From edbf05d77356b076ebbd1fba255c9c0a35c7f5b7 Mon Sep 17 00:00:00 2001 From: Lukas Bezdicka Date: Wed, 6 Jan 2016 11:57:27 +0100 Subject: [PATCH] Bump to latest versions of openstack modules Update aodh to 9e3e5aa160bdc8445835a198246256d47255c60a 9e3e5aa160bdc8445835a198246256d47255c60a unit tests: make Keystone_endpoint match service by name/type Change-Id: I2154225ee6206d6fbf837041559c7807206617ea Update ceilometer to a38d8b40885012b4b56adff0b5655eafb4c569c5 a38d8b40885012b4b56adff0b5655eafb4c569c5 Merge "deprecate mongodb_replica_set parameter" dd09f26048492dbc6cc19b6053cec50f87ce7602 Use identity_uri and auth_uri by default 782eeda90bbf54756130c2db9412321a0ac39d5c Drop time_to_live parameter 51fdead1dcd257314af1ae4941557221f7150aa5 deprecate mongodb_replica_set parameter ee93d534214f5dc3c09a9f6bc3414ae44ab2d73b unit tests: make Keystone_endpoint match service by name/type 6e453d9873d34d18fd38cf7dd014572a30913e95 Merge "Ability to configure api, collector and notification workers" 89e31e9ad8ef081c57dacef973998b25446e9de0 Ability to configure api, collector and notification workers Change-Id: I2d4b716b0147df7d8d5f49888e6ac99471e74b9d Update cinder to a52d4bce05d6f183796c314cad40ba307e54f273 a52d4bce05d6f183796c314cad40ba307e54f273 Merge "Use $::os_service_default for all cinder::volume::rbd parameters" 218c08580f0c4947ba9324fd7df5a0b39cb1e157 Use $::os_service_default for all cinder::volume::rbd parameters f932fa970bf8a9d164f6a452a20886af9739563d Merge "Use identity_uri and auth_uri by default" 78f405e154f03ddb54bbed726130e2ba43b50e7d Use identity_uri and auth_uri by default cb6db92c6bf1933327ac9cc83eef0a05e200215e Wrong usage of "a/an" bab8cb706aee97c34dfd5393882840df91922a54 Merge "Add additional backend options for cinder" d1b50f65b3c670879e67046604c66dd2a5913980 Merge "Update cinder backends to use os_service_default" ad9d4a419ccaf31f79361bc77d58f89dcc67999b Merge "Add report_interval and service_down_time parameters." dcd11019d7f5e6db2a782c0c85f9913da59416b6 unit tests: make Keystone_endpoint match service by name/type 24efd644248c16e76faccd83d807dd5e085e85d7 Add report_interval and service_down_time parameters. b888256cf082c735c2cb091e619cacbff890b53e Add additional backend options for cinder 1485924dd745fcf101516e26a882a4e24a67127b Update cinder backends to use os_service_default 797efb8a99d70f478f8d2acf95761877553fce05 Merge "Fix multiple rbd backend with multiple users" 3c4628281153a0ea0c6f2e713242f109ec3af83b Fix multiple rbd backend with multiple users Change-Id: I985bd770808ff4b526cc9e583201e31ba2a58184 Update glance to aa3be4910522c45fcd09360ea8725c803eafbe2a aa3be4910522c45fcd09360ea8725c803eafbe2a Merge "Default service_name to 'Image Service'" aea8027cbd4eb5f228cc76e8022a7c61476ae80c Merge "Use identity_uri and auth_uri by default" 17101434e1927a6cb2a71ccc9010f8debeb16ce7 Set os_region_name to $::os_service_default and drop warning 148253cd27c9d7008ca133d11df641a29cb0e767 Use identity_uri and auth_uri by default 80faf9a017dd7f4169867fbdae021866e4e3d5b6 Default service_name to 'Image Service' 5917ed6fb80d331ba84d96ece805cbf99e854f11 Set auth_region to $::os_service_default and drop warning 8e506f0167cf28234c5018ec9b3d11cfbd1a1e56 Merge "Add more settings to glance-api" 0e829314391d22c30b419dae46034f9ea015e5d0 Fix unit tests failing against puppet 4.3.x 866af363f35d45dd4aac1c0280bece68214297ac Make Keystone_endpoint match service by name/type 8b4b305bc86759a25c10502cce25f7c43728ba2b Add more settings to glance-api d59acd22113d661191355778004f35a874523ac9 Merge "Preparation for default endpoint names rename" 144622fd30eaf8c65036d14ee333423ef6af4522 Preparation for default endpoint names rename Change-Id: Id9f7c002b97dd7e28f88ea307fd3fc60c18ecc61 Update gnocchi to 8ec5fbc3e9e471bad02bc63649e65ccfcdf3ad41 8ec5fbc3e9e471bad02bc63649e65ccfcdf3ad41 unit tests: make Keystone_endpoint match service by name/type Change-Id: I0afe6a9bcc77164b602752d7b00262547025712b Update heat to b898edf90ae5814f32e6303b733468673970ddfd b898edf90ae5814f32e6303b733468673970ddfd Wrong usage of "an" 800278b09368550264dde7ddbfc5aa621b78def5 unit tests: make Keystone_endpoint match service by name/type Change-Id: Ice9b15c37e63699ecd853d594eae4d5277796a74 Update horizon to 1a52b5bb0d92becfbf87158c830f2327b6a6c4e6 1a52b5bb0d92becfbf87158c830f2327b6a6c4e6 Take apache http and https ports as parameters 32569ef6558a32c0bf467d7b403d7f888ff79262 Added session timeout config option c224677fae972be39b025550bbe60a3560376871 Merge "Remove references to puppet-openstack from README" d3859cd0df4ad71a58e6c7d78439dbedf2afb94e Remove references to puppet-openstack from README Change-Id: Iaf89da38dde5fe080744aff55392e4fda697c956 Update ironic to 401a1e144975821d7223a07ff804934968fe4bc6 401a1e144975821d7223a07ff804934968fe4bc6 Merge "Add ironic::keystone::auth_inspector" 739a22f4219a9eb230b89cff634330ef139d14b0 Add ironic::keystone::auth_inspector 81b70e55e293ff269b0601483d2f8a4583bcde97 Remove duplicate rabbit_virtual_host efaf9daa1bf967927a37188525482c847be45015 Do not use notify for db-sync from main init class 1777e6c0316b6643d27e2e7efcc2bd5b26c01bd4 Make Keystone_endpoint match service by name/type Change-Id: Ief1bc6f0e91c324ddde351f9ff59d70f301178b9 Update keystone to 759c626987749f030087ddcd9689f19a6608279d 759c626987749f030087ddcd9689f19a6608279d Federation support for mellon 38a2102f85ed1db8859adeee9d91fc5d14b914cc Merge "Misspelling in the message" 3750267a039d354ce600b3a685c4f6786a4e1b47 Misspelling in the message e5a4ad15de083e4f1bf06953efdd3f12b8c53259 Fix cache and cache memcache configurations 27e8c1e9c3ee5a89638d9f343c109c17f06a4e08 Adjust rspec tests for retries in openstacklib. 6e811badf0dc43b980ca3479e47a4a13eb9cad4b Manage Keystone_endpoint and Keystone_service without warnings by default 887d4c3c480217d8a076262b2490d8b74d1b4263 Merge "Correct the describe for shibboleth in tests" bd7f163545026689dc3a586d082f0c7fc27643c0 Merge "Make request by service token if got unauth error" ef29dfba2c6eeec1f6964d62d15b219058df2230 Make request by service token if got unauth error c1e0e80513f208cb6b7ecd236fe9137add53e4d1 Correct the describe for shibboleth in tests Change-Id: I74acbe9fb444eb12733f86a4df507b58960f08e4 Update manila to 2b3aa4ebe15476e07e004be4b87b441b7c8a6178 2b3aa4ebe15476e07e004be4b87b441b7c8a6178 unit tests: make Keystone_endpoint match service by name/type Change-Id: I9962e93c4c416fbdd3755bb9113064d540c61973 Update neutron to c5777e0ce761870473a7703bd36e403bd0e155f8 c5777e0ce761870473a7703bd36e403bd0e155f8 Merge "Use identity_uri and auth_uri by default" 656a1e2700628df9c1d8f41bd101ac3ba0dacab0 Merge "Removed deprecated option external_network_bridge" f06cdbfa0f3bcf2bcfda67e7b58f5939496a75fe Removed deprecated option external_network_bridge 0076a67070e6d1008c481d012117abaf8c938ca6 Wrong usage of "an" 46aef980c97b9075aa7dfa854c16f3ef19ed2c60 Use identity_uri and auth_uri by default fd0d670c58657c2a28376926f56628dfb88ee405 Merge "provider/neutron.rb: fix list_router_ports" 71561d1bd68540ad66eeae86a6ea3ea6ffa6ceea Merge "Specify search path used for command execution" 791a0f146b28544ec3d70c0ab2a950c4d5ca9f98 provider/neutron.rb: fix list_router_ports d5b27573633276526ad602639b00a521be5a5831 Merge "Make Keystone_endpoint match service by name/type" 1a8b6837926b3dc430dcdc782b361eb1e7934364 Make Keystone_endpoint match service by name/type ce12a6d10028727a45dd5b1e93b473b9bd73692c Specify search path used for command execution fd4ba5f9f37fa37bef9c091b3ab513bd45c5a51c Add 'ha' parameter for neutron_router 4eeba835415270ea64df8da89a01ab1fc541ee96 Merge "Adds configuration support for OpenDaylight SDN Controller" 987289c2a5d923dce48adb46d30883b8a9282435 Merge "Add 'distributed' parameter for neutron_router" 45954a106abc107b7d260b5d16b2e3c6c592893c Adds configuration support for OpenDaylight SDN Controller 49393ab1932f4447aa9d4a9bfaf7bcdf5eb56df5 Add 'distributed' parameter for neutron_router Change-Id: I0a66ec829be44279bb709bb901b543e62c443695 Update nova to d7389d44beb9c14a236a480e8c9f423574f6466b d7389d44beb9c14a236a480e8c9f423574f6466b Remove EC2 support c339a86bafd15b9d430412fbcda22e9466cc8cd0 Merge "Make Keystone_endpoint match service by name/type" b02ee32d37205bdf1e51e8632eff76a0d970284e Make Keystone_endpoint match service by name/type 96291baeed42e91bc6f5748eecb4108c98131487 Correct database_connection documentation Change-Id: I8b39b8b2a83c2a29db39c253a6412706783bdca5 Update openstacklib to bad1c6514a896532114703bdc2abd59edbf124a1 bad1c6514a896532114703bdc2abd59edbf124a1 Update os_database_connection with extra param 6cbf40bdc123e64296df6a5578505b3e0992c37c Merge "Add retries to the openstack command" 701b6fe0acf56e9132e9b0a448f28670c714cedb Add retries to the openstack command 493cf601f1f61913683e22b403c378a2a621ddd3 Remove references to puppet-openstack from README Change-Id: I6e1df2af66b50371dc6cf0a07b032390f6a29589 Update sahara to a8dc766476954c48f1c02bae78d969b56511ae02 a8dc766476954c48f1c02bae78d969b56511ae02 unit tests: make Keystone_endpoint match service by name/type Change-Id: I325ddce402a39fd281a5257d4b9e906f741292ff Update swift to 318b900706bedb7fba53b72cf0bb434eeeab0bdf 318b900706bedb7fba53b72cf0bb434eeeab0bdf Set mount_check to True by default 964ec99060c721d042875c41a84d98ed2ded53e7 Merge "Stop calling ::concat::setup" 24b4b89ab0c503b716c315e9f4ae6c14b9ecdb6d Merge "Change defaults fro incoming/outgoing chmod (rsync)" bfcf7fd1a55a0ae6b5ddb8097edcb3b4fc5f7510 Merge "Require swift package installation before swift user." b73516aff617d5b31bf5fbbc9553260fa9bd98a2 Stop calling ::concat::setup e52ebb053b62b61bfe26cdf338d71a2f47d2d0e9 Change defaults fro incoming/outgoing chmod (rsync) 90a3744af9e17d744250b3185e7b67cf104da481 unit tests: make Keystone_endpoint match service by name/type e61b1aa48142babfebe7429a8c7d692e3c12af4f Merge "swiftinit provider check init/systemd file content" f3c1832bbbc3b2e16ffb57f37dc83808724e99cb swiftinit provider check init/systemd file content 7f7e4c5952fe91825b9e0f66bd9f1f133f98c282 Define ${name}-auditors in storage/generic.pp cb5e1f064f1319dcd50d133293565b607072e203 Merge "Create ring builders under swift user" bc2085a2742e825ddac53cefea97161f217c6f8f Create ring builders under swift user b75290b54c2a802ce7a1bec57c1985fcb6da9f99 Require swift package installation before swift user. Change-Id: Ib30fae49de5749c31aaf87f6095c728cba408562 Update tempest to e9692e3805a27f37ca2859976ffdccf6e479ab3b e9692e3805a27f37ca2859976ffdccf6e479ab3b Allow to enable/disable Ironic service b2becf318716748e9742952fc806a009fca13cf3 Merge "Allow to activate Murano Service Broker tests" 641ba120614d4b0b926fdfdadcb916961b93b710 Allow to activate Murano Service Broker tests Change-Id: Ib40d9d01a78aa79b3e23bd42673171bbcba2fa14 Update trove to d87726b6d76046dfc961912819a94ffcb018df6d d87726b6d76046dfc961912819a94ffcb018df6d Merge "Put all the logging related parameters to the logging class" 0ddd0067a19473a088b14575f477c284d18ba393 Put all the logging related parameters to the logging class Change-Id: I91949ecf811306f831353221bdb91f2763fc1bf0 Update tripleo to 4a5f1bc6bc5fe28c2f2f64a3485bac2a697de0ac 4a5f1bc6bc5fe28c2f2f64a3485bac2a697de0ac Merge "Trove integration" 7817be5e71aae3a4e770ba5aff045e37d421ca3d Merge "Sahara integration" 82d07cd628968fd54fe8f1076fd8c47880d51866 Merge "Enable X-Forwarded-Proto header for Heat and Nova" b5a032e6e9cb6b0d952822b39c7341d929045cfc Merge "Enable X-Forwarded-Proto header for keystone_public" 3d34404e3a33bb99be87d244b0e93fcad1704b6d Trove integration 89b907c917a20be6065d8d4db1c8513a974516b9 Sahara integration d20f87fd0799246be551db47cf5cccafa55a3e18 Merge "Adds IPv6 support for interface_for_ip function" 380ce02f8731d46e8a5ebf2fe7d68171ae9890ec Enable X-Forwarded-Proto header for Heat and Nova dde57d6fe717e38c253223a0244f52e2c72f661c Merge "Allows customization of the HAProxy default timeouts" 11a0619a290d64f3caa45435a23f3e503530087a Adds IPv6 support for interface_for_ip function 5713311003b443210b0b431c594484dc00b5258b Allows customization of the HAProxy default timeouts 846b4fe0b82f861c3f6c637cdc5d7d9f052e4338 Enable X-Forwarded-Proto header for keystone_public Change-Id: I022c0f47c130c9dcfc970a7353484c678d15c5e1 Update vswitch to 150567e501e800fdf8575d20a42e8efaf5840475 150567e501e800fdf8575d20a42e8efaf5840475 Merge "Set NAME as well as DEVICE in ifcfg-*" 4d92141aa360ed7bfc2d4f8e3e1da175a6d6c240 Set NAME as well as DEVICE in ifcfg-* Change-Id: I43a2b2764762dfd6dc69901266f949f9270b355e --- Puppetfile | 38 ++--- aodh/spec/classes/aodh_keystone_auth_spec.rb | 21 +-- ceilometer/examples/site.pp | 6 +- ceilometer/manifests/agent/notification.pp | 6 +- ceilometer/manifests/api.pp | 112 ++----------- ceilometer/manifests/collector.pp | 28 ++-- ceilometer/manifests/db.pp | 12 +- ceilometer/manifests/expirer.pp | 24 +-- .../ceilometer_agent_notification_spec.rb | 1 + .../spec/classes/ceilometer_api_spec.rb | 77 +-------- .../spec/classes/ceilometer_collector_spec.rb | 1 + ceilometer/spec/classes/ceilometer_db_spec.rb | 11 +- .../spec/classes/ceilometer_expirer_spec.rb | 6 +- .../classes/ceilometer_keystone_auth_spec.rb | 31 ++-- cinder/manifests/api.pp | 137 +-------------- cinder/manifests/backend/dellsc_iscsi.pp | 23 ++- cinder/manifests/backend/eqlx.pp | 52 ++++-- cinder/manifests/backend/glusterfs.pp | 34 ++-- cinder/manifests/backend/gpfs.pp | 14 +- cinder/manifests/backend/iscsi.pp | 8 +- cinder/manifests/backend/nfs.pp | 32 ++-- cinder/manifests/backend/rbd.pp | 39 ++++- cinder/manifests/backend/vmdk.pp | 31 ++-- cinder/manifests/config.pp | 2 +- cinder/manifests/init.pp | 14 ++ cinder/manifests/volume/dellsc_iscsi.pp | 14 +- cinder/manifests/volume/eqlx.pp | 24 +-- cinder/manifests/volume/glusterfs.pp | 38 +++-- cinder/manifests/volume/iscsi.pp | 8 +- cinder/manifests/volume/nfs.pp | 32 ++-- cinder/manifests/volume/rbd.pp | 42 ++++- cinder/spec/classes/cinder_api_spec.rb | 103 +----------- .../spec/classes/cinder_keystone_auth_spec.rb | 36 ++-- cinder/spec/classes/cinder_spec.rb | 2 + .../cinder_volume_dellsc_iscsi_spec.rb | 9 +- .../spec/classes/cinder_volume_eqlx_spec.rb | 4 + .../classes/cinder_volume_glusterfs_spec.rb | 15 +- .../spec/classes/cinder_volume_gpfs_spec.rb | 3 + .../spec/classes/cinder_volume_iscsi_spec.rb | 16 +- cinder/spec/classes/cinder_volume_nfs_spec.rb | 9 +- cinder/spec/classes/cinder_volume_rbd_spec.rb | 17 +- .../spec/classes/cinder_volume_vmdk_spec.rb | 6 +- .../cinder_backend_dellsc_iscsi_spec.rb | 12 +- .../spec/defines/cinder_backend_eqlx_spec.rb | 19 ++- .../defines/cinder_backend_glusterfs_spec.rb | 17 +- .../spec/defines/cinder_backend_gpfs_spec.rb | 4 + .../spec/defines/cinder_backend_iscsi_spec.rb | 6 +- .../spec/defines/cinder_backend_nfs_spec.rb | 3 + .../spec/defines/cinder_backend_rbd_spec.rb | 22 ++- .../spec/defines/cinder_backend_vmdk_spec.rb | 17 +- glance/manifests/api.pp | 136 ++++----------- glance/manifests/keystone/auth.pp | 8 +- glance/manifests/registry.pp | 92 +---------- glance/spec/acceptance/basic_glance_spec.rb | 2 +- glance/spec/classes/glance_api_db_spec.rb | 5 +- glance/spec/classes/glance_api_spec.rb | 106 ++---------- .../spec/classes/glance_keystone_auth_spec.rb | 26 ++- .../spec/classes/glance_registry_db_spec.rb | 5 +- glance/spec/classes/glance_registry_spec.rb | 91 +--------- .../classes/gnocchi_keystone_auth_spec.rb | 21 +-- heat/manifests/config.pp | 2 +- .../classes/heat_keystone_auth_cfn_spec.rb | 19 +-- heat/spec/classes/heat_keystone_auth_spec.rb | 19 +-- horizon/README.md | 8 +- horizon/manifests/init.pp | 6 + horizon/manifests/wsgi/apache.pp | 12 +- horizon/spec/classes/horizon_init_spec.rb | 4 +- .../spec/classes/horizon_wsgi_apache_spec.rb | 4 + horizon/templates/local_settings.py.erb | 2 + ironic/manifests/init.pp | 5 - ironic/manifests/keystone/auth.pp | 2 +- ironic/manifests/keystone/auth_inspector.pp | 122 ++++++++++++++ ironic/spec/acceptance/basic_ironic_spec.rb | 3 + .../ironic_keystone_auth_inspector_spec.rb | 156 ++++++++++++++++++ .../spec/classes/ironic_keystone_auth_spec.rb | 23 ++- keystone/lib/puppet/provider/keystone.rb | 2 +- keystone/manifests/federation/mellon.pp | 106 ++++++++++++ keystone/manifests/federation/shibboleth.pp | 2 +- keystone/manifests/init.pp | 82 +++++---- keystone/manifests/params.pp | 2 + .../manifests/resource/service_identity.pp | 33 ++-- .../spec/classes/keystone_endpoint_spec.rb | 11 +- .../classes/keystone_federation_mellon.rb | 116 +++++++++++++ .../classes/keystone_federation_shibboleth.rb | 2 +- keystone/spec/classes/keystone_spec.rb | 111 +++++++++++-- ...keystone_resource_service_identity_spec.rb | 18 +- keystone/spec/unit/provider/keystone_spec.rb | 8 + keystone/templates/mellon.conf.erb | 16 ++ .../spec/classes/manila_keystone_auth_spec.rb | 20 +-- neutron/lib/puppet/provider/neutron.rb | 6 +- .../puppet/provider/neutron_router/neutron.rb | 34 ++++ neutron/lib/puppet/type/neutron_router.rb | 16 ++ neutron/manifests/agents/l3.pp | 16 +- neutron/manifests/agents/vpnaas.pp | 12 +- neutron/manifests/config.pp | 2 +- neutron/manifests/keystone/auth.pp | 2 +- neutron/manifests/plugins/ml2/opendaylight.pp | 48 ++++++ neutron/manifests/plugins/ovs/opendaylight.pp | 79 +++++++++ neutron/manifests/server.pp | 144 +--------------- .../spec/classes/neutron_agents_l3_spec.rb | 3 +- .../classes/neutron_keystone_auth_spec.rb | 27 ++- .../neutron_plugins_ml2_opendaylight_spec.rb | 74 +++++++++ .../neutron_plugins_ovs_opendaylight_spec.rb | 90 ++++++++++ neutron/spec/classes/neutron_server_spec.rb | 91 +--------- .../provider/neutron_router/neutron_spec.rb | 8 +- neutron/spec/unit/provider/neutron_spec.rb | 23 +++ nova/manifests/api.pp | 39 ++--- nova/manifests/init.pp | 6 +- nova/manifests/keystone/auth.pp | 124 ++++---------- nova/spec/acceptance/basic_nova_spec.rb | 4 - nova/spec/classes/nova_api_spec.rb | 8 - nova/spec/classes/nova_init_spec.rb | 6 +- nova/spec/classes/nova_keystone_auth_spec.rb | 102 +++--------- openstacklib/README.md | 3 +- .../functions/os_database_connection.rb | 15 +- openstacklib/lib/puppet/provider/openstack.rb | 88 +++++++--- .../functions/os_database_connection_spec.rb | 45 +++-- .../spec/unit/provider/openstack_spec.rb | 117 ++++++++++--- .../spec/classes/sahara_keystone_auth_spec.rb | 11 +- .../lib/puppet/provider/service/swiftinit.rb | 14 +- swift/manifests/init.pp | 3 +- swift/manifests/ringbuilder/create.pp | 8 +- swift/manifests/storage/account.pp | 12 +- swift/manifests/storage/all.pp | 24 +-- swift/manifests/storage/container.pp | 10 -- swift/manifests/storage/generic.pp | 11 ++ swift/manifests/storage/object.pp | 10 -- swift/manifests/storage/server.pp | 24 +-- .../spec/classes/swift_keystone_auth_spec.rb | 26 +-- .../swift_proxy_account_quotas_spec.rb | 3 +- .../classes/swift_proxy_authtoken_spec.rb | 5 +- swift/spec/classes/swift_proxy_bulk_spec.rb | 3 +- swift/spec/classes/swift_proxy_cache_spec.rb | 3 +- .../classes/swift_proxy_catch_errors_spec.rb | 3 +- .../classes/swift_proxy_ceilometer_spec.rb | 3 +- .../swift_proxy_container_quotas_spec.rb | 3 +- .../classes/swift_proxy_crossdomain_spec.rb | 3 +- .../spec/classes/swift_proxy_formpost_spec.rb | 3 +- .../classes/swift_proxy_gatekeeper_spec.rb | 3 +- .../classes/swift_proxy_healthcheck_spec.rb | 3 +- .../spec/classes/swift_proxy_keystone_spec.rb | 5 +- .../classes/swift_proxy_ratelimit_spec.rb | 3 +- .../spec/classes/swift_proxy_s3token_spec.rb | 3 +- swift/spec/classes/swift_proxy_slo_spec.rb | 3 +- .../classes/swift_proxy_staticweb_spec.rb | 3 +- swift/spec/classes/swift_proxy_swauth_spec.rb | 3 +- swift/spec/classes/swift_proxy_swift3_spec.rb | 3 +- .../spec/classes/swift_proxy_tempauth_spec.rb | 3 +- .../spec/classes/swift_proxy_tempurl_spec.rb | 3 +- swift/spec/classes/swift_storage_all_spec.rb | 8 +- .../defines/swift_ringbuilder_create_spec.rb | 7 +- .../defines/swift_storage_generic_spec.rb | 43 +++-- .../spec/defines/swift_storage_server_spec.rb | 10 +- swift/templates/account-server.conf.erb | 2 +- swift/templates/container-server.conf.erb | 2 +- swift/templates/object-server.conf.erb | 2 +- tempest/manifests/init.pp | 110 ++++++------ tempest/spec/classes/tempest_spec.rb | 2 + tripleo/lib/facter/netmask_ipv6.rb | 47 ++++++ .../parser/functions/interface_for_ip.rb | 32 ++-- tripleo/manifests/loadbalancer.pp | 101 +++++++++++- trove/manifests/api.pp | 93 ++++------- trove/manifests/logging.pp | 156 ++++++++++++++++++ trove/spec/classes/trove_api_spec.rb | 14 +- trove/spec/classes/trove_client_spec.rb | 4 +- trove/spec/classes/trove_conductor_spec.rb | 12 +- trove/spec/classes/trove_db_mysql_spec.rb | 4 +- .../spec/classes/trove_db_postgresql_spec.rb | 16 +- trove/spec/classes/trove_db_spec.rb | 12 +- trove/spec/classes/trove_guestagent_spec.rb | 12 +- trove/spec/classes/trove_init_spec.rb | 4 +- .../spec/classes/trove_keystone_auth_spec.rb | 2 +- trove/spec/classes/trove_logging_spec.rb | 147 +++++++++++++++++ trove/spec/classes/trove_taskmanager_spec.rb | 12 +- trove/spec/spec_helper.rb | 3 + vswitch/lib/puppetx/redhat/ifcfg.rb | 1 + 176 files changed, 2858 insertions(+), 2095 deletions(-) create mode 100644 ironic/manifests/keystone/auth_inspector.pp create mode 100644 ironic/spec/classes/ironic_keystone_auth_inspector_spec.rb create mode 100644 keystone/manifests/federation/mellon.pp create mode 100644 keystone/spec/classes/keystone_federation_mellon.rb create mode 100644 keystone/templates/mellon.conf.erb create mode 100644 neutron/manifests/plugins/ml2/opendaylight.pp create mode 100644 neutron/manifests/plugins/ovs/opendaylight.pp create mode 100644 neutron/spec/classes/neutron_plugins_ml2_opendaylight_spec.rb create mode 100644 neutron/spec/classes/neutron_plugins_ovs_opendaylight_spec.rb create mode 100644 tripleo/lib/facter/netmask_ipv6.rb create mode 100644 trove/manifests/logging.pp create mode 100644 trove/spec/classes/trove_logging_spec.rb diff --git a/Puppetfile b/Puppetfile index abdc80ce0..1e3d2f960 100644 --- a/Puppetfile +++ b/Puppetfile @@ -1,5 +1,5 @@ mod 'aodh', - :commit => '86d3e7e214a536a88ee4f4c4e26b9e1e36d09ea8', + :commit => '9e3e5aa160bdc8445835a198246256d47255c60a', :git => 'https://github.com/openstack/puppet-aodh.git' mod 'apache', @@ -15,7 +15,7 @@ mod 'cassandra', :git => 'https://github.com/locp/cassandra.git' mod 'ceilometer', - :commit => 'be054317ef0f2b760bf5ecf43c58faa22a26cc19', + :commit => 'a38d8b40885012b4b56adff0b5655eafb4c569c5', :git => 'https://github.com/openstack/puppet-ceilometer.git' mod 'ceph', @@ -27,7 +27,7 @@ mod 'certmonger', :git => 'https://github.com/rcritten/puppet-certmonger.git' mod 'cinder', - :commit => 'fbcd3d7e0c574865753b51bfab144afe0ded488c', + :commit => 'a52d4bce05d6f183796c314cad40ba307e54f273', :git => 'https://github.com/openstack/puppet-cinder.git' mod 'common', @@ -67,7 +67,7 @@ mod 'galera', :git => 'https://github.com/redhat-openstack/puppet-galera.git' mod 'glance', - :commit => 'c3b685ba0dfd4a0ac78642844d9c16e5f472a78f', + :commit => 'aa3be4910522c45fcd09360ea8725c803eafbe2a', :git => 'https://github.com/openstack/puppet-glance.git' mod 'gluster', @@ -75,7 +75,7 @@ mod 'gluster', :git => 'https://github.com/purpleidea/puppet-gluster.git' mod 'gnocchi', - :commit => '3b46e6845a7caf355b870ad0cb4b21eb83ef0cbc', + :commit => '8ec5fbc3e9e471bad02bc63649e65ccfcdf3ad41', :git => 'https://github.com/openstack/puppet-gnocchi.git' mod 'haproxy', @@ -83,11 +83,11 @@ mod 'haproxy', :git => 'https://github.com/puppetlabs/puppetlabs-haproxy.git' mod 'heat', - :commit => '057649984af58c5dec0d0466547d993792f42e18', + :commit => 'b898edf90ae5814f32e6303b733468673970ddfd', :git => 'https://github.com/openstack/puppet-heat.git' mod 'horizon', - :commit => 'c6c0d1aa9b45cb4763d5e43810618e720908b5c7', + :commit => '1a52b5bb0d92becfbf87158c830f2327b6a6c4e6', :git => 'https://github.com/openstack/puppet-horizon.git' mod 'inifile', @@ -99,7 +99,7 @@ mod 'ipa', :git => 'https://github.com/xbezdick/puppet-ipa-1.git' mod 'ironic', - :commit => '12e15ba21a296ac9778754ff3db6187a9c503045', + :commit => '401a1e144975821d7223a07ff804934968fe4bc6', :git => 'https://github.com/openstack/puppet-ironic.git' mod 'java', @@ -115,7 +115,7 @@ mod 'keepalived', :git => 'https://github.com/Unyonsys/puppet-module-keepalived.git' mod 'keystone', - :commit => '62f3f6e0fcbfef4563d632867d4a0d8592c6d1a2', + :commit => '759c626987749f030087ddcd9689f19a6608279d', :git => 'https://github.com/openstack/puppet-keystone.git' mod 'kibana3', @@ -123,7 +123,7 @@ mod 'kibana3', :git => 'https://github.com/thejandroman/puppet-kibana3.git' mod 'manila', - :commit => 'b3667a28e570e3889bb5a8a3859808dd3ca88f30', + :commit => '2b3aa4ebe15476e07e004be4b87b441b7c8a6178', :git => 'https://github.com/openstack/puppet-manila.git' mod 'memcached', @@ -159,11 +159,11 @@ mod 'nagios', :git => 'https://github.com/gildub/puppet-nagios-openstack.git' mod 'neutron', - :commit => '23875c218f802e3cc8f2f8f6fa09d89e97194878', + :commit => 'c5777e0ce761870473a7703bd36e403bd0e155f8', :git => 'https://github.com/openstack/puppet-neutron.git' mod 'nova', - :commit => 'd93b9709af1786ad3b2401c2de2fef9f96bd6827', + :commit => 'd7389d44beb9c14a236a480e8c9f423574f6466b', :git => 'https://github.com/openstack/puppet-nova.git' mod 'nssdb', @@ -183,7 +183,7 @@ mod 'openstack_extras', :git => 'https://github.com/openstack/puppet-openstack_extras.git' mod 'openstacklib', - :commit => 'f84baa1f695a94c6357468fcac1309066d11e06d', + :commit => 'bad1c6514a896532114703bdc2abd59edbf124a1', :git => 'https://github.com/openstack/puppet-openstacklib.git' mod 'pacemaker', @@ -215,7 +215,7 @@ mod 'rsync', :git => 'https://github.com/puppetlabs/puppetlabs-rsync.git' mod 'sahara', - :commit => '0c465a03331b45ad2f8606e202d1b1d3a54ed9f3', + :commit => 'a8dc766476954c48f1c02bae78d969b56511ae02', :git => 'https://github.com/openstack/puppet-sahara.git' mod 'sensu', @@ -239,7 +239,7 @@ mod 'stdlib', :git => 'https://github.com/puppetlabs/puppetlabs-stdlib.git' mod 'swift', - :commit => '772bba90f179e71e24b2e26511e57be3897cefc8', + :commit => '318b900706bedb7fba53b72cf0bb434eeeab0bdf', :git => 'https://github.com/openstack/puppet-swift.git' mod 'sysctl', @@ -247,7 +247,7 @@ mod 'sysctl', :git => 'https://github.com/puppetlabs/puppetlabs-sysctl.git' mod 'tempest', - :commit => '9d2f18df7df8cfb361cffeca9ba0c31151915567', + :commit => 'e9692e3805a27f37ca2859976ffdccf6e479ab3b', :git => 'https://github.com/openstack/puppet-tempest.git' mod 'timezone', @@ -259,11 +259,11 @@ mod 'tomcat', :git => 'https://github.com/puppetlabs/puppetlabs-tomcat.git' mod 'tripleo', - :commit => 'd7e457b8af855b2ecc08d94776532660ef56b736', + :commit => '4a5f1bc6bc5fe28c2f2f64a3485bac2a697de0ac', :git => 'https://github.com/openstack/puppet-tripleo.git' mod 'trove', - :commit => 'f712a483ff8449c5cd0f094f13be127b09727604', + :commit => 'd87726b6d76046dfc961912819a94ffcb018df6d', :git => 'https://github.com/openstack/puppet-trove' mod 'tuskar', @@ -283,7 +283,7 @@ mod 'vlan', :git => 'https://github.com/derekhiggins/puppet-vlan.git' mod 'vswitch', - :commit => 'd3924b0d4d7fe53ec29e11250d9ef597dba8f8c7', + :commit => '150567e501e800fdf8575d20a42e8efaf5840475', :git => 'https://github.com/openstack/puppet-vswitch.git' mod 'xinetd', diff --git a/aodh/spec/classes/aodh_keystone_auth_spec.rb b/aodh/spec/classes/aodh_keystone_auth_spec.rb index 8e5cbe544..457f7f03a 100644 --- a/aodh/spec/classes/aodh_keystone_auth_spec.rb +++ b/aodh/spec/classes/aodh_keystone_auth_spec.rb @@ -26,13 +26,12 @@ :roles => ['admin'] )} - it { is_expected.to contain_keystone_service('aodh').with( + it { is_expected.to contain_keystone_service('aodh::alarming').with( :ensure => 'present', - :type => 'alarming', :description => 'OpenStack Alarming Service' ) } - it { is_expected.to contain_keystone_endpoint('RegionOne/aodh').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/aodh::alarming').with( :ensure => 'present', :public_url => 'http://127.0.0.1:8042', :admin_url => 'http://127.0.0.1:8042', @@ -48,7 +47,7 @@ :admin_url => 'http://10.10.10.12:81' } end - it { is_expected.to contain_keystone_endpoint('RegionOne/aodh').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/aodh::alarming').with( :ensure => 'present', :public_url => 'https://10.10.10.10:80', :internal_url => 'http://10.10.10.11:81', @@ -64,8 +63,8 @@ it { is_expected.to contain_keystone_user('aodhany') } it { is_expected.to contain_keystone_user_role('aodhany@services') } - it { is_expected.to contain_keystone_service('aodhany') } - it { is_expected.to contain_keystone_endpoint('RegionOne/aodhany') } + it { is_expected.to contain_keystone_service('aodhany::alarming') } + it { is_expected.to contain_keystone_endpoint('RegionOne/aodhany::alarming') } end describe 'when overriding service name' do @@ -77,8 +76,8 @@ it { is_expected.to contain_keystone_user('aodh') } it { is_expected.to contain_keystone_user_role('aodh@services') } - it { is_expected.to contain_keystone_service('aodh_service') } - it { is_expected.to contain_keystone_endpoint('RegionOne/aodh_service') } + it { is_expected.to contain_keystone_service('aodh_service::alarming') } + it { is_expected.to contain_keystone_endpoint('RegionOne/aodh_service::alarming') } end describe 'when disabling user configuration' do @@ -92,9 +91,8 @@ it { is_expected.not_to contain_keystone_user('aodh') } it { is_expected.to contain_keystone_user_role('aodh@services') } - it { is_expected.to contain_keystone_service('aodh').with( + it { is_expected.to contain_keystone_service('aodh::alarming').with( :ensure => 'present', - :type => 'alarming', :description => 'OpenStack Alarming Service' ) } @@ -112,9 +110,8 @@ it { is_expected.not_to contain_keystone_user('aodh') } it { is_expected.not_to contain_keystone_user_role('aodh@services') } - it { is_expected.to contain_keystone_service('aodh').with( + it { is_expected.to contain_keystone_service('aodh::alarming').with( :ensure => 'present', - :type => 'alarming', :description => 'OpenStack Alarming Service' ) } diff --git a/ceilometer/examples/site.pp b/ceilometer/examples/site.pp index e95812e2f..d9b515867 100644 --- a/ceilometer/examples/site.pp +++ b/ceilometer/examples/site.pp @@ -82,10 +82,8 @@ class { '::ceilometer::alarm::evaluator': } - # Purge 1 month old meters - class { '::ceilometer::expirer': - time_to_live => '2592000' - } + # Purge old meters + class { '::ceilometer::expirer': } # Install notification agent class { '::ceilometer::agent::notification': diff --git a/ceilometer/manifests/agent/notification.pp b/ceilometer/manifests/agent/notification.pp index 0d0af2f23..3f961611c 100644 --- a/ceilometer/manifests/agent/notification.pp +++ b/ceilometer/manifests/agent/notification.pp @@ -42,18 +42,21 @@ # [*disable_non_metric_meters*] # (optional) Disable or enable the collection of non-metric meters. # Default to $::os_service_default +# [*notification_workers*] +# (optional) Number of workers for notification service (integer value). +# Defaults to $::os_service_default # # [*package_ensure*] # (optional) ensure state for package. # Defaults to 'present' # - class ceilometer::agent::notification ( $manage_service = true, $enabled = true, $ack_on_event_error = true, $store_events = false, $disable_non_metric_meters = $::os_service_default, + $notification_workers = $::os_service_default, $package_ensure = 'present', ) { @@ -92,6 +95,7 @@ 'notification/ack_on_event_error' : value => $ack_on_event_error; 'notification/store_events' : value => $store_events; 'notification/disable_non_metric_meters': value => $disable_non_metric_meters; + 'DEFAULT/notification_workers' : value => $notification_workers; } } diff --git a/ceilometer/manifests/api.pp b/ceilometer/manifests/api.pp index cf9e9dea7..92cc103af 100644 --- a/ceilometer/manifests/api.pp +++ b/ceilometer/manifests/api.pp @@ -14,24 +14,6 @@ # (optional) The name of the auth user # Defaults to ceilometer # -# [*keystone_host*] -# (optional) DEPRECATED. Keystone's admin endpoint IP/Host. -# Defaults to '127.0.0.1' -# -# [*keystone_port*] -# (optional) DEPRECATED. Keystone's admin endpoint port. -# Defaults to 35357 -# -# [*keystone_auth_admin_prefix*] -# (optional) DEPRECATED. 'path' to the keystone admin endpoint. -# Define to a path starting with a '/' and without trailing '/'. -# Eg.: '/keystone/admin' to match keystone::wsgi::apache default. -# Defaults to false (empty) -# -# [*keystone_protocol*] -# (optional) DEPRECATED. 'http' or 'https' -# Defaults to 'https'. -# # [*keytone_user*] # (optional) User to authenticate with. # Defaults to 'ceilometer'. @@ -46,11 +28,11 @@ # # [*keystone_auth_uri*] # (optional) Public Identity API endpoint. -# Defaults to 'false'. +# Defaults to 'http://127.0.0.1:5000/'. # # [*keystone_identity_uri*] # (optional) Complete admin Identity API endpoint. -# Defaults to: false +# Defaults to: 'http://127.0.0.1:35357/' # # [*host*] # (optional) The ceilometer api bind address. @@ -73,6 +55,10 @@ # to make ceilometer-api be a web app using apache mod_wsgi. # Defaults to '$::ceilometer::params::api_service_name' # +# [*api_workers*] +# (optional) Number of workers for Ceilometer API server (integer value). +# Defaults to $::os_service_default +# class ceilometer::api ( $manage_service = true, $enabled = true, @@ -80,16 +66,12 @@ $keystone_user = 'ceilometer', $keystone_tenant = 'services', $keystone_password = false, - $keystone_auth_uri = false, - $keystone_identity_uri = false, + $keystone_auth_uri = 'http://127.0.0.1:5000/', + $keystone_identity_uri = 'http://127.0.0.1:35357/', $host = '0.0.0.0', $port = '8777', $service_name = $::ceilometer::params::api_service_name, - # DEPRECATED PARAMETERS - $keystone_host = '127.0.0.1', - $keystone_port = '35357', - $keystone_auth_admin_prefix = false, - $keystone_protocol = 'http', + $api_workers = $::os_service_default, ) inherits ceilometer::params { include ::ceilometer::params @@ -145,6 +127,7 @@ } ceilometer_config { + 'DEFAULT/api_workers' : value => $api_workers; 'keystone_authtoken/admin_tenant_name' : value => $keystone_tenant; 'keystone_authtoken/admin_user' : value => $keystone_user; 'keystone_authtoken/admin_password' : value => $keystone_password, secret => true; @@ -152,80 +135,9 @@ 'api/port' : value => $port; } - # if both auth_uri and identity_uri are set we skip these deprecated settings entirely - if !$keystone_auth_uri or !$keystone_identity_uri { - - if $keystone_auth_admin_prefix { - validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$') - warning('The keystone_auth_admin_prefix parameter is deprecated. Please use keystone_auth_uri and keystone_identity_uri instead.') - ceilometer_config { - 'keystone_authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix; - } - } else { - ceilometer_config { - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - } - } - - if $keystone_host { - warning('The keystone_host parameter is deprecated. Please use keystone_auth_uri and keystone_identity_uri instead.') - ceilometer_config { - 'keystone_authtoken/auth_host': value => $keystone_host; - } - } else { - ceilometer_config { - 'keystone_authtoken/auth_host': ensure => absent; - } - } - - if $keystone_port { - warning('The keystone_port parameter is deprecated. Please use keystone_auth_uri and keystone_identity_uri instead.') - ceilometer_config { - 'keystone_authtoken/auth_port': value => $keystone_port; - } - } else { - ceilometer_config { - 'keystone_authtoken/auth_port': ensure => absent; - } - } - - if $keystone_protocol { - warning('The keystone_protocol parameter is deprecated. Please use keystone_auth_uri and keystone_identity_uri instead.') - ceilometer_config { - 'keystone_authtoken/auth_protocol': value => $keystone_protocol; - } - } else { - ceilometer_config { - 'keystone_authtoken/auth_protocol': ensure => absent; - } - } - } else { - ceilometer_config { - 'keystone_authtoken/auth_host' : ensure => absent; - 'keystone_authtoken/auth_port' : ensure => absent; - 'keystone_authtoken/auth_protocol' : ensure => absent; - 'keystone_authtoken/auth_admin_prefix' : ensure => absent; - } - } - - if $keystone_auth_uri { - $keystone_auth_uri_real = $keystone_auth_uri - } elsif $keystone_host and $keystone_protocol { - $keystone_auth_uri_real = "${keystone_protocol}://${keystone_host}:5000/" - } - ceilometer_config { - 'keystone_authtoken/auth_uri': value => $keystone_auth_uri_real; - } - - if $keystone_identity_uri { - ceilometer_config { - 'keystone_authtoken/identity_uri': value => $keystone_identity_uri; - } - } else { - ceilometer_config { - 'keystone_authtoken/identity_uri': ensure => absent; - } + 'keystone_authtoken/auth_uri' : value => $keystone_auth_uri; + 'keystone_authtoken/identity_uri' : value => $keystone_identity_uri; } } diff --git a/ceilometer/manifests/collector.pp b/ceilometer/manifests/collector.pp index bcddc7e46..d58444ba4 100644 --- a/ceilometer/manifests/collector.pp +++ b/ceilometer/manifests/collector.pp @@ -32,14 +32,19 @@ # Can be an array or a string. # Defaults to 'database' # +# [*collector_workers*] +# (optional) Number of workers for collector service (integer value). +# Defaults to $::os_service_default +# class ceilometer::collector ( - $manage_service = true, - $enabled = true, - $package_ensure = 'present', - $udp_address = '0.0.0.0', - $udp_port = '4952', - $meter_dispatcher = 'database', - $event_dispatcher = 'database', + $manage_service = true, + $enabled = true, + $package_ensure = 'present', + $udp_address = '0.0.0.0', + $udp_port = '4952', + $meter_dispatcher = 'database', + $event_dispatcher = 'database', + $collector_workers = $::os_service_default, ) { include ::ceilometer::params @@ -53,10 +58,11 @@ } ceilometer_config { - 'collector/udp_address': value => $udp_address; - 'collector/udp_port': value => $udp_port; - 'DEFAULT/meter_dispatcher': value => join(any2array($meter_dispatcher), ','); - 'DEFAULT/event_dispatcher': value => join(any2array($event_dispatcher), ','); + 'collector/udp_address': value => $udp_address; + 'collector/udp_port': value => $udp_port; + 'DEFAULT/meter_dispatcher': value => join(any2array($meter_dispatcher), ','); + 'DEFAULT/event_dispatcher': value => join(any2array($event_dispatcher), ','); + 'DEFAULT/collector_workers': value => $collector_workers; } Package[$::ceilometer::params::collector_package_name] -> Service['ceilometer-collector'] diff --git a/ceilometer/manifests/db.pp b/ceilometer/manifests/db.pp index 9a139790c..00fe8271d 100644 --- a/ceilometer/manifests/db.pp +++ b/ceilometer/manifests/db.pp @@ -36,7 +36,7 @@ # (Optional) Defaults to $::os_service_default # # [*mongodb_replica_set*] -# The name of the replica set which is used to connect to MongoDB +# DEPRECATED. The name of the replica set which is used to connect to MongoDB # database. If it is set, MongoReplicaSetClient will be used instead # of MongoClient. # (Optional) Defaults to undef (string value). @@ -53,6 +53,7 @@ $database_retry_interval = $::os_service_default, $database_max_overflow = $::os_service_default, $sync_db = true, + # DEPRECATED PARAMETERS $mongodb_replica_set = undef, ) { @@ -60,6 +61,10 @@ Package<| title == 'ceilometer-common' |> -> Class['ceilometer::db'] + if $mongodb_replica_set { + warning('mongodb_replica_set parameter is deprecated in Mitaka and has no effect. Add ?replicaSet=myreplicatset in database_connection instead.') + } + validate_re($database_connection, '^(sqlite|mysql(\+pymysql)?|postgresql|mongodb):\/\/(\S+:\S+@\S+\/\S+)?') @@ -79,11 +84,6 @@ } /^mongodb:\/\//: { $backend_package = $::ceilometer::params::pymongo_package_name - if $mongodb_replica_set { - ceilometer_config { 'database/mongodb_replica_set': value => $mongodb_replica_set; } - } else { - ceilometer_config { 'database/mongodb_replica_set': ensure => absent; } - } } /^sqlite:\/\//: { $backend_package = $::ceilometer::params::sqlite_package_name diff --git a/ceilometer/manifests/expirer.pp b/ceilometer/manifests/expirer.pp index edd518ecd..516807746 100644 --- a/ceilometer/manifests/expirer.pp +++ b/ceilometer/manifests/expirer.pp @@ -40,32 +40,20 @@ # [*weekday*] # (optional) Defaults to '*'. # -# [*time_to_live*] -# (optional) DEPRECATED. Number of seconds that samples are kept in the database. -# Should be a valid integer -# Defaults to '-1' to disable TTL and keep forever the datas. class ceilometer::expirer ( - $enable_cron = True, - $minute = 1, - $hour = 0, - $monthday = '*', - $month = '*', - $weekday = '*', - # Deprecated parameters - $time_to_live = '-1', + $enable_cron = True, + $minute = 1, + $hour = 0, + $monthday = '*', + $month = '*', + $weekday = '*', ) { include ::ceilometer::params Package<| title == 'ceilometer-common' |> -> Class['ceilometer::expirer'] - warning('Parameter "time_to_live" is deprecated and will be removed in next release. Use metering_time_to_live in "ceilometer" class instead.') - - ceilometer_config { - 'database/time_to_live': value => $time_to_live; - } - if $enable_cron { cron { 'ceilometer-expirer': command => $ceilometer::params::expirer_command, diff --git a/ceilometer/spec/classes/ceilometer_agent_notification_spec.rb b/ceilometer/spec/classes/ceilometer_agent_notification_spec.rb index eb7e36415..dbcde79b0 100644 --- a/ceilometer/spec/classes/ceilometer_agent_notification_spec.rb +++ b/ceilometer/spec/classes/ceilometer_agent_notification_spec.rb @@ -45,6 +45,7 @@ end it 'configures notifications parameters in ceilometer.conf' do + is_expected.to contain_ceilometer_config('DEFAULT/notification_workers').with_value('') is_expected.to contain_ceilometer_config('notification/ack_on_event_error').with_value( params[:ack_on_event_error] ) is_expected.to contain_ceilometer_config('notification/store_events').with_value( params[:store_events] ) is_expected.to contain_ceilometer_config('notification/disable_non_metric_meters').with_value('') diff --git a/ceilometer/spec/classes/ceilometer_api_spec.rb b/ceilometer/spec/classes/ceilometer_api_spec.rb index 8676c5a0a..2471cf257 100644 --- a/ceilometer/spec/classes/ceilometer_api_spec.rb +++ b/ceilometer/spec/classes/ceilometer_api_spec.rb @@ -10,9 +10,6 @@ let :params do { :enabled => true, :manage_service => true, - :keystone_host => '127.0.0.1', - :keystone_port => '35357', - :keystone_protocol => 'http', :keystone_user => 'ceilometer', :keystone_password => 'ceilometer-passw0rd', :keystone_tenant => 'services', @@ -41,40 +38,15 @@ end it 'configures keystone authentication middleware' do - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_host').with_value( params[:keystone_host] ) - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_port').with_value( params[:keystone_port] ) - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_protocol').with_value( params[:keystone_protocol] ) is_expected.to contain_ceilometer_config('keystone_authtoken/admin_tenant_name').with_value( params[:keystone_tenant] ) is_expected.to contain_ceilometer_config('keystone_authtoken/admin_user').with_value( params[:keystone_user] ) is_expected.to contain_ceilometer_config('keystone_authtoken/admin_password').with_value( params[:keystone_password] ) is_expected.to contain_ceilometer_config('keystone_authtoken/admin_password').with_value( params[:keystone_password] ).with_secret(true) - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_uri').with_value( params[:keystone_protocol] + "://" + params[:keystone_host] + ":5000/" ) + is_expected.to contain_ceilometer_config('keystone_authtoken/auth_uri').with_value("http://127.0.0.1:5000/") + is_expected.to contain_ceilometer_config('keystone_authtoken/identity_uri').with_value("http://127.0.0.1:35357/") is_expected.to contain_ceilometer_config('api/host').with_value( params[:host] ) is_expected.to contain_ceilometer_config('api/port').with_value( params[:port] ) - end - - context 'when specifying keystone_auth_admin_prefix' do - describe 'with a correct value' do - before { params['keystone_auth_admin_prefix'] = '/keystone/admin' } - it { is_expected.to contain_ceilometer_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/admin') } - end - - [ - '/keystone/', - 'keystone/', - 'keystone', - '/keystone/admin/', - 'keystone/admin/', - 'keystone/admin' - ].each do |auth_admin_prefix| - describe "with an incorrect value #{auth_admin_prefix}" do - before { params['keystone_auth_admin_prefix'] = auth_admin_prefix } - - it { expect { is_expected.to contain_ceilomete_config('keystone_authtoken/auth_admin_prefix') }.to \ - raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) } - end - end + is_expected.to contain_ceilometer_config('DEFAULT/api_workers').with_value('') end [{:enabled => true}, {:enabled => false}].each do |param_hash| @@ -189,56 +161,19 @@ class { 'ceilometer': metering_secret => 's3cr3t' }" it_configures 'ceilometer-api' end - describe 'with custom auth_uri' do - let :facts do - @default_facts.merge({ :osfamily => 'RedHat' }) - end - before do - params.merge!({ - :keystone_auth_uri => 'https://foo.bar:1234/', - }) - end - it 'should configure custom auth_uri correctly' do - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_uri').with_value( 'https://foo.bar:1234/' ) - end - end - - describe "with custom keystone identity_uri" do - let :facts do - @default_facts.merge({ :osfamily => 'RedHat' }) - end - before do - params.merge!