Skip to content

Commit

Permalink
Update keystone to edf8c3e1753b5ad0eaf982f5932ce61c55a987bd
Browse files Browse the repository at this point in the history
edf8c3e1753b5ad0eaf982f5932ce61c55a987bd Merge "Only declare openstackclient class if updating version"
8a422583bf8167c18995d309b2f865b529a878cc Merge "Fix spec tests for RSpec 3.x and Puppet 4.x"
e1bba1c44538ac5050f720d4791028fb1b4ec352 Only declare openstackclient class if updating version
72d78202ea433fe519776a4f99fa30a74e294ac5 Merge "Add native types for keystone paste configuration"
2d48f32bb1ce321d9e1ba34047e6229faf0d1255 Merge "Set WSGI process display-name"
918801754bfdc8539dd5c880d8131939b99a708b Merge "Beaker tests"
15deb08f5c2a4ff56dda977e2a1479fb2edc601d Merge "Support notification_format"
7e4085b70f8f79d1014cfe384a070c9d35c2ffe2 Beaker tests
3ab8faf6a1acfbf827296f41bd2e22b7f8071350 Fix spec tests for RSpec 3.x and Puppet 4.x
d7aa157e5eebf75001f22bab29d24a480437e4fa Bump rspec-puppet to 2.1.0
098d349d0ac0e167b4c4beba05108c29c8dac3db Merge "MySQL: change default MySQL collate to utf8_general_ci"
1e4ede1730adb3df58de869afc180cb0eed88916 MySQL: change default MySQL collate to utf8_general_ci
dec3a56696e284177b58a68f16125edbfc43951f Merge "LDAP: add support to configure credential driver"
9acb9468fc2d54e18d678fcd4cf84f35bd872a53 Support notification_format
120b20bf07722fc8218e646af19724716311e46c LDAP: add support to configure credential driver
7108a6e64f8e3c2c7586ce74b6af686dc16c6a28 Set WSGI process display-name
1699792a23b86d6b50ca21d7e57871d71b6a29c6 Add native types for keystone paste configuration

Change-Id: I114b4a097b0180a6883a22bc50903748795066ab
  • Loading branch information
xbezdick committed May 11, 2015
1 parent ae64b79 commit ff76bd2
Show file tree
Hide file tree
Showing 21 changed files with 382 additions and 28 deletions.
2 changes: 1 addition & 1 deletion Puppetfile
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ mod 'keepalived',
:git => 'https://github.com/Unyonsys/puppet-module-keepalived.git'

mod 'keystone',
:commit => 'c1f5e5159f2bae6003a535c8ce3070d8cfb7f089',
:commit => 'edf8c3e1753b5ad0eaf982f5932ce61c55a987bd',
:git => 'https://github.com/stackforge/puppet-keystone.git'

mod 'manila',
Expand Down
3 changes: 2 additions & 1 deletion keystone/Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ source 'https://rubygems.org'

group :development, :test do
gem 'puppetlabs_spec_helper', :require => false
gem 'rspec-puppet', '~> 2.0.0', :require => false
gem 'rspec-puppet', '~> 2.1.0', :require => false

gem 'metadata-json-lint'
gem 'puppet-lint-param-docs'
Expand All @@ -18,6 +18,7 @@ group :development, :test do

gem 'json'
gem 'webmock'
gem 'beaker-rspec', '~> 2.2.4', :require => false
end

if puppetversion = ENV['PUPPET_GEM_VERSION']
Expand Down
12 changes: 12 additions & 0 deletions keystone/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,18 @@ Limitations

* If you've setup Openstack using previous versions of this module you need to be aware that it used UUID as the dedault to the token_format parameter but now defaults to PKI. If you're using this module to manage a Grizzly Openstack deployment that was set up using a development release of the modules or are attempting an upgrade from Folsom then you'll need to make sure you set the token_format to UUID at classification time.

Beaker-Rspec
------------

This module has beaker-rspec tests

To run:

