Containerization, support 2 keystones in sysinv
Support bare metal and pod based keystone in sysinv. The existing keystone_authtoken section of sysinv.conf remains and is used for platform service authentication, while openstack service authentication parameters are moved to a new openstack_keystone_authtoken section. Admin credentials are used in the new openstack_keystone_authtoken section and the region name parameters are also moved to this new section. Change-Id: I7a53dd5a2dc52213e0f1e0cc748649a33f0f9f40 Story: 2002876 Task: 26926 Signed-off-by: Kevin Smith <kevin.smith@windriver.com>
This commit is contained in:
parent
a275d8171a
commit
3a91cbae4d
|
@ -22,12 +22,13 @@
|
||||||
#
|
#
|
||||||
# === Parameters
|
# === Parameters
|
||||||
#
|
#
|
||||||
# [*keystone_password*]
|
|
||||||
# The password to use for authentication (keystone)
|
|
||||||
#
|
|
||||||
# [*keystone_enabled*]
|
# [*keystone_enabled*]
|
||||||
# (optional) Use keystone for authentification
|
# (optional) Use keystone for authentification
|
||||||
# Defaults to true
|
# Defaults to true
|
||||||
|
# Applies to both bare metal and pod based keystones
|
||||||
|
#
|
||||||
|
# [*keystone_password*]
|
||||||
|
# The password to use for authentication (keystone)
|
||||||
#
|
#
|
||||||
# [*keystone_tenant*]
|
# [*keystone_tenant*]
|
||||||
# (optional) The tenant of the auth user
|
# (optional) The tenant of the auth user
|
||||||
|
@ -88,6 +89,58 @@
|
||||||
# (optional) The state of the service
|
# (optional) The state of the service
|
||||||
# Defaults to true
|
# Defaults to true
|
||||||
#
|
#
|
||||||
|
# [*openstack_keystone_tenant*]
|
||||||
|
# (optional) The tenant of the auth user
|
||||||
|
# Defaults to admin
|
||||||
|
# For pod based keystone for authentication with openstack services
|
||||||
|
#
|
||||||
|
# [*openstack_keystone_user*]
|
||||||
|
# (optional) The name of the auth user
|
||||||
|
# Defaults to admin
|
||||||
|
# For pod based keystone for authentication with openstack services
|
||||||
|
#
|
||||||
|
# [*openstack_keyring_service*]
|
||||||
|
# (optional) The keyring service from which to retrieve the password
|
||||||
|
# For pod based keystone for authentication with openstack services
|
||||||
|
#
|
||||||
|
# [*openstack_keystone_auth_host*]
|
||||||
|
# (optional) The keystone host
|
||||||
|
# Defaults to localhost
|
||||||
|
# For pod based keystone for authentication with openstack services
|
||||||
|
#
|
||||||
|
# [*openstack_keystone_auth_port*]
|
||||||
|
# (optional) The keystone auth port
|
||||||
|
# Defaults to 5000
|
||||||
|
# For pod based keystone for authentication with openstack services
|
||||||
|
#
|
||||||
|
# [*openstack_keystone_auth_protocol*]
|
||||||
|
# (optional) The protocol used to access the auth host
|
||||||
|
# Defaults to http.
|
||||||
|
# For pod based keystone for authentication with openstack services
|
||||||
|
#
|
||||||
|
# [*openstack_keystone_auth_admin_prefix*]
|
||||||
|
# (optional) The admin_prefix used to admin endpoint of the auth host
|
||||||
|
# This allow admin auth URIs like http://auth_host:5000/keystone.
|
||||||
|
# (where '/keystone' is the admin prefix)
|
||||||
|
# Defaults to false for empty. If defined, should be a string with a
|
||||||
|
# leading '/' and no trailing '/'.
|
||||||
|
# For pod based keystone for authentication with openstack services
|
||||||
|
#
|
||||||
|
# [*openstack_keystone_user_domain*]
|
||||||
|
# (Optional) domain name for auth user.
|
||||||
|
# Defaults to 'Default'.
|
||||||
|
# For pod based keystone for authentication with openstack services
|
||||||
|
#
|
||||||
|
# [*openstack_keystone_project_domain*]
|
||||||
|