({ - :keystone_identity_uri => 'https://foo.bar:1234/', - }) - end - it 'configures identity_uri' do - is_expected.to contain_ceilometer_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/"); - # since only auth_uri is set the deprecated auth parameters should - # still get set in case they are still in use - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_host').with_value('127.0.0.1'); - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_port').with_value('35357'); - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_protocol').with_value('http'); - end - end - describe "with custom keystone identity_uri and auth_uri" do let :facts do @default_facts.merge({ :osfamily => 'RedHat' }) end before do - params.merge!({ + params.merge!({ :keystone_identity_uri => 'https://foo.bar:35357/', - :keystone_auth_uri => 'https://foo.bar:5000/v2.0/', + :keystone_auth_uri => 'https://foo.bar:5000/', }) end it 'configures identity_uri and auth_uri but deprecates old auth settings' do is_expected.to contain_ceilometer_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/"); - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/"); - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_admin_prefix').with(:ensure => 'absent') - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_port').with(:ensure => 'absent') - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_protocol').with(:ensure => 'absent') - is_expected.to contain_ceilometer_config('keystone_authtoken/auth_host').with(:ensure => 'absent') + is_expected.to contain_ceilometer_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/"); end end diff --git a/ceilometer/spec/classes/ceilometer_collector_spec.rb b/ceilometer/spec/classes/ceilometer_collector_spec.rb index 91de8a8f1..4c680fdfd 100644 --- a/ceilometer/spec/classes/ceilometer_collector_spec.rb +++ b/ceilometer/spec/classes/ceilometer_collector_spec.rb @@ -55,6 +55,7 @@ is_expected.to contain_ceilometer_config('collector/udp_port').with_value( '4952' ) is_expected.to contain_ceilometer_config('DEFAULT/meter_dispatcher').with_value( 'database' ) is_expected.to contain_ceilometer_config('DEFAULT/event_dispatcher').with_value( 'database' ) + is_expected.to contain_ceilometer_config('DEFAULT/collector_workers').with_value('') end it 'installs ceilometer-collector package' do diff --git a/ceilometer/spec/classes/ceilometer_db_spec.rb b/ceilometer/spec/classes/ceilometer_db_spec.rb index 58dee2e40..c56d25446 100644 --- a/ceilometer/spec/classes/ceilometer_db_spec.rb +++ b/ceilometer/spec/classes/ceilometer_db_spec.rb @@ -13,7 +13,6 @@ it { is_expected.to contain_ceilometer_config('database/min_pool_size').with_value('') } it { is_expected.to contain_ceilometer_config('database/max_retries').with_value('') } it { is_expected.to contain_ceilometer_config('database/retry_interval').with_value('') } - it { is_expected.not_to contain_ceilometer_config('database/mongodb_replica_set') } end @@ -34,7 +33,6 @@ it { is_expected.to contain_ceilometer_config('database/min_pool_size').with_value('2') } it { is_expected.to contain_ceilometer_config('database/max_retries').with_value('11') } it { is_expected.to contain_ceilometer_config('database/retry_interval').with_value('11') } - it { is_expected.to contain_ceilometer_config('database/mongodb_replica_set').with_ensure( 'absent' ) } end @@ -48,10 +46,9 @@ it { is_expected.to contain_ceilometer_config('database/connection').with_value('mysql+pymysql://ceilometer:ceilometer@localhost/ceilometer').with_secret(true) } end - context 'with mongodb backend and replica set' do + context 'with mongodb backend' do let :params do - { :database_connection => 'mongodb://localhost:1234/ceilometer', - :mongodb_replica_set => 'foobar' } + { :database_connection => 'mongodb://localhost:1234/ceilometer' } end it 'install the proper backend package' do @@ -61,12 +58,8 @@ :tag => 'openstack' ) end - - it { is_expected.to contain_ceilometer_config('database/mongodb_replica_set').with_value( 'foobar' ) } - end - context 'with incorrect database_connection string' do let :params do { :database_connection => 'redis://ceilometer:ceilometer@localhost/ceilometer', } diff --git a/ceilometer/spec/classes/ceilometer_expirer_spec.rb b/ceilometer/spec/classes/ceilometer_expirer_spec.rb index 28f5525d2..765e613f1 100644 --- a/ceilometer/spec/classes/ceilometer_expirer_spec.rb +++ b/ceilometer/spec/classes/ceilometer_expirer_spec.rb @@ -27,7 +27,7 @@ end let :params do - { :time_to_live => '-1' } + {} end shared_examples_for 'ceilometer-expirer' do @@ -62,10 +62,6 @@ it { is_expected.to_not contain_cron('ceilometer-expirer') } end - it 'configures database section in ceilometer.conf' do - is_expected.to contain_ceilometer_config('database/time_to_live').with_value( params[:time_to_live] ) - end - end context 'on Debian platforms' do diff --git a/ceilometer/spec/classes/ceilometer_keystone_auth_spec.rb b/ceilometer/spec/classes/ceilometer_keystone_auth_spec.rb index e6e700281..1b85b99cd 100644 --- a/ceilometer/spec/classes/ceilometer_keystone_auth_spec.rb +++ b/ceilometer/spec/classes/ceilometer_keystone_auth_spec.rb @@ -43,15 +43,14 @@ end it 'configures ceilometer service' do - is_expected.to contain_keystone_service( default_params[:auth_name] ).with( + is_expected.to contain_keystone_service("#{default_params[:auth_name]}::#{default_params[:service_type]}").with( :ensure => 'present', - :type => default_params[:service_type], :description => 'Openstack Metering Service' ) end it 'configure ceilometer endpoints' do - is_expected.to contain_keystone_endpoint("#{default_params[:region]}/#{default_params[:auth_name]}").with( + is_expected.to contain_keystone_endpoint("#{default_params[:region]}/#{default_params[:auth_name]}::#{default_params[:service_type]}").with( :ensure => 'present', :public_url => default_params[:public_url], :admin_url => default_params[:admin_url], @@ -90,15 +89,14 @@ end it 'configures ceilometer service' do - is_expected.to contain_keystone_service( params[:auth_name] ).with( + is_expected.to contain_keystone_service("#{params[:auth_name]}::#{params[:service_type]}").with( :ensure => 'present', - :type => params[:service_type], :description => 'Openstack Metering Service' ) end it 'configure ceilometer endpoints' do - is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}").with( + is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}::#{params[:service_type]}").with( :ensure => 'present', :public_url => params[:public_url], :admin_url => params[:admin_url], @@ -110,7 +108,7 @@ before do params.delete!(:configure_endpoint) it 'does not configure ceilometer endpoints' do - is_expected.to_not contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}") + is_expected.to_not contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}::#{params[:service_type]}") end end end @@ -127,12 +125,13 @@ :port => '65001', :public_protocol => 'https', :admin_protocol => 'ftp', - :internal_protocol => 'gopher' + :internal_protocol => 'gopher', + :service_type => 'metering', }) end it 'configure ceilometer endpoints' do - is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}").with( + is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}::#{params[:service_type]}").with( :ensure => 'present', :public_url => "#{params[:public_protocol]}://#{params[:public_address]}:#{params[:port]}", :admin_url => "#{params[:admin_protocol]}://#{params[:admin_address]}:#{params[:port]}", @@ -154,10 +153,10 @@ is_expected.to contain_keystone_user_role('ceilometer@services') end it 'configures correct service name' do - is_expected.to contain_keystone_service('ceilometer_service') + is_expected.to contain_keystone_service('ceilometer_service::metering') end it 'configures correct endpoint name' do - is_expected.to contain_keystone_endpoint('RegionOne/ceilometer_service') + is_expected.to contain_keystone_endpoint('RegionOne/ceilometer_service::metering') end end @@ -169,9 +168,8 @@ it { is_expected.to_not contain_keystone_user('ceilometer') } it { is_expected.to contain_keystone_user_role('ceilometer@services') } - it { is_expected.to contain_keystone_service('ceilometer').with( - :ensure => 'present', - :type => 'metering', + it { is_expected.to contain_keystone_service('ceilometer::metering').with( + :ensure => 'present', :description => 'Openstack Metering Service' )} end @@ -187,9 +185,8 @@ it { is_expected.to_not contain_keystone_user('ceilometer') } it { is_expected.to_not contain_keystone_user_role('ceilometer@services') } - it { is_expected.to contain_keystone_service('ceilometer').with( - :ensure => 'present', - :type => 'metering', + it { is_expected.to contain_keystone_service('ceilometer::metering').with( + :ensure => 'present', :description => 'Openstack Metering Service' )} end diff --git a/cinder/manifests/api.pp b/cinder/manifests/api.pp index 0155dccb5..b84e5a6c1 100644 --- a/cinder/manifests/api.pp +++ b/cinder/manifests/api.pp @@ -19,21 +19,6 @@ # (optional) The name of the auth user # Defaults to cinder # -# [*keystone_auth_host*] -# (optional) DEPRECATED The keystone host -# Defaults to localhost -# Use auth_uri instead. -# -# [*keystone_auth_port*] -# (optional) DEPRECATED The keystone auth port -# Defaults to 35357 -# Use auth_uri instead. -# -# [*keystone_auth_protocol*] -# (optional) DEPRECATED The protocol used to access the auth host -# Defaults to http. -# Use auth_uri instead. -# # [*privileged_user*] # (optional) Enables OpenStack privileged account. # Defaults to false. @@ -76,29 +61,13 @@ # (optional) Same as nova_catalog_info, but for admin endpoint. # Defaults to 'compute:Compute Service:adminURL' # -# [*keystone_auth_admin_prefix*] -# (optional) DEPRECATED The admin_prefix used to admin endpoint of the auth -# host. This allow admin auth URIs like http://auth_host:35357/keystone. -# (where '/keystone' is the admin prefix) -# Defaults to false for empty. If defined, should be a string with a -# leading '/' and no trailing '/'. -# Use auth_uri instead. -# -# [*keystone_auth_uri*] -# (optional) DEPRECATED Renamed to auth_uri -# Defaults to 'false'. -# # [*auth_uri*] # (optional) Public Identity API endpoint. -# Defaults to 'false'. +# Defaults to 'http://localhost:5000/'. # # [*identity_uri*] # (optional) Complete admin Identity API endpoint. -# Defaults to: false -# -# [*service_port*] -# (optional) DEPRECATED The Keystone public api port -# Defaults to 5000 +# Defaults to: 'http://localhost:35357/'. # # [*service_workers*] # (optional) Number of cinder-api workers @@ -164,8 +133,8 @@ $keystone_enabled = true, $keystone_tenant = 'services', $keystone_user = 'cinder', - $auth_uri = false, - $identity_uri = false, + $auth_uri = 'http://localhost:5000/', + $identity_uri = 'http://localhost:35357/', $nova_catalog_info = 'compute:Compute Service:publicURL', $nova_catalog_admin_info = 'compute:Compute Service:adminURL', $os_region_name = $::os_service_default, @@ -188,12 +157,6 @@ $sync_db = true, # DEPRECATED PARAMETERS $validation_options = {}, - $keystone_auth_uri = false, - $keystone_auth_host = 'localhost', - $keystone_auth_port = '35357', - $keystone_auth_protocol = 'http', - $keystone_auth_admin_prefix = false, - $service_port = '5000', ) { include ::cinder::params @@ -268,25 +231,10 @@ 'DEFAULT/os_privileged_user_auth_url': value => $os_privileged_user_auth_url; } - - if $keystone_auth_uri and $auth_uri { - fail('both keystone_auth_uri and auth_uri are set and they have the same meaning') - } - elsif !$keystone_auth_uri and !$auth_uri { - warning('use of keystone_auth_protocol, keystone_auth_host, and service_port is deprecated, please set auth_uri directly') - $auth_uri_real = "${keystone_auth_protocol}://${keystone_auth_host}:${service_port}/" - } - elsif $keystone_auth_uri { - warning('keystone_auth_uri has been renamed to auth_uri') - $auth_uri_real = $keystone_auth_uri - } - else { - $auth_uri_real = $auth_uri - } - cinder_config { - 'keystone_authtoken/auth_uri': value => $auth_uri_real; - 'keymgr/encryption_auth_url' : value => $keymgr_encryption_auth_url; + 'keystone_authtoken/auth_uri' : value => $auth_uri; + 'keystone_authtoken/identity_uri' : value => $identity_uri; + 'keymgr/encryption_auth_url' : value => $keymgr_encryption_auth_url; } if $keystone_enabled { @@ -296,75 +244,6 @@ 'keystone_authtoken/admin_user': value => $keystone_user; 'keystone_authtoken/admin_password': value => $keystone_password, secret => true; } - - - # if both auth_uri and identity_uri are set we skip these deprecated settings entirely - if !$auth_uri or !$identity_uri { - if $keystone_auth_host { - warning('The keystone_auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.') - cinder_config { - 'keystone_authtoken/auth_host': value => $keystone_auth_host; - } - } else { - cinder_config { - 'keystone_authtoken/auth_host': ensure => absent; - } - } - - if $keystone_auth_protocol { - warning('The keystone_auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.') - cinder_config { - 'keystone_authtoken/auth_protocol': value => $keystone_auth_protocol; - } - } else { - cinder_config { - 'keystone_authtoken/auth_protocol': ensure => absent; - } - } - - if $keystone_auth_port { - warning('The keystone_auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.') - cinder_config { - 'keystone_authtoken/auth_port': value => $keystone_auth_port; - } - } else { - cinder_config { - 'keystone_authtoken/auth_port': ensure => absent; - } - } - - if $keystone_auth_admin_prefix { - warning('The keystone_auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.') - validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$') - cinder_api_paste_ini { - 'filter:authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix; - } - } else { - cinder_api_paste_ini { - 'filter:authtoken/auth_admin_prefix': ensure => absent; - } - } - } - else { - cinder_api_paste_ini { - 'filter:authtoken/auth_admin_prefix': ensure => absent; - } - cinder_config { - 'keystone_authtoken/auth_port': ensure => absent; - 'keystone_authtoken/auth_host': ensure => absent; - 'keystone_authtoken/auth_protocol': ensure => absent; - } - } - } - - if $identity_uri { - cinder_config { - 'keystone_authtoken/identity_uri': value => $identity_uri; - } - } else { - cinder_config { - 'keystone_authtoken/identity_uri': ensure => absent; - } } if (!is_service_default($ratelimits)) { @@ -377,7 +256,7 @@ if $validate { $defaults = { 'cinder-api' => { - 'command' => "cinder --os-auth-url ${auth_uri_real} --os-tenant-name ${keystone_tenant} --os-username ${keystone_user} --os-password ${keystone_password} list", + 'command' => "cinder --os-auth-url ${auth_uri} --os-tenant-name ${keystone_tenant} --os-username ${keystone_user} --os-password ${keystone_password} list", } } $validation_options_hash = merge ($defaults, $validation_options) diff --git a/cinder/manifests/backend/dellsc_iscsi.pp b/cinder/manifests/backend/dellsc_iscsi.pp index bea9a6686..fc9383786 100644 --- a/cinder/manifests/backend/dellsc_iscsi.pp +++ b/cinder/manifests/backend/dellsc_iscsi.pp @@ -25,19 +25,23 @@ # # [*dell_sc_api_port*] # (optional) The Enterprise Manager API port. -# Defaults to 3033 +# Defaults to $::os_service_default # # [*dell_sc_server_folder*] # (optional) Name of the server folder to use on the Storage Center. # Defaults to 'srv' # +# [*dell_sc_verify_cert*] +# (optional) Enable HTTPS SC ceritifcate verification +# Defaults to $::os_service_default +# # [*dell_sc_volume_folder*] # (optional) Name of the volume folder to use on the Storage Center. # Defaults to 'vol' # # [*iscsi_port*] # (optional) The ISCSI IP Port of the Storage Center. -# Defaults to 3260 +# Defaults to $::os_service_default # # [*extra_options*] # (optional) Hash of extra options to pass to the backend stanza. @@ -52,12 +56,22 @@ $iscsi_ip_address, $dell_sc_ssn, $volume_backend_name = $name, - $dell_sc_api_port = 3033, + $dell_sc_api_port = $::os_service_default, $dell_sc_server_folder = 'srv', + $dell_sc_verify_cert = $::os_service_default, $dell_sc_volume_folder = 'vol', - $iscsi_port = 3260, + $iscsi_port = $::os_service_default, $extra_options = {}, ) { + + if $dell_sc_server_folder == 'srv' { + warning('The OpenStack default value of dell_sc_server_folder differs from the puppet module default of "srv" and may change in later versions of the module.') + } + + if $dell_sc_volume_folder == 'vol' { + warning('The OpenStack default value of dell_sc_volume_folder differs from the puppet module default of "vol" and may change in later versions of the module.') + } + $driver = 'dell.dell_storagecenter_iscsi.DellStorageCenterISCSIDriver' cinder_config { "${name}/volume_backend_name": value => $volume_backend_name; @@ -69,6 +83,7 @@ "${name}/dell_sc_ssn": value => $dell_sc_ssn; "${name}/dell_sc_api_port": value => $dell_sc_api_port; "${name}/dell_sc_server_folder": value => $dell_sc_server_folder; + "${name}/dell_sc_verify_cert": value => $dell_sc_verify_cert; "${name}/dell_sc_volume_folder": value => $dell_sc_volume_folder; "${name}/iscsi_port": value => $iscsi_port; } diff --git a/cinder/manifests/backend/eqlx.pp b/cinder/manifests/backend/eqlx.pp index 751ec4dc7..49daf900a 100644 --- a/cinder/manifests/backend/eqlx.pp +++ b/cinder/manifests/backend/eqlx.pp @@ -14,8 +14,9 @@ # (required) The password for the specified SSH account. # # [*san_thin_provision*] -# (optional) Whether or not to use thin provisioning for volumes. -# Defaults to true +# (optional) Boolean. Whether or not to use thin provisioning for volumes. The +# default value in OpenStack is true. +# Defaults to $::os_service_default # # [*volume_backend_name*] # (optional) The backend name. @@ -23,15 +24,16 @@ # # [*eqlx_group_name*] # (optional) The CLI prompt message without '>'. -# Defaults to 'group-0' +# Defaults to $::os_service_default # # [*eqlx_pool*] # (optional) The pool in which volumes will be created. -# Defaults to 'default' +# Defaults to $::os_service_default # # [*eqlx_use_chap*] -# (optional) Use CHAP authentification for targets? -# Defaults to false +# (optional) Boolean. Use CHAP authentification for targets. The default +# value in OpenStack is assumed to be false for this. +# Defaults to $::os_service_default # # [*eqlx_chap_login*] # (optional) An existing CHAP account name. @@ -43,11 +45,11 @@ # # [*eqlx_cli_timeout*] # (optional) The timeout for the Group Manager cli command execution. -# Defaults to 30 seconds +# Defaults to $::os_service_default # # [*eqlx_cli_max_retries*] # (optional) The maximum retry count for reconnection. -# Defaults to 5 +# Defaults to $:os_service_default # # [*extra_options*] # (optional) Hash of extra options to pass to the backend stanza @@ -59,17 +61,36 @@ $san_ip, $san_login, $san_password, - $san_thin_provision = true, + $san_thin_provision = $::os_service_default, $volume_backend_name = $name, - $eqlx_group_name = 'group-0', - $eqlx_pool = 'default', - $eqlx_use_chap = false, + $eqlx_group_name = $::os_service_default, + $eqlx_pool = $::os_service_default, + $eqlx_use_chap = $::os_service_default, # false $eqlx_chap_login = 'chapadmin', $eqlx_chap_password = '12345', - $eqlx_cli_timeout = 30, - $eqlx_cli_max_retries = 5, + $eqlx_cli_timeout = $::os_service_default, + $eqlx_cli_max_retries = $::os_service_default, $extra_options = {}, ) { + + if !is_service_default($san_thin_provision) { + validate_bool($san_thin_provision) + } + + if !is_service_default($eqlx_use_chap) { + validate_bool($eqlx_use_chap) + } + + if $eqlx_chap_login == 'chapadmin' { + warning('The OpenStack default value of eqlx_chap_login differs from the puppet module default of "chapadmin" and may change in later versions of the module.') + } + + if $eqlx_chap_password == '12345' { + warning('The OpenStack default value of eqlx_chap_password differs from the puppet module default of "12345" and may change in later versions of the module.') + } + + + cinder_config { "${name}/volume_backend_name": value => $volume_backend_name; "${name}/volume_driver": value => 'cinder.volume.drivers.eqlx.DellEQLSanISCSIDriver'; @@ -84,7 +105,8 @@ "${name}/eqlx_pool": value => $eqlx_pool; } - if(str2bool($eqlx_use_chap)) { + # the default for this is false + if !is_service_default($eqlx_use_chap) and $eqlx_use_chap == true { cinder_config { "${name}/eqlx_chap_login": value => $eqlx_chap_login; "${name}/eqlx_chap_password": value => $eqlx_chap_password, secret => true; diff --git a/cinder/manifests/backend/glusterfs.pp b/cinder/manifests/backend/glusterfs.pp index 560fa59d2..f03081ee2 100644 --- a/cinder/manifests/backend/glusterfs.pp +++ b/cinder/manifests/backend/glusterfs.pp @@ -13,16 +13,23 @@ # (optional) Allows for the volume_backend_name to be separate of $name. # Defaults to: $name # -# [*glusterfs_disk_util*] -# Removed in Icehouse. +# [*glusterfs_backup_mount_point*] +# (optional) Base dir containing mount point for gluster share. +# Defaults to $::os_service_default +# +# [*glusterfs_backup_share*] +# (optonal) GlusterFS share in : +# format. Eg: 1.2.3.4:backup_vol +# Defaults to $::os_service_default # # [*glusterfs_sparsed_volumes*] # (optional) Whether or not to use sparse (thin) volumes. -# Defaults to undef which uses the driver's default of "true". +# Defaults to $::os_service_default which uses the driver's default of "true". # # [*glusterfs_mount_point_base*] # (optional) Where to mount the Gluster volumes. -# Defaults to undef which uses the driver's default of "$state_path/mnt". +# Defaults to $::os_service_default which uses the driver's default of +# "$state_path/mnt". # # [*glusterfs_shares_config*] # (optional) The config file to store the given $glusterfs_shares. @@ -42,18 +49,15 @@ # define cinder::backend::glusterfs ( $glusterfs_shares, - $volume_backend_name = $name, - $glusterfs_disk_util = false, - $glusterfs_sparsed_volumes = undef, - $glusterfs_mount_point_base = undef, - $glusterfs_shares_config = '/etc/cinder/shares.conf', - $extra_options = {}, + $volume_backend_name = $name, + $glusterfs_backup_mount_point = $::os_service_default, + $glusterfs_backup_share = $::os_service_default, + $glusterfs_sparsed_volumes = $::os_service_default, + $glusterfs_mount_point_base = $::os_service_default, + $glusterfs_shares_config = '/etc/cinder/shares.conf', + $extra_options = {}, ) { - if $glusterfs_disk_util { - fail('glusterfs_disk_util is removed in Icehouse.') - } - $content = join($glusterfs_shares, "\n") file { $glusterfs_shares_config: @@ -66,6 +70,8 @@ "${name}/volume_backend_name": value => $volume_backend_name; "${name}/volume_driver": value => 'cinder.volume.drivers.glusterfs.GlusterfsDriver'; + "${name}/glusterfs_backup_mount_point": value => $glusterfs_backup_mount_point; + "${name}/glusterfs_backup_share": value => $glusterfs_backup_share; "${name}/glusterfs_shares_config": value => $glusterfs_shares_config; "${name}/glusterfs_sparsed_volumes": value => $glusterfs_sparsed_volumes; "${name}/glusterfs_mount_point_base": value => $glusterfs_mount_point_base; diff --git a/cinder/manifests/backend/gpfs.pp b/cinder/manifests/backend/gpfs.pp index bf3a88329..ef3433267 100644 --- a/cinder/manifests/backend/gpfs.pp +++ b/cinder/manifests/backend/gpfs.pp @@ -60,18 +60,18 @@ # define cinder::backend::gpfs ( $gpfs_mount_point_base, - $gpfs_images_dir = '', - $gpfs_images_share_mode = '', - $gpfs_max_clone_depth = '', - $gpfs_sparse_volumes = '', - $gpfs_storage_pool = '', + $gpfs_images_dir = $::os_service_default, + $gpfs_images_share_mode = $::os_service_default, + $gpfs_max_clone_depth = $::os_service_default, + $gpfs_sparse_volumes = $::os_service_default, + $gpfs_storage_pool = $::os_service_default, $extra_options = {}, ) { - if ! ($gpfs_images_share_mode in ['copy', 'copy_on_write', '']) { + if ! ($gpfs_images_share_mode in ['copy', 'copy_on_write', $::os_service_default]) { fail('gpfs_images_share_mode only support `copy` or `copy_on_write`') } - if $gpfs_images_share_mode in ['copy', 'copy_on_write'] and $gpfs_images_dir == '' { + if $gpfs_images_share_mode in ['copy', 'copy_on_write'] and is_service_default($gpfs_images_dir) { fail('gpfs_images_share_mode only in conjunction with gpfs_images_dir') } diff --git a/cinder/manifests/backend/iscsi.pp b/cinder/manifests/backend/iscsi.pp index 77bff4dfe..b5846b40f 100644 --- a/cinder/manifests/backend/iscsi.pp +++ b/cinder/manifests/backend/iscsi.pp @@ -16,7 +16,7 @@ # # [*volume_group*] # (Optional) Name for the VG that will contain exported volumes -# Defaults to 'cinder-volumes'. +# Defaults to $::os_service_default # # [*volumes_dir*] # (Optional) Volume configuration file storage directory @@ -28,7 +28,7 @@ # # [*iscsi_protocol*] # (Optional) Protocol to use as iSCSI driver -# Defaults to 'iscsi'. +# Defaults to $::os_service_default. # # [*extra_options*] # (optional) Hash of extra options to pass to the backend stanza @@ -40,10 +40,10 @@ $iscsi_ip_address, $volume_backend_name = $name, $volume_driver = 'cinder.volume.drivers.lvm.LVMVolumeDriver', - $volume_group = 'cinder-volumes', + $volume_group = $::os_service_default, $volumes_dir = '/var/lib/cinder/volumes', $iscsi_helper = $::cinder::params::iscsi_helper, - $iscsi_protocol = 'iscsi', + $iscsi_protocol = $::os_service_default, $extra_options = {}, ) { diff --git a/cinder/manifests/backend/nfs.pp b/cinder/manifests/backend/nfs.pp index 4a6a3ff41..3921fde6a 100644 --- a/cinder/manifests/backend/nfs.pp +++ b/cinder/manifests/backend/nfs.pp @@ -10,23 +10,29 @@ # (Required) Description # Defaults to '[]' # +# [*nfs_mount_attempts*] +# (optional) The number of attempts to mount nfs shares before raising an +# error. At least one attempt will be made to mount an nfs share, regardless +# of the value specified. +# Defaults to $::os_service_default +# # [*nfs_mount_options*] # (Optional) Mount options passed to the nfs client. -# Defaults to 'undef'. +# Defaults to $::os_service_default # # [*nfs_disk_util*] # (Optional) TODO -# Defaults to 'undef'. +# Defaults to $::os_service_default # # [*nfs_sparsed_volumes*] # (Optional) Create volumes as sparsed files which take no space. # If set to False volume is created as regular file. # In such case volume creation takes a lot of time. -# Defaults to 'undef'. +# Defaults to $::os_service_default # # [*nfs_mount_point_base*] # (Optional) Base dir containing mount points for nfs shares. -# Defaults to 'undef'. +# Defaults to $::os_service_default # # [*nfs_shares_config*] # (Optional) File with the list of available nfs shares. @@ -35,13 +41,13 @@ # [*nfs_used_ratio*] # (Optional) Percent of ACTUAL usage of the underlying volume before no new # volumes can be allocated to the volume destination. -# Defaults to '0.95'. +# Defaults to $::os_service_default # # [*nfs_oversub_ratio*] # (Optional) This will compare the allocated to available space on the volume # destination. If the ratio exceeds this number, the destination will no # longer be valid. -# Defaults to '1.0'. +# Defaults to $::os_service_default # # [*extra_options*] # (optional) Hash of extra options to pass to the backend stanza @@ -52,13 +58,14 @@ define cinder::backend::nfs ( $volume_backend_name = $name, $nfs_servers = [], - $nfs_mount_options = undef, - $nfs_disk_util = undef, - $nfs_sparsed_volumes = undef, - $nfs_mount_point_base = undef, + $nfs_mount_attempts = $::os_service_default, + $nfs_mount_options = $::os_service_default, + $nfs_disk_util = $::os_service_default, + $nfs_sparsed_volumes = $::os_service_default, + $nfs_mount_point_base = $::os_service_default, $nfs_shares_config = '/etc/cinder/shares.conf', - $nfs_used_ratio = '0.95', - $nfs_oversub_ratio = '1.0', + $nfs_used_ratio = $::os_service_default, + $nfs_oversub_ratio = $::os_service_default, $extra_options = {}, ) { @@ -73,6 +80,7 @@ "${name}/volume_driver": value => 'cinder.volume.drivers.nfs.NfsDriver'; "${name}/nfs_shares_config": value => $nfs_shares_config; + "${name}/nfs_mount_attempts": value => $nfs_mount_attempts; "${name}/nfs_mount_options": value => $nfs_mount_options; "${name}/nfs_disk_util": value => $nfs_disk_util; "${name}/nfs_sparsed_volumes": value => $nfs_sparsed_volumes; diff --git a/cinder/manifests/backend/rbd.pp b/cinder/manifests/backend/rbd.pp index 75f673933..c8daef72e 100644 --- a/cinder/manifests/backend/rbd.pp +++ b/cinder/manifests/backend/rbd.pp @@ -42,7 +42,25 @@ # (optional) Maximum number of nested clones that can be taken of a # volume before enforcing a flatten prior to next clone. # A value of zero disables cloning -# Defaults to '5' +# Defaults to $::os_service_default +# +# [*rados_connect_timeout*] +# (optional) Timeout value (in seconds) used when connecting to ceph cluster. +# If value < 0, no timeout is set and default librados value is used. +# Defaults to $::os_service_default +# +# [*rados_connection_interval*] +# (optional) Interval value (in seconds) between connection retries to ceph +# cluster. +# Defaults to $::os_service_default +# +# [*rados_connection_retries*] +# (optional) Number of retries if connection to ceph cluster failed. +# Defaults to $::os_service_default +# +# [*rbd_store_chunk_size*] +# (optional) Volumes will be chunked into objects of this size (in megabytes). +# Defaults to $::os_service_default # # [*extra_options*] # (optional) Hash of extra options to pass to the backend stanza @@ -56,10 +74,14 @@ $backend_host = undef, $volume_backend_name = $name, $rbd_ceph_conf = '/etc/ceph/ceph.conf', - $rbd_flatten_volume_from_snapshot = false, + $rbd_flatten_volume_from_snapshot = $::os_service_default, $rbd_secret_uuid = $::os_service_default, $volume_tmp_dir = $::os_service_default, - $rbd_max_clone_depth = '5', + $rbd_max_clone_depth = $::os_service_default, + $rados_connect_timeout = $::os_service_default, + $rados_connection_interval = $::os_service_default, + $rados_connection_retries = $::os_service_default, + $rbd_store_chunk_size = $::os_service_default, $extra_options = {}, ) { @@ -74,6 +96,10 @@ "${name}/rbd_max_clone_depth": value => $rbd_max_clone_depth; "${name}/rbd_flatten_volume_from_snapshot": value => $rbd_flatten_volume_from_snapshot; "${name}/rbd_secret_uuid": value => $rbd_secret_uuid; + "${name}/rados_connect_timeout": value => $rados_connect_timeout; + "${name}/rados_connection_interval": value => $rados_connection_interval; + "${name}/rados_connection_retries": value => $rados_connection_retries; + "${name}/rbd_store_chunk_size": value => $rbd_store_chunk_size; "${name}/volume_tmp_dir": value => $volume_tmp_dir; } @@ -106,11 +132,10 @@ # Creates an empty file if it doesn't yet exist ensure_resource('file', $::cinder::params::ceph_init_override, {'ensure' => 'present'}) - ensure_resource('file_line', 'set initscript env', { + file_line { "set initscript env ${name}": line => $override_line, path => $::cinder::params::ceph_init_override, - match => $override_match, - notify => Service['cinder-volume'] - }) + notify => Service['cinder-volume'], + } } diff --git a/cinder/manifests/backend/vmdk.pp b/cinder/manifests/backend/vmdk.pp index 5b5205488..159ab4e0c 100644 --- a/cinder/manifests/backend/vmdk.pp +++ b/cinder/manifests/backend/vmdk.pp @@ -20,7 +20,7 @@ # [*api_retry_count*] # (optional) The number of times we retry on failures, # e.g., socket error, etc. -# Defaults to 10. +# Defaults to $::os_service_default. # # [*max_object_retrieval*] # (optional) The maximum number of ObjectContent data objects that should @@ -29,7 +29,7 @@ # objects reaches the specified maximum. The server may still # limit the count to something less than the configured value. # Any remaining objects may be retrieved with additional requests. -# Defaults to 100. +# Defaults to $::os_service_default # # [*task_poll_interval*] # (optional) The interval in seconds used for polling of remote tasks. @@ -37,13 +37,13 @@ # # [*image_transfer_timeout_secs*] # (optional) The timeout in seconds for VMDK volume transfer between Cinder and Glance. -# Defaults to 7200. +# Defaults to $::os_service_default # # [*wsdl_location*] # (optional) VIM Service WSDL Location e.g # http:///vimService.wsdl. Optional over-ride to # default location for bug work-arounds. -# Defaults to None. +# Defaults to $::os_service_default. # # [*volume_folder*] # (optional) The name for the folder in the VC datacenter that will contain cinder volumes. @@ -61,14 +61,22 @@ $host_password, $volume_backend_name = $name, $volume_folder = 'cinder-volumes', - $api_retry_count = 10, - $max_object_retrieval = 100, + $api_retry_count = $::os_service_default, + $max_object_retrieval = $::os_service_default, $task_poll_interval = 5, - $image_transfer_timeout_secs = 7200, - $wsdl_location = undef, + $image_transfer_timeout_secs = $::os_service_default, + $wsdl_location = $::os_service_default, $extra_options = {}, ) { + if $volume_folder == 'cinder-volumes' { + warning('The OpenStack default value of volume_folder differs from the puppet module default of "cinder-volumes" and may change in later versions of the module.') + } + + if $task_poll_interval == 5 { + warning('The OpenStack default value of task_poll_interval differs from the puppet module default of "5" and may change in later versions of the module.') + } + cinder_config { "${name}/volume_backend_name": value => $volume_backend_name; "${name}/volume_driver": value => 'cinder.volume.drivers.vmware.vmdk.VMwareVcVmdkDriver'; @@ -80,15 +88,10 @@ "${name}/vmware_max_object_retrieval": value => $max_object_retrieval; "${name}/vmware_task_poll_interval": value => $task_poll_interval; "${name}/vmware_image_transfer_timeout_secs": value => $image_transfer_timeout_secs; + "${name}/vmware_wsdl_location": value => $wsdl_location; "${name}/host": value => "vmdk:${host_ip}-${volume_folder}"; } - if $wsdl_location { - cinder_config { - "${name}/vmware_wsdl_location": value => $wsdl_location; - } - } - package { 'python-suds': ensure => present } diff --git a/cinder/manifests/config.pp b/cinder/manifests/config.pp index 624a9bb65..c54473f95 100644 --- a/cinder/manifests/config.pp +++ b/cinder/manifests/config.pp @@ -6,7 +6,7 @@ # # [*xxx_config*] # (optional) Allow configuration of arbitrary cinder configurations. -# The value is an hash of xxx_config resources. Example: +# The value is a hash of xxx_config resources. Example: # { 'DEFAULT/foo' => { value => 'fooValue'}, # 'DEFAULT/bar' => { value => 'barValue'} # } diff --git a/cinder/manifests/init.pp b/cinder/manifests/init.pp index e8edf9367..91b1489f1 100644 --- a/cinder/manifests/init.pp +++ b/cinder/manifests/init.pp @@ -69,6 +69,16 @@ # (optional) Connect over SSL for RabbitMQ # Defaults to false # +# [*report_interval*] +# (optional) Interval, in seconds, between nodes reporting state to +# datastore (integer value). +# Defaults to $::os_service_default +# +# [*service_down_time*] +# (optional) Maximum time since last check-in for a service to be +# considered up (integer value). +# Defaults to $::os_service_default +# # [*kombu_ssl_ca_certs*] # (optional) SSL certification authority file (valid only if SSL enabled). # Defaults to $::os_service_default @@ -256,6 +266,8 @@ $rabbit_userid = 'guest', $rabbit_password = false, $rabbit_use_ssl = false, + $service_down_time = $::os_service_default, + $report_interval = $::os_service_default, $kombu_ssl_ca_certs = $::os_service_default, $kombu_ssl_certfile = $::os_service_default, $kombu_ssl_keyfile = $::os_service_default, @@ -340,6 +352,8 @@ 'oslo_messaging_rabbit/heartbeat_timeout_threshold': value => $rabbit_heartbeat_timeout_threshold; 'oslo_messaging_rabbit/heartbeat_rate': value => $rabbit_heartbeat_rate; 'DEFAULT/control_exchange': value => $control_exchange; + 'DEFAULT/report_interval': value => $report_interval; + 'DEFAULT/service_down_time': value => $service_down_time; 'oslo_messaging_rabbit/amqp_durable_queues': value => $amqp_durable_queues; } diff --git a/cinder/manifests/volume/dellsc_iscsi.pp b/cinder/manifests/volume/dellsc_iscsi.pp index d69bb893d..e470f9567 100644 --- a/cinder/manifests/volume/dellsc_iscsi.pp +++ b/cinder/manifests/volume/dellsc_iscsi.pp @@ -21,19 +21,23 @@ # # [*dell_sc_api_port*] # (optional) The Enterprise Manager API port. -# Defaults to 3033 +# Defaults to $::os_service_default # # [*dell_sc_server_folder*] # (optional) Name of the server folder to use on the Storage Center. # Defaults to 'srv' # +# [*dell_sc_verify_cert*] +# (optional) Enable HTTPS SC certificate verification +# Defaults to $:os_service_default +# # [*dell_sc_volume_folder*] # (optional) Name of the volume folder to use on the Storage Center. # Defaults to 'vol' # # [*iscsi_port*] # (optional) The Storage Center iSCSI IP port. -# Defaults to 3260 +# Defaults to $::os_service_default # # [*extra_options*] # (optional) Hash of extra options to pass to the backend stanza. @@ -47,10 +51,11 @@ $san_password, $iscsi_ip_address, $dell_sc_ssn, - $dell_sc_api_port = 3033, + $dell_sc_api_port = $::os_service_default, $dell_sc_server_folder = 'srv', + $dell_sc_verify_cert = $::os_service_default, $dell_sc_volume_folder = 'vol', - $iscsi_port = 3260, + $iscsi_port = $::os_service_default, $extra_options = {}, ) { cinder::backend::dellsc_iscsi { 'DEFAULT': @@ -61,6 +66,7 @@ dell_sc_ssn => $dell_sc_ssn, dell_sc_api_port => $dell_sc_api_port, dell_sc_server_folder => $dell_sc_server_folder, + dell_sc_verify_cert => $dell_sc_verify_cert, dell_sc_volume_folder => $dell_sc_volume_folder, iscsi_port => $iscsi_port, extra_options => $extra_options, diff --git a/cinder/manifests/volume/eqlx.pp b/cinder/manifests/volume/eqlx.pp index 0af623966..7c315f2b4 100644 --- a/cinder/manifests/volume/eqlx.pp +++ b/cinder/manifests/volume/eqlx.pp @@ -15,19 +15,19 @@ # # [*san_thin_provision*] # (optional) Whether or not to use thin provisioning for volumes. -# Defaults to true +# Defaults to $::os_service_default # # [*eqlx_group_name*] # (optional) The CLI prompt message without '>'. -# Defaults to 'group-0' +# Defaults to $::os_service_default # # [*eqlx_pool*] # (optional) The pool in which volumes will be created. -# Defaults to 'default' +# Defaults to $::os_service_default # # [*eqlx_use_chap*] # (optional) Use CHAP authentification for targets? -# Defaults to false +# Defaults to $::os_service_default # # [*eqlx_chap_login*] # (optional) An existing CHAP account name. @@ -39,11 +39,11 @@ # # [*eqlx_cli_timeout*] # (optional) The timeout for the Group Manager cli command execution. -# Defaults to 30 seconds +# Defaults to $::os_service_default # # [*eqlx_cli_max_retries*] # (optional) The maximum retry count for reconnection. -# Defaults to 5 +# Defaults to $::os_service_default # # [*extra_options*] # (optional) Hash of extra options to pass to the backend stanza @@ -55,14 +55,14 @@ $san_ip, $san_login, $san_password, - $san_thin_provision = true, - $eqlx_group_name = 'group-0', - $eqlx_pool = 'default', - $eqlx_use_chap = false, + $san_thin_provision = $::os_service_default, + $eqlx_group_name = $::os_service_default, + $eqlx_pool = $::os_service_default, + $eqlx_use_chap = $::os_service_default, $eqlx_chap_login = 'chapadmin', $eqlx_chap_password = '12345', - $eqlx_cli_timeout = 30, - $eqlx_cli_max_retries = 5, + $eqlx_cli_timeout = $::os_service_default, + $eqlx_cli_max_retries = $::os_service_default, $extra_options = {}, ) { cinder::backend::eqlx { 'DEFAULT': diff --git a/cinder/manifests/volume/glusterfs.pp b/cinder/manifests/volume/glusterfs.pp index dfd484ae2..c763a4664 100644 --- a/cinder/manifests/volume/glusterfs.pp +++ b/cinder/manifests/volume/glusterfs.pp @@ -9,16 +9,22 @@ # (required) An array of GlusterFS volume locations. # Must be an array even if there is only one volume. # -# [*glusterfs_disk_util*] -# Removed in Icehouse. +# [*glusterfs_backup_mount_point*] +# (optional) Base dir containing mount point for gluster share. +# Defaults to $::os_service_default +# +# [*glusterfs_backup_share*] +# (optonal) GlusterFS share in : +# format. Eg: 1.2.3.4:backup_vol +# Defaults to $::os_service_default # # [*glusterfs_sparsed_volumes*] # (optional) Whether or not to use sparse (thin) volumes. -# Defaults to undef which uses the driver's default of "true". +# Defaults to $::os_service_default which uses the driver's default of "true". # # [*glusterfs_mount_point_base*] # (optional) Where to mount the Gluster volumes. -# Defaults to undef which uses the driver's default of "$state_path/mnt". +# Defaults to $::os_service_default which uses the driver's default of "$state_path/mnt". # # [*glusterfs_shares_config*] # (optional) The config file to store the given $glusterfs_shares. @@ -38,19 +44,21 @@ # class cinder::volume::glusterfs ( $glusterfs_shares, - $glusterfs_disk_util = false, - $glusterfs_sparsed_volumes = undef, - $glusterfs_mount_point_base = undef, - $glusterfs_shares_config = '/etc/cinder/shares.conf', - $extra_options = {}, + $glusterfs_backup_mount_point = $::os_service_default, + $glusterfs_backup_share = $::os_service_default, + $glusterfs_sparsed_volumes = $::os_service_default, + $glusterfs_mount_point_base = $::os_service_default, + $glusterfs_shares_config = '/etc/cinder/shares.conf', + $extra_options = {}, ) { cinder::backend::glusterfs { 'DEFAULT': - glusterfs_shares => $glusterfs_shares, - glusterfs_disk_util => $glusterfs_disk_util, - glusterfs_sparsed_volumes => $glusterfs_sparsed_volumes, - glusterfs_mount_point_base => $glusterfs_mount_point_base, - glusterfs_shares_config => $glusterfs_shares_config, - extra_options => $extra_options, + glusterfs_shares => $glusterfs_shares, + glusterfs_backup_mount_point => $glusterfs_backup_mount_point, + glusterfs_backup_share => $glusterfs_backup_share, + glusterfs_sparsed_volumes => $glusterfs_sparsed_volumes, + glusterfs_mount_point_base => $glusterfs_mount_point_base, + glusterfs_shares_config => $glusterfs_shares_config, + extra_options => $extra_options, } } diff --git a/cinder/manifests/volume/iscsi.pp b/cinder/manifests/volume/iscsi.pp index 4cfc38474..367ea579d 100644 --- a/cinder/manifests/volume/iscsi.pp +++ b/cinder/manifests/volume/iscsi.pp @@ -13,7 +13,7 @@ # # [*volume_group*] # (Optional) Name for the VG that will contain exported volumes -# Defaults to 'cinder-volumes'. +# Defaults to $::os_service_default. # # [*volumes_dir*] # (Optional) Volume configuration file storage directory @@ -25,7 +25,7 @@ # # [*iscsi_protocol*] # (Optional) Protocol to use as iSCSI driver -# Defaults to 'iscsi'. +# Defaults to $::os_service_default. # # [*extra_options*] # (optional) Hash of extra options to pass to the backend stanza @@ -36,10 +36,10 @@ class cinder::volume::iscsi ( $iscsi_ip_address, $volume_driver = 'cinder.volume.drivers.lvm.LVMVolumeDriver', - $volume_group = 'cinder-volumes', + $volume_group = $::os_service_default, $volumes_dir = '/var/lib/cinder/volumes', $iscsi_helper = $::cinder::params::iscsi_helper, - $iscsi_protocol = 'iscsi', + $iscsi_protocol = $::os_service_default, $extra_options = {}, ) { diff --git a/cinder/manifests/volume/nfs.pp b/cinder/manifests/volume/nfs.pp index a69ff83d6..63889a6f9 100644 --- a/cinder/manifests/volume/nfs.pp +++ b/cinder/manifests/volume/nfs.pp @@ -7,23 +7,29 @@ # (Required) Description # Defaults to '[]' # +# [*nfs_mount_attempts*] +# (optional) The number of attempts to mount nfs shares before raising an +# error. At least one attempt will be made to mount an nfs share, regardless +# of the value specified. +# Defaults to $::os_service_default +# # [*nfs_mount_options*] # (Optional) Mount options passed to the nfs client. -# Defaults to 'undef'. +# Defaults to $::os_service_default. # # [*nfs_disk_util*] # (Optional) TODO -# Defaults to 'undef'. +# Defaults to $::os_service_default. # # [*nfs_sparsed_volumes*] # (Optional) Create volumes as sparsed files which take no space. # If set to False volume is created as regular file. # In such case volume creation takes a lot of time. -# Defaults to 'undef'. +# Defaults to $::os_service_default. # # [*nfs_mount_point_base*] # (Optional) Base dir containing mount points for nfs shares. -# Defaults to 'undef'. +# Defaults to $::os_service_default. # # [*nfs_shares_config*] # (Optional) File with the list of available nfs shares. @@ -32,13 +38,13 @@ # [*nfs_used_ratio*] # (Optional) Percent of ACTUAL usage of the underlying volume before no new # volumes can be allocated to the volume destination. -# Defaults to '0.95'. +# Defaults to $::os_service_default. # # [*nfs_oversub_ratio*] # (Optional) This will compare the allocated to available space on the volume # destination. If the ratio exceeds this number, the destination will no # longer be valid. -# Defaults to '1.0'. +# Defaults to $::os_service_default. # # [*extra_options*] # (optional) Hash of extra options to pass to the backend stanza @@ -48,18 +54,20 @@ # class cinder::volume::nfs ( $nfs_servers = [], - $nfs_mount_options = undef, - $nfs_disk_util = undef, - $nfs_sparsed_volumes = undef, - $nfs_mount_point_base = undef, + $nfs_mount_attempts = $::os_service_default, + $nfs_mount_options = $::os_service_default, + $nfs_disk_util = $::os_service_default, + $nfs_sparsed_volumes = $::os_service_default, + $nfs_mount_point_base = $::os_service_default, $nfs_shares_config = '/etc/cinder/shares.conf', - $nfs_used_ratio = '0.95', - $nfs_oversub_ratio = '1.0', + $nfs_used_ratio = $::os_service_default, + $nfs_oversub_ratio = $::os_service_default, $extra_options = {}, ) { cinder::backend::nfs { 'DEFAULT': nfs_servers => $nfs_servers, + nfs_mount_attempts => $nfs_mount_attempts, nfs_mount_options => $nfs_mount_options, nfs_disk_util => $nfs_disk_util, nfs_sparsed_volumes => $nfs_sparsed_volumes, diff --git