Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Master patches #271

Closed
wants to merge 8 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
183 changes: 183 additions & 0 deletions heat/lib/puppet/provider/heat_domain_id_setter/ruby.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,183 @@
## NB: This must work with Ruby 1.8!

# This provider permits the stack_user_domain parameter in heat.conf
# to be set by providing a domain_name to the Puppet module and
# using the Keystone REST API to translate the name into the corresponding
# UUID.
#
# This requires that tenant names be unique. If there are multiple matches
# for a given tenant name, this provider will raise an exception.

require 'rubygems'
require 'net/http'
require 'json'

class KeystoneError < Puppet::Error
end

class KeystoneConnectionError < KeystoneError
end

class KeystoneAPIError < KeystoneError
end

# Provides common request handling semantics to the other methods in
# this module.
#
# +req+::
# An HTTPRequest object
# +url+::
# A parsed URL (returned from URI.parse)
def handle_request(req, url)
begin
res = Net::HTTP.start(url.host, url.port) {|http|
http.request(req)
}

if res.code != '200'
raise KeystoneAPIError, "Received error response from Keystone server at #{url}: #{res.message}"
end
rescue Errno::ECONNREFUSED => detail
raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}"
rescue SocketError => detail
raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}"
end

res
end

# Authenticates to a Keystone server and obtains an authentication token.
# It returns a 2-element +[token, authinfo]+, where +token+ is a token
# suitable for passing to openstack apis in the +X-Auth-Token+ header, and
# +authinfo+ is the complete response from Keystone, including the service
# catalog (if available).
#
# +auth_url+::
# Keystone endpoint URL. This function assumes API version
# 2.0 and an administrative endpoint, so this will typically look like
# +http://somehost:35357/v2.0+.
#
# +username+::
# Username for authentication.
#
# +password+::
# Password for authentication
#
# +tenantID+::
# Tenant UUID
#
# +tenantName+::
# Tenant name
#
def keystone_v2_authenticate(auth_url,
username,
password,
tenantId=nil,
tenantName=nil)

post_args = {
'auth' => {
'passwordCredentials' => {
'username' => username,
'password' => password
},
}}

if tenantId
post_args['auth']['tenantId'] = tenantId
end

if tenantName
post_args['auth']['tenantName'] = tenantName
end

url = URI.parse("#{auth_url}/tokens")
req = Net::HTTP::Post.new url.path
req['content-type'] = 'application/json'
req.body = post_args.to_json

res = handle_request(req, url)
data = JSON.parse res.body
return data['access']['token']['id'], data
end

# Queries a Keystone server to a list of all tenants.
#
# +auth_url+::
# Keystone endpoint. See the notes for +auth_url+ in
# +keystone_v2_authenticate+.
#
# +token+::
# A Keystone token that will be passed in requests as the value of the
# +X-Auth-Token+ header.
#
def keystone_v3_domains(auth_url,
token)

auth_url.sub!('v2.0', 'v3')
url = URI.parse("#{auth_url}/domains")
req = Net::HTTP::Get.new url.path
req['content-type'] = 'application/json'
req['x-auth-token'] = token

res = handle_request(req, url)
data = JSON.parse res.body
data['domains']
end

Puppet::Type.type(:heat_domain_id_setter).provide(:ruby) do
def authenticate
token, authinfo = keystone_v2_authenticate(
@resource[:auth_url],
@resource[:auth_username],
@resource[:auth_password],
nil,
@resource[:auth_tenant_name])

return token
end

def find_domain_by_name(token)
domains = keystone_v3_domains(
@resource[:auth_url],
token)
domains.select{|domain| domain['name'] == @resource[:domain_name]}
end

def exists?
false
end

def create
config
end

# This looks for the domain specified by the 'domain_name' parameter to
# the resource and returns the corresponding UUID if there is a single
# match.
#
# Raises a KeystoneAPIError if:
#
# - There are multiple matches, or
# - There are zero matches
def get_domain_id
token = authenticate
domains = find_domain_by_name(token)

if domains.length == 1
return domains[0]['id']
elsif domains.length > 1
name = domains[0]['name']
raise KeystoneAPIError, 'Found multiple matches for domain name "#{name}"'
else
raise KeystoneAPIError, 'Unable to find matching tenant'
end
end

def config
Puppet::Type.type(:heat_config).new(
{:name => 'DEFAULT/stack_user_domain', :value => "#{get_domain_id}"}
).create
end

end
4 changes: 4 additions & 0 deletions heat/lib/puppet/type/heat_config.rb
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,8 @@ def should_to_s( newvalue )
defaultto false
end

def create
provider.create
end

end
31 changes: 31 additions & 0 deletions heat/lib/puppet/type/heat_domain_id_setter.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
Puppet::Type.newtype(:heat_domain_id_setter) do

ensurable

newparam(:name, :namevar => true) do
desc 'The name of the setting to update'
end

newparam(:domain_name) do
desc 'The heat domain name'
end

newparam(:auth_url) do
desc 'The Keystone endpoint URL'
defaultto 'http://localhost:35357/v2.0'
end