# (Optional) domain name for auth project.
|
||||||
|
# Defaults to 'Default'.
|
||||||
|
# For pod based keystone for authentication with openstack services
|
||||||
|
#
|
||||||
|
# [*openstack_auth_type*]
|
||||||
|
# (Optional) Authentication type to load.
|
||||||
|
# Defaults to 'password'.
|
||||||
|
# For pod based keystone for authentication with openstack services
|
||||||
|
#
|
||||||
class sysinv::api (
|
class sysinv::api (
|
||||||
$keystone_password,
|
$keystone_password,
|
||||||
$keystone_enabled = true,
|
$keystone_enabled = true,
|
||||||
|
@ -103,6 +156,19 @@ class sysinv::api (
|
||||||
$keystone_user_domain = 'Default',
|
$keystone_user_domain = 'Default',
|
||||||
$keystone_project_domain = 'Default',
|
$keystone_project_domain = 'Default',
|
||||||
$auth_type = 'password',
|
$auth_type = 'password',
|
||||||
|
$openstack_keystone_tenant = 'admin',
|
||||||
|
$openstack_keystone_user = 'admin',
|
||||||
|
$openstack_keyring_service = undef,
|
||||||
|
$openstack_keystone_auth_host = 'localhost',
|
||||||
|
$openstack_keystone_auth_port = '5000',
|
||||||
|
$openstack_keystone_auth_protocol = 'http',
|
||||||
|
$openstack_keystone_auth_admin_prefix = false,
|
||||||
|
$openstack_keystone_auth_uri = false,
|
||||||
|
$openstack_keystone_auth_version = false,
|
||||||
|
$openstack_keystone_identity_uri = false,
|
||||||
|
$openstack_keystone_user_domain = 'Default',
|
||||||
|
$openstack_keystone_project_domain = 'Default',
|
||||||
|
$openstack_auth_type = 'password',
|
||||||
$service_port = '5000',
|
$service_port = '5000',
|
||||||
$package_ensure = 'latest',
|
$package_ensure = 'latest',
|
||||||
$bind_host = '0.0.0.0',
|
$bind_host = '0.0.0.0',
|
||||||
|
@ -145,6 +211,12 @@ class sysinv::api (
|
||||||
sysinv_api_paste_ini { 'filter:authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; }
|
sysinv_api_paste_ini { 'filter:authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $openstack_keystone_identity_uri {
|
||||||
|
sysinv_config { 'openstack_keystone_authtoken/auth_url': value => $openstack_keystone_identity_uri; }
|
||||||
|
} else {
|
||||||
|
sysinv_config { 'openstack_keystone_authtoken/auth_url': value => "${openstack_keystone_auth_protocol}://${openstack_keystone_auth_host}:5000/"; }
|
||||||
|
}
|
||||||
|
|
||||||
if $keystone_auth_uri {
|
if $keystone_auth_uri {
|
||||||
sysinv_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; }
|
sysinv_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; }
|
||||||
sysinv_api_paste_ini { 'filter:authtoken/auth_uri': value => $keystone_auth_uri; }
|
sysinv_api_paste_ini { 'filter:authtoken/auth_uri': value => $keystone_auth_uri; }
|
||||||
|
@ -157,6 +229,14 @@ class sysinv::api (
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $openstack_keystone_auth_uri {
|
||||||
|
sysinv_config { 'openstack_keystone_authtoken/auth_uri': value => $openstack_keystone_auth_uri; }
|
||||||
|
} else {
|
||||||
|
sysinv_config {
|
||||||
|
'openstack_keystone_authtoken/auth_uri': value => "${openstack_keystone_auth_protocol}://${openstack_keystone_auth_host}:5000/";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if $keystone_auth_version {
|
if $keystone_auth_version {
|
||||||
sysinv_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; }
|
sysinv_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; }
|
||||||
sysinv_api_paste_ini { 'filter:authtoken/auth_version': value => $keystone_auth_version; }
|
sysinv_api_paste_ini { 'filter:authtoken/auth_version': value => $keystone_auth_version; }
|
||||||
|
@ -165,6 +245,12 @@ class sysinv::api (
|
||||||
sysinv_api_paste_ini { 'filter:authtoken/auth_version': ensure => absent; }
|