a/cinder/manifests/volume/rbd.pp b/cinder/manifests/volume/rbd.pp index f02746b00..e70d66abf 100644 --- a/cinder/manifests/volume/rbd.pp +++ b/cinder/manifests/volume/rbd.pp @@ -16,22 +16,40 @@ # # [*rbd_flatten_volume_from_snapshot*] # (optional) Enable flatten volumes created from snapshots. -# Defaults to false +# Defaults to $::os_service_default # # [*rbd_secret_uuid*] # (optional) A required parameter to use cephx. -# Defaults to false +# Defaults to $::os_service_default # # [*volume_tmp_dir*] # (optional) Location to store temporary image files if the volume # driver does not write them directly to the volume -# Defaults to false +# Defaults to $::os_service_default # # [*rbd_max_clone_depth*] # (optional) Maximum number of nested clones that can be taken of a # volume before enforcing a flatten prior to next clone. # A value of zero disables cloning -# Defaults to '5' +# Defaults to $::os_service_default +# +# [*rados_connect_timeout*] +# (optional) Timeout value (in seconds) used when connecting to ceph cluster. +# If value < 0, no timeout is set and default librados value is used. +# Defaults to $::os_service_default +# +# [*rados_connection_interval*] +# (optional) Interval value (in seconds) between connection retries to ceph +# cluster. +# Defaults to $::os_service_default +# +# [*rados_connection_retries*] +# (optional) Number of retries if connection to ceph cluster failed. +# Defaults to $::os_service_default +# +# [*rbd_store_chunk_size*] +# (optional) Volumes will be chunked into objects of this size (in megabytes). +# Defaults to $::os_service_default # # [*extra_options*] # (optional) Hash of extra options to pass to the backend stanza @@ -43,10 +61,14 @@ $rbd_pool, $rbd_user, $rbd_ceph_conf = '/etc/ceph/ceph.conf', - $rbd_flatten_volume_from_snapshot = false, - $rbd_secret_uuid = false, - $volume_tmp_dir = false, - $rbd_max_clone_depth = '5', + $rbd_flatten_volume_from_snapshot = $::os_service_default, + $rbd_secret_uuid = $::os_service_default, + $volume_tmp_dir = $::os_service_default, + $rbd_max_clone_depth = $::os_service_default, + $rados_connect_timeout = $::os_service_default, + $rados_connection_interval = $::os_service_default, + $rados_connection_retries = $::os_service_default, + $rbd_store_chunk_size = $::os_service_default, $extra_options = {}, ) { @@ -58,6 +80,10 @@ rbd_secret_uuid => $rbd_secret_uuid, volume_tmp_dir => $volume_tmp_dir, rbd_max_clone_depth => $rbd_max_clone_depth, + rados_connect_timeout => $rados_connect_timeout, + rados_connection_interval => $rados_connection_interval, + rados_connection_retries => $rados_connection_retries, + rbd_store_chunk_size => $rbd_store_chunk_size, extra_options => $extra_options, } } diff --git a/cinder/spec/classes/cinder_api_spec.rb b/cinder/spec/classes/cinder_api_spec.rb index 20ba39640..c7d529217 100644 --- a/cinder/spec/classes/cinder_api_spec.rb +++ b/cinder/spec/classes/cinder_api_spec.rb @@ -48,6 +48,9 @@ is_expected.to contain_cinder_config('keystone_authtoken/auth_uri').with( :value => 'http://localhost:5000/' ) + is_expected.to contain_cinder_config('keystone_authtoken/identity_uri').with( + :value => 'http://localhost:35357/' + ) is_expected.to contain_cinder_config('keystone_authtoken/admin_tenant_name').with( :value => 'services' ) @@ -57,27 +60,6 @@ is_expected.to contain_cinder_config('keystone_authtoken/admin_password').with( :value => 'foo' ) - is_expected.to contain_cinder_config('keystone_authtoken/auth_protocol').with( - :value => 'http' - ) - is_expected.to contain_cinder_config('keystone_authtoken/auth_host').with( - :value => 'localhost' - ) - is_expected.to contain_cinder_config('keystone_authtoken/auth_port').with( - :value => '35357' - ) - is_expected.not_to contain_cinder_config('keystone_authtoken/service_protocol').with( - :value => 'http' - ) - is_expected.not_to contain_cinder_config('keystone_authtoken/service_host').with( - :value => 'localhost' - ) - is_expected.not_to contain_cinder_config('keystone_authtoken/service_port').with( - :value => '5000' - ) - is_expected.to contain_cinder_api_paste_ini('filter:authtoken/auth_admin_prefix').with( - :ensure => 'absent' - ) is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_name').with_value('') is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_password').with_value('') @@ -189,17 +171,6 @@ end end - describe 'with custom auth_uri' do - let :params do - req_params.merge({'keystone_auth_uri' => 'http://localhost:8080/v2.0/'}) - end - it 'should configure cinder auth_uri correctly' do - is_expected.to contain_cinder_config('keystone_authtoken/auth_uri').with( - :value => 'http://localhost:8080/v2.0/' - ) - end - end - describe 'with only required params' do let :params do req_params.merge({'bind_host' => '192.168.1.3'}) @@ -222,53 +193,6 @@ it { is_expected.not_to contain_class('cinder::db::sync') } end - [ '/keystone', '/keystone/admin' ].each do |keystone_auth_admin_prefix| - describe "with keystone_auth_admin_prefix containing correct value #{keystone_auth_admin_prefix}" do - let :params do - { - :keystone_auth_admin_prefix => keystone_auth_admin_prefix, - :keystone_password => 'dummy' - } - end - - it { is_expected.to contain_cinder_api_paste_ini('filter:authtoken/auth_admin_prefix').with( - :value => "#{keystone_auth_admin_prefix}" - )} - end - end - - describe "with keystone_auth_admin_prefix containing correct value ''" do - let :params do - { - :keystone_auth_admin_prefix => '', - :keystone_password => 'dummy' - } - end - - it { is_expected.to contain_cinder_api_paste_ini('filter:authtoken/auth_admin_prefix')} - end - - [ - '/keystone/', - 'keystone/', - 'keystone', - '/keystone/admin/', - 'keystone/admin/', - 'keystone/admin' - ].each do |keystone_auth_admin_prefix| - describe "with keystone_auth_admin_prefix containing incorrect value #{keystone_auth_admin_prefix}" do - let :params do - { - :keystone_auth_admin_prefix => keystone_auth_admin_prefix, - :keystone_password => 'dummy' - } - end - - it { expect { is_expected.to contain_cinder_api_paste_ini('filter:authtoken/auth_admin_prefix') }.to \ - raise_error(Puppet::Error, /validate_re\(\): "#{keystone_auth_admin_prefix}" does not match/) } - end - end - describe 'with enabled false' do let :params do req_params.merge({'enabled' => false}) @@ -356,30 +280,13 @@ let :params do req_params.merge({ :identity_uri => 'https://localhost:35357/', - :auth_uri => 'https://localhost:5000/v2.0/', + :auth_uri => 'https://localhost:5000/', }) end it 'configures identity_uri and auth_uri but deprecates old auth settings' do is_expected.to contain_cinder_config('keystone_authtoken/identity_uri').with_value("https://localhost:35357/") - is_expected.to contain_cinder_config('keystone_authtoken/auth_uri').with_value("https://localhost:5000/v2.0/") - is_expected.to contain_cinder_api_paste_ini('filter:authtoken/auth_admin_prefix').with(:ensure => 'absent') - is_expected.to contain_cinder_config('keystone_authtoken/auth_port').with(:ensure => 'absent') - is_expected.not_to contain_cinder_config('keystone_authtoken/service_port').with(:ensure => 'absent') - is_expected.to contain_cinder_config('keystone_authtoken/auth_protocol').with(:ensure => 'absent') - is_expected.not_to contain_cinder_config('keystone_authtoken/service_protocol').with(:ensure => 'absent') - is_expected.to contain_cinder_config('keystone_authtoken/auth_host').with(:ensure => 'absent') - is_expected.not_to contain_cinder_config('keystone_authtoken/service_host').with(:ensure => 'absent') + is_expected.to contain_cinder_config('keystone_authtoken/auth_uri').with_value("https://localhost:5000/") end end - describe 'when someone sets keystone_auth_uri and auth_uri' do - let :params do - req_params.merge({ - :keystone_auth_uri => 'http://thisis', - :auth_uri => 'http://broken', - }) - end - - it_raises 'a Puppet::Error', /both keystone_auth_uri and auth_uri are set and they have the same meaning/ - end end diff --git a/cinder/spec/classes/cinder_keystone_auth_spec.rb b/cinder/spec/classes/cinder_keystone_auth_spec.rb index a07b523ba..38226708f 100644 --- a/cinder/spec/classes/cinder_keystone_auth_spec.rb +++ b/cinder/spec/classes/cinder_keystone_auth_spec.rb @@ -19,28 +19,26 @@ :ensure => 'present', :roles => ['admin'] ) - is_expected.to contain_keystone_service('cinder').with( + is_expected.to contain_keystone_service('cinder::volume').with( :ensure => 'present', - :type => 'volume', :description => 'Cinder Service' ) - is_expected.to contain_keystone_service('cinderv2').with( + is_expected.to contain_keystone_service('cinderv2::volumev2').with( :ensure => 'present', - :type => 'volumev2', :description => 'Cinder Service v2' ) end it 'configures keystone endpoints' do - is_expected.to contain_keystone_endpoint('RegionOne/cinder').with( + is_expected.to contain_keystone_endpoint('RegionOne/cinder::volume').with( :ensure => 'present', :public_url => 'http://127.0.0.1:8776/v1/%(tenant_id)s', :admin_url => 'http://127.0.0.1:8776/v1/%(tenant_id)s', :internal_url => 'http://127.0.0.1:8776/v1/%(tenant_id)s' ) - is_expected.to contain_keystone_endpoint('RegionOne/cinderv2').with( + is_expected.to contain_keystone_endpoint('RegionOne/cinderv2::volumev2').with( :ensure => 'present', :public_url => 'http://127.0.0.1:8776/v2/%(tenant_id)s', :admin_url => 'http://127.0.0.1:8776/v2/%(tenant_id)s', @@ -63,14 +61,14 @@ end it 'configures keystone endpoints' do - is_expected.to contain_keystone_endpoint('RegionThree/cinder').with( + is_expected.to contain_keystone_endpoint('RegionThree/cinder::volume').with( :ensure => 'present', :public_url => 'https://10.0.42.1:4242/v41/%(tenant_id)s', :admin_url => 'https://10.0.42.2:4242/v41/%(tenant_id)s', :internal_url => 'https://10.0.42.3:4242/v41/%(tenant_id)s' ) - is_expected.to contain_keystone_endpoint('RegionThree/cinderv2').with( + is_expected.to contain_keystone_endpoint('RegionThree/cinderv2::volumev2').with( :ensure => 'present', :public_url => 'https://10.0.42.1:4242/v42/%(tenant_id)s', :admin_url => 'https://10.0.42.2:4242/v42/%(tenant_id)s', @@ -95,14 +93,14 @@ end it 'configures keystone endpoints' do - is_expected.to contain_keystone_endpoint('RegionThree/cinder').with( + is_expected.to contain_keystone_endpoint('RegionThree/cinder::volume').with( :ensure => 'present', :public_url => 'https://10.0.42.1:4242/v42/%(tenant_id)s', :admin_url => 'https://10.0.42.2:4242/v42/%(tenant_id)s', :internal_url => 'https://10.0.42.3:4242/v42/%(tenant_id)s' ) - is_expected.to contain_keystone_endpoint('RegionThree/cinderv2').with( + is_expected.to contain_keystone_endpoint('RegionThree/cinderv2::volumev2').with( :ensure => 'present', :public_url => 'https://10.0.42.1:4242/v2/%(tenant_id)s', :admin_url => 'https://10.0.42.2:4242/v2/%(tenant_id)s', @@ -119,8 +117,8 @@ :configure_endpoint_v2 => false ) end - it { is_expected.to_not contain_keystone_endpoint('RegionOne/cinder') } - it { is_expected.to_not contain_keystone_endpoint('RegionOne/cinderv2') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/cinder::volume') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/cinderv2::volumev2') } end describe 'when user is_expected.to not be configured' do @@ -132,9 +130,8 @@ it { is_expected.to_not contain_keystone_user('cinder') } it { is_expected.to contain_keystone_user_role('cinder@services') } - it { is_expected.to contain_keystone_service('cinder').with( + it { is_expected.to contain_keystone_service('cinder::volume').with( :ensure => 'present', - :type => 'volume', :description => 'Cinder Service' ) } @@ -150,9 +147,8 @@ it { is_expected.to_not contain_keystone_user('cinder') } it { is_expected.to_not contain_keystone_user_role('cinder@services') } - it { is_expected.to contain_keystone_service('cinder').with( + it { is_expected.to contain_keystone_service('cinder::volume').with( :ensure => 'present', - :type => 'volume', :description => 'Cinder Service' ) } @@ -186,10 +182,10 @@ it { is_expected.to contain_keystone_user('cinder') } it { is_expected.to contain_keystone_user_role('cinder@services') } - it { is_expected.to contain_keystone_service('cinder_service') } - it { is_expected.to contain_keystone_service('cinder_service_v2') } - it { is_expected.to contain_keystone_endpoint('RegionOne/cinder_service') } - it { is_expected.to contain_keystone_endpoint('RegionOne/cinder_service_v2') } + it { is_expected.to contain_keystone_service('cinder_service::volume') } + it { is_expected.to contain_keystone_service('cinder_service_v2::volumev2') } + it { is_expected.to contain_keystone_endpoint('RegionOne/cinder_service::volume') } + it { is_expected.to contain_keystone_endpoint('RegionOne/cinder_service_v2::volumev2') } end diff --git a/cinder/spec/classes/cinder_spec.rb b/cinder/spec/classes/cinder_spec.rb index ba7aaacc2..b12018167 100644 --- a/cinder/spec/classes/cinder_spec.rb +++ b/cinder/spec/classes/cinder_spec.rb @@ -28,6 +28,8 @@ it 'should contain default config' do is_expected.to contain_cinder_config('DEFAULT/rpc_backend').with(:value => 'rabbit') is_expected.to contain_cinder_config('DEFAULT/control_exchange').with(:value => 'openstack') + is_expected.to contain_cinder_config('DEFAULT/report_interval').with(:value => '') + is_expected.to contain_cinder_config('DEFAULT/service_down_time').with(:value => '') is_expected.to contain_cinder_config('oslo_messaging_rabbit/rabbit_password').with(:value => 'guest', :secret => true) is_expected.to contain_cinder_config('oslo_messaging_rabbit/rabbit_host').with(:value => '127.0.0.1') is_expected.to contain_cinder_config('oslo_messaging_rabbit/rabbit_port').with(:value => '5672') diff --git a/cinder/spec/classes/cinder_volume_dellsc_iscsi_spec.rb b/cinder/spec/classes/cinder_volume_dellsc_iscsi_spec.rb index fa22214d2..93f4f1ba2 100644 --- a/cinder/spec/classes/cinder_volume_dellsc_iscsi_spec.rb +++ b/cinder/spec/classes/cinder_volume_dellsc_iscsi_spec.rb @@ -14,13 +14,18 @@ let :default_params do { - :dell_sc_api_port => 3033, + :dell_sc_api_port => '', :dell_sc_server_folder => 'srv', + :dell_sc_verify_cert => '', :dell_sc_volume_folder => 'vol', - :iscsi_port => 3260, + :iscsi_port => '', } end + let :facts do + @default_facts.merge({}) + end + shared_examples_for 'dellsc_iscsi volume driver' do let :params_hash do default_params.merge(params) diff --git a/cinder/spec/classes/cinder_volume_eqlx_spec.rb b/cinder/spec/classes/cinder_volume_eqlx_spec.rb index ac19b43a2..d1d101c59 100644 --- a/cinder/spec/classes/cinder_volume_eqlx_spec.rb +++ b/cinder/spec/classes/cinder_volume_eqlx_spec.rb @@ -17,6 +17,10 @@ } end + let :facts do + @default_facts.merge({}) + end + describe 'eqlx volume driver' do it 'configures eqlx volume driver' do is_expected.to contain_cinder_config('DEFAULT/volume_driver').with_value('cinder.volume.drivers.eqlx.DellEQLSanISCSIDriver') diff --git a/cinder/spec/classes/cinder_volume_glusterfs_spec.rb b/cinder/spec/classes/cinder_volume_glusterfs_spec.rb index c18a8df71..32516a06f 100644 --- a/cinder/spec/classes/cinder_volume_glusterfs_spec.rb +++ b/cinder/spec/classes/cinder_volume_glusterfs_spec.rb @@ -17,6 +17,8 @@ is_expected.to contain_cinder_config('DEFAULT/glusterfs_shares_config').with_value('/etc/cinder/other_shares.conf') is_expected.to contain_cinder_config('DEFAULT/glusterfs_sparsed_volumes').with_value(true) is_expected.to contain_cinder_config('DEFAULT/glusterfs_mount_point_base').with_value('/cinder_mount_point') + is_expected.to contain_cinder_config('DEFAULT/glusterfs_backup_mount_point').with_value('') + is_expected.to contain_cinder_config('DEFAULT/glusterfs_backup_share').with_value('') is_expected.to contain_file('/etc/cinder/other_shares.conf').with( :content => "10.10.10.10:/volumes\n10.10.10.11:/volumes\n", :require => 'Package[cinder]', @@ -24,15 +26,6 @@ ) end - context "with an parameter which has been removed" do - before do - params.merge!({ - :glusterfs_disk_util => 'foo', - }) - end - it_raises 'a Puppet::Error', /glusterfs_disk_util is removed in Icehouse./ - end - context 'glusterfs volume driver with additional configuration' do before do params.merge!({:extra_options => {'glusterfs_backend/param1' => { 'value' => 'value1' }}}) @@ -49,7 +42,7 @@ context 'on Debian platforms' do let :facts do - { :osfamily => 'Debian' } + @default_facts.merge({ :osfamily => 'Debian' }) end it_configures 'glusterfs volume driver' @@ -57,7 +50,7 @@ context 'on RedHat platforms' do let :facts do - { :osfamily => 'RedHat' } + @default_facts.merge({ :osfamily => 'RedHat' }) end it_configures 'glusterfs volume driver' diff --git a/cinder/spec/classes/cinder_volume_gpfs_spec.rb b/cinder/spec/classes/cinder_volume_gpfs_spec.rb index 1b4f76736..857c58d16 100644 --- a/cinder/spec/classes/cinder_volume_gpfs_spec.rb +++ b/cinder/spec/classes/cinder_volume_gpfs_spec.rb @@ -8,6 +8,9 @@ } end + let :facts do + @default_facts.merge({}) + end context 'gpfs volume driver' do it 'checks gpfs backend availability' do diff --git a/cinder/spec/classes/cinder_volume_iscsi_spec.rb b/cinder/spec/classes/cinder_volume_iscsi_spec.rb index 8385ebe4e..c8c310df7 100644 --- a/cinder/spec/classes/cinder_volume_iscsi_spec.rb +++ b/cinder/spec/classes/cinder_volume_iscsi_spec.rb @@ -7,7 +7,7 @@ end let :facts do - {:osfamily => 'Debian'} + @default_facts.merge({:osfamily => 'Debian'}) end describe 'with default params' do @@ -20,9 +20,9 @@ :value => 'cinder.volume.drivers.lvm.LVMVolumeDriver')} it { is_expected.to contain_cinder_config('DEFAULT/iscsi_ip_address').with(:value => '127.0.0.2')} it { is_expected.to contain_cinder_config('DEFAULT/iscsi_helper').with(:value => 'tgtadm')} - it { is_expected.to contain_cinder_config('DEFAULT/volume_group').with(:value => 'cinder-volumes')} + it { is_expected.to contain_cinder_config('DEFAULT/volume_group').with(:value => '')} it { is_expected.to contain_cinder_config('DEFAULT/volumes_dir').with(:value => '/var/lib/cinder/volumes')} - it { is_expected.to contain_cinder_config('DEFAULT/iscsi_protocol').with(:value => 'iscsi')} + it { is_expected.to contain_cinder_config('DEFAULT/iscsi_protocol').with(:value => '')} end @@ -37,7 +37,7 @@ end - describe 'with a unsupported iscsi helper' do + describe 'with an unsupported iscsi helper' do let(:params) { req_params.merge(:iscsi_helper => 'fooboozoo')} it_raises 'a Puppet::Error', /Unsupported iscsi helper: fooboozoo/ @@ -50,10 +50,10 @@ end let :facts do - {:osfamily => 'RedHat', + @default_facts.merge({:osfamily => 'RedHat', :operatingsystem => 'RedHat', :operatingsystemrelease => 6.5, - :operatingsystemmajrelease => '6'} + :operatingsystemmajrelease => '6'}) end it { is_expected.to contain_file_line('cinder include').with( @@ -72,10 +72,10 @@ end let :facts do - {:osfamily => 'RedHat', + @default_facts.merge({:osfamily => 'RedHat', :operatingsystem => 'RedHat', :operatingsystemrelease => 7.0, - :operatingsystemmajrelease => '7'} + :operatingsystemmajrelease => '7'}) end it { is_expected.to contain_package('targetcli').with_ensure('present')} diff --git a/cinder/spec/classes/cinder_volume_nfs_spec.rb b/cinder/spec/classes/cinder_volume_nfs_spec.rb index bf6f62b19..ec8319c24 100644 --- a/cinder/spec/classes/cinder_volume_nfs_spec.rb +++ b/cinder/spec/classes/cinder_volume_nfs_spec.rb @@ -15,6 +15,10 @@ } end + let :facts do + @default_facts.merge({}) + end + describe 'nfs volume driver' do it 'configures nfs volume driver' do is_expected.to contain_cinder_config('DEFAULT/volume_driver').with_value( @@ -43,11 +47,14 @@ describe 'nfs volume driver with additional configuration' do before :each do - params.merge!({:extra_options => {'nfs_backend/param1' => {'value' => 'value1'}}}) + params.merge!({ + :nfs_mount_attempts => 4, + :extra_options => {'nfs_backend/param1' => {'value' => 'value1'}}}) end it 'configure nfs volume with additional configuration' do is_expected.to contain_cinder__backend__nfs('DEFAULT').with({ + :nfs_mount_attempts => params[:nfs_mount_attempts], :extra_options => {'nfs_backend/param1' => {'value' => 'value1'}} }) end diff --git a/cinder/spec/classes/cinder_volume_rbd_spec.rb b/cinder/spec/classes/cinder_volume_rbd_spec.rb index fc06c01f0..618f48e03 100644 --- a/cinder/spec/classes/cinder_volume_rbd_spec.rb +++ b/cinder/spec/classes/cinder_volume_rbd_spec.rb @@ -1,6 +1,7 @@ require 'spec_helper' describe 'cinder::volume::rbd' do + let :req_params do { :rbd_pool => 'volumes', @@ -10,6 +11,10 @@ :rbd_flatten_volume_from_snapshot => true, :volume_tmp_dir => '', :rbd_max_clone_depth => '0', + :rados_connect_timeout => '', + :rados_connection_interval => '', + :rados_connection_retries => '', + :rbd_store_chunk_size => '' } end @@ -20,7 +25,7 @@ end let :facts do - {:osfamily => 'Debian'} + @default_facts.merge({:osfamily => 'Debian'}) end describe 'rbd volume driver' do @@ -34,8 +39,12 @@ is_expected.to contain_cinder_config('DEFAULT/rbd_pool').with_value(req_params[:rbd_pool]) is_expected.to contain_cinder_config('DEFAULT/rbd_user').with_value(req_params[:rbd_user]) is_expected.to contain_cinder_config('DEFAULT/rbd_secret_uuid').with_value(req_params[:rbd_secret_uuid]) + is_expected.to contain_cinder_config('DEFAULT/rados_connect_timeout').with_value(req_params[:rados_connect_timeout]) + is_expected.to contain_cinder_config('DEFAULT/rados_connection_interval').with_value(req_params[:rados_connection_interval]) + is_expected.to contain_cinder_config('DEFAULT/rados_connection_retries').with_value(req_params[:rados_connection_retries]) + is_expected.to contain_cinder_config('DEFAULT/rbd_store_chunk_size').with_value(req_params[:rbd_store_chunk_size]) is_expected.to contain_file('/etc/init/cinder-volume.override').with(:ensure => 'present') - is_expected.to contain_file_line('set initscript env').with( + is_expected.to contain_file_line('set initscript env DEFAULT').with( :line => /env CEPH_ARGS=\"--id test\"/, :path => '/etc/init/cinder-volume.override', :notify => 'Service[cinder-volume]') @@ -56,7 +65,7 @@ describe 'with RedHat' do let :facts do - { :osfamily => 'RedHat' } + @default_facts.merge({ :osfamily => 'RedHat' }) end let :params do @@ -70,7 +79,7 @@ end it 'should configure RedHat init override' do - is_expected.to contain_file_line('set initscript env').with( + is_expected.to contain_file_line('set initscript env DEFAULT').with( :line => /export CEPH_ARGS=\"--id test\"/, :path => '/etc/sysconfig/openstack-cinder-volume', :notify => 'Service[cinder-volume]') diff --git a/cinder/spec/classes/cinder_volume_vmdk_spec.rb b/cinder/spec/classes/cinder_volume_vmdk_spec.rb index 5c452303b..2bee28091 100644 --- a/cinder/spec/classes/cinder_volume_vmdk_spec.rb +++ b/cinder/spec/classes/cinder_volume_vmdk_spec.rb @@ -2,6 +2,10 @@ describe 'cinder::volume::vmdk' do + let :facts do + @default_facts.merge({:osfamily => 'Debian'}) + end + let :params do { :host_ip => '172.16.16.16', @@ -32,7 +36,7 @@ is_expected.to contain_cinder_config('DEFAULT/vmware_max_object_retrieval').with_value(100) is_expected.to contain_cinder_config('DEFAULT/vmware_task_poll_interval').with_value(5) is_expected.to contain_cinder_config('DEFAULT/vmware_image_transfer_timeout_secs').with_value(7200) - is_expected.to_not contain_cinder_config('DEFAULT/vmware_wsdl_location') + is_expected.to contain_cinder_config('DEFAULT/vmware_wsdl_location').with_value('') end it 'marks vmware_host_password as secret' do diff --git a/cinder/spec/defines/cinder_backend_dellsc_iscsi_spec.rb b/cinder/spec/defines/cinder_backend_dellsc_iscsi_spec.rb index 0413d5be6..8572e374e 100644 --- a/cinder/spec/defines/cinder_backend_dellsc_iscsi_spec.rb +++ b/cinder/spec/defines/cinder_backend_dellsc_iscsi_spec.rb @@ -18,21 +18,27 @@ let :default_params do { - :dell_sc_api_port => 3033, + :dell_sc_api_port => '', :dell_sc_server_folder => 'srv', + :dell_sc_verify_cert => '', :dell_sc_volume_folder => 'vol', - :iscsi_port => 3260, + :iscsi_port => '', } end + let :facts do + @default_facts.merge({}) + end + shared_examples_for 'dellsc_iscsi volume driver' do let :params_hash do default_params.merge(params) end it 'configures cinder volume driver' do + is_expected.to contain_cinder__backend__dellsc_iscsi(config_group_name) params_hash.each_pair do |config,value| - is_expected.to contain_cinder_config("dellsc_iscsi/#{config}").with_value( value ) + is_expected.to contain_cinder_config("#{config_group_name}/#{config}").with_value( value ) end end end diff --git a/cinder/spec/defines/cinder_backend_eqlx_spec.rb b/cinder/spec/defines/cinder_backend_eqlx_spec.rb index 2e0be87a6..d19940e90 100644 --- a/cinder/spec/defines/cinder_backend_eqlx_spec.rb +++ b/cinder/spec/defines/cinder_backend_eqlx_spec.rb @@ -11,8 +11,8 @@ :san_login => 'grpadmin', :san_password => '12345', :volume_backend_name => 'Dell_EQLX', - :san_thin_provision => true, - :eqlx_group_name => 'group-a', + :san_thin_provision => '', + :eqlx_group_name => '', :eqlx_pool => 'apool', :eqlx_use_chap => true, :eqlx_chap_login => 'chapadm', @@ -22,8 +22,9 @@ } end - describe 'eqlx volume driver' do + shared_examples_for 'eqlx volume driver' do it 'configure eqlx volume driver' do + is_expected.to contain_cinder__backend__eqlx(config_group_name) is_expected.to contain_cinder_config( "#{config_group_name}/volume_driver").with_value( 'cinder.volume.drivers.eqlx.DellEQLSanISCSIDriver') @@ -46,4 +47,16 @@ end end + context 'eqlx backend with chap' do + before :each do + params.merge!({ + :eqlx_use_chap => true, + :eqlx_chap_login => 'myuser', + :eqlx_chap_password => 'mypass' + }) + end + it_configures 'eqlx volume driver' + end + + end diff --git a/cinder/spec/defines/cinder_backend_glusterfs_spec.rb b/cinder/spec/defines/cinder_backend_glusterfs_spec.rb index 632564275..c2db15ffc 100644 --- a/cinder/spec/defines/cinder_backend_glusterfs_spec.rb +++ b/cinder/spec/defines/cinder_backend_glusterfs_spec.rb @@ -5,6 +5,10 @@ shared_examples_for 'glusterfs volume driver' do let(:title) {'mygluster'} + let :facts do + @default_facts.merge({}) + end + let :params do { :glusterfs_shares => ['10.10.10.10:/volumes', '10.10.10.11:/volumes'], @@ -17,6 +21,10 @@ it 'configures glusterfs volume driver' do is_expected.to contain_cinder_config('mygluster/volume_driver').with_value( 'cinder.volume.drivers.glusterfs.GlusterfsDriver') + is_expected.to contain_cinder_config('mygluster/glusterfs_backup_mount_point').with_value( + '') + is_expected.to contain_cinder_config('mygluster/glusterfs_backup_share').with_value( + '') is_expected.to contain_cinder_config('mygluster/glusterfs_shares_config').with_value( '/etc/cinder/other_shares.conf') is_expected.to contain_cinder_config('mygluster/glusterfs_sparsed_volumes').with_value( @@ -30,15 +38,6 @@ ) end - context "with an parameter which has been removed" do - before do - params.merge!({ - :glusterfs_disk_util => 'foo', - }) - end - it_raises 'a Puppet::Error', /glusterfs_disk_util is removed in Icehouse./ - end - context 'glusterfs backend with additional configuration' do before do params.merge!({:extra_options => {'mygluster/param1' => { 'value' => 'value1' }}}) diff --git a/cinder/spec/defines/cinder_backend_gpfs_spec.rb b/cinder/spec/defines/cinder_backend_gpfs_spec.rb index 70d12dfb0..ca73e0fda 100644 --- a/cinder/spec/defines/cinder_backend_gpfs_spec.rb +++ b/cinder/spec/defines/cinder_backend_gpfs_spec.rb @@ -28,6 +28,10 @@ } end + let :facts do + @default_facts.merge({}) + end + shared_examples_for 'gpfs volume driver' do let :params_hash do default_params.merge(params) diff --git a/cinder/spec/defines/cinder_backend_iscsi_spec.rb b/cinder/spec/defines/cinder_backend_iscsi_spec.rb index bb7516b44..3195ba259 100644 --- a/cinder/spec/defines/cinder_backend_iscsi_spec.rb +++ b/cinder/spec/defines/cinder_backend_iscsi_spec.rb @@ -11,7 +11,7 @@ end let :facts do - {:osfamily => 'Debian'} + @default_facts.merge({:osfamily => 'Debian'}) end let :params do @@ -38,11 +38,11 @@ is_expected.to contain_cinder_config('hippo/iscsi_helper').with( :value => 'tgtadm') is_expected.to contain_cinder_config('hippo/volume_group').with( - :value => 'cinder-volumes') + :value => '') is_expected.to contain_cinder_config('hippo/volumes_dir').with( :value => '/var/lib/cinder/volumes') is_expected.to contain_cinder_config('hippo/iscsi_protocol').with( - :value => 'iscsi') + :value => '') end end diff --git a/cinder/spec/defines/cinder_backend_nfs_spec.rb b/cinder/spec/defines/cinder_backend_nfs_spec.rb index 6a4b794bb..61f8da20c 100644 --- a/cinder/spec/defines/cinder_backend_nfs_spec.rb +++ b/cinder/spec/defines/cinder_backend_nfs_spec.rb @@ -7,6 +7,7 @@ let :params do { :nfs_servers => ['10.10.10.10:/shares', '10.10.10.10:/shares2'], + :nfs_mount_attempts => '4', :nfs_mount_options => 'vers=3', :nfs_shares_config => '/etc/cinder/other_shares.conf', :nfs_disk_util => 'du', @@ -26,6 +27,8 @@ 'cinder.volume.drivers.nfs.NfsDriver') is_expected.to contain_cinder_config('hippo/nfs_shares_config').with_value( '/etc/cinder/other_shares.conf') + is_expected.to contain_cinder_config('hippo/nfs_mount_attempts').with_value( + '4') is_expected.to contain_cinder_config('hippo/nfs_mount_options').with_value( 'vers=3') is_expected.to contain_cinder_config('hippo/nfs_sparsed_volumes').with_value( diff --git a/cinder/spec/defines/cinder_backend_rbd_spec.rb b/cinder/spec/defines/cinder_backend_rbd_spec.rb index 02a26c0fa..c70225fd9 100644 --- a/cinder/spec/defines/cinder_backend_rbd_spec.rb +++ b/cinder/spec/defines/cinder_backend_rbd_spec.rb @@ -17,7 +17,11 @@ :rbd_ceph_conf => '/foo/boo/zoo/ceph.conf', :rbd_flatten_volume_from_snapshot => true, :volume_tmp_dir => '', - :rbd_max_clone_depth => '0' + :rbd_max_clone_depth => '0', + :rados_connect_timeout => '', + :rados_connection_interval => '', + :rados_connection_retries => '', + :rbd_store_chunk_size => '' } end @@ -28,7 +32,7 @@ end let :facts do - {:osfamily => 'Debian'} + @default_facts.merge({:osfamily => 'Debian'}) end describe 'rbd backend volume driver' do @@ -43,8 +47,12 @@ is_expected.to contain_cinder_config("#{req_params[:volume_backend_name]}/rbd_user").with_value(req_params[:rbd_user]) is_expected.to contain_cinder_config("#{req_params[:volume_backend_name]}/rbd_secret_uuid").with_value(req_params[:rbd_secret_uuid]) is_expected.to contain_cinder_config("#{req_params[:volume_backend_name]}/backend_host").with_value('rbd:'"#{req_params[:rbd_pool]}") + is_expected.to contain_cinder_config("#{req_params[:volume_backend_name]}/rados_connect_timeout").with_value(req_params[:rados_connect_timeout]) + is_expected.to contain_cinder_config("#{req_params[:volume_backend_name]}/rados_connection_interval").with_value(req_params[:rados_connection_interval]) + is_expected.to contain_cinder_config("#{req_params[:volume_backend_name]}/rados_connection_retries").with_value(req_params[:rados_connection_retries]) + is_expected.to contain_cinder_config("#{req_params[:volume_backend_name]}/rbd_store_chunk_size").with_value(req_params[:rbd_store_chunk_size]) is_expected.to contain_file('/etc/init/cinder-volume.override').with(:ensure => 'present') - is_expected.to contain_file_line('set initscript env').with( + is_expected.to contain_file_line('set initscript env rbd-ssd').with( :line => /env CEPH_ARGS=\"--id test\"/, :path => '/etc/init/cinder-volume.override', :notify => 'Service[cinder-volume]') @@ -54,7 +62,7 @@ let :pre_condition do "cinder::backend::rbd { 'ceph2': rbd_pool => 'volumes2', - rbd_user => 'test' + rbd_user => 'test2' }" end it { is_expected.to contain_cinder_config("#{req_params[:volume_backend_name]}/volume_driver").with_value('cinder.volume.drivers.rbd.RBDDriver') } @@ -62,7 +70,7 @@ it { is_expected.to contain_cinder_config("#{req_params[:volume_backend_name]}/rbd_user").with_value(req_params[:rbd_user]) } it { is_expected.to contain_cinder_config("ceph2/volume_driver").with_value('cinder.volume.drivers.rbd.RBDDriver') } it { is_expected.to contain_cinder_config("ceph2/rbd_pool").with_value('volumes2') } - it { is_expected.to contain_cinder_config("ceph2/rbd_user").with_value('test') } + it { is_expected.to contain_cinder_config("ceph2/rbd_user").with_value('test2') } end context 'rbd backend with additional configuration' do @@ -93,7 +101,7 @@ describe 'with RedHat' do let :facts do - { :osfamily => 'RedHat' } + @default_facts.merge({ :osfamily => 'RedHat' }) end let :params do @@ -107,7 +115,7 @@ end it 'should configure RedHat init override' do - is_expected.to contain_file_line('set initscript env').with( + is_expected.to contain_file_line('set initscript env rbd-ssd').with( :line => /export CEPH_ARGS=\"--id test\"/, :path => '/etc/sysconfig/openstack-cinder-volume', :notify => 'Service[cinder-volume]') diff --git a/cinder/spec/defines/cinder_backend_vmdk_spec.rb b/cinder/spec/defines/cinder_backend_vmdk_spec.rb index 317af91c7..92af2fe9d 100644 --- a/cinder/spec/defines/cinder_backend_vmdk_spec.rb +++ b/cinder/spec/defines/cinder_backend_vmdk_spec.rb @@ -4,11 +4,18 @@ let(:title) { 'hippo' } + let :facts do + @default_facts.merge({}) + end + let :params do { :host_ip => '172.16.16.16', :host_password => 'asdf', - :host_username => 'user' + :host_username => 'user', + :api_retry_count => '', + :max_object_retrieval => '', + :image_transfer_timeout_secs => '' } end @@ -30,11 +37,11 @@ is_expected.to contain_cinder_config('hippo/vmware_host_username').with_value(params[:host_username]) is_expected.to contain_cinder_config('hippo/vmware_host_password').with_value(params[:host_password]) is_expected.to contain_cinder_config('hippo/vmware_volume_folder').with_value('cinder-volumes') - is_expected.to contain_cinder_config('hippo/vmware_api_retry_count').with_value(10) - is_expected.to contain_cinder_config('hippo/vmware_max_object_retrieval').with_value(100) + is_expected.to contain_cinder_config('hippo/vmware_api_retry_count').with_value(params[:api_retry_count]) + is_expected.to contain_cinder_config('hippo/vmware_max_object_retrieval').with_value(params[:max_object_retrieval]) is_expected.to contain_cinder_config('hippo/vmware_task_poll_interval').with_value(5) - is_expected.to contain_cinder_config('hippo/vmware_image_transfer_timeout_secs').with_value(7200) - is_expected.to_not contain_cinder_config('hippo/vmware_wsdl_location') + is_expected.to contain_cinder_config('hippo/vmware_image_transfer_timeout_secs').with_value(params[:image_transfer_timeout_secs]) + is_expected.to contain_cinder_config('hippo/vmware_wsdl_location').with_value('') end it 'installs suds python package' do diff --git a/glance/manifests/api.pp b/glance/manifests/api.pp index 6de2116ef..c674d51e3 100644 --- a/glance/manifests/api.pp +++ b/glance/manifests/api.pp @@ -74,37 +74,15 @@ # (optional) The region for the authentication service. # If "use_user_token" is not in effect and using keystone auth, # then region name can be specified. -# Defaults to 'RegionOne'. -# -# [*auth_host*] -# (optional) DEPRECATED Host running auth service. -# Defaults to '127.0.0.1'. -# -# [*auth_url*] -# (optional) DEPRECATED Authentication URL. -# Defaults to 'http://localhost:5000/v2.0'. -# -# [*auth_port*] -# (optional) DEPRECATED Port to use for auth service on auth_host. -# Defaults to '35357'. +# Defaults to $::os_service_default. # # [*auth_uri*] # (optional) Complete public Identity API endpoint. -# Defaults to false. -# -# [*auth_admin_prefix*] -# (optional) DEPRECATED Path part of the auth url. -# This allow admin auth URIs like http://auth_host:35357/keystone/admin. -# (where '/keystone/admin' is auth_admin_prefix) -# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'. -# -# [*auth_protocol*] -# (optional) DEPRECATED Protocol to use for auth. -# Defaults to 'http'. +# Defaults to 'http://127.0.0.1:5000/'. # # [*identity_uri*] # (optional) Complete admin Identity API endpoint. -# Defaults to: false +# Defaults to 'http://127.0.0.1:35357/'. # # [*pipeline*] # (optional) Partial name of a pipeline in your paste configuration file with the @@ -181,6 +159,15 @@ # (optional) Expose image location to trusted clients. # Defaults to false. # +# [*show_multiple_locations*] +# (optional) Whether to include the backend image locations in image +# properties. +# Defaults to $::os_service_default. +# +# [*location_strategy*] +# (optional) Strategy used to determine the image location order. +# Defaults to $::os_service_default. +# # [*purge_config*] # (optional) Whether to set only the specified config options # in the api config. @@ -259,9 +246,9 @@ $scrub_time = $::os_service_default, $delayed_delete = $::os_service_default, $auth_type = 'keystone', - $auth_region = 'RegionOne', - $auth_uri = false, - $identity_uri = false, + $auth_region = $::os_service_default, + $auth_uri = 'http://127.0.0.1:5000/', + $identity_uri = 'http://127.0.0.1:35357/', $pipeline = 'keystone', $keystone_tenant = 'services', $keystone_user = 'glance', @@ -271,6 +258,8 @@ $use_stderr = undef, $log_facility = undef, $show_image_direct_url = false, + $show_multiple_locations = $::os_service_default, + $location_strategy = $::os_service_default, $purge_config = false, $cert_file = false, $key_file = false, @@ -291,12 +280,6 @@ $token_cache_time = $::os_service_default, $validate = false, $validation_options = {}, - # DEPRECATED PARAMETERS - $auth_host = '127.0.0.1', - $auth_url = 'http://localhost:5000/v2.0', - $auth_port = '35357', - $auth_admin_prefix = false, - $auth_protocol = 'http', ) inherits glance { include ::glance::policy @@ -332,20 +315,20 @@ require => Class['glance'] } - warning('Default value for auth_region parameter is different from OpenStack project defaults') - # basic service config glance_api_config { - 'DEFAULT/bind_host': value => $bind_host; - 'DEFAULT/bind_port': value => $bind_port; - 'DEFAULT/backlog': value => $backlog; - 'DEFAULT/workers': value => $workers; - 'DEFAULT/show_image_direct_url': value => $show_image_direct_url; - 'DEFAULT/scrub_time': value => $scrub_time; - 'DEFAULT/delayed_delete': value => $delayed_delete; - 'DEFAULT/image_cache_dir': value => $image_cache_dir; - 'DEFAULT/auth_region': value => $auth_region; - 'glance_store/os_region_name': value => $os_region_name; + 'DEFAULT/bind_host': value => $bind_host; + 'DEFAULT/bind_port': value => $bind_port; + 'DEFAULT/backlog': value => $backlog; + 'DEFAULT/workers': value => $workers; + 'DEFAULT/show_image_direct_url': value => $show_image_direct_url; + 'DEFAULT/show_multiple_locations': value => $show_multiple_locations; + 'DEFAULT/location_strategy': value => $location_strategy; + 'DEFAULT/scrub_time': value => $scrub_time; + 'DEFAULT/delayed_delete': value => $delayed_delete; + 'DEFAULT/image_cache_dir': value => $image_cache_dir; + 'DEFAULT/auth_region': value => $auth_region; + 'glance_store/os_region_name': value => $os_region_name; } # known_stores config @@ -379,61 +362,6 @@ 'DEFAULT/registry_port': value => $registry_port; } - if $identity_uri { - glance_api_config { 'keystone_authtoken/identity_uri': value => $identity_uri; } - } else { - glance_api_config { 'keystone_authtoken/identity_uri': ensure => absent; } - } - - if $auth_uri { - glance_api_config { 'keystone_authtoken/auth_uri': value => $auth_uri; } - } else { - glance_api_config { 'keystone_authtoken/auth_uri': value => "${auth_protocol}://${auth_host}:5000/"; } - } - - # if both auth_uri and identity_uri are set we skip these deprecated settings entirely - if !$auth_uri or !$identity_uri { - - if $auth_host { - warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.') - glance_api_config { 'keystone_authtoken/auth_host': value => $auth_host; } - } else { - glance_api_config { 'keystone_authtoken/auth_host': ensure => absent; } - } - - if $auth_port { - warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.') - glance_api_config { 'keystone_authtoken/auth_port': value => $auth_port; } - } else { - glance_api_config { 'keystone_authtoken/auth_port': ensure => absent; } - } - - if $auth_protocol { - warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.') - glance_api_config { 'keystone_authtoken/auth_protocol': value => $auth_protocol; } - } else { - glance_api_config { 'keystone_authtoken/auth_protocol': ensure => absent; } - } - - if $auth_admin_prefix { - warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.') - validate_re($auth_admin_prefix, '^(/.+[^/])?$') - glance_api_config { - 'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix; - } - } else { - glance_api_config { 'keystone_authtoken/auth_admin_prefix': ensure => absent; } - } - - } else { - glance_api_config { - 'keystone_authtoken/auth_host': ensure => absent; - 'keystone_authtoken/auth_port': ensure => absent; - 'keystone_authtoken/auth_protocol': ensure => absent; - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - } - } - # Set the pipeline, it is allowed to be blank if $pipeline != '' { validate_re($pipeline, '^(\w+([+]\w+)*)*$') @@ -454,9 +382,11 @@ 'keystone_authtoken/admin_password': value => $keystone_password, secret => true; 'keystone_authtoken/token_cache_time': value => $token_cache_time; 'keystone_authtoken/signing_dir': value => $signing_dir; + 'keystone_authtoken/auth_uri': value => $auth_uri; + 'keystone_authtoken/identity_uri': value => $identity_uri; } glance_cache_config { - 'DEFAULT/auth_url' : value => $auth_url; + 'DEFAULT/auth_url' : value => $auth_uri; 'DEFAULT/admin_tenant_name': value => $keystone_tenant; 'DEFAULT/admin_user' : value => $keystone_user; 'DEFAULT/admin_password' : value => $keystone_password, secret => true; @@ -521,7 +451,7 @@ if $validate { $defaults = { 'glance-api' => { - 'command' => "glance --os-auth-url ${auth_url} --os-tenant-name ${keystone_tenant} --os-username ${keystone_user} --os-password ${keystone_password} image-list", + 'command' => "glance --os-auth-url ${auth_uri} --os-tenant-name ${keystone_tenant} --os-username ${keystone_user} --os-password ${keystone_password} image-list", } } $validation_options_hash = merge ($defaults, $validation_options) diff --git a/glance/manifests/keystone/auth.pp b/glance/manifests/keystone/auth.pp index 469956cc0..0f3dccf64 100644 --- a/glance/manifests/keystone/auth.pp +++ b/glance/manifests/keystone/auth.pp @@ -25,7 +25,7 @@ # # [*service_name*] # Name of the service. Optional. -# Defaults to value of auth_name. +# Defaults to 'Image Service'. # # [*service_type*] # Type of service. Optional. Defaults to 'image'. @@ -106,7 +106,7 @@ $configure_endpoint = true, $configure_user = true, $configure_user_role = true, - $service_name = undef, + $service_name = 'Image Service', $service_type = 'image', $region = 'RegionOne', $tenant = 'services', @@ -182,8 +182,8 @@ $real_service_name = pick($service_name, $auth_name) if $configure_endpoint { - Keystone_endpoint["${region}/${real_service_name}"] ~> Service<| title == 'glance-api' |> - Keystone_endpoint["${region}/${real_service_name}"] -> Glance_image<||> + Keystone_endpoint["${region}/${real_service_name}::${service_type}"] ~> Service<| title == 'glance-api' |> + Keystone_endpoint["${region}/${real_service_name}::${service_type}"] -> Glance_image<||> } keystone::resource::service_identity { $auth_name: diff --git a/glance/manifests/registry.pp b/glance/manifests/registry.pp index c925b3153..3213e20c9 100644 --- a/glance/manifests/registry.pp +++ b/glance/manifests/registry.pp @@ -71,29 +71,13 @@ # [*auth_type*] # (optional) Authentication type. Defaults to 'keystone'. # -# [*auth_host*] -# (optional) DEPRECATED Address of the admin authentication endpoint. -# Defaults to '127.0.0.1'. -# -# [*auth_port*] -# (optional) DEPRECATED Port of the admin authentication endpoint. Defaults to '35357'. -# -# [*auth_admin_prefix*] -# (optional) DEPRECATED path part of the auth url. -# This allow admin auth URIs like http://auth_host:35357/keystone/admin. -# (where '/keystone/admin' is auth_admin_prefix) -# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'. -# -# [*auth_protocol*] -# (optional) DEPRECATED Protocol to communicate with the admin authentication endpoint. -# Defaults to 'http'. Should be 'http' or 'https'. -# # [*auth_uri*] # (optional) Complete public Identity API endpoint. +# Defaults to 'http://127.0.0.1:5000/'. # # [*identity_uri*] # (optional) Complete admin Identity API endpoint. -# Defaults to: false +# Defaults to 'http://127.0.0.1:35357/'. # # [*keystone_tenant*] # (optional) administrative tenant name to connect to keystone. @@ -151,7 +135,7 @@ # # [*os_region_name*] # (optional) Sets the keystone region to use. -# Defaults to 'RegionOne'. +# Defaults to $::os_service_default. # # [*signing_dir*] # Directory used to cache files related to PKI tokens. @@ -181,8 +165,8 @@ $database_retry_interval = undef, $database_max_overflow = undef, $auth_type = 'keystone', - $auth_uri = false, - $identity_uri = false, + $auth_uri = 'http://127.0.0.1:5000/', + $identity_uri = 'http://127.0.0.1:35357/', $keystone_tenant = 'services', $keystone_user = 'glance', $pipeline = 'keystone', @@ -196,14 +180,9 @@ $key_file = false, $ca_file = false, $sync_db = true, - $os_region_name = 'RegionOne', + $os_region_name = $::os_service_default, $signing_dir = $::os_service_default, $token_cache_time = $::os_service_default, - # DEPRECATED PARAMETERS - $auth_host = '127.0.0.1', - $auth_port = '35357', - $auth_admin_prefix = false, - $auth_protocol = 'http', ) inherits glance { include ::glance::registry::logging @@ -232,8 +211,6 @@ require => Class['glance'] } - warning('Default value for os_region_name parameter is different from OpenStack project defaults') - glance_registry_config { 'DEFAULT/workers': value => $workers; 'DEFAULT/bind_host': value => $bind_host; @@ -241,61 +218,6 @@ 'glance_store/os_region_name': value => $os_region_name; } - if $identity_uri { - glance_registry_config { 'keystone_authtoken/identity_uri': value => $identity_uri; } - } else { - glance_registry_config { 'keystone_authtoken/identity_uri': ensure => absent; } - } - - if $auth_uri { - glance_registry_config { 'keystone_authtoken/auth_uri': value => $auth_uri; } - } else { - glance_registry_config { 'keystone_authtoken/auth_uri': value => "${auth_protocol}://${auth_host}:5000/"; } - } - - # if both auth_uri and identity_uri are set we skip these deprecated settings entirely - if !