Browse Source

Merge "Add BarbicanClient service for configuring edge sites" into stable/ussuri

tags/12.4.0
Zuul 1 week ago
committed by Gerrit Code Review
parent
commit
5456ee0f36
8 changed files with 82 additions and 0 deletions
  1. +60
    -0
      deployment/barbican/barbican-client-puppet.yaml
  2. +4
    -0
      environments/services/barbican-edge.yaml
  3. +1
    -0
      overcloud-resource-registry-puppet.j2.yaml
  4. +13
    -0
      releasenotes/notes/add-barbican-client-for-dcn-7182e8bab41fce21.yaml
  5. +1
    -0
      roles/DistributedCompute.yaml
  6. +1
    -0
      roles/DistributedComputeHCI.yaml
  7. +1
    -0
      roles/DistributedComputeHCIScaleOut.yaml
  8. +1
    -0
      roles/DistributedComputeScaleOut.yaml

+ 60
- 0
deployment/barbican/barbican-client-puppet.yaml View File

@@ -0,0 +1,60 @@
heat_template_version: rocky

description: >
OpenStack Barbican client configuration

parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json

outputs:
role_data:
description: Role data for the Barbican client.
value:
service_name: barbican_client
service_config_settings:
nova_compute:
nova::compute::keymgr_backend: barbican
nova::compute::barbican_endpoint:
get_param: [EndpointMap, BarbicanInternal, uri]
nova::compute::barbican_auth_endpoint:
get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]
cinder_volume: &cinder_barbican_config
cinder::config::cinder_config:
key_manager/backend:
value: barbican
barbican/barbican_endpoint:
value: {get_param: [EndpointMap, BarbicanInternal, uri]}
barbican/auth_endpoint:
value: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
cinder_backup: *cinder_barbican_config
glance_api:
glance::api::keymgr_backend: barbican
glance::api::keymgr_encryption_api_url:
get_param: [EndpointMap, BarbicanInternal, uri]
glance::api::keymgr_encryption_auth_url:
get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]

+ 4
- 0
environments/services/barbican-edge.yaml View File

@@ -0,0 +1,4 @@
# A Heat environment file which can be used to configure services running at
# a DCN/Edge site to access Barbican in the control plane.
resource_registry:
OS::TripleO::Services::BarbicanClient: ../../deployment/barbican/barbican-client-puppet.yaml

+ 1
- 0
overcloud-resource-registry-puppet.j2.yaml View File

@@ -252,6 +252,7 @@ resource_registry:
OS::TripleO::Services::BarbicanBackendDogtag: OS::Heat::None
OS::TripleO::Services::BarbicanBackendKmip: OS::Heat::None
OS::TripleO::Services::BarbicanBackendPkcs11Crypto: OS::Heat::None
OS::TripleO::Services::BarbicanClient: OS::Heat::None
OS::TripleO::Services::AodhApi: OS::Heat::None
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
OS::TripleO::Services::AodhListener: OS::Heat::None


+ 13
- 0
releasenotes/notes/add-barbican-client-for-dcn-7182e8bab41fce21.yaml View File

@@ -0,0 +1,13 @@
---
features:
- |
Add new BarbicanClient tripleo service for configuring DCN/Edge nodes
to access a barbican service running in the control plane. The client
service is disabled by default, and can be enabled by including the
environments/services/barbican-edge.yaml environment file when deploying
a DCN/Edge stack.
fixes:
- |
Ensure the barbican Key Manager settings are configured on DCN/Edge nodes
when the barbican service is deployed in the control plane. See `bug 1886070
<https://bugs.launchpad.net/tripleo/+bug/1886070>`_.

+ 1
- 0
roles/DistributedCompute.yaml View File

@@ -18,6 +18,7 @@
ServicesDefault:
- OS::TripleO::Services::Aide
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::BarbicanClient
- OS::TripleO::Services::BootParams
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient


+ 1
- 0
roles/DistributedComputeHCI.yaml View File

@@ -20,6 +20,7 @@
ServicesDefault:
- OS::TripleO::Services::Aide
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::BarbicanClient
- OS::TripleO::Services::BootParams
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient


+ 1
- 0
roles/DistributedComputeHCIScaleOut.yaml View File

@@ -20,6 +20,7 @@
ServicesDefault:
- OS::TripleO::Services::Aide
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::BarbicanClient
- OS::TripleO::Services::BootParams
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient


+ 1
- 0
roles/DistributedComputeScaleOut.yaml View File

@@ -18,6 +18,7 @@
ServicesDefault:
- OS::TripleO::Services::Aide
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::BarbicanClient
- OS::TripleO::Services::BootParams
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient


Loading…
Cancel
Save