sysinv_api_paste_ini { 'filter:authtoken/auth_version': ensure => absent; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $openstack_keystone_auth_version {
|
||||||
|
sysinv_config { 'openstack_keystone_authtoken/auth_version': value => $openstack_keystone_auth_version; }
|
||||||
|
} else {
|
||||||
|
sysinv_config { 'openstack_keystone_authtoken/auth_version': ensure => absent; }
|
||||||
|
}
|
||||||
|
|
||||||
if $keystone_enabled {
|
if $keystone_enabled {
|
||||||
sysinv_config {
|
sysinv_config {
|
||||||
'DEFAULT/auth_strategy': value => 'keystone' ;
|
'DEFAULT/auth_strategy': value => 'keystone' ;
|
||||||
|
@ -177,6 +263,14 @@ class sysinv::api (
|
||||||
'keystone_authtoken/user_domain_name': value => $keystone_user_domain;
|
'keystone_authtoken/user_domain_name': value => $keystone_user_domain;
|
||||||
'keystone_authtoken/project_domain_name': value => $keystone_project_domain;
|
'keystone_authtoken/project_domain_name': value => $keystone_project_domain;
|
||||||
}
|
}
|
||||||
|
sysinv_config {
|
||||||
|
'openstack_keystone_authtoken/auth_type': value => $openstack_auth_type;
|
||||||
|
'openstack_keystone_authtoken/project_name': value => $openstack_keystone_tenant;
|
||||||
|
'openstack_keystone_authtoken/username': value => $openstack_keystone_user;
|
||||||
|
'openstack_keystone_authtoken/user_domain_name': value => $openstack_keystone_user_domain;
|
||||||
|
'openstack_keystone_authtoken/project_domain_name': value => $openstack_keystone_project_domain;
|
||||||
|
'openstack_keystone_authtoken/keyring_service': value => $openstack_keyring_service;
|
||||||
|
}
|
||||||
|
|
||||||
sysinv_api_paste_ini {
|
sysinv_api_paste_ini {
|
||||||
'filter:authtoken/project_name': value => $keystone_tenant;
|
'filter:authtoken/project_name': value => $keystone_tenant;
|
||||||
|
@ -202,6 +296,18 @@ class sysinv::api (
|
||||||
'filter:authtoken/auth_admin_prefix': ensure => absent;
|
'filter:authtoken/auth_admin_prefix': ensure => absent;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $openstack_keystone_auth_admin_prefix {
|
||||||
|
validate_re($openstack_keystone_auth_admin_prefix, '^(/.+[^/])?$')
|
||||||
|
sysinv_config {
|
||||||
|
'openstack_keystone_authtoken/auth_admin_prefix': value => $openstack_keystone_auth_admin_prefix;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
sysinv_config {
|
||||||
|
'openstack_keystone_authtoken/auth_admin_prefix': ensure => absent;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
|
@ -195,10 +195,11 @@ class sysinv (
|
||||||
|
|
||||||
sysinv_config {
|
sysinv_config {
|
||||||
'keystone_authtoken/region_name': value => $region_name;
|
'keystone_authtoken/region_name': value => $region_name;
|
||||||
'keystone_authtoken/neutron_region_name': value => $neutron_region_name;
|
'openstack_keystone_authtoken/region_name': value => $region_name;
|
||||||
'keystone_authtoken/cinder_region_name': value => $cinder_region_name;
|
'openstack_keystone_authtoken/neutron_region_name': value => $neutron_region_name;
|
||||||
'keystone_authtoken/nova_region_name': value => $nova_region_name;
|
'openstack_keystone_authtoken/cinder_region_name': value => $cinder_region_name;
|
||||||
'keystone_authtoken/magnum_region_name': value => $magnum_region_name;
|
'openstack_keystone_authtoken/nova_region_name': value => $nova_region_name;
|
||||||
|
'openstack_keystone_authtoken/magnum_region_name': value => $magnum_region_name;
|
||||||
}
|
}
|
||||||
|
|
||||||
sysinv_config {
|
sysinv_config {
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
|
|
||||||
""" System Inventory Openstack Utilities and helper functions."""
|
""" System Inventory Openstack Utilities and helper functions."""
