Add auth/authtoken configuration for novajoin

novajoin has usually just used the nova user for running and even file
permissions; however, as nova now supports passing the keystone token
for the vendordata plugin, and as novajoin should support being run in a
node (or container) where nova is not available, it makes sense to start
having an own user for this vendordata plugin service.

Thus, this commit adds that.

Change-Id: I3e0da54c4191745f4acb880c608e5b20ac06b914
Depends-On: I190a84a5aaf1fcc301f0605931b24d5de6999a8b
This commit is contained in:
Juan Antonio Osorio Robles 2017-03-21 10:31:34 +02:00
parent 9f23fbda47
commit b48d2be6f9
4 changed files with 15 additions and 0 deletions

View File

@ -637,6 +637,7 @@ Service[$needless_services] {
# novajoin install
if str2bool(hiera('enable_novajoin', false)) {
include ::nova::metadata::novajoin::auth
include ::nova::metadata::novajoin::api
}

View File

@ -768,6 +768,12 @@ nova::metadata::novajoin::api::join_listen_port: "%{hiera('novajoin_listen_port'
nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
nova::metadata::novajoin::api::nova_password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
nova::metadata::novajoin::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
nova::metadata::novajoin::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
nova::metadata::novajoin::authtoken::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
nova::metadata::novajoin::auth::tenant: 'service'
nova::metadata::novajoin::auth::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
nova::metadata::novajoin::auth::region: "%{hiera('keystone_region')}"
ipaclient::password: {{IPA_OTP}}
ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
enable_novajoin: true

View File

@ -467,6 +467,10 @@ _auth_opts = [
help=('Cinder service password. '
'If left unset, one will be automatically generated.')
),
cfg.StrOpt('undercloud_novajoin_password',
help=('Novajoin vendordata plugin service password. '
'If left unset, one will be automatically generated.')
),
]
CONF.register_opts(_opts)
CONF.register_opts(_auth_opts, group='auth')

View File

@ -0,0 +1,4 @@
---
features:
- The undercloud installation now adds a keystone user and configures the
authtoken middleware for novajoin.