Keystone Authtoken Cache: allow universal secret key to be set

This PS allows a cache secret key for all instances of keystone
middleware to be defined in a single location.

Change-Id: I3d5c78732d8a8bb9110117130f0d886fea609526
Partial-Bug: 1753251
This commit is contained in:
portdirect 2018-03-04 08:23:33 -05:00
parent 16c6d31155
commit 1c85fdc390
28 changed files with 177 additions and 88 deletions

View File

@ -25,11 +25,6 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
# Set a random string as secret key.
{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}} {{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.barbican.region_name | quote | trunc 0 -}} {{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.barbican.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -52,6 +47,9 @@ limitations under the License.
{{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}} {{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}}
{{- tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}}

View File

@ -389,6 +389,7 @@ conf:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT memcache_security_strategy: ENCRYPT
memcache_secret_key: null
database: database:
max_retries: -1 max_retries: -1
barbican_api: barbican_api:
@ -492,6 +493,13 @@ endpoints:
http: http:
default: 15672 default: 15672
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -28,6 +28,9 @@ limitations under the License.
{{- if empty .Values.conf.ceilometer.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.ceilometer.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.database.connection -}} {{- if empty .Values.conf.ceilometer.database.connection -}}
{{- tuple "oslo_db" "internal" "ceilometer" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "ceilometer" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}}

View File

@ -1767,6 +1767,13 @@ endpoints:
mongodb: mongodb:
default: 27017 default: 27017
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcache default: memcache
host_fqdn_override: host_fqdn_override:

View File

@ -25,11 +25,6 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
# Set a random string as secret key.
{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.region_name -}} {{- if empty .Values.conf.cinder.keystone_authtoken.region_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.cinder.region_name | quote | trunc 0 -}} {{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.cinder.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -52,6 +47,9 @@ limitations under the License.
{{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.database.connection -}} {{- if empty .Values.conf.cinder.database.connection -}}
{{- tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}}

View File

@ -795,6 +795,13 @@ endpoints:
http: http:
default: 15672 default: 15672
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -28,6 +28,9 @@ limitations under the License.
{{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.congress.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}} {{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}}
{{- tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" | quote | trunc 0 -}}

View File

@ -241,6 +241,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -31,14 +31,6 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
# Set a random string as secret key.
{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.glance.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.region_name -}} {{- if empty .Values.conf.glance.keystone_authtoken.region_name -}}
{{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}} {{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -83,6 +75,12 @@ limitations under the License.
{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.glance_registry.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.glance.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.database.connection -}} {{- if empty .Values.conf.glance.database.connection -}}
{{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}}

View File

@ -493,6 +493,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -27,9 +27,8 @@ limitations under the License.
{{- if empty .Values.conf.gnocchi.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.gnocchi.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.gnocchi.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
# Set a random string as secret key.
{{- if empty .Values.conf.gnocchi.keystone_authtoken.memcache_secret_key -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.gnocchi.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} {{- set .Values.conf.gnocchi.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.region_name -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.region_name -}}

View File

@ -462,6 +462,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcache default: memcache
host_fqdn_override: host_fqdn_override:

View File

@ -25,10 +25,6 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
# Set a random string as secret key.
{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.heat.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.region_name -}} {{- if empty .Values.conf.heat.keystone_authtoken.region_name -}}
{{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.heat.region_name | quote | trunc 0 -}} {{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.heat.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -80,6 +76,9 @@ limitations under the License.
{{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.heat.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.database.connection -}} {{- if empty .Values.conf.heat.database.connection -}}
{{- tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}}

View File

@ -509,6 +509,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -45,6 +45,9 @@ limitations under the License.
{{- if empty .Values.conf.ironic.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.ironic.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ironic.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ironic.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ironic.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ironic.database.connection -}} {{- if empty .Values.conf.ironic.database.connection -}}
{{- tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" | quote | trunc 0 -}}