|
||||||
|
|
||||||
|
import keyring
|
||||||
from cinderclient.v2 import client as cinder_client_v2
|
from cinderclient.v2 import client as cinder_client_v2
|
||||||
from sysinv.common import constants
|
from sysinv.common import constants
|
||||||
from sysinv.common import exception
|
from sysinv.common import exception
|
||||||
|
@ -23,7 +24,6 @@ from neutronclient.v2_0 import client as neutron_client_v2_0
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from keystoneclient.v3 import client as keystone_client
|
from keystoneclient.v3 import client as keystone_client
|
||||||
from keystoneclient.auth.identity import v3
|
from keystoneclient.auth.identity import v3
|
||||||
from keystoneclient import exceptions as identity_exc
|
|
||||||
from keystoneclient import session
|
from keystoneclient import session
|
||||||
from sqlalchemy.orm import exc
|
from sqlalchemy.orm import exc
|
||||||
from magnumclient.v1 import client as magnum_client_v1
|
from magnumclient.v1 import client as magnum_client_v1
|
||||||
|
@ -60,18 +60,6 @@ keystone_opts = [
|
||||||
cfg.StrOpt('region_name',
|
cfg.StrOpt('region_name',
|
||||||
default='RegionOne',
|
default='RegionOne',
|
||||||
help=_("Region Name")),
|
help=_("Region Name")),
|
||||||
cfg.StrOpt('neutron_region_name',
|
|
||||||
default='RegionOne',
|
|
||||||
help=_("Neutron Region Name")),
|
|
||||||
cfg.StrOpt('cinder_region_name',
|
|
||||||
default='RegionOne',
|
|
||||||
help=_("Cinder Region Name")),
|
|
||||||
cfg.StrOpt('nova_region_name',
|
|
||||||
default='RegionOne',
|
|
||||||
help=_("Nova Region Name")),
|
|
||||||
cfg.StrOpt('magnum_region_name',
|
|
||||||
default='RegionOne',
|
|
||||||
help=_("Magnum Region Name")),
|
|
||||||
cfg.StrOpt('username',
|
cfg.StrOpt('username',
|
||||||
default='sysinv',
|
default='sysinv',
|
||||||
help=_("Sysinv keystone user name")),
|
help=_("Sysinv keystone user name")),
|
||||||
|
@ -89,8 +77,52 @@ keystone_opts = [
|
||||||
help=_("Sysinv keystone user project domain name"))
|
help=_("Sysinv keystone user project domain name"))
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
openstack_keystone_opts = [
|
||||||
|
cfg.StrOpt('keyring_service',
|
||||||
|
default='CGCS',
|
||||||
|
help=_("Keyring service")),
|
||||||
|
cfg.StrOpt('auth_uri',
|
||||||
|
default='http://192.168.204.2:5000/',
|
||||||
|
help=_("Authentication URI")),
|
||||||
|
cfg.StrOpt('auth_url',
|
||||||
|
default='http://127.0.0.1:5000/',
|
||||||
|
help=_("Admin Authentication URI")),
|
||||||
|
cfg.StrOpt('region_name',
|
||||||
|
default='RegionOne',
|
||||||
|
help=_("Region Name")),
|
||||||
|
cfg.StrOpt('username',
|
||||||
|
default='admin',
|
||||||
|
help=_("keystone user name")),
|
||||||
|
cfg.StrOpt('neutron_region_name',
|
||||||
|
default='RegionOne',
|
||||||
|
help=_("Neutron Region Name")),
|
||||||
|
cfg.StrOpt('cinder_region_name',
|
||||||
|
default='RegionOne',
|
||||||
|
help=_("Cinder Region Name")),
|
||||||
|
cfg.StrOpt('nova_region_name',
|
||||||
|
default='RegionOne',
|
||||||
|
help=_("Nova Region Name")),
|
||||||
|
cfg.StrOpt('magnum_region_name',
|
||||||
|
default='RegionOne',
|
||||||
|
help=_("Magnum Region Name")),
|
||||||
|
cfg.StrOpt('project_name',
|
||||||
|
default='admin',
|
||||||
|
help=_("keystone user project name")),
|
||||||
|
cfg.StrOpt('user_domain_name',
|
||||||
|
default='Default',
|
||||||
|
help=_("keystone user domain name")),
|
||||||
|
cfg.StrOpt('project_domain_name',
|
||||||
|
default='Default',
|
||||||
|
help=_("keystone user project domain name"))
|
||||||
|
]
|
||||||
|
|
||||||
# Register the configuration options
|
# Register the configuration options
|
||||||
cfg.CONF.register_opts(keystone_opts, "KEYSTONE_AUTHTOKEN")
|
PLATFORM_CONFIG = 'KEYSTONE_AUTHTOKEN'
|
||||||
|