$auth_uri or !$identity_uri { - - if $auth_host { - warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.') - glance_registry_config { 'keystone_authtoken/auth_host': value => $auth_host; } - } else { - glance_registry_config { 'keystone_authtoken/auth_host': ensure => absent; } - } - - if $auth_port { - warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.') - glance_registry_config { 'keystone_authtoken/auth_port': value => $auth_port; } - } else { - glance_registry_config { 'keystone_authtoken/auth_port': ensure => absent; } - } - - if $auth_protocol { - warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.') - glance_registry_config { 'keystone_authtoken/auth_protocol': value => $auth_protocol; } - } else { - glance_registry_config { 'keystone_authtoken/auth_protocol': ensure => absent; } - } - - if $auth_admin_prefix { - warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.') - validate_re($auth_admin_prefix, '^(/.+[^/])?$') - glance_registry_config { - 'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix; - } - } else { - glance_registry_config { 'keystone_authtoken/auth_admin_prefix': ensure => absent; } - } - - } else { - glance_registry_config { - 'keystone_authtoken/auth_host': ensure => absent; - 'keystone_authtoken/auth_port': ensure => absent; - 'keystone_authtoken/auth_protocol': ensure => absent; - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - } - } - # Set the pipeline, it is allowed to be blank if $pipeline != '' { validate_re($pipeline, '^(\w+([+]\w+)*)*$') @@ -316,6 +238,8 @@ 'keystone_authtoken/admin_password': value => $keystone_password, secret => true; 'keystone_authtoken/token_cache_time': value => $token_cache_time; 'keystone_authtoken/signing_dir': value => $signing_dir; + 'keystone_authtoken/auth_uri': value => $auth_uri; + 'keystone_authtoken/identity_uri': value => $identity_uri; } } diff --git a/glance/spec/acceptance/basic_glance_spec.rb b/glance/spec/acceptance/basic_glance_spec.rb index 87847edb3..fc0a03f5e 100644 --- a/glance/spec/acceptance/basic_glance_spec.rb +++ b/glance/spec/acceptance/basic_glance_spec.rb @@ -42,7 +42,7 @@ class { '::glance::registry': EOS it 'should configure the glance endpoint before the glance-api service uses it' do - pp2 = pp + "Service['glance-api'] -> Keystone_endpoint['RegionOne/glance']" + pp2 = pp + "Service['glance-api'] -> Keystone_endpoint['RegionOne/Image Service::image']" expect(apply_manifest(pp2, :expect_failures => true, :noop => true).stderr).to match(/Found 1 dependency cycle/i) end diff --git a/glance/spec/classes/glance_api_db_spec.rb b/glance/spec/classes/glance_api_db_spec.rb index f7de6b97a..0fff291fb 100644 --- a/glance/spec/classes/glance_api_db_spec.rb +++ b/glance/spec/classes/glance_api_db_spec.rb @@ -76,7 +76,10 @@ context 'on Redhat platforms' do let :facts do - @default_facts.merge({ :osfamily => 'RedHat' }) + @default_facts.merge({ + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + }) end it_configures 'glance::api::db' diff --git a/glance/spec/classes/glance_api_spec.rb b/glance/spec/classes/glance_api_spec.rb index 95437dad7..2a5cbd9df 100644 --- a/glance/spec/classes/glance_api_spec.rb +++ b/glance/spec/classes/glance_api_spec.rb @@ -22,19 +22,18 @@ :log_file => '/var/log/glance/api.log', :log_dir => '/var/log/glance', :auth_type => 'keystone', - :auth_region => 'RegionOne', + :auth_region => '', :enabled => true, :manage_service => true, :backlog => '4096', :workers => '7', - :auth_host => '127.0.0.1', - :auth_port => '35357', - :auth_protocol => 'http', :keystone_tenant => 'services', :keystone_user => 'glance', :keystone_password => 'ChangeMe', :token_cache_time => '', :show_image_direct_url => false, + :show_multiple_locations => '', + :location_strategy => '', :purge_config => false, :known_stores => false, :delayed_delete => '', @@ -45,6 +44,8 @@ :os_region_name => 'RegionOne', :signing_dir => '', :pipeline => 'keystone', + :auth_uri => 'http://127.0.0.1:5000/', + :identity_uri => 'http://127.0.0.1:35357/', } end @@ -62,14 +63,13 @@ :enabled => false, :backlog => '4095', :workers => '5', - :auth_host => '127.0.0.2', - :auth_port => '35358', - :auth_protocol => 'https', :keystone_tenant => 'admin2', :keystone_user => 'admin2', :keystone_password => 'ChangeMe2', :token_cache_time => '300', :show_image_direct_url => true, + :show_multiple_locations => true, + :location_strategy => 'store_type', :delayed_delete => 'true', :scrub_time => '10', :image_cache_dir => '/tmp/glance', @@ -78,6 +78,8 @@ :os_region_name => 'RegionOne2', :signing_dir => '/path/to/dir', :pipeline => 'keystone2', + :auth_uri => 'http://127.0.0.1:5000/v2.0', + :identity_uri => 'http://127.0.0.1:35357/v2.0', } ].each do |param_set| @@ -116,6 +118,8 @@ 'registry_port', 'registry_client_protocol', 'show_image_direct_url', + 'show_multiple_locations', + 'location_strategy', 'delayed_delete', 'scrub_time', 'image_cache_dir', @@ -151,22 +155,11 @@ is_expected.to contain_glance_api_config('DEFAULT/key_file').with_ensure('absent') end - it 'is_expected.to lay down default auth config' do - [ - 'auth_host', - 'auth_port', - 'auth_protocol' - ].each do |config| - is_expected.to contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern]) - end - end - it { is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') } - it 'is_expected.to configure itself for keystone if that is the auth_type' do if params[:auth_type] == 'keystone' is_expected.to contain('paste_deploy/flavor').with_value('keystone+cachemanagement') - ['admin_tenant_name', 'admin_user', 'admin_password', 'token_cache_time', 'signing_dir'].each do |config| + ['admin_tenant_name', 'admin_user', 'admin_password', 'token_cache_time', 'signing_dir', 'auth_uri', 'identity_uri'].each do |config| is_expected.to contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern]) end is_expected.to contain_glance_api_config('keystone_authtoken/admin_password').with_value(param_hash[:keystone_password]).with_secret(true) @@ -241,38 +234,6 @@ end end - describe 'with overriden auth_admin_prefix' do - let :params do - { - :keystone_password => 'ChangeMe', - :auth_admin_prefix => '/keystone/main' - } - end - - it { is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') } - end - - [ - '/keystone/', - 'keystone/', - 'keystone', - '/keystone/admin/', - 'keystone/admin/', - 'keystone/admin' - ].each do |auth_admin_prefix| - describe "with auth_admin_prefix_containing incorrect value #{auth_admin_prefix}" do - let :params do - { - :keystone_password => 'ChangeMe', - :auth_admin_prefix => auth_admin_prefix - } - end - - it { expect { is_expected.to contain_glance_api_config('filter:authtoken/auth_admin_prefix') }.to\ - raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) } - end - end - describe 'with ssl options' do let :params do default_params.merge({ @@ -317,7 +278,7 @@ :provider => 'shell', :tries => '10', :try_sleep => '2', - :command => 'glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name services --os-username glance --os-password ChangeMe image-list', + :command => 'glance --os-auth-url http://127.0.0.1:5000/ --os-tenant-name services --os-username glance --os-password ChangeMe image-list', )} it { is_expected.to contain_anchor('create glance-api anchor').with( @@ -345,47 +306,6 @@ )} end - describe 'with identity and auth settings' do - let :params do - { - :keystone_password => 'ChangeMe', - } - end - context 'with custom keystone identity_uri' do - let :params do - default_params.merge!({ - :identity_uri => 'https://foo.bar:1234/', - }) - end - it 'configures identity_uri' do - is_expected.to contain_glance_api_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/"); - # since only identity_uri is set the deprecated auth parameters is_expected.to - # still get set in case they are still in use - is_expected.to contain_glance_api_config('keystone_authtoken/auth_host').with_value('127.0.0.1'); - is_expected.to contain_glance_api_config('keystone_authtoken/auth_port').with_value('35357'); - is_expected.to contain_glance_api_config('keystone_authtoken/auth_protocol').with_value('http'); - end - end - - context 'with custom keystone identity_uri and auth_uri' do - let :params do - default_params.merge!({ - :identity_uri => 'https://foo.bar:35357/', - :auth_uri => 'https://foo.bar:5000/v2.0/', - }) - end - it 'configures identity_uri' do - is_expected.to contain_glance_api_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/"); - is_expected.to contain_glance_api_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/"); - is_expected.to contain_glance_api_config('keystone_authtoken/auth_host').with_ensure('absent') - is_expected.to contain_glance_api_config('keystone_authtoken/auth_port').with_ensure('absent') - is_expected.to contain_glance_api_config('keystone_authtoken/auth_protocol').with_ensure('absent') - is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') - end - end - end - - describe 'on Debian platforms' do let :facts do @default_facts.merge({ diff --git a/glance/spec/classes/glance_keystone_auth_spec.rb b/glance/spec/classes/glance_keystone_auth_spec.rb index 55bfb5e91..883787c7f 100644 --- a/glance/spec/classes/glance_keystone_auth_spec.rb +++ b/glance/spec/classes/glance_keystone_auth_spec.rb @@ -18,13 +18,12 @@ :roles => ['admin'] ) } - it { is_expected.to contain_keystone_service('glance').with( + it { is_expected.to contain_keystone_service('Image Service::image').with( :ensure => 'present', - :type => 'image', :description => 'OpenStack Image Service' ) } - it { is_expected.to contain_keystone_endpoint('RegionOne/glance').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/Image Service::image').with( :ensure => 'present', :public_url => 'http://127.0.0.1:9292', :admin_url => 'http://127.0.0.1:9292', @@ -53,9 +52,8 @@ :roles => ['admin'] ) } - it { is_expected.to contain_keystone_service('glancey').with( + it { is_expected.to contain_keystone_service('Image Service::imagey').with( :ensure => 'present', - :type => 'imagey', :description => 'OpenStack Image Service' ) } @@ -70,7 +68,7 @@ :admin_url => 'https://10.10.10.12:81/v2' } end - it { is_expected.to contain_keystone_endpoint('RegionTwo/glance').with( + it { is_expected.to contain_keystone_endpoint('RegionTwo/Image Service::image').with( :ensure => 'present', :public_url => 'https://10.10.10.10:81/v2', :internal_url => 'https://10.10.10.11:81/v2', @@ -94,7 +92,7 @@ } end - it { is_expected.to contain_keystone_endpoint('RegionTwo/glance').with( + it { is_expected.to contain_keystone_endpoint('RegionTwo/Image Service::image').with( :ensure => 'present', :public_url => 'https://10.0.0.1:9393', :admin_url => 'https://10.0.0.2:9393', @@ -112,7 +110,7 @@ } end - it { is_expected.to_not contain_keystone_endpoint('RegionOne/glance') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/Image Service::image') } end describe 'when disabling user configuration' do @@ -127,9 +125,8 @@ it { is_expected.to contain_keystone_user_role('glance@services') } - it { is_expected.to contain_keystone_service('glance').with( + it { is_expected.to contain_keystone_service('Image Service::image').with( :ensure => 'present', - :type => 'image', :description => 'OpenStack Image Service' ) } end @@ -147,9 +144,8 @@ it { is_expected.to_not contain_keystone_user_role('glance@services') } - it { is_expected.to contain_keystone_service('glance').with( + it { is_expected.to contain_keystone_service('Image Service::image').with( :ensure => 'present', - :type => 'image', :description => 'OpenStack Image Service' ) } end @@ -172,7 +168,7 @@ } end - it { is_expected.to contain_keystone_endpoint('RegionOne/glance').with_notify(["Service[glance-api]"]) } + it { is_expected.to contain_keystone_endpoint('RegionOne/Image Service::image').with_notify(["Service[glance-api]"]) } end describe 'when overriding service name' do @@ -186,8 +182,8 @@ it { is_expected.to contain_keystone_user('glance') } it { is_expected.to contain_keystone_user_role('glance@services') } - it { is_expected.to contain_keystone_service('glance_service') } - it { is_expected.to contain_keystone_endpoint('RegionOne/glance_service') } + it { is_expected.to contain_keystone_service('glance_service::image') } + it { is_expected.to contain_keystone_endpoint('RegionOne/glance_service::image') } end diff --git a/glance/spec/classes/glance_registry_db_spec.rb b/glance/spec/classes/glance_registry_db_spec.rb index 9dc1f21b9..7e274cf36 100644 --- a/glance/spec/classes/glance_registry_db_spec.rb +++ b/glance/spec/classes/glance_registry_db_spec.rb @@ -76,7 +76,10 @@ context 'on Redhat platforms' do let :facts do - @default_facts.merge({ :osfamily => 'RedHat' }) + @default_facts.merge({ + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + }) end it_configures 'glance::registry::db' diff --git a/glance/spec/classes/glance_registry_spec.rb b/glance/spec/classes/glance_registry_spec.rb index f1ad7046c..47b11b646 100644 --- a/glance/spec/classes/glance_registry_spec.rb +++ b/glance/spec/classes/glance_registry_spec.rb @@ -21,16 +21,14 @@ :enabled => true, :manage_service => true, :auth_type => 'keystone', - :auth_host => '127.0.0.1', - :auth_port => '35357', - :auth_protocol => 'http', :auth_uri => 'http://127.0.0.1:5000/', + :identity_uri => 'http://127.0.0.1:35357/', :keystone_tenant => 'services', :keystone_user => 'glance', :keystone_password => 'ChangeMe', :purge_config => false, :sync_db => true, - :os_region_name => 'RegionOne', + :os_region_name => '', :signing_dir => '', :token_cache_time => '', } @@ -44,10 +42,8 @@ :workers => '5', :enabled => false, :auth_type => 'keystone', - :auth_host => '127.0.0.1', - :auth_port => '35357', - :auth_protocol => 'http', - :auth_uri => 'http://127.0.0.1:5000/', + :auth_uri => 'http://127.0.0.1:5000/v2.0', + :identity_uri => 'http://127.0.0.1:35357/v2.0', :keystone_tenant => 'admin', :keystone_user => 'admin', :keystone_password => 'ChangeMe', @@ -96,13 +92,11 @@ is_expected.to contain_glance_registry_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) end [ - 'auth_host', - 'auth_port', - 'auth_protocol' + 'auth_uri', + 'identity_uri' ].each do |config| is_expected.to contain_glance_registry_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern]) end - is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') if param_hash[:auth_type] == 'keystone' is_expected.to contain_glance_registry_config("paste_deploy/flavor").with_value('keystone') is_expected.to contain_glance_registry_config("keystone_authtoken/admin_tenant_name").with_value(param_hash[:keystone_tenant]) @@ -188,38 +182,6 @@ end end - describe 'with overriden auth_admin_prefix' do - let :params do - { - :keystone_password => 'ChangeMe', - :auth_admin_prefix => '/keystone/main' - } - end - - it { is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') } - end - - [ - '/keystone/', - 'keystone/', - 'keystone', - '/keystone/admin/', - 'keystone/admin/', - 'keystone/admin' - ].each do |auth_admin_prefix| - describe "with auth_admin_prefix_containing incorrect value #{auth_admin_prefix}" do - let :params do - { - :keystone_password => 'ChangeMe', - :auth_admin_prefix => auth_admin_prefix - } - end - - it { expect { is_expected.to contain_glance_registry_config('filter:authtoken/auth_admin_prefix') }.to\ - raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) } - end - end - describe 'with ssl options' do let :params do default_params.merge({ @@ -236,47 +198,6 @@ end end - - describe 'with identity and auth settings' do - let :params do - { - :keystone_password => 'ChangeMe', - } - end - context 'with custom keystone identity_uri' do - before do - params.merge!({ - :identity_uri => 'https://foo.bar:1234/', - }) - end - it 'configures identity_uri' do - is_expected.to contain_glance_registry_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/"); - # since only auth_uri is set the deprecated auth parameters is_expected.to - # still get set in case they are still in use - is_expected.to contain_glance_registry_config('keystone_authtoken/auth_host').with_value('127.0.0.1'); - is_expected.to contain_glance_registry_config('keystone_authtoken/auth_port').with_value('35357'); - is_expected.to contain_glance_registry_config('keystone_authtoken/auth_protocol').with_value('http'); - end - end - - context 'with custom keystone identity_uri and auth_uri' do - before do - params.merge!({ - :identity_uri => 'https://foo.bar:35357/', - :auth_uri => 'https://foo.bar:5000/v2.0/', - }) - end - it 'configures identity_uri' do - is_expected.to contain_glance_registry_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/"); - is_expected.to contain_glance_registry_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/"); - is_expected.to contain_glance_registry_config('keystone_authtoken/auth_host').with_ensure('absent') - is_expected.to contain_glance_registry_config('keystone_authtoken/auth_port').with_ensure('absent') - is_expected.to contain_glance_registry_config('keystone_authtoken/auth_protocol').with_ensure('absent') - is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') - end - end - end - describe 'on Debian platforms' do let :facts do @default_facts.merge({ diff --git a/gnocchi/spec/classes/gnocchi_keystone_auth_spec.rb b/gnocchi/spec/classes/gnocchi_keystone_auth_spec.rb index ae76fb968..e5d53aefe 100644 --- a/gnocchi/spec/classes/gnocchi_keystone_auth_spec.rb +++ b/gnocchi/spec/classes/gnocchi_keystone_auth_spec.rb @@ -26,13 +26,12 @@ :roles => ['admin'] )} - it { is_expected.to contain_keystone_service('gnocchi').with( + it { is_expected.to contain_keystone_service('gnocchi::metric').with( :ensure => 'present', - :type => 'metric', :description => 'OpenStack Metric Service' ) } - it { is_expected.to contain_keystone_endpoint('RegionOne/gnocchi').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/gnocchi::metric').with( :ensure => 'present', :public_url => 'http://127.0.0.1:8041', :admin_url => 'http://127.0.0.1:8041', @@ -48,7 +47,7 @@ :admin_url => 'http://10.10.10.12:81' } end - it { is_expected.to contain_keystone_endpoint('RegionOne/gnocchi').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/gnocchi::metric').with( :ensure => 'present', :public_url => 'https://10.10.10.10:80', :internal_url => 'http://10.10.10.11:81', @@ -64,8 +63,8 @@ it { is_expected.to contain_keystone_user('gnocchiany') } it { is_expected.to contain_keystone_user_role('gnocchiany@services') } - it { is_expected.to contain_keystone_service('gnocchiany') } - it { is_expected.to contain_keystone_endpoint('RegionOne/gnocchiany') } + it { is_expected.to contain_keystone_service('gnocchiany::metric') } + it { is_expected.to contain_keystone_endpoint('RegionOne/gnocchiany::metric') } end describe 'when overriding service name' do @@ -77,8 +76,8 @@ it { is_expected.to contain_keystone_user('gnocchi') } it { is_expected.to contain_keystone_user_role('gnocchi@services') } - it { is_expected.to contain_keystone_service('gnocchi_service') } - it { is_expected.to contain_keystone_endpoint('RegionOne/gnocchi_service') } + it { is_expected.to contain_keystone_service('gnocchi_service::metric') } + it { is_expected.to contain_keystone_endpoint('RegionOne/gnocchi_service::metric') } end describe 'when disabling user configuration' do @@ -92,9 +91,8 @@ it { is_expected.not_to contain_keystone_user('gnocchi') } it { is_expected.to contain_keystone_user_role('gnocchi@services') } - it { is_expected.to contain_keystone_service('gnocchi').with( + it { is_expected.to contain_keystone_service('gnocchi::metric').with( :ensure => 'present', - :type => 'metric', :description => 'OpenStack Metric Service' ) } @@ -112,9 +110,8 @@ it { is_expected.not_to contain_keystone_user('gnocchi') } it { is_expected.not_to contain_keystone_user_role('gnocchi@services') } - it { is_expected.to contain_keystone_service('gnocchi').with( + it { is_expected.to contain_keystone_service('gnocchi::metric').with( :ensure => 'present', - :type => 'metric', :description => 'OpenStack Metric Service' ) } diff --git a/heat/manifests/config.pp b/heat/manifests/config.pp index 173744d16..79bb6cba0 100644 --- a/heat/manifests/config.pp +++ b/heat/manifests/config.pp @@ -6,7 +6,7 @@ # # [*heat_config*] # (optional) Allow configuration of arbitrary Heat configurations. -# The value is an hash of heat_config resources. Example: +# The value is a hash of heat_config resources. Example: # { 'DEFAULT/foo' => { value => 'fooValue'}, # 'DEFAULT/bar' => { value => 'barValue'} # } diff --git a/heat/spec/classes/heat_keystone_auth_cfn_spec.rb b/heat/spec/classes/heat_keystone_auth_cfn_spec.rb index 0f9bba321..80af096eb 100644 --- a/heat/spec/classes/heat_keystone_auth_cfn_spec.rb +++ b/heat/spec/classes/heat_keystone_auth_cfn_spec.rb @@ -45,15 +45,14 @@ end it 'configures heat service' do - is_expected.to contain_keystone_service( params[:auth_name] ).with( + is_expected.to contain_keystone_service("#{params[:auth_name]}::#{params[:service_type]}").with( :ensure => 'present', - :type => params[:service_type], :description => 'Openstack Cloudformation Service' ) end it 'configure heat endpoints' do - is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}").with( + is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}::#{params[:service_type]}").with( :ensure => 'present', :public_url => params[:public_url], :admin_url => params[:admin_url], @@ -67,7 +66,7 @@ :configure_service => false }) end - it { is_expected.to_not contain_keystone_service("#{params[:region]}/#{params[:auth_name]}") } + it { is_expected.to_not contain_keystone_service("#{params[:auth_name]}::#{params[:service_type]}") } end end @@ -85,7 +84,7 @@ }) end - it { is_expected.to contain_keystone_endpoint('RegionOne/heat-cfn').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/heat-cfn::cloudformation').with( :ensure => 'present', :public_url => "#{params[:public_protocol]}://#{params[:public_address]}:#{params[:port]}/#{params[:version]}", :admin_url => "#{params[:admin_protocol]}://#{params[:admin_address]}:#{params[:port]}/#{params[:version]}", @@ -106,10 +105,10 @@ is_expected.to contain_keystone_user_role('heat-cfn@services') end it 'configures correct service name' do - is_expected.to contain_keystone_service('heat-cfn_service') + is_expected.to contain_keystone_service('heat-cfn_service::cloudformation') end it 'configures correct endpoint name' do - is_expected.to contain_keystone_endpoint('RegionOne/heat-cfn_service') + is_expected.to contain_keystone_endpoint('RegionOne/heat-cfn_service::cloudformation') end end @@ -121,9 +120,8 @@ it { is_expected.to_not contain_keystone_user('heat_cfn') } it { is_expected.to contain_keystone_user_role('heat-cfn@services') } - it { is_expected.to contain_keystone_service('heat-cfn').with( + it { is_expected.to contain_keystone_service('heat-cfn::cloudformation').with( :ensure => 'present', - :type => 'cloudformation', :description => 'Openstack Cloudformation Service' )} end @@ -139,9 +137,8 @@ it { is_expected.to_not contain_keystone_user('heat_cfn') } it { is_expected.to_not contain_keystone_user_role('heat-cfn@services') } - it { is_expected.to contain_keystone_service('heat-cfn').with( + it { is_expected.to contain_keystone_service('heat-cfn::cloudformation').with( :ensure => 'present', - :type => 'cloudformation', :description => 'Openstack Cloudformation Service' )} end diff --git a/heat/spec/classes/heat_keystone_auth_spec.rb b/heat/spec/classes/heat_keystone_auth_spec.rb index 6d9e1a8e2..84e1a5f49 100644 --- a/heat/spec/classes/heat_keystone_auth_spec.rb +++ b/heat/spec/classes/heat_keystone_auth_spec.rb @@ -17,7 +17,7 @@ before do params.merge!({:configure_service => false}) end - it { is_expected.to_not contain_keystone_service('RegionOne/heat') } + it { is_expected.to_not contain_keystone_service('heat::orchestration') } end context 'with overridden parameters' do @@ -61,15 +61,14 @@ end it 'configures heat service' do - is_expected.to contain_keystone_service( params[:auth_name] ).with( + is_expected.to contain_keystone_service("#{params[:auth_name]}::#{params[:service_type]}").with( :ensure => 'present', - :type => params[:service_type], :description => 'Openstack Orchestration Service' ) end it 'configure heat endpoints' do - is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}").with( + is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}::#{params[:service_type]}").with( :ensure => 'present', :public_url => params[:public_url], :admin_url => params[:admin_url], @@ -92,7 +91,7 @@ }) end - it { is_expected.to contain_keystone_endpoint('RegionOne/heat').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/heat::orchestration').with( :ensure => 'present', :public_url => "#{params[:public_protocol]}://#{params[:public_address]}:#{params[:port]}/#{params[:version]}/%(tenant_id)s", :admin_url => "#{params[:admin_protocol]}://#{params[:admin_address]}:#{params[:port]}/#{params[:version]}/%(tenant_id)s", @@ -113,10 +112,10 @@ is_expected.to contain_keystone_user_role('heat@services') end it 'configures correct service name' do - is_expected.to contain_keystone_service('heat_service') + is_expected.to contain_keystone_service('heat_service::orchestration') end it 'configures correct endpoint name' do - is_expected.to contain_keystone_endpoint('RegionOne/heat_service') + is_expected.to contain_keystone_endpoint('RegionOne/heat_service::orchestration') end end @@ -128,9 +127,8 @@ it { is_expected.to_not contain_keystone_user('heat') } it { is_expected.to contain_keystone_user_role('heat@services') } - it { is_expected.to contain_keystone_service('heat').with( + it { is_expected.to contain_keystone_service('heat::orchestration').with( :ensure => 'present', - :type => 'orchestration', :description => 'Openstack Orchestration Service' )} end @@ -146,9 +144,8 @@ it { is_expected.to_not contain_keystone_user('heat') } it { is_expected.to_not contain_keystone_user_role('heat@services') } - it { is_expected.to contain_keystone_service('heat').with( + it { is_expected.to contain_keystone_service('heat::orchestration').with( :ensure => 'present', - :type => 'orchestration', :description => 'Openstack Orchestration Service' )} end diff --git a/horizon/README.md b/horizon/README.md index e358aed32..2a8b175c9 100644 --- a/horizon/README.md +++ b/horizon/README.md @@ -23,22 +23,22 @@ Module Description The horizon module is a thorough attempt to make Puppet capable of managing the entirety of horizon. Horizon is a fairly classic django application, which results in a fairly simply Puppet module. -This module is tested in combination with other modules needed to build and leverage an entire Openstack software stack. These modules can be found, all pulled together in the [openstack module](https://github.com/stackforge/puppet-openstack). +This module is tested in combination with other modules needed to build and leverage an entire Openstack software stack. Setup ----- **What the horizon module affects** -* horizon, the dashboard service for Openstack. +* [Horizon](https://wiki.openstack.org/wiki/Horizon), the dashboard service for Openstack. ### Installing horizon - example% puppet module install openstack/horizon + puppet module install openstack/horizon ### Beginning with horizon -To utilize the horizon module's functionality you will need to declare multiple resources but you'll find that doing so is much less complicated than the other OpenStack component modules. The following is a modified excerpt from the [openstack module](https://github.com/stackforge/puppet-openstack). We recommend you consult and understand the [openstack module](https://github.com/stackforge/puppet-openstack) and the [core openstack](http://docs.openstack.org) documentation. +To utilize the horizon module's functionality you will need to declare multiple resources but you'll find that doing so is much less complicated than the other OpenStack component modules. We recommend you consult and understand the [core openstack](http://docs.openstack.org) documentation. **Define a horizon dashboard** diff --git a/horizon/manifests/init.pp b/horizon/manifests/init.pp index 89f316f7a..15779bf82 100644 --- a/horizon/manifests/init.pp +++ b/horizon/manifests/init.pp @@ -256,6 +256,11 @@ # of data fetched by default when rendering the Overview panel. # Defaults to undef. # +# [*session_timeout*] +# (optional) The session timeout for horizon in seconds. After this manys seconds of inavtivity +# the user is logged out. +# Defaults to 1800. +# # === Examples # # class { 'horizon': @@ -316,6 +321,7 @@ $keystone_default_domain = undef, $image_backend = {}, $overview_days_range = undef, + $session_timeout = 1800, # DEPRECATED PARAMETERS $can_set_mount_point = undef, $vhost_extra_params = undef, diff --git a/horizon/manifests/wsgi/apache.pp b/horizon/manifests/wsgi/apache.pp index 67b34dfa3..f9e8424dc 100644 --- a/horizon/manifests/wsgi/apache.pp +++ b/horizon/manifests/wsgi/apache.pp @@ -27,6 +27,12 @@ # [*listen_ssl*] # (optional) Enable SSL support in Apache. (Defaults to false) # +# [*http_port*] +# (optional) Port to use for the HTTP virtual host. (Defaults to 80) +# +# [*https_port*] +# (optional) Port to use for the HTTPS virtual host. (Defaults to 443) +# # [*horizon_cert*] # (required with listen_ssl) Certificate to use for SSL support. # @@ -75,6 +81,8 @@ $servername = $::fqdn, $server_aliases = $::fqdn, $listen_ssl = false, + $http_port = 80, + $https_port = 443, $ssl_redirect = true, $horizon_cert = undef, $horizon_key = undef, @@ -188,7 +196,7 @@ alias => "${$::horizon::params::root_url}/static", path => '/usr/share/openstack-dashboard/static', }], - port => 80, + port => $http_port, ssl_cert => $horizon_cert, ssl_key => $horizon_key, ssl_ca => $horizon_ca, @@ -224,7 +232,7 @@ error_log_file => 'horizon_ssl_error.log', priority => $priority, ssl => true, - port => 443, + port => $https_port, ensure => $ensure_ssl_vhost, wsgi_daemon_process => 'horizon-ssl', wsgi_process_group => 'horizon-ssl', diff --git a/horizon/spec/classes/horizon_init_spec.rb b/horizon/spec/classes/horizon_init_spec.rb index b40f2b8f9..1cbf1796b 100644 --- a/horizon/spec/classes/horizon_init_spec.rb +++ b/horizon/spec/classes/horizon_init_spec.rb @@ -118,7 +118,8 @@ :api_versions => {'identity' => 3}, :keystone_multidomain_support => true, :keystone_default_domain => 'domain.tld', - :overview_days_range => 1 + :overview_days_range => 1, + :session_timeout => 1800, }) end @@ -156,6 +157,7 @@ "CUSTOM_THEME_PATH = 'static/themes/green'", " 'level': 'DEBUG',", " 'handlers': ['syslog'],", + "SESSION_TIMEOUT = 1800", 'COMPRESS_OFFLINE = False', "FILE_UPLOAD_TEMP_DIR = '/var/spool/horizon'", "OVERVIEW_DAYS_RANGE = 1" diff --git a/horizon/spec/classes/horizon_wsgi_apache_spec.rb b/horizon/spec/classes/horizon_wsgi_apache_spec.rb index 10de39413..a0d70066a 100644 --- a/horizon/spec/classes/horizon_wsgi_apache_spec.rb +++ b/horizon/spec/classes/horizon_wsgi_apache_spec.rb @@ -43,6 +43,7 @@ 'serveraliases' => ['*'], 'docroot' => '/var/www/', 'ssl' => 'false', + 'port' => '80', 'redirectmatch_status' => 'permanent', 'redirectmatch_regexp' => '^/$', 'redirectmatch_dest' => platforms_params[:root_url], @@ -77,6 +78,7 @@ 'serveraliases' => ['*'], 'docroot' => '/var/www/', 'ssl' => 'false', + 'port' => '80', 'redirectmatch_status' => 'temp', 'redirectmatch_regexp' => '^/$', 'redirectmatch_dest' => platforms_params[:root_url], @@ -111,6 +113,7 @@ 'serveraliases' => ['*'], 'docroot' => '/var/www/', 'ssl' => 'true', + 'port' => '443', 'ssl_cert' => '/etc/pki/tls/certs/httpd.crt', 'ssl_key' => '/etc/pki/tls/private/httpd.key', 'ssl_ca' => '/etc/pki/tls/certs/ca.crt', @@ -130,6 +133,7 @@ 'serveraliases' => ['*'], 'docroot' => '/var/www/', 'ssl' => 'false', + 'port' => '80', 'redirectmatch_status' => 'permanent', 'redirectmatch_regexp' => '(.*)', 'redirectmatch_dest' => 'https://some.host.tld', diff --git a/horizon/templates/local_settings.py.erb b/horizon/templates/local_settings.py.erb index 4cd1f929a..30498ad55 100644 --- a/horizon/templates/local_settings.py.erb +++ b/horizon/templates/local_settings.py.erb @@ -617,6 +617,8 @@ LOGIN_URL = '<%= scope.lookupvar("horizon::params::root_url") %>/auth/login/' LOGOUT_URL = '<%= scope.lookupvar("horizon::params::root_url") %>/auth/logout/' LOGIN_REDIRECT_URL = '<%= scope.lookupvar("horizon::params::root_url") %>' +SESSION_TIMEOUT = <%= @session_timeout %> + # The Ubuntu package includes pre-compressed JS and compiled CSS to allow # offline compression by default. To enable online compression, install # the python-lesscpy package and disable the following option. diff --git a/ironic/manifests/init.pp b/ironic/manifests/init.pp index c48b1703c..003bab83d 100644 --- a/ironic/manifests/init.pp +++ b/ironic/manifests/init.pp @@ -110,9 +110,6 @@ # Use durable queues in amqp. # (Optional) Defaults to false. # -# [*rabbit_virtual_host*] -# (optional) Various rabbitmq settings -# # [*rabbit_hosts*] # (optional) array of rabbitmq servers for HA. # A single IP address, such as a VIP, can be used for load-balancing @@ -219,7 +216,6 @@ $rabbit_host = 'localhost', $rabbit_port = 5672, $rabbit_hosts = false, - $rabbit_virtual_host = '/', $rabbit_userid = 'guest', $rabbit_password = false, $rabbit_use_ssl = false, @@ -285,7 +281,6 @@ ensure => $package_ensure, name => $::ironic::params::common_package_name, tag => ['openstack', 'ironic-package'], - notify => Exec['ironic-dbsync'], } validate_array($enabled_drivers) diff --git a/ironic/manifests/keystone/auth.pp b/ironic/manifests/keystone/auth.pp index b6519fa3b..63d944fa0 100644 --- a/ironic/manifests/keystone/auth.pp +++ b/ironic/manifests/keystone/auth.pp @@ -193,7 +193,7 @@ Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'ironic-server' |> } - Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'ironic-server' |> + Keystone_endpoint["${region}/${real_service_name}::${service_type}"] ~> Service <| name == 'ironic-server' |> keystone::resource::service_identity { $auth_name: configure_user => $configure_user, diff --git a/ironic/manifests/keystone/auth_inspector.pp b/ironic/manifests/keystone/auth_inspector.pp new file mode 100644 index 000000000..b57a20d7c --- /dev/null +++ b/ironic/manifests/keystone/auth_inspector.pp @@ -0,0 +1,122 @@ +# +# Copyright (C) 2015 Red Hat Inc. +# +# Author: Dan Prince +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# ironic::keystone::auth_inspector +# +# Configures Baremetal Introspection user, service and endpoint in Keystone. +# +# === Parameters +# +# [*password*] +# (required) Password for Baremetal Introspection user. +# +# [*auth_name*] +# Username for Baremetal Introspection service. Defaults to 'ironic-inspector'. +# +# [*email*] +# Email for Baremetal Introspection user. Defaults to 'baremetal-introspection@localhost'. +# +# [*tenant*] +# Tenant for Baremetal Introspection user. Defaults to 'services'. +# +# [*configure_endpoint*] +# Should Baremetal Introspection endpoint be configured? Defaults to 'true'. +# +# [*configure_user*] +# (Optional) Should the service user be configured? +# Defaults to 'true'. +# +# [*configure_user_role*] +# (Optional) Should the admin role be configured for the service user? +# Defaults to 'true'. +# +# [*service_name*] +# (Optional) Name of the service. +# Defaults to the value of auth_name, but must differ from the value. +# +# [*service_type*] +# Type of service. Defaults to 'baremetal-introspection'. +# +# [*service_description*] +# (Optional) Description for keystone service. +# Defaults to 'Baremetal Introspection Service'. +# +# [*region*] +# Region for endpoint. Defaults to 'RegionOne'. +# +# [*public_url*] +# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:5050') +# This url should *not* contain any trailing '/'. +# +# [*admin_url*] +# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:5050') +# This url should *not* contain any trailing '/'. +# +# [*internal_url*] +# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:5050') +# This url should *not* contain any trailing '/'. +# +# === Examples +# +# class { 'ironic::keystone::auth_inspector': +# public_url => 'https://10.0.0.10:5050', +# internal_url => 'https://10.0.0.11:5050', +# admin_url => 'https://10.0.0.11:5050', +# } +# +class ironic::keystone::auth_inspector ( + $password, + $auth_name = 'ironic-inspector', + $email = 'baremetal-introspection@localhost', + $tenant = 'services', + $configure_endpoint = true, + $configure_user = true, + $configure_user_role = true, + $service_name = undef, + $service_type = 'baremetal-introspection', + $service_description = 'Baremetal Introspection Service', + $region = 'RegionOne', + $public_url = 'http://127.0.0.1:5050', + $admin_url = 'http://127.0.0.1:5050', + $internal_url = 'http://127.0.0.1:5050', +) { + + $real_service_name = pick($service_name, $auth_name) + + if $configure_user_role { + Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'ironic-inspector' |> + } + + Keystone_endpoint["${region}/${real_service_name}::${service_type}"] ~> Service <| name == 'ironic-inspector' |> + + keystone::resource::service_identity { $auth_name: + configure_user => $configure_user, + configure_user_role => $configure_user_role, + configure_endpoint => $configure_endpoint, + service_name => $real_service_name, + service_type => $service_type, + service_description => $service_description, + region => $region, + password => $password, + email => $email, + tenant => $tenant, + public_url => $public_url, + internal_url => $internal_url, + admin_url => $admin_url, + } + +} diff --git a/ironic/spec/acceptance/basic_ironic_spec.rb b/ironic/spec/acceptance/basic_ironic_spec.rb index 26c8ed487..238682b11 100644 --- a/ironic/spec/acceptance/basic_ironic_spec.rb +++ b/ironic/spec/acceptance/basic_ironic_spec.rb @@ -43,6 +43,9 @@ class { '::ironic::db::mysql': class { '::ironic::keystone::auth': password => 'a_big_secret', } + class { '::ironic::keystone::auth_inspector': + password => 'a_big_secret', + } class { '::ironic::client': } class { '::ironic::conductor': } class { '::ironic::api': diff --git a/ironic/spec/classes/ironic_keystone_auth_inspector_spec.rb b/ironic/spec/classes/ironic_keystone_auth_inspector_spec.rb new file mode 100644 index 000000000..0f3144c95 --- /dev/null +++ b/ironic/spec/classes/ironic_keystone_auth_inspector_spec.rb @@ -0,0 +1,156 @@ +# +# Copyright (C) 2015 Red Hat Inc. +# +# Author: Dan Prince +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for ironic::keystone::auth_inspector +# + +require 'spec_helper' + +describe 'ironic::keystone::auth_inspector' do + + let :facts do + @default_facts.merge({ :osfamily => 'Debian' }) + end + + describe 'with default class parameters' do + let :params do + { :password => 'ironic_inspector_password', + :tenant => 'foobar' } + end + + it { is_expected.to contain_keystone_user('ironic-inspector').with( + :ensure => 'present', + :password => 'ironic_inspector_password', + ) } + + it { is_expected.to contain_keystone_user_role('ironic-inspector@foobar').with( + :ensure => 'present', + :roles => ['admin'] + )} + + it { is_expected.to contain_keystone_service('ironic-inspector::baremetal-introspection').with( + :ensure => 'present', + :type => 'baremetal-introspection', + :description => 'Baremetal Introspection Service' + ) } + + it { is_expected.to contain_keystone_endpoint('RegionOne/ironic-inspector::baremetal-introspection').with( + :ensure => 'present', + :public_url => "http://127.0.0.1:5050", + :admin_url => "http://127.0.0.1:5050", + :internal_url => "http://127.0.0.1:5050" + ) } + end + + describe 'when configuring ironic-inspector' do + let :pre_condition do + "class { 'ironic::inspector': auth_password => 'test' }" + end + + let :params do + { :password => 'ironic_password', + :tenant => 'foobar' } + end + + end + + describe 'with endpoint parameters' do + let :params do + { :password => 'ironic_password', + :public_url => 'https://10.0.0.10:5050', + :admin_url => 'https://10.0.0.11:5050', + :internal_url => 'https://10.0.0.11:5050' } + end + + it { is_expected.to contain_keystone_endpoint('RegionOne/ironic-inspector::baremetal-introspection').with( + :ensure => 'present', + :public_url => 'https://10.0.0.10:5050', + :admin_url => 'https://10.0.0.11:5050', + :internal_url => 'https://10.0.0.11:5050' + ) } + end + + describe 'when overriding auth name' do + let :params do + { :password => 'foo', + :auth_name => 'inspecty' } + end + + it { is_expected.to contain_keystone_user('inspecty') } + it { is_expected.to contain_keystone_user_role('inspecty@services') } + it { is_expected.to contain_keystone_service('inspecty::baremetal-introspection') } + it { is_expected.to contain_keystone_endpoint('RegionOne/inspecty::baremetal-introspection') } + end + + describe 'when overriding service name' do + let :params do + { + :service_name => 'inspector_service', + :password => 'ironic_password', + } + end + + it { is_expected.to contain_keystone_user('ironic-inspector') } + it { is_expected.to contain_keystone_user_role('ironic-inspector@services') } + it { is_expected.to contain_keystone_service('inspector_service::baremetal-introspection') } + it { is_expected.to contain_keystone_endpoint('RegionOne/inspector_service::baremetal-introspection') } + end + + describe 'when disabling user configuration' do + + let :params do + { + :password => 'ironic_password', + :configure_user => false + } + end + + it { is_expected.not_to contain_keystone_user('ironic-inspector') } + + it { is_expected.to contain_keystone_user_role('ironic-inspector@services') } + + it { is_expected.to contain_keystone_service('ironic-inspector::baremetal-introspection').with( + :ensure => 'present', + :type => 'baremetal-introspection', + :description => 'Baremetal Introspection Service' + ) } + + end + + describe 'when disabling user and user role configuration' do + + let :params do + { + :password => 'ironic_password', + :configure_user => false, + :configure_user_role => false + } + end + + it { is_expected.not_to contain_keystone_user('ironic-inspector') } + + it { is_expected.not_to contain_keystone_user_role('ironic-inspector@services') } + + it { is_expected.to contain_keystone_service('ironic-inspector::baremetal-introspection').with( + :ensure => 'present', + :type => 'baremetal-introspection', + :description => 'Baremetal Introspection Service' + ) } + + end + +end diff --git a/ironic/spec/classes/ironic_keystone_auth_spec.rb b/ironic/spec/classes/ironic_keystone_auth_spec.rb index 45e2f9a1b..7c86a3c8a 100644 --- a/ironic/spec/classes/ironic_keystone_auth_spec.rb +++ b/ironic/spec/classes/ironic_keystone_auth_spec.rb @@ -42,13 +42,12 @@ :roles => ['admin'] )} - it { is_expected.to contain_keystone_service('ironic').with( + it { is_expected.to contain_keystone_service('ironic::baremetal').with( :ensure => 'present', - :type => 'baremetal', :description => 'Ironic Bare Metal Provisioning Service' ) } - it { is_expected.to contain_keystone_endpoint('RegionOne/ironic').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/ironic::baremetal').with( :ensure => 'present', :public_url => "http://127.0.0.1:6385", :admin_url => "http://127.0.0.1:6385", @@ -77,7 +76,7 @@ :internal_url => 'https://10.0.0.11:6385' } end - it { is_expected.to contain_keystone_endpoint('RegionOne/ironic').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/ironic::baremetal').with( :ensure => 'present', :public_url => 'https://10.0.0.10:6385', :admin_url => 'https://10.0.0.11:6385', @@ -96,7 +95,7 @@ :admin_address => '10.10.10.12' } end - it { is_expected.to contain_keystone_endpoint('RegionOne/ironic').