Merge "Harmonize notification configuration"
diff --git a/README.rst b/README.rst
index 38734eb..9987ad1 100644
--- a/README.rst
+++ b/README.rst
@@ -52,6 +52,8 @@
multihost: true
multipath: true
pool: SAS7K2
+ audit:
+ enabled: false
cinder:
volume:
@@ -91,7 +93,8 @@
multihost: true
multipath: true
pool: SAS7K2
- w
+ audit:
+ enabled: false
Client-side RabbitMQ HA setup for controller
@@ -367,13 +370,34 @@
clustername: cluster1
sf_emulate_512: false
+
+
+Enable auditing filter, ie: CADF
+
+.. code-block:: yaml
+
+ cinder:
+ controller:
+ audit:
+ enabled: true
+ ....
+ filter_factory: 'keystonemiddleware.audit:filter_factory'
+ map_file: '/etc/pycadf/cinder_api_audit_map.conf'
+ ....
+ volume:
+ audit:
+ enabled: true
+ ....
+ filter_factory: 'keystonemiddleware.audit:filter_factory'
+ map_file: '/etc/pycadf/cinder_api_audit_map.conf'
+
Documentation and Bugs
============================
To learn how to deploy OpenStack Salt, consult the documentation available
online at:
- https://wiki.openstack.org/wiki/OpenStackSalt
+https://wiki.openstack.org/wiki/OpenStackSalt
In the unfortunate event that bugs are discovered, they should be reported to
the appropriate bug tracker. If you obtained the software from a 3rd party
diff --git a/cinder/controller.sls b/cinder/controller.sls
index 7799f88..a10d5d9 100644
--- a/cinder/controller.sls
+++ b/cinder/controller.sls
@@ -1,5 +1,5 @@
{%- from "cinder/map.jinja" import controller with context %}
-{%- if controller.enabled %}
+{%- if controller.get('enabled', False) %}
include:
- cinder.user
@@ -57,6 +57,7 @@
cmd.run:
- name: "source /root/keystonerc; cinder type-create {{ backend.type_name }}"
- unless: "source /root/keystonerc; cinder type-list | grep {{ backend.type_name }}"
+ - shell: /bin/bash
- require:
- service: cinder_controller_services
@@ -64,6 +65,7 @@
cmd.run:
- name: "source /root/keystonerc; cinder type-key {{ backend.type_name }} set volume_backend_name={{ backend_name }}"
- unless: "source /root/keystonerc; cinder extra-specs-list | grep \"{u'volume_backend_name': u'{{ backend_name }}'}\""
+ - shell: /bin/bash
- require:
- cmd: cinder_type_create_{{ backend_name }}
@@ -79,6 +81,7 @@
cmd.run:
- name: "source /root/keystonerc; cinder type-create {{ type.name }}"
- unless: "source /root/keystonerc; cinder type-list | grep {{ type.name }}"
+ - shell: /bin/bash
- require:
- service: cinder_controller_services
@@ -86,6 +89,7 @@
cmd.run:
- name: "source /root/keystonerc; cinder type-key {{ type.name }} set volume_backend_name={{ type.get('backend', type.name) }}"
- unless: "source /root/keystonerc; cinder extra-specs-list | grep \"{u'volume_backend_name': u'{{ type.get('backend', type.name) }}'}\""
+ - shell: /bin/bash
- require:
- cmd: cinder_type_create_{{ type.name }}
diff --git a/cinder/files/liberty/api-paste.ini.controller.Debian b/cinder/files/liberty/api-paste.ini.controller.Debian
index 6ffb02e..3fe8975 100644
--- a/cinder/files/liberty/api-paste.ini.controller.Debian
+++ b/cinder/files/liberty/api-paste.ini.controller.Debian
@@ -2,6 +2,7 @@
# OpenStack #
#############
{%- from "cinder/map.jinja" import controller with context %}
+
[composite:osapi_volume]
use = call:cinder.api:root_app_factory
/: apiversions
@@ -11,14 +12,14 @@
[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = request_id faultwrap sizelimit osprofiler noauth apiv1
-keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
-keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
+keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv1
+keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv1
[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = request_id faultwrap sizelimit osprofiler noauth apiv2
-keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
-keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv2
+keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv2
[filter:request_id]
paste.filter_factory = oslo_middleware.request_id:RequestId.factory
@@ -68,3 +69,9 @@
admin_user = {{ controller.identity.user }}
admin_password = {{ controller.identity.password }}
auth_uri=http://{{ controller.identity.host }}:5000/{% if controller.identity.get('version', 2) == 3 %}v3{% endif %}
+
+{%- if controller.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ controller.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory") }}
+audit_map_file = {{ controller.get("audit", {}).get("map_file", "/etc/pycadf/cinder_api_audit_map.conf") }}
+{%- endif %}
diff --git a/cinder/files/liberty/api-paste.ini.volume.Debian b/cinder/files/liberty/api-paste.ini.volume.Debian
