Updated to reflect new configuration options in Fog 1.10.1

[krames]

This pull request updates knife-rackspace to reflect the new configuration options in Fog 1.10.1. These changes were to accommodate the new Rackspace/OpenStack authentication API.

Please let me know if you have any questions or need me to rework something.

Thanks!

Kyle

[milosgajdos]

THIS would be superawesome if it got in! Atm knife-rackspace is using old endpoints/API which is making any rackspace knife plugin development utter pain.

[adepue]

👍

[krames]

@mattray I discovered a bug in Fog 1.10.1 where we were not passing the connection information (proxy, ssl_verify_peer) onto the authentication service when we were using Auth 2.0 Service. ('https://identity.api.rackspacecloud.com/v2.0')

I just merged the fix fog/fog#1849. I would like to hold off on this pull request until the new version of fog is release. It should be fairly soon.

[krames]

http://tickets.opscode.com/browse/KNIFE-312

[krames]

@mattray can you review this and merge it when you get a chance?

[krames]

@mattray I have rebased this PR with the latest version of master and have successfully tested it. Can you merge it for me? Thanks!

[mattray]

Why did you add custom endpoint support and take away the rackspace_auth_url default? In the fix for KNIFE-315, I removed the rackspace_endpoint stuff because it was the source of the rackspace_compute_url deprecation warnings and everything worked without it. Is that how one specifies the data center or is that what the rackspace_region is for? Do we need rackspace_auth_url, rackspace_compute_url and rackspace_region?

The docs on http://docs.rackspace.com/auth/api/v2.0/auth-client-devguide/content/Endpoints-d1e180.html didn't clear that up for me.

[krames]

Prior to Fog 1.10.1, Fog used the 1.0 authentication service. Fog would authenticate against the rackspace_auth_url endpoint receiving an auth token. Knife would then use the service specified by the rackspace_endpoint. This required the user to specify the correct endpoint for the desired region.

Fog 1.10.1 uses the 2.0 authentication service. When fog authenticates it receives an auth token as well as a service catalog containing a list of service endpoints by region. Users should preference specifying a region rather than an endpoint. Of course, users of a private cloud still have the option to specify a custom endpoint by using rackspace_compute_url. I have also updated knife to auto select the appropriate authentication endpoint based on region. If a user specifies lon region, knife will automatically use the UK endpoint, all others use the US endpoint. The user can override this setting by using rackspace_auth_url.

[mattray]

When you say "users of a private cloud", is there a private version of Rackspace Cloud that uses the knife plugin that isn't OpenStack (Rackspace Private Cloud)?

It seems that we should only need the rackspace_auth_url and the rackspace_region if we're dealing strictly with public cloud? Or since you added the lon logic, we only need the rackspace_region to be exposed? Does all this work with the v1 nodes too? I'm just trying to simplify the number of options we want to support.

[krames]

I am not really sure what implementation of knife Rackspace Private Cloud users are using. I can try to check with one of our internal devops groups about that. (Unless you know the answer).

The rackspace_region will work with v1 nodes. The only situation where specifying the rackspace_region wouldn't work is if you specified an custom 1.0 auth endpoint or you wanted to use a region that did not have an entry in the service catalog. I am not sure how likely either one of those scenarios are. I more or less included them so I didn't break user's existing workflow/scripts.

[mattray]

I haven't checked the latest release, but knife-openstack has worked with all the previous Rackspace Private Cloud releases.

Could we update the patch to drop the rackspace_compute_url if it is extraneous? If the default rackspace_auth_url works with v1 and v2 and we switch to the UK url automatically when using lon, we can greatly simplify the workflow by leaving all these out as exposed options and making the rackspace_region the only thing users will need to set.

[krames]

I am not against it, but I want to make sure it will not impact anyone before we remove it. Let me ask around at the Rack.

[krames]

I spoke with @gecampbell and he says that we at least need the rackspace_auth_url for testing and to work around potential outages.

I can go ahead and remove the rackspace_compute_url.

[krames]

@mattray I removed the ability to specify the compute endpoint.

[krames]

@mattray Can you review and pull this?

[mattray]

@krames the readme still refers to the rackspace_compute_url, please update that as well.

In the gemspec, do we want to loosen up this dependency to "> 1.10" since 1.12.1 is already out?

s.add_dependency "fog", "~> 1.10.1"

Other than that, it's looking good.

[krames]

@mattray good catch! I removed rackspace_compute_url from the docs and up the fog version in the gemspec

[mattray]

Thanks a lot @krames, @milosgajdos83 and @adepue!