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/ironic::baremetal').with( :ensure => 'present', :public_url => "https://10.10.10.10:80", :internal_url => "http://10.10.10.11:81", @@ -112,8 +111,8 @@ it { is_expected.to contain_keystone_user('ironicy') } it { is_expected.to contain_keystone_user_role('ironicy@services') } - it { is_expected.to contain_keystone_service('ironicy') } - it { is_expected.to contain_keystone_endpoint('RegionOne/ironicy') } + it { is_expected.to contain_keystone_service('ironicy::baremetal') } + it { is_expected.to contain_keystone_endpoint('RegionOne/ironicy::baremetal') } end describe 'when overriding service name' do @@ -126,8 +125,8 @@ it { is_expected.to contain_keystone_user('ironic') } it { is_expected.to contain_keystone_user_role('ironic@services') } - it { is_expected.to contain_keystone_service('ironic_service') } - it { is_expected.to contain_keystone_endpoint('RegionOne/ironic_service') } + it { is_expected.to contain_keystone_service('ironic_service::baremetal') } + it { is_expected.to contain_keystone_endpoint('RegionOne/ironic_service::baremetal') } end describe 'when disabling user configuration' do @@ -143,9 +142,8 @@ it { is_expected.to contain_keystone_user_role('ironic@services') } - it { is_expected.to contain_keystone_service('ironic').with( + it { is_expected.to contain_keystone_service('ironic::baremetal').with( :ensure => 'present', - :type => 'baremetal', :description => 'Ironic Bare Metal Provisioning Service' ) } @@ -165,9 +163,8 @@ it { is_expected.not_to contain_keystone_user_role('ironic@services') } - it { is_expected.to contain_keystone_service('ironic').with( + it { is_expected.to contain_keystone_service('ironic::baremetal').with( :ensure => 'present', - :type => 'baremetal', :description => 'Ironic Bare Metal Provisioning Service' ) } diff --git a/keystone/lib/puppet/provider/keystone.rb b/keystone/lib/puppet/provider/keystone.rb index 124735890..90e0a8542 100644 --- a/keystone/lib/puppet/provider/keystone.rb +++ b/keystone/lib/puppet/provider/keystone.rb @@ -196,7 +196,7 @@ def self.keystone_file def self.request(service, action, properties=nil) super - rescue Puppet::Error::OpenstackAuthInputError => error + rescue Puppet::Error::OpenstackAuthInputError, Puppet::Error::OpenstackUnauthorizedError => error request_by_service_token(service, action, error, properties) end diff --git a/keystone/manifests/federation/mellon.pp b/keystone/manifests/federation/mellon.pp new file mode 100644 index 000000000..0de7e2274 --- /dev/null +++ b/keystone/manifests/federation/mellon.pp @@ -0,0 +1,106 @@ +# == class: keystone::federation::mellon +# +# == Parameters +# +# [*methods*] +# A list of methods used for authentication separated by comma or an array. +# The allowed values are: 'external', 'password', 'token', 'oauth1', 'saml2' +# (Required) (string or array value). +# Note: The external value should be dropped to avoid problems. +# +# [*idp_name*] +# The name name associated with the IdP in Keystone. +# (Required) String value. +# +# [*protocol_name*] +# The name for your protocol associated with the IdP. +# (Required) String value. +# +# [*admin_port*] +# A boolean value to ensure that you want to configure K2K Federation +# using Keystone VirtualHost on port 35357. +# (Optional) Defaults to false. +# +# [*main_port*] +# A boolean value to ensure that you want to configure K2K Federation +# using Keystone VirtualHost on port 5000. +# (Optional) Defaults to true. +# +# [*module_plugin*] +# The plugin for authentication acording to the choice made with protocol and +# module. +# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value) +# +# [*template_order*] +# This number indicates the order for the concat::fragment that will apply +# the shibboleth configuration to Keystone VirtualHost. The value should +# The value should be greater than 330 an less then 999, according to: +# https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/vhost.pp +# The value 330 corresponds to the order for concat::fragment "${name}-filters" +# and "${name}-limits". +# The value 999 corresponds to the order for concat::fragment "${name}-file_footer". +# (Optional) Defaults to 331. +# +class keystone::federation::mellon ( + $methods, + $idp_name, + $protocol_name, + $admin_port = false, + $main_port = true, + $module_plugin = 'keystone.auth.plugins.mapped.Mapped', + $template_order = 331, +) { + + include ::apache + include ::keystone::params + + # Note: if puppet-apache modify these values, this needs to be updated + if $template_order <= 330 or $template_order >= 999 { + fail('The template order should be greater than 330 and less than 999.') + } + + if ('external' in $methods ) { + fail('The external method should be dropped to avoid any interference with some Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even as an empty value.') + } + + if !('saml2' in $methods ) { + fail('Methods should contain saml2 as one of the auth methods.') + }else{ + if ($module_plugin != 'keystone.auth.plugins.mapped.Mapped') { + fail('The plugin for saml and mellon should be keystone.auth.plugins.mapped.Mapped') + } + } + + validate_bool($admin_port) + validate_bool($main_port) + + if( !$admin_port and !$main_port){ + fail('No VirtualHost port to configure, please choose at least one.') + } + + keystone_config { + 'auth/methods': value => join(any2array($methods),','); + 'auth/saml2': value => $module_plugin; + } + + ensure_packages([$::keystone::params::mellon_package_name], { + ensure => present + }) + + if $admin_port { + concat::fragment { 'configure_mellon_on_port_35357': + target => "${keystone::wsgi::apache::priority}-keystone_wsgi_admin.conf", + content => template('keystone/mellon.conf.erb'), + order => $template_order, + } + } + + if $main_port { + concat::fragment { 'configure_mellon_on_port_5000': + target => "${keystone::wsgi::apache::priority}-keystone_wsgi_main.conf", + content => template('keystone/mellon.conf.erb'), + order => $template_order, + } + } + +} diff --git a/keystone/manifests/federation/shibboleth.pp b/keystone/manifests/federation/shibboleth.pp index cb02d66be..1022aebed 100644 --- a/keystone/manifests/federation/shibboleth.pp +++ b/keystone/manifests/federation/shibboleth.pp @@ -30,7 +30,7 @@ # == class: keystone::federation::shibboleth # [*template_order*] # This number indicates the order for the concat::fragment that will apply # the shibboleth configuration to Keystone VirtualHost. The value should -# The value should be greater than 330 an less then 999, according to: +# The value should be greater than 330 and less than 999, according to: # https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/vhost.pp # The value 330 corresponds to the order for concat::fragment "${name}-filters" # and "${name}-limits". diff --git a/keystone/manifests/init.pp b/keystone/manifests/init.pp index 899651f6d..3a94b4878 100644 --- a/keystone/manifests/init.pp +++ b/keystone/manifests/init.pp @@ -88,9 +88,13 @@ # Defaults to /var/cache/keystone. # # [*memcache_servers*] -# (optional) List of memcache servers in format of server:port. +# (optional) List of memcache servers as a comma separated string of +# 'server:port,server:port' or an array of servers ['server:port', +# 'server:port']. # Used with token_driver 'keystone.token.backends.memcache.Token'. -# Defaults to false. Example: ['localhost:11211'] +# This configures the memcache/servers for keystone and is used as a default +# for $cache_memcache_servers if it is not specified. +# Defaults to $::os_service_default # # [*cache_backend*] # (optional) Dogpile.cache backend module. It is recommended that Memcache with pooling @@ -104,6 +108,22 @@ # This has no effects unless 'memcache_servers' is set. # Default to $::os_service_default # +# [*cache_enabled*] +# (optional) Setting this will enable the caching backend for Keystone. +# For legacy purposes, this will be enabled automatically enabled if it is +# not provided and $memcache_servers (or $cache_memcache_servers) is set and +# cache_backend is provided as well. +# Defaults to $::os_service_default +# +# [*cache_memcache_servers*] +# (optional) List of memcache servers to be used with the caching backend to +# configure cache/memcache_servers. +# Specified as as a comma separated string of 'server:port,server:port' or an +# array of servers ['server:port', 'server:port']. +# By default this will be set to the memcache_servers if that is configured +# and this is left unconfigured. +# Default to $::os_service_default +# # [*debug_cache_backend*] # (optional) Extra debugging from the cache backend (cache keys, get/set/delete calls). # This has no effects unless 'memcache_servers' is set. @@ -507,6 +527,8 @@ $manage_service = true, $cache_backend = $::os_service_default, $cache_backend_argument = $::os_service_default, + $cache_enabled = $::os_service_default, + $cache_memcache_servers = $::os_service_default, $debug_cache_backend = $::os_service_default, $token_caching = $::os_service_default, $enabled = true, @@ -696,43 +718,41 @@ } } - # memcache connection config - if ! is_service_default($memcache_servers) and $memcache_servers { - validate_array($memcache_servers) + if !is_service_default($memcache_servers) or !is_service_default($cache_memcache_servers) { Service<| title == 'memcached' |> -> Service['keystone'] - keystone_config { - 'cache/enabled': value => true; - 'memcache/servers': value => join($memcache_servers, ','); - } - if ! is_service_default($cache_backend_argument) { - validate_array($cache_backend_argument) - keystone_config { - 'cache/backend_argument': value => join($cache_backend_argument, ','); - } - } else { - keystone_config { - 'cache/backend_argument': ensure => absent; - } - } + } + + # TODO(aschultz): remove in N cycle + if is_service_default($cache_memcache_servers) and !is_service_default($memcache_servers) { + warning('The keystone module now provides a $cache_memcache_servers to be used with caching. Please specify it separately to configure cache/memcache_servers for keystone. This backwards compatibility will be removed in the N cycle.') + $cache_memcache_servers_real = $memcache_servers } else { - keystone_config { - 'cache/enabled': ensure => absent; - 'cache/backend_argument': ensure => absent; - 'memcache/servers': ensure => absent; - } + $cache_memcache_servers_real = $cache_memcache_servers + } + + # TODO(aschultz): remove in N cycle + if is_service_default($cache_enabled) and (!is_service_default($memcache_servers) or !is_service_default($cache_memcache_servers_real)) and !is_service_default($cache_backend) { + warning('cache_enabled has been added to control weither or not to enable caching. Please specify it separately to configure caching. We have enabled caching as a backwards compatibility that will be removed in the N cycle') + $cache_enabled_real = true + } else { + $cache_enabled_real = $cache_enabled } keystone_config { - 'memcache/dead_retry': value => $memcache_dead_retry; - 'memcache/socket_timeout': value => $memcache_socket_timeout; - 'memcache/pool_maxsize': value => $memcache_pool_maxsize; - 'memcache/pool_unused_timeout': value => $memcache_pool_unused_timeout; + 'cache/backend': value => $cache_backend; + 'cache/backend_argument': value => join(any2array($cache_backend_argument), ','); + 'cache/debug_cache_backend': value => $debug_cache_backend; + 'cache/enabled': value => $cache_enabled_real; 'cache/memcache_dead_retry': value => $memcache_dead_retry; - 'cache/memcache_socket_timeout': value => $memcache_socket_timeout; 'cache/memcache_pool_maxsize': value => $memcache_pool_maxsize; 'cache/memcache_pool_unused_timeout': value => $memcache_pool_unused_timeout; - 'cache/backend': value => $cache_backend; - 'cache/debug_cache_backend': value => $debug_cache_backend; + 'cache/memcache_servers': value => join(any2array($cache_memcache_servers_real), ','); + 'cache/memcache_socket_timeout': value => $memcache_socket_timeout; + 'memcache/dead_retry': value => $memcache_dead_retry; + 'memcache/pool_maxsize': value => $memcache_pool_maxsize; + 'memcache/pool_unused_timeout': value => $memcache_pool_unused_timeout; + 'memcache/servers': value => join(any2array($memcache_servers), ','); + 'memcache/socket_timeout': value => $memcache_socket_timeout; 'token/caching': value => $token_caching; } diff --git a/keystone/manifests/params.pp b/keystone/manifests/params.pp index d8c473702..e233bbc55 100644 --- a/keystone/manifests/params.pp +++ b/keystone/manifests/params.pp @@ -14,6 +14,7 @@ $sqlite_package_name = 'python-pysqlite2' $paste_config = undef $pymysql_package_name = 'python-pymysql' + $mellon_package_name = 'libapache2-mod-auth-mellon' case $::operatingsystem { 'Debian': { $service_provider = undef @@ -33,6 +34,7 @@ $keystone_wsgi_script_source = '/usr/share/keystone/keystone.wsgi' $paste_config = '/usr/share/keystone/keystone-dist-paste.ini' $pymysql_package_name = undef + $mellon_package_name = 'mod_auth_mellon' } } } diff --git a/keystone/manifests/resource/service_identity.pp b/keystone/manifests/resource/service_identity.pp index 5ad3f9ce6..2298201b0 100644 --- a/keystone/manifests/resource/service_identity.pp +++ b/keystone/manifests/resource/service_identity.pp @@ -168,9 +168,8 @@ if $configure_service { if $service_type { - ensure_resource('keystone_service', $service_name_real, { + ensure_resource('keystone_service', "${service_name_real}::${service_type}", { 'ensure' => 'present', - 'type' => $service_type, 'description' => $service_description, }) } else { @@ -179,15 +178,29 @@ } if $configure_endpoint { - if $public_url and $admin_url and $internal_url { - ensure_resource('keystone_endpoint', "${region}/${service_name_real}", { - 'ensure' => 'present', - 'public_url' => $public_url, - 'admin_url' => $admin_url, - 'internal_url' => $internal_url, - }) + if $service_type { + if $public_url and $admin_url and $internal_url { + ensure_resource('keystone_endpoint', "${region}/${service_name_real}::${service_type}", { + 'ensure' => 'present', + 'public_url' => $public_url, + 'admin_url' => $admin_url, + 'internal_url' => $internal_url, + }) + } else { + fail ('When configuring an endpoint, you need to set the _url parameters.') + } } else { - fail ('When configuring an endpoint, you need to set the _url parameters.') + if $public_url and $admin_url and $internal_url { + ensure_resource('keystone_endpoint', "${region}/${service_name_real}", { + 'ensure' => 'present', + 'public_url' => $public_url, + 'admin_url' => $admin_url, + 'internal_url' => $internal_url, + }) + } else { + fail ('When configuring an endpoint, you need to set the _url parameters.') + } + warning('Defining a endpoint without the type is supported in Liberty and will be dropped in Mitaka. See https://bugs.launchpad.net/puppet-keystone/+bug/1506996') } } } diff --git a/keystone/spec/classes/keystone_endpoint_spec.rb b/keystone/spec/classes/keystone_endpoint_spec.rb index bafad575e..ec6f6751d 100644 --- a/keystone/spec/classes/keystone_endpoint_spec.rb +++ b/keystone/spec/classes/keystone_endpoint_spec.rb @@ -2,14 +2,13 @@ describe 'keystone::endpoint' do - it { is_expected.to contain_keystone_service('keystone').with( + it { is_expected.to contain_keystone_service('keystone::identity').with( :ensure => 'present', - :type => 'identity', :description => 'OpenStack Identity Service' )} describe 'with default parameters' do - it { is_expected.to contain_keystone_endpoint('RegionOne/keystone').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/keystone::identity').with( :ensure => 'present', :public_url => 'http://127.0.0.1:5000/v2.0', :admin_url => 'http://127.0.0.1:35357/v2.0', @@ -26,7 +25,7 @@ :internal_url => 'https://identity-int.some.tld/some/internal/endpoint' } end - it { is_expected.to contain_keystone_endpoint('RegionOne/keystone').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/keystone::identity').with( :ensure => 'present', :public_url => 'https://identity.some.tld/the/main/endpoint/v42.6', :admin_url => 'https://identity-int.some.tld/some/admin/endpoint/v42.6', @@ -41,7 +40,7 @@ { :version => '' } end - it { is_expected.to contain_keystone_endpoint('RegionOne/keystone').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/keystone::identity').with( :ensure => 'present', :public_url => 'http://127.0.0.1:5000', :admin_url => 'http://127.0.0.1:35357', @@ -56,7 +55,7 @@ end it 'internal_url should default to public_url' do - is_expected.to contain_keystone_endpoint('RegionOne/keystone').with( + is_expected.to contain_keystone_endpoint('RegionOne/keystone::identity').with( :ensure => 'present', :public_url => 'https://identity.some.tld/the/main/endpoint/v2.0', :internal_url => 'https://identity.some.tld/the/main/endpoint/v2.0' diff --git a/keystone/spec/classes/keystone_federation_mellon.rb b/keystone/spec/classes/keystone_federation_mellon.rb new file mode 100644 index 000000000..a0b9e5305 --- /dev/null +++ b/keystone/spec/classes/keystone_federation_mellon.rb @@ -0,0 +1,116 @@ +require 'spec_helper' + +describe 'keystone::federation::mellon' do + + describe 'with invalid params' do + before do + params.merge!(:methods => 'external, password, token, oauth1') + end + + it_raises 'a Puppet::Error', /The external method should be dropped to avoid any interference with some Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even as an empty value./ + + before do + params.merge!(:methods => 'password, token, oauth1') + end + + it_raises 'a Puppet::Error', /Methods should contain saml2 as one of the auth methods./ + + before do + params.merge!(:methods => 'password, token, oauth1, saml2', + :module_plugin => 'keystone.auth.plugins') + end + + it_raises 'a Puppet:Error', /The plugin for saml and mellon should be keystone.auth.plugins.mapped.Mapped/ + + before do + params.merge!(:admin_port => false, + :main_port => false) + end + + it_raises 'a Puppet:Error', /No VirtualHost port to configure, please choose at least one./ + + befode do + params.merge!(:template_port => 330) + end + + it_raises 'a Puppet:Error', /The template order should be greater than 330 and less than 999./ + + befode do + params.merge!(:template_port => 999) + end + + it_raises 'a Puppet:Error', /The template order should be greater than 330 and less than 999./ + end + + context 'on a RedHat osfamily' do + let :facts do + { :osfamily => 'RedHat', + :operatingsystemrelease => '7.0', + :concat_basedir => '/var/lib/puppet/concat' } + end + + context 'with only required parameters' do + let :params do + { :methods => 'password, token, saml2' } + end + + it 'should have basic params for mellon in Keystone configuration' do + is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') + is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') + end + end + + it { is_expected.to contain_package('mod_auth_mellon') } + + end + + context 'on a Debian osfamily' do + let :facts do + { :osfamily => 'Debian', + :operatingsystemrelease => '7.8', + :concat_basedir => '/var/lib/puppet/concat' } + end + + context 'with only required parameters' do + let :params do + { :methods => 'password, token, saml2' } + end + + it 'should have basic params for mellon in Keystone configuration' do + is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') + is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') + end + + it { is_expected.to contain_concat__fragment('configure_mellon_on_port_5000').with({ + :target => "${keystone::wsgi::apache::priority}-keystone_wsgi_main.conf", + :order => params[:template_order], + })} + end + + context 'with override default parameters' do + let :params do + { :methods => 'password, token, saml2', + :admin_port => true } + end + + it 'should have basic params for mellon in Keystone configuration' do + is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') + is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') + end + + it { is_expected.to contain_concat__fragment('configure_mellon_on_port_5000').with({ + :target => "${keystone::wsgi::apache::priority}-keystone_wsgi_main.conf", + :order => params[:template_order], + })} + + it { is_expected.to contain_concat__fragment('configure_mellon_on_port_35357').with({ + :target => "${keystone::wsgi::apache::priority}-keystone_wsgi_admin.conf", + :order => params[:template_order], + })} + end + + it { is_expected.to contain_package('libapache2-mod-auth-mellon') } + + end + +end diff --git a/keystone/spec/classes/keystone_federation_shibboleth.rb b/keystone/spec/classes/keystone_federation_shibboleth.rb index 687dd1797..7f0d4ba18 100644 --- a/keystone/spec/classes/keystone_federation_shibboleth.rb +++ b/keystone/spec/classes/keystone_federation_shibboleth.rb @@ -1,6 +1,6 @@ require 'spec_helper' -describe 'keystone::federation::service_provider' do +describe 'keystone::federation::shibboleth' do describe 'with invalid params' do before do diff --git a/keystone/spec/classes/keystone_spec.rb b/keystone/spec/classes/keystone_spec.rb index c4707fc81..63763a22b 100644 --- a/keystone/spec/classes/keystone_spec.rb +++ b/keystone/spec/classes/keystone_spec.rb @@ -37,6 +37,11 @@ 'revoke_driver' => 'keystone.contrib.revoke.backends.sql.Revoke', 'revoke_by_id' => true, 'cache_dir' => '/var/cache/keystone', + 'memcache_servers' => '', + 'cache_backend' => '', + 'cache_backend_argument' => '', + 'cache_enabled' => '', + 'cache_memcache_servers' => '', 'enable_ssl' => false, 'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem', 'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem', @@ -526,23 +531,110 @@ it { is_expected.to contain_keystone_config('cache/memcache_socket_timeout').with_value('2') } it { is_expected.to contain_keystone_config('cache/memcache_pool_maxsize').with_value('1000') } it { is_expected.to contain_keystone_config('cache/memcache_pool_unused_timeout').with_value('60') } + it { is_expected.to contain_keystone_config('cache/memcache_servers').with_value('SERVER1:11211,SERVER2:11211') } it { is_expected.to contain_package('python-memcache').with( :name => 'python-memcache', :ensure => 'present' ) } end + describe 'configure cache memcache servers if set' do + let :params do + { + 'admin_token' => 'service_token', + 'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ], + 'token_driver' => 'keystone.token.backends.memcache.Token', + 'cache_backend' => 'dogpile.cache.memcached', + 'cache_backend_argument' => ['url:SERVER3:12211'], + 'cache_memcache_servers' => [ 'SERVER3:11211', 'SERVER4:11211' ], + 'memcache_dead_retry' => '60', + 'memcache_socket_timeout' => '2', + 'memcache_pool_maxsize' => '1000', + 'memcache_pool_unused_timeout' => '60', + } + end + + it { is_expected.to contain_keystone_config("memcache/servers").with_value('SERVER1:11211,SERVER2:11211') } + it { is_expected.to contain_keystone_config('cache/enabled').with_value(true) } + it { is_expected.to contain_keystone_config('token/caching').with_value('') } + it { is_expected.to contain_keystone_config('cache/backend').with_value('dogpile.cache.memcached') } + it { is_expected.to contain_keystone_config('cache/backend_argument').with_value('url:SERVER3:12211') } + it { is_expected.to contain_keystone_config('memcache/dead_retry').with_value('60') } + it { is_expected.to contain_keystone_config('memcache/socket_timeout').with_value('2') } + it { is_expected.to contain_keystone_config('memcache/pool_maxsize').with_value('1000') } + it { is_expected.to contain_keystone_config('memcache/pool_unused_timeout').with_value('60') } + it { is_expected.to contain_keystone_config('cache/memcache_dead_retry').with_value('60') } + it { is_expected.to contain_keystone_config('cache/memcache_socket_timeout').with_value('2') } + it { is_expected.to contain_keystone_config('cache/memcache_pool_maxsize').with_value('1000') } + it { is_expected.to contain_keystone_config('cache/memcache_pool_unused_timeout').with_value('60') } + it { is_expected.to contain_keystone_config('cache/memcache_servers').with_value('SERVER3:11211,SERVER4:11211') } + it { is_expected.to contain_package('python-memcache').with( + :name => 'python-memcache', + :ensure => 'present' + ) } + end + + describe 'configure cache enabled if set' do + let :params do + { + 'admin_token' => 'service_token', + 'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ], + 'token_driver' => 'keystone.token.backends.memcache.Token', + 'cache_backend' => 'dogpile.cache.memcached', + 'cache_backend_argument' => ['url:SERVER3:12211'], + 'cache_enabled' => false, + 'cache_memcache_servers' => [ 'SERVER3:11211', 'SERVER4:11211' ], + 'memcache_dead_retry' => '60', + 'memcache_socket_timeout' => '2', + 'memcache_pool_maxsize' => '1000', + 'memcache_pool_unused_timeout' => '60', + } + end + + it { is_expected.to contain_keystone_config("memcache/servers").with_value('SERVER1:11211,SERVER2:11211') } + it { is_expected.to contain_keystone_config('cache/enabled').with_value(false) } + it { is_expected.to contain_keystone_config('token/caching').with_value('') } + it { is_expected.to contain_keystone_config('cache/backend').with_value('dogpile.cache.memcached') } + it { is_expected.to contain_keystone_config('cache/backend_argument').with_value('url:SERVER3:12211') } + it { is_expected.to contain_keystone_config('memcache/dead_retry').with_value('60') } + it { is_expected.to contain_keystone_config('memcache/socket_timeout').with_value('2') } + it { is_expected.to contain_keystone_config('memcache/pool_maxsize').with_value('1000') } + it { is_expected.to contain_keystone_config('memcache/pool_unused_timeout').with_value('60') } + it { is_expected.to contain_keystone_config('cache/memcache_dead_retry').with_value('60') } + it { is_expected.to contain_keystone_config('cache/memcache_socket_timeout').with_value('2') } + it { is_expected.to contain_keystone_config('cache/memcache_pool_maxsize').with_value('1000') } + it { is_expected.to contain_keystone_config('cache/memcache_pool_unused_timeout').with_value('60') } + it { is_expected.to contain_keystone_config('cache/memcache_servers').with_value('SERVER3:11211,SERVER4:11211') } + it { is_expected.to contain_package('python-memcache').with( + :name => 'python-memcache', + :ensure => 'present' + ) } + end + + describe 'configure memcache servers with a string' do + let :params do + default_params.merge({ + 'memcache_servers' => 'SERVER1:11211,SERVER2:11211', + 'cache_memcache_servers' => 'SERVER3:11211,SERVER4:11211' + }) + end + + it { is_expected.to contain_keystone_config("memcache/servers").with_value('SERVER1:11211,SERVER2:11211') } + it { is_expected.to contain_keystone_config('cache/memcache_servers').with_value('SERVER3:11211,SERVER4:11211') } + end + + describe 'do not configure memcache servers when not set' do let :params do default_params end - it { is_expected.to contain_keystone_config("cache/enabled").with_ensure('absent') } + it { is_expected.to contain_keystone_config("cache/enabled").with_value('') } it { is_expected.to contain_keystone_config("token/caching").with_value('') } it { is_expected.to contain_keystone_config("cache/backend").with_value('') } - it { is_expected.to contain_keystone_config("cache/backend_argument").with_ensure('absent') } + it { is_expected.to contain_keystone_config("cache/backend_argument").with_value('') } it { is_expected.to contain_keystone_config("cache/debug_cache_backend").with_value('') } - it { is_expected.to contain_keystone_config("memcache/servers").with_ensure('absent') } + it { is_expected.to contain_keystone_config("memcache/servers").with_value('') } it { is_expected.to contain_keystone_config('memcache/dead_retry').with_value('') } it { is_expected.to contain_keystone_config('memcache/pool_maxsize').with_value('') } it { is_expected.to contain_keystone_config('memcache/pool_unused_timeout').with_value('') } @@ -550,18 +642,7 @@ it { is_expected.to contain_keystone_config('cache/memcache_socket_timeout').with_value('') } it { is_expected.to contain_keystone_config('cache/memcache_pool_maxsize').with_value('') } it { is_expected.to contain_keystone_config('cache/memcache_pool_unused_timeout').with_value('') } - end - - describe 'raise error if memcache_servers is not an array' do - let :params do - { - 'admin_token' => 'service_token', - 'memcache_servers' => 'ANY_SERVER:11211' - } - end - - it { expect { is_expected.to contain_class('keystone::params') }.to \ - raise_error(Puppet::Error, /is not an Array/) } + it { is_expected.to contain_keystone_config('cache/memcache_servers').with_value('') } end describe 'when enabling SSL' do diff --git a/keystone/spec/defines/keystone_resource_service_identity_spec.rb b/keystone/spec/defines/keystone_resource_service_identity_spec.rb index b729b546f..d6769eec1 100644 --- a/keystone/spec/defines/keystone_resource_service_identity_spec.rb +++ b/keystone/spec/defines/keystone_resource_service_identity_spec.rb @@ -47,12 +47,26 @@ :roles => ['admin'], )} - it { is_expected.to contain_keystone_service(title).with( + it { is_expected.to contain_keystone_service("#{title}::network").with( :ensure => 'present', - :type => 'network', :description => 'neutron service', )} + it { is_expected.to contain_keystone_endpoint("RegionOne/#{title}::network").with( + :ensure => 'present', + :public_url => 'http://7.7.7.7:9696', + :internal_url => 'http://10.0.0.1:9696', + :admin_url => 'http://192.168.0.1:9696', + )} + end + + context 'when trying to create an endpoint without service_type (will be dropped in Mitaka)' do + let :params do + required_params.merge( + :configure_service => false, + :service_type => false, + ) + end it { is_expected.to contain_keystone_endpoint("RegionOne/#{title}").with( :ensure => 'present', :public_url => 'http://7.7.7.7:9696', diff --git a/keystone/spec/unit/provider/keystone_spec.rb b/keystone/spec/unit/provider/keystone_spec.rb index 683e185e2..5561a62ca 100644 --- a/keystone/spec/unit/provider/keystone_spec.rb +++ b/keystone/spec/unit/provider/keystone_spec.rb @@ -35,8 +35,12 @@ class AnotherKlass < Puppet::Provider::Keystone describe '#fetch_domain' do it 'should be false if the domain does not exist' do + # retry only once. Not doing this make the test unnecessary + # long (1 minute) and retry the command ~20times + klass.expects(:request_timeout).returns(0) klass.expects(:openstack) .with('domain', 'show', '--format', 'shell', 'no_domain') + .times(2) .raises(Puppet::ExecutionFailure, "Execution of '/usr/bin/openstack domain show --format shell no_domain' returned 1: No domain with a name or ID of 'no_domain' exists.") expect(klass.fetch_domain('no_domain')).to be_falsey end @@ -96,8 +100,10 @@ class AnotherKlass < Puppet::Provider::Keystone end it 'should be false if the project does not exist' do + klass.expects(:request_timeout).returns(0) klass.expects(:openstack) .with('project', 'show', '--format', 'shell', ['no_project', '--domain', 'Default']) + .times(2) .raises(Puppet::ExecutionFailure, "Execution of '/usr/bin/openstack project show --format shell no_project' returned 1: No project with a name or ID of 'no_project' exists.") expect(klass.fetch_project('no_project', 'Default')).to be_falsey end @@ -126,8 +132,10 @@ class AnotherKlass < Puppet::Provider::Keystone end it 'should be false if the user does not exist' do + klass.expects(:request_timeout).returns(0) klass.expects(:openstack) .with('user', 'show', '--format', 'shell', ['no_user', '--domain', 'Default']) + .times(2) .raises(Puppet::ExecutionFailure, "Execution of '/usr/bin/openstack user show --format shell no_user' returned 1: No user with a name or ID of 'no_user' exists.") expect(klass.fetch_user('no_user', 'Default')).to be_falsey end diff --git a/keystone/templates/mellon.conf.erb b/keystone/templates/mellon.conf.erb new file mode 100644 index 000000000..259bcd824 --- /dev/null +++ b/keystone/templates/mellon.conf.erb @@ -0,0 +1,16 @@ + WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ <%= scope['keystone::params::keystone_wsgi_script_path'] -%>/$1 + + + MellonEnable "info" + MellonSPPrivateKeyFile <%= scope['apache::mod_dir']-%>/mellon/http_keystone.fqdn.key + MellonSPCertFile <%= scope['apache::mod_dir']-%>/mellon/http_keystone.fqdn.cert + MellonSPMetadataFile <%= scope['apache::mod_dir']-%>/mellon/http_keystone.fqdn.xml + MellonIdPMetadataFile <%= scope['apache::mod_dir']-%>/mellon/idp-metadata.xml + MellonEndpointPath /v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::mellon::idp_name']-%>/protocols/<%= scope['keystone::federation::mellon::protocol_name']-%>/auth/mellon + MellonIdP "IDP" + + + /protocols/<%= scope['keystone::federation::mellon::protocol_name']-%>/auth> + AuthType "Mellon" + MellonEnable "auth" + diff --git a/manila/spec/classes/manila_keystone_auth_spec.rb b/manila/spec/classes/manila_keystone_auth_spec.rb index 27acfb6db..2027e54c3 100644 --- a/manila/spec/classes/manila_keystone_auth_spec.rb +++ b/manila/spec/classes/manila_keystone_auth_spec.rb @@ -20,9 +20,8 @@ :ensure => 'present', :roles => ['admin'] ) - is_expected.to contain_keystone_service('manila').with( + is_expected.to contain_keystone_service('manila::share').with( :ensure => 'present', - :type => 'share', :description => 'Manila Service' ) @@ -35,20 +34,19 @@ :ensure => 'present', :roles => ['admin'] ) - is_expected.to contain_keystone_service('manilav2').with( + is_expected.to contain_keystone_service('manilav2::sharev2').with( :ensure => 'present', - :type => 'sharev2', :description => 'Manila Service v2' ) end - it { is_expected.to contain_keystone_endpoint('RegionOne/manila').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/manila::share').with( :ensure => 'present', :public_url => 'http://127.0.0.1:8786/v1/%(tenant_id)s', :admin_url => 'http://127.0.0.1:8786/v1/%(tenant_id)s', :internal_url => 'http://127.0.0.1:8786/v1/%(tenant_id)s' ) } - it { is_expected.to contain_keystone_endpoint('RegionOne/manilav2').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/manilav2::sharev2').with( :ensure => 'present', :public_url => 'http://127.0.0.1:8786/v2/%(tenant_id)s', :admin_url => 'http://127.0.0.1:8786/v2/%(tenant_id)s', @@ -70,13 +68,13 @@ ) end - it { is_expected.to contain_keystone_endpoint('RegionThree/manila').with( + it { is_expected.to contain_keystone_endpoint('RegionThree/manila::share').with( :ensure => 'present', :public_url => 'https://10.0.42.1:4242/v42/%(tenant_id)s', :admin_url => 'https://10.0.42.2:4242/v42/%(tenant_id)s', :internal_url => 'https://10.0.42.3:4242/v42/%(tenant_id)s' )} - it { is_expected.to contain_keystone_endpoint('RegionThree/manilav2').with( + it { is_expected.to contain_keystone_endpoint('RegionThree/manilav2::sharev2').with( :ensure => 'present', :public_url => 'https://10.0.42.1:4242/v43/%(tenant_id)s', :admin_url => 'https://10.0.42.2:4242/v43/%(tenant_id)s', @@ -99,7 +97,7 @@ ) end - it { is_expected.to contain_keystone_endpoint('RegionThree/manila').with( + it { is_expected.to contain_keystone_endpoint('RegionThree/manila::share').with( :ensure => 'present', :public_url => 'https://10.0.42.1:4242/v42/%(tenant_id)s', :admin_url => 'https://10.0.42.2:4242/v42/%(tenant_id)s', @@ -114,7 +112,7 @@ :configure_endpoint_v2 => false ) end - it { is_expected.to_not contain_keystone_endpoint('RegionOne/manila') } - it { is_expected.to_not contain_keystone_endpoint('RegionOne/manilav2') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/manila::share') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/manilav2::sharev2') } end end diff --git a/neutron/lib/puppet/provider/neutron.rb b/neutron/lib/puppet/provider/neutron.rb index 049d31808..4dcfeee0f 100644 --- a/neutron/lib/puppet/provider/neutron.rb +++ b/neutron/lib/puppet/provider/neutron.rb @@ -210,8 +210,10 @@ def self.list_router_ports(router_name_or_id) self.find_and_parse_json(cmd_output).each do |port| if port['fixed_ips'] - fixed_ips = JSON.parse(port['fixed_ips']) - port['subnet_id'] = fixed_ips['subnet_id'] + if !port['fixed_ips'].empty? + fixed_ips = JSON.parse(port['fixed_ips']) + port['subnet_id'] = fixed_ips['subnet_id'] + end port.delete('fixed_ips') end results << port diff --git a/neutron/lib/puppet/provider/neutron_router/neutron.rb b/neutron/lib/puppet/provider/neutron_router/neutron.rb index d7f7fd115..c9dcccf77 100644 --- a/neutron/lib/puppet/provider/neutron_router/neutron.rb +++ b/neutron/lib/puppet/provider/neutron_router/neutron.rb @@ -25,6 +25,8 @@ def self.instances :admin_state_up => attrs['admin_state_up'], :external_gateway_info => attrs['external_gateway_info'], :status => attrs['status'], + :distributed => attrs['distributed'], + :ha => attrs['ha'], :tenant_id => attrs['tenant_id'] ) end @@ -58,6 +60,14 @@ def create opts << "--tenant_id=#{@resource[:tenant_id]}" end + if @resource[:distributed] + opts << "--distributed=#{@resource[:distributed]}" + end + + if @resource[:ha] + opts << "--ha=#{@resource[:ha]}" + end + results = auth_neutron("router-create", '--format=shell', opts, resource[:name]) @@ -132,7 +142,31 @@ def gateway_network_id end def admin_state_up=(value) + admin_state_up(value) + end + + def admin_state_up(value) auth_neutron('router-update', "--admin-state-up=#{value}", name) end + def distributed=(value) + results = auth_neutron("router-show", '--format=shell', resource[:name]) + attrs = self.class.parse_creation_output(results) + admin_state_up(false) + auth_neutron('router-update', "--distributed=#{value}", name) + if attrs['admin_state_up'] == 'True' + admin_state_up(true) + end + end + + def ha=(value) + results = auth_neutron("router-show", '--format=shell', resource[:name]) + attrs = self.class.parse_creation_output(results) + admin_state_up(false) + auth_neutron('router-update', "--ha=#{value}", name) + if attrs['admin_state_up'] == 'True' + admin_state_up(true) + end + end + end diff --git a/neutron/lib/puppet/type/neutron_router.rb b/neutron/lib/puppet/type/neutron_router.rb index 36835f0e4..c29abcbf2 100644 --- a/neutron/lib/puppet/type/neutron_router.rb +++ b/neutron/lib/puppet/type/neutron_router.rb @@ -76,6 +76,22 @@ [self[:gateway_network_name]] if self[:gateway_network_name] end + newproperty(:distributed) do + desc 'Is router distributed or not, default depends on DVR state.' + newvalues(/(t|T)rue/, /(f|F)alse/) + munge do |v| + v.to_s.capitalize + end + end + + newproperty(:ha) do + desc 'Is router of HA type or not, default depends on L3 HA state.' + newvalues(/(t|T)rue/, /(f|F)alse/) + munge do |v| + v.to_s.capitalize + end + end + validate do if self[:ensure] != :present return diff --git a/neutron/manifests/agents/l3.pp b/neutron/manifests/agents/l3.pp index ab9ee0587..898c00a5e 100644 --- a/neutron/manifests/agents/l3.pp +++ b/neutron/manifests/agents/l3.pp @@ -22,10 +22,6 @@ # (optional) Print debug info in logs # Defaults to false # -# [*external_network_bridge*] -# (optional) The name of the external bridge -# Defaults to br-ex -# # [*interface_driver*] # (optional) Driver to interface with neutron # Defaults to OVSInterfaceDriver @@ -106,12 +102,15 @@ # CONFIG_NET_NS=y and iproute2 package that supports namespaces). # Defaults to $::os_service_default. # +# [*external_network_bridge*] +# (optional) Deprecated. The name of the external bridge +# Defaults to $::os_service_default +# class neutron::agents::l3 ( $package_ensure = 'present', $enabled = true, $manage_service = true, $debug = false, - $external_network_bridge = 'br-ex', $interface_driver = 'neutron.agent.linux.interface.OVSInterfaceDriver', $router_id = $::os_service_default, $gateway_external_network_id = $::os_service_default, @@ -131,6 +130,7 @@ # DEPRECATED PARAMETERS $allow_automatic_l3agent_failover = false, $use_namespaces = $::os_service_default, + $external_network_bridge = $::os_service_default, ) { include ::neutron::params @@ -139,7 +139,11 @@ Neutron_l3_agent_config<||> ~> Service['neutron-l3'] if $allow_automatic_l3agent_failover { - notice('parameter allow_automatic_l3agent_failover is deprecated, use parameter in neutron::server instead') + warning('parameter allow_automatic_l3agent_failover is deprecated, use parameter in neutron::server instead') + } + + if ! is_service_default ($external_network_bridge) { + warning('parameter external_network_bridge is deprecated') } if $ha_enabled { diff --git a/neutron/manifests/agents/vpnaas.pp b/neutron/manifests/agents/vpnaas.pp index ad659fe0d..40fe110cd 100644 --- a/neutron/manifests/agents/vpnaas.pp +++ b/neutron/manifests/agents/vpnaas.pp @@ -37,12 +37,14 @@ # [*interface_driver*] # (optional) Defaults to 'neutron.agent.linux.interface.OVSInterfaceDriver'. # -# [*external_network_bridge*] -# (optional) Defaults to $::os_service_default -# # [*ipsec_status_check_interval*] # (optional) Status check interval. Defaults to $::os_service_default. # +# === Deprecated Parameters +# +# [*external_network_bridge*] +# (optional) Deprecated. Defaults to $::os_service_default +# class neutron::agents::vpnaas ( $package_ensure = present, $enabled = true, @@ -80,6 +82,10 @@ 'DEFAULT/interface_driver': value => $interface_driver; } + if ! is_service_default ($external_network_bridge) { + warning('parameter external_network_bridge is deprecated') + } + neutron_vpnaas_agent_config { 'DEFAULT/external_network_bridge': value => $external_network_bridge; } diff --git a/neutron/manifests/config.pp b/neutron/manifests/config.pp index 8c5adcda4..9af414b3a 100644 --- a/neutron/manifests/config.pp +++ b/neutron/manifests/config.pp @@ -6,7 +6,7 @@ # # [*xxx_config*] # (optional) Allow configuration of arbitrary Neutron xxx specific configurations. -# The value is an hash of neutron_config resources. Example: +# The value is a hash of neutron_config resources. Example: # server_config => # { 'DEFAULT/foo' => { value => 'fooValue'}, # 'DEFAULT/bar' => { value => 'barValue'} diff --git a/neutron/manifests/keystone/auth.pp b/neutron/manifests/keystone/auth.pp index d7cd7bc5b..abf7655ff 100644 --- a/neutron/manifests/keystone/auth.pp +++ b/neutron/manifests/keystone/auth.pp @@ -189,7 +189,7 @@ $real_service_name = pick($service_name, $auth_name) if $configure_endpoint { - Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| title == 'neutron-server' |> + Keystone_endpoint["${region}/${real_service_name}::${service_type}"] ~> Service <| title == 'neutron-server' |> } if $configure_user_role { diff --git a/neutron/manifests/plugins/ml2/opendaylight.pp b/neutron/manifests/plugins/ml2/opendaylight.pp new file mode 100644 index 000000000..aa7a109b8 --- /dev/null +++ b/neutron/manifests/plugins/ml2/opendaylight.pp @@ -0,0 +1,48 @@ +# +# Install the OpenDaylight and generate config file +# from parameters in the other classes. +# +# === Parameters +# +# [*package_ensure*] +# (optional) The intended state of the python-networking-odl +# package, i.e. any of the possible values of the 'ensure' +# property for a package resource type. +# Defaults to 'present' +# +# [*odl_username*] +# (optional) The opendaylight controller username +# Defaults to $::os_service_default +# Example: 'admin' +# +# [*odl_password*] +# (optional) The opendaylight controller password +# Defaults to $::os_service_default +# Example: 'admin' +# +# [*odl_url*] +# (optional) The opendaylight controller neutron URL +# Defaults to $::os_service_default +# Example: 'http://127.0.0.1:8080/controller/nb/v2/neutron' +# +class neutron::plugins::ml2::opendaylight ( + $package_ensure = 'present', + $odl_username = $::os_service_default, + $odl_password = $::os_service_default, + $odl_url = $::os_service_default, +) { + require ::neutron::plugins::ml2 + + ensure_resource('package', 'python-networking-odl', + { + ensure => $package_ensure, + tag => 'openstack', + } + ) + + neutron_plugin_ml2 { + 'ml2_odl/username': value => $odl_username; + 'ml2_odl/password': value => $odl_password; + 'ml2_odl/url': value => $odl_url; + } +} diff --git a/neutron/manifests/plugins/ovs/opendaylight.pp b/neutron/manifests/plugins/ovs/opendaylight.pp new file mode 100644 index 000000000..8a961c082 --- /dev/null +++ b/neutron/manifests/plugins/ovs/opendaylight.pp @@ -0,0 +1,79 @@ +# +# Configure OVS to use OpenDaylight +# +# === Parameters +# +# [*tunnel_ip*] +# (required) The IP of the host to use for tunneling +# tenant VXLAN/GRE over +# +# [*odl_username*] +# (optional) The opendaylight controller username +# Defaults to 'admin' +# +# [*odl_password*] +# (optional) The opendaylight controller password +# Defaults to 'admin' +# +# [*odl_check_url*] +# (optional) The URL used to check ODL is available and ready +# Defaults to 'http://127.0.0.1:8080/restconf/operational/network-topology:network-topology/topology/netvirt:1' +# +# [*odl_ovsdb_iface*] +# (optional) The ODL southbound interface for OVSDB +# Defaults to 'tcp:127.0.0.1:6640' +# +# [*provider_mappings*] +# (optional) bridge mappings required if using VLAN +# tenant type. Example: provider_mappings=br-ex:eth0 +# Defaults to false +# +# [*retry_interval*] +# (optional) The time (in seconds) to wait between ODL availability checks +# Defaults to 60 +# +# [*retry_count*] +# (optional) The number of ODL availability checks to run before failing +# Defaults to 20 +# +class neutron::plugins::ovs::opendaylight ( + $tunnel_ip, + $odl_username = 'admin', + $odl_password = 'admin', + $odl_check_url = 'http://127.0.0.1:8080/restconf/operational/network-topology:network-topology/topology/netvirt:1', + $odl_ovsdb_iface = 'tcp:127.0.0.1:6640', + $provider_mappings = false, + $retry_interval = 60, + $retry_count = 20, +) { + # Handle the case where ODL controller is also on this host + Service<| title == 'opendaylight' |> -> Exec <| title == 'Wait for NetVirt OVSDB to come up' |> + + exec { 'Wait for NetVirt OVSDB to come up': + command => "curl -o /dev/null --fail --silent --head -u ${odl_username}:${odl_password} ${odl_check_url}", + tries => $retry_count, + try_sleep => $retry_interval, + path => '/usr/sbin:/usr/bin:/sbin:/bin', + } -> + # OVS manager + exec { 'Set OVS Manager to OpenDaylight': + command => "ovs-vsctl set-manager ${odl_ovsdb_iface}", + unless => "ovs-vsctl show | grep 'Manager \"${odl_ovsdb_iface}\"'", + path => '/usr/sbin:/usr/bin:/sbin:/bin', + } -> + # local ip + exec { 'Set local_ip Other Option': + command => "ovs-vsctl set Open_vSwitch $(ovs-vsctl get Open_vSwitch . _uuid) other_config:local_ip=${tunnel_ip}", + unless => "ovs-vsctl list Open_vSwitch | grep 'local_ip=\"${tunnel_ip}\"'", + path => '/usr/sbin:/usr/bin:/sbin:/bin', + } + + # set mappings for VLAN + if $provider_mappings { + exec { 'Set provider_mappings Other Option': + command => "ovs-vsctl set Open_vSwitch $(ovs-vsctl get Open_vSwitch . _uuid) other_config:provider_mappings=${provider_mappings}", + unless => "ovs-vsctl list Open_vSwitch | grep 'provider_mappings' | grep ${provider_mappings}", + path => '/usr/sbin:/usr/bin:/sbin:/bin', + } + } +} diff --git a/neutron/manifests/server.pp b/neutron/manifests/server.pp index 7ec1bd820..d66720dd4 100644 --- a/neutron/manifests/server.pp +++ b/neutron/manifests/server.pp @@ -34,24 +34,6 @@ # (optional) What auth system to use # Defaults to 'keystone'. Can other be 'noauth' # -# [*auth_host*] -# (optional) DEPRECATED. The keystone host -# Defaults to localhost. -# -# [*auth_protocol*] -# (optional) DEPRECATED. The protocol used to access the auth host -# Defaults to http. -# -# [*auth_port*] -# (optional) DEPRECATED. The keystone auth port -# Defaults to 35357. -# -# [*auth_admin_prefix*] -# (optional) The admin_prefix used to admin endpoint of the auth host -# This allow admin auth URIs like http://auth_host:35357/keystone. -# (where '/keystone' is the admin prefix) -# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'. -# # [*auth_region*] # (optional) The authentication region. Note this value is case-sensitive and # must match the endpoint region defined in Keystone. @@ -67,11 +49,11 @@ # # [*auth_uri*] # (optional) Complete public Identity API endpoint. -# Defaults to: false +# Defaults to: 'http://localhost:5000/' # # [*identity_uri*] # (optional) Complete admin Identity API endpoint. -# Defaults to: false +# Defaults to: 'http://localhost:35357/' # # [*database_connection*] # (optional) Connection url for the neutron database. @@ -210,8 +192,8 @@ $auth_type = 'keystone', $auth_tenant = 'services', $auth_user = 'neutron', - $auth_uri = false, - $identity_uri = false, + $auth_uri = 'http://localhost:5000/', + $identity_uri = 'http://localhost:35357/', $database_connection = undef, $database_max_retries = undef, $database_idle_timeout = undef, @@ -232,10 +214,6 @@ $l3_ha_net_cidr = $::os_service_default, $qos_notification_drivers = $::os_service_default, # DEPRECATED PARAMETERS - $auth_host = 'localhost', - $auth_port = '35357', - $auth_protocol = 'http', - $auth_admin_prefix = false, $log_dir = undef, $log_file = undef, $report_interval = undef, @@ -343,125 +321,19 @@ 'filter:authtoken/admin_password': value => $auth_password, secret => true; } - # if both auth_uri and identity_uri are set we skip these deprecated settings entirely - if !