Set up endpoint groups for distributed keystone
This commit sets up Endpoint groups in SystemController and RegionOne regions via Keystone Puppet manifest Story: 2002842 Task: 22785 Change-Id: I9a61dd4dd2ae18b00a7ea3ad2f0e6dc52cf0c348 Signed-off-by: Jack Ding <jack.ding@windriver.com>
This commit is contained in:
parent
49041ff8a9
commit
7fffc6432f
|
@ -176,6 +176,7 @@ keystone::log_file: /dev/null
|
||||||
keystone::endpoint::default_domain: 'Default'
|
keystone::endpoint::default_domain: 'Default'
|
||||||
keystone::endpoint::version: 'v3'
|
keystone::endpoint::version: 'v3'
|
||||||
keystone::endpoint::region: 'RegionOne'
|
keystone::endpoint::region: 'RegionOne'
|
||||||
|
keystone::endpoint::system_controller_region: 'SystemController'
|
||||||
keystone::endpoint::admin_url: 'http://127.0.0.1:5000'
|
keystone::endpoint::admin_url: 'http://127.0.0.1:5000'
|
||||||
|
|
||||||
keystone::ldap::identity_driver: 'sql'
|
keystone::ldap::identity_driver: 'sql'
|
||||||
|
|
|
@ -6,6 +6,7 @@ class openstack::keystone::params(
|
||||||
$auth_uri,
|
$auth_uri,
|
||||||
$host_url,
|
$host_url,
|
||||||
$region_name = undef,
|
$region_name = undef,
|
||||||
|
$system_controller_region = undef,
|
||||||
$service_name = 'openstack-keystone',
|
$service_name = 'openstack-keystone',
|
||||||
$token_expiration = 3600,
|
$token_expiration = 3600,
|
||||||
$service_create = false,
|
$service_create = false,
|
||||||
|
@ -157,6 +158,7 @@ class openstack::keystone::api
|
||||||
if ($::openstack::keystone::params::service_create and
|
if ($::openstack::keystone::params::service_create and
|
||||||
$::platform::params::init_keystone) {
|
$::platform::params::init_keystone) {
|
||||||
include ::keystone::endpoint
|
include ::keystone::endpoint
|
||||||
|
include ::openstack::keystone::endpointgroup
|
||||||
|
|
||||||
# Cleanup the endpoints created at bootstrap if they are not in
|
# Cleanup the endpoints created at bootstrap if they are not in
|
||||||
# the subcloud region.
|
# the subcloud region.
|
||||||
|
@ -251,6 +253,60 @@ class openstack::keystone::reload {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
class openstack::keystone::endpointgroup
|
||||||
|
inherits ::openstack::keystone::params {
|
||||||
|
include ::platform::params
|
||||||
|
include ::openstack::client
|
||||||
|
|
||||||
|
# $::platform::params::init_keystone should be checked by the caller.
|
||||||
|
# as this class should be only invoked when initializing keystone.
|
||||||
|
# i.e. is_initial_config_primary is true is expected.
|
||||||
|
|
||||||
|
if ($::platform::params::distributed_cloud_role =='systemcontroller') {
|
||||||
|
$reference_region = $::openstack::keystone::params::region_name
|
||||||
|
$system_controller_region = $::openstack::keystone::params::system_controller_region
|
||||||
|
$os_username = $::openstack::client::params::admin_username
|
||||||
|
$identity_region = $::openstack::client::params::identity_region
|
||||||
|
$keystone_region = $::openstack::client::params::keystone_identity_region
|
||||||
|
$keyring_file = $::openstack::client::credentials::params::keyring_file
|
||||||
|
$auth_url = $::openstack::client::params::identity_auth_url
|
||||||
|
$os_project_name = $::openstack::client::params::admin_project_name
|
||||||
|
$api_version = 3
|
||||||
|
|
||||||
|
file { "/etc/keystone/keystone-${reference_region}-filter.conf":
|
||||||
|
ensure => present,
|
||||||
|
owner => 'root',
|
||||||
|
group => 'keystone',
|
||||||
|
mode => '0640',
|
||||||
|
content => template('openstack/keystone-defaultregion-filter.erb'),
|
||||||
|
} ->
|
||||||
|
file { "/etc/keystone/keystone-${system_controller_region}-filter.conf":
|
||||||
|
ensure => present,
|
||||||
|
owner => 'root',
|
||||||
|
group => 'keystone',
|
||||||
|
mode => '0640',
|
||||||
|
content => template('openstack/keystone-systemcontroller-filter.erb'),
|
||||||
|
} ->
|
||||||
|
exec { 'endpointgroup-${reference_region}-command':
|
||||||
|
cwd => '/etc/keystone',
|
||||||
|
logoutput => true,
|
||||||
|
provider => shell,
|
||||||
|
require => [ Class['openstack::keystone::api'], Class['::keystone::endpoint'] ],
|
||||||
|
command => template('openstack/keystone-defaultregion.erb'),
|
||||||
|
path => ['/usr/bin/', '/bin/', '/sbin/', '/usr/sbin/'],
|
||||||
|
} ->
|
||||||
|
exec { 'endpointgroup-${system_controller_region}-command':
|
||||||
|
cwd => '/etc/keystone',
|
||||||
|
logoutput => true,
|
||||||
|
provider => shell,
|
||||||
|
require => [ Class['openstack::keystone::api'], Class['::keystone::endpoint'] ],
|
||||||
|
command => template('openstack/keystone-systemcontroller.erb'),
|
||||||
|
path => ['/usr/bin/', '/bin/', '/sbin/', '/usr/sbin/'],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
class openstack::keystone::server::runtime {
|
class openstack::keystone::server::runtime {
|
||||||
include ::openstack::client
|
include ::openstack::client
|
||||||
include ::openstack::keystone
|
include ::openstack::keystone
|
||||||
|
@ -385,7 +441,6 @@ class openstack::keystone::upgrade (
|
||||||
default_transport_url => $::platform::amqp::params::transport_url,
|
default_transport_url => $::platform::amqp::params::transport_url,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# Add service account and endpoints for any new R6 services...
