Merge "Add support for CA authentication in Keystone"

manifests/agent/central.pp

@@ -14,10 +14,13 @@
 #    Keystone password for ceilometer. Optional. Defaults to 'password'
 #
 #  [*auth_tenant_name*]
-#    Keystone tenant name for ceilometer. Optional. Defauls to 'services'
+#    Keystone tenant name for ceilometer. Optional. Defaults to 'services'
 #
 #  [*auth_tenant_id*]
-#    Keystone tenant id for ceilometer. Optional. Defaults to ''
+#    Keystone tenant id for ceilometer. Optional. Defaults to empty.
+#
+#  [*auth_cacert*]
+#    Certificate chain for SSL validation. Optional; Defaults to 'None'
 #
 #  [*enabled*]
 #    Should the service be enabled. Optional. Defauls to true
@@ -29,6 +32,7 @@ class ceilometer::agent::central (
   $auth_password    = 'password',
   $auth_tenant_name = 'services',
   $auth_tenant_id   = '',
+  $auth_cacert      = undef,
   $enabled          = true,
 ) {
 
@@ -42,6 +46,12 @@ class ceilometer::agent::central (
     name   => $::ceilometer::params::agent_central_package_name,
   }
 
+  if ! $auth_cacert {
+    ceilometer_config { 'DEFAULT/os_cacert': ensure => absent }
+  } else {
+    ceilometer_config { 'DEFAULT/os_cacert': value => $auth_cacert }
+  }
+
   if $enabled {
     $service_ensure = 'running'
   } else {

manifests/agent/compute.pp

@@ -26,6 +26,9 @@
 #    the keystone tenant id for ceilometer services.
 #    Optional. Defaults to empty.
 #
+#  [*auth_cacert*]
+#    Certificate chain for SSL validation. Optional; Defaults to 'None'
+#
 #  [*enabled*]
 #    should the service be started or not
 #    Optional. Defaults to true
@@ -37,6 +40,7 @@ class ceilometer::agent::compute (
   $auth_password    = 'password',
   $auth_tenant_name = 'services',
   $auth_tenant_id   = '',
+  $auth_cacert      = undef,
   $enabled          = true,
 ) inherits ceilometer {
 
@@ -50,6 +54,13 @@ class ceilometer::agent::compute (
     name   => $::ceilometer::params::agent_compute_package_name,
   }
 
+  if ! $auth_cacert {
+    ceilometer_config { 'DEFAULT/os_cacert': ensure => absent }
+  } else {
+    ceilometer_config { 'DEFAULT/os_cacert': value => $auth_cacert }
+  }
+
+
   if $::ceilometer::params::libvirt_group {
     User['ceilometer'] {
       groups +> [$::ceilometer::params::libvirt_group]

spec/classes/ceilometer_agent_central_spec.rb

@@ -0,0 +1,88 @@
+require 'spec_helper'
+
+describe 'ceilometer::agent::central' do
+
+  let :pre_condition do
+    "class { 'ceilometer': metering_secret => 's3cr3t' }"
+  end
+
+  let :params do
+    { :auth_url         => 'http://localhost:5000/v2.0',
+      :auth_region      => 'RegionOne',
+      :auth_user        => 'ceilometer',
+      :auth_password    => 'password',
+      :auth_tenant_name => 'services',
+      :enabled          => true,
+    }
+  end
+
+  shared_examples_for 'ceilometer-agent-central' do
+
+    it { should include_class('ceilometer::params') }
+
+    it 'installs ceilometer-agent-central package' do
+      should contain_package('ceilometer-agent-central').with(
+        :ensure => 'installed',
+        :name   => platform_params[:agent_package_name],
+        :before => 'Service[ceilometer-agent-central]'
+      )
+    end
+
+    it 'ensures ceilometer-common is installed before the service' do
+      should contain_package('ceilometer-common').with(
+        :before => /Service\[ceilometer-agent-central\]/
+      )
+    end
+
+    it 'configures ceilometer-agent-central service' do
+      should contain_service('ceilometer-agent-central').with(
+        :ensure     => 'running',
+        :name       => platform_params[:agent_service_name],
+        :enable     => true,
+        :hasstatus  => true,
+        :hasrestart => true
+      )
+    end
+
+    it 'configures authentication' do
+      should contain_ceilometer_config('DEFAULT/os_auth_url').with_value('http://localhost:5000/v2.0')
+      should contain_ceilometer_config('DEFAULT/os_auth_region').with_value('RegionOne')
+      should contain_ceilometer_config('DEFAULT/os_username').with_value('ceilometer')
+      should contain_ceilometer_config('DEFAULT/os_password').with_value('password')
+      should contain_ceilometer_config('DEFAULT/os_tenant_name').with_value('services')
+    end
+
+    context 'when overriding parameters' do
+      before do
+        params.merge!(:auth_cacert => '/tmp/dummy.pem')
+      end
+      it { should contain_ceilometer_config('DEFAULT/os_cacert').with_value(params[:auth_cacert]) }
+    end
+end
+
+  context 'on Debian platforms' do
+    let :facts do
+      { :osfamily => 'Debian' }
+    end
+
+    let :platform_params do
+      { :agent_package_name => 'ceilometer-agent-central',
+        :agent_service_name => 'ceilometer-agent-central' }
+    end
+
+    it_configures 'ceilometer-agent-central'
+  end
+
+  context 'on RedHat platforms' do
+    let :facts do
+      { :osfamily => 'RedHat' }
+    end
+
+    let :platform_params do
+      { :agent_package_name => 'openstack-ceilometer-central',
+        :agent_service_name => 'openstack-ceilometer-central' }
+    end
+
+    it_configures 'ceilometer-agent-central'
+  end
+end

spec/classes/ceilometer_agent_compute_spec.rb

@@ -58,6 +58,14 @@ describe 'ceilometer::agent::compute' do
       should contain_ceilometer_config('DEFAULT/os_username').with_value('ceilometer')
       should contain_ceilometer_config('DEFAULT/os_password').with_value('password')
       should contain_ceilometer_config('DEFAULT/os_tenant_name').with_value('services')
+      should contain_ceilometer_config('DEFAULT/os_cacert').with(:ensure => 'absent')
+    end
+
+    context 'when overriding parameters' do
+      before do
+        params.merge!(:auth_cacert => '/tmp/dummy.pem')
+      end
+      it { should contain_ceilometer_config('DEFAULT/os_cacert').with_value(params[:auth_cacert]) }
     end
 
     it 'configures instance usage audit in nova' do
@@ -77,8 +85,7 @@ describe 'ceilometer::agent::compute' do
         :notify => 'Service[nova-compute]'
       )
     end
-  end
-
+end
 
   context 'on Debian platforms' do
     let :facts do