Added service authentication options to LBaaS

By default, LBaaS is configured to authenticate to the local instance of Keystone running at 127.0.0.1:5000. In large deployments, it will likely not be there and it will fail to create anything. This patch adds the options to allow controlling these options in order to be able to successfully create load balancers. Change-Id: I76c941235b0177ec5dffe100b0866fab9045f209
2017-07-26 19:04:23 -04:00
parent 63a0004592
commit 60c1efdac0
3 changed files with 134 additions and 2 deletions
--- a/manifests/services/lbaas/octavia.pp
+++ b/manifests/services/lbaas/octavia.pp
@@ -38,6 +38,41 @@
 # [*allocates_vip*]
 #   (optional) Whether Octavia is responsible for allocating
 #   the VIP.
+#
+# [*auth_url*]
+#   (optional) Keystone Authentication URL
+#   Defaults to $::os_service_default   Defaults to $::os_service_default
+#
+# [*admin_user*]
+#   (optional) User for LBaaS authentication
+#   Defaults to $::os_service_default
+#
+# [*admin_tenant_name*]
+#   (optional) Tenant for LBaaS authentication
+#   Defaults to 'services'
+#
+# [*admin_password*]
+#   (optional) Password for LBaaS authentication
+#   Defaults to $::os_service_default
+#
+# [*admin_user_domain*]
+#   (optional) User domain for LBaaS authentication
+#   Defaults to $::os_service_default
+#
+# [*admin_project_domain*]
+#   (optional) Project domain for LBaaS authentication
+#   Defaults to $::os_service_default
+#
+# [*auth_version*]
+#   (optional) Authentication version
+#   Defaults to $::os_service_default
+#
+# [*endpoint_type*]
+#   (optional) Endpoint type (public/private/internal)
+#   Defaults to $::os_service_default
+#
+# [*insecure*]
+#   (optional) Accept insecure certificates
 #   Defaults to $::os_service_default
 #

@@ -45,7 +80,16 @@ class neutron::services::lbaas::octavia(
  $base_url              = 'http://127.0.0.1:9876',
  $request_poll_interval = $::os_service_default,
  $request_poll_timeout  = $::os_service_default,
-  $allocates_vip         = $::os_service_default
+  $allocates_vip         = $::os_service_default,
+  $auth_url              = $::os_service_default,
+  $admin_user            = $::os_service_default,
+  $admin_tenant_name     = 'services',
+  $admin_password        = $::os_service_default,
+  $admin_user_domain     = $::os_service_default,
+  $admin_project_domain  = $::os_service_default,
+  $auth_version          = $::os_service_default,
+  $endpoint_type         = $::os_service_default,
+  $insecure              = $::os_service_default
 ) {

  include ::neutron::deps
@@ -56,4 +100,16 @@ class neutron::services::lbaas::octavia(
    'octavia/request_poll_timeout':  value => $request_poll_timeout;
    'octavia/allocates_vip':         value => $allocates_vip;
  }
+
+  neutron_config {
+    'service_auth/auth_url'             : value => $auth_url;
+    'service_auth/admin_user'           : value => $admin_user;
+    'service_auth/admin_tenant_name'    : value => $admin_tenant_name;
+    'service_auth/admin_password'       : value => $admin_password;
+    'service_auth/admin_user_domain'    : value => $admin_user_domain;
+    'service_auth/admin_project_domain' : value => $admin_project_domain;
+    'service_auth/auth_version'         : value => $auth_version;
+    'service_auth/endpoint_type'        : value => $endpoint_type;
+    'service_auth/insecure'             : value => $insecure;
+  }
 }
--- a/releasenotes/notes/add-lbaas-service-credentials-449198dd97813e8e.yaml
+++ b/releasenotes/notes/add-lbaas-service-credentials-449198dd97813e8e.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - It is now possible to configure the service credentials needed by the
+    LBaaS service , specifically the `service_auth` section in Neutron.
--- a/spec/classes/neutron_services_lbaas_octavia_spec.rb
+++ b/spec/classes/neutron_services_lbaas_octavia_spec.rb
@@ -26,7 +26,16 @@ describe 'neutron::services::lbaas::octavia' do
    { :base_url              => 'http://127.0.0.1:9876',
      :request_poll_interval => '<SERVICE DEFAULT>',
      :request_poll_timeout  => '<SERVICE DEFAULT>',
-      :allocates_vip         => '<SERVICE DEFAULT>'}
+      :allocates_vip         => '<SERVICE DEFAULT>',
+      :auth_url              => '<SERVICE DEFAULT>',
+      :admin_user            => '<SERVICE DEFAULT>',
+      :admin_tenant_name     => 'services',
+      :admin_password        => '<SERVICE DEFAULT>',
+      :admin_user_domain     => '<SERVICE DEFAULT>',
+      :admin_project_domain  => '<SERVICE DEFAULT>',
+      :auth_version          => '<SERVICE DEFAULT>',
+      :endpoint_type         => '<SERVICE DEFAULT>',
+      :insecure              => '<SERVICE DEFAULT>' }
  end

