openstack/tripleo-heat-templates
Code Issues Proposed changes

Consolidate the barbican-api client configurations

Browse Source 
Replace the cinder, glance and nova service_config_settings in the
BarbicanApi template with a reference to the settings in the
BarbicanClient template. This consolidates the settings in one place.

Update the BarbicanClient's service_config_settings so it handles
all cinder services that access barbican (c-api, c-volume, c-backup).
This change takes advantage of a recent enhancement in puppet-cinder
(see https://review.opendev.org/739126).

Depends-On: Ie3c95da2c0dab83e3c4b7e10f8a3531301692da5
Change-Id: I42b7c4a2add1dc25083c4c0e8a162ca4a3880e2a
This commit is contained in:
Alan Bishop 2020-07-08 08:49:58 -07:00
parent dde787edc2
commit 19402ff049
2 changed files with 24 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
deployment/barbican/barbican-api-container-puppet.yaml
View File

@ -201,6 +201,11 @@ resources:
BarbicanApiLogging:
type: OS::TripleO::Services::Logging::BarbicanApi
BarbicanClient:
type: ./barbican-client-puppet.yaml
properties:
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Barbican API role.
@ -286,37 +291,18 @@ outputs:
read_default_group: tripleo
service_config_settings:
mysql:
barbican::db::mysql::password: {get_param: BarbicanPassword}
barbican::db::mysql::user: barbican
barbican::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
barbican::db::mysql::dbname: barbican
barbican::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
keystone:
tripleo::profile::base::keystone::barbican_notification_topics: ['barbican_notifications']
nova_compute:
nova::compute::keymgr_backend: >
castellan.key_manager.barbican_key_manager.BarbicanKeyManager
nova::compute::barbican_endpoint:
get_param: [EndpointMap, BarbicanInternal, uri]
nova::compute::barbican_auth_endpoint:
get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]
cinder_api:
cinder::api::keymgr_backend: >
castellan.key_manager.barbican_key_manager.BarbicanKeyManager
cinder::api::keymgr_encryption_api_url:
get_param: [EndpointMap, BarbicanInternal, uri]
cinder::api::keymgr_encryption_auth_url:
get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]
glance_api:
glance::api::keymgr_backend: >
castellan.key_manager.barbican_key_manager.BarbicanKeyManager
glance::api::keymgr_encryption_api_url:
get_param: [EndpointMap, BarbicanInternal, uri]
glance::api::keymgr_encryption_auth_url:
get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]
map_merge:
- get_attr: [BarbicanClient, role_data, service_config_settings]
- mysql:
barbican::db::mysql::password: {get_param: BarbicanPassword}
barbican::db::mysql::user: barbican
barbican::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
barbican::db::mysql::dbname: barbican
barbican::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
keystone:
tripleo::profile::base::keystone::barbican_notification_topics: ['barbican_notifications']
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: barbican

15
deployment/barbican/barbican-client-puppet.yaml
View File

@ -43,14 +43,13 @@ outputs:
get_param: [EndpointMap, BarbicanInternal, uri]
nova::compute::barbican_auth_endpoint:
get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]
cinder_volume: &cinder_barbican_config
cinder::config::cinder_config:
key_manager/backend:
value: barbican
barbican/barbican_endpoint:
value: {get_param: [EndpointMap, BarbicanInternal, uri]}
barbican/auth_endpoint:
value: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
cinder_api: &cinder_barbican_config
cinder::keymgr_backend: barbican
cinder::keymgr_encryption_api_url:
get_param: [EndpointMap, BarbicanInternal, uri]
cinder::keymgr_encryption_auth_url:
get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]
cinder_volume: *cinder_barbican_config
cinder_backup: *cinder_barbican_config
glance_api:
glance::api::keymgr_backend: barbican