Add auth/authtoken configuration for novajoin
novajoin has usually just used the nova user for running and even file permissions; however, as nova now supports passing the keystone token for the vendordata plugin, and as novajoin should support being run in a node (or container) where nova is not available, it makes sense to start having an own user for this vendordata plugin service. Thus, this commit adds that. Change-Id: I3e0da54c4191745f4acb880c608e5b20ac06b914 Depends-On: I190a84a5aaf1fcc301f0605931b24d5de6999a8b
This commit is contained in:
parent
9f23fbda47
commit
b48d2be6f9
|
@ -637,6 +637,7 @@ Service[$needless_services] {
|
|||
|
||||
# novajoin install
|
||||
if str2bool(hiera('enable_novajoin', false)) {
|
||||
include ::nova::metadata::novajoin::auth
|
||||
include ::nova::metadata::novajoin::api
|
||||
}
|
||||
|
||||
|
|
|
@ -768,6 +768,12 @@ nova::metadata::novajoin::api::join_listen_port: "%{hiera('novajoin_listen_port'
|
|||
nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
|
||||
nova::metadata::novajoin::api::nova_password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
||||
nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
|
||||
nova::metadata::novajoin::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
||||
nova::metadata::novajoin::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
||||
nova::metadata::novajoin::authtoken::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
|
||||
nova::metadata::novajoin::auth::tenant: 'service'
|
||||
nova::metadata::novajoin::auth::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
|
||||
nova::metadata::novajoin::auth::region: "%{hiera('keystone_region')}"
|
||||
ipaclient::password: {{IPA_OTP}}
|
||||
ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
|
||||
enable_novajoin: true
|
||||
|
|
|
@ -467,6 +467,10 @@ _auth_opts = [
|
|||
help=('Cinder service password. '
|
||||
'If left unset, one will be automatically generated.')
|
||||
),
|
||||
cfg.StrOpt('undercloud_novajoin_password',
|
||||
help=('Novajoin vendordata plugin service password. '
|
||||
'If left unset, one will be automatically generated.')
|
||||
),
|
||||
]
|
||||
CONF.register_opts(_opts)
|
||||
CONF.register_opts(_auth_opts, group='auth')
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
features:
|
||||
- The undercloud installation now adds a keystone user and configures the
|
||||
authtoken middleware for novajoin.
|
Loading…
Reference in New Issue