``shell
bundle install
bundle exec rspec spec/acceptance
``

Development
-----------

Expand Down
27 changes: 27 additions & 0 deletions keystone/lib/puppet/provider/keystone_paste_ini/ini_setting.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
Puppet::Type.type(:keystone_paste_ini).provide(
:ini_setting,
:parent => Puppet::Type.type(:ini_setting).provider(:ruby)
) do

def section
resource[:name].split('/', 2).first
end

def setting
resource[:name].split('/', 2).last
end

def separator
'='
end

def self.file_path
'/etc/keystone/keystone-paste.ini'
end

# this needs to be removed. This has been replaced with the class method
def file_path
self.class.file_path
end

end
43 changes: 43 additions & 0 deletions keystone/lib/puppet/type/keystone_paste_ini.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
Puppet::Type.newtype(:keystone_paste_ini) do

ensurable

newparam(:name, :namevar => true) do
desc 'Section/setting name to manage from keystone/keystone-paste.ini'
newvalues(/\S+\/\S+/)
end

newproperty(:value) do
desc 'The value of the setting to be defined.'
munge do |value|
value = value.to_s.strip
value.capitalize! if value =~ /^(true|false)$/i
value
end

def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end

def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end

newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'

newvalues(:true, :false)

defaultto false
end

end
4 changes: 2 additions & 2 deletions keystone/manifests/db/mysql.pp
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
# [*collate*]
# (Optional) The database collate.
# Only used with mysql modules >= 2.2.
# Defaults to 'utf8_unicode_ci'
# Defaults to 'utf8_general_ci'
#
# === Deprecated Parameters
#
Expand All @@ -57,7 +57,7 @@
$user = 'keystone',
$host = '127.0.0.1',
$charset = 'utf8',
$collate = 'utf8_unicode_ci',
$collate = 'utf8_general_ci',
$mysql_module = undef,
$allowed_hosts = undef
) {
Expand Down
18 changes: 16 additions & 2 deletions keystone/manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,10 @@
# (optional) AMQP topics to publish to when using the RPC notification driver.
# Default to false.
#
# [*notification_format*]
# Format for the notifications. Valid values are 'basic' and 'cadf'.
# Default to undef
#
# [*control_exchange*]
# (optional) AMQP exchange to connect to if using RabbitMQ or Qpid
# Default to false.
Expand Down Expand Up @@ -431,6 +435,7 @@
$kombu_ssl_version = 'TLSv1',
$notification_driver = false,
$notification_topics = false,
$notification_format = undef,
$control_exchange = false,
$validate_service = false,
$validate_insecure = false,
Expand Down Expand Up @@ -486,8 +491,12 @@
name => $::keystone::params::package_name,
tag => 'openstack',
}
class { '::openstacklib::openstackclient':
package_ensure => $client_package_ensure,
if $client_package_ensure == 'present' {
include '::openstacklib::openstackclient'
} else {
class { '::openstacklib::openstackclient':
package_ensure => $client_package_ensure,
}
}

group { 'keystone':
Expand Down Expand Up @@ -714,6 +723,11 @@
} else {
keystone_config { 'DEFAULT/notification_topics': ensure => absent }
}
if $notification_format {
keystone_config { 'DEFAULT/notification_format': value => $notification_format }
} else {
keystone_config { 'DEFAULT/notification_format': ensure => absent }
}
if $control_exchange {
keystone_config { 'DEFAULT/control_exchange': value => $control_exchange }
} else {
Expand Down
12 changes: 12 additions & 0 deletions keystone/manifests/ldap.pp
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,10 @@ # == class: keystone::ldap
# Identity backend driver. (string value)
# Defaults to 'undef'
#
# [*credential_driver*]
# Credential backend driver. (string value)
# Defaults to 'undef'
#
# [*assignment_driver*]
# Assignment backend driver. (string value)
# Defaults to 'undef'
Expand Down Expand Up @@ -469,6 +473,7 @@ # == class: keystone::ldap
$tls_req_cert = undef,
$identity_driver = undef,
$assignment_driver = undef,
$credential_driver = undef,
$use_pool = false,
$pool_size = 10,
$pool_retry_max = 3,
Expand Down Expand Up @@ -677,6 +682,12 @@ # == class: keystone::ldap
}
}

if ($credential_driver != undef) {
if ! ($credential_driver =~ /^keystone.credential.backends.*Credential$/) {
fail('credential driver should be of the form \'keystone.credential.backends.*Credential\'')
}
}

if ($tls_cacertdir != undef) {
file { $tls_cacertdir:
ensure => directory
Expand Down Expand Up @@ -762,6 +773,7 @@ # == class: keystone::ldap
'ldap/auth_pool_size': value => $auth_pool_size;
'ldap/auth_pool_connection_lifetime': value => $auth_pool_connection_lifetime;
'identity/driver': value => $identity_driver;
'credential/driver': value => $credential_driver;
'assignment/driver': value => $assignment_driver;
}
}
24 changes: 17 additions & 7 deletions keystone/manifests/wsgi/apache.pp
Original file line number Diff line number Diff line change
Expand Up @@ -181,12 +181,22 @@
require => [File[$::keystone::params::keystone_wsgi_script_path], Package['keystone']],
}

