Transition to Rackspace API keys

Rackspace is requiring multi-factor authentication for all users
beginning 2024-03-26. Enabling MFA on our accounts will immediately
render password-based authentication inoperable for the API. In
preparation for this switch, add new cloud entries for the provider
which authenticate by API key so that we can test and move more
smoothly between the two while we work out any unanticipated kinks.

Change-Id: I787df458aa048ad80e246128085b252bb5888285
This commit is contained in:
Jeremy Stanley 2024-03-05 17:57:20 +00:00
parent 688dd78a08
commit 601e4a4a55
6 changed files with 75 additions and 0 deletions

View File

@ -19,6 +19,8 @@ dependencies = [
"openstacksdk>=0.103", "openstacksdk>=0.103",
# Pin to a version of cinderclient known to work with RAX storage... # Pin to a version of cinderclient known to work with RAX storage...
"python-cinderclient<8", "python-cinderclient<8",
# Needed for Rackspace api_key authentication
"rackspaceauth",
] ]
[project.urls] [project.urls]

View File

@ -9,6 +9,7 @@
_install_ansible_requirements: _install_ansible_requirements:
- 'ansible<9' - 'ansible<9'
- 'openstacksdk' - 'openstacksdk'
- 'rackspaceauth'
- name: Add ARA to defaults if enabled - name: Add ARA to defaults if enabled
when: install_ansible_ara_enable when: install_ansible_ara_enable

View File

@ -34,6 +34,42 @@ clouds:
username: '{{ clouds.openstackci_ovh_username }}' username: '{{ clouds.openstackci_ovh_username }}'
password: '{{ clouds.openstackci_ovh_password }}' password: '{{ clouds.openstackci_ovh_password }}'
project_name: '{{ clouds.openstackci_ovh_project_name }}' project_name: '{{ clouds.openstackci_ovh_project_name }}'
opendevci-rax:
regions:
- name: DFW
values:
block_storage_endpoint_override: 'https://dfw.blockstorage.api.rackspacecloud.com/v2/'
- name: ORD
values:
block_storage_endpoint_override: 'https://ord.blockstorage.api.rackspacecloud.com/v2/'
- name: IAD
values:
block_storage_endpoint_override: 'https://iad.blockstorage.api.rackspacecloud.com/v2/'
profile: rackspace
auth:
username: '{{ clouds.opendevci_rax_username }}'
api_key: '{{ clouds.opendevci_rax_key }}'
project_id: '{{ clouds.opendevci_rax_project_id }}'
auth_type: 'rackspace_apikey'
volume_api_version: 2
opendevzuul-rax:
regions:
- name: DFW
values:
block_storage_endpoint_override: 'https://dfw.blockstorage.api.rackspacecloud.com/v2/'
- name: ORD
values:
block_storage_endpoint_override: 'https://ord.blockstorage.api.rackspacecloud.com/v2/'
- name: IAD
values:
block_storage_endpoint_override: 'https://iad.blockstorage.api.rackspacecloud.com/v2/'
profile: rackspace
auth:
username: '{{ clouds.opendevzuul_rax_username }}'
api_key: '{{ clouds.opendevzuul_rax_key }}'
project_id: '{{ clouds.opendevzuul_rax_project_id }}'
auth_type: 'rackspace_apikey'
volume_api_version: 2
openstackci-rax: openstackci-rax:
regions: regions:
- name: DFW - name: DFW

View File

@ -17,6 +17,35 @@ cache:
port: 5 port: 5
floating-ip: 5 floating-ip: 5
clouds: clouds:
rackspace:
profile: rackspace
regions:
- name: DFW
values:
block_storage_endpoint_override: 'https://dfw.blockstorage.api.rackspacecloud.com/v2/'
metrics:
statsd:
prefix: 'nodepool.task.rackspace-dfw'
- name: ORD
values:
block_storage_endpoint_override: 'https://ord.blockstorage.api.rackspacecloud.com/v2/'
metrics:
statsd:
prefix: 'nodepool.task.rackspace-ord'
- name: IAD
values:
block_storage_endpoint_override: 'https://iad.blockstorage.api.rackspacecloud.com/v2/'
metrics:
statsd:
prefix: 'nodepool.task.rackspace-iad'
api_timeout: 60
auth:
username: '{{ nodepool_rackspace_username }}'
api_key: '{{ nodepool_rackspace_key }}'
project_id: '{{ nodepool_rackspace_project }}'
auth_type: 'rackspace_apikey'
force_ipv4: true
volume_api_version: 2
rax: rax:
profile: rackspace profile: rackspace
regions: regions:

View File

@ -3,6 +3,12 @@ clouds:
openstackci_ovh_username: user openstackci_ovh_username: user
openstackci_ovh_password: password openstackci_ovh_password: password
openstackci_ovh_project_name: project openstackci_ovh_project_name: project
opendevci_rax_username: user
opendevci_rax_key: apikey
opendevci_rax_project_id: project
opendevzuul_rax_username: user
opendevzuul_rax_key: apikey
opendevzuul_rax_project_id: project
openstackci_rax_username: user openstackci_rax_username: user
openstackci_rax_password: password openstackci_rax_password: password
openstackci_rax_project_id: project openstackci_rax_project_id: project

View File

@ -30,6 +30,7 @@ zuul_worker_ssh_private_key_contents: |
-----END OPENSSH PRIVATE KEY----- -----END OPENSSH PRIVATE KEY-----
# Necessary for fake clouds.yaml to be written # Necessary for fake clouds.yaml to be written
nodepool_rackspace_username: user nodepool_rackspace_username: user
nodepool_rackspace_key: apikey
nodepool_rackspace_password: password nodepool_rackspace_password: password
nodepool_rackspace_project: project nodepool_rackspace_project: project
nodepool_ovh_username: user nodepool_ovh_username: user