diff --git a/manifests/inspector.pp b/manifests/inspector.pp index ad083883..79f6fc1f 100644 --- a/manifests/inspector.pp +++ b/manifests/inspector.pp @@ -37,6 +37,10 @@ # (optional) Enable debug logging # Defaults to undef # +# [*auth_strategy*] +# (optional) API authentication strategy: keystone or noauth +# Defaults to 'keystone' +# # [*auth_uri*] # (optional) Complete public Identity API endpoint # Defaults to 'http://127.0.0.1:5000/v2.0' @@ -82,6 +86,10 @@ # (optional) Method for storing introspection data # Defaults to 'none' # +# [*ironic_auth_type*] +# (optional) Authentication plugin for accessing Ironic +# Defaults to 'password' +# # [*ironic_username*] # (optional) User name for accessing Ironic API # Defaults to 'ironic' @@ -106,6 +114,10 @@ # (optional) Interval between retries in case of conflict error # Defaults to 2 # +# [*swift_auth_type*] +# (optional) Authentication plugin for accessing Swift +# Defaults to 'password' +# # [*swift_username*] # (optional) User name for accessing Swift API # Defaults to 'ironic' @@ -156,6 +168,7 @@ class ironic::inspector ( $pxe_transfer_protocol = 'tftp', $enable_uefi = false, $debug = undef, + $auth_strategy = 'keystone', $auth_uri = 'http://127.0.0.1:5000/v2.0', $identity_uri = 'http://127.0.0.1:35357', $admin_user = 'ironic', @@ -167,12 +180,14 @@ class ironic::inspector ( $enable_setting_ipmi_credentials = false, $keep_ports = 'all', $store_data = 'none', + $ironic_auth_type = 'password', $ironic_username = 'ironic', $ironic_password = undef, $ironic_tenant_name = 'services', $ironic_auth_url = 'http://127.0.0.1:5000/v2.0', $ironic_max_retries = 30, $ironic_retry_interval = 2, + $swift_auth_type = 'password', $swift_username = 'ironic', $swift_password = undef, $swift_tenant_name = 'services', @@ -251,28 +266,38 @@ class ironic::inspector ( } # Configure inspector.conf + + if $auth_strategy == 'keystone' { + ironic_inspector_config { + 'keystone_authtoken/auth_type': value => 'password'; + 'keystone_authtoken/auth_uri': value => $auth_uri; + 'keystone_authtoken/auth_url': value => $identity_uri; + 'keystone_authtoken/username': value => $admin_user; + 'keystone_authtoken/password': value => $admin_password, secret => true; + 'keystone_authtoken/project_name': value => $admin_tenant_name; + } + } + ironic_inspector_config { - 'keystone_authtoken/auth_uri': value => $auth_uri; - 'keystone_authtoken/identity_uri': value => $identity_uri; - 'keystone_authtoken/admin_user': value => $admin_user; - 'keystone_authtoken/admin_password': value => $admin_password, secret => true; - 'keystone_authtoken/admin_tenant_name': value => $admin_tenant_name; + 'DEFAULT/auth_strategy': value => $auth_strategy; 'firewall/dnsmasq_interface': value => $dnsmasq_interface; 'database/connection': value => $db_connection; 'processing/ramdisk_logs_dir': value => $ramdisk_logs_dir; 'processing/enable_setting_ipmi_credentials': value => $enable_setting_ipmi_credentials; 'processing/keep_ports': value => $keep_ports; 'processing/store_data': value => $store_data; - 'ironic/os_username': value => $ironic_username; - 'ironic/os_password': value => $ironic_password, secret => true; - 'ironic/os_tenant_name': value => $ironic_tenant_name; - 'ironic/os_auth_url': value => $ironic_auth_url; + 'ironic/auth_type': value => $ironic_auth_type; + 'ironic/username': value => $ironic_username; + 'ironic/password': value => $ironic_password, secret => true; + 'ironic/project_name': value => $ironic_tenant_name; + 'ironic/auth_url': value => $ironic_auth_url; 'ironic/max_retries': value => $ironic_max_retries; 'ironic/retry_interval': value => $ironic_retry_interval; + 'swift/auth_type': value => $swift_auth_type; 'swift/username': value => $swift_username; 'swift/password': value => $swift_password, secret => true; - 'swift/tenant_name': value => $swift_tenant_name; - 'swift/os_auth_url': value => $swift_auth_url; + 'swift/project_name': value => $swift_tenant_name; + 'swift/auth_url': value => $swift_auth_url; # Here we use oslo.config interpolation with another option default_processing_hooks, # which we don't change as it might break introspection completely. 'processing/processing_hooks': value => join(delete_undef_values(['$default_processing_hooks', $additional_processing_hooks]), ','); diff --git a/spec/classes/ironic_inspector_spec.rb b/spec/classes/ironic_inspector_spec.rb index 178eeca5..09d4f91f 100644 --- a/spec/classes/ironic_inspector_spec.rb +++ b/spec/classes/ironic_inspector_spec.rb @@ -25,6 +25,7 @@ describe 'ironic::inspector' do :enabled => true, :pxe_transfer_protocol => 'tftp', :enable_uefi => false, + :auth_strategy => 'keystone', :auth_uri => 'http://127.0.0.1:5000/v2.0', :identity_uri => 'http://127.0.0.1:35357', :admin_user => 'ironic', @@ -35,11 +36,13 @@ describe 'ironic::inspector' do :enable_setting_ipmi_credentials => false, :keep_ports => 'all', :store_data => 'none', + :ironic_auth_type => 'password', :ironic_username => 'ironic', :ironic_tenant_name => 'services', :ironic_auth_url => 'http://127.0.0.1:5000/v2.0', :ironic_max_retries => 30, :ironic_retry_interval => 2, + :swift_auth_type => 'password', :swift_username => 'ironic', :swift_tenant_name => 'services', :swift_auth_url => 'http://127.0.0.1:5000/v2.0', @@ -86,24 +89,28 @@ describe 'ironic::inspector' do end it 'configures inspector.conf' do + is_expected.to contain_ironic_inspector_config('DEFAULT/auth_strategy').with_value(p[:auth_strategy]) + is_expected.to contain_ironic_inspector_config('keystone_authtoken/auth_type').with_value('password') is_expected.to contain_ironic_inspector_config('keystone_authtoken/auth_uri').with_value(p[:auth_uri]) - is_expected.to contain_ironic_inspector_config('keystone_authtoken/identity_uri').with_value(p[:identity_uri]) - is_expected.to contain_ironic_inspector_config('keystone_authtoken/admin_user').with_value(p[:admin_user]) - is_expected.to contain_ironic_inspector_config('keystone_authtoken/admin_tenant_name').with_value(p[:admin_tenant_name]) + is_expected.to contain_ironic_inspector_config('keystone_authtoken/auth_url').with_value(p[:identity_uri]) + is_expected.to contain_ironic_inspector_config('keystone_authtoken/username').with_value(p[:admin_user]) + is_expected.to contain_ironic_inspector_config('keystone_authtoken/project_name').with_value(p[:admin_tenant_name]) is_expected.to contain_ironic_inspector_config('firewall/dnsmasq_interface').with_value(p[:dnsmasq_interface]) is_expected.to contain_ironic_inspector_config('database/connection').with_value(p[:db_connection]) is_expected.to contain_ironic_inspector_config('processing/ramdisk_logs_dir').with_value(p[:ramdisk_logs_dir]) is_expected.to contain_ironic_inspector_config('processing/enable_setting_ipmi_credentials').with_value(p[:enable_setting_ipmi_credentials]) is_expected.to contain_ironic_inspector_config('processing/keep_ports').with_value(p[:keep_ports]) is_expected.to contain_ironic_inspector_config('processing/store_data').with_value(p[:store_data]) - is_expected.to contain_ironic_inspector_config('ironic/os_username').with_value(p[:ironic_username]) - is_expected.to contain_ironic_inspector_config('ironic/os_tenant_name').with_value(p[:ironic_tenant_name]) - is_expected.to contain_ironic_inspector_config('ironic/os_auth_url').with_value(p[:ironic_auth_url]) + is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value(p[:ironic_auth_type]) + is_expected.to contain_ironic_inspector_config('ironic/username').with_value(p[:ironic_username]) + is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value(p[:ironic_tenant_name]) + is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(p[:ironic_auth_url]) is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(p[:ironic_max_retries]) is_expected.to contain_ironic_inspector_config('ironic/retry_interval').with_value(p[:ironic_retry_interval]) + is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value(p[:swift_auth_type]) is_expected.to contain_ironic_inspector_config('swift/username').with_value(p[:swift_username]) - is_expected.to contain_ironic_inspector_config('swift/tenant_name').with_value(p[:swift_tenant_name]) - is_expected.to contain_ironic_inspector_config('swift/os_auth_url').with_value(p[:swift_auth_url]) + is_expected.to contain_ironic_inspector_config('swift/project_name').with_value(p[:swift_tenant_name]) + is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value(p[:swift_auth_url]) is_expected.to contain_ironic_inspector_config('processing/processing_hooks').with_value('$default_processing_hooks') end @@ -159,12 +166,12 @@ describe 'ironic::inspector' do it 'should replace default parameter with new value' do is_expected.to contain_ironic_inspector_config('DEFAULT/debug').with_value(p[:debug]) is_expected.to contain_ironic_inspector_config('keystone_authtoken/auth_uri').with_value(p[:auth_uri]) - is_expected.to contain_ironic_inspector_config('keystone_authtoken/identity_uri').with_value(p[:identity_uri]) - is_expected.to contain_ironic_inspector_config('keystone_authtoken/admin_password').with_value(p[:admin_password]) - is_expected.to contain_ironic_inspector_config('ironic/os_password').with_value(p[:ironic_password]) - is_expected.to contain_ironic_inspector_config('ironic/os_auth_url').with_value(p[:ironic_auth_url]) + is_expected.to contain_ironic_inspector_config('keystone_authtoken/auth_url').with_value(p[:identity_uri]) + is_expected.to contain_ironic_inspector_config('keystone_authtoken/password').with_value(p[:admin_password]) + is_expected.to contain_ironic_inspector_config('ironic/password').with_value(p[:ironic_password]) + is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(p[:ironic_auth_url]) is_expected.to contain_ironic_inspector_config('swift/password').with_value(p[:swift_password]) - is_expected.to contain_ironic_inspector_config('swift/os_auth_url').with_value(p[:swift_auth_url]) + is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value(p[:swift_auth_url]) is_expected.to contain_ironic_inspector_config('processing/processing_hooks').with_value('$default_processing_hooks,hook1,hook2') end