OPENSTACK_CONFIG = 'OPENSTACK_KEYSTONE_AUTHTOKEN'
|
||||||
|
|
||||||
|
cfg.CONF.register_opts(keystone_opts, PLATFORM_CONFIG)
|
||||||
|
cfg.CONF.register_opts(openstack_keystone_opts, OPENSTACK_CONFIG)
|
||||||
|
|
||||||
|
|
||||||
class OpenStackOperator(object):
|
class OpenStackOperator(object):
|
||||||
|
@ -105,7 +137,19 @@ class OpenStackOperator(object):
|
||||||
self.nova_client = None
|
self.nova_client = None
|
||||||
self.neutron_client = None
|
self.neutron_client = None
|
||||||
self._neutron_extension_list = []
|
self._neutron_extension_list = []
|
||||||
self.auth_url = cfg.CONF.KEYSTONE_AUTHTOKEN.auth_url + "/v3"
|
self._auth_url = cfg.CONF[PLATFORM_CONFIG].auth_url + "/v3"
|
||||||
|
self._openstack_auth_url = cfg.CONF[OPENSTACK_CONFIG].auth_url + "/v3"
|
||||||
|
|
||||||
|
def _get_auth_url(self, service_config):
|
||||||
|
if service_config == PLATFORM_CONFIG:
|
||||||
|
return self._auth_url
|
||||||
|
elif service_config == OPENSTACK_CONFIG:
|
||||||
|
return self._openstack_auth_url
|
||||||
|
else:
|
||||||
|
LOG.error("Unrecognized keystone service configuration. "
|
||||||
|
"service_config=%s" % (service_config))
|
||||||
|
raise exception.InvalidParameterValue(
|
||||||
|
_("Unrecognized keystone service_config."))
|
||||||
|
|
||||||
#################
|
#################
|
||||||
# NEUTRON
|
# NEUTRON
|
||||||
|
@ -116,10 +160,10 @@ class OpenStackOperator(object):
|
||||||
# neutronclient doesn't yet support v3 keystone auth
|
# neutronclient doesn't yet support v3 keystone auth
|
||||||
# use keystoneauth.session
|
# use keystoneauth.session
|
||||||
self.neutron_client = neutron_client_v2_0.Client(
|
self.neutron_client = neutron_client_v2_0.Client(
|
||||||
session=self._get_keystone_session(),
|
session=self._get_keystone_session(OPENSTACK_CONFIG),
|
||||||
auth_url=self.auth_url,
|
auth_url=self._get_auth_url(OPENSTACK_CONFIG),
|
||||||
endpoint_type='internalURL',
|
endpoint_type='internalURL',
|
||||||
region_name=cfg.CONF.KEYSTONE_AUTHTOKEN.neutron_region_name)
|
region_name=cfg.CONF[OPENSTACK_CONFIG].neutron_region_name)
|
||||||
return self.neutron_client
|
return self.neutron_client
|
||||||
|
|
||||||
def get_providernetworksdict(self, pn_names=None, quiet=False):
|
def get_providernetworksdict(self, pn_names=None, quiet=False):
|
||||||
|
@ -243,11 +287,11 @@ class OpenStackOperator(object):
|
||||||
# novaclient doesn't yet support v3 keystone auth
|
# novaclient doesn't yet support v3 keystone auth
|
||||||
# use keystoneauth.session
|
# use keystoneauth.session
|
||||||
self.nova_client = nova_client_v2.Client(
|
self.nova_client = nova_client_v2.Client(
|
||||||
session=self._get_keystone_session(),
|
session=self._get_keystone_session(OPENSTACK_CONFIG),
|
||||||
auth_url=self.auth_url,
|
auth_url=self._get_auth_url(OPENSTACK_CONFIG),
|
||||||
endpoint_type='internalURL',
|
endpoint_type='internalURL',
|
||||||
direct_use=False,
|
direct_use=False,
|
||||||
region_name=cfg.CONF.KEYSTONE_AUTHTOKEN.nova_region_name)
|
region_name=cfg.CONF[OPENSTACK_CONFIG].nova_region_name)
|
||||||
return self.nova_client
|
return self.nova_client
|
||||||
|
|
||||||
def try_interface_get_by_host(self, host_uuid):
|
def try_interface_get_by_host(self, host_uuid):
|
||||||
|
@ -639,49 +683,49 @@ class OpenStackOperator(object):
|
||||||
#################
|
#################
|
||||||
# Keystone
|
# Keystone
|
||||||
#################
|
#################
|
||||||
def _get_keystone_session(self):
|
def _get_keystone_session(self, service_config):
|
||||||
if not self.keystone_session:
|
if not self.keystone_session:
|
||||||
auth = v3.Password(auth_url=self.auth_url,
|
if service_config == OPENSTACK_CONFIG:
|
||||||
username=cfg.CONF.KEYSTONE_AUTHTOKEN.username,
|
password = keyring.get_password(cfg.CONF[OPENSTACK_CONFIG].
