[backport] Start moving away from search queries to static config items for cookbooks

chef/cookbooks/cinder/recipes/common.rb

@@ -33,24 +33,19 @@
   glance_server_host = CrowbarHelper.get_host_for_admin_url(glance_server, (glance_server[:glance][:ha][:enabled] rescue false))
   glance_server_protocol = glance_server[:glance][:api][:protocol]
   glance_server_port = glance_server[:glance][:api][:bind_port]
-  glance_server_insecure = glance_server_protocol == "https" && glance_server[:glance][:ssl][:insecure]
   glance_show_storage_location = glance_server[:glance][:show_storage_location]
 else
   glance_server_host = nil
   glance_server_port = nil
   glance_server_protocol = nil
-  glance_server_insecure = nil
   glance_show_storage_location = false
 end
 Chef::Log.info("Glance server at #{glance_server_host}")
 
-nova_apis = search(:node, "roles:nova-controller") || []
-if nova_apis.length > 0
-  nova_api = nova_apis[0]
-  nova_api_insecure = nova_api[:nova][:ssl][:enabled] && nova_api[:nova][:ssl][:insecure]
-else
-  nova_api_insecure = false
-end
+glance_config = Barclamp::Config.load("openstack", "glance", node[:cinder][:glance_instance])
+glance_insecure = glance_config["insecure"] || false
+
+nova_insecure = Barclamp::Config.load("openstack", "nova")["insecure"] || false
 
 db_settings = fetch_database_settings
 
@@ -172,9 +167,9 @@
     glance_server_protocol: glance_server_protocol,
     glance_server_host: glance_server_host,
     glance_server_port: glance_server_port,
-    glance_server_insecure: glance_server_insecure,
+    glance_server_insecure: glance_insecure,
     show_storage_location: glance_show_storage_location,
-    nova_api_insecure: nova_api_insecure,
+    nova_api_insecure: nova_insecure,
     availability_zone: availability_zone,
     keystone_settings: KeystoneHelper.keystone_settings(node, :cinder),
     strict_ssh_host_key_policy: node[:cinder][:strict_ssh_host_key_policy],

chef/cookbooks/crowbar-openstack/libraries/helpers.rb

@@ -98,42 +98,10 @@ def self.database_settings(node, barclamp)
   def self.rabbitmq_settings(node, barclamp)
     instance = node[barclamp][:rabbitmq_instance] || "default"
 
-    # Cache the result for each cookbook in an instance variable hash. This
-    # cache needs to be invalidated for each chef-client run from chef-client
-    # daemon (which are all in the same process); so use the ohai time as a
-    # marker for that.
-    if @rabbitmq_settings_cache_time != node[:ohai_time]
-      Chef::Log.info("Invalidating rabbitmq settings cache") if @rabbitmq_settings
-      @rabbitmq_settings = nil
-      @rabbitmq_settings_cache_time = node[:ohai_time]
-    end
-
-    if @rabbitmq_settings && @rabbitmq_settings.include?(instance)
-      Chef::Log.info("RabbitMQ server found at #{@rabbitmq_settings[instance][:address]} [cached]")
-    else
-      @rabbitmq_settings ||= Hash.new
-      rabbit = get_node(node, "rabbitmq-server", "rabbitmq", instance)
-
-      if rabbit.nil?
-        Chef::Log.warn("No RabbitMQ server found!")
-      else
-        @rabbitmq_settings[instance] = {
-          address: rabbit[:rabbitmq][:address],
-          port: rabbit[:rabbitmq][:port],
-          user: rabbit[:rabbitmq][:user],
-          password: rabbit[:rabbitmq][:password],
-          vhost: rabbit[:rabbitmq][:vhost],
-          url: "rabbit://#{rabbit[:rabbitmq][:user]}:" \
-            "#{rabbit[:rabbitmq][:password]}@" \
-            "#{rabbit[:rabbitmq][:address]}:#{rabbit[:rabbitmq][:port]}/" \
-            "#{rabbit[:rabbitmq][:vhost]}"
-        }
-
-        Chef::Log.info("RabbitMQ server found at #{@rabbitmq_settings[instance][:address]}")
-      end
-    end
+    config = BarclampLibrary::Barclamp::Config.load("openstack", "rabbitmq", instance)
+    Chef::Log.warn("No RabbitMQ server found!") if config.empty?
 
