Add code to support novajoin in the undercloud

Novajoin is a new nova metadata micro-service that registers instances created by nova with a FreeIPA server, so that we can take advantage of server/service identities, kerberos credentials, access and sudo controls etc. The included modules will cause the undercloud to be registered with a FreeIPA server, for novajoin to be installed, and for nova on the undercloud to be configured to use novajoin. Implements: blueprint novajoin Depends-On: I5ffa45bdc400e123079c79e15776ebacdcb24de9 Change-Id: Ia2fdb544460cd39fbfda5970c9bfba22feec6403
2016-11-17 15:09:08 -05:00 · 2016-11-17 15:09:08 -05:00 · 3a12ee67e4
parent bf10d4b6fe
commit 3a12ee67e4
4 changed files with 37 additions and 0 deletions
--- a/elements/puppet-stack-config/puppet-stack-config.pp
+++ b/elements/puppet-stack-config/puppet-stack-config.pp
@ -624,3 +624,8 @@ Service[$needless_services] {
  enable => false,
  ensure => stopped,
 }
+
+# novajoin install
+if str2bool(hiera('enable_novajoin', false)) {
+  include ::nova::metadata::novajoin::api
+}
--- a/elements/puppet-stack-config/puppet-stack-config.yaml.template
+++ b/elements/puppet-stack-config/puppet-stack-config.yaml.template
@ -676,12 +676,26 @@ enable_telemetry: {{ENABLE_TELEMETRY}}
 enable_legacy_ceilometer_api: {{ENABLE_LEGACY_CEILOMETER_API}}
 enable_ui: {{ENABLE_UI}}
 enable_cinder: {{ENABLE_CINDER}}
+enable_novajoin: {{ENABLE_NOVAJOIN}}

 # Path to install configuration files
 tripleo_install_user: {{TRIPLEO_INSTALL_USER}}
 tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}}
 tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}}

+# Novajoin
+nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
+nova::metadata::novajoin::api::nova_password: {{UNDERCLOUD_NOVA_PASSWORD}}
+nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
+ipaclient::password: {{IPA_OTP}}
+ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
+{{#ENABLE_NOVAJOIN}}
+nova::api::vendordata_jsonfile_path: '/etc/nova/cloud-config.json'
+nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON']
+nova::api::vendordata_dynamic_targets: ['join@http://127.0.0.1:9999/v1/']
+nova::notification_topics: 'notifications'
+nova::notify_on_state_change: 'vm_state'
+{{/ENABLE_NOVAJOIN}}

 # Firewall
 tripleo::firewall::manage_firewall: true
--- a/instack_undercloud/undercloud.py
+++ b/instack_undercloud/undercloud.py
@ -299,6 +299,15 @@ _opts = [
                help=('Whether to enable legacy ceilometer api '
                      'in the Undercloud.')
                ),
+    cfg.BoolOpt('enable_novajoin',
+                default=False,
+                help=('Whether to install novajoin metadata service in '
+                      'the Undercloud.')
+                ),
+    cfg.StrOpt('ipa_otp',
+               help=('One Time Password to register Undercloud node with '
+                     'an IPA server.')
+               ),
    cfg.BoolOpt('ipxe_enabled',
                default=True,
                help=('Whether to use iPXE for deploy and inspection.'),
--- a/undercloud.conf.sample
+++ b/undercloud.conf.sample
@ -165,6 +165,15 @@
 # Undercloud. (boolean value)
 #enable_legacy_ceilometer_api = false

+# Whether to install novajoin metadata service in the Undercloud.
+# (boolean value)
+#enable_novajoin = false
+
+# One Time Password to register Undercloud node with IPA server.
+# Required when enable_novajoin = true.
+#  (string value)
+#ipa_otp =
+
 # Whether to use iPXE for deploy and inspection. (boolean value)
 # Deprecated group/name - [DEFAULT]/ipxe_deploy
 #ipxe_enabled = true