index 0d7ee9f..cbc9acf 100644
--- a/cinder/files/liberty/api-paste.ini.volume.Debian
+++ b/cinder/files/liberty/api-paste.ini.volume.Debian
@@ -2,6 +2,7 @@
# OpenStack #
#############
{%- from "cinder/map.jinja" import volume with context %}
+
[composite:osapi_volume]
use = call:cinder.api:root_app_factory
/: apiversions
@@ -11,14 +12,14 @@
[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = request_id faultwrap sizelimit osprofiler noauth apiv1
-keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
-keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
+keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv1
+keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv1
[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = request_id faultwrap sizelimit osprofiler noauth apiv2
-keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
-keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv2
+keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv2
[filter:request_id]
paste.filter_factory = oslo_middleware.request_id:RequestId.factory
@@ -68,3 +69,9 @@
admin_user = {{ volume.identity.user }}
admin_password = {{ volume.identity.password }}
auth_uri=http://{{ volume.identity.host }}:5000/{% if volume.identity.get('version', 2) == 3 %}v3{% endif %}
+
+{%- if volume.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ volume.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory") }}
+audit_map_file = {{ volume.get("audit", {}).get("map_file", "/etc/pycadf/cinder_api_audit_map.conf") }}
+{%- endif %}
diff --git a/cinder/files/mitaka/api-paste.ini.controller.Debian b/cinder/files/mitaka/api-paste.ini.controller.Debian
index 5914d81..5a03652 100644
--- a/cinder/files/mitaka/api-paste.ini.controller.Debian
+++ b/cinder/files/mitaka/api-paste.ini.controller.Debian
@@ -1,6 +1,7 @@
#############
# OpenStack #
#############
+{%- from "cinder/map.jinja" import controller with context %}
[composite:osapi_volume]
use = call:cinder.api:root_app_factory
@@ -12,14 +13,14 @@
[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors request_id faultwrap sizelimit osprofiler noauth apiv1
-keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
-keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
+keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv1
+keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv1
[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors request_id faultwrap sizelimit osprofiler noauth apiv2
-keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
-keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv2
+keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv2
[composite:openstack_volume_api_v3]
use = call:cinder.api.middleware.auth:pipeline_factory
@@ -73,3 +74,9 @@
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+{%- if controller.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ controller.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory") }}
+audit_map_file = {{ controller.get("audit", {}).get("map_file", "/etc/pycadf/cinder_api_audit_map.conf") }}
+{%- endif %}
diff --git a/cinder/files/mitaka/api-paste.ini.volume.Debian b/cinder/files/mitaka/api-paste.ini.volume.Debian
index 5914d81..7fd4619 100644
--- a/cinder/files/mitaka/api-paste.ini.volume.Debian
+++ b/cinder/files/mitaka/api-paste.ini.volume.Debian
@@ -1,6 +1,7 @@
#############
# OpenStack #
#############
+{%- from "cinder/map.jinja" import volume with context %}
[composite:osapi_volume]
use = call:cinder.api:root_app_factory
@@ -12,8 +13,8 @@
[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors request_id faultwrap sizelimit osprofiler noauth apiv1
-keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
-keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
+keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv1
+keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv1
[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
@@ -73,3 +74,9 @@
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+{%- if volume.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ volume.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory") }}
+audit_map_file = {{ volume.get("audit", {}).get("map_file", "/etc/pycadf/cinder_api_audit_map.conf") }}
+{%- endif %}
diff --git a/cinder/files/newton/api-paste.ini.controller.Debian b/cinder/files/newton/api-paste.ini.controller.Debian
index a761f53..aada960 100644
--- a/cinder/files/newton/api-paste.ini.controller.Debian
+++ b/cinder/files/newton/api-paste.ini.controller.Debian