-    @rabbitmq_settings[instance]
+    config
   end
 
   private

chef/cookbooks/glance/recipes/api.rb

@@ -81,22 +81,8 @@
   end
 end
 
-# TODO: there's no dependency in terms of proposal on swift
-swift_api_insecure = false
-swifts = search(:node, "roles:swift-proxy") || []
-if swifts.length > 0
-  swift = swifts[0]
-  swift_api_insecure = swift[:swift][:ssl][:enabled] && swift[:swift][:ssl][:insecure]
-end
-
-#TODO: glance should depend on cinder, but cinder already depends on glance :/
-# so we have to do something like this
-cinder_api_insecure = false
-cinders = search(:node, "roles:cinder-controller") || []
-if cinders.length > 0
-  cinder = cinders[0]
-  cinder_api_insecure = cinder[:cinder][:api][:protocol] == "https" && cinder[:cinder][:ssl][:insecure]
-end
+swift_insecure = Barclamp::Config.load("openstack", "swift")["insecure"] || false
+cinder_insecure = Barclamp::Config.load("openstack", "cinder")["insecure"] || false
 
 #TODO: similarly with nova
 use_docker = !search(:node, "roles:nova-compute-docker").empty?
@@ -130,8 +116,8 @@
       registry_bind_port: network_settings[:registry][:bind_port],
       keystone_settings: keystone_settings,
       rabbit_settings: fetch_rabbitmq_settings,
-      swift_api_insecure: swift_api_insecure,
-      cinder_api_insecure: cinder_api_insecure,
+      swift_api_insecure: swift_insecure,
+      cinder_api_insecure: cinder_insecure,
       use_docker: use_docker,
       glance_stores: glance_stores.join(",")
   )

chef/cookbooks/horizon/recipes/server.rb

@@ -70,8 +70,7 @@
 end
 
 unless manila_ui_pkgname.nil?
-  manila_servers = search(:node, "roles:manila-server") || []
-  unless manila_servers.empty?
+  unless Barclamp::Config.load("openstack", "manila").empty?
     package manila_ui_pkgname do
       action :install
       notifies :reload, resources(service: "apache2")
@@ -189,26 +188,18 @@
 
 keystone_settings = KeystoneHelper.keystone_settings(node, @cookbook_name)
 
-glances = search(:node, "roles:glance-server") || []
-if glances.length > 0
-  glance = glances[0]
-  glance_insecure = glance[:glance][:api][:protocol] == "https" && glance[:glance][:ssl][:insecure]
-else
-  glance_insecure = false
-end
-
-cinders = search(:node, "roles:cinder-controller") || []
-if cinders.length > 0
-  cinder = cinders[0]
-  cinder_insecure = cinder[:cinder][:api][:protocol] == "https" && cinder[:cinder][:ssl][:insecure]
-else
-  cinder_insecure = false
-end
+glance_insecure = Barclamp::Config.load("openstack", "glance")["insecure"] || false
+cinder_insecure = Barclamp::Config.load("openstack", "cinder")["insecure"] || false
+neutron_insecure = Barclamp::Config.load("openstack", "neutron")["insecure"] || false
+nova_insecure = Barclamp::Config.load("openstack", "nova")["insecure"] || false
+ceilometer_insecure = Barclamp::Config.load("openstack", "ceilometer")["insecure"] || false
+heat_insecure = Barclamp::Config.load("openstack", "heat")["insecure"] || false
+manila_insecure = Barclamp::Config.load("openstack", "manila")["insecure"] || false
+trove_insecure = Barclamp::Config.load("openstack", "trove")["insecure"] || false
 
 neutrons = search(:node, "roles:neutron-server") || []
 if neutrons.length > 0
   neutron = neutrons[0]
-  neutron_insecure = neutron[:neutron][:api][:protocol] == "https" && neutron[:neutron][:ssl][:insecure]
   if neutron[:neutron][:networking_plugin] == "ml2"
     neutron_ml2_type_drivers = neutron[:neutron][:ml2_type_drivers]
   else
@@ -217,15 +208,11 @@
   neutron_use_lbaas = neutron[:neutron][:use_lbaas]
   neutron_use_vpnaas = neutron[:neutron][:use_vpnaas]
 else
-  neutron_insecure = false
   neutron_ml2_type_drivers = "'*'"
   neutron_use_lbaas = false
   neutron_use_vpnaas = false
 end
 
-nova = get_instance("roles:nova-controller")
-nova_insecure = (nova[:nova][:ssl][:enabled] && nova[:nova][:ssl][:insecure]) rescue false
-
 # We're going to use memcached as a cache backend for Django
 
