Merge "Keystone auth support"
This commit is contained in:
commit
37e602d160
|
@ -160,11 +160,11 @@ def handle_json_from_file(json_arg):
|
||||||
|
|
||||||
|
|
||||||
def config_cluster(cluster, cluster_template, cfg_dir, force=False,
|
def config_cluster(cluster, cluster_template, cfg_dir, force=False,
|
||||||
certs=None):
|
certs=None, use_keystone=False):
|
||||||
"""Return and write configuration for the given cluster."""
|
"""Return and write configuration for the given cluster."""
|
||||||
if cluster_template.coe == 'kubernetes':
|
if cluster_template.coe == 'kubernetes':
|
||||||
return _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
|
return _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
|
||||||
force, certs)
|
force, certs, use_keystone)
|
||||||
elif (cluster_template.coe == 'swarm'
|
elif (cluster_template.coe == 'swarm'
|
||||||
or cluster_template.coe == 'swarm-mode'):
|
or cluster_template.coe == 'swarm-mode'):
|
||||||
return _config_cluster_swarm(cluster, cluster_template, cfg_dir,
|
return _config_cluster_swarm(cluster, cluster_template, cfg_dir,
|
||||||
|
@ -172,7 +172,7 @@ def config_cluster(cluster, cluster_template, cfg_dir, force=False,
|
||||||
|
|
||||||
|
|
||||||
def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
|
def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
|
||||||
force=False, certs=None):
|
force=False, certs=None, use_keystone=False):
|
||||||
"""Return and write configuration for the given kubernetes cluster."""
|
"""Return and write configuration for the given kubernetes cluster."""
|
||||||
cfg_file = "%s/config" % cfg_dir
|
cfg_file = "%s/config" % cfg_dir
|
||||||
if cluster_template.tls_disabled or certs is None:
|
if cluster_template.tls_disabled or certs is None:
|
||||||
|
@ -193,6 +193,7 @@ def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
|
||||||
"- name: %(name)s'\n"
|
"- name: %(name)s'\n"
|
||||||
% {'name': cluster.name, 'api_address': cluster.api_address})
|
% {'name': cluster.name, 'api_address': cluster.api_address})
|
||||||
else:
|
else:
|
||||||
|
if not use_keystone:
|
||||||
cfg = ("apiVersion: v1\n"
|
cfg = ("apiVersion: v1\n"
|
||||||
"clusters:\n"
|
"clusters:\n"
|
||||||
"- cluster:\n"
|
"- cluster:\n"
|
||||||
|
@ -217,6 +218,39 @@ def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
|
||||||
'key': base64.b64encode(certs['key']),
|
'key': base64.b64encode(certs['key']),
|
||||||
'cert': base64.b64encode(certs['cert']),
|
'cert': base64.b64encode(certs['cert']),
|
||||||
'ca': base64.b64encode(certs['ca'])})
|
'ca': base64.b64encode(certs['ca'])})
|
||||||
|
else:
|
||||||
|
cfg = ("apiVersion: v1\n"
|
||||||
|
"clusters:\n"
|
||||||
|
"- cluster:\n"
|
||||||
|
" certificate-authority-data: %(ca)s\n"
|
||||||
|
" server: %(api_address)s\n"
|
||||||
|
" name: %(name)s\n"
|
||||||
|
"contexts:\n"
|
||||||
|
"- context:\n"
|
||||||
|
" cluster: %(name)s\n"
|
||||||
|
" user: openstackuser\n"
|
||||||
|
" name: openstackuser@kubernetes\n"
|
||||||
|
"current-context: openstackuser@kubernetes\n"
|
||||||
|
"kind: Config\n"
|
||||||
|
"preferences: {}\n"
|
||||||
|
"users:\n"
|
||||||
|
"- name: openstackuser\n"
|
||||||
|
" user:\n"
|
||||||
|
" exec:\n"
|
||||||
|
" command: /bin/bash\n"
|
||||||
|
" apiVersion: client.authentication.k8s.io/v1alpha1\n"
|
||||||
|
" args:\n"
|
||||||
|
" - -c\n"
|
||||||
|
" - >\n"
|
||||||
|
" if [ -z ${OS_TOKEN} ]; then\n"
|
||||||
|
" echo 'Error: Missing OpenStack credential from environment variable $OS_TOKEN' > /dev/stderr\n" # noqa
|
||||||
|
" exit 1\n"
|
||||||
|
" else\n"
|
||||||
|
" echo '{ \"apiVersion\": \"client.authentication.k8s.io/v1alpha1\", \"kind\": \"ExecCredential\", \"status\": { \"token\": \"'\"${OS_TOKEN}\"'\"}}'\n" # noqa
|
||||||
|
" fi\n"
|
||||||
|
% {'name': cluster.name,
|
||||||
|
'api_address': cluster.api_address,
|
||||||
|
'ca': base64.b64encode(certs['ca'])})
|
||||||
|
|
||||||
if os.path.exists(cfg_file) and not force:
|
if os.path.exists(cfg_file) and not force:
|
||||||
raise exc.CommandError("File %s exists, aborting." % cfg_file)
|
raise exc.CommandError("File %s exists, aborting." % cfg_file)
|
||||||
|
|
|
@ -305,6 +305,18 @@ class ConfigCluster(command.Command):
|
||||||
dest='output_certs',
|
dest='output_certs',
|
||||||
default=False,
|
default=False,
|
||||||
help=_('Output certificates in separate files.'))
|
help=_('Output certificates in separate files.'))
|
||||||
|
parser.add_argument(
|
||||||
|
'--use-certificate',
|
||||||
|
action='store_true',
|
||||||
|
dest='use_certificate',
|
||||||
|
default=True,
|
||||||
|
help=_('Use certificate in config files.'))
|
||||||
|
parser.add_argument(
|
||||||
|
'--use-keystone',
|
||||||
|
action='store_true',
|
||||||
|
dest='use_keystone',
|
||||||
|
default=False,
|
||||||
|
help=_('Use Keystone token in config files.'))
|
||||||
|
|
||||||
return parser
|
return parser
|
||||||
|
|
||||||
|
@ -315,6 +327,11 @@ class ConfigCluster(command.Command):
|
||||||
the corresponding COE configured to access the cluster.
|
the corresponding COE configured to access the cluster.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
if parsed_args.use_keystone:
|
||||||
|
parsed_args.use_certificate = False
|
||||||
|
if not parsed_args.use_certificate:
|
||||||
|
parsed_args.use_keystone = True
|
||||||
|
|
||||||
self.log.debug("take_action(%s)", parsed_args)
|
self.log.debug("take_action(%s)", parsed_args)
|
||||||
|
|
||||||
mag_client = self.app.client_manager.container_infra
|
mag_client = self.app.client_manager.container_infra
|
||||||
|
@ -346,8 +363,7 @@ class ConfigCluster(command.Command):
|
||||||
with open(fname, "w") as f:
|
with open(fname, "w") as f:
|
||||||
f.write(tls[k])
|
f.write(tls[k])
|
||||||
|
|
||||||
print(magnum_utils.config_cluster(cluster,
|
print(magnum_utils.config_cluster(
|
||||||
cluster_template,
|
cluster, cluster_template, parsed_args.dir,
|
||||||
parsed_args.dir,
|
force=parsed_args.force, certs=tls,
|
||||||
force=parsed_args.force,
|
use_keystone=parsed_args.use_keystone))
|
||||||
certs=tls))
|
|
||||||
|
|
Loading…
Reference in New Issue