Add configuration for containerized keystone to VIM

Adding configuration to the VIM for containerized keystone. The VIM will now support two keystone instances: - platform: bare metal keystone used to authenticate with platform services (e.g. sysinv, patching) - openstack: containerized keystone used to authenticate with openstack services (e.g. nova, neutron, cinder) For now, the same configuration will be used for both, as we still only deploy with the baremetal keystone. Story: 2002876 Task: 26872 Change-Id: If4bd46a4c14cc65978774001cb2887e5d3e3607b
2018-09-26 09:47:55 -05:00 · 2018-09-26 09:47:55 -05:00 · e3c1fbed88
parent 0ffdae6953
commit e3c1fbed88
2 changed files with 43 additions and 4 deletions
--- a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/nfvi.pp
+++ b/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/nfvi.pp
@ -6,6 +6,14 @@

 class nfv::nfvi (
  $enabled                       = false,
+  $platform_username             = 'admin',
+  $platform_tenant               = 'admin',
+  $platform_user_domain          = 'Default',
+  $platform_project_domain       = 'Default',
+  $platform_auth_protocol        = 'http',
+  $platform_auth_host            = '127.0.0.1',
+  $platform_auth_port            = 5000,
+  $platform_keyring_service      = undef,
  $openstack_username            = 'admin',
  $openstack_tenant              = 'admin',
  $openstack_user_domain         = 'Default',
@ -13,6 +21,7 @@ class nfv::nfvi (
  $openstack_auth_protocol       = 'http',
  $openstack_auth_host           = '127.0.0.1',
  $openstack_auth_port           = 5000,
+  $openstack_keyring_service     = undef,
  $openstack_nova_api_host       = '127.0.0.1',
  $keystone_region_name          = 'RegionOne',
  $keystone_service_name         = 'keystone',
@ -80,7 +89,17 @@ class nfv::nfvi (

  nfv_plugin_nfvi_config {

-    /* OpenStack Information */
+    /* Platform Authentication Information */
+    'platform/username': value => $platform_username;
+    'platform/tenant': value => $platform_tenant;
+    'platform/user_domain_name': value => $platform_user_domain;
+    'platform/project_domain_name': value => $platform_project_domain;
+    'platform/authorization_protocol': value => $platform_auth_protocol;
+    'platform/authorization_ip': value => $platform_auth_host;
+    'platform/authorization_port': value => $platform_auth_port;
+    'platform/keyring_service': value => $platform_keyring_service;
+
+    /* OpenStack Authentication Information */
    'openstack/username': value => $openstack_username;
    'openstack/tenant': value => $openstack_tenant;
    'openstack/user_domain_name': value => $openstack_user_domain;
@ -88,6 +107,7 @@ class nfv::nfvi (
    'openstack/authorization_protocol': value => $openstack_auth_protocol;
    'openstack/authorization_ip': value => $openstack_auth_host;
    'openstack/authorization_port': value => $openstack_auth_port;
+    'openstack/keyring_service': value => $openstack_keyring_service;

    'keystone/region_name': value => $keystone_region_name;
    'keystone/service_name': value => $keystone_service_name;
--- a/sysinv/sysinv/sysinv/sysinv/puppet/nfv.py
+++ b/sysinv/sysinv/sysinv/sysinv/puppet/nfv.py
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2017 Wind River Systems, Inc.
+# Copyright (c) 2017-2018 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@ -15,6 +15,7 @@ class NfvPuppet(openstack.OpenstackBasePuppet):

    SERVICE_NAME = 'vim'
    SERVICE_PORT = 4545
+    PLATFORM_KEYRING_SERVICE = 'CGCS'

    def get_secure_static_config(self):
        kspass = self._get_service_password(self.SERVICE_NAME)
@ -45,21 +46,39 @@ class NfvPuppet(openstack.OpenstackBasePuppet):

            'nfv::nfvi::nova_endpoint_override':
                self._get_nova_endpoint_url(),
-            'nfv::nfvi::openstack_auth_host':
-                self._keystone_auth_address(),
            'nfv::nfvi::openstack_nova_api_host':
                self._get_management_address(),
            'nfv::nfvi::host_listener_host':
                self._get_management_address(),

+            'nfv::nfvi::platform_username':
+                self._operator.keystone.get_admin_user_name(),
+            'nfv::nfvi::platform_tenant':
+                self._operator.keystone.get_admin_project_name(),
+            'nfv::nfvi::platform_auth_host':
+                self._keystone_auth_address(),
+            'nfv::nfvi::platform_user_domain':
+                self._operator.keystone.get_admin_user_domain(),
+            'nfv::nfvi::platform_project_domain':
+                self._operator.keystone.get_admin_project_domain(),
+            'nfv::nfvi::platform_keyring_service':
+                self.PLATFORM_KEYRING_SERVICE,
+
+            # TODO(Bart Wensley): When we switch to the pod based keystone,
+            # this will change to use those credentials.
            'nfv::nfvi::openstack_username':
                self._operator.keystone.get_admin_user_name(),
            'nfv::nfvi::openstack_tenant':
                self._operator.keystone.get_admin_project_name(),
+            'nfv::nfvi::openstack_auth_host':
+                self._keystone_auth_address(),
            'nfv::nfvi::openstack_user_domain':
                self._operator.keystone.get_admin_user_domain(),
            'nfv::nfvi::openstack_project_domain':
                self._operator.keystone.get_admin_project_domain(),
+            'nfv::nfvi::openstack_keyring_service':
+                self.PLATFORM_KEYRING_SERVICE,
+
            'nfv::nfvi::keystone_region_name': self._keystone_region_name(),
            'nfv::nfvi::keystone_service_name':
                self._operator.keystone.get_service_name(),