 # make sure our memcache only listens on the admin IP address
@@ -296,7 +283,15 @@
   variables(
     debug: node[:horizon][:debug],
     keystone_settings: keystone_settings,
-    insecure: keystone_settings["insecure"] || glance_insecure || cinder_insecure || neutron_insecure || nova_insecure,
+    insecure: keystone_settings["insecure"] \
+    || glance_insecure \
+    || cinder_insecure \
+    || neutron_insecure \
+    || nova_insecure \
+    || ceilometer_insecure \
+    || heat_insecure \
+    || manila_insecure \
+    || trove_insecure \
     db_settings: db_settings,
     enable_lb: neutron_use_lbaas,
     enable_vpn: neutron_use_vpnaas,

chef/cookbooks/manila/recipes/common.rb

@@ -66,13 +66,10 @@
     neutron_server,
     (neutron_server[:neutron][:ha][:server][:enabled] || false))
   neutron_server_port = neutron_server[:neutron][:api][:service_port]
-  neutron_insecure = neutron_protocol == "https" &&
-                     neutron_server[:neutron][:ssl][:insecure]
   neutron_service_user = neutron_server[:neutron][:service_user]
   neutron_service_password = neutron_server[:neutron][:service_password]
   Chef::Log.info("Neutron server at #{neutron_server_host}")
 else
-  neutron_insecure = false
   neutron_protocol = nil
   neutron_server_host = nil
   neutron_server_port = nil
@@ -81,39 +78,42 @@
   Chef::Log.warn("Neutron server not found")
 end
 
+neutron_config = Barclamp::Config.load("openstack", "neutron", node[:manila][:neutron_instance])
+neutron_insecure = neutron_config["insecure"] || false
+
 # get Nova data
 nova = search(:node, "roles:nova-controller") || []
 if nova.length > 0
   nova = nova[0]
-  nova_insecure = (
-      nova[:nova][:ssl][:enabled] && nova[:nova][:ssl][:insecure]
-  )
   nova_admin_username = nova[:nova][:service_user]
   nova_admin_password = nova[:nova][:service_password]
 else
-  nova_insecure = false
   nova_admin_username = nil
   nova_admin_password = nil
   Chef::Log.warn("nova-controller not found")
 end
 
+nova_config = Barclamp::Config.load("openstack", "nova", node[:manila][:nova_instance])
+nova_insecure = nova_config["insecure"] || false
+
 # get Cinder data
 cinder = search(:node, "roles:cinder-controller") || []
 if cinder.length > 0
   cinder = cinder[0]
-  cinder_insecure = (
-    cinder[:cinder][:api][:protocol] == "https" && cinder[:cinder][:ssl][:insecure]
-  )
-
   cinder_admin_username = cinder[:cinder][:service_user]
   cinder_admin_password = cinder[:cinder][:service_password]
 else
-  cinder_insecure = false
   cinder_admin_username = nil
   cinder_admin_password = nil
   Chef::Log.warn("cinder-controller not found")
 end
 
+cinder_config = Barclamp::Config.load("openstack", "cinder", node[:manila][:cinder_instance])
+cinder_insecure = cinder_config["insecure"] || false
+
+enabled_share_protocols = ["NFS", "CIFS"]
+enabled_share_protocols << ["CEPHFS"] if ManilaHelper.has_cephfs_share? node
+
 template "/etc/manila/manila.conf" do
   source "manila.conf.erb"
   owner "root"

chef/cookbooks/neutron/recipes/common_config.rb

@@ -95,7 +95,7 @@
 unless nova[:nova].nil? or nova[:nova][:ssl].nil?
   nova_api_host = CrowbarHelper.get_host_for_admin_url(nova, (nova[:nova][:ha][:enabled] rescue false))
   nova_api_protocol = nova[:nova][:ssl][:enabled] ? "https" : "http"
-  nova_insecure = keystone_settings["insecure"] || (nova[:nova][:ssl][:enabled] && nova[:nova][:ssl][:insecure])
+  nova_insecure = Barclamp::Config.load("openstack", "nova")["insecure"] || false
 
   nova_notify = {
     nova_url: "#{nova_api_protocol}://#{nova_api_host}:#{nova[:nova][:ports][:api]}/v2",

chef/cookbooks/neutron/recipes/post_install_conf.rb

@@ -51,8 +51,7 @@ def mask_to_bits(mask)
 
 keystone_settings = KeystoneHelper.keystone_settings(node, @cookbook_name)
 
-neutron_insecure = node[:neutron][:api][:protocol] == "https" && node[:neutron][:ssl][:insecure]
-ssl_insecure = keystone_settings["insecure"] || neutron_insecure
+ssl_insecure = Barclamp::Config.load("openstack", "neutron")["insecure"] || false
 
 neutron_args = "--os-username '#{keystone_settings['service_user']}'"
 neutron_args = "#{neutron_args} --os-password '#{keystone_settings['service_password']}'"

chef/cookbooks/nova/libraries/availability_zone.rb

@@ -18,7 +18,7 @@ module NovaAvailabilityZone
   def self.fetch_set_az_command_no_arg(node, cookbook_name)
     keystone_settings = KeystoneHelper.keystone_settings(node, cookbook_name)
 
