openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Add BarbicanClient service for configuring edge sites"

Browse Source
This commit is contained in:
Zuul 2020-07-21 04:50:49 +00:00 committed by Gerrit Code Review
commit c29e286a9e
8 changed files with 82 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
deployment/barbican/barbican-client-puppet.yaml Normal file
View File

@ -0,0 +1,60 @@
heat_template_version: rocky
description: >
OpenStack Barbican client configuration
parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
outputs:
role_data:
description: Role data for the Barbican client.
value:
service_name: barbican_client
service_config_settings:
nova_compute:
nova::compute::keymgr_backend: barbican
nova::compute::barbican_endpoint:
get_param: [EndpointMap, BarbicanInternal, uri]
nova::compute::barbican_auth_endpoint:
get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]
cinder_volume: &cinder_barbican_config
cinder::config::cinder_config:
key_manager/backend:
value: barbican
barbican/barbican_endpoint:
value: {get_param: [EndpointMap, BarbicanInternal, uri]}
barbican/auth_endpoint:
value: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
cinder_backup: *cinder_barbican_config
glance_api:
glance::api::keymgr_backend: barbican
glance::api::keymgr_encryption_api_url:
get_param: [EndpointMap, BarbicanInternal, uri]
glance::api::keymgr_encryption_auth_url:
get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]

4
environments/services/barbican-edge.yaml Normal file
View File

@ -0,0 +1,4 @@
# A Heat environment file which can be used to configure services running at
# a DCN/Edge site to access Barbican in the control plane.
resource_registry:
OS::TripleO::Services::BarbicanClient: ../../deployment/barbican/barbican-client-puppet.yaml

1
overcloud-resource-registry-puppet.j2.yaml
View File

@ -251,6 +251,7 @@ resource_registry:
OS::TripleO::Services::BarbicanBackendDogtag: OS::Heat::None OS::TripleO::Services::BarbicanBackendDogtag: OS::Heat::None
OS::TripleO::Services::BarbicanBackendKmip: OS::Heat::None OS::TripleO::Services::BarbicanBackendKmip: OS::Heat::None
OS::TripleO::Services::BarbicanBackendPkcs11Crypto: OS::Heat::None OS::TripleO::Services::BarbicanBackendPkcs11Crypto: OS::Heat::None
OS::TripleO::Services::BarbicanClient: OS::Heat::None
OS::TripleO::Services::AodhApi: OS::Heat::None OS::TripleO::Services::AodhApi: OS::Heat::None
OS::TripleO::Services::AodhEvaluator: OS::Heat::None OS::TripleO::Services::AodhEvaluator: OS::Heat::None
OS::TripleO::Services::AodhListener: OS::Heat::None OS::TripleO::Services::AodhListener: OS::Heat::None

13
releasenotes/notes/add-barbican-client-for-dcn-7182e8bab41fce21.yaml Normal file
View File

@ -0,0 +1,13 @@
---
features:
- |
Add new BarbicanClient tripleo service for configuring DCN/Edge nodes
to access a barbican service running in the control plane. The client
service is disabled by default, and can be enabled by including the
environments/services/barbican-edge.yaml environment file when deploying
a DCN/Edge stack.
fixes:
- |
Ensure the barbican Key Manager settings are configured on DCN/Edge nodes
when the barbican service is deployed in the control plane. See `bug 1886070
<https://bugs.launchpad.net/tripleo/+bug/1886070>`_.

1
roles/DistributedCompute.yaml
View File

@ -18,6 +18,7 @@
ServicesDefault: ServicesDefault:
- OS::TripleO::Services::Aide - OS::TripleO::Services::Aide
- OS::TripleO::Services::AuditD - OS::TripleO::Services::AuditD
- OS::TripleO::Services::BarbicanClient
- OS::TripleO::Services::BootParams - OS::TripleO::Services::BootParams
- OS::TripleO::Services::CACerts - OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient - OS::TripleO::Services::CephClient

1
roles/DistributedComputeHCI.yaml
View File

@ -20,6 +20,7 @@
ServicesDefault: ServicesDefault:
- OS::TripleO::Services::Aide - OS::TripleO::Services::Aide
- OS::TripleO::Services::AuditD - OS::TripleO::Services::AuditD
- OS::TripleO::Services::BarbicanClient
- OS::TripleO::Services::BootParams - OS::TripleO::Services::BootParams
- OS::TripleO::Services::CACerts - OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient - OS::TripleO::Services::CephClient

1
roles/DistributedComputeHCIScaleOut.yaml
View File

@ -20,6 +20,7 @@
ServicesDefault: ServicesDefault:
- OS::TripleO::Services::Aide - OS::TripleO::Services::Aide
- OS::TripleO::Services::AuditD - OS::TripleO::Services::AuditD
- OS::TripleO::Services::BarbicanClient
- OS::TripleO::Services::BootParams - OS::TripleO::Services::BootParams
- OS::TripleO::Services::CACerts - OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient - OS::TripleO::Services::CephClient

1
roles/DistributedComputeScaleOut.yaml
View File

@ -18,6 +18,7 @@
ServicesDefault: ServicesDefault:
- OS::TripleO::Services::Aide - OS::TripleO::Services::Aide
- OS::TripleO::Services::AuditD - OS::TripleO::Services::AuditD
- OS::TripleO::Services::BarbicanClient
- OS::TripleO::Services::BootParams - OS::TripleO::Services::BootParams
- OS::TripleO::Services::CACerts - OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient - OS::TripleO::Services::CephClient