|
# Add service account and endpoints for any new R6 services...
|
||||||
# include ::<new service>::keystone::auth
|
# include ::<new service>::keystone::auth
|
||||||
# No new services yet...
|
# No new services yet...
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
"region_id": "<%=@reference_region %>"
|
||||||
|
}
|
|
@ -0,0 +1,19 @@
|
||||||
|
PASSWORD=$(TERM=linux <%= @keyring_file %> 2>/dev/null)
|
||||||
|
ENDPOINTGROUP_ID=$(openstack endpoint group create \
|
||||||
|
distributed_cloud_<%=@reference_region %> \
|
||||||
|
keystone-<%=@reference_region %>-filter.conf \
|
||||||
|
--os-username <%=@os_username %> \
|
||||||
|
--os-password $PASSWORD \
|
||||||
|
--os-region-name <%=@identity_region %> \
|
||||||
|
--os-keystone-region-name <%=@keystone_region %> \
|
||||||
|
--os-auth-url <%=@auth_url %> \
|
||||||
|
--os-identity-api-version <%=@api_version %> \
|
||||||
|
--os-project-name <%=@os_project_name %> | awk '/id\ \ / { print $4 }' )
|
||||||
|
openstack endpoint group add project $ENDPOINTGROUP_ID services \
|
||||||
|
--os-username <%=@os_username %> \
|
||||||
|
--os-password $PASSWORD \
|
||||||
|
--os-region-name <%=@identity_region %> \
|
||||||
|
--os-keystone-region-name <%=@keystone_region %> \
|
||||||
|
--os-auth-url <%=@auth_url %> \
|
||||||
|
--os-identity-api-version <%=@api_version %> \
|
||||||
|
--os-project-name <%=@os_project_name %>
|
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
"region_id": "<%=@system_controller_region %>"
|
||||||
|
}
|
|
@ -0,0 +1,19 @@
|
||||||
|
PASSWORD=$(TERM=linux <%= @keyring_file %> 2>/dev/null)
|
||||||
|
ENDPOINTGROUP_ID=$(openstack endpoint group create \
|
||||||
|
distributed_cloud_<%=@system_controller_region %> \
|
||||||
|
keystone-<%=@system_controller_region %>-filter.conf \
|
||||||
|
--os-username <%=@os_username %> \
|
||||||
|
--os-password $PASSWORD \
|
||||||
|
--os-region-name <%=@identity_region %> \
|
||||||
|
--os-keystone-region-name <%=@keystone_region %> \
|
||||||
|
--os-auth-url <%=@auth_url %> \
|
||||||
|
--os-identity-api-version <%=@api_version %> \
|
||||||
|
--os-project-name <%=@os_project_name %> | awk '/id\ \ / { print $4 }' )
|
||||||
|
openstack endpoint group add project $ENDPOINTGROUP_ID services \
|
||||||
|
--os-username <%=@os_username %> \
|
||||||
|
--os-password $PASSWORD \
|
||||||
|
--os-region-name <%=@identity_region %> \
|
||||||
|
--os-keystone-region-name <%=@keystone_region %> \
|
||||||
|
--os-auth-url <%=@auth_url %> \
|
||||||
|
--os-identity-api-version <%=@api_version %> \
|
||||||
|
--os-project-name <%=@os_project_name %>
|
|
@ -17,7 +17,7 @@ class dcmanager::keystone::auth (
|
||||||
$auth_name = 'dcmanager',
|
$auth_name = 'dcmanager',
|
||||||
$auth_domain,
|
$auth_domain,
|
||||||
$email = 'dcmanager@localhost',
|
$email = 'dcmanager@localhost',
|
||||||
$tenant = 'services',
|
$tenant = 'admin',
|
||||||
$region = 'SystemController',
|
$region = 'SystemController',
|
||||||
$service_description = 'DCManagerService',
|
$service_description = 'DCManagerService',
|
||||||
$service_name = undef,
|
$service_name = undef,
|
||||||
|
|
|
@ -117,6 +117,8 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
|
||||||
# system resides
|
# system resides
|
||||||
'openstack::keystone::params::region_name':
|
'openstack::keystone::params::region_name':
|
||||||
self._identity_specific_region_name(),
|
self._identity_specific_region_name(),
|
||||||
|
'openstack::keystone::params::system_controller_region':
|
||||||
|
constants.SYSTEM_CONTROLLER_REGION,
|
||||||
'openstack::keystone::params::service_create':
|
'openstack::keystone::params::service_create':
|
||||||
self._to_create_services(),
|
self._to_create_services(),
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue