Add auth/authtoken configuration for novajoin
novajoin has usually just used the nova user for running and even file permissions; however, as nova now supports passing the keystone token for the vendordata plugin, and as novajoin should support being run in a node (or container) where nova is not available, it makes sense to start having an own user for this vendordata plugin service. Thus, this commit adds that. Change-Id: I3e0da54c4191745f4acb880c608e5b20ac06b914 Depends-On: I190a84a5aaf1fcc301f0605931b24d5de6999a8b
This commit is contained in:
parent
9f23fbda47
commit
b48d2be6f9
|
@ -637,6 +637,7 @@ Service[$needless_services] {
|
||||||
|
|
||||||
# novajoin install
|
# novajoin install
|
||||||
if str2bool(hiera('enable_novajoin', false)) {
|
if str2bool(hiera('enable_novajoin', false)) {
|
||||||
|
include ::nova::metadata::novajoin::auth
|
||||||
include ::nova::metadata::novajoin::api
|
include ::nova::metadata::novajoin::api
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -768,6 +768,12 @@ nova::metadata::novajoin::api::join_listen_port: "%{hiera('novajoin_listen_port'
|
||||||
nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
|
nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
|
||||||
nova::metadata::novajoin::api::nova_password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
nova::metadata::novajoin::api::nova_password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
||||||
nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
|
nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
|
||||||
|
nova::metadata::novajoin::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
||||||
|
nova::metadata::novajoin::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
||||||
|
nova::metadata::novajoin::authtoken::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
|
||||||
|
nova::metadata::novajoin::auth::tenant: 'service'
|
||||||
|
nova::metadata::novajoin::auth::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
|
||||||
|
nova::metadata::novajoin::auth::region: "%{hiera('keystone_region')}"
|
||||||
ipaclient::password: {{IPA_OTP}}
|
ipaclient::password: {{IPA_OTP}}
|
||||||
ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
|
ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
|
||||||
enable_novajoin: true
|
enable_novajoin: true
|
||||||
|
|
|
@ -467,6 +467,10 @@ _auth_opts = [
|
||||||
help=('Cinder service password. '
|
help=('Cinder service password. '
|
||||||
'If left unset, one will be automatically generated.')
|
'If left unset, one will be automatically generated.')
|
||||||
),
|
),
|
||||||
|
cfg.StrOpt('undercloud_novajoin_password',
|
||||||
|
help=('Novajoin vendordata plugin service password. '
|
||||||
|
'If left unset, one will be automatically generated.')
|
||||||
|
),
|
||||||
]
|
]
|
||||||
CONF.register_opts(_opts)
|
CONF.register_opts(_opts)
|
||||||
CONF.register_opts(_auth_opts, group='auth')
|
CONF.register_opts(_auth_opts, group='auth')
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- The undercloud installation now adds a keystone user and configures the
|
||||||
|
authtoken middleware for novajoin.
|
Loading…
Reference in New Issue