openstack/puppet-nova
Code Issues Proposed changes

Update ironic auth settings

Browse Source 
The underlying ironic auth paramters for nova.conf have been changed.
nova::ironic::common::admin_username,
nova::ironic::common::admin_password,
nova::ironic::common::admin_url,
nova::ironic::common::admin_tenant_name
have been deprecated in favor of nova::ironic::common::username,
nova::ironic::common::password, nova::ironic::common::auth_url,
nova::ironic::common::project_name.

Also the deprecated options from nova::compute::ironic have been
removed. Please use the options available via nova::ironic::common.

Change-Id: I163d99c407ef9e0725fec492be6440de67839650
Co-Authored-By: Xing Zhou <xing.zhou@easystack.cn>
This commit is contained in:
Alex Schultz
2016-10-28 17:28:20 -06:00
parent 7b897406aa
commit 87fb09cc69
5 changed files with 167 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
manifests/compute/ironic.pp
View File

@@ -4,84 +4,21 @@
# #
# === Parameters: # === Parameters:
# #
# [*admin_username*]
# The admin username for Ironic to connect to Nova.
# Defaults to 'admin'
#
# [*admin_password*]
# The admin password for Ironic to connect to Nova.
# Defaults to 'ironic'
#
# [*admin_url*]
# The address of the Keystone api endpoint.
# Defaults to 'http://127.0.0.1:35357/v2.0'
#
# [*admin_tenant_name*]
# The Ironic Keystone tenant name.
# Defaults to 'services'
#
# [*api_endpoint*]
# The url for Ironic api endpoint.
# Defaults to 'http://127.0.0.1:6385/v1'
#
# [*compute_driver*] # [*compute_driver*]
# (optional) Compute driver. # (optional) Compute driver.
# Defaults to 'ironic.IronicDriver' # Defaults to 'ironic.IronicDriver'
# #
# [*admin_user*]
# (optional) DEPRECATED: Use admin_username instead.
#
# [*admin_passwd*]
# (optional) DEPRECATED: Use admin_password instead.
#
# [*max_concurrent_builds*] # [*max_concurrent_builds*]
# (optional) Maximum number of instance builds to run concurrently # (optional) Maximum number of instance builds to run concurrently
# Defaults to $::os_service_default. # Defaults to $::os_service_default.
# #
class nova::compute::ironic ( class nova::compute::ironic (
$max_concurrent_builds = $::os_service_default, $max_concurrent_builds = $::os_service_default,
# DEPRECATED PARAMETERS
$admin_username = undef,
$admin_password = undef,
$admin_url = undef,
$admin_tenant_name = undef,
$api_endpoint = undef,
$admin_user = undef,
$admin_passwd = undef,
$compute_driver = 'ironic.IronicDriver' $compute_driver = 'ironic.IronicDriver'
) { ) {
include ::nova::deps include ::nova::deps
require ::nova::ironic::common
if $admin_user {
warning('The admin_user parameter in class nova::compute::ironic is deprecated, use class nova::ironic::common instead.')
}
if $admin_passwd {
warning('The admin_passwd parameter in class nova::compute::ironic is deprecated, use class nova::ironic::common instead.')
}
if $admin_username {
warning('The admin_username parameter in class nova::compute::ironic is deprecated, use class nova::ironic::common instead.')
}
if $admin_password {
warning('The admin_password parameter in class nova::compute::ironic is deprecated, use class nova::ironic::common instead.')
}
if $admin_url {
warning('The admin_url parameter in class nova::compute::ironic is deprecated, use class nova::ironic::common instead.')
}
if $admin_tenant_name {
warning('The admin_tenant_name parameter in class nova::compute::ironic is deprecated, use class nova::ironic::common instead.')
}
if $api_endpoint {
warning('The api_endpoint parameter in class nova::compute::ironic is deprecated, use class nova::ironic::common instead.')
}
include ::nova::ironic::common
nova_config { nova_config {
'DEFAULT/compute_driver': value => $compute_driver; 'DEFAULT/compute_driver': value => $compute_driver;