$auth_uri or !$identity_uri { - - if $auth_admin_prefix { - warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.') - validate_re($auth_admin_prefix, '^(/.+[^/])?$') - neutron_config { - 'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix; - } - neutron_api_config { - 'filter:authtoken/auth_admin_prefix': value => $auth_admin_prefix; - } - } else { - neutron_config { - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/auth_admin_prefix': ensure => absent; - } - } - - if $auth_host { - warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.') - neutron_config { - 'keystone_authtoken/auth_host': value => $auth_host; - } - neutron_api_config { - 'filter:authtoken/auth_host': value => $auth_host; - } - } else{ - neutron_config { - 'keystone_authtoken/auth_host': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/auth_host': ensure => absent; - } - } - - if $auth_port { - warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.') - neutron_config { - 'keystone_authtoken/auth_port': value => $auth_port; - } - neutron_api_config { - 'filter:authtoken/auth_port': value => $auth_port; - } - } else{ - neutron_config { - 'keystone_authtoken/auth_port': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/auth_port': ensure => absent; - } - } - - if $auth_protocol { - warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.') - neutron_config { - 'keystone_authtoken/auth_protocol': value => $auth_protocol; - } - neutron_api_config { - 'filter:authtoken/auth_protocol': value => $auth_protocol; - } - } else{ - neutron_config { - 'keystone_authtoken/auth_protocol': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/auth_protocol': ensure => absent; - } - } - } else { - neutron_config { - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - 'keystone_authtoken/auth_host': ensure => absent; - 'keystone_authtoken/auth_port': ensure => absent; - 'keystone_authtoken/auth_protocol': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/auth_admin_prefix': ensure => absent; - 'filter:authtoken/auth_host': ensure => absent; - 'filter:authtoken/auth_port': ensure => absent; - 'filter:authtoken/auth_protocol': ensure => absent; - } - } - - if $auth_uri { - $auth_uri_real = $auth_uri - } elsif $auth_host and $auth_protocol and $auth_port { - $auth_uri_real = "${auth_protocol}://${auth_host}:5000/" - } - neutron_config { - 'keystone_authtoken/auth_uri': value => $auth_uri_real; + 'keystone_authtoken/auth_uri': value => $auth_uri; + 'keystone_authtoken/identity_uri': value => $identity_uri; } neutron_api_config { - 'filter:authtoken/auth_uri': value => $auth_uri_real; + 'filter:authtoken/auth_uri': value => $auth_uri; + 'filter:authtoken/identity_uri': value => $identity_uri; } neutron_config { 'keystone_authtoken/auth_region': value => $auth_region; } - if $identity_uri { - neutron_config { - 'keystone_authtoken/identity_uri': value => $identity_uri; - } - neutron_api_config { - 'filter:authtoken/identity_uri': value => $identity_uri; - } - } else { - neutron_config { - 'keystone_authtoken/identity_uri': ensure => absent; - } - neutron_api_config { - 'filter:authtoken/identity_uri': ensure => absent; - } - } - } } diff --git a/neutron/spec/classes/neutron_agents_l3_spec.rb b/neutron/spec/classes/neutron_agents_l3_spec.rb index 741284734..a071a844a 100644 --- a/neutron/spec/classes/neutron_agents_l3_spec.rb +++ b/neutron/spec/classes/neutron_agents_l3_spec.rb @@ -10,7 +10,6 @@ { :package_ensure => 'present', :enabled => true, :debug => false, - :external_network_bridge => 'br-ex', :interface_driver => 'neutron.agent.linux.interface.OVSInterfaceDriver', :router_delete_namespaces => true, :ha_enabled => false, @@ -38,7 +37,7 @@ it 'configures l3_agent.ini' do is_expected.to contain_neutron_l3_agent_config('DEFAULT/debug').with_value(p[:debug]) - is_expected.to contain_neutron_l3_agent_config('DEFAULT/external_network_bridge').with_value(p[:external_network_bridge]) + is_expected.to contain_neutron_l3_agent_config('DEFAULT/external_network_bridge').with_value('') is_expected.to contain_neutron_l3_agent_config('DEFAULT/interface_driver').with_value(p[:interface_driver]) is_expected.to contain_neutron_l3_agent_config('DEFAULT/router_id').with_value('') is_expected.to contain_neutron_l3_agent_config('DEFAULT/gateway_external_network_id').with_value('') diff --git a/neutron/spec/classes/neutron_keystone_auth_spec.rb b/neutron/spec/classes/neutron_keystone_auth_spec.rb index 33c62edc9..7c15b8386 100644 --- a/neutron/spec/classes/neutron_keystone_auth_spec.rb +++ b/neutron/spec/classes/neutron_keystone_auth_spec.rb @@ -26,13 +26,12 @@ :roles => ['admin'] )} - it { is_expected.to contain_keystone_service('neutron').with( + it { is_expected.to contain_keystone_service('neutron::network').with( :ensure => 'present', - :type => 'network', :description => 'Neutron Networking Service' ) } - it { is_expected.to contain_keystone_endpoint('RegionOne/neutron').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/neutron::network').with( :ensure => 'present', :public_url => "http://127.0.0.1:9696", :admin_url => "http://127.0.0.1:9696", @@ -59,7 +58,7 @@ } end - it { is_expected.to contain_keystone_endpoint('RegionOne/neutron').with_notify(['Service[neutron-server]']) } + it { is_expected.to contain_keystone_endpoint('RegionOne/neutron::network').with_notify(['Service[neutron-server]']) } end describe 'with endpoint URL parameters' do @@ -72,7 +71,7 @@ } end - it { is_expected.to contain_keystone_endpoint('RegionOne/neutron').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/neutron::network').with( :ensure => 'present', :public_url => 'https://10.10.10.10:80', :internal_url => 'https://10.10.10.11:81', @@ -95,7 +94,7 @@ } end - it { is_expected.to contain_keystone_endpoint('RegionOne/neutron').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/neutron::network').with( :ensure => 'present', :public_url => "https://10.10.10.10:80", :internal_url => "https://10.10.10.11:81", @@ -116,9 +115,9 @@ it { is_expected.to contain_keystone_user_role('neutrony@services') } - it { is_expected.to contain_keystone_service('neutrony') } + it { is_expected.to contain_keystone_service('neutrony::network') } - it { is_expected.to contain_keystone_endpoint('RegionOne/neutrony') } + it { is_expected.to contain_keystone_endpoint('RegionOne/neutrony::network') } end @@ -133,8 +132,8 @@ it { is_expected.to contain_keystone_user('neutron') } it { is_expected.to contain_keystone_user_role('neutron@services') } - it { is_expected.to contain_keystone_service('neutron_service') } - it { is_expected.to contain_keystone_endpoint('RegionOne/neutron_service') } + it { is_expected.to contain_keystone_service('neutron_service::network') } + it { is_expected.to contain_keystone_endpoint('RegionOne/neutron_service::network') } end @@ -151,9 +150,8 @@ it { is_expected.to contain_keystone_user_role('neutron@services') } - it { is_expected.to contain_keystone_service('neutron').with( + it { is_expected.to contain_keystone_service('neutron::network').with( :ensure => 'present', - :type => 'network', :description => 'Neutron Networking Service' ) } @@ -173,9 +171,8 @@ it { is_expected.not_to contain_keystone_user_role('neutron@services') } - it { is_expected.to contain_keystone_service('neutron').with( + it { is_expected.to contain_keystone_service('neutron::network').with( :ensure => 'present', - :type => 'network', :description => 'Neutron Networking Service' ) } @@ -190,7 +187,7 @@ } end - it { is_expected.to_not contain_keystone_endpoint('RegionOne/neutron') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/neutron::network') } end diff --git a/neutron/spec/classes/neutron_plugins_ml2_opendaylight_spec.rb b/neutron/spec/classes/neutron_plugins_ml2_opendaylight_spec.rb new file mode 100644 index 000000000..df796e1bf --- /dev/null +++ b/neutron/spec/classes/neutron_plugins_ml2_opendaylight_spec.rb @@ -0,0 +1,74 @@ +require 'spec_helper' + +describe 'neutron::plugins::ml2::opendaylight' do + + let :pre_condition do + "class { 'neutron::server': auth_password => 'password'} + class { 'neutron': + rabbit_password => 'passw0rd', + core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin' }" + end + + let :default_params do + { + :package_ensure => 'present', + :odl_username => '', + :odl_password => '', + :odl_url => '', + } + end + + let :params do + { + } + end + + let :test_facts do + { + :operatingsystem => 'default', + :operatingsystemrelease => 'default', + } + end + + + shared_examples_for 'neutron plugin opendaylight ml2' do + before do + params.merge!(default_params) + end + + it 'should have' do + is_expected.to contain_package('python-networking-odl').with( + :ensure => params[:package_ensure], + :tag => 'openstack' + ) + end + + it 'configures ml2_odl settings' do + is_expected.to contain_neutron_plugin_ml2('ml2_odl/password').with_value(params[:odl_password]) + is_expected.to contain_neutron_plugin_ml2('ml2_odl/username').with_value(params[:odl_username]) + is_expected.to contain_neutron_plugin_ml2('ml2_odl/url').with_value(params[:odl_url]) + end + end + + + context 'on RedHat platforms' do + let :facts do + @default_facts.merge(test_facts.merge({ + :osfamily => 'RedHat', + :operatingsystemrelease => '7' + })) + end + + it_configures 'neutron plugin opendaylight ml2' + end + + context 'on Debian platforms' do + let :facts do + @default_facts.merge(test_facts.merge({ + :osfamily => 'Debian', + })) + end + + it_configures 'neutron plugin opendaylight ml2' + end +end diff --git a/neutron/spec/classes/neutron_plugins_ovs_opendaylight_spec.rb b/neutron/spec/classes/neutron_plugins_ovs_opendaylight_spec.rb new file mode 100644 index 000000000..bbfeb4175 --- /dev/null +++ b/neutron/spec/classes/neutron_plugins_ovs_opendaylight_spec.rb @@ -0,0 +1,90 @@ +require 'spec_helper' + +describe 'neutron::plugins::ovs::opendaylight' do + + let :pre_condition do + "class { 'neutron::server': auth_password => 'password'} + class { 'neutron': + rabbit_password => 'passw0rd', + core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin' }" + end + + let :default_params do + { + :odl_username => 'admin', + :odl_password => 'admin', + :odl_check_url => 'http://127.0.0.1:8080/restconf/operational/network-topology:network-topology/topology/netvirt:1', + :odl_ovsdb_iface => 'tcp:127.0.0.1:6640', + :provider_mappings => false, + :retry_interval => 60, + :retry_count => 20, + } + end + + let :params do + { + :tunnel_ip => '127.0.0.1', + } + end + + let :test_facts do + { + :operatingsystem => 'default', + :operatingsystemrelease => 'default', + } + end + + + shared_examples_for 'neutron plugin opendaylight ovs' do + before do + params.merge!(default_params) + end + + context 'with provider mappings' do + before do + params.merge!({ :provider_mappings => true }) + end + it_configures 'with provider mappings' + end + it_configures 'with default parameters' + end + + shared_examples_for 'with default parameters' do + it 'configures OVS for ODL' do + is_expected.to contain_exec('Wait for NetVirt OVSDB to come up') + is_expected.to contain_exec('Set OVS Manager to OpenDaylight') + is_expected.to contain_exec('Set local_ip Other Option') + is_expected.not_to contain_exec('Set provider_mappings Other Option') + end + end + + shared_examples_for 'with provider mappings' do + it 'configures OVS for ODL' do + is_expected.to contain_exec('Wait for NetVirt OVSDB to come up') + is_expected.to contain_exec('Set OVS Manager to OpenDaylight') + is_expected.to contain_exec('Set local_ip Other Option') + is_expected.to contain_exec('Set provider_mappings Other Option') + end + end + + context 'on RedHat platforms' do + let :facts do + @default_facts.merge(test_facts.merge({ + :osfamily => 'RedHat', + :operatingsystemrelease => '7' + })) + end + + it_configures 'neutron plugin opendaylight ovs' + end + + context 'on Debian platforms' do + let :facts do + @default_facts.merge(test_facts.merge({ + :osfamily => 'Debian' + })) + end + + it_configures 'neutron plugin opendaylight ovs' + end +end diff --git a/neutron/spec/classes/neutron_server_spec.rb b/neutron/spec/classes/neutron_server_spec.rb index 090193761..20fe3231b 100644 --- a/neutron/spec/classes/neutron_server_spec.rb +++ b/neutron/spec/classes/neutron_server_spec.rb @@ -15,8 +15,6 @@ { :package_ensure => 'present', :enabled => true, :auth_type => 'keystone', - :auth_host => 'localhost', - :auth_port => '35357', :auth_tenant => 'services', :auth_user => 'neutron', :database_connection => 'sqlite:////var/lib/neutron/ovs.sqlite', @@ -50,14 +48,12 @@ it { is_expected.to contain_class('neutron::policy') } it 'configures authentication middleware' do - is_expected.to contain_neutron_api_config('filter:authtoken/auth_host').with_value(p[:auth_host]); - is_expected.to contain_neutron_api_config('filter:authtoken/auth_port').with_value(p[:auth_port]); is_expected.to contain_neutron_api_config('filter:authtoken/admin_tenant_name').with_value(p[:auth_tenant]); is_expected.to contain_neutron_api_config('filter:authtoken/admin_user').with_value(p[:auth_user]); is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_value(p[:auth_password]); is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_secret( true ) - is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with(:ensure => 'absent') is_expected.to contain_neutron_api_config('filter:authtoken/auth_uri').with_value("http://localhost:5000/"); + is_expected.to contain_neutron_api_config('filter:authtoken/identity_uri').with_value("http://localhost:35357/"); end it 'installs neutron server package' do @@ -84,9 +80,6 @@ :tag => ['neutron-service', 'neutron-db-sync-service'], ) is_expected.not_to contain_class('neutron::db::sync') - is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with( - :ensure => 'absent' - ) is_expected.to contain_service('neutron-server').with_name('neutron-server') is_expected.to contain_neutron_config('DEFAULT/api_workers').with_value(facts[:processorcount]) is_expected.to contain_neutron_config('DEFAULT/rpc_workers').with_value(facts[:processorcount]) @@ -190,36 +183,6 @@ end end - shared_examples_for 'a neutron server with auth_admin_prefix set' do - [ '/keystone', '/keystone/admin' ].each do |auth_admin_prefix| - describe "with keystone_auth_admin_prefix containing incorrect value #{auth_admin_prefix}" do - before do - params.merge!({ - :auth_admin_prefix => auth_admin_prefix, - }) - end - it do - is_expected.to contain_neutron_api_config('filter:authtoken/auth_admin_prefix').with( - :value => params[:auth_admin_prefix] - ) - end - end - end - end - - shared_examples_for 'a neutron server with some incorrect auth_admin_prefix set' do - [ '/keystone/', 'keystone/', 'keystone' ].each do |auth_admin_prefix| - describe "with keystone_auth_admin_prefix containing incorrect value #{auth_admin_prefix}" do - before do - params.merge!({ - :auth_admin_prefix => auth_admin_prefix, - }) - end - it_raises 'a Puppet::Error', /validate_re\(\): "#{auth_admin_prefix}" does not match/ - end - end - end - shared_examples_for 'a neutron server with broken authentication' do before do params.delete(:auth_password) @@ -238,50 +201,6 @@ end end - describe "with custom keystone auth_uri" do - let :facts do - @default_facts.merge(test_facts.merge({ - :osfamily => 'RedHat', - :operatingsystemrelease => '7' - })) - end - before do - params.merge!({ - :auth_uri => 'https://foo.bar:1234/', - }) - end - it 'configures auth_uri' do - is_expected.to contain_neutron_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:1234/"); - # since only auth_uri is set the deprecated auth parameters should - # still get set in case they are still in use - is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with_value('localhost'); - is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with_value('35357'); - is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with_value('http'); - end - end - - describe "with custom keystone identity_uri" do - let :facts do - @default_facts.merge(test_facts.merge({ - :osfamily => 'RedHat', - :operatingsystemrelease => '7' - })) - end - before do - params.merge!({ - :identity_uri => 'https://foo.bar:1234/', - }) - end - it 'configures identity_uri' do - is_expected.to contain_neutron_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/"); - # since only auth_uri is set the deprecated auth parameters should - # still get set in case they are still in use - is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with_value('localhost'); - is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with_value('35357'); - is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with_value('http'); - end - end - describe "with custom keystone identity_uri and auth_uri" do let :facts do @default_facts.merge(test_facts.merge({ @@ -298,10 +217,6 @@ it 'configures identity_uri and auth_uri but deprecates old auth settings' do is_expected.to contain_neutron_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/"); is_expected.to contain_neutron_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/"); - is_expected.to contain_neutron_config('keystone_authtoken/auth_admin_prefix').with(:ensure => 'absent') - is_expected.to contain_neutron_config('keystone_authtoken/auth_port').with(:ensure => 'absent') - is_expected.to contain_neutron_config('keystone_authtoken/auth_protocol').with(:ensure => 'absent') - is_expected.to contain_neutron_config('keystone_authtoken/auth_host').with(:ensure => 'absent') end end @@ -337,8 +252,6 @@ it_configures 'a neutron server' it_configures 'a neutron server with broken authentication' - it_configures 'a neutron server with auth_admin_prefix set' - it_configures 'a neutron server with some incorrect auth_admin_prefix set' it_configures 'a neutron server without database synchronization' end @@ -357,8 +270,6 @@ it_configures 'a neutron server' it_configures 'a neutron server with broken authentication' - it_configures 'a neutron server with auth_admin_prefix set' - it_configures 'a neutron server with some incorrect auth_admin_prefix set' it_configures 'a neutron server without database synchronization' end end diff --git a/neutron/spec/unit/provider/neutron_router/neutron_spec.rb b/neutron/spec/unit/provider/neutron_router/neutron_spec.rb index c6e960d5c..93ca71215 100644 --- a/neutron/spec/unit/provider/neutron_router/neutron_spec.rb +++ b/neutron/spec/unit/provider/neutron_router/neutron_spec.rb @@ -16,6 +16,8 @@ :name => router_name, :ensure => 'present', :admin_state_up => 'True', + :distributed => 'True', + :ha => 'False', :tenant_id => '60f9544eb94c42a6b7e8e98c2be981b1', } end @@ -39,10 +41,14 @@ id="c5f799fa-b3e0-47ca-bdb7-abeff209b816" name="router1" status="ACTIVE" +distributed="True" +ha="False" tenant_id="60f9544eb94c42a6b7e8e98c2be981b1"' provider.expects(:auth_neutron).with('router-create', - '--format=shell', ["--tenant_id=#{router_attrs[:tenant_id]}"], + '--format=shell', ["--tenant_id=#{router_attrs[:tenant_id]}", + "--distributed=#{router_attrs[:distributed]}", + "--ha=#{router_attrs[:ha]}"], router_name).returns(output) provider.create diff --git a/neutron/spec/unit/provider/neutron_spec.rb b/neutron/spec/unit/provider/neutron_spec.rb index 98cc5b082..139b2f306 100644 --- a/neutron/spec/unit/provider/neutron_spec.rb +++ b/neutron/spec/unit/provider/neutron_spec.rb @@ -243,6 +243,29 @@ def klass expect(result).to eql(expected) end + + it 'should handle empty fixed_ips field' do + output = ''' + [ + { + "id": "1345e576-a21f-4c2e-b24a-b245639852ab", + "name": "", + "mac_address": "fa:16:3e:e3:e6:38", + "fixed_ips": "" + } + ] + ''' + expected = + [{ "name"=>"", + "id"=>"1345e576-a21f-4c2e-b24a-b245639852ab", + "mac_address"=>"fa:16:3e:e3:e6:38"}] + klass.expects(:auth_neutron). + with('router-port-list', '--format=json', router). + returns(output) + result = klass.list_router_ports(router) + expect(result).to eql(expected) + end + end describe 'when parsing creation output' do diff --git a/nova/manifests/api.pp b/nova/manifests/api.pp index 6f6edc460..1441126e9 100644 --- a/nova/manifests/api.pp +++ b/nova/manifests/api.pp @@ -65,8 +65,8 @@ # Defaults to '0.0.0.0' # # [*ec2_listen_port*] -# (optional) The port on which the EC2 API will listen. -# Defaults to port 8773 +# (optional) DEPRECATED. The port on which the EC2 API will listen. +# Defaults to port undef # # [*metadata_listen*] # (optional) IP address for metadata server to listen @@ -78,11 +78,11 @@ # # [*enabled_apis*] # (optional) A comma separated list of apis to enable -# Defaults to 'ec2,osapi_compute,metadata' +# Defaults to 'osapi_compute,metadata' # # [*keystone_ec2_url*] -# (optional) The keystone url where nova should send requests for ec2tokens -# Defaults to false +# (optional) DEPRECATED. The keystone url where nova should send requests for ec2tokens +# Defaults to undef # # [*volume_api_class*] # (optional) The name of the class that nova will use to access volumes. Cinder is the only option. @@ -102,8 +102,8 @@ # Defaults to port 8774 # # [*ec2_workers*] -# (optional) Number of workers for EC2 service -# Defaults to $::processorcount +# (optional) DEPRECATED. Number of workers for EC2 service +# Defaults to undef # # [*metadata_workers*] # (optional) Number of workers for metadata service @@ -186,16 +186,13 @@ $admin_tenant_name = 'services', $admin_user = 'nova', $api_bind_address = '0.0.0.0', - $ec2_listen_port = 8773, $osapi_compute_listen_port = 8774, $metadata_listen = '0.0.0.0', $metadata_listen_port = 8775, - $enabled_apis = 'ec2,osapi_compute,metadata', - $keystone_ec2_url = false, + $enabled_apis = 'osapi_compute,metadata', $volume_api_class = 'nova.volume.cinder.API', $use_forwarded_for = false, $osapi_compute_workers = $::processorcount, - $ec2_workers = $::processorcount, $metadata_workers = $::processorcount, $sync_db = true, $neutron_metadata_proxy_shared_secret = undef, @@ -215,6 +212,9 @@ $auth_host = '127.0.0.1', $auth_admin_prefix = false, $conductor_workers = undef, + $ec2_listen_port = undef, + $ec2_workers = undef, + $keystone_ec2_url = undef, ) { include ::nova::deps @@ -224,6 +224,10 @@ require ::keystone::python include ::cinder::client + if $ec2_listen_port or $ec2_workers or $keystone_ec2_url { + warning('ec2_listen_port, ec2_workers and keystone_ec2_url are deprecated and have no effect. Deploy openstack/ec2-api instead.') + } + if $conductor_workers { warning('The conductor_workers parameter is deprecated and has no effect. Use workers parameter of nova::conductor class instead.') } @@ -251,15 +255,12 @@ 'DEFAULT/enabled_apis': value => $enabled_apis; 'DEFAULT/api_paste_config': value => $api_paste_config; 'DEFAULT/volume_api_class': value => $volume_api_class; - 'DEFAULT/ec2_listen': value => $api_bind_address; - 'DEFAULT/ec2_listen_port': value => $ec2_listen_port; 'DEFAULT/osapi_compute_listen': value => $api_bind_address; 'DEFAULT/metadata_listen': value => $metadata_listen; 'DEFAULT/metadata_listen_port': value => $metadata_listen_port; 'DEFAULT/osapi_compute_listen_port': value => $osapi_compute_listen_port; 'DEFAULT/osapi_volume_listen': value => $api_bind_address; 'DEFAULT/osapi_compute_workers': value => $osapi_compute_workers; - 'DEFAULT/ec2_workers': value => $ec2_workers; 'DEFAULT/metadata_workers': value => $metadata_workers; 'DEFAULT/use_forwarded_for': value => $use_forwarded_for; 'DEFAULT/default_floating_pool': value => $default_floating_pool; @@ -348,16 +349,6 @@ 'keystone_authtoken/admin_password': value => $admin_password, secret => true; } - if $keystone_ec2_url { - nova_config { - 'DEFAULT/keystone_ec2_url': value => $keystone_ec2_url; - } - } else { - nova_config { - 'DEFAULT/keystone_ec2_url': ensure => absent; - } - } - if ($ratelimits != undef) { nova_paste_api_ini { 'filter:ratelimit/paste.filter_factory': value => $ratelimits_factory; diff --git a/nova/manifests/init.pp b/nova/manifests/init.pp index d59d44a26..e11741215 100644 --- a/nova/manifests/init.pp +++ b/nova/manifests/init.pp @@ -10,7 +10,7 @@ # Defaults to 'present' # # [*database_connection*] -# (optional) Connection url for the heat database. +# (optional) Connection url for the nova database. # Defaults to undef. # # [*slave_connection*] @@ -199,7 +199,7 @@ # [*enabled_ssl_apis*] # (optional) List of APIs to SSL enable # Defaults to [] -# Possible values : 'ec2', 'osapi_compute', 'metadata' +# Possible values : 'osapi_compute', 'metadata' # # [*cert_file*] # (optinal) Certificate file to use when starting API server securely @@ -373,7 +373,7 @@ $report_interval = '10', $rootwrap_config = '/etc/nova/rootwrap.conf', $use_ssl = false, - $enabled_ssl_apis = ['ec2', 'metadata', 'osapi_compute'], + $enabled_ssl_apis = ['metadata', 'osapi_compute'], $ca_file = false, $cert_file = false, $key_file = false, diff --git a/nova/manifests/keystone/auth.pp b/nova/manifests/keystone/auth.pp index 85953e83d..418dd19ae 100644 --- a/nova/manifests/keystone/auth.pp +++ b/nova/manifests/keystone/auth.pp @@ -34,8 +34,8 @@ # Defaults to 'Openstack Compute Service v3'. # # [*service_description_ec2*] -# (optional) Description for keystone ec2 service. -# Defaults to 'EC2 Service'. +# (optional) DEPRECATED. Description for keystone ec2 service. +# Defaults to undef. # # [*public_url*] # (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8774/v2/%(tenant_id)s') @@ -62,16 +62,16 @@ # This url should *not* contain any version or trailing '/'. # # [*ec2_public_url*] -# (optional) The endpoint's public url for EC2. -# (Defaults to 'http://127.0.0.1:8773/services/Cloud') +# (optional) DEPRECATED. The endpoint's public url for EC2. +# Defaults to undef # # [*ec2_internal_url*] -# (optional) The endpoint's internal url for EC2. -# (Defaults to 'http://127.0.0.1:8773/services/Cloud') +# (optional) DEPRECATED. The endpoint's internal url for EC2. +# Defaults to undef # # [*ec2_admin_url*] -# (optional) The endpoint's admin url for EC2. -# (Defaults to 'http://127.0.0.1:8773/services/Admin') +# (optional) DEPRECATED. The endpoint's admin url for EC2. +# Defaults to undef # # [*region*] # (optional) The region in which to place the endpoints @@ -86,8 +86,8 @@ # Defaults to 'nova@localhost' # # [*configure_ec2_endpoint*] -# (optional) Whether to create an ec2 endpoint -# Defaults to true +# (optional) DEPRECATED. Whether to create an ec2 endpoint +# Defaults to undef # # [*configure_endpoint*] # (optional) Whether to create the endpoint. @@ -117,38 +117,38 @@ # Setting this parameter overrides public_url, internal_url and admin_url parameters. # # [*ec2_port*] -# (optional) DEPRECATED: Use ec2_public_url, ec2_internal_url and ec2_admin_url instead. -# (optional) The port to use for the ec2 endpoint. (Defaults to 8773) +# (optional) DEPRECATED. The port to use for the ec2 endpoint. +# Defaults to undef # # [*public_protocol*] -# (optional) DEPRECATED: Use public_url and ec2_public_url instead. +# (optional) DEPRECATED: Use public_url instead. # Protocol for public endpoint. (Defaults to 'http') -# Setting this parameter overrides public_url and ec2_public_url parameters. +# Setting this parameter overrides public_url parameter. # # [*public_address*] -# (optional) DEPRECATED: Use public_url and ec2_public_url instead. +# (optional) DEPRECATED: Use public_url instead. # Public address for endpoint. (Defaults to '127.0.0.1') -# Setting this parameter overrides public_url and ec2_public_url parameters. +# Setting this parameter overrides public_url parameter. # # [*internal_protocol*] -# (optional) DEPRECATED: Use internal_url and ec2_internal_url instead. +# (optional) DEPRECATED: Use internal_url instead. # Protocol for internal endpoint. (Defaults to 'http') -# Setting this parameter overrides internal_url and ec2_internal_url parameters. +# Setting this parameter overrides internal_url parameter. # # [*internal_address*] -# (optional) DEPRECATED: Use internal_url and ec2_internal_url instead. +# (optional) DEPRECATED: Use internal_url instead. # Internal address for endpoint. (Defaults to '127.0.0.1') -# Setting this parameter overrides internal_url and ec2_internal_url parameters. +# Setting this parameter overrides internal_url parameter. # # [*admin_protocol*] -# (optional) DEPRECATED: Use admin_url and ec2_admin_url instead. +# (optional) DEPRECATED: Use admin_url instead. # Protocol for admin endpoint. (Defaults to 'http') -# Setting this parameter overrides admin_url and ec2_admin_url parameters. +# Setting this parameter overrides admin_url parameter. # # [*admin_address*] # (optional) DEPRECATED: Use admin_url and ec2_admin_url instead. # Admin address for endpoint. (Defaults to '127.0.0.1') -# Setting this parameter overrides admin_url and ec2_admin_url parameters. +# Setting this parameter overrides admin_url parameter. # class nova::keystone::auth( $password, @@ -158,7 +158,6 @@ $service_name_v3 = undef, $service_description = 'Openstack Compute Service', $service_description_v3 = 'Openstack Compute Service v3', - $service_description_ec2 = 'EC2 Service', $region = 'RegionOne', $tenant = 'services', $email = 'nova@localhost', @@ -168,10 +167,6 @@ $public_url_v3 = 'http://127.0.0.1:8774/v3', $internal_url_v3 = 'http://127.0.0.1:8774/v3', $admin_url_v3 = 'http://127.0.0.1:8774/v3', - $ec2_public_url = 'http://127.0.0.1:8773/services/Cloud', - $ec2_internal_url = 'http://127.0.0.1:8773/services/Cloud', - $ec2_admin_url = 'http://127.0.0.1:8773/services/Admin', - $configure_ec2_endpoint = true, $configure_endpoint = true, $configure_endpoint_v3 = true, $configure_user = true, @@ -186,6 +181,11 @@ $admin_address = undef, $internal_protocol = undef, $internal_address = undef, + $service_description_ec2 = undef, + $ec2_public_url = undef, + $ec2_internal_url = undef, + $ec2_admin_url = undef, + $configure_ec2_endpoint = undef, ) { include ::nova::deps @@ -198,50 +198,32 @@ warning('The compute_port parameter is deprecated, use public_url, internal_url and admin_url instead.') } - if $ec2_port { - warning('The ec2_port parameter is deprecated, use ec2_public_url, ec2_internal_url and ec2_admin_url instead.') + if $ec2_port or $service_description_ec2 or $ec2_public_url or $ec2_internal_url or $ec2_admin_url or $configure_ec2_endpoint { + warning('ec2_port, service_description_ec2, ec2_public_url, ec2_internal_url, ec2_admin_url and configure_ec2_endpoint are deprecated and have no effect..') } if $public_protocol { warning('The public_protocol parameter is deprecated, use public_url instead.') - if $configure_ec2_endpoint { - warning('The public_protocol parameter is deprecated, use ec2_public_url instead.') - } } if $internal_protocol { warning('The internal_protocol parameter is deprecated, use internal_url instead.') - if $configure_ec2_endpoint { - warning('The internal_protocol parameter is deprecated, use ec2_public_url instead.') - } } if $admin_protocol { warning('The admin_protocol parameter is deprecated, use admin_url instead.') - if $configure_ec2_endpoint { - warning('The admin_protocol parameter is deprecated, use ec2_admin_url instead.') - } } if $public_address { warning('The public_address parameter is deprecated, use public_url instead.') - if $configure_ec2_endpoint { - warning('The public_address parameter is deprecated, use ec2_public_url instead.') - } } if $internal_address { warning('The internal_address parameter is deprecated, use internal_url instead.') - if $configure_ec2_endpoint { - warning('The internal_address parameter is deprecated, use ec2_internal_url instead.') - } } if $admin_address { warning('The admin_address parameter is deprecated, use admin_url instead.') - if $configure_ec2_endpoint { - warning('The admin_address parameter is deprecated, use ec2_admin_url instead.') - } } if $service_name == undef { @@ -290,36 +272,8 @@ $admin_url_real = $admin_url } - # EC2 endpoints - if ($public_protocol or $public_address or $ec2_port) { - $ec2_public_url_real = sprintf('%s://%s:%s/services/Cloud', - pick($public_protocol, 'http'), - pick($public_address, '127.0.0.1'), - pick($ec2_port, '8773')) - } else { - $ec2_public_url_real = $ec2_public_url - } - - if ($internal_protocol or $internal_address or $ec2_port) { - $ec2_internal_url_real = sprintf('%s://%s:%s/services/Cloud', - pick($internal_protocol, 'http'), - pick($internal_address, '127.0.0.1'), - pick($ec2_port, '8773')) - } else { - $ec2_internal_url_real = $ec2_internal_url - } - - if ($admin_protocol or $admin_address or $ec2_port) { - $ec2_admin_url_real = sprintf('%s://%s:%s/services/Admin', - pick($admin_protocol, 'http'), - pick($admin_address, '127.0.0.1'), - pick($ec2_port, '8773')) - } else { - $ec2_admin_url_real = $ec2_admin_url - } - if $configure_endpoint { - Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'nova-api' |> + Keystone_endpoint["${region}/${real_service_name}::compute"] ~> Service <| name == 'nova-api' |> } keystone::resource::service_identity { "nova service, user ${auth_name}": @@ -353,20 +307,4 @@ admin_url => $admin_url_v3, internal_url => $internal_url_v3, } - - keystone::resource::service_identity { "nova ec2 service, user ${auth_name}_ec2": - configure_user => false, - configure_user_role => false, - configure_endpoint => $configure_ec2_endpoint, - configure_service => $configure_ec2_endpoint, - service_type => 'ec2', - service_description => $service_description_ec2, - service_name => "${real_service_name}_ec2", - region => $region, - auth_name => "${auth_name}_ec2", - public_url => $ec2_public_url_real, - admin_url => $ec2_admin_url_real, - internal_url => $ec2_internal_url_real, - } - } diff --git a/nova/spec/acceptance/basic_nova_spec.rb b/nova/spec/acceptance/basic_nova_spec.rb index 644889852..9bad25445 100644 --- a/nova/spec/acceptance/basic_nova_spec.rb +++ b/nova/spec/acceptance/basic_nova_spec.rb @@ -70,10 +70,6 @@ class { '::nova::vncproxy': } apply_manifest(pp, :catch_changes => true) end - describe port(8773) do - it { is_expected.to be_listening.with('tcp') } - end - describe port(8774) do it { is_expected.to be_listening.with('tcp') } end diff --git a/nova/spec/classes/nova_api_spec.rb b/nova/spec/classes/nova_api_spec.rb index 07c04e678..626576c10 100644 --- a/nova/spec/classes/nova_api_spec.rb +++ b/nova/spec/classes/nova_api_spec.rb @@ -61,15 +61,12 @@ it 'configures various stuff' do is_expected.to contain_nova_config('DEFAULT/api_paste_config').with('value' => 'api-paste.ini') - is_expected.to contain_nova_config('DEFAULT/ec2_listen').with('value' => '0.0.0.0') - is_expected.to contain_nova_config('DEFAULT/ec2_listen_port').with('value' => '8773') is_expected.to contain_nova_config('DEFAULT/osapi_compute_listen').with('value' => '0.0.0.0') is_expected.to contain_nova_config('DEFAULT/osapi_compute_listen_port').with('value' => '8774') is_expected.to contain_nova_config('DEFAULT/metadata_listen').with('value' => '0.0.0.0') is_expected.to contain_nova_config('DEFAULT/metadata_listen_port').with('value' => '8775') is_expected.to contain_nova_config('DEFAULT/osapi_volume_listen').with('value' => '0.0.0.0') is_expected.to contain_nova_config('DEFAULT/osapi_compute_workers').with('value' => '5') - is_expected.to contain_nova_config('DEFAULT/ec2_workers').with('value' => '5') is_expected.to contain_nova_config('DEFAULT/metadata_workers').with('value' => '5') is_expected.to contain_nova_config('DEFAULT/default_floating_pool').with('value' => 'nova') is_expected.to contain_nova_config('DEFAULT/fping_path').with('value' => '/usr/sbin/fping') @@ -103,7 +100,6 @@ :metadata_listen => '127.0.0.1', :metadata_listen_port => 8875, :osapi_compute_listen_port => 8874, - :ec2_listen_port => 8873, :volume_api_class => 'nova.volume.cinder.API', :use_forwarded_for => false, :ratelimits => '(GET, "*", .*, 100, MINUTE);(POST, "*", .*, 200, MINUTE)', @@ -112,7 +108,6 @@ :metadata_workers => 2, :default_floating_pool => 'public', :osapi_v3 => true, - :keystone_ec2_url => 'https://example.com:5000/v2.0/ec2tokens', :pci_alias => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]" }) end @@ -156,8 +151,6 @@ end it 'configures various stuff' do - is_expected.to contain_nova_config('DEFAULT/ec2_listen').with('value' => '192.168.56.210') - is_expected.to contain_nova_config('DEFAULT/ec2_listen_port').with('value' => '8873') is_expected.to contain_nova_config('DEFAULT/osapi_compute_listen').with('value' => '192.168.56.210') is_expected.to contain_nova_config('DEFAULT/osapi_compute_listen_port').with('value' => '8874') is_expected.to contain_nova_config('DEFAULT/metadata_listen').with('value' => '127.0.0.1') @@ -169,7 +162,6 @@ is_expected.to contain_nova_config('DEFAULT/default_floating_pool').with('value' => 'public') is_expected.to contain_nova_config('neutron/service_metadata_proxy').with('value' => true) is_expected.to contain_nova_config('neutron/metadata_proxy_shared_secret').with('value' => 'secrete') - is_expected.to contain_nova_config('DEFAULT/keystone_ec2_url').with('value' => 'https://example.com:5000/v2.0/ec2tokens') end it 'configure nova api v3' do diff --git a/nova/spec/classes/nova_init_spec.rb b/nova/spec/classes/nova_init_spec.rb index dd98db699..42155d0a2 100644 --- a/nova/spec/classes/nova_init_spec.rb +++ b/nova/spec/classes/nova_init_spec.rb @@ -461,14 +461,14 @@ let :params do { :use_ssl => true, - :enabled_ssl_apis => ['ec2', 'osapi_compute'], + :enabled_ssl_apis => ['osapi_compute'], :cert_file => '/path/to/cert', :ca_file => '/path/to/ca', :key_file => '/path/to/key', } end - it { is_expected.to contain_nova_config('DEFAULT/enabled_ssl_apis').with_value('ec2,osapi_compute') } + it { is_expected.to contain_nova_config('DEFAULT/enabled_ssl_apis').with_value('osapi_compute') } it { is_expected.to contain_nova_config('DEFAULT/ssl_ca_file').with_value('/path/to/ca') } it { is_expected.to contain_nova_config('DEFAULT/ssl_cert_file').with_value('/path/to/cert') } it { is_expected.to contain_nova_config('DEFAULT/ssl_key_file').with_value('/path/to/key') } @@ -478,7 +478,7 @@ let :params do { :use_ssl => true, - :enabled_ssl_apis => ['ec2'], + :enabled_ssl_apis => ['osapi_compute'], :ca_file => '/path/to/ca', :key_file => '/path/to/key', } diff --git a/nova/spec/classes/nova_keystone_auth_spec.rb b/nova/spec/classes/nova_keystone_auth_spec.rb index 9ec6c8355..4eb0a622d 100644 --- a/nova/spec/classes/nova_keystone_auth_spec.rb +++ b/nova/spec/classes/nova_keystone_auth_spec.rb @@ -16,11 +16,7 @@ :admin_url => 'http://127.0.0.1:8774/v2/%(tenant_id)s', :public_url_v3 => 'http://127.0.0.1:8774/v3', :internal_url_v3 => 'http://127.0.0.1:8774/v3', - :admin_url_v3 => 'http://127.0.0.1:8774/v3', - :configure_ec2_endpoint => true, - :ec2_public_url => 'http://127.0.0.1:8773/services/Cloud', - :ec2_internal_url => 'http://127.0.0.1:8773/services/Cloud', - :ec2_admin_url => 'http://127.0.0.1:8773/services/Admin' } + :admin_url_v3 => 'http://127.0.0.1:8774/v3' } end context 'with default parameters' do @@ -35,45 +31,31 @@ :roles => ['admin'] )} - it { is_expected.to contain_keystone_service('nova').with( - :ensure => 'present', - :type => 'compute', + it { is_expected.to contain_keystone_service('nova::compute').with( + :ensure => 'present', :description => 'Openstack Compute Service' )} - it { is_expected.to contain_keystone_service('novav3').with( - :ensure => 'present', - :type => 'computev3', + it { is_expected.to contain_keystone_service('novav3::computev3').with( + :ensure => 'present', :description => 'Openstack Compute Service v3' )} - it { is_expected.to contain_keystone_service('nova_ec2').with( - :ensure => 'present', - :type => 'ec2', - :description => 'EC2 Service' - )} - it { is_expected.to contain_keystone_endpoint('RegionOne/nova').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/nova::compute').with( :ensure => 'present', :public_url => 'http://127.0.0.1:8774/v2/%(tenant_id)s', :admin_url => 'http://127.0.0.1:8774/v2/%(tenant_id)s', :internal_url => 'http://127.0.0.1:8774/v2/%(tenant_id)s' )} - it { is_expected.to contain_keystone_endpoint('RegionOne/novav3').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/novav3::computev3').with( :ensure => 'present', :public_url => 'http://127.0.0.1:8774/v3', :admin_url => 'http://127.0.0.1:8774/v3', :internal_url => 'http://127.0.0.1:8774/v3' )} - it { is_expected.to contain_keystone_endpoint('RegionOne/nova_ec2').with( - :ensure => 'present', - :public_url => 'http://127.0.0.1:8773/services/Cloud', - :admin_url => 'http://127.0.0.1:8773/services/Admin', - :internal_url => 'http://127.0.0.1:8773/services/Cloud' - )} - end context 'when setting auth name' do @@ -91,18 +73,11 @@ :roles => ['admin'] )} - it { is_expected.to contain_keystone_service('foo').with( + it { is_expected.to contain_keystone_service('foo::compute').with( :ensure => 'present', - :type => 'compute', :description => 'Openstack Compute Service' )} - it { is_expected.to contain_keystone_service('foo_ec2').with( - :ensure => 'present', - :type => 'ec2', - :description => 'EC2 Service' - )} - end context 'when setting auth_name and auth_name_v3 the same' do @@ -117,8 +92,8 @@ it { is_expected.to contain_keystone_user('thesame').with(:ensure => 'present') } it { is_expected.to contain_keystone_user_role('thesame@services').with(:ensure => 'present') } - it { is_expected.to contain_keystone_service('nova').with(:ensure => 'present') } - it { is_expected.to contain_keystone_service('novav3').with(:ensure => 'present') } + it { is_expected.to contain_keystone_service('nova::compute').with(:ensure => 'present') } + it { is_expected.to contain_keystone_service('novav3::computev3').with(:ensure => 'present') } end @@ -145,7 +120,7 @@ end it do - expect { is_expected.to contain_keystone_service('nova') }.to raise_error(Puppet::Error, /service_name and service_name_v3 must be different/) + expect { is_expected.to contain_keystone_service('nova::compute') }.to raise_error(Puppet::Error, /service_name and service_name_v3 must be different/) end end @@ -160,32 +135,23 @@ :public_url_v3 => 'https://10.0.3.1:9774/v3', :internal_url_v3 => 'https://10.0.3.3:9774/v3', :admin_url_v3 => 'https://10.0.3.2:9774/v3', - :ec2_public_url => 'https://10.0.9.1:9773/services/Cloud', - :ec2_internal_url => 'https://10.0.9.2:9773/services/Cloud', - :ec2_admin_url => 'https://10.0.9.3:9773/services/Admin', ) end - it { is_expected.to contain_keystone_endpoint('RegionTwo/nova').with( + it { is_expected.to contain_keystone_endpoint('RegionTwo/nova::compute').with( :ensure => 'present', :public_url => params[:public_url], :internal_url => params[:internal_url], :admin_url => params[:admin_url] )} - it { is_expected.to contain_keystone_endpoint('RegionTwo/novav3').with( + it { is_expected.to contain_keystone_endpoint('RegionTwo/novav3::computev3').with( :ensure => 'present', :public_url => params[:public_url_v3], :internal_url => params[:internal_url_v3], :admin_url => params[:admin_url_v3] )} - it { is_expected.to contain_keystone_endpoint('RegionTwo/nova_ec2').with( - :ensure => 'present', - :public_url => params[:ec2_public_url], - :internal_url => params[:ec2_internal_url], - :admin_url => params[:ec2_admin_url] - )} end context 'when providing deprecated endpoint parameters' do @@ -195,7 +161,6 @@ :admin_address => '10.0.0.2', :internal_address => '10.0.0.3', :compute_port => '9774', - :ec2_port => '9773', :compute_version => 'v2.2', :region => 'RegionTwo', :admin_protocol => 'https', @@ -204,19 +169,13 @@ ) end - it { is_expected.to contain_keystone_endpoint('RegionTwo/nova').with( + it { is_expected.to contain_keystone_endpoint('RegionTwo/nova::compute').with( :ensure => 'present', :public_url => 'https://10.0.0.1:9774/v2.2/%(tenant_id)s', :admin_url => 'https://10.0.0.2:9774/v2.2/%(tenant_id)s', :internal_url => 'https://10.0.0.3:9774/v2.2/%(tenant_id)s' )} - it { is_expected.to contain_keystone_endpoint('RegionTwo/nova_ec2').with( - :ensure => 'present', - :public_url => 'https://10.0.0.1:9773/services/Cloud', - :admin_url => 'https://10.0.0.2:9773/services/Admin', - :internal_url => 'https://10.0.0.3:9773/services/Cloud' - )} end describe 'when disabling endpoint configuration' do @@ -224,16 +183,7 @@ params.merge!