@@ -1,6 +1,7 @@
#############
# OpenStack #
#############
+{%- from "cinder/map.jinja" import controller with context %}
[composite:osapi_volume]
use = call:cinder.api:root_app_factory
@@ -12,14 +13,14 @@
[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv1
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv1
[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv2
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if controller.audit.enabled %}audit {% endif %}apiv2
[composite:openstack_volume_api_v3]
use = call:cinder.api.middleware.auth:pipeline_factory
@@ -73,3 +74,10 @@
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+{%- if controller.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ controller.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory") }}
+audit_map_file = {{ controller.get("audit", {}).get("map_file", "/etc/pycadf/cinder_api_audit_map.conf") }}
+{%- endif %}
+
diff --git a/cinder/files/newton/api-paste.ini.volume.Debian b/cinder/files/newton/api-paste.ini.volume.Debian
index a761f53..e4944ec 100644
--- a/cinder/files/newton/api-paste.ini.volume.Debian
+++ b/cinder/files/newton/api-paste.ini.volume.Debian
@@ -1,6 +1,7 @@
#############
# OpenStack #
#############
+{%- from "cinder/map.jinja" import volume with context %}
[composite:osapi_volume]
use = call:cinder.api:root_app_factory
@@ -12,8 +13,8 @@
[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
-keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
-keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv1
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext {% if volume.audit.enabled %}audit {% endif %}apiv1
[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
@@ -73,3 +74,9 @@
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+{%- if volume.audit.enabled %}
+[filter:audit]
+paste.filter_factory = {{ volume.get("audit", {}).get("filter_factory", "keystonemiddleware.audit:filter_factory") }}
+audit_map_file = {{ volume.get("audit", {}).get("map_file", "/etc/pycadf/cinder_api_audit_map.conf") }}
+{%- endif %}
diff --git a/cinder/map.jinja b/cinder/map.jinja
index e1c6ded..e0323a5 100644
--- a/cinder/map.jinja
+++ b/cinder/map.jinja
@@ -1,30 +1,42 @@
{% set controller = salt['grains.filter_by']({
'Debian': {
- 'pkgs': ['cinder-api', 'cinder-scheduler', 'lvm2', 'python-cinder', 'gettext-base', 'python-memcache'],
+ 'pkgs': ['cinder-api', 'cinder-scheduler', 'lvm2', 'python-cinder', 'gettext-base', 'python-memcache', 'python-pycadf'],
'services': ['cinder-api', 'cinder-scheduler'],
'wipe_method': 'none',
'notification': False,
+ 'audit': {
+ 'enabled': false
+ }
},
'RedHat': {
- 'pkgs': ['openstack-cinder', 'python-cinder', 'lvm2'],
+ 'pkgs': ['openstack-cinder', 'python-cinder', 'lvm2', 'python-pycadf'],
'services': ['openstack-cinder-api', 'openstack-cinder-scheduler'],
'wipe_method': 'none',
'notification': False,
+ 'audit': {
+ 'enabled': false
+ }
},
}, merge=pillar.cinder.get('controller', {})) %}
{% set volume = salt['grains.filter_by']({
'Debian': {
- 'pkgs': ['cinder-volume', 'lvm2', 'sysfsutils', 'sg3-utils', 'python-cinder','python-mysqldb','p7zip', 'gettext-base', 'python-memcache'],
+ 'pkgs': ['cinder-volume', 'lvm2', 'sysfsutils', 'sg3-utils', 'python-cinder','python-mysqldb','p7zip', 'gettext-base', 'python-memcache', 'python-pycadf'],
'services': ['cinder-volume'],
'wipe_method': 'none',
'notification': False,
+ 'audit': {
+ 'enabled': false
+ }
},
'RedHat': {
- 'pkgs': ['openstack-cinder', 'python-cinder', 'lvm2', 'sysfsutils', 'sg3_utils', 'device-mapper-multipath', 'device-mapper-multipath-libs'],
+ 'pkgs': ['openstack-cinder', 'python-cinder', 'lvm2', 'sysfsutils', 'sg3_utils', 'device-mapper-multipath', 'device-mapper-multipath-libs', 'python-pycadf'],
'services': ['openstack-cinder-volume'],
'wipe_method': 'none',
'notification': False,
+ 'audit': {
+ 'enabled': false
+ }
},
}, merge=pillar.cinder.get('volume', {})) %}
diff --git a/cinder/meta/collectd.yml b/cinder/meta/collectd.yml
index ec7c9dc..d0229c5 100644
--- a/cinder/meta/collectd.yml
+++ b/cinder/meta/collectd.yml
@@ -5,7 +5,7 @@
collectd_check_local_endpoint:
endpoint:
cinder-api:
- expected_code: 200
+ expected_code: {% if controller.version in ('juno', 'kilo', 'liberty') %}200{% else %}300{% endif %}
url: "http://{{ controller.osapi.host|replace('0.0.0.0', '127.0.0.1') }}:8776/"
remote_plugin:
openstack_cinder:
diff --git a/cinder/meta/heka.yml b/cinder/meta/heka.yml
index b9f51c8..7186c50 100644
--- a/cinder/meta/heka.yml
+++ b/cinder/meta/heka.yml