103
manifests/ironic/common.pp
View File

@@ -1,5 +1,31 @@
# == Class: nova::ironic::common # == Class: nova::ironic::common
# #
# [*api_endpoint*]
# The url for Ironic api endpoint.
# Defaults to 'http://127.0.0.1:6385/v1'
#
# [*auth_plugin*]
# The authentication plugin to use when connecting to nova.
# Defaults to 'password'
#
# [*auth_url*]
# The address of the Keystone api endpoint.
# Defaults to 'http://127.0.0.1:35357/'
#
# [*project_name*]
# The Ironic Keystone project name.
# Defaults to 'services'
#
# [*password*]
# The admin password for Ironic to connect to Nova.
# Defaults to 'ironic'
#
# [*username*]
# The admin username for Ironic to connect to Nova.
# Defaults to 'admin'
#
# === DEPRECATED
#
# [*admin_username*] # [*admin_username*]
# The admin username for Ironic to connect to Nova. # The admin username for Ironic to connect to Nova.
# Defaults to 'admin' # Defaults to 'admin'
@@ -16,43 +42,60 @@
# The Ironic Keystone tenant name. # The Ironic Keystone tenant name.
# Defaults to 'services' # Defaults to 'services'
# #
# [*api_endpoint*]
# The url for Ironic api endpoint.
# Defaults to 'http://127.0.0.1:6385/v1'
#
class nova::ironic::common ( class nova::ironic::common (
$admin_username = 'admin',
$admin_password = 'ironic',
$admin_tenant_name = 'services',
$admin_url = 'http://127.0.0.1:35357/v2.0',
$api_endpoint = 'http://127.0.0.1:6385/v1', $api_endpoint = 'http://127.0.0.1:6385/v1',
$auth_plugin = 'password',
$auth_url = 'http://127.0.0.1:35357/',
$password = 'ironic',
$project_name = 'services',
$username = 'admin',
# DEPRECATED
$admin_username = undef,
$admin_password = undef,
$admin_tenant_name = undef,
$admin_url = undef,
) { ) {
include ::nova::deps include ::nova::deps
$admin_username_real = pick( if ($admin_username) {
$::nova::compute::ironic::admin_user, warning('nova::ironic::common::admin_username is deprecated. Please use username')
$::nova::compute::ironic::admin_username, }
$admin_username)
$admin_password_real = pick( if ($admin_password) {
$::nova::compute::ironic::admin_passwd, warning('nova::ironic::common::admin_password is deprecated. Please use password')
$::nova::compute::ironic::admin_password, }
$admin_password)
$admin_tenant_name_real = pick( if ($admin_tenant_name) {
$::nova::compute::ironic::admin_tenant_name, warning('nova::ironic::common::admin_tenant_name is deprecated. Please use project_name')
$admin_tenant_name) }
$admin_url_real = pick(
$::nova::compute::ironic::admin_url, if ($admin_url) {
$admin_url) warning('nova::ironic::common::admin_url is deprecated. Please use auth_url')
$api_endpoint_real = pick( }
$::nova::compute::ironic::api_endpoint,
$api_endpoint)
$username_real = pick($admin_username, $username)
$password_real = pick($admin_password, $password)
$auth_url_real = pick($admin_url, $auth_url)
$project_name_real = pick($admin_tenant_name, $project_name)
nova_config { nova_config {
'ironic/admin_username': value => $admin_username_real; 'ironic/auth_plugin': value => $auth_plugin;
'ironic/admin_password': value => $admin_password_real; 'ironic/username': value => $username_real;
'ironic/admin_url': value => $admin_url_real; 'ironic/password': value => $password_real;
'ironic/admin_tenant_name': value => $admin_tenant_name_real; 'ironic/auth_url': value => $auth_url_real;
'ironic/api_endpoint': value => $api_endpoint_real; 'ironic/project_name': value => $project_name_real;
'ironic/api_endpoint': value => $api_endpoint;
}
# TODO(aschultz): these are deprecated, remove in P
nova_config {
'ironic/admin_username': value => $username_real;
'ironic/admin_password': value => $password_real;
'ironic/admin_url': value => $auth_url_real;
'ironic/admin_tenant_name': value => $project_name_real;
} }
} }

10
releasenotes/notes/nova-ironic-common-updates-c855c6e82281de9d.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
deprecation:
- nova::ironic::common::admin_username, nova::ironic::common::admin_password,
nova::ironic::common::admin_url, nova::ironic::common::admin_tenant_name
have been deprecated in favor of nova::ironic::common::username,
nova::ironic::common::password, nova::ironic::common::auth_url,
nova::ironic::common::project_name.
upgrade:
- Deprecated options from nova::compute::ironic have been removed. Please
use the options available via nova::ironic::common.

23
spec/classes/nova_compute_ironic_spec.rb
View File

@@ -25,33 +25,12 @@ describe 'nova::compute::ironic' do
end end
end end
context 'with deprecated parameters' do
let :params do
{
:admin_user => 'ironic-user',
:admin_passwd => 'ironic-s3cr3t',
:admin_url => 'http://10.0.0.10:35357/v2.0',
:admin_tenant_name => 'services2',
:api_endpoint => 'http://10.0.0.10:6385/v1',
}
end
it 'configures ironic in nova.conf' do
is_expected.to contain_nova_config('ironic/admin_username').with_value('ironic-user')
is_expected.to contain_nova_config('ironic/admin_password').with_value('ironic-s3cr3t')
is_expected.to contain_nova_config('ironic/admin_url').with_value('http://10.0.0.10:35357/v2.0')
is_expected.to contain_nova_config('ironic/admin_tenant_name').with_value('services2')
is_expected.to contain_nova_config('ironic/api_endpoint').with_value('http://10.0.0.10:6385/v1')
end
end
end
context 'always' do context 'always' do
it 'contains the ironic common class' do it 'contains the ironic common class' do
is_expected.to contain_class('nova::ironic::common') is_expected.to contain_class('nova::ironic::common')
end end
end end
end
on_supported_os({ on_supported_os({
:supported_os => OSDefaults.get_supported_os :supported_os => OSDefaults.get_supported_os

51
spec/classes/nova_ironic_common_spec.rb
View File

@@ -6,15 +6,47 @@ describe 'nova::ironic::common' do
context 'with default parameters' do context 'with default parameters' do
it 'configures ironic in nova.conf' do it 'configures ironic in nova.conf' do
is_expected.to contain_nova_config('ironic/auth_plugin').with_value('password')
is_expected.to contain_nova_config('ironic/username').with_value('admin')
is_expected.to contain_nova_config('ironic/password').with_value('ironic')
is_expected.to contain_nova_config('ironic/auth_url').with_value('http://127.0.0.1:35357/')
is_expected.to contain_nova_config('ironic/project_name').with_value('services')
is_expected.to contain_nova_config('ironic/api_endpoint').with_value('http://127.0.0.1:6385/v1')
is_expected.to contain_nova_config('ironic/admin_username').with_value('admin') is_expected.to contain_nova_config('ironic/admin_username').with_value('admin')
is_expected.to contain_nova_config('ironic/admin_password').with_value('ironic') is_expected.to contain_nova_config('ironic/admin_password').with_value('ironic')
is_expected.to contain_nova_config('ironic/admin_url').with_value('http://127.0.0.1:35357/v2.0') is_expected.to contain_nova_config('ironic/admin_url').with_value('http://127.0.0.1:35357/')
is_expected.to contain_nova_config('ironic/admin_tenant_name').with_value('services') is_expected.to contain_nova_config('ironic/admin_tenant_name').with_value('services')
is_expected.to contain_nova_config('ironic/api_endpoint').with_value('http://127.0.0.1:6385/v1')
end end
end end
context 'with overridden parameters' do context 'with parameters' do
let :params do
{
:username => 'ironic',
:password => 's3cr3t',
:auth_url => 'http://10.0.0.10:35357/',
:project_name => 'services2',
:api_endpoint => 'http://10.0.0.10:6385/v1',
}
end
it 'configures ironic in nova.conf' do
is_expected.to contain_nova_config('ironic/auth_plugin').with_value('password')
is_expected.to contain_nova_config('ironic/username').with_value('ironic')
is_expected.to contain_nova_config('ironic/password').with_value('s3cr3t')
is_expected.to contain_nova_config('ironic/auth_url').with_value('http://10.0.0.10:35357/')
is_expected.to contain_nova_config('ironic/project_name').with_value('services2')
is_expected.to contain_nova_config('ironic/api_endpoint').with_value('http://10.0.0.10:6385/v1')
is_expected.to contain_nova_config('ironic/admin_username').with_value('ironic')
is_expected.to contain_nova_config('ironic/admin_password').with_value('s3cr3t')
is_expected.to contain_nova_config('ironic/admin_url').with_value('http://10.0.0.10:35357/')
is_expected.to contain_nova_config('ironic/admin_tenant_name').with_value('services2')
end
end
context 'with deprecated parameters' do
let :params do let :params do
{ {
:admin_username => 'ironic', :admin_username => 'ironic',
@@ -26,11 +58,16 @@ describe 'nova::ironic::common' do
end end
it 'configures ironic in nova.conf' do it 'configures ironic in nova.conf' do
is_expected.to contain_nova_config('ironic/username').with_value('ironic')
is_expected.to contain_nova_config('ironic/password').with_value('s3cr3t')
is_expected.to contain_nova_config('ironic/auth_url').with_value('http://10.0.0.10:35357/v2.0')
is_expected.to contain_nova_config('ironic/project_name').with_value('services2')
is_expected.to contain_nova_config('ironic/api_endpoint').with_value('http://10.0.0.10:6385/v1')
is_expected.to contain_nova_config('ironic/admin_username').with_value('ironic') is_expected.to contain_nova_config('ironic/admin_username').with_value('ironic')
is_expected.to contain_nova_config('ironic/admin_password').with_value('s3cr3t') is_expected.to contain_nova_config('ironic/admin_password').with_value('s3cr3t')
is_expected.to contain_nova_config('ironic/admin_url').with_value('http://10.0.0.10:35357/v2.0') is_expected.to contain_nova_config('ironic/admin_url').with_value('http://10.0.0.10:35357/v2.0')
is_expected.to contain_nova_config('ironic/admin_tenant_name').with_value('services2') is_expected.to contain_nova_config('ironic/admin_tenant_name').with_value('services2')
is_expected.to contain_nova_config('ironic/api_endpoint').with_value('http://10.0.0.10:6385/v1')
end end
end end
end end
@@ -40,11 +77,7 @@ describe 'nova::ironic::common' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge!(OSDefaults.get_facts({ facts.merge!(OSDefaults.get_facts)
:fqdn => 'some.host.tld',
:processorcount => 2,
:concat_basedir => '/var/lib/puppet/concat'
}))
end end
it_configures 'nova-ironic-common' it_configures 'nova-ironic-common'
end end