View File

@ -335,6 +335,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -25,11 +25,6 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.magnum.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.magnum.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
# Set a random string as secret key.
{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.region_name -}} {{- if empty .Values.conf.magnum.keystone_authtoken.region_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.magnum.region_name | quote | trunc 0 -}} {{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.magnum.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -52,6 +47,9 @@ limitations under the License.
{{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.database.connection -}} {{- if empty .Values.conf.magnum.database.connection -}}
{{- tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}}

View File

@ -273,6 +273,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -25,11 +25,6 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.mistral.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.mistral.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
# Set a random string as secret key.
{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.region_name -}} {{- if empty .Values.conf.mistral.keystone_authtoken.region_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.mistral.region_name | quote | trunc 0 -}} {{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.mistral.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -52,6 +47,9 @@ limitations under the License.
{{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.database.connection -}} {{- if empty .Values.conf.mistral.database.connection -}}
{{- tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}}

View File

@ -246,6 +246,13 @@ endpoints:
http: http:
default: 15672 default: 15672
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -25,11 +25,6 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end }} {{- end }}
# Set a random string as secret key.
{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}} {{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name | quote | trunc 0 -}} {{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -52,6 +47,9 @@ limitations under the License.
{{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end }} {{- end }}
{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.database.connection -}} {{- if empty .Values.conf.neutron.database.connection -}}
{{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}}

View File

@ -1073,49 +1073,56 @@ secrets:
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
oslo_db: oslo_db:
auth: auth:
admin: admin:
username: root username: root
password: password password: password
neutron: neutron:
username: neutron username: neutron
password: password password: password
hosts: hosts:
default: mariadb default: mariadb
host_fqdn_override: host_fqdn_override:
default: null default: null
path: /neutron path: /neutron
scheme: mysql+pymysql scheme: mysql+pymysql
port: port:
mysql: mysql:
default: 3306 default: 3306
oslo_messaging: oslo_messaging:
auth: auth:
admin: admin:
username: rabbitmq username: rabbitmq
password: password password: password
neutron: neutron:
username: neutron username: neutron
password: password password: password
hosts: hosts:
default: rabbitmq default: rabbitmq
host_fqdn_override: host_fqdn_override:
default: null default: null
path: / path: /
scheme: rabbit scheme: rabbit
port: port:
amqp: amqp:
default: 5672 default: 5672
http: http:
default: 15672 default: 15672
oslo_cache: oslo_cache:
hosts: auth:
default: memcached # NOTE(portdirect): this is used to define the value for keystone
host_fqdn_override: # authtoken cache encryption key, if not set it will be populated
default: null # automatically with a random value, but to take advantage of
port: # this feature all services should be set to use the same key,
memcache: # and memcache service.
default: 11211 memcache_secret_key: null
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
compute: compute:
name: nova name: nova
hosts: hosts:

View File

@ -26,11 +26,6 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
# Set a random string as secret key.
{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.nova.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.region_name -}} {{- if empty .Values.conf.nova.keystone_authtoken.region_name -}}
{{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}} {{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -53,6 +48,9 @@ limitations under the License.
{{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.database.connection -}} {{- if empty .Values.conf.nova.database.connection -}}
{{- tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}}

View File

@ -1140,6 +1140,13 @@ endpoints:
http: http:
default: 15672 default: 15672
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -44,6 +44,9 @@ limitations under the License.
{{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.rally.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.rally.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.rally.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.database.connection -}} {{- if empty .Values.conf.rally.database.connection -}}
{{- tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}}

View File

@ -251,6 +251,9 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
keystone_authtoken:
secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -26,11 +26,6 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.senlin.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.senlin.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
# Set a random string as secret key.
{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}}
{{- randAlphaNum 64 | set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.region_name -}} {{- if empty .Values.conf.senlin.keystone_authtoken.region_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.senlin.region_name | quote | trunc 0 -}} {{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.senlin.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
@ -53,6 +48,9 @@ limitations under the License.
{{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}}
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.senlin.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.senlin.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}}
{{- set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.database.connection -}} {{- if empty .Values.conf.senlin.database.connection -}}
{{- tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}}

View File

@ -286,6 +286,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override: