Generate openrc file in /etc/platform
Create the platform openrc file in /etc/platform, while leaving existing /etc/nova/openrc file alone for now. New platform/client.pp file is created and most of the contents of openstack/client.pp moved there. openstack/client.pp can be removed once kubernetes is the default. Change-Id: Ib6de59da6dfc9f34a24054405b6cda30d0b74ac1 Story: 2002876 Task: 27499 Signed-off-by: Kevin Smith <kevin.smith@windriver.com>
This commit is contained in:
parent
1a0bb8e5a2
commit
1e63b2e45a
|
@ -31,10 +31,11 @@ class OpenStack(object):
|
|||
self.conf = {}
|
||||
self._sysinv = None
|
||||
|
||||
source_command = 'source /etc/platform/openrc && env'
|
||||
|
||||
with open(os.devnull, "w") as fnull:
|
||||
proc = subprocess.Popen(
|
||||
['bash', '-c',
|
||||
'source /etc/nova/openrc && env'],
|
||||
['bash', '-c', source_command],
|
||||
stdout=subprocess.PIPE, stderr=fnull)
|
||||
|
||||
for line in proc.stdout:
|
||||
|
|
|
@ -776,9 +776,9 @@ def migrate_hiera_data(from_release, to_release):
|
|||
static_config = yaml.load(yaml_file)
|
||||
static_config.update({
|
||||
'platform::params::software_version': SW_VERSION,
|
||||
'openstack::client::credentials::params::keyring_directory':
|
||||
'platform::client::credentials::params::keyring_directory':
|
||||
KEYRING_PATH,
|
||||
'openstack::client::credentials::params::keyring_file':
|
||||
'platform::client::credentials::params::keyring_file':
|
||||
os.path.join(KEYRING_PATH, '.CREDENTIAL'),
|
||||
})
|
||||
with open(static_file, 'w') as yaml_file:
|
||||
|
|
|
@ -128,26 +128,26 @@ def get_upgrade_token(from_release,
|
|||
system_config['openstack::keystone::params::api_version'])
|
||||
|
||||
admin_user_domain = system_config.get(
|
||||
'openstack::client::params::admin_user_domain')
|
||||
'platform::client::params::admin_user_domain')
|
||||
if admin_user_domain is None:
|
||||
# This value wasn't present in R2. So may be missing in upgrades from
|
||||
# that release
|
||||
LOG.info("openstack::client::params::admin_user_domain key not found. "
|
||||
LOG.info("platform::client::params::admin_user_domain key not found. "
|
||||
"Using Default.")
|
||||
admin_user_domain = DEFAULT_DOMAIN_NAME
|
||||
|
||||
admin_project_domain = system_config.get(
|
||||
'openstack::client::params::admin_project_domain')
|
||||
'platform::client::params::admin_project_domain')
|
||||
if admin_project_domain is None:
|
||||
# This value wasn't present in R2. So may be missing in upgrades from
|
||||
# that release
|
||||
LOG.info("openstack::client::params::admin_project_domain key not "
|
||||
LOG.info("platform::client::params::admin_project_domain key not "
|
||||
"found. Using Default.")
