187 lines
5.3 KiB
Ruby
187 lines
5.3 KiB
Ruby
#
|
|
# Cookbook Name:: openstack-identity
|
|
# Recipe:: server
|
|
#
|
|
# Copyright 2012, Rackspace US, Inc.
|
|
# Copyright 2012-2013, Opscode, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
require "uri"
|
|
|
|
class ::Chef::Recipe
|
|
include ::Openstack
|
|
end
|
|
|
|
if node["openstack"]["identity"]["syslog"]["use"]
|
|
include_recipe "openstack-common::logging"
|
|
end
|
|
|
|
platform_options = node["openstack"]["identity"]["platform"]
|
|
|
|
##### NOTE #####
|
|
# https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/931236
|
|
################
|
|
|
|
db_type = node['openstack']['db']['identity']['db_type']
|
|
platform_options["#{db_type}_python_packages"].each do |pkg|
|
|
package pkg do
|
|
action :install
|
|
end
|
|
end
|
|
|
|
platform_options["memcache_python_packages"].each do |pkg|
|
|
package pkg do
|
|
action :install
|
|
end
|
|
end
|
|
|
|
platform_options["keystone_packages"].each do |pkg|
|
|
package pkg do
|
|
options platform_options["package_options"]
|
|
|
|
action :upgrade
|
|
end
|
|
end
|
|
|
|
execute "Keystone: sleep" do
|
|
command "sleep 10s"
|
|
|
|
action :nothing
|
|
end
|
|
|
|
service "keystone" do
|
|
service_name platform_options["keystone_service"]
|
|
supports :status => true, :restart => true
|
|
|
|
action [ :enable ]
|
|
|
|
notifies :run, "execute[Keystone: sleep]", :immediately
|
|
end
|
|
|
|
directory "/etc/keystone" do
|
|
owner node["openstack"]["identity"]["user"]
|
|
group node["openstack"]["identity"]["group"]
|
|
mode 00700
|
|
end
|
|
|
|
directory node["openstack"]["identity"]["signing"]["basedir"] do
|
|
owner node["openstack"]["identity"]["user"]
|
|
group node["openstack"]["identity"]["group"]
|
|
mode 00700
|
|
|
|
only_if { node["openstack"]["auth"]["strategy"] == "pki" }
|
|
end
|
|
|
|
file "/var/lib/keystone/keystone.db" do
|
|
action :delete
|
|
end
|
|
|
|
["/etc/keystone/keystone.conf", "/etc/keystone/logging.conf"].each do |file|
|
|
file file do
|
|
owner node["openstack"]["identity"]["user"]
|
|
group node["openstack"]["identity"]["group"]
|
|
mode 00700
|
|
end
|
|
end
|
|
|
|
execute "keystone-manage pki_setup" do
|
|
user node["openstack"]["identity"]["user"]
|
|
|
|
only_if { node["openstack"]["auth"]["strategy"] == "pki" }
|
|
not_if { ::FileTest.exists? node["openstack"]["identity"]["signing"]["keyfile"] }
|
|
end
|
|
|
|
identity_admin_endpoint = endpoint "identity-admin"
|
|
identity_endpoint = endpoint "identity-api"
|
|
compute_endpoint = endpoint "compute-api"
|
|
ec2_endpoint = endpoint "compute-ec2-api"
|
|
image_endpoint = endpoint "image-api"
|
|
network_endpoint = endpoint "network-api"
|
|
volume_endpoint = endpoint "volume-api"
|
|
|
|
#db_user = node["openstack"]["identity"]["db"]["username"]
|
|
#db_pass = db_password "keystone"
|
|
db_user = node['openstack']['db']['identity']['username']
|
|
db_pass = db_password node['openstack']['db']['identity']['password']
|
|
|
|
sql_connection = db_uri("identity", db_user, db_pass)
|
|
|
|
bootstrap_token = secret "secrets", "#{node['openstack']['identity']['admin_token']}"
|
|
|
|
if node["openstack"]["ha"]["status"].eql?('enable')
|
|
ip_address = address_for node["openstack"]["identity"]["bind_interface"]
|
|
else
|
|
ip_address = node['openstack']['endpoints']['identity-api']['host']
|
|
end
|
|
|
|
# If the search role is set, we search for memcache
|
|
# servers via a Chef search. If not, we look at the
|
|
# memcache.servers attribute.
|
|
memcache_servers = memcached_servers.join "," # from openstack-common lib
|
|
|
|
uris = {
|
|
'identity-admin' => identity_admin_endpoint.to_s.gsub('%25','%'),
|
|
'identity' => identity_endpoint.to_s.gsub('%25','%'),
|
|
'image' => image_endpoint.to_s.gsub('%25','%'),
|
|
'compute' => compute_endpoint.to_s.gsub('%25','%'),
|
|
'ec2' => ec2_endpoint.to_s.gsub('%25','%'),
|
|
'network' => network_endpoint.to_s.gsub('%25','%'),
|
|
'volume' => volume_endpoint.to_s.gsub('%25','%')
|
|
}
|
|
|
|
# These configuration endpoints must not have the path (v2.0, etc)
|
|
# added to them, as these values are used in returning the version
|
|
# listing information from the root / endpoint.
|
|
ie = identity_endpoint
|
|
public_endpoint = "#{ie.scheme}://#{ie.host}:#{ie.port}/"
|
|
ae = identity_admin_endpoint
|
|
admin_endpoint = "#{ae.scheme}://#{ae.host}:#{ae.port}/"
|
|
|
|
template "/etc/keystone/keystone.conf" do
|
|
source "keystone.conf.erb"
|
|
owner node["openstack"]["identity"]["user"]
|
|
group node["openstack"]["identity"]["group"]
|
|
mode 00644
|
|
variables(
|
|
:sql_connection => sql_connection,
|
|
:ip_address => ip_address,
|
|
"bootstrap_token" => bootstrap_token,
|
|
"memcache_servers" => memcache_servers,
|
|
"uris" => uris,
|
|
"public_endpoint" => public_endpoint,
|
|
"admin_endpoint" => admin_endpoint
|
|
)
|
|
|
|
notifies :restart, "service[keystone]", :immediately
|
|
end
|
|
|
|
template "/etc/keystone/default_catalog.templates" do
|
|
source "default_catalog.templates.erb"
|
|
owner node["openstack"]["identity"]["user"]
|
|
group node["openstack"]["identity"]["group"]
|
|
mode 00644
|
|
variables(
|
|
"uris" => uris
|
|
)
|
|
|
|
notifies :restart, "service[keystone]", :immediately
|
|
only_if { node["openstack"]["identity"]["catalog"]["backend"] == "templated" }
|
|
end
|
|
|
|
# sync db after keystone.conf is generated
|
|
execute "keystone-manage db_sync" do
|
|
only_if { node["openstack"]["identity"]["db"]["migrate"] }
|
|
end
|