$wsgi_daemon_process_options = {
user => 'keystone',
group => 'keystone',
processes => $workers,
threads => $threads,
$wsgi_daemon_process_options_main = {
user => 'keystone',
group => 'keystone',
processes => $workers,
threads => $threads,
display-name => 'keystone-main',
}

$wsgi_daemon_process_options_admin = {
user => 'keystone',
group => 'keystone',
processes => $workers,
threads => $threads,
display-name => 'keystone-admin',
}

$wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/main"])
$wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/admin"])

Expand Down Expand Up @@ -214,7 +224,7 @@
ssl_crl => $ssl_crl,
ssl_certs_dir => $ssl_certs_dir,
wsgi_daemon_process => 'keystone_main',
wsgi_daemon_process_options => $wsgi_daemon_process_options,
wsgi_daemon_process_options => $wsgi_daemon_process_options_main,
wsgi_process_group => 'keystone_main',
wsgi_script_aliases => $wsgi_script_aliases_main_real,
require => File['keystone_wsgi_main'],
Expand All @@ -239,7 +249,7 @@
ssl_crl => $ssl_crl,
ssl_certs_dir => $ssl_certs_dir,
wsgi_daemon_process => 'keystone_admin',
wsgi_daemon_process_options => $wsgi_daemon_process_options,
wsgi_daemon_process_options => $wsgi_daemon_process_options_admin,
wsgi_process_group => 'keystone_admin',
wsgi_script_aliases => $wsgi_script_aliases_admin,
require => File['keystone_wsgi_admin'],
Expand Down
78 changes: 78 additions & 0 deletions keystone/spec/acceptance/basic_keystone_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
require 'spec_helper_acceptance'

describe 'basic keystone server with resources' do

context 'default parameters' do

it 'should work with no errors' do
pp= <<-EOS
Exec { logoutput => 'on_failure' }
# Common resources
include ::apt
# some packages are not autoupgraded in trusty.
# it will be fixed in liberty, but broken in kilo.
$need_to_be_upgraded = ['python-tz', 'python-pbr']
apt::source { 'trusty-updates-kilo':
location => 'http://ubuntu-cloud.archive.canonical.com/ubuntu/',
release => 'trusty-updates',
required_packages => 'ubuntu-cloud-keyring',
repos => 'kilo/main',
trusted_source => true,
} ->
package { $need_to_be_upgraded:
ensure => latest,
}
class { '::mysql::server': }
# Keystone resources
class { '::keystone::client': }
class { '::keystone::cron::token_flush': }
class { '::keystone::db::mysql':
password => 'keystone',
}
class { '::keystone':
verbose => true,
debug => true,
database_connection => 'mysql://keystone:[email protected]/keystone',
admin_token => 'admin_token',
enabled => true,
}
class { '::keystone::roles::admin':
email => '[email protected]',
password => 'a_big_secret',
}
class { '::keystone::endpoint':
public_url => "https://${::fqdn}:5000/",
admin_url => "https://${::fqdn}:35357/",
}
::keystone::resource::service_identity { 'beaker-ci':
service_type => 'beaker',
service_description => 'beaker service',
service_name => 'beaker',
public_url => 'http://127.0.0.1:1234',
admin_url => 'http://127.0.0.1:1234',
internal_url => 'http://127.0.0.1:1234',
}
EOS


# Run it twice and test for idempotency
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end

describe port(5000) do
it { is_expected.to be_listening.with('tcp') }
end

describe port(35357) do
it { is_expected.to be_listening.with('tcp') }
end

describe cron do
it { should have_entry('1 0 * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
end

end
end
9 changes: 9 additions & 0 deletions keystone/spec/acceptance/nodesets/default.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
HOSTS:
ubuntu-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
hypervisor : none
ip: 127.0.0.1
CONFIG:
type: foss
9 changes: 9 additions & 0 deletions keystone/spec/acceptance/nodesets/nodepool.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
HOSTS:
ubuntu-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
hypervisor : none
ip: 127.0.0.1
CONFIG:
type: foss
3 changes: 2 additions & 1 deletion keystone/spec/classes/keystone_db_mysql_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@
'password_hash' => '*B552157B14BCEDDCEAA06767A012F31BDAA9CE3D',
'dbname' => 'keystone',
'host' => '127.0.0.1',
'charset' => 'utf8'
'charset' => 'utf8',
:collate => 'utf8_general_ci',
)}
end

Expand Down
Loading

0 comments on commit ff76bd2

Please sign in to comment.