diff --git a/heat/Modulefile b/heat/Modulefile deleted file mode 100644 index f3f6087c3..000000000 --- a/heat/Modulefile +++ /dev/null @@ -1,13 +0,0 @@ -name 'puppetlabs-heat' -version '4.0.0' -author 'eNovance and StackForge Contributors' -license 'Apache License 2.0' -summary 'Puppet module for OpenStack Heat' -description 'Installs and configures OpenStack Heat (Orchestration).' -project_page 'https://launchpad.net/puppet-heat' -source 'https://github.com/stackforge/puppet-heat' - -dependency 'puppetlabs/inifile', '>= 1.0.0 <2.0.0' -dependency 'puppetlabs/keystone', '>=4.0.0 <5.0.0' -dependency 'puppetlabs/stdlib', '>= 4.0.0 < 5.0.0' -dependency 'stackforge/openstacklib', '>=5.0.0' diff --git a/heat/manifests/engine.pp b/heat/manifests/engine.pp index 2238d6cfe..02c94cb8d 100644 --- a/heat/manifests/engine.pp +++ b/heat/manifests/engine.pp @@ -35,7 +35,19 @@ # used for stack locking # Defaults to '2' # - +# [*trusts_delegated_roles*] +# (optional) Array of trustor roles to be delegated to heat. +# Defaults to ['heat_stack_owner'] +# +# [*deferred_auth_method*] +# (optional) Select deferred auth method. +# Can be "password" or "trusts". +# Defaults to 'trusts' +# +# [*configure_delegated_roles*] +# (optional) Whether to configure the delegated roles. +# Defaults to true +# class heat::engine ( $auth_encryption_key, $manage_service = true, @@ -44,7 +56,10 @@ $heat_metadata_server_url = 'http://127.0.0.1:8000', $heat_waitcondition_server_url = 'http://127.0.0.1:8000/v1/waitcondition', $heat_watch_server_url = 'http://127.0.0.1:8003', - $engine_life_check_timeout = '2' + $engine_life_check_timeout = '2', + $trusts_delegated_roles = ['heat_stack_owner'], + $deferred_auth_method = 'trusts', + $configure_delegated_roles = true, ) { include heat::params @@ -66,6 +81,12 @@ } } + if $configure_delegated_roles { + keystone_role { $trusts_delegated_roles: + ensure => present, + } + } + service { 'heat-engine': ensure => $service_ensure, name => $::heat::params::engine_service_name, @@ -85,5 +106,7 @@ 'DEFAULT/heat_waitcondition_server_url': value => $heat_waitcondition_server_url; 'DEFAULT/heat_watch_server_url' : value => $heat_watch_server_url; 'DEFAULT/engine_life_check_timeout' : value => $engine_life_check_timeout; + 'DEFAULT/trusts_delegated_roles' : value => $trusts_delegated_roles; + 'DEFAULT/deferred_auth_method' : value => $deferred_auth_method; } } diff --git a/heat/manifests/init.pp b/heat/manifests/init.pp index a48218eac..6ec68437e 100644 --- a/heat/manifests/init.pp +++ b/heat/manifests/init.pp @@ -76,6 +76,11 @@ # [*qpid_reconnect_interval_min*] # [*qpid_reconnect_interval_max*] # +# [*database_connection*] +# Url used to connect to database. +# (Optional) Defaults to +# 'sqlite:////var/lib/heat/heat.sqlite' +# # [*database_idle_timeout*] # (optional) Timeout before idle db connections are reaped. # Defaults to 3600 @@ -91,6 +96,9 @@ # [*mysql_module*] # (optional) Deprecated. Does nothing. # +# [*sql_connection*] +# (optional) Deprecated. Use database_connection instead. +# class heat( $auth_uri = false, $package_ensure = 'present', @@ -130,12 +138,13 @@ $qpid_reconnect_interval_min = 0, $qpid_reconnect_interval_max = 0, $qpid_reconnect_interval = 0, - $sql_connection = false, + $database_connection = 'sqlite:////var/lib/heat/heat.sqlite', $database_idle_timeout = 3600, $use_syslog = false, $log_facility = 'LOG_USER', #Deprecated parameters $mysql_module = undef, + $sql_connection = undef, ) { include heat::params @@ -312,11 +321,17 @@ } if $sql_connection { + warning('The sql_connection parameter is deprecated, use database_connection instead.') + $database_connection_real = $sql_connection + } else { + $database_connection_real = $database_connection + } - validate_re($sql_connection, + if $database_connection_real { + validate_re($database_connection_real, '(sqlite|mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?') - case $sql_connection { + case $database_connection_real { /^mysql:\/\//: { $backend_package = false require mysql::bindings @@ -341,8 +356,11 @@ } heat_config { - 'database/connection': value => $sql_connection, secret => true; - 'database/idle_timeout': value => $database_idle_timeout; + 'database/connection': + value => $database_connection_real, + secret => true; + 'database/idle_timeout': + value => $database_idle_timeout; } Heat_config['database/connection'] ~> Exec['heat-dbsync'] diff --git a/heat/metadata.json b/heat/metadata.json new file mode 100644 index 000000000..199c7626b --- /dev/null +++ b/heat/metadata.json @@ -0,0 +1,39 @@ +{ + "name": "stackforge-heat", + "version": "5.0.0", + "author": "eNovance and StackForge Contributors", + "summary": "Puppet module for OpenStack Heat", + "license": "Apache License 2.0", + "source": "git://github.com/stackforge/puppet-heat.git", + "project_page": "https://launchpad.net/puppet-heat", + "issues_url": "https://bugs.launchpad.net/puppet-heat", + "requirements": [ + { "name": "pe","version_requirement": "3.x" }, + { "name": "puppet","version_requirement": "3.x" } + ], + "operatingsystem_support": [ + { + "operatingsystem": "Debian", + "operatingsystemrelease": ["7"] + }, + { + "operatingsystem": "Fedora", + "operatingsystemrelease": ["20"] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": ["6.5","7"] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": ["12.04","14.04"] + } + ], + "description": "Installs and configures OpenStack Heat (Orchestration).", + "dependencies": [ + { "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" }, + { "name": "stackforge/keystone", "version_requirement": ">=5.0.0 <6.0.0" }, + { "name": "puppetlabs/stdlib", "version_requirement": ">=4.0.0 <5.0.0" }, + { "name": "stackforge/openstacklib", "version_requirement": ">=5.0.0" } + ] +} diff --git a/heat/spec/classes/heat_engine_spec.rb b/heat/spec/classes/heat_engine_spec.rb index d4639ba84..734c7909b 100644 --- a/heat/spec/classes/heat_engine_spec.rb +++ b/heat/spec/classes/heat_engine_spec.rb @@ -10,6 +10,8 @@ :heat_waitcondition_server_url => 'http://127.0.0.1:8000/v1/waitcondition', :heat_watch_server_url => 'http://128.0.0.1:8003', :engine_life_check_timeout => '2', + :trusts_delegated_roles => ['heat_stack_owner'], + :deferred_auth_method => 'trusts', } end @@ -24,6 +26,9 @@ :heat_waitcondition_server_url => 'http://127.0.0.1:8000/v1/waitcondition', :heat_watch_server_url => 'http://128.0.0.1:8003', :engine_life_check_timeout => '2', + :trusts_delegated_roles => ['role1', 'role2'], + :deferred_auth_method => 'trusts', + :configure_delegated_roles => true, } ].each do |new_params| describe 'when #{param_set == {} ? "using default" : "specifying"} parameters' @@ -56,6 +61,17 @@ it { should contain_heat_config('DEFAULT/heat_waitcondition_server_url').with_value( expected_params[:heat_waitcondition_server_url] ) } it { should contain_heat_config('DEFAULT/heat_watch_server_url').with_value( expected_params[:heat_watch_server_url] ) } it { should contain_heat_config('DEFAULT/engine_life_check_timeout').with_value( expected_params[:engine_life_check_timeout] ) } + it { should contain_heat_config('DEFAULT/trusts_delegated_roles').with_value( expected_params[:trusts_delegated_roles] ) } + it { should contain_heat_config('DEFAULT/deferred_auth_method').with_value( expected_params[:deferred_auth_method] ) } + + it 'configures delegated roles' do + should contain_keystone_role("role1").with( + :ensure => 'present' + ) + should contain_keystone_role("role2").with( + :ensure => 'present' + ) + end end context 'with disabled service managing' do diff --git a/heat/spec/classes/heat_init_spec.rb b/heat/spec/classes/heat_init_spec.rb index 82daadf4c..36b1942de 100644 --- a/heat/spec/classes/heat_init_spec.rb +++ b/heat/spec/classes/heat_init_spec.rb @@ -13,7 +13,7 @@ :rabbit_userid => 'guest', :rabbit_password => '', :rabbit_virtual_host => '/', - :sql_connection => 'mysql://user@host/database', + :database_connection => 'mysql://user@host/database', :database_idle_timeout => 3600, :auth_uri => 'http://127.0.0.1:5000/v2.0', :keystone_ec2_uri => 'http://127.0.0.1:5000/v2.0/ec2tokens', @@ -136,19 +136,24 @@ it { should contain_heat_config('DEFAULT/log_dir').with_ensure('absent') } end - it 'configures sql_connection' do - should contain_heat_config('database/connection').with_value( params[:sql_connection] ) + it 'configures database_connection' do + should contain_heat_config('database/connection').with_value( params[:database_connection] ) end it 'configures database_idle_timeout' do should contain_heat_config('database/idle_timeout').with_value( params[:database_idle_timeout] ) end - context("failing if sql_connection is invalid") do - before { params[:sql_connection] = 'foo://foo:bar@baz/moo' } + context("failing if database_connection is invalid") do + before { params[:database_connection] = 'foo://foo:bar@baz/moo' } it { expect { should raise_error(Puppet::Error) } } end + context("with deprecated sql_connection parameter") do + before { params[:sql_connection] = 'mysql://a:b@c/d' } + it { should contain_heat_config('database/connection').with_value( params[:sql_connection] )} + end + it 'configures keystone_ec2_uri' do should contain_heat_config('ec2authtoken/auth_uri').with_value( params[:keystone_ec2_uri] ) end