diff --git a/manifests/services/lbaas/octavia.pp b/manifests/services/lbaas/octavia.pp index e05cd1514..c7fcb448e 100644 --- a/manifests/services/lbaas/octavia.pp +++ b/manifests/services/lbaas/octavia.pp @@ -38,6 +38,41 @@ # [*allocates_vip*] # (optional) Whether Octavia is responsible for allocating # the VIP. +# +# [*auth_url*] +# (optional) Keystone Authentication URL +# Defaults to $::os_service_default Defaults to $::os_service_default +# +# [*admin_user*] +# (optional) User for LBaaS authentication +# Defaults to $::os_service_default +# +# [*admin_tenant_name*] +# (optional) Tenant for LBaaS authentication +# Defaults to 'services' +# +# [*admin_password*] +# (optional) Password for LBaaS authentication +# Defaults to $::os_service_default +# +# [*admin_user_domain*] +# (optional) User domain for LBaaS authentication +# Defaults to $::os_service_default +# +# [*admin_project_domain*] +# (optional) Project domain for LBaaS authentication +# Defaults to $::os_service_default +# +# [*auth_version*] +# (optional) Authentication version +# Defaults to $::os_service_default +# +# [*endpoint_type*] +# (optional) Endpoint type (public/private/internal) +# Defaults to $::os_service_default +# +# [*insecure*] +# (optional) Accept insecure certificates # Defaults to $::os_service_default # @@ -45,7 +80,16 @@ class neutron::services::lbaas::octavia( $base_url = 'http://127.0.0.1:9876', $request_poll_interval = $::os_service_default, $request_poll_timeout = $::os_service_default, - $allocates_vip = $::os_service_default + $allocates_vip = $::os_service_default, + $auth_url = $::os_service_default, + $admin_user = $::os_service_default, + $admin_tenant_name = 'services', + $admin_password = $::os_service_default, + $admin_user_domain = $::os_service_default, + $admin_project_domain = $::os_service_default, + $auth_version = $::os_service_default, + $endpoint_type = $::os_service_default, + $insecure = $::os_service_default ) { include ::neutron::deps @@ -56,4 +100,16 @@ class neutron::services::lbaas::octavia( 'octavia/request_poll_timeout': value => $request_poll_timeout; 'octavia/allocates_vip': value => $allocates_vip; } + + neutron_config { + 'service_auth/auth_url' : value => $auth_url; + 'service_auth/admin_user' : value => $admin_user; + 'service_auth/admin_tenant_name' : value => $admin_tenant_name; + 'service_auth/admin_password' : value => $admin_password; + 'service_auth/admin_user_domain' : value => $admin_user_domain; + 'service_auth/admin_project_domain' : value => $admin_project_domain; + 'service_auth/auth_version' : value => $auth_version; + 'service_auth/endpoint_type' : value => $endpoint_type; + 'service_auth/insecure' : value => $insecure; + } } diff --git a/releasenotes/notes/add-lbaas-service-credentials-449198dd97813e8e.yaml b/releasenotes/notes/add-lbaas-service-credentials-449198dd97813e8e.yaml new file mode 100644 index 000000000..86713acb3 --- /dev/null +++ b/releasenotes/notes/add-lbaas-service-credentials-449198dd97813e8e.yaml @@ -0,0 +1,4 @@ +--- +features: + - It is now possible to configure the service credentials needed by the + LBaaS service , specifically the `service_auth` section in Neutron. diff --git a/spec/classes/neutron_services_lbaas_octavia_spec.rb b/spec/classes/neutron_services_lbaas_octavia_spec.rb index 71f179c35..01e5adc0b 100644 --- a/spec/classes/neutron_services_lbaas_octavia_spec.rb +++ b/spec/classes/neutron_services_lbaas_octavia_spec.rb @@ -26,7 +26,16 @@ describe 'neutron::services::lbaas::octavia' do { :base_url => 'http://127.0.0.1:9876', :request_poll_interval => '', :request_poll_timeout => '', - :allocates_vip => ''} + :allocates_vip => '', + :auth_url => '', + :admin_user => '', + :admin_tenant_name => 'services', + :admin_password => '', + :admin_user_domain => '', + :admin_project_domain => '', + :auth_version => '', + :endpoint_type => '', + :insecure => '' } end context 'with default params' do @@ -40,6 +49,18 @@ describe 'neutron::services::lbaas::octavia' do is_expected.to contain_neutron_config('octavia/request_poll_timeout').with_value('') is_expected.to contain_neutron_config('octavia/allocates_vip').with_value('') end + + it 'configures octavia service authentication' do + is_expected.to contain_neutron_config('service_auth/auth_url').with_value('') + is_expected.to contain_neutron_config('service_auth/admin_user').with_value('') + is_expected.to contain_neutron_config('service_auth/admin_tenant_name').with_value('services') + is_expected.to contain_neutron_config('service_auth/admin_password').with_value('') + is_expected.to contain_neutron_config('service_auth/admin_user_domain').with_value('') + is_expected.to contain_neutron_config('service_auth/admin_project_domain').with_value('') + is_expected.to contain_neutron_config('service_auth/auth_version').with_value('') + is_expected.to contain_neutron_config('service_auth/endpoint_type').with_value('') + is_expected.to contain_neutron_config('service_auth/insecure').with_value('') + end end context 'when base_url is set' do @@ -59,5 +80,56 @@ describe 'neutron::services::lbaas::octavia' do is_expected.to contain_neutron_config('octavia/request_poll_timeout').with_value('100') is_expected.to contain_neutron_config('octavia/allocates_vip').with_value('false') end + + it 'configures octavia service authentication' do + is_expected.to contain_neutron_config('service_auth/auth_url').with_value('') + is_expected.to contain_neutron_config('service_auth/admin_user').with_value('') + is_expected.to contain_neutron_config('service_auth/admin_tenant_name').with_value('services') + is_expected.to contain_neutron_config('service_auth/admin_password').with_value('') + is_expected.to contain_neutron_config('service_auth/admin_user_domain').with_value('') + is_expected.to contain_neutron_config('service_auth/admin_project_domain').with_value('') + is_expected.to contain_neutron_config('service_auth/auth_version').with_value('') + is_expected.to contain_neutron_config('service_auth/endpoint_type').with_value('') + is_expected.to contain_neutron_config('service_auth/insecure').with_value('') + end + end + + context 'when base_url and service credentials are set' do + let :params do + default_params.merge( + { :base_url => 'http://octavia.example.org:9876', + :request_poll_interval => '3', + :request_poll_timeout => '100', + :allocates_vip => 'false', + :auth_url => 'https://auth.openstack.cloud/v3', + :admin_user => 'admin', + :admin_tenant_name => 'service-tenant', + :admin_password => 'secure123', + :admin_user_domain => 'DefaultUsers', + :admin_project_domain => 'DefaultProjects', + :auth_version => '3', + :endpoint_type => 'public', + :insecure => 'false' } + ) + end + + it 'configures octavia service plugin custom parameters' do + is_expected.to contain_neutron_config('octavia/base_url').with_value('http://octavia.example.org:9876') + is_expected.to contain_neutron_config('octavia/request_poll_interval').with_value('3') + is_expected.to contain_neutron_config('octavia/request_poll_timeout').with_value('100') + is_expected.to contain_neutron_config('octavia/allocates_vip').with_value('false') + end + + it 'configures octavia service authentication' do + is_expected.to contain_neutron_config('service_auth/auth_url').with_value('https://auth.openstack.cloud/v3') + is_expected.to contain_neutron_config('service_auth/admin_user').with_value('admin') + is_expected.to contain_neutron_config('service_auth/admin_tenant_name').with_value('service-tenant') + is_expected.to contain_neutron_config('service_auth/admin_password').with_value('secure123') + is_expected.to contain_neutron_config('service_auth/admin_user_domain').with_value('DefaultUsers') + is_expected.to contain_neutron_config('service_auth/admin_project_domain').with_value('DefaultProjects') + is_expected.to contain_neutron_config('service_auth/auth_version').with_value('3') + is_expected.to contain_neutron_config('service_auth/endpoint_type').with_value('public') + is_expected.to contain_neutron_config('service_auth/insecure').with_value('false') + end end end