|
||||
admin_project_domain = DEFAULT_DOMAIN_NAME
|
||||
|
||||
admin_password = get_password_from_keyring("CGCS", "admin")
|
||||
admin_username = system_config.get(
|
||||
'openstack::client::params::admin_username')
|
||||
'platform::client::params::admin_username')
|
||||
|
||||
# the upgrade token command
|
||||
keystone_upgrade_token = (
|
||||
|
|
|
@ -194,7 +194,7 @@ keystone::security_compliance::password_regex_description: 'Password must have a
|
|||
keystone::roles::admin::email: 'admin@localhost'
|
||||
keystone::roles::admin::admin_tenant: 'admin'
|
||||
|
||||
openstack::client::params::identity_auth_url: 'http://localhost:5000/v3'
|
||||
platform::client::params::identity_auth_url: 'http://localhost:5000/v3'
|
||||
|
||||
# glance
|
||||
glance::api::enabled: false
|
||||
|
|
|
@ -15,6 +15,7 @@ include ::platform::postgresql::bootstrap
|
|||
include ::platform::amqp::bootstrap
|
||||
|
||||
include ::openstack::keystone::bootstrap
|
||||
include ::platform::client::bootstrap
|
||||
include ::openstack::client::bootstrap
|
||||
|
||||
include ::platform::sysinv::bootstrap
|
||||
|
|
|
@ -34,6 +34,7 @@ include ::platform::filesystem::compute
|
|||
include ::platform::docker
|
||||
include ::platform::kubernetes::worker
|
||||
include ::platform::multipath
|
||||
include ::platform::client
|
||||
|
||||
include ::openstack::client
|
||||
include ::openstack::neutron
|
||||
|
|
|
@ -67,7 +67,7 @@ include ::platform::fm
|
|||
include ::platform::fm::api
|
||||
|
||||
include ::platform::multipath
|
||||
|
||||
include ::platform::client
|
||||
include ::openstack::client
|
||||
include ::openstack::keystone
|
||||
include ::openstack::keystone::api
|
||||
|
|
|
@ -16,6 +16,7 @@ include ::platform::postgresql::upgrade
|
|||
include ::platform::amqp::upgrade
|
||||
|
||||
include ::openstack::keystone::upgrade
|
||||
include ::platform::client::upgrade
|
||||
include ::openstack::client::upgrade
|
||||
|
||||
include ::openstack::murano::upgrade
|
||||
|
|
|
@ -1,19 +1,8 @@
|
|||
class openstack::client::params (
|
||||
$admin_username,
|
||||
$identity_auth_url,
|
||||
$identity_region = 'RegionOne',
|
||||
$identity_api_version = 3,
|
||||
$admin_user_domain = 'Default',
|
||||
$admin_project_domain = 'Default',
|
||||
$admin_project_name = 'admin',
|
||||
$keystone_identity_region = 'RegionOne',
|
||||
) { }
|
||||
|
||||
class openstack::client
|
||||
inherits ::openstack::client::params {
|
||||
inherits ::platform::client::params {
|
||||
|
||||
include ::openstack::client::credentials::params
|
||||
$keyring_file = $::openstack::client::credentials::params::keyring_file
|
||||
include ::platform::client::credentials::params
|
||||
$keyring_file = $::platform::client::credentials::params::keyring_file
|
||||
|
||||
file {"/etc/nova/openrc":
|
||||
ensure => "present",
|
||||
|
@ -36,41 +25,8 @@ class openstack::client
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
class openstack::client::credentials::params (
|
||||
$keyring_base,
|
||||
$keyring_directory,
|
||||
$keyring_file,
|
||||
) { }
|
||||
|
||||
class openstack::client::credentials
|
||||
inherits ::openstack::client::credentials::params {
|
||||
|
||||
Class['::platform::drbd::platform'] ->
|
||||
file { "${keyring_base}":
|
||||
ensure => 'directory',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
} ->
|
||||
file { "${keyring_directory}":
|
||||
ensure => 'directory',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
} ->
|
||||
file { "${keyring_file}":
|
||||
ensure => 'file',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
content => "keyring get CGCS admin"
|
||||
}
|
||||
}
|
||||
|
||||
class openstack::client::bootstrap {
|
||||
include ::openstack::client
|
||||
include ::openstack::client::credentials
|
||||
}
|
||||
|
||||
class openstack::client::upgrade {
|
||||
|
|
|
@ -52,7 +52,7 @@ class openstack::keystone (
|
|||
$bind_host = $::platform::network::mgmt::params::controller_address_url
|
||||
}
|
||||
|
||||
Class[$name] -> Class['::openstack::client']
|
||||
Class[$name] -> Class['::platform::client'] -> Class['::openstack::client']
|
||||
|
||||
include ::keystone::client
|
||||
|
||||
|
@ -215,7 +215,7 @@ class openstack::keystone::bootstrap(
|
|||
|
||||
include ::keystone::db::postgresql
|
||||
|
||||
Class[$name] -> Class['::openstack::client']
|
||||
Class[$name] -> Class['::platform::client'] -> Class['::openstack::client']
|
||||
|
||||
# Create the parent directory for fernet keys repository
|
||||
file { "${keystone_key_repo_path}":
|
||||
|
@ -265,7 +265,7 @@ class openstack::keystone::reload {
|
|||
class openstack::keystone::endpointgroup
|
||||
inherits ::openstack::keystone::params {
|
||||
include ::platform::params
|
||||
include ::openstack::client
|
||||
include ::platform::client
|
||||
|
||||
# $::platform::params::init_keystone should be checked by the caller.
|
||||
# as this class should be only invoked when initializing keystone.
|
||||
|
@ -274,12 +274,12 @@ class openstack::keystone::endpointgroup
|
|||
if ($::platform::params::distributed_cloud_role =='systemcontroller') {
|
||||
$reference_region = $::openstack::keystone::params::region_name
|
||||
$system_controller_region = $::openstack::keystone::params::system_controller_region
|
||||
$os_username = $::openstack::client::params::admin_username
|
||||
$identity_region = $::openstack::client::params::identity_region
|
||||
$keystone_region = $::openstack::client::params::keystone_identity_region
|
||||
$keyring_file = $::openstack::client::credentials::params::keyring_file
|
||||
$auth_url = $::openstack::client::params::identity_auth_url
|
||||
$os_project_name = $::openstack::client::params::admin_project_name
|
||||
$os_username = $::platform::client::params::admin_username
|
||||
$identity_region = $::platform::client::params::identity_region
|
||||
$keystone_region = $::platform::client::params::keystone_identity_region
|
||||
$keyring_file = $::platform::client::credentials::params::keyring_file
|
||||
$auth_url = $::platform::client::params::identity_auth_url
|
||||
$os_project_name = $::platform::client::params::admin_project_name
|
||||
$api_version = 3
|
||||
|
||||
file { "/etc/keystone/keystone-${reference_region}-filter.conf":
|
||||
|
@ -317,6 +317,7 @@ class openstack::keystone::endpointgroup
|
|||
|
||||
|
||||
class openstack::keystone::server::runtime {
|
||||
include ::platform::client
|
||||
include ::openstack::client
|
||||
include ::openstack::keystone
|
||||
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
class platform::client::params (
|
||||
$admin_username,
|
||||
$identity_auth_url,
|
||||
$identity_region = 'RegionOne',
|
||||
$identity_api_version = 3,
|
||||
$admin_user_domain = 'Default',
|
||||
$admin_project_domain = 'Default',
|
||||
$admin_project_name = 'admin',
|
||||
$keystone_identity_region = 'RegionOne',
|
||||
) { }
|
||||
|
||||
class platform::client
|
||||
inherits ::platform::client::params {
|
||||
|
||||
include ::platform::client::credentials::params
|
||||
$keyring_file = $::platform::client::credentials::params::keyring_file
|
||||
|
||||
file {"/etc/platform/openrc":
|
||||
ensure => "present",
|
||||
mode => '0640',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('platform/openrc.admin.erb'),
|
||||
}
|
||||
}
|
||||
|
||||
class platform::client::credentials::params (
|
||||
$keyring_base,
|
||||
$keyring_directory,
|
||||
$keyring_file,
|
||||
) { }
|
||||
|
||||
class platform::client::credentials
|
||||
inherits ::platform::client::credentials::params {
|
||||
|
||||
Class['::platform::drbd::platform'] ->
|
||||
file { "${keyring_base}":
|
||||
ensure => 'directory',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
} ->
|
||||
file { "${keyring_directory}":
|
||||
ensure => 'directory',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
} ->
|
||||
file { "${keyring_file}":
|
||||
ensure => 'file',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
content => "keyring get CGCS admin"
|
||||
}
|
||||
}
|
||||
|
||||
class platform::client::bootstrap {
|
||||
include ::platform::client
|
||||
include ::platform::client::credentials
|
||||
}
|
||||
|
||||
class platform::client::upgrade {
|
||||
include ::platform::client
|
||||
}
|
|
@ -28,8 +28,8 @@ class platform::mtce
|
|||
include ::openstack::ceilometer::params
|
||||
$ceilometer_port = $::openstack::ceilometer::params::api_port
|
||||
|
||||
include ::openstack::client::credentials::params
|
||||
$keyring_directory = $::openstack::client::credentials::params::keyring_directory
|
||||
include ::platform::client::credentials::params
|
||||
$keyring_directory = $::platform::client::credentials::params::keyring_directory
|
||||
|
||||
file { "/etc/mtc.ini":
|
||||
ensure => present,
|
||||
|
|
|
