Add code to support novajoin in the undercloud
Novajoin is a new nova metadata micro-service that registers instances created by nova with a FreeIPA server, so that we can take advantage of server/service identities, kerberos credentials, access and sudo controls etc. The included modules will cause the undercloud to be registered with a FreeIPA server, for novajoin to be installed, and for nova on the undercloud to be configured to use novajoin. Implements: blueprint novajoin Depends-On: I5ffa45bdc400e123079c79e15776ebacdcb24de9 Change-Id: Ia2fdb544460cd39fbfda5970c9bfba22feec6403
This commit is contained in:
parent
bf10d4b6fe
commit
3a12ee67e4
|
@ -624,3 +624,8 @@ Service[$needless_services] {
|
|||
enable => false,
|
||||
ensure => stopped,
|
||||
}
|
||||
|
||||
# novajoin install
|
||||
if str2bool(hiera('enable_novajoin', false)) {
|
||||
include ::nova::metadata::novajoin::api
|
||||
}
|
||||
|
|
|
@ -676,12 +676,26 @@ enable_telemetry: {{ENABLE_TELEMETRY}}
|
|||
enable_legacy_ceilometer_api: {{ENABLE_LEGACY_CEILOMETER_API}}
|
||||
enable_ui: {{ENABLE_UI}}
|
||||
enable_cinder: {{ENABLE_CINDER}}
|
||||
enable_novajoin: {{ENABLE_NOVAJOIN}}
|
||||
|
||||
# Path to install configuration files
|
||||
tripleo_install_user: {{TRIPLEO_INSTALL_USER}}
|
||||
tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}}
|
||||
tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}}
|
||||
|
||||
# Novajoin
|
||||
nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
|
||||
nova::metadata::novajoin::api::nova_password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
||||
nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
|
||||
ipaclient::password: {{IPA_OTP}}
|
||||
ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
|
||||
{{#ENABLE_NOVAJOIN}}
|
||||
nova::api::vendordata_jsonfile_path: '/etc/nova/cloud-config.json'
|
||||
nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON']
|
||||
nova::api::vendordata_dynamic_targets: ['join@http://127.0.0.1:9999/v1/']
|
||||
nova::notification_topics: 'notifications'
|
||||
nova::notify_on_state_change: 'vm_state'
|
||||
{{/ENABLE_NOVAJOIN}}
|
||||
|
||||
# Firewall
|
||||
tripleo::firewall::manage_firewall: true
|
||||
|
|
|
@ -299,6 +299,15 @@ _opts = [
|
|||
help=('Whether to enable legacy ceilometer api '
|
||||
'in the Undercloud.')
|
||||
),
|
||||
cfg.BoolOpt('enable_novajoin',
|
||||
default=False,
|
||||
help=('Whether to install novajoin metadata service in '
|
||||
'the Undercloud.')
|
||||
),
|
||||
cfg.StrOpt('ipa_otp',
|
||||
help=('One Time Password to register Undercloud node with '
|
||||
'an IPA server.')
|
||||
),
|
||||
cfg.BoolOpt('ipxe_enabled',
|
||||
default=True,
|
||||
help=('Whether to use iPXE for deploy and inspection.'),
|
||||
|
|
|
@ -165,6 +165,15 @@
|
|||
# Undercloud. (boolean value)
|
||||
#enable_legacy_ceilometer_api = false
|
||||
|
||||
# Whether to install novajoin metadata service in the Undercloud.
|
||||
# (boolean value)
|
||||
#enable_novajoin = false
|
||||
|
||||
# One Time Password to register Undercloud node with IPA server.
|
||||
# Required when enable_novajoin = true.
|
||||
# (string value)
|
||||
#ipa_otp =
|
||||
|
||||
# Whether to use iPXE for deploy and inspection. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/ipxe_deploy
|
||||
#ipxe_enabled = true
|
||||
|
|
Loading…
Reference in New Issue