openstack/tripleo-heat-templates
Code Issues Proposed changes

Explicitly configure credentials used by ironic to access other services

Browse Source 
Using keystone_authtoken credentials for this purpose is deprecated, and also
prevents ironic-conductor from being used as a separate role.

Also remove neutron_url, it can be fetched from the catalog instead.

Change-Id: I12822568cb4db31808aec5fd407d71fe4b7b09e0
Depends-On: I21180678bec911f1be36e3b174bae81af042938c
Partial-Bug: #1661250
This commit is contained in:
Dmitry Tantsur 2017-03-15 18:04:44 +01:00
parent c737eea8c0
commit 91d7d8c468
1 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
puppet/services/ironic-conductor.yaml
View File

@ -44,6 +44,10 @@ parameters:
default: 8088
description: Port to use for serving images when iPXE is used.
type: string
IronicPassword:
description: The password for the Ironic service and db account, used by the Ironic services
type: string
hidden: true
MonitoringSubscriptionIronicConductor:
default: 'overcloud-ironic-conductor'
type: string
@ -65,9 +69,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
# FIXME: I have no idea why neutron_url is in "api" manifest
- ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
- ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
@ -104,7 +106,40 @@ outputs:
# the VIP, but rather a real IP of the host.
ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
# Credentials to access other services
ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ironic::glance::username: 'ironic'
ironic::glance::password: {get_param: IronicPassword}
ironic::glance::project_name: 'service'
ironic::glance::user_domain_name: 'Default'
ironic::glance::project_domain_name: 'Default'
ironic::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ironic::neutron::username: 'ironic'
ironic::neutron::password: {get_param: IronicPassword}
ironic::neutron::project_name: 'service'
ironic::neutron::user_domain_name: 'Default'
ironic::neutron::project_domain_name: 'Default'
ironic::service_catalog::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ironic::service_catalog::username: 'ironic'
ironic::service_catalog::password: {get_param: IronicPassword}
ironic::service_catalog::project_name: 'service'
ironic::service_catalog::user_domain_name: 'Default'
ironic::service_catalog::project_domain_name: 'Default'
ironic::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ironic::swift::username: 'ironic'
ironic::swift::password: {get_param: IronicPassword}
ironic::swift::project_name: 'service'
ironic::swift::user_domain_name: 'Default'
ironic::swift::project_domain_name: 'Default'
# ironic-inspector support is not implemented, but let's configure
# the credentials for consistency.
ironic::drivers::inspector::enabled: false
ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ironic::drivers::inspector::username: 'ironic'
ironic::drivers::inspector::password: {get_param: IronicPassword}
ironic::drivers::inspector::project_name: 'service'
ironic::drivers::inspector::user_domain_name: 'Default'
ironic::drivers::inspector::project_domain_name: 'Default'
step_config: |
include ::tripleo::profile::base::ironic::conductor
upgrade_tasks: