Remove deprecated ironic options

Ironic configuration options that where used for a deprecated Identity v2 API have been removed. Change-Id: I9f6e5a60b14eee157c2c5e69672b2cd8a25d102c
2017-04-20 12:51:29 +08:00 · 2017-04-20 12:51:29 +08:00 · 963ebcbb19
parent 550bf01b38
commit 963ebcbb19
4 changed files with 42 additions and 66 deletions
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -75,10 +75,13 @@ function configure_mogan {
    iniset ${MOGAN_CONF_FILE} database connection `database_connection_url mogan`

    # Setup ironic section
-    iniset ${MOGAN_CONF_FILE} ironic admin_tenant_name ${SERVICE_PROJECT_NAME}
-    iniset ${MOGAN_CONF_FILE} ironic admin_username "ironic"
-    iniset ${MOGAN_CONF_FILE} ironic admin_password ${SERVICE_PASSWORD}
-    iniset ${MOGAN_CONF_FILE} ironic admin_url "${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0"
+    iniset ${MOGAN_CONF_FILE} ironic project_domain_name ${SERVICE_DOMAIN_NAME}
+    iniset ${MOGAN_CONF_FILE} ironic project_name ${SERVICE_PROJECT_NAME}
+    iniset ${MOGAN_CONF_FILE} ironic user_domain_name ${SERVICE_DOMAIN_NAME}
+    iniset ${MOGAN_CONF_FILE} ironic username "ironic"
+    iniset ${MOGAN_CONF_FILE} ironic password ${SERVICE_PASSWORD}
+    iniset ${MOGAN_CONF_FILE} ironic auth_url ${KEYSTONE_AUTH_URI}
+    iniset ${MOGAN_CONF_FILE} ironic auth_type "password"
    iniset ${MOGAN_CONF_FILE} ironic api_endpoint "${KEYSTONE_AUTH_PROTOCOL}://${SERVICE_HOST}:${IRONIC_SERVICE_PORT}"

    # Setup neutron section
--- a/mogan/common/ironic.py
+++ b/mogan/common/ironic.py
@ -15,6 +15,7 @@

 import ironicclient as ironic
 from ironicclient import exc as ironic_exc
+from keystoneauth1 import loading as ks_loading
 from oslo_config import cfg
 from oslo_log import log as logging

@ -40,6 +41,14 @@ class IronicClientWrapper(object):
        """Tell the wrapper to invalidate the cached ironic-client."""
        self._cached_client = None

+    def _get_auth_plugin(self):
+        """Load an auth plugin from CONF options."""
+        # If an auth plugin name is defined in `auth_type` option of [ironic]
+        # group, register its options and load it.
+        auth_plugin = ks_loading.load_auth_from_conf_options(CONF, 'ironic')
+
+        return auth_plugin
+
    def _get_client(self, retry_on_conflict=True):
        max_retries = CONF.ironic.api_max_retries if retry_on_conflict else 1
        retry_interval = (CONF.ironic.api_retry_interval
@ -50,30 +59,23 @@ class IronicClientWrapper(object):
        if retry_on_conflict and self._cached_client is not None:
            return self._cached_client

-        auth_token = CONF.ironic.admin_auth_token
-        if auth_token is None:
-            kwargs = {'os_username': CONF.ironic.admin_username,
-                      'os_password': CONF.ironic.admin_password,
-                      'os_auth_url': CONF.ironic.admin_url,
-                      'os_tenant_name': CONF.ironic.admin_tenant_name,
-                      'os_service_type': 'baremetal',
-                      'os_endpoint_type': 'public',
-                      'ironic_url': CONF.ironic.api_endpoint}
-        else:
-            kwargs = {'os_auth_token': auth_token,
-                      'ironic_url': CONF.ironic.api_endpoint}
+        auth_plugin = self._get_auth_plugin()

-        if CONF.ironic.cafile:
-            kwargs['os_cacert'] = CONF.ironic.cafile
-            # Set the old option for compat with old clients
-            kwargs['ca_file'] = CONF.ironic.cafile
+        sess = ks_loading.load_session_from_conf_options(CONF,
+                                                         'ironic',
+                                                         auth=auth_plugin)