  context 'with default params' do
@@ -40,6 +49,18 @@ describe 'neutron::services::lbaas::octavia' do
      is_expected.to contain_neutron_config('octavia/request_poll_timeout').with_value('<SERVICE DEFAULT>')
      is_expected.to contain_neutron_config('octavia/allocates_vip').with_value('<SERVICE DEFAULT>')
    end
+
+    it 'configures octavia service authentication' do
+      is_expected.to contain_neutron_config('service_auth/auth_url').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_user').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_tenant_name').with_value('services')
+      is_expected.to contain_neutron_config('service_auth/admin_password').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_user_domain').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_project_domain').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/auth_version').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/endpoint_type').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/insecure').with_value('<SERVICE DEFAULT>')
+    end
  end

  context 'when base_url is set' do
@@ -59,5 +80,56 @@ describe 'neutron::services::lbaas::octavia' do
      is_expected.to contain_neutron_config('octavia/request_poll_timeout').with_value('100')
      is_expected.to contain_neutron_config('octavia/allocates_vip').with_value('false')
    end
+
+    it 'configures octavia service authentication' do
+      is_expected.to contain_neutron_config('service_auth/auth_url').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_user').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_tenant_name').with_value('services')
+      is_expected.to contain_neutron_config('service_auth/admin_password').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_user_domain').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/admin_project_domain').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/auth_version').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/endpoint_type').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('service_auth/insecure').with_value('<SERVICE DEFAULT>')
+    end
+  end
+
+  context 'when base_url and service credentials are set' do
+    let :params do
+      default_params.merge(
+        { :base_url              => 'http://octavia.example.org:9876',
+          :request_poll_interval => '3',
+          :request_poll_timeout  => '100',
+          :allocates_vip         => 'false',
+          :auth_url              => 'https://auth.openstack.cloud/v3',
+          :admin_user            => 'admin',
+          :admin_tenant_name     => 'service-tenant',
+          :admin_password        => 'secure123',
+          :admin_user_domain     => 'DefaultUsers',
+          :admin_project_domain  => 'DefaultProjects',
+          :auth_version          => '3',
+          :endpoint_type         => 'public',
+          :insecure              => 'false' }
+      )
+    end
+
+    it 'configures octavia service plugin custom parameters' do
+      is_expected.to contain_neutron_config('octavia/base_url').with_value('http://octavia.example.org:9876')
+      is_expected.to contain_neutron_config('octavia/request_poll_interval').with_value('3')
+      is_expected.to contain_neutron_config('octavia/request_poll_timeout').with_value('100')
+      is_expected.to contain_neutron_config('octavia/allocates_vip').with_value('false')
+    end
+
+    it 'configures octavia service authentication' do
+      is_expected.to contain_neutron_config('service_auth/auth_url').with_value('https://auth.openstack.cloud/v3')
+      is_expected.to contain_neutron_config('service_auth/admin_user').with_value('admin')
+      is_expected.to contain_neutron_config('service_auth/admin_tenant_name').with_value('service-tenant')
+      is_expected.to contain_neutron_config('service_auth/admin_password').with_value('secure123')
+      is_expected.to contain_neutron_config('service_auth/admin_user_domain').with_value('DefaultUsers')
+      is_expected.to contain_neutron_config('service_auth/admin_project_domain').with_value('DefaultProjects')
+      is_expected.to contain_neutron_config('service_auth/auth_version').with_value('3')
+      is_expected.to contain_neutron_config('service_auth/endpoint_type').with_value('public')
+      is_expected.to contain_neutron_config('service_auth/insecure').with_value('false')
+    end
  end
 end