( :configure_endpoint => false ) end - it { is_expected.to_not contain_keystone_endpoint('RegionOne/nova') } - end - - describe 'when disabling EC2 endpoint' do - before do - params.merge!( :configure_ec2_endpoint => false ) - end - - it { is_expected.to_not contain_keystone_service('nova_ec2') } - it { is_expected.to_not contain_keystone_endpoint('RegionOne/nova_ec2') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/nova::compute') } end describe 'when disabling user configuration' do @@ -243,9 +193,8 @@ it { is_expected.to_not contain_keystone_user('nova') } it { is_expected.to contain_keystone_user_role('nova@services') } - it { is_expected.to contain_keystone_service('nova').with( - :ensure => 'present', - :type => 'compute', + it { is_expected.to contain_keystone_service('nova::compute').with( + :ensure => 'present', :description => 'Openstack Compute Service' )} end @@ -261,9 +210,8 @@ it { is_expected.to_not contain_keystone_user('nova') } it { is_expected.to_not contain_keystone_user_role('nova@services') } - it { is_expected.to contain_keystone_service('nova').with( - :ensure => 'present', - :type => 'compute', + it { is_expected.to contain_keystone_service('nova::compute').with( + :ensure => 'present', :description => 'Openstack Compute Service' )} end @@ -284,7 +232,7 @@ } end - it { is_expected.to contain_keystone_endpoint('RegionOne/nova').with_notify(['Service[nova-api]']) } + it { is_expected.to contain_keystone_endpoint('RegionOne/nova::compute').with_notify(['Service[nova-api]']) } end describe 'when overriding service names' do @@ -299,12 +247,10 @@ it { is_expected.to contain_keystone_user('nova') } it { is_expected.to contain_keystone_user_role('nova@services') } - it { is_expected.to contain_keystone_service('nova_service') } - it { is_expected.to contain_keystone_service('nova_service_v3') } - it { is_expected.to contain_keystone_service('nova_service_ec2') } - it { is_expected.to contain_keystone_endpoint('RegionOne/nova_service') } - it { is_expected.to contain_keystone_endpoint('RegionOne/nova_service_v3') } - it { is_expected.to contain_keystone_endpoint('RegionOne/nova_service_ec2') } + it { is_expected.to contain_keystone_service('nova_service::compute') } + it { is_expected.to contain_keystone_service('nova_service_v3::computev3') } + it { is_expected.to contain_keystone_endpoint('RegionOne/nova_service::compute') } + it { is_expected.to contain_keystone_endpoint('RegionOne/nova_service_v3::computev3') } end diff --git a/openstacklib/README.md b/openstacklib/README.md index c3fa726e3..e30b3f2da 100644 --- a/openstacklib/README.md +++ b/openstacklib/README.md @@ -30,8 +30,7 @@ The openstacklib module is a library module for other Openstack modules to utilize. A thorough description will be added later. This module is tested in combination with other modules needed to build and -leverage an entire Openstack software stack. These modules can be found, all -pulled together in the [openstack module](https://github.com/stackforge/puppet-openstack). +leverage an entire Openstack software stack. Setup ----- diff --git a/openstacklib/lib/puppet/parser/functions/os_database_connection.rb b/openstacklib/lib/puppet/parser/functions/os_database_connection.rb index 8764f1b8f..4cc428d94 100644 --- a/openstacklib/lib/puppet/parser/functions/os_database_connection.rb +++ b/openstacklib/lib/puppet/parser/functions/os_database_connection.rb @@ -22,8 +22,9 @@ end v.keys.each do |key| - unless (v[key].class == String) or (v[key] == :undef) - raise(Puppet::ParseError, "os_database_connection(): #{key} should be a String") + klass = (key == 'extra') ? Hash : String + unless (v[key].class == klass) or (v[key] == :undef) + raise(Puppet::ParseError, "os_database_connection(): #{key} should be a #{klass}") end end @@ -56,10 +57,18 @@ end end + # support previous charset option on the function. Setting charset will + # override charset if passed in via the extra parameters if v.include?('charset') - parts[:query] = "charset=#{v['charset']}" + if v.include?('extra') + v['extra'].merge!({ 'charset' => v['charset'] }) + else + v['extra'] = { 'charset' => v['charset'] } + end end + parts[:query] = v['extra'].map{ |k,v| "#{k}=#{v}" }.join('&') if v.include?('extra') + parts[:scheme] = v['dialect'] if v.include?('host') diff --git a/openstacklib/lib/puppet/provider/openstack.rb b/openstacklib/lib/puppet/provider/openstack.rb index f71019937..5e40c0904 100644 --- a/openstacklib/lib/puppet/provider/openstack.rb +++ b/openstacklib/lib/puppet/provider/openstack.rb @@ -1,5 +1,6 @@ require 'csv' require 'puppet' +require 'timeout' class Puppet::Error::OpenstackAuthInputError < Puppet::Error end @@ -10,7 +11,49 @@ class Puppet::Error::OpenstackUnauthorizedError < Puppet::Error class Puppet::Provider::Openstack < Puppet::Provider initvars # so commands will work - commands :openstack => 'openstack' + commands :openstack_command => 'openstack' + + # this actions are not idempotent and retries can cause + # duplications or endless loops + def self.no_retry_actions + %w(create remove delete) + end + + # timeout the openstack command + # after this number of seconds + # retry the command until the request_timeout + def self.command_timeout + 20 + end + + # timeout the entire request with error + # after this number of seconds + def self.request_timeout + 60 + end + + # sleep for this number of seconds + # between command retries + def self.retry_sleep + 3 + end + + # run the openstack command + # with command_timeout + def self.openstack(*args) + begin + Timeout.timeout(command_timeout) do + openstack_command *args + end + rescue Timeout::Error + raise Puppet::ExecutionFailure, "Command: 'openstack #{args.inspect}' has been running for more then #{command_timeout} seconds!" + end + end + + # get the current timestamp + def self.current_time + Time.now.to_i + end # Returns an array of hashes, where the keys are the downcased CSV headers # with underscores instead of spaces @@ -18,14 +61,15 @@ def self.request(service, action, properties, credentials=nil) env = credentials ? credentials.to_env : {} Puppet::Util.withenv(env) do rv = nil - timeout = 10 - end_time = Time.now.to_i + timeout + end_time = current_time + request_timeout loop do begin - if(action == 'list') + if action == 'list' + # shell output is: + # ID,Name,Description,Enabled response = openstack(service, action, '--quiet', '--format', 'csv', properties) response = parse_csv(response) - keys = response.delete_at(0) # ID,Name,Description,Enabled + keys = response.delete_at(0) rv = response.collect do |line| hash = {} keys.each_index do |index| @@ -34,12 +78,15 @@ def self.request(service, action, properties, credentials=nil) end hash end - elsif(action == 'show' || action == 'create') + elsif action == 'show' or action == 'create' rv = {} - # shell output is name="value"\nid="value2"\ndescription="value3" etc. + # shell output is: + # name="value1" + # id="value2" + # description="value3" openstack(service, action, '--format', 'shell', properties).split("\n").each do |line| # key is everything before the first "=" - key, val = line.split("=", 2) + key, val = line.split('=', 2) next unless val # Ignore warnings # value is everything after the first "=", with leading and trailing double quotes stripped val = val.gsub(/\A"|"\Z/, '') @@ -49,24 +96,13 @@ def self.request(service, action, properties, credentials=nil) rv = openstack(service, action, properties) end break - rescue Puppet::ExecutionFailure => e - if e.message =~ /HTTP 40[13]/ - raise(Puppet::Error::OpenstackUnauthorizedError, 'Could not authenticate.') - elsif e.message =~ /Unable to establish connection/ - current_time = Time.now.to_i - if current_time > end_time - break - else - wait = end_time - current_time - Puppet::debug("Non-fatal error: \"#{e.message}\"; retrying for #{wait} more seconds.") - if wait > timeout - 2 # Only notice the first time - notice("#{service} service is unavailable. Will retry for up to #{wait} seconds.") - end - end - sleep(2) - else - raise e - end + rescue Puppet::ExecutionFailure => exception + raise Puppet::Error::OpenstackUnauthorizedError, 'Could not authenticate' if exception.message =~ /HTTP 40[13]/ + raise exception if current_time > end_time + debug "Non-fatal error: '#{exception.message}'. Retrying for #{end_time - current_time} more seconds" + raise exception if no_retry_actions.include? action + sleep retry_sleep + retry end end return rv diff --git a/openstacklib/spec/functions/os_database_connection_spec.rb b/openstacklib/spec/functions/os_database_connection_spec.rb index 62d03f21a..f45db924b 100644 --- a/openstacklib/spec/functions/os_database_connection_spec.rb +++ b/openstacklib/spec/functions/os_database_connection_spec.rb @@ -22,12 +22,22 @@ and_raise_error(Puppet::ParseError, /Wrong number of arguments/) end + it 'refuses extra params passed as String' do + is_expected.to run.with_params({ + 'dialect' => 'sqlite', + 'database' => '/var/lib/keystone/keystone.db', + 'host' => '127.0.0.1', + 'port' => '3306', + 'extra' => 'charset=utf-8' + }).and_raise_error(Puppet::ParseError, /extra should be a Hash/) + end + it 'fails if port is provided with missing host' do is_expected.to run.with_params({ 'dialect' => 'sqlite', 'database' => '/var/lib/keystone/keystone.db', 'port' => '3306', - 'charset' => 'utf-8' + 'extra' => { 'charset' => 'utf-8' } }).and_raise_error(Puppet::ParseError, /host is required with port/) end @@ -41,8 +51,21 @@ 'database' => 'test', 'username' => 'guest', 'password' => 's3cr3t', - 'charset' => 'utf-8' - }).and_return('mysql://guest:s3cr3t@127.0.0.1:3306/test?charset=utf-8') + 'extra' => { 'charset' => 'utf-8', 'read_timeout' => '60' } + }).and_return('mysql://guest:s3cr3t@127.0.0.1:3306/test?charset=utf-8&read_timeout=60') + end + + it 'with all parameters and charset set' do + is_expected.to run.with_params({ + 'dialect' => 'mysql', + 'host' => '127.0.0.1', + 'port' => '3306', + 'database' => 'test', + 'username' => 'guest', + 'password' => 's3cr3t', + 'charset' => 'utf-8', + 'extra' => { 'charset' => 'latin1', 'read_timeout' => '60' } + }).and_return('mysql://guest:s3cr3t@127.0.0.1:3306/test?charset=utf-8&read_timeout=60') end it 'without port' do @@ -52,7 +75,7 @@ 'database' => 'test', 'username' => 'guest', 'password' => 's3cr3t', - 'charset' => 'utf-8' + 'extra' => { 'charset' => 'utf-8' } }).and_return('mysql://guest:s3cr3t@127.0.0.1/test?charset=utf-8') end @@ -60,7 +83,7 @@ is_expected.to run.with_params({ 'dialect' => 'sqlite', 'database' => '/var/lib/keystone/keystone.db', - 'charset' => 'utf-8' + 'extra' => { 'charset' => 'utf-8' } }).and_return('sqlite:////var/lib/keystone/keystone.db?charset=utf-8') end @@ -70,7 +93,7 @@ 'host' => '127.0.0.1', 'port' => '3306', 'database' => 'test', - 'charset' => 'utf-8' + 'extra' => { 'charset' => 'utf-8' } }).and_return('mysql://127.0.0.1:3306/test?charset=utf-8') end @@ -81,7 +104,7 @@ 'port' => '3306', 'database' => 'test', 'username' => :undef, - 'charset' => 'utf-8' + 'extra' => { 'charset' => 'utf-8' } }).and_return('mysql://127.0.0.1:3306/test?charset=utf-8') end @@ -92,7 +115,7 @@ 'port' => '3306', 'database' => 'test', 'username' => '', - 'charset' => 'utf-8' + 'extra' => { 'charset' => 'utf-8' } }).and_return('mysql://127.0.0.1:3306/test?charset=utf-8') end @@ -103,7 +126,7 @@ 'port' => '3306', 'database' => 'test', 'username' => 'guest', - 'charset' => 'utf-8' + 'extra' => { 'charset' => 'utf-8' } }).and_return('mysql://guest@127.0.0.1:3306/test?charset=utf-8') end @@ -115,7 +138,7 @@ 'database' => 'test', 'username' => 'guest', 'password' => :undef, - 'charset' => 'utf-8' + 'extra' => { 'charset' => 'utf-8' } }).and_return('mysql://guest@127.0.0.1:3306/test?charset=utf-8') end @@ -127,7 +150,7 @@ 'database' => 'test', 'username' => 'guest', 'password' => '', - 'charset' => 'utf-8' + 'extra' => { 'charset' => 'utf-8' } }).and_return('mysql://guest@127.0.0.1:3306/test?charset=utf-8') end end diff --git a/openstacklib/spec/unit/provider/openstack_spec.rb b/openstacklib/spec/unit/provider/openstack_spec.rb index 35a1d4bb3..5f2fd9f83 100644 --- a/openstacklib/spec/unit/provider/openstack_spec.rb +++ b/openstacklib/spec/unit/provider/openstack_spec.rb @@ -4,10 +4,10 @@ describe Puppet::Provider::Openstack do before(:each) do - ENV['OS_USERNAME'] = nil - ENV['OS_PASSWORD'] = nil + ENV['OS_USERNAME'] = nil + ENV['OS_PASSWORD'] = nil ENV['OS_PROJECT_NAME'] = nil - ENV['OS_AUTH_URL'] = nil + ENV['OS_AUTH_URL'] = nil end let(:type) do @@ -17,10 +17,37 @@ end end + let(:credentials) do + credentials = mock('credentials') + credentials.stubs(:to_env).returns({ + 'OS_USERNAME' => 'user', + 'OS_PASSWORD' => 'password', + 'OS_PROJECT_NAME' => 'project', + 'OS_AUTH_URL' => 'http://url', + }) + credentials + end + + let(:list_data) do + <<-eos +"ID","Name","Description","Enabled" +"1cb05cfed7c24279be884ba4f6520262","test","Test tenant",True + eos + end + + let(:show_data) do + <<-eos +description="Test tenant" +enabled="True" +id="1cb05cfed7c24279be884ba4f6520262" +name="test" + eos + end + describe '#request' do let(:resource_attrs) do { - :name => 'stubresource', + :name => 'stubresource', } end @@ -28,30 +55,72 @@ Puppet::Provider::Openstack.new(type.new(resource_attrs)) end - it 'makes a successful request' do - provider.class.stubs(:openstack) - .with('project', 'list', '--quiet', '--format', 'csv', ['--long']) - .returns('"ID","Name","Description","Enabled" -"1cb05cfed7c24279be884ba4f6520262","test","Test tenant",True -') + it 'makes a successful list request' do + provider.class.expects(:openstack) + .with('project', 'list', '--quiet', '--format', 'csv', ['--long']) + .returns list_data response = Puppet::Provider::Openstack.request('project', 'list', ['--long']) - expect(response.first[:description]).to eq("Test tenant") + expect(response.first[:description]).to eq 'Test tenant' + end + + it 'makes a successful show request' do + provider.class.expects(:openstack) + .with('project', 'show', '--format', 'shell', ['1cb05cfed7c24279be884ba4f6520262']) + .returns show_data + response = Puppet::Provider::Openstack.request('project', 'show', ['1cb05cfed7c24279be884ba4f6520262']) + expect(response[:description]).to eq 'Test tenant' + end + + it 'makes a successful set request' do + provider.class.expects(:openstack) + .with('project', 'set', ['--name', 'new name', '1cb05cfed7c24279be884ba4f6520262']) + .returns '' + response = Puppet::Provider::Openstack.request('project', 'set', ['--name', 'new name', '1cb05cfed7c24279be884ba4f6520262']) + expect(response).to eq '' + end + + it 'uses provided credentials' do + Puppet::Util.expects(:withenv).with(credentials.to_env) + Puppet::Provider::Openstack.request('project', 'list', ['--long'], credentials) end context 'on connection errors' do - it 'retries' do - ENV['OS_USERNAME'] = 'test' - ENV['OS_PASSWORD'] = 'abc123' - ENV['OS_PROJECT_NAME'] = 'test' - ENV['OS_AUTH_URL'] = 'http://127.0.0.1:5000' + it 'retries the failed command' do provider.class.stubs(:openstack) - .with('project', 'list', '--quiet', '--format', 'csv', ['--long']) - .raises(Puppet::ExecutionFailure, 'Unable to establish connection') - .then - .returns('') - provider.class.expects(:sleep).with(2).returns(nil) - Puppet::Provider::Openstack.request('project', 'list', ['--long']) + .with('project', 'list', '--quiet', '--format', 'csv', ['--long']) + .raises(Puppet::ExecutionFailure, 'Unable to establish connection') + .then + .returns list_data + provider.class.expects(:sleep).with(3).returns(nil) + response = Puppet::Provider::Openstack.request('project', 'list', ['--long']) + expect(response.first[:description]).to eq 'Test tenant' end + + it 'fails after the timeout' do + provider.class.expects(:openstack) + .with('project', 'list', '--quiet', '--format', 'csv', ['--long']) + .raises(Puppet::ExecutionFailure, 'Unable to establish connection') + .times(3) + provider.class.stubs(:sleep) + provider.class.stubs(:current_time) + .returns(0, 10, 10, 20, 20, 100, 100) + expect do + Puppet::Provider::Openstack.request('project', 'list', ['--long']) + end.to raise_error Puppet::ExecutionFailure, /Unable to establish connection/ + end + + it 'does not retry non-idempotent commands' do + provider.class.expects(:openstack) + .with('project', 'create', '--format', 'shell', ['--quiet']) + .raises(Puppet::ExecutionFailure, 'Unable to establish connection') + .then + .returns list_data + provider.class.expects(:sleep).never + expect do + Puppet::Provider::Openstack.request('project', 'create', ['--quiet']) + end.to raise_error Puppet::ExecutionFailure, /Unable to establish connection/ + end + end context 'catch unauthorized errors' do @@ -85,7 +154,7 @@ csv = Puppet::Provider::Openstack.parse_csv(text) it 'should ignore non-CSV text at the beginning of the input' do expect(csv).to be_kind_of(Array) - expect(csv[0]).to match_array(['field', 'test', '1', '2', '3']) + expect(csv[0]).to match_array(%w(field test 1 2 3)) expect(csv.size).to eq(1) end end @@ -95,7 +164,7 @@ csv = Puppet::Provider::Openstack.parse_csv(text) it 'ignore the carriage returns' do expect(csv).to be_kind_of(Array) - expect(csv[0]).to match_array(['field', 'test', '1', '2', '3']) + expect(csv[0]).to match_array(%w(field test 1 2 3)) expect(csv.size).to eq(1) end end diff --git a/sahara/spec/classes/sahara_keystone_auth_spec.rb b/sahara/spec/classes/sahara_keystone_auth_spec.rb index a22bc3a9a..1eaf5a9ea 100644 --- a/sahara/spec/classes/sahara_keystone_auth_spec.rb +++ b/sahara/spec/classes/sahara_keystone_auth_spec.rb @@ -25,13 +25,12 @@ :roles => ['admin'] )} - it { is_expected.to contain_keystone_service('sahara').with( + it { is_expected.to contain_keystone_service('sahara::data-processing').with( :ensure => 'present', - :type => 'data-processing', :description => 'Sahara Data Processing' ) } - it { is_expected.to contain_keystone_endpoint('RegionOne/sahara').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/sahara::data-processing').with( :ensure => 'present', :public_url => "http://127.0.0.1:8386/v1.1/%(tenant_id)s", :admin_url => "http://127.0.0.1:8386/v1.1/%(tenant_id)s", @@ -58,7 +57,7 @@ :admin_url => 'http://10.10.10.12:81/v1.1/%(tenant_id)s' } end - it { is_expected.to contain_keystone_endpoint('RegionOne/sahara').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/sahara::data-processing').with( :ensure => 'present', :public_url => 'https://10.10.10.10:80/v1.1/%(tenant_id)s', :internal_url => 'http://10.10.10.11:81/v1.1/%(tenant_id)s', @@ -74,7 +73,7 @@ it { is_expected.to contain_keystone_user('saharay') } it { is_expected.to contain_keystone_user_role('saharay@services') } - it { is_expected.to contain_keystone_service('saharay') } - it { is_expected.to contain_keystone_endpoint('RegionOne/saharay') } + it { is_expected.to contain_keystone_service('saharay::data-processing') } + it { is_expected.to contain_keystone_endpoint('RegionOne/saharay::data-processing') } end end diff --git a/swift/lib/puppet/provider/service/swiftinit.rb b/swift/lib/puppet/provider/service/swiftinit.rb index 6bbab6a8d..e46a315cf 100644 --- a/swift/lib/puppet/provider/service/swiftinit.rb +++ b/swift/lib/puppet/provider/service/swiftinit.rb @@ -53,11 +53,16 @@ def refresh end end - # Returns service enabled status using systemctl on Redhat/Debian - # and using presence of init file on Ubuntu. + # Returns service enabled status first checking for init/systemd file + # presence then checking if file content matches this provider and not + # distro provided. Also on Redhat/Debian checks systemctl status. def enabled? if Facter.value(:operatingsystem) != 'Ubuntu' if Puppet::FileSystem.exist?("/etc/systemd/system/#{resource[:pattern]}.service") + current_conf = File.read("/etc/systemd/system/#{resource[:pattern]}.service") + if !current_conf.eql? systemd_template + return :false + end if systemctl_run('is-enabled', [resource[:pattern]], false).exitstatus == 0 return :true end @@ -66,7 +71,10 @@ def enabled? end elsif Facter.value(:operatingsystem) == 'Ubuntu' if Puppet::FileSystem.exist?("/etc/init/#{resource[:pattern]}.conf") - return :true + current_conf = File.read("/etc/init/#{resource[:pattern]}.conf") + if current_conf.eql? upstart_template + return :true + end else return :false end diff --git a/swift/manifests/init.pp b/swift/manifests/init.pp index a7ebb135a..3098eb33e 100644 --- a/swift/manifests/init.pp +++ b/swift/manifests/init.pp @@ -55,7 +55,8 @@ ensure => directory, } user {'swift': - ensure => present, + ensure => present, + require => Package['swift'], } file { '/var/lib/swift': ensure => directory, diff --git a/swift/manifests/ringbuilder/create.pp b/swift/manifests/ringbuilder/create.pp index 1fde2cf69..68e4dd6b2 100644 --- a/swift/manifests/ringbuilder/create.pp +++ b/swift/manifests/ringbuilder/create.pp @@ -11,13 +11,17 @@ # Optional. Defaults to 3 # [*min_part_hours*] Time before a partition can be moved. # Optional. Defaults to 24. +# [*user*] User to run as +# Optional. Defaults to 'swift' # + # == Examples # # swift::ringbuilder::create { 'account': # part_power => 19, # replicas => 5, # min_part_hours => 1, +# user => 'swift', # } # # == Authors @@ -31,7 +35,8 @@ define swift::ringbuilder::create( $part_power = 18, $replicas = 3, - $min_part_hours = 24 + $min_part_hours = 24, + $user = 'swift' ) { validate_re($name, '^object|container|account$') @@ -39,6 +44,7 @@ exec { "create_${name}": command => "swift-ring-builder /etc/swift/${name}.builder create ${part_power} ${replicas} ${min_part_hours}", path => ['/usr/bin'], + user => $user, creates => "/etc/swift/${name}.builder", } diff --git a/swift/manifests/storage/account.pp b/swift/manifests/storage/account.pp index e4c41aebb..c21bb977a 100644 --- a/swift/manifests/storage/account.pp +++ b/swift/manifests/storage/account.pp @@ -35,7 +35,6 @@ ) inherits ::swift::params { Swift_config<| |> ~> Service['swift-account-reaper'] - Swift_config<| |> ~> Service['swift-account-auditor'] swift::storage::generic { 'account': manage_service => $manage_service, @@ -43,7 +42,7 @@ package_ensure => $package_ensure, config_file_name => $config_file_name, service_provider => $service_provider -} + } if $manage_service { if $enabled { @@ -61,13 +60,4 @@ service_provider => $service_provider, require => Package['swift-account'], } - - swift::service { 'swift-account-auditor': - os_family_service_name => $::swift::params::account_auditor_service_name, - service_ensure => $service_ensure, - enabled => $enabled, - config_file_name => $config_file_name, - service_provider => $service_provider, - require => Package['swift-account'], - } } diff --git a/swift/manifests/storage/all.pp b/swift/manifests/storage/all.pp index 1064b9e1b..84d9e30bf 100644 --- a/swift/manifests/storage/all.pp +++ b/swift/manifests/storage/all.pp @@ -36,7 +36,7 @@ # [*mount_check*] # (optional) Whether or not check if the devices are mounted # to prevent accidentally writing to the root device -# Defaults to false. Soon to be changed to 'true' to match Swift defaults. +# Defaults to true. # # [*account_pipeline*] # (optional) Specify the account pipeline @@ -64,13 +64,11 @@ # Defaults to true. # # [*incoming_chmod*] Incoming chmod to set in the rsync server. -# Optional. Defaults to 0644 for maintaining backwards compatibility. -# *NOTE*: Recommended parameter: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' +# Optional. Defaults to 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' # This mask translates to 0755 for directories and 0644 for files. # # [*outgoing_chmod*] Outgoing chmod to set in the rsync server. -# Optional. Defaults to 0644 for maintaining backwards compatibility. -# *NOTE*: Recommended parameter: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' +# Optional. Defaults to 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' # This mask translates to 0755 for directories and 0644 for files. # class swift::storage::all( @@ -82,25 +80,17 @@ $object_pipeline = undef, $container_pipeline = undef, $allow_versions = false, - $mount_check = undef, + $mount_check = true, $account_pipeline = undef, $log_facility = 'LOG_LOCAL2', $log_level = 'INFO', $log_udp_host = undef, $log_udp_port = undef, $log_requests = true, - $incoming_chmod = '0644', - $outgoing_chmod = '0644', + $incoming_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', + $outgoing_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', ) { - if (!$mount_check) { - warning('The default for the mount_check parameter will change from false to true in the next release to match upstream. To disable this warning, set mount_check=false.') - $mount_check_real = false - } - else { - $mount_check_real = $mount_check - } - class { '::swift::storage': storage_local_net_ip => $storage_local_net_ip, } @@ -108,7 +98,7 @@ Swift::Storage::Server { devices => $devices, storage_local_net_ip => $storage_local_net_ip, - mount_check => $mount_check_real, + mount_check => $mount_check, log_level => $log_level, log_udp_host => $log_udp_host, log_udp_port => $log_udp_port, diff --git a/swift/manifests/storage/container.pp b/swift/manifests/storage/container.pp index 82eaee67c..067bcb3f9 100644 --- a/swift/manifests/storage/container.pp +++ b/swift/manifests/storage/container.pp @@ -41,7 +41,6 @@ ) inherits ::swift::params { Swift_config<| |> ~> Service['swift-container-updater'] - Swift_config<| |> ~> Service['swift-container-auditor'] swift::storage::generic { 'container': manage_service => $manage_service, @@ -68,15 +67,6 @@ require => Package['swift-container'], } - swift::service { 'swift-container-auditor': - os_family_service_name => $::swift::params::container_auditor_service_name, - service_ensure => $service_ensure, - enabled => $enabled, - config_file_name => $config_file_name, - service_provider => $service_provider, - require => Package['swift-container'], - } - if $::osfamily == 'Debian' { swift::service { 'swift-container-sync': os_family_service_name => $::swift::params::container_sync_service_name, diff --git a/swift/manifests/storage/generic.pp b/swift/manifests/storage/generic.pp index 3d5be94c3..7dd849656 100644 --- a/swift/manifests/storage/generic.pp +++ b/swift/manifests/storage/generic.pp @@ -42,6 +42,8 @@ Class['swift::storage'] -> Swift::Storage::Generic[$name] Swift_config<| |> ~> Service["swift-${name}-server"] + Swift_config<| |> ~> Service["swift-${name}-auditor"] + Swift_config<| |> ~> Service["swift-${name}-replicator"] validate_re($name, '^object|container|account$') @@ -84,4 +86,13 @@ service_provider => $service_provider, subscribe => Package["swift-${name}"], } + + swift::service { "swift-${name}-auditor": + os_family_service_name => getvar("::swift::params::${name}_auditor_service_name"), + service_ensure => $service_ensure, + enabled => $enabled, + config_file_name => $config_file_name, + service_provider => $service_provider, + subscribe => Package["swift-${name}"], + } } diff --git a/swift/manifests/storage/object.pp b/swift/manifests/storage/object.pp index 9408236d0..c7e8e43f2 100644 --- a/swift/manifests/storage/object.pp +++ b/swift/manifests/storage/object.pp @@ -35,7 +35,6 @@ ) inherits ::swift::params { Swift_config<| |> ~> Service['swift-object-updater'] - Swift_config<| |> ~> Service['swift-object-auditor'] swift::storage::generic { 'object': manage_service => $manage_service, @@ -61,13 +60,4 @@ service_provider => $service_provider, require => Package['swift-object'], } - - swift::service { 'swift-object-auditor': - os_family_service_name => $::swift::params::object_auditor_service_name, - service_ensure => $service_ensure, - enabled => $enabled, - config_file_name => $config_file_name, - service_provider => $service_provider, - require => Package['swift-object'], - } } diff --git a/swift/manifests/storage/server.pp b/swift/manifests/storage/server.pp index fa5f0cfd0..580f69722 100644 --- a/swift/manifests/storage/server.pp +++ b/swift/manifests/storage/server.pp @@ -31,13 +31,11 @@ # Defaults to 25. # # [*incoming_chmod*] Incoming chmod to set in the rsync server. -# Optional. Defaults to 0644 for maintaining backwards compatibility. -# *NOTE*: Recommended parameter: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' +# Optional. Defaults to 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' # This mask translates to 0755 for directories and 0644 for files. # # [*outgoing_chmod*] Outgoing chmod to set in the rsync server. -# Optional. Defaults to 0644 for maintaining backwards compatibility. -# *NOTE*: Recommended parameter: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' +# Optional. Defaults to 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' # This mask translates to 0755 for directories and 0644 for files. # # [*pipeline*] @@ -47,7 +45,7 @@ # [*mount_check*] # (optional) Whether or not check if the devices are mounted to prevent accidentally # writing to the root device. -# Defaults to false. Soon to be changed to 'true' to match Swift defaults. +# Defaults to true. # # [*user*] # (optional) User to run as @@ -117,11 +115,11 @@ $devices = '/srv/node', $owner = 'swift', $group = 'swift', - $incoming_chmod = '0644', - $outgoing_chmod = '0644', + $incoming_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', + $outgoing_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', $max_connections = 25, $pipeline = ["${type}-server"], - $mount_check = undef, + $mount_check = true, $user = 'swift', $workers = '1', $allow_versions = false, @@ -147,14 +145,6 @@ warning('The default outgoing_chmod set to 0644 may yield in error prone directories and will be changed in a later release.') } - if (!$mount_check) { - warning('The default for the mount_check parameter will change from false to true in the next release to match upstream. To disable this warning, set mount_check=false.') - $mount_check_real = false - } - else { - $mount_check_real = $mount_check - } - # Warn if ${type-server} isn't included in the pipeline if is_array($pipeline) { if !member($pipeline, "${type}-server") { @@ -170,8 +160,6 @@ include "::swift::storage::${type}" - include ::concat::setup - validate_re($name, '^\d+$') validate_re($type, '^object|container|account$') validate_array($pipeline) diff --git a/swift/spec/classes/swift_keystone_auth_spec.rb b/swift/spec/classes/swift_keystone_auth_spec.rb index 7fc3c0e65..b4479c038 100644 --- a/swift/spec/classes/swift_keystone_auth_spec.rb +++ b/swift/spec/classes/swift_keystone_auth_spec.rb @@ -57,14 +57,14 @@ it { is_expected.to contain_keystone_role(role_name).with_ensure('present') } end - it { is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}").with( + it { is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}::object-store").with( :ensure => 'present', :public_url => params[:public_url], :admin_url => params[:admin_url], :internal_url => params[:internal_url], )} - it { is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}_s3").with( + it { is_expected.to contain_keystone_endpoint("#{params[:region]}/#{params[:auth_name]}_s3::s3").with( :ensure => 'present', :public_url => params[:public_url_s3], :admin_url => params[:admin_url_s3], @@ -76,7 +76,7 @@ params.merge!(:configure_endpoint => false) end - it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift::object-store') } end context 'when disabling S3 endpoint' do @@ -84,8 +84,8 @@ params.merge!(:configure_s3_endpoint => false) end - it { is_expected.to_not contain_keystone_service('swift_s3') } - it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift_s3') } + it { is_expected.to_not contain_keystone_service('swift_s3::s3') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/swift_s3::s3') } end end @@ -114,14 +114,14 @@ default_params.merge( params ) end - it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}").with( + it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}::object-store").with( :ensure => 'present', :public_url => "#{p[:public_protocol]}://#{p[:public_address]}:#{p[:public_port]}/v1/#{p[:endpoint_prefix]}_%(tenant_id)s", :admin_url => "#{p[:admin_protocol]}://#{p[:admin_address]}:#{p[:port]}", :internal_url => "#{p[:internal_protocol]}://#{p[:internal_address]}:#{p[:port]}/v1/#{p[:endpoint_prefix]}_%(tenant_id)s" )} - it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}_s3").with( + it { is_expected.to contain_keystone_endpoint("#{p[:region]}/#{p[:auth_name]}_s3::s3").with( :ensure => 'present', :public_url => "#{p[:public_protocol]}://#{p[:public_address]}:#{p[:port]}", :admin_url => "#{p[:admin_protocol]}://#{p[:admin_address]}:#{p[:port]}", @@ -146,13 +146,13 @@ :roles => ['admin'], )} - it { is_expected.to contain_keystone_service(p[:auth_name]).with( + it { is_expected.to contain_keystone_service("#{p[:auth_name]}::object-store").with( :ensure => 'present', :type => 'object-store', :description => 'Openstack Object-Store Service' )} - it { is_expected.to contain_keystone_service("#{p[:auth_name]}_s3").with( + it { is_expected.to contain_keystone_service("#{p[:auth_name]}_s3::s3").with( :ensure => 'present', :type => 's3', :description => 'Openstack S3 Service' @@ -192,12 +192,12 @@ is_expected.to contain_keystone_user_role('swift@services') end it 'configures correct service name' do - is_expected.to contain_keystone_service('swift_service') - is_expected.to contain_keystone_service('swift_service_s3') + is_expected.to contain_keystone_service('swift_service::object-store') + is_expected.to contain_keystone_service('swift_service_s3::s3') end it 'configures correct endpoint name' do - is_expected.to contain_keystone_endpoint('RegionOne/swift_service') - is_expected.to contain_keystone_endpoint('RegionOne/swift_service_s3') + is_expected.to contain_keystone_endpoint('RegionOne/swift_service::object-store') + is_expected.to contain_keystone_endpoint('RegionOne/swift_service_s3::s3') end end diff --git a/swift/spec/classes/swift_proxy_account_quotas_spec.rb b/swift/spec/classes/swift_proxy_account_quotas_spec.rb index 338978172..955996e29 100644 --- a/swift/spec/classes/swift_proxy_account_quotas_spec.rb +++ b/swift/spec/classes/swift_proxy_account_quotas_spec.rb @@ -27,8 +27,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_authtoken_spec.rb b/swift/spec/classes/swift_proxy_authtoken_spec.rb index a5feb3c7c..44ca437c2 100644 --- a/swift/spec/classes/swift_proxy_authtoken_spec.rb +++ b/swift/spec/classes/swift_proxy_authtoken_spec.rb @@ -7,10 +7,7 @@ end let :pre_condition do - ' - include concat::setup - concat { "/etc/swift/proxy-server.conf": } - ' + 'concat { "/etc/swift/proxy-server.conf": }' end describe 'when using the default signing directory' do diff --git a/swift/spec/classes/swift_proxy_bulk_spec.rb b/swift/spec/classes/swift_proxy_bulk_spec.rb index 0b72ec72b..a34c83839 100644 --- a/swift/spec/classes/swift_proxy_bulk_spec.rb +++ b/swift/spec/classes/swift_proxy_bulk_spec.rb @@ -27,8 +27,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_cache_spec.rb b/swift/spec/classes/swift_proxy_cache_spec.rb index 531af8225..4d77a924f 100644 --- a/swift/spec/classes/swift_proxy_cache_spec.rb +++ b/swift/spec/classes/swift_proxy_cache_spec.rb @@ -11,8 +11,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": } + 'concat { "/etc/swift/proxy-server.conf": } class { "memcached": max_memory => 1 }' end diff --git a/swift/spec/classes/swift_proxy_catch_errors_spec.rb b/swift/spec/classes/swift_proxy_catch_errors_spec.rb index b36645ece..80b8c0332 100644 --- a/swift/spec/classes/swift_proxy_catch_errors_spec.rb +++ b/swift/spec/classes/swift_proxy_catch_errors_spec.rb @@ -7,8 +7,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_ceilometer_spec.rb b/swift/spec/classes/swift_proxy_ceilometer_spec.rb index a9015de69..acfd89eae 100644 --- a/swift/spec/classes/swift_proxy_ceilometer_spec.rb +++ b/swift/spec/classes/swift_proxy_ceilometer_spec.rb @@ -9,8 +9,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": } + 'concat { "/etc/swift/proxy-server.conf": } class { "swift": swift_hash_suffix => "dummy" }' diff --git a/swift/spec/classes/swift_proxy_container_quotas_spec.rb b/swift/spec/classes/swift_proxy_container_quotas_spec.rb index de8426ffe..3233da4c5 100644 --- a/swift/spec/classes/swift_proxy_container_quotas_spec.rb +++ b/swift/spec/classes/swift_proxy_container_quotas_spec.rb @@ -27,8 +27,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_crossdomain_spec.rb b/swift/spec/classes/swift_proxy_crossdomain_spec.rb index bc7f38403..14ee3b708 100644 --- a/swift/spec/classes/swift_proxy_crossdomain_spec.rb +++ b/swift/spec/classes/swift_proxy_crossdomain_spec.rb @@ -7,8 +7,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_formpost_spec.rb b/swift/spec/classes/swift_proxy_formpost_spec.rb index 2d50a0c16..d2386f379 100644 --- a/swift/spec/classes/swift_proxy_formpost_spec.rb +++ b/swift/spec/classes/swift_proxy_formpost_spec.rb @@ -7,8 +7,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_gatekeeper_spec.rb b/swift/spec/classes/swift_proxy_gatekeeper_spec.rb index 200457ac8..70015a722 100644 --- a/swift/spec/classes/swift_proxy_gatekeeper_spec.rb +++ b/swift/spec/classes/swift_proxy_gatekeeper_spec.rb @@ -7,8 +7,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_healthcheck_spec.rb b/swift/spec/classes/swift_proxy_healthcheck_spec.rb index 4db55f636..0e1776a7f 100644 --- a/swift/spec/classes/swift_proxy_healthcheck_spec.rb +++ b/swift/spec/classes/swift_proxy_healthcheck_spec.rb @@ -7,8 +7,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_keystone_spec.rb b/swift/spec/classes/swift_proxy_keystone_spec.rb index ee1594893..5f6762ca8 100644 --- a/swift/spec/classes/swift_proxy_keystone_spec.rb +++ b/swift/spec/classes/swift_proxy_keystone_spec.rb @@ -11,10 +11,7 @@ end let :pre_condition do - ' - include concat::setup - concat { "/etc/swift/proxy-server.conf": } - ' + 'concat { "/etc/swift/proxy-server.conf": }' end it { is_expected.to contain_file(fragment_file).with_content(/[filter:keystone]/) } diff --git a/swift/spec/classes/swift_proxy_ratelimit_spec.rb b/swift/spec/classes/swift_proxy_ratelimit_spec.rb index ed462d433..5b848ef8f 100644 --- a/swift/spec/classes/swift_proxy_ratelimit_spec.rb +++ b/swift/spec/classes/swift_proxy_ratelimit_spec.rb @@ -7,8 +7,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_s3token_spec.rb b/swift/spec/classes/swift_proxy_s3token_spec.rb index 8f6793f7d..66a4671d0 100644 --- a/swift/spec/classes/swift_proxy_s3token_spec.rb +++ b/swift/spec/classes/swift_proxy_s3token_spec.rb @@ -7,8 +7,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_slo_spec.rb b/swift/spec/classes/swift_proxy_slo_spec.rb index 7f063d8ee..97d2be720 100644 --- a/swift/spec/classes/swift_proxy_slo_spec.rb +++ b/swift/spec/classes/swift_proxy_slo_spec.rb @@ -7,8 +7,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_staticweb_spec.rb b/swift/spec/classes/swift_proxy_staticweb_spec.rb index 7cff74ff9..660017884 100644 --- a/swift/spec/classes/swift_proxy_staticweb_spec.rb +++ b/swift/spec/classes/swift_proxy_staticweb_spec.rb @@ -7,8 +7,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_swauth_spec.rb b/swift/spec/classes/swift_proxy_swauth_spec.rb index 514d1a10a..4bfd7ff1d 100644 --- a/swift/spec/classes/swift_proxy_swauth_spec.rb +++ b/swift/spec/classes/swift_proxy_swauth_spec.rb @@ -7,8 +7,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_swift3_spec.rb b/swift/spec/classes/swift_proxy_swift3_spec.rb index 376ead72b..0bd2f9ecc 100644 --- a/swift/spec/classes/swift_proxy_swift3_spec.rb +++ b/swift/spec/classes/swift_proxy_swift3_spec.rb @@ -8,8 +8,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_tempauth_spec.rb b/swift/spec/classes/swift_proxy_tempauth_spec.rb index 087bbc8cb..b7eec3baf 100644 --- a/swift/spec/classes/swift_proxy_tempauth_spec.rb +++ b/swift/spec/classes/swift_proxy_tempauth_spec.rb @@ -16,8 +16,7 @@ let :params do default_params end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_proxy_tempurl_spec.rb b/swift/spec/classes/swift_proxy_tempurl_spec.rb index ac68dfb07..1f05cf58e 100644 --- a/swift/spec/classes/swift_proxy_tempurl_spec.rb +++ b/swift/spec/classes/swift_proxy_tempurl_spec.rb @@ -7,8 +7,7 @@ end let :pre_condition do - 'class { "concat::setup": } - concat { "/etc/swift/proxy-server.conf": }' + 'concat { "/etc/swift/proxy-server.conf": }' end let :fragment_file do diff --git a/swift/spec/classes/swift_storage_all_spec.rb b/swift/spec/classes/swift_storage_all_spec.rb index fdd6cd9d3..0128d8de4 100644 --- a/swift/spec/classes/swift_storage_all_spec.rb +++ b/swift/spec/classes/swift_storage_all_spec.rb @@ -21,8 +21,8 @@ :container_port => '6001', :account_port => '6002', :log_facility => 'LOG_LOCAL2', - :incoming_chmod => '0644', - :outgoing_chmod => '0644', + :incoming_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', + :outgoing_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', :log_requests => true } end @@ -43,8 +43,8 @@ :account_pipeline => ["5", "6"], :allow_versions => true, :log_facility => ['LOG_LOCAL2', 'LOG_LOCAL3'], - :incoming_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', - :outgoing_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', + :incoming_chmod => '0644', + :outgoing_chmod => '0644', :log_requests => false } ].each do |param_set| diff --git a/swift/spec/defines/swift_ringbuilder_create_spec.rb b/swift/spec/defines/swift_ringbuilder_create_spec.rb index d5a6d0834..dadcda836 100644 --- a/swift/spec/defines/swift_ringbuilder_create_spec.rb +++ b/swift/spec/defines/swift_ringbuilder_create_spec.rb @@ -4,7 +4,8 @@ let :default_params do {:part_power => 18, :replicas => 3, - :min_part_hours => 24} + :min_part_hours => 24, + :user => 'swift'} end describe 'with allowed titles' do @@ -17,7 +18,8 @@ [{}, {:part_power => 19, :replicas => 6, - :min_part_hours => 2}].each do |param_set| + :min_part_hours => 2, + :user => 'root'}].each do |param_set| describe "when #{param_set == {} ? "using default" : "specifying"} class parame ters" do @@ -32,6 +34,7 @@ it { is_expected.to contain_exec("create_#{type}").with( {:command => "swift-ring-builder /etc/swift/#{type}.builder create #{param_hash[:part_power]} #{param_hash[:replicas]} #{param_hash[:min_part_hours]}", :path => ['/usr/bin'], + :user => param_hash[:user], :creates => "/etc/swift/#{type}.builder" } )} end diff --git a/swift/spec/defines/swift_storage_generic_spec.rb b/swift/spec/defines/swift_storage_generic_spec.rb index 59f51f50e..41c4b5b50 100644 --- a/swift/spec/defines/swift_storage_generic_spec.rb +++ b/swift/spec/defines/swift_storage_generic_spec.rb @@ -60,20 +60,29 @@ class { 'swift::storage': storage_local_net_ip => '10.0.0.1' }" end it do is_expected.to contain_service("swift-#{t}-server").with( - :name => platform_params["swift-#{t}-server"], - :ensure => (param_hash_manage[:manage_service] && param_hash_manage[:enabled]) ? 'running' : 'stopped', - :enable => param_hash_manage[:enabled], + :name => platform_params["swift-#{t}-server"], + :ensure => (param_hash_manage[:manage_service] && param_hash_manage[:enabled]) ? 'running' : 'stopped', + :enable => param_hash_manage[:enabled], :provider => platform_params['service_provider'], - :tag => 'swift-service' + :tag => 'swift-service' ) end it do is_expected.to contain_service("swift-#{t}-replicator").with( - :name => platform_params["swift-#{t}-replicator"], - :ensure => (param_hash_manage[:manage_service] && param_hash_manage[:enabled]) ? 'running' : 'stopped', - :enable => param_hash_manage[:enabled], + :name => platform_params["swift-#{t}-replicator"], + :ensure => (param_hash_manage[:manage_service] && param_hash_manage[:enabled]) ? 'running' : 'stopped', + :enable => param_hash_manage[:enabled], :provider => platform_params['service_provider'], - :tag => 'swift-service' + :tag => 'swift-service' + ) + end + it do + is_expected.to contain_service("swift-#{t}-auditor").with( + :name => platform_params["swift-#{t}-auditor"], + :ensure => (param_hash_manage[:manage_service] && param_hash_manage[:enabled]) ? 