-    nova_insecure = node[:nova][:ssl][:enabled] && node[:nova][:ssl][:insecure]
+    ssl_insecure = BarclampLibrary::Barclamp::Config.load("openstack", "nova")["insecure"] || false
 
     command = ["/usr/bin/crowbar-nova-set-availability-zone"]
     command << "--os-username"
@@ -35,7 +35,7 @@ def self.fetch_set_az_command_no_arg(node, cookbook_name)
     command << "--os-region-name"
     command << keystone_settings["endpoint_region"]
 
-    if keystone_settings["insecure"] || nova_insecure
+    if ssl_insecure
       command << "--insecure"
     end
 

chef/cookbooks/nova/recipes/config.rb

@@ -65,15 +65,16 @@
   glance_server_host = CrowbarHelper.get_host_for_admin_url(glance_server, (glance_server[:glance][:ha][:enabled] rescue false))
   glance_server_port = glance_server[:glance][:api][:bind_port]
   glance_server_protocol = glance_server[:glance][:api][:protocol]
-  glance_server_insecure = glance_server_protocol == "https" && glance_server[:glance][:ssl][:insecure]
 else
   glance_server_host = nil
   glance_server_port = nil
   glance_server_protocol = nil
-  glance_server_insecure = nil
 end
 Chef::Log.info("Glance server at #{glance_server_host}")
 
+glance_config = Barclamp::Config.load("openstack", "glance", node[:nova][:glance_instance])
+glance_insecure = glance_config["insecure"] || false
+
 vncproxies = search_env_filtered(:node, "recipes:nova\\:\\:vncproxy")
 if vncproxies.length > 0
   vncproxy = vncproxies[0]
@@ -110,17 +111,17 @@
 cinder_servers = search_env_filtered(:node, "roles:cinder-controller") || []
 if cinder_servers.length > 0
   cinder_server = cinder_servers[0]
-  cinder_insecure = cinder_server[:cinder][:api][:protocol] == "https" && cinder_server[:cinder][:ssl][:insecure]
 
   if node.roles.include? "nova-compute-kvm"
     cinder_server[:cinder][:volumes].each do |volume|
       rbd_enabled = true if volume["backend_driver"] == "rbd"
     end
   end
-else
-  cinder_insecure = false
 end
 
+cinder_config = Barclamp::Config.load("openstack", "cinder", node[:nova][:cinder_instance])
+cinder_insecure = cinder_config["insecure"] || false
+
 if rbd_enabled
   include_recipe "nova::ceph"
 end
@@ -139,7 +140,6 @@
   neutron_protocol = neutron_server[:neutron][:api][:protocol]
   neutron_server_host = CrowbarHelper.get_host_for_admin_url(neutron_server, (neutron_server[:neutron][:ha][:server][:enabled] rescue false))
   neutron_server_port = neutron_server[:neutron][:api][:service_port]
-  neutron_insecure = neutron_protocol == "https" && neutron_server[:neutron][:ssl][:insecure]
   neutron_service_user = neutron_server[:neutron][:service_user]
   neutron_service_password = neutron_server[:neutron][:service_password]
   neutron_dhcp_domain = neutron_server[:neutron][:dhcp_domain]
@@ -155,6 +155,9 @@
 end
 Chef::Log.info("Neutron server at #{neutron_server_host}")
 
+neutron_config = Barclamp::Config.load("openstack", "neutron", node[:nova][:neutron_instance])
+neutron_insecure = neutron_config["insecure"] || false
+
 env_filter = " AND inteltxt_config_environment:inteltxt-config-#{node[:nova][:itxt_instance]}"
 oat_servers = search(:node, "roles:oat-server#{env_filter}") || []
 if oat_servers.length > 0
@@ -322,7 +325,7 @@
             glance_server_protocol: glance_server_protocol,
             glance_server_host: glance_server_host,
             glance_server_port: glance_server_port,
-            glance_server_insecure: glance_server_insecure || keystone_settings["insecure"],
+            glance_server_insecure: glance_insecure,
             metadata_bind_address: metadata_bind_address,
             vncproxy_public_host: vncproxy_public_host,
             vncproxy_ssl_enabled: api[:nova][:novnc][:ssl][:enabled],
@@ -338,7 +341,7 @@
             neutron_dhcp_domain: neutron_dhcp_domain,
             neutron_has_tunnel: neutron_has_tunnel,
             keystone_settings: keystone_settings,
-            cinder_insecure: cinder_insecure || keystone_settings["insecure"],
+            cinder_insecure: cinder_insecure,
             ceph_user: ceph_user,
             ceph_uuid: ceph_uuid,
             ssl_enabled: api[:nova][:ssl][:enabled],