@@ -92,34 +92,54 @@
window: 60
periods: 0
function: last
- cinder_scheduler_one_down:
- description: 'At least one Cinder scheduler is down'
+ cinder_scheduler_two_up:
+ description: 'Some Cinder schedulers are down'
severity: warning
+ logical_operator: and
rules:
- metric: openstack_cinder_services
field:
service: scheduler
+ state: up
+ relational_operator: '>='
+ threshold: 2
+ window: 60
+ periods: 0
+ function: last
+ - metric: openstack_cinder_services
+ field:
+ service: scheduler
state: down
relational_operator: '>'
threshold: 0
window: 60
periods: 0
function: last
- cinder_scheduler_majority_down:
- description: 'Majority of Cinder schedulers are down'
+ cinder_scheduler_one_up:
+ description: 'Only one Cinder scheduler is up'
severity: critical
+ logical_operator: and
rules:
+ - metric: openstack_cinder_services
+ field:
+ service: scheduler
+ state: up
+ relational_operator: '=='
+ threshold: 1
+ window: 60
+ periods: 0
+ function: last
- metric: openstack_cinder_services_percent
field:
service: scheduler
state: up
- relational_operator: '<='
- threshold: 50
+ relational_operator: '<'
+ threshold: 100
window: 60
periods: 0
function: last
- cinder_scheduler_all_down:
- description: 'All Cinder schedulers are down'
+ cinder_scheduler_zero_up:
+ description: 'All Cinder schedulers are down or disabled'
severity: down
rules:
- metric: openstack_cinder_services
@@ -133,11 +153,14 @@
function: last
{%- endif %}
{%- if volume %}
- cinder_volume_one_down:
- description: 'At least one Cinder volume is down'
+ # we treat "up" and "disabled" states in the same way, considering
+ # that "disabled" should not be treated as an error
+ cinder_volume_some_down:
+ description: 'Some Cinder volumes are down'
severity: warning
+ logical_operator: and
rules:
- - metric: openstack_cinder_services
+ - metric: openstack_cinder_services_percent
field:
service: volume
state: down
@@ -153,8 +176,8 @@
- metric: openstack_cinder_services_percent
field:
service: volume
- state: up
- relational_operator: '<='
+ state: down
+ relational_operator: '>'
threshold: 50
window: 60
periods: 0
@@ -163,12 +186,12 @@
description: 'All Cinder volumes are down'
severity: down
rules:
- - metric: openstack_cinder_services
+ - metric: openstack_cinder_services_percent
field:
service: volume
- state: up
+ state: down
relational_operator: '=='
- threshold: 0
+ threshold: 100
window: 60
periods: 0
function: last
@@ -184,9 +207,9 @@
cinder_scheduler:
alerting: enabled
triggers:
- - cinder_scheduler_all_down
- - cinder_scheduler_majority_down
- - cinder_scheduler_one_down
+ - cinder_scheduler_zero_up
+ - cinder_scheduler_one_up
+ - cinder_scheduler_two_up
dimension:
service: cinder-scheduler
{%- endif %}
@@ -196,7 +219,7 @@
triggers:
- cinder_volume_all_down
- cinder_volume_majority_down
- - cinder_volume_one_down
+ - cinder_volume_some_down
dimension:
service: cinder-volume
{%- endif %}
@@ -204,7 +227,7 @@
alarm_cluster:
{%- if volume %}
cinder_logs_volume:
- policy: highest_severity
+ policy: majority_of_node_members
alerting: enabled
group_by: hostname
match:
@@ -238,7 +261,7 @@
{%- endif %}
{%- if controller %}
cinder_logs:
- policy: highest_severity
+ policy: status_of_members
alerting: enabled
group_by: hostname
match:
diff --git a/cinder/user.sls b/cinder/user.sls
index aabf39d..18f1cb5 100644
--- a/cinder/user.sls
+++ b/cinder/user.sls
@@ -8,10 +8,10 @@
- shell: /bin/false
- system: True
- require_in:
- {%- if pillar.cinder.controller is defined and pillar.cinder.controller.enabled %}
+ {%- if pillar.cinder.get('controller', {}).get('enabled', False) %}
- pkg: cinder_controller_packages
{%- endif %}
- {%- if pillar.cinder.volume is defined and pillar.cinder.volume.enabled %}
+ {%- if pillar.cinder.get('volume', {}).get('enabled', False) %}
- pkg: cinder_volume_packages
{%- endif %}
diff --git a/cinder/volume.sls b/cinder/volume.sls
index 46a361b..6b28ca9 100644
--- a/cinder/volume.sls
+++ b/cinder/volume.sls
@@ -18,7 +18,7 @@
- require_in:
- service: cinder_volume_services
-{%- if pillar.cinder.controller is not defined or not pillar.cinder.controller.enabled %}
+{%- if not pillar.cinder.get('controller', {}).get('enabled', False) %}
/etc/cinder/cinder.conf:
file.managed:
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index b736446..ddb9e38 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -40,3 +40,7 @@
port: 11211
- host: 127.0.0.1
port: 11211
+
+ audit:
+ filter_factory: 'keystonemiddleware.audit:filter_factory'
+ map_file: '/etc/pycadf/cinder_api_audit_map.conf'