diff --git a/controllerconfig/controllerconfig/controllerconfig/openstack.py b/controllerconfig/controllerconfig/controllerconfig/openstack.py index 5ba8b921a1..52bf62693c 100755 --- a/controllerconfig/controllerconfig/controllerconfig/openstack.py +++ b/controllerconfig/controllerconfig/controllerconfig/openstack.py @@ -31,10 +31,11 @@ class OpenStack(object): self.conf = {} self._sysinv = None + source_command = 'source /etc/platform/openrc && env' + with open(os.devnull, "w") as fnull: proc = subprocess.Popen( - ['bash', '-c', - 'source /etc/nova/openrc && env'], + ['bash', '-c', source_command], stdout=subprocess.PIPE, stderr=fnull) for line in proc.stdout: diff --git a/controllerconfig/controllerconfig/controllerconfig/upgrades/controller.py b/controllerconfig/controllerconfig/controllerconfig/upgrades/controller.py index 0316a6721e..858c5b3534 100644 --- a/controllerconfig/controllerconfig/controllerconfig/upgrades/controller.py +++ b/controllerconfig/controllerconfig/controllerconfig/upgrades/controller.py @@ -776,9 +776,9 @@ def migrate_hiera_data(from_release, to_release): static_config = yaml.load(yaml_file) static_config.update({ 'platform::params::software_version': SW_VERSION, - 'openstack::client::credentials::params::keyring_directory': + 'platform::client::credentials::params::keyring_directory': KEYRING_PATH, - 'openstack::client::credentials::params::keyring_file': + 'platform::client::credentials::params::keyring_file': os.path.join(KEYRING_PATH, '.CREDENTIAL'), }) with open(static_file, 'w') as yaml_file: diff --git a/controllerconfig/controllerconfig/controllerconfig/upgrades/utils.py b/controllerconfig/controllerconfig/controllerconfig/upgrades/utils.py index 0c311fa805..effddc4fda 100644 --- a/controllerconfig/controllerconfig/controllerconfig/upgrades/utils.py +++ b/controllerconfig/controllerconfig/controllerconfig/upgrades/utils.py @@ -128,26 +128,26 @@ def get_upgrade_token(from_release, system_config['openstack::keystone::params::api_version']) admin_user_domain = system_config.get( - 'openstack::client::params::admin_user_domain') + 'platform::client::params::admin_user_domain') if admin_user_domain is None: # This value wasn't present in R2. So may be missing in upgrades from # that release - LOG.info("openstack::client::params::admin_user_domain key not found. " + LOG.info("platform::client::params::admin_user_domain key not found. " "Using Default.") admin_user_domain = DEFAULT_DOMAIN_NAME admin_project_domain = system_config.get( - 'openstack::client::params::admin_project_domain') + 'platform::client::params::admin_project_domain') if admin_project_domain is None: # This value wasn't present in R2. So may be missing in upgrades from # that release - LOG.info("openstack::client::params::admin_project_domain key not " + LOG.info("platform::client::params::admin_project_domain key not " "found. Using Default.") admin_project_domain = DEFAULT_DOMAIN_NAME admin_password = get_password_from_keyring("CGCS", "admin") admin_username = system_config.get( - 'openstack::client::params::admin_username') + 'platform::client::params::admin_username') # the upgrade token command keystone_upgrade_token = ( diff --git a/puppet-manifests/src/hieradata/controller.yaml b/puppet-manifests/src/hieradata/controller.yaml index b3e4feb712..1df0108995 100644 --- a/puppet-manifests/src/hieradata/controller.yaml +++ b/puppet-manifests/src/hieradata/controller.yaml @@ -194,7 +194,7 @@ keystone::security_compliance::password_regex_description: 'Password must have a keystone::roles::admin::email: 'admin@localhost' keystone::roles::admin::admin_tenant: 'admin' -openstack::client::params::identity_auth_url: 'http://localhost:5000/v3' +platform::client::params::identity_auth_url: 'http://localhost:5000/v3' # glance glance::api::enabled: false diff --git a/puppet-manifests/src/manifests/bootstrap.pp b/puppet-manifests/src/manifests/bootstrap.pp index c53ac5a44d..37cc489e77 100644 --- a/puppet-manifests/src/manifests/bootstrap.pp +++ b/puppet-manifests/src/manifests/bootstrap.pp @@ -15,6 +15,7 @@ include ::platform::postgresql::bootstrap include ::platform::amqp::bootstrap include ::openstack::keystone::bootstrap +include ::platform::client::bootstrap include ::openstack::client::bootstrap include ::platform::sysinv::bootstrap diff --git a/puppet-manifests/src/manifests/compute.pp b/puppet-manifests/src/manifests/compute.pp index 5101514057..efd30f229e 100644 --- a/puppet-manifests/src/manifests/compute.pp +++ b/puppet-manifests/src/manifests/compute.pp @@ -34,6 +34,7 @@ include ::platform::filesystem::compute include ::platform::docker include ::platform::kubernetes::worker include ::platform::multipath +include ::platform::client include ::openstack::client include ::openstack::neutron diff --git a/puppet-manifests/src/manifests/controller.pp b/puppet-manifests/src/manifests/controller.pp index 1283c4bab3..0391c3cc25 100644 --- a/puppet-manifests/src/manifests/controller.pp +++ b/puppet-manifests/src/manifests/controller.pp @@ -67,7 +67,7 @@ include ::platform::fm include ::platform::fm::api include ::platform::multipath - +include ::platform::client include ::openstack::client include ::openstack::keystone include ::openstack::keystone::api diff --git a/puppet-manifests/src/manifests/upgrade.pp b/puppet-manifests/src/manifests/upgrade.pp index b32718e721..78d08e3c37 100644 --- a/puppet-manifests/src/manifests/upgrade.pp +++ b/puppet-manifests/src/manifests/upgrade.pp @@ -16,6 +16,7 @@ include ::platform::postgresql::upgrade include ::platform::amqp::upgrade include ::openstack::keystone::upgrade +include ::platform::client::upgrade include ::openstack::client::upgrade include ::openstack::murano::upgrade diff --git a/puppet-manifests/src/modules/openstack/manifests/client.pp b/puppet-manifests/src/modules/openstack/manifests/client.pp index b21889a762..f06ef1d03a 100644 --- a/puppet-manifests/src/modules/openstack/manifests/client.pp +++ b/puppet-manifests/src/modules/openstack/manifests/client.pp @@ -1,19 +1,8 @@ -class openstack::client::params ( - $admin_username, - $identity_auth_url, - $identity_region = 'RegionOne', - $identity_api_version = 3, - $admin_user_domain = 'Default', - $admin_project_domain = 'Default', - $admin_project_name = 'admin', - $keystone_identity_region = 'RegionOne', -) { } - class openstack::client - inherits ::openstack::client::params { + inherits ::platform::client::params { - include ::openstack::client::credentials::params - $keyring_file = $::openstack::client::credentials::params::keyring_file + include ::platform::client::credentials::params + $keyring_file = $::platform::client::credentials::params::keyring_file file {"/etc/nova/openrc": ensure => "present", @@ -36,41 +25,8 @@ class openstack::client } } - -class openstack::client::credentials::params ( - $keyring_base, - $keyring_directory, - $keyring_file, -) { } - -class openstack::client::credentials - inherits ::openstack::client::credentials::params { - - Class['::platform::drbd::platform'] -> - file { "${keyring_base}": - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } -> - file { "${keyring_directory}": - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } -> - file { "${keyring_file}": - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0755', - content => "keyring get CGCS admin" - } -} - class openstack::client::bootstrap { include ::openstack::client - include ::openstack::client::credentials } class openstack::client::upgrade { diff --git a/puppet-manifests/src/modules/openstack/manifests/keystone.pp b/puppet-manifests/src/modules/openstack/manifests/keystone.pp index ccd772f5e1..149ed10e4d 100644 --- a/puppet-manifests/src/modules/openstack/manifests/keystone.pp +++ b/puppet-manifests/src/modules/openstack/manifests/keystone.pp @@ -52,7 +52,7 @@ class openstack::keystone ( $bind_host = $::platform::network::mgmt::params::controller_address_url } - Class[$name] -> Class['::openstack::client'] + Class[$name] -> Class['::platform::client'] -> Class['::openstack::client'] include ::keystone::client @@ -215,7 +215,7 @@ class openstack::keystone::bootstrap( include ::keystone::db::postgresql - Class[$name] -> Class['::openstack::client'] + Class[$name] -> Class['::platform::client'] -> Class['::openstack::client'] # Create the parent directory for fernet keys repository file { "${keystone_key_repo_path}": @@ -265,7 +265,7 @@ class openstack::keystone::reload { class openstack::keystone::endpointgroup inherits ::openstack::keystone::params { include ::platform::params - include ::openstack::client + include ::platform::client # $::platform::params::init_keystone should be checked by the caller. # as this class should be only invoked when initializing keystone. @@ -274,12 +274,12 @@ class openstack::keystone::endpointgroup if ($::platform::params::distributed_cloud_role =='systemcontroller') { $reference_region = $::openstack::keystone::params::region_name $system_controller_region = $::openstack::keystone::params::system_controller_region - $os_username = $::openstack::client::params::admin_username - $identity_region = $::openstack::client::params::identity_region - $keystone_region = $::openstack::client::params::keystone_identity_region - $keyring_file = $::openstack::client::credentials::params::keyring_file - $auth_url = $::openstack::client::params::identity_auth_url - $os_project_name = $::openstack::client::params::admin_project_name + $os_username = $::platform::client::params::admin_username + $identity_region = $::platform::client::params::identity_region + $keystone_region = $::platform::client::params::keystone_identity_region + $keyring_file = $::platform::client::credentials::params::keyring_file + $auth_url = $::platform::client::params::identity_auth_url + $os_project_name = $::platform::client::params::admin_project_name $api_version = 3 file { "/etc/keystone/keystone-${reference_region}-filter.conf": @@ -317,6 +317,7 @@ class openstack::keystone::endpointgroup class openstack::keystone::server::runtime { + include ::platform::client include ::openstack::client include ::openstack::keystone diff --git a/puppet-manifests/src/modules/platform/manifests/client.pp b/puppet-manifests/src/modules/platform/manifests/client.pp new file mode 100644 index 0000000000..271ceaf11c --- /dev/null +++ b/puppet-manifests/src/modules/platform/manifests/client.pp @@ -0,0 +1,65 @@ +class platform::client::params ( + $admin_username, + $identity_auth_url, + $identity_region = 'RegionOne', + $identity_api_version = 3, + $admin_user_domain = 'Default', + $admin_project_domain = 'Default', + $admin_project_name = 'admin', + $keystone_identity_region = 'RegionOne', +) { } + +class platform::client + inherits ::platform::client::params { + + include ::platform::client::credentials::params + $keyring_file = $::platform::client::credentials::params::keyring_file + + file {"/etc/platform/openrc": + ensure => "present", + mode => '0640', + owner => 'root', + group => 'root', + content => template('platform/openrc.admin.erb'), + } +} + +class platform::client::credentials::params ( + $keyring_base, + $keyring_directory, + $keyring_file, +) { } + +class platform::client::credentials + inherits ::platform::client::credentials::params { + + Class['::platform::drbd::platform'] -> + file { "${keyring_base}": + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0755', + } -> + file { "${keyring_directory}": + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0755', + } -> + file { "${keyring_file}": + ensure => 'file', + owner => 'root', + group => 'root', + mode => '0755', + content => "keyring get CGCS admin" + } +} + +class platform::client::bootstrap { + include ::platform::client + include ::platform::client::credentials +} + +class platform::client::upgrade { + include ::platform::client +} diff --git a/puppet-manifests/src/modules/platform/manifests/mtce.pp b/puppet-manifests/src/modules/platform/manifests/mtce.pp index 26f103a925..367a3e2a59 100644 --- a/puppet-manifests/src/modules/platform/manifests/mtce.pp +++ b/puppet-manifests/src/modules/platform/manifests/mtce.pp @@ -28,8 +28,8 @@ class platform::mtce include ::openstack::ceilometer::params $ceilometer_port = $::openstack::ceilometer::params::api_port - include ::openstack::client::credentials::params - $keyring_directory = $::openstack::client::credentials::params::keyring_directory + include ::platform::client::credentials::params + $keyring_directory = $::platform::client::credentials::params::keyring_directory file { "/etc/mtc.ini": ensure => present, diff --git a/puppet-manifests/src/modules/platform/manifests/sm.pp b/puppet-manifests/src/modules/platform/manifests/sm.pp index 91d71e0c4e..01f9347257 100755 --- a/puppet-manifests/src/modules/platform/manifests/sm.pp +++ b/puppet-manifests/src/modules/platform/manifests/sm.pp @@ -158,14 +158,14 @@ class platform::sm $ost_cl_ctrl_host = $::platform::network::mgmt::params::controller_address_url - include ::openstack::client::params + include ::platform::client::params - $os_username = $::openstack::client::params::admin_username + $os_username = $::platform::client::params::admin_username $os_project_name = 'admin' $os_auth_url = $os_keystone_auth_url $system_url = "http://${ost_cl_ctrl_host}:6385" - $os_user_domain_name = $::openstack::client::params::admin_user_domain - $os_project_domain_name = $::openstack::client::params::admin_project_domain + $os_user_domain_name = $::platform::client::params::admin_user_domain + $os_project_domain_name = $::platform::client::params::admin_project_domain # Nova $db_server_port = '5432' diff --git a/puppet-manifests/src/modules/platform/templates/openrc.admin.erb b/puppet-manifests/src/modules/platform/templates/openrc.admin.erb new file mode 100644 index 0000000000..680cfae0a0 --- /dev/null +++ b/puppet-manifests/src/modules/platform/templates/openrc.admin.erb @@ -0,0 +1,24 @@ +unset OS_SERVICE_TOKEN + +export OS_ENDPOINT_TYPE=internalURL +export CINDER_ENDPOINT_TYPE=internalURL + +export OS_USERNAME=<%= @admin_username %> +export OS_PASSWORD=`TERM=linux <%= @keyring_file %> 2>/dev/null` +export OS_AUTH_TYPE=password +export OS_AUTH_URL=<%= @identity_auth_url %> + +export OS_PROJECT_NAME=<%= @admin_project_name %> +export OS_USER_DOMAIN_NAME=<%= @admin_user_domain %> +export OS_PROJECT_DOMAIN_NAME=<%= @admin_project_domain %> +export OS_IDENTITY_API_VERSION=<%= @identity_api_version %> +export OS_REGION_NAME=<%= @identity_region %> +export OS_KEYSTONE_REGION_NAME=<%= @keystone_identity_region %> +export OS_INTERFACE=internal + +if [ ! -z "${OS_PASSWORD}" ]; then + export PS1='[\u@\h \W(keystone_$OS_USERNAME)]\$ ' +else + echo 'Openstack Admin credentials can only be loaded from the active controller.' + export PS1='\h:\w\$ ' +fi diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py b/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py index b8b9281593..4f8be8bbd3 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py @@ -46,13 +46,13 @@ class KeystonePuppet(openstack.OpenstackBasePuppet): return { 'keystone::db::postgresql::user': dbuser, - 'openstack::client::params::admin_username': admin_username, + 'platform::client::params::admin_username': admin_username, - 'openstack::client::credentials::params::keyring_base': + 'platform::client::credentials::params::keyring_base': os.path.dirname(tsconfig.KEYRING_PATH), - 'openstack::client::credentials::params::keyring_directory': + 'platform::client::credentials::params::keyring_directory': tsconfig.KEYRING_PATH, - 'openstack::client::credentials::params::keyring_file': + 'platform::client::credentials::params::keyring_file': os.path.join(tsconfig.KEYRING_PATH, '.CREDENTIAL'), } @@ -93,17 +93,17 @@ class KeystonePuppet(openstack.OpenstackBasePuppet): 'keystone::roles::admin::admin': admin_username, - 'openstack::client::params::admin_username': admin_username, - 'openstack::client::params::admin_project_name': admin_project, - 'openstack::client::params::admin_user_domain': + 'platform::client::params::admin_username': admin_username, + 'platform::client::params::admin_project_name': admin_project, + 'platform::client::params::admin_user_domain': self.get_admin_user_domain(), - 'openstack::client::params::admin_project_domain': + 'platform::client::params::admin_project_domain': self.get_admin_project_domain(), - 'openstack::client::params::identity_region': self._region_name(), - 'openstack::client::params::identity_auth_url': self.get_auth_url(), - 'openstack::client::params::keystone_identity_region': + 'platform::client::params::identity_region': self._region_name(), + 'platform::client::params::identity_auth_url': self.get_auth_url(), + 'platform::client::params::keystone_identity_region': self._identity_specific_region_name(), - 'openstack::client::params::auth_region': + 'platform::client::params::auth_region': self._identity_specific_region_name(), 'openstack::keystone::params::api_version': self.SERVICE_PATH, 'openstack::keystone::params::identity_uri':