'running' : 'stopped', + :enable => param_hash_manage[:enabled], + :provider => platform_params['service_provider'], + :tag => 'swift-service' ) end it do @@ -97,10 +106,13 @@ class { 'swift::storage': storage_local_net_ip => '10.0.0.1' }" let :platform_params do { 'swift-account-server' => 'swift-account', 'swift-account-replicator' => 'swift-account-replicator', + 'swift-account-auditor' => 'swift-account-auditor', 'swift-container-server' => 'swift-container', 'swift-container-replicator' => 'swift-container-replicator', + 'swift-container-auditor' => 'swift-container-auditor', 'swift-object-server' => 'swift-object', 'swift-object-replicator' => 'swift-object-replicator', + 'swift-object-auditor' => 'swift-object-auditor', 'service_provider' => 'upstart' } end @@ -115,11 +127,14 @@ class { 'swift::storage': storage_local_net_ip => '10.0.0.1' }" let :platform_params do { 'swift-account-server' => 'swift-account-server', 'swift-account-replicator' => 'swift-account-replicator', + 'swift-account-auditor' => 'swift-account-auditor', 'swift-container-server' => 'swift-container-server', 'swift-container-replicator' => 'swift-container-replicator', + 'swift-container-auditor' => 'swift-container-auditor', 'swift-object-server' => 'swift-object-server', 'swift-object-replicator' => 'swift-object-replicator', - 'service_provider' => 'swiftinit' + 'swift-object-auditor' => 'swift-object-auditor', + 'service_provider' => 'swiftinit', } end @@ -136,10 +151,13 @@ class { 'swift::storage': storage_local_net_ip => '10.0.0.1' }" let :platform_params do { 'swift-account-server' => 'openstack-swift-account', 'swift-account-replicator' => 'openstack-swift-account-replicator', + 'swift-account-auditor' => 'openstack-swift-account-auditor', 'swift-container-server' => 'openstack-swift-container', 'swift-container-replicator' => 'openstack-swift-container-replicator', + 'swift-container-auditor' => 'openstack-swift-container-auditor', 'swift-object-server' => 'openstack-swift-object', - 'swift-object-replicator' => 'openstack-swift-object-replicator' + 'swift-object-replicator' => 'openstack-swift-object-replicator', + 'swift-object-auditor' => 'openstack-swift-object-auditor', } end @@ -153,11 +171,14 @@ class { 'swift::storage': storage_local_net_ip => '10.0.0.1' }" let :platform_params do { 'swift-account-server' => 'swift-account-server', 'swift-account-replicator' => 'swift-account-replicator', + 'swift-account-auditor' => 'swift-account-auditor', 'swift-container-server' => 'swift-container-server', 'swift-container-replicator' => 'swift-container-replicator', + 'swift-container-auditor' => 'swift-container-auditor', 'swift-object-server' => 'swift-object-server', 'swift-object-replicator' => 'swift-object-replicator', - 'service_provider' => 'swiftinit' + 'swift-object-auditor' => 'swift-object-auditor', + 'service_provider' => 'swiftinit', } end diff --git a/swift/spec/defines/swift_storage_server_spec.rb b/swift/spec/defines/swift_storage_server_spec.rb index d3be56cf4..7a755797c 100644 --- a/swift/spec/defines/swift_storage_server_spec.rb +++ b/swift/spec/defines/swift_storage_server_spec.rb @@ -19,8 +19,8 @@ class { 'swift::storage': storage_local_net_ip => '10.0.0.1' }" :devices => '/srv/node', :owner => 'swift', :group => 'swift', - :incoming_chmod => '0644', - :outgoing_chmod => '0644', + :incoming_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', + :outgoing_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', :max_connections => '25', :log_requests => true } @@ -161,8 +161,8 @@ class { 'swift::storage': storage_local_net_ip => '10.0.0.1' } :lock_file => "/var/lock/#{t}.lock", :uid => 'swift', :gid => 'swift', - :incoming_chmod => '0644', - :outgoing_chmod => '0644', + :incoming_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', + :outgoing_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', :max_connections => 25, :read_only => false )} @@ -171,7 +171,7 @@ class { 'swift::storage': storage_local_net_ip => '10.0.0.1' } it { is_expected.to contain_file(fragment_file).with_content(/^devices\s*=\s*\/srv\/node\s*$/) } it { is_expected.to contain_file(fragment_file).with_content(/^bind_ip\s*=\s*10\.0\.0\.1\s*$/) } it { is_expected.to contain_file(fragment_file).with_content(/^bind_port\s*=\s*#{title}\s*$/) } - it { is_expected.to contain_file(fragment_file).with_content(/^mount_check\s*=\s*false\s*$/) } + it { is_expected.to contain_file(fragment_file).with_content(/^mount_check\s*=\s*true\s*$/) } it { is_expected.to contain_file(fragment_file).with_content(/^user\s*=\s*swift\s*$/) } it { is_expected.to contain_file(fragment_file).with_content(/^set log_name\s*=\s*#{t}-server\s*$/) } it { is_expected.to contain_file(fragment_file).with_content(/^set log_facility\s*=\s*LOG_LOCAL2\s*$/) } diff --git a/swift/templates/account-server.conf.erb b/swift/templates/account-server.conf.erb index 47c7675e7..6c4ba277e 100644 --- a/swift/templates/account-server.conf.erb +++ b/swift/templates/account-server.conf.erb @@ -2,7 +2,7 @@ devices = <%= @devices %> bind_ip = <%= @storage_local_net_ip %> bind_port = <%= @bind_port %> -mount_check = <%= @mount_check_real %> +mount_check = <%= @mount_check %> user = <%= @user %> workers = <%= @workers %> log_name = <%= @log_name %> diff --git a/swift/templates/container-server.conf.erb b/swift/templates/container-server.conf.erb index 6d28f8c0d..fa05fd0db 100644 --- a/swift/templates/container-server.conf.erb +++ b/swift/templates/container-server.conf.erb @@ -2,7 +2,7 @@ devices = <%= @devices %> bind_ip = <%= @storage_local_net_ip %> bind_port = <%= @bind_port %> -mount_check = <%= @mount_check_real %> +mount_check = <%= @mount_check %> user = <%= @user %> log_name = <%= @log_name %> log_facility = <%= @log_facility %> diff --git a/swift/templates/object-server.conf.erb b/swift/templates/object-server.conf.erb index 212b8e330..e5d792271 100644 --- a/swift/templates/object-server.conf.erb +++ b/swift/templates/object-server.conf.erb @@ -2,7 +2,7 @@ devices = <%= @devices %> bind_ip = <%= @storage_local_net_ip %> bind_port = <%= @bind_port %> -mount_check = <%= @mount_check_real %> +mount_check = <%= @mount_check %> user = <%= @user %> log_name = <%= @log_name %> log_facility = <%= @log_facility %> diff --git a/tempest/manifests/init.pp b/tempest/manifests/init.pp index 7b8341319..5efaaecf2 100644 --- a/tempest/manifests/init.pp +++ b/tempest/manifests/init.pp @@ -113,12 +113,16 @@ # Defaults to true # [*murano_available*] # Defaults to false +# [*run_service_broker_tests*] +# Defaults to false # [*sahara_available*] # Defaults to false # [*swift_available*] # Defaults to false # [*trove_available*] # Defaults to false +# [*ironic_available*] +# Defaults to false # [*keystone_v2*] # Defaults to true # [*keystone_v3*] @@ -218,9 +222,11 @@ $sahara_available = false, $swift_available = false, $trove_available = false, + $ironic_available = false, $keystone_v2 = true, $keystone_v3 = true, $auth_version = 'v2', + $run_service_broker_tests = false, # scenario options $img_dir = '/var/lib/tempest', $img_file = 'cirros-0.3.4-x86_64-disk.img', @@ -288,57 +294,59 @@ } tempest_config { - 'compute/change_password_available': value => $change_password_available; - 'compute/flavor_ref': value => $flavor_ref; - 'compute/flavor_ref_alt': value => $flavor_ref_alt; - 'compute/image_alt_ssh_user': value => $image_alt_ssh_user; - 'compute/image_ref': value => $image_ref; - 'compute/image_ref_alt': value => $image_ref_alt; - 'compute/image_ssh_user': value => $image_ssh_user; - 'compute/resize_available': value => $resize_available; - 'compute/allow_tenant_isolation': value => $allow_tenant_isolation; - 'identity/admin_password': value => $admin_password, secret => true; - 'identity/admin_tenant_name': value => $admin_tenant_name; - 'identity/admin_username': value => $admin_username; - 'identity/admin_role': value => $admin_role; - 'identity/admin_domain_name': value => $admin_domain_name; - 'identity/alt_password': value => $alt_password, secret => true; - 'identity/alt_tenant_name': value => $alt_tenant_name; - 'identity/alt_username': value => $alt_username; - 'identity/password': value => $password, secret => true; - 'identity/tenant_name': value => $tenant_name; - 'identity/uri': value => $identity_uri; - 'identity/uri_v3': value => $identity_uri_v3; - 'identity/username': value => $username; - 'identity/auth_version': value => $auth_version; - 'identity-feature-enabled/api_v2': value => $keystone_v2; - 'identity-feature-enabled/api_v3': value => $keystone_v3; - 'network/public_network_id': value => $public_network_id; - 'network/public_router_id': value => $public_router_id; - 'dashboard/login_url': value => $login_url; - 'dashboard/dashboard_url': value => $dashboard_url; - 'service_available/cinder': value => $cinder_available; - 'service_available/glance': value => $glance_available; - 'service_available/heat': value => $heat_available; - 'service_available/ceilometer': value => $ceilometer_available; - 'service_available/aodh': value => $aodh_available; - 'service_available/horizon': value => $horizon_available; - 'service_available/neutron': value => $neutron_available; - 'service_available/nova': value => $nova_available; - 'service_available/murano': value => $murano_available; - 'service_available/sahara': value => $sahara_available; - 'service_available/swift': value => $swift_available; - 'service_available/trove': value => $trove_available; - 'whitebox/db_uri': value => $whitebox_db_uri; - 'cli/cli_dir': value => $cli_dir; - 'oslo_concurrency/lock_path': value => $lock_path; - 'DEFAULT/debug': value => $debug; - 'DEFAULT/verbose': value => $verbose; - 'DEFAULT/use_stderr': value => $use_stderr; - 'DEFAULT/use_syslog': value => $use_syslog; - 'DEFAULT/log_file': value => $log_file; - 'scenario/img_dir': value => $img_dir; - 'scenario/img_file': value => $img_file; + 'compute/change_password_available': value => $change_password_available; + 'compute/flavor_ref': value => $flavor_ref; + 'compute/flavor_ref_alt': value => $flavor_ref_alt; + 'compute/image_alt_ssh_user': value => $image_alt_ssh_user; + 'compute/image_ref': value => $image_ref; + 'compute/image_ref_alt': value => $image_ref_alt; + 'compute/image_ssh_user': value => $image_ssh_user; + 'compute/resize_available': value => $resize_available; + 'compute/allow_tenant_isolation': value => $allow_tenant_isolation; + 'identity/admin_password': value => $admin_password, secret => true; + 'identity/admin_tenant_name': value => $admin_tenant_name; + 'identity/admin_username': value => $admin_username; + 'identity/admin_role': value => $admin_role; + 'identity/admin_domain_name': value => $admin_domain_name; + 'identity/alt_password': value => $alt_password, secret => true; + 'identity/alt_tenant_name': value => $alt_tenant_name; + 'identity/alt_username': value => $alt_username; + 'identity/password': value => $password, secret => true; + 'identity/tenant_name': value => $tenant_name; + 'identity/uri': value => $identity_uri; + 'identity/uri_v3': value => $identity_uri_v3; + 'identity/username': value => $username; + 'identity/auth_version': value => $auth_version; + 'identity-feature-enabled/api_v2': value => $keystone_v2; + 'identity-feature-enabled/api_v3': value => $keystone_v3; + 'network/public_network_id': value => $public_network_id; + 'network/public_router_id': value => $public_router_id; + 'dashboard/login_url': value => $login_url; + 'dashboard/dashboard_url': value => $dashboard_url; + 'service_available/cinder': value => $cinder_available; + 'service_available/glance': value => $glance_available; + 'service_available/heat': value => $heat_available; + 'service_available/ceilometer': value => $ceilometer_available; + 'service_available/aodh': value => $aodh_available; + 'service_available/horizon': value => $horizon_available; + 'service_available/neutron': value => $neutron_available; + 'service_available/nova': value => $nova_available; + 'service_available/murano': value => $murano_available; + 'service_available/sahara': value => $sahara_available; + 'service_available/swift': value => $swift_available; + 'service_available/trove': value => $trove_available; + 'service_available/ironic': value => $ironic_available; + 'whitebox/db_uri': value => $whitebox_db_uri; + 'cli/cli_dir': value => $cli_dir; + 'oslo_concurrency/lock_path': value => $lock_path; + 'DEFAULT/debug': value => $debug; + 'DEFAULT/verbose': value => $verbose; + 'DEFAULT/use_stderr': value => $use_stderr; + 'DEFAULT/use_syslog': value => $use_syslog; + 'DEFAULT/log_file': value => $log_file; + 'scenario/img_dir': value => $img_dir; + 'scenario/img_file': value => $img_file; + 'service_broker/run_service_broker_tests': value => $run_service_broker_tests; } if $configure_images { diff --git a/tempest/spec/classes/tempest_spec.rb b/tempest/spec/classes/tempest_spec.rb index e4853859d..4f9c8529a 100644 --- a/tempest/spec/classes/tempest_spec.rb +++ b/tempest/spec/classes/tempest_spec.rb @@ -193,6 +193,7 @@ class { 'neutron': rabbit_password => 'passw0rd' }" is_expected.to contain_tempest_config('service_available/murano').with(:value => false) is_expected.to contain_tempest_config('service_available/swift').with(:value => false) is_expected.to contain_tempest_config('service_available/trove').with(:value => false) + is_expected.to contain_tempest_config('service_available/ironic').with(:value => false) is_expected.to contain_tempest_config('whitebox/db_uri').with(:value => nil) is_expected.to contain_tempest_config('cli/cli_dir').with(:value => nil) is_expected.to contain_tempest_config('oslo_concurrency/lock_path').with(:value => '/var/lib/tempest') @@ -203,6 +204,7 @@ class { 'neutron': rabbit_password => 'passw0rd' }" is_expected.to contain_tempest_config('DEFAULT/log_file').with(:value => nil) is_expected.to contain_tempest_config('scenario/img_dir').with(:value => '/var/lib/tempest') is_expected.to contain_tempest_config('scenario/img_file').with(:value => 'cirros-0.3.4-x86_64-disk.img') + is_expected.to contain_tempest_config('service_broker/run_service_broker_tests').with(:value => false) end it 'set glance id' do diff --git a/tripleo/lib/facter/netmask_ipv6.rb b/tripleo/lib/facter/netmask_ipv6.rb new file mode 100644 index 000000000..526148530 --- /dev/null +++ b/tripleo/lib/facter/netmask_ipv6.rb @@ -0,0 +1,47 @@ +require 'ipaddr' + +def netmask6(value) + if value + ip = IPAddr.new('::0').mask(value) + ip.inspect.split('/')[1].gsub('>', '') + end +end + +if Facter.value('facterversion')[0].to_i < 3 + Facter::Util::IP.get_interfaces.each do |interface| + Facter.add('netmask6_' + Facter::Util::IP.alphafy(interface)) do + setcode do + tmp = [] + regex = %r{inet6\s+.*\s+(?:prefixlen)\s+(\d+)}x + output_int = Facter::Util::IP.get_output_for_interface_and_label(interface, 'netmask6') + + output_int.each_line do |line| + prefixlen = nil + matches = line.match(regex) + prefixlen = matches[1] if matches + + if prefixlen + value = netmask6(prefixlen) + tmp.push(value) + end + end + + tmp.shift if tmp + end + end + end + + Facter.add('netmask6') do + setcode do + prefixlen = nil + regex = %r{#{Facter.value(:ipaddress6)}.*?(?:prefixlen)\s*(\d+)}x + + String(Facter::Util::IP.exec_ifconfig(['2>/dev/null'])).split(/\n/).collect do |line| + matches = line.match(regex) + prefixlen = matches[1] if matches + end + + netmask6(prefixlen) if prefixlen + end + end +end diff --git a/tripleo/lib/puppet/parser/functions/interface_for_ip.rb b/tripleo/lib/puppet/parser/functions/interface_for_ip.rb index 1c6712035..fd68be0c2 100644 --- a/tripleo/lib/puppet/parser/functions/interface_for_ip.rb +++ b/tripleo/lib/puppet/parser/functions/interface_for_ip.rb @@ -8,25 +8,31 @@ module Puppet::Parser::Functions newfunction(:interface_for_ip, :type => :rvalue, :doc => "Find the bind IP address for the provided subnet.") do |arg| if arg[0].class == String begin - ip_to_find = arg[0] + ip1 = IPAddr.new(arg[0]) Dir.foreach('/sys/class/net/') do |interface| - next if interface == '.' or interface == '..' + next if interface == '.' || interface == '..' iface_no_dash = interface.gsub('-', '_') - interface_ip = lookupvar("ipaddress_#{iface_no_dash}") - netmask = lookupvar("netmask_#{iface_no_dash}") - if not interface_ip.nil? then - ip1=IPAddr.new(interface_ip) - ip2=IPAddr.new(ip_to_find) - if ip1.mask(netmask) == ip2.mask(netmask) then - return interface - end + + if ip1.ipv4? + ipaddress_name = "ipaddress_#{iface_no_dash}" + netmask_name = "netmask_#{iface_no_dash}" + else + ipaddress_name = "ipaddress6_#{iface_no_dash}" + netmask_name = "netmask6_#{iface_no_dash}" + end + + interface_ip = lookupvar(ipaddress_name) + netmask = lookupvar(netmask_name) + unless interface_ip.nil? then + ip2 = IPAddr.new(interface_ip) + return interface if ip1.mask(netmask) == ip2.mask(netmask) end end - rescue JSON::ParserError - raise Puppet::ParseError, "Syntax error: #{arg[0]} is invalid" + rescue IPAddr::InvalidAddressError => e + raise Puppet::ParseError, "#{e}: #{arg[0]}" end else - raise Puppet::ParseError, "Syntax error: #{arg[0]} is not a String" + raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String" end return '' end diff --git a/tripleo/manifests/loadbalancer.pp b/tripleo/manifests/loadbalancer.pp index 6306f6114..887c9d240 100644 --- a/tripleo/manifests/loadbalancer.pp +++ b/tripleo/manifests/loadbalancer.pp @@ -35,6 +35,10 @@ # The value to use as maxconn in the haproxy default config section. # Defaults to 4096 # +# [*haproxy_default_timeout*] +# The value to use as timeout in the haproxy default config section. +# Defaults to [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ] +# # [*haproxy_log_address*] # The IPv4, IPv6 or filesystem socket path of the syslog server. # Defaults to '/dev/log' @@ -133,6 +137,15 @@ # [*aodh_certificate*] # Filename of an HAProxy-compatible certificate and key file # When set, enables SSL on the Aodh public API endpoint using the specified file. +# +# [*sahara_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Sahara public API endpoint using the specified file. +# Defaults to undef +# +# [*trove_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Trove public API endpoint using the specified file. # Defaults to undef # # [*swift_certificate*] @@ -175,6 +188,14 @@ # (optional) Enable or not Manila API binding # Defaults to false # +# [*sahara*] +# (optional) Enable or not Sahara API binding +# defaults to false +# +# [*trove*] +# (optional) Enable or not Trove API binding +# defaults to false +# # [*glance_api*] # (optional) Enable or not Glance API binding # Defaults to false @@ -263,6 +284,7 @@ $haproxy_service_manage = true, $haproxy_global_maxconn = 20480, $haproxy_default_maxconn = 4096, + $haproxy_default_timeout = [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], $haproxy_log_address = '/dev/log', $controller_host = undef, $controller_hosts = undef, @@ -271,6 +293,8 @@ $keystone_certificate = undef, $neutron_certificate = undef, $cinder_certificate = undef, + $sahara_certificate = undef, + $trove_certificate = undef, $manila_certificate = undef, $glance_certificate = undef, $nova_certificate = undef, @@ -284,6 +308,8 @@ $keystone_public = false, $neutron = false, $cinder = false, + $sahara = false, + $trove = false, $manila = false, $glance_api = false, $glance_registry = false, @@ -417,6 +443,16 @@ } else { $cinder_bind_certificate = $service_certificate } + if $sahara_certificate { + $sahara_bind_certificate = $sahara_certificate + } else { + $sahara_bind_certificate = $service_certificate + } + if $trove_certificate { + $trove_bind_certificate = $trove_certificate + } else { + $trove_bind_certificate = $trove_certificate + } if $manila_certificate { $manila_bind_certificate = $manila_certificate } else { @@ -537,6 +573,32 @@ } } + $sahara_api_vip = hiera('sahara_api_vip', $controller_virtual_ip) + if $sahara_bind_certificate { + $sahara_bind_opts = { + "${sahara_api_vip}:8386" => [], + "${public_virtual_ip}:13786" => ['ssl', 'crt', $sahara_bind_certificate], + } + } else { + $sahara_bind_opts = { + "${sahara_api_vip}:8386" => [], + "${public_virtual_ip}:8386" => [], + } + } + + $trove_api_vip = hiera('$trove_api_vip', $controller_virtual_ip) + if $trove_bind_certificate { + $trove_bind_opts = { + "${trove_api_vip}:8779" => [], + "${public_virtual_ip}:13779" => ['ssl', 'crt', $trove_bind_certificate], + } + } else { + $trove_bind_opts = { + "${trove_api_vip}:8779" => [], + "${public_virtual_ip}:8779" => [], + } + } + $nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip) if $nova_bind_certificate { $nova_osapi_bind_opts = { @@ -613,6 +675,7 @@ } $heat_options = { 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], } $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], @@ -680,7 +743,7 @@ 'mode' => 'tcp', 'log' => 'global', 'retries' => '3', - 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], + 'timeout' => $haproxy_default_timeout, 'maxconn' => $haproxy_default_maxconn, }, } @@ -719,6 +782,10 @@ haproxy::listen { 'keystone_public': bind => $keystone_public_bind_opts, collect_exported => false, + mode => 'http', # Needed for http-request option + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'keystone_public': listening_service => 'keystone_public', @@ -771,6 +838,34 @@ } } + if $sahara { + haproxy::listen { 'sahara': + bind => $sahara_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'sahara': + listening_service => 'sahara', + ports => '8386', + ipaddresses => hiera('sahara_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $trove { + haproxy::listen { 'trove': + bind => $trove_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'trove': + listening_service => 'trove', + ports => '8779', + ipaddresses => hiera('trove_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + if $glance_api { haproxy::listen { 'glance_api': bind => $glance_bind_opts, @@ -818,6 +913,10 @@ haproxy::listen { 'nova_osapi': bind => $nova_osapi_bind_opts, collect_exported => false, + mode => 'http', + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'nova_osapi': listening_service => 'nova_osapi', diff --git a/trove/manifests/api.pp b/trove/manifests/api.pp index 20fc9f6df..fe4b27e2a 100644 --- a/trove/manifests/api.pp +++ b/trove/manifests/api.pp @@ -34,11 +34,33 @@ # # [*verbose*] # (optional) Rather to log the trove api service at verbose level. -# Default: false +# Defaults to undef # # [*debug*] # (optional) Rather to log the trove api service at debug level. -# Default: false +# Defaults to undef +# +# [*log_file*] +# (optional) The path of file used for logging +# If set to boolean false, it will not log to any file. +# Defaults to undef +# +# [*log_dir*] +# (optional) directory to which trove logs are sent. +# If set to boolean false, it will not log to any directory. +# Defaults to undef +# +# [*use_syslog*] +# (optional) Use syslog for logging. +# Defaults to undef +# +# [*use_stderr*] +# (optional) Use stderr for logging +# Defaults to undef +# +# [*log_facility*] +# (optional) Syslog facility to receive log lines. +# Defaults to undef. # # [*bind_host*] # (optional) The address of the host to bind to. @@ -56,16 +78,6 @@ # (optional) Number of trove API worker processes to start # Default: $::processorcount # -# [*log_file*] -# (optional) The path of file used for logging -# If set to boolean false, it will not log to any file. -# Default: /var/log/trove/trove-api.log -# -# [*log_dir*] -# (optional) directory to which trove logs are sent. -# If set to boolean false, it will not log to any directory. -# Defaults to '/var/log/trove' -# # [*auth_host*] # (optional) Host running auth service. # Defaults to '127.0.0.1'. @@ -94,14 +106,6 @@ # (optional) Whether to enable services. # Defaults to true. # -# [*use_syslog*] -# (optional) Use syslog for logging. -# Defaults to false. -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines. -# Defaults to 'LOG_USER'. -# # [*purge_config*] # (optional) Whether to set only the specified config options # in the api config. @@ -141,14 +145,17 @@ # class trove::api( $keystone_password, - $verbose = false, - $debug = false, + $verbose = undef, + $debug = undef, + $log_file = undef, + $log_dir = undef, + $use_syslog = undef, + $use_stderr = undef, + $log_facility = undef, $bind_host = '0.0.0.0', $bind_port = '8779', $backlog = '4096', $workers = $::processorcount, - $log_file = '/var/log/trove/trove-api.log', - $log_dir = '/var/log/trove', $auth_host = '127.0.0.1', $auth_url = false, $auth_port = '35357', @@ -156,8 +163,6 @@ $keystone_tenant = 'services', $keystone_user = 'trove', $enabled = true, - $use_syslog = false, - $log_facility = 'LOG_USER', $purge_config = false, $cert_file = false, $key_file = false, @@ -173,6 +178,7 @@ require ::keystone::python include ::trove::db + include ::trove::logging include ::trove::params Trove_config<||> ~> Exec['post-trove_config'] @@ -181,8 +187,6 @@ # basic service config trove_config { - 'DEFAULT/verbose': value => $verbose; - 'DEFAULT/debug': value => $debug; 'DEFAULT/bind_host': value => $bind_host; 'DEFAULT/bind_port': value => $bind_port; 'DEFAULT/backlog': value => $backlog; @@ -239,39 +243,6 @@ } } - # Logging - if $log_file { - trove_config { - 'DEFAULT/log_file': value => $log_file; - } - } else { - trove_config { - 'DEFAULT/log_file': ensure => absent; - } - } - - if $log_dir { - trove_config { - 'DEFAULT/log_dir': value => $log_dir; - } - } else { - trove_config { - 'DEFAULT/log_dir': ensure => absent; - } - } - - # Syslog - if $use_syslog { - trove_config { - 'DEFAULT/use_syslog' : value => true; - 'DEFAULT/syslog_log_facility' : value => $log_facility; - } - } else { - trove_config { - 'DEFAULT/use_syslog': value => false; - } - } - # rate limits trove_config { 'DEFAULT/http_get_rate': value => $http_get_rate; diff --git a/trove/manifests/logging.pp b/trove/manifests/logging.pp new file mode 100644 index 000000000..bcb419215 --- /dev/null +++ b/trove/manifests/logging.pp @@ -0,0 +1,156 @@ +# Class trove::logging +# +# Trove logging configuration +# +# == parameters +# +# [*verbose*] +# (Optional) Should the daemons log verbose messages +# Defaults to $::os_service_default +# +# [*debug*] +# (Optional) Should the daemons log debug messages +# Defaults to $::os_service_default +# +# [*use_syslog*] +# (Optional) Use syslog for logging. +# Defaults to $::os_service_default +# +# [*use_stderr*] +# (optional) Use stderr for logging +# Defaults to $::os_service_default +# +# [*log_facility*] +# (Optional) Syslog facility to receive log lines. +# Defaults to $::os_service_default +# +# [*log_dir*] +# (optional) Directory where logs should be stored. +# If set to boolean false, it will not log to any directory. +# Defaults to '/var/log/trove' +# +# [*log_file*] +# (optional) The path of file used for logging +# If set to boolean false, it will not log to any file. +# Defaults to $::os_service_default +# +# [*logging_context_format_string*] +# (optional) Format string to use for log messages with context. +# Defaults to $::os_service_default +# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ +# [%(request_id)s %(user_identity)s] %(instance)s%(message)s' +# +# [*logging_default_format_string*] +# (optional) Format string to use for log messages without context. +# Defaults to $::os_service_default +# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ +# [-] %(instance)s%(message)s' +# +# [*logging_debug_format_suffix*] +# (optional) Formatted data to append to log format when level is DEBUG. +# Defaults to $::os_service_default +# Example: '%(funcName)s %(pathname)s:%(lineno)d' +# +# [*logging_exception_prefix*] +# (optional) Prefix each line of exception output with this format. +# Defaults to $::os_service_default +# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s' +# +# [*log_config_append*] +# The name of an additional logging configuration file. +# Defaults to $::os_service_default +# See https://docs.python.org/2/howto/logging.html +# +# [*default_log_levels*] +# (optional) Hash of logger (keys) and level (values) pairs. +# Defaults to $::os_service_default +# Example: +# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', +# 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO', +# 'iso8601' => 'WARN', +# 'requests.packages.urllib3.connectionpool' => 'WARN' } +# +# [*publish_errors*] +# (optional) Publish error events (boolean value). +# Defaults to $::os_service_default +# +# [*fatal_deprecations*] +# (optional) Make deprecations fatal (boolean value) +# Defaults to $::os_service_default +# +# [*instance_format*] +# (optional) If an instance is passed with the log message, format it +# like this (string value). +# Defaults to $::os_service_default +# Example: '[instance: %(uuid)s] ' +# +# [*instance_uuid_format*] +# (optional) If an instance UUID is passed with the log message, format +# it like this (string value). +# Defaults to $::os_service_default +# Example: instance_uuid_format='[instance: %(uuid)s] ' +# +# [*log_date_format*] +# (optional) Format string for %%(asctime)s in log records. +# Defaults to $::os_service_default +# Example: 'Y-%m-%d %H:%M:%S' + +class trove::logging( + $use_syslog = $::os_service_default, + $use_stderr = $::os_service_default, + $log_facility = $::os_service_default, + $log_dir = '/var/log/trove', + $log_file = $::os_service_default, + $verbose = $::os_service_default, + $debug = $::os_service_default, + $logging_context_format_string = $::os_service_default, + $logging_default_format_string = $::os_service_default, + $logging_debug_format_suffix = $::os_service_default, + $logging_exception_prefix = $::os_service_default, + $log_config_append = $::os_service_default, + $default_log_levels = $::os_service_default, + $publish_errors = $::os_service_default, + $fatal_deprecations = $::os_service_default, + $instance_format = $::os_service_default, + $instance_uuid_format = $::os_service_default, + $log_date_format = $::os_service_default, +) { + + # NOTE(spredzy): In order to keep backward compatibility we rely on the pick function + # to use trove:: first then trove::logging::. + $use_syslog_real = pick($::trove::api::use_syslog, $use_syslog) + $use_stderr_real = pick($::trove::api::use_stderr, $use_stderr) + $log_facility_real = pick($::trove::api::log_facility, $log_facility) + $log_dir_real = pick($::trove::api::log_dir, $log_dir) + $log_file_real = pick($::trove::api::log_file, $log_file) + $verbose_real = pick($::trove::api::verbose, $verbose) + $debug_real = pick($::trove::api::debug, $debug) + + if is_service_default($default_log_levels) { + $default_log_levels_real = $default_log_levels + } else { + $default_log_levels_real = join(sort(join_keys_to_values($default_log_levels, '=')), ',') + } + + trove_config { + 'DEFAULT/debug' : value => $debug_real; + 'DEFAULT/verbose' : value => $verbose_real; + 'DEFAULT/use_stderr' : value => $use_stderr_real; + 'DEFAULT/use_syslog' : value => $use_syslog_real; + 'DEFAULT/log_dir' : value => $log_dir_real; + 'DEFAULT/log_file' : value => $log_file_real; + 'DEFAULT/syslog_log_facility' : value => $log_facility_real; + 'DEFAULT/logging_context_format_string' : value => $logging_context_format_string; + 'DEFAULT/logging_default_format_string' : value => $logging_default_format_string; + 'DEFAULT/logging_debug_format_suffix' : value => $logging_debug_format_suffix; + 'DEFAULT/logging_exception_prefix' : value => $logging_exception_prefix; + 'DEFAULT/log_config_append' : value => $log_config_append; + 'DEFAULT/default_log_levels' : value => $default_log_levels_real; + 'DEFAULT/publish_errors' : value => $publish_errors; + 'DEFAULT/fatal_deprecations' : value => $fatal_deprecations; + 'DEFAULT/instance_format' : value => $instance_format; + 'DEFAULT/instance_uuid_format' : value => $instance_uuid_format; + 'DEFAULT/log_date_format' : value => $log_date_format; + } +} + diff --git a/trove/spec/classes/trove_api_spec.rb b/trove/spec/classes/trove_api_spec.rb index ca1ab089d..6d6b0c844 100644 --- a/trove/spec/classes/trove_api_spec.rb +++ b/trove/spec/classes/trove_api_spec.rb @@ -62,8 +62,6 @@ end it 'configures trove-api with default parameters' do - is_expected.to contain_trove_config('DEFAULT/verbose').with_value(false) - is_expected.to contain_trove_config('DEFAULT/debug').with_value(false) is_expected.to contain_trove_config('DEFAULT/bind_host').with_value('0.0.0.0') is_expected.to contain_trove_config('DEFAULT/bind_port').with_value('8779') is_expected.to contain_trove_config('DEFAULT/backlog').with_value('4096') @@ -193,8 +191,10 @@ context 'on Debian platforms' do let :facts do - { :osfamily => 'Debian', - :processorcount => 8 } + @default_facts.merge({ + :osfamily => 'Debian', + :processorcount => 8, + }) end let :platform_params do @@ -207,8 +207,10 @@ context 'on RedHat platforms' do let :facts do - { :osfamily => 'RedHat', - :processorcount => 8 } + @default_facts.merge({ + :osfamily => 'RedHat', + :processorcount => 8, + }) end let :platform_params do diff --git a/trove/spec/classes/trove_client_spec.rb b/trove/spec/classes/trove_client_spec.rb index eb4f049aa..43b9abc45 100644 --- a/trove/spec/classes/trove_client_spec.rb +++ b/trove/spec/classes/trove_client_spec.rb @@ -39,7 +39,7 @@ context 'on Debian platforms' do let :facts do - { :osfamily => 'Debian' } + @default_facts.merge({ :osfamily => 'Debian' }) end it_configures 'trove client' @@ -47,7 +47,7 @@ context 'on RedHat platforms' do let :facts do - { :osfamily => 'RedHat' } + @default_facts.merge({ :osfamily => 'RedHat' }) end it_configures 'trove client' diff --git a/trove/spec/classes/trove_conductor_spec.rb b/trove/spec/classes/trove_conductor_spec.rb index 1414e77d5..c64ce9b79 100644 --- a/trove/spec/classes/trove_conductor_spec.rb +++ b/trove/spec/classes/trove_conductor_spec.rb @@ -124,8 +124,10 @@ context 'on Debian platforms' do let :facts do - { :osfamily => 'Debian', - :processorcount => 8 } + @default_facts.merge({ + :osfamily => 'Debian', + :processorcount => 8, + }) end let :platform_params do @@ -138,8 +140,10 @@ context 'on RedHat platforms' do let :facts do - { :osfamily => 'RedHat', - :processorcount => 8 } + @default_facts.merge({ + :osfamily => 'RedHat', + :processorcount => 8, + }) end let :platform_params do diff --git a/trove/spec/classes/trove_db_mysql_spec.rb b/trove/spec/classes/trove_db_mysql_spec.rb index c55b1a9ec..437a2c024 100644 --- a/trove/spec/classes/trove_db_mysql_spec.rb +++ b/trove/spec/classes/trove_db_mysql_spec.rb @@ -93,7 +93,7 @@ context 'on Debian platforms' do let :facts do - { :osfamily => 'Debian' } + @default_facts.merge({ :osfamily => 'Debian' }) end it_configures 'trove mysql database' @@ -101,7 +101,7 @@ context 'on RedHat platforms' do let :facts do - { :osfamily => 'RedHat' } + @default_facts.merge({ :osfamily => 'RedHat' }) end it_configures 'trove mysql database' diff --git a/trove/spec/classes/trove_db_postgresql_spec.rb b/trove/spec/classes/trove_db_postgresql_spec.rb index 2b516205e..70d37cc5e 100644 --- a/trove/spec/classes/trove_db_postgresql_spec.rb +++ b/trove/spec/classes/trove_db_postgresql_spec.rb @@ -12,11 +12,11 @@ context 'on a RedHat osfamily' do let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '7.0', - :concat_basedir => '/var/lib/puppet/concat' - } + @default_facts.merge({ + :osfamily => 'RedHat', + :operatingsystemrelease => '7.0', + :concat_basedir => '/var/lib/puppet/concat' + }) end context 'with only required parameters' do @@ -34,12 +34,12 @@ context 'on a Debian osfamily' do let :facts do - { + @default_facts.merge({ :operatingsystemrelease => '7.8', :operatingsystem => 'Debian', :osfamily => 'Debian', - :concat_basedir => '/var/lib/puppet/concat' - } + :concat_basedir => '/var/lib/puppet/concat' + }) end context 'with only required parameters' do diff --git a/trove/spec/classes/trove_db_spec.rb b/trove/spec/classes/trove_db_spec.rb index f8d277ca2..a24cbe22b 100644 --- a/trove/spec/classes/trove_db_spec.rb +++ b/trove/spec/classes/trove_db_spec.rb @@ -75,10 +75,11 @@ context 'on Debian platforms' do let :facts do - { :osfamily => 'Debian', - :operatingsystem => 'Debian', + @default_facts.merge({ + :osfamily => 'Debian', + :operatingsystem => 'Debian', :operatingsystemrelease => 'jessie', - } + }) end it_configures 'trove::db' @@ -100,9 +101,10 @@ context 'on Redhat platforms' do let :facts do - { :osfamily => 'RedHat', + @default_facts.merge({ + :osfamily => 'RedHat', :operatingsystemrelease => '7.1', - } + }) end it_configures 'trove::db' diff --git a/trove/spec/classes/trove_guestagent_spec.rb b/trove/spec/classes/trove_guestagent_spec.rb index 317fe7ac9..a04875d71 100644 --- a/trove/spec/classes/trove_guestagent_spec.rb +++ b/trove/spec/classes/trove_guestagent_spec.rb @@ -132,8 +132,10 @@ context 'on Debian platforms' do let :facts do - { :osfamily => 'Debian', - :processorcount => 8 } + @default_facts.merge({ + :osfamily => 'Debian', + :processorcount => 8 + }) end let :platform_params do @@ -146,8 +148,10 @@ context 'on RedHat platforms' do let :facts do - { :osfamily => 'RedHat', - :processorcount => 8 } + @default_facts.merge({ + :osfamily => 'RedHat', + :processorcount => 8 + }) end let :platform_params do diff --git a/trove/spec/classes/trove_init_spec.rb b/trove/spec/classes/trove_init_spec.rb index 39b7357c4..483148a99 100644 --- a/trove/spec/classes/trove_init_spec.rb +++ b/trove/spec/classes/trove_init_spec.rb @@ -46,7 +46,7 @@ context 'on Debian platforms' do let :facts do - { :osfamily => 'Debian' } + @default_facts.merge({ :osfamily => 'Debian' }) end it_configures 'trove' @@ -54,7 +54,7 @@ context 'on RedHat platforms' do let :facts do - { :osfamily => 'RedHat' } + @default_facts.merge({ :osfamily => 'RedHat' }) end it 'installs common package' do diff --git a/trove/spec/classes/trove_keystone_auth_spec.rb b/trove/spec/classes/trove_keystone_auth_spec.rb index ac2ea14ea..10ed3169e 100644 --- a/trove/spec/classes/trove_keystone_auth_spec.rb +++ b/trove/spec/classes/trove_keystone_auth_spec.rb @@ -23,7 +23,7 @@ describe 'trove::keystone::auth' do let :facts do - { :osfamily => 'Debian' } + @default_facts.merge({ :osfamily => 'Debian' }) end describe 'with default class parameters' do diff --git a/trove/spec/classes/trove_logging_spec.rb b/trove/spec/classes/trove_logging_spec.rb new file mode 100644 index 000000000..b2d6519de --- /dev/null +++ b/trove/spec/classes/trove_logging_spec.rb @@ -0,0 +1,147 @@ +require 'spec_helper' + +describe 'trove::logging' do + + let :params do + { + } + end + + let :log_params do + { + :logging_context_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s', + :logging_default_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s', + :logging_debug_format_suffix => '%(funcName)s %(pathname)s:%(lineno)d', + :logging_exception_prefix => '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s', + :log_config_append => '/etc/trove/logging.conf', + :publish_errors => true, + :default_log_levels => { + 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', + 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO', + 'iso8601' => 'WARN', + 'requests.packages.urllib3.connectionpool' => 'WARN' }, + :fatal_deprecations => true, + :instance_format => '[instance: %(uuid)s] ', + :instance_uuid_format => '[instance: %(uuid)s] ', + :log_date_format => '%Y-%m-%d %H:%M:%S', + :use_syslog => true, + :use_stderr => false, + :log_facility => 'LOG_FOO', + :log_dir => '/var/log', + :log_file => '/var/log/foo.log', + :verbose => true, + :debug => true, + } + end + + shared_examples_for 'trove-logging' do + + context 'with basic logging options and default settings' do + it_configures 'basic default logging settings' + end + + context 'with basic logging options and non-default settings' do + before { params.merge!( log_params ) } + it_configures 'basic non-default logging settings' + end + + context 'with extended logging options' do + before { params.merge!( log_params ) } + it_configures 'logging params set' + end + + context 'without extended logging options' do + it_configures 'logging params unset' + end + + end + + shared_examples 'basic default logging settings' do + it 'configures trove logging settins with default values' do + is_expected.to contain_trove_config('DEFAULT/use_syslog').with(:value => '') + is_expected.to contain_trove_config('DEFAULT/use_stderr').with(:value => '') + is_expected.to contain_trove_config('DEFAULT/syslog_log_facility').with(:value => '') + is_expected.to contain_trove_config('DEFAULT/log_dir').with(:value => '/var/log/trove') + is_expected.to contain_trove_config('DEFAULT/log_file').with(:value => '') + is_expected.to contain_trove_config('DEFAULT/verbose').with(:value => '') + is_expected.to contain_trove_config('DEFAULT/debug').with(:value => '') + end + end + + shared_examples 'basic non-default logging settings' do + it 'configures trove logging settins with non-default values' do + is_expected.to contain_trove_config('DEFAULT/use_syslog').with(:value => 'true') + is_expected.to contain_trove_config('DEFAULT/use_stderr').with(:value => 'false') + is_expected.to contain_trove_config('DEFAULT/syslog_log_facility').with(:value => 'LOG_FOO') + is_expected.to contain_trove_config('DEFAULT/log_dir').with(:value => '/var/log') + is_expected.to contain_trove_config('DEFAULT/log_file').with(:value => '/var/log/foo.log') + is_expected.to contain_trove_config('DEFAULT/verbose').with(:value => 'true') + is_expected.to contain_trove_config('DEFAULT/debug').with(:value => 'true') + end + end + + shared_examples_for 'logging params set' do + it 'enables logging params' do + is_expected.to contain_trove_config('DEFAULT/logging_context_format_string').with_value( + '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s') + + is_expected.to contain_trove_config('DEFAULT/logging_default_format_string').with_value( + '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s') + + is_expected.to contain_trove_config('DEFAULT/logging_debug_format_suffix').with_value( + '%(funcName)s %(pathname)s:%(lineno)d') + + is_expected.to contain_trove_config('DEFAULT/logging_exception_prefix').with_value( + '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s') + + is_expected.to contain_trove_config('DEFAULT/log_config_append').with_value( + '/etc/trove/logging.conf') + is_expected.to contain_trove_config('DEFAULT/publish_errors').with_value( + true) + + is_expected.to contain_trove_config('DEFAULT/default_log_levels').with_value( + 'amqp=WARN,amqplib=WARN,boto=WARN,iso8601=WARN,qpid=WARN,requests.packages.urllib3.connectionpool=WARN,sqlalchemy=WARN,suds=INFO') + + is_expected.to contain_trove_config('DEFAULT/fatal_deprecations').with_value( + true) + + is_expected.to contain_trove_config('DEFAULT/instance_format').with_value( + '[instance: %(uuid)s] ') + + is_expected.to contain_trove_config('DEFAULT/instance_uuid_format').with_value( + '[instance: %(uuid)s] ') + + is_expected.to contain_trove_config('DEFAULT/log_date_format').with_value( + '%Y-%m-%d %H:%M:%S') + end + end + + + shared_examples_for 'logging params unset' do + [ :logging_context_format_string, :logging_default_format_string, + :logging_debug_format_suffix, :logging_exception_prefix, + :log_config_append, :publish_errors, + :default_log_levels, :fatal_deprecations, + :instance_format, :instance_uuid_format, + :log_date_format, ].each { |param| + it { is_expected.to contain_trove_config("DEFAULT/#{param}").with(:value => '') } + } + end + + context 'on Debian platforms' do + let :facts do + @default_facts.merge({ :osfamily => 'Debian' }) + end + + it_configures 'trove-logging' + end + + context 'on RedHat platforms' do + let :facts do + @default_facts.merge({ :osfamily => 'RedHat' }) + end + + it_configures 'trove-logging' + end + +end diff --git a/trove/spec/classes/trove_taskmanager_spec.rb b/trove/spec/classes/trove_taskmanager_spec.rb index 3eb49eef9..5b4268084 100644 --- a/trove/spec/classes/trove_taskmanager_spec.rb +++ b/trove/spec/classes/trove_taskmanager_spec.rb @@ -219,8 +219,10 @@ class { 'trove::taskmanager': context 'on Debian platforms' do let :facts do - { :osfamily => 'Debian', - :processorcount => 8 } + @default_facts.merge({ + :osfamily => 'Debian', + :processorcount => 8 + }) end let :platform_params do @@ -233,8 +235,10 @@ class { 'trove::taskmanager': context 'on RedHat platforms' do let :facts do - { :osfamily => 'RedHat', - :processorcount => 8 } + @default_facts.merge({ + :osfamily => 'RedHat', + :processorcount => 8 + }) end let :platform_params do diff --git a/trove/spec/spec_helper.rb b/trove/spec/spec_helper.rb index 3df4cede1..9bc7bcf96 100644 --- a/trove/spec/spec_helper.rb +++ b/trove/spec/spec_helper.rb @@ -5,6 +5,9 @@ RSpec.configure do |c| c.alias_it_should_behave_like_to :it_configures, 'configures' c.alias_it_should_behave_like_to :it_raises, 'raises' + c.before :each do + @default_facts = { :os_service_default => '' } + end end at_exit { RSpec::Puppet::Coverage.report! } diff --git a/vswitch/lib/puppetx/redhat/ifcfg.rb b/vswitch/lib/puppetx/redhat/ifcfg.rb index 262e6e1ea..8ffda18c0 100644 --- a/vswitch/lib/puppetx/redhat/ifcfg.rb +++ b/vswitch/lib/puppetx/redhat/ifcfg.rb @@ -16,6 +16,7 @@ def initialize(name, seed=nil) @ifcfg = {} set(seed) set_key('DEVICE', @name) + set_key('NAME', @name) set_key('DEVICETYPE', 'ovs') replace_key('BOOTPROTO', 'OVSBOOTPROTO') if self.class == IFCFG::Bridge end