS_AUTH_URL="http://127.0.0.1:5000/v2.0/"
|
||||||
export OS_AUTH_STRATEGY=keystone
|
export OS_AUTH_STRATEGY=keystone
|
||||||
export SERVICE_TOKEN=keystone_admin_token
|
export OS_REGION_NAME=RegionOne
|
||||||
export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0/
|
|
||||||
'
|
'
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
@@ -28,26 +27,16 @@ describe 'openstack::auth_file' do
|
|||||||
|
|
||||||
let :params do
|
let :params do
|
||||||
{
|
{
|
||||||
:admin_password => 'nova',
|
|
||||||
:controller_node => '127.0.0.2',
|
:controller_node => '127.0.0.2',
|
||||||
:keystone_admin_token => 'keystone',
|
:keystone_admin_token => 'keystone',
|
||||||
:admin_user => 'nova',
|
|
||||||
:admin_tenant => 'nova',
|
|
||||||
:use_no_cache => false,
|
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'should create a openrc file' do
|
it 'should create a openrc file' do
|
||||||
should contain_file('/root/openrc').with_content(
|
should contain_file('/root/openrc').with_content(
|
||||||
'
|
'
|
||||||
export OS_NO_CACHE=false
|
export OS_SERVICE_TOKEN=keystone
|
||||||
export OS_TENANT_NAME=nova
|
export OS_SERVICE_ENDPOINT=http://127.0.0.2:35357/v2.0/
|
||||||
export OS_USERNAME=nova
|
|
||||||
export OS_PASSWORD=\'nova\'
|
|
||||||
export OS_AUTH_URL="http://127.0.0.2:5000/v2.0/"
|
|
||||||
export OS_AUTH_STRATEGY=keystone
|
|
||||||
export SERVICE_TOKEN=keystone
|
|
||||||
export SERVICE_ENDPOINT=http://127.0.0.2:35357/v2.0/
|
|
||||||
'
|
'
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user