From ceed5ac9e71e7c4b113ffa8e16a8167190312b47 Mon Sep 17 00:00:00 2001 From: Oliver Walsh Date: Wed, 2 Feb 2022 16:06:59 +0000 Subject: [PATCH] Fix OS_CLOUD for multistack and nova az tasks The entry in clouds.yaml will correspond to the stack that deploys keystone. Therefore in a multistack deployment RootStackName will not be give the correct entry. Add a parameter to override this. Also clouds.yaml is owned by root and mode 0600 so we much use become: true. Update nova az tasks to use clouds.yaml. Change-Id: I7e97108d8165c16946b3b11f3084bfd51e3128dc --- .../cinder/cinder-api-container-puppet.yaml | 20 ++++++++++++++-- deployment/nova/nova-az-config.yaml | 23 +++++++++++-------- .../nova/nova-compute-container-puppet.yaml | 14 ++++++++++- .../nova/nova-vnc-proxy-container-puppet.yaml | 13 ++++++++++- .../ovn/ovn-controller-container-puppet.yaml | 13 ++++++++++- 5 files changed, 68 insertions(+), 15 deletions(-) diff --git a/deployment/cinder/cinder-api-container-puppet.yaml b/deployment/cinder/cinder-api-container-puppet.yaml index 5785f75d05..2b02e89500 100644 --- a/deployment/cinder/cinder-api-container-puppet.yaml +++ b/deployment/cinder/cinder-api-container-puppet.yaml @@ -102,6 +102,14 @@ parameters: description: | Use the advanced (eventlet safe) memcached client pool. default: true + AuthCloudName: + description: Entry in clouds.yaml to use for authentication + type: string + default: "" + +conditions: + auth_cloud_name_set: + not: {equals: [{get_param: AuthCloudName}, ""]} resources: ContainersCommon: @@ -409,7 +417,11 @@ outputs: - name: Clean up legacy Cinder keystone catalog entries become: true openstack.cloud.catalog_service: - cloud: {get_param: RootStackName} + cloud: + if: + - auth_cloud_name_set + - {get_param: AuthCloudName} + - {get_param: RootStackName} name: "{{ item.service_name }}" service_type: "{{ item.service_type }}" state: absent @@ -428,7 +440,11 @@ outputs: vars: default_volume_type: {get_param: CinderDefaultVolumeType} environment: - OS_CLOUD: {get_param: RootStackName} + OS_CLOUD: + if: + - auth_cloud_name_set + - {get_param: AuthCloudName} + - {get_param: RootStackName} when: - step|int == 5 - not ansible_check_mode|bool diff --git a/deployment/nova/nova-az-config.yaml b/deployment/nova/nova-az-config.yaml index 144743a93e..827ee0d94d 100644 --- a/deployment/nova/nova-az-config.yaml +++ b/deployment/nova/nova-az-config.yaml @@ -40,10 +40,17 @@ parameters: RootStackName: description: The name of the stack/plan. type: string + AuthCloudName: + description: Entry in clouds.yaml to use for authentication + type: string + default: "" + conditions: availability_zone_set: not: {equals: [{get_param: NovaComputeAvailabilityZone}, ""]} + auth_cloud_name_set: + not: {equals: [{get_param: AuthCloudName}, ""]} outputs: role_data: @@ -63,10 +70,13 @@ outputs: when: "step|int == 1" external_post_deploy_tasks: - name: "Nova: Manage aggregate and availability zone and add hosts to the zone" + become: true environment: - # Force openstackclient to not try and read a clouds.yaml as none - # exists for the tripleo-admin user. - OS_CLIENT_CONFIG_FILE: /dev/null + OS_CLOUD: + if: + - auth_cloud_name_set + - {get_param: AuthCloudName} + - {get_param: RootStackName} os_nova_host_aggregate: name: &availability_zone if: @@ -75,10 +85,3 @@ outputs: - {get_param: RootStackName} availability_zone: *availability_zone hosts: "{{ groups['nova_compute'] | default([]) | map('extract', hostvars, 'nova_host') | select('defined') | list }}" - auth: - username: admin - password: {get_param: AdminPassword} - project_name: admin - project_domain_name: Default - user_domain_name: Default - auth_url: { get_param: [EndpointMap, KeystoneV3Public, uri] } diff --git a/deployment/nova/nova-compute-container-puppet.yaml b/deployment/nova/nova-compute-container-puppet.yaml index 62a4f4e0ca..768f8c24a0 100644 --- a/deployment/nova/nova-compute-container-puppet.yaml +++ b/deployment/nova/nova-compute-container-puppet.yaml @@ -817,6 +817,11 @@ parameters: description: > Disk cachemodes for RBD backend. + AuthCloudName: + description: Entry in clouds.yaml to use for authentication + type: string + default: "" + parameter_groups: - label: deprecated description: | @@ -828,6 +833,8 @@ parameter_groups: - NovaVcpuPinSet conditions: + auth_cloud_name_set: + not: {equals: [{get_param: AuthCloudName}, ""]} compute_startup_delay: and: - not: {equals: [{get_param: NovaComputeStartupDelay}, 0]} @@ -1663,8 +1670,13 @@ outputs: - step|int == 1 - container_cli == 'podman' tags: down + become: true environment: - OS_CLOUD: {get_param: RootStackName} + OS_CLOUD: + if: + - auth_cloud_name_set + - {get_param: AuthCloudName} + - {get_param: RootStackName} block: # Some tasks are running from the Undercloud which has # the OpenStack clients installed. diff --git a/deployment/nova/nova-vnc-proxy-container-puppet.yaml b/deployment/nova/nova-vnc-proxy-container-puppet.yaml index 0c6d567e18..8c37fd275b 100644 --- a/deployment/nova/nova-vnc-proxy-container-puppet.yaml +++ b/deployment/nova/nova-vnc-proxy-container-puppet.yaml @@ -106,8 +106,14 @@ parameters: RootStackName: description: The name of the stack/plan. type: string + AuthCloudName: + description: Entry in clouds.yaml to use for authentication + type: string + default: "" conditions: + auth_cloud_name_set: + not: {equals: [{get_param: AuthCloudName}, ""]} use_tls_for_vnc: and: - {get_param: EnableInternalTLS} @@ -400,8 +406,13 @@ outputs: post_upgrade_tasks: - when: - step|int == 3 + become: true environment: - OS_CLOUD: {get_param: RootStackName} + OS_CLOUD: + if: + - auth_cloud_name_set + - {get_param: AuthCloudName} + - {get_param: RootStackName} block: - name: Get nova-consoleauth service ID command: openstack compute service list --service nova-consoleauth --column ID --column Host --format yaml diff --git a/deployment/ovn/ovn-controller-container-puppet.yaml b/deployment/ovn/ovn-controller-container-puppet.yaml index d0eb1480f4..8dc902f63f 100644 --- a/deployment/ovn/ovn-controller-container-puppet.yaml +++ b/deployment/ovn/ovn-controller-container-puppet.yaml @@ -160,8 +160,14 @@ parameters: provider: 00:00:5E:00:54:01 tags: - role_specific + AuthCloudName: + description: Entry in clouds.yaml to use for authentication + type: string + default: "" conditions: + auth_cloud_name_set: + not: {equals: [{get_param: AuthCloudName}, ""]} ovn_cpu_set: or: - not: {equals: [{get_param: OVNContainerCpusetCpus}, '']} @@ -462,8 +468,13 @@ outputs: - step|int == 1 - container_cli == 'podman' tags: down + become: true environment: - OS_CLOUD: {get_param: RootStackName} + OS_CLOUD: + if: + - auth_cloud_name_set + - {get_param: AuthCloudName} + - {get_param: RootStackName} block: # Some tasks are running from the Undercloud which has # the OpenStack clients installed.