From 70ed5b099496c98b37a94b061610d48c9263f554 Mon Sep 17 00:00:00 2001 From: Alex Kozyrev Date: Fri, 15 Feb 2019 15:46:32 -0500 Subject: [PATCH] Enable Barbican provisioning in SM in kubernetes environment Since Barbican is in charge of storing BMC passwords for MTCE now we need it to run as a bare-metal service alongside with kubernetes. This patch enables SM provisioning for barbican in this case. Change-Id: Id51f679738d429e78f388b6dc42e7606ef0c41ab Story: 2003108 Task: 27700 Signed-off-by: Alex Kozyrev --- .../src/modules/platform/manifests/sm.pp | 116 ++++++++++-------- 1 file changed, 68 insertions(+), 48 deletions(-) diff --git a/puppet-manifests/src/modules/platform/manifests/sm.pp b/puppet-manifests/src/modules/platform/manifests/sm.pp index f8b2cc6edb..b038b14f08 100644 --- a/puppet-manifests/src/modules/platform/manifests/sm.pp +++ b/puppet-manifests/src/modules/platform/manifests/sm.pp @@ -192,6 +192,10 @@ class platform::sm $os_region_name = $keystone_region } + # Barbican + include ::openstack::barbican::params + $barbican_enabled = $::openstack::barbican::params::service_enabled + $ost_cl_ctrl_host = $::platform::network::mgmt::params::controller_address_url include ::platform::client::params @@ -266,9 +270,6 @@ class platform::sm # Panko include ::openstack::panko::params - # Barbican - include ::openstack::barbican::params - if $system_mode == 'simplex' { $hostunit = '0' $management_my_unit_ip = $::platform::network::mgmt::params::controller0_address @@ -338,7 +339,6 @@ class platform::sm $gnocchi_enabled = false $aodh_enabled = false $panko_enabled = false - $barbican_enabled = false } else { $heat_service_enabled = $::openstack::heat::params::service_enabled $murano_configured = $::openstack::murano::params::service_enabled @@ -347,7 +347,6 @@ class platform::sm $gnocchi_enabled = $::openstack::gnocchi::params::service_enabled $aodh_enabled = $::openstack::aodh::params::service_enabled $panko_enabled = $::openstack::panko::params::service_enabled - $barbican_enabled = $::openstack::barbican::params::service_enabled } # lint:ignore:140chars @@ -625,6 +624,21 @@ class platform::sm } } + # Barbican + if $barbican_enabled { + exec { 'Configure OpenStack - Barbican API': + command => "sm-configure service_instance barbican-api barbican-api \"config=/etc/barbican/barbican.conf\"", + } + + exec { 'Configure OpenStack - Barbican Keystone Listener': + command => "sm-configure service_instance barbican-keystone-listener barbican-keystone-listener \"config=/etc/barbican/barbican.conf\"", + } + + exec { 'Configure OpenStack - Barbican Worker': + command => "sm-configure service_instance barbican-worker barbican-worker \"config=/etc/barbican/barbican.conf\"", + } + } + if $configure_glance { if !$glance_cached { exec { 'Configure OpenStack - Glance Registry': @@ -1123,49 +1137,6 @@ class platform::sm command => "sm-configure service_instance ironic-conductor ironic-conductor \"config=/etc/ironic/ironic.conf,tftproot=${ironic_tftproot}\"", } - # Barbican - if $barbican_enabled { - - exec { 'Configure OpenStack - Barbican API': - command => "sm-configure service_instance barbican-api barbican-api \"config=/etc/barbican/barbican.conf\"", - } - - exec { 'Configure OpenStack - Barbican Keystone Listener': - command => "sm-configure service_instance barbican-keystone-listener barbican-keystone-listener \"config=/etc/barbican/barbican.conf\"", - } - - exec { 'Configure OpenStack - Barbican Worker': - command => "sm-configure service_instance barbican-worker barbican-worker \"config=/etc/barbican/barbican.conf\"", - } - } else { - exec { 'Deprovision OpenStack - Barbican API (service-group-member)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service-group-member cloud-services barbican-api', - } - -> exec { 'Deprovision OpenStack - Barbican API (service)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service barbican-api', - } - - exec { 'Deprovision OpenStack - Barbican Keystone Listener (service-group-member)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service-group-member cloud-services barbican-keystone-listener', - } - -> exec { 'Deprovision OpenStack - Barbican Keystone Listener (service)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service barbican-keystone-listener', - } - - exec { 'Deprovision OpenStack - Barbican Worker (service-group-member)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service-group-member cloud-services barbican-worker', - } - -> exec { 'Deprovision OpenStack - Barbican Worker (service)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service barbican-worker', - } - } - exec { 'Configure OpenStack - Nova Compute': command => "sm-configure service_instance nova-compute nova-compute \"config=/etc/nova/nova-ironic.conf\"", } @@ -1362,6 +1333,55 @@ class platform::sm } } + # Barbican + if $barbican_enabled { + exec { 'Provision OpenStack - Barbican API (service-group-member)': + command => 'sm-provision service-group-member cloud-services barbican-api', + } + -> exec { 'Provision OpenStack - Barbican API (service)': + command => 'sm-provision service barbican-api', + } + -> exec { 'Provision OpenStack - Barbican Keystone Listener (service-group-member)': + command => 'sm-provision service-group-member cloud-services barbican-keystone-listener', + } + -> exec { 'Provision OpenStack - Barbican Keystone Listener (service)': + command => 'sm-provision service barbican-keystone-listener', + } + -> exec { 'Provision OpenStack - Barbican Worker (service-group-member)': + command => 'sm-provision service-group-member cloud-services barbican-worker', + } + -> exec { 'Provision OpenStack - Barbican Worker (service)': + command => 'sm-provision service barbican-worker', + } + } else { + exec { 'Deprovision OpenStack - Barbican API (service-group-member)': + path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], + command => 'sm-deprovision service-group-member cloud-services barbican-api', + } + -> exec { 'Deprovision OpenStack - Barbican API (service)': + path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], + command => 'sm-deprovision service barbican-api', + } + + exec { 'Deprovision OpenStack - Barbican Keystone Listener (service-group-member)': + path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], + command => 'sm-deprovision service-group-member cloud-services barbican-keystone-listener', + } + -> exec { 'Deprovision OpenStack - Barbican Keystone Listener (service)': + path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], + command => 'sm-deprovision service barbican-keystone-listener', + } + + exec { 'Deprovision OpenStack - Barbican Worker (service-group-member)': + path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], + command => 'sm-deprovision service-group-member cloud-services barbican-worker', + } + -> exec { 'Deprovision OpenStack - Barbican Worker (service)': + path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], + command => 'sm-deprovision service barbican-worker', + } + } + exec { 'Configure Murano Rabbit': command => "sm-configure service_instance murano-rabbit murano-rabbit \"server=${rabbitmq_server},ctl=${rabbitmqctl},nodename=${murano_rabbit_node_name},mnesia_base=${murano_rabbit_mnesia_base},ip=${oam_ip_param_ip},config_file=${murano_rabbit_config_file},env_config_file=${murano_rabbit_env_config_file},pid_file=${murano_rabbit_pid},dist_port=${murano_rabbit_dist_port}\"", }