@ -158,14 +158,14 @@ class platform::sm
|
|||
|
||||
$ost_cl_ctrl_host = $::platform::network::mgmt::params::controller_address_url
|
||||
|
||||
include ::openstack::client::params
|
||||
include ::platform::client::params
|
||||
|
||||
$os_username = $::openstack::client::params::admin_username
|
||||
$os_username = $::platform::client::params::admin_username
|
||||
$os_project_name = 'admin'
|
||||
$os_auth_url = $os_keystone_auth_url
|
||||
$system_url = "http://${ost_cl_ctrl_host}:6385"
|
||||
$os_user_domain_name = $::openstack::client::params::admin_user_domain
|
||||
$os_project_domain_name = $::openstack::client::params::admin_project_domain
|
||||
$os_user_domain_name = $::platform::client::params::admin_user_domain
|
||||
$os_project_domain_name = $::platform::client::params::admin_project_domain
|
||||
|
||||
# Nova
|
||||
$db_server_port = '5432'
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
unset OS_SERVICE_TOKEN
|
||||
|
||||
export OS_ENDPOINT_TYPE=internalURL
|
||||
export CINDER_ENDPOINT_TYPE=internalURL
|
||||
|
||||
export OS_USERNAME=<%= @admin_username %>
|
||||
export OS_PASSWORD=`TERM=linux <%= @keyring_file %> 2>/dev/null`
|
||||
export OS_AUTH_TYPE=password
|
||||
export OS_AUTH_URL=<%= @identity_auth_url %>
|
||||
|
||||
export OS_PROJECT_NAME=<%= @admin_project_name %>
|
||||
export OS_USER_DOMAIN_NAME=<%= @admin_user_domain %>
|
||||
export OS_PROJECT_DOMAIN_NAME=<%= @admin_project_domain %>
|
||||
export OS_IDENTITY_API_VERSION=<%= @identity_api_version %>
|
||||
export OS_REGION_NAME=<%= @identity_region %>
|
||||
export OS_KEYSTONE_REGION_NAME=<%= @keystone_identity_region %>
|
||||
export OS_INTERFACE=internal
|
||||
|
||||
if [ ! -z "${OS_PASSWORD}" ]; then
|
||||
export PS1='[\u@\h \W(keystone_$OS_USERNAME)]\$ '
|
||||
else
|
||||
echo 'Openstack Admin credentials can only be loaded from the active controller.'
|
||||
export PS1='\h:\w\$ '
|
||||
fi
|
|
@ -46,13 +46,13 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
|
|||
return {
|
||||
'keystone::db::postgresql::user': dbuser,
|
||||
|
||||
'openstack::client::params::admin_username': admin_username,
|
||||
'platform::client::params::admin_username': admin_username,
|
||||
|
||||
'openstack::client::credentials::params::keyring_base':
|
||||
'platform::client::credentials::params::keyring_base':
|
||||
os.path.dirname(tsconfig.KEYRING_PATH),
|
||||
'openstack::client::credentials::params::keyring_directory':
|
||||
'platform::client::credentials::params::keyring_directory':
|
||||
tsconfig.KEYRING_PATH,
|
||||
'openstack::client::credentials::params::keyring_file':
|
||||
'platform::client::credentials::params::keyring_file':
|
||||
os.path.join(tsconfig.KEYRING_PATH, '.CREDENTIAL'),
|
||||
}
|
||||
|
||||
|
@ -93,17 +93,17 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
|
|||
|
||||
'keystone::roles::admin::admin': admin_username,
|
||||
|
||||
'openstack::client::params::admin_username': admin_username,
|
||||
'openstack::client::params::admin_project_name': admin_project,
|
||||
'openstack::client::params::admin_user_domain':
|
||||
'platform::client::params::admin_username': admin_username,
|
||||
'platform::client::params::admin_project_name': admin_project,
|
||||
'platform::client::params::admin_user_domain':
|
||||
self.get_admin_user_domain(),
|
||||
'openstack::client::params::admin_project_domain':
|
||||
'platform::client::params::admin_project_domain':
|
||||
self.get_admin_project_domain(),
|
||||
'openstack::client::params::identity_region': self._region_name(),
|
||||
'openstack::client::params::identity_auth_url': self.get_auth_url(),
|
||||
'openstack::client::params::keystone_identity_region':
|
||||
'platform::client::params::identity_region': self._region_name(),
|
||||
'platform::client::params::identity_auth_url': self.get_auth_url(),
|
||||
'platform::client::params::keystone_identity_region':
|
||||
self._identity_specific_region_name(),
|
||||
'openstack::client::params::auth_region':
|
||||
'platform::client::params::auth_region':
|
||||
self._identity_specific_region_name(),
|
||||
'openstack::keystone::params::api_version': self.SERVICE_PATH,
|
||||
'openstack::keystone::params::identity_uri':
|
||||
|
|
Loading…
Reference in New Issue