From e3c1fbed886578ff08cea9237e60c381b4f396a5 Mon Sep 17 00:00:00 2001 From: Bart Wensley Date: Wed, 26 Sep 2018 09:47:55 -0500 Subject: [PATCH] Add configuration for containerized keystone to VIM Adding configuration to the VIM for containerized keystone. The VIM will now support two keystone instances: - platform: bare metal keystone used to authenticate with platform services (e.g. sysinv, patching) - openstack: containerized keystone used to authenticate with openstack services (e.g. nova, neutron, cinder) For now, the same configuration will be used for both, as we still only deploy with the baremetal keystone. Story: 2002876 Task: 26872 Change-Id: If4bd46a4c14cc65978774001cb2887e5d3e3607b --- .../puppet-nfv/src/nfv/manifests/nfvi.pp | 22 +++++++++++++++- sysinv/sysinv/sysinv/sysinv/puppet/nfv.py | 25 ++++++++++++++++--- 2 files changed, 43 insertions(+), 4 deletions(-) diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/nfvi.pp b/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/nfvi.pp index 53f1e91756..2117e26d87 100644 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/nfvi.pp +++ b/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/nfvi.pp @@ -6,6 +6,14 @@ class nfv::nfvi ( $enabled = false, + $platform_username = 'admin', + $platform_tenant = 'admin', + $platform_user_domain = 'Default', + $platform_project_domain = 'Default', + $platform_auth_protocol = 'http', + $platform_auth_host = '127.0.0.1', + $platform_auth_port = 5000, + $platform_keyring_service = undef, $openstack_username = 'admin', $openstack_tenant = 'admin', $openstack_user_domain = 'Default', @@ -13,6 +21,7 @@ class nfv::nfvi ( $openstack_auth_protocol = 'http', $openstack_auth_host = '127.0.0.1', $openstack_auth_port = 5000, + $openstack_keyring_service = undef, $openstack_nova_api_host = '127.0.0.1', $keystone_region_name = 'RegionOne', $keystone_service_name = 'keystone', @@ -80,7 +89,17 @@ class nfv::nfvi ( nfv_plugin_nfvi_config { - /* OpenStack Information */ + /* Platform Authentication Information */ + 'platform/username': value => $platform_username; + 'platform/tenant': value => $platform_tenant; + 'platform/user_domain_name': value => $platform_user_domain; + 'platform/project_domain_name': value => $platform_project_domain; + 'platform/authorization_protocol': value => $platform_auth_protocol; + 'platform/authorization_ip': value => $platform_auth_host; + 'platform/authorization_port': value => $platform_auth_port; + 'platform/keyring_service': value => $platform_keyring_service; + + /* OpenStack Authentication Information */ 'openstack/username': value => $openstack_username; 'openstack/tenant': value => $openstack_tenant; 'openstack/user_domain_name': value => $openstack_user_domain; @@ -88,6 +107,7 @@ class nfv::nfvi ( 'openstack/authorization_protocol': value => $openstack_auth_protocol; 'openstack/authorization_ip': value => $openstack_auth_host; 'openstack/authorization_port': value => $openstack_auth_port; + 'openstack/keyring_service': value => $openstack_keyring_service; 'keystone/region_name': value => $keystone_region_name; 'keystone/service_name': value => $keystone_service_name; diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/nfv.py b/sysinv/sysinv/sysinv/sysinv/puppet/nfv.py index 7055248af0..135f4fbe44 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/nfv.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/nfv.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2017 Wind River Systems, Inc. +# Copyright (c) 2017-2018 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -15,6 +15,7 @@ class NfvPuppet(openstack.OpenstackBasePuppet): SERVICE_NAME = 'vim' SERVICE_PORT = 4545 + PLATFORM_KEYRING_SERVICE = 'CGCS' def get_secure_static_config(self): kspass = self._get_service_password(self.SERVICE_NAME) @@ -45,21 +46,39 @@ class NfvPuppet(openstack.OpenstackBasePuppet): 'nfv::nfvi::nova_endpoint_override': self._get_nova_endpoint_url(), - 'nfv::nfvi::openstack_auth_host': - self._keystone_auth_address(), 'nfv::nfvi::openstack_nova_api_host': self._get_management_address(), 'nfv::nfvi::host_listener_host': self._get_management_address(), + 'nfv::nfvi::platform_username': + self._operator.keystone.get_admin_user_name(), + 'nfv::nfvi::platform_tenant': + self._operator.keystone.get_admin_project_name(), + 'nfv::nfvi::platform_auth_host': + self._keystone_auth_address(), + 'nfv::nfvi::platform_user_domain': + self._operator.keystone.get_admin_user_domain(), + 'nfv::nfvi::platform_project_domain': + self._operator.keystone.get_admin_project_domain(), + 'nfv::nfvi::platform_keyring_service': + self.PLATFORM_KEYRING_SERVICE, + + # TODO(Bart Wensley): When we switch to the pod based keystone, + # this will change to use those credentials. 'nfv::nfvi::openstack_username': self._operator.keystone.get_admin_user_name(), 'nfv::nfvi::openstack_tenant': self._operator.keystone.get_admin_project_name(), + 'nfv::nfvi::openstack_auth_host': + self._keystone_auth_address(), 'nfv::nfvi::openstack_user_domain': self._operator.keystone.get_admin_user_domain(), 'nfv::nfvi::openstack_project_domain': self._operator.keystone.get_admin_project_domain(), + 'nfv::nfvi::openstack_keyring_service': + self.PLATFORM_KEYRING_SERVICE, + 'nfv::nfvi::keystone_region_name': self._keystone_region_name(), 'nfv::nfvi::keystone_service_name': self._operator.keystone.get_service_name(),