newparam(:auth_username) do
desc 'Username with which to authenticate'
defaultto 'admin'
end

newparam(:auth_password) do
desc 'Password with which to authenticate'
end

newparam(:auth_tenant_name) do
desc 'Tenant name with which to authenticate'
defaultto 'admin'
end
end
73 changes: 73 additions & 0 deletions heat/manifests/keystone/domain.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# == Class: heat::keystone::domain
#
# Configures heat domain in Keystone.
#
# Note: Implementation is done by heat-keystone-setup-domain script temporarily
# because currently puppet-keystone does not support v3 API
#
# === Parameters
#
# [*auth_url*]
# Keystone auth url
#
# [*keystone_admin*]
# Keystone admin user
#
# [*keystone_password*]
# Keystone admin password
#
# [*keystone_tenant*]
# Keystone admin tenant name
#
# [*domain_name*]
# Heat domain name. Defaults to 'heat'.
#
# [*domain_admin*]
# Keystone domain admin user which will be created. Defaults to 'heat_admin'.
#
# [*domain_password*]
# Keystone domain admin user password. Defaults to 'changeme'.
#
class heat::keystone::domain (
$auth_url = undef,
$keystone_admin = undef,
$keystone_password = undef,
$keystone_tenant = undef,
$domain_name = 'heat',
$domain_admin = 'heat_admin',
$domain_password = 'changeme',
) {

include heat::params

$cmd_evn = [
"OS_USERNAME=${keystone_admin}",
"OS_PASSWORD=${keystone_password}",
"OS_AUTH_URL=${auth_url}",
"HEAT_DOMAIN=${domain_name}",
"HEAT_DOMAIN_ADMIN=${domain_admin}",
"HEAT_DOMAIN_PASSWORD=${domain_password}"
]
exec { 'heat_domain_create':
path => '/usr/bin',
command => 'heat-keystone-setup-domain &>/dev/null',
environment => $cmd_evn,
require => Package['heat-common'],
}

heat_domain_id_setter { 'heat_domain_id':
ensure => present,
domain_name => $domain_name,
auth_url => $auth_url,
auth_username => $keystone_admin,
auth_password => $keystone_password,
auth_tenant_name => $keystone_tenant,
require => Exec['heat_domain_create'],
}

heat_config {
'DEFAULT/stack_domain_admin': value => $domain_admin;
'DEFAULT/stack_domain_admin_password': value => $domain_password;
}

}
2 changes: 1 addition & 1 deletion horizon/manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@
$available_regions = undef,
$api_result_limit = 1000,
$log_level = 'INFO',
$help_url = 'http://docs.openstack.org',
$help_url = 'http://openstack.redhat.com/Docs',
$local_settings_template = 'horizon/local_settings.py.erb',
$configure_apache = true,
$bind_address = undef,
Expand Down
20 changes: 15 additions & 5 deletions keystone/manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,14 @@
# Defaults to /var/cache/keystone.
# [memcache_servers] List of memcache servers/ports. Optional. Used with
# token_driver keystone.token.backends.memcache.Token. Defaults to false.
# [enabled] If the keystone services should be enabled. Optional. Default to true.
#
# [manage_service]
# (optional) If Puppet should manage service startup / shutdown.
# Defaults to true.
#
# [enabled]
# (optional) If the keystone services should be enabled.
# Defaults to true.
#
# [*database_connection*]
# (optional) Url used to connect to database.
Expand Down Expand Up @@ -281,6 +288,7 @@
$ssl_cert_subject = '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
$cache_dir = '/var/cache/keystone',
$memcache_servers = false,
$manage_service = true,
$enabled = true,
$database_connection = 'sqlite:////var/lib/keystone/keystone.db',
$database_idle_timeout = '200',
Expand Down Expand Up @@ -609,10 +617,12 @@
}
}

if $enabled {
$service_ensure = 'running'
} else {
$service_ensure = 'stopped'
if $manage_service {
if $enabled {
$service_ensure = 'running'
} else {
$service_ensure = 'stopped'
}
}

if $service_name == 'keystone' {
Expand Down
4 changes: 2 additions & 2 deletions keystone/manifests/service.pp
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
#
# [*ensure*]
# (optional) The desired state of the keystone service
# Defaults to 'running'
# Defaults to undef
#
# [*service_name*]
# (optional) The name of the keystone service
Expand Down Expand Up @@ -65,7 +65,7 @@
# Defaults to undef
#
class keystone::service(
$ensure = 'running',
$ensure = undef,
$service_name = $::keystone::params::service_name,
$enable = true,
$hasstatus = true,
Expand Down
4 changes: 2 additions & 2 deletions keystone/spec/classes/keystone_service_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

describe "with default parameters" do
it { should contain_service('keystone').with(
:ensure => 'running',
:ensure => nil,
:enable => true,
:hasstatus => true,
:hasrestart => true
Expand All @@ -21,7 +21,7 @@
end

it { should contain_service('keystone').with(
:ensure => 'running',
:ensure => nil,
:enable => true,
:hasstatus => true,
:hasrestart => true
Expand Down
Loading