Update keystone_auth section for Mitaka

The keystone_auth section has changed for Mitaka. The Liberty format
,which is currently being used, is incompatible with keystone v3 on
Mitaka as it assumes the id of the default domain is default where
as in Mitaka it is a uuid.

The install documentation for Mitaka dictates that domain name should
be used rather than id when setting project_domain and user_domain

Change-Id: Ie4d20a7287b7baca104996999ac8d333976ab752
Partial-Bug: 1571347

charmhelpers/contrib/openstack/templates/section-keystone-authtoken-mitaka

@@ -0,0 +1,12 @@
+{% if auth_host -%}
+[keystone_authtoken]
+auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
+auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = {{ admin_tenant_name }}
+username = {{ admin_user }}
+password = {{ admin_password }}
+signing_dir = {{ signing_dir }}
+{% endif -%}

charmhelpers/contrib/storage/linux/ceph.py

@@ -166,12 +166,19 @@ class Pool(object):
         """
         # read-only is easy, writeback is much harder
         mode = get_cache_mode(self.service, cache_pool)
+        version = ceph_version()
         if mode == 'readonly':
             check_call(['ceph', '--id', self.service, 'osd', 'tier', 'cache-mode', cache_pool, 'none'])
             check_call(['ceph', '--id', self.service, 'osd', 'tier', 'remove', self.name, cache_pool])
 
         elif mode == 'writeback':
-            check_call(['ceph', '--id', self.service, 'osd', 'tier', 'cache-mode', cache_pool, 'forward'])
+            pool_forward_cmd = ['ceph', '--id', self.service, 'osd', 'tier',
+                                'cache-mode', cache_pool, 'forward']
+            if version >= '10.1':
+                # Jewel added a mandatory flag
+                pool_forward_cmd.append('--yes-i-really-mean-it')
+
+            check_call(pool_forward_cmd)
             # Flush the cache and wait for it to return
             check_call(['rados', '--id', self.service, '-p', cache_pool, 'cache-flush-evict-all'])
             check_call(['ceph', '--id', self.service, 'osd', 'tier', 'remove-overlay', self.name])

templates/mitaka/glance-api.conf

@@ -0,0 +1,89 @@
+[DEFAULT]
+verbose = {{ verbose }}
+use_syslog = {{ use_syslog }}
+debug = {{ debug }}
+workers = {{ workers }}
+bind_host = {{ bind_host }}
+
+{% if use_internal_endpoints -%}
+cinder_catalog_info = volumev2::internalURL
+{% endif %}
+
+{% if ext -%}
+bind_port = {{ ext }}
+{% elif bind_port -%}
+bind_port = {{ bind_port }}
+{% else -%}
+bind_port = 9292
+{% endif -%}
+
+log_file = /var/log/glance/api.log
+backlog = 4096
+
+registry_host = {{ registry_host }}
+registry_port = 9191
+registry_client_protocol = http
+
+{% if expose_image_locations -%}
+show_multiple_locations = {{ expose_image_locations }}
+{% endif -%}
+
+{% if api_config_flags -%}
+{% for key, value in api_config_flags.iteritems() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+
+{% if rabbitmq_host or rabbitmq_hosts -%}
+notification_driver = messagingv2
+{% endif -%}
+
+delayed_delete = False
+scrub_time = 43200
+scrubber_datadir = /var/lib/glance/scrubber
+image_cache_dir = /var/lib/glance/image-cache/
+db_enforce_mysql_charset = False
+
+[glance_store]
+filesystem_store_datadir = /var/lib/glance/images/
+stores = {{ known_stores }}
+{% if rbd_pool -%}
+default_store = rbd
+{% elif swift_store -%}
+default_store = swift
+{% else -%}
+default_store = file
+{% endif -%}
+
+{% if swift_store -%}
+swift_store_auth_version = 2
+swift_store_auth_address = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0/
+swift_store_user = {{ admin_tenant_name }}:{{ admin_user }}
+swift_store_key = {{ admin_password }}
+swift_store_create_container_on_put = True
+swift_store_container = glance
+swift_store_large_object_size = 5120
+swift_store_large_object_chunk_size = 200
+swift_enable_snet = False
+{% endif -%}
+
+{% if rbd_pool -%}
+rbd_store_ceph_conf = /etc/ceph/ceph.conf
+rbd_store_user = {{ rbd_user }}
+rbd_store_pool = {{ rbd_pool }}
+rbd_store_chunk_size = 8
+{% endif -%}
+
+[image_format]
+disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,root-tar
+
+{% include "section-keystone-authtoken-mitaka" %}
+
+{% if auth_host -%}
+[paste_deploy]
+flavor = keystone
+{% endif %}
+
+{% include "parts/section-database" %}
+
+{% include "section-rabbitmq-oslo" %}

templates/mitaka/glance-registry.conf

@@ -0,0 +1,27 @@
+[DEFAULT]
+verbose = {{ verbose }}
+use_syslog = {{ use_syslog }}
+debug = {{ debug }}
+workers = {{ workers }}
+
+bind_host = {{ bind_host }}
+bind_port = 9191
+log_file = /var/log/glance/registry.log
+backlog = 4096
+api_limit_max = 1000
+limit_param_default = 25
+
+{% if registry_config_flags -%}
+{% for key, value in registry_config_flags.iteritems() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+
+{% include "section-keystone-authtoken-mitaka" %}
+
+{% if auth_host -%}
+[paste_deploy]
+flavor = keystone
+{% endif %}
+
+{% include "parts/section-database" %}

tests/basic_deployment.py

@@ -333,7 +333,39 @@ class GlanceBasicDeployment(OpenStackAmuletDeployment):
 
     def _get_keystone_authtoken_expected_dict(self, rel_ks_gl):
         """Return expected authtoken dict for OS release"""
-        if self._get_openstack_release() >= self.trusty_kilo:
+        auth_uri = ('http://%s:%s/' %
+                    (rel_ks_gl['auth_host'], rel_ks_gl['service_port']))
+        auth_url = ('http://%s:%s/' %
+                    (rel_ks_gl['auth_host'], rel_ks_gl['auth_port']))
+        if self._get_openstack_release() >= self.trusty_mitaka:
+            expected = {
+                'keystone_authtoken': {
+                    'auth_uri': auth_uri.rstrip('/'),
+                    'auth_url': auth_url.rstrip('/'),
+                    'auth_type': 'password',
+                    'project_domain_name': 'default',
+                    'user_domain_name': 'default',
+                    'project_name': 'services',
+                    'username': rel_ks_gl['service_username'],
+                    'password': rel_ks_gl['service_password'],
+                    'signing_dir': '/var/cache/glance'
+                }
+            }
+        elif self._get_openstack_release() >= self.trusty_liberty:
+            expected = {
+                'keystone_authtoken': {
+                    'auth_uri': auth_uri.rstrip('/'),
+                    'auth_url': auth_url.rstrip('/'),
+                    'auth_plugin': 'password',
+                    'project_domain_id': 'default',
+                    'user_domain_id': 'default',
+                    'project_name': 'services',
+                    'username': rel_ks_gl['service_username'],
+                    'password': rel_ks_gl['service_password'],
+                    'signing_dir': '/var/cache/glance'
+                }
+            }
+        elif self._get_openstack_release() >= self.trusty_kilo:
             expected = {
                 'keystone_authtoken': {
                     'project_name': 'services',