+        ironic_url = (CONF.ironic.api_endpoint
+                      if CONF.ironic.api_endpoint else None)
        # Retries for Conflict exception
+        kwargs = {}
        kwargs['max_retries'] = max_retries
        kwargs['retry_interval'] = retry_interval
        kwargs['os_ironic_api_version'] = '%d.%d' % IRONIC_API_VERSION
        try:
-            cli = ironic.client.get_client(IRONIC_API_VERSION[0], **kwargs)
+            cli = ironic.client.get_client(IRONIC_API_VERSION[0],
+                                           ironic_url=ironic_url,
+                                           session=sess, **kwargs)
            # Cache the client so we don't have to reconstruct and
            # reauthenticate it every time we need it.
            if retry_on_conflict:
--- a/mogan/conf/ironic.py
+++ b/mogan/conf/ironic.py
@ -13,6 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

+from keystoneauth1 import loading as ks_loading
 from oslo_config import cfg

 opt_group = cfg.OptGroup(
@ -21,59 +22,23 @@ opt_group = cfg.OptGroup(
    help="""
 Configuration options for Ironic driver (Bare Metal).
 If using the Ironic driver following options must be set:
-* admin_url
-* admin_tenant_name
-* admin_username
-* admin_password
 * api_endpoint
+* auth_type
+* auth_url
+* project_name
+* username
+* password
+* project_domain_id or project_domain_name
+* user_domain_id or user_domain_name
 """)

 opts = [
    cfg.StrOpt(
-        # TODO(raj_singh): Get this value from keystone service catalog
        'api_endpoint',
        sample_default='http://ironic.example.org:6385/',
        help='URL for the Ironic API endpoint'),
-    cfg.StrOpt(
-        'admin_username',
-        help='Ironic keystone admin username'),
-    cfg.StrOpt(
-        'admin_password',
-        secret=True,
-        help='Ironic keystone admin password'),
-    cfg.StrOpt(
-        'admin_auth_token',
-        secret=True,
-        deprecated_for_removal=True,
-        help="""
-Ironic keystone auth token. This option is deprecated and
-admin_username, admin_password and admin_tenant_name options
-are used for authorization.
-"""),
-    cfg.StrOpt(
-        # TODO(raj_singh): Change this option admin_url->auth_url to make it
-        # consistent with other clients (Neutron, Cinder). It requires lot
-        # of work in Ironic client to make this happen.
-        'admin_url',
-        help='Keystone public API endpoint'),
-    cfg.StrOpt(
-        'cafile',
-        default=None,
-        help="""
-Path to the PEM encoded Certificate Authority file to be used when verifying
-HTTPs connections with the Ironic driver. By default this option is not used.
-
-Possible values:
-
-* None - Default
-* Path to the CA file
-"""),
-    cfg.StrOpt(
-        'admin_tenant_name',
-        help='Ironic keystone tenant name'),
    cfg.IntOpt(
        'api_max_retries',
-        # TODO(raj_singh): Change this default to some sensible number
        default=60,
        min=0,
        help="""
@ -97,7 +62,13 @@ Related options:
 """),
 ]

+ironic_opts = opts + ks_loading.get_session_conf_options() + \
+    ks_loading.get_auth_common_conf_options() + \
+    ks_loading.get_auth_plugin_conf_options('v3password')
+

 def register_opts(conf):
    conf.register_group(opt_group)
    conf.register_opts(opts, group=opt_group)
+    ks_loading.register_auth_conf_options(conf, group=opt_group.name)
+    ks_loading.register_session_conf_options(conf, group=opt_group.name)
--- a/mogan/conf/opts.py
+++ b/mogan/conf/opts.py
@ -39,10 +39,10 @@ _opts = [
    ('database', mogan.conf.database.opts),
    ('engine', mogan.conf.engine.opts),
    ('glance', mogan.conf.glance.opts),
-    ('ironic', mogan.conf.ironic.opts),
+    ('ironic', mogan.conf.ironic.ironic_opts),
    ('keystone', mogan.conf.keystone.opts),
    ('neutron', mogan.conf.neutron.opts),
-    ('quota', mogan.conf.quota.opts),
+    ('quota', mogan.conf.quota.quota_opts),
    ('scheduler', mogan.conf.scheduler.opts),
 ]