|
||||||
password=cfg.CONF.KEYSTONE_AUTHTOKEN.password,
|
keyring_service,
|
||||||
user_domain_name=cfg.CONF.KEYSTONE_AUTHTOKEN.
|
cfg.CONF[OPENSTACK_CONFIG].
|
||||||
|
username)
|
||||||
|
else:
|
||||||
|
password = cfg.CONF[service_config].password
|
||||||
|
|
||||||
|
auth = v3.Password(auth_url=self._get_auth_url(service_config),
|
||||||
|
username=cfg.CONF[service_config].username,
|
||||||
|
password=password,
|
||||||
|
user_domain_name=cfg.CONF[service_config].
|
||||||
user_domain_name,
|
user_domain_name,
|
||||||
project_name=cfg.CONF.KEYSTONE_AUTHTOKEN.
|
project_name=cfg.CONF[service_config].
|
||||||
project_name,
|
project_name,
|
||||||
project_domain_name=cfg.CONF.KEYSTONE_AUTHTOKEN.
|
project_domain_name=cfg.CONF[service_config].
|
||||||
project_domain_name)
|
project_domain_name)
|
||||||
self.keystone_session = session.Session(auth=auth)
|
self.keystone_session = session.Session(auth=auth)
|
||||||
return self.keystone_session
|
return self.keystone_session
|
||||||
|
|
||||||
def _get_keystoneclient(self):
|
def _get_keystoneclient(self, service_config):
|
||||||
|
if service_config == OPENSTACK_CONFIG:
|
||||||
|
password = keyring.get_password(cfg.CONF[OPENSTACK_CONFIG].
|
||||||
|
keyring_service,
|
||||||
|
cfg.CONF[OPENSTACK_CONFIG].
|
||||||
|
username)
|
||||||
|
else:
|
||||||
|
password = cfg.CONF[service_config].password
|
||||||
|
|
||||||
if not self.keystone_client: # should not cache this forever
|
if not self.keystone_client: # should not cache this forever
|
||||||
self.keystone_client = keystone_client.Client(
|
self.keystone_client = keystone_client.Client(
|
||||||
username=cfg.CONF.KEYSTONE_AUTHTOKEN.username,
|
username=cfg.CONF[service_config].username,
|
||||||
user_domain_name=cfg.CONF.KEYSTONE_AUTHTOKEN.user_domain_name,
|
user_domain_name=cfg.CONF[service_config].user_domain_name,
|
||||||
project_name=cfg.CONF.KEYSTONE_AUTHTOKEN.project_name,
|
project_name=cfg.CONF[service_config].project_name,
|
||||||
project_domain_name=cfg.CONF.KEYSTONE_AUTHTOKEN
|
project_domain_name=cfg.CONF[service_config]
|
||||||
.project_domain_name,
|
.project_domain_name,
|
||||||
password=cfg.CONF.KEYSTONE_AUTHTOKEN.password,
|
password=password,
|
||||||
auth_url=self.auth_url,
|
auth_url=self._get_auth_url(service_config),
|
||||||
region_name=cfg.CONF.KEYSTONE_AUTHTOKEN.region_name)
|
region_name=cfg.CONF[service_config].region_name)
|
||||||
return self.keystone_client
|
return self.keystone_client
|
||||||
|
|
||||||
def _get_identity_id(self):
|
|
||||||
try:
|
|
||||||
LOG.debug("Search service id for : (%s)" %
|
|
||||||
constants.SERVICE_TYPE_IDENTITY)
|
|
||||||
service = self._get_keystoneclient().services.find(
|
|
||||||
type=constants.SERVICE_TYPE_IDENTITY)
|
|
||||||
except identity_exc.NotFound:
|
|
||||||
LOG.error("Could not find service id for (%s)" %
|
|
||||||
constants.SERVICE_TYPE_IDENTITY)
|
|
||||||
return None
|
|
||||||
except identity_exc.NoUniqueMatch:
|
|
||||||
LOG.error("Multiple service matches found for (%s)" %
|
|
||||||
constants.SERVICE_TYPE_IDENTITY)
|
|
||||||
return None
|
|
||||||
return service.id
|
|
||||||
|
|
||||||
#################
|
#################
|
||||||
# Cinder
|
# Cinder
|
||||||
#################
|
#################
|
||||||
|
@ -692,10 +736,10 @@ class OpenStackOperator(object):
|
||||||
region1_name = get_region_name('region_1_name')
|
region1_name = get_region_name('region_1_name')
|
||||||
if region1_name is None:
|
if region1_name is None:
|
||||||
region1_name = 'RegionOne'
|
region1_name = 'RegionOne'
|
||||||
service_list = self._get_keystoneclient().services.list()
|
service_list = self._get_keystoneclient(OPENSTACK_CONFIG).services.list()
|
||||||
for s in service_list:
|
for s in service_list:
|
||||||
if s.name.find(constants.SERVICE_TYPE_CINDER) != -1:
|
if s.name.find(constants.SERVICE_TYPE_CINDER) != -1:
|
||||||
endpoint_list += self._get_keystoneclient().endpoints.list(
|
endpoint_list += self._get_keystoneclient(OPENSTACK_CONFIG).endpoints.list(
|
||||||
service=s, region=region1_name)
|
service=s, region=region1_name)
|
||||||
except Exception:
|
except Exception:
|
||||||
LOG.error("Failed to get keystone endpoints for cinder.")
|
LOG.error("Failed to get keystone endpoints for cinder.")
|
||||||
|
@ -704,10 +748,10 @@ class OpenStackOperator(object):
|
||||||
def _get_cinderclient(self):
|
def _get_cinderclient(self):
|
||||||
if not self.cinder_client:
|
if not self.cinder_client:
|
||||||
self.cinder_client = cinder_client_v2.Client(
|
self.cinder_client = cinder_client_v2.Client(
|
||||||
session=self._get_keystone_session(),
|
session=self._get_keystone_session(OPENSTACK_CONFIG),
|
||||||
auth_url=self.auth_url,
|
auth_url=self._get_auth_url(OPENSTACK_CONFIG),
|
||||||
endpoint_type='internalURL',
|
endpoint_type='internalURL',
|
||||||
region_name=cfg.CONF.KEYSTONE_AUTHTOKEN.cinder_region_name)
|
region_name=cfg.CONF[OPENSTACK_CONFIG].cinder_region_name)
|
||||||
|
|
||||||
return self.cinder_client
|
return self.cinder_client
|
||||||
|
|
||||||
|
@ -817,7 +861,7 @@ class OpenStackOperator(object):
|
||||||
region1_name = get_region_name('region_1_name')
|
region1_name = get_region_name('region_1_name')
|
||||||
if region1_name is None:
|
if region1_name is None:
|
||||||
region1_name = 'RegionOne'
|
region1_name = 'RegionOne'
|
||||||
auth_ref = self._get_keystoneclient().auth_ref
|
auth_ref = self._get_keystoneclient(PLATFORM_CONFIG).auth_ref
|
||||||
if auth_ref is None:
|
if auth_ref is None:
|
||||||
raise exception.SysinvException(_("Unable to get auth ref "
|
raise exception.SysinvException(_("Unable to get auth ref "
|
||||||
"from keystone client"))
|
"from keystone client"))
|
||||||
|
@ -830,7 +874,7 @@ class OpenStackOperator(object):
|
||||||
version = 1
|
version = 1
|
||||||
return cgts_client.Client(version=version,
|
return cgts_client.Client(version=version,
|
||||||
endpoint=endpoint['url'],
|
endpoint=endpoint['url'],
|
||||||
auth_url=self.auth_url,
|
auth_url=self._get_auth_url(PLATFORM_CONFIG),
|
||||||
token=auth_token['id'])
|
token=auth_token['id'])
|
||||||
|
|
||||||
def get_ceph_mon_info(self):
|
def get_ceph_mon_info(self):
|
||||||
|
@ -879,11 +923,11 @@ class OpenStackOperator(object):
|
||||||
# because neutron and nova client doesn't
|
# because neutron and nova client doesn't
|
||||||
# and I shamelessly copied them
|
# and I shamelessly copied them
|
||||||
self.magnum_client = magnum_client_v1.Client(
|
self.magnum_client = magnum_client_v1.Client(
|
||||||
session=self._get_keystone_session(),
|
session=self._get_keystone_session(OPENSTACK_CONFIG),
|
||||||
auth_url=self.auth_url,
|
auth_url=self._get_auth_url(OPENSTACK_CONFIG),
|
||||||
endpoint_type='internalURL',
|
endpoint_type='internalURL',
|
||||||
direct_use=False,
|
direct_use=False,
|
||||||
region_name=cfg.CONF.KEYSTONE_AUTHTOKEN.magnum_region_name)
|
region_name=cfg.CONF[OPENSTACK_CONFIG].magnum_region_name)
|
||||||
return self.magnum_client
|
return self.magnum_client
|
||||||
|
|
||||||
def get_magnum_cluster_count(self):
|
def get_magnum_cluster_count(self):
|
||||||
|
|
|
@ -16,6 +16,8 @@ class SystemInventoryPuppet(openstack.OpenstackBasePuppet):
|
||||||
SERVICE_PORT = 6385
|
SERVICE_PORT = 6385
|
||||||
SERVICE_PATH = 'v1'
|
SERVICE_PATH = 'v1'
|
||||||
|
|
||||||
|
OPENSTACK_KEYRING_SERVICE = 'CGCS'
|
||||||
|
|
||||||
def get_static_config(self):
|
def get_static_config(self):
|
||||||
dbuser = self._get_database_username(self.SERVICE_NAME)
|
dbuser = self._get_database_username(self.SERVICE_NAME)
|
||||||
|
|
||||||
|
@ -79,6 +81,21 @@ class SystemInventoryPuppet(openstack.OpenstackBasePuppet):
|
||||||
'openstack::sysinv::params::region_name': self.get_region_name(),
|
'openstack::sysinv::params::region_name': self.get_region_name(),
|
||||||
'platform::sysinv::params::service_create':
|
'platform::sysinv::params::service_create':
|
||||||
self._to_create_services(),
|
self._to_create_services(),
|
||||||
|
|
||||||
|
'sysinv::api::openstack_keystone_auth_uri':
|
||||||
|
self._keystone_auth_uri(),
|
||||||
|
'sysinv::api::openstack_keystone_identity_uri':
|
||||||
|
self._keystone_identity_uri(),
|
||||||
|
'sysinv::api::openstack_keystone_user_domain':
|
||||||
|
self._operator.keystone.get_admin_user_domain(),
|
||||||
|
'sysinv::api::openstack_keystone_project_domain':
|
||||||
|
self._operator.keystone.get_admin_project_domain(),
|
||||||
|
'sysinv::api::openstack_keystone_user':
|
||||||
|
self._operator.keystone.get_admin_user_name(),
|
||||||
|
'sysinv::api::openstack_keystone_tenant':
|
||||||
|
self._operator.keystone.get_admin_project_name(),
|
||||||
|
'sysinv::api::openstack_keyring_service':
|
||||||
|
self.OPENSTACK_KEYRING_SERVICE
|
||||||
}
|
}
|
||||||
|
|
||||||
def get_secure_system_config(self):
|
def get_secure_system_config(self):
|
||||||
|
|
Loading…
Reference in New Issue